From 5c7047624f03decc2ba4412160b659c39d3705dc Mon Sep 17 00:00:00 2001 From: axsel Date: Fri, 12 Jun 2026 00:03:17 +0700 Subject: [PATCH 1/2] Add DirtyFrag custom auditd dttack data --- .../dirty_frag_lpe_attack_data.log | 447 ++++++++++++++++++ 1 file changed, 447 insertions(+) create mode 100644 datasets/attack_techniques/T1068/linux_dirtyfrag/dirty_frag_lpe_attack_data.log diff --git a/datasets/attack_techniques/T1068/linux_dirtyfrag/dirty_frag_lpe_attack_data.log b/datasets/attack_techniques/T1068/linux_dirtyfrag/dirty_frag_lpe_attack_data.log new file mode 100644 index 00000000..8e9648bd --- /dev/null +++ b/datasets/attack_techniques/T1068/linux_dirtyfrag/dirty_frag_lpe_attack_data.log @@ -0,0 +1,447 @@ +type=PATH msg=audit(1781194335.799:10901): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" +type=PROCTITLE msg=audit(1781194335.799:10901): proctitle=2F6F70742F73706C756E6B2F62696E2F73706C756E6B64006C6F63616C2D726573742D757269002D700038303839 +type=SYSCALL msg=audit(1781194336.147:10902): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53232 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" +type=EXECVE msg=audit(1781194336.147:10902): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/_introspection/db/hot_v1_164" a3="-x" a4="36708813312" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" +type=CWD msg=audit(1781194336.147:10902): cwd="/" +type=PATH msg=audit(1781194336.147:10902): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" +type=PATH msg=audit(1781194336.147:10902): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" +type=PROCTITLE msg=audit(1781194336.147:10902): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F5F696E74726F7370656374696F6E2F64622F686F745F76315F313634002D78003336373038383133333132002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033 +type=SYSCALL msg=audit(1781194336.151:10903): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53234 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" +type=EXECVE msg=audit(1781194336.151:10903): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/_internaldb/db/hot_v1_193" a3="-x" a4="36708813312" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" +type=CWD msg=audit(1781194336.151:10903): cwd="/" +type=PATH msg=audit(1781194336.151:10903): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" +type=PATH msg=audit(1781194336.151:10903): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" +type=PROCTITLE msg=audit(1781194336.151:10903): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F5F696E7465726E616C64622F64622F686F745F76315F313933002D78003336373038383133333132002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D74 +type=SYSCALL msg=audit(1781194336.155:10904): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53235 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" +type=EXECVE msg=audit(1781194336.155:10904): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/audit/db/hot_v1_164" a3="-x" a4="36708812800" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" +type=CWD msg=audit(1781194336.155:10904): cwd="/" +type=PATH msg=audit(1781194336.155:10904): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" +type=PATH msg=audit(1781194336.155:10904): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" +type=PROCTITLE msg=audit(1781194336.155:10904): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F61756469742F64622F686F745F76315F313634002D78003336373038383132383030002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D74736964782D74 +type=SYSCALL msg=audit(1781194339.971:10905): arch=c000003e syscall=59 success=yes exit=0 a0=5647ae54faf0 a1=5647ae5ce6e0 a2=5647ae5d1a40 a3=8 items=2 ppid=52237 pid=53360 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=EXECVE msg=audit(1781194339.971:10905): argc=1 a0="./exp" +type=CWD msg=audit(1781194339.971:10905): cwd="/home/user001/tools/exp" +type=PATH msg=audit(1781194339.971:10905): item=0 name="./exp" inode=12888900 dev=08:02 mode=0100775 ouid=1000 ogid=1000 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="user001" OGID="user001" +type=PATH msg=audit(1781194339.971:10905): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" +type=PROCTITLE msg=audit(1781194339.971:10905): proctitle="./exp" +type=SYSCALL msg=audit(1781194340.155:10906): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=560951fbacd2 a2=0 a3=0 items=0 ppid=19167 pid=53362 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=unconfined key="modules"ARCH=x86_64 SYSCALL=finit_module AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" +type=KERN_MODULE msg=audit(1781194340.155:10906): name="xfrm_algo" +type=PROCTITLE msg=audit(1781194340.155:10906): proctitle=2F7362696E2F6D6F6470726F6265002D71002D2D006E65742D70662D31362D70726F746F2D36 +type=SYSCALL msg=audit(1781194340.191:10907): arch=c000003e syscall=313 success=yes exit=0 a0=1 a1=560951fbacd2 a2=0 a3=1 items=0 ppid=19167 pid=53362 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=unconfined key="modules"ARCH=x86_64 SYSCALL=finit_module AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" +type=KERN_MODULE msg=audit(1781194340.191:10907): name="xfrm_user" +type=PROCTITLE msg=audit(1781194340.191:10907): proctitle=2F7362696E2F6D6F6470726F6265002D71002D2D006E65742D70662D31362D70726F746F2D36 +type=SYSCALL msg=audit(1781194340.227:10908): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=557205a1acd2 a2=0 a3=0 items=0 ppid=19167 pid=53368 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=unconfined key="modules"ARCH=x86_64 SYSCALL=finit_module AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" +type=KERN_MODULE msg=audit(1781194340.227:10908): name="esp4" +type=PROCTITLE msg=audit(1781194340.227:10908): proctitle=2F7362696E2F6D6F6470726F6265002D71002D2D007866726D2D747970652D322D3530 +type=SYSCALL msg=audit(1781194340.271:10909): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=55cf06022cd2 a2=0 a3=0 items=0 ppid=19167 pid=53372 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=unconfined key="modules"ARCH=x86_64 SYSCALL=finit_module AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" +type=KERN_MODULE msg=audit(1781194340.271:10909): name="echainiv" +type=PROCTITLE msg=audit(1781194340.271:10909): proctitle=2F7362696E2F6D6F6470726F6265002D71002D2D0063727970746F2D65636861696E6976 +type=SYSCALL msg=audit(1781194340.299:10910): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=556494042cd2 a2=0 a3=0 items=0 ppid=19167 pid=53376 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=unconfined key="modules"ARCH=x86_64 SYSCALL=finit_module AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" +type=KERN_MODULE msg=audit(1781194340.299:10910): name="authenc" +type=PROCTITLE msg=audit(1781194340.299:10910): proctitle=2F7362696E2F6D6F6470726F6265002D71002D2D0063727970746F2D61757468656E6365736E +type=SYSCALL msg=audit(1781194340.303:10911): arch=c000003e syscall=313 success=yes exit=0 a0=1 a1=556494042cd2 a2=0 a3=1 items=0 ppid=19167 pid=53376 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=unconfined key="modules"ARCH=x86_64 SYSCALL=finit_module AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" +type=KERN_MODULE msg=audit(1781194340.303:10911): name="authencesn" +type=PROCTITLE msg=audit(1781194340.303:10911): proctitle=2F7362696E2F6D6F6470726F6265002D71002D2D0063727970746F2D61757468656E6365736E +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10912): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928336(0xdeadbe10) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10912): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10912): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10913): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928337(0xdeadbe11) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10913): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10913): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10914): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928338(0xdeadbe12) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10914): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10914): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10915): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928339(0xdeadbe13) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10915): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10915): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10916): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928340(0xdeadbe14) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10916): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10916): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10917): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928341(0xdeadbe15) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10917): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10917): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10918): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928342(0xdeadbe16) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10918): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10918): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10919): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928343(0xdeadbe17) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10919): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10919): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10920): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928344(0xdeadbe18) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10920): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10920): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10921): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928345(0xdeadbe19) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10921): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10921): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10922): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928346(0xdeadbe1a) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10922): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10922): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10923): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928347(0xdeadbe1b) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10923): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10923): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10924): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928348(0xdeadbe1c) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10924): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10924): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10925): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928349(0xdeadbe1d) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10925): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10925): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10926): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928350(0xdeadbe1e) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10926): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10926): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10927): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928351(0xdeadbe1f) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10927): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10927): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10928): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928352(0xdeadbe20) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10928): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10928): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10929): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928353(0xdeadbe21) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10929): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10929): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10930): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928354(0xdeadbe22) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10930): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10930): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10931): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928355(0xdeadbe23) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10931): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10931): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10932): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928356(0xdeadbe24) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10932): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10932): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10933): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928357(0xdeadbe25) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10933): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10933): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10934): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928358(0xdeadbe26) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10934): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10934): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10935): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928359(0xdeadbe27) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10935): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10935): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10936): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928360(0xdeadbe28) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10936): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10936): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10937): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928361(0xdeadbe29) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10937): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10937): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10938): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928362(0xdeadbe2a) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.375:10938): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.375:10938): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10939): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928363(0xdeadbe2b) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.379:10939): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.379:10939): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10940): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928364(0xdeadbe2c) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.379:10940): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.379:10940): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10941): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928365(0xdeadbe2d) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.379:10941): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.379:10941): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10942): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928366(0xdeadbe2e) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.379:10942): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.379:10942): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10943): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928367(0xdeadbe2f) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.379:10943): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.379:10943): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10944): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928368(0xdeadbe30) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.379:10944): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.379:10944): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10945): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928369(0xdeadbe31) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.379:10945): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.379:10945): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10946): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928370(0xdeadbe32) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.379:10946): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.379:10946): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10947): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928371(0xdeadbe33) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.379:10947): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.379:10947): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10948): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928372(0xdeadbe34) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.379:10948): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.379:10948): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10949): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928373(0xdeadbe35) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.379:10949): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.379:10949): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10950): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928374(0xdeadbe36) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.379:10950): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.379:10950): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10951): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928375(0xdeadbe37) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.379:10951): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.379:10951): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10952): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928376(0xdeadbe38) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.379:10952): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.379:10952): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10953): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928377(0xdeadbe39) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.379:10953): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.379:10953): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10954): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928378(0xdeadbe3a) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.379:10954): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.379:10954): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10955): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928379(0xdeadbe3b) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.379:10955): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.379:10955): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10956): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928380(0xdeadbe3c) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.379:10956): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.379:10956): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10957): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928381(0xdeadbe3d) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.379:10957): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.379:10957): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10958): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928382(0xdeadbe3e) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.379:10958): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.379:10958): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10959): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928383(0xdeadbe3f) res=1AUID="user001" +type=SYSCALL msg=audit(1781194340.379:10959): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.379:10959): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10960): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928336(0xdeadbe10) seqno=200 +type=SYSCALL msg=audit(1781194340.379:10960): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.379:10960): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.531:10961): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928337(0xdeadbe11) seqno=200 +type=SYSCALL msg=audit(1781194340.531:10961): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.531:10961): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.679:10962): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928338(0xdeadbe12) seqno=200 +type=SYSCALL msg=audit(1781194340.679:10962): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.679:10962): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.831:10963): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928339(0xdeadbe13) seqno=200 +type=SYSCALL msg=audit(1781194340.831:10963): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.831:10963): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194340.979:10964): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928340(0xdeadbe14) seqno=200 +type=SYSCALL msg=audit(1781194340.979:10964): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194340.979:10964): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194341.131:10965): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928341(0xdeadbe15) seqno=200 +type=SYSCALL msg=audit(1781194341.131:10965): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194341.131:10965): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194341.279:10966): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928342(0xdeadbe16) seqno=200 +type=SYSCALL msg=audit(1781194341.279:10966): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194341.279:10966): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194341.431:10967): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928343(0xdeadbe17) seqno=200 +type=SYSCALL msg=audit(1781194341.431:10967): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194341.431:10967): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194341.583:10968): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928344(0xdeadbe18) seqno=200 +type=SYSCALL msg=audit(1781194341.583:10968): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194341.583:10968): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194341.731:10969): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928345(0xdeadbe19) seqno=200 +type=SYSCALL msg=audit(1781194341.731:10969): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194341.731:10969): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194341.883:10970): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928346(0xdeadbe1a) seqno=200 +type=SYSCALL msg=audit(1781194341.883:10970): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194341.883:10970): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194342.031:10971): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928347(0xdeadbe1b) seqno=200 +type=SYSCALL msg=audit(1781194342.031:10971): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194342.031:10971): proctitle="./exp" +type=SYSCALL msg=audit(1781194342.139:10972): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53389 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" +type=EXECVE msg=audit(1781194342.139:10972): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/_internaldb/db/hot_v1_193" a3="-x" a4="36708247040" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" +type=CWD msg=audit(1781194342.139:10972): cwd="/" +type=PATH msg=audit(1781194342.139:10972): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" +type=PATH msg=audit(1781194342.139:10972): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" +type=PROCTITLE msg=audit(1781194342.139:10972): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F5F696E7465726E616C64622F64622F686F745F76315F313933002D78003336373038323437303430002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D74 +type=SYSCALL msg=audit(1781194342.139:10973): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53390 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" +type=EXECVE msg=audit(1781194342.139:10973): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/audit/db/hot_v1_164" a3="-x" a4="36708247040" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" +type=CWD msg=audit(1781194342.139:10973): cwd="/" +type=PATH msg=audit(1781194342.139:10973): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" +type=PATH msg=audit(1781194342.139:10973): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" +type=PROCTITLE msg=audit(1781194342.139:10973): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F61756469742F64622F686F745F76315F313634002D78003336373038323437303430002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D74736964782D74 +type=MAC_IPSEC_EVENT msg=audit(1781194342.183:10974): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928348(0xdeadbe1c) seqno=200 +type=SYSCALL msg=audit(1781194342.183:10974): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194342.183:10974): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194342.331:10975): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928349(0xdeadbe1d) seqno=200 +type=SYSCALL msg=audit(1781194342.331:10975): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194342.331:10975): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194342.483:10976): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928350(0xdeadbe1e) seqno=200 +type=SYSCALL msg=audit(1781194342.483:10976): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194342.483:10976): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194342.635:10977): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928351(0xdeadbe1f) seqno=200 +type=SYSCALL msg=audit(1781194342.635:10977): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194342.635:10977): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194342.783:10978): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928352(0xdeadbe20) seqno=200 +type=SYSCALL msg=audit(1781194342.783:10978): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194342.783:10978): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194342.935:10979): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928353(0xdeadbe21) seqno=200 +type=SYSCALL msg=audit(1781194342.935:10979): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194342.935:10979): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194343.083:10980): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928354(0xdeadbe22) seqno=200 +type=SYSCALL msg=audit(1781194343.083:10980): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194343.083:10980): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194343.235:10981): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928355(0xdeadbe23) seqno=200 +type=SYSCALL msg=audit(1781194343.235:10981): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194343.235:10981): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194343.387:10982): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928356(0xdeadbe24) seqno=200 +type=SYSCALL msg=audit(1781194343.387:10982): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194343.387:10982): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194343.539:10983): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928357(0xdeadbe25) seqno=200 +type=SYSCALL msg=audit(1781194343.539:10983): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194343.539:10983): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194343.687:10984): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928358(0xdeadbe26) seqno=200 +type=SYSCALL msg=audit(1781194343.687:10984): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194343.687:10984): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194343.839:10985): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928359(0xdeadbe27) seqno=200 +type=SYSCALL msg=audit(1781194343.839:10985): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194343.839:10985): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194343.987:10986): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928360(0xdeadbe28) seqno=200 +type=SYSCALL msg=audit(1781194343.987:10986): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194343.987:10986): proctitle="./exp" +type=SYSCALL msg=audit(1781194344.139:10987): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53392 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" +type=EXECVE msg=audit(1781194344.139:10987): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/_metrics/db/hot_v1_816" a3="-x" a4="36708125184" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" +type=CWD msg=audit(1781194344.139:10987): cwd="/" +type=PATH msg=audit(1781194344.139:10987): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" +type=PATH msg=audit(1781194344.139:10987): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" +type=PROCTITLE msg=audit(1781194344.139:10987): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F5F6D6574726963732F64622F686F745F76315F383136002D78003336373038313235313834002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D74736964 +type=MAC_IPSEC_EVENT msg=audit(1781194344.139:10988): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928361(0xdeadbe29) seqno=200 +type=SYSCALL msg=audit(1781194344.139:10988): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194344.139:10988): proctitle="./exp" +type=SYSCALL msg=audit(1781194344.147:10989): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53393 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" +type=EXECVE msg=audit(1781194344.147:10989): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/_metrics/db/hot_v1_817" a3="-x" a4="36708120576" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" +type=CWD msg=audit(1781194344.147:10989): cwd="/" +type=PATH msg=audit(1781194344.147:10989): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" +type=PATH msg=audit(1781194344.147:10989): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" +type=PROCTITLE msg=audit(1781194344.147:10989): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F5F6D6574726963732F64622F686F745F76315F383137002D78003336373038313230353736002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D74736964 +type=SYSCALL msg=audit(1781194344.151:10990): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53394 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" +type=EXECVE msg=audit(1781194344.151:10990): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/_metrics/db/hot_v1_818" a3="-x" a4="36708119552" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" +type=CWD msg=audit(1781194344.151:10990): cwd="/" +type=PATH msg=audit(1781194344.151:10990): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" +type=PATH msg=audit(1781194344.151:10990): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" +type=PROCTITLE msg=audit(1781194344.151:10990): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F5F6D6574726963732F64622F686F745F76315F383138002D78003336373038313139353532002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D74736964 +type=SYSCALL msg=audit(1781194344.171:10991): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53395 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" +type=EXECVE msg=audit(1781194344.171:10991): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/_metrics/db/hot_v1_819" a3="-x" a4="36708119552" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" +type=CWD msg=audit(1781194344.171:10991): cwd="/" +type=PATH msg=audit(1781194344.171:10991): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" +type=PATH msg=audit(1781194344.171:10991): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" +type=PROCTITLE msg=audit(1781194344.171:10991): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F5F6D6574726963732F64622F686F745F76315F383139002D78003336373038313139353532002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D74736964 +type=SYSCALL msg=audit(1781194344.195:10992): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53396 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" +type=EXECVE msg=audit(1781194344.195:10992): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/_metrics/db/hot_v1_820" a3="-x" a4="36708120576" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" +type=CWD msg=audit(1781194344.195:10992): cwd="/" +type=PATH msg=audit(1781194344.195:10992): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" +type=PATH msg=audit(1781194344.195:10992): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" +type=PROCTITLE msg=audit(1781194344.195:10992): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F5F6D6574726963732F64622F686F745F76315F383230002D78003336373038313230353736002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D74736964 +type=MAC_IPSEC_EVENT msg=audit(1781194344.291:10993): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928362(0xdeadbe2a) seqno=200 +type=SYSCALL msg=audit(1781194344.291:10993): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194344.291:10993): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194344.439:10994): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928363(0xdeadbe2b) seqno=200 +type=SYSCALL msg=audit(1781194344.439:10994): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194344.439:10994): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194344.590:10995): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928364(0xdeadbe2c) seqno=200 +type=SYSCALL msg=audit(1781194344.590:10995): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194344.590:10995): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194344.738:10996): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928365(0xdeadbe2d) seqno=200 +type=SYSCALL msg=audit(1781194344.738:10996): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194344.738:10996): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194344.890:10997): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928366(0xdeadbe2e) seqno=200 +type=SYSCALL msg=audit(1781194344.890:10997): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194344.890:10997): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194345.042:10998): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928367(0xdeadbe2f) seqno=200 +type=SYSCALL msg=audit(1781194345.042:10998): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194345.042:10998): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194345.190:10999): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928368(0xdeadbe30) seqno=200 +type=SYSCALL msg=audit(1781194345.190:10999): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194345.190:10999): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194345.342:11000): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928369(0xdeadbe31) seqno=200 +type=SYSCALL msg=audit(1781194345.342:11000): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194345.342:11000): proctitle="./exp" +type=SYSCALL msg=audit(1781194345.478:11001): arch=c000003e syscall=59 success=yes exit=0 a0=7fd2d4cb6c5d a1=7ffc2daa2c10 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53400 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/dash" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" +type=EXECVE msg=audit(1781194345.478:11001): argc=3 a0="/bin/sh" a1="-c" a2=2F6F70742F73706C756E6B2F62696E2F707974686F6E332E39202F6F70742F73706C756E6B2F6574632F617070732F53412D4964656E746974794D616E6167656D656E742F62696E2F6964656E746974795F6D616E616765722E7079 +type=CWD msg=audit(1781194345.478:11001): cwd="/" +type=PATH msg=audit(1781194345.478:11001): item=0 name="/bin/sh" inode=6291753 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" +type=PATH msg=audit(1781194345.478:11001): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" +type=PROCTITLE msg=audit(1781194345.478:11001): proctitle=2F62696E2F7368002D63002F6F70742F73706C756E6B2F62696E2F707974686F6E332E39202F6F70742F73706C756E6B2F6574632F617070732F53412D4964656E746974794D616E6167656D656E742F62696E2F6964656E746974795F6D616E616765722E7079 +type=SYSCALL msg=audit(1781194345.478:11002): arch=c000003e syscall=59 success=yes exit=0 a0=55a4213d3790 a1=55a4213d3820 a2=55a454c20aa8 a3=8 items=2 ppid=53400 pid=53401 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="python3.9" exe="/opt/splunk/bin/python3.9" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" +type=EXECVE msg=audit(1781194345.478:11002): argc=2 a0="/opt/splunk/bin/python3.9" a1="/opt/splunk/etc/apps/SA-IdentityManagement/bin/identity_manager.py" +type=CWD msg=audit(1781194345.478:11002): cwd="/" +type=PATH msg=audit(1781194345.478:11002): item=0 name="/opt/splunk/bin/python3.9" inode=28967136 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" +type=PATH msg=audit(1781194345.478:11002): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" +type=PROCTITLE msg=audit(1781194345.478:11002): proctitle=2F6F70742F73706C756E6B2F62696E2F707974686F6E332E39002F6F70742F73706C756E6B2F6574632F617070732F53412D4964656E746974794D616E6167656D656E742F62696E2F6964656E746974795F6D616E616765722E7079 +type=MAC_IPSEC_EVENT msg=audit(1781194345.490:11003): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928370(0xdeadbe32) seqno=200 +type=SYSCALL msg=audit(1781194345.490:11003): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194345.490:11003): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194345.642:11004): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928371(0xdeadbe33) seqno=200 +type=SYSCALL msg=audit(1781194345.642:11004): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194345.642:11004): proctitle="./exp" +type=SYSCALL msg=audit(1781194345.714:11005): arch=c000003e syscall=59 success=yes exit=0 a0=7f0f5981b7d0 a1=7f0f597e5ba0 a2=7ffd29a454a0 a3=0 items=2 ppid=53401 pid=53402 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunkd" exe="/opt/splunk/bin/splunkd" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" +type=EXECVE msg=audit(1781194345.714:11005): argc=4 a0="/opt/splunk/bin/splunkd" a1="local-rest-uri" a2="-p" a3="8089" +type=CWD msg=audit(1781194345.714:11005): cwd="/" +type=PATH msg=audit(1781194345.714:11005): item=0 name="/opt/splunk/bin/splunkd" inode=28967166 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" +type=PATH msg=audit(1781194345.714:11005): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" +type=PROCTITLE msg=audit(1781194345.714:11005): proctitle=2F6F70742F73706C756E6B2F62696E2F73706C756E6B64006C6F63616C2D726573742D757269002D700038303839 +type=MAC_IPSEC_EVENT msg=audit(1781194345.790:11006): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928372(0xdeadbe34) seqno=200 +type=SYSCALL msg=audit(1781194345.790:11006): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194345.790:11006): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194345.942:11007): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928373(0xdeadbe35) seqno=200 +type=SYSCALL msg=audit(1781194345.942:11007): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194345.942:11007): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194346.094:11008): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928374(0xdeadbe36) seqno=200 +type=SYSCALL msg=audit(1781194346.094:11008): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194346.094:11008): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194346.242:11009): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928375(0xdeadbe37) seqno=200 +type=SYSCALL msg=audit(1781194346.242:11009): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194346.242:11009): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194346.394:11010): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928376(0xdeadbe38) seqno=200 +type=SYSCALL msg=audit(1781194346.394:11010): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194346.394:11010): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194346.550:11011): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928377(0xdeadbe39) seqno=200 +type=SYSCALL msg=audit(1781194346.550:11011): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194346.550:11011): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194346.698:11012): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928378(0xdeadbe3a) seqno=200 +type=SYSCALL msg=audit(1781194346.698:11012): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194346.698:11012): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194346.850:11013): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928379(0xdeadbe3b) seqno=200 +type=SYSCALL msg=audit(1781194346.850:11013): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194346.850:11013): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194347.002:11014): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928380(0xdeadbe3c) seqno=200 +type=SYSCALL msg=audit(1781194347.002:11014): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194347.002:11014): proctitle="./exp" +type=SYSCALL msg=audit(1781194347.138:11015): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53408 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" +type=EXECVE msg=audit(1781194347.138:11015): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/os_linux_audit/db/hot_v1_3" a3="-x" a4="36707941888" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" +type=CWD msg=audit(1781194347.138:11015): cwd="/" +type=PATH msg=audit(1781194347.138:11015): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" +type=PATH msg=audit(1781194347.138:11015): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" +type=PROCTITLE msg=audit(1781194347.138:11015): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F6F735F6C696E75785F61756469742F64622F686F745F76315F33002D78003336373037393431383838002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D +type=SYSCALL msg=audit(1781194347.146:11016): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53409 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" +type=EXECVE msg=audit(1781194347.146:11016): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/_introspection/db/hot_v1_164" a3="-x" a4="36707941376" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" +type=CWD msg=audit(1781194347.146:11016): cwd="/" +type=PATH msg=audit(1781194347.146:11016): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" +type=PATH msg=audit(1781194347.146:11016): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" +type=PROCTITLE msg=audit(1781194347.146:11016): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F5F696E74726F7370656374696F6E2F64622F686F745F76315F313634002D78003336373037393431333736002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033 +type=MAC_IPSEC_EVENT msg=audit(1781194347.150:11017): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928381(0xdeadbe3d) seqno=200 +type=SYSCALL msg=audit(1781194347.150:11017): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194347.150:11017): proctitle="./exp" +type=SYSCALL msg=audit(1781194347.178:11018): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53410 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" +type=EXECVE msg=audit(1781194347.178:11018): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/_internaldb/db/hot_v1_193" a3="-x" a4="36707887616" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" +type=CWD msg=audit(1781194347.178:11018): cwd="/" +type=PATH msg=audit(1781194347.178:11018): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" +type=PATH msg=audit(1781194347.178:11018): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" +type=PROCTITLE msg=audit(1781194347.178:11018): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F5F696E7465726E616C64622F64622F686F745F76315F313933002D78003336373037383837363136002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D74 +type=SYSCALL msg=audit(1781194347.198:11019): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53411 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" +type=EXECVE msg=audit(1781194347.198:11019): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/audit/db/hot_v1_164" a3="-x" a4="36707862016" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" +type=CWD msg=audit(1781194347.198:11019): cwd="/" +type=PATH msg=audit(1781194347.198:11019): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" +type=PATH msg=audit(1781194347.198:11019): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" +type=PROCTITLE msg=audit(1781194347.198:11019): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F61756469742F64622F686F745F76315F313634002D78003336373037383632303136002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D74736964782D74 +type=MAC_IPSEC_EVENT msg=audit(1781194347.302:11020): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928382(0xdeadbe3e) seqno=200 +type=SYSCALL msg=audit(1781194347.302:11020): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194347.302:11020): proctitle="./exp" +type=MAC_IPSEC_EVENT msg=audit(1781194347.450:11021): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928383(0xdeadbe3f) seqno=200 +type=SYSCALL msg=audit(1781194347.450:11021): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" +type=PROCTITLE msg=audit(1781194347.450:11021): proctitle="./exp" +type=SYSCALL msg=audit(1781194347.602:11022): arch=c000003e syscall=59 success=yes exit=0 a0=5620ad95059a a1=7fff6eb0a630 a2=7fff6eb0b998 a3=18 items=1 ppid=53360 pid=53414 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts3 ses=2 comm="su" exe="/usr/bin/su" subj=unconfined key="priv_esc"ARCH=x86_64 SYSCALL=execve AUID="user001" UID="user001" GID="user001" EUID="root" SUID="root" FSUID="root" EGID="user001" SGID="user001" FSGID="user001" +type=EXECVE msg=audit(1781194347.602:11022): argc=2 a0="su" a1="-" +type=CWD msg=audit(1781194347.602:11022): cwd="/home/user001/tools/exp" +type=PATH msg=audit(1781194347.602:11022): item=0 name="/bin/su" inode=6293139 dev=08:02 mode=0104755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" +type=PROCTITLE msg=audit(1781194347.602:11022): proctitle=7375002D +type=SYSCALL msg=audit(1781194347.602:11023): arch=c000003e syscall=59 success=yes exit=0 a0=4000b0 a1=0 a2=7fff7288a030 a3=0 items=2 ppid=53360 pid=53414 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=2 comm="sh" exe="/usr/bin/dash" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="user001" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" +type=EXECVE msg=audit(1781194347.602:11023): argc=1 a0="" +type=CWD msg=audit(1781194347.602:11023): cwd="/home/user001/tools/exp" +type=PATH msg=audit(1781194347.602:11023): item=0 name="/bin/sh" inode=6291753 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" +type=PATH msg=audit(1781194347.602:11023): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" +type=PROCTITLE msg=audit(1781194347.602:11023): proctitle=7375002D +type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11024): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928343(0xdeadbe17) res=1AUID="unset" +type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11025): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928342(0xdeadbe16) res=1AUID="unset" +type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11026): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928341(0xdeadbe15) res=1AUID="unset" +type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11027): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928340(0xdeadbe14) res=1AUID="unset" +type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11028): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928339(0xdeadbe13) res=1AUID="unset" +type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11029): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928338(0xdeadbe12) res=1AUID="unset" +type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11030): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928337(0xdeadbe11) res=1AUID="unset" +type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11031): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928336(0xdeadbe10) res=1AUID="unset" +type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11032): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928344(0xdeadbe18) res=1AUID="unset" +type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11033): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928345(0xdeadbe19) res=1AUID="unset" +type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11034): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928346(0xdeadbe1a) res=1AUID="unset" +type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11035): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928347(0xdeadbe1b) res=1AUID="unset" +type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11036): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928348(0xdeadbe1c) res=1AUID="unset" +type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11037): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928349(0xdeadbe1d) res=1AUID="unset" +type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11038): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928350(0xdeadbe1e) res=1AUID="unset" +type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11039): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928351(0xdeadbe1f) res=1AUID="unset" +type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11040): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928352(0xdeadbe20) res=1AUID="unset" +type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11041): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928353(0xdeadbe21) res=1AUID="unset" +type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11042): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928354(0xdeadbe22) res=1AUID="unset" +type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11043): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928355(0xdeadbe23) res=1AUID="unset" From 87a5580ffec476e8888d249861fa576ef3fc98b6 Mon Sep 17 00:00:00 2001 From: axsel Date: Fri, 12 Jun 2026 07:18:47 +0700 Subject: [PATCH 2/2] Configure git-lfs for log files --- .../dirty_frag_lpe_attack_data.log | 450 +----------------- 1 file changed, 3 insertions(+), 447 deletions(-) diff --git a/datasets/attack_techniques/T1068/linux_dirtyfrag/dirty_frag_lpe_attack_data.log b/datasets/attack_techniques/T1068/linux_dirtyfrag/dirty_frag_lpe_attack_data.log index 8e9648bd..326c54fe 100644 --- a/datasets/attack_techniques/T1068/linux_dirtyfrag/dirty_frag_lpe_attack_data.log +++ b/datasets/attack_techniques/T1068/linux_dirtyfrag/dirty_frag_lpe_attack_data.log @@ -1,447 +1,3 @@ -type=PATH msg=audit(1781194335.799:10901): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" -type=PROCTITLE msg=audit(1781194335.799:10901): proctitle=2F6F70742F73706C756E6B2F62696E2F73706C756E6B64006C6F63616C2D726573742D757269002D700038303839 -type=SYSCALL msg=audit(1781194336.147:10902): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53232 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" -type=EXECVE msg=audit(1781194336.147:10902): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/_introspection/db/hot_v1_164" a3="-x" a4="36708813312" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" -type=CWD msg=audit(1781194336.147:10902): cwd="/" -type=PATH msg=audit(1781194336.147:10902): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" -type=PATH msg=audit(1781194336.147:10902): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" -type=PROCTITLE msg=audit(1781194336.147:10902): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F5F696E74726F7370656374696F6E2F64622F686F745F76315F313634002D78003336373038383133333132002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033 -type=SYSCALL msg=audit(1781194336.151:10903): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53234 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" -type=EXECVE msg=audit(1781194336.151:10903): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/_internaldb/db/hot_v1_193" a3="-x" a4="36708813312" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" -type=CWD msg=audit(1781194336.151:10903): cwd="/" -type=PATH msg=audit(1781194336.151:10903): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" -type=PATH msg=audit(1781194336.151:10903): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" -type=PROCTITLE msg=audit(1781194336.151:10903): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F5F696E7465726E616C64622F64622F686F745F76315F313933002D78003336373038383133333132002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D74 -type=SYSCALL msg=audit(1781194336.155:10904): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53235 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" -type=EXECVE msg=audit(1781194336.155:10904): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/audit/db/hot_v1_164" a3="-x" a4="36708812800" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" -type=CWD msg=audit(1781194336.155:10904): cwd="/" -type=PATH msg=audit(1781194336.155:10904): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" -type=PATH msg=audit(1781194336.155:10904): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" -type=PROCTITLE msg=audit(1781194336.155:10904): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F61756469742F64622F686F745F76315F313634002D78003336373038383132383030002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D74736964782D74 -type=SYSCALL msg=audit(1781194339.971:10905): arch=c000003e syscall=59 success=yes exit=0 a0=5647ae54faf0 a1=5647ae5ce6e0 a2=5647ae5d1a40 a3=8 items=2 ppid=52237 pid=53360 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=EXECVE msg=audit(1781194339.971:10905): argc=1 a0="./exp" -type=CWD msg=audit(1781194339.971:10905): cwd="/home/user001/tools/exp" -type=PATH msg=audit(1781194339.971:10905): item=0 name="./exp" inode=12888900 dev=08:02 mode=0100775 ouid=1000 ogid=1000 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="user001" OGID="user001" -type=PATH msg=audit(1781194339.971:10905): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" -type=PROCTITLE msg=audit(1781194339.971:10905): proctitle="./exp" -type=SYSCALL msg=audit(1781194340.155:10906): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=560951fbacd2 a2=0 a3=0 items=0 ppid=19167 pid=53362 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=unconfined key="modules"ARCH=x86_64 SYSCALL=finit_module AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" -type=KERN_MODULE msg=audit(1781194340.155:10906): name="xfrm_algo" -type=PROCTITLE msg=audit(1781194340.155:10906): proctitle=2F7362696E2F6D6F6470726F6265002D71002D2D006E65742D70662D31362D70726F746F2D36 -type=SYSCALL msg=audit(1781194340.191:10907): arch=c000003e syscall=313 success=yes exit=0 a0=1 a1=560951fbacd2 a2=0 a3=1 items=0 ppid=19167 pid=53362 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=unconfined key="modules"ARCH=x86_64 SYSCALL=finit_module AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" -type=KERN_MODULE msg=audit(1781194340.191:10907): name="xfrm_user" -type=PROCTITLE msg=audit(1781194340.191:10907): proctitle=2F7362696E2F6D6F6470726F6265002D71002D2D006E65742D70662D31362D70726F746F2D36 -type=SYSCALL msg=audit(1781194340.227:10908): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=557205a1acd2 a2=0 a3=0 items=0 ppid=19167 pid=53368 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=unconfined key="modules"ARCH=x86_64 SYSCALL=finit_module AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" -type=KERN_MODULE msg=audit(1781194340.227:10908): name="esp4" -type=PROCTITLE msg=audit(1781194340.227:10908): proctitle=2F7362696E2F6D6F6470726F6265002D71002D2D007866726D2D747970652D322D3530 -type=SYSCALL msg=audit(1781194340.271:10909): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=55cf06022cd2 a2=0 a3=0 items=0 ppid=19167 pid=53372 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=unconfined key="modules"ARCH=x86_64 SYSCALL=finit_module AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" -type=KERN_MODULE msg=audit(1781194340.271:10909): name="echainiv" -type=PROCTITLE msg=audit(1781194340.271:10909): proctitle=2F7362696E2F6D6F6470726F6265002D71002D2D0063727970746F2D65636861696E6976 -type=SYSCALL msg=audit(1781194340.299:10910): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=556494042cd2 a2=0 a3=0 items=0 ppid=19167 pid=53376 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=unconfined key="modules"ARCH=x86_64 SYSCALL=finit_module AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" -type=KERN_MODULE msg=audit(1781194340.299:10910): name="authenc" -type=PROCTITLE msg=audit(1781194340.299:10910): proctitle=2F7362696E2F6D6F6470726F6265002D71002D2D0063727970746F2D61757468656E6365736E -type=SYSCALL msg=audit(1781194340.303:10911): arch=c000003e syscall=313 success=yes exit=0 a0=1 a1=556494042cd2 a2=0 a3=1 items=0 ppid=19167 pid=53376 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=unconfined key="modules"ARCH=x86_64 SYSCALL=finit_module AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" -type=KERN_MODULE msg=audit(1781194340.303:10911): name="authencesn" -type=PROCTITLE msg=audit(1781194340.303:10911): proctitle=2F7362696E2F6D6F6470726F6265002D71002D2D0063727970746F2D61757468656E6365736E -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10912): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928336(0xdeadbe10) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10912): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10912): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10913): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928337(0xdeadbe11) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10913): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10913): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10914): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928338(0xdeadbe12) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10914): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10914): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10915): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928339(0xdeadbe13) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10915): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10915): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10916): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928340(0xdeadbe14) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10916): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10916): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10917): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928341(0xdeadbe15) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10917): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10917): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10918): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928342(0xdeadbe16) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10918): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10918): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10919): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928343(0xdeadbe17) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10919): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10919): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10920): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928344(0xdeadbe18) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10920): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10920): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10921): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928345(0xdeadbe19) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10921): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10921): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10922): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928346(0xdeadbe1a) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10922): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10922): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10923): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928347(0xdeadbe1b) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10923): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10923): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10924): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928348(0xdeadbe1c) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10924): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10924): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10925): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928349(0xdeadbe1d) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10925): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10925): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10926): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928350(0xdeadbe1e) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10926): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10926): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10927): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928351(0xdeadbe1f) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10927): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10927): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10928): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928352(0xdeadbe20) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10928): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10928): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10929): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928353(0xdeadbe21) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10929): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10929): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10930): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928354(0xdeadbe22) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10930): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10930): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10931): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928355(0xdeadbe23) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10931): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10931): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10932): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928356(0xdeadbe24) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10932): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10932): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10933): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928357(0xdeadbe25) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10933): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10933): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10934): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928358(0xdeadbe26) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10934): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10934): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10935): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928359(0xdeadbe27) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10935): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10935): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10936): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928360(0xdeadbe28) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10936): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10936): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10937): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928361(0xdeadbe29) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10937): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10937): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.375:10938): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928362(0xdeadbe2a) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.375:10938): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.375:10938): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10939): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928363(0xdeadbe2b) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.379:10939): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.379:10939): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10940): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928364(0xdeadbe2c) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.379:10940): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.379:10940): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10941): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928365(0xdeadbe2d) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.379:10941): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.379:10941): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10942): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928366(0xdeadbe2e) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.379:10942): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.379:10942): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10943): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928367(0xdeadbe2f) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.379:10943): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.379:10943): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10944): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928368(0xdeadbe30) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.379:10944): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.379:10944): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10945): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928369(0xdeadbe31) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.379:10945): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.379:10945): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10946): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928370(0xdeadbe32) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.379:10946): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.379:10946): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10947): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928371(0xdeadbe33) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.379:10947): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.379:10947): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10948): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928372(0xdeadbe34) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.379:10948): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.379:10948): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10949): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928373(0xdeadbe35) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.379:10949): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.379:10949): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10950): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928374(0xdeadbe36) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.379:10950): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.379:10950): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10951): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928375(0xdeadbe37) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.379:10951): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.379:10951): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10952): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928376(0xdeadbe38) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.379:10952): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.379:10952): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10953): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928377(0xdeadbe39) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.379:10953): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.379:10953): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10954): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928378(0xdeadbe3a) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.379:10954): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.379:10954): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10955): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928379(0xdeadbe3b) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.379:10955): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.379:10955): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10956): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928380(0xdeadbe3c) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.379:10956): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.379:10956): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10957): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928381(0xdeadbe3d) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.379:10957): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.379:10957): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10958): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928382(0xdeadbe3e) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.379:10958): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.379:10958): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10959): op=SAD-add auid=1000 ses=2 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928383(0xdeadbe3f) res=1AUID="user001" -type=SYSCALL msg=audit(1781194340.379:10959): arch=c000003e syscall=44 success=yes exit=496 a0=4 a1=7fff6eb09790 a2=1f0 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.379:10959): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.379:10960): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928336(0xdeadbe10) seqno=200 -type=SYSCALL msg=audit(1781194340.379:10960): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.379:10960): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.531:10961): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928337(0xdeadbe11) seqno=200 -type=SYSCALL msg=audit(1781194340.531:10961): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.531:10961): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.679:10962): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928338(0xdeadbe12) seqno=200 -type=SYSCALL msg=audit(1781194340.679:10962): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.679:10962): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.831:10963): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928339(0xdeadbe13) seqno=200 -type=SYSCALL msg=audit(1781194340.831:10963): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.831:10963): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194340.979:10964): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928340(0xdeadbe14) seqno=200 -type=SYSCALL msg=audit(1781194340.979:10964): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194340.979:10964): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194341.131:10965): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928341(0xdeadbe15) seqno=200 -type=SYSCALL msg=audit(1781194341.131:10965): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194341.131:10965): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194341.279:10966): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928342(0xdeadbe16) seqno=200 -type=SYSCALL msg=audit(1781194341.279:10966): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194341.279:10966): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194341.431:10967): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928343(0xdeadbe17) seqno=200 -type=SYSCALL msg=audit(1781194341.431:10967): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194341.431:10967): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194341.583:10968): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928344(0xdeadbe18) seqno=200 -type=SYSCALL msg=audit(1781194341.583:10968): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194341.583:10968): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194341.731:10969): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928345(0xdeadbe19) seqno=200 -type=SYSCALL msg=audit(1781194341.731:10969): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194341.731:10969): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194341.883:10970): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928346(0xdeadbe1a) seqno=200 -type=SYSCALL msg=audit(1781194341.883:10970): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194341.883:10970): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194342.031:10971): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928347(0xdeadbe1b) seqno=200 -type=SYSCALL msg=audit(1781194342.031:10971): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194342.031:10971): proctitle="./exp" -type=SYSCALL msg=audit(1781194342.139:10972): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53389 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" -type=EXECVE msg=audit(1781194342.139:10972): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/_internaldb/db/hot_v1_193" a3="-x" a4="36708247040" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" -type=CWD msg=audit(1781194342.139:10972): cwd="/" -type=PATH msg=audit(1781194342.139:10972): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" -type=PATH msg=audit(1781194342.139:10972): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" -type=PROCTITLE msg=audit(1781194342.139:10972): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F5F696E7465726E616C64622F64622F686F745F76315F313933002D78003336373038323437303430002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D74 -type=SYSCALL msg=audit(1781194342.139:10973): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53390 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" -type=EXECVE msg=audit(1781194342.139:10973): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/audit/db/hot_v1_164" a3="-x" a4="36708247040" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" -type=CWD msg=audit(1781194342.139:10973): cwd="/" -type=PATH msg=audit(1781194342.139:10973): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" -type=PATH msg=audit(1781194342.139:10973): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" -type=PROCTITLE msg=audit(1781194342.139:10973): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F61756469742F64622F686F745F76315F313634002D78003336373038323437303430002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D74736964782D74 -type=MAC_IPSEC_EVENT msg=audit(1781194342.183:10974): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928348(0xdeadbe1c) seqno=200 -type=SYSCALL msg=audit(1781194342.183:10974): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194342.183:10974): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194342.331:10975): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928349(0xdeadbe1d) seqno=200 -type=SYSCALL msg=audit(1781194342.331:10975): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194342.331:10975): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194342.483:10976): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928350(0xdeadbe1e) seqno=200 -type=SYSCALL msg=audit(1781194342.483:10976): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194342.483:10976): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194342.635:10977): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928351(0xdeadbe1f) seqno=200 -type=SYSCALL msg=audit(1781194342.635:10977): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194342.635:10977): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194342.783:10978): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928352(0xdeadbe20) seqno=200 -type=SYSCALL msg=audit(1781194342.783:10978): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194342.783:10978): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194342.935:10979): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928353(0xdeadbe21) seqno=200 -type=SYSCALL msg=audit(1781194342.935:10979): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194342.935:10979): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194343.083:10980): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928354(0xdeadbe22) seqno=200 -type=SYSCALL msg=audit(1781194343.083:10980): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194343.083:10980): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194343.235:10981): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928355(0xdeadbe23) seqno=200 -type=SYSCALL msg=audit(1781194343.235:10981): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194343.235:10981): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194343.387:10982): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928356(0xdeadbe24) seqno=200 -type=SYSCALL msg=audit(1781194343.387:10982): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194343.387:10982): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194343.539:10983): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928357(0xdeadbe25) seqno=200 -type=SYSCALL msg=audit(1781194343.539:10983): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194343.539:10983): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194343.687:10984): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928358(0xdeadbe26) seqno=200 -type=SYSCALL msg=audit(1781194343.687:10984): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194343.687:10984): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194343.839:10985): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928359(0xdeadbe27) seqno=200 -type=SYSCALL msg=audit(1781194343.839:10985): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194343.839:10985): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194343.987:10986): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928360(0xdeadbe28) seqno=200 -type=SYSCALL msg=audit(1781194343.987:10986): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194343.987:10986): proctitle="./exp" -type=SYSCALL msg=audit(1781194344.139:10987): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53392 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" -type=EXECVE msg=audit(1781194344.139:10987): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/_metrics/db/hot_v1_816" a3="-x" a4="36708125184" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" -type=CWD msg=audit(1781194344.139:10987): cwd="/" -type=PATH msg=audit(1781194344.139:10987): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" -type=PATH msg=audit(1781194344.139:10987): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" -type=PROCTITLE msg=audit(1781194344.139:10987): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F5F6D6574726963732F64622F686F745F76315F383136002D78003336373038313235313834002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D74736964 -type=MAC_IPSEC_EVENT msg=audit(1781194344.139:10988): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928361(0xdeadbe29) seqno=200 -type=SYSCALL msg=audit(1781194344.139:10988): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194344.139:10988): proctitle="./exp" -type=SYSCALL msg=audit(1781194344.147:10989): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53393 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" -type=EXECVE msg=audit(1781194344.147:10989): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/_metrics/db/hot_v1_817" a3="-x" a4="36708120576" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" -type=CWD msg=audit(1781194344.147:10989): cwd="/" -type=PATH msg=audit(1781194344.147:10989): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" -type=PATH msg=audit(1781194344.147:10989): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" -type=PROCTITLE msg=audit(1781194344.147:10989): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F5F6D6574726963732F64622F686F745F76315F383137002D78003336373038313230353736002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D74736964 -type=SYSCALL msg=audit(1781194344.151:10990): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53394 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" -type=EXECVE msg=audit(1781194344.151:10990): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/_metrics/db/hot_v1_818" a3="-x" a4="36708119552" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" -type=CWD msg=audit(1781194344.151:10990): cwd="/" -type=PATH msg=audit(1781194344.151:10990): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" -type=PATH msg=audit(1781194344.151:10990): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" -type=PROCTITLE msg=audit(1781194344.151:10990): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F5F6D6574726963732F64622F686F745F76315F383138002D78003336373038313139353532002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D74736964 -type=SYSCALL msg=audit(1781194344.171:10991): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53395 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" -type=EXECVE msg=audit(1781194344.171:10991): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/_metrics/db/hot_v1_819" a3="-x" a4="36708119552" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" -type=CWD msg=audit(1781194344.171:10991): cwd="/" -type=PATH msg=audit(1781194344.171:10991): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" -type=PATH msg=audit(1781194344.171:10991): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" -type=PROCTITLE msg=audit(1781194344.171:10991): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F5F6D6574726963732F64622F686F745F76315F383139002D78003336373038313139353532002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D74736964 -type=SYSCALL msg=audit(1781194344.195:10992): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53396 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" -type=EXECVE msg=audit(1781194344.195:10992): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/_metrics/db/hot_v1_820" a3="-x" a4="36708120576" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" -type=CWD msg=audit(1781194344.195:10992): cwd="/" -type=PATH msg=audit(1781194344.195:10992): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" -type=PATH msg=audit(1781194344.195:10992): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" -type=PROCTITLE msg=audit(1781194344.195:10992): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F5F6D6574726963732F64622F686F745F76315F383230002D78003336373038313230353736002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D74736964 -type=MAC_IPSEC_EVENT msg=audit(1781194344.291:10993): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928362(0xdeadbe2a) seqno=200 -type=SYSCALL msg=audit(1781194344.291:10993): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194344.291:10993): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194344.439:10994): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928363(0xdeadbe2b) seqno=200 -type=SYSCALL msg=audit(1781194344.439:10994): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194344.439:10994): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194344.590:10995): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928364(0xdeadbe2c) seqno=200 -type=SYSCALL msg=audit(1781194344.590:10995): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194344.590:10995): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194344.738:10996): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928365(0xdeadbe2d) seqno=200 -type=SYSCALL msg=audit(1781194344.738:10996): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194344.738:10996): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194344.890:10997): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928366(0xdeadbe2e) seqno=200 -type=SYSCALL msg=audit(1781194344.890:10997): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194344.890:10997): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194345.042:10998): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928367(0xdeadbe2f) seqno=200 -type=SYSCALL msg=audit(1781194345.042:10998): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194345.042:10998): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194345.190:10999): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928368(0xdeadbe30) seqno=200 -type=SYSCALL msg=audit(1781194345.190:10999): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194345.190:10999): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194345.342:11000): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928369(0xdeadbe31) seqno=200 -type=SYSCALL msg=audit(1781194345.342:11000): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194345.342:11000): proctitle="./exp" -type=SYSCALL msg=audit(1781194345.478:11001): arch=c000003e syscall=59 success=yes exit=0 a0=7fd2d4cb6c5d a1=7ffc2daa2c10 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53400 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="sh" exe="/usr/bin/dash" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" -type=EXECVE msg=audit(1781194345.478:11001): argc=3 a0="/bin/sh" a1="-c" a2=2F6F70742F73706C756E6B2F62696E2F707974686F6E332E39202F6F70742F73706C756E6B2F6574632F617070732F53412D4964656E746974794D616E6167656D656E742F62696E2F6964656E746974795F6D616E616765722E7079 -type=CWD msg=audit(1781194345.478:11001): cwd="/" -type=PATH msg=audit(1781194345.478:11001): item=0 name="/bin/sh" inode=6291753 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" -type=PATH msg=audit(1781194345.478:11001): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" -type=PROCTITLE msg=audit(1781194345.478:11001): proctitle=2F62696E2F7368002D63002F6F70742F73706C756E6B2F62696E2F707974686F6E332E39202F6F70742F73706C756E6B2F6574632F617070732F53412D4964656E746974794D616E6167656D656E742F62696E2F6964656E746974795F6D616E616765722E7079 -type=SYSCALL msg=audit(1781194345.478:11002): arch=c000003e syscall=59 success=yes exit=0 a0=55a4213d3790 a1=55a4213d3820 a2=55a454c20aa8 a3=8 items=2 ppid=53400 pid=53401 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="python3.9" exe="/opt/splunk/bin/python3.9" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" -type=EXECVE msg=audit(1781194345.478:11002): argc=2 a0="/opt/splunk/bin/python3.9" a1="/opt/splunk/etc/apps/SA-IdentityManagement/bin/identity_manager.py" -type=CWD msg=audit(1781194345.478:11002): cwd="/" -type=PATH msg=audit(1781194345.478:11002): item=0 name="/opt/splunk/bin/python3.9" inode=28967136 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" -type=PATH msg=audit(1781194345.478:11002): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" -type=PROCTITLE msg=audit(1781194345.478:11002): proctitle=2F6F70742F73706C756E6B2F62696E2F707974686F6E332E39002F6F70742F73706C756E6B2F6574632F617070732F53412D4964656E746974794D616E6167656D656E742F62696E2F6964656E746974795F6D616E616765722E7079 -type=MAC_IPSEC_EVENT msg=audit(1781194345.490:11003): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928370(0xdeadbe32) seqno=200 -type=SYSCALL msg=audit(1781194345.490:11003): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194345.490:11003): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194345.642:11004): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928371(0xdeadbe33) seqno=200 -type=SYSCALL msg=audit(1781194345.642:11004): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194345.642:11004): proctitle="./exp" -type=SYSCALL msg=audit(1781194345.714:11005): arch=c000003e syscall=59 success=yes exit=0 a0=7f0f5981b7d0 a1=7f0f597e5ba0 a2=7ffd29a454a0 a3=0 items=2 ppid=53401 pid=53402 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunkd" exe="/opt/splunk/bin/splunkd" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" -type=EXECVE msg=audit(1781194345.714:11005): argc=4 a0="/opt/splunk/bin/splunkd" a1="local-rest-uri" a2="-p" a3="8089" -type=CWD msg=audit(1781194345.714:11005): cwd="/" -type=PATH msg=audit(1781194345.714:11005): item=0 name="/opt/splunk/bin/splunkd" inode=28967166 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" -type=PATH msg=audit(1781194345.714:11005): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" -type=PROCTITLE msg=audit(1781194345.714:11005): proctitle=2F6F70742F73706C756E6B2F62696E2F73706C756E6B64006C6F63616C2D726573742D757269002D700038303839 -type=MAC_IPSEC_EVENT msg=audit(1781194345.790:11006): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928372(0xdeadbe34) seqno=200 -type=SYSCALL msg=audit(1781194345.790:11006): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194345.790:11006): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194345.942:11007): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928373(0xdeadbe35) seqno=200 -type=SYSCALL msg=audit(1781194345.942:11007): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194345.942:11007): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194346.094:11008): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928374(0xdeadbe36) seqno=200 -type=SYSCALL msg=audit(1781194346.094:11008): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194346.094:11008): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194346.242:11009): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928375(0xdeadbe37) seqno=200 -type=SYSCALL msg=audit(1781194346.242:11009): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194346.242:11009): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194346.394:11010): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928376(0xdeadbe38) seqno=200 -type=SYSCALL msg=audit(1781194346.394:11010): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194346.394:11010): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194346.550:11011): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928377(0xdeadbe39) seqno=200 -type=SYSCALL msg=audit(1781194346.550:11011): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194346.550:11011): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194346.698:11012): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928378(0xdeadbe3a) seqno=200 -type=SYSCALL msg=audit(1781194346.698:11012): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194346.698:11012): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194346.850:11013): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928379(0xdeadbe3b) seqno=200 -type=SYSCALL msg=audit(1781194346.850:11013): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194346.850:11013): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194347.002:11014): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928380(0xdeadbe3c) seqno=200 -type=SYSCALL msg=audit(1781194347.002:11014): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194347.002:11014): proctitle="./exp" -type=SYSCALL msg=audit(1781194347.138:11015): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53408 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" -type=EXECVE msg=audit(1781194347.138:11015): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/os_linux_audit/db/hot_v1_3" a3="-x" a4="36707941888" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" -type=CWD msg=audit(1781194347.138:11015): cwd="/" -type=PATH msg=audit(1781194347.138:11015): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" -type=PATH msg=audit(1781194347.138:11015): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" -type=PROCTITLE msg=audit(1781194347.138:11015): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F6F735F6C696E75785F61756469742F64622F686F745F76315F33002D78003336373037393431383838002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D -type=SYSCALL msg=audit(1781194347.146:11016): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53409 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" -type=EXECVE msg=audit(1781194347.146:11016): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/_introspection/db/hot_v1_164" a3="-x" a4="36707941376" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" -type=CWD msg=audit(1781194347.146:11016): cwd="/" -type=PATH msg=audit(1781194347.146:11016): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" -type=PATH msg=audit(1781194347.146:11016): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" -type=PROCTITLE msg=audit(1781194347.146:11016): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F5F696E74726F7370656374696F6E2F64622F686F745F76315F313634002D78003336373037393431333736002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033 -type=MAC_IPSEC_EVENT msg=audit(1781194347.150:11017): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928381(0xdeadbe3d) seqno=200 -type=SYSCALL msg=audit(1781194347.150:11017): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194347.150:11017): proctitle="./exp" -type=SYSCALL msg=audit(1781194347.178:11018): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53410 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" -type=EXECVE msg=audit(1781194347.178:11018): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/_internaldb/db/hot_v1_193" a3="-x" a4="36707887616" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" -type=CWD msg=audit(1781194347.178:11018): cwd="/" -type=PATH msg=audit(1781194347.178:11018): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" -type=PATH msg=audit(1781194347.178:11018): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" -type=PROCTITLE msg=audit(1781194347.178:11018): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F5F696E7465726E616C64622F64622F686F745F76315F313933002D78003336373037383837363136002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D74 -type=SYSCALL msg=audit(1781194347.198:11019): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc2daa2ac0 a1=7ffc2daa2bc0 a2=7ffc2daa4860 a3=8 items=2 ppid=1351 pid=53411 auid=4294967295 uid=1001 gid=1002 euid=1001 suid=1001 fsuid=1001 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="splunk-optimize" exe="/opt/splunk/bin/splunk-optimize" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="unset" UID="splunk" GID="splunk" EUID="splunk" SUID="splunk" FSUID="splunk" EGID="splunk" SGID="splunk" FSGID="splunk" -type=EXECVE msg=audit(1781194347.198:11019): argc=12 a0="splunk-optimize" a1="-d" a2="/opt/splunk/var/lib/splunk/audit/db/hot_v1_164" a3="-x" a4="36707862016" a5="--log-to--splunkd-log" a6="--write-level" a7="3" a8="--tsidx-target-size" a9="1572864000" a10="--msidx-comp-block-size" a11="1024" -type=CWD msg=audit(1781194347.198:11019): cwd="/" -type=PATH msg=audit(1781194347.198:11019): item=0 name="/opt/splunk/bin/splunk-optimize" inode=28967162 dev=08:02 mode=0100555 ouid=1001 ogid=1002 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="splunk" OGID="splunk" -type=PATH msg=audit(1781194347.198:11019): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" -type=PROCTITLE msg=audit(1781194347.198:11019): proctitle=73706C756E6B2D6F7074696D697A65002D64002F6F70742F73706C756E6B2F7661722F6C69622F73706C756E6B2F61756469742F64622F686F745F76315F313634002D78003336373037383632303136002D2D6C6F672D746F2D2D73706C756E6B642D6C6F67002D2D77726974652D6C6576656C0033002D2D74736964782D74 -type=MAC_IPSEC_EVENT msg=audit(1781194347.302:11020): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928382(0xdeadbe3e) seqno=200 -type=SYSCALL msg=audit(1781194347.302:11020): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194347.302:11020): proctitle="./exp" -type=MAC_IPSEC_EVENT msg=audit(1781194347.450:11021): op=SA-icv-failure src=127.0.0.1 dst=127.0.0.1 spi=3735928383(0xdeadbe3f) seqno=200 -type=SYSCALL msg=audit(1781194347.450:11021): arch=c000003e syscall=275 success=yes exit=40 a0=7 a1=0 a2=5 a3=0 items=0 ppid=53360 pid=53361 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm="exp" exe="/home/user001/tools/dirtyfrag/exp" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=splice AUID="user001" UID="user001" GID="user001" EUID="user001" SUID="user001" FSUID="user001" EGID="user001" SGID="user001" FSGID="user001" -type=PROCTITLE msg=audit(1781194347.450:11021): proctitle="./exp" -type=SYSCALL msg=audit(1781194347.602:11022): arch=c000003e syscall=59 success=yes exit=0 a0=5620ad95059a a1=7fff6eb0a630 a2=7fff6eb0b998 a3=18 items=1 ppid=53360 pid=53414 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts3 ses=2 comm="su" exe="/usr/bin/su" subj=unconfined key="priv_esc"ARCH=x86_64 SYSCALL=execve AUID="user001" UID="user001" GID="user001" EUID="root" SUID="root" FSUID="root" EGID="user001" SGID="user001" FSGID="user001" -type=EXECVE msg=audit(1781194347.602:11022): argc=2 a0="su" a1="-" -type=CWD msg=audit(1781194347.602:11022): cwd="/home/user001/tools/exp" -type=PATH msg=audit(1781194347.602:11022): item=0 name="/bin/su" inode=6293139 dev=08:02 mode=0104755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" -type=PROCTITLE msg=audit(1781194347.602:11022): proctitle=7375002D -type=SYSCALL msg=audit(1781194347.602:11023): arch=c000003e syscall=59 success=yes exit=0 a0=4000b0 a1=0 a2=7fff7288a030 a3=0 items=2 ppid=53360 pid=53414 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=2 comm="sh" exe="/usr/bin/dash" subj=unconfined key="exec"ARCH=x86_64 SYSCALL=execve AUID="user001" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" -type=EXECVE msg=audit(1781194347.602:11023): argc=1 a0="" -type=CWD msg=audit(1781194347.602:11023): cwd="/home/user001/tools/exp" -type=PATH msg=audit(1781194347.602:11023): item=0 name="/bin/sh" inode=6291753 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" -type=PATH msg=audit(1781194347.602:11023): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6291673 dev=08:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root" -type=PROCTITLE msg=audit(1781194347.602:11023): proctitle=7375002D -type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11024): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928343(0xdeadbe17) res=1AUID="unset" -type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11025): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928342(0xdeadbe16) res=1AUID="unset" -type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11026): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928341(0xdeadbe15) res=1AUID="unset" -type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11027): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928340(0xdeadbe14) res=1AUID="unset" -type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11028): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928339(0xdeadbe13) res=1AUID="unset" -type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11029): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928338(0xdeadbe12) res=1AUID="unset" -type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11030): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928337(0xdeadbe11) res=1AUID="unset" -type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11031): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928336(0xdeadbe10) res=1AUID="unset" -type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11032): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928344(0xdeadbe18) res=1AUID="unset" -type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11033): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928345(0xdeadbe19) res=1AUID="unset" -type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11034): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928346(0xdeadbe1a) res=1AUID="unset" -type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11035): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928347(0xdeadbe1b) res=1AUID="unset" -type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11036): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928348(0xdeadbe1c) res=1AUID="unset" -type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11037): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928349(0xdeadbe1d) res=1AUID="unset" -type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11038): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928350(0xdeadbe1e) res=1AUID="unset" -type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11039): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928351(0xdeadbe1f) res=1AUID="unset" -type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11040): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928352(0xdeadbe20) res=1AUID="unset" -type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11041): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928353(0xdeadbe21) res=1AUID="unset" -type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11042): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928354(0xdeadbe22) res=1AUID="unset" -type=MAC_IPSEC_EVENT msg=audit(1781194347.662:11043): op=SAD-delete auid=4294967295 ses=4294967295 subj=unconfined src=127.0.0.1 dst=127.0.0.1 spi=3735928355(0xdeadbe23) res=1AUID="unset" +version https://git-lfs.github.com/spec/v1 +oid sha256:6b242db7f65224c99235236ff63247174cb0ccfd470a522780236789c26898de +size 107742