type=DAEMON_START msg=audit(1266264535.733:1475): auditd start, ver=1.7.13 format=raw kernel=2.6.18-164.el5 auid=4294967295 pid=1468 subj=system_u:system_r:auditd_t:s0 res=success type=CONFIG_CHANGE msg=audit(1266264535.837:4): audit_enabled=1 old=0 by auid=4294967295 subj=system_u:system_r:auditd_t:s0 res=1 type=CONFIG_CHANGE msg=audit(1266264535.870:5): audit_backlog_limit=320 old=64 by auid=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1 type=USER_ACCT msg=audit(1266265044.825:6): user pid=1847 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: accounting acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_ACQ msg=audit(1266265044.914:7): user pid=1847 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=LOGIN msg=audit(1266265044.917:8): login pid=1847 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1 type=USER_START msg=audit(1266265044.917:9): user pid=1847 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session open acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_LOGIN msg=audit(1266265044.956:10): user pid=1849 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='uid=0: exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=/dev/pts/0 res=success)' type=CRED_REFR msg=audit(1266265044.960:11): user pid=1849 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_DISP msg=audit(1266265655.001:12): user pid=1847 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_END msg=audit(1266265655.001:13): user pid=1847 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session close acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_ACCT msg=audit(1266265991.973:14): user pid=1869 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: accounting acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_ACQ msg=audit(1266265992.052:15): user pid=1869 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=LOGIN msg=audit(1266265992.054:16): login pid=1869 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=2 type=USER_START msg=audit(1266265992.054:17): user pid=1869 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session open acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_REFR msg=audit(1266265992.067:18): user pid=1871 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_DISP msg=audit(1266265992.393:19): user pid=1869 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_END msg=audit(1266265992.394:20): user pid=1869 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session close acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=DAEMON_END msg=audit(1266265996.563:1476): auditd normal halt, sending auid=4294967295 pid=2054 subj=system_u:system_r:initrc_t:s0 res=success type=DAEMON_START msg=audit(1266266069.521:7686): auditd start, ver=1.7.13 format=raw kernel=2.6.18-164.el5 auid=4294967295 pid=1489 subj=system_u:system_r:auditd_t:s0 res=success type=CONFIG_CHANGE msg=audit(1266266069.624:4): audit_enabled=1 old=0 by auid=4294967295 subj=system_u:system_r:auditd_t:s0 res=1 type=CONFIG_CHANGE msg=audit(1266266069.640:5): audit_backlog_limit=320 old=64 by auid=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1 type=USER_ACCT msg=audit(1266266291.719:6): user pid=1868 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: accounting acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_ACQ msg=audit(1266266291.798:7): user pid=1868 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=LOGIN msg=audit(1266266291.800:8): login pid=1868 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1 type=USER_START msg=audit(1266266291.800:9): user pid=1868 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session open acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_REFR msg=audit(1266266291.814:10): user pid=1870 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_DISP msg=audit(1266266292.235:11): user pid=1868 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_END msg=audit(1266266292.237:12): user pid=1868 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session close acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_ACCT msg=audit(1266266299.904:13): user pid=1919 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: accounting acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_ACQ msg=audit(1266266299.977:14): user pid=1919 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=LOGIN msg=audit(1266266299.978:15): login pid=1919 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=2 type=USER_START msg=audit(1266266299.978:16): user pid=1919 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session open acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_REFR msg=audit(1266266299.992:17): user pid=1921 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_DISP msg=audit(1266266300.386:18): user pid=1919 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_END msg=audit(1266266300.386:19): user pid=1919 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session close acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_ACCT msg=audit(1266266306.537:20): user pid=1970 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: accounting acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_ACQ msg=audit(1266266306.610:21): user pid=1970 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=LOGIN msg=audit(1266266306.611:22): login pid=1970 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=3 type=USER_START msg=audit(1266266306.612:23): user pid=1970 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session open acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_LOGIN msg=audit(1266266306.634:24): user pid=1972 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='uid=0: exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=/dev/pts/0 res=success)' type=CRED_REFR msg=audit(1266266306.637:25): user pid=1972 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_DISP msg=audit(1266266440.618:26): user pid=1970 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_END msg=audit(1266266440.619:27): user pid=1970 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session close acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_AUTH msg=audit(1266266594.029:28): user pid=1783 uid=0 auid=4294967295 subj=system_u:system_r:saslauthd_t:s0 msg='PAM: authentication acct="root" : exe="/usr/sbin/saslauthd" (hostname=?, addr=?, terminal=? res=success)' type=USER_ACCT msg=audit(1266266594.048:29): user pid=1783 uid=0 auid=4294967295 subj=system_u:system_r:saslauthd_t:s0 msg='PAM: accounting acct="root" : exe="/usr/sbin/saslauthd" (hostname=?, addr=?, terminal=? res=success)' type=AVC msg=audit(1266266611.806:30): avc: denied { write } for pid=2266 comm="clurgmgrd" path="pipe:[10687]" dev=pipefs ino=10687 scontext=system_u:system_r:rgmanager_t:s0 tcontext=system_u:system_r:ricci_modcluster_t:s0 tclass=fifo_file type=AVC msg=audit(1266266611.806:30): avc: denied { write } for pid=2266 comm="clurgmgrd" path="pipe:[10688]" dev=pipefs ino=10688 scontext=system_u:system_r:rgmanager_t:s0 tcontext=system_u:system_r:ricci_modcluster_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1266266611.806:30): arch=c000003e syscall=59 success=yes exit=0 a0=1e583540 a1=1e583250 a2=1e583b20 a3=0 items=0 ppid=2265 pid=2266 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="clurgmgrd" exe="/usr/sbin/clurgmgrd" subj=system_u:system_r:rgmanager_t:s0 key=(null) type=AVC msg=audit(1266266611.992:31): avc: denied { sys_admin } for pid=2273 comm="clurgmgrd" capability=21 scontext=system_u:system_r:rgmanager_t:s0 tcontext=system_u:system_r:rgmanager_t:s0 tclass=capability type=SYSCALL msg=audit(1266266611.992:31): arch=c000003e syscall=1 success=no exit=-1 a0=7 a1=7fff294ca210 a2=81 a3=0 items=0 ppid=2267 pid=2273 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="clurgmgrd" exe="/usr/sbin/clurgmgrd" subj=system_u:system_r:rgmanager_t:s0 key=(null) type=USER_ACCT msg=audit(1266266917.395:32): user pid=2383 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: accounting acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_ACQ msg=audit(1266266917.473:33): user pid=2383 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=LOGIN msg=audit(1266266917.475:34): login pid=2383 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=4 type=USER_START msg=audit(1266266917.475:35): user pid=2383 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session open acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_LOGIN msg=audit(1266266917.490:36): user pid=2385 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='uid=0: exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=/dev/pts/0 res=success)' type=CRED_REFR msg=audit(1266266917.492:37): user pid=2385 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_DISP msg=audit(1266266926.970:38): user pid=2383 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_END msg=audit(1266266926.971:39): user pid=2383 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session close acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_ACCT msg=audit(1266266938.533:40): user pid=2408 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: accounting acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_ACQ msg=audit(1266266938.606:41): user pid=2408 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=LOGIN msg=audit(1266266938.608:42): login pid=2408 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=5 type=USER_START msg=audit(1266266938.608:43): user pid=2408 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session open acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_LOGIN msg=audit(1266266938.623:44): user pid=2410 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='uid=0: exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=/dev/pts/0 res=success)' type=CRED_REFR msg=audit(1266266938.625:45): user pid=2410 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_DISP msg=audit(1266267010.942:46): user pid=2408 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_END msg=audit(1266267010.943:47): user pid=2408 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session close acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_ACCT msg=audit(1266267025.182:48): user pid=2449 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: accounting acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_ACQ msg=audit(1266267025.254:49): user pid=2449 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=LOGIN msg=audit(1266267025.255:50): login pid=2449 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=6 type=USER_START msg=audit(1266267025.255:51): user pid=2449 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session open acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_REFR msg=audit(1266267025.267:52): user pid=2451 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_DISP msg=audit(1266267025.327:53): user pid=2449 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_END msg=audit(1266267025.340:54): user pid=2449 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session close acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=AVC msg=audit(1266267155.596:55): avc: denied { read } for pid=2719 comm="modinfo" name="/" dev=dm-2 ino=22 scontext=system_u:system_r:ricci_modstorage_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir type=SYSCALL msg=audit(1266267155.596:55): arch=c000003e syscall=2 success=no exit=-13 a0=7ffff1c0aeda a1=0 a2=1b6 a3=0 items=0 ppid=2663 pid=2719 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modinfo" exe="/sbin/modinfo" subj=system_u:system_r:ricci_modstorage_t:s0 key=(null) type=USER_ACCT msg=audit(1266267180.034:56): user pid=2731 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: accounting acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_ACQ msg=audit(1266267180.120:57): user pid=2731 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=LOGIN msg=audit(1266267180.122:58): login pid=2731 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=7 type=USER_START msg=audit(1266267180.122:59): user pid=2731 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session open acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_REFR msg=audit(1266267180.135:60): user pid=2733 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_DISP msg=audit(1266267180.259:61): user pid=2731 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_END msg=audit(1266267180.260:62): user pid=2731 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session close acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_ACCT msg=audit(1266267190.960:63): user pid=2741 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: accounting acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_ACQ msg=audit(1266267191.054:64): user pid=2741 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=LOGIN msg=audit(1266267191.055:65): login pid=2741 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=8 type=USER_START msg=audit(1266267191.055:66): user pid=2741 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session open acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_LOGIN msg=audit(1266267191.075:67): user pid=2743 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='uid=0: exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=/dev/pts/0 res=success)' type=CRED_REFR msg=audit(1266267191.077:68): user pid=2743 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_DISP msg=audit(1266267202.082:69): user pid=2741 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_END msg=audit(1266267202.083:70): user pid=2741 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session close acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_ACCT msg=audit(1266267469.881:71): user pid=2818 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: accounting acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_ACQ msg=audit(1266267469.953:72): user pid=2818 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=LOGIN msg=audit(1266267469.955:73): login pid=2818 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=9 type=USER_START msg=audit(1266267469.955:74): user pid=2818 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session open acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_LOGIN msg=audit(1266267469.970:75): user pid=2820 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='uid=0: exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=/dev/pts/0 res=success)' type=CRED_REFR msg=audit(1266267469.972:76): user pid=2820 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_ACCT msg=audit(1266267661.754:77): user pid=2877 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)' type=CRED_ACQ msg=audit(1266267661.757:78): user pid=2877 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)' type=LOGIN msg=audit(1266267661.758:79): login pid=2877 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=10 type=USER_START msg=audit(1266267661.763:80): user pid=2877 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)' type=CRED_DISP msg=audit(1266267661.783:81): user pid=2877 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)' type=USER_END msg=audit(1266267661.784:82): user pid=2877 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)' type=AVC msg=audit(1266267744.880:83): avc: denied { sys_admin } for pid=2919 comm="clurgmgrd" capability=21 scontext=root:system_r:rgmanager_t:s0 tcontext=root:system_r:rgmanager_t:s0 tclass=capability type=SYSCALL msg=audit(1266267744.880:83): arch=c000003e syscall=1 success=no exit=-1 a0=7 a1=7fff0b3fb310 a2=81 a3=0 items=0 ppid=2917 pid=2919 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="clurgmgrd" exe="/usr/sbin/clurgmgrd" subj=root:system_r:rgmanager_t:s0 key=(null) type=CRED_DISP msg=audit(1266268031.186:84): user pid=2818 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_END msg=audit(1266268031.187:85): user pid=2818 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session close acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_ACCT msg=audit(1266268081.900:86): user pid=3001 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: accounting acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_ACQ msg=audit(1266268081.997:87): user pid=3001 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=LOGIN msg=audit(1266268081.999:88): login pid=3001 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=11 type=USER_START msg=audit(1266268081.999:89): user pid=3001 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session open acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_REFR msg=audit(1266268082.038:90): user pid=3003 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_DISP msg=audit(1266268082.126:91): user pid=3001 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_END msg=audit(1266268082.127:92): user pid=3001 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session close acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_ACCT msg=audit(1266268091.760:93): user pid=3010 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: accounting acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_ACQ msg=audit(1266268091.833:94): user pid=3010 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=LOGIN msg=audit(1266268091.834:95): login pid=3010 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=12 type=USER_START msg=audit(1266268091.834:96): user pid=3010 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session open acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_REFR msg=audit(1266268091.848:97): user pid=3012 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_DISP msg=audit(1266268092.139:98): user pid=3010 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=USER_END msg=audit(1266268092.145:99): user pid=3010 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session close acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=DAEMON_END msg=audit(1266268117.987:7687): auditd normal halt, sending auid=4294967295 pid=3319 subj=system_u:system_r:initrc_t:s0 res=success type=DAEMON_START msg=audit(1266268190.829:7768): auditd start, ver=1.7.13 format=raw kernel=2.6.18-164.el5 auid=4294967295 pid=1498 subj=system_u:system_r:auditd_t:s0 res=success type=CONFIG_CHANGE msg=audit(1266268190.932:3): audit_enabled=1 old=0 by auid=4294967295 subj=system_u:system_r:auditd_t:s0 res=1 type=CONFIG_CHANGE msg=audit(1266268190.948:4): audit_backlog_limit=320 old=64 by auid=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1 type=AVC msg=audit(1266268207.063:5): avc: denied { execute } for pid=1939 comm="vm.sh" name="ocf-shellfuncs" dev=dm-0 ino=265684 scontext=system_u:system_r:rgmanager_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file type=SYSCALL msg=audit(1266268207.063:5): arch=c000003e syscall=21 success=yes exit=0 a0=ca18260 a1=1 a2=0 a3=0 items=0 ppid=1923 pid=1939 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="vm.sh" exe="/bin/bash" subj=system_u:system_r:rgmanager_t:s0 key=(null) type=AVC msg=audit(1266268212.342:6): avc: denied { execute_no_trans } for pid=2447 comm="clurgmgrd" path="/usr/share/cluster/ocf-shellfuncs" dev=dm-0 ino=265684 scontext=system_u:system_r:rgmanager_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file type=SYSCALL msg=audit(1266268212.342:6): arch=c000003e syscall=59 success=no exit=-8 a0=7fff8940a090 a1=7fff89407d20 a2=7fff8940abc8 a3=0 items=0 ppid=1923 pid=2447 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="clurgmgrd" exe="/usr/sbin/clurgmgrd" subj=system_u:system_r:rgmanager_t:s0 key=(null) type=AVC msg=audit(1266268213.450:7): avc: denied { execute } for pid=2493 comm="ip.sh" name="ocf-shellfuncs" dev=dm-0 ino=265684 scontext=system_u:system_r:rgmanager_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file type=SYSCALL msg=audit(1266268213.450:7): arch=c000003e syscall=21 success=yes exit=0 a0=1a56cad0 a1=1 a2=0 a3=8 items=0 ppid=1923 pid=2493 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip.sh" exe="/bin/bash" subj=system_u:system_r:rgmanager_t:s0 key=(null) type=USER_ACCT msg=audit(1266268436.786:8): user pid=2626 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: accounting acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_ACQ msg=audit(1266268436.861:9): user pid=2626 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=LOGIN msg=audit(1266268436.864:10): login pid=2626 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1 type=USER_START msg=audit(1266268436.864:11): user pid=2626 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session open acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)' type=CRED_REFR msg=audit(1266268436.871:12): user pid=2628 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct="root" : exe="/usr/sbin/sshd" (hostname=172.31.228.1, addr=172.31.228.1, terminal=ssh res=success)'