janware/jw-devtest
1
mirror of ssh://git.janware.com/srv/git/janware/proj/jw-devtest synced 2026-01-15 02:22:56 +01:00
Code Releases Activity

Add test/audit

Browse source 
Signed-off-by: Jan Lindemann <jan@janware.com>
This commit is contained in:
Jan Lindemann 2022-12-14 11:12:27 +01:00
commit b5d849ce44
4 changed files with 805 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
test/audit/Makefile Normal file
View file

@ -0,0 +1,6 @@
TOPDIR = ../..
include $(TOPDIR)/make/proj.mk
include $(JWBDIR)/make/platform.mk
include $(JWBDIR)/make/py-run.mk
include $(JWBDIR)/make/dev-utils.mk

726
test/audit/ausearch.log.fake-input Normal file
View file

@ -0,0 +1,726 @@
# ausearch --interpret
# features: v2.3 polp-dmf polp-ethernetip polp-phase-fifo polp-shmem-eeprom polp-dmesg-boot polp-pid-subdir-syslog-ng polp-pid-subdir dummyd polp-launcher-chrgp polp-launcher-chmod polp-confd-ssh polp audit-access audit-setuid audit git-versions default
----
type=DAEMON_START msg=audit(01/01/70 00:00:31.969:5896) : op=start ver=3.0.1 format=enriched kernel=4.14.282-rt135-yocto-preempt-rt-csrp auid=unset pid=694 uid=root ses=unset res=success
----
type=NETFILTER_CFG msg=audit(01/01/70 00:00:04.190:2) : table=filter family=ipv4 entries=0
----
type=NETFILTER_CFG msg=audit(01/01/70 00:00:04.190:3) : table=mangle family=ipv4 entries=0
----
type=NETFILTER_CFG msg=audit(01/01/70 00:00:04.190:4) : table=raw family=ipv4 entries=0
----
type=NETFILTER_CFG msg=audit(01/01/70 00:00:04.200:5) : table=filter family=arp entries=0
----
type=CONFIG_CHANGE msg=audit(01/01/70 00:00:29.210:6) : audit_enabled=1 old=1 auid=unset ses=unset res=yes
----
type=CONFIG_CHANGE msg=audit(01/01/70 00:00:32.000:7) : audit_enabled=1 old=1 auid=unset ses=unset res=yes
----
type=CONFIG_CHANGE msg=audit(01/01/70 00:00:32.010:8) : audit_pid=694 old=0 auid=unset ses=unset res=yes
----
type=CONFIG_CHANGE msg=audit(01/01/70 00:00:32.710:9) : audit_backlog_limit=64 old=64 auid=unset ses=unset res=yes
----
type=CONFIG_CHANGE msg=audit(01/01/70 00:00:32.710:10) : audit_failure=1 old=1 auid=unset ses=unset res=yes
----
type=CONFIG_CHANGE msg=audit(01/01/70 00:00:32.710:11) : audit_backlog_wait_time=6000 old=6000 auid=unset ses=unset res=yes
----
type=CONFIG_CHANGE msg=audit(01/01/70 00:00:32.720:12) : auid=unset ses=unset op=add_rule key=access list=exit res=yes
----
type=CONFIG_CHANGE msg=audit(01/01/70 00:00:32.720:13) : auid=unset ses=unset op=add_rule key=access list=exit res=yes
----
type=PROCTITLE msg=audit(01/01/70 00:00:34.240:14) : proctitle=/usr/bin/device-panel -d
type=SYSCALL msg=audit(01/01/70 00:00:34.240:14) : arch=armeb syscall=futex per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0xbedd9ccc a1=0x87 a2=0x0 a3=0x0 items=0 ppid=1 pid=738 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=device-panel exe=/usr/bin/device-panel key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:34.280:15) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:00:34.280:15) : opid=740 oauid=unset ouid=dummyd oses=-1 ocomm=dummyd
type=SYSCALL msg=audit(01/01/70 00:00:34.280:15) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x2e4 a1=SIG0 a2=0x7d9008 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:36.650:16) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:36.650:16) : item=0 name=/sys/module/lttng_lib_ring_buffer/uevent inode=13802 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:36.650:16) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:36.650:16) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba640 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:36.670:17) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:36.670:17) : item=0 name=/sys/module/lttng_clock/uevent inode=13833 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:36.670:17) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:36.670:17) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba650 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:36.680:18) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:36.680:18) : item=0 name=/sys/module/lttng_wrapper/uevent inode=13858 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:36.680:18) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:36.680:18) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:36.690:19) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:36.690:19) : item=0 name=/sys/module/lttng_statedump/uevent inode=13887 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:36.690:19) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:36.690:19) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:37.060:20) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:37.060:20) : item=0 name=/sys/module/lttng_tracer/uevent inode=13920 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:37.060:20) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:37.060:20) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba650 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=666 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:37.100:21) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:37.100:21) : item=0 name=/sys/module/lttng_ring_buffer_client_discard/uevent inode=13974 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:37.100:21) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:37.100:21) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba638 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:37.150:22) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:37.150:22) : item=0 name=/sys/module/lttng_ring_buffer_client_overwrite/uevent inode=14005 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:37.150:22) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:37.150:22) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba638 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:37.200:23) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:37.200:23) : item=0 name=/sys/module/lttng_ring_buffer_metadata_client/uevent inode=14036 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:37.200:23) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:37.200:23) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba638 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:37.260:24) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:37.260:24) : item=0 name=/sys/module/lttng_ring_buffer_client_mmap_discard/uevent inode=14066 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:37.260:24) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:37.260:24) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba630 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:37.300:25) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:37.300:25) : item=0 name=/sys/module/lttng_ring_buffer_client_mmap_overwrite/uevent inode=14097 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:37.300:25) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:37.300:25) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba630 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:37.350:26) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:37.350:26) : item=0 name=/sys/module/lttng_ring_buffer_metadata_mmap_client/uevent inode=14128 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:37.350:26) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:37.350:26) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba630 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:37.440:27) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:37.440:27) : item=0 name=/sys/module/lttng_probe_block/uevent inode=14158 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:37.440:27) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:37.440:27) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:37.510:28) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:37.510:28) : item=0 name=/sys/module/lttng_probe_compaction/uevent inode=14182 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:37.510:28) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:37.510:28) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba640 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:37.610:29) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:37.610:29) : item=0 name=/sys/module/lttng_probe_ext4/uevent inode=14206 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:37.610:29) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:37.610:29) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:37.660:30) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:37.660:30) : item=0 name=/sys/module/lttng_probe_gpio/uevent inode=14230 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:37.660:30) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:37.660:30) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:37.710:31) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:37.710:31) : item=0 name=/sys/module/lttng_probe_i2c/uevent inode=14256 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:37.710:31) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:37.710:31) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:37.760:32) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:37.760:32) : item=0 name=/sys/module/lttng_probe_irq/uevent inode=14283 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:37.760:32) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:37.760:32) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:37.820:33) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:37.820:33) : item=0 name=/sys/module/lttng_probe_jbd2/uevent inode=14308 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:37.820:33) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:37.820:33) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:37.890:34) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:37.890:34) : item=0 name=/sys/module/lttng_probe_kmem/uevent inode=14332 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:37.890:34) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:37.890:34) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:38.190:35) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:38.190:35) : item=0 name=/sys/module/lttng_probe_module/uevent inode=14357 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:38.190:35) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:38.190:35) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:38.270:36) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:38.270:36) : item=0 name=/sys/module/lttng_probe_napi/uevent inode=14382 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:38.270:36) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:38.270:36) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:38.350:37) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:38.350:37) : item=0 name=/sys/module/lttng_probe_net/uevent inode=14407 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:38.350:37) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:38.350:37) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:38.400:38) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:38.400:38) : item=0 name=/sys/module/lttng_probe_power/uevent inode=14432 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:38.400:38) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:38.400:38) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:38.410:39) : proctitle=/usr/sbin/logstoraged 120000:/tmp/logstorage/d_warning:/var/log/logstorage/q_warning:/tmp/logstorage/warning-emergency.log 12000
type=SYSCALL msg=audit(01/01/70 00:00:38.410:39) : arch=armeb syscall=futex per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0xbef9bbec a1=0x87 a2=0x0 a3=0x0 items=0 ppid=1 pid=921 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logstoraged exe=/usr/sbin/logstoraged key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:38.500:40) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:38.500:40) : item=0 name=/sys/module/lttng_probe_printk/uevent inode=14457 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:38.500:40) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:38.500:40) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:38.530:41) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:38.530:41) : item=0 name=/sys/module/lttng_probe_random/uevent inode=14482 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:38.530:41) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:38.530:41) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:38.580:42) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:38.580:42) : item=0 name=/sys/module/lttng_probe_rcu/uevent inode=14507 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:38.580:42) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:38.580:42) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:38.620:43) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:38.620:43) : item=0 name=/sys/module/lttng_probe_regmap/uevent inode=14532 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:38.620:43) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:38.620:43) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:38.720:44) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:38.720:44) : item=0 name=/sys/module/lttng_probe_sched/uevent inode=14557 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:38.720:44) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:38.720:44) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:38.770:45) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:38.770:45) : item=0 name=/sys/module/lttng_probe_scsi/uevent inode=14582 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:38.770:45) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:38.770:45) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:38.850:46) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:38.850:46) : item=0 name=/sys/module/lttng_probe_signal/uevent inode=14607 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:38.850:46) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:38.850:46) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:38.920:47) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:38.920:47) : item=0 name=/sys/module/lttng_probe_skb/uevent inode=14631 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:38.920:47) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:38.920:47) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:39.000:48) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:39.000:48) : item=0 name=/sys/module/lttng_probe_sock/uevent inode=14655 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:39.000:48) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:39.000:48) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:39.080:49) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:39.080:49) : item=0 name=/sys/module/lttng_probe_statedump/uevent inode=14680 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:39.080:49) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:39.080:49) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba640 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:39.140:50) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:39.140:50) : item=0 name=/sys/module/lttng_probe_sunrpc/uevent inode=14705 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:39.140:50) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:39.140:50) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:39.200:51) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:39.200:51) : item=0 name=/sys/module/lttng_probe_timer/uevent inode=14730 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:39.200:51) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:39.200:51) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:39.250:52) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:39.250:52) : item=0 name=/sys/module/lttng_probe_udp/uevent inode=14754 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:39.250:52) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:39.250:52) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:39.290:53) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:39.290:53) : item=0 name=/sys/module/lttng_probe_vmscan/uevent inode=14778 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:39.290:53) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:39.290:53) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:39.320:54) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:39.320:54) : item=0 name=/sys/module/lttng_probe_workqueue/uevent inode=14802 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:39.320:54) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:39.320:54) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba640 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=670 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:41.170:55) : proctitle=/usr/bin/csrp_confd_phase_sync --phase0=40 --phase1=150 --phase2=30
type=SYSCALL msg=audit(01/01/70 00:00:41.170:55) : arch=armeb syscall=futex per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0xbea63c9c a1=0x87 a2=0x0 a3=0x0 items=0 ppid=1 pid=985 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=csrp_confd_phas exe=/usr/bin/csrp_confd_phase_sync key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:41.180:56) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:00:41.180:56) : opid=740 oauid=unset ouid=dummyd oses=-1 ocomm=dummyd
type=SYSCALL msg=audit(01/01/70 00:00:41.180:56) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x2e4 a1=SIG0 a2=0x0 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:41.260:57) : proctitle=/usr/bin/cdb_upgrade_mgr
type=SYSCALL msg=audit(01/01/70 00:00:41.260:57) : arch=armeb syscall=futex per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0xbea82cfc a1=0x87 a2=0x0 a3=0x0 items=0 ppid=1 pid=983 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=cdb_upgrade_mgr exe=/usr/bin/cdb_upgrade_mgr key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:41.310:58) : proctitle=/usr/bin/iec61850
type=SYSCALL msg=audit(01/01/70 00:00:41.310:58) : arch=armeb syscall=futex per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0xbed0acdc a1=0x87 a2=0x0 a3=0x0 items=0 ppid=1 pid=986 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iec61850 exe=/usr/bin/iec61850 key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:41.370:59) : proctitle=/usr/sbin/cmd
type=SYSCALL msg=audit(01/01/70 00:00:41.370:59) : arch=armeb syscall=futex per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0xbeddbcac a1=0x87 a2=0x0 a3=0x0 items=0 ppid=1 pid=984 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=cmd exe=/usr/sbin/cmd key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:41.450:60) : proctitle=/usr/bin/pniod
type=SYSCALL msg=audit(01/01/70 00:00:41.450:60) : arch=armeb syscall=futex per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0xbeb04cec a1=0x87 a2=0x0 a3=0x0 items=0 ppid=1 pid=988 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=pniod exe=/usr/bin/pniod key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:46.190:61) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:00:46.190:61) : opid=740 oauid=unset ouid=dummyd oses=-1 ocomm=dummyd
type=SYSCALL msg=audit(01/01/70 00:00:46.190:61) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x2e4 a1=SIG0 a2=0x7d9008 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:50.700:62) : proctitle=/usr/bin/switch-mgmt
type=SYSCALL msg=audit(01/01/70 00:00:50.700:62) : arch=armeb syscall=futex per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0xbefe4d0c a1=0x87 a2=0x0 a3=0x0 items=0 ppid=1 pid=1058 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=switch-mgmt exe=/usr/bin/switch-mgmt key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:50.850:63) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:50.850:63) : item=0 name=/sys/module/rcksapi/uevent inode=14982 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:50.850:63) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:50.850:63) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba650 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=1093 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:50.890:64) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:00:50.890:64) : item=0 name=/sys/module/rcksapi_common/uevent inode=15005 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:00:50.890:64) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:00:50.890:64) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba648 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=1093 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:00:57.170:65) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:00:57.170:65) : opid=740 oauid=unset ouid=dummyd oses=-1 ocomm=dummyd
type=SYSCALL msg=audit(01/01/70 00:00:57.170:65) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x2e4 a1=SIG0 a2=0x0 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:01:02.610:66) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:01:02.610:66) : opid=740 oauid=unset ouid=dummyd oses=-1 ocomm=dummyd
type=SYSCALL msg=audit(01/01/70 00:01:02.610:66) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x2e4 a1=SIG0 a2=0x0 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:01:07.050:67) : proctitle=/lib/systemd/systemd-udevd
type=PATH msg=audit(01/01/70 00:01:07.050:67) : item=0 name=/sys/module/rcksapi_layer3/uevent inode=15270 dev=00:0f mode=file,200 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:01:07.050:67) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:01:07.050:67) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbecba710 a2=O_RDONLY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=663 pid=1257 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-udevd exe=/bin/udevadm key=access
----
type=PROCTITLE msg=audit(01/01/70 00:01:56.900:68) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:01:56.900:68) : opid=740 oauid=unset ouid=dummyd oses=-1 ocomm=dummyd
type=SYSCALL msg=audit(01/01/70 00:01:56.900:68) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x2e4 a1=SIG0 a2=0x7d9008 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:01:57.730:69) : proctitle=/usr/bin/ethernetip
type=SYSCALL msg=audit(01/01/70 00:01:57.730:69) : arch=armeb syscall=futex per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0xbea58c5c a1=0x87 a2=0x0 a3=0x0 items=0 ppid=1 pid=1380 auid=unset uid=ethernetip gid=ethernetip euid=ethernetip suid=ethernetip fsuid=ethernetip egid=ethernetip sgid=ethernetip fsgid=ethernetip tty=(none) ses=unset comm=ethernetip exe=/usr/bin/ethernetip key=access
----
type=PROCTITLE msg=audit(01/01/70 00:01:57.920:70) : proctitle=/usr/bin/dmfd -d
type=SYSCALL msg=audit(01/01/70 00:01:57.920:70) : arch=armeb syscall=futex per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0xbeae9cac a1=0x87 a2=0x0 a3=0x0 items=0 ppid=1 pid=1379 auid=unset uid=dmf gid=dmf euid=dmf suid=dmf fsuid=dmf egid=dmf sgid=dmf fsgid=dmf tty=(none) ses=unset comm=dmfd exe=/usr/bin/dmfd key=access
----
type=PROCTITLE msg=audit(01/01/70 00:02:02.580:71) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:02:02.580:71) : opid=1380 oauid=unset ouid=ethernetip oses=-1 ocomm=ethernetip
type=SYSCALL msg=audit(01/01/70 00:02:02.580:71) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x564 a1=SIG0 a2=0x7d9008 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:02:02.580:72) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:02:02.580:72) : opid=740 oauid=unset ouid=dummyd oses=-1 ocomm=dummyd
type=SYSCALL msg=audit(01/01/70 00:02:02.580:72) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x2e4 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:02:02.580:73) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:02:02.580:73) : opid=1379 oauid=unset ouid=dmf oses=-1 ocomm=dmfd
type=SYSCALL msg=audit(01/01/70 00:02:02.580:73) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x563 a1=SIG0 a2=0x0 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:02:02.590:74) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh zebra started
type=PATH msg=audit(01/01/70 00:02:02.590:74) : item=1 name=/tmp/zebra inode=21571 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:02:02.590:74) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:02:02.590:74) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:02:02.590:74) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x19ce560 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1513 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:02:02.740:75) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh zebra stopped
type=PATH msg=audit(01/01/70 00:02:02.740:75) : item=1 name=/tmp/zebra inode=21571 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:02:02.740:75) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:02:02.740:75) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:02:02.740:75) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x10886c0 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1514 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:02:02.800:76) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh staticd failed
type=PATH msg=audit(01/01/70 00:02:02.800:76) : item=1 name=/tmp/staticd inode=21572 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:02:02.800:76) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:02:02.800:76) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:02:02.800:76) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x5c2588 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1515 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:02:22.480:77) : proctitle=/usr/bin/dmfd -d
type=PATH msg=audit(01/01/70 00:02:22.480:77) : item=0 name=/dev/sda inode=6418 dev=00:06 mode=block,660 ouid=root ogid=disk rdev=08:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:02:22.480:77) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:02:22.480:77) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xb4c59b6c a2=O_RDWR|O_DIRECTORY a3=0x0 items=1 ppid=1 pid=1379 auid=unset uid=dmf gid=dmf euid=dmf suid=dmf fsuid=dmf egid=dmf sgid=dmf fsgid=dmf tty=(none) ses=unset comm=phaseWaitWT exe=/usr/bin/dmfd key=access
----
type=PROCTITLE msg=audit(01/01/70 00:02:22.580:78) : proctitle=/usr/bin/dmfd -d
type=PATH msg=audit(01/01/70 00:02:22.580:78) : item=0 name=/dev/sda inode=6418 dev=00:06 mode=block,660 ouid=root ogid=disk rdev=08:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:02:22.580:78) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:02:22.580:78) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xb4c59b6c a2=O_RDWR|O_DIRECTORY a3=0x0 items=1 ppid=1 pid=1379 auid=unset uid=dmf gid=dmf euid=dmf suid=dmf fsuid=dmf egid=dmf sgid=dmf fsgid=dmf tty=(none) ses=unset comm=phaseWaitWT exe=/usr/bin/dmfd key=access
----
type=PROCTITLE msg=audit(01/01/70 00:02:22.680:79) : proctitle=/usr/bin/dmfd -d
type=PATH msg=audit(01/01/70 00:02:22.680:79) : item=0 name=/dev/sda inode=6418 dev=00:06 mode=block,660 ouid=root ogid=disk rdev=08:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:02:22.680:79) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:02:22.680:79) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xb4c5fb84 a2=O_RDWR|O_DIRECTORY a3=0x0 items=1 ppid=1 pid=1379 auid=unset uid=dmf gid=dmf euid=dmf suid=dmf fsuid=dmf egid=dmf sgid=dmf fsgid=dmf tty=(none) ses=unset comm=phaseWaitWT exe=/usr/bin/dmfd key=access
----
type=PROCTITLE msg=audit(01/01/70 00:02:22.790:80) : proctitle=/usr/bin/dmfd -d
type=PATH msg=audit(01/01/70 00:02:22.790:80) : item=1 name=/etc/ntp.conf inode=23596 dev=00:1b mode=file,644 ouid=root ogid=root rdev=00:00 nametype=DELETE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:02:22.790:80) : item=0 name=/etc/ inode=7484 dev=00:1b mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:02:22.790:80) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:02:22.790:80) : arch=armeb syscall=unlink per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0x56ef64 a1=0x0 a2=0x0 a3=0x0 items=2 ppid=1 pid=1379 auid=unset uid=dmf gid=dmf euid=dmf suid=dmf fsuid=dmf egid=dmf sgid=dmf fsgid=dmf tty=(none) ses=unset comm=phaseWaitWT exe=/usr/bin/dmfd key=access
----
type=PROCTITLE msg=audit(01/01/70 00:02:22.900:81) : proctitle=/usr/bin/dmfd -d
type=PATH msg=audit(01/01/70 00:02:22.900:81) : item=0 name=/tmp/syslog-ng/ inode=10972 dev=00:14 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:02:22.900:81) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:02:22.900:81) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x553184 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=1 ppid=1 pid=1379 auid=unset uid=dmf gid=dmf euid=dmf suid=dmf fsuid=dmf egid=dmf sgid=dmf fsgid=dmf tty=(none) ses=unset comm=phaseWaitWT exe=/usr/bin/dmfd key=access
----
type=PROCTITLE msg=audit(01/01/70 00:02:23.050:82) : proctitle=/usr/bin/dmfd -d
type=PATH msg=audit(01/01/70 00:02:23.050:82) : item=1 name=/tmp/confd/https/https.pem inode=7044 dev=00:14 mode=link,777 ouid=root ogid=root rdev=00:00 nametype=DELETE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:02:23.050:82) : item=0 name=/tmp/confd/https/ inode=6978 dev=00:14 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:02:23.050:82) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:02:23.050:82) : arch=armeb syscall=unlink per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0x56b5f0 a1=0xb502d a2=0x0 a3=0x0 items=2 ppid=1 pid=1379 auid=unset uid=dmf gid=dmf euid=dmf suid=dmf fsuid=dmf egid=dmf sgid=dmf fsgid=dmf tty=(none) ses=unset comm=phaseWaitWT exe=/usr/bin/dmfd key=access
----
type=PROCTITLE msg=audit(01/01/70 00:02:24.350:83) : proctitle=/usr/bin/dmfd -d
type=PATH msg=audit(01/01/70 00:02:24.350:83) : item=0 name=/etc/ inode=7484 dev=00:1b mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:02:24.350:83) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:02:24.350:83) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x564a28 a2=O_WRONLY|O_CREAT|O_TRUNC a3=0x1b6 items=1 ppid=1 pid=1379 auid=unset uid=dmf gid=dmf euid=dmf suid=dmf fsuid=dmf egid=dmf sgid=dmf fsgid=dmf tty=(none) ses=unset comm=phaseWaitWT exe=/usr/bin/dmfd key=access
----
type=PROCTITLE msg=audit(01/01/70 00:02:24.740:84) : proctitle=/usr/bin/dmfd -d
type=PATH msg=audit(01/01/70 00:02:24.740:84) : item=0 name=/etc/ inode=7484 dev=00:1b mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:02:24.740:84) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:02:24.740:84) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x565988 a2=O_WRONLY|O_CREAT|O_TRUNC a3=0x1b6 items=1 ppid=1 pid=1379 auid=unset uid=dmf gid=dmf euid=dmf suid=dmf fsuid=dmf egid=dmf sgid=dmf fsgid=dmf tty=(none) ses=unset comm=phaseWaitWT exe=/usr/bin/dmfd key=access
----
type=PROCTITLE msg=audit(01/01/70 00:02:24.870:85) : proctitle=/usr/bin/dmfd -d
type=PATH msg=audit(01/01/70 00:02:24.870:85) : item=0 name=/lifetime/calmp inode=65 dev=00:1c mode=dir,750 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:02:24.870:85) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:02:24.870:85) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x568c18 a2=O_RDONLY|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=1 pid=1379 auid=unset uid=dmf gid=dmf euid=dmf suid=dmf fsuid=dmf egid=dmf sgid=dmf fsgid=dmf tty=(none) ses=unset comm=phaseWaitWT exe=/usr/bin/dmfd key=access
----
type=PROCTITLE msg=audit(01/01/70 00:02:24.870:86) : proctitle=/usr/bin/dmfd -d
type=PATH msg=audit(01/01/70 00:02:24.870:86) : item=0 name=/media/keyclp/calmp inode=12 dev=08:21 mode=dir,750 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:02:24.870:86) : cwd=/tmp
type=SYSCALL msg=audit(01/01/70 00:02:24.870:86) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x568bf8 a2=O_RDONLY|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=1 ppid=1 pid=1379 auid=unset uid=dmf gid=dmf euid=dmf suid=dmf fsuid=dmf egid=dmf sgid=dmf fsgid=dmf tty=(none) ses=unset comm=phaseWaitWT exe=/usr/bin/dmfd key=access
----
type=PROCTITLE msg=audit(01/01/70 00:02:33.390:87) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:02:33.390:87) : opid=740 oauid=unset ouid=dummyd oses=-1 ocomm=dummyd
type=SYSCALL msg=audit(01/01/70 00:02:33.390:87) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x2e4 a1=SIG0 a2=0x0 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:02:33.390:88) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:02:33.390:88) : opid=1380 oauid=unset ouid=ethernetip oses=-1 ocomm=ethernetip
type=SYSCALL msg=audit(01/01/70 00:02:33.390:88) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x564 a1=SIG0 a2=0x7d9008 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:02:33.390:89) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:02:33.390:89) : opid=1379 oauid=unset ouid=dmf oses=-1 ocomm=dmfd
type=SYSCALL msg=audit(01/01/70 00:02:33.390:89) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x563 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:02:33.390:90) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh zebra started
type=PATH msg=audit(01/01/70 00:02:33.390:90) : item=1 name=/tmp/zebra inode=21571 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:02:33.390:90) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:02:33.390:90) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:02:33.390:90) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x70b560 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1619 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:02:33.530:91) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh zebra stopped
type=PATH msg=audit(01/01/70 00:02:33.530:91) : item=1 name=/tmp/zebra inode=21571 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:02:33.530:91) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:02:33.530:91) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:02:33.530:91) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x204b6c0 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1620 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:02:33.580:92) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh staticd failed
type=PATH msg=audit(01/01/70 00:02:33.580:92) : item=1 name=/tmp/staticd inode=21572 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:02:33.580:92) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:02:33.580:92) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:02:33.580:92) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x251e588 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1621 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:03:00.500:93) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:03:00.500:93) : opid=1380 oauid=unset ouid=ethernetip oses=-1 ocomm=ethernetip
type=SYSCALL msg=audit(01/01/70 00:03:00.500:93) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x564 a1=SIG0 a2=0x0 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:03:00.500:94) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:03:00.500:94) : opid=740 oauid=unset ouid=dummyd oses=-1 ocomm=dummyd
type=SYSCALL msg=audit(01/01/70 00:03:00.500:94) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x2e4 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:03:00.500:95) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:03:00.500:95) : opid=1379 oauid=unset ouid=dmf oses=-1 ocomm=dmfd
type=SYSCALL msg=audit(01/01/70 00:03:00.500:95) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x563 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:03:04.760:96) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh zebra started
type=PATH msg=audit(01/01/70 00:03:04.760:96) : item=1 name=/tmp/zebra inode=21571 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:03:04.760:96) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:03:04.760:96) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:03:04.760:96) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x15c6560 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1671 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:03:04.940:97) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh zebra stopped
type=PATH msg=audit(01/01/70 00:03:04.940:97) : item=1 name=/tmp/zebra inode=21571 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:03:04.940:97) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:03:04.940:97) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:03:04.940:97) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xd266c0 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1679 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:03:05.030:98) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh staticd failed
type=PATH msg=audit(01/01/70 00:03:05.030:98) : item=1 name=/tmp/staticd inode=21572 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:03:05.030:98) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:03:05.030:98) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:03:05.030:98) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xbce588 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1684 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:03:13.750:99) : proctitle=/usr/bin/pniod
type=SYSCALL msg=audit(01/01/70 00:03:13.750:99) : arch=armeb syscall=setsockopt per=PER_LINUX success=yes exit=0 a0=0x99 a1=SOL_PACKET a2=PACKET_ADD_MEMBERSHIP a3=0xb456c4e4 items=0 ppid=1 pid=988 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=lsysEddsLo exe=/usr/bin/pniod key=(null)
type=ANOM_PROMISCUOUS msg=audit(01/01/70 00:03:13.750:99) : dev=eth0.0001 prom=yes old_prom=no auid=unset uid=root gid=root ses=unset
----
type=ANOM_PROMISCUOUS msg=audit(01/01/70 00:03:14.420:100) : dev=eth0.0001 prom=no old_prom=yes auid=unset uid=root gid=root ses=unset
----
type=ANOM_ABEND msg=audit(01/01/70 00:03:14.520:101) : auid=unset uid=root gid=root ses=unset pid=988 comm=pnioBaseMgt exe=/usr/bin/pniod sig=SIGABRT res=yes
----
type=PROCTITLE msg=audit(01/01/70 00:03:35.590:102) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:03:35.590:102) : opid=1380 oauid=unset ouid=ethernetip oses=-1 ocomm=ethernetip
type=SYSCALL msg=audit(01/01/70 00:03:35.590:102) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x564 a1=SIG0 a2=0x0 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:03:35.590:103) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:03:35.590:103) : opid=740 oauid=unset ouid=dummyd oses=-1 ocomm=dummyd
type=SYSCALL msg=audit(01/01/70 00:03:35.590:103) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x2e4 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:03:35.590:104) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:03:35.590:104) : opid=1379 oauid=unset ouid=dmf oses=-1 ocomm=dmfd
type=SYSCALL msg=audit(01/01/70 00:03:35.590:104) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x563 a1=SIG0 a2=0x0 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:03:35.590:105) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh zebra started
type=PATH msg=audit(01/01/70 00:03:35.590:105) : item=1 name=/tmp/zebra inode=21571 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:03:35.590:105) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:03:35.590:105) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:03:35.590:105) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x1d2a560 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1868 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:03:35.760:106) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh zebra stopped
type=PATH msg=audit(01/01/70 00:03:35.760:106) : item=1 name=/tmp/zebra inode=21571 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:03:35.760:106) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:03:35.760:106) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:03:35.760:106) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x17eb6c0 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1869 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:03:35.820:107) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh staticd failed
type=PATH msg=audit(01/01/70 00:03:35.820:107) : item=1 name=/tmp/staticd inode=21572 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:03:35.820:107) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:03:35.820:107) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:03:35.820:107) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x24ae588 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1870 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:04:05.190:108) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:04:05.190:108) : opid=1380 oauid=unset ouid=ethernetip oses=-1 ocomm=ethernetip
type=SYSCALL msg=audit(01/01/70 00:04:05.190:108) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x564 a1=SIG0 a2=0x0 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:04:05.190:109) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:04:05.190:109) : opid=740 oauid=unset ouid=dummyd oses=-1 ocomm=dummyd
type=SYSCALL msg=audit(01/01/70 00:04:05.190:109) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x2e4 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:04:05.190:110) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:04:05.190:110) : opid=1379 oauid=unset ouid=dmf oses=-1 ocomm=dmfd
type=SYSCALL msg=audit(01/01/70 00:04:05.190:110) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x563 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:04:06.070:111) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh zebra started
type=PATH msg=audit(01/01/70 00:04:06.070:111) : item=1 name=/tmp/zebra inode=21571 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:04:06.070:111) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:04:06.070:111) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:04:06.070:111) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x190d560 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1888 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:04:06.140:112) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh zebra stopped
type=PATH msg=audit(01/01/70 00:04:06.140:112) : item=1 name=/tmp/zebra inode=21571 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:04:06.140:112) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:04:06.140:112) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:04:06.140:112) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x72c6c0 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1889 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:04:06.170:113) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh staticd failed
type=PATH msg=audit(01/01/70 00:04:06.170:113) : item=1 name=/tmp/staticd inode=21572 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:04:06.170:113) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:04:06.170:113) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:04:06.170:113) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x1bcc588 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1890 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:04:36.570:114) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:04:36.570:114) : opid=1380 oauid=unset ouid=ethernetip oses=-1 ocomm=ethernetip
type=SYSCALL msg=audit(01/01/70 00:04:36.570:114) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x564 a1=SIG0 a2=0x0 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:04:36.570:115) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:04:36.570:115) : opid=740 oauid=unset ouid=dummyd oses=-1 ocomm=dummyd
type=SYSCALL msg=audit(01/01/70 00:04:36.570:115) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x2e4 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:04:36.570:116) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:04:36.570:116) : opid=1379 oauid=unset ouid=dmf oses=-1 ocomm=dmfd
type=SYSCALL msg=audit(01/01/70 00:04:36.570:116) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x563 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:04:36.580:117) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh zebra started
type=PATH msg=audit(01/01/70 00:04:36.580:117) : item=1 name=/tmp/zebra inode=21571 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:04:36.580:117) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:04:36.580:117) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:04:36.580:117) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x2297560 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1900 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:04:36.670:118) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh zebra stopped
type=PATH msg=audit(01/01/70 00:04:36.670:118) : item=1 name=/tmp/zebra inode=21571 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:04:36.670:118) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:04:36.670:118) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:04:36.670:118) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x11c76c0 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1901 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:04:36.750:119) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh staticd failed
type=PATH msg=audit(01/01/70 00:04:36.750:119) : item=1 name=/tmp/staticd inode=21572 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:04:36.750:119) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:04:36.750:119) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:04:36.750:119) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x1424588 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1902 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:04:51.900:120) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:04:51.900:120) : opid=1380 oauid=unset ouid=ethernetip oses=-1 ocomm=ethernetip
type=SYSCALL msg=audit(01/01/70 00:04:51.900:120) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x564 a1=SIG0 a2=0x0 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:04:51.900:121) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:04:51.900:121) : opid=740 oauid=unset ouid=dummyd oses=-1 ocomm=dummyd
type=SYSCALL msg=audit(01/01/70 00:04:51.900:121) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x2e4 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:04:51.900:122) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:04:51.900:122) : opid=1379 oauid=unset ouid=dmf oses=-1 ocomm=dmfd
type=SYSCALL msg=audit(01/01/70 00:04:51.900:122) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x563 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:05:00.550:123) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:05:00.550:123) : opid=1380 oauid=unset ouid=ethernetip oses=-1 ocomm=ethernetip
type=SYSCALL msg=audit(01/01/70 00:05:00.550:123) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x564 a1=SIG0 a2=0x0 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:05:00.550:124) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:05:00.550:124) : opid=740 oauid=unset ouid=dummyd oses=-1 ocomm=dummyd
type=SYSCALL msg=audit(01/01/70 00:05:00.550:124) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x2e4 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:05:00.550:125) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:05:00.550:125) : opid=1379 oauid=unset ouid=dmf oses=-1 ocomm=dmfd
type=SYSCALL msg=audit(01/01/70 00:05:00.550:125) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x563 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:05:07.110:126) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:05:07.110:126) : opid=1380 oauid=unset ouid=ethernetip oses=-1 ocomm=ethernetip
type=SYSCALL msg=audit(01/01/70 00:05:07.110:126) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x564 a1=SIG0 a2=0x0 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:05:07.110:127) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:05:07.110:127) : opid=740 oauid=unset ouid=dummyd oses=-1 ocomm=dummyd
type=SYSCALL msg=audit(01/01/70 00:05:07.110:127) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x2e4 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:05:07.110:128) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:05:07.110:128) : opid=1379 oauid=unset ouid=dmf oses=-1 ocomm=dmfd
type=SYSCALL msg=audit(01/01/70 00:05:07.110:128) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x563 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:05:07.120:129) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh zebra started
type=PATH msg=audit(01/01/70 00:05:07.120:129) : item=1 name=/tmp/zebra inode=21571 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:05:07.120:129) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:05:07.120:129) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:05:07.120:129) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x1042560 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1935 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:05:07.190:130) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh zebra stopped
type=PATH msg=audit(01/01/70 00:05:07.190:130) : item=1 name=/tmp/zebra inode=21571 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:05:07.190:130) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:05:07.190:130) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:05:07.190:130) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x1a7f6c0 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1936 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:05:07.230:131) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh staticd failed
type=PATH msg=audit(01/01/70 00:05:07.230:131) : item=1 name=/tmp/staticd inode=21572 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:05:07.230:131) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:05:07.230:131) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:05:07.230:131) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x1e23588 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1937 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:05:37.570:132) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:05:37.570:132) : opid=1380 oauid=unset ouid=ethernetip oses=-1 ocomm=ethernetip
type=SYSCALL msg=audit(01/01/70 00:05:37.570:132) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x564 a1=SIG0 a2=0x0 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:05:37.570:133) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:05:37.570:133) : opid=740 oauid=unset ouid=dummyd oses=-1 ocomm=dummyd
type=SYSCALL msg=audit(01/01/70 00:05:37.570:133) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x2e4 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:05:37.570:134) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:05:37.570:134) : opid=1379 oauid=unset ouid=dmf oses=-1 ocomm=dmfd
type=SYSCALL msg=audit(01/01/70 00:05:37.570:134) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x563 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:05:37.580:135) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh zebra started
type=PATH msg=audit(01/01/70 00:05:37.580:135) : item=1 name=/tmp/zebra inode=21571 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:05:37.580:135) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:05:37.580:135) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:05:37.580:135) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x1885560 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1947 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:05:37.680:136) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh zebra stopped
type=PATH msg=audit(01/01/70 00:05:37.680:136) : item=1 name=/tmp/zebra inode=21571 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:05:37.680:136) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:05:37.680:136) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:05:37.680:136) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x17516c0 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1948 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:05:37.710:137) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh staticd failed
type=PATH msg=audit(01/01/70 00:05:37.710:137) : item=1 name=/tmp/staticd inode=21572 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:05:37.710:137) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:05:37.710:137) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:05:37.710:137) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x639588 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1949 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:06:02.880:138) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:06:02.880:138) : opid=1380 oauid=unset ouid=ethernetip oses=-1 ocomm=ethernetip
type=SYSCALL msg=audit(01/01/70 00:06:02.880:138) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x564 a1=SIG0 a2=0x0 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:06:02.880:139) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:06:02.880:139) : opid=740 oauid=unset ouid=dummyd oses=-1 ocomm=dummyd
type=SYSCALL msg=audit(01/01/70 00:06:02.880:139) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x2e4 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:06:02.880:140) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:06:02.880:140) : opid=1379 oauid=unset ouid=dmf oses=-1 ocomm=dmfd
type=SYSCALL msg=audit(01/01/70 00:06:02.880:140) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x563 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:06:08.060:141) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:06:08.060:141) : opid=1380 oauid=unset ouid=ethernetip oses=-1 ocomm=ethernetip
type=SYSCALL msg=audit(01/01/70 00:06:08.060:141) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x564 a1=SIG0 a2=0x0 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:06:08.060:142) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:06:08.060:142) : opid=740 oauid=unset ouid=dummyd oses=-1 ocomm=dummyd
type=SYSCALL msg=audit(01/01/70 00:06:08.060:142) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x2e4 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:06:08.060:143) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:06:08.060:143) : opid=1379 oauid=unset ouid=dmf oses=-1 ocomm=dmfd
type=SYSCALL msg=audit(01/01/70 00:06:08.060:143) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x563 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:06:08.070:144) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh zebra started
type=PATH msg=audit(01/01/70 00:06:08.070:144) : item=1 name=/tmp/zebra inode=21571 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:06:08.070:144) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:06:08.070:144) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:06:08.070:144) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0xe3f560 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1961 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:06:08.160:145) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh zebra stopped
type=PATH msg=audit(01/01/70 00:06:08.160:145) : item=1 name=/tmp/zebra inode=21571 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:06:08.160:145) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:06:08.160:145) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:06:08.160:145) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x8976c0 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1962 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:06:08.200:146) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh staticd failed
type=PATH msg=audit(01/01/70 00:06:08.200:146) : item=1 name=/tmp/staticd inode=21572 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:06:08.200:146) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:06:08.200:146) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:06:08.200:146) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x1730588 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1963 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:06:38.570:147) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:06:38.570:147) : opid=1380 oauid=unset ouid=ethernetip oses=-1 ocomm=ethernetip
type=SYSCALL msg=audit(01/01/70 00:06:38.570:147) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x564 a1=SIG0 a2=0x0 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:06:38.570:148) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:06:38.570:148) : opid=740 oauid=unset ouid=dummyd oses=-1 ocomm=dummyd
type=SYSCALL msg=audit(01/01/70 00:06:38.570:148) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x2e4 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:06:38.570:149) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:06:38.570:149) : opid=1379 oauid=unset ouid=dmf oses=-1 ocomm=dmfd
type=SYSCALL msg=audit(01/01/70 00:06:38.570:149) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x563 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:06:38.570:150) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh zebra started
type=PATH msg=audit(01/01/70 00:06:38.570:150) : item=1 name=/tmp/zebra inode=21571 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:06:38.570:150) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:06:38.570:150) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:06:38.570:150) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x153b560 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1973 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:06:38.660:151) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh zebra stopped
type=PATH msg=audit(01/01/70 00:06:38.660:151) : item=1 name=/tmp/zebra inode=21571 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:06:38.660:151) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:06:38.660:151) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:06:38.660:151) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x8f56c0 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1974 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:06:38.710:152) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh staticd failed
type=PATH msg=audit(01/01/70 00:06:38.710:152) : item=1 name=/tmp/staticd inode=21572 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:06:38.710:152) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:06:38.710:152) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:06:38.710:152) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x1afe588 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1975 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:07:02.920:153) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:07:02.920:153) : opid=1380 oauid=unset ouid=ethernetip oses=-1 ocomm=ethernetip
type=SYSCALL msg=audit(01/01/70 00:07:02.920:153) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x564 a1=SIG0 a2=0x0 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:07:02.920:154) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:07:02.920:154) : opid=740 oauid=unset ouid=dummyd oses=-1 ocomm=dummyd
type=SYSCALL msg=audit(01/01/70 00:07:02.920:154) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x2e4 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:07:02.920:155) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:07:02.920:155) : opid=1379 oauid=unset ouid=dmf oses=-1 ocomm=dmfd
type=SYSCALL msg=audit(01/01/70 00:07:02.920:155) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x563 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:07:09.060:156) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:07:09.060:156) : opid=1380 oauid=unset ouid=ethernetip oses=-1 ocomm=ethernetip
type=SYSCALL msg=audit(01/01/70 00:07:09.060:156) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x564 a1=SIG0 a2=0x0 a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:07:09.060:157) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:07:09.060:157) : opid=740 oauid=unset ouid=dummyd oses=-1 ocomm=dummyd
type=SYSCALL msg=audit(01/01/70 00:07:09.060:157) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x2e4 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:07:09.060:158) : proctitle=/lib/systemd/systemd-journald
type=OBJ_PID msg=audit(01/01/70 00:07:09.060:158) : opid=1379 oauid=unset ouid=dmf oses=-1 ocomm=dmfd
type=SYSCALL msg=audit(01/01/70 00:07:09.060:158) : arch=armeb syscall=kill per=PER_LINUX success=no exit=EPERM(Operation not permitted) a0=0x563 a1=SIG0 a2=0xbc a3=0xffffffff items=0 ppid=1 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/lib/systemd/systemd-journald key=access
----
type=PROCTITLE msg=audit(01/01/70 00:07:09.070:159) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh zebra started
type=PATH msg=audit(01/01/70 00:07:09.070:159) : item=1 name=/tmp/zebra inode=21571 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:07:09.070:159) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:07:09.070:159) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:07:09.070:159) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x226e560 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1986 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:07:09.160:160) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh zebra stopped
type=PATH msg=audit(01/01/70 00:07:09.160:160) : item=1 name=/tmp/zebra inode=21571 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:07:09.160:160) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:07:09.160:160) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:07:09.160:160) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x1acc6c0 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1987 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
----
type=PROCTITLE msg=audit(01/01/70 00:07:09.190:161) : proctitle=/bin/sh /usr/bin/dmf-unit-status-report.sh staticd failed
type=PATH msg=audit(01/01/70 00:07:09.190:161) : item=1 name=/tmp/staticd inode=21572 dev=00:14 mode=fifo,640 ouid=dmf ogid=dmf rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(01/01/70 00:07:09.190:161) : item=0 name=/tmp/ inode=6771 dev=00:14 mode=dir,sticky,777 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(01/01/70 00:07:09.190:161) : cwd=/
type=SYSCALL msg=audit(01/01/70 00:07:09.190:161) : arch=armeb syscall=openat per=PER_LINUX success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x1315588 a2=O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW a3=0x1b6 items=2 ppid=1 pid=1988 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dmf-unit-status exe=/bin/bash.bash key=access
root@XR-300-VPN2000560:~#

59
test/audit/ausearch.log.ref Normal file
View file

@ -0,0 +1,59 @@
# ausearch --interpret
# features: v2.3 audit default
{"types": ["CONFIG_CHANGE"]}
{"types": ["DAEMON_START"]}
{"types": ["NETFILTER_CFG"]}
{"types": ["PROCTITLE", "SYSCALL", "ANOM_PROMISCUOUS"], "proctitle": "/usr/bin/pniod", "syscall": "setsockopt", "exit": "0"}
{"types": ["PROCTITLE", "OBJ_PID", "SYSCALL"], "proctitle": "/lib/systemd/systemd-journald", "syscall": "kill", "exit": "EPERM"} # ignore # this sometimes happens with T02.03.00.00_01.01.97 as well. TODO: Verify this
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_clock/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_lib_ring_buffer/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_block/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_compaction/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_ext4/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_gpio/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_i2c/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_irq/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_jbd2/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_kmem/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_module/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_napi/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_net/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_power/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_printk/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_random/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_rcu/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_regmap/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_sched/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_scsi/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_signal/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_skb/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_sock/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_statedump/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_sunrpc/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_timer/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_udp/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_vmscan/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_probe_workqueue/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_ring_buffer_client_discard/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_ring_buffer_client_mmap_discard/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_ring_buffer_client_mmap_overwrite/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_ring_buffer_client_overwrite/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_ring_buffer_metadata_client/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_ring_buffer_metadata_mmap_client/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_statedump/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_tracer/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/lttng_wrapper/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/rcksapi/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/rcksapi_common/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "PATH", "CWD", "SYSCALL"], "proctitle": "/lib/systemd/systemd-udevd", "name": "/sys/module/rcksapi_layer3/uevent", "syscall": "openat", "exit": "EACCES"}
{"types": ["PROCTITLE", "SYSCALL"], "proctitle": "/usr/bin/cdb_upgrade_mgr", "syscall": "futex", "exit": "EPERM"}
{"types": ["PROCTITLE", "SYSCALL"], "proctitle": "/usr/bin/csrp_confd_phase_sync", "syscall": "futex", "exit": "EPERM"}
{"types": ["PROCTITLE", "SYSCALL"], "proctitle": "/usr/bin/device-panel", "syscall": "futex", "exit": "EPERM"}
{"types": ["PROCTITLE", "SYSCALL"], "proctitle": "/usr/bin/dmfd", "syscall": "futex", "exit": "EPERM"}
{"types": ["PROCTITLE", "SYSCALL"], "proctitle": "/usr/bin/ethernetip", "syscall": "futex", "exit": "EPERM"}
{"types": ["PROCTITLE", "SYSCALL"], "proctitle": "/usr/bin/iec61850", "syscall": "futex", "exit": "EPERM"}
{"types": ["PROCTITLE", "SYSCALL"], "proctitle": "/usr/bin/pniod", "syscall": "futex", "exit": "EPERM"}
{"types": ["PROCTITLE", "SYSCALL"], "proctitle": "/usr/bin/switch-mgmt", "syscall": "futex", "exit": "EPERM"}
{"types": ["PROCTITLE", "SYSCALL"], "proctitle": "/usr/sbin/cmd", "syscall": "futex", "exit": "EPERM"}
{"types": ["PROCTITLE", "SYSCALL"], "proctitle": "/usr/sbin/logstoraged", "syscall": "futex", "exit": "EPERM"}
{"types": ["PROCTITLE", "SYSCALL"], "proctitle": "cdb_upgrade_mgr", "syscall": "futex", "exit": "EPERM"} # ignore # doesn't seem to be always there

14
test/audit/test.py Normal file
View file

@ -0,0 +1,14 @@
#!/usr/bin/python3
from jwutils.misc import multi_regex_edit
from jwutils.log import *
from devtest.os.test.cases import Audit as TestCase
if __name__ == '__main__':
set_level(INFO)
refpath = 'ausearch.log.ref'
fake_input = 'ausearch.log.fake-input'
with open(fake_input, "r") as f:
lines = f.readlines()
features = set(['polp'])
print(TestCase(refpath, write_response=True).test(lines, features))