LeakIX - Host 123.108.59.4

Host 123.108.59.4

India

Netmagic Datacenter Mumbai

CentOS

Software information

Apache Apache 2.4.6

tcp/80

OpenSSL OpenSSL 1.0.2k-fips

tcp/80

CheckMK monitoring endpoint publicly available

An open CheckMK agent is publicly available.

This could leak sensitive information such as :

Process list ( maybe credentials )
Network interfaces
Running services
Firewall rules
Internal OS configuration

https://docs.checkmk.com/latest/en/wato_monitoringagents.html

IP: 123.108.59.4
Port: 6556

First seen 2022-06-17 22:17
Last seen 2023-04-10 14:54
Open for 296 days

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a041e3f71b5dc18584730af1c374aaf950

Found public CheckMk agent:
Version: 1.5.0p21
AgentOS: linux
Hostname: proxylab.mum05.simpliwan.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,54512,6804,05:44:49/819-07:16:50,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:02/819-07:16:50,2) [kthreadd]
(root,0,0,00:06:02/819-07:16:50,3) [ksoftirqd/0]
(root,0,0,00:00:00/819-07:16:50,5) [kworker/0:0H]
(root,0,0,00:00:00/819-07:16:50,7) [migration/0]
(root,0,0,00:00:00/819-07:16:50,8) [rcu_bh]
(root,0,0,00:00:00/819-07:16:50,9) [rcuob/0]
(root,0,0,03:46:42/819-07:16:50,10) [rcu_sched]
(root,0,0,10:44:46/819-07:16:50,11) [rcuos/0]
(root,0,0,00:05:37/819-07:16:50,12) [watchdog/0]
(root,0,0,00:00:00/819-07:16:50,13) [khelper]
(root,0,0,00:00:00/819-07:16:50,14) [kdevtmpfs]
(root,0,0,00:00:00/819-07:16:50,15) [netns]
(root,0,0,00:00:00/819-07:16:50,16) [perf]
(root,0,0,00:00:00/819-07:16:50,17) [writeback]
(root,0,0,00:00:00/819-07:16:50,18) [kintegrityd]
(root,0,0,00:00:00/819-07:16:50,19) [bioset]
(root,0,0,00:00:00/819-07:16:50,20) [kblockd]
(root,0,0,00:00:00/819-07:16:50,21) [md]
(root,0,0,00:00:12/819-07:16:50,26) [khungtaskd]
(root,0,0,00:00:00/819-07:16:50,27) [kswapd0]
(root,0,0,00:00:00/819-07:16:50,28) [ksmd]
(root,0,0,00:02:42/819-07:16:50,29) [khugepaged]
(root,0,0,00:00:00/819-07:16:50,30) [fsnotify_mark]
(root,0,0,00:00:00/819-07:16:50,31) [crypto]
(root,0,0,00:00:00/819-07:16:50,39) [kthrotld]
(root,0,0,00:00:00/819-07:16:50,41) [kmpath_rdacd]
(root,0,0,00:00:00/819-07:16:49,42) [kpsmoused]
(root,0,0,00:00:00/819-07:16:49,44) [ipv6_addrconf]
(root,0,0,00:00:00/819-07:16:49,63) [deferwq]
(root,0,0,00:02:30/819-07:16:49,115) [kauditd]
(root,0,0,00:00:00/819-07:16:49,218) [ata_sff]
(root,0,0,00:00:00/819-07:16:49,224) [events_power_ef]
(root,0,0,00:00:00/819-07:16:49,226) [scsi_eh_0]
(root,0,0,00:00:00/819-07:16:49,228) [scsi_tmf_0]
(root,0,0,00:00:00/819-07:16:49,229) [scsi_eh_1]
(root,0,0,00:00:00/819-07:16:49,231) [scsi_tmf_1]
(root,0,0,00:00:00/819-07:16:49,241) [ttm_swap]
(root,0,0,00:13:07/819-07:16:48,258) [kworker/0:1H]
(root,0,0,00:25:38/819-07:16:48,263) [jbd2/vda2-8]
(root,0,0,00:00:00/819-07:16:48,264) [ext4-rsv-conver]
(root,0,0,00:00:00/819-07:16:48,265) [ext4-unrsv-conv]
(root,55416,18828,06:45:41/819-07:16:46,334) /usr/lib/systemd/systemd-journald
(root,46404,5092,00:00:00/819-07:16:45,362) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/819-07:16:44,1003) [vballoon]
(root,0,0,00:00:00/819-07:16:44,1240) [jbd2/vda1-8]
(root,0,0,00:00:00/819-07:16:44,1250) [ext4-rsv-conver]
(root,0,0,00:00:00/819-07:16:44,1260) [ext4-unrsv-conv]
(root,0,0,00:00:00/819-07:16:44,1514) [rpciod]
(root,55460,1112,00:17:02/819-07:16:43,1519) /sbin/auditd
(root,26328,1764,01:09:30/819-07:16:43,1540) /usr/lib/systemd/systemd-logind
(dbus,32860,2100,01:56:21/819-07:16:43,1541) /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(rpc,69160,1060,00:01:10/819-07:16:43,1542) /sbin/rpcbind -w
(root,322524,24208,00:12:06/819-07:16:43,1545) /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
(ntp,29904,2148,00:09:03/819-07:16:43,1573) /usr/sbin/ntpd -u ntp:ntp -g
(root,195028,1232,00:00:00/819-07:16:42,1574) /usr/sbin/gssproxy -D
(root,126224,1680,00:13:06/819-07:16:42,1584) /usr/sbin/crond -n
(root,110036,824,00:00:00/819-07:16:42,1587) /sbin/agetty --noclear tty1 linux
(root,110036,836,00:00:00/819-07:16:42,1588) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt220
(root,221324,12116,06:55:12/819-07:16:42,1608) /usr/bin/python /usr/bin/supervisord -c /etc/supervisord.conf
(root,445332,10328,00:32:15/819-07:16:41,1696) /usr/sbin/NetworkManager --no-daemon
(root,51396,2692,00:00:00/819-07:16:41,1871) /usr/sbin/wpa_supplicant -u -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant/wpa_supplicant.conf -u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid
(polkitd,635908,13300,00:19:44/819-07:16:41,1872) /usr/lib/polkit-1/polkitd --no-debug
(root,82952,3688,00:29:47/819-07:16:27,2730) /usr/sbin/sshd -D
(root,555656,16372,01:34:09/819-07:16:27,2731) /usr/bin/python -Es /usr/sbin/tuned -l -P
(nobody,15552,1252,13:22:51/819-07:16:27,2732) /usr/sbin/dnsmasq -k
(root,524484,16364,03:58:17/819-07:16:26,2737) /usr/sbin/rsyslogd -n
(mongod,405968,78992,3-06:20:11/819-07:16:26,3071) /usr/bin/mongod -f /etc/mongod.conf
(root,741720,33688,08:31:22/819-07:16:26,3147) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,89472,2160,00:07:52/819-07:16:25,3672) /usr/libexec/postfix/master -w
(postfix,89752,4136,00:03:09/819-07:16:25,3679) qmgr -l -t unix -u
(root,0,0,00:00:01/23:35:57,5490) [kworker/u2:0]
(root,44672,1816,00:00:01/368-03:46:33,6191) /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
(haproxy,56568,9864,00:00:00/10:28:57,9896) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 18724
(haproxy,57592,9848,00:01:15/10:28:57,9901) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 18724
(root,1289768,60236,1-05:24:55/777-06:45:45,14367) /usr/bin/node app
(root,0,0,00:00:00/05:03:57,18864) [kworker/u2:1]
(postfix,89576,3920,00:00:00/44:35,20001) pickup -l -t unix -u
(root,0,0,00:00:00/10:57,24764) [kworker/0:1]
(root,0,0,00:00:00/04:57,25517) [kworker/0:0]
(root,113128,1588,00:00:00/00:00,26295) /bin/bash /usr/bin/check_mk_agent
(root,51652,1664,00:00:00/00:00,26311) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13268,720,00:00:00/00:00,26312) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:01/03:35:57,30198) [kworker/0:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:8d:b8:55 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
4: eth1.100@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
5: eth1.110@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
6: eth1.50@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-04-10 14:54

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a041e3f71b5dc18584730af1c3a36f10c2

Found public CheckMk agent:
Version: 1.5.0p21
AgentOS: linux
Hostname: proxylab.mum05.simpliwan.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,54512,6804,05:30:44/787-12:35:06,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:02/787-12:35:06,2) [kthreadd]
(root,0,0,00:05:50/787-12:35:06,3) [ksoftirqd/0]
(root,0,0,00:00:00/787-12:35:06,5) [kworker/0:0H]
(root,0,0,00:00:00/787-12:35:06,7) [migration/0]
(root,0,0,00:00:00/787-12:35:06,8) [rcu_bh]
(root,0,0,00:00:00/787-12:35:06,9) [rcuob/0]
(root,0,0,03:38:39/787-12:35:06,10) [rcu_sched]
(root,0,0,10:21:34/787-12:35:06,11) [rcuos/0]
(root,0,0,00:05:24/787-12:35:06,12) [watchdog/0]
(root,0,0,00:00:00/787-12:35:06,13) [khelper]
(root,0,0,00:00:00/787-12:35:06,14) [kdevtmpfs]
(root,0,0,00:00:00/787-12:35:06,15) [netns]
(root,0,0,00:00:00/787-12:35:06,16) [perf]
(root,0,0,00:00:00/787-12:35:06,17) [writeback]
(root,0,0,00:00:00/787-12:35:06,18) [kintegrityd]
(root,0,0,00:00:00/787-12:35:06,19) [bioset]
(root,0,0,00:00:00/787-12:35:06,20) [kblockd]
(root,0,0,00:00:00/787-12:35:06,21) [md]
(root,0,0,00:00:11/787-12:35:06,26) [khungtaskd]
(root,0,0,00:00:00/787-12:35:06,27) [kswapd0]
(root,0,0,00:00:00/787-12:35:06,28) [ksmd]
(root,0,0,00:02:36/787-12:35:06,29) [khugepaged]
(root,0,0,00:00:00/787-12:35:06,30) [fsnotify_mark]
(root,0,0,00:00:00/787-12:35:06,31) [crypto]
(root,0,0,00:00:00/787-12:35:06,39) [kthrotld]
(root,0,0,00:00:00/787-12:35:06,41) [kmpath_rdacd]
(root,0,0,00:00:00/787-12:35:05,42) [kpsmoused]
(root,0,0,00:00:00/787-12:35:05,44) [ipv6_addrconf]
(root,0,0,00:00:00/787-12:35:05,63) [deferwq]
(root,0,0,00:02:22/787-12:35:05,115) [kauditd]
(root,0,0,00:00:00/787-12:35:05,218) [ata_sff]
(root,0,0,00:00:00/787-12:35:05,224) [events_power_ef]
(root,0,0,00:00:00/787-12:35:05,226) [scsi_eh_0]
(root,0,0,00:00:00/787-12:35:05,228) [scsi_tmf_0]
(root,0,0,00:00:00/787-12:35:05,229) [scsi_eh_1]
(root,0,0,00:00:00/787-12:35:05,231) [scsi_tmf_1]
(root,0,0,00:00:00/787-12:35:05,241) [ttm_swap]
(root,0,0,00:12:36/787-12:35:04,258) [kworker/0:1H]
(root,0,0,00:24:35/787-12:35:04,263) [jbd2/vda2-8]
(root,0,0,00:00:00/787-12:35:04,264) [ext4-rsv-conver]
(root,0,0,00:00:00/787-12:35:04,265) [ext4-unrsv-conv]
(root,92284,43580,06:29:43/787-12:35:02,334) /usr/lib/systemd/systemd-journald
(root,46404,5092,00:00:00/787-12:35:01,362) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/2-04:16:38,992) [kworker/u2:0]
(root,0,0,00:00:00/787-12:35:00,1003) [vballoon]
(root,0,0,00:00:00/787-12:35:00,1240) [jbd2/vda1-8]
(root,0,0,00:00:00/787-12:35:00,1250) [ext4-rsv-conver]
(root,0,0,00:00:00/787-12:35:00,1260) [ext4-unrsv-conv]
(root,0,0,00:00:00/787-12:35:00,1514) [rpciod]
(root,55460,1112,00:16:14/787-12:34:59,1519) /sbin/auditd
(root,26328,1764,01:06:43/787-12:34:59,1540) /usr/lib/systemd/systemd-logind
(dbus,32860,2100,01:51:47/787-12:34:59,1541) /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(rpc,69160,1060,00:01:08/787-12:34:59,1542) /sbin/rpcbind -w
(root,322524,24208,00:11:39/787-12:34:59,1545) /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
(ntp,29904,2148,00:08:42/787-12:34:59,1573) /usr/sbin/ntpd -u ntp:ntp -g
(root,195028,1232,00:00:00/787-12:34:58,1574) /usr/sbin/gssproxy -D
(root,126224,1680,00:12:33/787-12:34:58,1584) /usr/sbin/crond -n
(root,110036,824,00:00:00/787-12:34:58,1587) /sbin/agetty --noclear tty1 linux
(root,110036,836,00:00:00/787-12:34:58,1588) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt220
(root,221324,12116,06:30:13/787-12:34:58,1608) /usr/bin/python /usr/bin/supervisord -c /etc/supervisord.conf
(root,445332,10328,00:31:00/787-12:34:57,1696) /usr/sbin/NetworkManager --no-daemon
(root,51396,2692,00:00:00/787-12:34:57,1871) /usr/sbin/wpa_supplicant -u -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant/wpa_supplicant.conf -u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid
(polkitd,635908,13300,00:18:58/787-12:34:57,1872) /usr/lib/polkit-1/polkitd --no-debug
(root,82952,3688,00:28:16/787-12:34:43,2730) /usr/sbin/sshd -D
(root,555656,16372,01:30:31/787-12:34:43,2731) /usr/bin/python -Es /usr/sbin/tuned -l -P
(nobody,15552,1252,13:21:00/787-12:34:43,2732) /usr/sbin/dnsmasq -k
(root,578564,27836,03:48:35/787-12:34:42,2737) /usr/sbin/rsyslogd -n
(mongod,405968,78992,3-03:14:56/787-12:34:42,3071) /usr/bin/mongod -f /etc/mongod.conf
(root,795716,39004,08:07:06/787-12:34:42,3147) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,89472,2160,00:07:33/787-12:34:41,3672) /usr/libexec/postfix/master -w
(postfix,89752,4136,00:03:02/787-12:34:41,3679) qmgr -l -t unix -u
(root,44672,1812,00:00:01/336-09:04:49,6191) /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
(root,0,0,00:00:00/54:13,10002) [kworker/0:0]
(root,0,0,00:00:00/05:01:38,11759) [kworker/u2:1]
(root,1292840,62544,1-04:01:05/745-12:04:01,14367) /usr/bin/node app
(postfix,89576,3932,00:00:00/15:50,14857) pickup -l -t unix -u
(root,0,0,00:00:00/08:13,15882) [kworker/0:2]
(root,0,0,00:00:00/02:13,16641) [kworker/0:1]
(root,113128,1584,00:00:00/00:00,17086) /bin/bash /usr/bin/check_mk_agent
(root,51652,1664,00:00:00/00:00,17102) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13268,720,00:00:00/00:00,17103) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(haproxy,56480,9952,00:00:00/15:24:13,27736) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 2427
(haproxy,57708,10052,00:04:15/15:24:13,27740) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 2427

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:8d:b8:55 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
4: eth1.100@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
5: eth1.110@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
6: eth1.50@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-03-09 20:13

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a041e3f71b5dc18584730af1c3307611ae

Found public CheckMk agent:
Version: 1.5.0p21
AgentOS: linux
Hostname: proxylab.mum05.simpliwan.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,54512,6804,05:29:27/784-16:39:25,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:02/784-16:39:25,2) [kthreadd]
(root,0,0,00:05:49/784-16:39:25,3) [ksoftirqd/0]
(root,0,0,00:00:00/784-16:39:25,5) [kworker/0:0H]
(root,0,0,00:00:00/784-16:39:25,7) [migration/0]
(root,0,0,00:00:00/784-16:39:25,8) [rcu_bh]
(root,0,0,00:00:00/784-16:39:25,9) [rcuob/0]
(root,0,0,03:37:56/784-16:39:25,10) [rcu_sched]
(root,0,0,10:19:30/784-16:39:25,11) [rcuos/0]
(root,0,0,00:05:22/784-16:39:25,12) [watchdog/0]
(root,0,0,00:00:00/784-16:39:25,13) [khelper]
(root,0,0,00:00:00/784-16:39:25,14) [kdevtmpfs]
(root,0,0,00:00:00/784-16:39:25,15) [netns]
(root,0,0,00:00:00/784-16:39:25,16) [perf]
(root,0,0,00:00:00/784-16:39:25,17) [writeback]
(root,0,0,00:00:00/784-16:39:25,18) [kintegrityd]
(root,0,0,00:00:00/784-16:39:25,19) [bioset]
(root,0,0,00:00:00/784-16:39:25,20) [kblockd]
(root,0,0,00:00:00/784-16:39:25,21) [md]
(root,0,0,00:00:11/784-16:39:25,26) [khungtaskd]
(root,0,0,00:00:00/784-16:39:25,27) [kswapd0]
(root,0,0,00:00:00/784-16:39:25,28) [ksmd]
(root,0,0,00:02:36/784-16:39:25,29) [khugepaged]
(root,0,0,00:00:00/784-16:39:25,30) [fsnotify_mark]
(root,0,0,00:00:00/784-16:39:25,31) [crypto]
(root,0,0,00:00:00/784-16:39:25,39) [kthrotld]
(root,0,0,00:00:00/784-16:39:25,41) [kmpath_rdacd]
(root,0,0,00:00:00/784-16:39:24,42) [kpsmoused]
(root,0,0,00:00:00/784-16:39:24,44) [ipv6_addrconf]
(root,0,0,00:00:00/784-16:39:24,63) [deferwq]
(root,0,0,00:02:22/784-16:39:24,115) [kauditd]
(root,0,0,00:00:00/784-16:39:24,218) [ata_sff]
(root,0,0,00:00:00/784-16:39:24,224) [events_power_ef]
(root,0,0,00:00:00/784-16:39:24,226) [scsi_eh_0]
(root,0,0,00:00:00/784-16:39:24,228) [scsi_tmf_0]
(root,0,0,00:00:00/784-16:39:24,229) [scsi_eh_1]
(root,0,0,00:00:00/784-16:39:24,231) [scsi_tmf_1]
(root,0,0,00:00:00/784-16:39:24,241) [ttm_swap]
(root,0,0,00:12:33/784-16:39:23,258) [kworker/0:1H]
(root,0,0,00:24:29/784-16:39:23,263) [jbd2/vda2-8]
(root,0,0,00:00:00/784-16:39:23,264) [ext4-rsv-conver]
(root,0,0,00:00:00/784-16:39:23,265) [ext4-unrsv-conv]
(root,55416,20864,06:28:18/784-16:39:21,334) /usr/lib/systemd/systemd-journald
(root,46404,5092,00:00:00/784-16:39:20,362) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/784-16:39:19,1003) [vballoon]
(root,0,0,00:00:00/784-16:39:19,1240) [jbd2/vda1-8]
(root,0,0,00:00:00/784-16:39:19,1250) [ext4-rsv-conver]
(root,0,0,00:00:00/784-16:39:19,1260) [ext4-unrsv-conv]
(root,0,0,00:00:00/784-16:39:19,1514) [rpciod]
(root,55460,1112,00:16:10/784-16:39:18,1519) /sbin/auditd
(root,26328,1764,01:06:28/784-16:39:18,1540) /usr/lib/systemd/systemd-logind
(dbus,32860,2100,01:51:22/784-16:39:18,1541) /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(rpc,69160,1060,00:01:07/784-16:39:18,1542) /sbin/rpcbind -w
(root,322524,24208,00:11:36/784-16:39:18,1545) /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
(ntp,29904,2148,00:08:41/784-16:39:18,1573) /usr/sbin/ntpd -u ntp:ntp -g
(root,195028,1232,00:00:00/784-16:39:17,1574) /usr/sbin/gssproxy -D
(root,126224,1680,00:12:30/784-16:39:17,1584) /usr/sbin/crond -n
(root,110036,824,00:00:00/784-16:39:17,1587) /sbin/agetty --noclear tty1 linux
(root,110036,836,00:00:00/784-16:39:17,1588) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt220
(root,221324,12116,06:28:02/784-16:39:17,1608) /usr/bin/python /usr/bin/supervisord -c /etc/supervisord.conf
(root,445332,10328,00:30:53/784-16:39:16,1696) /usr/sbin/NetworkManager --no-daemon
(root,51396,2692,00:00:00/784-16:39:16,1871) /usr/sbin/wpa_supplicant -u -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant/wpa_supplicant.conf -u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid
(polkitd,635908,13300,00:18:54/784-16:39:16,1872) /usr/lib/polkit-1/polkitd --no-debug
(root,82952,3688,00:28:08/784-16:39:02,2730) /usr/sbin/sshd -D
(root,555656,16372,01:30:11/784-16:39:02,2731) /usr/bin/python -Es /usr/sbin/tuned -l -P
(nobody,15552,1252,13:20:50/784-16:39:02,2732) /usr/sbin/dnsmasq -k
(root,541472,17388,03:47:47/784-16:39:01,2737) /usr/sbin/rsyslogd -n
(mongod,405968,78992,3-02:58:14/784-16:39:01,3071) /usr/bin/mongod -f /etc/mongod.conf
(root,767120,37940,08:05:02/784-16:39:01,3147) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,0,0,00:00:00/11:42:32,3235) [kworker/u2:0]
(root,89472,2160,00:07:32/784-16:39:00,3672) /usr/libexec/postfix/master -w
(postfix,89752,4136,00:03:01/784-16:39:00,3679) qmgr -l -t unix -u
(postfix,89576,3932,00:00:00/43:08,4028) pickup -l -t unix -u
(haproxy,56480,9952,00:00:00/19:26:32,6010) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 16293
(haproxy,57792,9996,00:05:07/19:26:32,6014) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 16293
(root,44672,1816,00:00:01/333-13:09:08,6191) /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
(root,0,0,00:00:00/05:32,9165) [kworker/0:2]
(root,113128,1580,00:00:00/00:00,10059) /bin/bash /usr/bin/check_mk_agent
(root,51652,1664,00:00:00/00:00,10075) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13268,720,00:00:00/00:00,10076) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/18:40:32,12374) [kworker/u2:1]
(root,1289768,60308,1-03:53:38/742-16:08:20,14367) /usr/bin/node app
(root,0,0,00:00:01/02:25:32,22007) [kworker/0:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:8d:b8:55 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
4: eth1.100@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
5: eth1.110@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
6: eth1.50@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-03-07 00:17

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a041e3f71b5dc18584730af1c36994649b

Found public CheckMk agent:
Version: 1.5.0p21
AgentOS: linux
Hostname: proxylab.mum05.simpliwan.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,54512,6804,05:26:55/779-00:05:58,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:02/779-00:05:58,2) [kthreadd]
(root,0,0,00:05:47/779-00:05:58,3) [ksoftirqd/0]
(root,0,0,00:00:00/779-00:05:58,5) [kworker/0:0H]
(root,0,0,00:00:00/779-00:05:58,7) [migration/0]
(root,0,0,00:00:00/779-00:05:58,8) [rcu_bh]
(root,0,0,00:00:00/779-00:05:58,9) [rcuob/0]
(root,0,0,03:36:28/779-00:05:58,10) [rcu_sched]
(root,0,0,10:15:18/779-00:05:58,11) [rcuos/0]
(root,0,0,00:05:20/779-00:05:58,12) [watchdog/0]
(root,0,0,00:00:00/779-00:05:58,13) [khelper]
(root,0,0,00:00:00/779-00:05:58,14) [kdevtmpfs]
(root,0,0,00:00:00/779-00:05:58,15) [netns]
(root,0,0,00:00:00/779-00:05:58,16) [perf]
(root,0,0,00:00:00/779-00:05:58,17) [writeback]
(root,0,0,00:00:00/779-00:05:58,18) [kintegrityd]
(root,0,0,00:00:00/779-00:05:58,19) [bioset]
(root,0,0,00:00:00/779-00:05:58,20) [kblockd]
(root,0,0,00:00:00/779-00:05:58,21) [md]
(root,0,0,00:00:11/779-00:05:58,26) [khungtaskd]
(root,0,0,00:00:00/779-00:05:58,27) [kswapd0]
(root,0,0,00:00:00/779-00:05:58,28) [ksmd]
(root,0,0,00:02:35/779-00:05:58,29) [khugepaged]
(root,0,0,00:00:00/779-00:05:58,30) [fsnotify_mark]
(root,0,0,00:00:00/779-00:05:58,31) [crypto]
(root,0,0,00:00:00/779-00:05:58,39) [kthrotld]
(root,0,0,00:00:00/779-00:05:58,41) [kmpath_rdacd]
(root,0,0,00:00:00/779-00:05:57,42) [kpsmoused]
(root,0,0,00:00:00/779-00:05:57,44) [ipv6_addrconf]
(root,0,0,00:00:00/779-00:05:57,63) [deferwq]
(root,0,0,00:02:20/779-00:05:57,115) [kauditd]
(root,0,0,00:00:00/779-00:05:57,218) [ata_sff]
(root,0,0,00:00:00/779-00:05:57,224) [events_power_ef]
(root,0,0,00:00:00/779-00:05:57,226) [scsi_eh_0]
(root,0,0,00:00:00/779-00:05:57,228) [scsi_tmf_0]
(root,0,0,00:00:00/779-00:05:57,229) [scsi_eh_1]
(root,0,0,00:00:00/779-00:05:57,231) [scsi_tmf_1]
(root,0,0,00:00:00/779-00:05:57,241) [ttm_swap]
(root,0,0,00:12:27/779-00:05:56,258) [kworker/0:1H]
(root,0,0,00:24:17/779-00:05:56,263) [jbd2/vda2-8]
(root,0,0,00:00:00/779-00:05:56,264) [ext4-rsv-conver]
(root,0,0,00:00:00/779-00:05:56,265) [ext4-unrsv-conv]
(root,39032,3824,06:25:15/779-00:05:54,334) /usr/lib/systemd/systemd-journald
(root,46404,5092,00:00:00/779-00:05:53,362) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/779-00:05:52,1003) [vballoon]
(root,0,0,00:00:00/779-00:05:52,1240) [jbd2/vda1-8]
(root,0,0,00:00:00/779-00:05:52,1250) [ext4-rsv-conver]
(root,0,0,00:00:00/779-00:05:52,1260) [ext4-unrsv-conv]
(root,0,0,00:00:00/779-00:05:52,1514) [rpciod]
(root,55460,1112,00:15:59/779-00:05:51,1519) /sbin/auditd
(root,26328,1764,01:05:58/779-00:05:51,1540) /usr/lib/systemd/systemd-logind
(dbus,32860,2100,01:50:33/779-00:05:51,1541) /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(rpc,69160,1060,00:01:07/779-00:05:51,1542) /sbin/rpcbind -w
(root,322524,24208,00:11:31/779-00:05:51,1545) /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
(ntp,29904,2148,00:08:37/779-00:05:51,1573) /usr/sbin/ntpd -u ntp:ntp -g
(root,195028,1232,00:00:00/779-00:05:50,1574) /usr/sbin/gssproxy -D
(root,126224,1680,00:12:24/779-00:05:50,1584) /usr/sbin/crond -n
(root,110036,824,00:00:00/779-00:05:50,1587) /sbin/agetty --noclear tty1 linux
(root,110036,836,00:00:00/779-00:05:50,1588) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt220
(root,221324,12116,06:23:36/779-00:05:50,1608) /usr/bin/python /usr/bin/supervisord -c /etc/supervisord.conf
(root,445332,10328,00:30:39/779-00:05:49,1696) /usr/sbin/NetworkManager --no-daemon
(root,51396,2692,00:00:00/779-00:05:49,1871) /usr/sbin/wpa_supplicant -u -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant/wpa_supplicant.conf -u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid
(polkitd,635908,13300,00:18:46/779-00:05:49,1872) /usr/lib/polkit-1/polkitd --no-debug
(root,82952,3688,00:27:48/779-00:05:35,2730) /usr/sbin/sshd -D
(root,555656,16372,01:29:32/779-00:05:35,2731) /usr/bin/python -Es /usr/sbin/tuned -l -P
(nobody,15552,1252,13:20:30/779-00:05:35,2732) /usr/sbin/dnsmasq -k
(root,507928,7008,03:46:00/779-00:05:34,2737) /usr/sbin/rsyslogd -n
(mongod,405968,78992,3-02:24:59/779-00:05:34,3071) /usr/bin/mongod -f /etc/mongod.conf
(root,725356,28252,07:59:57/779-00:05:34,3147) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,89472,2160,00:07:28/779-00:05:33,3672) /usr/libexec/postfix/master -w
(postfix,89752,4136,00:03:00/779-00:05:33,3679) qmgr -l -t unix -u
(root,44672,1816,00:00:01/327-20:35:41,6191) /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
(haproxy,56480,9952,00:00:00/02:50:05,7207) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 14424
(haproxy,57560,9948,00:00:43/02:50:05,7212) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 14424
(root,1289768,59784,1-03:38:48/736-23:34:53,14367) /usr/bin/node app
(root,0,0,00:00:00/05:41:05,17729) [kworker/u2:0]
(postfix,89576,3920,00:00:00/55:23,23127) pickup -l -t unix -u
(root,0,0,00:00:00/16:30,27909) [kworker/0:0]
(root,0,0,00:00:00/05:05,29281) [kworker/0:2]
(root,113128,1588,00:00:00/00:00,30074) /bin/bash /usr/bin/check_mk_agent
(root,51652,1664,00:00:00/00:00,30090) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13268,720,00:00:00/00:00,30091) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:04/3-19:21:30,30480) [kworker/u2:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:8d:b8:55 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
4: eth1.100@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
5: eth1.110@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
6: eth1.50@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-03-01 07:44

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a041e3f71b5dc18584730af1c377ac495e

Found public CheckMk agent:
Version: 1.5.0p21
AgentOS: linux
Hostname: proxylab.mum05.simpliwan.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,54512,6804,05:21:20/767-00:44:39,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:02/767-00:44:39,2) [kthreadd]
(root,0,0,00:05:43/767-00:44:39,3) [ksoftirqd/0]
(root,0,0,00:00:00/767-00:44:39,5) [kworker/0:0H]
(root,0,0,00:00:00/767-00:44:39,7) [migration/0]
(root,0,0,00:00:00/767-00:44:39,8) [rcu_bh]
(root,0,0,00:00:00/767-00:44:39,9) [rcuob/0]
(root,0,0,03:33:26/767-00:44:39,10) [rcu_sched]
(root,0,0,10:06:35/767-00:44:39,11) [rcuos/0]
(root,0,0,00:05:15/767-00:44:39,12) [watchdog/0]
(root,0,0,00:00:00/767-00:44:39,13) [khelper]
(root,0,0,00:00:00/767-00:44:39,14) [kdevtmpfs]
(root,0,0,00:00:00/767-00:44:39,15) [netns]
(root,0,0,00:00:00/767-00:44:39,16) [perf]
(root,0,0,00:00:00/767-00:44:39,17) [writeback]
(root,0,0,00:00:00/767-00:44:39,18) [kintegrityd]
(root,0,0,00:00:00/767-00:44:39,19) [bioset]
(root,0,0,00:00:00/767-00:44:39,20) [kblockd]
(root,0,0,00:00:00/767-00:44:39,21) [md]
(root,0,0,00:00:11/767-00:44:39,26) [khungtaskd]
(root,0,0,00:00:00/767-00:44:39,27) [kswapd0]
(root,0,0,00:00:00/767-00:44:39,28) [ksmd]
(root,0,0,00:02:32/767-00:44:39,29) [khugepaged]
(root,0,0,00:00:00/767-00:44:39,30) [fsnotify_mark]
(root,0,0,00:00:00/767-00:44:39,31) [crypto]
(root,0,0,00:00:00/767-00:44:39,39) [kthrotld]
(root,0,0,00:00:00/767-00:44:39,41) [kmpath_rdacd]
(root,0,0,00:00:00/767-00:44:38,42) [kpsmoused]
(root,0,0,00:00:00/767-00:44:38,44) [ipv6_addrconf]
(root,0,0,00:00:00/767-00:44:38,63) [deferwq]
(root,0,0,00:02:17/767-00:44:38,115) [kauditd]
(root,0,0,00:00:00/767-00:44:38,218) [ata_sff]
(root,0,0,00:00:00/767-00:44:38,224) [events_power_ef]
(root,0,0,00:00:00/767-00:44:38,226) [scsi_eh_0]
(root,0,0,00:00:00/767-00:44:38,228) [scsi_tmf_0]
(root,0,0,00:00:00/767-00:44:38,229) [scsi_eh_1]
(root,0,0,00:00:00/767-00:44:38,231) [scsi_tmf_1]
(root,0,0,00:00:00/767-00:44:38,241) [ttm_swap]
(root,0,0,00:12:15/767-00:44:37,258) [kworker/0:1H]
(root,0,0,00:23:53/767-00:44:37,263) [jbd2/vda2-8]
(root,0,0,00:00:00/767-00:44:37,264) [ext4-rsv-conver]
(root,0,0,00:00:00/767-00:44:37,265) [ext4-unrsv-conv]
(root,88184,44868,06:19:00/767-00:44:35,334) /usr/lib/systemd/systemd-journald
(root,46404,5092,00:00:00/767-00:44:34,362) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/01:35:46,729) [kworker/u2:0]
(root,0,0,00:00:00/767-00:44:33,1003) [vballoon]
(root,0,0,00:00:00/767-00:44:33,1240) [jbd2/vda1-8]
(root,0,0,00:00:00/767-00:44:33,1250) [ext4-rsv-conver]
(root,0,0,00:00:00/767-00:44:33,1260) [ext4-unrsv-conv]
(root,0,0,00:00:00/767-00:44:33,1514) [rpciod]
(root,55460,1112,00:15:39/767-00:44:32,1519) /sbin/auditd
(root,26328,1764,01:04:52/767-00:44:32,1540) /usr/lib/systemd/systemd-logind
(dbus,32860,2100,01:48:48/767-00:44:32,1541) /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(rpc,69160,1060,00:01:06/767-00:44:32,1542) /sbin/rpcbind -w
(root,322524,24208,00:11:21/767-00:44:32,1545) /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
(ntp,29904,2148,00:08:29/767-00:44:32,1573) /usr/sbin/ntpd -u ntp:ntp -g
(root,195028,1232,00:00:00/767-00:44:31,1574) /usr/sbin/gssproxy -D
(root,126224,1680,00:12:10/767-00:44:31,1584) /usr/sbin/crond -n
(root,110036,824,00:00:00/767-00:44:31,1587) /sbin/agetty --noclear tty1 linux
(root,110036,836,00:00:00/767-00:44:31,1588) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt220
(root,221324,12116,06:14:15/767-00:44:31,1608) /usr/bin/python /usr/bin/supervisord -c /etc/supervisord.conf
(root,445332,10328,00:30:11/767-00:44:30,1696) /usr/sbin/NetworkManager --no-daemon
(root,0,0,00:00:00/01:27:11,1852) [kworker/0:1]
(root,51396,2692,00:00:00/767-00:44:30,1871) /usr/sbin/wpa_supplicant -u -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant/wpa_supplicant.conf -u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid
(polkitd,635908,13300,00:18:29/767-00:44:30,1872) /usr/lib/polkit-1/polkitd --no-debug
(root,82952,3688,00:27:09/767-00:44:16,2730) /usr/sbin/sshd -D
(root,555656,16372,01:28:10/767-00:44:16,2731) /usr/bin/python -Es /usr/sbin/tuned -l -P
(nobody,15552,1252,13:19:47/767-00:44:16,2732) /usr/sbin/dnsmasq -k
(root,560988,28436,03:42:12/767-00:44:15,2737) /usr/sbin/rsyslogd -n
(mongod,405968,78992,3-01:14:37/767-00:44:15,3071) /usr/bin/mongod -f /etc/mongod.conf
(root,777888,35764,07:50:19/767-00:44:15,3147) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,89472,2160,00:07:20/767-00:44:14,3672) /usr/libexec/postfix/master -w
(postfix,89752,4136,00:02:56/767-00:44:14,3679) qmgr -l -t unix -u
(root,44672,1812,00:00:01/315-21:14:22,6191) /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
(postfix,89576,3920,00:00:00/26:29,9301) pickup -l -t unix -u
(root,0,0,00:00:00/05:46,12066) [kworker/0:2]
(root,113128,1584,00:00:00/00:00,13032) /bin/bash /usr/bin/check_mk_agent
(root,51652,1664,00:00:00/00:00,13048) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13268,720,00:00:00/00:00,13049) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/08:22:11,14000) [kworker/u2:1]
(root,1292840,62808,1-03:07:25/725-00:13:34,14367) /usr/bin/node app
(haproxy,56480,9960,00:00:00/03:18:46,20360) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 30889
(haproxy,57556,9852,00:00:52/03:18:46,20365) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 30889

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:8d:b8:55 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
4: eth1.100@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
5: eth1.110@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
6: eth1.50@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-02-17 08:23

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a041e3f71b5dc18584730af1c37e8f4a00

Found public CheckMk agent:
Version: 1.5.0p21
AgentOS: linux
Hostname: proxylab.mum05.simpliwan.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,54512,6804,05:17:15/758-01:21:31,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:02/758-01:21:31,2) [kthreadd]
(root,0,0,00:05:39/758-01:21:31,3) [ksoftirqd/0]
(root,0,0,00:00:00/758-01:21:31,5) [kworker/0:0H]
(root,0,0,00:00:00/758-01:21:31,7) [migration/0]
(root,0,0,00:00:00/758-01:21:31,8) [rcu_bh]
(root,0,0,00:00:00/758-01:21:31,9) [rcuob/0]
(root,0,0,03:31:10/758-01:21:31,10) [rcu_sched]
(root,0,0,10:00:02/758-01:21:31,11) [rcuos/0]
(root,0,0,00:05:11/758-01:21:31,12) [watchdog/0]
(root,0,0,00:00:00/758-01:21:31,13) [khelper]
(root,0,0,00:00:00/758-01:21:31,14) [kdevtmpfs]
(root,0,0,00:00:00/758-01:21:31,15) [netns]
(root,0,0,00:00:00/758-01:21:31,16) [perf]
(root,0,0,00:00:00/758-01:21:31,17) [writeback]
(root,0,0,00:00:00/758-01:21:31,18) [kintegrityd]
(root,0,0,00:00:00/758-01:21:31,19) [bioset]
(root,0,0,00:00:00/758-01:21:31,20) [kblockd]
(root,0,0,00:00:00/758-01:21:31,21) [md]
(root,0,0,00:00:11/758-01:21:31,26) [khungtaskd]
(root,0,0,00:00:00/758-01:21:31,27) [kswapd0]
(root,0,0,00:00:00/758-01:21:31,28) [ksmd]
(root,0,0,00:02:31/758-01:21:31,29) [khugepaged]
(root,0,0,00:00:00/758-01:21:31,30) [fsnotify_mark]
(root,0,0,00:00:00/758-01:21:31,31) [crypto]
(root,0,0,00:00:00/758-01:21:31,39) [kthrotld]
(root,0,0,00:00:00/758-01:21:31,41) [kmpath_rdacd]
(root,0,0,00:00:00/758-01:21:30,42) [kpsmoused]
(root,0,0,00:00:00/758-01:21:30,44) [ipv6_addrconf]
(root,0,0,00:00:00/758-01:21:30,63) [deferwq]
(root,0,0,00:02:15/758-01:21:30,115) [kauditd]
(root,0,0,00:00:00/758-01:21:30,218) [ata_sff]
(root,0,0,00:00:00/758-01:21:30,224) [events_power_ef]
(root,0,0,00:00:00/758-01:21:30,226) [scsi_eh_0]
(root,0,0,00:00:00/758-01:21:30,228) [scsi_tmf_0]
(root,0,0,00:00:00/758-01:21:30,229) [scsi_eh_1]
(root,0,0,00:00:00/758-01:21:30,231) [scsi_tmf_1]
(root,0,0,00:00:00/758-01:21:30,241) [ttm_swap]
(root,0,0,00:12:06/758-01:21:29,258) [kworker/0:1H]
(root,0,0,00:23:35/758-01:21:29,263) [jbd2/vda2-8]
(root,0,0,00:00:00/758-01:21:29,264) [ext4-rsv-conver]
(root,0,0,00:00:00/758-01:21:29,265) [ext4-unrsv-conv]
(root,39032,4996,06:14:23/758-01:21:27,334) /usr/lib/systemd/systemd-journald
(root,46404,5092,00:00:00/758-01:21:26,362) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/758-01:21:25,1003) [vballoon]
(root,0,0,00:00:00/758-01:21:25,1240) [jbd2/vda1-8]
(root,0,0,00:00:00/758-01:21:25,1250) [ext4-rsv-conver]
(root,0,0,00:00:00/758-01:21:25,1260) [ext4-unrsv-conv]
(root,0,0,00:00:00/758-01:21:25,1514) [rpciod]
(root,55460,1112,00:15:24/758-01:21:24,1519) /sbin/auditd
(root,26328,1764,01:04:03/758-01:21:24,1540) /usr/lib/systemd/systemd-logind
(dbus,32860,2100,01:47:30/758-01:21:24,1541) /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(rpc,69160,1060,00:01:05/758-01:21:24,1542) /sbin/rpcbind -w
(root,322524,24208,00:11:13/758-01:21:24,1545) /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
(ntp,29904,2148,00:08:23/758-01:21:24,1573) /usr/sbin/ntpd -u ntp:ntp -g
(root,195028,1232,00:00:00/758-01:21:23,1574) /usr/sbin/gssproxy -D
(root,126224,1680,00:12:00/758-01:21:23,1584) /usr/sbin/crond -n
(root,110036,824,00:00:00/758-01:21:23,1587) /sbin/agetty --noclear tty1 linux
(root,110036,836,00:00:00/758-01:21:23,1588) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt220
(root,221324,12116,06:07:17/758-01:21:23,1608) /usr/bin/python /usr/bin/supervisord -c /etc/supervisord.conf
(root,445332,10328,00:29:50/758-01:21:22,1696) /usr/sbin/NetworkManager --no-daemon
(root,51396,2692,00:00:00/758-01:21:22,1871) /usr/sbin/wpa_supplicant -u -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant/wpa_supplicant.conf -u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid
(polkitd,635908,13300,00:18:16/758-01:21:22,1872) /usr/lib/polkit-1/polkitd --no-debug
(root,82952,3688,00:26:40/758-01:21:08,2730) /usr/sbin/sshd -D
(root,555656,16372,01:27:08/758-01:21:08,2731) /usr/bin/python -Es /usr/sbin/tuned -l -P
(nobody,15552,1252,13:19:15/758-01:21:08,2732) /usr/sbin/dnsmasq -k
(root,511836,7936,03:39:25/758-01:21:07,2737) /usr/sbin/rsyslogd -n
(mongod,405968,78992,3-00:21:58/758-01:21:07,3071) /usr/bin/mongod -f /etc/mongod.conf
(root,712800,28396,07:43:06/758-01:21:07,3147) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,89472,2160,00:07:15/758-01:21:06,3672) /usr/libexec/postfix/master -w
(postfix,89752,4136,00:02:54/758-01:21:06,3679) qmgr -l -t unix -u
(root,44672,1812,00:00:01/306-21:51:14,6191) /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
(root,0,0,00:00:00/27:03,6984) [kworker/0:2]
(postfix,89576,3928,00:00:00/12:20,8712) pickup -l -t unix -u
(root,0,0,00:00:00/10:38,8956) [kworker/0:1]
(root,0,0,00:00:00/04:38,9709) [kworker/0:0]
(root,113128,1588,00:00:00/00:00,10501) /bin/bash /usr/bin/check_mk_agent
(root,51652,1668,00:00:00/00:00,10517) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13268,720,00:00:00/00:00,10518) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:01/1-04:40:38,13645) [kworker/u2:2]
(root,1289768,60040,1-02:43:55/716-00:50:26,14367) /usr/bin/node app
(haproxy,56480,9952,00:00:00/03:48:38,14519) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 20624
(haproxy,57492,9848,00:01:00/03:48:38,14523) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 20624
(root,0,0,00:00:00/10:21:38,28683) [kworker/u2:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:8d:b8:55 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
4: eth1.100@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
5: eth1.110@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
6: eth1.50@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-02-08 09:00

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a041e3f71b5dc18584730af1c3f4457a51

Found public CheckMk agent:
Version: 1.5.0p21
AgentOS: linux
Hostname: proxylab.mum05.simpliwan.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,54512,6804,05:15:08/753-09:30:20,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:02/753-09:30:20,2) [kthreadd]
(root,0,0,00:05:37/753-09:30:20,3) [ksoftirqd/0]
(root,0,0,00:00:00/753-09:30:20,5) [kworker/0:0H]
(root,0,0,00:00:00/753-09:30:20,7) [migration/0]
(root,0,0,00:00:00/753-09:30:20,8) [rcu_bh]
(root,0,0,00:00:00/753-09:30:20,9) [rcuob/0]
(root,0,0,03:30:00/753-09:30:20,10) [rcu_sched]
(root,0,0,09:56:41/753-09:30:20,11) [rcuos/0]
(root,0,0,00:05:09/753-09:30:20,12) [watchdog/0]
(root,0,0,00:00:00/753-09:30:20,13) [khelper]
(root,0,0,00:00:00/753-09:30:20,14) [kdevtmpfs]
(root,0,0,00:00:00/753-09:30:20,15) [netns]
(root,0,0,00:00:00/753-09:30:20,16) [perf]
(root,0,0,00:00:00/753-09:30:20,17) [writeback]
(root,0,0,00:00:00/753-09:30:20,18) [kintegrityd]
(root,0,0,00:00:00/753-09:30:20,19) [bioset]
(root,0,0,00:00:00/753-09:30:20,20) [kblockd]
(root,0,0,00:00:00/753-09:30:20,21) [md]
(root,0,0,00:00:11/753-09:30:20,26) [khungtaskd]
(root,0,0,00:00:00/753-09:30:20,27) [kswapd0]
(root,0,0,00:00:00/753-09:30:20,28) [ksmd]
(root,0,0,00:02:30/753-09:30:20,29) [khugepaged]
(root,0,0,00:00:00/753-09:30:20,30) [fsnotify_mark]
(root,0,0,00:00:00/753-09:30:20,31) [crypto]
(root,0,0,00:00:00/753-09:30:20,39) [kthrotld]
(root,0,0,00:00:00/753-09:30:20,41) [kmpath_rdacd]
(root,0,0,00:00:00/753-09:30:19,42) [kpsmoused]
(root,0,0,00:00:00/753-09:30:19,44) [ipv6_addrconf]
(root,0,0,00:00:00/753-09:30:19,63) [deferwq]
(root,0,0,00:02:14/753-09:30:19,115) [kauditd]
(root,0,0,00:00:00/753-09:30:19,218) [ata_sff]
(root,0,0,00:00:00/753-09:30:19,224) [events_power_ef]
(root,0,0,00:00:00/753-09:30:19,226) [scsi_eh_0]
(root,0,0,00:00:00/753-09:30:19,228) [scsi_tmf_0]
(root,0,0,00:00:00/753-09:30:19,229) [scsi_eh_1]
(root,0,0,00:00:00/753-09:30:19,231) [scsi_tmf_1]
(root,0,0,00:00:00/753-09:30:19,241) [ttm_swap]
(root,0,0,00:12:02/753-09:30:18,258) [kworker/0:1H]
(root,0,0,00:23:26/753-09:30:18,263) [jbd2/vda2-8]
(root,0,0,00:00:00/753-09:30:18,264) [ext4-rsv-conver]
(root,0,0,00:00:00/753-09:30:18,265) [ext4-unrsv-conv]
(root,39032,5588,06:11:58/753-09:30:16,334) /usr/lib/systemd/systemd-journald
(root,46404,5092,00:00:00/753-09:30:15,362) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/753-09:30:14,1003) [vballoon]
(root,0,0,00:00:00/753-09:30:14,1240) [jbd2/vda1-8]
(root,0,0,00:00:00/753-09:30:14,1250) [ext4-rsv-conver]
(root,0,0,00:00:00/753-09:30:14,1260) [ext4-unrsv-conv]
(root,0,0,00:00:00/753-09:30:14,1514) [rpciod]
(root,55460,1112,00:15:16/753-09:30:13,1519) /sbin/auditd
(root,26328,1764,01:03:38/753-09:30:13,1540) /usr/lib/systemd/systemd-logind
(dbus,32860,2100,01:46:49/753-09:30:13,1541) /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(rpc,69160,1060,00:01:05/753-09:30:13,1542) /sbin/rpcbind -w
(root,322524,24208,00:11:09/753-09:30:13,1545) /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
(ntp,29904,2148,00:08:19/753-09:30:13,1573) /usr/sbin/ntpd -u ntp:ntp -g
(root,195028,1232,00:00:00/753-09:30:12,1574) /usr/sbin/gssproxy -D
(root,126224,1680,00:11:55/753-09:30:12,1584) /usr/sbin/crond -n
(root,110036,824,00:00:00/753-09:30:12,1587) /sbin/agetty --noclear tty1 linux
(root,110036,836,00:00:00/753-09:30:12,1588) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt220
(root,221324,12116,06:03:41/753-09:30:12,1608) /usr/bin/python /usr/bin/supervisord -c /etc/supervisord.conf
(root,445332,10328,00:29:39/753-09:30:11,1696) /usr/sbin/NetworkManager --no-daemon
(root,51396,2692,00:00:00/753-09:30:11,1871) /usr/sbin/wpa_supplicant -u -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant/wpa_supplicant.conf -u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid
(polkitd,635908,13300,00:18:09/753-09:30:11,1872) /usr/lib/polkit-1/polkitd --no-debug
(root,82952,3688,00:26:25/753-09:29:57,2730) /usr/sbin/sshd -D
(root,555656,16372,01:26:37/753-09:29:57,2731) /usr/bin/python -Es /usr/sbin/tuned -l -P
(nobody,15552,1252,13:18:58/753-09:29:57,2732) /usr/sbin/dnsmasq -k
(root,511836,8460,03:37:58/753-09:29:56,2737) /usr/sbin/rsyslogd -n
(mongod,405968,78992,2-23:54:54/753-09:29:56,3071) /usr/bin/mongod -f /etc/mongod.conf
(root,729184,28832,07:39:16/753-09:29:56,3147) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,89472,2160,00:07:12/753-09:29:55,3672) /usr/libexec/postfix/master -w
(postfix,89752,4136,00:02:53/753-09:29:55,3679) qmgr -l -t unix -u
(postfix,89576,3928,00:00:00/05:58,4090) pickup -l -t unix -u
(root,0,0,00:00:00/05:27,4213) [kworker/0:1]
(root,113128,1584,00:00:00/00:00,5022) /bin/bash /usr/bin/check_mk_agent
(root,51652,1664,00:00:00/00:00,5038) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13268,720,00:00:00/00:00,5039) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,44672,1816,00:00:01/302-06:00:03,6191) /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
(haproxy,56480,9948,00:00:00/11:54:28,8127) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 15848
(haproxy,57556,9936,00:03:10/11:54:27,8131) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 15848
(root,0,0,00:00:00/16:03:28,8513) [kworker/u2:2]
(root,1289768,60568,1-02:31:47/711-08:59:15,14367) /usr/bin/node app
(root,0,0,00:00:01/02:07:52,21095) [kworker/0:2]
(root,0,0,00:00:01/1-06:39:52,22267) [kworker/u2:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:8d:b8:55 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
4: eth1.100@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
5: eth1.110@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
6: eth1.50@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-02-03 17:08

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a041e3f71b5dc18584730af1c3ace29298

Found public CheckMk agent:
Version: 1.5.0p21
AgentOS: linux
Hostname: proxylab.mum05.simpliwan.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,54512,6804,04:51:31/701-12:02:06,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:01/701-12:02:06,2) [kthreadd]
(root,0,0,00:05:18/701-12:02:06,3) [ksoftirqd/0]
(root,0,0,00:00:00/701-12:02:06,5) [kworker/0:0H]
(root,0,0,00:00:00/701-12:02:06,7) [migration/0]
(root,0,0,00:00:00/701-12:02:06,8) [rcu_bh]
(root,0,0,00:00:00/701-12:02:06,9) [rcuob/0]
(root,0,0,03:16:51/701-12:02:06,10) [rcu_sched]
(root,0,0,09:18:48/701-12:02:06,11) [rcuos/0]
(root,0,0,00:04:48/701-12:02:06,12) [watchdog/0]
(root,0,0,00:00:00/701-12:02:06,13) [khelper]
(root,0,0,00:00:00/701-12:02:06,14) [kdevtmpfs]
(root,0,0,00:00:00/701-12:02:06,15) [netns]
(root,0,0,00:00:00/701-12:02:06,16) [perf]
(root,0,0,00:00:00/701-12:02:06,17) [writeback]
(root,0,0,00:00:00/701-12:02:06,18) [kintegrityd]
(root,0,0,00:00:00/701-12:02:06,19) [bioset]
(root,0,0,00:00:00/701-12:02:06,20) [kblockd]
(root,0,0,00:00:00/701-12:02:06,21) [md]
(root,0,0,00:00:10/701-12:02:06,26) [khungtaskd]
(root,0,0,00:00:00/701-12:02:06,27) [kswapd0]
(root,0,0,00:00:00/701-12:02:06,28) [ksmd]
(root,0,0,00:02:20/701-12:02:06,29) [khugepaged]
(root,0,0,00:00:00/701-12:02:06,30) [fsnotify_mark]
(root,0,0,00:00:00/701-12:02:06,31) [crypto]
(root,0,0,00:00:00/701-12:02:06,39) [kthrotld]
(root,0,0,00:00:00/701-12:02:06,41) [kmpath_rdacd]
(root,0,0,00:00:00/701-12:02:05,42) [kpsmoused]
(root,0,0,00:00:00/701-12:02:05,44) [ipv6_addrconf]
(root,0,0,00:00:00/701-12:02:05,63) [deferwq]
(root,0,0,00:02:00/701-12:02:05,115) [kauditd]
(root,0,0,00:00:00/701-12:02:05,218) [ata_sff]
(root,0,0,00:00:00/701-12:02:05,224) [events_power_ef]
(root,0,0,00:00:00/701-12:02:05,226) [scsi_eh_0]
(root,0,0,00:00:00/701-12:02:05,228) [scsi_tmf_0]
(root,0,0,00:00:00/701-12:02:05,229) [scsi_eh_1]
(root,0,0,00:00:00/701-12:02:05,231) [scsi_tmf_1]
(root,0,0,00:00:00/701-12:02:05,241) [ttm_swap]
(root,0,0,00:11:09/701-12:02:04,258) [kworker/0:1H]
(root,0,0,00:21:41/701-12:02:04,263) [jbd2/vda2-8]
(root,0,0,00:00:00/701-12:02:04,264) [ext4-rsv-conver]
(root,0,0,00:00:00/701-12:02:04,265) [ext4-unrsv-conv]
(root,39032,4136,05:44:45/701-12:02:02,334) /usr/lib/systemd/systemd-journald
(root,46404,5092,00:00:00/701-12:02:01,362) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/701-12:02:00,1003) [vballoon]
(root,0,0,00:00:00/701-12:02:00,1240) [jbd2/vda1-8]
(root,0,0,00:00:00/701-12:02:00,1250) [ext4-rsv-conver]
(root,0,0,00:00:00/701-12:02:00,1260) [ext4-unrsv-conv]
(root,0,0,00:00:00/701-12:02:00,1514) [rpciod]
(root,55460,1112,00:13:45/701-12:01:59,1519) /sbin/auditd
(root,26328,1764,00:58:59/701-12:01:59,1540) /usr/lib/systemd/systemd-logind
(dbus,32860,2100,01:39:15/701-12:01:59,1541) /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(rpc,69160,1060,00:01:00/701-12:01:59,1542) /sbin/rpcbind -w
(root,322524,24208,00:10:25/701-12:01:59,1545) /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
(ntp,29904,2148,00:07:43/701-12:01:59,1573) /usr/sbin/ntpd -u ntp:ntp -g
(root,195028,1232,00:00:00/701-12:01:58,1574) /usr/sbin/gssproxy -D
(root,126224,1680,00:10:56/701-12:01:58,1584) /usr/sbin/crond -n
(root,110036,824,00:00:00/701-12:01:58,1587) /sbin/agetty --noclear tty1 linux
(root,110036,836,00:00:00/701-12:01:58,1588) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt220
(root,221324,12116,05:22:50/701-12:01:58,1608) /usr/bin/python /usr/bin/supervisord -c /etc/supervisord.conf
(root,445332,10328,00:27:35/701-12:01:57,1696) /usr/sbin/NetworkManager --no-daemon
(root,51396,2692,00:00:00/701-12:01:57,1871) /usr/sbin/wpa_supplicant -u -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant/wpa_supplicant.conf -u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid
(polkitd,635908,13300,00:16:54/701-12:01:57,1872) /usr/lib/polkit-1/polkitd --no-debug
(root,82952,3688,00:23:30/701-12:01:43,2730) /usr/sbin/sshd -D
(root,555656,16372,01:20:35/701-12:01:43,2731) /usr/bin/python -Es /usr/sbin/tuned -l -P
(nobody,15552,1252,13:15:41/701-12:01:43,2732) /usr/sbin/dnsmasq -k
(root,538060,7216,03:21:33/701-12:01:42,2737) /usr/sbin/rsyslogd -n
(mongod,405968,78992,2-18:50:10/701-12:01:42,3071) /usr/bin/mongod -f /etc/mongod.conf
(root,739072,28968,06:55:46/701-12:01:42,3147) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,89472,2160,00:06:39/701-12:01:41,3672) /usr/libexec/postfix/master -w
(postfix,89752,4136,00:02:40/701-12:01:41,3679) qmgr -l -t unix -u
(root,44672,1816,00:00:00/250-08:31:49,6191) /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
(haproxy,56480,9956,00:00:00/13:45:13,10154) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 15912
(haproxy,57644,10012,00:03:37/13:45:13,10158) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 15912
(root,1291816,61072,1-00:15:32/659-11:31:01,14367) /usr/bin/node app
(postfix,89576,3928,00:00:00/30:37,15298) pickup -l -t unix -u
(root,0,0,00:00:00/21:13,16593) [kworker/0:1]
(root,0,0,00:00:00/09:13,18194) [kworker/0:0]
(root,0,0,00:00:00/04:13,18908) [kworker/0:2]
(root,84296,3724,00:00:00/01:24,19300) sshd: [accepted]
(sshd,88636,2332,00:00:00/01:23,19301) sshd: [net]
(root,84296,3724,00:00:00/00:34,19437) sshd: [accepted]
(sshd,88636,2332,00:00:00/00:33,19438) sshd: [net]
(root,113128,1584,00:00:00/00:00,19659) /bin/bash /usr/bin/check_mk_agent
(root,51652,1664,00:00:00/00:00,19675) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13268,716,00:00:00/00:00,19676) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,54512,2752,00:00:00/00:00,19677) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:00/03:58:13,21109) [kworker/u2:2]
(root,0,0,00:00:00/07:35:00,25845) [kworker/u2:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:8d:b8:55 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
4: eth1.100@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
5: eth1.110@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
6: eth1.50@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-12-13 19:41

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a041e3f71b5dc18584730af1c3753f9154

Found public CheckMk agent:
Version: 1.5.0p21
AgentOS: linux
Hostname: proxylab.mum05.simpliwan.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,54512,6804,04:50:12/698-17:20:42,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:01/698-17:20:42,2) [kthreadd]
(root,0,0,00:05:16/698-17:20:42,3) [ksoftirqd/0]
(root,0,0,00:00:00/698-17:20:42,5) [kworker/0:0H]
(root,0,0,00:00:00/698-17:20:42,7) [migration/0]
(root,0,0,00:00:00/698-17:20:42,8) [rcu_bh]
(root,0,0,00:00:00/698-17:20:42,9) [rcuob/0]
(root,0,0,03:15:54/698-17:20:42,10) [rcu_sched]
(root,0,0,09:16:00/698-17:20:42,11) [rcuos/0]
(root,0,0,00:04:47/698-17:20:42,12) [watchdog/0]
(root,0,0,00:00:00/698-17:20:42,13) [khelper]
(root,0,0,00:00:00/698-17:20:42,14) [kdevtmpfs]
(root,0,0,00:00:00/698-17:20:42,15) [netns]
(root,0,0,00:00:00/698-17:20:42,16) [perf]
(root,0,0,00:00:00/698-17:20:42,17) [writeback]
(root,0,0,00:00:00/698-17:20:42,18) [kintegrityd]
(root,0,0,00:00:00/698-17:20:42,19) [bioset]
(root,0,0,00:00:00/698-17:20:42,20) [kblockd]
(root,0,0,00:00:00/698-17:20:42,21) [md]
(root,0,0,00:00:10/698-17:20:42,26) [khungtaskd]
(root,0,0,00:00:00/698-17:20:42,27) [kswapd0]
(root,0,0,00:00:00/698-17:20:42,28) [ksmd]
(root,0,0,00:02:20/698-17:20:42,29) [khugepaged]
(root,0,0,00:00:00/698-17:20:42,30) [fsnotify_mark]
(root,0,0,00:00:00/698-17:20:42,31) [crypto]
(root,0,0,00:00:00/698-17:20:42,39) [kthrotld]
(root,0,0,00:00:00/698-17:20:42,41) [kmpath_rdacd]
(root,0,0,00:00:00/698-17:20:41,42) [kpsmoused]
(root,0,0,00:00:00/698-17:20:41,44) [ipv6_addrconf]
(root,0,0,00:00:00/698-17:20:41,63) [deferwq]
(root,0,0,00:02:00/698-17:20:41,115) [kauditd]
(root,0,0,00:00:00/698-17:20:41,218) [ata_sff]
(root,0,0,00:00:00/698-17:20:41,224) [events_power_ef]
(root,0,0,00:00:00/698-17:20:41,226) [scsi_eh_0]
(root,0,0,00:00:00/698-17:20:41,228) [scsi_tmf_0]
(root,0,0,00:00:00/698-17:20:41,229) [scsi_eh_1]
(root,0,0,00:00:00/698-17:20:41,231) [scsi_tmf_1]
(root,0,0,00:00:00/698-17:20:41,241) [ttm_swap]
(root,0,0,00:11:07/698-17:20:40,258) [kworker/0:1H]
(root,0,0,00:21:35/698-17:20:40,263) [jbd2/vda2-8]
(root,0,0,00:00:00/698-17:20:40,264) [ext4-rsv-conver]
(root,0,0,00:00:00/698-17:20:40,265) [ext4-unrsv-conv]
(root,71800,34128,05:43:22/698-17:20:38,334) /usr/lib/systemd/systemd-journald
(root,46404,5092,00:00:00/698-17:20:37,362) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/698-17:20:36,1003) [vballoon]
(root,0,0,00:00:00/698-17:20:36,1240) [jbd2/vda1-8]
(root,0,0,00:00:00/698-17:20:36,1250) [ext4-rsv-conver]
(root,0,0,00:00:00/698-17:20:36,1260) [ext4-unrsv-conv]
(root,0,0,00:00:00/698-17:20:36,1514) [rpciod]
(root,55460,1112,00:13:41/698-17:20:35,1519) /sbin/auditd
(root,26328,1764,00:58:43/698-17:20:35,1540) /usr/lib/systemd/systemd-logind
(dbus,32860,2100,01:38:51/698-17:20:35,1541) /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(rpc,69160,1060,00:01:00/698-17:20:35,1542) /sbin/rpcbind -w
(root,322524,24208,00:10:22/698-17:20:35,1545) /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
(ntp,29904,2148,00:07:41/698-17:20:35,1573) /usr/sbin/ntpd -u ntp:ntp -g
(root,195028,1232,00:00:00/698-17:20:34,1574) /usr/sbin/gssproxy -D
(root,126224,1680,00:10:52/698-17:20:34,1584) /usr/sbin/crond -n
(root,110036,824,00:00:00/698-17:20:34,1587) /sbin/agetty --noclear tty1 linux
(root,110036,836,00:00:00/698-17:20:34,1588) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt220
(root,221324,12116,05:20:42/698-17:20:34,1608) /usr/bin/python /usr/bin/supervisord -c /etc/supervisord.conf
(root,445332,10328,00:27:28/698-17:20:33,1696) /usr/sbin/NetworkManager --no-daemon
(root,51396,2692,00:00:00/698-17:20:33,1871) /usr/sbin/wpa_supplicant -u -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant/wpa_supplicant.conf -u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid
(polkitd,635908,13300,00:16:50/698-17:20:33,1872) /usr/lib/polkit-1/polkitd --no-debug
(root,82952,3688,00:23:22/698-17:20:19,2730) /usr/sbin/sshd -D
(root,555656,16372,01:20:16/698-17:20:19,2731) /usr/bin/python -Es /usr/sbin/tuned -l -P
(nobody,15552,1252,13:07:54/698-17:20:19,2732) /usr/sbin/dnsmasq -k
(root,574796,23708,03:20:43/698-17:20:18,2737) /usr/sbin/rsyslogd -n
(mongod,405968,78992,2-18:34:15/698-17:20:18,3071) /usr/bin/mongod -f /etc/mongod.conf
(root,755856,40216,06:53:40/698-17:20:18,3147) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,89472,2160,00:06:37/698-17:20:17,3672) /usr/libexec/postfix/master -w
(postfix,89752,4136,00:02:40/698-17:20:17,3679) qmgr -l -t unix -u
(root,0,0,00:00:01/21:31:49,4323) [kworker/u2:2]
(root,44672,1812,00:00:00/247-13:50:25,6191) /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
(postfix,89576,3924,00:00:00/32:08,10990) pickup -l -t unix -u
(root,0,0,00:00:00/10:49,14149) [kworker/0:1]
(root,1290792,60916,1-00:08:25/656-16:49:37,14367) /usr/bin/node app
(root,0,0,00:00:00/06:49,14700) [kworker/u2:1]
(root,0,0,00:00:00/04:49,14981) [kworker/0:2]
(root,113128,1584,00:00:00/00:00,15832) /bin/bash /usr/bin/check_mk_agent
(root,51652,1664,00:00:00/00:00,15848) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13268,716,00:00:00/00:00,15849) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:01/03:32:36,18124) [kworker/0:0]
(haproxy,56480,9956,00:00:00/19:00:49,24510) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 809
(haproxy,57848,10136,00:04:59/19:00:49,24515) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 809

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:8d:b8:55 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
4: eth1.100@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
5: eth1.110@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
6: eth1.50@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-12-11 00:59

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a041e3f71b5dc18584730af1c3937eff45

Found public CheckMk agent:
Version: 1.5.0p21
AgentOS: linux
Hostname: proxylab.mum05.simpliwan.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,54512,6804,04:46:50/690-21:31:24,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:01/690-21:31:24,2) [kthreadd]
(root,0,0,00:05:12/690-21:31:24,3) [ksoftirqd/0]
(root,0,0,00:00:00/690-21:31:24,5) [kworker/0:0H]
(root,0,0,00:00:00/690-21:31:24,7) [migration/0]
(root,0,0,00:00:00/690-21:31:24,8) [rcu_bh]
(root,0,0,00:00:00/690-21:31:24,9) [rcuob/0]
(root,0,0,03:13:14/690-21:31:24,10) [rcu_sched]
(root,0,0,09:08:06/690-21:31:24,11) [rcuos/0]
(root,0,0,00:04:43/690-21:31:24,12) [watchdog/0]
(root,0,0,00:00:00/690-21:31:24,13) [khelper]
(root,0,0,00:00:00/690-21:31:24,14) [kdevtmpfs]
(root,0,0,00:00:00/690-21:31:24,15) [netns]
(root,0,0,00:00:00/690-21:31:24,16) [perf]
(root,0,0,00:00:00/690-21:31:24,17) [writeback]
(root,0,0,00:00:00/690-21:31:24,18) [kintegrityd]
(root,0,0,00:00:00/690-21:31:24,19) [bioset]
(root,0,0,00:00:00/690-21:31:24,20) [kblockd]
(root,0,0,00:00:00/690-21:31:24,21) [md]
(root,0,0,00:00:10/690-21:31:24,26) [khungtaskd]
(root,0,0,00:00:00/690-21:31:24,27) [kswapd0]
(root,0,0,00:00:00/690-21:31:24,28) [ksmd]
(root,0,0,00:02:18/690-21:31:24,29) [khugepaged]
(root,0,0,00:00:00/690-21:31:24,30) [fsnotify_mark]
(root,0,0,00:00:00/690-21:31:24,31) [crypto]
(root,0,0,00:00:00/690-21:31:24,39) [kthrotld]
(root,0,0,00:00:00/690-21:31:24,41) [kmpath_rdacd]
(root,0,0,00:00:00/690-21:31:23,42) [kpsmoused]
(root,0,0,00:00:00/690-21:31:23,44) [ipv6_addrconf]
(root,0,0,00:00:00/690-21:31:23,63) [deferwq]
(root,0,0,00:01:59/690-21:31:23,115) [kauditd]
(root,0,0,00:00:00/690-21:31:23,218) [ata_sff]
(root,0,0,00:00:00/690-21:31:23,224) [events_power_ef]
(root,0,0,00:00:00/690-21:31:23,226) [scsi_eh_0]
(root,0,0,00:00:00/690-21:31:23,228) [scsi_tmf_0]
(root,0,0,00:00:00/690-21:31:23,229) [scsi_eh_1]
(root,0,0,00:00:00/690-21:31:23,231) [scsi_tmf_1]
(root,0,0,00:00:00/690-21:31:23,241) [ttm_swap]
(root,0,0,00:10:59/690-21:31:22,258) [kworker/0:1H]
(root,0,0,00:21:20/690-21:31:22,263) [jbd2/vda2-8]
(root,0,0,00:00:00/690-21:31:22,264) [ext4-rsv-conver]
(root,0,0,00:00:00/690-21:31:22,265) [ext4-unrsv-conv]
(root,55416,17052,05:39:50/690-21:31:20,334) /usr/lib/systemd/systemd-journald
(root,46404,5092,00:00:00/690-21:31:19,362) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/690-21:31:18,1003) [vballoon]
(root,0,0,00:00:00/690-21:31:18,1240) [jbd2/vda1-8]
(root,0,0,00:00:00/690-21:31:18,1250) [ext4-rsv-conver]
(root,0,0,00:00:00/690-21:31:18,1260) [ext4-unrsv-conv]
(root,0,0,00:00:00/690-21:31:18,1514) [rpciod]
(root,55460,1112,00:13:33/690-21:31:17,1519) /sbin/auditd
(root,26328,1764,00:58:03/690-21:31:17,1540) /usr/lib/systemd/systemd-logind
(dbus,32860,2100,01:37:43/690-21:31:17,1541) /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(rpc,69160,1060,00:00:59/690-21:31:17,1542) /sbin/rpcbind -w
(root,322524,24208,00:10:16/690-21:31:17,1545) /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
(ntp,29904,2148,00:07:36/690-21:31:17,1573) /usr/sbin/ntpd -u ntp:ntp -g
(root,195028,1232,00:00:00/690-21:31:16,1574) /usr/sbin/gssproxy -D
(root,126224,1680,00:10:44/690-21:31:16,1584) /usr/sbin/crond -n
(root,110036,824,00:00:00/690-21:31:16,1587) /sbin/agetty --noclear tty1 linux
(root,110036,836,00:00:00/690-21:31:16,1588) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt220
(root,221324,12116,05:14:42/690-21:31:16,1608) /usr/bin/python /usr/bin/supervisord -c /etc/supervisord.conf
(root,445332,10328,00:27:10/690-21:31:15,1696) /usr/sbin/NetworkManager --no-daemon
(root,51396,2692,00:00:00/690-21:31:15,1871) /usr/sbin/wpa_supplicant -u -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant/wpa_supplicant.conf -u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid
(polkitd,635908,13300,00:16:39/690-21:31:15,1872) /usr/lib/polkit-1/polkitd --no-debug
(root,82952,3688,00:23:08/690-21:31:01,2730) /usr/sbin/sshd -D
(root,555656,16372,01:19:23/690-21:31:01,2731) /usr/bin/python -Es /usr/sbin/tuned -l -P
(nobody,15552,1252,12:45:31/690-21:31:01,2732) /usr/sbin/dnsmasq -k
(root,568420,15220,03:18:32/690-21:31:00,2737) /usr/sbin/rsyslogd -n
(mongod,405968,78992,2-17:49:18/690-21:31:00,3071) /usr/bin/mongod -f /etc/mongod.conf
(root,778248,30536,06:49:04/690-21:31:00,3147) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,89472,2160,00:06:32/690-21:30:59,3672) /usr/libexec/postfix/master -w
(postfix,89752,4136,00:02:38/690-21:30:59,3679) qmgr -l -t unix -u
(root,44672,1816,00:00:00/239-18:01:07,6191) /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
(root,0,0,00:00:00/04:30:18,6528) [kworker/u2:0]
(root,0,0,00:00:00/06:31,6862) [kworker/0:0]
(root,0,0,00:00:00/00:31,7611) [kworker/0:1]
(root,113128,1588,00:00:00/00:00,7899) /bin/bash /usr/bin/check_mk_agent
(root,51652,1664,00:00:00/00:00,7915) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13268,716,00:00:00/00:00,7916) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,1293864,63516,23:48:31/648-21:00:19,14367) /usr/bin/node app
(haproxy,56480,9956,00:00:00/23:05:31,19451) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 2653
(haproxy,57620,10056,00:06:05/23:05:31,19455) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 2653
(root,0,0,00:00:00/02:02:31,24663) [kworker/u2:2]
(root,0,0,00:00:02/05:43:18,29640) [kworker/0:2]
(postfix,89576,3932,00:00:00/01:11:05,31378) pickup -l -t unix -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:8d:b8:55 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
4: eth1.100@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
5: eth1.110@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
6: eth1.50@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-12-03 05:10

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a041e3f71b5dc18584730af1c304452193

Found public CheckMk agent:
Version: 1.5.0p21
AgentOS: linux
Hostname: proxylab.mum05.simpliwan.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,54512,6800,04:38:25/671-03:32:43,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:01/671-03:32:43,2) [kthreadd]
(root,0,0,00:05:03/671-03:32:43,3) [ksoftirqd/0]
(root,0,0,00:00:00/671-03:32:43,5) [kworker/0:0H]
(root,0,0,00:00:00/671-03:32:43,7) [migration/0]
(root,0,0,00:00:00/671-03:32:43,8) [rcu_bh]
(root,0,0,00:00:00/671-03:32:43,9) [rcuob/0]
(root,0,0,03:07:28/671-03:32:43,10) [rcu_sched]
(root,0,0,08:51:38/671-03:32:43,11) [rcuos/0]
(root,0,0,00:04:35/671-03:32:43,12) [watchdog/0]
(root,0,0,00:00:00/671-03:32:43,13) [khelper]
(root,0,0,00:00:00/671-03:32:43,14) [kdevtmpfs]
(root,0,0,00:00:00/671-03:32:43,15) [netns]
(root,0,0,00:00:00/671-03:32:43,16) [perf]
(root,0,0,00:00:00/671-03:32:43,17) [writeback]
(root,0,0,00:00:00/671-03:32:43,18) [kintegrityd]
(root,0,0,00:00:00/671-03:32:43,19) [bioset]
(root,0,0,00:00:00/671-03:32:43,20) [kblockd]
(root,0,0,00:00:00/671-03:32:43,21) [md]
(root,0,0,00:00:10/671-03:32:43,26) [khungtaskd]
(root,0,0,00:00:00/671-03:32:43,27) [kswapd0]
(root,0,0,00:00:00/671-03:32:43,28) [ksmd]
(root,0,0,00:02:14/671-03:32:43,29) [khugepaged]
(root,0,0,00:00:00/671-03:32:43,30) [fsnotify_mark]
(root,0,0,00:00:00/671-03:32:43,31) [crypto]
(root,0,0,00:00:00/671-03:32:43,39) [kthrotld]
(root,0,0,00:00:00/671-03:32:43,41) [kmpath_rdacd]
(root,0,0,00:00:00/671-03:32:42,42) [kpsmoused]
(root,0,0,00:00:00/671-03:32:42,44) [ipv6_addrconf]
(root,0,0,00:00:00/671-03:32:42,63) [deferwq]
(root,0,0,00:01:55/671-03:32:42,115) [kauditd]
(root,0,0,00:00:00/671-03:32:42,218) [ata_sff]
(root,0,0,00:00:00/671-03:32:42,224) [events_power_ef]
(root,0,0,00:00:00/671-03:32:42,226) [scsi_eh_0]
(root,0,0,00:00:00/671-03:32:42,228) [scsi_tmf_0]
(root,0,0,00:00:00/671-03:32:42,229) [scsi_eh_1]
(root,0,0,00:00:00/671-03:32:42,231) [scsi_tmf_1]
(root,0,0,00:00:00/671-03:32:42,241) [ttm_swap]
(root,0,0,00:10:40/671-03:32:41,258) [kworker/0:1H]
(root,0,0,00:20:41/671-03:32:41,263) [jbd2/vda2-8]
(root,0,0,00:00:00/671-03:32:41,264) [ext4-rsv-conver]
(root,0,0,00:00:00/671-03:32:41,265) [ext4-unrsv-conv]
(root,88184,42116,05:30:54/671-03:32:39,334) /usr/lib/systemd/systemd-journald
(root,46404,5092,00:00:00/671-03:32:38,362) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/671-03:32:37,1003) [vballoon]
(root,0,0,00:00:00/671-03:32:37,1240) [jbd2/vda1-8]
(root,0,0,00:00:00/671-03:32:37,1250) [ext4-rsv-conver]
(root,0,0,00:00:00/671-03:32:37,1260) [ext4-unrsv-conv]
(root,0,0,00:00:00/671-03:32:37,1514) [rpciod]
(root,55460,1112,00:13:12/671-03:32:36,1519) /sbin/auditd
(root,26328,1764,00:56:22/671-03:32:36,1540) /usr/lib/systemd/systemd-logind
(dbus,32860,2100,01:34:53/671-03:32:36,1541) /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(rpc,69160,1060,00:00:57/671-03:32:36,1542) /sbin/rpcbind -w
(root,322524,24208,00:09:59/671-03:32:36,1545) /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
(ntp,29904,2148,00:07:22/671-03:32:36,1573) /usr/sbin/ntpd -u ntp:ntp -g
(root,195028,1232,00:00:00/671-03:32:35,1574) /usr/sbin/gssproxy -D
(root,126224,1680,00:10:24/671-03:32:35,1584) /usr/sbin/crond -n
(root,110036,824,00:00:00/671-03:32:35,1587) /sbin/agetty --noclear tty1 linux
(root,110036,836,00:00:00/671-03:32:35,1588) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt220
(root,221324,12116,04:59:35/671-03:32:35,1608) /usr/bin/python /usr/bin/supervisord -c /etc/supervisord.conf
(root,445332,10328,00:26:23/671-03:32:34,1696) /usr/sbin/NetworkManager --no-daemon
(root,51396,2692,00:00:00/671-03:32:34,1871) /usr/sbin/wpa_supplicant -u -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant/wpa_supplicant.conf -u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid
(polkitd,635908,13300,00:16:11/671-03:32:34,1872) /usr/lib/polkit-1/polkitd --no-debug
(root,82952,3688,00:22:31/671-03:32:20,2730) /usr/sbin/sshd -D
(root,555656,16372,01:17:09/671-03:32:20,2731) /usr/bin/python -Es /usr/sbin/tuned -l -P
(nobody,15552,1252,12:24:07/671-03:32:20,2732) /usr/sbin/dnsmasq -k
(root,560988,27064,03:13:01/671-03:32:19,2737) /usr/sbin/rsyslogd -n
(mongod,405968,78992,2-15:54:37/671-03:32:19,3071) /usr/bin/mongod -f /etc/mongod.conf
(root,794704,41136,06:37:54/671-03:32:19,3147) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,89472,2160,00:06:21/671-03:32:18,3672) /usr/libexec/postfix/master -w
(postfix,89752,4136,00:02:33/671-03:32:18,3679) qmgr -l -t unix -u
(root,44672,1812,00:00:00/220-00:02:26,6191) /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
(postfix,89576,3932,00:00:00/52:35,8320) pickup -l -t unix -u
(root,0,0,00:00:00/45:37,9228) [kworker/0:2]
(haproxy,56480,9952,00:00:00/04:50:50,9631) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 18537
(haproxy,57604,9932,00:01:16/04:50:50,9636) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 18537
(root,0,0,00:00:00/10:50,13610) [kworker/0:0]
(root,1291816,61116,22:58:05/629-03:01:38,14367) /usr/bin/node app
(root,0,0,00:00:00/04:50,14387) [kworker/0:1]
(root,113128,1588,00:00:00/00:00,15194) /bin/bash /usr/bin/check_mk_agent
(root,51652,1660,00:00:00/00:00,15210) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13268,720,00:00:00/00:00,15211) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:03/2-18:43:37,18912) [kworker/u2:0]
(root,0,0,00:00:00/10:52:50,27384) [kworker/u2:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:8d:b8:55 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
4: eth1.100@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
5: eth1.110@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
6: eth1.50@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-11-13 11:12

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a041e3f71b5dc18584730af1c33256950e

Found public CheckMk agent:
Version: 1.5.0p21
AgentOS: linux
Hostname: proxylab.mum05.simpliwan.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,54512,6800,04:35:14/663-23:53:07,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:01/663-23:53:07,2) [kthreadd]
(root,0,0,00:05:00/663-23:53:07,3) [ksoftirqd/0]
(root,0,0,00:00:00/663-23:53:07,5) [kworker/0:0H]
(root,0,0,00:00:00/663-23:53:07,7) [migration/0]
(root,0,0,00:00:00/663-23:53:07,8) [rcu_bh]
(root,0,0,00:00:00/663-23:53:07,9) [rcuob/0]
(root,0,0,03:05:40/663-23:53:07,10) [rcu_sched]
(root,0,0,08:46:27/663-23:53:07,11) [rcuos/0]
(root,0,0,00:04:32/663-23:53:07,12) [watchdog/0]
(root,0,0,00:00:00/663-23:53:07,13) [khelper]
(root,0,0,00:00:00/663-23:53:07,14) [kdevtmpfs]
(root,0,0,00:00:00/663-23:53:07,15) [netns]
(root,0,0,00:00:00/663-23:53:07,16) [perf]
(root,0,0,00:00:00/663-23:53:07,17) [writeback]
(root,0,0,00:00:00/663-23:53:07,18) [kintegrityd]
(root,0,0,00:00:00/663-23:53:07,19) [bioset]
(root,0,0,00:00:00/663-23:53:07,20) [kblockd]
(root,0,0,00:00:00/663-23:53:07,21) [md]
(root,0,0,00:00:09/663-23:53:07,26) [khungtaskd]
(root,0,0,00:00:00/663-23:53:07,27) [kswapd0]
(root,0,0,00:00:00/663-23:53:07,28) [ksmd]
(root,0,0,00:02:13/663-23:53:07,29) [khugepaged]
(root,0,0,00:00:00/663-23:53:07,30) [fsnotify_mark]
(root,0,0,00:00:00/663-23:53:07,31) [crypto]
(root,0,0,00:00:00/663-23:53:07,39) [kthrotld]
(root,0,0,00:00:00/663-23:53:07,41) [kmpath_rdacd]
(root,0,0,00:00:00/663-23:53:06,42) [kpsmoused]
(root,0,0,00:00:00/663-23:53:06,44) [ipv6_addrconf]
(root,0,0,00:00:00/663-23:53:06,63) [deferwq]
(root,0,0,00:01:54/663-23:53:06,115) [kauditd]
(root,0,0,00:00:00/663-23:53:06,218) [ata_sff]
(root,0,0,00:00:00/663-23:53:06,224) [events_power_ef]
(root,0,0,00:00:00/663-23:53:06,226) [scsi_eh_0]
(root,0,0,00:00:00/663-23:53:06,228) [scsi_tmf_0]
(root,0,0,00:00:00/663-23:53:06,229) [scsi_eh_1]
(root,0,0,00:00:00/663-23:53:06,231) [scsi_tmf_1]
(root,0,0,00:00:00/663-23:53:06,241) [ttm_swap]
(root,0,0,00:10:33/663-23:53:05,258) [kworker/0:1H]
(root,0,0,00:20:27/663-23:53:05,263) [jbd2/vda2-8]
(root,0,0,00:00:00/663-23:53:05,264) [ext4-rsv-conver]
(root,0,0,00:00:00/663-23:53:05,265) [ext4-unrsv-conv]
(root,71784,31272,05:27:23/663-23:53:03,334) /usr/lib/systemd/systemd-journald
(root,46404,5092,00:00:00/663-23:53:02,362) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/663-23:53:01,1003) [vballoon]
(root,0,0,00:00:00/663-23:53:01,1240) [jbd2/vda1-8]
(root,0,0,00:00:00/663-23:53:01,1250) [ext4-rsv-conver]
(root,0,0,00:00:00/663-23:53:01,1260) [ext4-unrsv-conv]
(root,0,0,00:00:00/663-23:53:01,1514) [rpciod]
(root,55460,1112,00:13:01/663-23:53:00,1519) /sbin/auditd
(root,26328,1764,00:55:45/663-23:53:00,1540) /usr/lib/systemd/systemd-logind
(dbus,32860,2100,01:33:51/663-23:53:00,1541) /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(rpc,69160,1060,00:00:57/663-23:53:00,1542) /sbin/rpcbind -w
(root,322524,24208,00:09:53/663-23:53:00,1545) /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
(ntp,29904,2148,00:07:17/663-23:53:00,1573) /usr/sbin/ntpd -u ntp:ntp -g
(root,195028,1232,00:00:00/663-23:52:59,1574) /usr/sbin/gssproxy -D
(root,126224,1680,00:10:16/663-23:52:59,1584) /usr/sbin/crond -n
(root,110036,824,00:00:00/663-23:52:59,1587) /sbin/agetty --noclear tty1 linux
(root,110036,836,00:00:00/663-23:52:59,1588) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt220
(root,221324,12116,04:54:05/663-23:52:59,1608) /usr/bin/python /usr/bin/supervisord -c /etc/supervisord.conf
(root,445332,10328,00:26:06/663-23:52:58,1696) /usr/sbin/NetworkManager --no-daemon
(root,51396,2692,00:00:00/663-23:52:58,1871) /usr/sbin/wpa_supplicant -u -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant/wpa_supplicant.conf -u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid
(polkitd,635908,13300,00:16:00/663-23:52:58,1872) /usr/lib/polkit-1/polkitd --no-debug
(root,82952,3688,00:22:11/663-23:52:44,2730) /usr/sbin/sshd -D
(root,555656,16372,01:16:21/663-23:52:44,2731) /usr/bin/python -Es /usr/sbin/tuned -l -P
(nobody,15552,1252,12:23:13/663-23:52:44,2732) /usr/sbin/dnsmasq -k
(root,570360,21588,03:10:55/663-23:52:43,2737) /usr/sbin/rsyslogd -n
(mongod,405968,78992,2-15:13:15/663-23:52:43,3071) /usr/bin/mongod -f /etc/mongod.conf
(root,780160,37332,06:32:52/663-23:52:43,3147) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,89472,2160,00:06:16/663-23:52:42,3672) /usr/libexec/postfix/master -w
(postfix,89752,4136,00:02:31/663-23:52:42,3679) qmgr -l -t unix -u
(root,44672,1816,00:00:00/212-20:22:50,6191) /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
(root,0,0,00:00:00/01:21:14,9508) [kworker/u2:1]
(root,0,0,00:00:00/01:12:14,10668) [kworker/0:1]
(haproxy,56480,9952,00:00:00/01:05:14,11582) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 20354
(haproxy,57424,9744,00:00:17/01:05:14,11587) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 20354
(postfix,89576,3924,00:00:00/01:00:26,12197) pickup -l -t unix -u
(root,1294888,64812,22:39:43/621-23:22:02,14367) /usr/bin/node app
(root,0,0,00:00:00/08:14,18844) [kworker/0:0]
(root,0,0,00:00:00/02:14,19607) [kworker/0:2]
(root,0,0,00:00:00/04:13:01,20065) [kworker/u2:2]
(root,113128,1580,00:00:00/00:00,20148) /bin/bash /usr/bin/check_mk_agent
(root,51652,1668,00:00:00/00:00,20164) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13268,716,00:00:00/00:00,20165) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:8d:b8:55 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
4: eth1.100@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
5: eth1.110@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
6: eth1.50@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-11-06 07:32

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a041e3f71b5dc18584730af1c3265443cb

Found public CheckMk agent:
Version: 1.5.0p21
AgentOS: linux
Hostname: proxylab.mum05.simpliwan.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,54512,6800,04:24:32/640-11:06:21,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:01/640-11:06:21,2) [kthreadd]
(root,0,0,00:04:46/640-11:06:21,3) [ksoftirqd/0]
(root,0,0,00:00:00/640-11:06:21,5) [kworker/0:0H]
(root,0,0,00:00:00/640-11:06:21,7) [migration/0]
(root,0,0,00:00:00/640-11:06:21,8) [rcu_bh]
(root,0,0,00:00:00/640-11:06:21,9) [rcuob/0]
(root,0,0,02:58:02/640-11:06:21,10) [rcu_sched]
(root,0,0,08:25:06/640-11:06:21,11) [rcuos/0]
(root,0,0,00:04:23/640-11:06:21,12) [watchdog/0]
(root,0,0,00:00:00/640-11:06:21,13) [khelper]
(root,0,0,00:00:00/640-11:06:21,14) [kdevtmpfs]
(root,0,0,00:00:00/640-11:06:21,15) [netns]
(root,0,0,00:00:00/640-11:06:21,16) [perf]
(root,0,0,00:00:00/640-11:06:21,17) [writeback]
(root,0,0,00:00:00/640-11:06:21,18) [kintegrityd]
(root,0,0,00:00:00/640-11:06:21,19) [bioset]
(root,0,0,00:00:00/640-11:06:21,20) [kblockd]
(root,0,0,00:00:00/640-11:06:21,21) [md]
(root,0,0,00:00:09/640-11:06:21,26) [khungtaskd]
(root,0,0,00:00:00/640-11:06:21,27) [kswapd0]
(root,0,0,00:00:00/640-11:06:21,28) [ksmd]
(root,0,0,00:02:08/640-11:06:21,29) [khugepaged]
(root,0,0,00:00:00/640-11:06:21,30) [fsnotify_mark]
(root,0,0,00:00:00/640-11:06:21,31) [crypto]
(root,0,0,00:00:00/640-11:06:21,39) [kthrotld]
(root,0,0,00:00:00/640-11:06:21,41) [kmpath_rdacd]
(root,0,0,00:00:00/640-11:06:20,42) [kpsmoused]
(root,0,0,00:00:00/640-11:06:20,44) [ipv6_addrconf]
(root,0,0,00:00:00/640-11:06:20,63) [deferwq]
(root,0,0,00:01:48/640-11:06:20,115) [kauditd]
(root,0,0,00:00:00/640-11:06:20,218) [ata_sff]
(root,0,0,00:00:00/640-11:06:20,224) [events_power_ef]
(root,0,0,00:00:00/640-11:06:20,226) [scsi_eh_0]
(root,0,0,00:00:00/640-11:06:20,228) [scsi_tmf_0]
(root,0,0,00:00:00/640-11:06:20,229) [scsi_eh_1]
(root,0,0,00:00:00/640-11:06:20,231) [scsi_tmf_1]
(root,0,0,00:00:00/640-11:06:20,241) [ttm_swap]
(root,0,0,00:10:09/640-11:06:19,258) [kworker/0:1H]
(root,0,0,00:19:40/640-11:06:19,263) [jbd2/vda2-8]
(root,0,0,00:00:00/640-11:06:19,264) [ext4-rsv-conver]
(root,0,0,00:00:00/640-11:06:19,265) [ext4-unrsv-conv]
(root,63608,23944,05:15:32/640-11:06:17,334) /usr/lib/systemd/systemd-journald
(root,46404,5092,00:00:00/640-11:06:16,362) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/640-11:06:15,1003) [vballoon]
(root,0,0,00:00:00/640-11:06:15,1240) [jbd2/vda1-8]
(root,0,0,00:00:00/640-11:06:15,1250) [ext4-rsv-conver]
(root,0,0,00:00:00/640-11:06:15,1260) [ext4-unrsv-conv]
(haproxy,56504,9956,00:00:00/11:58:28,1304) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 15745
(haproxy,57828,10152,00:03:19/11:58:28,1308) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 15745
(root,0,0,00:00:00/640-11:06:15,1514) [rpciod]
(root,55460,1112,00:12:24/640-11:06:14,1519) /sbin/auditd
(root,26328,1764,00:53:39/640-11:06:14,1540) /usr/lib/systemd/systemd-logind
(dbus,32860,2100,01:30:25/640-11:06:14,1541) /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(rpc,69160,1060,00:00:55/640-11:06:14,1542) /sbin/rpcbind -w
(root,322524,24208,00:09:33/640-11:06:14,1545) /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
(ntp,29904,2148,00:07:00/640-11:06:14,1573) /usr/sbin/ntpd -u ntp:ntp -g
(root,195028,1232,00:00:00/640-11:06:13,1574) /usr/sbin/gssproxy -D
(root,126224,1680,00:09:50/640-11:06:13,1584) /usr/sbin/crond -n
(root,110036,824,00:00:00/640-11:06:13,1587) /sbin/agetty --noclear tty1 linux
(root,110036,836,00:00:00/640-11:06:13,1588) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt220
(root,221324,12116,04:35:50/640-11:06:13,1608) /usr/bin/python /usr/bin/supervisord -c /etc/supervisord.conf
(root,445332,10328,00:25:09/640-11:06:12,1696) /usr/sbin/NetworkManager --no-daemon
(root,51396,2692,00:00:00/640-11:06:12,1871) /usr/sbin/wpa_supplicant -u -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant/wpa_supplicant.conf -u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid
(polkitd,635908,13300,00:15:26/640-11:06:12,1872) /usr/lib/polkit-1/polkitd --no-debug
(root,82952,3688,00:21:05/640-11:05:58,2730) /usr/sbin/sshd -D
(root,555656,16372,01:13:39/640-11:05:58,2731) /usr/bin/python -Es /usr/sbin/tuned -l -P
(nobody,15552,1252,11:40:26/640-11:05:58,2732) /usr/sbin/dnsmasq -k
(root,558020,18112,03:03:49/640-11:05:57,2737) /usr/sbin/rsyslogd -n
(mongod,405968,78992,2-12:55:25/640-11:05:57,3071) /usr/bin/mongod -f /etc/mongod.conf
(root,753756,32344,06:15:58/640-11:05:57,3147) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,89472,2160,00:06:01/640-11:05:56,3672) /usr/libexec/postfix/master -w
(postfix,89752,4136,00:02:25/640-11:05:56,3679) qmgr -l -t unix -u
(root,44672,1816,00:00:00/189-07:36:04,6191) /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
(postfix,89576,3920,00:00:00/01:38:00,14350) pickup -l -t unix -u
(root,1295912,65428,21:38:49/598-10:35:16,14367) /usr/bin/node app
(root,0,0,00:00:00/01:27:15,15712) [kworker/0:0]
(root,0,0,00:00:00/07:28,25766) [kworker/0:2]
(root,0,0,00:00:00/01:28,26509) [kworker/0:1]
(root,113128,1584,00:00:00/00:00,26926) /bin/bash /usr/bin/check_mk_agent
(root,51652,1664,00:00:00/00:00,26942) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13268,716,00:00:00/00:00,26943) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/12:30:28,29789) [kworker/u2:1]
(root,0,0,00:00:00/08:08:15,30264) [kworker/u2:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:8d:b8:55 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
4: eth1.100@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
5: eth1.110@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
6: eth1.50@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-10-13 18:46

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a041e3f71b5dc18584730af1c35b7c1118

Found public CheckMk agent:
Version: 1.5.0p21
AgentOS: linux
Hostname: proxylab.mum05.simpliwan.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,54512,6800,03:34:22/522-14:35:58,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:01/522-14:35:58,2) [kthreadd]
(root,0,0,00:03:25/522-14:35:58,3) [ksoftirqd/0]
(root,0,0,00:00:00/522-14:35:58,5) [kworker/0:0H]
(root,0,0,00:00:00/522-14:35:58,7) [migration/0]
(root,0,0,00:00:00/522-14:35:58,8) [rcu_bh]
(root,0,0,00:00:00/522-14:35:58,9) [rcuob/0]
(root,0,0,02:18:32/522-14:35:58,10) [rcu_sched]
(root,0,0,06:33:31/522-14:35:58,11) [rcuos/0]
(root,0,0,00:03:34/522-14:35:58,12) [watchdog/0]
(root,0,0,00:00:00/522-14:35:58,13) [khelper]
(root,0,0,00:00:00/522-14:35:58,14) [kdevtmpfs]
(root,0,0,00:00:00/522-14:35:58,15) [netns]
(root,0,0,00:00:00/522-14:35:58,16) [perf]
(root,0,0,00:00:00/522-14:35:58,17) [writeback]
(root,0,0,00:00:00/522-14:35:58,18) [kintegrityd]
(root,0,0,00:00:00/522-14:35:58,19) [bioset]
(root,0,0,00:00:00/522-14:35:58,20) [kblockd]
(root,0,0,00:00:00/522-14:35:58,21) [md]
(root,0,0,00:00:07/522-14:35:58,26) [khungtaskd]
(root,0,0,00:00:00/522-14:35:58,27) [kswapd0]
(root,0,0,00:00:00/522-14:35:58,28) [ksmd]
(root,0,0,00:01:43/522-14:35:58,29) [khugepaged]
(root,0,0,00:00:00/522-14:35:58,30) [fsnotify_mark]
(root,0,0,00:00:00/522-14:35:58,31) [crypto]
(root,0,0,00:00:00/522-14:35:58,39) [kthrotld]
(root,0,0,00:00:00/522-14:35:58,41) [kmpath_rdacd]
(root,0,0,00:00:00/522-14:35:57,42) [kpsmoused]
(root,0,0,00:00:00/522-14:35:57,44) [ipv6_addrconf]
(root,0,0,00:00:00/522-14:35:57,63) [deferwq]
(root,0,0,00:01:32/522-14:35:57,115) [kauditd]
(root,0,0,00:00:00/522-14:35:57,218) [ata_sff]
(root,0,0,00:00:00/522-14:35:57,224) [events_power_ef]
(root,0,0,00:00:00/522-14:35:57,226) [scsi_eh_0]
(root,0,0,00:00:00/522-14:35:57,228) [scsi_tmf_0]
(root,0,0,00:00:00/522-14:35:57,229) [scsi_eh_1]
(root,0,0,00:00:00/522-14:35:57,231) [scsi_tmf_1]
(root,0,0,00:00:00/522-14:35:57,241) [ttm_swap]
(root,0,0,00:08:16/522-14:35:56,258) [kworker/0:1H]
(root,0,0,00:15:49/522-14:35:56,263) [jbd2/vda2-8]
(root,0,0,00:00:00/522-14:35:56,264) [ext4-rsv-conver]
(root,0,0,00:00:00/522-14:35:56,265) [ext4-unrsv-conv]
(root,39032,7108,04:22:06/522-14:35:54,334) /usr/lib/systemd/systemd-journald
(root,46404,5092,00:00:00/522-14:35:53,362) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/522-14:35:52,1003) [vballoon]
(root,0,0,00:00:00/522-14:35:52,1240) [jbd2/vda1-8]
(root,0,0,00:00:00/522-14:35:52,1250) [ext4-rsv-conver]
(root,0,0,00:00:00/522-14:35:52,1260) [ext4-unrsv-conv]
(root,0,0,00:00:00/522-14:35:52,1514) [rpciod]
(root,55460,1112,00:10:35/522-14:35:51,1519) /sbin/auditd
(root,26328,1764,00:43:37/522-14:35:51,1540) /usr/lib/systemd/systemd-logind
(dbus,32860,2100,01:13:35/522-14:35:51,1541) /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(rpc,69160,1060,00:00:45/522-14:35:51,1542) /sbin/rpcbind -w
(root,322524,24208,00:07:49/522-14:35:51,1545) /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
(ntp,29904,2148,00:05:45/522-14:35:51,1573) /usr/sbin/ntpd -u ntp:ntp -g
(root,195028,1232,00:00:00/522-14:35:50,1574) /usr/sbin/gssproxy -D
(root,126224,1680,00:08:03/522-14:35:50,1584) /usr/sbin/crond -n
(root,110036,824,00:00:00/522-14:35:50,1587) /sbin/agetty --noclear tty1 linux
(root,110036,836,00:00:00/522-14:35:50,1588) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt220
(root,221324,12116,03:02:44/522-14:35:50,1608) /usr/bin/python /usr/bin/supervisord -c /etc/supervisord.conf
(root,445332,10328,00:20:28/522-14:35:49,1696) /usr/sbin/NetworkManager --no-daemon
(haproxy,56612,10116,00:00:00/22-13:30:05,1743) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 11874
(haproxy,57804,10128,00:10:16/22-13:30:05,1747) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 11874
(root,51396,2692,00:00:00/522-14:35:49,1871) /usr/sbin/wpa_supplicant -u -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant/wpa_supplicant.conf -u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid
(polkitd,635908,13300,00:12:34/522-14:35:49,1872) /usr/lib/polkit-1/polkitd --no-debug
(root,82952,3688,00:18:15/522-14:35:35,2730) /usr/sbin/sshd -D
(root,555656,16372,01:00:01/522-14:35:35,2731) /usr/bin/python -Es /usr/sbin/tuned -l -P
(nobody,15552,1252,06:29:36/522-14:35:35,2732) /usr/sbin/dnsmasq -k
(root,545380,9232,02:30:51/522-14:35:34,2737) /usr/sbin/rsyslogd -n
(mongod,405968,78992,2-01:20:42/522-14:35:34,3071) /usr/bin/mongod -f /etc/mongod.conf
(root,756692,28752,05:16:44/522-14:35:34,3147) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,0,0,00:00:00/16:25:05,3649) [kworker/u2:1]
(root,89472,2160,00:04:58/522-14:35:33,3672) /usr/libexec/postfix/master -w
(postfix,89752,4136,00:01:59/522-14:35:33,3679) qmgr -l -t unix -u
(root,44672,1816,00:00:00/71-11:05:41,6191) /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
(root,0,0,00:00:00/1-04:10:03,13519) [kworker/u2:2]
(root,1289768,60040,16:27:08/480-14:04:53,14367) /usr/bin/node app
(haproxy,56612,10116,00:00:00/28-13:25:06,20478) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 32427
(haproxy,58720,11388,00:12:58/28-13:25:05,20483) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 32427
(root,0,0,00:00:00/51:04,22095) [kworker/0:0]
(haproxy,56632,10092,00:00:00/13:48:05,23206) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 7291
(haproxy,57732,10004,00:03:39/13:48:05,23211) /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 7291
(postfix,89576,3928,00:00:00/11:03,27136) pickup -l -t unix -u
(root,0,0,00:00:00/09:05,27278) [kworker/0:1]
(root,0,0,00:00:00/03:05,28008) [kworker/0:2]
(root,113128,1588,00:00:00/00:00,28659) /bin/bash /usr/bin/check_mk_agent
(root,51652,1664,00:00:00/00:00,28675) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13268,720,00:00:00/00:00,28676) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:8d:b8:55 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
4: eth1.100@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
5: eth1.110@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
6: eth1.50@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 52:54:00:c3:27:13 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-06-17 22:17

Create report

Open service 123.108.59.4:22

2024-05-25 07:58
Found 2024-05-25 by SSHOpenPlugin
Create report

Open service 123.108.59.4:80

2024-05-25 06:07

HTTP/1.1 403 Forbidden
Date: Sat, 25 May 2024 06:23:50 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Connection: close
Content-Type: text/html; charset=UTF-8

Page title: Apache HTTP Server Test Page powered by CentOS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
		<title>Apache HTTP Server Test Page powered by CentOS</title>
		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!-- Bootstrap -->
    <link href="/noindex/css/bootstrap.min.css" rel="stylesheet">
    <link rel="stylesheet" href="noindex/css/open-sans.css" type="text/css" />

<style type="text/css"><!--		 

body {
  font-family: "Open Sans", Helvetica, sans-serif;
  font-weight: 100;
  color: #ccc;
  background: rgba(10, 24, 55, 1);
  font-size: 16px;
}

h2, h3, h4 {
  font-weight: 200;
}

h2 {
  font-size: 28px;
}

.jumbotron {
  margin-bottom: 0;
  color: #333;
  background: rgb(212,212,221); /* Old browsers */
  background: radial-gradient(ellipse at center top, rgba(255,255,255,1) 0%,rgba(174,174,183,1) 100%); /* W3C */
}

.jumbotron h1 {
  font-size: 128px;
  font-weight: 700;
  color: white;
  text-shadow: 0px 2px 0px #abc,
               0px 4px 10px rgba(0,0,0,0.15),
               0px 5px 2px rgba(0,0,0,0.1),
               0px 6px 30px rgba(0,0,0,0.1);
}

.jumbotron p {
  font-size: 28px;
  font-weight: 100;
}

.main {
   background: white;
   color: #234;
   border-top: 1px solid rgba(0,0,0,0.12);
   padding-top: 30px;
   padding-bottom: 40px;
}

.footer {
   border-top: 1px solid rgba(255,255,255,0.2);
   padding-top: 30px;
}

    --></style>
</head>
<body>
  <div class="jumbotron text-center">
    <div class="container">
   	  <h1>Testing 123..</h1>
  		<p class="lead">This page is used to test the proper operation of the <a href="http://apache.org">Apache HTTP server</a> after it has been installed. If you can read this page it means that this site is working properly. This server is powered by <a href="http://centos.org">CentOS</a>.</p>
		</div>
  </div>
  <div class="main">
    <div class="container">
       <div class="row">
  			<div class="col-sm-6">
    			<h2>Just visiting?</h2>
			  		<p class="lead">The website you just visited is either experiencing problems or is undergoing routine maintenance.</p>
  					<p>If you would like to let the administrators of this website know that you've seen this page instead of the page you expected, you should send them e-mail. In general, mail sent to the name "webmaster" and directed to the website's domain should reach the appropriate person.</p>
  					<p>For example, if you experienced problems while visiting www.example.com, you should send e-mail to "webmaster@example.com".</p>
	  			</div>
  				<div class="col-sm-6">
	  				<h2>Are you the Administrator?</h2>
		  			<p>You should add your website content to the directory <tt>/var/www/html/</tt>.</p>
		  			<p>To prevent this page from ever being used, follow the instructions in the file <tt>/etc/httpd/conf.d/welcome.conf</tt>.</p>

	  				<h2>Promoting Apache and CentOS</h2>
			  		<p>You are free to use the images below on Apache and CentOS Linux powered HTTP servers.  Thanks for using Apache and CentOS!</p>
				  	<p><a href="http://httpd.apache.org/"><img src="images/apache_pb.gif" alt="[ Powered by Apache ]"></a> <a href="http://www.centos.org/"><img src="images/poweredby.png" alt="[ Powered by CentOS Linux ]" height="31" width="88"></a></p>
  				</div>
	  		</div>
	    </div>
		</div>
	</div>
	  <div class="footer">
      <div class="container">
        <div class="row">
          <div class="col-sm-6">          
            <h2>Important note:</h2>
            <p class="lead">The CentOS Project has nothing to do with this website or its content,
            it just provides the software that makes the website run.</p>
            
            <p>If you have issues with the content of this site, contact the owner of the domain, not the CentOS project. 
            Unless you intended to visit CentOS.org, the CentOS Project does not have anything to do with this website,
            the content or the lack of it.</p>
            <p>For example, if this website is www.example.com, you would find the

Found 2024-05-25 by HttpPlugin

Create report

Domain summary

No record