LeakIX - Host 128.199.84.47

Host 128.199.84.47

Singapore

DIGITALOCEAN-ASN

Ubuntu

Software information

Apache Apache 2.4.29

tcp/443

CheckMK monitoring endpoint publicly available

An open CheckMK agent is publicly available.

This could leak sensitive information such as :

Process list ( maybe credentials )
Network interfaces
Running services
Firewall rules
Internal OS configuration

https://docs.checkmk.com/latest/en/wato_monitoringagents.html

IP: 128.199.84.47
Port: 6556

First seen 2024-10-29 13:34
Last seen 2024-12-22 00:57
Open for 53 days

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce81bedf3d

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,6744,00:18:27,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:02:52,9) [ksoftirqd/0]
(root,0,0,02:35:11,10) [rcu_sched]
(root,0,0,00:01:01,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:59,17) [migration/1]
(root,0,0,00:02:17,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:08,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:01,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:01:16,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:02:02,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:02:54,168) [kworker/1:1H-kb]
(root,0,0,00:01:45,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:07:40,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,466608,272416,00:38:18,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3028,00:00:17,571) /sbin/rpcbind -f -w
(systemd+,141788,1792,00:00:13,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3448,00:00:12,686) /lib/systemd/systemd-networkd
(systemd+,70756,4160,00:14:38,710) /lib/systemd/systemd-resolved
(root,45504,3328,00:01:54,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3600,00:06:28,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3956,00:00:46,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4632,00:09:14,934) /usr/sbin/rsyslogd -n
(root,288004,3868,00:08:03,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:04:15,944) /usr/sbin/irqbalance --foreground
(root,171252,4720,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832808,2800,00:00:49,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:01:31,952) /usr/sbin/cron -f
(root,70516,4440,00:01:36,961) /lib/systemd/systemd-logind
(root,288884,3220,00:01:26,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1816768,23716,00:55:27,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7760,01:00:43,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,9092,00:09:08,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,8568,00:34:47,1021) /usr/bin/containerd
(root,188080,5608,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4268,00:04:46,1038) /usr/sbin/sshd -D
(nagios,324004,5732,00:36:51,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4736,13:25:03,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1595252,139316,02:38:15,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:06:25,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,3584,00:00:00,1141) php-fpm: pool www
(www-data,523776,3584,00:00:00,1142) php-fpm: pool www
(nagios,921668,7752,00:56:14,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1572304,44392,00:08:14,1185) /usr/sbin/apache2 -k start
(root,1569424,17204,00:17:02,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4172,00:27:52,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,912088,26432,00:03:45,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:03:03,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2164,00:09:33,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,1860,00:09:52,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,0,0,00:00:02,1666) [kworker/0:2-eve]
(root,2572412,27764,00:41:14,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3324,00:30:52,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,75620,02:58:36,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1167352,38788,11-03:22:23,1811) p2pclient -l ashan@cybergate.lk
(root,556288,2820,00:07:05,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,45508,02:09:48,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,128424,02:26:48,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,66184,02:17:30,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,89660,02:24:35,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(www-data,1729928,125676,00:00:02,2801) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,4268) [kworker/u4:1-ev]
(root,24192,2480,00:00:10,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,95088,10340,01:25:02,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,0,0,00:00:00,7370) [kworker/u4:3-ev]
(root,0,0,00:00:00,8791) [kworker/0:1]
(root,0,0,00:00:00,8792) [kworker/1:2-eve]
(www-data,470076,53988,00:00:00,8810) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,54408,00:00:00,8829) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56652,00:00:01,8843) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,54040,00:00:00,8852) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56744,00:00:00,8898) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53920,00:00:00,8908) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56776,00:00:00,8920) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56696,00:00:00,8930) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56520,00:00:00,8940) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53740,00:00:00,8951) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56392,00:00:00,8990) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53952,00:00:00,9006) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56556,00:00:00,9037) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56404,00:00:00,9117) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71976,00:00:00,9310) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71976,00:00:00,9549) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,11038) [kworker/1:1-eve]
(www-data,489264,71896,00:00:00,11382) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74932,00:00:00,11405) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74696,00:00:00,11414) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71816,00:00:00,11425) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72348,00:00:00,11462) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71868,00:00:00,11472) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74764,00:00:00,11482) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74888,00:00:00,11493) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71916,00:00:00,11504) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74976,00:00:00,11514) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,75104,00:00:00,11549) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74792,00:00:00,11619) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74688,00:00:00,11629) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71920,00:00:00,11817) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,12060) [kworker/u4:0-ev]
(root,59236,3288,00:00:00,12068) /usr/sbin/CRON -f
(www-data,4636,856,00:00:00,12071) /bin/sh -c cd /var/www/html/sltdemo/web-portal && /usr/bin/php artisan schedule:run >> /dev/null 2>&1
(www-data,489264,72828,00:00:00,12073) /usr/bin/php artisan schedule:run
(www-data,4636,856,00:00:00,12092) sh -c '/usr/bin/php7.4' 'artisan' recordings_auto_upload:cron > '/dev/null' 2>&1
(www-data,489268,73352,00:00:00,12093) /usr/bin/php7.4 artisan recordings_auto_upload:cron
(root,21776,3568,00:00:00,12368) /bin/bash /usr/bin/check_mk_agent
(root,36708,3228,00:00:00,12377) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1024,00:00:00,12378) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(www-data,1727300,123048,00:00:01,15669) /usr/sbin/apache2 -k start
(www-data,1732416,81672,00:00:01,15671) /usr/sbin/apache2 -k start
(www-data,1728668,98944,00:00:01,15672) /usr/sbin/apache2 -k start
(www-data,1725908,128248,00:00:03,26121) /usr/sbin/apache2 -k start
(www-data,1729832,128424,00:00:02,26122) /usr/sbin/apache2 -k start
(www-data,1726344,145368,00:00:03,26123) /usr/sbin/apache2 -k start
(www-data,1732656,136328,00:00:04,26124) /usr/sbin/apache2 -k start
(www-data,1725700,121300,00:00:02,26125) /usr/sbin/apache2 -k start
(www-data,1733196,130620,00:00:02,26182) /usr/sbin/apache2 -k start

Found on 2024-12-22 00:57

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce77c7a1cb

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,6744,00:18:05,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:02:49,9) [ksoftirqd/0]
(root,0,0,02:32:19,10) [rcu_sched]
(root,0,0,00:01:00,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:58,17) [migration/1]
(root,0,0,00:02:14,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:08,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:01,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:01:14,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:59,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:02:50,168) [kworker/1:1H-kb]
(root,0,0,00:01:43,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:07:31,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,347636,215908,00:37:28,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3032,00:00:16,571) /sbin/rpcbind -f -w
(systemd+,141788,1792,00:00:12,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3452,00:00:11,686) /lib/systemd/systemd-networkd
(systemd+,70756,4160,00:14:21,710) /lib/systemd/systemd-resolved
(root,45504,3340,00:01:52,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3608,00:06:20,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3956,00:00:45,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4632,00:09:03,934) /usr/sbin/rsyslogd -n
(root,288004,3912,00:07:52,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:04:10,944) /usr/sbin/irqbalance --foreground
(root,171252,4736,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832836,2436,00:00:48,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:01:29,952) /usr/sbin/cron -f
(root,70516,4440,00:01:34,961) /lib/systemd/systemd-logind
(root,288884,3232,00:01:24,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,22864,00:54:20,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7764,00:59:29,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,9100,00:08:56,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,9060,00:34:03,1021) /usr/bin/containerd
(root,188080,5624,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4268,00:04:41,1038) /usr/sbin/sshd -D
(nagios,324004,5732,00:36:05,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4740,13:08:40,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1595252,144784,02:34:44,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:06:17,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,3584,00:00:00,1141) php-fpm: pool www
(www-data,523776,3584,00:00:00,1142) php-fpm: pool www
(nagios,921668,7772,00:55:05,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1552536,44168,00:08:04,1185) /usr/sbin/apache2 -k start
(root,1569424,18372,00:16:42,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4172,00:27:18,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,912088,29976,00:03:40,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:03:00,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2200,00:09:24,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,2200,00:09:43,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2571020,27064,00:40:22,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3332,00:30:12,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,75376,02:54:56,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1167352,38696,11-03:06:36,1811) p2pclient -l ashan@cybergate.lk
(root,556288,2820,00:06:56,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,41912,02:07:08,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,128612,02:23:48,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,66580,02:14:40,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,93700,02:21:39,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(www-data,1709852,110456,00:00:28,6535) /usr/sbin/apache2 -k start
(www-data,1707828,113468,00:00:28,6536) /usr/sbin/apache2 -k start
(www-data,1710252,124516,00:00:28,6537) /usr/sbin/apache2 -k start
(www-data,1710136,110720,00:00:28,6538) /usr/sbin/apache2 -k start
(www-data,1716316,115400,00:00:28,6539) /usr/sbin/apache2 -k start
(www-data,1705544,106540,00:00:28,6594) /usr/sbin/apache2 -k start
(root,24192,2480,00:00:10,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,94772,10484,01:23:13,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(www-data,1709664,105868,00:00:27,14240) /usr/sbin/apache2 -k start
(root,0,0,00:00:01,24704) [kworker/0:2-eve]
(root,0,0,00:00:01,26596) [kworker/1:1-eve]
(www-data,489264,72096,00:00:01,26828) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,26836) [kworker/u4:2-ev]
(www-data,491820,74884,00:00:00,26888) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,75036,00:00:00,26900) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72016,00:00:00,26910) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72188,00:00:00,26923) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72176,00:00:00,26933) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74772,00:00:00,26964) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,75004,00:00:00,26975) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71804,00:00:00,26985) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,75088,00:00:00,26996) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74880,00:00:00,27067) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74788,00:00:00,27079) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74752,00:00:00,27123) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72100,00:00:00,27295) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,28401) [kworker/u4:1-ev]
(www-data,470076,53972,00:00:00,28509) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,54096,00:00:00,28539) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53884,00:00:00,28552) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56452,00:00:00,28563) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56688,00:00:00,28576) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56388,00:00:00,28585) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56292,00:00:00,28596) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,54344,00:00:00,28609) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,54200,00:00:00,28668) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56440,00:00:00,28680) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56520,00:00:00,28699) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,28839) [kworker/1:0-eve]
(root,0,0,00:00:00,28852) [kworker/0:1]
(www-data,470076,54160,00:00:00,28862) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56544,00:00:00,28882) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56432,00:00:00,28976) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,1702612,38544,00:00:00,29178) /usr/sbin/apache2 -k start
(www-data,489264,71916,00:00:00,29183) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72152,00:00:00,29435) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,29877) [kworker/u4:0]
(root,21776,3528,00:00:00,29924) /bin/bash /usr/bin/check_mk_agent
(root,36708,3108,00:00:00,29933) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1164,00:00:00,29934) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(www-data,1705324,104276,00:00:26,31559) /usr/sbin/apache2 -k start

Found on 2024-12-20 00:24

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ced28666c8

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,7404,00:17:43,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:02:45,9) [ksoftirqd/0]
(root,0,0,02:29:28,10) [rcu_sched]
(root,0,0,00:00:58,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:56,17) [migration/1]
(root,0,0,00:02:12,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:08,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:01,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:01:13,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:56,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:02:47,168) [kworker/1:1H-kb]
(root,0,0,00:01:41,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:07:21,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,507428,286960,00:36:26,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3036,00:00:16,571) /sbin/rpcbind -f -w
(systemd+,141788,1792,00:00:12,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3456,00:00:11,686) /lib/systemd/systemd-networkd
(systemd+,70756,4164,00:13:57,710) /lib/systemd/systemd-resolved
(root,45504,3344,00:01:49,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3608,00:06:12,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3956,00:00:44,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4632,00:08:47,934) /usr/sbin/rsyslogd -n
(root,288004,3924,00:07:41,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:04:05,944) /usr/sbin/irqbalance --foreground
(root,171252,4740,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832820,2516,00:00:47,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:01:28,952) /usr/sbin/cron -f
(root,70516,4484,00:01:32,961) /lib/systemd/systemd-logind
(root,288884,3284,00:01:23,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,23652,00:53:17,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7764,00:58:18,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,9104,00:08:45,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,9632,00:33:21,1021) /usr/bin/containerd
(root,188080,5628,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4348,00:04:35,1038) /usr/sbin/sshd -D
(www-data,1686952,70596,00:00:00,1039) /usr/sbin/apache2 -k start
(nagios,324004,5732,00:35:21,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4724,12:53:02,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1595252,135992,02:31:20,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:06:09,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,3584,00:00:00,1141) php-fpm: pool www
(www-data,523776,3584,00:00:00,1142) php-fpm: pool www
(nagios,921668,7624,00:54:00,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1532768,44008,00:07:54,1185) /usr/sbin/apache2 -k start
(root,1569424,18232,00:16:22,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4172,00:26:46,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,912088,23832,00:03:36,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:02:56,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2208,00:09:16,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,2264,00:09:35,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(www-data,489264,72120,00:00:01,1651) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,75088,00:00:01,1665) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74832,00:00:01,1674) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,2569288,29736,00:39:37,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(www-data,489264,72524,00:00:01,1706) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,488208,3360,00:29:34,1714) /var/ossec/bin/wazuh-logcollector
(www-data,489264,72024,00:00:01,1728) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72032,00:00:01,1739) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74752,00:00:01,1756) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74884,00:00:01,1767) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,1646336,77988,02:51:25,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(www-data,489264,72092,00:00:01,1780) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,1167352,38732,11-02:51:30,1811) p2pclient -l ashan@cybergate.lk
(www-data,491820,74752,00:00:01,1823) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74816,00:00:01,1838) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,75096,00:00:01,1849) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,556288,2820,00:06:48,1855) /var/ossec/bin/wazuh-modulesd
(www-data,491820,74756,00:00:01,1869) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,1553064,45308,02:04:34,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,128972,02:20:55,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,67528,02:11:59,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(www-data,489264,71892,00:00:00,2140) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,1567012,96928,02:18:49,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(root,0,0,00:00:00,2468) [kworker/u4:1-ev]
(www-data,470076,54224,00:00:00,3270) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53848,00:00:00,3281) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53952,00:00:00,3330) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56396,00:00:00,3343) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56800,00:00:00,3357) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56424,00:00:00,3367) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56624,00:00:00,3377) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,54344,00:00:00,3386) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53952,00:00:00,3396) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56636,00:00:00,3411) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,3442) [kworker/u4:2-ev]
(www-data,472128,56384,00:00:00,3445) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53784,00:00:00,3460) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56592,00:00:00,3471) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56712,00:00:00,3517) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,3756) [kworker/1:1-mm_]
(www-data,489264,72156,00:00:00,3880) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71996,00:00:00,4094) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,5057) [kworker/u4:0-ev]
(root,21776,3568,00:00:00,5291) /bin/bash /usr/bin/check_mk_agent
(root,36708,3268,00:00:00,5300) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1016,00:00:00,5301) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,24192,2480,00:00:10,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,94264,10328,01:21:28,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(www-data,1690332,106252,00:00:02,10588) /usr/sbin/apache2 -k start
(www-data,1686064,98768,00:00:02,10589) /usr/sbin/apache2 -k start
(www-data,1687844,98388,00:00:01,10591) /usr/sbin/apache2 -k start
(www-data,1692064,110688,00:00:02,10592) /usr/sbin/apache2 -k start
(www-data,1692468,104724,00:00:01,10593) /usr/sbin/apache2 -k start
(www-data,1692216,103296,00:00:02,10683) /usr/sbin/apache2 -k start
(root,0,0,00:00:05,18330) [kworker/0:1-eve]
(root,0,0,00:00:00,31211) [kworker/0:2-eve]
(root,0,0,00:00:02,32692) [kworker/1:0-eve]

Found on 2024-12-18 01:33

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce0c4231c8

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,6804,00:17:20,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:02:42,9) [ksoftirqd/0]
(root,0,0,02:26:36,10) [rcu_sched]
(root,0,0,00:00:57,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:55,17) [migration/1]
(root,0,0,00:02:09,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:08,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:01,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:01:11,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:54,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:02:43,168) [kworker/1:1H-kb]
(root,0,0,00:01:38,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:07:12,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,336120,200912,00:35:32,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3044,00:00:16,571) /sbin/rpcbind -f -w
(systemd+,141788,1796,00:00:12,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3464,00:00:11,686) /lib/systemd/systemd-networkd
(systemd+,70756,4164,00:13:38,710) /lib/systemd/systemd-resolved
(root,45504,3352,00:01:47,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3612,00:06:04,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3956,00:00:43,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4632,00:08:34,934) /usr/sbin/rsyslogd -n
(root,288004,3960,00:07:30,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:04:00,944) /usr/sbin/irqbalance --foreground
(root,171252,4748,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832816,2804,00:00:46,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:01:26,952) /usr/sbin/cron -f
(root,70516,4504,00:01:30,961) /lib/systemd/systemd-logind
(root,288884,3284,00:01:21,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,23448,00:52:10,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7788,00:57:02,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,9116,00:08:34,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,9180,00:32:37,1021) /usr/bin/containerd
(root,188080,5640,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4348,00:04:30,1038) /usr/sbin/sshd -D
(nagios,324004,5732,00:34:35,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4716,12:36:33,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1595252,137252,02:27:49,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:06:01,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,3584,00:00:00,1141) php-fpm: pool www
(www-data,523776,3584,00:00:00,1142) php-fpm: pool www
(nagios,921668,7776,00:52:54,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1512960,43856,00:07:43,1185) /usr/sbin/apache2 -k start
(root,1569424,17112,00:16:01,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4172,00:26:11,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,912088,26376,00:03:31,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:02:53,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2116,00:09:08,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,1948,00:09:27,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2570656,27784,00:38:46,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3364,00:28:55,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,75912,02:47:43,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1167352,39432,11-02:35:49,1811) p2pclient -l ashan@cybergate.lk
(root,556288,2820,00:06:39,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,43544,02:01:51,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,129476,02:17:53,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,69488,02:09:09,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,101836,02:15:49,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(www-data,1669916,105468,00:00:00,5805) /usr/sbin/apache2 -k start
(www-data,1668176,104616,00:00:00,5834) /usr/sbin/apache2 -k start
(www-data,1667804,103896,00:00:00,5949) /usr/sbin/apache2 -k start
(www-data,1669504,80304,00:00:00,5950) /usr/sbin/apache2 -k start
(www-data,1665888,104392,00:00:00,5954) /usr/sbin/apache2 -k start
(www-data,1666076,71920,00:00:00,5993) /usr/sbin/apache2 -k start
(root,0,0,00:00:01,6447) [kworker/0:0-eve]
(root,24192,2480,00:00:10,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,93724,10324,01:19:38,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(www-data,1675396,141544,00:00:02,8081) /usr/sbin/apache2 -k start
(www-data,1671556,131716,00:00:02,8082) /usr/sbin/apache2 -k start
(www-data,1666876,130424,00:00:02,8084) /usr/sbin/apache2 -k start
(www-data,489264,71952,00:00:01,8544) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72240,00:00:00,10013) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74996,00:00:00,10127) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74820,00:00:00,10137) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71940,00:00:00,10146) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71952,00:00:00,10161) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72188,00:00:00,10171) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74904,00:00:00,10278) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,10316) [kworker/0:1-eve]
(www-data,491820,74824,00:00:00,10331) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71808,00:00:00,10341) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74860,00:00:00,10350) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74928,00:00:00,10363) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74972,00:00:00,10373) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74856,00:00:00,10421) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71940,00:00:00,10616) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,11308) [kworker/u4:1-ev]
(www-data,470076,54064,00:00:00,11621) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,54132,00:00:00,11630) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,54056,00:00:00,11641) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56480,00:00:00,11650) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56656,00:00:00,11665) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56476,00:00:00,11697) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56504,00:00:00,11705) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53740,00:00:00,11713) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53764,00:00:00,11725) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56276,00:00:00,11726) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,11853) [kworker/u4:0-ev]
(www-data,472128,56572,00:00:00,11854) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53832,00:00:00,11897) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56744,00:00:00,11907) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56564,00:00:00,11963) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,72304,5628,00:00:00,12064) sshd: [accepted]
(www-data,489264,72356,00:00:00,12187) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,12339) [kworker/1:0-eve]
(root,0,0,00:00:00,12351) [kworker/1:3]
(root,21908,3596,00:00:00,12354) /bin/bash /usr/bin/check_mk_agent
(www-data,1673148,132304,00:00:02,12382) /usr/sbin/apache2 -k start
(root,520908,33856,00:00:00,12408) /usr/bin/php ./mysql
(root,21908,3512,00:00:00,12411) /bin/bash /usr/bin/check_mk_agent
(root,520908,33836,00:00:00,12464) /usr/bin/php ./mysql
(root,21776,3600,00:00:00,12467) /bin/bash /usr/bin/check_mk_agent
(root,36708,3220,00:00:00,12476) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1072,00:00:00,12477) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:08,22961) [kworker/1:1-eve]
(root,0,0,00:00:00,32700) [kworker/1:2-eve]

Found on 2024-12-15 23:09

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ceca42e72b

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,7400,00:16:59,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:02:39,9) [ksoftirqd/0]
(root,0,0,02:24:01,10) [rcu_sched]
(root,0,0,00:00:56,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:54,17) [migration/1]
(root,0,0,00:02:06,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:08,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:01,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:01:10,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:51,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:02:39,168) [kworker/1:1H-kb]
(root,0,0,00:01:36,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:07:02,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(www-data,489264,72004,00:00:00,378) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,407) [iscsi_eh]
(root,429688,259172,00:34:46,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,0,0,00:00:00,445) [kworker/u4:2-ev]
(root,47704,3048,00:00:15,571) /sbin/rpcbind -f -w
(systemd+,141788,1796,00:00:12,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3468,00:00:11,686) /lib/systemd/systemd-networkd
(systemd+,70756,4164,00:13:22,710) /lib/systemd/systemd-resolved
(root,45504,3356,00:01:45,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3612,00:05:56,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3956,00:00:42,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4632,00:08:23,934) /usr/sbin/rsyslogd -n
(root,288004,3960,00:07:20,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:03:55,944) /usr/sbin/irqbalance --foreground
(root,171252,4756,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832880,1944,00:00:45,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:01:24,952) /usr/sbin/cron -f
(root,70516,4512,00:01:28,961) /lib/systemd/systemd-logind
(root,288884,3284,00:01:19,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,23116,00:51:07,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7788,00:55:51,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,9120,00:08:24,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,9612,00:31:56,1021) /usr/bin/containerd
(root,188080,5648,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4348,00:04:25,1038) /usr/sbin/sshd -D
(nagios,324004,5732,00:33:52,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4716,12:20:58,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1595252,137008,02:24:24,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:05:54,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,3584,00:00:00,1141) php-fpm: pool www
(www-data,523776,3584,00:00:00,1142) php-fpm: pool www
(nagios,921668,7176,00:51:46,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1493164,43680,00:07:34,1185) /usr/sbin/apache2 -k start
(root,1569424,17928,00:15:41,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4172,00:25:39,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,912088,29248,00:03:27,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:02:49,1470) /var/ossec/bin/wazuh-syscheckd
(www-data,470076,53956,00:00:00,1501) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53820,00:00:00,1511) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56540,00:00:00,1570) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,54040,00:00:00,1579) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56580,00:00:00,1591) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56516,00:00:00,1602) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,54024,00:00:00,1611) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(root,712396,2244,00:09:00,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,1956,00:09:19,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(www-data,472128,56528,00:00:00,1639) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,2571060,28052,00:37:57,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(www-data,472128,56664,00:00:00,1712) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,488208,3400,00:28:19,1714) /var/ossec/bin/wazuh-logcollector
(www-data,472128,56448,00:00:00,1728) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,54176,00:00:00,1737) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(root,1646336,74016,02:44:16,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(www-data,470076,54228,00:00:00,1788) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(root,1167352,40400,11-02:21:26,1811) p2pclient -l ashan@cybergate.lk
(www-data,472128,56696,00:00:00,1844) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,556288,2820,00:06:31,1855) /var/ossec/bin/wazuh-modulesd
(www-data,472128,56580,00:00:00,1869) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,1553064,43024,01:59:19,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,128200,02:15:03,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(www-data,489264,71920,00:00:00,2070) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,1500080,68756,02:06:31,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,0,0,00:00:00,2184) [kworker/u4:0-fl]
(root,1567012,99376,02:13:01,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(root,0,0,00:00:00,2413) [kworker/1:2-eve]
(www-data,489264,71924,00:00:00,2437) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,2599) [kworker/u4:1]
(root,59236,3280,00:00:00,2730) /usr/sbin/CRON -f
(www-data,4636,788,00:00:00,2735) /bin/sh -c cd /var/www/html/sltdemo/web-portal && /usr/bin/php artisan schedule:run >> /dev/null 2>&1
(www-data,489264,72948,00:00:00,2736) /usr/bin/php artisan schedule:run
(www-data,4636,832,00:00:00,2765) sh -c '/usr/bin/php7.4' 'artisan' recordings_auto_upload:cron > '/dev/null' 2>&1
(www-data,489268,72960,00:00:00,2766) /usr/bin/php7.4 artisan recordings_auto_upload:cron
(root,21908,3476,00:00:00,2813) /bin/bash /usr/bin/check_mk_agent
(root,520908,34272,00:00:00,2873) /usr/bin/php ./mysql
(root,21776,3580,00:00:00,2876) /bin/bash /usr/bin/check_mk_agent
(root,36708,3272,00:00:00,2885) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1040,00:00:00,2886) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,24192,2488,00:00:09,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,93244,10404,01:17:55,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(www-data,1646216,103672,00:00:01,8713) /usr/sbin/apache2 -k start
(www-data,1650812,113128,00:00:02,8714) /usr/sbin/apache2 -k start
(www-data,1653956,140908,00:00:03,8716) /usr/sbin/apache2 -k start
(www-data,1650904,115732,00:00:02,8717) /usr/sbin/apache2 -k start
(www-data,1646640,106620,00:00:01,8718) /usr/sbin/apache2 -k start
(www-data,1650704,109952,00:00:01,8777) /usr/sbin/apache2 -k start
(www-data,1648384,107672,00:00:01,10901) /usr/sbin/apache2 -k start
(www-data,1650808,109912,00:00:01,16281) /usr/sbin/apache2 -k start
(www-data,1646084,104608,00:00:01,16296) /usr/sbin/apache2 -k start
(www-data,1650300,109004,00:00:00,16418) /usr/sbin/apache2 -k start
(root,0,0,00:00:01,26603) [kworker/0:0-eve]
(root,0,0,00:00:02,28607) [kworker/1:0-eve]
(www-data,489264,71908,00:00:00,32250) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74732,00:00:00,32320) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74940,00:00:00,32330) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72060,00:00:00,32360) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71960,00:00:00,32373) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71804,00:00:00,32382) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74752,00:00:00,32393) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74828,00:00:00,32405) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71972,00:00:00,32416) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74868,00:00:00,32429) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,75080,00:00:00,32465) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74688,00:00:00,32478) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,75028,00:00:00,32488) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,32671) [kworker/0:1-eve]

Found on 2024-12-13 23:15

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce38ee2c60

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,6732,00:16:35,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:02:35,9) [ksoftirqd/0]
(root,0,0,02:20:48,10) [rcu_sched]
(root,0,0,00:00:54,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:53,17) [migration/1]
(root,0,0,00:02:03,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:07,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:01,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:01:08,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:48,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:02:35,168) [kworker/1:1H-kb]
(root,0,0,00:01:33,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:06:51,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,499664,276504,00:33:52,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3056,00:00:15,571) /sbin/rpcbind -f -w
(systemd+,141788,1796,00:00:11,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3476,00:00:10,686) /lib/systemd/systemd-networkd
(systemd+,70756,4164,00:13:03,710) /lib/systemd/systemd-resolved
(root,45504,3364,00:01:42,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3612,00:05:47,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3956,00:00:41,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4632,00:08:10,934) /usr/sbin/rsyslogd -n
(root,288004,3968,00:07:09,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:03:49,944) /usr/sbin/irqbalance --foreground
(root,171252,4764,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832872,2220,00:00:44,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:01:22,952) /usr/sbin/cron -f
(root,70516,4476,00:01:26,961) /lib/systemd/systemd-logind
(root,288884,3408,00:01:16,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,23540,00:49:56,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7724,00:54:35,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,9128,00:08:12,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,10016,00:31:09,1021) /usr/bin/containerd
(root,188080,5656,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4348,00:04:19,1038) /usr/sbin/sshd -D
(nagios,324004,5732,00:33:04,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4700,12:03:34,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1595252,133628,02:20:24,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:05:45,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,3584,00:00:00,1141) php-fpm: pool www
(www-data,523776,3584,00:00:00,1142) php-fpm: pool www
(nagios,921668,7052,00:50:35,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1473420,43504,00:07:23,1185) /usr/sbin/apache2 -k start
(root,1569424,18176,00:15:20,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4172,00:25:03,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,912088,20904,00:03:22,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:02:45,1470) /var/ossec/bin/wazuh-syscheckd
(www-data,1635720,122632,00:00:01,1515) /usr/sbin/apache2 -k start
(root,712396,2192,00:08:51,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,1940,00:09:10,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2569432,28632,00:37:04,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3412,00:27:38,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,75056,02:40:25,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1101816,41048,11-02:05:10,1811) p2pclient -l ashan@cybergate.lk
(root,556288,2872,00:06:22,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,42320,01:56:31,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,129160,02:11:55,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,70368,02:03:35,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,100244,02:09:56,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(root,24192,2488,00:00:09,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,92848,10424,01:16:02,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,0,0,00:00:03,7511) [kworker/1:2-eve]
(root,0,0,00:00:01,9729) [kworker/0:0-eve]
(www-data,1629152,115212,00:00:00,9757) /usr/sbin/apache2 -k start
(www-data,1627180,93476,00:00:00,9768) /usr/sbin/apache2 -k start
(www-data,1629120,115936,00:00:00,9876) /usr/sbin/apache2 -k start
(www-data,489264,72028,00:00:01,11784) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53960,00:00:00,12972) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53892,00:00:00,12984) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56568,00:00:00,12994) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,54092,00:00:00,13003) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56492,00:00:00,13015) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56308,00:00:00,13024) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53956,00:00:00,13034) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56360,00:00:00,13087) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56412,00:00:00,13156) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56740,00:00:00,13165) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53876,00:00:00,13174) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53740,00:00:00,13213) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56952,00:00:00,13233) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56464,00:00:00,13247) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71896,00:00:00,13420) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72080,00:00:00,13670) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,13981) [kworker/0:2-eve]
(root,0,0,00:00:00,13982) [kworker/1:1-eve]
(root,0,0,00:00:00,14703) [kworker/u4:2-ev]
(root,0,0,00:00:00,15081) [kworker/u4:0-ev]
(www-data,489264,71916,00:00:00,15254) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,75108,00:00:00,15398) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74768,00:00:00,15407) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71860,00:00:00,15420) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,15422) [kworker/u4:1-ev]
(www-data,489264,72276,00:00:00,15436) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72060,00:00:00,15457) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74944,00:00:00,15476) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74848,00:00:00,15492) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74748,00:00:00,15502) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71872,00:00:00,15513) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74752,00:00:00,15527) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74736,00:00:00,15571) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74632,00:00:00,15583) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,21776,3460,00:00:00,15896) /bin/bash /usr/bin/check_mk_agent
(root,36708,3144,00:00:00,15905) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1064,00:00:00,15906) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(www-data,1634112,123524,00:00:01,29455) /usr/sbin/apache2 -k start
(www-data,1629212,119100,00:00:01,29456) /usr/sbin/apache2 -k start
(www-data,1627220,119976,00:00:02,29457) /usr/sbin/apache2 -k start
(www-data,1635472,138268,00:00:03,29458) /usr/sbin/apache2 -k start
(www-data,1627064,117728,00:00:01,29459) /usr/sbin/apache2 -k start
(www-data,1629684,124008,00:00:02,29542) /usr/sbin/apache2 -k start

Found on 2024-12-11 21:38

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce59d0a8af

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,6736,00:16:12,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:02:32,9) [ksoftirqd/0]
(root,0,0,02:17:44,10) [rcu_sched]
(root,0,0,00:00:53,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:51,17) [migration/1]
(root,0,0,00:02:00,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:07,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:01,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:01:07,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:46,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:02:31,168) [kworker/1:1H-kb]
(root,0,0,00:01:31,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:06:41,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,368120,225716,00:33:02,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3056,00:00:14,571) /sbin/rpcbind -f -w
(systemd+,141788,1796,00:00:11,576) /lib/systemd/systemd-timesyncd
(www-data,1603928,125524,00:00:03,640) /usr/sbin/apache2 -k start
(systemd+,71856,3480,00:00:10,686) /lib/systemd/systemd-networkd
(systemd+,70756,4164,00:12:45,710) /lib/systemd/systemd-resolved
(root,45504,3376,00:01:40,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3612,00:05:37,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3956,00:00:40,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4632,00:07:58,934) /usr/sbin/rsyslogd -n
(root,288004,3988,00:06:58,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:03:44,944) /usr/sbin/irqbalance --foreground
(root,171252,4776,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832876,2932,00:00:43,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:01:20,952) /usr/sbin/cron -f
(root,70516,4480,00:01:24,961) /lib/systemd/systemd-logind
(root,288884,3416,00:01:14,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,23448,00:48:50,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7724,00:53:23,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,9132,00:08:00,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,9328,00:30:26,1021) /usr/bin/containerd
(root,188080,5668,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4348,00:04:14,1038) /usr/sbin/sshd -D
(nagios,324004,5732,00:32:19,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4764,11:47:11,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1595252,133372,02:16:44,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:05:38,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,3584,00:00:00,1141) php-fpm: pool www
(www-data,523776,3584,00:00:00,1142) php-fpm: pool www
(nagios,921668,7264,00:49:24,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1449644,43316,00:07:12,1185) /usr/sbin/apache2 -k start
(root,1569424,17788,00:14:59,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4172,00:24:29,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,912088,23416,00:03:17,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:02:41,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2116,00:08:42,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,1816,00:09:01,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2570920,25876,00:36:18,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3412,00:26:59,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,74268,02:36:46,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1101816,41536,11-01:49:50,1811) p2pclient -l ashan@cybergate.lk
(root,556288,2952,00:06:13,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,43856,01:53:54,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,127848,02:08:57,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,69148,02:00:50,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,100820,02:07:02,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(root,0,0,00:00:02,4101) [kworker/0:2-eve]
(www-data,489264,72084,00:00:01,5696) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,24192,2488,00:00:09,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,92356,10320,01:14:15,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(www-data,489264,72344,00:00:00,7301) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74904,00:00:00,7395) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74876,00:00:00,7405) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72236,00:00:00,7415) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72304,00:00:00,7432) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71964,00:00:00,7441) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74760,00:00:00,7457) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74836,00:00:00,7467) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74880,00:00:00,7497) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72008,00:00:00,7507) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,75104,00:00:00,7520) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74728,00:00:00,7531) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74996,00:00:00,7543) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72160,00:00:00,7814) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,8029) [kworker/0:0-cgr]
(root,0,0,00:00:00,8039) [kworker/1:2-eve]
(root,0,0,00:00:00,8344) [kworker/u4:2-ev]
(www-data,470076,54020,00:00:00,8977) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,54212,00:00:00,8988) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56488,00:00:00,9003) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53860,00:00:00,9011) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56776,00:00:00,9021) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56352,00:00:00,9030) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,54072,00:00:00,9039) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56380,00:00:00,9049) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56536,00:00:00,9121) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56608,00:00:00,9148) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53972,00:00:00,9156) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,54028,00:00:00,9177) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(root,0,0,00:00:00,9214) [kworker/u4:0-ev]
(www-data,472128,56440,00:00:00,9216) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56488,00:00:00,9228) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72016,00:00:00,9399) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,9533) [kworker/u4:1-ev]
(root,21776,3528,00:00:00,9729) /bin/bash /usr/bin/check_mk_agent
(root,36708,3216,00:00:00,9738) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1024,00:00:00,9739) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(www-data,1605708,146816,00:00:01,15322) /usr/sbin/apache2 -k start
(root,0,0,00:00:11,17012) [kworker/1:1-eve]
(www-data,1603064,108776,00:00:01,20937) /usr/sbin/apache2 -k start
(www-data,1611676,149628,00:00:03,23364) /usr/sbin/apache2 -k start
(www-data,1607980,135136,00:00:04,23365) /usr/sbin/apache2 -k start
(www-data,1609452,149708,00:00:03,23367) /usr/sbin/apache2 -k start
(www-data,1610012,133180,00:00:03,23368) /usr/sbin/apache2 -k start
(www-data,1609868,134072,00:00:03,23827) /usr/sbin/apache2 -k start
(www-data,1607236,111020,00:00:00,24268) /usr/sbin/apache2 -k start
(www-data,1603512,123688,00:00:02,30941) /usr/sbin/apache2 -k start

Found on 2024-12-09 23:03

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce04881975

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,6732,00:15:50,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:02:29,9) [ksoftirqd/0]
(root,0,0,02:14:37,10) [rcu_sched]
(root,0,0,00:00:52,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:50,17) [migration/1]
(root,0,0,00:01:57,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:07,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:01,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:01:05,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:43,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:02:27,168) [kworker/1:1H-kb]
(root,0,0,00:01:28,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:06:31,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,454444,264980,00:32:13,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3056,00:00:14,571) /sbin/rpcbind -f -w
(systemd+,141788,1796,00:00:11,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3480,00:00:10,686) /lib/systemd/systemd-networkd
(systemd+,70756,4168,00:12:28,710) /lib/systemd/systemd-resolved
(root,45504,3380,00:01:38,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3616,00:05:29,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3956,00:00:39,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4624,00:07:47,934) /usr/sbin/rsyslogd -n
(root,288004,4016,00:06:48,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:03:39,944) /usr/sbin/irqbalance --foreground
(root,171252,4788,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832908,2836,00:00:42,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:01:18,952) /usr/sbin/cron -f
(root,70516,4480,00:01:22,961) /lib/systemd/systemd-logind
(root,288884,3420,00:01:12,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,23464,00:47:43,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7724,00:52:10,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,9136,00:07:49,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,9648,00:29:42,1021) /usr/bin/containerd
(root,188080,5676,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4380,00:04:09,1038) /usr/sbin/sshd -D
(nagios,324004,5732,00:31:33,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4732,11:30:52,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1595252,134020,02:13:08,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:05:30,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,3584,00:00:00,1141) php-fpm: pool www
(www-data,523776,3584,00:00:00,1142) php-fpm: pool www
(nagios,921668,7520,00:48:10,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1433844,43304,00:07:02,1185) /usr/sbin/apache2 -k start
(root,1569424,18404,00:14:39,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4172,00:23:55,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,912088,17900,00:03:13,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:02:38,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2208,00:08:34,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,2080,00:08:53,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2569276,27724,00:35:34,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3408,00:26:21,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,75232,02:33:07,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1101816,42248,11-01:34:26,1811) p2pclient -l ashan@cybergate.lk
(root,556288,3040,00:06:05,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,42952,01:51:17,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,129680,02:05:59,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,72236,01:58:04,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,0,0,00:00:01,2135) [kworker/0:0-eve]
(root,1567012,101612,02:04:07,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(www-data,470076,53844,00:00:01,2946) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,54148,00:00:01,2961) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56720,00:00:00,3017) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53968,00:00:01,3026) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56292,00:00:00,3036) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56444,00:00:01,3046) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,54172,00:00:01,3055) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56624,00:00:01,3064) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56416,00:00:01,3076) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56772,00:00:00,3086) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53844,00:00:01,3095) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53800,00:00:00,3192) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56576,00:00:00,3205) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56632,00:00:01,3254) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72144,00:00:01,3418) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72124,00:00:00,3658) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,1586824,71540,00:00:00,3924) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,4048) [kworker/0:1-cgr]
(www-data,489264,72136,00:00:00,6146) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,75092,00:00:00,6168) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,75092,00:00:00,6177) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71852,00:00:00,6186) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72332,00:00:00,6279) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72248,00:00:00,6289) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74712,00:00:00,6299) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74824,00:00:00,6312) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74788,00:00:00,6323) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72008,00:00:00,6334) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74712,00:00:00,6391) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,75092,00:00:00,6403) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74840,00:00:00,6413) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71992,00:00:00,6589) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,6679) [kworker/u4:1-ev]
(root,24192,2488,00:00:09,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,91984,10408,01:12:29,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,0,0,00:00:00,6979) [kworker/1:2-eve]
(root,0,0,00:00:00,7081) [kworker/u4:2-ev]
(root,59236,3280,00:00:00,7359) /usr/sbin/CRON -f
(www-data,4636,868,00:00:00,7363) /bin/sh -c cd /var/www/html/sltdemo/web-portal && /usr/bin/php artisan schedule:run >> /dev/null 2>&1
(www-data,489264,72836,00:00:00,7365) /usr/bin/php artisan schedule:run
(www-data,4636,784,00:00:00,7384) sh -c '/usr/bin/php7.4' 'artisan' recordings_auto_upload:cron > '/dev/null' 2>&1
(www-data,489268,73052,00:00:00,7386) /usr/bin/php7.4 artisan recordings_auto_upload:cron
(root,0,0,00:00:00,7403) [kworker/u4:0-ev]
(root,21776,3564,00:00:00,7579) /bin/bash /usr/bin/check_mk_agent
(root,36708,3280,00:00:00,7588) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1024,00:00:00,7589) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(www-data,1591012,113420,00:00:02,24805) /usr/sbin/apache2 -k start
(www-data,1591212,111696,00:00:01,24806) /usr/sbin/apache2 -k start
(www-data,1587116,106496,00:00:01,24807) /usr/sbin/apache2 -k start
(www-data,1595316,119096,00:00:02,24808) /usr/sbin/apache2 -k start
(www-data,1591140,134724,00:00:01,24809) /usr/sbin/apache2 -k start
(www-data,1591696,112076,00:00:01,24861) /usr/sbin/apache2 -k start
(www-data,1587136,107884,00:00:01,26508) /usr/sbin/apache2 -k start
(root,0,0,00:00:04,30350) [kworker/1:1-eve]

Found on 2024-12-08 00:47

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ced2d38034

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,6732,00:15:26,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:02:25,9) [ksoftirqd/0]
(root,0,0,02:10:59,10) [rcu_sched]
(root,0,0,00:00:50,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:49,17) [migration/1]
(root,0,0,00:01:53,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:07,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:01,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:01:03,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:40,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:02:23,168) [kworker/1:1H-kb]
(root,0,0,00:01:25,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:06:20,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,351856,213816,00:31:20,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3064,00:00:14,571) /sbin/rpcbind -f -w
(systemd+,141788,1796,00:00:11,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3488,00:00:10,686) /lib/systemd/systemd-networkd
(systemd+,70756,4168,00:12:08,710) /lib/systemd/systemd-resolved
(root,45504,3384,00:01:35,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3616,00:05:21,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3956,00:00:38,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4632,00:07:34,934) /usr/sbin/rsyslogd -n
(root,288004,4056,00:06:36,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:03:34,944) /usr/sbin/irqbalance --foreground
(root,171252,4796,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832792,2788,00:00:41,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:01:16,952) /usr/sbin/cron -f
(root,70516,4480,00:01:20,961) /lib/systemd/systemd-logind
(root,288884,3452,00:01:11,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,23476,00:46:31,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7724,00:50:53,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,9140,00:07:37,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,9888,00:28:54,1021) /usr/bin/containerd
(root,188080,5688,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4380,00:04:04,1038) /usr/sbin/sshd -D
(nagios,324004,5732,00:30:43,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4704,11:12:51,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1595252,136564,02:09:12,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:05:21,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,3584,00:00:00,1141) php-fpm: pool www
(www-data,523776,3584,00:00:00,1142) php-fpm: pool www
(nagios,921668,7960,00:46:46,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1414068,43052,00:06:50,1185) /usr/sbin/apache2 -k start
(root,1569424,17168,00:14:17,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4172,00:23:19,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,912088,18940,00:03:08,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:02:34,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2284,00:08:25,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,1968,00:08:44,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2571020,31184,00:34:40,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3404,00:25:38,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,74700,02:29:09,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1101816,42900,11-01:17:38,1811) p2pclient -l ashan@cybergate.lk
(root,556288,3108,00:05:55,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,41636,01:48:27,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,125716,02:02:45,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,74480,01:55:03,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,100908,02:00:57,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(root,24192,2488,00:00:08,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,91616,10524,01:10:33,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,0,0,00:00:04,9576) [kworker/0:0-eve]
(www-data,1567192,99524,00:00:01,16965) /usr/sbin/apache2 -k start
(www-data,1569464,94840,00:00:00,16969) /usr/sbin/apache2 -k start
(root,0,0,00:00:03,17956) [kworker/1:0-eve]
(www-data,1566924,94708,00:00:00,18000) /usr/sbin/apache2 -k start
(www-data,1566712,94168,00:00:00,18001) /usr/sbin/apache2 -k start
(www-data,1564996,72040,00:00:00,18004) /usr/sbin/apache2 -k start
(www-data,1565136,72312,00:00:00,18006) /usr/sbin/apache2 -k start
(www-data,1566668,94508,00:00:00,18009) /usr/sbin/apache2 -k start
(www-data,1565788,90904,00:00:00,18038) /usr/sbin/apache2 -k start
(www-data,1571912,101140,00:00:01,18050) /usr/sbin/apache2 -k start
(www-data,1565044,72084,00:00:00,18109) /usr/sbin/apache2 -k start
(www-data,489264,71808,00:00:01,21216) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74868,00:00:01,21251) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74756,00:00:01,21260) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72076,00:00:01,21272) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72184,00:00:01,21287) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72292,00:00:01,21296) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74984,00:00:01,21307) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,75228,00:00:01,21316) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74920,00:00:01,21348) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71832,00:00:01,21358) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74920,00:00:01,21430) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74876,00:00:01,21441) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74708,00:00:01,21452) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71796,00:00:01,21644) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,21873) [kworker/u4:1-ev]
(www-data,470076,54260,00:00:00,23709) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53852,00:00:00,23720) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56788,00:00:00,23733) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,54068,00:00:00,23742) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56492,00:00:00,23753) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56512,00:00:00,23764) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53996,00:00:00,23774) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56552,00:00:00,23805) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56684,00:00:00,23817) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56456,00:00:00,23826) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53892,00:00:00,23835) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53744,00:00:00,23874) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56628,00:00:00,23944) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56668,00:00:00,23957) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72000,00:00:00,24112) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72344,00:00:00,24328) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,25111) [kworker/1:1-cgr]
(root,0,0,00:00:00,25115) [kworker/0:2-eve]
(root,0,0,00:00:00,25716) [kworker/u4:2-ev]
(root,0,0,00:00:00,26091) [kworker/u4:0-ev]
(root,59236,3280,00:00:00,26120) /usr/sbin/CRON -f
(www-data,4636,872,00:00:00,26123) /bin/sh -c cd /var/www/html/sltdemo/web-portal && /usr/bin/php artisan schedule:run >> /dev/null 2>&1
(www-data,489264,72808,00:00:00,26126) /usr/bin/php artisan schedule:run
(www-data,4636,892,00:00:00,26144) sh -c '/usr/bin/php7.4' 'artisan' recordings_auto_upload:cron > '/dev/null' 2>&1
(www-data,489268,73324,00:00:00,26145) /usr/bin/php7.4 artisan recordings_auto_upload:cron
(root,21776,3644,00:00:00,26276) /bin/bash /usr/bin/check_mk_agent
(root,36708,3180,00:00:00,26285) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1088,00:00:00,26286) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-12-06 00:25

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce43b15882

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,6732,00:15:02,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:02:21,9) [ksoftirqd/0]
(root,0,0,02:07:25,10) [rcu_sched]
(root,0,0,00:00:49,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:47,17) [migration/1]
(root,0,0,00:01:49,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:07,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:01,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:01:02,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:37,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:02:19,168) [kworker/1:1H-kb]
(root,0,0,00:01:23,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:06:09,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,429460,264208,00:30:25,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3068,00:00:13,571) /sbin/rpcbind -f -w
(systemd+,141788,1796,00:00:10,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3496,00:00:09,686) /lib/systemd/systemd-networkd
(systemd+,70756,4172,00:11:48,710) /lib/systemd/systemd-resolved
(www-data,489264,71852,00:00:01,724) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74912,00:00:01,741) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,75016,00:00:01,750) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71908,00:00:01,759) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71944,00:00:01,796) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71808,00:00:01,807) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74884,00:00:01,816) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,45504,3384,00:01:32,817) /lib/systemd/systemd-udevd
(www-data,491820,74836,00:00:01,828) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74944,00:00:01,841) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71960,00:00:01,850) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3616,00:05:13,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3956,00:00:37,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4632,00:07:21,934) /usr/sbin/rsyslogd -n
(root,288004,4136,00:06:24,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:03:28,944) /usr/sbin/irqbalance --foreground
(root,171252,4824,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832792,2764,00:00:40,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:01:14,952) /usr/sbin/cron -f
(root,70516,4484,00:01:18,961) /lib/systemd/systemd-logind
(www-data,491820,74872,00:00:01,972) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,288884,3464,00:01:09,973) /usr/lib/policykit-1/polkitd --no-debug
(www-data,491820,75232,00:00:01,988) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,1743036,23464,00:45:18,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(www-data,491820,74788,00:00:01,999) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,66264,7724,00:49:35,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,9148,00:07:24,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,9292,00:28:06,1021) /usr/bin/containerd
(root,188080,5728,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4380,00:03:58,1038) /usr/sbin/sshd -D
(nagios,324004,5732,00:29:54,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4708,10:54:49,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1595252,140300,02:05:10,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:05:12,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,3584,00:00:00,1141) php-fpm: pool www
(www-data,523776,3584,00:00:00,1142) php-fpm: pool www
(nagios,921668,7976,00:45:27,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1394264,42940,00:06:39,1185) /usr/sbin/apache2 -k start
(www-data,489264,72264,00:00:01,1187) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,1569424,17904,00:13:54,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4172,00:22:42,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,912088,23152,00:03:03,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:02:29,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2108,00:08:16,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,1992,00:08:35,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2571484,32340,00:33:37,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3400,00:24:56,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,73420,02:25:11,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1101816,43620,11-01:00:47,1811) p2pclient -l ashan@cybergate.lk
(root,556288,3224,00:05:46,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,43112,01:45:35,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,127288,01:59:31,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,79100,01:52:02,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,102000,01:57:47,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(root,0,0,00:00:00,2730) [kworker/1:3-eve]
(www-data,1549412,74012,00:00:00,3497) /usr/sbin/apache2 -k start
(www-data,1545320,70912,00:00:00,3538) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,3668) [kworker/u4:2-ev]
(www-data,470076,53964,00:00:00,3729) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,54132,00:00:00,3753) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56692,00:00:00,3828) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53980,00:00:00,3836) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56504,00:00:00,3848) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56692,00:00:00,3863) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53984,00:00:00,3872) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56388,00:00:00,3886) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56428,00:00:00,3900) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56344,00:00:00,3909) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53912,00:00:00,3919) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53824,00:00:00,3963) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56452,00:00:00,4050) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56448,00:00:00,4085) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72192,00:00:00,4271) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72144,00:00:00,4495) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,5184) [kworker/u4:1-ev]
(root,0,0,00:00:00,5428) [kworker/0:2-eve]
(root,72304,5672,00:00:00,5799) sshd: [accepted]
(sshd,72304,3012,00:00:00,5800) sshd: [net]
(root,0,0,00:00:00,5801) [kworker/u4:0]
(root,21776,3608,00:00:00,5919) /bin/bash /usr/bin/check_mk_agent
(root,36708,3220,00:00:00,5928) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1020,00:00:00,5929) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,24192,2492,00:00:08,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,91016,10376,01:08:37,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(www-data,1551888,94560,00:00:00,24284) /usr/sbin/apache2 -k start
(www-data,1551100,90796,00:00:00,24285) /usr/sbin/apache2 -k start
(www-data,1549216,91624,00:00:00,24287) /usr/sbin/apache2 -k start
(www-data,1547180,94072,00:00:00,24291) /usr/sbin/apache2 -k start
(www-data,1551372,100968,00:00:01,24296) /usr/sbin/apache2 -k start
(www-data,1547232,96140,00:00:00,24325) /usr/sbin/apache2 -k start
(root,0,0,00:00:02,30210) [kworker/0:1-eve]
(www-data,1546856,88176,00:00:00,30969) /usr/sbin/apache2 -k start
(www-data,1551680,104640,00:00:03,31841) /usr/sbin/apache2 -k start
(root,0,0,00:00:02,32323) [kworker/1:0-eve]

Found on 2024-12-03 23:14

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce66617c65

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,6824,00:14:39,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:02:17,9) [ksoftirqd/0]
(root,0,0,02:04:10,10) [rcu_sched]
(root,0,0,00:00:48,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:46,17) [migration/1]
(root,0,0,00:01:46,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:07,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:01,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:01:00,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:34,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:02:15,168) [kworker/1:1H-kb]
(root,0,0,00:01:20,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:05:59,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,507704,285568,00:29:33,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3076,00:00:13,571) /sbin/rpcbind -f -w
(systemd+,141788,1796,00:00:10,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3500,00:00:09,686) /lib/systemd/systemd-networkd
(systemd+,70756,4176,00:11:30,710) /lib/systemd/systemd-resolved
(root,45504,3392,00:01:30,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3616,00:05:04,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3956,00:00:35,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4628,00:07:08,934) /usr/sbin/rsyslogd -n
(root,288004,4288,00:06:13,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:03:23,944) /usr/sbin/irqbalance --foreground
(root,171252,4836,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832824,2972,00:00:39,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:01:12,952) /usr/sbin/cron -f
(root,70516,4524,00:01:16,961) /lib/systemd/systemd-logind
(root,288884,3468,00:01:07,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,23444,00:44:12,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7724,00:48:22,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,9156,00:07:13,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,9668,00:27:22,1021) /usr/bin/containerd
(root,188080,5748,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4392,00:03:51,1038) /usr/sbin/sshd -D
(nagios,324004,5732,00:29:08,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4728,10:38:18,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1595252,142432,02:01:29,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:05:04,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,3584,00:00:00,1141) php-fpm: pool www
(www-data,523776,3584,00:00:00,1142) php-fpm: pool www
(nagios,921668,8196,00:44:13,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1374480,42712,00:06:29,1185) /usr/sbin/apache2 -k start
(root,1569424,16936,00:13:34,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4172,00:22:08,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,912088,26388,00:02:59,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:02:26,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2016,00:08:07,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,2016,00:08:26,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2571200,31220,00:32:47,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3404,00:24:17,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,74608,02:21:32,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1101816,44096,11-00:45:07,1811) p2pclient -l ashan@cybergate.lk
(root,556288,3340,00:05:37,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,43536,01:42:57,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,128880,01:56:32,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,82604,01:49:15,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,102828,01:54:52,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(root,24192,2492,00:00:08,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,90584,10468,01:06:51,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(www-data,1529832,101968,00:00:01,13751) /usr/sbin/apache2 -k start
(www-data,1529652,96748,00:00:01,13752) /usr/sbin/apache2 -k start
(www-data,1533556,103084,00:00:01,13754) /usr/sbin/apache2 -k start
(www-data,1531520,107604,00:00:01,13755) /usr/sbin/apache2 -k start
(www-data,1532384,106856,00:00:01,13829) /usr/sbin/apache2 -k start
(root,0,0,00:00:03,15510) [kworker/1:1-eve]
(www-data,1529808,74368,00:00:00,15840) /usr/sbin/apache2 -k start
(www-data,1536488,129276,00:00:00,17395) /usr/sbin/apache2 -k start
(www-data,1527392,89768,00:00:00,17396) /usr/sbin/apache2 -k start
(www-data,1529848,112540,00:00:00,22506) /usr/sbin/apache2 -k start
(www-data,1525596,70804,00:00:00,22514) /usr/sbin/apache2 -k start
(www-data,489264,71820,00:00:01,22726) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:01,23099) [kworker/0:3-cgr]
(root,0,0,00:00:01,23828) [kworker/1:0-eve]
(www-data,489264,71892,00:00:00,24559) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74872,00:00:00,24619) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74788,00:00:00,24628) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71944,00:00:00,24640) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72056,00:00:00,24653) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71988,00:00:00,24663) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74764,00:00:00,24674) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74772,00:00:00,24706) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74760,00:00:00,24716) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71960,00:00:00,24731) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,75088,00:00:00,24750) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74744,00:00:00,24761) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74728,00:00:00,24816) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72112,00:00:00,25031) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,26002) [kworker/0:0-eve]
(root,0,0,00:00:00,26074) [kworker/u4:1-ev]
(www-data,470076,53940,00:00:00,26390) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53852,00:00:00,26400) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56812,00:00:00,26414) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53940,00:00:00,26437) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(root,0,0,00:00:00,26453) [kworker/u4:0-ev]
(www-data,472128,56456,00:00:00,26455) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56804,00:00:00,26464) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53952,00:00:00,26473) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56500,00:00:00,26485) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56336,00:00:00,26499) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56856,00:00:00,26508) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,54108,00:00:00,26517) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53896,00:00:00,26559) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56264,00:00:00,26573) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56504,00:00:00,26659) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,59236,3280,00:00:00,26781) /usr/sbin/CRON -f
(www-data,4636,784,00:00:00,26784) /bin/sh -c cd /var/www/html/sltdemo/web-portal && /usr/bin/php artisan schedule:run >> /dev/null 2>&1
(www-data,489264,72912,00:00:00,26785) /usr/bin/php artisan schedule:run
(www-data,4636,788,00:00:00,26806) sh -c '/usr/bin/php7.4' 'artisan' recordings_auto_upload:cron > '/dev/null' 2>&1
(www-data,489268,73388,00:00:00,26807) /usr/bin/php7.4 artisan recordings_auto_upload:cron
(www-data,489264,72380,00:00:00,26827) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,26866) [kworker/u4:2-ev]
(root,72304,5728,00:00:00,27070) sshd: [accepted]
(sshd,72304,3140,00:00:00,27071) sshd: [net]
(root,21776,3576,00:00:00,27078) /bin/bash /usr/bin/check_mk_agent
(root,36708,3212,00:00:00,27087) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1072,00:00:00,27088) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-12-02 00:52

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94cebb2ec53d

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,6792,00:14:15,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:02:13,9) [ksoftirqd/0]
(root,0,0,02:00:55,10) [rcu_sched]
(root,0,0,00:00:46,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:45,17) [migration/1]
(root,0,0,00:01:43,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:06,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:00,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:00:58,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:32,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:02:10,168) [kworker/1:1H-kb]
(root,0,0,00:01:17,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:05:48,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,359824,217772,00:28:40,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3076,00:00:12,571) /sbin/rpcbind -f -w
(systemd+,141788,1796,00:00:10,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3504,00:00:09,686) /lib/systemd/systemd-networkd
(systemd+,70756,4176,00:11:12,710) /lib/systemd/systemd-resolved
(root,45504,3392,00:01:28,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3616,00:04:56,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3956,00:00:34,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4628,00:06:56,934) /usr/sbin/rsyslogd -n
(root,288004,4304,00:06:02,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:03:18,944) /usr/sbin/irqbalance --foreground
(root,171252,4840,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832836,2964,00:00:38,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:01:10,952) /usr/sbin/cron -f
(root,70516,4528,00:01:14,961) /lib/systemd/systemd-logind
(root,288884,3480,00:01:05,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,23084,00:43:03,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7724,00:47:06,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,9164,00:07:01,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,10104,00:26:37,1021) /usr/bin/containerd
(root,188080,5760,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4400,00:03:44,1038) /usr/sbin/sshd -D
(nagios,324004,5732,00:28:20,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4724,10:21:17,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1595252,140052,01:57:47,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:04:55,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,3584,00:00:00,1141) php-fpm: pool www
(www-data,523776,3584,00:00:00,1142) php-fpm: pool www
(nagios,921668,8240,00:42:55,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1354712,42500,00:06:18,1185) /usr/sbin/apache2 -k start
(root,1569424,16628,00:13:13,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4172,00:21:32,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,0,0,00:00:00,1415) [kworker/0:0-eve]
(root,912088,27460,00:02:54,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:02:22,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2168,00:07:58,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,1960,00:08:17,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2571292,28548,00:31:49,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3408,00:23:36,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,75684,02:17:43,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1101816,43736,11-00:28:41,1811) p2pclient -l ashan@cybergate.lk
(www-data,1505540,70120,00:00:00,1854) /usr/sbin/apache2 -k start
(root,556288,3460,00:05:28,1855) /var/ossec/bin/wazuh-modulesd
(www-data,1511488,102856,00:00:00,1856) /usr/sbin/apache2 -k start
(www-data,1509704,72200,00:00:00,1857) /usr/sbin/apache2 -k start
(www-data,1509620,106936,00:00:00,1858) /usr/sbin/apache2 -k start
(www-data,1506876,75776,00:00:00,1859) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,1869) [kworker/1:0-eve]
(root,1553064,43624,01:40:12,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(www-data,1508884,75976,00:00:00,2043) /usr/sbin/apache2 -k start
(root,1615388,131596,01:53:24,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,82276,01:46:21,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,103492,01:51:48,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(www-data,489264,72212,00:00:00,2261) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74820,00:00:00,2282) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74632,00:00:00,2291) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71908,00:00:00,2303) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72032,00:00:00,2340) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71972,00:00:00,2352) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74800,00:00:00,2361) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74980,00:00:00,2370) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74892,00:00:00,2382) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71904,00:00:00,2397) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74804,00:00:00,2504) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74812,00:00:00,2515) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74708,00:00:00,2527) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71988,00:00:00,2690) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,2830) [kworker/u4:2-ev]
(root,0,0,00:00:00,3760) [kworker/0:2-eve]
(root,0,0,00:00:00,3910) [kworker/u4:1-ev]
(www-data,470076,53888,00:00:00,4057) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,54148,00:00:00,4068) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(root,0,0,00:00:00,4090) [kworker/1:2-eve]
(www-data,472128,56476,00:00:00,4097) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53920,00:00:00,4106) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56776,00:00:00,4122) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56624,00:00:00,4131) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,54124,00:00:00,4140) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56592,00:00:00,4153) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56692,00:00:00,4189) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56492,00:00:00,4198) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53996,00:00:00,4209) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,54352,00:00:00,4233) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(root,59236,3280,00:00:00,4298) /usr/sbin/CRON -f
(www-data,4636,872,00:00:00,4301) /bin/sh -c cd /var/www/html/sltdemo/web-portal && /usr/bin/php artisan schedule:run >> /dev/null 2>&1
(www-data,489264,73092,00:00:00,4302) /usr/bin/php artisan schedule:run
(www-data,4636,832,00:00:00,4323) sh -c '/usr/bin/php7.4' 'artisan' recordings_auto_upload:cron > '/dev/null' 2>&1
(www-data,489268,73232,00:00:00,4324) /usr/bin/php7.4 artisan recordings_auto_upload:cron
(www-data,472128,56624,00:00:00,4337) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56504,00:00:00,4355) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,21776,3620,00:00:00,4515) /bin/bash /usr/bin/check_mk_agent
(root,36708,3212,00:00:00,4524) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1104,00:00:00,4525) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,24192,2492,00:00:08,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,90108,10376,01:04:59,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,0,0,00:00:01,31421) [kworker/1:1-mm_]
(www-data,489264,72016,00:00:01,32298) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71912,00:00:01,32545) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600

Found on 2024-11-29 23:46

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ceb07c8b90

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,6668,00:13:51,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:02:09,9) [ksoftirqd/0]
(root,0,0,01:57:45,10) [rcu_sched]
(root,0,0,00:00:45,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:43,17) [migration/1]
(root,0,0,00:01:40,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:06,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:00,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:00:57,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:29,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:02:06,168) [kworker/1:1H-kb]
(root,0,0,00:01:15,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:05:38,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,204816,108168,00:27:44,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,0,0,00:00:00,459) [kworker/u4:0-ev]
(root,47704,3084,00:00:12,571) /sbin/rpcbind -f -w
(systemd+,141788,1796,00:00:09,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3512,00:00:09,686) /lib/systemd/systemd-networkd
(systemd+,70756,4184,00:10:54,710) /lib/systemd/systemd-resolved
(root,45504,3392,00:01:25,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3608,00:04:46,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3956,00:00:33,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4636,00:06:43,934) /usr/sbin/rsyslogd -n
(root,288004,4032,00:05:50,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:03:12,944) /usr/sbin/irqbalance --foreground
(root,171252,4888,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832848,2972,00:00:37,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:01:08,952) /usr/sbin/cron -f
(root,70516,4488,00:01:12,961) /lib/systemd/systemd-logind
(root,288884,3556,00:01:02,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,23308,00:41:54,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7724,00:45:51,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,9192,00:06:49,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,9412,00:25:52,1021) /usr/bin/containerd
(root,188080,5816,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4400,00:03:35,1038) /usr/sbin/sshd -D
(nagios,324004,5732,00:27:33,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4748,10:04:30,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1595252,131456,01:54:10,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:04:47,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,3588,00:00:00,1141) php-fpm: pool www
(www-data,523776,3588,00:00:00,1142) php-fpm: pool www
(nagios,921668,8188,00:41:43,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1334944,42476,00:06:07,1185) /usr/sbin/apache2 -k start
(root,0,0,00:00:02,1194) [kworker/1:1-eve]
(root,1569424,17276,00:12:52,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4172,00:20:58,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,912344,21784,00:02:49,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:02:18,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2208,00:07:49,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,1764,00:08:09,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2571240,28976,00:30:56,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3616,00:22:56,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,74388,02:13:59,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1101816,43756,11-00:12:33,1811) p2pclient -l ashan@cybergate.lk
(root,556288,3596,00:05:20,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,43132,01:37:31,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,133072,01:50:20,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,83960,01:43:31,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,102916,01:48:48,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(root,0,0,00:00:00,3856) [kworker/0:2-eve]
(www-data,470076,54028,00:00:01,3976) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53820,00:00:01,3991) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56468,00:00:01,4022) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,54144,00:00:01,4031) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56356,00:00:01,4044) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56528,00:00:01,4054) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53916,00:00:01,4064) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56444,00:00:01,4079) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56488,00:00:01,4095) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56460,00:00:01,4106) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,54084,00:00:00,4115) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53780,00:00:01,4172) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56364,00:00:01,4246) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56376,00:00:01,4323) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72024,00:00:01,4490) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71892,00:00:01,4788) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,6396) [kworker/0:0-eve]
(www-data,489264,71828,00:00:00,6826) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,75040,00:00:00,6866) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74972,00:00:00,6879) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72004,00:00:00,6891) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,24192,2492,00:00:07,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(www-data,489264,71852,00:00:00,6911) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(Debian-+,89668,10436,01:03:09,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(www-data,489264,71888,00:00:00,6921) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74764,00:00:00,6960) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74680,00:00:00,6970) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74772,00:00:00,6985) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72072,00:00:00,6998) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74956,00:00:00,7073) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,75004,00:00:00,7085) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74800,00:00:00,7174) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71960,00:00:00,7366) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,72304,5640,00:00:00,8511) sshd: [accepted]
(sshd,72304,3140,00:00:00,8512) sshd: [net]
(root,21776,3576,00:00:00,8683) /bin/bash /usr/bin/check_mk_agent
(root,36708,3216,00:00:00,8693) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1108,00:00:00,8694) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(www-data,1492600,111240,00:00:01,9978) /usr/sbin/apache2 -k start
(www-data,1490008,105580,00:00:02,9979) /usr/sbin/apache2 -k start
(www-data,1488044,105512,00:00:02,9980) /usr/sbin/apache2 -k start
(www-data,1492484,110208,00:00:02,9981) /usr/sbin/apache2 -k start
(www-data,1487916,102884,00:00:02,9982) /usr/sbin/apache2 -k start
(www-data,1494948,135344,00:00:03,10089) /usr/sbin/apache2 -k start
(www-data,1488052,102348,00:00:01,11690) /usr/sbin/apache2 -k start
(www-data,1494088,109180,00:00:01,18625) /usr/sbin/apache2 -k start
(www-data,1488032,104656,00:00:00,23069) /usr/sbin/apache2 -k start
(www-data,1491944,103440,00:00:00,29994) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,31401) [kworker/1:0-eve]
(root,0,0,00:00:00,32258) [kworker/u4:2-ev]

Found on 2024-11-27 23:38

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce6faa8ea9

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,6804,00:13:28,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:02:06,9) [ksoftirqd/0]
(root,0,0,01:54:45,10) [rcu_sched]
(root,0,0,00:00:44,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:42,17) [migration/1]
(root,0,0,00:01:37,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:06,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:00,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:00:55,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:26,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:02:02,168) [kworker/1:1H-kb]
(root,0,0,00:01:13,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:05:28,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,503968,302572,00:26:53,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3088,00:00:12,571) /sbin/rpcbind -f -w
(systemd+,141788,1796,00:00:09,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3516,00:00:08,686) /lib/systemd/systemd-networkd
(systemd+,70756,4184,00:10:37,710) /lib/systemd/systemd-resolved
(root,45504,3392,00:01:23,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3608,00:04:38,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3956,00:00:32,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4636,00:06:31,934) /usr/sbin/rsyslogd -n
(root,288004,4080,00:05:39,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:03:07,944) /usr/sbin/irqbalance --foreground
(root,171252,4896,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832844,3008,00:00:36,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:01:07,952) /usr/sbin/cron -f
(root,70516,4528,00:01:10,961) /lib/systemd/systemd-logind
(root,288884,3600,00:01:00,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,23736,00:40:47,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7776,00:44:37,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,9244,00:06:38,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,9100,00:25:08,1021) /usr/bin/containerd
(root,188080,5824,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4412,00:03:28,1038) /usr/sbin/sshd -D
(nagios,324004,5784,00:26:47,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4700,09:48:07,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1595088,100952,01:50:41,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:04:39,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,3588,00:00:00,1141) php-fpm: pool www
(www-data,523776,3588,00:00:00,1142) php-fpm: pool www
(nagios,921668,8220,00:40:29,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1315140,42216,00:05:57,1185) /usr/sbin/apache2 -k start
(root,1569424,17468,00:12:32,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4172,00:20:24,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,912344,25012,00:02:45,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:02:14,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2228,00:07:41,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,1864,00:08:00,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2568112,29224,00:30:04,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3376,00:22:16,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,73312,02:10:20,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1101816,43404,10-23:56:42,1811) p2pclient -l ashan@cybergate.lk
(root,556288,3736,00:05:11,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,44816,01:34:53,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,133960,01:47:22,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,82308,01:40:42,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,98904,01:45:53,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(root,24192,2492,00:00:07,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,89204,10408,01:01:23,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(www-data,1468292,80376,00:00:01,14864) /usr/sbin/apache2 -k start
(www-data,1467828,94428,00:00:01,14865) /usr/sbin/apache2 -k start
(www-data,1467896,100144,00:00:00,14866) /usr/sbin/apache2 -k start
(www-data,1475020,81728,00:00:00,14867) /usr/sbin/apache2 -k start
(www-data,1467844,101128,00:00:00,14868) /usr/sbin/apache2 -k start
(root,0,0,00:00:02,14884) [kworker/1:3-eve]
(www-data,1471972,95964,00:00:00,14969) /usr/sbin/apache2 -k start
(www-data,470076,54304,00:00:01,20322) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,54088,00:00:00,20332) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56412,00:00:01,20342) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,54080,00:00:00,20351) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56372,00:00:01,20364) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56696,00:00:01,20373) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:01,20488) [kworker/1:0-eve]
(www-data,470076,53840,00:00:00,20521) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56440,00:00:00,20530) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56436,00:00:01,20541) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56548,00:00:00,20557) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53804,00:00:00,20567) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,54076,00:00:00,20625) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56472,00:00:00,20653) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56496,00:00:00,20671) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71912,00:00:01,20877) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72108,00:00:00,21101) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,1465064,39312,00:00:00,22133) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,22315) [kworker/u4:1-ev]
(root,0,0,00:00:00,22687) [kworker/0:1-eve]
(www-data,489264,71900,00:00:00,22980) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74928,00:00:00,22992) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74768,00:00:00,23016) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71908,00:00:00,23035) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71944,00:00:00,23051) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71960,00:00:00,23062) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,75088,00:00:00,23072) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74716,00:00:00,23081) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,23135) [kworker/0:2-eve]
(www-data,491820,75004,00:00:00,23138) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72028,00:00:00,23181) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74816,00:00:00,23196) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,75140,00:00:00,23210) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74788,00:00:00,23224) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,23363) [kworker/u4:0-ev]
(www-data,489264,71824,00:00:00,23516) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,23870) [kworker/u4:2-ev]
(root,59236,3272,00:00:00,24204) /usr/sbin/CRON -f
(www-data,4636,856,00:00:00,24208) /bin/sh -c cd /var/www/html/sltdemo/web-portal && /usr/bin/php artisan schedule:run >> /dev/null 2>&1
(www-data,489264,73056,00:00:00,24210) /usr/bin/php artisan schedule:run
(www-data,4636,856,00:00:00,24240) sh -c '/usr/bin/php7.4' 'artisan' recordings_auto_upload:cron > '/dev/null' 2>&1
(www-data,489268,73112,00:00:00,24241) /usr/bin/php7.4 artisan recordings_auto_upload:cron
(root,21776,3468,00:00:00,24383) /bin/bash /usr/bin/check_mk_agent
(root,36708,3216,00:00:00,24392) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1120,00:00:00,24393) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-11-26 00:30

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94cece3cbecc

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,6824,00:13:04,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:02:03,9) [ksoftirqd/0]
(root,0,0,01:51:37,10) [rcu_sched]
(root,0,0,00:00:42,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:41,17) [migration/1]
(root,0,0,00:01:34,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:06,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:00,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:00:54,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:23,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:01:58,168) [kworker/1:1H-kb]
(root,0,0,00:01:10,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:05:18,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,360684,223924,00:26:01,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3092,00:00:11,571) /sbin/rpcbind -f -w
(systemd+,141788,1796,00:00:09,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3568,00:00:08,686) /lib/systemd/systemd-networkd
(systemd+,70756,4192,00:10:19,710) /lib/systemd/systemd-resolved
(root,45504,3392,00:01:20,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3608,00:04:29,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3956,00:00:31,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4628,00:06:19,934) /usr/sbin/rsyslogd -n
(root,288004,4128,00:05:28,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:03:01,944) /usr/sbin/irqbalance --foreground
(root,171252,4916,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832896,3088,00:00:35,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:01:05,952) /usr/sbin/cron -f
(root,70516,4528,00:01:08,961) /lib/systemd/systemd-logind
(root,288884,3604,00:00:58,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,23820,00:39:35,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7776,00:43:19,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,13552,00:06:26,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,9584,00:24:22,1021) /usr/bin/containerd
(root,188080,5920,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4412,00:03:22,1038) /usr/sbin/sshd -D
(nagios,324004,5784,00:25:59,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4724,09:31:00,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1594548,84020,01:47:15,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:04:30,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,5956,00:00:00,1141) php-fpm: pool www
(www-data,523776,5956,00:00:00,1142) php-fpm: pool www
(nagios,921668,8188,00:39:16,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1295332,41764,00:05:46,1185) /usr/sbin/apache2 -k start
(root,1569424,16576,00:12:10,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4172,00:19:47,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,912344,27832,00:02:40,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:02:10,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2140,00:07:32,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,1960,00:07:51,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2569400,27348,00:29:10,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3376,00:21:35,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,76016,02:06:28,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1101816,42852,10-23:39:55,1811) p2pclient -l ashan@cybergate.lk
(root,556288,3896,00:05:02,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,46528,01:32:06,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,139372,01:44:12,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,83900,01:37:44,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,101212,01:42:48,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(www-data,1453880,124496,00:00:01,6080) /usr/sbin/apache2 -k start
(www-data,1453068,128400,00:00:02,6081) /usr/sbin/apache2 -k start
(www-data,1450384,100392,00:00:01,6082) /usr/sbin/apache2 -k start
(www-data,1452512,102624,00:00:01,6083) /usr/sbin/apache2 -k start
(www-data,1450356,94580,00:00:01,6084) /usr/sbin/apache2 -k start
(root,24192,2492,00:00:07,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,88696,10404,00:59:31,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(www-data,1454060,124920,00:00:01,11099) /usr/sbin/apache2 -k start
(www-data,1452520,117028,00:00:00,11111) /usr/sbin/apache2 -k start
(www-data,1450344,94484,00:00:00,11113) /usr/sbin/apache2 -k start
(root,0,0,00:00:05,13431) [kworker/1:1-eve]
(www-data,1446468,69872,00:00:00,14417) /usr/sbin/apache2 -k start
(www-data,1448364,69840,00:00:00,14419) /usr/sbin/apache2 -k start
(root,0,0,00:00:01,26412) [kworker/1:0-eve]
(www-data,489264,72016,00:00:01,26495) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74884,00:00:01,26507) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74792,00:00:01,26518) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72060,00:00:01,26549) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74572,00:00:01,26564) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71816,00:00:01,26630) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74512,00:00:01,26639) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71636,00:00:01,26649) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74588,00:00:01,26663) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71636,00:00:01,26694) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,75008,00:00:01,26709) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74912,00:00:01,26720) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74624,00:00:01,26731) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71692,00:00:00,26907) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,27627) [kworker/u4:0-ev]
(www-data,470076,53748,00:00:00,28074) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53664,00:00:00,28085) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56080,00:00:00,28119) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56040,00:00:00,28129) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53740,00:00:00,28137) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53648,00:00:00,28146) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56232,00:00:00,28155) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56016,00:00:00,28165) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56272,00:00:00,28236) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56392,00:00:00,28245) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,54032,00:00:00,28254) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53536,00:00:00,28290) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56184,00:00:00,28302) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56032,00:00:00,28326) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,28513) [kworker/0:2-eve]
(root,0,0,00:00:00,28526) [kworker/0:3]
(www-data,489264,71724,00:00:00,28587) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72024,00:00:00,28809) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,29361) [kworker/u4:1-ev]
(root,0,0,00:00:00,29745) [kworker/u4:2]
(root,59236,3280,00:00:00,29753) /usr/sbin/CRON -f
(www-data,4636,892,00:00:00,29756) /bin/sh -c cd /var/www/html/sltdemo/web-portal && /usr/bin/php artisan schedule:run >> /dev/null 2>&1
(www-data,489264,72504,00:00:00,29757) /usr/bin/php artisan schedule:run
(www-data,4636,776,00:00:00,29788) sh -c '/usr/bin/php7.4' 'artisan' recordings_auto_upload:cron > '/dev/null' 2>&1
(www-data,489268,73016,00:00:00,29789) /usr/bin/php7.4 artisan recordings_auto_upload:cron
(root,72304,5664,00:00:00,29806) sshd: [accepted]
(sshd,72304,3144,00:00:00,29807) sshd: [net]
(root,21776,3532,00:00:00,29922) /bin/bash /usr/bin/check_mk_agent
(root,36708,3156,00:00:00,29931) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1124,00:00:00,29932) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-11-23 22:00

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce6a8ea5a5

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,6884,00:12:41,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:01:59,9) [ksoftirqd/0]
(root,0,0,01:48:27,10) [rcu_sched]
(root,0,0,00:00:41,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:39,17) [migration/1]
(root,0,0,00:01:31,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:06,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:00,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:00:52,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:21,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:01:55,168) [kworker/1:1H-kb]
(root,0,0,00:01:08,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:05:08,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,425592,265768,00:25:10,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3096,00:00:11,571) /sbin/rpcbind -f -w
(systemd+,141788,1796,00:00:09,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3624,00:00:08,686) /lib/systemd/systemd-networkd
(systemd+,70756,4192,00:10:02,710) /lib/systemd/systemd-resolved
(root,45504,3392,00:01:18,817) /lib/systemd/systemd-udevd
(www-data,1430696,72760,00:00:01,828) /usr/sbin/apache2 -k start
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3608,00:04:19,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3956,00:00:30,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4632,00:06:07,934) /usr/sbin/rsyslogd -n
(root,288004,4160,00:05:17,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:02:56,944) /usr/sbin/irqbalance --foreground
(root,171252,4916,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832912,3040,00:00:34,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:01:03,952) /usr/sbin/cron -f
(root,70516,4528,00:01:06,961) /lib/systemd/systemd-logind
(root,288884,3604,00:00:56,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,24020,00:38:25,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7776,00:42:04,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,14072,00:06:14,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,10072,00:23:38,1021) /usr/bin/containerd
(root,188080,5972,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4332,00:03:16,1038) /usr/sbin/sshd -D
(nagios,324004,5784,00:25:12,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4696,09:14:24,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1594548,83500,01:43:56,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:04:22,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,5956,00:00:00,1141) php-fpm: pool www
(www-data,523776,5956,00:00:00,1142) php-fpm: pool www
(nagios,921668,8172,00:38:04,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1275560,41708,00:05:35,1185) /usr/sbin/apache2 -k start
(root,1569424,16316,00:11:50,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4172,00:19:12,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,912600,16544,00:02:35,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:02:06,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2136,00:07:23,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,2072,00:07:42,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2568272,29228,00:28:14,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3380,00:20:54,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,75116,02:02:44,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1093624,42308,10-23:23:36,1811) p2pclient -l ashan@cybergate.lk
(root,556288,4004,00:04:53,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,44316,01:29:25,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,141080,01:41:10,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,82680,01:34:52,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,101988,01:39:49,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(www-data,1426608,69844,00:00:00,5033) /usr/sbin/apache2 -k start
(www-data,1430656,72848,00:00:00,5990) /usr/sbin/apache2 -k start
(www-data,1426444,69356,00:00:00,5993) /usr/sbin/apache2 -k start
(root,0,0,00:00:03,6586) [kworker/0:0-eve]
(root,24192,2492,00:00:07,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,88284,10424,00:57:42,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,0,0,00:00:02,8861) [kworker/1:1-eve]
(www-data,489264,71708,00:00:01,10809) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74576,00:00:01,10825) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74640,00:00:01,10840) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71880,00:00:01,10850) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74516,00:00:01,11002) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71696,00:00:01,11019) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74648,00:00:01,11030) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71768,00:00:01,11039) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74588,00:00:01,11052) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71744,00:00:01,11064) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74628,00:00:01,11087) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74532,00:00:01,11131) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74648,00:00:01,11142) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71728,00:00:01,11361) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,11763) [kworker/u4:1-ev]
(www-data,470076,53640,00:00:00,12517) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53980,00:00:00,12528) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56264,00:00:00,12539) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56272,00:00:00,12549) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53800,00:00:00,12560) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53956,00:00:00,12569) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56152,00:00:00,12578) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56084,00:00:00,12588) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56204,00:00:00,12621) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56264,00:00:00,12630) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53772,00:00:00,12640) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53736,00:00:00,12659) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56312,00:00:00,12717) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56372,00:00:00,12730) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71800,00:00:00,12910) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,13048) [kworker/1:0-cgr]
(root,0,0,00:00:00,13049) [kworker/0:2-eve]
(www-data,489264,71732,00:00:00,13230) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,14258) [kworker/u4:0-ev]
(root,59236,3280,00:00:00,14569) /usr/sbin/CRON -f
(www-data,4636,820,00:00:00,14573) /bin/sh -c cd /var/www/html/sltdemo/web-portal && /usr/bin/php artisan schedule:run >> /dev/null 2>&1
(www-data,489264,72648,00:00:00,14575) /usr/bin/php artisan schedule:run
(www-data,4636,820,00:00:00,14594) sh -c '/usr/bin/php7.4' 'artisan' recordings_auto_upload:cron > '/dev/null' 2>&1
(www-data,489268,73000,00:00:00,14595) /usr/bin/php7.4 artisan recordings_auto_upload:cron
(root,21776,3596,00:00:00,14730) /bin/bash /usr/bin/check_mk_agent
(root,36708,3156,00:00:00,14739) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1088,00:00:00,14740) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(www-data,1432428,101468,00:00:01,32208) /usr/sbin/apache2 -k start
(www-data,1435164,104128,00:00:01,32209) /usr/sbin/apache2 -k start
(www-data,1430544,71836,00:00:00,32210) /usr/sbin/apache2 -k start
(www-data,1430520,100248,00:00:01,32211) /usr/sbin/apache2 -k start
(www-data,1430208,98096,00:00:00,32212) /usr/sbin/apache2 -k start
(www-data,1428524,98544,00:00:00,32274) /usr/sbin/apache2 -k start

Found on 2024-11-21 22:05

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce169ac650

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,7176,00:12:18,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:01:55,9) [ksoftirqd/0]
(root,0,0,01:45:27,10) [rcu_sched]
(root,0,0,00:00:40,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:38,17) [migration/1]
(root,0,0,00:01:29,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:05,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:00,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:00:50,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:18,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:01:51,168) [kworker/1:1H-kb]
(root,0,0,00:01:06,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:04:59,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,314264,186792,00:24:21,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3104,00:00:11,571) /sbin/rpcbind -f -w
(systemd+,141788,1800,00:00:08,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3640,00:00:08,686) /lib/systemd/systemd-networkd
(systemd+,70756,4200,00:09:46,710) /lib/systemd/systemd-resolved
(root,45504,3404,00:01:16,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3608,00:04:13,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3956,00:00:29,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4636,00:05:55,934) /usr/sbin/rsyslogd -n
(root,288004,4288,00:05:07,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:02:51,944) /usr/sbin/irqbalance --foreground
(root,171252,4988,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832952,2500,00:00:33,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:01:01,952) /usr/sbin/cron -f
(root,70516,4588,00:01:04,961) /lib/systemd/systemd-logind
(root,288884,3608,00:00:55,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,23488,00:37:20,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7776,00:40:53,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,16032,00:06:04,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,9192,00:22:56,1021) /usr/bin/containerd
(root,188080,6088,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4464,00:03:07,1038) /usr/sbin/sshd -D
(nagios,324004,5784,00:24:28,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4712,08:58:26,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1594548,82256,01:40:44,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:04:14,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,7308,00:00:00,1141) php-fpm: pool www
(www-data,523776,7308,00:00:00,1142) php-fpm: pool www
(nagios,921668,8160,00:36:59,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1249840,41336,00:05:25,1185) /usr/sbin/apache2 -k start
(root,1569424,16944,00:11:30,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4172,00:18:40,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,912344,17176,00:02:31,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:02:03,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2172,00:07:15,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,2060,00:07:34,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2569576,27020,00:27:26,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3384,00:20:16,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,76064,01:59:14,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1093624,42468,10-23:08:12,1811) p2pclient -l ashan@cybergate.lk
(root,0,0,00:00:00,1837) [kworker/u4:1-ev]
(root,556288,4148,00:04:45,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,44212,01:26:54,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,142316,01:38:17,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,82572,01:32:09,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,103000,01:37:01,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(www-data,489264,71904,00:00:00,2294) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74800,00:00:00,2385) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74780,00:00:00,2397) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71688,00:00:00,2411) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74376,00:00:00,2426) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71604,00:00:00,2437) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74472,00:00:00,2446) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71720,00:00:00,2458) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74552,00:00:00,2510) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71508,00:00:00,2520) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74508,00:00:00,2531) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74528,00:00:00,2544) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74484,00:00:00,2556) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,2633) [kworker/u4:0-ev]
(root,0,0,00:00:00,2737) [kworker/1:1-eve]
(www-data,489264,71772,00:00:00,2947) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,3349) [kworker/u4:2-ev]
(root,59236,3280,00:00:00,4274) /usr/sbin/CRON -f
(www-data,4636,928,00:00:00,4277) /bin/sh -c cd /var/www/html/sltdemo/web-portal && /usr/bin/php artisan schedule:run >> /dev/null 2>&1
(www-data,489264,72636,00:00:00,4278) /usr/bin/php artisan schedule:run
(www-data,4636,776,00:00:00,4308) sh -c '/usr/bin/php7.4' 'artisan' recordings_auto_upload:cron > '/dev/null' 2>&1
(www-data,489268,72844,00:00:00,4309) /usr/bin/php7.4 artisan recordings_auto_upload:cron
(www-data,470076,53852,00:00:00,4350) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(root,72304,5716,00:00:00,4471) sshd: [accepted]
(sshd,72304,3200,00:00:00,4472) sshd: [net]
(www-data,470076,53656,00:00:00,4473) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56072,00:00:00,4491) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56108,00:00:00,4500) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56112,00:00:00,4512) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56216,00:00:00,4521) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53440,00:00:00,4530) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53880,00:00:00,4539) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56296,00:00:00,4553) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56364,00:00:00,4564) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53668,00:00:00,4574) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(root,72304,5696,00:00:00,4682) sshd: [accepted]
(sshd,72304,3020,00:00:00,4683) sshd: [net]
(root,21776,3592,00:00:00,4741) /bin/bash /usr/bin/check_mk_agent
(root,36708,3204,00:00:00,4750) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1056,00:00:00,4751) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,24192,2492,00:00:07,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,87872,10544,00:56:00,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(www-data,1403012,69620,00:00:01,8503) /usr/sbin/apache2 -k start
(www-data,1400948,78296,00:00:01,8504) /usr/sbin/apache2 -k start
(www-data,1404968,72816,00:00:00,8505) /usr/sbin/apache2 -k start
(www-data,1407776,79504,00:00:01,11554) /usr/sbin/apache2 -k start
(www-data,1402992,70080,00:00:00,16881) /usr/sbin/apache2 -k start
(www-data,1400904,69604,00:00:00,16991) /usr/sbin/apache2 -k start
(www-data,1404956,71816,00:00:01,17029) /usr/sbin/apache2 -k start
(www-data,1400928,69512,00:00:00,17082) /usr/sbin/apache2 -k start
(www-data,1402744,69764,00:00:00,17099) /usr/sbin/apache2 -k start
(www-data,1404940,72804,00:00:00,17148) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,30377) [kworker/0:2-eve]
(root,0,0,00:00:01,31993) [kworker/0:1-eve]
(www-data,470076,53540,00:00:01,32060) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56440,00:00:01,32072) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,55956,00:00:01,32179) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72108,00:00:01,32372) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,32682) [kworker/1:0-eve]
(www-data,489264,72016,00:00:01,32708) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600

Found on 2024-11-20 01:32

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce058ecae6

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,7380,00:12:13,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:01:55,9) [ksoftirqd/0]
(root,0,0,01:44:42,10) [rcu_sched]
(root,0,0,00:00:39,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:38,17) [migration/1]
(root,0,0,00:01:28,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:05,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:00,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:00:50,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:18,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:01:51,168) [kworker/1:1H-kb]
(root,0,0,00:01:06,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:04:57,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,446244,279392,00:24:07,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3104,00:00:10,571) /sbin/rpcbind -f -w
(systemd+,141788,1800,00:00:08,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3640,00:00:08,686) /lib/systemd/systemd-networkd
(systemd+,70756,4200,00:09:42,710) /lib/systemd/systemd-resolved
(root,45504,3404,00:01:15,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3608,00:04:11,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3956,00:00:29,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4636,00:05:52,934) /usr/sbin/rsyslogd -n
(root,288004,4288,00:05:04,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:02:50,944) /usr/sbin/irqbalance --foreground
(root,171252,4988,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832952,2504,00:00:33,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:01:00,952) /usr/sbin/cron -f
(root,70516,4588,00:01:03,961) /lib/systemd/systemd-logind
(root,288884,3608,00:00:54,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,23568,00:37:05,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7776,00:40:36,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,16032,00:06:01,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,9192,00:22:46,1021) /usr/bin/containerd
(root,188080,6088,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4464,00:03:04,1038) /usr/sbin/sshd -D
(nagios,324004,5784,00:24:17,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4700,08:54:40,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1594548,82280,01:39:58,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:04:12,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,7308,00:00:00,1141) php-fpm: pool www
(www-data,523776,7308,00:00:00,1142) php-fpm: pool www
(nagios,921668,8160,00:36:43,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1245880,41220,00:05:23,1185) /usr/sbin/apache2 -k start
(root,1569424,17024,00:11:25,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4172,00:18:32,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,912344,16272,00:02:30,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:02:02,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2204,00:07:13,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,2124,00:07:32,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2569480,27260,00:27:14,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3384,00:20:07,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,74860,01:58:23,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1093624,41764,10-23:04:30,1811) p2pclient -l ashan@cybergate.lk
(root,556288,4148,00:04:43,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,44304,01:26:17,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,139624,01:37:36,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,81088,01:31:30,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,103068,01:36:20,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(root,0,0,00:00:03,4406) [kworker/1:0-eve]
(root,24192,2492,00:00:06,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,87764,10444,00:55:34,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,0,0,00:00:01,9512) [kworker/0:0-eve]
(www-data,489264,71900,00:00:01,11575) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71756,00:00:01,11808) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,11946) [kworker/1:1-eve]
(root,0,0,00:00:00,12532) [kworker/u4:2-ev]
(www-data,489264,71796,00:00:00,13658) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74860,00:00:00,13669) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74388,00:00:00,13679) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71560,00:00:00,13695) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74432,00:00:00,13811) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71956,00:00:00,13820) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74588,00:00:00,13830) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71704,00:00:00,13840) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74324,00:00:00,13854) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71516,00:00:00,13864) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74452,00:00:00,13899) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74344,00:00:00,13909) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74704,00:00:00,13922) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,13999) [kworker/u4:1-ev]
(root,0,0,00:00:00,14111) [kworker/0:2-eve]
(www-data,489264,71632,00:00:00,14237) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,1403164,85504,00:00:02,15220) /usr/sbin/apache2 -k start
(www-data,1405944,81416,00:00:02,15221) /usr/sbin/apache2 -k start
(www-data,1402844,101748,00:00:02,15222) /usr/sbin/apache2 -k start
(www-data,1403712,79960,00:00:02,15223) /usr/sbin/apache2 -k start
(www-data,1397084,69964,00:00:01,15224) /usr/sbin/apache2 -k start
(www-data,1397124,69968,00:00:02,15295) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,15336) [kworker/u4:0-ev]
(www-data,470076,53856,00:00:00,15668) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53508,00:00:00,15691) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56244,00:00:00,15707) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56192,00:00:00,15717) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56428,00:00:00,15747) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56012,00:00:00,15814) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53724,00:00:00,15823) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53736,00:00:00,15832) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56336,00:00:00,15851) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56240,00:00:00,15860) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53864,00:00:00,15868) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,54044,00:00:00,15922) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56416,00:00:00,15938) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,72304,5604,00:00:00,15959) sshd: [accepted]
(sshd,72304,3080,00:00:00,15960) sshd: [net]
(www-data,472128,56120,00:00:00,15970) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,72304,5804,00:00:00,16058) sshd: [accepted]
(sshd,72304,3076,00:00:00,16059) sshd: [net]
(root,21908,3652,00:00:00,16117) /bin/bash /usr/bin/check_mk_agent
(root,520908,33396,00:00:00,16170) /usr/bin/php ./mysql
(root,21776,3536,00:00:00,16173) /bin/bash /usr/bin/check_mk_agent
(root,36708,3228,00:00:00,16182) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1120,00:00:00,16183) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(www-data,1396924,69844,00:00:00,27286) /usr/sbin/apache2 -k start
(www-data,1396956,69744,00:00:01,27288) /usr/sbin/apache2 -k start

Found on 2024-11-19 14:33

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce1a5f4ed6

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,6860,00:11:53,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:01:51,9) [ksoftirqd/0]
(root,0,0,01:41:54,10) [rcu_sched]
(root,0,0,00:00:38,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:37,17) [migration/1]
(root,0,0,00:01:25,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:05,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:00,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:00:49,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:15,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:01:47,168) [kworker/1:1H-kb]
(root,0,0,00:01:04,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:04:49,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,433680,272796,00:23:09,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3104,00:00:10,571) /sbin/rpcbind -f -w
(systemd+,141788,1804,00:00:08,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3640,00:00:07,686) /lib/systemd/systemd-networkd
(systemd+,70756,4204,00:09:18,710) /lib/systemd/systemd-resolved
(root,45504,3408,00:01:13,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3612,00:04:04,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3960,00:00:28,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4636,00:05:36,934) /usr/sbin/rsyslogd -n
(root,288004,4340,00:04:53,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:02:45,944) /usr/sbin/irqbalance --foreground
(root,171252,5084,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832964,2964,00:00:32,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:00:59,952) /usr/sbin/cron -f
(root,70516,4568,00:01:02,961) /lib/systemd/systemd-logind
(root,288884,3692,00:00:53,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,24216,00:36:09,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7776,00:39:34,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,17380,00:05:51,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,9508,00:22:10,1021) /usr/bin/containerd
(root,188080,6184,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4464,00:02:56,1038) /usr/sbin/sshd -D
(nagios,324004,5784,00:23:39,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4732,08:40:44,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1594548,85532,01:37:12,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:04:05,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,7580,00:00:00,1141) php-fpm: pool www
(www-data,523776,7580,00:00:00,1142) php-fpm: pool www
(nagios,921668,8096,00:35:47,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1230052,41020,00:05:14,1185) /usr/sbin/apache2 -k start
(root,1569424,17572,00:11:08,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4172,00:18:03,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,912088,17228,00:02:26,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:01:59,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2116,00:07:06,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,2016,00:07:25,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2569512,30492,00:26:29,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3380,00:19:33,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,75380,01:55:20,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1093624,42560,10-22:51:03,1811) p2pclient -l ashan@cybergate.lk
(root,556288,4304,00:04:36,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,45468,01:24:06,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,141864,01:35:05,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,81900,01:29:08,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,102092,01:33:52,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(www-data,1387168,74620,00:00:00,3189) /usr/sbin/apache2 -k start
(www-data,1383200,78392,00:00:01,3190) /usr/sbin/apache2 -k start
(www-data,1381060,68744,00:00:00,3191) /usr/sbin/apache2 -k start
(www-data,1385124,71752,00:00:00,3192) /usr/sbin/apache2 -k start
(www-data,1381072,69432,00:00:00,3193) /usr/sbin/apache2 -k start
(www-data,1385932,78360,00:00:00,3380) /usr/sbin/apache2 -k start
(www-data,1383072,70500,00:00:01,3527) /usr/sbin/apache2 -k start
(root,24192,2504,00:00:06,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,0,0,00:00:04,6901) [kworker/1:2-eve]
(Debian-+,87448,10596,00:54:05,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,0,0,00:00:00,15355) [kworker/1:1-eve]
(www-data,489264,71768,00:00:00,15714) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74368,00:00:00,15729) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74720,00:00:00,15747) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71616,00:00:00,15762) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74456,00:00:00,15801) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71748,00:00:00,15812) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74480,00:00:00,15824) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71524,00:00:00,15832) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74480,00:00:00,15855) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71812,00:00:00,15866) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74436,00:00:00,15917) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74500,00:00:00,15931) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74556,00:00:00,15942) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71616,00:00:00,16199) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,16332) [kworker/0:2-eve]
(root,0,0,00:00:00,16345) [kworker/0:3-eve]
(root,0,0,00:00:00,17570) [kworker/u4:2-ev]
(www-data,470076,53652,00:00:00,17747) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53684,00:00:00,17764) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56148,00:00:00,17799) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56096,00:00:00,17808) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56076,00:00:00,17817) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56204,00:00:00,17827) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53636,00:00:00,17837) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53620,00:00:00,17846) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56020,00:00:00,17860) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56116,00:00:00,17869) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53792,00:00:00,17878) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53496,00:00:00,17968) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56160,00:00:00,17982) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56004,00:00:00,18013) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71852,00:00:00,18246) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,18289) [kworker/u4:1-ev]
(www-data,489264,71880,00:00:00,18497) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,18706) [kworker/1:0-eve]
(root,0,0,00:00:00,18719) [kworker/1:3]
(root,59236,3280,00:00:00,18746) /usr/sbin/CRON -f
(www-data,4636,824,00:00:00,18749) /bin/sh -c cd /var/www/html/sltdemo/web-portal && /usr/bin/php artisan schedule:run >> /dev/null 2>&1
(www-data,489264,72300,00:00:00,18752) /usr/bin/php artisan schedule:run
(www-data,4636,832,00:00:00,18770) sh -c '/usr/bin/php7.4' 'artisan' recordings_auto_upload:cron > '/dev/null' 2>&1
(www-data,489268,72764,00:00:00,18771) /usr/bin/php7.4 artisan recordings_auto_upload:cron
(root,0,0,00:00:00,18903) [kworker/u4:0-ev]
(root,72304,5632,00:00:00,18929) sshd: [accepted]
(sshd,72304,3076,00:00:00,18930) sshd: [net]
(root,21776,3696,00:00:00,19045) /bin/bash /usr/bin/check_mk_agent
(root,36708,3232,00:00:00,19054) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1080,00:00:00,19055) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-11-18 00:42

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce5966b9be

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,7304,00:11:29,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:01:47,9) [ksoftirqd/0]
(root,0,0,01:38:41,10) [rcu_sched]
(root,0,0,00:00:37,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:36,17) [migration/1]
(root,0,0,00:01:22,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:05,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:00,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:00:47,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:13,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:01:44,168) [kworker/1:1H-kb]
(root,0,0,00:01:01,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:04:39,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,311288,183832,00:22:18,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,0,0,00:00:01,496) [kworker/0:0-eve]
(root,47704,3108,00:00:10,571) /sbin/rpcbind -f -w
(systemd+,141788,1804,00:00:08,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3644,00:00:07,686) /lib/systemd/systemd-networkd
(systemd+,70756,4208,00:09:01,710) /lib/systemd/systemd-resolved
(root,45504,3416,00:01:11,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3612,00:03:56,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3960,00:00:27,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4636,00:05:24,934) /usr/sbin/rsyslogd -n
(root,288004,4400,00:04:42,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:02:40,944) /usr/sbin/irqbalance --foreground
(root,171252,5156,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832816,2984,00:00:31,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:00:57,952) /usr/sbin/cron -f
(root,70516,4592,00:01:00,961) /lib/systemd/systemd-logind
(root,288884,3732,00:00:51,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,22868,00:35:02,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7776,00:38:19,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,17384,00:05:40,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,9944,00:21:25,1021) /usr/bin/containerd
(root,188080,6264,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4464,00:02:49,1038) /usr/sbin/sshd -D
(nagios,324004,5792,00:22:51,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4724,08:23:49,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1594548,88012,01:33:47,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:03:57,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,7580,00:00:00,1141) php-fpm: pool www
(www-data,523776,7580,00:00:00,1142) php-fpm: pool www
(nagios,921668,8212,00:34:34,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1214244,40916,00:05:03,1185) /usr/sbin/apache2 -k start
(root,1569424,18312,00:10:48,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4172,00:17:28,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,911832,18392,00:02:21,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,0,0,00:00:00,1464) [kworker/u4:2-ev]
(root,141988,1952,00:01:55,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,1920,00:06:58,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,2112,00:07:16,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2571136,30180,00:25:38,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3380,00:18:53,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,74524,01:51:36,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1093624,42652,10-22:34:34,1811) p2pclient -l ashan@cybergate.lk
(root,556288,4444,00:04:27,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,44000,01:21:24,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,142664,01:32:02,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,81156,01:26:14,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,102548,01:30:51,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(www-data,489264,71632,00:00:00,4338) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74412,00:00:00,4387) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74504,00:00:00,4435) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71924,00:00:00,4457) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74420,00:00:00,4553) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71928,00:00:00,4577) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74292,00:00:00,4588) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71576,00:00:00,4607) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74416,00:00:00,4662) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71572,00:00:00,4691) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74512,00:00:00,4743) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74484,00:00:00,4763) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74544,00:00:00,4820) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71860,00:00:00,5087) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,5405) [kworker/0:1-eve]
(root,0,0,00:00:00,5406) [kworker/1:1-eve]
(www-data,470076,53640,00:00:00,6518) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53620,00:00:00,6530) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56336,00:00:00,6601) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56292,00:00:00,6610) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56072,00:00:00,6619) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56096,00:00:00,6630) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53536,00:00:00,6639) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53504,00:00:00,6651) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56228,00:00:00,6693) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56100,00:00:00,6702) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53760,00:00:00,6711) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53700,00:00:00,6736) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56036,00:00:00,6792) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56068,00:00:00,6804) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,24192,2504,00:00:06,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,86984,10636,00:52:17,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(www-data,489264,71500,00:00:00,6948) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,7058) [kworker/u4:0-ev]
(www-data,489264,71492,00:00:00,7193) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,7544) [kworker/0:2]
(root,0,0,00:00:00,7545) [kworker/1:0-eve]
(root,59236,3272,00:00:00,7594) /usr/sbin/CRON -f
(www-data,4636,848,00:00:00,7598) /bin/sh -c cd /var/www/html/sltdemo/web-portal && /usr/bin/php artisan schedule:run >> /dev/null 2>&1
(www-data,489264,72840,00:00:00,7600) /usr/bin/php artisan schedule:run
(www-data,4636,892,00:00:00,7618) sh -c '/usr/bin/php7.4' 'artisan' recordings_auto_upload:cron > '/dev/null' 2>&1
(www-data,489268,72812,00:00:00,7619) /usr/bin/php7.4 artisan recordings_auto_upload:cron
(root,21908,3608,00:00:00,7811) /bin/bash /usr/bin/check_mk_agent
(root,520908,34680,00:00:00,7865) /usr/bin/php ./mysql
(root,21776,3532,00:00:00,7868) /bin/bash /usr/bin/check_mk_agent
(root,36708,3116,00:00:00,7877) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1012,00:00:00,7878) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:01,21979) [kworker/u4:1-ev]
(root,0,0,00:00:02,28042) [kworker/1:2-eve]
(www-data,1365088,77852,00:00:01,28973) /usr/sbin/apache2 -k start
(www-data,1367300,72728,00:00:00,28974) /usr/sbin/apache2 -k start
(www-data,1374196,81368,00:00:00,28975) /usr/sbin/apache2 -k start
(www-data,1369184,71588,00:00:00,28976) /usr/sbin/apache2 -k start
(www-data,1369464,71092,00:00:00,28977) /usr/sbin/apache2 -k start
(www-data,1365092,69244,00:00:00,29051) /usr/sbin/apache2 -k start

Found on 2024-11-16 01:42

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ced102c2c5

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,7520,00:11:24,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:01:46,9) [ksoftirqd/0]
(root,0,0,01:37:59,10) [rcu_sched]
(root,0,0,00:00:37,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:35,17) [migration/1]
(root,0,0,00:01:21,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:05,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:00,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:00:47,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:13,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:01:43,168) [kworker/1:1H-kb]
(root,0,0,00:01:01,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:04:36,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,438136,273112,00:22:05,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3108,00:00:10,571) /sbin/rpcbind -f -w
(systemd+,141788,1804,00:00:08,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3644,00:00:07,686) /lib/systemd/systemd-networkd
(systemd+,70756,4208,00:08:56,710) /lib/systemd/systemd-resolved
(root,45504,3416,00:01:10,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3612,00:03:54,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3960,00:00:27,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4636,00:05:21,934) /usr/sbin/rsyslogd -n
(root,288004,4500,00:04:39,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:02:39,944) /usr/sbin/irqbalance --foreground
(root,171252,5156,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832816,2992,00:00:31,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:00:56,952) /usr/sbin/cron -f
(root,70516,4592,00:00:59,961) /lib/systemd/systemd-logind
(root,288884,3772,00:00:50,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,23540,00:34:45,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7776,00:38:01,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,17384,00:05:37,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,9944,00:21:15,1021) /usr/bin/containerd
(root,188080,6264,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4464,00:02:47,1038) /usr/sbin/sshd -D
(nagios,324004,5792,00:22:40,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4684,08:19:49,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1594548,82584,01:33:00,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:03:55,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,7580,00:00:00,1141) php-fpm: pool www
(www-data,523776,7580,00:00:00,1142) php-fpm: pool www
(nagios,921668,8212,00:34:17,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1206324,39704,00:05:01,1185) /usr/sbin/apache2 -k start
(root,1569424,18360,00:10:43,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4172,00:17:20,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,911832,18528,00:02:20,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:01:54,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,1936,00:06:56,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,2080,00:07:14,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2571216,30100,00:25:25,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3380,00:18:44,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,74692,01:50:43,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1093624,42260,10-22:30:45,1811) p2pclient -l ashan@cybergate.lk
(root,556288,4444,00:04:25,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,44312,01:20:46,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,143256,01:31:19,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,81364,01:25:33,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,100992,01:30:09,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(root,24192,2504,00:00:06,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,86904,10564,00:51:51,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,0,0,00:00:02,8084) [kworker/0:3-eve]
(root,0,0,00:00:01,10312) [kworker/1:2-eve]
(www-data,489264,71616,00:00:01,11679) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74572,00:00:01,11691) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74508,00:00:01,11701) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71656,00:00:01,11714) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74688,00:00:01,11747) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74452,00:00:01,11758) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71676,00:00:01,11768) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71684,00:00:01,11778) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74648,00:00:01,11846) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71604,00:00:01,11865) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74468,00:00:00,11907) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74760,00:00:01,11916) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74528,00:00:01,11937) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71524,00:00:01,12133) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,1361388,70704,00:00:00,13349) /usr/sbin/apache2 -k start
(www-data,1356248,36440,00:00:00,13391) /usr/sbin/apache2 -k start
(www-data,1361276,69520,00:00:00,13393) /usr/sbin/apache2 -k start
(www-data,1364152,75144,00:00:00,13394) /usr/sbin/apache2 -k start
(www-data,1356248,37120,00:00:00,13403) /usr/sbin/apache2 -k start
(www-data,1356248,34236,00:00:00,13413) /usr/sbin/apache2 -k start
(www-data,1356248,34204,00:00:00,13431) /usr/sbin/apache2 -k start
(www-data,470076,53532,00:00:00,13454) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53660,00:00:00,13465) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56024,00:00:00,13501) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56188,00:00:00,13511) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56272,00:00:00,13519) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56044,00:00:00,13530) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53460,00:00:00,13541) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53536,00:00:00,13549) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,55940,00:00:00,13630) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56112,00:00:00,13638) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53568,00:00:00,13648) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53608,00:00:00,13689) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56120,00:00:00,13702) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56172,00:00:00,13765) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71684,00:00:00,13881) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71656,00:00:00,14153) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,14223) [kworker/u4:0-ev]
(www-data,1359380,68880,00:00:02,14866) /usr/sbin/apache2 -k start
(www-data,1364276,75052,00:00:01,14887) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,15102) [kworker/1:1-eve]
(root,0,0,00:00:00,15114) [kworker/0:0-cgr]
(root,0,0,00:00:00,15964) [kworker/u4:1-ev]
(www-data,1366296,80004,00:00:01,16245) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,16282) [kworker/u4:2]
(root,59236,3280,00:00:00,16298) /usr/sbin/CRON -f
(www-data,4636,824,00:00:00,16301) /bin/sh -c cd /var/www/html/sltdemo/web-portal && /usr/bin/php artisan schedule:run >> /dev/null 2>&1
(www-data,489264,72724,00:00:00,16303) /usr/bin/php artisan schedule:run
(www-data,4636,884,00:00:00,16322) sh -c '/usr/bin/php7.4' 'artisan' recordings_auto_upload:cron > '/dev/null' 2>&1
(www-data,489268,72816,00:00:00,16323) /usr/bin/php7.4 artisan recordings_auto_upload:cron
(root,72304,5752,00:00:00,16354) sshd: [accepted]
(sshd,72304,3216,00:00:00,16356) sshd: [net]
(root,21776,3592,00:00:00,16459) /bin/bash /usr/bin/check_mk_agent
(root,36708,3224,00:00:00,16468) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1096,00:00:00,16469) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-11-15 13:55

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce5d2c70ec

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,6908,00:11:05,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:01:44,9) [ksoftirqd/0]
(root,0,0,01:35:32,10) [rcu_sched]
(root,0,0,00:00:36,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:34,17) [migration/1]
(root,0,0,00:01:19,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:05,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:00,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:00:45,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:10,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:01:40,168) [kworker/1:1H-kb]
(root,0,0,00:00:59,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:04:29,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,384508,227868,00:21:24,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3112,00:00:09,571) /sbin/rpcbind -f -w
(systemd+,141788,1804,00:00:08,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3652,00:00:07,686) /lib/systemd/systemd-networkd
(systemd+,70756,4208,00:08:43,710) /lib/systemd/systemd-resolved
(root,45504,3416,00:01:08,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3616,00:03:47,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3960,00:00:26,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4636,00:05:11,934) /usr/sbin/rsyslogd -n
(root,288004,4152,00:04:30,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:02:35,944) /usr/sbin/irqbalance --foreground
(root,171252,5188,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832808,3104,00:00:30,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:00:55,952) /usr/sbin/cron -f
(root,70516,4592,00:00:58,961) /lib/systemd/systemd-logind
(root,288884,3780,00:00:49,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,23476,00:33:50,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7776,00:37:00,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,17388,00:05:27,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,10096,00:20:40,1021) /usr/bin/containerd
(root,188080,6324,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4620,00:02:42,1038) /usr/sbin/sshd -D
(nagios,324004,5792,00:22:03,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4680,08:06:07,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1594404,80680,01:30:24,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:03:48,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,7580,00:00:00,1141) php-fpm: pool www
(www-data,523776,7580,00:00:00,1142) php-fpm: pool www
(nagios,921668,7764,00:33:16,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1190524,40688,00:04:52,1185) /usr/sbin/apache2 -k start
(root,1569424,19412,00:10:26,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(www-data,470076,53536,00:00:01,1281) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(wazuh,193812,4176,00:16:52,1292) /var/ossec/bin/wazuh-agentd
(www-data,472128,55968,00:00:01,1317) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56036,00:00:01,1378) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,911320,20044,00:02:16,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:01:51,1470) /var/ossec/bin/wazuh-syscheckd
(www-data,489264,71812,00:00:01,1554) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,712396,2068,00:06:49,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,2088,00:07:06,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2571180,29948,00:24:41,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3396,00:18:11,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,73560,01:47:43,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1093624,42512,10-22:17:31,1811) p2pclient -l ashan@cybergate.lk
(root,556288,4504,00:04:18,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,43660,01:18:35,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(www-data,489264,71676,00:00:01,1972) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,1615388,143336,01:28:49,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,81684,01:23:13,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,102232,01:27:42,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(root,0,0,00:00:01,2506) [kworker/1:0-eve]
(www-data,489264,71664,00:00:00,3683) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74560,00:00:00,3696) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74576,00:00:00,3709) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71644,00:00:00,3719) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74472,00:00:00,3752) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74308,00:00:00,3761) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71628,00:00:00,3771) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71504,00:00:00,3780) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74452,00:00:00,3795) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71528,00:00:00,3807) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74680,00:00:00,3865) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74444,00:00:00,3886) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74672,00:00:00,3902) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71612,00:00:00,4176) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,4576) [kworker/0:2-eve]
(root,0,0,00:00:00,4589) [kworker/0:3-eve]
(root,0,0,00:00:00,4807) [kworker/u4:0-ev]
(root,0,0,00:00:00,5260) [kworker/u4:2-ev]
(www-data,1340444,37348,00:00:00,5584) /usr/sbin/apache2 -k start
(www-data,1192852,24276,00:00:00,5585) /usr/sbin/apache2 -k start
(www-data,1340444,34572,00:00:00,5586) /usr/sbin/apache2 -k start
(www-data,1192852,24276,00:00:00,5587) /usr/sbin/apache2 -k start
(www-data,1192852,24276,00:00:00,5588) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,5591) [kworker/1:1-cgr]
(root,0,0,00:00:00,5603) [kworker/1:2-eve]
(www-data,470076,53672,00:00:00,5612) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53812,00:00:00,5624) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,55932,00:00:00,5671) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56300,00:00:00,5684) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56112,00:00:00,5692) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56032,00:00:00,5702) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53572,00:00:00,5714) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53548,00:00:00,5723) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56120,00:00:00,5736) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56308,00:00:00,5747) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53668,00:00:00,5757) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(root,21908,3596,00:00:00,5828) /bin/bash /usr/bin/check_mk_agent
(root,520908,34632,00:00:00,5882) /usr/bin/php ./mysql
(root,21776,3468,00:00:00,5885) /bin/bash /usr/bin/check_mk_agent
(root,36708,3160,00:00:00,5894) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1124,00:00:00,5895) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,24192,2504,00:00:06,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,86484,10552,00:50:23,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,0,0,00:00:00,32565) [kworker/1:3-eve]

Found on 2024-11-13 22:24

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce3b2af2e7

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,7556,00:10:43,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:01:40,9) [ksoftirqd/0]
(root,0,0,01:32:39,10) [rcu_sched]
(root,0,0,00:00:34,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:33,17) [migration/1]
(root,0,0,00:01:16,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:05,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:00,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:00:44,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:08,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:01:36,168) [kworker/1:1H-kb]
(root,0,0,00:00:57,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:04:19,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,461032,292892,00:20:17,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3120,00:00:09,571) /sbin/rpcbind -f -w
(systemd+,141788,1804,00:00:07,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3664,00:00:07,686) /lib/systemd/systemd-networkd
(systemd+,70756,4216,00:08:11,710) /lib/systemd/systemd-resolved
(root,45504,3420,00:01:06,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3624,00:03:42,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3964,00:00:25,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4636,00:04:52,934) /usr/sbin/rsyslogd -n
(root,288004,4252,00:04:19,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:02:29,944) /usr/sbin/irqbalance --foreground
(root,171252,5340,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832840,3244,00:00:29,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:00:53,952) /usr/sbin/cron -f
(root,70516,4604,00:00:56,961) /lib/systemd/systemd-logind
(root,288884,3852,00:00:48,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,23472,00:32:43,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7776,00:35:46,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,17540,00:05:16,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,10552,00:19:57,1021) /usr/bin/containerd
(root,188080,6488,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4688,00:02:36,1038) /usr/sbin/sshd -D
(nagios,324004,5792,00:21:18,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4752,07:49:47,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1594404,82180,01:27:23,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:03:40,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,7704,00:00:00,1141) php-fpm: pool www
(www-data,523776,7704,00:00:00,1142) php-fpm: pool www
(nagios,921668,7820,00:32:03,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1170728,40728,00:04:42,1185) /usr/sbin/apache2 -k start
(root,1569424,18372,00:10:06,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4176,00:16:18,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,911320,22020,00:02:12,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:01:47,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2084,00:06:40,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,2140,00:06:57,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2569608,30880,00:23:43,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3416,00:17:32,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,74664,01:44:08,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1093624,42960,10-22:01:48,1811) p2pclient -l ashan@cybergate.lk
(root,556288,4632,00:04:09,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,49236,01:15:57,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,143892,01:25:51,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,81580,01:20:27,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,103232,01:24:47,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(www-data,1321944,69136,00:00:01,2847) /usr/sbin/apache2 -k start
(www-data,1322532,88596,00:00:00,2863) /usr/sbin/apache2 -k start
(root,24192,2504,00:00:06,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,86164,10664,00:48:38,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(www-data,1330720,85944,00:00:02,18663) /usr/sbin/apache2 -k start
(www-data,1323744,87060,00:00:01,18665) /usr/sbin/apache2 -k start
(www-data,1333652,107356,00:00:02,18667) /usr/sbin/apache2 -k start
(www-data,1332336,108108,00:00:02,18668) /usr/sbin/apache2 -k start
(www-data,1328144,73144,00:00:02,19919) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,22723) [kworker/0:1-eve]
(root,0,0,00:00:01,22733) [kworker/0:3-eve]
(root,0,0,00:00:00,23614) [kworker/1:2-eve]
(www-data,1329464,96584,00:00:01,23679) /usr/sbin/apache2 -k start
(www-data,489264,71604,00:00:01,24612) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74628,00:00:00,24624) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74616,00:00:00,24637) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71780,00:00:00,24647) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74624,00:00:00,24658) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74812,00:00:00,24668) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71992,00:00:00,24699) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71908,00:00:00,24710) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74524,00:00:00,24721) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71632,00:00:00,24789) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74648,00:00:00,24812) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74604,00:00:00,24824) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74668,00:00:00,24878) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71968,00:00:00,25027) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,25061) [kworker/u4:2-ev]
(root,0,0,00:00:00,25615) [kworker/1:0-eve]
(root,0,0,00:00:00,26136) [kworker/u4:1-ev]
(www-data,470076,53764,00:00:00,26344) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53664,00:00:00,26364) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56132,00:00:00,26378) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56452,00:00:00,26387) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56188,00:00:00,26417) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56236,00:00:00,26428) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53748,00:00:00,26438) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53568,00:00:00,26447) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56484,00:00:00,26515) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56192,00:00:00,26524) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53864,00:00:00,26533) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53772,00:00:00,26596) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56488,00:00:00,26608) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56440,00:00:00,26627) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71656,00:00:00,26742) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72040,00:00:00,26956) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,27013) [kworker/u4:0-ev]
(root,0,0,00:00:00,27663) [kworker/0:0-eve]
(root,0,0,00:00:00,27664) [kworker/0:2]
(root,59236,3236,00:00:00,27713) /usr/sbin/CRON -f
(www-data,4636,832,00:00:00,27717) /bin/sh -c cd /var/www/html/sltdemo/web-portal && /usr/bin/php artisan schedule:run >> /dev/null 2>&1
(www-data,489264,72824,00:00:00,27719) /usr/bin/php artisan schedule:run
(www-data,4636,928,00:00:00,27737) sh -c '/usr/bin/php7.4' 'artisan' recordings_auto_upload:cron > '/dev/null' 2>&1
(www-data,489268,73176,00:00:00,27738) /usr/bin/php7.4 artisan recordings_auto_upload:cron
(root,72304,5732,00:00:00,27747) sshd: [accepted]
(root,21908,3556,00:00:00,27757) /bin/bash /usr/bin/check_mk_agent
(root,520908,33580,00:00:00,27810) /usr/bin/php ./mysql
(root,21776,3608,00:00:00,27870) /bin/bash /usr/bin/check_mk_agent
(root,36708,3148,00:00:00,27879) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1024,00:00:00,27880) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(www-data,1324200,86992,00:00:01,28749) /usr/sbin/apache2 -k start
(www-data,1322760,90808,00:00:01,28754) /usr/sbin/apache2 -k start

Found on 2024-11-11 22:40

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94cecf92c650

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,6884,00:10:21,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:01:37,9) [ksoftirqd/0]
(root,0,0,01:29:51,10) [rcu_sched]
(root,0,0,00:00:33,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:32,17) [migration/1]
(root,0,0,00:01:13,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:05,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:00,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:00:42,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:05,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:01:33,168) [kworker/1:1H-kb]
(root,0,0,00:00:55,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:04:10,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,360232,224536,00:19:30,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3124,00:00:09,571) /sbin/rpcbind -f -w
(systemd+,141788,1804,00:00:07,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3668,00:00:06,686) /lib/systemd/systemd-networkd
(systemd+,70756,4248,00:07:55,710) /lib/systemd/systemd-resolved
(root,45504,3424,00:01:03,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3624,00:03:34,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3976,00:00:24,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4636,00:04:41,934) /usr/sbin/rsyslogd -n
(root,288004,4272,00:04:09,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:02:24,944) /usr/sbin/irqbalance --foreground
(root,171252,5360,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832828,3252,00:00:28,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:00:51,952) /usr/sbin/cron -f
(root,70516,4604,00:00:54,961) /lib/systemd/systemd-logind
(root,288884,3908,00:00:47,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,23680,00:31:37,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7776,00:34:33,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,17552,00:05:05,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,9996,00:19:15,1021) /usr/bin/containerd
(root,188080,6516,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4692,00:02:32,1038) /usr/sbin/sshd -D
(nagios,324004,5792,00:20:33,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4700,07:33:55,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1594404,79864,01:24:21,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:03:33,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,7704,00:00:00,1141) php-fpm: pool www
(www-data,523776,7704,00:00:00,1142) php-fpm: pool www
(nagios,921668,7896,00:30:55,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1150944,40588,00:04:32,1185) /usr/sbin/apache2 -k start
(root,1569424,16424,00:09:46,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4176,00:15:45,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,911320,26008,00:02:07,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:01:43,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2240,00:06:31,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,1928,00:06:48,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2570056,31000,00:22:48,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3480,00:16:54,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,75124,01:40:35,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1093624,43312,10-21:46:15,1811) p2pclient -l ashan@cybergate.lk
(root,556288,4640,00:04:00,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,47872,01:13:22,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,144032,01:22:55,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,82244,01:17:43,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,103944,01:21:53,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(www-data,1303860,98844,00:00:02,2927) /usr/sbin/apache2 -k start
(www-data,1312996,78440,00:00:03,2928) /usr/sbin/apache2 -k start
(www-data,1310436,100468,00:00:02,2929) /usr/sbin/apache2 -k start
(www-data,1305808,105212,00:00:02,2930) /usr/sbin/apache2 -k start
(www-data,1308856,75940,00:00:02,2931) /usr/sbin/apache2 -k start
(www-data,1304124,69568,00:00:02,3229) /usr/sbin/apache2 -k start
(root,0,0,00:00:02,4001) [kworker/0:1-eve]
(root,24192,2504,00:00:05,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,85552,10444,00:46:53,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(www-data,1302048,69948,00:00:01,7225) /usr/sbin/apache2 -k start
(www-data,1301808,68168,00:00:00,9038) /usr/sbin/apache2 -k start
(root,0,0,00:00:02,10280) [kworker/0:0-eve]
(root,0,0,00:00:00,12245) [kworker/1:1-eve]
(www-data,470076,53616,00:00:00,12908) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53880,00:00:00,12920) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56220,00:00:00,12937) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56028,00:00:01,12945) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56348,00:00:00,12957) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56292,00:00:00,12968) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470080,53648,00:00:00,12978) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53820,00:00:00,12987) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56316,00:00:00,13034) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56148,00:00:01,13045) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53748,00:00:00,13056) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,54048,00:00:00,13071) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56124,00:00:00,13105) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56148,00:00:00,13132) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71712,00:00:00,13316) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,13350) [kworker/u4:0-ev]
(www-data,489264,71828,00:00:00,13559) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,13686) [kworker/u4:1-ev]
(www-data,1304184,93752,00:00:01,14201) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,14442) [kworker/1:0-eve]
(www-data,1305920,70080,00:00:00,14892) /usr/sbin/apache2 -k start
(www-data,489264,71804,00:00:00,15352) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74648,00:00:00,15365) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74532,00:00:00,15401) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71748,00:00:00,15410) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74636,00:00:00,15425) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74560,00:00:00,15433) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71636,00:00:00,15443) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71924,00:00:00,15452) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74844,00:00:00,15466) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71848,00:00:00,15527) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74504,00:00:00,15538) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74528,00:00:00,15548) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74488,00:00:00,15562) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,15699) [kworker/u4:2-ev]
(www-data,489264,71804,00:00:00,15782) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,16542) [kworker/0:2-eve]
(root,0,0,00:00:00,16555) [kworker/0:3-cgr]
(root,21776,3560,00:00:00,16687) /bin/bash /usr/bin/check_mk_agent
(root,36708,3152,00:00:00,16697) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1056,00:00:00,16698) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-11-09 23:09

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce54ce63c9

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,6888,00:09:59,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:01:34,9) [ksoftirqd/0]
(root,0,0,01:27:10,10) [rcu_sched]
(root,0,0,00:00:32,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:31,17) [migration/1]
(root,0,0,00:01:10,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:04,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:00,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:00:41,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:03,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:01:30,168) [kworker/1:1H-kb]
(root,0,0,00:00:53,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:04:01,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,429340,263136,00:18:42,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3144,00:00:08,571) /sbin/rpcbind -f -w
(systemd+,141788,1804,00:00:07,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3672,00:00:06,686) /lib/systemd/systemd-networkd
(systemd+,70756,4256,00:07:39,710) /lib/systemd/systemd-resolved
(root,45504,3428,00:01:01,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3624,00:03:26,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,3988,00:00:23,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4636,00:04:30,934) /usr/sbin/rsyslogd -n
(root,288004,4352,00:03:59,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:02:19,944) /usr/sbin/irqbalance --foreground
(root,171252,5396,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832880,3344,00:00:27,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:00:49,952) /usr/sbin/cron -f
(root,70516,4604,00:00:52,961) /lib/systemd/systemd-logind
(root,288884,3976,00:00:45,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,23412,00:30:31,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7776,00:33:21,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,17556,00:04:54,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,10424,00:18:34,1021) /usr/bin/containerd
(root,188080,6556,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4756,00:02:25,1038) /usr/sbin/sshd -D
(nagios,324004,5792,00:19:49,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4760,07:18:04,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1594404,80984,01:21:22,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:03:25,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,7704,00:00:00,1141) php-fpm: pool www
(www-data,523776,7704,00:00:00,1142) php-fpm: pool www
(nagios,921668,7964,00:29:44,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1131176,40408,00:04:22,1185) /usr/sbin/apache2 -k start
(root,1569424,17068,00:09:26,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4176,00:15:12,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,911320,24788,00:02:03,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:01:39,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2192,00:06:22,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,1784,00:06:40,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2568080,31888,00:21:55,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3596,00:16:16,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,76260,01:37:03,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1093624,42920,10-21:30:56,1811) p2pclient -l ashan@cybergate.lk
(root,556288,4644,00:03:52,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,48952,01:10:47,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,145556,01:20:00,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,83488,01:14:59,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,103452,01:19:03,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(www-data,1284360,127436,00:00:03,4984) /usr/sbin/apache2 -k start
(www-data,1283992,92752,00:00:01,4985) /usr/sbin/apache2 -k start
(www-data,1288628,97296,00:00:01,4986) /usr/sbin/apache2 -k start
(www-data,1288420,73788,00:00:01,4987) /usr/sbin/apache2 -k start
(www-data,1282232,70152,00:00:01,4988) /usr/sbin/apache2 -k start
(www-data,1287040,78192,00:00:01,5055) /usr/sbin/apache2 -k start
(root,24192,2504,00:00:05,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,85260,10572,00:45:09,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,0,0,00:00:02,18402) [kworker/0:3-eve]
(www-data,1281240,38968,00:00:00,19091) /usr/sbin/apache2 -k start
(www-data,1286300,71300,00:00:00,19095) /usr/sbin/apache2 -k start
(www-data,1287088,74384,00:00:00,19096) /usr/sbin/apache2 -k start
(root,0,0,00:00:01,24959) [kworker/0:1-eve]
(www-data,489264,71772,00:00:01,25672) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74368,00:00:01,25682) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74888,00:00:01,25696) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71704,00:00:00,25709) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74692,00:00:00,25741) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74704,00:00:01,25750) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71788,00:00:00,25770) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71756,00:00:01,25780) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74540,00:00:01,25791) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71804,00:00:00,25802) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74612,00:00:01,25889) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74560,00:00:00,25929) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74424,00:00:00,25942) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71780,00:00:00,26078) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,26971) [kworker/1:0-eve]
(root,0,0,00:00:00,26984) [kworker/1:2-eve]
(root,0,0,00:00:00,27364) [kworker/u4:1-ev]
(www-data,470076,53648,00:00:00,27373) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53632,00:00:00,27407) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56080,00:00:00,27422) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56224,00:00:00,27432) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56256,00:00:00,27441) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56104,00:00:00,27451) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53696,00:00:00,27460) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53816,00:00:00,27469) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56072,00:00:00,27479) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56208,00:00:00,27547) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53656,00:00:00,27556) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53600,00:00:00,27647) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56120,00:00:00,27660) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56440,00:00:00,27694) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71780,00:00:00,27792) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,27988) [kworker/u4:0-ev]
(www-data,489264,71908,00:00:00,28037) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,28549) [kworker/u4:2-ev]
(root,0,0,00:00:00,28960) [kworker/1:1-eve]
(root,0,0,00:00:00,28973) [kworker/1:3]
(root,59236,3280,00:00:00,28990) /usr/sbin/CRON -f
(www-data,4636,876,00:00:00,28994) /bin/sh -c cd /var/www/html/sltdemo/web-portal && /usr/bin/php artisan schedule:run >> /dev/null 2>&1
(www-data,489264,72572,00:00:00,28996) /usr/bin/php artisan schedule:run
(www-data,4636,876,00:00:00,29014) sh -c '/usr/bin/php7.4' 'artisan' recordings_auto_upload:cron > '/dev/null' 2>&1
(www-data,489268,72892,00:00:00,29015) /usr/bin/php7.4 artisan recordings_auto_upload:cron
(root,21776,3572,00:00:00,29195) /bin/bash /usr/bin/check_mk_agent
(root,36708,3272,00:00:00,29204) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1092,00:00:00,29205) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-11-07 22:41

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce1010ed56

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,6920,00:09:36,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:01:31,9) [ksoftirqd/0]
(root,0,0,01:24:22,10) [rcu_sched]
(root,0,0,00:00:30,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:29,17) [migration/1]
(root,0,0,00:01:08,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:04,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:00,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:00:39,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:01:00,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:01:26,168) [kworker/1:1H-kb]
(root,0,0,00:00:51,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:03:52,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,495300,311076,00:17:51,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3176,00:00:08,571) /sbin/rpcbind -f -w
(systemd+,141788,1804,00:00:06,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3692,00:00:06,686) /lib/systemd/systemd-networkd
(systemd+,70756,4280,00:07:22,710) /lib/systemd/systemd-resolved
(root,45504,3448,00:00:59,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3672,00:03:16,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,4032,00:00:22,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4636,00:04:17,934) /usr/sbin/rsyslogd -n
(root,288004,4500,00:03:48,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:02:14,944) /usr/sbin/irqbalance --foreground
(root,171252,5508,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832880,3368,00:00:26,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:00:48,952) /usr/sbin/cron -f
(root,70516,4608,00:00:50,961) /lib/systemd/systemd-logind
(root,288884,4072,00:00:42,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,23916,00:29:26,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7780,00:32:08,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,17608,00:04:43,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,9640,00:17:53,1021) /usr/bin/containerd
(root,188080,6692,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4760,00:02:18,1038) /usr/sbin/sshd -D
(nagios,324004,5796,00:19:05,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4712,07:01:55,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1594404,85372,01:18:18,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:03:17,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,7704,00:00:00,1141) php-fpm: pool www
(www-data,523776,7704,00:00:00,1142) php-fpm: pool www
(nagios,921668,7672,00:28:31,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1111368,40172,00:04:12,1185) /usr/sbin/apache2 -k start
(root,1569424,17040,00:09:06,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4200,00:14:38,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,911320,26364,00:01:59,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:01:36,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2232,00:06:14,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,1960,00:06:31,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2569592,30140,00:21:06,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3616,00:15:37,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,76140,01:33:30,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1093624,41928,10-21:15:27,1811) p2pclient -l ashan@cybergate.lk
(root,556288,4648,00:03:44,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,49116,01:08:10,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,146896,01:17:05,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,84324,01:12:14,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,101980,01:16:09,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(root,0,0,00:00:00,4097) [kworker/0:0]
(root,0,0,00:00:00,6048) [kworker/1:1-eve]
(www-data,489264,71692,00:00:00,6696) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74684,00:00:01,6727) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74776,00:00:01,6742) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72084,00:00:00,6766) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74552,00:00:00,6781) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74556,00:00:01,6790) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71532,00:00:00,6804) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71768,00:00:01,6813) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74492,00:00:00,6857) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71880,00:00:00,6873) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74672,00:00:00,6884) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74792,00:00:00,6894) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,24192,2504,00:00:05,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(www-data,491820,74656,00:00:00,6910) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(Debian-+,84684,10464,00:43:24,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(www-data,489264,72072,00:00:00,7154) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,7982) [kworker/u4:2-ev]
(root,0,0,00:00:00,8247) [kworker/1:0-eve]
(www-data,470076,53780,00:00:00,8593) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,54044,00:00:00,8604) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56180,00:00:00,8654) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56276,00:00:00,8663) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56116,00:00:00,8672) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56148,00:00:00,8681) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53752,00:00:00,8691) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53740,00:00:00,8703) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56376,00:00:00,8715) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56300,00:00:00,8725) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53820,00:00:00,8734) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53808,00:00:00,8776) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56248,00:00:00,8789) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56276,00:00:00,8812) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71888,00:00:00,9033) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72000,00:00:00,9212) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,9739) [kworker/u4:1-ev]
(root,59236,3280,00:00:00,10006) /usr/sbin/CRON -f
(www-data,4636,832,00:00:00,10010) /bin/sh -c cd /var/www/html/sltdemo/web-portal && /usr/bin/php artisan schedule:run >> /dev/null 2>&1
(www-data,489264,72532,00:00:00,10011) /usr/bin/php artisan schedule:run
(www-data,4636,816,00:00:00,10030) sh -c '/usr/bin/php7.4' 'artisan' recordings_auto_upload:cron > '/dev/null' 2>&1
(www-data,489268,73048,00:00:00,10031) /usr/bin/php7.4 artisan recordings_auto_upload:cron
(root,0,0,00:00:00,10091) [kworker/u4:0-ev]
(root,21776,3592,00:00:00,10210) /bin/bash /usr/bin/check_mk_agent
(root,36708,3224,00:00:00,10219) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1056,00:00:00,10220) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(www-data,1268260,100816,00:00:01,21331) /usr/sbin/apache2 -k start
(www-data,1267284,83048,00:00:01,21332) /usr/sbin/apache2 -k start
(www-data,1264480,68680,00:00:01,21333) /usr/sbin/apache2 -k start
(www-data,1268516,72436,00:00:01,21334) /usr/sbin/apache2 -k start
(www-data,1262504,68368,00:00:01,21335) /usr/sbin/apache2 -k start
(www-data,1273412,81816,00:00:01,21657) /usr/sbin/apache2 -k start
(www-data,1262360,68008,00:00:00,24812) /usr/sbin/apache2 -k start
(root,0,0,00:00:03,30634) [kworker/0:2-eve]

Found on 2024-11-05 22:36

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce0743ca02

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,6972,00:09:15,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:01:27,9) [ksoftirqd/0]
(root,0,0,01:20:57,10) [rcu_sched]
(root,0,0,00:00:29,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:28,17) [migration/1]
(root,0,0,00:01:05,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:04,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:00,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:00:38,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:00:58,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:01:23,168) [kworker/1:1H-kb]
(root,0,0,00:00:49,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:03:44,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,360448,223276,00:17:06,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,21776,3532,00:00:00,558) /bin/bash /usr/bin/check_mk_agent
(root,34412,2840,00:00:00,567) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,21776,352,00:00:00,568) /bin/bash /usr/bin/check_mk_agent
(root,47704,3176,00:00:08,571) /sbin/rpcbind -f -w
(systemd+,141788,1804,00:00:06,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3692,00:00:06,686) /lib/systemd/systemd-networkd
(systemd+,70756,4280,00:07:08,710) /lib/systemd/systemd-resolved
(root,45504,3448,00:00:57,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3672,00:03:07,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,4032,00:00:21,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4636,00:04:06,934) /usr/sbin/rsyslogd -n
(root,288004,4544,00:03:39,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:02:09,944) /usr/sbin/irqbalance --foreground
(root,171252,5524,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832868,3372,00:00:25,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2536,00:00:46,952) /usr/sbin/cron -f
(root,70516,4608,00:00:48,961) /lib/systemd/systemd-logind
(root,288884,4100,00:00:39,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,23352,00:28:25,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7780,00:30:58,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,17608,00:04:33,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,8812,00:17:16,1021) /usr/bin/containerd
(root,188080,6704,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4760,00:02:12,1038) /usr/sbin/sshd -D
(nagios,324004,5796,00:18:24,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4708,06:47:13,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1594404,85928,01:15:35,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:03:10,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,7704,00:00:00,1141) php-fpm: pool www
(www-data,523776,7704,00:00:00,1142) php-fpm: pool www
(nagios,921668,7688,00:27:35,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1091620,40052,00:04:03,1185) /usr/sbin/apache2 -k start
(root,1569424,17548,00:08:46,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4272,00:14:07,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,911320,25816,00:01:54,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:01:32,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2212,00:05:55,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,2028,00:06:11,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2573320,28964,00:20:15,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3616,00:15:04,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,76708,01:30:16,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1093096,40096,10-02:48:54,1811) p2pclient -l ashan@cybergate.lk
(root,556288,4648,00:03:36,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,49764,01:05:47,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,142580,01:14:22,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,83376,01:09:44,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,102268,01:13:29,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(root,24192,2504,00:00:05,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,84248,10504,00:41:44,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(www-data,1251560,79556,00:00:01,7391) /usr/sbin/apache2 -k start
(www-data,1246816,71344,00:00:02,7392) /usr/sbin/apache2 -k start
(www-data,1242720,77324,00:00:02,7393) /usr/sbin/apache2 -k start
(www-data,1246700,70840,00:00:01,7394) /usr/sbin/apache2 -k start
(www-data,1247380,74856,00:00:01,7395) /usr/sbin/apache2 -k start
(www-data,1242608,68216,00:00:01,7584) /usr/sbin/apache2 -k start
(www-data,1242568,68400,00:00:00,20086) /usr/sbin/apache2 -k start
(www-data,1242708,68624,00:00:00,20087) /usr/sbin/apache2 -k start
(root,0,0,00:00:03,20745) [kworker/1:3-cgr]
(www-data,489264,71560,00:00:01,27911) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74660,00:00:01,27922) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74904,00:00:01,27971) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71588,00:00:01,27988) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74496,00:00:01,27999) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74428,00:00:01,28009) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71664,00:00:01,28022) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71800,00:00:01,28034) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74920,00:00:01,28046) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71780,00:00:01,28083) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74612,00:00:01,28145) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74796,00:00:01,28161) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74760,00:00:01,28171) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71996,00:00:01,28385) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:01,30152) [kworker/1:0-mm_]
(root,0,0,00:00:00,30493) [kworker/0:0-cgr]
(www-data,470076,53648,00:00:00,30665) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53700,00:00:00,30674) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56252,00:00:00,30691) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56216,00:00:00,30700) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56156,00:00:00,30709) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56376,00:00:00,30731) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53624,00:00:00,30749) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53932,00:00:00,30782) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56292,00:00:00,30796) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56148,00:00:00,30808) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53556,00:00:00,30817) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53836,00:00:00,30890) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56040,00:00:00,30926) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56088,00:00:00,30945) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71788,00:00:00,31057) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,31293) [kworker/u4:0-ev]
(www-data,489264,71680,00:00:00,31343) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,32105) [kworker/u4:2-ev]
(root,0,0,00:00:00,32570) [kworker/0:1-eve]
(root,0,0,00:00:00,32647) [kworker/u4:1-ev]

Found on 2024-11-04 00:44

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce5b1af17e

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,7404,00:08:55,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:01:24,9) [ksoftirqd/0]
(root,0,0,01:17:21,10) [rcu_sched]
(root,0,0,00:00:28,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:27,17) [migration/1]
(root,0,0,00:01:02,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:04,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:00,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:00:36,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:00:56,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:01:19,168) [kworker/1:1H-kb]
(root,0,0,00:00:47,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:03:36,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,458032,294580,00:16:19,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3188,00:00:07,571) /sbin/rpcbind -f -w
(systemd+,141788,1804,00:00:06,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3696,00:00:05,686) /lib/systemd/systemd-networkd
(systemd+,70756,4284,00:06:53,710) /lib/systemd/systemd-resolved
(root,45504,3448,00:00:54,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3672,00:02:58,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,4044,00:00:20,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4636,00:03:54,934) /usr/sbin/rsyslogd -n
(root,288004,4604,00:03:29,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:02:04,944) /usr/sbin/irqbalance --foreground
(root,171252,5672,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832924,2280,00:00:24,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2540,00:00:44,952) /usr/sbin/cron -f
(root,70516,4664,00:00:46,961) /lib/systemd/systemd-logind
(root,288884,4168,00:00:37,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,24112,00:27:23,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7780,00:29:48,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,17624,00:04:23,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,8000,00:16:38,1021) /usr/bin/containerd
(root,188080,6856,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4852,00:02:05,1038) /usr/sbin/sshd -D
(nagios,324004,5796,00:17:43,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4728,06:32:16,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1594404,90460,01:12:50,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:03:03,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,7704,00:00:00,1141) php-fpm: pool www
(www-data,523776,7704,00:00:00,1142) php-fpm: pool www
(nagios,921668,7816,00:26:35,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1071808,39908,00:03:54,1185) /usr/sbin/apache2 -k start
(root,1569424,18052,00:08:26,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4340,00:13:35,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,911320,26360,00:01:50,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:01:28,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2368,00:05:33,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,2164,00:05:48,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2571320,30696,00:19:26,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3624,00:14:30,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,78340,01:26:58,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1089000,38456,9-05:42:56,1811) p2pclient -l ashan@cybergate.lk
(root,556288,4652,00:03:27,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,51536,01:03:22,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,144376,01:11:37,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,82824,01:07:12,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,101856,01:10:46,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(www-data,1222900,71356,00:00:01,3516) /usr/sbin/apache2 -k start
(www-data,1231804,85016,00:00:01,3517) /usr/sbin/apache2 -k start
(www-data,1231388,103924,00:00:01,3518) /usr/sbin/apache2 -k start
(www-data,1222776,68268,00:00:01,3519) /usr/sbin/apache2 -k start
(www-data,1228996,75032,00:00:01,3520) /usr/sbin/apache2 -k start
(www-data,1222944,68304,00:00:01,3676) /usr/sbin/apache2 -k start
(www-data,1222776,68040,00:00:00,3714) /usr/sbin/apache2 -k start
(root,24192,2504,00:00:05,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,83804,10556,00:39:59,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,0,0,00:00:04,11053) [kworker/1:0-eve]
(root,0,0,00:00:00,17270) [kworker/1:2-eve]
(www-data,1224744,68268,00:00:00,18611) /usr/sbin/apache2 -k start
(www-data,489264,71800,00:00:00,19603) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74500,00:00:00,19613) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74776,00:00:00,19635) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71988,00:00:00,19680) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74604,00:00:00,19690) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74564,00:00:00,19700) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71692,00:00:00,19710) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71804,00:00:00,19722) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74484,00:00:00,19732) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71800,00:00:00,19744) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74744,00:00:00,19754) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74496,00:00:00,19788) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74476,00:00:00,19800) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71764,00:00:00,20025) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,20772) [kworker/u4:2-ev]
(root,0,0,00:00:00,21618) [kworker/0:1-eve]
(root,0,0,00:00:00,21631) [kworker/0:3-cgr]
(root,0,0,00:00:00,21698) [kworker/u4:1-ev]
(www-data,470076,53676,00:00:00,21751) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,54084,00:00:00,21763) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56264,00:00:00,21774) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56280,00:00:00,21784) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56276,00:00:00,21795) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56276,00:00:00,21805) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53648,00:00:00,21817) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53640,00:00:00,21826) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56088,00:00:00,21859) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56272,00:00:00,21868) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53924,00:00:00,21877) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53756,00:00:00,21894) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56360,00:00:00,21929) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56364,00:00:00,21944) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71792,00:00:00,22116) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72036,00:00:00,22333) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,22520) [kworker/u4:0-ev]
(root,59236,3280,00:00:00,22720) /usr/sbin/CRON -f
(www-data,4636,888,00:00:00,22725) /bin/sh -c cd /var/www/html/sltdemo/web-portal && /usr/bin/php artisan schedule:run >> /dev/null 2>&1
(www-data,489264,72600,00:00:00,22726) /usr/bin/php artisan schedule:run
(www-data,4636,872,00:00:00,22744) sh -c '/usr/bin/php7.4' 'artisan' recordings_auto_upload:cron > '/dev/null' 2>&1
(www-data,489268,73072,00:00:00,22745) /usr/bin/php7.4 artisan recordings_auto_upload:cron
(root,21776,3580,00:00:00,22959) /bin/bash /usr/bin/check_mk_agent
(root,36708,3168,00:00:00,22968) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1092,00:00:00,22969) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-11-02 02:27

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94cec4b4e92f

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,7548,00:08:44,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:01:22,9) [ksoftirqd/0]
(root,0,0,01:15:19,10) [rcu_sched]
(root,0,0,00:00:28,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:27,17) [migration/1]
(root,0,0,00:01:01,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:04,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:00,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:00:36,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:00:55,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:01:18,168) [kworker/1:1H-kb]
(root,0,0,00:00:46,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:03:31,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,519168,279156,00:15:55,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3196,00:00:07,571) /sbin/rpcbind -f -w
(systemd+,141788,1804,00:00:06,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3696,00:00:05,686) /lib/systemd/systemd-networkd
(systemd+,70756,4288,00:06:44,710) /lib/systemd/systemd-resolved
(root,45504,3448,00:00:53,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3672,00:02:55,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,4048,00:00:20,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4636,00:03:48,934) /usr/sbin/rsyslogd -n
(root,288004,4772,00:03:24,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:02:02,944) /usr/sbin/irqbalance --foreground
(root,171252,5724,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832944,3056,00:00:24,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2540,00:00:43,952) /usr/sbin/cron -f
(root,70516,4672,00:00:45,961) /lib/systemd/systemd-logind
(root,288884,4232,00:00:36,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,23632,00:26:48,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7780,00:29:08,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,17624,00:04:17,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,8008,00:16:17,1021) /usr/bin/containerd
(root,188080,6916,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4856,00:02:04,1038) /usr/sbin/sshd -D
(nagios,324004,5796,00:17:20,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4732,06:23:55,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1594404,90004,01:11:18,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:02:59,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,7704,00:00:00,1141) php-fpm: pool www
(www-data,523776,7704,00:00:00,1142) php-fpm: pool www
(nagios,921668,7920,00:26:03,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1061908,39744,00:03:49,1185) /usr/sbin/apache2 -k start
(root,1569424,17708,00:08:14,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4424,00:13:17,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,911320,27000,00:01:48,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:01:26,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2396,00:05:22,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,2012,00:05:36,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2569580,31728,00:19:00,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3628,00:14:11,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,77628,01:25:07,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1089000,38036,8-18:01:17,1811) p2pclient -l ashan@cybergate.lk
(root,556288,4652,00:03:23,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,51600,01:02:01,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615388,144660,01:10:04,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,81592,01:05:46,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,102024,01:09:14,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(www-data,1214932,68396,00:00:00,3403) /usr/sbin/apache2 -k start
(root,0,0,00:00:02,4419) [kworker/1:1-eve]
(www-data,1219032,72044,00:00:00,6148) /usr/sbin/apache2 -k start
(root,24192,2504,00:00:04,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,83580,10584,00:39:02,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,0,0,00:00:00,9141) [kworker/u4:1-ev]
(www-data,470076,53744,00:00:00,10586) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(root,0,0,00:00:01,10772) [kworker/1:0-eve]
(www-data,470076,53556,00:00:00,10788) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56464,00:00:00,10806) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56220,00:00:00,10815) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56420,00:00:00,10824) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56264,00:00:00,10833) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53836,00:00:00,10843) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53592,00:00:00,10853) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56252,00:00:00,10864) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56080,00:00:00,10875) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53800,00:00:00,10887) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53852,00:00:00,10940) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56032,00:00:00,10952) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56156,00:00:00,10987) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71820,00:00:00,11102) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71760,00:00:00,11285) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,12519) [kworker/u4:0-ev]
(root,0,0,00:00:00,12705) [kworker/0:1-eve]
(root,0,0,00:00:00,12718) [kworker/0:3]
(www-data,489264,71688,00:00:00,12907) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74560,00:00:00,12927) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74912,00:00:00,12939) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71856,00:00:00,12950) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74796,00:00:00,12961) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74600,00:00:00,13028) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71764,00:00:00,13058) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71824,00:00:00,13070) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74616,00:00:00,13079) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72056,00:00:00,13090) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74656,00:00:00,13103) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74644,00:00:00,13114) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74724,00:00:00,13158) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71636,00:00:00,13324) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,13436) [kworker/u4:2-ev]
(root,59236,3280,00:00:00,13437) /usr/sbin/CRON -f
(www-data,4636,828,00:00:00,13442) /bin/sh -c cd /var/www/html/sltdemo/web-portal && /usr/bin/php artisan schedule:run >> /dev/null 2>&1
(www-data,489264,72808,00:00:00,13443) /usr/bin/php artisan schedule:run
(www-data,4636,788,00:00:00,13462) sh -c '/usr/bin/php7.4' 'artisan' recordings_auto_upload:cron > '/dev/null' 2>&1
(www-data,489268,72996,00:00:00,13463) /usr/bin/php7.4 artisan recordings_auto_upload:cron
(root,21776,3600,00:00:00,13629) /bin/bash /usr/bin/check_mk_agent
(root,36708,3148,00:00:00,13638) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1052,00:00:00,13639) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(www-data,1218984,81720,00:00:01,28241) /usr/sbin/apache2 -k start
(www-data,1223972,81100,00:00:01,28242) /usr/sbin/apache2 -k start
(www-data,1212944,68092,00:00:01,28243) /usr/sbin/apache2 -k start
(www-data,1212880,67484,00:00:01,28244) /usr/sbin/apache2 -k start
(www-data,1212936,67660,00:00:01,28245) /usr/sbin/apache2 -k start
(www-data,1212880,68256,00:00:00,28612) /usr/sbin/apache2 -k start

Found on 2024-11-01 00:51

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce506f8a37

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,6856,00:08:25,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:01:18,9) [ksoftirqd/0]
(root,0,0,01:11:31,10) [rcu_sched]
(root,0,0,00:00:27,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:26,17) [migration/1]
(root,0,0,00:00:58,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:04,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:00,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:00:34,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:00:52,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:01:14,168) [kworker/1:1H-kb]
(root,0,0,00:00:44,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:03:23,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,450456,277752,00:15:13,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3208,00:00:07,571) /sbin/rpcbind -f -w
(systemd+,141788,1804,00:00:06,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3700,00:00:05,686) /lib/systemd/systemd-networkd
(systemd+,70756,4296,00:06:28,710) /lib/systemd/systemd-resolved
(root,45504,3452,00:00:51,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3700,00:02:49,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,4056,00:00:19,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4636,00:03:38,934) /usr/sbin/rsyslogd -n
(root,288004,4552,00:03:16,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:01:57,944) /usr/sbin/irqbalance --foreground
(root,171252,5800,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832936,3116,00:00:23,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2540,00:00:41,952) /usr/sbin/cron -f
(root,70516,4608,00:00:44,961) /lib/systemd/systemd-logind
(root,288884,4308,00:00:35,973) /usr/lib/policykit-1/polkitd --no-debug
(root,1743036,23332,00:25:45,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7780,00:27:55,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,17660,00:04:07,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,8028,00:15:38,1021) /usr/bin/containerd
(root,188080,7008,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4888,00:02:02,1038) /usr/sbin/sshd -D
(nagios,324004,5796,00:16:37,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4716,06:08:30,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1594404,84924,01:08:29,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:02:51,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,7704,00:00:00,1141) php-fpm: pool www
(www-data,523776,7704,00:00:00,1142) php-fpm: pool www
(nagios,921668,8224,00:25:04,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1042172,39592,00:03:39,1185) /usr/sbin/apache2 -k start
(root,1569424,18364,00:07:53,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4500,00:12:43,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,911320,24120,00:01:43,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:01:23,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2360,00:05:00,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,2028,00:05:13,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2569660,29432,00:18:12,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3720,00:13:35,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,79284,01:21:43,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1089000,37404,7-20:34:52,1811) p2pclient -l ashan@cybergate.lk
(root,556288,4652,00:03:14,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,53496,00:59:32,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615132,143392,01:07:13,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,81184,01:03:09,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,102832,01:06:26,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(root,0,0,00:00:02,4556) [kworker/0:2-eve]
(root,24192,2504,00:00:04,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,83204,10612,00:37:16,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,0,0,00:00:01,10398) [kworker/1:0-eve]
(root,0,0,00:00:00,10414) [kworker/1:3-eve]
(www-data,489264,71912,00:00:01,10639) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74700,00:00:01,10649) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72020,00:00:01,10685) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74676,00:00:01,10695) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74356,00:00:01,10706) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74524,00:00:01,10718) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71652,00:00:01,10934) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53836,00:00:00,12303) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53828,00:00:00,12313) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56268,00:00:00,12351) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56176,00:00:00,12359) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56528,00:00:00,12368) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56512,00:00:00,12379) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53636,00:00:00,12390) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53792,00:00:00,12399) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56352,00:00:00,12411) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56108,00:00:00,12420) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53772,00:00:00,12431) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53688,00:00:00,12490) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56540,00:00:00,12506) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56456,00:00:00,12521) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,12633) [kworker/0:1-eve]
(www-data,489264,71696,00:00:00,12817) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71704,00:00:00,13017) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,13149) [kworker/u4:0-ev]
(root,0,0,00:00:00,13692) [kworker/u4:1-ev]
(root,0,0,00:00:00,14536) [kworker/1:1-cgr]
(root,0,0,00:00:00,14537) [kworker/1:2-eve]
(root,0,0,00:00:00,14624) [kworker/u4:2-ev]
(root,59236,3280,00:00:00,14641) /usr/sbin/CRON -f
(www-data,4636,868,00:00:00,14644) /bin/sh -c cd /var/www/html/sltdemo/web-portal && /usr/bin/php artisan schedule:run >> /dev/null 2>&1
(www-data,489264,72748,00:00:00,14645) /usr/bin/php artisan schedule:run
(www-data,4636,820,00:00:00,14665) sh -c '/usr/bin/php7.4' 'artisan' recordings_auto_upload:cron > '/dev/null' 2>&1
(www-data,489268,72824,00:00:00,14666) /usr/bin/php7.4 artisan recordings_auto_upload:cron
(www-data,489264,71748,00:00:00,14694) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74788,00:00:00,14705) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74704,00:00:00,14737) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72032,00:00:00,14751) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74600,00:00:00,14762) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74636,00:00:00,14771) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71904,00:00:00,14780) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,21776,3604,00:00:00,14902) /bin/bash /usr/bin/check_mk_agent
(root,36708,3176,00:00:00,14911) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1092,00:00:00,14912) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(www-data,1193124,76532,00:00:01,30601) /usr/sbin/apache2 -k start
(www-data,1193052,70692,00:00:01,30602) /usr/sbin/apache2 -k start
(www-data,1199316,71356,00:00:01,30603) /usr/sbin/apache2 -k start
(www-data,1197932,73252,00:00:01,30604) /usr/sbin/apache2 -k start
(www-data,1199952,76612,00:00:01,30605) /usr/sbin/apache2 -k start
(www-data,1199388,73960,00:00:01,30862) /usr/sbin/apache2 -k start

Found on 2024-10-30 01:41

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94cee831625f

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,225632,6856,00:08:20,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,3) [rcu_gp]
(root,0,0,00:00:00,4) [rcu_par_gp]
(root,0,0,00:00:00,6) [kworker/0:0H-kb]
(root,0,0,00:00:00,8) [mm_percpu_wq]
(root,0,0,00:01:17,9) [ksoftirqd/0]
(root,0,0,01:10:36,10) [rcu_sched]
(root,0,0,00:00:26,11) [migration/0]
(root,0,0,00:00:00,12) [idle_inject/0]
(root,0,0,00:00:00,14) [cpuhp/0]
(root,0,0,00:00:00,15) [cpuhp/1]
(root,0,0,00:00:00,16) [idle_inject/1]
(root,0,0,00:00:25,17) [migration/1]
(root,0,0,00:00:57,18) [ksoftirqd/1]
(root,0,0,00:00:00,20) [kworker/1:0H-kb]
(root,0,0,00:00:00,21) [kdevtmpfs]
(root,0,0,00:00:00,22) [netns]
(root,0,0,00:00:00,23) [rcu_tasks_kthre]
(root,0,0,00:00:00,24) [kauditd]
(root,0,0,00:00:03,25) [khungtaskd]
(root,0,0,00:00:00,26) [oom_reaper]
(root,0,0,00:00:00,27) [writeback]
(root,0,0,00:00:00,28) [kcompactd0]
(root,0,0,00:00:00,29) [ksmd]
(root,0,0,00:00:34,30) [khugepaged]
(root,0,0,00:00:00,77) [kintegrityd]
(root,0,0,00:00:00,78) [kblockd]
(root,0,0,00:00:00,79) [blkcg_punt_bio]
(root,0,0,00:00:00,80) [tpm_dev_wq]
(root,0,0,00:00:00,81) [ata_sff]
(root,0,0,00:00:00,82) [md]
(root,0,0,00:00:00,83) [edac-poller]
(root,0,0,00:00:00,84) [devfreq_wq]
(root,0,0,00:00:00,85) [watchdogd]
(root,0,0,00:00:52,88) [kswapd0]
(root,0,0,00:00:00,89) [ecryptfs-kthrea]
(root,0,0,00:00:00,91) [kthrotld]
(root,0,0,00:00:00,92) [acpi_thermal_pm]
(root,0,0,00:00:00,93) [scsi_eh_0]
(root,0,0,00:00:00,94) [scsi_tmf_0]
(root,0,0,00:00:00,95) [scsi_eh_1]
(root,0,0,00:00:00,96) [scsi_tmf_1]
(root,0,0,00:00:00,98) [vfio-irqfd-clea]
(root,0,0,00:00:00,100) [ipv6_addrconf]
(root,0,0,00:00:00,109) [kstrp]
(root,0,0,00:00:00,112) [kworker/u5:0]
(root,0,0,00:00:00,125) [charger_manager]
(root,0,0,00:00:00,164) [scsi_eh_2]
(root,0,0,00:00:00,165) [ttm_swap]
(root,0,0,00:00:00,166) [scsi_tmf_2]
(root,0,0,00:01:14,168) [kworker/1:1H-kb]
(root,0,0,00:00:43,169) [kworker/0:1H-kb]
(root,0,0,00:00:00,170) [cryptd]
(root,0,0,00:00:00,281) [raid5wq]
(root,0,0,00:03:21,331) [jbd2/vda1-8]
(root,0,0,00:00:00,332) [ext4-rsv-conver]
(root,0,0,00:00:00,407) [iscsi_eh]
(root,368604,225648,00:15:03,412) /lib/systemd/systemd-journald
(root,97712,1276,00:00:00,421) /sbin/lvmetad -f
(root,0,0,00:00:00,425) [ib-comp-wq]
(root,0,0,00:00:00,426) [ib-comp-unb-wq]
(root,0,0,00:00:00,427) [ib_mcast]
(root,0,0,00:00:00,428) [ib_nl_sa_wq]
(root,0,0,00:00:00,429) [rdma_cm]
(root,47704,3212,00:00:07,571) /sbin/rpcbind -f -w
(systemd+,141788,1804,00:00:06,576) /lib/systemd/systemd-timesyncd
(systemd+,71856,3700,00:00:05,686) /lib/systemd/systemd-networkd
(systemd+,70756,4296,00:06:24,710) /lib/systemd/systemd-resolved
(root,45504,3456,00:00:50,817) /lib/systemd/systemd-udevd
(daemon,28336,2224,00:00:00,914) /usr/sbin/atd -f
(message+,50200,3712,00:02:48,916) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,45240,4060,00:00:19,931) /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
(syslog,267280,4636,00:03:35,934) /usr/sbin/rsyslogd -n
(root,288004,4556,00:03:14,939) /usr/lib/accountsservice/accounts-daemon
(root,110484,2992,00:01:55,944) /usr/sbin/irqbalance --foreground
(root,171252,5804,00:00:00,945) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,832936,3120,00:00:23,949) /usr/bin/lxcfs /var/lib/lxcfs/
(root,31752,2540,00:00:41,952) /usr/sbin/cron -f
(root,70516,4608,00:00:43,961) /lib/systemd/systemd-logind
(root,288884,4316,00:00:35,973) /usr/lib/policykit-1/polkitd --no-debug
(www-data,1189372,76724,00:00:02,974) /usr/sbin/apache2 -k start
(www-data,1193180,95892,00:00:01,975) /usr/sbin/apache2 -k start
(www-data,1195752,96876,00:00:01,977) /usr/sbin/apache2 -k start
(www-data,1189820,72048,00:00:02,979) /usr/sbin/apache2 -k start
(www-data,1201940,107476,00:00:03,980) /usr/sbin/apache2 -k start
(root,1743036,23772,00:25:29,998) /usr/share/elastic-agent/bin/elastic-agent --path.home /var/lib/elastic-agent --path.config /etc/elastic-agent --path.logs /var/log/elastic-agent run --environment systemd -c /etc/elastic-agent/elastic-agent.yml
(root,66264,7780,00:27:37,1000) /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
(root,521480,17668,00:04:04,1019) php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
(root,1435868,8028,00:15:28,1021) /usr/bin/containerd
(www-data,1190940,91552,00:00:02,1023) /usr/sbin/apache2 -k start
(root,188080,7008,00:00:00,1027) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,16420,1848,00:00:00,1032) /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220
(root,14896,1624,00:00:00,1033) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,72304,4888,00:02:02,1038) /usr/sbin/sshd -D
(nagios,324004,5796,00:16:26,1044) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(redis,55768,4720,06:04:40,1074) /usr/bin/redis-server 127.0.0.1:6379
(mysql,1594404,84800,01:07:47,1128) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,45824,1780,00:02:50,1140) /var/ossec/bin/wazuh-execd
(www-data,523776,7704,00:00:00,1141) php-fpm: pool www
(www-data,523776,7704,00:00:00,1142) php-fpm: pool www
(nagios,921668,8224,00:24:49,1157) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(nagios,324004,264,00:00:00,1163) /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon --close-stdio -e /var/log/icinga2/error.log
(root,1038176,38956,00:03:37,1185) /usr/sbin/apache2 -k start
(root,1569424,18448,00:07:48,1278) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(wazuh,193812,4500,00:12:35,1292) /var/ossec/bin/wazuh-agentd
(root,4516,816,00:00:00,1393) bpfilter_umh
(root,911320,25080,00:01:42,1443) PM2 v5.3.0: God Daemon (/root/.pm2)
(root,141988,1952,00:01:22,1470) /var/ossec/bin/wazuh-syscheckd
(root,712396,2328,00:04:55,1618) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e1bc44d0b4ee860cef683a91e6fb62f582c0f36c7ce1cae578e262d03d87c46d -address /run/containerd/containerd.sock
(root,712396,2028,00:05:08,1621) /usr/bin/containerd-shim-runc-v2 -namespace moby -id d916c8e70b6a544d854466c5559ac2941ff7c8857fe9ecca3d37fab71a699738 -address /run/containerd/containerd.sock
(root,2569880,29620,00:18:01,1682) ./Cli start accept --token GZVWH4DTJ8HmxtpxyPYUVRC4S/Gt2/TEPnbDmidQljk=
(root,2384,0,00:00:00,1692) /bin/sh -c p2pclient -l $P2P_EMAIL
(root,488208,3732,00:13:27,1714) /var/ossec/bin/wazuh-logcollector
(root,1646336,79780,01:20:52,1779) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/system/metrics-default
(root,1089000,36868,7-15:04:23,1811) p2pclient -l ashan@cybergate.lk
(root,556288,4652,00:03:12,1855) /var/ossec/bin/wazuh-modulesd
(root,1553064,54308,00:58:55,1933) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/PGwsYWcynGUYZEjD872Gs-npqbv-30jS.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/log-default
(root,1615132,144088,01:06:30,2069) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/filestream-monitoring
(root,1500080,81644,01:02:29,2117) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/Hk6rvk9TDibMPcDvpl0jkLE-qDsHWVYL.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/beat/metrics-monitoring
(root,1567012,103252,01:05:44,2190) /var/lib/elastic-agent/data/elastic-agent-b0c688/components/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E management.restart_on_output_change=true -E logging.level=info -E logging.to_stderr=true -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E http.enabled=true -E http.host=unix:///var/lib/elastic-agent/data/tmp/akSPbdqgaHaTY0_J01-dsfYK6JpMz2zn.sock -E path.data=/var/lib/elastic-agent/data/elastic-agent-b0c688/run/http/metrics-monitoring
(root,24192,2504,00:00:04,6899) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(Debian-+,83108,10400,00:36:49,6912) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(www-data,1201056,109508,00:00:01,12721) /usr/sbin/apache2 -k start
(root,0,0,00:00:04,18067) [kworker/1:1-cgr]
(root,0,0,00:00:00,24116) [kworker/0:1-eve]
(root,0,0,00:00:00,25769) [kworker/u4:2-ev]
(root,0,0,00:00:01,26001) [kworker/0:0-eve]
(www-data,489264,71604,00:00:01,26086) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74624,00:00:01,26097) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74736,00:00:01,26110) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71724,00:00:01,26123) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74460,00:00:01,26134) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74448,00:00:01,26144) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72080,00:00:01,26174) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,72032,00:00:01,26183) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74776,00:00:01,26193) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71784,00:00:01,26205) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74484,00:00:01,26216) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74648,00:00:01,26226) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,491820,74936,00:00:01,26259) php /var/www/html/lynkeddemo_v3/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71736,00:00:01,26470) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53776,00:00:00,27681) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53824,00:00:00,27692) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,472128,56152,00:00:00,27706) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56324,00:00:00,27717) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56544,00:00:00,27725) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56172,00:00:00,27734) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53972,00:00:00,27743) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(www-data,470076,53588,00:00:00,27752) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56168,00:00:00,27763) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56052,00:00:00,27772) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,470076,53836,00:00:00,27805) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=media-conversion
(root,0,0,00:00:00,27818) [kworker/u4:1-ev]
(www-data,470076,54048,00:00:00,27822) php /var/www/html/media-conversion/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600 --queue=common
(www-data,472128,56136,00:00:00,27836) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,472128,56272,00:00:00,27895) php /var/www/html/lankadeepa/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,28072) [kworker/1:0-eve]
(www-data,489264,71632,00:00:00,28169) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(www-data,489264,71860,00:00:00,28364) php /var/www/html/sltdemo/web-portal/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
(root,0,0,00:00:00,28831) [kworker/u4:0-ev]
(root,21776,3488,00:00:00,29674) /bin/bash /usr/bin/check_mk_agent
(root,36708,3188,00:00:00,29683) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13564,1108,00:00:00,29684) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-10-29 13:34

Create report

Open service 128.199.84.47:443 · moodlebckp2.cybergate.lk

2024-11-20 16:59

HTTP/1.1 200 OK
Date: Wed, 20 Nov 2024 16:59:27 GMT
Server: Apache/2.4.29 (Ubuntu)
Set-Cookie: MoodleSession=9auri5ul2li2t97in02a7ge1hu; path=/; secure
Expires: Mon, 20 Aug 1969 09:23:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Language: en
Content-Script-Type: text/javascript
Content-Style-Type: text/css
X-UA-Compatible: IE=edge
Cache-Control: post-check=0, pre-check=0, no-transform
Last-Modified: Wed, 20 Nov 2024 16:59:27 GMT
Accept-Ranges: none
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

Found 2024-11-20 by HttpPlugin

Create report

moodlebckp2.cybergate.lk

Fingerprint:

d49d9f0ee6a873b28f357efc8908689a00ea4debed069886105a1142d8d26e82

CN:

moodlebckp2.cybergate.lk

Key:

RSA-2048

Issuer:

R11

Not before:

2024-11-20 15:59

Not after:

2025-02-18 15:59

Domain summary

moodlebckp2.cybergate.lk 0

1 recorded