Untitled

avatar
unknown
plain_text
3 months ago
27 kB
12
Indexable
root@kube14:~# zgrep -h --binary-files=text -oP 'msg=audit\(\d+\.\d+:\K\d+(?=\):)' /var/log/audit/audit.log* | sort | uniq -c | awk '$1>16 {print $1, $2}' | sort -nr | head
35 163819353
35 163815526
35 163810995
root@kube14:~# ausearch --input-logs -a 163810995 -i
----
type=PROCTITLE msg=audit(10/21/2025 09:41:58.467:163810995) : proctitle=/var/lib/k0s/bin/containerd-shim-runc-v2 -namespace k8s.io -id 6953747977ca4fefe038f11d8d733522d8eb857d84bfb144dee2c6b548d8f877 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=31 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464401/fs inode=11412001 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=30 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464402/fs inode=11416690 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=29 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464403/fs inode=11416715 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=28 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464404/fs inode=11417784 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=27 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464405/fs inode=11417795 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=26 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464406/fs inode=11417817 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=25 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464407/fs inode=11417828 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=24 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464408/fs inode=11417833 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=23 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464409/fs inode=11417837 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=22 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464410/fs inode=11417841 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=21 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464411/fs inode=11417854 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=20 name=(null) inode=21763552 dev=fd:01 mode=file,000 ouid=root ogid=root rdev=00:00 nametype=DELETE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=19 name=(null) inode=21763550 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=18 name=(null) inode=21763553 dev=fd:01 mode=character,000 ouid=root ogid=root rdev=00:00 nametype=DELETE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=17 name=(null) inode=21763550 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=16 name=(null) inode=21763552 dev=fd:01 mode=file,000 ouid=root ogid=root rdev=00:00 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=15 name=(null) inode=21763550 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=14 name=(null) nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=13 name=(null) inode=21763550 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=12 name=(null) inode=21763552 dev=fd:01 mode=file,000 ouid=root ogid=root rdev=00:00 nametype=DELETE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=11 name=(null) inode=21763550 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=10 name=(null) inode=21763552 dev=fd:01 mode=file,000 ouid=root ogid=root rdev=00:00 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=9 name=(null) inode=21763550 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=8 name=(null) nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=7 name=(null) inode=21763550 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=6 name=(null) inode=21763550 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=5 name=(null) inode=21763549 dev=fd:01 mode=dir,711 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=4 name=(null) nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=3 name=(null) inode=21763549 dev=fd:01 mode=dir,711 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=2 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/588630/work inode=21763549 dev=fd:01 mode=dir,711 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=1 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/588630/fs inode=21763548 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:41:58.467:163810995) : item=0 name=/run/k0s/containerd/io.containerd.runtime.v2.task/k8s.io/005581deee4697131d2844a0204019f887ed7c7c0d0fae46e87499ead30d40f5/rootfs inode=40745472 dev=00:18 mode=dir,711 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=CWD msg=audit(10/21/2025 09:41:58.467:163810995) : cwd=/run/k0s/containerd/io.containerd.runtime.v2.task/k8s.io/6953747977ca4fefe038f11d8d733522d8eb857d84bfb144dee2c6b548d8f877 
type=SYSCALL msg=audit(10/21/2025 09:41:58.467:163810995) : arch=x86_64 syscall=mount success=yes exit=0 a0=0xc000226168 a1=0xc0001842d0 a2=0xc000226190 a3=0x0 items=32 ppid=1 pid=3509394 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=containerd-shim exe=/var/lib/k0s/bin/containerd-shim-runc-v2 subj=unconfined key=mounts 
root@kube14:~# ausearch --input-logs -a 163815526 -i
----
type=PROCTITLE msg=audit(10/21/2025 09:43:14.996:163815526) : proctitle=/var/lib/k0s/bin/containerd-shim-runc-v2 -namespace k8s.io -id 6953747977ca4fefe038f11d8d733522d8eb857d84bfb144dee2c6b548d8f877 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=31 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464401/fs inode=11412001 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=30 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464402/fs inode=11416690 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=29 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464403/fs inode=11416715 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=28 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464404/fs inode=11417784 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=27 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464405/fs inode=11417795 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=26 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464406/fs inode=11417817 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=25 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464407/fs inode=11417828 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=24 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464408/fs inode=11417833 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=23 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464409/fs inode=11417837 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=22 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464410/fs inode=11417841 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=21 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464411/fs inode=11417854 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=20 name=(null) inode=21763598 dev=fd:01 mode=file,000 ouid=root ogid=root rdev=00:00 nametype=DELETE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=19 name=(null) inode=21763596 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=18 name=(null) inode=21763599 dev=fd:01 mode=character,000 ouid=root ogid=root rdev=00:00 nametype=DELETE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=17 name=(null) inode=21763596 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=16 name=(null) inode=21763598 dev=fd:01 mode=file,000 ouid=root ogid=root rdev=00:00 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=15 name=(null) inode=21763596 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=14 name=(null) nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=13 name=(null) inode=21763596 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=12 name=(null) inode=21763598 dev=fd:01 mode=file,000 ouid=root ogid=root rdev=00:00 nametype=DELETE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=11 name=(null) inode=21763596 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=10 name=(null) inode=21763598 dev=fd:01 mode=file,000 ouid=root ogid=root rdev=00:00 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=9 name=(null) inode=21763596 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=8 name=(null) nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=7 name=(null) inode=21763596 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=6 name=(null) inode=21763596 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=5 name=(null) inode=21763595 dev=fd:01 mode=dir,711 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=4 name=(null) nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=3 name=(null) inode=21763595 dev=fd:01 mode=dir,711 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=2 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/588631/work inode=21763595 dev=fd:01 mode=dir,711 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=1 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/588631/fs inode=21763594 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:43:14.996:163815526) : item=0 name=/run/k0s/containerd/io.containerd.runtime.v2.task/k8s.io/d9a00833e092bc5693046b12f01e6527e3df0026ae20898f4a20457ae4133044/rootfs inode=40746229 dev=00:18 mode=dir,711 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=CWD msg=audit(10/21/2025 09:43:14.996:163815526) : cwd=/run/k0s/containerd/io.containerd.runtime.v2.task/k8s.io/6953747977ca4fefe038f11d8d733522d8eb857d84bfb144dee2c6b548d8f877 
type=SYSCALL msg=audit(10/21/2025 09:43:14.996:163815526) : arch=x86_64 syscall=mount success=yes exit=0 a0=0xc0003e2068 a1=0xc000375d40 a2=0xc0003e2070 a3=0x0 items=32 ppid=1 pid=3509394 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=containerd-shim exe=/var/lib/k0s/bin/containerd-shim-runc-v2 subj=unconfined key=mounts 
root@kube14:~# ausearch --input-logs -a 163819353 -i
----
type=PROCTITLE msg=audit(10/21/2025 09:44:37.568:163819353) : proctitle=/var/lib/k0s/bin/containerd-shim-runc-v2 -namespace k8s.io -id 6953747977ca4fefe038f11d8d733522d8eb857d84bfb144dee2c6b548d8f877 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=31 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464401/fs inode=11412001 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=30 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464402/fs inode=11416690 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=29 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464403/fs inode=11416715 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=28 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464404/fs inode=11417784 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=27 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464405/fs inode=11417795 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=26 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464406/fs inode=11417817 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=25 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464407/fs inode=11417828 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=24 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464408/fs inode=11417833 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=23 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464409/fs inode=11417837 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=22 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464410/fs inode=11417841 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=21 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/464411/fs inode=11417854 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=20 name=(null) inode=21763619 dev=fd:01 mode=file,000 ouid=root ogid=root rdev=00:00 nametype=DELETE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=19 name=(null) inode=21763617 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=18 name=(null) inode=21763620 dev=fd:01 mode=character,000 ouid=root ogid=root rdev=00:00 nametype=DELETE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=17 name=(null) inode=21763617 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=16 name=(null) inode=21763619 dev=fd:01 mode=file,000 ouid=root ogid=root rdev=00:00 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=15 name=(null) inode=21763617 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=14 name=(null) nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=13 name=(null) inode=21763617 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=12 name=(null) inode=21763619 dev=fd:01 mode=file,000 ouid=root ogid=root rdev=00:00 nametype=DELETE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=11 name=(null) inode=21763617 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=10 name=(null) inode=21763619 dev=fd:01 mode=file,000 ouid=root ogid=root rdev=00:00 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=9 name=(null) inode=21763617 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=8 name=(null) nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=7 name=(null) inode=21763617 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=6 name=(null) inode=21763617 dev=fd:01 mode=dir,000 ouid=root ogid=root rdev=00:00 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=5 name=(null) inode=21763616 dev=fd:01 mode=dir,711 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=4 name=(null) nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=3 name=(null) inode=21763616 dev=fd:01 mode=dir,711 ouid=root ogid=root rdev=00:00 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=2 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/588632/work inode=21763616 dev=fd:01 mode=dir,711 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=1 name=/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/588632/fs inode=21763615 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=PATH msg=audit(10/21/2025 09:44:37.568:163819353) : item=0 name=/run/k0s/containerd/io.containerd.runtime.v2.task/k8s.io/905ba3fa94231565ab42babeb48b64ed159dec62197ee5a76fdb5fe2d79b0137/rootfs inode=40747062 dev=00:18 mode=dir,711 ouid=root ogid=root rdev=00:00 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=CWD msg=audit(10/21/2025 09:44:37.568:163819353) : cwd=/run/k0s/containerd/io.containerd.runtime.v2.task/k8s.io/6953747977ca4fefe038f11d8d733522d8eb857d84bfb144dee2c6b548d8f877 
type=SYSCALL msg=audit(10/21/2025 09:44:37.568:163819353) : arch=x86_64 syscall=mount success=yes exit=0 a0=0xc0000e60b8 a1=0xc000466750 a2=0xc0000e60c0 a3=0x0 items=32 ppid=1 pid=3509394 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=containerd-shim exe=/var/lib/k0s/bin/containerd-shim-runc-v2 subj=unconfined key=mounts
Editor is loading...
Leave a Comment