usr/sbin/auditctl000075500000132040147204316510010052 0ustar00ELF> -@`@8 @@@@hh КК К     DDStd Ptd  QtdRtdКК К 00/lib64/ld-linux-x86-64.so.2GNUGNUGNU=* c8en-ð\ "PA @\`eBEC`|*qX.l 92 YHKQR;s 4%V]ge*j-= Mru~xo_i+ -Y{GRCKCp_| : S^Rf4"-l g    T   K      libaudit.so.1_ITM_deregisterTMCloneTable__gmon_start___ITM_registerTMCloneTable_audit_elfaudit_sendaudit_openaudit_set_loginuid_immutableaudit_set_enabledaudit_rule_create_dataaudit_number_to_errmsgaudit_detect_machine_audit_exeaddedaudit_rule_syscallbyname_dataaudit_msgaudit_machine_to_elfaudit_msg_type_to_nameaudit_can_controlaudit_elf_to_machineaudit_syscall_to_nameaudit_is_enabledaudit_set_rate_limitaudit_set_backlog_limit_audit_syscalladdedaudit_name_to_flagaudit_add_watch_diraudit_uringop_to_nameaudit_make_equivalentaudit_rule_fieldpair_dataaudit_closeaudit_errno_to_nameaudit_add_rule_dataaudit_request_rules_list_dataaudit_log_user_message_audit_permaddedaudit_field_to_nameaudit_update_watch_permsaudit_fstype_to_nameaudit_request_status_audit_filterfsaddedaudit_reset_backlog_wait_time_actualaudit_action_to_nameaudit_reset_lostaudit_rule_free_dataaudit_set_failure_audit_archaddedaudit_request_featuresaudit_set_backlog_wait_timeaudit_rule_interfield_comp_dataaudit_machine_to_nameaudit_trim_subtreesaudit_get_replyaudit_operator_to_symbolaudit_flag_to_nameset_aumessage_modeaudit_delete_rule_datalibauparse.so.0auparse_do_interpretationauparse_interp_adjust_typelibcap-ng.so.0libc.so.6__xpg_basename__printf_chkexitoptind__fdelt_chkputs__stack_chk_failputcharfgets_unlockedselectkillstrdupstrlenstrstr__errno_locationstrtok_rmemcpyfclosestrtoulmallocstrcasecmp__ctype_b_locoptargstderr__snprintf_chkgetopt_long__strncat_chk__fxstatfwritegeteuidstrchrfdopen__ctype_tolower_loc__cxa_finalize__xstatopterr__strcat_chkstrcmpstrerror__asprintf_chk__libc_start_mainfree_edata__bss_start_endGLIBC_2.3GLIBC_2.14GLIBC_2.8GLIBC_2.15GLIBC_2.4GLIBC_2.2.5GLIBC_2.3.4ii ii ii ui ti К .ؚ -   x@ x` .x p yt؟  ( - N U ] e ^ f g ` b h c d ( 0 8 @ H P X `  h  p  x          ȝ Н ؝          ! "( #0 $8 %@ &H 'P )X *` +h ,p .x / 0 1 2 3 4 5 6 7 8Ȟ 9О :؞ ; < = > ? @ A B C D( E0 F8 G@ HH IP JX K` Lh Mp Ox P Q R S T U V W X Yȟ ZП [HH HtH5| %| hhhhhhhhqhah Qh Ah 1h !h hhhhhhhhhhqhahQhAh1h!hhhh h!h"h#h$h%h&h'qh(ah)Qh*Ah+1h,!h-h.h/h0h1h2h3h4h5h6h7qh8ah9Qh:Ah;1h<!h=h>h?h@hAhBhChDhEhFhGqhHahIQhJAhK1hL!hMhNhOhPhQhRhShThUhV%ew D%]w D%Uw D%Mw D%Ew D%=w D%5w D%-w D%%w D%w D%w D% w D%w D%v D%v D%v D%v D%v D%v D%v D%v D%v D%v D%v D%v D%v D%v D%v D%v D%}v D%uv D%mv D%ev D%]v D%Uv D%Mv D%Ev D%=v D%5v D%-v D%%v D%v D%v D% v D%v D%u D%u D%u D%u D%u D%u D%u D%u D%u D%u D%u D%u D%u D%u D%u D%u D%}u D%uu D%mu D%eu D%]u D%Uu D%Mu D%Eu D%=u D%5u D%-u D%%u D%u D%u D% u D%u D%t D%t D%t D%t D%t D%t D%t D%t D%t D%t DATI1US1 uhIl$H5LHtwH5LHtdH5LHdeuDH5_1y?tڃuI|$H5@Le8ŅL1Ã= t u =s tZs tD Ãu!8oH5^1H=t []A\H=t v1xs # tI|$(H=t u5-t H=kt H=LxH5}G1Nf.f1I^HHPTLFH _FH=r H=s Hs H9tHnr Ht H=Ys H5Rs H)HHH?HHtHEr HtfD=]s u+UH="r Ht H=l d5s ]wAUATUSHH $HH $HdH%(H$#1H\$HHHc=q E1HL$q  2?)HH T0DH$HD$Ds8uHq 11IHލxxڋ=,q 1ɺL~9$uH$#t5p L#0tAt@AA'bH$#dH3%(uH#[]A\A]ff.H=p 1҅ H@q qHDAVAUATUSHH $HH $HdH%(H$#1H\$IHHHc= p 6-p H5DLL?)ѺHH TtH5CLAŃpE1HL$fH$HD$D8uho 11IHލxxڋ=Lo 1ɺL~!$tmtvt=CAA(zH5[G1H$#dH3%(H#[]A\A]A^fH$#uAH5BLH5BLH5BLzH5BLcH5BLLH5oBL5H5_BLtH5QBL A6A#H$#x t?D8"H5EH1H5 B1xA A LH5A1KD!K8o0H5A1f.HH=n n m m m m m m l l l m m x#Hm fl x 1HMl y1H5DFff.@AWAAVAUATUSHHD-l dH%(H$81AA>xA[H#IHvHl$H5N@HHH\$ {HH1HHt+L%"@HLH1CHHuH5|l HSH HD$,H3VH3F H uZHCHSH3FH3V$H uEHC HS(H3F,H3V4H u0HC0HS8H3F;/tA1H5{;H$dH3 %(HĠ[]A\fDHHHH=HI2I5H5&;HHtH5RJ1.*H!HH5aJ1HHv|/HPHHiuD$1%=@@Ǎ|?iHH5f 1H5GI}?HcHBPDHs@D|/HHu?1H5I Rff.HH=9Hud DH=9Hu}d  H=l9Hff.AVI,AUATIUSHHtLh,HL/Ht[]A\A]A^f.LŃt^,A>Lt/ŅuA=t=c t1[]A\A]A^@Aud LAtu,^d sAWL=d AVAUIATE1USHNHXt$Lt$D=b  =b  H=yc Hzb hb :c uAC D=Rb D= c =c tHc 78oAH\$HdH3%(DrHX[]A\A]A^A_fH=b H9H|$H|$HHDPH|$H|$11HD$LHL$=wa Z=Za ZL%1b H56LH a  H5Ga H5a H=b Hb P ja fDuCHcfa H=5Ita IuL=P` kAą& a a `  L` H=46L IL` fDH5QEW/ a` e` H91H5D}=` -?H=9` HH|$.H|$HHDPuH|$=H|$11HD$HL$ =^ (H_ Ht]H=3H€ H=2H€ H=5H€ HH5uChH=8=!_ =_ Q_  AHD$@ ^ \ Ӄ1H|$@H _ HzL Ht$@H=^  H|$@A@^ d^ G9=_ G A_*^ ,^ B^ (^  =4]  L^ MpLLD$LD$H ^ 1H! tE€DHqHDΉ@HL)H1EHHP LǾDL$LD$LD$DL$Ht!LH5O31ELP] ] E LƹLwH] H!%tDHJHDщDH)<] ] H=\  ] H5[ uzSA\ \\ \ 0HQ\ Ht]H=0H€eH=m/H€FH=C2H€'HH5?D1H=[ H H|$H|$HHDP H|$H|$11HD$LHL$ S =wZ U=RZ L%1[ M. L 1tMD$DD$11HI HNjr  w x8 HA9wH=Z Z A5zZ  H5+C1]Z @9E3S H5`AfD=RY H^0H5]01Y f =Y u6u1IuH=- Y =X =X tGdY 8U >9C1H5@1mH=1Y H: .X  X X -AE*@L%X H5j-LHiX [H5=fW X D$W %#  X  D\$Eu*F ljD$cT$ !X HX ,HHT$(HT$HHbHHD$HAHD$@H5+HHD$HDd$ Ld$l$$HLl$($LH5I+1HHH=W HAŅtHDd$ l$$Ll$(EH|$L$3L$]9V DT$E!= V H5V |$fDAV 9 AA@=U ] HcL$M HHfDH51H M t!<!H Hu1H|$@H#[W=L E1E1jHT$P1ɾAXAYH|$@oJH5#1AbHKM H5!_H5(31AN1HM H5!.H5g21AHL H5!1H55tH541AH5"LH5!AH5]!1AwjUAbH5!1AcFH5K =L =RL uSHsHtVHtHt#t.HSuH[@C HfDC\HfD[fDAWAVAUATUSHH $H1H|$IdH%(H$1yeD ADALH5!H1DH$dH3%(DH[]A\A]A^A_HT$ ƿ%D$8%=JH5!+HD$HAH$HT$HH} HHt$HCʀ uDHP tH݋UH!%tDHUHD@HH11H)݄uJfFHHt0\uFƄF1HHuHIH8#HHHzAHAH=L L`L`HD$H8#f.A9v#LIM|$10IHuI$AąKL|$DLLtWŃuI8oFHL$1DH52=H =H t -H @AHT$H5;21A 1HT$H511] jF1Ƅ*ffDH|$E1A8lHT$H5H1jH|$H|$AMt8H5ZH H51H|$7VfDHHGGDHHG@HHufHHBHuHWHGHtH@HGf.AUIATIUSHHHMtWLHHtLLHHHMH;LeHEt0HCHhHkCH[]A\A]DHH+ff.ATIUSHHt!DH;HkHHHu[]I$ID$AD$A\f.AWAVAUATUSHH $HH $HdH%(H$#1AD$4H\$@1HHIcEfHl$E1DL$A ?)ѺHH T@HD$ HHD$@HD$HD$@+8u11IHDx1ɺLDN~ZH$t$9pu9$tK=uH$#A]DAA'JH|$(HD$(Hu!fH|$FHHHDy؉H50H1H$#dH3%(H$[]A\A]A^A_fH$#.؉5H50H1H$#H|$ HH|$*1aNfDLf.@AVAUATUSHdH%(HD$1GH1E1I,@H |tw HI9] %=uË 1LN-H 0xrL4$H5'C LOHu_Lb뉁izpqH9]{1Ht$dH34%(u*H[]A\A]A^fE1L=B t fDfH=EB +B vfDAWAVAUATUSHdH%(H$1A H~~FHEڿH5h11A 1H$dH34%(Hĸ[]A\A]A^A_tȃuH0#1ۋ8tH0#H5a0H1CA IA H=-Wf.=A H0#@ tH.t H0# H=@ Hj@ fDH0#@@ H,H ,HDʋPH5/1^fH0# ? BR H f,t H S,tH S,HR,HEHW,t HC,tHE,H&,HEH5.1H0#HH5{/DHD@HP @P1XZH0#H5.P$1{}<H0#H5.P(1TH=1? H-? H@L8AwA?fFI E1M"t %iuVHI9tjuHAI9uD$Ev fDAAHyHٿH5*H1`AGDl$<1L%*@HA9_A % uE A DD5= x;AŅD5= E-X= H5k*H1pDl$<&D$AAƃt$8tmD$8@vX?%HEHA|HPH9uD$H5,11D$8fD$AwH$11HD$ HD$HD$PHD$0HD$(kDADDT$M/DT$MLHH5)1EA Hf.HA9_"A AƉD$AA tE DVAxIHE A AAF f.LH5$10ރDDAT tދ=6 sExDDH5"H1迻:D¹H5l"H1蜻D蟹H59"H1yD|H5"H1VDYH5!H13D6H5!H1DH5r!H1hDH5?!H1ʺED͸H5 !H1觺"D誸H5 H1脺D臸H5 H1aDdH5v H1>DAH5E H1DH5 H1sDH5H1չPDطH5H1貹-D起H5{H1菹 D蒷H5EH1lDoH5H1IDLH5H1&D)H5H1~DH5qH1[DH5<H1轸8DH5H1蚸D蝶H5H1wf1H|$HDѾM/H?H|$HA HT$(H5H蔶Ht_Dd$Ll$(,H5#11LH5\Ht'HEuH51̷f.H|$H&1HD$0 fDDD1)nE DHHD$EwLD$LH5EH1I@HD$H1DXH?A BK舴UHSHHtfH>HfDH9u;HH] HfHuHE;t4HH[]f.HEHH[]HHu1HH[]@SHtfH=g. Hf.H9u;HHH. HӳHuH+. ;t*H[fH. H[ÐH. Hu1H[f.AWIAVIAUAATL%' UH-' SL)H7Ht1LLDAHH9uH[]A\A]A^A_ff.HHTERMstopHUPreloadUSR1rotateUSR2resumeCONTstate%s is an unsupported signalThe audit system is disabledAuditd is not running,Rule existsError - no list specifiedThe path must start with '/'..alwaysneverpossible-iOnly -i option is allowedThe audit system is disabled 0Error converting rateError converting backlog-ktaskAppend rule - bad keyword %sAdd rule - bad keyword %sDelete rule - bad keyword %sError detecting machine typeError looking up elf type %dSyscall name unknown: %sElf type unknown: 0x%xarch=-tkey=text=%sCan't create user eventOnly the -k option is allowedwatch option needs a pathkey option needs a valuekey option exceeds size limitkey %s has illegal characterpermission %s is too longPermission %c isn't supported3.1.2auditctl version %s lost: %ubacklog_wait_time_actual: %uOption %s is invalidOut of memory adding keyError opening %s (%s)Error fstat'ing %s (%s)rmError - fdopen failed (%s)auditctl--help-h-l-Rloginuid-immutablebacklog_wait_timereset-lostFailed sending signal to auditd (%s)Failed sending signal to auditd (timeout)Cannot open netlink audit socketWARNING - 32/64 bit syscall mismatch in line %d, you should specify an archWARNING - 32/64 bit syscall mismatch, you should specify an archError sending add rule data request (%s)Error sending delete rule data request (%s)usage: auditctl [options] -a Append rule to end of ist with ction -A Add rule at beginning of ist with ction -b Set max number of outstanding audit buffers allowed Default=64 -c Continue through errors in rules -C f=f Compare collected fields if available: Field name, operator(=,!=), field name -d Delete rule from ist with ction l=task,exit,user,exclude,filesystem a=never,always -D Delete all rules and watches -e [0..2] Set enabled flag -f [0..2] Set failure flag 0=silent 1=printk 2=panic -F f=v Build rule: field name, operator(=,!=,<,>,<=, >=,&,&=) value -h Help -i Ignore errors when reading rules from file -k Set filter key on audit rule -l List rules -m text Send a user-space message -p [r|w|x|a] Set permissions filter on watch r=read, w=write, x=execute, a=attribute -q make subtree part of mount point's dir watches -r Set limit in messages/sec (0=none) -R read rules from file -s Report status -S syscall Build rule: syscall name or number --signal Send the specified signal to the daemon -t Trim directory watches -v Version -w Insert watch at -W Remove watch at --loginuid-immutable Make loginuids unchangeable once set --backlog_wait_time Set the kernel backlog_wait_time --reset-lost Reset the lost record counter --reset_backlog_wait_time_actual Reset the actual backlog wait time counterThe audit system is in immutable mode, no rule changes allowedThe path passed for the watch is too bigThe base name of the path is too bigWarning - relative path notation is not supportedWarning - wildcard notation is not supportedparameter passed without an option givenToo many options for status commandEnable must be 0, 1, or 2 was %sFailure must be 0, 1, or 2 was %sRate must be a numeric value was %sBacklog must be a numeric value was %sWrong number of options for list requestOnly -k or -i options are allowedSyscall auditing requested for task listMultiple rule insert/delete operations are not allowed Append rule - possible is deprecatedError: syscall auditing requested for task listMultiple rule insert/delete operations are not allowedDelete rule - possible is deprecatedError: syscall auditing being added to task listError: syscall auditing being added to user listError: syscall auditing being added to filesystem listError: syscall auditing cannot be put on exclude listList must be given before fieldThe -m option must be only the only option and takes 1 parameterIllegal character in audit eventError - nested rule files not supportedWrong number of options for Delete all requestwatch option can't be given with a syscallkey option needs a watch or syscall given prior to itpermission option needs a watch given prior to itpermission option needs a filterSyscall auditing requested for make equivalentError parsing equivalent partsError converting backlog_wait_timeBacklog_wait_time must be a numeric value was %sOption %s on line %d is invalidhicslDvtC:e:f:r:b:a:A:d:S:F:m:R:w:W:k:p:q:audit rules file %s doesn't existError - %s is not a regular fileThere was an error in line %d of %sYou must be root to run this program.There was an error while processing parametersreset_backlog_wait_time_actualH((Ⱦ0HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH0HpгH`HHHHHHHHHHHHHH0HHHHHHHHHxH H HH кp(H@ȱError receiving rules list (%s)Error deleting rule (%s)silentprintkpanicunknowndisableenabledenabled+immutableunlockedNo rules-a %s,%s -F arch%s0x%X -F arch%sb64 -F arch%sb32 -F arch%s%s -S -F %s%s%d -F %s%s%s -F %s%s%.*s-w %.*s -F path=%.*s -F dir=%.*s -F exe=%.*s -k %s -F key=%swa -p %s -F perm=%s -F %s%s%u -C uid%sobj_uid -C gid%sobj_gid -C euid%sobj_uid -C egid%sobj_gid -C auid%sobj_uid -C suid%sobj_uid -C sgid%sobj_gid -C fsuid%sobj_uid -C fsgid%sobj_gid -C uid%sauid -C uid%seuid -C uid%sfsuid -C uid%ssuid -C auid%sfsuid -C auid%ssuid -C auid%seuid -C euid%ssuid -C euid%sfsuid -C suid%sfsuid -C gid%segid -C gid%sfsgid -C gid%ssgid -C egid%sfsgid -C egid%ssgid -C sgid%sfsgid -F %s%s0x%X -F %s%s-%s -F %s%sunset f%d%s%dNLMSG_ERROR %d (%s) enabled %s failure %s enabled %u failure %u backlog_wait_time %u backlog_wait_time_actual %u loginuid_immutable %u %s Unknown: type=%d, len=%d -S allpid %u rate_limit %u backlog_limit %u lost %u backlog %u xc@nK(yV3a>;  @@h0D0(  8TЦ0@Щ$tpx @@00PX  zRx /D$4FJ w?:*3$"\PpDtTBBA A(G L@LH# (A ABBA ;DW E XLЛVBBB A(A0G L@LHg 0A(A BBBJ ,D D LHBEB B(A0A8G o 8A0A(B BBBC DAr E XDe A 0LBAA J_  AABG (LBJB D(A0i (C BBBK B (C BBBE \hD=BIB E(D0C8KO 8A0A(B BBBC NSB$jEz I aLtJBBB B(A0A8G L2 8A0A(B BBBA 08FFA 8 ABA l@L H)d8pFED A(L0X (A ABBF (SFDA jA\T$FBB B(A0A8G L@LH 8A0A(B BBBJ @|P)BBB A(A0D@ 0A(A BBBJ <H`T8FBB B(A0A8G 8A0A(B BBBI ^HA<L0EDD C DAK K DAH NDA$EQ J N B RDeFEE E(H0H8G@n8A0A(B BBB.-   tК ؚ o0h    (( oo8oobo @ P ` p !! !0!@!P!`!p!!!!!!!!!"" "0"@"P"`"p"""""""""## #0#@#P#`#p#########$$ $0$@$P$`$p$$$$$$$$$%% %0%@%P%`%p%%%% xx.xpytGA$3a1 O- GA$3p1113 +sGA*GA$annobin gcc 8.5.0 20210514GA$plugin name: gcc-annobinGA$running gcc 8.5.0 20210514GA*GA! GA*FORTIFYGA+GLIBCXX_ASSERTIONS GA*GOW*GA*cf_protectionGA+omit_frame_pointerGA+stack_clashGA!stack_realignGA* +]GA$3a1P-%t GA$3p1113YtGA*GA$annobin gcc 8.5.0 20210514GA$plugin name: gcc-annobinGA$running gcc 8.5.0 20210514GA*GA! GA*FORTIFYGA+GLIBCXX_ASSERTIONSGA*cf_protectionGA+omit_frame_pointerGA+stack_clashGA!stack_realignGA*Yxr GA*GOW*GA*rsGA*st GA*GOW* GA*FORTIFY.tGA+GLIBCXX_ASSERTIONS GA*FORTIFYYsGA+GLIBCXX_ASSERTIONSauditctl-3.1.2-1.el8.x86_64.debug%7zXZִF!t/]?Eh=ڊ2N/ /2>FƦ0nlY0kL)C2VnB5;=ľ0vJ_faAѱK$6nmx|sGyr9S&~uj_ne@h3#0z ӻ32>dD;uN&oe EZRS6N c,RƅMs3|5S݅+{Э)!7ͤ` G3 3J7o0 gv-Eko֠Wӥp-g)"TXY޸dB"{3HFxa4&NoUq*Q\|!s /*P2"4:v{Ǜg`UU=۲CګBw}@#$]h&\n"s\l|>j%[= Hu*x2ٳAzr2lHz`bIF= q5w.FtdS|#,=?ix~Yp҉ #gq=((RXEk*metaN.u75egw ~Y+6X%xaFpG鏸A< ?U=7^M"y.%g>Qա^QG W]} Gz:1@!Bǁ$l"h@^)NM2 wVq3h>T|!i{Ҭ6,Btי&lǿw=G8EmH @s]jҝh2%P١i4ƒkG =Y^<2r?Q=A,|RX~4]= ѧRPڦn<7Q,*/.Ej^/k UUrprRT`++ytWª5>sX&C~tgڸ#e tT \M@&{0TƢ=J=,̿à;~%!qy @$@8XzT4( s~(:SXEv10*B9-VqhFًV0?=~38FjXOST Vq$uTD{)tBJ_+&"K㩦% ՟kN<˟JŽz$odQ<_Fp6VcZ' 'X3gYZ.shstrtab.interp.note.gnu.property.note.ABI-tag.note.gnu.build-id.gnu.hash.dynsym.dynstr.gnu.version.gnu.version_r.rela.dyn.rela.plt.init.plt.sec.text.fini.rodata.eh_frame_hdr.eh_frame.init_array.fini_array.data.rel.ro.dynamic.got.data.bss.gnu.build.attributes.gnu_debuglink.gnu_debugdata  & 4$Go00`Q  Yh h aobbno88}(B(  0 0 %%p + +Htt (t(t К Кؚ ؚ      ` (/ >