Assume the role of a Senior SOC Analyst. You are presented with a set of raw Linux logs (auth.log, syslog, and bash_history). The logs show a series of failed SSH attempts followed by a successful login at an unusual hour, followed by the execution of a base64 encoded string. Your task is to: 1. Parse the logs to extract the IP address of the attacker, the username used, and the exact timestamp of the breach. 2. Decode the base64 payload and explain what the command does. 3. Reconstruct the MITRE ATT&CK TTPs (Tactics, Techniques, and Procedures) used in this attack chain. 4. Propose specific firewall and SELinux rules to prevent this specific attack vector.