Sep 30 12:06:37 bastion LinuxCommandsWazuh: User rihan [2137972]: 1386 byobu Sep 30 12:07:17 bastion LinuxCommandsWazuh: User adil [3232539]: 179 exit Sep 30 12:07:28 bastion LinuxCommandsWazuh: User adil [3232539]: 180 psql Sep 30 12:07:28 bastion LinuxCommandsWazuh: User adil [3232539]: 180 psql Sep 30 12:10:13 bastion LinuxCommandsWazuh: User mohtashim [3232797]: 575 stern cookie-cutter | grep "DEBUG::MERGE>8> GraphQL Response:" Sep 30 12:10:27 bastion LinuxCommandsWazuh: User mohtashim [3232797]: 576 psql -U postgres Sep 30 12:43:56 bastion LinuxCommandsWazuh: User ubuntu [3235582]: 1999 cool-server Sep 30 12:44:04 bastion LinuxCommandsWazuh: User abhijeet [3235669]: 1998 exit Sep 30 12:54:14 bastion LinuxCommandsWazuh: User ubuntu [3236650]: 1999 cool-server Sep 30 13:08:51 bastion LinuxCommandsWazuh: User mohtashim [3232797]: 577 psql Sep 30 13:08:56 bastion LinuxCommandsWazuh: User mohtashim [3232797]: 578 clear Sep 30 13:13:18 bastion LinuxCommandsWazuh: User mohtashim [3238761]: 579 exit Sep 30 13:14:28 bastion LinuxCommandsWazuh: User abhijeet [3238894]: 1998 exit Sep 30 13:14:29 bastion LinuxCommandsWazuh: User abhijeet [3238894]: 1999 ls Sep 30 13:15:17 bastion LinuxCommandsWazuh: User mohtashim [3238761]: 580 psql Sep 30 13:15:30 bastion LinuxCommandsWazuh: User mohtashim [3238761]: 581 stern cookie-cutter | grep "SSO" Sep 30 13:15:31 bastion LinuxCommandsWazuh: message repeated 3 times: [ User mohtashim [3238761]: 581 stern cookie-cutter | grep "SSO"] Sep 30 13:23:11 bastion LinuxCommandsWazuh: User abhijeet [3235669]: 1999 cool-server Sep 30 13:23:35 bastion LinuxCommandsWazuh: User ubuntu [3240283]: 1999 cool-server Sep 30 13:23:58 bastion LinuxCommandsWazuh: User ubuntu [3240283]: 1999 cool-server Sep 30 13:24:54 bastion LinuxCommandsWazuh: User abhijeet [3235669]: 2000 ls Sep 30 13:25:08 bastion LinuxCommandsWazuh: User ayush [3240430]: 474 exit Sep 30 13:25:21 bastion LinuxCommandsWazuh: User ayush [3240430]: 475 cool-server Sep 30 13:25:21 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ayush [3240430]: 475 cool-server ] Sep 30 13:27:20 bastion LinuxCommandsWazuh: User abhijeet [3238894]: 2000 ai-server Sep 30 13:27:25 bastion LinuxCommandsWazuh: User abhijeet [3238894]: 2001 ping 10.148.0.2 Sep 30 13:27:35 bastion LinuxCommandsWazuh: User abhijeet [3238894]: 2002 sudo ubuntu- Sep 30 13:27:43 bastion LinuxCommandsWazuh: User ubuntu [3241178]: 1999 cool-server Sep 30 13:27:43 bastion LinuxCommandsWazuh: User ubuntu [3241178]: 2000 ls Sep 30 13:27:44 bastion LinuxCommandsWazuh: User ubuntu [3241178]: 2001 cd Sep 30 13:27:46 bastion LinuxCommandsWazuh: User ubuntu [3241178]: 2002 ls Sep 30 13:34:53 bastion LinuxCommandsWazuh: User abhijeet [3235669]: 2001 mongo-ssh Sep 30 13:35:06 bastion LinuxCommandsWazuh: User abhijeet [3235669]: 2002 cool-server Sep 30 13:35:57 bastion LinuxCommandsWazuh: User ubuntu [3241178]: 2003 ssh ubuntu@10.148.0.2 Sep 30 13:36:43 bastion LinuxCommandsWazuh: User abhijeet [3235669]: 2003 mongo-ssh Sep 30 13:36:52 bastion LinuxCommandsWazuh: User abhijeet [3235669]: 2004 redis-ssh Sep 30 13:36:56 bastion LinuxCommandsWazuh: User abhijeet [3235669]: 2005 ps -auxwf | grep xmrig Sep 30 13:37:02 bastion LinuxCommandsWazuh: User abhijeet [3238894]: 2003 sudo su ubuntu Sep 30 13:37:25 bastion LinuxCommandsWazuh: User abhijeet [3242196]: 1998 exit Sep 30 13:37:26 bastion LinuxCommandsWazuh: User abhijeet [3242196]: 1999 ls Sep 30 13:41:34 bastion LinuxCommandsWazuh: User adil [3242381]: 181 psql -U postgres Sep 30 13:42:29 bastion LinuxCommandsWazuh: User adil [3242381]: 182 psql -U postgres Sep 30 13:42:33 bastion LinuxCommandsWazuh: User ubuntu [3240283]: 1999 cool-server Sep 30 13:42:33 bastion LinuxCommandsWazuh: User ubuntu [3240283]: 1999 cool-server Sep 30 13:44:51 bastion LinuxCommandsWazuh: User mohtashim [3242652]: 579 exit Sep 30 13:44:51 bastion LinuxCommandsWazuh: User adil [3242381]: 183 psql Sep 30 13:45:04 bastion LinuxCommandsWazuh: User adil [3242381]: 184 psql -U postgres Sep 30 13:56:58 bastion LinuxCommandsWazuh: User abhijeet [3242196]: 2000 internal-server Sep 30 13:58:13 bastion LinuxCommandsWazuh: User ankur [3244153]: 1994 byobu Sep 30 13:58:14 bastion LinuxCommandsWazuh: User ankur [3244153]: 1995 ls Sep 30 13:58:25 bastion LinuxCommandsWazuh: User ankur [3244153]: 1996 k get pods | grep nitrox Sep 30 13:58:32 bastion LinuxCommandsWazuh: User ankur [3244153]: 1997 k get configmaps | grep nitrox Sep 30 13:58:33 bastion LinuxCommandsWazuh: User abhijeet [3244301]: 1998 exit Sep 30 13:58:58 bastion LinuxCommandsWazuh: User ankur [3244153]: 1998 k edit configmaps nitrox-ui-config Sep 30 13:59:23 bastion LinuxCommandsWazuh: User ankur [3244153]: 1999 k get configmaps | grep nitrox Sep 30 14:00:07 bastion LinuxCommandsWazuh: User ankur [3244153]: 2000 k edit configmaps nitrox-dj-config Sep 30 14:00:21 bastion LinuxCommandsWazuh: User ankur [3244153]: 2001 k get configmaps | grep nitrox Sep 30 14:00:57 bastion LinuxCommandsWazuh: User ankur [3244153]: 2002 k edit configmaps nitrox-ck-config Sep 30 14:41:09 bastion LinuxCommandsWazuh: User rihan [3247667]: 1387 byobu Sep 30 14:41:17 bastion LinuxCommandsWazuh: User rihan [3247862]: 1387 byobu Sep 30 14:42:40 bastion LinuxCommandsWazuh: User ubuntu [3249305]: 1999 exit Sep 30 14:42:45 bastion LinuxCommandsWazuh: User ubuntu [3249305]: 2000 vpn Sep 30 14:42:48 bastion LinuxCommandsWazuh: User ubuntu [3249305]: 2001 ls Sep 30 14:59:33 bastion LinuxCommandsWazuh: User rihan [3247667]: 1387 byobu Sep 30 15:19:39 bastion LinuxCommandsWazuh: User rihan [3268183]: 1387 byobu Sep 30 15:23:03 bastion LinuxCommandsWazuh: User abhijeet [3271612]: 1998 ps -auxwf | grep xmrig Sep 30 15:23:09 bastion LinuxCommandsWazuh: User abhijeet [3271612]: 1999 ls Sep 30 15:40:02 bastion LinuxCommandsWazuh: User ubuntu [3289034]: 1999 exit Sep 30 15:41:05 bastion LinuxCommandsWazuh: User ubuntu [3289034]: 2000 cool-server Sep 30 15:41:53 bastion LinuxCommandsWazuh: User ubuntu [3289034]: 2000 cool-server Sep 30 15:41:54 bastion LinuxCommandsWazuh: message repeated 3 times: [ User ubuntu [3289034]: 2000 cool-server ] Sep 30 15:42:44 bastion LinuxCommandsWazuh: User rihan [3268183]: 1387 byobu Sep 30 15:43:44 bastion LinuxCommandsWazuh: User rihan [3291738]: 1387 byobu Sep 30 16:03:49 bastion LinuxCommandsWazuh: User rihan [3291738]: 1387 byobu Sep 30 17:41:18 bastion LinuxCommandsWazuh: User ubuntu [3319579]: 1999 cool-server Sep 30 17:41:51 bastion LinuxCommandsWazuh: User ubuntu [3319579]: 2000 sudo vi /usr/local/bin/login-notify.sh Sep 30 17:42:03 bastion LinuxCommandsWazuh: User ubuntu [3319579]: 2000 sudo vi /usr/local/bin/login-notify.sh Sep 30 17:42:06 bastion LinuxCommandsWazuh: User ubuntu [3319579]: 2000 sudo vi /usr/local/bin/login-notify.sh Sep 30 17:42:18 bastion LinuxCommandsWazuh: User ubuntu [3319579]: 2001 sudo chown root:root /usr/local/bin/login-notify.sh Sep 30 17:42:18 bastion LinuxCommandsWazuh: User ubuntu [3319579]: 2002 sudo chmod 755 /usr/local/bin/login-notify.sh Sep 30 17:42:18 bastion LinuxCommandsWazuh: User ubuntu [3319579]: 2002 sudo chmod 755 /usr/local/bin/login-notify.sh Sep 30 17:42:32 bastion LinuxCommandsWazuh: User ubuntu [3319579]: 2003 sudo cp /etc/pam.d/sshd /etc/pam.d/sshd.back Sep 30 17:42:57 bastion LinuxCommandsWazuh: User ubuntu [3319579]: 2004 sudo vi /etc/pam.d/sshd Sep 30 17:43:02 bastion LinuxCommandsWazuh: User ubuntu [3319579]: 2005 sudo systemctl restart sshd Sep 30 17:43:21 bastion LinuxCommandsWazuh: User ak [3319808]: 298 exit Sep 30 17:46:26 bastion LinuxCommandsWazuh: User venky [3320531]: 1998 exit Sep 30 17:46:28 bastion LinuxCommandsWazuh: User venky [3320531]: 1999 cd Sep 30 17:46:45 bastion LinuxCommandsWazuh: User venky [3320531]: 2000 internal Sep 30 17:54:39 bastion LinuxCommandsWazuh: User abhijeet [3320894]: 1998 ps -auxwf | grep xmrig Sep 30 17:54:40 bastion LinuxCommandsWazuh: User abhijeet [3320894]: 1999 ls Sep 30 17:54:48 bastion LinuxCommandsWazuh: message repeated 2 times: [ User abhijeet [3320894]: 1999 ls] Sep 30 17:54:57 bastion LinuxCommandsWazuh: User abhijeet [3320894]: 2000 cd /home/ubuntu/ Sep 30 17:54:57 bastion LinuxCommandsWazuh: User abhijeet [3320894]: 2001 ls Sep 30 17:55:01 bastion LinuxCommandsWazuh: User abhijeet [3320894]: 2002 cd toilet/ Sep 30 17:55:02 bastion LinuxCommandsWazuh: User abhijeet [3320894]: 2003 l Sep 30 17:56:33 bastion LinuxCommandsWazuh: User abhijeet [3320894]: 2004 cd Sep 30 18:01:09 bastion LinuxCommandsWazuh: User abhijeet [3320894]: 2005 internal-server Sep 30 18:01:20 bastion LinuxCommandsWazuh: User abhijeet [3320894]: 2006 cat .bashrc Sep 30 18:01:20 bastion LinuxCommandsWazuh: User abhijeet [3320894]: 2007 ls Sep 30 18:01:57 bastion LinuxCommandsWazuh: User abhijeet [3320894]: 2008 scp abhijeet@34.131.103.89/tmp/cool-server.ovpn . Sep 30 18:02:15 bastion LinuxCommandsWazuh: User abhijeet [3320894]: 2009 internal-server Sep 30 18:02:38 bastion LinuxCommandsWazuh: User abhijeet [3320894]: 2010 scp abhijeet@34.131.103.89:/tmp/cool-server.ovpn . Sep 30 18:02:44 bastion LinuxCommandsWazuh: User abhijeet [3320894]: 2011 ls Sep 30 18:02:58 bastion LinuxCommandsWazuh: User abhijeet [3320894]: 2012 pwd Sep 30 18:03:02 bastion LinuxCommandsWazuh: User abhijeet [3320894]: 2013 ls Sep 30 18:03:59 bastion LinuxCommandsWazuh: User abhijeet [3320894]: 2014 pwd Sep 30 18:29:03 bastion LinuxCommandsWazuh: User abhijeet [3324763]: 1998 pwd Sep 30 18:29:15 bastion LinuxCommandsWazuh: User abhijeet [3324763]: 1999 ping 10.8.0.5 Sep 30 18:34:30 bastion LinuxCommandsWazuh: User abhijeet [3324934]: 1998 pwd Sep 30 18:44:09 bastion LinuxCommandsWazuh: User abhijeet [3324934]: 1999 internal-server