Jul 31 06:26:16 bastion LinuxCommandsWazuh: User ubuntu [404653]: 617 sudo su shobhit Jul 31 06:26:16 bastion LinuxCommandsWazuh: User ubuntu [404653]: 618 ls Jul 31 06:26:17 bastion LinuxCommandsWazuh: User ubuntu [404653]: 618 ls Jul 31 06:26:19 bastion LinuxCommandsWazuh: User ubuntu [404653]: 619 cd .. Jul 31 06:26:19 bastion LinuxCommandsWazuh: User ubuntu [404653]: 620 ls Jul 31 06:26:22 bastion LinuxCommandsWazuh: User ubuntu [404653]: 621 cd anshi Jul 31 06:26:22 bastion LinuxCommandsWazuh: User ubuntu [404653]: 622 ls Jul 31 06:26:27 bastion LinuxCommandsWazuh: User ubuntu [404653]: 623 cd .ssh/ Jul 31 06:26:33 bastion LinuxCommandsWazuh: User anshika [404715]: 22 exit Jul 31 06:26:33 bastion LinuxCommandsWazuh: User anshika [404715]: 23 ls Jul 31 06:26:34 bastion LinuxCommandsWazuh: User anshika [404715]: 24 cd Jul 31 06:26:34 bastion LinuxCommandsWazuh: User anshika [404715]: 25 ls Jul 31 06:26:38 bastion LinuxCommandsWazuh: User anshika [404715]: 26 cd .ssh/ Jul 31 06:26:38 bastion LinuxCommandsWazuh: User anshika [404715]: 27 ls Jul 31 06:26:41 bastion LinuxCommandsWazuh: User anshika [404715]: 28 cat authorized_keys Jul 31 06:26:46 bastion LinuxCommandsWazuh: User anshika [404715]: 29 cd Jul 31 06:26:47 bastion LinuxCommandsWazuh: User anshika [404715]: 30 ls Jul 31 06:26:48 bastion LinuxCommandsWazuh: User anshika [404715]: 31 cd .. Jul 31 06:26:48 bastion LinuxCommandsWazuh: User anshika [404715]: 32 ls Jul 31 06:26:53 bastion LinuxCommandsWazuh: User anshika [404715]: 33 sudo su shobhit/ Jul 31 06:26:53 bastion LinuxCommandsWazuh: User anshika [404715]: 34 ls Jul 31 06:26:56 bastion LinuxCommandsWazuh: User shobhit [404807]: 54 sudo vi authorized_keys Jul 31 06:26:57 bastion LinuxCommandsWazuh: User shobhit [404807]: 55 cd Jul 31 06:26:57 bastion LinuxCommandsWazuh: User shobhit [404807]: 56 ls Jul 31 06:26:59 bastion LinuxCommandsWazuh: User shobhit [404807]: 57 cd .ssh/ Jul 31 06:26:59 bastion LinuxCommandsWazuh: User shobhit [404807]: 58 ls Jul 31 06:27:05 bastion LinuxCommandsWazuh: User shobhit [404807]: 59 sudo vi ai Jul 31 06:27:12 bastion LinuxCommandsWazuh: User shobhit [404807]: 60 sudo vi authorized_keys Jul 31 06:27:13 bastion LinuxCommandsWazuh: User shobhit [404807]: 61 ls Jul 31 06:27:13 bastion LinuxCommandsWazuh: User shobhit [404807]: 62 cd Jul 31 06:27:14 bastion LinuxCommandsWazuh: User shobhit [404807]: 63 ls Jul 31 06:27:16 bastion LinuxCommandsWazuh: User shobhit [404807]: 64 cd .. Jul 31 06:27:40 bastion LinuxCommandsWazuh: User anshika [404984]: 22 exit Jul 31 06:31:12 bastion LinuxCommandsWazuh: User anshika [404984]: 23 psql Jul 31 06:31:25 bastion LinuxCommandsWazuh: User anshika [404984]: 24 psql -d aishopper -U postgres Jul 31 06:35:26 bastion LinuxCommandsWazuh: User anshika [404984]: 25 psql -d aishopper_v1 -U postgres Jul 31 07:15:02 bastion LinuxCommandsWazuh: User anshika [405492]: 25 psql -d aishopper_v1 -U postgres Jul 31 08:33:41 bastion LinuxCommandsWazuh: User anshika [404715]: 35 sudo su shobhit Jul 31 08:38:11 bastion LinuxCommandsWazuh: User ubuntu [406324]: 624 sudo su anshika Jul 31 08:38:12 bastion LinuxCommandsWazuh: User ubuntu [406324]: 625 ls Jul 31 08:38:22 bastion LinuxCommandsWazuh: User ubuntu [406345]: 624 sudo su anshika Jul 31 08:38:24 bastion LinuxCommandsWazuh: message repeated 3 times: [ User ubuntu [406345]: 624 sudo su anshika] Jul 31 08:38:26 bastion LinuxCommandsWazuh: User ubuntu [406324]: 626 script -t -q Jul 31 08:38:28 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ubuntu [406324]: 626 script -t -q ] Jul 31 08:38:39 bastion LinuxCommandsWazuh: User ubuntu [406390]: 625 exit Jul 31 08:38:41 bastion LinuxCommandsWazuh: User ubuntu [406390]: 626 ls Jul 31 08:38:47 bastion LinuxCommandsWazuh: User ubuntu [406390]: 627 cd .ssh/ Jul 31 08:38:48 bastion LinuxCommandsWazuh: User ubuntu [406390]: 628 ls Jul 31 08:38:54 bastion LinuxCommandsWazuh: User ubuntu [406390]: 629 sudo vi authorized_keys Jul 31 08:38:54 bastion LinuxCommandsWazuh: User ubuntu [406390]: 630 ls Jul 31 08:39:32 bastion LinuxCommandsWazuh: User ubuntu [406390]: 631 ssh-keygen Jul 31 08:39:36 bastion LinuxCommandsWazuh: User ubuntu [406390]: 631 ssh-keygen Jul 31 08:39:38 bastion LinuxCommandsWazuh: User ubuntu [406390]: 632 ls Jul 31 08:39:42 bastion LinuxCommandsWazuh: User ubuntu [406390]: 633 cat id_rsa.pub Jul 31 08:40:48 bastion LinuxCommandsWazuh: User devesh [406585]: 46 mongo pixel_v1 Jul 31 08:40:50 bastion LinuxCommandsWazuh: User ubuntu [406390]: 634 ssh ak@34.131.11.11 Jul 31 08:40:53 bastion LinuxCommandsWazuh: User ubuntu [406324]: 627 script -t -q 2> test.log time.log Jul 31 08:40:55 bastion LinuxCommandsWazuh: User ubuntu [406324]: 628 ls Jul 31 08:41:06 bastion LinuxCommandsWazuh: User ubuntu [406324]: 629 scriptreplay time.log test.log Jul 31 08:41:19 bastion LinuxCommandsWazuh: User ubuntu [406324]: 630 scriptreplay test.log Jul 31 08:41:35 bastion LinuxCommandsWazuh: message repeated 3 times: [ User ubuntu [406324]: 630 scriptreplay test.log ] Jul 31 08:41:36 bastion LinuxCommandsWazuh: User ubuntu [406324]: 631 ls Jul 31 08:41:45 bastion LinuxCommandsWazuh: User ubuntu [406324]: 632 rm test.log time.log typescript Jul 31 08:41:57 bastion LinuxCommandsWazuh: User ubuntu [406685]: 635 exit Jul 31 08:41:59 bastion LinuxCommandsWazuh: User ubuntu [406685]: 635 exit Jul 31 08:42:01 bastion LinuxCommandsWazuh: User ubuntu [406324]: 633 script -t test Jul 31 08:42:04 bastion LinuxCommandsWazuh: User ubuntu [406324]: 634 ls Jul 31 08:42:05 bastion LinuxCommandsWazuh: User ubuntu [406324]: 635 rm test Jul 31 08:42:43 bastion LinuxCommandsWazuh: User ubuntu [406729]: 635 exit Jul 31 08:42:45 bastion LinuxCommandsWazuh: message repeated 3 times: [ User ubuntu [406729]: 635 exit] Jul 31 08:42:46 bastion LinuxCommandsWazuh: User rihan [406838]: 57 mongo pixel_v1 Jul 31 08:42:46 bastion LinuxCommandsWazuh: User ubuntu [406324]: 636 script -q -t test 2 >test Jul 31 08:42:48 bastion LinuxCommandsWazuh: User ubuntu [406324]: 637 ls Jul 31 08:42:55 bastion LinuxCommandsWazuh: User ubuntu [406324]: 637 ls Jul 31 08:42:57 bastion LinuxCommandsWazuh: User ubuntu [406324]: 638 rm test Jul 31 08:43:13 bastion LinuxCommandsWazuh: User ubuntu [406899]: 635 exit Jul 31 08:43:20 bastion LinuxCommandsWazuh: User ubuntu [406899]: 636 ssh ak@34.131.11.11 Jul 31 08:43:21 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ubuntu [406899]: 636 ssh ak@34.131.11.11] Jul 31 08:43:22 bastion LinuxCommandsWazuh: User ubuntu [406899]: 637 ls Jul 31 08:43:24 bastion LinuxCommandsWazuh: User ubuntu [406324]: 639 script -t -q 2> test.log time.log Jul 31 08:43:46 bastion LinuxCommandsWazuh: User ubuntu [406324]: 640 scriptreplay test.log time.log Jul 31 08:43:59 bastion LinuxCommandsWazuh: User ubuntu [406324]: 641 ls Jul 31 08:44:03 bastion LinuxCommandsWazuh: User ubuntu [406324]: 642 rm test.log time.log Jul 31 08:44:13 bastion LinuxCommandsWazuh: User ubuntu [406971]: 638 exit Jul 31 08:44:41 bastion LinuxCommandsWazuh: User ubuntu [406971]: 639 ssh ak@34.131.11.11 Jul 31 08:44:44 bastion LinuxCommandsWazuh: User ubuntu [406324]: 643 script -t -q 2> test.log time.log Jul 31 08:45:19 bastion LinuxCommandsWazuh: User ubuntu [406324]: 644 scriptreplay test.log time.log Jul 31 08:45:35 bastion LinuxCommandsWazuh: User ubuntu [406324]: 645 ls Jul 31 08:45:38 bastion LinuxCommandsWazuh: User ubuntu [406324]: 646 cat test.log Jul 31 08:45:44 bastion LinuxCommandsWazuh: User ubuntu [406324]: 647 cat time.log Jul 31 08:45:53 bastion LinuxCommandsWazuh: User ubuntu [406324]: 647 cat time.log Jul 31 08:45:53 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ubuntu [406324]: 647 cat time.log ] Jul 31 08:45:59 bastion LinuxCommandsWazuh: User ubuntu [406324]: 648 sudo vi time.log Jul 31 08:46:01 bastion LinuxCommandsWazuh: User ubuntu [406324]: 649 cat time.log Jul 31 08:46:06 bastion LinuxCommandsWazuh: message repeated 50 times: [ User ubuntu [406324]: 649 cat time.log ] Jul 31 08:46:08 bastion LinuxCommandsWazuh: User ubuntu [406324]: 649 cat time.log Jul 31 09:36:20 bastion LinuxCommandsWazuh: User rihan [408187]: 57 mongo pixel_v1 Jul 31 09:37:45 bastion LinuxCommandsWazuh: User rihan [408187]: 57 mongo pixel_v1 Jul 31 10:29:37 bastion LinuxCommandsWazuh: User ubuntu [408642]: 665 cat time.log Jul 31 10:29:38 bastion LinuxCommandsWazuh: User ubuntu [408642]: 666 ls Jul 31 10:29:42 bastion LinuxCommandsWazuh: User ubuntu [408642]: 667 cd bin Jul 31 10:29:42 bastion LinuxCommandsWazuh: User ubuntu [408642]: 668 ls Jul 31 10:29:44 bastion LinuxCommandsWazuh: User ubuntu [408642]: 669 cat log.sh Jul 31 10:34:26 bastion LinuxCommandsWazuh: User ubuntu [408642]: 670 cd Jul 31 10:34:32 bastion LinuxCommandsWazuh: User ubuntu [408642]: 671 mkdir tt Jul 31 10:34:35 bastion LinuxCommandsWazuh: User ubuntu [408642]: 672 cd tt Jul 31 10:34:39 bastion LinuxCommandsWazuh: User ubuntu [408642]: 673 touch test Jul 31 10:34:42 bastion LinuxCommandsWazuh: User ubuntu [408642]: 674 touch tt Jul 31 10:34:43 bastion LinuxCommandsWazuh: User ubuntu [408642]: 675 ls Jul 31 10:34:44 bastion LinuxCommandsWazuh: User ubuntu [408642]: 676 cd Jul 31 10:34:49 bastion LinuxCommandsWazuh: User ubuntu [408642]: 677 > tt Jul 31 10:35:31 bastion LinuxCommandsWazuh: User ubuntu [408642]: 678 rm -rf tt/* Jul 31 10:35:32 bastion LinuxCommandsWazuh: User ubuntu [408642]: 679 ls Jul 31 10:35:34 bastion LinuxCommandsWazuh: User ubuntu [408642]: 680 cd tt Jul 31 10:35:35 bastion LinuxCommandsWazuh: User ubuntu [408642]: 681 ls Jul 31 10:35:37 bastion LinuxCommandsWazuh: User ubuntu [408642]: 682 cd .. Jul 31 10:35:38 bastion LinuxCommandsWazuh: User ubuntu [408642]: 683 ls Jul 31 10:37:05 bastion LinuxCommandsWazuh: User ubuntu [408642]: 684 rm -r tt Jul 31 10:37:06 bastion LinuxCommandsWazuh: User ubuntu [408642]: 685 ls Jul 31 10:37:10 bastion LinuxCommandsWazuh: User ubuntu [408642]: 686 rm test.log time.log Jul 31 10:37:10 bastion LinuxCommandsWazuh: User ubuntu [408642]: 687 ls Jul 31 10:37:14 bastion LinuxCommandsWazuh: User ubuntu [408642]: 688 cd bin/ Jul 31 10:37:15 bastion LinuxCommandsWazuh: User ubuntu [408642]: 689 ks Jul 31 10:37:16 bastion LinuxCommandsWazuh: User ubuntu [408642]: 690 ls Jul 31 11:16:32 bastion LinuxCommandsWazuh: User ubuntu [409641]: 690 ls Jul 31 11:22:13 bastion LinuxCommandsWazuh: User ubuntu [409641]: 690 ls Jul 31 11:26:02 bastion LinuxCommandsWazuh: User ubuntu [409641]: 690 ls Jul 31 11:27:51 bastion LinuxCommandsWazuh: User ubuntu [409641]: 690 ls Jul 31 11:27:51 bastion LinuxCommandsWazuh: User ubuntu [409641]: 690 ls Jul 31 11:27:53 bastion LinuxCommandsWazuh: User ubuntu [409641]: 691 cd bin Jul 31 11:27:54 bastion LinuxCommandsWazuh: User ubuntu [409641]: 692 ks Jul 31 11:27:58 bastion LinuxCommandsWazuh: User ubuntu [409641]: 693 ls Jul 31 11:28:21 bastion LinuxCommandsWazuh: User ubuntu [409641]: 694 sudo vi auditlog.sh Jul 31 11:28:33 bastion LinuxCommandsWazuh: User ubuntu [409641]: 695 ls Jul 31 11:28:39 bastion LinuxCommandsWazuh: User ubuntu [409641]: 696 sudo chmod +X auditlog.sh Jul 31 11:28:39 bastion LinuxCommandsWazuh: User ubuntu [409641]: 697 ls Jul 31 11:28:41 bastion LinuxCommandsWazuh: User ubuntu [409641]: 698 cd .. Jul 31 11:28:41 bastion LinuxCommandsWazuh: User ubuntu [409641]: 699 ls Jul 31 11:28:46 bastion LinuxCommandsWazuh: User ubuntu [409641]: 700 sudo chmod +x auditlog.sh Jul 31 11:28:56 bastion LinuxCommandsWazuh: User ubuntu [409641]: 701 cd bin && sudo chmod +x auditlog.sh Jul 31 11:28:57 bastion LinuxCommandsWazuh: User ubuntu [409641]: 702 ls Jul 31 11:28:59 bastion LinuxCommandsWazuh: User ubuntu [409641]: 703 cd .. Jul 31 11:28:59 bastion LinuxCommandsWazuh: User ubuntu [409641]: 704 ls Jul 31 11:29:01 bastion LinuxCommandsWazuh: User ubuntu [409641]: 705 cd bin Jul 31 11:29:01 bastion LinuxCommandsWazuh: User ubuntu [409641]: 706 ks Jul 31 11:29:02 bastion LinuxCommandsWazuh: User ubuntu [409641]: 707 ls Jul 31 11:30:03 bastion LinuxCommandsWazuh: User ubuntu [409641]: 708 ls\ Jul 31 11:36:24 bastion LinuxCommandsWazuh: User ubuntu [409641]: 708 ls\ Jul 31 11:36:24 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ubuntu [409641]: 708 ls\] Jul 31 11:36:24 bastion LinuxCommandsWazuh: User ubuntu [409641]: 709 ls Jul 31 11:36:47 bastion LinuxCommandsWazuh: User ubuntu [409641]: 710 cut -d: -f1 /etc/passwd Jul 31 11:37:00 bastion LinuxCommandsWazuh: User ubuntu [409641]: 711 sudo groupadd recordusers Jul 31 11:37:14 bastion LinuxCommandsWazuh: User ubuntu [409641]: 712 sudo usermod -aG recordusers VENKY Jul 31 11:37:18 bastion LinuxCommandsWazuh: User ubuntu [409641]: 713 sudo usermod -aG recordusers venky Jul 31 11:37:22 bastion LinuxCommandsWazuh: User ubuntu [409641]: 714 sudo usermod -aG recordusers anhsika Jul 31 11:37:28 bastion LinuxCommandsWazuh: User ubuntu [409641]: 715 sudo usermod -aG recordusers anshika Jul 31 11:37:35 bastion LinuxCommandsWazuh: User ubuntu [409641]: 716 sudo usermod -aG recordusers shobhit Jul 31 11:37:40 bastion LinuxCommandsWazuh: User ubuntu [409641]: 717 sudo usermod -aG recordusers devesh Jul 31 11:37:46 bastion LinuxCommandsWazuh: User ubuntu [409641]: 718 sudo usermod -aG recordusers rihan Jul 31 11:37:51 bastion LinuxCommandsWazuh: User ubuntu [409641]: 719 sudo usermod -aG recordusers redis Jul 31 11:37:57 bastion LinuxCommandsWazuh: User ubuntu [409641]: 720 sudo usermod -aG recordusers mongodb Jul 31 11:38:03 bastion LinuxCommandsWazuh: User ubuntu [409641]: 721 sudo usermod -aG recordusers postgres Jul 31 11:38:06 bastion LinuxCommandsWazuh: User ubuntu [409641]: 722 sudo usermod -aG recordusers stage Jul 31 11:38:10 bastion LinuxCommandsWazuh: User ubuntu [409641]: 723 sudo usermod -aG recordusers lxd Jul 31 11:38:13 bastion LinuxCommandsWazuh: User ubuntu [409641]: 724 sudo usermod -aG recordusers anshi Jul 31 11:38:17 bastion LinuxCommandsWazuh: User ubuntu [409641]: 725 sudo usermod -aG recordusers shamailtayyab Jul 31 11:38:22 bastion LinuxCommandsWazuh: User ubuntu [409641]: 726 sudo usermod -aG recordusers ak Jul 31 11:38:28 bastion LinuxCommandsWazuh: User ubuntu [409641]: 727 sudo usermod -aG recordusers nikhil Jul 31 11:38:31 bastion LinuxCommandsWazuh: User ubuntu [409641]: 728 sudo usermod -aG recordusers ubuntu Jul 31 11:40:24 bastion LinuxCommandsWazuh: User rihan [410468]: 57 mongo pixel_v1 Jul 31 11:42:45 bastion LinuxCommandsWazuh: User ubuntu [409641]: 729 sudo usermod -aG recordusers aarzoo Jul 31 11:43:57 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ubuntu [409641]: 729 sudo usermod -aG recordusers aarzoo ] Jul 31 11:43:57 bastion LinuxCommandsWazuh: User ubuntu [409641]: 730 ls Jul 31 11:43:58 bastion LinuxCommandsWazuh: User ubuntu [409641]: 731 d Jul 31 11:43:59 bastion LinuxCommandsWazuh: User ubuntu [409641]: 732 cd Jul 31 11:43:59 bastion LinuxCommandsWazuh: User ubuntu [409641]: 733 ls Jul 31 11:44:04 bastion LinuxCommandsWazuh: User ubuntu [409641]: 734 cd /etc/ Jul 31 11:44:05 bastion LinuxCommandsWazuh: User ubuntu [409641]: 735 ls Jul 31 11:45:17 bastion LinuxCommandsWazuh: User ubuntu [409641]: 736 sudo vi profile Jul 31 11:45:18 bastion LinuxCommandsWazuh: User ubuntu [409641]: 737 cd Jul 31 11:45:19 bastion LinuxCommandsWazuh: User ubuntu [409641]: 738 ls Jul 31 11:45:21 bastion LinuxCommandsWazuh: User ubuntu [409641]: 739 cd bin Jul 31 11:45:30 bastion LinuxCommandsWazuh: User ubuntu [409641]: 740 sudo vi audit.sh Jul 31 11:45:36 bastion LinuxCommandsWazuh: User ubuntu [409641]: 741 sudo chmod +x audit.sh Jul 31 11:45:36 bastion LinuxCommandsWazuh: User ubuntu [409641]: 742 ls Jul 31 11:45:40 bastion LinuxCommandsWazuh: User ubuntu [409641]: 743 cd Jul 31 11:45:44 bastion LinuxCommandsWazuh: User ubuntu [409641]: 744 cd /etc/ Jul 31 11:46:23 bastion LinuxCommandsWazuh: User ubuntu [409641]: 745 sudo vi profile Jul 31 11:46:52 bastion LinuxCommandsWazuh: User ubuntu [409641]: 746 mkdir records Jul 31 11:46:57 bastion LinuxCommandsWazuh: User ubuntu [409641]: 747 sudo mkdir records Jul 31 11:47:35 bastion LinuxCommandsWazuh: User ubuntu [409641]: 748 sudo chown :recordusers /etc/records Jul 31 11:47:41 bastion LinuxCommandsWazuh: User ubuntu [409641]: 749 sudo chmod 1777 /etc/records Jul 31 11:47:44 bastion LinuxCommandsWazuh: User ak [411045]: 2 sudo su ubuntu Jul 31 11:47:50 bastion LinuxCommandsWazuh: User ubuntu [409641]: 750 ls Jul 31 11:47:53 bastion LinuxCommandsWazuh: User ubuntu [409641]: 751 cd records/ Jul 31 11:47:53 bastion LinuxCommandsWazuh: User ubuntu [409641]: 752 ls Jul 31 11:52:24 bastion LinuxCommandsWazuh: User ubuntu [409641]: 753 cd Jul 31 11:52:25 bastion LinuxCommandsWazuh: User ubuntu [409641]: 754 ls Jul 31 11:52:28 bastion LinuxCommandsWazuh: User ak [411109]: 3 exit Jul 31 11:52:29 bastion LinuxCommandsWazuh: User ak [411109]: 4 ls Jul 31 11:52:30 bastion LinuxCommandsWazuh: User ak [411109]: 5 cd Jul 31 11:52:30 bastion LinuxCommandsWazuh: User ak [411109]: 6 ls Jul 31 11:53:07 bastion LinuxCommandsWazuh: User anshika [411236]: 38 sudo su shobhit Jul 31 11:53:18 bastion LinuxCommandsWazuh: User ak [411109]: 7 cut -d: -f1 /etc/passwd Jul 31 12:11:41 bastion LinuxCommandsWazuh: User rihan [410468]: 58 psql Jul 31 12:12:32 bastion LinuxCommandsWazuh: User ak [411109]: 7 cut -d: -f1 /etc/passwd Jul 31 12:12:32 bastion LinuxCommandsWazuh: User ak [411109]: 7 cut -d: -f1 /etc/passwd Jul 31 12:12:33 bastion LinuxCommandsWazuh: User ak [411109]: 8 ls Jul 31 12:12:38 bastion LinuxCommandsWazuh: User ubuntu [411377]: 690 ls Jul 31 12:12:39 bastion LinuxCommandsWazuh: User ubuntu [411377]: 690 ls Jul 31 12:12:39 bastion LinuxCommandsWazuh: User ubuntu [411377]: 691 cd Jul 31 12:12:40 bastion LinuxCommandsWazuh: User ubuntu [411377]: 692 ls Jul 31 12:12:40 bastion LinuxCommandsWazuh: User ubuntu [411377]: 693 cd .. Jul 31 12:12:41 bastion LinuxCommandsWazuh: User ubuntu [411377]: 694 ls Jul 31 12:12:43 bastion LinuxCommandsWazuh: User ubuntu [411377]: 695 mkdir -p /home/test Jul 31 12:12:47 bastion LinuxCommandsWazuh: User ubuntu [411377]: 696 sudo mkdir -p /home/test Jul 31 12:12:50 bastion LinuxCommandsWazuh: User ubuntu [411377]: 697 cd Jul 31 12:12:50 bastion LinuxCommandsWazuh: User ubuntu [411377]: 698 ls Jul 31 12:13:34 bastion LinuxCommandsWazuh: User ubuntu [411377]: 699 ls -l /dev/{null,zero,stdin,stdout,stderr,random,tty} Jul 31 12:15:30 bastion LinuxCommandsWazuh: User ubuntu [411377]: 700 sudo mkdir -p /home/test/dev Jul 31 12:15:31 bastion LinuxCommandsWazuh: User ubuntu [411377]: 701 ls Jul 31 12:15:38 bastion LinuxCommandsWazuh: User ubuntu [411377]: 702 cd /home/test/dev Jul 31 12:15:39 bastion LinuxCommandsWazuh: User ubuntu [411377]: 703 ls Jul 31 12:15:51 bastion LinuxCommandsWazuh: User ubuntu [411377]: 704 mknod -m 666 null c 1 3 Jul 31 12:15:55 bastion LinuxCommandsWazuh: User ubuntu [411377]: 705 sudo mknod -m 666 null c 1 3 Jul 31 12:16:01 bastion LinuxCommandsWazuh: User ubuntu [411377]: 706 sudo mknod -m 666 tty c 5 0 Jul 31 12:16:05 bastion LinuxCommandsWazuh: User ubuntu [411377]: 707 sudo mknod -m 666 zero c 1 5 Jul 31 12:16:12 bastion LinuxCommandsWazuh: User ubuntu [411377]: 708 sudo mknod -m 666 random c 1 8 Jul 31 12:16:19 bastion LinuxCommandsWazuh: User ubuntu [411377]: 709 chown root:root /home/test Jul 31 12:16:25 bastion LinuxCommandsWazuh: User ubuntu [411377]: 710 sudo chown root:root /home/test Jul 31 12:16:32 bastion LinuxCommandsWazuh: User ubuntu [411377]: 711 sudo chmod 0755 /home/test Jul 31 12:16:37 bastion LinuxCommandsWazuh: User ubuntu [411377]: 712 sudo ls -ld /home/test Jul 31 12:16:50 bastion LinuxCommandsWazuh: User ubuntu [411377]: 713 sudo mkdir -p /home/test/bin Jul 31 12:16:51 bastion LinuxCommandsWazuh: User ubuntu [411377]: 714 ls Jul 31 12:16:56 bastion LinuxCommandsWazuh: User ubuntu [411377]: 715 cd .. Jul 31 12:16:56 bastion LinuxCommandsWazuh: User ubuntu [411377]: 716 ls Jul 31 12:17:02 bastion LinuxCommandsWazuh: User ubuntu [411377]: 717 cp -v /bin/bash /home/test/bin/ Jul 31 12:17:06 bastion LinuxCommandsWazuh: User ubuntu [411377]: 718 sudo cp -v /bin/bash /home/test/bin/ Jul 31 12:17:24 bastion LinuxCommandsWazuh: User ubuntu [411377]: 719 ldd /bin/bash Jul 31 12:18:18 bastion LinuxCommandsWazuh: User ubuntu [411377]: 720 sudo cp -v /lib64/{libtinfo.so.6,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/lib64/ Jul 31 12:18:28 bastion LinuxCommandsWazuh: User ubuntu [411377]: 721 sudo mkdir -p /home/test/lib64 Jul 31 12:18:29 bastion LinuxCommandsWazuh: User ubuntu [411377]: 722 sudo cp -v /lib64/{libtinfo.so.6,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/lib64/ Jul 31 12:19:36 bastion LinuxCommandsWazuh: User ubuntu [411377]: 723 sudo cp -v /lib/x86_64-linux-gnu/{libtinfo.so.6,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/lib64/ Jul 31 12:19:55 bastion LinuxCommandsWazuh: User ubuntu [411377]: 723 sudo cp -v /lib/x86_64-linux-gnu/{libtinfo.so.6,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/lib64/ Jul 31 12:20:14 bastion LinuxCommandsWazuh: User root [411692]: 36 exit Jul 31 12:20:25 bastion LinuxCommandsWazuh: User root [411692]: 37 cd /lib/x86_64-linux-gnu/ Jul 31 12:20:25 bastion LinuxCommandsWazuh: User root [411692]: 38 ls Jul 31 12:20:31 bastion LinuxCommandsWazuh: User ubuntu [411377]: 724 sudo su Jul 31 12:20:32 bastion LinuxCommandsWazuh: User ubuntu [411377]: 725 ls Jul 31 12:20:51 bastion LinuxCommandsWazuh: User ubuntu [411377]: 726 mkdir /home/test/etc Jul 31 12:20:54 bastion LinuxCommandsWazuh: User ubuntu [411377]: 727 sudo mkdir /home/test/etc Jul 31 12:21:00 bastion LinuxCommandsWazuh: User ubuntu [411377]: 728 sudo cp -vf /etc/{passwd,group} /home/test/etc/ Jul 31 12:22:48 bastion LinuxCommandsWazuh: User ubuntu [411377]: 729 sudo vi /etc/ssh/sshd_config Jul 31 12:22:57 bastion LinuxCommandsWazuh: User ak [411903]: 3 exit Jul 31 12:22:58 bastion LinuxCommandsWazuh: message repeated 4 times: [ User ak [411903]: 3 exit] Jul 31 12:23:14 bastion LinuxCommandsWazuh: User ubuntu [411377]: 730 systemctl restart sshd Jul 31 12:23:28 bastion LinuxCommandsWazuh: User ubuntu [411377]: 731 sudo systemctl restart sshd Jul 31 12:24:36 bastion LinuxCommandsWazuh: User ubuntu [411377]: 732 sudo vi /etc/ssh/sshd_config Jul 31 12:24:40 bastion LinuxCommandsWazuh: User anshika [412064]: 39 psql -d aishopper_v1 -U postgres Jul 31 12:24:42 bastion LinuxCommandsWazuh: User anshika [412064]: 40 ls Jul 31 12:24:42 bastion LinuxCommandsWazuh: User anshika [412064]: 41 cd Jul 31 12:24:43 bastion LinuxCommandsWazuh: User anshika [412064]: 42 kls Jul 31 12:24:44 bastion LinuxCommandsWazuh: User anshika [412064]: 43 ls Jul 31 12:24:53 bastion LinuxCommandsWazuh: User anshika [412064]: 44 date Jul 31 12:24:55 bastion LinuxCommandsWazuh: User anshika [412064]: 45 uname Jul 31 12:24:56 bastion LinuxCommandsWazuh: User anshika [412064]: 46 cd Jul 31 12:24:58 bastion LinuxCommandsWazuh: User anshika [412064]: 47 cd .. Jul 31 12:24:58 bastion LinuxCommandsWazuh: User anshika [412064]: 48 ls Jul 31 12:25:00 bastion LinuxCommandsWazuh: User anshika [412064]: 49 cd test/ Jul 31 12:25:00 bastion LinuxCommandsWazuh: User anshika [412064]: 50 ls Jul 31 12:25:03 bastion LinuxCommandsWazuh: User anshika [412064]: 50 ls Jul 31 12:25:04 bastion LinuxCommandsWazuh: User anshika [412064]: 51 cd de Jul 31 12:25:07 bastion LinuxCommandsWazuh: User anshika [412064]: 52 cd dev/ Jul 31 12:25:08 bastion LinuxCommandsWazuh: User anshika [412064]: 53 ls Jul 31 12:25:10 bastion LinuxCommandsWazuh: User anshika [412064]: 53 ls Jul 31 12:27:33 bastion LinuxCommandsWazuh: User ubuntu [411377]: 733 sudo su anshika Jul 31 12:28:24 bastion LinuxCommandsWazuh: User ubuntu [411377]: 733 sudo su anshika Jul 31 12:28:24 bastion LinuxCommandsWazuh: User ubuntu [411377]: 734 ls Jul 31 12:28:28 bastion LinuxCommandsWazuh: User ubuntu [411377]: 735 rm -rf lib64/ Jul 31 12:28:31 bastion LinuxCommandsWazuh: User ubuntu [411377]: 736 sudo rm -rf lib64/ Jul 31 12:28:43 bastion LinuxCommandsWazuh: User ubuntu [411377]: 737 sudo cp -v /lib/x86_64-linux-gnu/{libtinfo.so.6,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/lib64/x86_64-linux-gnu Jul 31 12:29:02 bastion LinuxCommandsWazuh: User ubuntu [411377]: 738 mkdir -p /home/test/lib64/x86_64-linux-gnu Jul 31 12:29:17 bastion LinuxCommandsWazuh: User ubuntu [411377]: 739 sudo mkdir -p /home/test/lib64/x86_64-linux-gnu Jul 31 12:29:20 bastion LinuxCommandsWazuh: User ubuntu [411377]: 740 sudo cp -v /lib/x86_64-linux-gnu/{libtinfo.so.6,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/lib64/x86_64-linux-gnu Jul 31 12:29:38 bastion LinuxCommandsWazuh: User ubuntu [411377]: 741 sudo cp -vf /etc/{passwd,group} /home/test/etc/ Jul 31 12:31:07 bastion LinuxCommandsWazuh: User ubuntu [411377]: 742 sudo vi /etc/ssh/sshd_config Jul 31 12:31:13 bastion LinuxCommandsWazuh: User ubuntu [411377]: 743 sudo systemctl restart sshd Jul 31 12:31:27 bastion LinuxCommandsWazuh: User ubuntu [411377]: 744 sudo vi /etc/ssh/sshd_config Jul 31 12:31:29 bastion LinuxCommandsWazuh: User ubuntu [411377]: 745 sudo systemctl restart sshd Jul 31 12:32:08 bastion LinuxCommandsWazuh: User ubuntu [411377]: 746 sudo cp -v /bin/bash /home/test/bin/ Jul 31 12:32:14 bastion LinuxCommandsWazuh: User ubuntu [411377]: 747 sudo systemctl restart sshd Jul 31 12:32:37 bastion LinuxCommandsWazuh: User ubuntu [411377]: 748 ls Jul 31 12:32:41 bastion LinuxCommandsWazuh: User ubuntu [411377]: 749 rm -rf lib64/ Jul 31 12:32:46 bastion LinuxCommandsWazuh: User ubuntu [411377]: 750 sudo rm -rf lib64/ Jul 31 12:32:54 bastion LinuxCommandsWazuh: User ubuntu [411377]: 751 sudo cp -v /lib/x86_64-linux-gnu/{libtinfo.so.6,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/lib64/ Jul 31 12:33:03 bastion LinuxCommandsWazuh: User ubuntu [411377]: 752 sudo mkdir -p /home/test/lib64 Jul 31 12:33:09 bastion LinuxCommandsWazuh: User ubuntu [411377]: 753 ldd /bin/bash Jul 31 12:33:24 bastion LinuxCommandsWazuh: User ubuntu [411377]: 753 ldd /bin/bash Jul 31 12:33:33 bastion LinuxCommandsWazuh: User ubuntu [411377]: 754 ls -al /bin/bash Jul 31 12:33:42 bastion LinuxCommandsWazuh: User ubuntu [411377]: 755 cd /bin/bash Jul 31 12:33:49 bastion LinuxCommandsWazuh: User ubuntu [411377]: 756 cd /bin Jul 31 12:33:49 bastion LinuxCommandsWazuh: User ubuntu [411377]: 757 ls Jul 31 12:33:55 bastion LinuxCommandsWazuh: User ubuntu [411377]: 758 lld bash Jul 31 12:34:08 bastion LinuxCommandsWazuh: User ubuntu [411377]: 758 lld bash Jul 31 12:34:11 bastion LinuxCommandsWazuh: User ubuntu [411377]: 759 cd /home/test/ Jul 31 12:34:12 bastion LinuxCommandsWazuh: User ubuntu [411377]: 760 ls Jul 31 12:34:29 bastion LinuxCommandsWazuh: User ubuntu [411377]: 761 sudo cp -v /lib/x86_64-linux-gnu/{libtinfo.so.6,libdl.so.2,libc.so.6} /home/test/lib64/ Jul 31 12:34:53 bastion LinuxCommandsWazuh: User ubuntu [411377]: 762 sudo cp -v /lib/{ld-linux-x86-64.so.2} /home/test/lib64/ Jul 31 12:35:05 bastion LinuxCommandsWazuh: User ubuntu [411377]: 763 sudo cp -v /lib/x86_64-linux-gnu/{ld-linux-x86-64.so.2} /home/test/lib64/ Jul 31 12:35:37 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ubuntu [411377]: 763 sudo cp -v /lib/x86_64-linux-gnu/{ld-linux-x86-64.so.2} /home/test/lib64/] Jul 31 12:35:44 bastion LinuxCommandsWazuh: User ubuntu [411377]: 764 sudo cp -v /lib/{ld-linux-x86-64.so.2} /home/test/lib64/ Jul 31 12:35:55 bastion LinuxCommandsWazuh: User ubuntu [411377]: 765 sudo cp -v /lib/x86_64-linux-gnu/{ld-linux-x86-64.so.2} /home/test/lib64/ Jul 31 12:36:11 bastion LinuxCommandsWazuh: User ubuntu [411377]: 766 sudo cp -v /lib/x86_64-linux-gnu/{libtinfo.so.6,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/lib64/ Jul 31 12:36:24 bastion LinuxCommandsWazuh: User ubuntu [411377]: 767 sudo systemctl restart sshd Jul 31 12:36:48 bastion LinuxCommandsWazuh: User ubuntu [411377]: 768 ls Jul 31 12:36:57 bastion LinuxCommandsWazuh: User ubuntu [411377]: 769 sudo rm -rf lib64/ Jul 31 12:36:58 bastion LinuxCommandsWazuh: User ubuntu [411377]: 770 ;s Jul 31 12:37:11 bastion LinuxCommandsWazuh: User ubuntu [411377]: 770 ;s Jul 31 12:37:12 bastion LinuxCommandsWazuh: User ubuntu [411377]: 771 ldd /bin/bash Jul 31 12:37:28 bastion LinuxCommandsWazuh: User ubuntu [411377]: 772 sudo mkdir -p /home/test/lib64 Jul 31 12:38:10 bastion LinuxCommandsWazuh: User ubuntu [411377]: 772 sudo mkdir -p /home/test/lib64 Jul 31 12:38:17 bastion LinuxCommandsWazuh: User ubuntu [411377]: 773 sudo mkdir -p /home/test/lib64/x86_64-linux-gnu Jul 31 12:38:27 bastion LinuxCommandsWazuh: User ubuntu [411377]: 773 sudo mkdir -p /home/test/lib64/x86_64-linux-gnu Jul 31 12:38:41 bastion LinuxCommandsWazuh: User ubuntu [411377]: 774 sudo cp -v /lib64/x86_64-linux-gnu/{libtinfo.so.6^Cibdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/l Jul 31 12:38:55 bastion LinuxCommandsWazuh: User ubuntu [411377]: 775 sudo cp -v /lib64/x86_64-linux-gnu/{libtinfo.so.6^Cibdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/lib64/x86_64-linux-gnu/ Jul 31 12:39:22 bastion LinuxCommandsWazuh: User ubuntu [411377]: 776 sudo cp -v /lib64/x86_64-linux-gnu/{libtinfo.so.6^Cibdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/lib64/ Jul 31 12:39:45 bastion LinuxCommandsWazuh: User ubuntu [411377]: 777 sudo cp -v /lib64/x86_64-linux-gnu/{libtinfo.so.6,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/lib64/ Jul 31 12:40:40 bastion LinuxCommandsWazuh: User ubuntu [411377]: 777 sudo cp -v /lib64/x86_64-linux-gnu/{libtinfo.so.6,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/lib64/ Jul 31 12:40:50 bastion LinuxCommandsWazuh: User ubuntu [411377]: 778 sudo cp -v /lib/x86_64-linux-gnu/{libtinfo.so.6,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/lib64/ Jul 31 12:41:49 bastion LinuxCommandsWazuh: User ubuntu [411377]: 779 sudo cp -v /lib/x86_64-linux-gnu/{libtinfo.so.6,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/lib64/x86_64-linux-gnu/ Jul 31 12:41:59 bastion LinuxCommandsWazuh: User ubuntu [411377]: 780 sudo systemctl restart sshd Jul 31 12:42:06 bastion LinuxCommandsWazuh: User ubuntu [411377]: 781 ls Jul 31 12:42:10 bastion LinuxCommandsWazuh: User ubuntu [411377]: 782 rm -rf lib64/ Jul 31 12:42:13 bastion LinuxCommandsWazuh: User ubuntu [411377]: 783 sudo rm -rf lib64/ Jul 31 12:42:18 bastion LinuxCommandsWazuh: User ubuntu [411377]: 784 sudo cp -v /lib/x86_64-linux-gnu/{libtinfo.so.6,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/lib64/x86_64-linux-gnu/ Jul 31 12:42:31 bastion LinuxCommandsWazuh: User ubuntu [411377]: 785 sudo mkdir /home/test/lib64/x86_64-linux-gnu/ Jul 31 12:42:41 bastion LinuxCommandsWazuh: User ubuntu [411377]: 786 sudo mkdir /home/test/lib64/x86_64-linux-gnu Jul 31 12:42:58 bastion LinuxCommandsWazuh: User ubuntu [411377]: 787 sudo mkdir -p /home/test/lib64/x86_64-linux-gnu Jul 31 12:43:04 bastion LinuxCommandsWazuh: User ubuntu [411377]: 788 sudo cp -v /lib/x86_64-linux-gnu/{libtinfo.so.6,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/lib64/x86_64-linux-gnu/ Jul 31 12:43:33 bastion LinuxCommandsWazuh: User ubuntu [411377]: 789 sudo cp -vf /etc/{passwd,group} /home/test/etc/ Jul 31 12:43:42 bastion LinuxCommandsWazuh: User ubuntu [411377]: 790 sudo systemctl restart sshd Jul 31 12:43:50 bastion LinuxCommandsWazuh: User ubuntu [411377]: 791 ls Jul 31 12:43:53 bastion LinuxCommandsWazuh: User ubuntu [411377]: 792 cd bin/ Jul 31 12:43:53 bastion LinuxCommandsWazuh: User ubuntu [411377]: 793 ls Jul 31 12:43:55 bastion LinuxCommandsWazuh: User ubuntu [411377]: 794 cd bas Jul 31 12:43:59 bastion LinuxCommandsWazuh: User ubuntu [411377]: 795 cat bash Jul 31 12:44:00 bastion LinuxCommandsWazuh: User ubuntu [411377]: 795 cat bash Jul 31 12:44:27 bastion LinuxCommandsWazuh: User ubuntu [411377]: 796 sudo cp -v /bin/bash /home/test/bin/ Jul 31 12:44:36 bastion LinuxCommandsWazuh: User ubuntu [411377]: 797 ls Jul 31 12:44:39 bastion LinuxCommandsWazuh: User ubuntu [411377]: 798 cd .. Jul 31 12:44:39 bastion LinuxCommandsWazuh: User ubuntu [411377]: 799 ls Jul 31 12:44:51 bastion LinuxCommandsWazuh: User ubuntu [411377]: 800 sudo service sshd restart Jul 31 12:45:02 bastion LinuxCommandsWazuh: User ubuntu [411377]: 801 rm -rf bin/ Jul 31 12:45:02 bastion LinuxCommandsWazuh: User ubuntu [411377]: 802 ls Jul 31 12:45:13 bastion LinuxCommandsWazuh: User ubuntu [411377]: 803 cd .. Jul 31 12:45:13 bastion LinuxCommandsWazuh: User ubuntu [411377]: 804 ls Jul 31 12:45:15 bastion LinuxCommandsWazuh: User ubuntu [411377]: 805 cd .. Jul 31 12:45:15 bastion LinuxCommandsWazuh: User ubuntu [411377]: 806 ls Jul 31 12:45:17 bastion LinuxCommandsWazuh: User ubuntu [411377]: 807 cd home/ Jul 31 12:45:18 bastion LinuxCommandsWazuh: User ubuntu [411377]: 808 ls Jul 31 12:45:22 bastion LinuxCommandsWazuh: User ubuntu [411377]: 809 rm -rf test/ Jul 31 12:45:25 bastion LinuxCommandsWazuh: User ubuntu [411377]: 810 sudo rm -rf test/ Jul 31 13:00:24 bastion LinuxCommandsWazuh: User ubuntu [411377]: 811 sudo vi /etc/ssh/sshd_config Jul 31 13:00:27 bastion LinuxCommandsWazuh: User ubuntu [411377]: 812 sudo service sshd restart Jul 31 13:00:30 bastion LinuxCommandsWazuh: User ak [413991]: 3 exit Jul 31 13:00:35 bastion LinuxCommandsWazuh: message repeated 3 times: [ User ak [413991]: 3 exit] Jul 31 13:00:40 bastion LinuxCommandsWazuh: User ak [413991]: 4 mkdir -p /home/test Jul 31 13:00:42 bastion LinuxCommandsWazuh: User ak [413991]: 5 sudo mkdir -p /home/test Jul 31 13:02:03 bastion LinuxCommandsWazuh: User ubuntu [411377]: 813 ls -l /dev/{null,zero,stdin,stdout,stderr,random,tty} Jul 31 13:02:09 bastion LinuxCommandsWazuh: User ubuntu [411377]: 814 sudo mkdir -p /home/test/dev/ Jul 31 13:02:17 bastion LinuxCommandsWazuh: User ubuntu [411377]: 815 cd /home/test/dev/ Jul 31 13:02:22 bastion LinuxCommandsWazuh: User ubuntu [411377]: 816 sudo mknod -m 666 null c 1 3 Jul 31 13:02:26 bastion LinuxCommandsWazuh: User ubuntu [411377]: 817 sudo mknod -m 666 tty c 5 0 Jul 31 13:02:30 bastion LinuxCommandsWazuh: User ubuntu [411377]: 818 sudo mknod -m 666 zero c 1 5 Jul 31 13:02:35 bastion LinuxCommandsWazuh: User ubuntu [411377]: 819 sudo mknod -m 666 random c 1 8 Jul 31 13:02:43 bastion LinuxCommandsWazuh: User ubuntu [411377]: 820 chown root:root /home/test Jul 31 13:02:48 bastion LinuxCommandsWazuh: User ubuntu [411377]: 821 sudo chown root:root /home/test Jul 31 13:02:53 bastion LinuxCommandsWazuh: User ubuntu [411377]: 822 sudo chmod 0755 /home/test Jul 31 13:02:56 bastion LinuxCommandsWazuh: User ubuntu [411377]: 823 ls -ld /home/test Jul 31 13:03:03 bastion LinuxCommandsWazuh: User ubuntu [411377]: 824 sudo mkdir -p /home/test/bin Jul 31 13:03:52 bastion LinuxCommandsWazuh: User ubuntu [411377]: 825 sudo cp -v /bin/bash /home/test/bin/ Jul 31 13:04:05 bastion LinuxCommandsWazuh: User ubuntu [411377]: 826 ldd /bin/bash Jul 31 13:04:22 bastion LinuxCommandsWazuh: User ubuntu [411377]: 827 mkdir -p /home/test/lib64/x86_64-linux-gnu Jul 31 13:04:25 bastion LinuxCommandsWazuh: User ubuntu [411377]: 828 sudo mkdir -p /home/test/lib64/x86_64-linux-gnu Jul 31 13:04:50 bastion LinuxCommandsWazuh: User ubuntu [411377]: 829 sudo cp -v /lib64/ld-linux-x86-64.so.2/{libtinfo.so.6,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/lib64/x86_64-linux-gnu/ Jul 31 13:05:16 bastion LinuxCommandsWazuh: User ubuntu [411377]: 829 sudo cp -v /lib64/ld-linux-x86-64.so.2/{libtinfo.so.6,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/lib64/x86_64-linux-gnu/ Jul 31 13:05:17 bastion LinuxCommandsWazuh: User ubuntu [411377]: 830 ls Jul 31 13:05:22 bastion LinuxCommandsWazuh: User ubuntu [411377]: 831 cd .. Jul 31 13:05:22 bastion LinuxCommandsWazuh: User ubuntu [411377]: 832 ls Jul 31 13:05:28 bastion LinuxCommandsWazuh: User ubuntu [411377]: 833 rm -rf lib64/ Jul 31 13:05:31 bastion LinuxCommandsWazuh: User ubuntu [411377]: 834 sudo rm -rf lib64/ Jul 31 13:05:39 bastion LinuxCommandsWazuh: User ubuntu [411377]: 835 sudo mkdir -p /home/test/lib/x86_64-linux-gnu Jul 31 13:05:43 bastion LinuxCommandsWazuh: User ubuntu [411377]: 836 sudo cp -v /lib64/ld-linux-x86-64.so.2/{libtinfo.so.6,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/lib64/x86_64-linux-gnu/ Jul 31 13:05:56 bastion LinuxCommandsWazuh: User ubuntu [411377]: 837 sudo cp -v /lib64/ld-linux-x86-64.so.2/{libtinfo.so.6,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/lib/x86_64-linux-gnu/ Jul 31 13:06:02 bastion LinuxCommandsWazuh: User ubuntu [411377]: 838 sudo cp -v /lib/ld-linux-x86-64.so.2/{libtinfo.so.6,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/lib/x86_64-linux-gnu/ Jul 31 13:06:24 bastion LinuxCommandsWazuh: User ubuntu [411377]: 839 sudo cp -v /lib/x86_64-linux-gnu/{libtinfo.so.6,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/lib/x86_64-linux-gnu/ Jul 31 13:06:35 bastion LinuxCommandsWazuh: User ubuntu [411377]: 840 sudo mkdir /home/test/etc Jul 31 13:06:40 bastion LinuxCommandsWazuh: User ubuntu [411377]: 841 sudo cp -vf /etc/{passwd,group} /home/test/etc/ Jul 31 13:06:50 bastion LinuxCommandsWazuh: User ubuntu [411377]: 842 sudo vi vi /etc/ssh/sshd_config Jul 31 13:07:09 bastion LinuxCommandsWazuh: User ubuntu [411377]: 843 sudo vi /etc/ssh/sshd_config Jul 31 13:07:15 bastion LinuxCommandsWazuh: User ubuntu [411377]: 844 sudo systemctl restart sshd Jul 31 13:07:17 bastion LinuxCommandsWazuh: User ak [413991]: 5 sudo mkdir -p /home/test Jul 31 13:07:17 bastion LinuxCommandsWazuh: User ak [413991]: 5 sudo mkdir -p /home/test Jul 31 13:07:27 bastion LinuxCommandsWazuh: User ubuntu [411377]: 845 ls Jul 31 13:07:29 bastion LinuxCommandsWazuh: User ubuntu [411377]: 846 ll Jul 31 13:08:00 bastion LinuxCommandsWazuh: User ubuntu [411377]: 847 useradd tecmint Jul 31 13:08:07 bastion LinuxCommandsWazuh: User ubuntu [411377]: 848 sudo useradd tecmint Jul 31 13:08:16 bastion LinuxCommandsWazuh: User ubuntu [411377]: 849 sud passwd tecmint Jul 31 13:08:24 bastion LinuxCommandsWazuh: User ubuntu [411377]: 850 sudo passwd tecmint Jul 31 13:08:31 bastion LinuxCommandsWazuh: User ubuntu [411377]: 851 mkdir /home/test/etc Jul 31 13:08:35 bastion LinuxCommandsWazuh: User ubuntu [411377]: 852 sudo cp -vf /etc/{passwd,group} /home/test/etc/ Jul 31 13:08:46 bastion LinuxCommandsWazuh: User ubuntu [411377]: 853 sudo vi vi /etc/ssh/sshd_config Jul 31 13:09:01 bastion LinuxCommandsWazuh: User ubuntu [411377]: 854 sudo vi /etc/ssh/sshd_config Jul 31 13:09:02 bastion LinuxCommandsWazuh: User ubuntu [411377]: 855 sudo systemctl restart sshd Jul 31 13:09:11 bastion LinuxCommandsWazuh: User ubuntu [411377]: 856 ssh tecmint@192.168.0.10 Jul 31 13:09:44 bastion LinuxCommandsWazuh: User ubuntu [411377]: 857 ssh tecmint@34.131.41.101 Jul 31 13:10:03 bastion LinuxCommandsWazuh: User ubuntu [411377]: 858 cd Jul 31 13:10:07 bastion LinuxCommandsWazuh: User ubuntu [411377]: 859 cd /home/test/ Jul 31 13:10:08 bastion LinuxCommandsWazuh: User ubuntu [411377]: 860 ls Jul 31 13:12:44 bastion LinuxCommandsWazuh: User ubuntu [411377]: 861 cd Jul 31 13:12:44 bastion LinuxCommandsWazuh: User ubuntu [411377]: 862 ls Jul 31 13:12:46 bastion LinuxCommandsWazuh: User ubuntu [411377]: 862 ls Jul 31 13:12:49 bastion LinuxCommandsWazuh: User ubuntu [411377]: 863 cd /home/ Jul 31 13:12:50 bastion LinuxCommandsWazuh: User ubuntu [411377]: 864 ls Jul 31 13:12:55 bastion LinuxCommandsWazuh: User ubuntu [411377]: 865 sudo rm -rf test/ Jul 31 13:49:30 bastion LinuxCommandsWazuh: User ubuntu [411377]: 865 sudo rm -rf test/ Jul 31 13:49:31 bastion LinuxCommandsWazuh: message repeated 3 times: [ User ubuntu [411377]: 865 sudo rm -rf test/] Jul 31 14:05:31 bastion LinuxCommandsWazuh: User ak [411109]: sudo su ubuntu