Initial work

.github/FUNDING.yml

@@ -0,0 +1,2 @@
+# These are supported funding model platforms
+github: [Troglodyne-Internet-Widgets]

.gitignore

@@ -0,0 +1,2 @@
+Audit-Log-*
+.build/

README.md

@@ -1,2 +1,4 @@
 # Audit-Log-perl
 perl parser of auditd logs
+
+See CPAN/POD for more information

dist.ini

@@ -0,0 +1,89 @@
+name = Audit-Log
+version = 0.001
+author = George S. Baugh <george@troglodyne.net>
+license = MIT
+copyright_holder = Troglodyne LLC
+copyright_year = 2022
+
+[GatherDir / LibFiles ]
+include_untracked = 1
+exclude_match = .*\.swp
+exclude_match = .*\.swo
+root = ./lib
+prefix = lib
+
+[GatherDir / BuildConf ]
+root = ./conf
+prefix = .
+
+[GatherDir / BinFiles ]
+include_untracked = 1
+root = ./bin
+prefix = bin
+
+[GatherDir / TestFiles ]
+root = ./t
+prefix = t
+
+[PruneCruft]
+except = \.travis.yml
+
+[ManifestSkip]
+[MetaYAML]
+[MetaJSON]
+[License]
+[Readme]
+[InstallGuide]
+[ExtraTests]
+[ExecDir]
+[ShareDir]
+[MakeMaker]
+[Manifest]
+
+[PkgVersion]
+[AutoPrereqs]
+[MetaProvides::Package]
+
+[FileFinder::Filter / NoBin]
+finder = :InstallModules ;
+
+[PodWeaver]
+finder=NoBin
+
+[Git::Contributors]
+[TidyAll]
+
+; Unfortunately CPAN changes detects the first date incorrectly.  Oh well...
+; Unfortunately the Manifest test does not work for unknown reasons.
+[@TestingMania]
+critic_config = perlcriticrc
+disable = Test::Compile
+disable = PodCoverageTests
+disable = Test::Synopsis
+
+[TestRelease]
+[ConfirmRelease]
+[UploadToCPAN]
+
+[CheckMetaResources]
+[CheckPrereqsIndexed]
+[CheckChangesHasContent]
+
+[Prereqs / RuntimeRequires]
+perl = 5.010
+List::Util = 1.33
+
+[GithubMeta]
+issues = 1
+user = teodesian
+
+; `dzil authordeps` doesn't know about the Pod Weaver dependencies:
+; authordep Pod::Weaver::Section::Contributors = 0
+; authordep Pod::Weaver::Plugin::Encoding = 0
+; authordep Pod::Weaver::Section::SeeAlso = 0
+; authordep Pod::Weaver::Section::GenerateSection = 0
+; authordep Pod::Elemental::Transformer::List = 0
+; authordep XML::Simple = 0
+; authordep Test::LWP::UserAgent = 0
+; authordep Test::Pod::Coverage = 0
+; authordep Term::UI = 0

lib/Audit/Log.pm

@@ -0,0 +1,139 @@
+package Audit::Log;
+
+use strict;
+use warnings;
+
+# ABSTRACT: auditd log parser with no external dependencies, using no perl features past 5.8
+
+=head1 WHY
+
+I had to do reporting for non-incremental backups.
+I needed something faster than GNU find, and which took less memory as well.
+I didn't want to stat 1M+ files.
+Just reads a log and keeps the bare minimum useful information.
+
+You can use auditd for a number of other interesting purposes, which this should support as well.
+
+=head1 SYNOPSIS
+
+    my $parser = Audit::Log->new();
+    my $rows = $parser->search(
+        type     => qr/path/i,
+        nametype => qr/delete|create/i,
+    );
+
+=head1 CONSTRUCTOR
+
+=head2 new(STRING path, ARRAY returning) = Audit::Log
+
+Opens the provided audit log path when searching, or
+
+    /var/log/audit/audit.log
+
+if none is provided.
+
+Also can filter returned keys by the provided array to not allocate unnecesarily in low mem situations.
+
+=cut
+
+sub new {
+    my ($class, $path, @returning) = @_;
+    $path = '/var/log/audit/audit.log' unless $path;
+    die "Cannot access $path" unless -f $path;
+    return bless({ path => $path, returning => \@returning}, $class);
+}
+
+=head1 METHODS
+
+=head2 search(key => constraint) = ARRAY[HashRef{}]
+
+Searches the log for lines where the value corresponding to the provided key matches the constraint, which is expected to be a quoted regex.
+If no constraints are provided, all matching rows will be returned.
+
+Example:
+
+    my $rows = $parser->search( type => qr/path/i, nametype=qr/delete|create/i );
+
+The above effectively will get you a list of all file modifications/creations/deletions in watched directories.
+
+Adds in a 'line' parameter to rows returned in case you want to know which line in the log it's on.
+Also adds a 'timestamp' parameter, since this is a parsed parameter.
+
+=head3 Speeding it up: by event
+
+Auditd logs are also structured in blocks separated between SYSCALL lines, which are normally filtered by 'key', which corresponds to rule name.
+We can speed up processing by ignoring events of the incorrect key.
+
+Example:
+
+    my $rows = $parser->search( type => qr/path/i, nametype=qr/delete|create/i, key => qr/backup_watch/i );
+
+The above will ignore events from all rules save those from the "backup_watch" rule.
+
+=head3 Speeding it up: by timeframe
+
+Auditd log rules also print a timestamp, which means we need a numeric comparison.
+Pass in 'older' and 'newer', and we can filter out things appropriately.
+
+Example:
+
+    # Get all records that are from the last 24 hours
+    my $rows = $parser->search( type => qr/path/i, nametype=qr/delete|create/i, newer => ( time - 86400 ) );
+
+Handling rotated logs is left as an exercise for the reader.
+
+=cut
+
+sub search {
+    my ($self,%options) = @_;
+
+    my $ret = [];
+    my $in_block = 1;
+    my $line = -1;
+    open(my $fh, '<', $self->{path});
+    LINE: while (<$fh>) {
+        next if index( $_, 'SYSCALL') < 0 && !$in_block;
+
+        # I am trying to cheat here to snag the timestamp.
+        my $msg_start = index($_, 'msg=audit(') + 10;
+        my $msg_end   = index($_, ':');
+        my $timestamp = substr($_, $msg_start, $msg_end - $msg_start)."\n";
+        next if $options{older} && $timestamp > $options{older};
+        next if $options{newer} && $timestamp < $options{newer};
+
+        # Replace GROUP SEPARATOR usage with simple spaces
+        s/[\x1D]/ /g;
+
+        my %parsed = map {
+            my @out = split(/=/, $_);
+            shift @out, join('=',@out)
+        } grep { $_ } map { s/"//g; chomp; $_ } split(/ /,$_);
+        $line++;
+        $parsed{line} = $line;
+        chomp $timestamp;
+        $parsed{timestamp} = $timestamp;
+
+        if (exists $options{key} && $parsed{type} eq 'SYSCALL') {
+            $in_block = $parsed{key} =~ $options{key};
+            next unless $in_block;
+        }
+
+        # Check constraints BEFORE filtering returned values, this is a WHERE clause
+        CONSTRAINT: foreach my $constraint (keys(%options)) {
+            next CONSTRAINT if !exists $parsed{$constraint};
+            next LINE if $parsed{$constraint} !~ $options{$constraint};
+        }
+
+        # Filter fields for RETURNING clause
+        if (@{$self->{returning}}) {
+            foreach my $field (keys(%parsed)) {
+                delete $parsed{$field} unless grep { $field eq $_ } @{$self->{returning}};
+            }
+        }
+        push(@$ret,\%parsed);
+    }
+    close($fh);
+    return $ret;
+}
+
+1;

t/Audit-Log.t

@@ -0,0 +1,32 @@
+use strict;
+use warnings;
+
+use lib 'lib';
+
+use Test::More;
+use Test::Deep;
+use Audit::Log;
+use List::Util qw{uniq};
+
+my $parser = Audit::Log->new('t/audit.log','name','type','nametype','line','timestamp');
+my $rows = $parser->search( type => qr/path/i, nametype => qr/create|delete/i, name => qr/^backups\/[^\.]/, key => qr/backupwatch/, older => 1642448670, newer => 1642441403 );
+
+my $expected = [
+  {
+    'line' => 3,
+    'timestamp' => '1642441406.575',
+    'type' => 'PATH',
+    'nametype' => 'CREATE',
+    'name' => 'backups/test.txt'
+  },
+  {
+    'type' => 'PATH',
+    'timestamp' => '1642441412.975',
+    'line' => 8,
+    'name' => 'backups/testme.txt',
+    'nametype' => 'DELETE'
+  }
+];
+
+is_deeply($rows,$expected,"Parser works as expected");
+done_testing();

t/audit.log

@@ -0,0 +1,327 @@
+type=DAEMON_START msg=audit(1642441164.434:3761): op=start ver=3.0 format=enriched kernel=5.11.0-46-generic auid=4294967295 pid=11481 uid=0 ses=4294967295 subj=unconfined  res=successAUID="unset" UID="root"
+type=CONFIG_CHANGE msg=audit(1642441164.443:60): op=set audit_backlog_limit=8192 old=64 auid=4294967295 ses=4294967295 subj=unconfined res=1AUID="unset"
+type=SYSCALL msg=audit(1642441164.443:60): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffc575f77c0 a2=3c a3=0 items=0 ppid=11484 pid=11494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1642441164.443:60): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1642441164.443:61): op=set audit_failure=1 old=1 auid=4294967295 ses=4294967295 subj=unconfined res=1AUID="unset"
+type=SYSCALL msg=audit(1642441164.443:61): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffc575f77c0 a2=3c a3=0 items=0 ppid=11484 pid=11494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1642441164.443:61): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=CONFIG_CHANGE msg=audit(1642441164.443:62): op=set audit_backlog_wait_time=60000 old=15000 auid=4294967295 ses=4294967295 subj=unconfined res=1AUID="unset"
+type=SYSCALL msg=audit(1642441164.443:62): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffc575f77c0 a2=3c a3=0 items=0 ppid=11484 pid=11494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1642441164.443:62): proctitle=2F7362696E2F617564697463746C002D52002F6574632F61756469742F61756469742E72756C6573
+type=SERVICE_START msg=audit(1642441164.443:63): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=SERVICE_START msg=audit(1642441165.947:64): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=packagekit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=USER_END msg=audit(1642441166.771:65): pid=11275 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:session_close grantors=pam_env,pam_env,pam_permit,pam_umask,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=CRED_DISP msg=audit(1642441166.771:66): pid=11275 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_ACCT msg=audit(1642441188.763:67): pid=11909 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="doge" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_CMD msg=audit(1642441188.763:68): pid=11909 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='cwd="/home/doge/Code/client-scripts/holophrastic" cmd=736572766963652061756469746420737461747573 exe="/usr/bin/sudo" terminal=pts/1 res=success'UID="doge" AUID="unset"
+type=CRED_REFR msg=audit(1642441188.763:69): pid=11909 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_START msg=audit(1642441188.763:70): pid=11909 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:session_open grantors=pam_env,pam_env,pam_permit,pam_umask,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_END msg=audit(1642441188.815:71): pid=11909 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:session_close grantors=pam_env,pam_env,pam_permit,pam_umask,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=CRED_DISP msg=audit(1642441188.815:72): pid=11909 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_ACCT msg=audit(1642441381.779:73): pid=12068 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="doge" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_CMD msg=audit(1642441381.779:74): pid=12068 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='cwd="/home/doge/Code/client-scripts/holophrastic" cmd=617564697463746C202D77202F686F6D652F646F67652F436F64652F636C69656E742D736372697074732F686F6C6F70687261737469632F6261636B757073202D702077617278202D6B206261636B75707761746368 exe="/usr/bin/sudo" terminal=pts/1 res=success'UID="doge" AUID="unset"
+type=CRED_REFR msg=audit(1642441381.779:75): pid=12068 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_START msg=audit(1642441381.779:76): pid=12068 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:session_open grantors=pam_env,pam_env,pam_permit,pam_umask,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=CONFIG_CHANGE msg=audit(1642441381.779:77): auid=4294967295 ses=4294967295 subj=unconfined op=add_rule key="backupwatch" list=4 res=1AUID="unset"
+type=SYSCALL msg=audit(1642441381.779:77): arch=c000003e syscall=44 success=yes exit=1120 a0=4 a1=7ffda0f363e0 a2=460 a3=0 items=0 ppid=12068 pid=12069 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4294967295 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1642441381.779:77): proctitle=617564697463746C002D77002F686F6D652F646F67652F436F64652F636C69656E742D736372697074732F686F6C6F70687261737469632F6261636B757073002D700077617278002D6B006261636B75707761746368
+type=USER_END msg=audit(1642441381.783:78): pid=12068 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:session_close grantors=pam_env,pam_env,pam_permit,pam_umask,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=CRED_DISP msg=audit(1642441381.783:79): pid=12068 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=SYSCALL msg=audit(1642441391.567:80): arch=c000003e syscall=257 success=yes exit=3 a0=ffffff9c a1=7ffe41a5b831 a2=941 a3=1b6 items=2 ppid=3354 pid=12075 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=4294967295 comm="touch" exe="/usr/bin/touch" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=openat AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642441391.567:80): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642441391.567:80): item=0 name="backups/" inode=10879922 dev=103:02 mode=040775 ouid=1000 ogid=1000 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PATH msg=audit(1642441391.567:80): item=1 name="backups/test.txt" inode=10881960 dev=103:02 mode=0100664 ouid=1000 ogid=1000 rdev=00:00 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642441391.567:80): proctitle=746F756368006261636B7570732F746573742E747874
+type=SYSCALL msg=audit(1642441402.623:81): arch=c000003e syscall=316 success=yes exit=0 a0=ffffff9c a1=7ffe4b295824 a2=ffffff9c a3=7ffe4b295835 items=4 ppid=3354 pid=12083 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=4294967295 comm="mv" exe="/usr/bin/mv" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=renameat2 AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642441402.623:81): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642441402.623:81): item=0 name="backups/" inode=10879922 dev=103:02 mode=040775 ouid=1000 ogid=1000 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PATH msg=audit(1642441402.623:81): item=1 name="backups/" inode=10879922 dev=103:02 mode=040775 ouid=1000 ogid=1000 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PATH msg=audit(1642441402.623:81): item=2 name="backups/test.txt" inode=10881960 dev=103:02 mode=0100664 ouid=1000 ogid=1000 rdev=00:00 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PATH msg=audit(1642441402.623:81): item=3 name="backups/testme.txt" inode=10881960 dev=103:02 mode=0100664 ouid=1000 ogid=1000 rdev=00:00 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642441402.623:81): proctitle=6D76006261636B7570732F746573742E747874006261636B7570732F746573746D652E747874
+type=SYSCALL msg=audit(1642441406.575:82): arch=c000003e syscall=257 success=yes exit=3 a0=ffffff9c a1=7fffb180d831 a2=941 a3=1b6 items=2 ppid=3354 pid=12087 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=4294967295 comm="touch" exe="/usr/bin/touch" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=openat AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642441406.575:82): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642441406.575:82): item=0 name="backups/" inode=10879922 dev=103:02 mode=040775 ouid=1000 ogid=1000 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PATH msg=audit(1642441406.575:82): item=1 name="backups/test.txt" inode=10881995 dev=103:02 mode=0100664 ouid=1000 ogid=1000 rdev=00:00 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642441406.575:82): proctitle=746F756368006261636B7570732F746573742E747874
+type=SYSCALL msg=audit(1642441412.975:83): arch=c000003e syscall=263 success=yes exit=0 a0=ffffff9c a1=55ca3d8054d0 a2=0 a3=0 items=2 ppid=3354 pid=12093 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=4294967295 comm="rm" exe="/usr/bin/rm" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=unlinkat AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642441412.975:83): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642441412.975:83): item=0 name="backups/" inode=10879922 dev=103:02 mode=040775 ouid=1000 ogid=1000 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PATH msg=audit(1642441412.975:83): item=1 name="backups/testme.txt" inode=10881960 dev=103:02 mode=0100664 ouid=1000 ogid=1000 rdev=00:00 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642441412.975:83): proctitle=726D006261636B7570732F746573746D652E747874
+type=SYSCALL msg=audit(1642441419.063:84): arch=c000003e syscall=268 success=yes exit=0 a0=ffffff9c a1=55b8e9c09500 a2=1fd a3=49 items=1 ppid=3354 pid=12097 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=4294967295 comm="chmod" exe="/usr/bin/chmod" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=fchmodat AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642441419.063:84): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642441419.063:84): item=0 name="backups/test.txt" inode=10881995 dev=103:02 mode=0100664 ouid=1000 ogid=1000 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642441419.063:84): proctitle=63686D6F64002B78006261636B7570732F746573742E747874
+type=USER_ACCT msg=audit(1642441428.163:85): pid=12106 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="doge" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_CMD msg=audit(1642441428.163:86): pid=12106 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='cwd="/home/doge/Code/client-scripts/holophrastic" cmd="aureport" exe="/usr/bin/sudo" terminal=pts/1 res=success'UID="doge" AUID="unset"
+type=CRED_REFR msg=audit(1642441428.163:87): pid=12106 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_START msg=audit(1642441428.163:88): pid=12106 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:session_open grantors=pam_env,pam_env,pam_permit,pam_umask,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_END msg=audit(1642441428.167:89): pid=12106 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:session_close grantors=pam_env,pam_env,pam_permit,pam_umask,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=CRED_DISP msg=audit(1642441428.167:90): pid=12106 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_ACCT msg=audit(1642441461.555:91): pid=12157 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="doge" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_CMD msg=audit(1642441461.555:92): pid=12157 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='cwd="/home/doge/Code/client-scripts/holophrastic" cmd=6C657373202F7661722F6C6F672F61756469742F61756469742E6C6F67 exe="/usr/bin/sudo" terminal=pts/1 res=success'UID="doge" AUID="unset"
+type=CRED_REFR msg=audit(1642441461.555:93): pid=12157 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_START msg=audit(1642441461.555:94): pid=12157 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:session_open grantors=pam_env,pam_env,pam_permit,pam_umask,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_ACCT msg=audit(1642441501.679:95): pid=12164 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=CRED_ACQ msg=audit(1642441501.679:96): pid=12164 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=LOGIN msg=audit(1642441501.679:97): pid=12164 uid=0 subj=unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=21 res=1UID="root" OLD-AUID="unset" AUID="root"
+type=SYSCALL msg=audit(1642441501.679:97): arch=c000003e syscall=1 success=yes exit=1 a0=7 a1=7ffdf543f180 a2=1 a3=7fccdc9c1030 items=0 ppid=934 pid=12164 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=21 comm="cron" exe="/usr/sbin/cron" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=write AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1642441501.679:97): proctitle=2F7573722F7362696E2F43524F4E002D66002D50
+type=USER_START msg=audit(1642441501.679:98): pid=12164 uid=0 auid=0 ses=21 subj=unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=CRED_DISP msg=audit(1642441501.679:99): pid=12164 uid=0 auid=0 ses=21 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_END msg=audit(1642441501.683:100): pid=12164 uid=0 auid=0 ses=21 subj=unconfined msg='op=PAM:session_close grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_END msg=audit(1642441622.434:101): pid=12157 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:session_close grantors=pam_env,pam_env,pam_permit,pam_umask,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=CRED_DISP msg=audit(1642441622.434:102): pid=12157 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_ACCT msg=audit(1642442084.138:103): pid=12410 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="doge" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_CMD msg=audit(1642442084.138:104): pid=12410 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='cwd="/home/doge/Code/Audit-Log" cmd=6370202F7661722F6C6F672F61756469742F61756469742E6C6F67202E exe="/usr/bin/sudo" terminal=pts/1 res=success'UID="doge" AUID="unset"
+type=CRED_REFR msg=audit(1642442084.142:105): pid=12410 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_START msg=audit(1642442084.142:106): pid=12410 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:session_open grantors=pam_env,pam_env,pam_permit,pam_umask,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_END msg=audit(1642442084.142:107): pid=12410 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:session_close grantors=pam_env,pam_env,pam_permit,pam_umask,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=CRED_DISP msg=audit(1642442084.142:108): pid=12410 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_ACCT msg=audit(1642442101.690:109): pid=12416 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=CRED_ACQ msg=audit(1642442101.690:110): pid=12416 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=LOGIN msg=audit(1642442101.690:111): pid=12416 uid=0 subj=unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=22 res=1UID="root" OLD-AUID="unset" AUID="root"
+type=SYSCALL msg=audit(1642442101.690:111): arch=c000003e syscall=1 success=yes exit=1 a0=7 a1=7ffdf543f180 a2=1 a3=7fccdc9c1030 items=0 ppid=934 pid=12416 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=22 comm="cron" exe="/usr/sbin/cron" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=write AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1642442101.690:111): proctitle=2F7573722F7362696E2F43524F4E002D66002D50
+type=USER_START msg=audit(1642442101.690:112): pid=12416 uid=0 auid=0 ses=22 subj=unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=CRED_DISP msg=audit(1642442101.690:113): pid=12416 uid=0 auid=0 ses=22 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_END msg=audit(1642442101.690:114): pid=12416 uid=0 auid=0 ses=22 subj=unconfined msg='op=PAM:session_close grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=SERVICE_START msg=audit(1642442112.442:115): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=SERVICE_STOP msg=audit(1642442123.074:116): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=USER_ACCT msg=audit(1642442173.990:117): pid=12445 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="doge" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_CMD msg=audit(1642442173.994:118): pid=12445 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='cwd="/home/doge/Code/Audit-Log" cmd=63686F776E20646F67653A646F67652061756469742E6C6F67 exe="/usr/bin/sudo" terminal=pts/1 res=success'UID="doge" AUID="unset"
+type=CRED_REFR msg=audit(1642442173.994:119): pid=12445 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_START msg=audit(1642442173.994:120): pid=12445 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:session_open grantors=pam_env,pam_env,pam_permit,pam_umask,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_END msg=audit(1642442173.998:121): pid=12445 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:session_close grantors=pam_env,pam_env,pam_permit,pam_umask,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=CRED_DISP msg=audit(1642442173.998:122): pid=12445 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_ACCT msg=audit(1642442701.702:123): pid=12757 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=CRED_ACQ msg=audit(1642442701.702:124): pid=12757 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=LOGIN msg=audit(1642442701.702:125): pid=12757 uid=0 subj=unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=23 res=1UID="root" OLD-AUID="unset" AUID="root"
+type=SYSCALL msg=audit(1642442701.702:125): arch=c000003e syscall=1 success=yes exit=1 a0=7 a1=7ffdf543f180 a2=1 a3=7fccdc9c1030 items=0 ppid=934 pid=12757 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=23 comm="cron" exe="/usr/sbin/cron" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=write AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1642442701.702:125): proctitle=2F7573722F7362696E2F43524F4E002D66002D50
+type=USER_START msg=audit(1642442701.706:126): pid=12757 uid=0 auid=0 ses=23 subj=unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=CRED_DISP msg=audit(1642442701.706:127): pid=12757 uid=0 auid=0 ses=23 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_END msg=audit(1642442701.706:128): pid=12757 uid=0 auid=0 ses=23 subj=unconfined msg='op=PAM:session_close grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_ACCT msg=audit(1642443301.714:129): pid=12909 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=CRED_ACQ msg=audit(1642443301.714:130): pid=12909 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=LOGIN msg=audit(1642443301.714:131): pid=12909 uid=0 subj=unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=24 res=1UID="root" OLD-AUID="unset" AUID="root"
+type=SYSCALL msg=audit(1642443301.714:131): arch=c000003e syscall=1 success=yes exit=1 a0=7 a1=7ffdf543f180 a2=1 a3=7fccdc9c1030 items=0 ppid=934 pid=12909 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=24 comm="cron" exe="/usr/sbin/cron" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=write AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1642443301.714:131): proctitle=2F7573722F7362696E2F43524F4E002D66002D50
+type=USER_START msg=audit(1642443301.714:132): pid=12909 uid=0 auid=0 ses=24 subj=unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=CRED_DISP msg=audit(1642443301.714:133): pid=12909 uid=0 auid=0 ses=24 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_END msg=audit(1642443301.718:134): pid=12909 uid=0 auid=0 ses=24 subj=unconfined msg='op=PAM:session_close grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_ACCT msg=audit(1642443421.722:135): pid=12934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=CRED_ACQ msg=audit(1642443421.722:136): pid=12934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=LOGIN msg=audit(1642443421.722:137): pid=12934 uid=0 subj=unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=25 res=1UID="root" OLD-AUID="unset" AUID="root"
+type=SYSCALL msg=audit(1642443421.722:137): arch=c000003e syscall=1 success=yes exit=1 a0=7 a1=7ffdf543f180 a2=1 a3=7fccdc9c1030 items=0 ppid=934 pid=12934 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=25 comm="cron" exe="/usr/sbin/cron" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=write AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1642443421.722:137): proctitle=2F7573722F7362696E2F43524F4E002D66002D50
+type=USER_START msg=audit(1642443421.722:138): pid=12934 uid=0 auid=0 ses=25 subj=unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=CRED_DISP msg=audit(1642443421.726:139): pid=12934 uid=0 auid=0 ses=25 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_END msg=audit(1642443421.726:140): pid=12934 uid=0 auid=0 ses=25 subj=unconfined msg='op=PAM:session_close grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=SERVICE_START msg=audit(1642443852.439:141): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=SERVICE_STOP msg=audit(1642443863.087:142): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=USER_ACCT msg=audit(1642443901.731:143): pid=13123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=CRED_ACQ msg=audit(1642443901.731:144): pid=13123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=LOGIN msg=audit(1642443901.731:145): pid=13123 uid=0 subj=unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=26 res=1UID="root" OLD-AUID="unset" AUID="root"
+type=SYSCALL msg=audit(1642443901.731:145): arch=c000003e syscall=1 success=yes exit=1 a0=7 a1=7ffdf543f180 a2=1 a3=7fccdc9c1030 items=0 ppid=934 pid=13123 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=26 comm="cron" exe="/usr/sbin/cron" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=write AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1642443901.731:145): proctitle=2F7573722F7362696E2F43524F4E002D66002D50
+type=USER_START msg=audit(1642443901.731:146): pid=13123 uid=0 auid=0 ses=26 subj=unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=CRED_DISP msg=audit(1642443901.731:147): pid=13123 uid=0 auid=0 ses=26 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_END msg=audit(1642443901.731:148): pid=13123 uid=0 auid=0 ses=26 subj=unconfined msg='op=PAM:session_close grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_ACCT msg=audit(1642444201.740:149): pid=13282 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=CRED_ACQ msg=audit(1642444201.740:150): pid=13282 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=LOGIN msg=audit(1642444201.740:151): pid=13282 uid=0 subj=unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=27 res=1UID="root" OLD-AUID="unset" AUID="root"
+type=SYSCALL msg=audit(1642444201.740:151): arch=c000003e syscall=1 success=yes exit=1 a0=7 a1=7ffdf543f180 a2=1 a3=7fccdc9c1030 items=0 ppid=934 pid=13282 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=27 comm="cron" exe="/usr/sbin/cron" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=write AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1642444201.740:151): proctitle=2F7573722F7362696E2F43524F4E002D66002D50
+type=USER_START msg=audit(1642444201.740:152): pid=13282 uid=0 auid=0 ses=27 subj=unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=CRED_DISP msg=audit(1642444201.744:153): pid=13282 uid=0 auid=0 ses=27 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_END msg=audit(1642444201.744:154): pid=13282 uid=0 auid=0 ses=27 subj=unconfined msg='op=PAM:session_close grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=SERVICE_START msg=audit(1642444326.788:155): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=anacron comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=SERVICE_STOP msg=audit(1642444326.788:156): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=anacron comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=USER_ACCT msg=audit(1642444501.753:157): pid=13366 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=CRED_ACQ msg=audit(1642444501.753:158): pid=13366 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=LOGIN msg=audit(1642444501.753:159): pid=13366 uid=0 subj=unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=28 res=1UID="root" OLD-AUID="unset" AUID="root"
+type=SYSCALL msg=audit(1642444501.753:159): arch=c000003e syscall=1 success=yes exit=1 a0=7 a1=7ffdf543f180 a2=1 a3=7fccdc9c1030 items=0 ppid=934 pid=13366 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=28 comm="cron" exe="/usr/sbin/cron" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=write AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1642444501.753:159): proctitle=2F7573722F7362696E2F43524F4E002D66002D50
+type=USER_START msg=audit(1642444501.753:160): pid=13366 uid=0 auid=0 ses=28 subj=unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=CRED_DISP msg=audit(1642444501.757:161): pid=13366 uid=0 auid=0 ses=28 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_END msg=audit(1642444501.757:162): pid=13366 uid=0 auid=0 ses=28 subj=unconfined msg='op=PAM:session_close grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_ACCT msg=audit(1642445101.770:163): pid=13476 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=CRED_ACQ msg=audit(1642445101.770:164): pid=13476 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=LOGIN msg=audit(1642445101.770:165): pid=13476 uid=0 subj=unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=29 res=1UID="root" OLD-AUID="unset" AUID="root"
+type=SYSCALL msg=audit(1642445101.770:165): arch=c000003e syscall=1 success=yes exit=1 a0=7 a1=7ffdf543f180 a2=1 a3=7fccdc9c1030 items=0 ppid=934 pid=13476 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=29 comm="cron" exe="/usr/sbin/cron" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=write AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1642445101.770:165): proctitle=2F7573722F7362696E2F43524F4E002D66002D50
+type=USER_START msg=audit(1642445101.770:166): pid=13476 uid=0 auid=0 ses=29 subj=unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=CRED_DISP msg=audit(1642445101.770:167): pid=13476 uid=0 auid=0 ses=29 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_END msg=audit(1642445101.770:168): pid=13476 uid=0 auid=0 ses=29 subj=unconfined msg='op=PAM:session_close grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=SERVICE_START msg=audit(1642445572.442:169): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=SERVICE_STOP msg=audit(1642445583.090:170): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=USER_ACCT msg=audit(1642445701.782:171): pid=13660 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=CRED_ACQ msg=audit(1642445701.782:172): pid=13660 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=LOGIN msg=audit(1642445701.782:173): pid=13660 uid=0 subj=unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=30 res=1UID="root" OLD-AUID="unset" AUID="root"
+type=SYSCALL msg=audit(1642445701.782:173): arch=c000003e syscall=1 success=yes exit=1 a0=7 a1=7ffdf543f180 a2=1 a3=7fccdc9c1030 items=0 ppid=934 pid=13660 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=30 comm="cron" exe="/usr/sbin/cron" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=write AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1642445701.782:173): proctitle=2F7573722F7362696E2F43524F4E002D66002D50
+type=USER_START msg=audit(1642445701.782:174): pid=13660 uid=0 auid=0 ses=30 subj=unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=CRED_DISP msg=audit(1642445701.782:175): pid=13660 uid=0 auid=0 ses=30 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_END msg=audit(1642445701.782:176): pid=13660 uid=0 auid=0 ses=30 subj=unconfined msg='op=PAM:session_close grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_ACCT msg=audit(1642446301.787:177): pid=14143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=CRED_ACQ msg=audit(1642446301.787:178): pid=14143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=LOGIN msg=audit(1642446301.787:179): pid=14143 uid=0 subj=unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=31 res=1UID="root" OLD-AUID="unset" AUID="root"
+type=SYSCALL msg=audit(1642446301.787:179): arch=c000003e syscall=1 success=yes exit=1 a0=7 a1=7ffdf543f180 a2=1 a3=7fccdc9c1030 items=0 ppid=934 pid=14143 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=31 comm="cron" exe="/usr/sbin/cron" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=write AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1642446301.787:179): proctitle=2F7573722F7362696E2F43524F4E002D66002D50
+type=USER_START msg=audit(1642446301.787:180): pid=14143 uid=0 auid=0 ses=31 subj=unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=CRED_DISP msg=audit(1642446301.787:181): pid=14143 uid=0 auid=0 ses=31 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_END msg=audit(1642446301.787:182): pid=14143 uid=0 auid=0 ses=31 subj=unconfined msg='op=PAM:session_close grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_ACCT msg=audit(1642446901.800:183): pid=14335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=CRED_ACQ msg=audit(1642446901.800:184): pid=14335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=LOGIN msg=audit(1642446901.800:185): pid=14335 uid=0 subj=unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=32 res=1UID="root" OLD-AUID="unset" AUID="root"
+type=SYSCALL msg=audit(1642446901.800:185): arch=c000003e syscall=1 success=yes exit=1 a0=7 a1=7ffdf543f180 a2=1 a3=7fccdc9c1030 items=0 ppid=934 pid=14335 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=32 comm="cron" exe="/usr/sbin/cron" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=write AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1642446901.800:185): proctitle=2F7573722F7362696E2F43524F4E002D66002D50
+type=USER_START msg=audit(1642446901.800:186): pid=14335 uid=0 auid=0 ses=32 subj=unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=CRED_DISP msg=audit(1642446901.804:187): pid=14335 uid=0 auid=0 ses=32 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_END msg=audit(1642446901.804:188): pid=14335 uid=0 auid=0 ses=32 subj=unconfined msg='op=PAM:session_close grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_ACCT msg=audit(1642447021.812:189): pid=14364 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=CRED_ACQ msg=audit(1642447021.816:190): pid=14364 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=LOGIN msg=audit(1642447021.816:191): pid=14364 uid=0 subj=unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=33 res=1UID="root" OLD-AUID="unset" AUID="root"
+type=SYSCALL msg=audit(1642447021.816:191): arch=c000003e syscall=1 success=yes exit=1 a0=7 a1=7ffdf543f180 a2=1 a3=7fccdc9c1030 items=0 ppid=934 pid=14364 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=33 comm="cron" exe="/usr/sbin/cron" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=write AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1642447021.816:191): proctitle=2F7573722F7362696E2F43524F4E002D66002D50
+type=USER_START msg=audit(1642447021.816:192): pid=14364 uid=0 auid=0 ses=33 subj=unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=CRED_DISP msg=audit(1642447021.816:193): pid=14364 uid=0 auid=0 ses=33 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_END msg=audit(1642447021.816:194): pid=14364 uid=0 auid=0 ses=33 subj=unconfined msg='op=PAM:session_close grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=SERVICE_START msg=audit(1642447222.449:195): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=SERVICE_STOP msg=audit(1642447233.085:196): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=USER_ACCT msg=audit(1642447501.825:197): pid=14476 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=CRED_ACQ msg=audit(1642447501.825:198): pid=14476 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=LOGIN msg=audit(1642447501.825:199): pid=14476 uid=0 subj=unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=34 res=1UID="root" OLD-AUID="unset" AUID="root"
+type=SYSCALL msg=audit(1642447501.825:199): arch=c000003e syscall=1 success=yes exit=1 a0=7 a1=7ffdf543f180 a2=1 a3=7fccdc9c1030 items=0 ppid=934 pid=14476 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=34 comm="cron" exe="/usr/sbin/cron" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=write AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1642447501.825:199): proctitle=2F7573722F7362696E2F43524F4E002D66002D50
+type=USER_START msg=audit(1642447501.825:200): pid=14476 uid=0 auid=0 ses=34 subj=unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=CRED_DISP msg=audit(1642447501.829:201): pid=14476 uid=0 auid=0 ses=34 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_END msg=audit(1642447501.829:202): pid=14476 uid=0 auid=0 ses=34 subj=unconfined msg='op=PAM:session_close grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_ACCT msg=audit(1642447801.837:203): pid=14537 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=CRED_ACQ msg=audit(1642447801.837:204): pid=14537 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=LOGIN msg=audit(1642447801.837:205): pid=14537 uid=0 subj=unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=35 res=1UID="root" OLD-AUID="unset" AUID="root"
+type=SYSCALL msg=audit(1642447801.837:205): arch=c000003e syscall=1 success=yes exit=1 a0=7 a1=7ffdf543f180 a2=1 a3=7fccdc9c1030 items=0 ppid=934 pid=14537 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=35 comm="cron" exe="/usr/sbin/cron" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=write AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1642447801.837:205): proctitle=2F7573722F7362696E2F43524F4E002D66002D50
+type=USER_START msg=audit(1642447801.837:206): pid=14537 uid=0 auid=0 ses=35 subj=unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=CRED_DISP msg=audit(1642447801.837:207): pid=14537 uid=0 auid=0 ses=35 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_END msg=audit(1642447801.837:208): pid=14537 uid=0 auid=0 ses=35 subj=unconfined msg='op=PAM:session_close grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=SERVICE_START msg=audit(1642447922.357:209): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=anacron comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=SERVICE_STOP msg=audit(1642447922.361:210): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=anacron comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=USER_ACCT msg=audit(1642448101.844:211): pid=14594 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=CRED_ACQ msg=audit(1642448101.844:212): pid=14594 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=LOGIN msg=audit(1642448101.844:213): pid=14594 uid=0 subj=unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=36 res=1UID="root" OLD-AUID="unset" AUID="root"
+type=SYSCALL msg=audit(1642448101.844:213): arch=c000003e syscall=1 success=yes exit=1 a0=7 a1=7ffdf543f180 a2=1 a3=7fccdc9c1030 items=0 ppid=934 pid=14594 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=36 comm="cron" exe="/usr/sbin/cron" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=write AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1642448101.844:213): proctitle=2F7573722F7362696E2F43524F4E002D66002D50
+type=USER_START msg=audit(1642448101.844:214): pid=14594 uid=0 auid=0 ses=36 subj=unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=CRED_DISP msg=audit(1642448101.844:215): pid=14594 uid=0 auid=0 ses=36 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_END msg=audit(1642448101.844:216): pid=14594 uid=0 auid=0 ses=36 subj=unconfined msg='op=PAM:session_close grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_ACCT msg=audit(1642448701.852:217): pid=14711 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=CRED_ACQ msg=audit(1642448701.852:218): pid=14711 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=LOGIN msg=audit(1642448701.852:219): pid=14711 uid=0 subj=unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=37 res=1UID="root" OLD-AUID="unset" AUID="root"
+type=SYSCALL msg=audit(1642448701.852:219): arch=c000003e syscall=1 success=yes exit=1 a0=7 a1=7ffdf543f180 a2=1 a3=7fccdc9c1030 items=0 ppid=934 pid=14711 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=37 comm="cron" exe="/usr/sbin/cron" subj=unconfined key=(null)ARCH=x86_64 SYSCALL=write AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=PROCTITLE msg=audit(1642448701.852:219): proctitle=2F7573722F7362696E2F43524F4E002D66002D50
+type=USER_START msg=audit(1642448701.856:220): pid=14711 uid=0 auid=0 ses=37 subj=unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=CRED_DISP msg=audit(1642448701.856:221): pid=14711 uid=0 auid=0 ses=37 subj=unconfined msg='op=PAM:setcred grantors=pam_permit acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=USER_END msg=audit(1642448701.856:222): pid=14711 uid=0 auid=0 ses=37 subj=unconfined msg='op=PAM:session_close grantors=pam_loginuid,pam_env,pam_env,pam_permit,pam_umask,pam_unix,pam_limits acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'UID="root" AUID="root"
+type=SERVICE_START msg=audit(1642448992.440:223): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=SERVICE_STOP msg=audit(1642449003.084:224): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=SYSCALL msg=audit(1642449025.700:225): arch=c000003e syscall=257 success=yes exit=3 a0=ffffff9c a1=556754f22ce0 a2=0 a3=0 items=1 ppid=3386 pid=14813 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=4294967295 comm="vim" exe="/usr/bin/vim.basic" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=openat AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642449025.700:225): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642449025.700:225): item=0 name="backups/test.txt" inode=10881995 dev=103:02 mode=0100775 ouid=1000 ogid=1000 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642449025.700:225): proctitle=76696D006261636B7570732F746573742E747874
+type=SYSCALL msg=audit(1642449025.700:226): arch=c000003e syscall=89 success=no exit=-22 a0=7ffc7917e020 a1=7ffc7917f080 a2=fff a3=21 items=1 ppid=3386 pid=14813 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=4294967295 comm="vim" exe="/usr/bin/vim.basic" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=readlink AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642449025.700:226): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642449025.700:226): item=0 name="backups/test.txt" inode=10881995 dev=103:02 mode=0100775 ouid=1000 ogid=1000 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642449025.700:226): proctitle=76696D006261636B7570732F746573742E747874
+type=SYSCALL msg=audit(1642449025.700:227): arch=c000003e syscall=257 success=yes exit=4 a0=ffffff9c a1=5567551b4090 a2=c2 a3=180 items=2 ppid=3386 pid=14813 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=4294967295 comm="vim" exe="/usr/bin/vim.basic" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=openat AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642449025.700:227): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642449025.700:227): item=0 name="backups/" inode=10879922 dev=103:02 mode=040775 ouid=1000 ogid=1000 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PATH msg=audit(1642449025.700:227): item=1 name="backups/.test.txt.swp" inode=10881809 dev=103:02 mode=0100600 ouid=1000 ogid=1000 rdev=00:00 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642449025.700:227): proctitle=76696D006261636B7570732F746573742E747874
+type=SYSCALL msg=audit(1642449025.700:228): arch=c000003e syscall=257 success=yes exit=5 a0=ffffff9c a1=556754f238b0 a2=c2 a3=180 items=2 ppid=3386 pid=14813 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=4294967295 comm="vim" exe="/usr/bin/vim.basic" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=openat AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642449025.700:228): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642449025.700:228): item=0 name="backups/" inode=10879922 dev=103:02 mode=040775 ouid=1000 ogid=1000 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PATH msg=audit(1642449025.700:228): item=1 name="backups/.test.txt.swx" inode=10881889 dev=103:02 mode=0100600 ouid=1000 ogid=1000 rdev=00:00 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642449025.700:228): proctitle=76696D006261636B7570732F746573742E747874
+type=SYSCALL msg=audit(1642449025.700:229): arch=c000003e syscall=87 success=yes exit=0 a0=556754f238b0 a1=7f0a20d2ccd6 a2=0 a3=1000 items=2 ppid=3386 pid=14813 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=4294967295 comm="vim" exe="/usr/bin/vim.basic" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=unlink AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642449025.700:229): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642449025.700:229): item=0 name="backups/" inode=10879922 dev=103:02 mode=040775 ouid=1000 ogid=1000 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PATH msg=audit(1642449025.700:229): item=1 name="backups/.test.txt.swx" inode=10881889 dev=103:02 mode=0100600 ouid=1000 ogid=1000 rdev=00:00 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642449025.700:229): proctitle=76696D006261636B7570732F746573742E747874
+type=SYSCALL msg=audit(1642449025.700:230): arch=c000003e syscall=87 success=yes exit=0 a0=5567551b4090 a1=7f0a20d2ccd6 a2=0 a3=1000 items=2 ppid=3386 pid=14813 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=4294967295 comm="vim" exe="/usr/bin/vim.basic" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=unlink AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642449025.700:230): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642449025.700:230): item=0 name="backups/" inode=10879922 dev=103:02 mode=040775 ouid=1000 ogid=1000 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PATH msg=audit(1642449025.700:230): item=1 name="backups/.test.txt.swp" inode=10881809 dev=103:02 mode=0100600 ouid=1000 ogid=1000 rdev=00:00 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642449025.700:230): proctitle=76696D006261636B7570732F746573742E747874
+type=SYSCALL msg=audit(1642449025.700:231): arch=c000003e syscall=257 success=yes exit=4 a0=ffffff9c a1=5567551b4090 a2=200c2 a3=180 items=2 ppid=3386 pid=14813 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=4294967295 comm="vim" exe="/usr/bin/vim.basic" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=openat AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642449025.700:231): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642449025.700:231): item=0 name="backups/" inode=10879922 dev=103:02 mode=040775 ouid=1000 ogid=1000 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PATH msg=audit(1642449025.700:231): item=1 name="backups/.test.txt.swp" inode=10881809 dev=103:02 mode=0100600 ouid=1000 ogid=1000 rdev=00:00 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642449025.700:231): proctitle=76696D006261636B7570732F746573742E747874
+type=SYSCALL msg=audit(1642449025.700:232): arch=c000003e syscall=90 success=yes exit=0 a0=5567551b4090 a1=1a4 a2=556754576420 a3=5567545763a0 items=1 ppid=3386 pid=14813 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=4294967295 comm="vim" exe="/usr/bin/vim.basic" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=chmod AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642449025.700:232): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642449025.700:232): item=0 name="backups/.test.txt.swp" inode=10881809 dev=103:02 mode=0100600 ouid=1000 ogid=1000 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642449025.700:232): proctitle=76696D006261636B7570732F746573742E747874
+type=SYSCALL msg=audit(1642449025.700:233): arch=c000003e syscall=257 success=yes exit=3 a0=ffffff9c a1=556754f22ce0 a2=0 a3=0 items=1 ppid=3386 pid=14813 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=4294967295 comm="vim" exe="/usr/bin/vim.basic" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=openat AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642449025.700:233): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642449025.700:233): item=0 name="backups/test.txt" inode=10881995 dev=103:02 mode=0100775 ouid=1000 ogid=1000 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642449025.700:233): proctitle=76696D006261636B7570732F746573742E747874
+type=SYSCALL msg=audit(1642449028.256:234): arch=c000003e syscall=191 success=no exit=-61 a0=556754f22ce0 a1=7f0a21316000 a2=7ffc7917fd80 a3=84 items=1 ppid=3386 pid=14813 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=4294967295 comm="vim" exe="/usr/bin/vim.basic" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=getxattr AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642449028.256:234): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642449028.256:234): item=0 name="backups/test.txt" inode=10881995 dev=103:02 mode=0100775 ouid=1000 ogid=1000 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642449028.256:234): proctitle=76696D006261636B7570732F746573742E747874
+type=SYSCALL msg=audit(1642449028.256:235): arch=c000003e syscall=257 success=yes exit=3 a0=ffffff9c a1=556754f17500 a2=200c1 a3=81fd items=2 ppid=3386 pid=14813 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=4294967295 comm="vim" exe="/usr/bin/vim.basic" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=openat AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642449028.256:235): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642449028.256:235): item=0 name="backups/" inode=10879922 dev=103:02 mode=040775 ouid=1000 ogid=1000 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PATH msg=audit(1642449028.256:235): item=1 name="backups/4913" inode=10881889 dev=103:02 mode=0100775 ouid=1000 ogid=1000 rdev=00:00 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642449028.256:235): proctitle=76696D006261636B7570732F746573742E747874
+type=SYSCALL msg=audit(1642449028.256:236): arch=c000003e syscall=93 success=yes exit=0 a0=3 a1=3e8 a2=3e8 a3=81fd items=1 ppid=3386 pid=14813 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=4294967295 comm="vim" exe="/usr/bin/vim.basic" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=fchown AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642449028.256:236): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642449028.256:236): item=0 name=(null) inode=10881889 dev=103:02 mode=0100775 ouid=1000 ogid=1000 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642449028.256:236): proctitle=76696D006261636B7570732F746573742E747874
+type=SYSCALL msg=audit(1642449028.256:237): arch=c000003e syscall=87 success=yes exit=0 a0=556754f17500 a1=556754f17500 a2=7ffc79180110 a3=0 items=2 ppid=3386 pid=14813 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=4294967295 comm="vim" exe="/usr/bin/vim.basic" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=unlink AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642449028.256:237): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642449028.256:237): item=0 name="backups/" inode=10879922 dev=103:02 mode=040775 ouid=1000 ogid=1000 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PATH msg=audit(1642449028.256:237): item=1 name="backups/4913" inode=10881889 dev=103:02 mode=0100775 ouid=1000 ogid=1000 rdev=00:00 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642449028.256:237): proctitle=76696D006261636B7570732F746573742E747874
+type=SYSCALL msg=audit(1642449028.256:238): arch=c000003e syscall=87 success=no exit=-2 a0=556754f8a530 a1=556754f8a530 a2=fffffffffffffea0 a3=0 items=1 ppid=3386 pid=14813 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=4294967295 comm="vim" exe="/usr/bin/vim.basic" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=unlink AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642449028.256:238): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642449028.256:238): item=0 name="backups/" inode=10879922 dev=103:02 mode=040775 ouid=1000 ogid=1000 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642449028.256:238): proctitle=76696D006261636B7570732F746573742E747874
+type=SYSCALL msg=audit(1642449028.256:239): arch=c000003e syscall=82 success=yes exit=0 a0=556754f22ce0 a1=556754f8a530 a2=fffffffffffffea0 a3=0 items=4 ppid=3386 pid=14813 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=4294967295 comm="vim" exe="/usr/bin/vim.basic" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=rename AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642449028.256:239): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642449028.256:239): item=0 name="backups/" inode=10879922 dev=103:02 mode=040775 ouid=1000 ogid=1000 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PATH msg=audit(1642449028.256:239): item=1 name="backups/" inode=10879922 dev=103:02 mode=040775 ouid=1000 ogid=1000 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PATH msg=audit(1642449028.256:239): item=2 name="backups/test.txt" inode=10881995 dev=103:02 mode=0100775 ouid=1000 ogid=1000 rdev=00:00 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PATH msg=audit(1642449028.256:239): item=3 name="backups/test.txt~" inode=10881995 dev=103:02 mode=0100775 ouid=1000 ogid=1000 rdev=00:00 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642449028.256:239): proctitle=76696D006261636B7570732F746573742E747874
+type=SYSCALL msg=audit(1642449028.256:240): arch=c000003e syscall=257 success=yes exit=3 a0=ffffff9c a1=556754f22ce0 a2=41 a3=1fd items=2 ppid=3386 pid=14813 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=4294967295 comm="vim" exe="/usr/bin/vim.basic" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=openat AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642449028.256:240): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642449028.256:240): item=0 name="backups/" inode=10879922 dev=103:02 mode=040775 ouid=1000 ogid=1000 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PATH msg=audit(1642449028.256:240): item=1 name="backups/test.txt" inode=10881889 dev=103:02 mode=0100775 ouid=1000 ogid=1000 rdev=00:00 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642449028.256:240): proctitle=76696D006261636B7570732F746573742E747874
+type=SYSCALL msg=audit(1642449028.264:241): arch=c000003e syscall=91 success=yes exit=0 a0=3 a1=81fd a2=7ffc7917fe30 a3=0 items=1 ppid=3386 pid=14813 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=4294967295 comm="vim" exe="/usr/bin/vim.basic" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=fchmod AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642449028.264:241): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642449028.264:241): item=0 name=(null) inode=10881889 dev=103:02 mode=0100775 ouid=1000 ogid=1000 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642449028.264:241): proctitle=76696D006261636B7570732F746573742E747874
+type=SYSCALL msg=audit(1642449028.264:242): arch=c000003e syscall=188 success=yes exit=0 a0=556754f22ce0 a1=7f0a21316000 a2=5567551ce620 a3=1c items=1 ppid=3386 pid=14813 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=4294967295 comm="vim" exe="/usr/bin/vim.basic" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=setxattr AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642449028.264:242): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642449028.264:242): item=0 name="backups/test.txt" inode=10881889 dev=103:02 mode=0100775 ouid=1000 ogid=1000 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642449028.264:242): proctitle=76696D006261636B7570732F746573742E747874
+type=SYSCALL msg=audit(1642449028.264:243): arch=c000003e syscall=87 success=yes exit=0 a0=556754f8a530 a1=2d667475 a2=5567544e476b a3=0 items=2 ppid=3386 pid=14813 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=4294967295 comm="vim" exe="/usr/bin/vim.basic" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=unlink AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642449028.264:243): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642449028.264:243): item=0 name="backups/" inode=10879922 dev=103:02 mode=040775 ouid=1000 ogid=1000 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PATH msg=audit(1642449028.264:243): item=1 name="backups/test.txt~" inode=10881995 dev=103:02 mode=0100775 ouid=1000 ogid=1000 rdev=00:00 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642449028.264:243): proctitle=76696D006261636B7570732F746573742E747874
+type=SYSCALL msg=audit(1642449028.264:244): arch=c000003e syscall=87 success=yes exit=0 a0=5567551ca560 a1=1 a2=1d a3=1 items=2 ppid=3386 pid=14813 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=4294967295 comm="vim" exe="/usr/bin/vim.basic" subj=unconfined key="backupwatch"ARCH=x86_64 SYSCALL=unlink AUID="unset" UID="doge" GID="doge" EUID="doge" SUID="doge" FSUID="doge" EGID="doge" SGID="doge" FSGID="doge"
+type=CWD msg=audit(1642449028.264:244): cwd="/home/doge/Code/client-scripts/holophrastic"
+type=PATH msg=audit(1642449028.264:244): item=0 name="/home/doge/Code/client-scripts/holophrastic/backups/" inode=10879922 dev=103:02 mode=040775 ouid=1000 ogid=1000 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PATH msg=audit(1642449028.264:244): item=1 name="/home/doge/Code/client-scripts/holophrastic/backups/.test.txt.swp" inode=10881809 dev=103:02 mode=0100644 ouid=1000 ogid=1000 rdev=00:00 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="doge" OGID="doge"
+type=PROCTITLE msg=audit(1642449028.264:244): proctitle=76696D006261636B7570732F746573742E747874
+type=USER_AUTH msg=audit(1642449044.180:245): pid=14821 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:authentication grantors=pam_permit,pam_cap acct="doge" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_ACCT msg=audit(1642449044.180:246): pid=14821 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:accounting grantors=pam_permit acct="doge" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_CMD msg=audit(1642449044.180:247): pid=14821 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='cwd="/home/doge/Code/Audit-Log" cmd=6370202F7661722F6C6F672F61756469742F61756469742E6C6F6720742F exe="/usr/bin/sudo" terminal=pts/1 res=success'UID="doge" AUID="unset"
+type=CRED_REFR msg=audit(1642449044.180:248): pid=14821 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:setcred grantors=pam_permit,pam_cap acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"
+type=USER_START msg=audit(1642449044.180:249): pid=14821 uid=1000 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:session_open grantors=pam_env,pam_env,pam_permit,pam_umask,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="doge" AUID="unset"

tidyall.ini

@@ -0,0 +1,3 @@
+[PerlTidy]
+select = {lib}/**/*
+argv = -noll -it=2

weaver.ini

@@ -0,0 +1,67 @@
+[@CorePrep]
+
+[-SingleEncoding]
+
+[Name]
+[Version]
+
+[Region  / prelude]
+
+[Generic / SYNOPSIS]
+[Generic / DESCRIPTION]
+[Generic / OVERVIEW]
+
+[Collect / ATTRIBUTES]
+command = attr
+
+[Collect / METHODS]
+command = method
+
+[Collect / FUNCTIONS]
+command = func
+
+[Leftovers]
+
+[SeeAlso]
+[Bugs]
+
+[Region  / postlude]
+
+; [Authors]
+[GenerateSection / AUTHORS ]
+text = Current Maintainers:
+text =
+text = =over 4
+text =
+text = =item *
+text =
+text = George S. Baugh <teodesian@gmail.com>
+text =
+text = =back
+
+
+[Contributors]
+[GenerateSection / COPYRIGHT AND LICENSE]
+text = Copyright (c) 2020 Troglodyne LLC
+text =
+text =
+text = Permission is hereby granted, free of charge, to any person obtaining a copy
+text = of this software and associated documentation files (the "Software"), to deal
+text = in the Software without restriction, including without limitation the rights
+text = to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+text = copies of the Software, and to permit persons to whom the Software is
+text =furnished to do so, subject to the following conditions:
+
+text = The above copyright notice and this permission notice shall be included in all
+text =copies or substantial portions of the Software.
+
+text = THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+text = IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+text = FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+text = AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+text = LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+text = OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+text = SOFTWARE.
+
+[-Transformer]
+transformer = List