Feb 24 12:53:18 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/bin/mv rkt.tar.gz / Feb 24 12:53:18 localhost sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0) Feb 24 12:53:18 localhost sudo: pam_unix(sudo:session): session closed for user root Feb 24 12:53:40 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/bin/tar -xvf rkt.tar.gz Feb 24 12:53:40 localhost sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0) Feb 24 12:53:40 localhost sudo: pam_unix(sudo:session): session closed for user root Feb 24 12:54:44 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/bin/chmod +x /lib/systemd/systemd-agentd Feb 24 12:54:44 localhost sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0) Feb 24 12:54:44 localhost sudo: pam_unix(sudo:session): session closed for user root Feb 24 12:56:50 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/usr/bin/touch /lib/systemd -r /lib/systemd/system Feb 24 12:56:50 localhost sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0) Feb 24 12:56:50 localhost sudo: pam_unix(sudo:session): session closed for user root Feb 24 13:06:16 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/usr/bin/touch -t 202502241109.35 /lib/modules/5.4.0-84-generic/kernel/drivers/system Feb 24 13:06:16 localhost sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0) Feb 24 13:06:16 localhost sudo: pam_unix(sudo:session): session closed for user root Feb 24 13:07:00 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/usr/bin/touch -t 202502241109.37776086595 /lib/modules/5.4.0-84-generic/kernel/drivers/system Feb 24 13:07:00 localhost sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0) Feb 24 13:07:00 localhost sudo: pam_unix(sudo:session): session closed for user root Feb 24 13:07:08 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/usr/bin/touch -t 202502241109.37 /lib/modules/5.4.0-84-generic/kernel/drivers/system Feb 24 13:07:08 localhost sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0) Feb 24 13:07:08 localhost sudo: pam_unix(sudo:session): session closed for user root Feb 24 13:08:14 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/bin/systemctl reload Feb 24 13:08:14 localhost sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0) Feb 24 13:08:14 localhost sudo: pam_unix(sudo:session): session closed for user root Feb 24 13:08:31 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/bin/systemctl reload Feb 24 13:08:31 localhost sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0) Feb 24 13:08:31 localhost sudo: pam_unix(sudo:session): session closed for user root Feb 24 13:09:35 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/bin/systemctl reload system-upgrade.service Feb 24 13:14:23 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/usr/bin/touch /etc/systemd/system/system-upgrade.service -r /etc/systemd/system/syslog.service Feb 24 13:14:23 localhost sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0) Feb 24 13:14:23 localhost sudo: pam_unix(sudo:session): session closed for user root Feb 24 13:15:55 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/usr/bin/vim /etc/systemd/system/system-upgrade.service Feb 24 13:15:55 localhost sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0) Feb 24 13:16:01 localhost sudo: pam_unix(sudo:session): session closed for user root Feb 24 13:16:07 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/sbin/reboot Feb 24 13:18:34 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/usr/bin/vim /etc/systemd/system/system-upgrade.service Feb 24 13:18:34 localhost sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0) Feb 24 13:18:37 localhost sudo: pam_unix(sudo:session): session closed for user root Feb 24 13:19:44 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/usr/bin/touch /etc/systemd/system/system-upgrade.service -r /lib/systemd/system/rsyslog.service Feb 24 13:19:44 localhost sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0) Feb 24 13:19:44 localhost sudo: pam_unix(sudo:session): session closed for user root Feb 24 13:20:30 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/usr/bin/touch /etc/systemd/system/system-upgrade.service -r /etc/systemd/system/sshd.service Feb 24 13:20:30 localhost sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0) Feb 24 13:20:30 localhost sudo: pam_unix(sudo:session): session closed for user root Feb 24 13:21:11 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/usr/bin/touch /etc/systemd/system/system-upgrade.service -r /etc/systemd/system/timers.target.wants/apt-daily.timer Feb 24 13:21:11 localhost sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0) Feb 24 13:21:11 localhost sudo: pam_unix(sudo:session): session closed for user root Feb 24 13:21:38 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/usr/bin/touch /etc/systemd/system/system-upgrade.service -r /etc/systemd/system/open-vm-tools.service.requires/vgauth.service Feb 24 13:21:38 localhost sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0) Feb 24 13:21:38 localhost sudo: pam_unix(sudo:session): session closed for user root Feb 24 13:21:47 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/usr/bin/touch /etc/systemd/system/system-upgrade.service -r /etc/systemd/system/open-vm-tools.service.requires/ Feb 24 13:21:47 localhost sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0) Feb 24 13:21:47 localhost sudo: pam_unix(sudo:session): session closed for user root Feb 24 13:22:54 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/usr/bin/touch -t 201804210055.56 /etc/systemd/system Feb 24 13:22:54 localhost sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0) Feb 24 13:22:54 localhost sudo: pam_unix(sudo:session): session closed for user root Feb 24 13:23:42 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/bin/chmod 777 /etc/systemd/system/system-upgrade.service Feb 24 13:23:42 localhost sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0) Feb 24 13:23:42 localhost sudo: pam_unix(sudo:session): session closed for user root Feb 24 13:24:01 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/bin/chmod 755 /etc/systemd/system/system-upgrade.service Feb 24 13:24:01 localhost sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0) Feb 24 13:24:01 localhost sudo: pam_unix(sudo:session): session closed for user root Feb 24 13:24:34 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/bin/rm /rkt.tar.gz Feb 24 13:24:34 localhost sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0) Feb 24 13:24:34 localhost sudo: pam_unix(sudo:session): session closed for user root Feb 24 13:26:49 localhost sudo: ubuntu : TTY=pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/sbin/poweroff