Jun 26 09:59:23 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2027 sudo ./log.sh Jun 26 10:05:05 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2027 sudo ./log.sh Jun 26 10:05:06 internal-jumper-server LinuxCommandsWazuh: message repeated 4 times: [ User ubuntu [3981711]: 2027 sudo ./log.sh ] Jun 26 10:55:57 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2028 vi log.sh Jun 26 10:55:59 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2029 cd Jun 26 10:56:00 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2030 ls Jun 26 10:56:01 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2031 cd Nitrox/ Jun 26 10:56:04 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2032 make psq Jun 26 11:11:07 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2033 make psql Jun 26 11:11:08 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2034 cd Jun 26 11:11:09 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2035 ls Jun 26 11:11:13 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2036 cd vpn/ Jun 26 11:11:15 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2037 ks Jun 26 11:11:17 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2038 cdls Jun 26 11:11:18 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2039 ls Jun 26 11:11:31 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2040 sudo ./openvpn-install.sh Jun 26 11:11:38 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2041 cat /root/ankur.ovpn Jun 26 11:11:49 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2042 sudo vi /root/ankur.ovpn Jun 26 11:11:53 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2043 sudo cat /root/ankur.ovpn Jun 26 11:14:50 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2043 sudo cat /root/ankur.ovpn Jun 26 11:14:50 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2043 sudo cat /root/ankur.ovpn Jun 26 11:14:51 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2044 ls Jun 26 11:14:52 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2045 cd Jun 26 11:15:00 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2046 cd /etc/openvpn/client/ Jun 26 11:15:00 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2047 ls Jun 26 11:15:02 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2048 cd .. Jun 26 11:15:02 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2049 ls Jun 26 11:15:04 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2050 cd server/ Jun 26 11:15:04 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2051 ls Jun 26 11:15:34 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2052 sudo vi ipp.txt Jun 26 11:15:46 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2053 ls Jun 26 11:15:54 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2054 cat ipp.txt Jun 26 11:15:57 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2055 sudo cat ipp.txt Jun 26 11:16:08 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2056 sudo vi /etc/nginx/sites-enabled/ Jun 26 11:16:18 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2057 cd /etc/nginx/sites-enabled/ Jun 26 11:16:18 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2058 ls Jun 26 11:16:25 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2059 cat yash.conf Jun 26 11:18:13 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2060 sudo vi ankur.conf Jun 26 11:18:38 internal-jumper-server LinuxCommandsWazuh: message repeated 2 times: [ User ubuntu [3981711]: 2060 sudo vi ankur.conf] Jun 26 11:19:36 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2061 sudo certbot --nginx -d ghost-rider-bifrost.getnitro.co.in Jun 26 11:20:06 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2062 sudo certbot --nginx -d ghost-rider-shopper.getnitro.co.in Jun 26 11:20:29 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2063 sudo certbot --nginx -d ghost-rider-pages.getnitro.co.in Jun 26 11:21:04 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2064 sudo certbot --nginx -d ghost-rider-sso.getnitro.co.in Jun 26 11:21:13 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2065 sudo ngnix -t Jun 26 11:21:19 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2065 sudo ngnix -t Jun 26 11:21:23 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2066 sudo nginx -t Jun 26 11:21:44 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2067 sudo systemctl reload nginx.service Jun 26 11:40:50 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2068 cd Jun 26 11:40:53 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2069 cd .. Jun 26 11:41:03 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2070 setfacl -R -m user:rihan:--- /home/ Jun 26 11:41:07 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2071 sudo setfacl -R -m user:rihan:--- /home/ Jun 26 11:41:37 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2072 sudo apt install acl Jun 26 11:41:51 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2073 sudo setfacl -R -m user:rihan:--- /home/ Jun 26 11:41:52 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2074 ls Jun 26 11:41:58 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2075 sudo su rihan/ Jun 26 11:41:58 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2076 ls Jun 26 11:42:01 internal-jumper-server LinuxCommandsWazuh: User rihan [4030798]: Jun 26 11:42:12 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2077 sudo su rihan Jun 26 11:42:54 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2078 ll Jun 26 11:43:05 internal-jumper-server LinuxCommandsWazuh: User rihan [4030925]: Jun 26 11:43:10 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2079 sudo su rihan Jun 26 11:43:12 internal-jumper-server LinuxCommandsWazuh: User rihan [4030944]: Jun 26 11:43:14 internal-jumper-server LinuxCommandsWazuh: User rihan [4030944]: 1 docker ps Jun 26 11:43:19 internal-jumper-server LinuxCommandsWazuh: User rihan [4030944]: 2 kubectl get all Jun 26 11:43:31 internal-jumper-server LinuxCommandsWazuh: User rihan [4030944]: 3 sudo kubectel get all Jun 26 11:43:37 internal-jumper-server LinuxCommandsWazuh: User rihan [4030944]: 4 sudo kubectl get all Jun 26 11:43:40 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2079 sudo su rihan Jun 26 11:46:50 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2080 sudo vi vi /bin/restrictedbash Jun 26 11:47:02 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2081 sudo vi /bin/restrictedbash Jun 26 11:47:09 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2082 sudo chmod 755 /bin/restrictedbash Jun 26 11:47:18 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2083 sudo vi vi /etc/passwd Jun 26 11:47:53 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2084 sudo vi /etc/passwd Jun 26 11:48:03 internal-jumper-server LinuxCommandsWazuh: User anshika [4032326]: 37 exit Jun 26 11:48:04 internal-jumper-server LinuxCommandsWazuh: User anshika [4032326]: 38 ls Jun 26 11:48:05 internal-jumper-server LinuxCommandsWazuh: User anshika [4032326]: 39 cd Jun 26 11:48:06 internal-jumper-server LinuxCommandsWazuh: User anshika [4032326]: 40 ls Jun 26 11:48:16 internal-jumper-server LinuxCommandsWazuh: message repeated 2 times: [ User anshika [4032326]: 40 ls] Jun 26 11:48:19 internal-jumper-server LinuxCommandsWazuh: User anshika [4032326]: 41 cd devesh Jun 26 11:48:22 internal-jumper-server LinuxCommandsWazuh: User anshika [4032326]: 42 cd Jun 26 11:48:28 internal-jumper-server LinuxCommandsWazuh: User anshika [4032326]: 43 cd anshika Jun 26 11:48:39 internal-jumper-server LinuxCommandsWazuh: User anshika [4032326]: 44 docker ps Jun 26 11:48:40 internal-jumper-server LinuxCommandsWazuh: User anshika [4032326]: 45 ls Jun 26 11:48:45 internal-jumper-server LinuxCommandsWazuh: User anshika [4032326]: 45 ls Jun 26 11:48:48 internal-jumper-server LinuxCommandsWazuh: User anshika [4032326]: 46 cd stage Jun 26 11:48:50 internal-jumper-server LinuxCommandsWazuh: User anshika [4032326]: 47 cd .. Jun 26 11:49:00 internal-jumper-server LinuxCommandsWazuh: User anshika [4032326]: 47 cd .. Jun 26 11:49:02 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2085 sudo su anshika Jun 26 11:49:12 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2086 sudo vi /bin/restrictedbash Jun 26 11:49:13 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2087 ls Jun 26 11:49:14 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2088 cd Jun 26 11:49:19 internal-jumper-server LinuxCommandsWazuh: User anshika [4032554]: 48 exit Jun 26 11:49:21 internal-jumper-server LinuxCommandsWazuh: User anshika [4032554]: 49 cd Jun 26 11:49:23 internal-jumper-server LinuxCommandsWazuh: User anshika [4032554]: 50 ls Jun 26 11:49:32 internal-jumper-server LinuxCommandsWazuh: User anshika [4032554]: 51 cd .. Jun 26 11:49:34 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2089 sudo su anshika Jun 26 11:49:37 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2090 cd .. Jun 26 11:49:40 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2091 cd anshika Jun 26 11:49:48 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2092 ls Jun 26 11:49:51 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2093 cd anshika/ Jun 26 11:50:01 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2094 sudo vi /bin/restrictedbash Jun 26 11:50:04 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2095 sudo rm /bin/restrictedbash Jun 26 11:50:16 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2096 sudo vi /etc/passwd Jun 26 11:50:20 internal-jumper-server LinuxCommandsWazuh: User ubuntu [3981711]: 2097 cd anshika/ Jun 26 11:50:24 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 1996 exit Jun 26 11:50:27 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 1997 cd .. Jun 26 11:50:28 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 1998 ls Jun 26 11:50:30 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 1999 cd rihan/ Jun 26 11:50:31 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2000 cd .. Jun 26 11:50:34 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2001 cd shamailtayyab/ Jun 26 11:50:35 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2002 cd .. Jun 26 11:52:31 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 52 exit Jun 26 11:52:33 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 53 cd Jun 26 11:52:33 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 54 ls Jun 26 11:52:35 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 55 cd .. Jun 26 11:52:35 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 56 ls Jun 26 11:52:39 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 57 cd shamailtayyab/ Jun 26 11:52:40 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 58 cd shamailtayyab Jun 26 11:52:43 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 59 cd Jun 26 11:52:43 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 60 ls Jun 26 11:52:44 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 61 cd .. Jun 26 11:52:46 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 62 cd stage/ Jun 26 11:52:51 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 63 cd ubuntu/ Jun 26 11:52:52 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 64 ls Jun 26 11:52:54 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 65 cd .. Jun 26 11:52:55 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 66 ls Jun 26 11:59:47 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 67 ll Jun 26 12:00:32 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 68 sudo apt-get install acl Jun 26 12:00:44 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 69 sudo setfacl -m u:anshika:0 /home/ubuntu Jun 26 12:00:55 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 70 getfacl /home/ubuntu Jun 26 12:01:02 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 71 cd ubuntu/ Jun 26 12:01:12 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 72 cd Jun 26 12:01:13 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 73 ls Jun 26 12:01:14 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 74 cd .. Jun 26 12:01:14 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 75 ls Jun 26 12:01:17 internal-jumper-server LinuxCommandsWazuh: User anshika [4034144]: 76 cd devesh/ Jun 26 12:01:19 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2003 sudo su anshika Jun 26 12:01:22 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2004 cd Jun 26 12:01:22 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2005 ls Jun 26 12:01:24 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2006 cd .. Jun 26 12:01:24 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2007 ls Jun 26 12:01:26 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2008 cd anshi Jun 26 12:01:32 internal-jumper-server LinuxCommandsWazuh: User anshi [4035967]: 4 exit Jun 26 12:01:36 internal-jumper-server LinuxCommandsWazuh: User anshi [4035967]: 5 cd ubuntu/ Jun 26 12:01:36 internal-jumper-server LinuxCommandsWazuh: User anshi [4035967]: 6 ls Jun 26 12:01:37 internal-jumper-server LinuxCommandsWazuh: User anshi [4035967]: 7 cd .. Jun 26 12:01:38 internal-jumper-server LinuxCommandsWazuh: User anshi [4035967]: 8 ls Jun 26 12:01:39 internal-jumper-server LinuxCommandsWazuh: User anshi [4035967]: cd .. Jun 26 12:01:39 internal-jumper-server LinuxCommandsWazuh: User anshi [4035967]: 10 ls Jun 26 12:01:41 internal-jumper-server LinuxCommandsWazuh: User anshi [4035967]: 11 cd Jun 26 12:01:42 internal-jumper-server LinuxCommandsWazuh: User anshi [4035967]: 12 ls Jun 26 12:01:53 internal-jumper-server LinuxCommandsWazuh: User anshi [4035967]: 13 sudo su devesh Jun 26 12:01:55 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2009 sudo su anshi Jun 26 12:01:58 internal-jumper-server LinuxCommandsWazuh: User devesh [4036160]: 18 exit Jun 26 12:02:06 internal-jumper-server LinuxCommandsWazuh: User devesh [4036160]: 18 exit Jun 26 12:02:08 internal-jumper-server LinuxCommandsWazuh: User devesh [4036160]: 19 cd Jun 26 12:02:09 internal-jumper-server LinuxCommandsWazuh: User devesh [4036160]: 20 ls Jun 26 12:02:10 internal-jumper-server LinuxCommandsWazuh: User devesh [4036160]: 21 cd .. Jun 26 12:02:11 internal-jumper-server LinuxCommandsWazuh: User devesh [4036160]: 22 ls Jun 26 12:02:13 internal-jumper-server LinuxCommandsWazuh: User devesh [4036160]: 23 cd ubuntu/ Jun 26 12:02:14 internal-jumper-server LinuxCommandsWazuh: User devesh [4036160]: 24 cd .. Jun 26 12:02:16 internal-jumper-server LinuxCommandsWazuh: User devesh [4036160]: 25 cd Jun 26 12:02:42 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2010 sudo su devesh Jun 26 12:02:44 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2011 cd Jun 26 12:02:54 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2011 cd Jun 26 12:03:08 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2011 cd Jun 26 12:03:12 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2012 getfacl /home/ubuntu Jun 26 12:48:43 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2012 getfacl /home/ubuntu Jun 26 12:48:43 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2012 getfacl /home/ubuntu Jun 26 13:06:31 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4048418]: 1996 exit Jun 26 13:14:54 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2013 sudo systemctl restart ssh Jun 26 13:14:57 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2014 ls Jun 26 13:15:01 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2015 cd .ssh/ Jun 26 13:15:01 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2016 ls Jun 26 13:15:03 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2017 cat authorized_keys Jun 26 13:15:35 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2017 cat authorized_keys Jun 26 13:15:35 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2017 cat authorized_keys Jun 26 13:15:35 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2017 cat authorized_keys Jun 26 13:15:36 internal-jumper-server LinuxCommandsWazuh: message repeated 2 times: [ User ubuntu [4032847]: 2017 cat authorized_keys ] Jun 26 13:15:36 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2018 cd Jun 26 13:15:37 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2019 ls Jun 26 13:17:06 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2020 curl "http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh-keys" -H "Metadata-Flavor: Google" Jun 26 13:17:58 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2020 curl "http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh-keys" -H "Metadata-Flavor: Google" Jun 26 13:17:59 internal-jumper-server LinuxCommandsWazuh: message repeated 5 times: [ User ubuntu [4032847]: 2020 curl "http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh-keys" -H "Metadata-Flavor: Google"] Jun 26 13:18:10 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2021 cd .ssh/ Jun 26 13:18:13 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2022 ls Jun 26 13:18:14 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2023 cat authorized_keys Jun 26 13:19:00 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2024 curl "http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh-keys" -H "Metadata-Flavor: Google" Jun 26 13:20:23 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2024 curl "http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh-keys" -H "Metadata-Flavor: Google" Jun 26 13:20:27 internal-jumper-server LinuxCommandsWazuh: message repeated 5 times: [ User ubuntu [4032847]: 2024 curl "http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh-keys" -H "Metadata-Flavor: Google"] Jun 26 13:20:35 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2025 sudo service google-accounts-daemon reload Jun 26 13:20:45 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2026 sudo systemctl reload google-accounts-daemon Jun 26 13:20:49 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2027 cd Jun 26 13:21:26 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2027 cd Jun 26 13:22:55 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2028 sudo systemctl status google-accounts-daemon Jun 26 13:23:13 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2029 sudo journalctl -u google-accounts-daemon Jun 26 13:23:19 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2030 sudo systemctl status google-accounts-daemon Jun 26 13:23:31 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2031 dpkg -l | grep google Jun 26 13:24:36 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2032 curl "http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh-keys" -H "Metadata-Flavor: Google" > /tmp/ssh-keys Jun 26 13:25:19 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2033 while IFS= read -r line; do echo "$line" >> ~/.ssh/authorized_keys; done < /tmp/ssh-keys Jun 26 13:25:23 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2034 cd .ssh/ Jun 26 13:25:24 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2035 ls Jun 26 13:25:25 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2036 cat authorized_keys Jun 26 13:26:03 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2037 sudo vi authorized_keys Jun 26 13:26:53 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2038 cat authorized_keys Jun 26 13:27:07 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2039 curl "http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh-keys" Jun 26 13:27:16 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2040 curl "http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh-keys" -H "Metadata-Flavor: Google" Jun 26 14:42:55 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 1996 exit Jun 26 14:42:56 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 1997 ls Jun 26 14:42:58 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 1998 cd .ssh/ Jun 26 14:42:58 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 1999 ls Jun 26 14:43:00 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 2000 cat authorized_keys Jun 26 14:44:44 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 2000 cat authorized_keys Jun 26 14:44:44 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 2000 cat authorized_keys Jun 26 14:44:44 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 2001 ls Jun 26 14:44:47 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 2002 cat authorized_keys Jun 26 14:44:48 internal-jumper-server LinuxCommandsWazuh: message repeated 3 times: [ User ubuntu [4067552]: 2002 cat authorized_keys ] Jun 26 14:44:49 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 2003 ls Jun 26 14:44:54 internal-jumper-server LinuxCommandsWazuh: message repeated 2 times: [ User ubuntu [4067552]: 2003 ls] Jun 26 14:44:58 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 2004 cat authorized_keys Jun 26 14:45:04 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 2004 cat authorized_keys Jun 26 14:45:04 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 2004 cat authorized_keys Jun 26 14:45:04 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 2005 ls Jun 26 14:45:06 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 2006 cat authorized_keys Jun 26 14:45:49 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 2006 cat authorized_keys Jun 26 14:45:49 internal-jumper-server LinuxCommandsWazuh: message repeated 3 times: [ User ubuntu [4067552]: 2006 cat authorized_keys ] Jun 26 14:45:50 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 2007 ls Jun 26 14:45:51 internal-jumper-server LinuxCommandsWazuh: message repeated 2 times: [ User ubuntu [4067552]: 2007 ls] Jun 26 14:45:54 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 2008 cat authorized_keys Jun 26 14:46:14 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 2008 cat authorized_keys Jun 26 14:46:15 internal-jumper-server LinuxCommandsWazuh: message repeated 3 times: [ User ubuntu [4067552]: 2008 cat authorized_keys ] Jun 26 14:46:28 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 2009 ls Jun 26 14:46:29 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 2010 cat authorized_keys Jun 26 14:49:45 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 2010 cat authorized_keys Jun 26 14:49:45 internal-jumper-server LinuxCommandsWazuh: message repeated 2 times: [ User ubuntu [4067552]: 2010 cat authorized_keys ] Jun 26 14:49:46 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 2011 ls Jun 26 14:49:57 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 2012 sudo vi authorized_keys Jun 26 14:51:01 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 2013 vi authorized_keys Jun 26 14:52:47 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4067552]: 2013 vi authorized_keys Jun 26 14:52:51 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4069971]: 1996 exit Jun 26 14:52:53 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4069971]: 1997 ls Jun 26 14:52:56 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4069971]: 1998 cd Jun 26 14:52:58 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4069971]: 1999 cd .. Jun 26 14:52:58 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4069971]: 2000 ls Jun 26 14:53:03 internal-jumper-server LinuxCommandsWazuh: User anshi [4070286]: 14 exit Jun 26 14:53:12 internal-jumper-server LinuxCommandsWazuh: User anshi [4070286]: 15 sudo su anshika Jun 26 14:53:13 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4069971]: 2001 sudo su anshi Jun 26 14:53:20 internal-jumper-server LinuxCommandsWazuh: User anshika [4070333]: 77 exit Jun 26 14:53:23 internal-jumper-server LinuxCommandsWazuh: User anshika [4070333]: 78 cd ubuntu/ Jun 26 14:53:25 internal-jumper-server LinuxCommandsWazuh: User anshika [4070333]: 79 cd Jun 26 14:53:25 internal-jumper-server LinuxCommandsWazuh: User anshika [4070333]: 79 cd Jun 26 14:53:26 internal-jumper-server LinuxCommandsWazuh: User anshika [4070333]: 80 docker ps Jun 26 14:53:31 internal-jumper-server LinuxCommandsWazuh: User anshika [4070333]: 81 kubectl get all Jun 26 14:53:39 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4069971]: 2002 sudo su anshika Jun 26 14:53:45 internal-jumper-server LinuxCommandsWazuh: User venky [4070417]: 17 exit Jun 26 14:53:51 internal-jumper-server LinuxCommandsWazuh: User venky [4070417]: 18 kubectl get all Jun 26 14:53:53 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4069971]: 2003 sudo su venky Jun 26 14:54:12 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4069971]: 2004 cd Jun 26 14:54:18 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4069971]: 2005 cd .ssh/ Jun 26 14:54:31 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4069971]: 2006 sudo vi authorized_keys Jun 26 14:54:44 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4069971]: 2006 sudo vi authorized_keys Jun 26 14:54:45 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4069971]: 2007 ls Jun 26 14:54:47 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4069971]: 2008 cd .. Jun 26 14:54:47 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4069971]: 2009 ls Jun 26 14:54:54 internal-jumper-server LinuxCommandsWazuh: User shobhit [4070654]: 24 exit Jun 26 14:54:56 internal-jumper-server LinuxCommandsWazuh: User shobhit [4070654]: 25 docker ps Jun 26 14:55:01 internal-jumper-server LinuxCommandsWazuh: User shobhit [4070654]: 26 kubectl get all Jun 26 14:55:03 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4069971]: 2010 sudo su shobhit Jun 26 15:00:14 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2040 curl "http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh-keys" -H "Metadata-Flavor: Google" Jun 26 15:00:14 internal-jumper-server LinuxCommandsWazuh: message repeated 4 times: [ User ubuntu [4032847]: 2040 curl "http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh-keys" -H "Metadata-Flavor: Google"] Jun 26 15:00:25 internal-jumper-server LinuxCommandsWazuh: User ubuntu [4032847]: 2041 sudo vi authorized_keys