17,1129631362,541771,/var/audit/20051014102249.20051018102922.spartacus.wjs.org 21,94,2,6159,0x0000,192.168.1.11,1129631531,259021961 36,100,0,1,100,1,1555,1767455497,14252 22 192.168.1.9 40,success for user root 39,0,0 121,240,2,289,0x0000,192.168.1.11,1129631608,869250727 45,2,0x2,op 56,Inheritable,file_link_any,proc_exec,proc_fork,proc_info,proc_session 56,Inheritable,file_link_any,proc_exec,proc_fork,proc_info,proc_session 117,101,0,1,0,1,1568,1349428981,14252 65559 192.168.1.9 39,0,0 121,99,2,241,0x0000,192.168.1.11,1129631608,877929875 45,0,0x621,child PID 117,101,0,1,0,1,1568,1349428981,14252 65559 192.168.1.9 39,0,0 121,108,2,200,0x0080,192.168.1.11,1129631608,887406044 45,1,0x65,uid 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 57,1,proc_setid 39,0,0 121,129,2,8,0x0000,192.168.1.11,1129631608,887589062 35,/home/audit 115,40755,101,1,136,359557,0 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,0 121,131,2,23,0x0000,192.168.1.11,1129631608,907901253 35,/usr/bin/bash 115,100555,0,2,136,20880,0 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,0 121,119,2,8,0x0000,192.168.1.11,1129631608,921170613 35,/ 115,40755,0,0,136,2,0 117,101,0,1,0,1,1568,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x0000,192.168.1.11,1129631608,940500262 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,1568 121,81,2,27,0x0000,192.168.1.11,1129631608,941308609 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,1568 121,81,2,27,0x0000,192.168.1.11,1129631608,941416308 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x0000,192.168.1.11,1129631608,941898193 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,1568 121,99,2,241,0x0000,192.168.1.11,1129631608,951140271 45,0,0x622,child PID 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,0 121,148,2,23,0x0000,192.168.1.11,1129631608,963625984 35,/usr/sbin/usr/lib/fs/ufs/quota 115,104555,0,2,136,522,0 117,101,0,1,101,1,1570,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,1,0x0000,192.168.1.11,1129631608,985222408 117,101,0,1,101,1,1570,1349428981,14252 65559 192.168.1.9 39,0,0 121,99,2,241,0x0000,192.168.1.11,1129631608,989516186 45,0,0x623,child PID 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,0 121,130,2,23,0x0000,192.168.1.11,1129631609,1854245 35,/usr/bin/cat 115,100555,0,2,136,249,0 117,101,101,1,101,1,1571,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,1,0x0000,192.168.1.11,1129631609,14285826 117,101,101,1,101,1,1571,1349428981,14252 65559 192.168.1.9 39,0,0 121,99,2,241,0x0000,192.168.1.11,1129631609,17570677 45,0,0x624,child PID 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,0 121,131,2,23,0x0000,192.168.1.11,1129631609,30285707 35,/usr/bin/mail 115,102511,0,6,136,343,0 117,101,101,6,101,1,1572,1349428981,14252 65559 192.168.1.9 39,0,0 121,93,2,214,0x0000,192.168.1.11,1129631609,52943542 45,1,0x1,gid 117,101,101,1,101,1,1572,1349428981,14252 65559 192.168.1.9 39,0,0 121,93,2,214,0x0000,192.168.1.11,1129631609,53392286 45,1,0x6,gid 117,101,101,6,101,1,1572,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,1,0x0000,192.168.1.11,1129631609,54062293 117,101,101,6,101,1,1572,1349428981,14252 65559 192.168.1.9 39,0,0 121,99,2,241,0x0000,192.168.1.11,1129631609,68452883 45,0,0x625,child PID 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,0 121,99,2,241,0x0000,192.168.1.11,1129631609,81790901 45,0,0x626,child PID 117,101,101,1,101,1,1573,1349428981,14252 65559 192.168.1.9 39,0,0 121,135,2,23,0x0000,192.168.1.11,1129631609,93831249 35,/usr/bin/hostname 115,100555,0,2,136,320,0 117,101,101,1,101,1,1574,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x0000,192.168.1.11,1129631609,100619908 117,101,101,1,101,1,1574,1349428981,14252 65559 192.168.1.9 39,0,1569 121,81,2,27,0x0000,192.168.1.11,1129631609,100680651 117,101,101,1,101,1,1574,1349428981,14252 65559 192.168.1.9 39,0,1568 121,99,2,241,0x0000,192.168.1.11,1129631609,106534287 45,0,0x627,child PID 117,101,101,1,101,1,1574,1349428981,14252 65559 192.168.1.9 39,0,0 121,137,2,23,0x0000,192.168.1.11,1129631609,114890418 35,/usr/bin/sbin/uname 115,100555,0,2,136,1677,0 117,101,101,1,101,1,1575,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,1,0x0000,192.168.1.11,1129631609,124764782 117,101,101,1,101,1,1575,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,1,0x0000,192.168.1.11,1129631609,129661511 117,101,101,1,101,1,1574,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,1,0x0000,192.168.1.11,1129631609,133818502 117,101,101,1,101,1,1573,1349428981,14252 65559 192.168.1.9 39,0,0 121,99,2,241,0x0000,192.168.1.11,1129631609,141621386 45,0,0x628,child PID 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,0 121,131,2,23,0x0000,192.168.1.11,1129631609,155247544 35,/usr/bin/echo 115,100555,0,2,136,290,0 117,101,101,1,101,1,1576,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,1,0x0000,192.168.1.11,1129631609,166113435 117,101,101,1,101,1,1576,1349428981,14252 65559 192.168.1.9 39,0,0 121,99,2,241,0x0000,192.168.1.11,1129631609,168897978 45,0,0x629,child PID 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,0 121,131,2,23,0x0000,192.168.1.11,1129631609,181124553 35,/usr/bin/echo 115,100555,0,2,136,290,0 117,101,101,1,101,1,1577,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,1,0x0000,192.168.1.11,1129631609,189296007 117,101,101,1,101,1,1577,1349428981,14252 65559 192.168.1.9 39,0,0 121,129,2,8,0x0000,192.168.1.11,1129631609,204051365 35,/home/audit 115,40755,101,1,136,359557,0 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,0 121,99,2,241,0x0000,192.168.1.11,1129631609,205184174 45,0,0x62a,child PID 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,0 121,131,2,23,0x0000,192.168.1.11,1129631609,218858196 35,/usr/bin/echo 115,100555,0,2,136,290,0 117,101,101,1,101,1,1578,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,1,0x0000,192.168.1.11,1129631609,227825485 117,101,101,1,101,1,1578,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x0000,192.168.1.11,1129631609,238886566 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,1568 121,99,2,241,0x0000,192.168.1.11,1129631610,460456514 45,0,0x62b,child PID 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x0000,192.168.1.11,1129631610,467267886 117,101,101,1,101,1,1579,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x0000,192.168.1.11,1129631610,467443199 117,101,101,1,101,1,1579,1349428981,14252 65559 192.168.1.9 39,0,1568 121,129,2,23,0x0000,192.168.1.11,1129631610,473061704 35,/usr/bin/ls 115,100555,0,2,136,341,0 117,101,101,1,101,1,1579,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x8000,192.168.1.11,1129631610,481195630 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,13,-1 121,81,2,27,0x0000,192.168.1.11,1129631610,481758485 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,1568 121,81,2,1,0x0000,192.168.1.11,1129631610,492846080 117,101,101,1,101,1,1579,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x0000,192.168.1.11,1129631610,494583733 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,1568 121,81,2,27,0x0000,192.168.1.11,1129631610,495221619 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,1568 121,99,2,241,0x0000,192.168.1.11,1129631612,310503639 45,0,0x62c,child PID 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x0000,192.168.1.11,1129631612,318606750 117,101,101,1,101,1,1580,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x0000,192.168.1.11,1129631612,318781204 117,101,101,1,101,1,1580,1349428981,14252 65559 192.168.1.9 39,0,1568 121,138,2,23,0x0000,192.168.1.11,1129631612,324265918 35,/home/audit/tprocess 115,100755,101,1,136,359579,0 117,101,101,1,101,1,1580,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x8000,192.168.1.11,1129631612,330652855 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,13,-1 121,81,2,27,0x0000,192.168.1.11,1129631612,331155386 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,1568 121,150,2,26,0x8100,192.168.1.11,1129631612,331922988 45,1,0x0,setgroups 45,1,0x3,setgroups 45,1,0x4,setgroups 117,101,101,1,101,1,1580,1349428981,14252 65559 192.168.1.9 57,0,proc_setid 39,1,-1 121,81,2,27,0x0000,192.168.1.11,1129631612,334931812 117,101,101,1,101,1,1580,1349428981,14252 65559 192.168.1.9 39,0,0 121,108,2,205,0x8100,192.168.1.11,1129631612,335026792 45,1,0x63,gid 117,101,101,1,101,1,1580,1349428981,14252 65559 192.168.1.9 57,0,proc_setid 39,1,-1 121,108,2,214,0x8100,192.168.1.11,1129631612,335517100 45,1,0x63,gid 117,101,101,1,101,1,1580,1349428981,14252 65559 192.168.1.9 57,0,proc_setid 39,1,-1 121,102,2,215,0x8100,192.168.1.11,1129631612,335992851 45,1,0x0,euid 117,101,101,1,101,1,1580,1349428981,14252 65559 192.168.1.9 57,0,ALL 39,1,-1 121,108,2,200,0x8100,192.168.1.11,1129631612,338674094 45,1,0x63,uid 117,101,101,1,101,1,1580,1349428981,14252 65559 192.168.1.9 57,0,proc_setid 39,1,-1 121,81,2,27,0x8000,192.168.1.11,1129631612,339128206 117,101,101,1,101,1,1580,1349428981,14252 65559 192.168.1.9 39,1,-1 121,112,2,212,0x0000,192.168.1.11,1129631612,340956461 45,1,0x1,pc_version 45,3,0x6,cmd 117,101,101,1,101,1,1580,1349428981,14252 65559 192.168.1.9 39,0,0 121,137,2,15,0x0000,192.168.1.11,1129631612,341577663 45,2,0x10,signal 119,101,101,1,101,1,1580,1349428981,14252 65559 192.168.1.9 117,101,101,1,101,1,1580,1349428981,14252 65559 192.168.1.9 39,0,0 121,112,2,15,0x0000,192.168.1.11,1129631612,341631780 45,2,0x11,signal 45,1,0x0,process 117,101,101,1,101,1,1580,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,1,0x0000,192.168.1.11,1129631612,342324341 117,101,101,1,101,1,1580,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x0000,192.168.1.11,1129631612,343891789 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,1568 121,81,2,27,0x0000,192.168.1.11,1129631612,344551351 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,1568 121,99,2,241,0x0000,192.168.1.11,1129631616,184674429 45,0,0x62d,child PID 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x0000,192.168.1.11,1129631616,191827067 117,101,101,1,101,1,1581,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x0000,192.168.1.11,1129631616,192001818 117,101,101,1,101,1,1581,1349428981,14252 65559 192.168.1.9 39,0,1568 121,129,2,23,0x0000,192.168.1.11,1129631616,197177227 35,/usr/bin/ls 115,100555,0,2,136,341,0 117,101,101,1,101,1,1581,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x8000,192.168.1.11,1129631616,200802720 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,13,-1 121,81,2,27,0x0000,192.168.1.11,1129631616,201306044 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,1568 121,81,2,1,0x0000,192.168.1.11,1129631616,217277686 117,101,101,1,101,1,1581,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x0000,192.168.1.11,1129631616,219004657 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,1568 121,81,2,27,0x0000,192.168.1.11,1129631616,219680546 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,1568 121,99,2,241,0x0000,192.168.1.11,1129631625,11628804 45,0,0x62e,child PID 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x0000,192.168.1.11,1129631625,18822506 117,101,101,1,101,1,1582,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x0000,192.168.1.11,1129631625,18997197 117,101,101,1,101,1,1582,1349428981,14252 65559 192.168.1.9 39,0,1568 121,129,2,23,0x0000,192.168.1.11,1129631625,24521367 35,/usr/bin/su 115,104555,0,3,136,401,0 117,101,0,1,101,1,1582,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x8000,192.168.1.11,1129631625,30732798 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,13,-1 121,81,2,27,0x0000,192.168.1.11,1129631625,31292313 117,101,101,1,101,1,1569,1349428981,14252 65559 192.168.1.9 39,0,1568 121,240,2,289,0x0000,192.168.1.11,1129631627,653912174 45,2,0x2,op 56,Inheritable,file_link_any,proc_exec,proc_fork,proc_info,proc_session 56,Inheritable,file_link_any,proc_exec,proc_fork,proc_info,proc_session 117,101,0,1,101,1,1582,1349428981,14252 65559 192.168.1.9 39,0,0 21,94,2,6159,0x0000,192.168.1.11,1129631627,667956484 36,101,0,1,101,1,1582,1349428981,14252 65559 192.168.1.9 40,success for user root 39,0,0 121,108,2,205,0x0080,192.168.1.11,1129631627,673753829 45,1,0x0,gid 117,101,0,0,101,0,1582,1349428981,14252 65559 192.168.1.9 57,1,proc_setid 39,0,0 121,294,2,26,0x0080,192.168.1.11,1129631627,676445733 45,1,0x0,setgroups 45,1,0x1,setgroups 45,1,0x2,setgroups 45,1,0x3,setgroups 45,1,0x4,setgroups 45,1,0x5,setgroups 45,1,0x6,setgroups 45,1,0x7,setgroups 45,1,0x8,setgroups 45,1,0x9,setgroups 45,1,0xc,setgroups 117,101,0,0,101,0,1582,1349428981,14252 65559 192.168.1.9 57,1,proc_setid 39,0,0 121,108,2,200,0x0080,192.168.1.11,1129631627,676561663 45,1,0x0,uid 117,101,0,0,0,0,1582,1349428981,14252 65559 192.168.1.9 57,1,proc_setid 39,0,0 121,126,2,23,0x0000,192.168.1.11,1129631627,690786940 35,/sbin/sh 115,100555,0,0,136,1668,0 117,101,0,0,0,0,1582,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x0000,192.168.1.11,1129631627,697698240 117,101,0,0,0,0,1582,1349428981,14252 65559 192.168.1.9 39,0,1582 121,81,2,27,0x0000,192.168.1.11,1129631627,697762287 117,101,0,0,0,0,1582,1349428981,14252 65559 192.168.1.9 39,0,1568 121,81,2,27,0x0000,192.168.1.11,1129631627,702322224 117,101,0,0,0,0,1582,1349428981,14252 65559 192.168.1.9 39,0,0 121,99,2,241,0x0000,192.168.1.11,1129631628,872001992 45,0,0x62f,child PID 117,101,0,0,0,0,1582,1349428981,14252 65559 192.168.1.9 39,0,0 121,131,2,23,0x0000,192.168.1.11,1129631628,879858164 35,/usr/bin/bash 115,100555,0,2,136,20880,0 117,101,0,0,0,0,1583,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x0000,192.168.1.11,1129631628,908518716 117,101,0,0,0,0,1583,1349428981,14252 65559 192.168.1.9 39,0,1582 121,81,2,27,0x0000,192.168.1.11,1129631628,909270131 117,101,0,0,0,0,1583,1349428981,14252 65559 192.168.1.9 39,0,1568 121,81,2,27,0x0000,192.168.1.11,1129631628,909367548 117,101,0,0,0,0,1583,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x0000,192.168.1.11,1129631628,909848440 117,101,0,0,0,0,1583,1349428981,14252 65559 192.168.1.9 39,0,1568 121,81,2,27,0x0000,192.168.1.11,1129631628,921266431 117,101,0,0,0,0,1583,1349428981,14252 65559 192.168.1.9 39,0,1568 121,99,2,241,0x0000,192.168.1.11,1129631635,336712095 45,0,0x630,child PID 117,101,0,0,0,0,1583,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x0000,192.168.1.11,1129631635,344371706 117,101,0,0,0,0,1584,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x0000,192.168.1.11,1129631635,344559465 117,101,0,0,0,0,1584,1349428981,14252 65559 192.168.1.9 39,0,1568 121,81,2,27,0x0000,192.168.1.11,1129631635,346939286 117,101,0,0,0,0,1583,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x0000,192.168.1.11,1129631635,347844805 117,101,0,0,0,0,1583,1349428981,14252 65559 192.168.1.9 39,0,1568 121,135,2,23,0x0000,192.168.1.11,1129631635,379510544 35,/usr/sbin/praudit 115,100555,0,2,136,751,0 117,101,0,0,0,0,1584,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,1,0x0000,192.168.1.11,1129631636,50161633 117,101,0,0,0,0,1584,1349428981,14252 65559 192.168.1.9 39,0,0 121,81,2,27,0x0000,192.168.1.11,1129631636,53180247 117,101,0,0,0,0,1583,1349428981,14252 65559 192.168.1.9 39,0,1568 121,81,2,27,0x0000,192.168.1.11,1129631636,53902696 117,101,0,0,0,0,1583,1349428981,14252 65559 192.168.1.9 39,0,1568 121,81,2,27,0x0000,192.168.1.11,1129631680,488076085 117,101,0,0,0,0,1583,1349428981,14252 65559 192.168.1.9 39,0,1568 17,1129631682,362768,/var/audit/20051018103442.not_terminated.spartacus.wjs.org