Jun 19 04:11:22 bastion LinuxCommandsWazuh: User venky [3843732]: 1089 byobu Jun 19 04:11:25 bastion LinuxCommandsWazuh: User venky [2499085]: 1131 kubetail urlbi | grep already Jun 19 04:11:40 bastion LinuxCommandsWazuh: message repeated 3 times: [ User venky [2499085]: 1131 kubetail urlbi | grep already] Jun 19 04:11:46 bastion LinuxCommandsWazuh: User venky [2499085]: 1132 kubetail urlbird-jobs | grep already Jun 19 04:11:56 bastion LinuxCommandsWazuh: message repeated 4 times: [ User venky [2499085]: 1132 kubetail urlbird-jobs | grep already] Jun 19 04:13:21 bastion LinuxCommandsWazuh: User venky [2499085]: 1132 kubetail urlbird-jobs | grep already Jun 19 04:13:32 bastion LinuxCommandsWazuh: message repeated 5 times: [ User venky [2499085]: 1132 kubetail urlbird-jobs | grep already] Jun 19 04:16:33 bastion LinuxCommandsWazuh: User venky [2499085]: 1132 kubetail urlbird-jobs | grep already Jun 19 04:17:18 bastion LinuxCommandsWazuh: User venky [2261848]: kubetail urlbird-jobs-75944c5646-f6jmj Jun 19 04:17:18 bastion LinuxCommandsWazuh: User venky [2261848]: kubetail urlbird-jobs-75944c5646-f6jmj Jun 19 04:17:30 bastion LinuxCommandsWazuh: User venky [2499085]: 1133 kubetail halla Jun 19 04:17:55 bastion LinuxCommandsWazuh: User venky [2499085]: 1134 kubetail sbert-classifier- Jun 19 04:17:59 bastion LinuxCommandsWazuh: User venky [2499085]: 1135 kubectl get hpa Jun 19 04:42:54 bastion LinuxCommandsWazuh: User venky [2499085]: 1135 kubectl get hpa Jun 19 04:43:14 bastion LinuxCommandsWazuh: message repeated 3 times: [ User venky [2499085]: 1135 kubectl get hpa ] Jun 19 04:43:20 bastion LinuxCommandsWazuh: User venky [3843732]: 1089 byobu Jun 19 04:43:21 bastion LinuxCommandsWazuh: User venky [3843732]: 1089 byobu Jun 19 11:02:07 bastion LinuxCommandsWazuh: User ankur [3948854]: 1293 byobu Jun 19 11:44:59 bastion LinuxCommandsWazuh: User rihan [3991640]: 1038 exit Jun 19 11:45:11 bastion LinuxCommandsWazuh: User rihan [3991640]: 1039 kubectl get pods | grep forever Jun 19 11:51:34 bastion LinuxCommandsWazuh: User rihan [3991640]: 1039 kubectl get pods | grep forever Jun 19 12:28:34 bastion LinuxCommandsWazuh: User shamailtayyab [4031309]: 1998 k exec -it nitro-ads-7495c9d8b4-gtnzf sh Jun 19 12:28:36 bastion LinuxCommandsWazuh: message repeated 2 times: [ User shamailtayyab [4031309]: 1998 k exec -it nitro-ads-7495c9d8b4-gtnzf sh] Jun 19 13:27:27 bastion LinuxCommandsWazuh: User ubuntu [4036262]: 32 exit Jun 19 13:27:58 bastion LinuxCommandsWazuh: User ubuntu [4036262]: 33 ls Jun 19 13:28:14 bastion LinuxCommandsWazuh: User ubuntu [4036262]: 34 cd .. Jun 19 13:28:14 bastion LinuxCommandsWazuh: User ubuntu [4036262]: 35 ls Jun 19 13:28:20 bastion LinuxCommandsWazuh: User ubuntu [4036262]: 36 cd Jun 19 13:28:20 bastion LinuxCommandsWazuh: User ubuntu [4036262]: 37 ls Jun 19 13:28:27 bastion LinuxCommandsWazuh: User ankur [4036312]: 1293 byobu Jun 19 13:28:27 bastion LinuxCommandsWazuh: User ankur [4036312]: 1294 ls Jun 19 13:28:29 bastion LinuxCommandsWazuh: User ankur [4036312]: 1295 cd Jun 19 13:28:29 bastion LinuxCommandsWazuh: User ankur [4036312]: 1296 ls Jun 19 13:28:43 bastion LinuxCommandsWazuh: User ankur [4036312]: 1297 cat README.md Jun 19 13:28:48 bastion LinuxCommandsWazuh: User ankur [4036312]: 1297 cat README.md Jun 19 13:29:04 bastion LinuxCommandsWazuh: User ankur [4036312]: 1298 redis Jun 19 13:29:16 bastion LinuxCommandsWazuh: User ankur [4036312]: 1299 mongo Jun 19 13:29:52 bastion LinuxCommandsWazuh: User rihan [4036464]: 1039 kubectl get pods | grep forever Jun 19 13:30:03 bastion LinuxCommandsWazuh: message repeated 3 times: [ User rihan [4036464]: 1039 kubectl get pods | grep forever] Jun 19 13:30:04 bastion LinuxCommandsWazuh: User ankur [4036312]: 1300 kubectl get all Jun 19 13:30:04 bastion LinuxCommandsWazuh: User rihan [4036464]: 1039 kubectl get pods | grep forever Jun 19 13:30:13 bastion LinuxCommandsWazuh: message repeated 8 times: [ User rihan [4036464]: 1039 kubectl get pods | grep forever] Jun 19 13:30:25 bastion LinuxCommandsWazuh: User ubuntu [4036847]: 32 exit Jun 19 13:30:30 bastion LinuxCommandsWazuh: User ubuntu [4036847]: 33 kubectl get ns Jun 19 13:30:34 bastion LinuxCommandsWazuh: User rihan [4036893]: 1039 kubectl get pods | grep forever Jun 19 13:30:36 bastion LinuxCommandsWazuh: User rihan [4036893]: 1040 cd Jun 19 13:30:40 bastion LinuxCommandsWazuh: User rihan [4036893]: 1041 kubectl get ns Jun 19 13:31:06 bastion LinuxCommandsWazuh: User rihan [4036893]: 1042 kubecetl get all -n loki Jun 19 13:31:06 bastion LinuxCommandsWazuh: User rihan [4036893]: 1042 kubecetl get all -n loki Jun 19 13:31:16 bastion LinuxCommandsWazuh: User rihan [4036893]: 1043 kubectl get all -n loki Jun 19 13:34:02 bastion LinuxCommandsWazuh: User rihan [4036893]: 1043 kubectl get all -n loki Jun 19 13:34:02 bastion LinuxCommandsWazuh: message repeated 5 times: [ User rihan [4036893]: 1043 kubectl get all -n loki] Jun 19 13:34:16 bastion LinuxCommandsWazuh: User rihan [4036893]: 1044 kubectl get configmap Jun 19 13:34:57 bastion LinuxCommandsWazuh: User rihan [4036893]: 1045 kubectl get svc Jun 19 13:37:58 bastion LinuxCommandsWazuh: User ubuntu [4037749]: 32 exit Jun 19 13:37:59 bastion LinuxCommandsWazuh: User ubuntu [4037749]: 33 cd Jun 19 13:37:59 bastion LinuxCommandsWazuh: User ubuntu [4037749]: 34 ls Jun 19 13:38:00 bastion LinuxCommandsWazuh: User ubuntu [4037749]: 35 cd bin/ Jun 19 13:38:01 bastion LinuxCommandsWazuh: User ubuntu [4037749]: 36 ks Jun 19 13:38:02 bastion LinuxCommandsWazuh: User ubuntu [4037749]: 37 ls Jun 19 13:38:30 bastion LinuxCommandsWazuh: User ubuntu [4037749]: 38 crontab -e Jun 19 13:38:42 bastion LinuxCommandsWazuh: User ubuntu [4037749]: 39 ls Jun 19 13:39:06 bastion LinuxCommandsWazuh: User ubuntu [4037749]: 39 ls Jun 19 13:44:06 bastion LinuxCommandsWazuh: User ubuntu [4037749]: 40 psql Jun 19 13:44:07 bastion LinuxCommandsWazuh: User ubuntu [4037749]: 41 cd Jun 19 13:44:08 bastion LinuxCommandsWazuh: User ubuntu [4037749]: 42 ls Jun 19 13:44:14 bastion LinuxCommandsWazuh: User ubuntu [4037749]: 43 make bash Jun 19 13:44:17 bastion LinuxCommandsWazuh: User ubuntu [4037749]: 44 sudo su riham Jun 19 13:44:21 bastion LinuxCommandsWazuh: User rihan [4038001]: 1039 kubectl get pods | grep forever Jun 19 13:44:37 bastion LinuxCommandsWazuh: User rihan [4038001]: 1040 cd Jun 19 13:44:57 bastion LinuxCommandsWazuh: User rihan [4038001]: 1041 make bash Jun 19 13:45:03 bastion LinuxCommandsWazuh: User rihan [4038001]: 1042 cat Makefile Jun 19 13:45:10 bastion LinuxCommandsWazuh: User rihan [4038001]: 1042 cat Makefile Jun 19 13:45:13 bastion LinuxCommandsWazuh: User rihan [4038001]: 1043 cat README.md Jun 19 13:45:22 bastion LinuxCommandsWazuh: User ubuntu [4037749]: 45 sudo su rihan Jun 19 13:45:26 bastion LinuxCommandsWazuh: User rihan [4036893]: 1046 sudo su ubuntu Jun 19 13:45:29 bastion LinuxCommandsWazuh: User ubuntu [4036847]: 34 sudo su rihan Jun 19 13:46:55 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 49 exit Jun 19 13:46:56 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 50 ls Jun 19 13:47:01 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 51 cd vpn/ Jun 19 13:47:01 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 52 ls Jun 19 13:47:03 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 53 cd . Jun 19 13:47:03 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 54 ls Jun 19 13:47:05 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 55 dcd Jun 19 13:47:05 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 55 dcd Jun 19 13:47:15 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 56 cd Jun 19 13:47:16 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 57 ls Jun 19 13:47:22 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 58 cd toilet/ Jun 19 13:47:22 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 59 ls Jun 19 13:47:24 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 60 cdd Jun 19 13:47:25 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 61 ls Jun 19 13:47:26 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 62 cd Jun 19 13:47:26 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 63 ls Jun 19 13:47:43 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 64 cd bin/ Jun 19 13:47:43 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 65 ls Jun 19 13:47:45 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 66 cd Jun 19 13:47:46 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 67 ls Jun 19 13:47:47 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 68 cd toilet/ Jun 19 13:47:47 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 69 ls Jun 19 13:47:49 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 70 cdl Jun 19 13:47:50 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 71 scd Jun 19 13:47:50 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 72 ls Jun 19 13:47:51 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 73 cd Jun 19 13:47:51 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 74 ls Jun 19 13:47:55 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 75 cd DK/ Jun 19 13:47:55 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 76 ls Jun 19 13:48:00 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ubuntu [4038901]: 76 ls] Jun 19 13:48:01 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 77 cd Jun 19 13:48:01 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 78 ls Jun 19 13:48:06 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 79 rm -rf DK Jun 19 13:48:07 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 80 ls Jun 19 13:48:16 bastion LinuxCommandsWazuh: User ubuntu [446226]: 843 kubetail Jun 19 13:48:18 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 81 byobu Jun 19 13:48:26 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 82 htop Jun 19 13:48:45 bastion LinuxCommandsWazuh: message repeated 19 times: [ User ubuntu [4038901]: 82 htop] Jun 19 13:50:40 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 82 htop Jun 19 13:50:41 bastion LinuxCommandsWazuh: message repeated 4 times: [ User ubuntu [4038901]: 82 htop] Jun 19 13:50:56 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 82 htop Jun 19 13:50:58 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 83 :: Jun 19 13:50:59 bastion LinuxCommandsWazuh: message repeated 10 times: [ User ubuntu [4038901]: 83 ::] Jun 19 13:50:59 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 84 ls Jun 19 13:51:01 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 85 cd i Jun 19 13:51:03 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 86 cd bin/ Jun 19 13:51:03 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 87 ls Jun 19 13:51:06 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 88 car recordslog.sh Jun 19 13:51:09 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 89 cat recordslog.sh Jun 19 13:51:13 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 89 cat recordslog.sh Jun 19 13:51:16 bastion LinuxCommandsWazuh: User ubuntu [4038901]: ls Jun 19 13:51:20 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 1 cd Jun 19 13:51:20 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 2 ls Jun 19 13:51:24 bastion LinuxCommandsWazuh: User ankit [4039705]: Jun 19 13:51:25 bastion LinuxCommandsWazuh: User ankit [4039705]: 1 cd Jun 19 13:51:28 bastion LinuxCommandsWazuh: User ankit [4039705]: 1 cd Jun 19 13:51:42 bastion LinuxCommandsWazuh: User ankit [4039705]: 2 kubectl get pods Jun 19 13:51:46 bastion LinuxCommandsWazuh: User ankit [4039705]: 3 cd .. Jun 19 13:51:46 bastion LinuxCommandsWazuh: User ankit [4039705]: 4 ls Jun 19 13:52:21 bastion LinuxCommandsWazuh: User ankit [4039705]: 4 ls Jun 19 13:52:30 bastion LinuxCommandsWazuh: User ankit [4039705]: 5 cd Jun 19 13:52:36 bastion LinuxCommandsWazuh: User ubuntu [4039764]: 49 exit Jun 19 13:52:37 bastion LinuxCommandsWazuh: User ubuntu [4039764]: 50 cd Jun 19 13:52:37 bastion LinuxCommandsWazuh: User ubuntu [4039764]: 51 ls Jun 19 13:52:53 bastion LinuxCommandsWazuh: User ubuntu [4039764]: 52 cp Makefile README.md /home/ankit/ Jun 19 13:52:57 bastion LinuxCommandsWazuh: User ubuntu [4039764]: 53 sudo cp Makefile README.md /home/ankit/ Jun 19 13:52:58 bastion LinuxCommandsWazuh: User ubuntu [4039764]: 54 cd Jun 19 13:52:58 bastion LinuxCommandsWazuh: User ubuntu [4039764]: 55 ls Jun 19 13:53:01 bastion LinuxCommandsWazuh: User ankit [4039822]: Jun 19 13:53:02 bastion LinuxCommandsWazuh: User ankit [4039822]: 1 cd Jun 19 13:53:02 bastion LinuxCommandsWazuh: User ankit [4039822]: 2 ls Jun 19 13:53:07 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ankit [4039822]: 2 ls] Jun 19 13:55:21 bastion LinuxCommandsWazuh: User ankit [4039822]: 3 sudo chown ankit:ankit Makefile README.md Jun 19 13:55:22 bastion LinuxCommandsWazuh: User ankit [4039822]: 4 ls Jun 19 13:55:23 bastion LinuxCommandsWazuh: User ankit [4039822]: 5 ll Jun 19 13:55:28 bastion LinuxCommandsWazuh: User ubuntu [4039764]: 56 sudo su ankit Jun 19 13:55:31 bastion LinuxCommandsWazuh: User ubuntu [4039764]: 57 ls Jun 19 13:55:36 bastion LinuxCommandsWazuh: User ubuntu [4039764]: 58 cd .ssh/ Jun 19 13:55:36 bastion LinuxCommandsWazuh: User ubuntu [4039764]: 59 ls Jun 19 13:55:48 bastion LinuxCommandsWazuh: User ubuntu [4039764]: 60 sudo vi authorized_keys Jun 19 13:56:08 bastion LinuxCommandsWazuh: User ubuntu [4039764]: 61 curl ifconfig.me Jun 19 13:57:03 bastion LinuxCommandsWazuh: User ubuntu [4039764]: 61 curl ifconfig.me Jun 19 13:57:49 bastion LinuxCommandsWazuh: message repeated 3 times: [ User ubuntu [4039764]: 61 curl ifconfig.me] Jun 19 14:19:33 bastion LinuxCommandsWazuh: User ubuntu [4042324]: 49 exit Jun 19 14:19:35 bastion LinuxCommandsWazuh: User ubuntu [4042324]: 50 whoami Jun 19 14:19:52 bastion LinuxCommandsWazuh: User ankit [4042424]: 6 exit Jun 19 14:19:55 bastion LinuxCommandsWazuh: User ankit [4042424]: 7 ls Jun 19 14:20:10 bastion LinuxCommandsWazuh: User ankit [4042609]: 8 exit Jun 19 14:27:12 bastion LinuxCommandsWazuh: User ankit [4042609]: 8 exit Jun 19 14:27:13 bastion LinuxCommandsWazuh: message repeated 4 times: [ User ankit [4042609]: 8 exit] Jun 19 14:27:15 bastion LinuxCommandsWazuh: User ankit [4042609]: kubectl get nodes Jun 19 14:30:33 bastion LinuxCommandsWazuh: User ankit [4042609]: kubectl get nodes Jun 19 14:30:42 bastion LinuxCommandsWazuh: User ankit [4042609]: 10 htop Jun 19 14:30:49 bastion LinuxCommandsWazuh: User ankit [4042609]: 11 kubectl get nodes Jun 19 14:31:30 bastion LinuxCommandsWazuh: User ankit [4042609]: 12 ls Jun 19 14:31:40 bastion LinuxCommandsWazuh: User ankit [4042609]: 13 pwd Jun 19 14:31:44 bastion LinuxCommandsWazuh: User ankit [4042609]: 14 cd .. Jun 19 14:31:45 bastion LinuxCommandsWazuh: User ankit [4042609]: 15 ls Jun 19 14:31:54 bastion LinuxCommandsWazuh: User ankit [4042609]: 16 cat service.json Jun 19 14:34:30 bastion LinuxCommandsWazuh: User ankit [4042609]: 17 gcloud Jun 19 14:38:58 bastion LinuxCommandsWazuh: User ankit [4042609]: 18 groups ankit Jun 19 14:39:11 bastion LinuxCommandsWazuh: User ankit [4042609]: 19 id ankit Jun 19 14:48:42 bastion LinuxCommandsWazuh: User ankit [4042609]: 20 gcloud version Jun 19 14:49:10 bastion LinuxCommandsWazuh: User ankit [4042609]: 21 ls -l /home/service.json Jun 19 14:52:15 bastion LinuxCommandsWazuh: User ankit [4042609]: 22 gcloud auth activate-service-account --key-file=/home/service.json Jun 19 14:52:15 bastion LinuxCommandsWazuh: User ankit [4042609]: 22 gcloud auth activate-service-account --key-file=/home/service.json Jun 19 14:52:34 bastion LinuxCommandsWazuh: User ankit [4042609]: 23 kubectl get nodes Jun 19 14:52:39 bastion LinuxCommandsWazuh: User ankit [4042609]: 24 gcloud config set project nitrox-436511 Jun 19 14:52:41 bastion LinuxCommandsWazuh: User ankit [4042609]: 25 gcloud config set compute/zone asia-south2-b Jun 19 14:56:35 bastion LinuxCommandsWazuh: User rihan [4046128]: 1052 exit Jun 19 14:56:48 bastion LinuxCommandsWazuh: User ankit [4042609]: 26 gcloud container clusters get-credentials nitrox-production Jun 19 14:56:58 bastion LinuxCommandsWazuh: User ankit [4042609]: 27 kubectl get nodes Jun 19 14:57:36 bastion LinuxCommandsWazuh: User ubuntu [4039764]: 61 curl ifconfig.me Jun 19 14:57:36 bastion LinuxCommandsWazuh: message repeated 3 times: [ User ubuntu [4039764]: 61 curl ifconfig.me] Jun 19 14:57:42 bastion LinuxCommandsWazuh: User rihan [4046228]: 1052 exit Jun 19 14:57:42 bastion LinuxCommandsWazuh: User rihan [4046228]: 1053 cd Jun 19 14:57:43 bastion LinuxCommandsWazuh: User rihan [4046228]: 1054 ls Jun 19 14:57:44 bastion LinuxCommandsWazuh: User rihan [4046228]: 1055 sudo Jun 19 14:57:47 bastion LinuxCommandsWazuh: User rihan [4046228]: 1055 sudo Jun 19 14:57:50 bastion LinuxCommandsWazuh: User ubuntu [4039764]: 62 sudo su rihan Jun 19 14:57:54 bastion LinuxCommandsWazuh: User adil [4046272]: 103 sudo su rihan Jun 19 14:58:00 bastion LinuxCommandsWazuh: User adil [4046272]: 104 sudo vi test.json Jun 19 14:58:01 bastion LinuxCommandsWazuh: User adil [4046272]: 105 cd Jun 19 14:58:01 bastion LinuxCommandsWazuh: User adil [4046272]: 106 ls Jun 19 14:58:03 bastion LinuxCommandsWazuh: User adil [4046272]: 106 ls Jun 19 14:58:05 bastion ubuntu: root@ [4046310]: exit [0] Jun 19 14:58:07 bastion LinuxCommandsWazuh: User adil [4046272]: 107 sudo su Jun 19 14:58:10 bastion LinuxCommandsWazuh: User ubuntu [4039764]: 63 sudo su adil Jun 19 14:58:12 bastion LinuxCommandsWazuh: User ubuntu [4039764]: 64 sudo su aman Jun 19 14:58:18 bastion LinuxCommandsWazuh: User ubuntu [4039764]: 65 cd Jun 19 14:58:19 bastion LinuxCommandsWazuh: User ubuntu [4039764]: 66 cd .. Jun 19 14:58:20 bastion LinuxCommandsWazuh: User ubuntu [4039764]: 67 ls Jun 19 14:58:34 bastion LinuxCommandsWazuh: User ashish [4046365]: 43 docker ps Jun 19 14:58:35 bastion LinuxCommandsWazuh: User ashish [4046365]: 44 cd Jun 19 14:58:37 bastion LinuxCommandsWazuh: User ashish [4046365]: 45 sudo su Jun 19 14:59:52 bastion LinuxCommandsWazuh: User ubuntu [4046482]: 51 exit Jun 19 14:59:54 bastion LinuxCommandsWazuh: User ubuntu [4046482]: 52 ls Jun 19 14:59:58 bastion LinuxCommandsWazuh: User ubuntu [4046482]: 53 whoami Jun 19 15:00:08 bastion LinuxCommandsWazuh: User ubuntu [4046482]: 54 su ankit Jun 19 15:00:08 bastion LinuxCommandsWazuh: User ubuntu [4046482]: 54 su ankit Jun 19 15:00:11 bastion ubuntu: root@ [4046614]: exit [0] Jun 19 15:00:29 bastion LinuxCommandsWazuh: User ankit [4046632]: 28 exit Jun 19 15:00:33 bastion ubuntu: root@ [4046646]: exit [0] Jun 19 15:00:36 bastion LinuxCommandsWazuh: User ubuntu [4046662]: 51 exit Jun 19 15:00:39 bastion LinuxCommandsWazuh: User ubuntu [4046662]: 52 whomai Jun 19 15:00:42 bastion LinuxCommandsWazuh: User ubuntu [4046662]: 53 whoami Jun 19 15:01:12 bastion LinuxCommandsWazuh: User ubuntu [4046662]: 54 kubectl get nodes Jun 19 15:02:40 bastion LinuxCommandsWazuh: User ubuntu [4046662]: 55 ls Jun 19 15:02:42 bastion ubuntu: root@ [4046748]: exit [0] Jun 19 15:02:48 bastion LinuxCommandsWazuh: User ankit [4046765]: 28 exit Jun 19 15:02:50 bastion LinuxCommandsWazuh: User ankit [4046765]: 29 sudo mkdir -p /home/ubuntu/.kube Jun 19 15:02:50 bastion LinuxCommandsWazuh: User ankit [4046765]: 30 sudo cp /home/ankit/.kube/config /home/ubuntu/.kube/config Jun 19 15:02:50 bastion LinuxCommandsWazuh: User ankit [4046765]: 31 sudo chown ubuntu:ubuntu /home/ubuntu/.kube/config Jun 19 15:02:50 bastion LinuxCommandsWazuh: User ankit [4046765]: 32 sudo chmod 600 /home/ubuntu/.kube/config Jun 19 15:03:03 bastion LinuxCommandsWazuh: User ankit [4046765]: 33 su subuntu Jun 19 15:03:11 bastion LinuxCommandsWazuh: User ankit [4046765]: 34 su ubuntu Jun 19 15:03:15 bastion ubuntu: root@ [4046821]: exit [0] Jun 19 15:03:18 bastion LinuxCommandsWazuh: User ubuntu [4046838]: 51 exit Jun 19 15:03:31 bastion LinuxCommandsWazuh: User ubuntu [4046838]: 52 kubectl get ns Jun 19 15:03:35 bastion LinuxCommandsWazuh: User ubuntu [4046838]: 53 kubectl get nodes Jun 19 15:03:48 bastion LinuxCommandsWazuh: User ubuntu [4046838]: 54 ls Jun 19 15:03:54 bastion LinuxCommandsWazuh: User ubuntu [4046838]: 55 pwd Jun 19 15:04:42 bastion LinuxCommandsWazuh: User ubuntu [4046838]: 56 ls Jun 19 15:04:46 bastion LinuxCommandsWazuh: User ubuntu [4046838]: 57 pwd Jun 19 15:04:54 bastion ubuntu: root@ [4046918]: exit [0] Jun 19 15:04:57 bastion LinuxCommandsWazuh: User ankit [4046934]: 28 exit Jun 19 15:04:59 bastion LinuxCommandsWazuh: User ankit [4046934]: 29 ls Jun 19 15:05:07 bastion LinuxCommandsWazuh: User ankit [4046934]: 30 pwd Jun 19 15:05:11 bastion LinuxCommandsWazuh: User ankit [4046934]: 31 cd /home/ Jun 19 15:05:12 bastion LinuxCommandsWazuh: User ankit [4046934]: 32 ls Jun 19 15:05:17 bastion LinuxCommandsWazuh: User ankit [4046934]: 33 cat service.json Jun 19 15:05:18 bastion LinuxCommandsWazuh: User ankit [4046934]: 34 ls Jun 19 15:06:38 bastion LinuxCommandsWazuh: User ankit [4046934]: 35 ubuntu@bastion:~$ kubectl get nodes Jun 19 15:10:57 bastion LinuxCommandsWazuh: User ankur [4047821]: 1293 byobu Jun 19 15:11:46 bastion LinuxCommandsWazuh: User ankit [4046934]: 36 kubectl get nodes Jun 19 15:12:08 bastion LinuxCommandsWazuh: User ankit [4046934]: 37 ls Jun 19 15:14:00 bastion LinuxCommandsWazuh: User ankit [4046934]: 37 ls Jun 19 15:14:02 bastion LinuxCommandsWazuh: User ankit [4046934]: 38 ll Jun 19 15:14:09 bastion LinuxCommandsWazuh: User ankit [4046934]: 39 ls -sl Jun 19 15:14:11 bastion LinuxCommandsWazuh: User ankit [4046934]: 40 ls Jun 19 15:14:17 bastion LinuxCommandsWazuh: User ankit [4046934]: 41 cat service.json Jun 19 15:16:28 bastion LinuxCommandsWazuh: User ankit [4046934]: 42 sudo mkdir -p /home/ubuntu/.kube Jun 19 15:16:28 bastion LinuxCommandsWazuh: User ankit [4046934]: 43 sudo cp /home/ankit/.kube/config /home/ubuntu/.kube/config Jun 19 15:16:28 bastion LinuxCommandsWazuh: User ankit [4046934]: 44 sudo chown ubuntu:ubuntu /home/ubuntu/.kube/config Jun 19 15:16:28 bastion LinuxCommandsWazuh: User ankit [4046934]: 45 sudo chmod 600 /home/ubuntu/.kube/config Jun 19 15:16:42 bastion LinuxCommandsWazuh: User ankit [4046934]: 46 su ubuntu Jun 19 15:16:43 bastion LinuxCommandsWazuh: User ankit [4046934]: 46 su ubuntu Jun 19 15:16:45 bastion ubuntu: root@ [4054094]: exit [0] Jun 19 15:16:51 bastion LinuxCommandsWazuh: User ubuntu [4054197]: 51 exit Jun 19 15:17:01 bastion LinuxCommandsWazuh: User ubuntu [4054197]: 52 kubectl get nodes Jun 19 15:19:13 bastion ubuntu: root@ [4056418]: exit [0] Jun 19 15:19:17 bastion LinuxCommandsWazuh: User ankit [4056498]: 28 exit Jun 19 15:19:19 bastion LinuxCommandsWazuh: User ankit [4056498]: 29 ls Jun 19 15:19:23 bastion LinuxCommandsWazuh: User ankit [4056498]: 30 whoami Jun 19 15:19:33 bastion LinuxCommandsWazuh: User ankit [4056498]: 31 cat /home/ankit/.kube/config Jun 19 15:20:25 bastion LinuxCommandsWazuh: User ashish [4046365]: 45 sudo su Jun 19 15:20:25 bastion LinuxCommandsWazuh: message repeated 3 times: [ User ashish [4046365]: 45 sudo su ] Jun 19 15:20:26 bastion LinuxCommandsWazuh: User ubuntu [4039764]: 68 sudo su ashish Jun 19 15:20:27 bastion LinuxCommandsWazuh: User ubuntu [4039764]: 69 ls Jun 19 15:20:30 bastion LinuxCommandsWazuh: User ankit [4039705]: 6 sudo su ubuntu Jun 19 15:20:32 bastion LinuxCommandsWazuh: User ubuntu [4038901]: 3 sudo su ankit Jun 19 15:21:17 bastion LinuxCommandsWazuh: User ubuntu [4058606]: 1017 exit Jun 19 15:21:18 bastion LinuxCommandsWazuh: User ubuntu [4058606]: 1018 ls Jun 19 15:21:36 bastion LinuxCommandsWazuh: User ubuntu [4058606]: 1019 cd /home/ubuntu/.kube/ Jun 19 15:21:37 bastion LinuxCommandsWazuh: User ubuntu [4058606]: 1020 ls Jun 19 15:21:41 bastion LinuxCommandsWazuh: User ubuntu [4058606]: 1021 cat config Jun 19 15:24:26 bastion LinuxCommandsWazuh: User ubuntu [4058606]: 1022 gcloud auth activate-service-account --key-file=/home/another-service-account.json Jun 19 15:24:27 bastion LinuxCommandsWazuh: User ubuntu [4058606]: 1023 gcloud container clusters get-credentials nitrox-production Jun 19 15:24:27 bastion LinuxCommandsWazuh: User ubuntu [4058606]: 1024 kubectl get nodes Jun 19 15:24:49 bastion LinuxCommandsWazuh: User ubuntu [4058606]: 1025 cd /home/ Jun 19 15:24:50 bastion LinuxCommandsWazuh: User ubuntu [4058606]: 1026 ls Jun 19 15:27:16 bastion LinuxCommandsWazuh: User rihan [4046128]: 1053 redis Jun 19 15:27:26 bastion LinuxCommandsWazuh: User rihan [4046128]: 1054 kubectl get pods | grep forever Jun 19 15:27:49 bastion LinuxCommandsWazuh: User ubuntu [4058606]: 1027 gcloud version Jun 19 15:27:55 bastion LinuxCommandsWazuh: User ubuntu [4058606]: 1028 ls -l /home/service.json Jun 19 15:28:03 bastion LinuxCommandsWazuh: User ubuntu [4058606]: 1029 gcloud auth activate-service-account --key-file=/home/service.json Jun 19 15:28:17 bastion LinuxCommandsWazuh: User ubuntu [4058606]: 1030 gcloud config set project nitrox-436511 Jun 19 15:28:20 bastion LinuxCommandsWazuh: User ubuntu [4058606]: 1031 gcloud config set compute/zone asia-south2-b Jun 19 15:28:29 bastion LinuxCommandsWazuh: User ubuntu [4058606]: 1032 gcloud container clusters get-credentials nitrox-production Jun 19 15:28:36 bastion LinuxCommandsWazuh: User ubuntu [4058606]: 1033 kubectl get nodes Jun 19 15:28:41 bastion ubuntu: root@ [4066394]: exit [0] Jun 19 15:28:45 bastion LinuxCommandsWazuh: User ankit [4066473]: 35 exit Jun 19 15:28:50 bastion LinuxCommandsWazuh: User ankit [4066473]: 36 whoami Jun 19 15:28:52 bastion LinuxCommandsWazuh: User ankit [4066473]: 37 kubectl get nodes Jun 19 15:29:01 bastion LinuxCommandsWazuh: User ubuntu [4066754]: 1017 exit Jun 19 15:29:05 bastion LinuxCommandsWazuh: User ubuntu [4066754]: 1018 whomai Jun 19 15:29:08 bastion LinuxCommandsWazuh: User ubuntu [4066754]: 1019 whoami Jun 19 15:29:21 bastion ubuntu: root@ [4067112]: exit [0] Jun 19 15:29:23 bastion LinuxCommandsWazuh: User ankit [4067155]: 35 exit Jun 19 15:29:28 bastion LinuxCommandsWazuh: User ankit [4067155]: 36 whomai Jun 19 15:29:31 bastion LinuxCommandsWazuh: User ankit [4067155]: 37 whoami Jun 19 15:29:44 bastion LinuxCommandsWazuh: User ankit [4067155]: 38 su ubuntu Jun 19 15:29:52 bastion LinuxCommandsWazuh: User shamailtayyab [4067727]: 1998 internal Jun 19 15:29:55 bastion LinuxCommandsWazuh: message repeated 2 times: [ User shamailtayyab [4067727]: 1998 internal ] Jun 19 15:30:29 bastion LinuxCommandsWazuh: User ankit [4067155]: 39 whoami Jun 19 15:30:31 bastion LinuxCommandsWazuh: User ankit [4067155]: 40 sudo ls Jun 19 15:31:06 bastion LinuxCommandsWazuh: User ankit [4067155]: 41 whoami Jun 19 15:31:10 bastion ubuntu: root@ [4068984]: exit [0] Jun 19 15:31:14 bastion LinuxCommandsWazuh: User ubuntu [4069052]: 1017 exit Jun 19 15:31:18 bastion LinuxCommandsWazuh: User ubuntu [4069052]: 1018 whomai Jun 19 15:31:20 bastion LinuxCommandsWazuh: User ubuntu [4069052]: 1018 whomai Jun 19 15:31:24 bastion LinuxCommandsWazuh: User ubuntu [4069052]: 1019 whoami Jun 19 15:31:30 bastion LinuxCommandsWazuh: User ubuntu [4069052]: 1020 sudo ls Jun 19 15:31:40 bastion LinuxCommandsWazuh: User venky [4069591]: 1089 byobu Jun 19 15:31:45 bastion LinuxCommandsWazuh: User venky [2499085]: 1135 kubectl get hpa Jun 19 15:31:48 bastion LinuxCommandsWazuh: User venky [2499085]: 1135 kubectl get hpa Jun 19 15:31:53 bastion LinuxCommandsWazuh: User venky [2499085]: 1136 kubetail urlbird-jobs | grep already Jun 19 15:31:57 bastion LinuxCommandsWazuh: User venky [2499085]: 1136 kubetail urlbird-jobs | grep already Jun 19 15:32:04 bastion LinuxCommandsWazuh: User venky [2499085]: 1137 kubectl get po | grep url Jun 19 15:32:37 bastion LinuxCommandsWazuh: User ubuntu [4069052]: 1021 getent group sudo Jun 19 15:33:03 bastion LinuxCommandsWazuh: User venky [2499085]: 1137 kubectl get po | grep url Jun 19 15:33:06 bastion LinuxCommandsWazuh: User ubuntu [4069052]: 1022 sudo deluser ankit sudo Jun 19 15:33:15 bastion LinuxCommandsWazuh: User ubuntu [4069052]: 1023 getent group sudo Jun 19 15:33:27 bastion LinuxCommandsWazuh: User venky [2499085]: 1138 kubetail urlbird-jobs-8fb84d5c9-qzcj7 Jun 19 15:33:28 bastion LinuxCommandsWazuh: User ubuntu [4069052]: 1024 su - ankit Jun 19 15:33:32 bastion ubuntu: root@ [4075397]: exit [0] Jun 19 15:33:34 bastion LinuxCommandsWazuh: User ankit [4075491]: 35 exit Jun 19 15:33:37 bastion LinuxCommandsWazuh: User ankit [4075491]: 36 whomai Jun 19 15:33:39 bastion LinuxCommandsWazuh: User ankit [4075491]: 37 whoami Jun 19 15:33:41 bastion ubuntu: root@ [4075741]: exit [0] Jun 19 15:33:45 bastion LinuxCommandsWazuh: User ankit [4075491]: 38 sudo su Jun 19 15:33:52 bastion LinuxCommandsWazuh: User ankit [4075491]: 39 sudo ls Jun 19 15:34:38 bastion LinuxCommandsWazuh: User venky [2499085]: 1138 kubetail urlbird-jobs-8fb84d5c9-qzcj7 Jun 19 15:35:00 bastion ubuntu: root@ [4084600]: exit [0] Jun 19 15:35:06 bastion LinuxCommandsWazuh: User ubuntu [4084778]: 1017 exit Jun 19 15:35:13 bastion LinuxCommandsWazuh: User ubuntu [4084778]: 1018 sudo deluser ankit sudo Jun 19 15:35:32 bastion LinuxCommandsWazuh: User venky [2499085]: 1138 kubetail urlbird-jobs-8fb84d5c9-qzcj7 Jun 19 15:36:59 bastion LinuxCommandsWazuh: User venky [2499085]: 1139 kubetail urlbird-jobs-8fb84d5c9-qzcj7 | grep "Updated Redis cache for successful" Jun 19 15:37:51 bastion LinuxCommandsWazuh: User venky [2499085]: 1140 kubetail urlbird-jobs- | grep "Updated Redis cache for successful" Jun 19 15:38:02 bastion LinuxCommandsWazuh: User ubuntu [4084778]: 1019 ls /root Jun 19 15:38:07 bastion ubuntu: root@ [4174723]: exit [0] Jun 19 15:38:10 bastion ubuntu: root@ [4174723]: ls /root [0] Jun 19 15:38:15 bastion LinuxCommandsWazuh: User ubuntu [4174973]: 1017 exit Jun 19 15:38:16 bastion LinuxCommandsWazuh: User ubuntu [4174973]: 1018 ls Jun 19 15:38:18 bastion LinuxCommandsWazuh: User ubuntu [4174973]: 1019 whomai Jun 19 15:38:22 bastion LinuxCommandsWazuh: User ubuntu [4174973]: 1019 whomai Jun 19 15:38:26 bastion LinuxCommandsWazuh: User ubuntu [4174973]: 1020 whoami Jun 19 15:39:26 bastion ubuntu: root@ [4177214]: exit [0] Jun 19 15:39:42 bastion ubuntu: root@ [4177214]: deluser ankit sudo [6] Jun 19 15:39:49 bastion LinuxCommandsWazuh: User ankit [4177964]: 35 exit Jun 19 15:39:55 bastion LinuxCommandsWazuh: User ankit [4177964]: 36 ls sudo Jun 19 15:40:00 bastion ubuntu: root@ [4178310]: exit [0] Jun 19 15:40:31 bastion ubuntu: root@ [4178310]: sudo ls [0] Jun 19 15:40:35 bastion LinuxCommandsWazuh: User ankit [4179523]: 35 exit Jun 19 15:40:37 bastion LinuxCommandsWazuh: User ankit [4179523]: 36 sudo ls Jun 19 15:41:52 bastion LinuxCommandsWazuh: User ankit [4179523]: 37 ll Jun 19 15:52:54 bastion LinuxCommandsWazuh: User venky [2499085]: 1141 kubetail urlbird-jobs- | grep "Upserted enrichment fields for" Jun 19 15:53:08 bastion LinuxCommandsWazuh: User venky [2499085]: 1142 kubetail urlbird-jobs- | grep "Updated Redis cache for successful" Jun 19 15:55:26 bastion LinuxCommandsWazuh: User ankit [4056498]: 31 cat /home/ankit/.kube/config Jun 19 15:55:26 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ankit [4056498]: 31 cat /home/ankit/.kube/config] Jun 19 15:55:28 bastion ubuntu: root@ [4056418]: su ankit [0] Jun 19 15:55:31 bastion LinuxCommandsWazuh: User ubuntu [4054197]: 53 sudo su Jun 19 15:55:36 bastion ubuntu: root@ [4054094]: su ubuntu [0] Jun 19 15:55:38 bastion LinuxCommandsWazuh: User ankit [4046934]: 47 sudo su Jun 19 15:55:41 bastion LinuxCommandsWazuh: message repeated 3 times: [ User ankit [4046934]: 47 sudo su] Jun 19 15:55:44 bastion ubuntu: root@ [4046918]: su ankit [130] Jun 19 15:55:46 bastion LinuxCommandsWazuh: User ubuntu [4046838]: 58 sudo su Jun 19 15:55:49 bastion ubuntu: root@ [4046821]: su ubuntu [130] Jun 19 15:55:50 bastion LinuxCommandsWazuh: User ankit [4046765]: 35 sudo su Jun 19 15:55:52 bastion ubuntu: root@ [4046748]: su ankit [130] Jun 19 16:07:10 bastion LinuxCommandsWazuh: User shamailtayyab [1561469]: 1998 internal Jun 19 16:07:11 bastion LinuxCommandsWazuh: User shamailtayyab [1561469]: 1999 ls Jun 19 16:07:12 bastion LinuxCommandsWazuh: User shamailtayyab [1561469]: 1999 ls Jun 19 16:13:20 bastion LinuxCommandsWazuh: User ubuntu [4046662]: 56 sudo su Jun 19 16:13:23 bastion ubuntu: root@ [4046646]: su ubuntu [130] Jun 19 16:13:24 bastion LinuxCommandsWazuh: User ankit [4046632]: 29 sudo su Jun 19 16:13:32 bastion ubuntu: root@ [4046614]: su ankit [130] Jun 19 16:13:54 bastion LinuxCommandsWazuh: User ubuntu [4046482]: 55 sudo su Jun 19 16:16:31 bastion LinuxCommandsWazuh: User rihan [2724108]: 1058 kubectl get pods | grep forever Jun 19 16:16:35 bastion LinuxCommandsWazuh: User rihan [2724108]: 1058 kubectl get pods | grep forever Jun 19 16:16:49 bastion LinuxCommandsWazuh: User shamailtayyab [1561469]: 2000 internal Jun 19 16:25:58 bastion LinuxCommandsWazuh: User ubuntu [3897630]: 1039 exit Jun 19 16:25:58 bastion LinuxCommandsWazuh: message repeated 3 times: [ User ubuntu [3897630]: 1039 exit] Jun 19 16:26:11 bastion LinuxCommandsWazuh: User ubuntu [3897630]: 1040 htop Jun 19 16:26:12 bastion LinuxCommandsWazuh: User ubuntu [3897630]: 1040 htop Jun 19 16:26:13 bastion LinuxCommandsWazuh: User ubuntu [3897630]: 1040 htop Jun 19 16:26:40 bastion LinuxCommandsWazuh: User ankit [4179523]: 38 whomai Jun 19 16:26:48 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ankit [4179523]: 38 whomai] Jun 19 16:26:50 bastion LinuxCommandsWazuh: User ankit [4179523]: 39 whoami Jun 19 16:26:53 bastion ubuntu: root@ [4178310]: su ankit [0] Jun 19 16:26:55 bastion LinuxCommandsWazuh: User ankit [4177964]: 37 sudo su Jun 19 16:26:57 bastion ubuntu: root@ [4177214]: su ankit [0] Jun 19 16:27:02 bastion LinuxCommandsWazuh: User ubuntu [4174973]: 1021 sudo su Jun 19 16:27:04 bastion ubuntu: root@ [4174723]: su ubuntu [0] Jun 19 16:27:06 bastion LinuxCommandsWazuh: User ubuntu [4084778]: 1020 sudo su Jun 19 16:27:07 bastion ubuntu: root@ [4084600]: su ubuntu [0] Jun 19 16:27:09 bastion LinuxCommandsWazuh: User ankit [4075491]: 40 sudo su Jun 19 16:27:10 bastion ubuntu: root@ [4075397]: su ankit [0] Jun 19 16:27:12 bastion LinuxCommandsWazuh: User ubuntu [4069052]: 1025 sudo su Jun 19 16:27:14 bastion ubuntu: root@ [4068984]: su ubuntu [0] Jun 19 16:27:17 bastion LinuxCommandsWazuh: User ankit [4067155]: 42 sudo su Jun 19 16:27:49 bastion ubuntu: root@ [4067112]: su ankit [1] Jun 19 16:27:49 bastion LinuxCommandsWazuh: User ubuntu [4066754]: 1020 sudo su Jun 19 16:27:50 bastion LinuxCommandsWazuh: User ankit [4066473]: 38 sudo su ubuntu Jun 19 16:27:50 bastion ubuntu: root@ [4066394]: su ankit [1] Jun 19 17:20:46 bastion LinuxCommandsWazuh: User ubuntu [2455986]: 1079 sudo su Jun 19 17:20:47 bastion LinuxCommandsWazuh: User ubuntu [2455986]: 1080 ls Jun 19 17:20:48 bastion LinuxCommandsWazuh: User ubuntu [2455986]: 1080 ls Jun 19 17:20:52 bastion LinuxCommandsWazuh: User ankit [2468714]: 3 sudo su ubuntu Jun 19 17:20:53 bastion LinuxCommandsWazuh: User ankit [2468714]: 4 cd Jun 19 17:20:55 bastion ubuntu: root@ [2475185]: su ankit [0] Jun 19 17:21:54 bastion LinuxCommandsWazuh: User ankit [2468714]: 5 sudo su Jun 19 17:21:55 bastion LinuxCommandsWazuh: User ankit [2468714]: 6 cd .. Jun 19 17:21:56 bastion LinuxCommandsWazuh: User ankit [2468714]: 7 cd Jun 19 17:21:57 bastion LinuxCommandsWazuh: User ankit [2468714]: 8 ls Jun 19 17:21:58 bastion LinuxCommandsWazuh: User ankit [2468714]: cd .. Jun 19 17:21:58 bastion LinuxCommandsWazuh: User ankit [2468714]: 100 ls Jun 19 17:22:06 bastion LinuxCommandsWazuh: User ashish [2629844]: 46 exit Jun 19 17:22:06 bastion LinuxCommandsWazuh: User ashish [2629844]: 47 cd Jun 19 17:22:07 bastion LinuxCommandsWazuh: User ashish [2629844]: 48 ls Jun 19 17:22:48 bastion LinuxCommandsWazuh: User ubuntu [2721642]: 1079 sudo su Jun 19 17:22:59 bastion LinuxCommandsWazuh: User ubuntu [2721642]: 1080 ls Jun 19 17:23:17 bastion LinuxCommandsWazuh: User ubuntu [2721642]: 1081 su ankit Jun 19 17:23:20 bastion ubuntu: root@ [2790943]: exit [0] Jun 19 17:23:25 bastion LinuxCommandsWazuh: User ankit [2801556]: 3 sudo su ubuntu Jun 19 17:23:41 bastion ubuntu: root@ [2836739]: exit [0] Jun 19 17:24:26 bastion ubuntu: root@ [2836739]: sudo deluser username sudo [2] Jun 19 17:24:35 bastion ubuntu: root@ [2836739]: sudo deluser ankit sudo [6] Jun 19 17:24:51 bastion LinuxCommandsWazuh: User ankit [2988689]: 3 sudo su ubuntu Jun 19 17:24:54 bastion ubuntu: root@ [2994734]: exit [0] Jun 19 17:25:08 bastion ubuntu: root@ [2994734]: wxit [127] Jun 19 17:25:10 bastion LinuxCommandsWazuh: User ankit [2988689]: 4 sudo su Jun 19 17:25:12 bastion ubuntu: root@ [2836739]: su ankit [127] Jun 19 17:25:14 bastion LinuxCommandsWazuh: User ankit [2801556]: 4 sudo su Jun 19 17:25:16 bastion ubuntu: root@ [2790943]: su ankit [127] Jun 19 17:25:18 bastion LinuxCommandsWazuh: User ubuntu [2721642]: 1082 sudo su Jun 19 17:25:38 bastion LinuxCommandsWazuh: User ubuntu [3092170]: 1083 exit Jun 19 17:25:42 bastion ubuntu: root@ [3102001]: exit [0] Jun 19 17:25:49 bastion LinuxCommandsWazuh: User ubuntu [3092170]: 1084 sudo su Jun 19 17:25:52 bastion LinuxCommandsWazuh: User ubuntu [3092170]: 1085 sudo deluser username sudo Jun 19 17:26:00 bastion LinuxCommandsWazuh: User ubuntu [3092170]: 1086 sudo deluser ankit sudo Jun 19 17:26:23 bastion LinuxCommandsWazuh: User ubuntu [3092170]: 1087 groups ankit Jun 19 17:26:35 bastion LinuxCommandsWazuh: User ubuntu [3092170]: 1088 sudo ls Jun 19 17:26:39 bastion LinuxCommandsWazuh: User ubuntu [3092170]: 1089 ls sudo Jun 19 17:26:44 bastion ubuntu: root@ [3224941]: exit [0] Jun 19 17:26:47 bastion ubuntu: root@ [3224941]: ls sudo [2] Jun 19 17:26:51 bastion LinuxCommandsWazuh: User ubuntu [3092170]: 1090 sudo su Jun 19 17:27:09 bastion LinuxCommandsWazuh: User ubuntu [3092170]: 1091 groups ankit Jun 19 17:27:16 bastion ubuntu: root@ [3295275]: exit [0] Jun 19 17:31:33 bastion ubuntu: root@ [3295275]: deluser ankit sudo [6] Jun 19 17:32:49 bastion ubuntu: root@ [3295275]: ls sudo [2] Jun 19 17:33:04 bastion LinuxCommandsWazuh: User ashish [2629844]: 49 sudo su Jun 19 17:33:04 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ashish [2629844]: 49 sudo su ] Jun 19 17:33:06 bastion LinuxCommandsWazuh: User ankit [2468714]: 101 sudo su ashish Jun 19 17:33:07 bastion LinuxCommandsWazuh: User ubuntu [3092170]: 1092 sudo su Jun 19 17:33:09 bastion LinuxCommandsWazuh: User ankit [2468714]: 102 cd Jun 19 17:33:10 bastion LinuxCommandsWazuh: User ubuntu [3092170]: 1093 sudo ls sudo Jun 19 17:33:11 bastion ubuntu: root@ [4072569]: exit [0] Jun 19 17:33:13 bastion LinuxCommandsWazuh: User ankit [2468714]: 103 sudo su Jun 19 17:33:15 bastion LinuxCommandsWazuh: User ubuntu [2455986]: 1081 sudo su ankit Jun 19 17:33:16 bastion LinuxCommandsWazuh: User ubuntu [2455986]: 1082 ls Jun 19 17:33:25 bastion LinuxCommandsWazuh: User ubuntu [3092170]: 1094 sudo deluser ankit sudo Jun 19 17:33:28 bastion ubuntu: root@ [4110398]: exit [0] Jun 19 17:33:45 bastion LinuxCommandsWazuh: User ankit [4146521]: 108 exit Jun 19 17:33:53 bastion ubuntu: root@ [4163429]: exit [0] Jun 19 17:33:56 bastion LinuxCommandsWazuh: User ankit [4146521]: 109 sudo su Jun 19 17:36:09 bastion LinuxCommandsWazuh: User ankit [4146521]: 110 cd /etc/ Jun 19 17:36:10 bastion LinuxCommandsWazuh: User ankit [4146521]: 111 ls Jun 19 17:36:25 bastion LinuxCommandsWazuh: User ankit [4146521]: 112 cat sudoers Jun 19 17:36:29 bastion ubuntu: root@ [294600]: exit [0] Jun 19 17:36:35 bastion ubuntu: root@ [294600]: cat sudoers [0] Jun 19 17:38:21 bastion ubuntu: root@ [294600]: cat sudoers.d/ [1] Jun 19 17:38:30 bastion ubuntu: root@ [294600]: cd sudoers.d/ [0] Jun 19 17:38:31 bastion ubuntu: root@ [294600]: ls [0] Jun 19 17:38:45 bastion ubuntu: root@ [294600]: cat google_sudoers [0] Jun 19 17:38:53 bastion ubuntu: root@ [294600]: cat 90-cloud-init-users [0] Jun 19 17:39:01 bastion ubuntu: root@ [294600]: cat README [0] Jun 19 17:39:55 bastion ubuntu: root@ [294600]: id ankit [0] Jun 19 17:41:28 bastion ubuntu: root@ [294600]: sudo gpasswd -d ankit google-sudoers [0] Jun 19 17:41:31 bastion LinuxCommandsWazuh: User ankit [4146521]: 113 sudo su Jun 19 17:41:34 bastion ubuntu: root@ [955474]: exit [0] Jun 19 17:41:44 bastion ubuntu: root@ [955474]: cd .. [0] Jun 19 17:41:46 bastion LinuxCommandsWazuh: User ankit [4146521]: 113 sudo su Jun 19 17:41:48 bastion ubuntu: root@ [4110398]: su ankit [0] Jun 19 17:41:50 bastion LinuxCommandsWazuh: User ubuntu [3092170]: 1095 sudo su Jun 19 17:42:00 bastion ubuntu: root@ [1011345]: exit [0] Jun 19 17:42:06 bastion LinuxCommandsWazuh: User ankit [1024161]: 114 exit Jun 19 17:42:15 bastion LinuxCommandsWazuh: User ankit [1024161]: 115 sudo su Jun 19 17:45:04 bastion LinuxCommandsWazuh: User ankit [1024161]: 115 sudo su Jun 19 17:46:21 bastion ubuntu: root@ [1011345]: su ankit [1] Jun 19 17:46:23 bastion LinuxCommandsWazuh: User ubuntu [3092170]: 1095 sudo su Jun 19 17:46:37 bastion LinuxCommandsWazuh: User ankit [1592270]: 116 exit Jun 19 17:46:47 bastion LinuxCommandsWazuh: User ankit [1592270]: 117 sudo su Jun 19 17:46:57 bastion LinuxCommandsWazuh: User ubuntu [1635648]: 1100 exit Jun 19 17:47:16 bastion ubuntu: root@ [1676698]: exit [0] Jun 19 17:47:17 bastion LinuxCommandsWazuh: User ubuntu [1635648]: 1101 sudo su Jun 19 17:52:53 bastion LinuxCommandsWazuh: User ankur [2412130]: 1293 byobu Jun 19 17:52:54 bastion LinuxCommandsWazuh: User ankur [2412130]: 1294 ls Jun 19 18:11:23 bastion LinuxCommandsWazuh: User rihan [593779]: 1058 kubectl get pods | grep forever Jun 19 18:11:26 bastion LinuxCommandsWazuh: message repeated 2 times: [ User rihan [593779]: 1058 kubectl get pods | grep forever] Jun 19 18:14:24 bastion LinuxCommandsWazuh: User rihan [593779]: 1059 redis Jun 19 18:28:30 bastion LinuxCommandsWazuh: User rihan [2807017]: 1059 redis Jun 19 18:32:00 bastion LinuxCommandsWazuh: User ankit [3258342]: 118 exit Jun 19 18:32:22 bastion LinuxCommandsWazuh: User ankit [3258342]: 119 kubectl get nodes Jun 19 18:32:32 bastion LinuxCommandsWazuh: User ankit [3258342]: 120 kubectl get ns Jun 19 18:33:22 bastion LinuxCommandsWazuh: User ankit [3258342]: 121 helm list -n loki Jun 19 18:33:52 bastion LinuxCommandsWazuh: User ankit [3258342]: 122 kubectl -n loki get pods Jun 19 18:33:52 bastion LinuxCommandsWazuh: User ankit [3258342]: 123 kubectl -n loki describe pod Jun 19 18:34:30 bastion LinuxCommandsWazuh: User ankit [3258342]: 124 kubectl describe loki Jun 19 18:34:57 bastion LinuxCommandsWazuh: User ankit [3258342]: 125 kubectl -n loki get pods | count Jun 19 18:35:07 bastion LinuxCommandsWazuh: User ankit [3258342]: 126 kubectl -n loki get pods | wc -l Jun 19 18:35:14 bastion LinuxCommandsWazuh: User ankit [3258342]: 127 kubectl -n loki get pods Jun 19 18:35:17 bastion LinuxCommandsWazuh: User ankit [3258342]: 128 kubectl -n loki get pods | wc -l Jun 19 18:46:06 bastion LinuxCommandsWazuh: User ankit [3258342]: 129 kubectl -n loki get pods Jun 19 18:47:11 bastion LinuxCommandsWazuh: User ankit [3258342]: 130 kubectl -n loki get pods describe loki-query-frontend-8545f8c74c-sl74b Jun 19 18:47:38 bastion LinuxCommandsWazuh: User ankit [3258342]: 131 kubectl -n loki describe loki-query-frontend-8545f8c74c-sl74b Jun 19 18:47:48 bastion LinuxCommandsWazuh: User ankit [3258342]: 132 kubectl -n loki get pods Jun 19 18:50:12 bastion LinuxCommandsWazuh: User ankit [3258342]: 133 kubectl get pods Jun 19 18:50:17 bastion LinuxCommandsWazuh: User ankit [3258342]: 134 kubectl get ns Jun 19 18:50:46 bastion LinuxCommandsWazuh: User ankit [3258342]: 135 kubectl -n loki get pods Jun 19 18:52:29 bastion LinuxCommandsWazuh: User ankit [3258342]: 136 kubectl get ns Jun 19 18:53:31 bastion LinuxCommandsWazuh: User adil [1840663]: 108 exit Jun 19 18:53:57 bastion LinuxCommandsWazuh: User ankit [3258342]: 137 kubectl -n loki get pods Jun 19 18:54:00 bastion LinuxCommandsWazuh: User adil [3241461]: 108 redis-cli Jun 19 18:54:09 bastion LinuxCommandsWazuh: User adil [3241461]: 109 vi .bashrc Jun 19 18:54:13 bastion LinuxCommandsWazuh: User ankit [3258342]: 138 ls Jun 19 18:54:16 bastion LinuxCommandsWazuh: User ankit [3258342]: 139 cd .. Jun 19 18:54:18 bastion LinuxCommandsWazuh: User ankit [3258342]: 140 ls Jun 19 18:54:33 bastion LinuxCommandsWazuh: User ubuntu [1973046]: 1102 exit Jun 19 18:54:46 bastion LinuxCommandsWazuh: User venky [2002254]: 1089 byobu Jun 19 18:54:48 bastion LinuxCommandsWazuh: User venky [2002254]: 1090 cd Jun 19 18:58:25 bastion LinuxCommandsWazuh: User ankit [3258342]: 141 kubectl -n loki describe promtail-zrlvp Jun 19 18:58:42 bastion LinuxCommandsWazuh: User ankit [3258342]: 142 kubectl -n loki describe prometheus-server-54f76c9955-ldngr Jun 19 18:59:04 bastion LinuxCommandsWazuh: User ankit [3258342]: 143 kubectl -n loki describe prometheus-prometheus-node-exporter-2d2ln Jun 19 18:59:17 bastion LinuxCommandsWazuh: User ankit [3258342]: 144 kubectl -n loki get pods Jun 19 18:59:36 bastion LinuxCommandsWazuh: User ankit [3258342]: 145 kubectl -n loki describe pods prometheus-prometheus-node-exporter-2d2ln Jun 19 19:00:12 bastion LinuxCommandsWazuh: User ankit [3258342]: 146 kubectl -n loki describe all Jun 19 19:00:20 bastion LinuxCommandsWazuh: User ankit [3258342]: 147 kubectl -n loki describe pods prometheus-prometheus-node-exporter-2d2ln Jun 19 19:06:34 bastion LinuxCommandsWazuh: User venky [2002254]: 1091 redis-server Jun 19 19:07:14 bastion LinuxCommandsWazuh: User ankit [3258342]: 147 kubectl -n loki describe pods prometheus-prometheus-node-exporter-2d2ln Jun 19 20:41:04 bastion LinuxCommandsWazuh: User venky [130519]: 1091 redis-server Jun 19 20:41:09 bastion LinuxCommandsWazuh: User venky [2499085]: 1143 kubetail urlbird- | grep "Enrichment data" Jun 19 20:41:23 bastion LinuxCommandsWazuh: User venky [2499085]: 1144 kubetail urlbird-jobs- Jun 19 20:41:53 bastion LinuxCommandsWazuh: User venky [2499085]: 1145 kubectl get po | grep url Jun 19 20:42:32 bastion LinuxCommandsWazuh: User venky [2499085]: 1146 kubectl rollout restart deploy urlbird-jobs Jun 19 20:42:35 bastion LinuxCommandsWazuh: User venky [2499085]: 1147 kubectl get po | grep url Jun 19 20:42:41 bastion LinuxCommandsWazuh: User venky [2499085]: 1147 kubectl get po | grep url Jun 19 20:46:48 bastion LinuxCommandsWazuh: User venky [2499085]: 1148 kubetail urlbird- | grep "Cookie_cutter returned" Jun 19 20:46:52 bastion LinuxCommandsWazuh: User venky [2499085]: 1148 kubetail urlbird- | grep "Cookie_cutter returned" Jun 19 20:46:55 bastion LinuxCommandsWazuh: User venky [2499085]: 1149 kubectl get po | grep url Jun 19 20:49:50 bastion LinuxCommandsWazuh: User venky [2499085]: 1149 kubectl get po | grep url Jun 19 20:50:34 bastion LinuxCommandsWazuh: User venky [2499085]: 1149 kubectl get po | grep url Jun 19 20:56:21 bastion LinuxCommandsWazuh: User venky [2499085]: 1149 kubectl get po | grep url Jun 19 20:56:26 bastion LinuxCommandsWazuh: message repeated 4 times: [ User venky [2499085]: 1149 kubectl get po | grep url] Jun 19 20:57:50 bastion LinuxCommandsWazuh: User venky [2499085]: 1149 kubectl get po | grep url Jun 19 20:57:54 bastion LinuxCommandsWazuh: User venky [2499085]: 1149 kubectl get po | grep url Jun 19 21:04:40 bastion LinuxCommandsWazuh: User venky [2499085]: 1149 kubectl get po | grep url Jun 19 21:04:41 bastion LinuxCommandsWazuh: User venky [2499085]: 1149 kubectl get po | grep url Jun 19 22:58:45 bastion LinuxCommandsWazuh: User ankit [522560]: 145 kubectl -n loki describe pods prometheus-prometheus-node-exporter-2d2ln