LeakIX - Host 138.201.128.114

Host 138.201.128.114

Germany

Hetzner Online GmbH

Software information

Apache Apache

tcp/443 tcp/80

CheckMK monitoring endpoint publicly available

An open CheckMK agent is publicly available.

This could leak sensitive information such as :

Process list ( maybe credentials )
Network interfaces
Running services
Firewall rules
Internal OS configuration

https://docs.checkmk.com/latest/en/wato_monitoringagents.html

IP: 138.201.128.114
Port: 6556

First seen 2022-06-17 22:26
Last seen 2024-12-22 00:58
Open for 918 days

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10064c80e7

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4108,03:21:05/373-16:20:11,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:06/373-16:20:11,2) [kthreadd]
(root,0,0,00:00:00/373-16:20:11,4) [kworker/0:0H]
(root,0,0,00:40:45/373-16:20:11,6) [ksoftirqd/0]
(root,0,0,00:00:02/373-16:20:11,7) [migration/0]
(root,0,0,00:00:00/373-16:20:11,8) [rcu_bh]
(root,0,0,05:39:17/373-16:20:11,9) [rcu_sched]
(root,0,0,00:00:00/373-16:20:11,10) [lru-add-drain]
(root,0,0,00:02:56/373-16:20:11,11) [watchdog/0]
(root,0,0,00:02:26/373-16:20:11,12) [watchdog/1]
(root,0,0,00:00:02/373-16:20:11,13) [migration/1]
(root,0,0,00:00:17/373-16:20:11,14) [ksoftirqd/1]
(root,0,0,00:00:00/373-16:20:11,16) [kworker/1:0H]
(root,0,0,00:02:26/373-16:20:11,17) [watchdog/2]
(root,0,0,00:00:02/373-16:20:11,18) [migration/2]
(root,0,0,00:00:16/373-16:20:11,19) [ksoftirqd/2]
(root,0,0,00:00:00/373-16:20:11,21) [kworker/2:0H]
(root,0,0,00:02:29/373-16:20:11,22) [watchdog/3]
(root,0,0,00:00:02/373-16:20:11,23) [migration/3]
(root,0,0,00:00:15/373-16:20:11,24) [ksoftirqd/3]
(root,0,0,00:00:00/373-16:20:11,26) [kworker/3:0H]
(root,0,0,00:02:23/373-16:20:11,27) [watchdog/4]
(root,0,0,00:01:15/373-16:20:11,28) [migration/4]
(root,0,0,00:00:24/373-16:20:11,29) [ksoftirqd/4]
(root,0,0,00:00:00/373-16:20:11,31) [kworker/4:0H]
(root,0,0,00:02:18/373-16:20:11,32) [watchdog/5]
(root,0,0,00:01:36/373-16:20:11,33) [migration/5]
(root,0,0,00:00:32/373-16:20:11,34) [ksoftirqd/5]
(root,0,0,00:00:00/373-16:20:11,36) [kworker/5:0H]
(root,0,0,00:02:18/373-16:20:11,37) [watchdog/6]
(root,0,0,00:01:11/373-16:20:11,38) [migration/6]
(root,0,0,00:00:32/373-16:20:11,39) [ksoftirqd/6]
(root,0,0,00:00:00/373-16:20:11,41) [kworker/6:0H]
(root,0,0,00:02:32/373-16:20:11,42) [watchdog/7]
(root,0,0,00:01:09/373-16:20:11,43) [migration/7]
(root,0,0,00:12:04/373-16:20:11,44) [ksoftirqd/7]
(root,0,0,00:00:00/373-16:20:11,46) [kworker/7:0H]
(root,0,0,00:00:00/373-16:20:11,48) [kdevtmpfs]
(root,0,0,00:00:00/373-16:20:11,49) [netns]
(root,0,0,00:00:28/373-16:20:11,50) [khungtaskd]
(root,0,0,00:00:00/373-16:20:11,51) [writeback]
(root,0,0,00:00:00/373-16:20:11,52) [kintegrityd]
(root,0,0,00:00:00/373-16:20:11,53) [bioset]
(root,0,0,00:00:00/373-16:20:11,54) [bioset]
(root,0,0,00:00:00/373-16:20:11,55) [bioset]
(root,0,0,00:00:00/373-16:20:11,56) [kblockd]
(root,0,0,00:00:00/373-16:20:11,57) [md]
(root,0,0,00:00:00/373-16:20:11,58) [edac-poller]
(root,0,0,00:00:00/373-16:20:11,59) [watchdogd]
(root,0,0,01:00:50/373-16:20:11,66) [kswapd0]
(root,0,0,00:00:00/373-16:20:11,67) [ksmd]
(root,0,0,00:01:59/373-16:20:11,68) [khugepaged]
(root,0,0,00:00:00/373-16:20:11,69) [crypto]
(root,0,0,00:00:00/373-16:20:11,77) [kthrotld]
(root,0,0,00:00:00/373-16:20:11,80) [kmpath_rdacd]
(root,0,0,00:00:00/373-16:20:11,81) [kaluad]
(root,0,0,00:00:00/373-16:20:11,82) [kpsmoused]
(root,0,0,00:00:00/373-16:20:11,84) [ipv6_addrconf]
(root,0,0,00:00:00/373-16:20:11,97) [deferwq]
(root,0,0,00:17:47/373-16:20:10,144) [kauditd]
(root,0,0,00:00:00/373-16:20:10,368) [ata_sff]
(root,0,0,00:00:00/373-16:20:10,404) [scsi_eh_0]
(root,0,0,00:00:00/373-16:20:10,405) [scsi_tmf_0]
(root,0,0,00:00:00/373-16:20:10,406) [scsi_eh_1]
(root,0,0,00:00:00/373-16:20:10,407) [scsi_tmf_1]
(root,0,0,00:00:00/373-16:20:10,408) [scsi_eh_2]
(root,0,0,00:00:00/373-16:20:10,409) [scsi_tmf_2]
(root,0,0,00:00:00/373-16:20:10,410) [scsi_eh_3]
(root,0,0,00:00:00/373-16:20:10,411) [scsi_tmf_3]
(root,0,0,00:00:00/373-16:20:10,412) [scsi_eh_4]
(root,0,0,00:00:00/373-16:20:10,413) [scsi_tmf_4]
(root,0,0,00:00:00/373-16:20:10,414) [scsi_eh_5]
(root,0,0,00:00:00/373-16:20:10,415) [scsi_tmf_5]
(root,0,0,00:00:00/373-16:20:08,488) [kdmflush]
(root,0,0,00:00:00/373-16:20:08,489) [bioset]
(root,0,0,00:00:16/373-16:20:08,506) [kworker/0:1H]
(root,0,0,01:07:25/373-16:20:08,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/373-16:20:08,514) [ext4-rsv-conver]
(root,125776,65784,04:36:13/373-16:20:06,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/373-16:20:06,627) [kworker/4:1H]
(root,0,0,00:00:06/373-16:20:05,629) [kworker/1:1H]
(root,198572,760,00:00:00/373-16:20:05,633) /usr/sbin/lvmetad -f
(root,46060,956,00:00:00/373-16:20:05,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/373-16:20:04,644) [kworker/2:1H]
(root,0,0,00:23:21/373-16:20:04,645) [kworker/7:1H]
(root,0,0,00:00:02/373-16:20:03,687) [kworker/5:1H]
(root,0,0,00:00:00/373-16:20:03,688) [irq/125-mei_me]
(root,0,0,00:00:00/373-16:20:03,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/373-16:20:01,714) [jbd2/sda2-8]
(root,0,0,00:00:00/373-16:20:01,715) [ext4-rsv-conver]
(root,0,0,00:04:27/373-16:20:00,719) [jbd2/sda3-8]
(root,0,0,00:00:00/373-16:20:00,720) [ext4-rsv-conver]
(root,0,0,00:11:10/373-16:20:00,724) [jbd2/sdb-8]
(root,0,0,00:00:00/373-16:20:00,725) [ext4-rsv-conver]
(root,0,0,00:00:02/373-16:19:58,740) [kworker/6:1H]
(root,57704,724,00:38:14/373-16:19:48,748) /sbin/auditd
(dbus,58232,1912,01:23:42/373-16:19:47,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,1760,00:42:02/373-16:19:46,788) /usr/lib/systemd/systemd-logind
(root,229032,8876,00:14:27/373-16:19:46,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5840,01:50:05/373-16:19:46,794) /usr/sbin/nscd
(root,52900,1892,00:00:20/373-16:19:46,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:23:49/373-16:19:46,849) /usr/sbin/irqbalance --foreground
(root,24208,720,00:00:00/373-16:19:46,862) /usr/sbin/atd -f
(root,124504,1372,00:07:28/373-16:19:46,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/373-16:19:46,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/373-16:19:46,869) [kworker/3:1H]
(chrony,97380,1320,00:02:02/373-16:19:46,888) /usr/sbin/chronyd
(root,113472,3148,00:33:54/373-16:19:37,1226) /usr/sbin/sshd -D
(root,1076684,14856,02:24:37/373-16:19:37,1237) /usr/sbin/rsyslogd -n
(root,27380,808,00:02:50/373-16:19:37,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,41944,02:06:03/373-16:19:36,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4200,00:16:30/373-16:19:33,1820) dnsadmin - dormant mode
(root,214712,19160,03:50:31/373-16:19:33,1825) tailwatchd
(root,183604,6552,00:15:00/373-16:19:33,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,259504,27160,00:02:56/17-10:51:58,1861) cpsrvd (SSL) - waiting for connections                   
(root,130156,2272,00:01:59/373-16:19:33,1863) cpanellogd - sleeping for logs
(cpanelconnecttrack,9836,3288,01:59:04/17-10:51:58,1874) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,0,0,00:00:01/04:48:00,2297) [kworker/0:2]
(nobody,3423076,29368,00:01:09/6-13:40:26,2827) /usr/sbin/httpd -k start
(root,189796,12148,00:01:51/17-10:46:09,2979) cPhulkd - processor
(root,152700,11528,00:01:40/17-10:46:05,3007) cPhulkd - dbprocessor
(root,51440,2428,00:03:51/17-10:46:02,3041) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovenull,52140,7948,00:07:49/17-10:46:02,3051) dovecot/pop3-login
(dovenull,55208,10840,00:08:17/17-10:46:02,3052) dovecot/imap-login
(dovecot,10272,1296,00:01:21/17-10:46:02,3053) dovecot/anvil
(root,10524,1616,00:02:07/17-10:46:02,3054) dovecot/log
(dovenull,51380,7032,00:00:50/17-10:46:02,3055) dovecot/pop3-login
(dovenull,52904,8596,00:01:42/17-10:46:02,3056) dovecot/imap-login
(root,15960,3484,00:03:24/17-10:46:02,3057) dovecot/config
(dovecot,50440,3932,00:02:21/17-10:46:02,3058) dovecot/stats
(dovecot,10412,1504,00:00:40/17-10:45:27,3201) dovecot/imap-hibernate
(root,0,0,00:00:00/04:17:59,4822) [kworker/1:2]
(root,0,0,00:00:00/22:08:14,5594) [kworker/5:0]
(root,0,0,00:00:00/09:47:59,7328) [kworker/2:0]
(root,0,0,00:00:00/03:19:53,9857) [kworker/4:1]
(root,3108,36,00:03:11/373-12:17:14,12075) /usr/bin/RCdaemon
(dovecot,74280,5880,00:04:00/4-21:33:05,16686) dovecot/auth
(root,178536,29044,00:00:03/01:57:59,17199) lfd - sleeping
(root,0,0,00:00:00/01:44:18,18446) [kworker/u16:0]
(polkitd,610776,2988,00:30:08/373-15:22:05,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763956,27132,03:08:43/373-15:22:03,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,0,0,00:00:00/01:07:59,21694) [kworker/5:1]
(root,0,0,00:00:01/1-01:07:57,22028) [kworker/1:0]
(root,185004,2416,00:00:00/58:00,22460) /usr/sbin/CROND -n
(root,113280,1204,00:00:00/58:00,22471) /bin/sh -c sleep $((1 + RANDOM % 5))h $((1 + RANDOM % 60))m; /usr/local/bin/wp-toolkit update-configuration > /dev/null 2> /dev/null || /usr/local/cpanel/3rdparty/wp-toolkit/bin/wp-toolkit-installer.sh --generate-configs > /dev/null 2> /dev/null; /usr/bin/yum -y update wp-toolkit-cpanel > /dev/null 2> /dev/null
(root,108052,360,00:00:00/58:00,22476) sleep 1h 50m
(root,12736,1340,00:00:07/7-15:11:57,23807) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12744,1356,00:00:07/7-15:11:57,23808) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235460,3932,00:00:00/7-15:11:57,23809) /usr/sbin/httpd -k start
(root,53088,11768,00:00:00/7-15:11:57,23810) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3292004,30136,00:01:21/7-15:11:55,23815) /usr/sbin/httpd -k start
(nobody,3160932,29192,00:01:23/7-15:11:54,23868) /usr/sbin/httpd -k start
(nobody,3292004,29612,00:01:24/7-15:11:53,23921) /usr/sbin/httpd -k start
(nobody,3226468,30044,00:01:22/7-15:11:37,23983) /usr/sbin/httpd -k start
(root,0,0,00:00:00/38:00,24362) [kworker/4:0]
(root,0,0,00:00:00/38:00,24396) [kworker/6:0]
(root,0,0,00:00:00/36:41,24554) [kworker/u16:1]
(mysql,3441212,700680,09:25:28/139-14:08:59,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(scliegyp,37752,3072,00:00:00/28:32,25126) dovecot/imap
(scliegyp,38296,3596,00:00:00/25:49,25425) dovecot/imap
(root,234632,77564,00:00:01/23:18,25559) spamd child
(root,0,0,00:00:00/22:56,25729) [kworker/0:1]
(scliegyp,38648,3756,00:00:00/21:42,25887) dovecot/imap
(scliegyp,37752,3072,00:00:00/14:15,26374) dovecot/imap
(root,233944,76856,00:00:00/12:54,26546) spamd child
(mailnull,89200,13188,00:03:01/27-12:33:46,26568) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(scliegyp,29056,2580,00:00:00/10:42,26705) dovecot/quota-status -p postfix
(root,0,0,00:00:02/3-03:21:11,26888) [kworker/6:2]
(root,0,0,00:00:00/08:10,26897) [kworker/7:1]
(root,0,0,00:00:00/08:00,26974) [kworker/2:2]
(root,0,0,00:00:00/08:00,26998) [kworker/3:1]
(root,0,0,00:00:01/06:08:00,27204) [kworker/7:0]
(root,2500132,1564116,08:36:30/369-20:22:21,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(scliegyp,38296,3600,00:00:00/00:31,27590) dovecot/imap
(root,72960,4236,00:00:00/00:13,27598) dovecot/auth -w
(root,0,0,00:00:00/00:13,27599) [cpsrvd (SSL) - ] <defunct>
(scliegyp,39772,3992,00:00:00/00:05,27603) dovecot/imap
(root,113500,1624,00:00:00/00:00,27633) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,27651) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,27652) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,235460,14968,00:03:25/23-17:39:04,29363) /usr/sbin/httpd -k start
(root,33404,3480,00:01:43/336-05:35:41,29439) /sbin/rsyslogd
(root,292800,5444,00:00:16/3-23:42:24,29705) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,23728,00:00:04/3-23:42:24,29729) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404404,48708,00:03:46/3-23:42:19,29826) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,32932,00:00:05/3-23:42:19,29830) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,0,0,00:00:01/1-05:37:56,31468) [kworker/3:2]
(nobody,3226468,25788,00:00:35/4-05:14:53,32451) /usr/sbin/httpd -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-22 00:58

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10780c0d06

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4108,03:19:59/371-15:46:14,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:06/371-15:46:14,2) [kthreadd]
(root,0,0,00:00:00/371-15:46:14,4) [kworker/0:0H]
(root,0,0,00:40:41/371-15:46:14,6) [ksoftirqd/0]
(root,0,0,00:00:02/371-15:46:14,7) [migration/0]
(root,0,0,00:00:00/371-15:46:14,8) [rcu_bh]
(root,0,0,05:37:54/371-15:46:14,9) [rcu_sched]
(root,0,0,00:00:00/371-15:46:14,10) [lru-add-drain]
(root,0,0,00:02:55/371-15:46:14,11) [watchdog/0]
(root,0,0,00:02:25/371-15:46:14,12) [watchdog/1]
(root,0,0,00:00:02/371-15:46:14,13) [migration/1]
(root,0,0,00:00:17/371-15:46:14,14) [ksoftirqd/1]
(root,0,0,00:00:00/371-15:46:14,16) [kworker/1:0H]
(root,0,0,00:02:25/371-15:46:14,17) [watchdog/2]
(root,0,0,00:00:02/371-15:46:14,18) [migration/2]
(root,0,0,00:00:16/371-15:46:14,19) [ksoftirqd/2]
(root,0,0,00:00:00/371-15:46:14,21) [kworker/2:0H]
(root,0,0,00:02:29/371-15:46:14,22) [watchdog/3]
(root,0,0,00:00:02/371-15:46:14,23) [migration/3]
(root,0,0,00:00:15/371-15:46:14,24) [ksoftirqd/3]
(root,0,0,00:00:00/371-15:46:14,26) [kworker/3:0H]
(root,0,0,00:02:22/371-15:46:14,27) [watchdog/4]
(root,0,0,00:01:15/371-15:46:14,28) [migration/4]
(root,0,0,00:00:24/371-15:46:14,29) [ksoftirqd/4]
(root,0,0,00:00:00/371-15:46:14,31) [kworker/4:0H]
(root,0,0,00:02:17/371-15:46:14,32) [watchdog/5]
(root,0,0,00:01:36/371-15:46:14,33) [migration/5]
(root,0,0,00:00:32/371-15:46:14,34) [ksoftirqd/5]
(root,0,0,00:00:00/371-15:46:14,36) [kworker/5:0H]
(root,0,0,00:02:17/371-15:46:14,37) [watchdog/6]
(root,0,0,00:01:10/371-15:46:14,38) [migration/6]
(root,0,0,00:00:32/371-15:46:14,39) [ksoftirqd/6]
(root,0,0,00:00:00/371-15:46:14,41) [kworker/6:0H]
(root,0,0,00:02:31/371-15:46:14,42) [watchdog/7]
(root,0,0,00:01:09/371-15:46:14,43) [migration/7]
(root,0,0,00:12:01/371-15:46:14,44) [ksoftirqd/7]
(root,0,0,00:00:00/371-15:46:14,46) [kworker/7:0H]
(root,0,0,00:00:00/371-15:46:14,48) [kdevtmpfs]
(root,0,0,00:00:00/371-15:46:14,49) [netns]
(root,0,0,00:00:27/371-15:46:14,50) [khungtaskd]
(root,0,0,00:00:00/371-15:46:14,51) [writeback]
(root,0,0,00:00:00/371-15:46:14,52) [kintegrityd]
(root,0,0,00:00:00/371-15:46:14,53) [bioset]
(root,0,0,00:00:00/371-15:46:14,54) [bioset]
(root,0,0,00:00:00/371-15:46:14,55) [bioset]
(root,0,0,00:00:00/371-15:46:14,56) [kblockd]
(root,0,0,00:00:00/371-15:46:14,57) [md]
(root,0,0,00:00:00/371-15:46:14,58) [edac-poller]
(root,0,0,00:00:00/371-15:46:14,59) [watchdogd]
(root,0,0,01:00:44/371-15:46:14,66) [kswapd0]
(root,0,0,00:00:00/371-15:46:14,67) [ksmd]
(root,0,0,00:01:58/371-15:46:14,68) [khugepaged]
(root,0,0,00:00:00/371-15:46:14,69) [crypto]
(root,0,0,00:00:00/371-15:46:14,77) [kthrotld]
(root,0,0,00:00:00/371-15:46:14,80) [kmpath_rdacd]
(root,0,0,00:00:00/371-15:46:14,81) [kaluad]
(root,0,0,00:00:00/371-15:46:14,82) [kpsmoused]
(root,0,0,00:00:00/371-15:46:14,84) [ipv6_addrconf]
(root,0,0,00:00:00/371-15:46:14,97) [deferwq]
(root,0,0,00:17:40/371-15:46:13,144) [kauditd]
(root,0,0,00:00:00/371-15:46:13,368) [ata_sff]
(root,0,0,00:00:00/371-15:46:13,404) [scsi_eh_0]
(root,0,0,00:00:00/371-15:46:13,405) [scsi_tmf_0]
(root,0,0,00:00:00/371-15:46:13,406) [scsi_eh_1]
(root,0,0,00:00:00/371-15:46:13,407) [scsi_tmf_1]
(root,0,0,00:00:00/371-15:46:13,408) [scsi_eh_2]
(root,0,0,00:00:00/371-15:46:13,409) [scsi_tmf_2]
(root,0,0,00:00:00/371-15:46:13,410) [scsi_eh_3]
(root,0,0,00:00:00/371-15:46:13,411) [scsi_tmf_3]
(root,0,0,00:00:00/371-15:46:13,412) [scsi_eh_4]
(root,0,0,00:00:00/371-15:46:13,413) [scsi_tmf_4]
(root,0,0,00:00:00/371-15:46:13,414) [scsi_eh_5]
(root,0,0,00:00:00/371-15:46:13,415) [scsi_tmf_5]
(root,245092,89480,00:00:06/10:42:32,482) spamd child
(root,0,0,00:00:00/371-15:46:11,488) [kdmflush]
(root,0,0,00:00:00/371-15:46:11,489) [bioset]
(root,0,0,00:00:16/371-15:46:11,506) [kworker/0:1H]
(root,0,0,01:07:06/371-15:46:11,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/371-15:46:11,514) [ext4-rsv-conver]
(root,104984,53784,04:35:10/371-15:46:09,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/371-15:46:09,627) [kworker/4:1H]
(root,0,0,00:00:06/371-15:46:08,629) [kworker/1:1H]
(root,198572,760,00:00:00/371-15:46:08,633) /usr/sbin/lvmetad -f
(root,46060,956,00:00:00/371-15:46:08,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/371-15:46:07,644) [kworker/2:1H]
(root,0,0,00:23:15/371-15:46:07,645) [kworker/7:1H]
(root,0,0,00:00:02/371-15:46:06,687) [kworker/5:1H]
(root,0,0,00:00:00/371-15:46:06,688) [irq/125-mei_me]
(root,0,0,00:00:00/371-15:46:06,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/371-15:46:04,714) [jbd2/sda2-8]
(root,0,0,00:00:00/371-15:46:04,715) [ext4-rsv-conver]
(root,0,0,00:04:26/371-15:46:03,719) [jbd2/sda3-8]
(root,0,0,00:00:00/371-15:46:03,720) [ext4-rsv-conver]
(root,0,0,00:11:04/371-15:46:03,724) [jbd2/sdb-8]
(root,0,0,00:00:00/371-15:46:03,725) [ext4-rsv-conver]
(root,0,0,00:00:02/371-15:46:01,740) [kworker/6:1H]
(root,57704,724,00:38:00/371-15:45:51,748) /sbin/auditd
(dbus,58232,1912,01:23:15/371-15:45:50,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,1764,00:41:48/371-15:45:49,788) /usr/lib/systemd/systemd-logind
(root,229032,8920,00:14:23/371-15:45:49,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5840,01:49:37/371-15:45:49,794) /usr/sbin/nscd
(root,52900,1892,00:00:20/371-15:45:49,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:23:21/371-15:45:49,849) /usr/sbin/irqbalance --foreground
(root,24208,720,00:00:00/371-15:45:49,862) /usr/sbin/atd -f
(root,124504,1372,00:07:26/371-15:45:49,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/371-15:45:49,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/371-15:45:49,869) [kworker/3:1H]
(chrony,97380,1320,00:02:02/371-15:45:49,888) /usr/sbin/chronyd
(root,113472,3140,00:33:40/371-15:45:40,1226) /usr/sbin/sshd -D
(root,1084876,13436,02:24:00/371-15:45:40,1237) /usr/sbin/rsyslogd -n
(root,27380,808,00:02:50/371-15:45:40,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,0,0,00:00:00/14:34:17,1378) [kworker/4:1]
(root,225548,42036,02:05:21/371-15:45:39,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,0,0,00:00:00/10:34:17,1668) [kworker/3:2]
(root,167288,4196,00:16:24/371-15:45:36,1820) dnsadmin - dormant mode
(root,214712,19160,03:49:16/371-15:45:36,1825) tailwatchd
(root,183604,6556,00:14:54/371-15:45:36,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,259504,27160,00:02:43/15-10:18:01,1861) cpsrvd (SSL) - waiting for connections                   
(root,130156,2272,00:01:58/371-15:45:36,1863) cpanellogd - sleeping for logs
(cpanelconnecttrack,9840,3316,01:46:19/15-10:18:01,1874) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(nobody,3226468,29996,00:00:53/4-13:06:29,2827) /usr/sbin/httpd -k start
(root,189796,12164,00:01:39/15-10:12:12,2979) cPhulkd - processor
(root,152700,11560,00:01:32/15-10:12:08,3007) cPhulkd - dbprocessor
(root,51440,2428,00:03:34/15-10:12:05,3041) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovenull,52140,7948,00:07:20/15-10:12:05,3051) dovecot/pop3-login
(dovenull,55208,10840,00:07:36/15-10:12:05,3052) dovecot/imap-login
(dovecot,10272,1296,00:01:16/15-10:12:05,3053) dovecot/anvil
(root,10524,1616,00:01:59/15-10:12:05,3054) dovecot/log
(dovenull,51380,7032,00:00:48/15-10:12:05,3055) dovecot/pop3-login
(dovenull,52052,7864,00:01:34/15-10:12:05,3056) dovecot/imap-login
(root,15960,3484,00:03:14/15-10:12:05,3057) dovecot/config
(dovecot,50440,3932,00:02:11/15-10:12:05,3058) dovecot/stats
(dovecot,10412,1504,00:00:36/15-10:11:30,3201) dovecot/imap-hibernate
(root,3108,36,00:03:10/371-11:43:17,12075) /usr/bin/RCdaemon
(root,0,0,00:00:00/08:53:59,12419) [kworker/1:1]
(root,0,0,00:00:00/02:49:03,13011) [kworker/0:2]
(dovecot,74280,5864,00:03:13/2-20:59:08,16686) dovecot/auth
(root,0,0,00:00:00/02:01:42,16700) [kworker/0:1]
(root,0,0,00:00:00/01:54:03,17376) [kworker/4:2]
(polkitd,610664,2808,00:29:58/371-14:48:08,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763956,27136,03:07:49/371-14:48:06,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,0,0,00:00:00/01:24:02,19970) [kworker/3:0]
(root,178492,29052,00:00:02/01:24:02,20000) lfd - sleeping
(root,0,0,00:00:00/01:14:02,21293) [kworker/5:2]
(root,231788,74912,00:00:01/01:13:50,21357) spamd child
(root,0,0,00:00:00/01:04:03,22082) [kworker/6:1]
(root,0,0,00:00:00/01:00:43,22341) [kworker/u16:2]
(root,0,0,00:00:00/11:53:59,22962) [kworker/2:1]
(root,0,0,00:00:00/49:03,23275) [kworker/5:0]
(root,12740,1340,00:00:05/5-14:38:00,23807) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12748,1356,00:00:05/5-14:38:00,23808) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235460,3944,00:00:00/5-14:38:00,23809) /usr/sbin/httpd -k start
(root,53088,11768,00:00:00/5-14:38:00,23810) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3292004,29668,00:01:08/5-14:37:58,23815) /usr/sbin/httpd -k start
(nobody,3160932,29344,00:01:08/5-14:37:57,23868) /usr/sbin/httpd -k start
(nobody,3292004,29356,00:01:10/5-14:37:56,23921) /usr/sbin/httpd -k start
(nobody,3226468,29856,00:01:09/5-14:37:40,23983) /usr/sbin/httpd -k start
(root,0,0,00:00:00/41:02,24307) [kworker/7:1]
(root,0,0,00:00:00/34:03,24926) [kworker/2:0]
(mysql,3441212,695300,09:17:49/137-13:35:02,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(scliegyp,45044,9648,00:00:00/28:06,25484) dovecot/imap
(root,185004,2416,00:00:00/24:03,25646) /usr/sbin/CROND -n
(root,113280,1204,00:00:00/24:03,25654) /bin/sh -c sleep $((1 + RANDOM % 5))h $((1 + RANDOM % 60))m; /usr/local/bin/wp-toolkit update-configuration > /dev/null 2> /dev/null || /usr/local/cpanel/3rdparty/wp-toolkit/bin/wp-toolkit-installer.sh --generate-configs > /dev/null 2> /dev/null; /usr/bin/yum -y update wp-toolkit-cpanel > /dev/null 2> /dev/null
(root,108052,356,00:00:00/24:03,25658) sleep 5h 40m
(root,0,0,00:00:00/24:03,25741) [kworker/1:2]
(scliegyp,37752,3076,00:00:00/20:05,25987) dovecot/imap
(root,0,0,00:00:00/15:03,26363) [kworker/7:0]
(root,0,0,00:00:00/14:43,26372) [kworker/u16:1]
(mailnull,89200,13188,00:02:58/25-11:59:49,26568) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:00/1-02:47:14,26888) [kworker/6:2]
(scliegyp,38160,3372,00:00:00/04:56,27119) dovecot/imap
(root,0,0,00:00:00/04:03,27207) [kworker/3:1]
(scliegyp,37752,3076,00:00:00/02:54,27377) dovecot/imap
(root,2500120,1583384,08:34:43/367-19:48:24,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(scliegyp,33716,4776,00:00:00/01:40,27419) dovecot/pop3
(scliegyp,38268,3600,00:00:00/01:17,27438) dovecot/imap
(root,189796,11072,00:00:00/00:35,27456) cPhulkd - processor - http socket
(root,72960,4240,00:00:00/00:35,27457) dovecot/auth -w
(scliegyp,39956,4592,00:00:00/00:28,27461) dovecot/imap
(scliegyp,33692,4684,00:00:00/00:01,27496) dovecot/pop3
(scliegyp,36488,6152,00:00:00/00:00,27543) dovecot/pop3
(root,113500,1620,00:00:00/00:00,27615) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,27633) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,27634) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,235460,14972,00:03:07/21-17:05:07,29363) /usr/sbin/httpd -k start
(root,33404,3480,00:01:42/334-05:01:44,29439) /sbin/rsyslogd
(root,292800,5460,00:00:08/1-23:08:27,29705) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,23728,00:00:01/1-23:08:27,29729) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404404,48708,00:01:50/1-23:08:22,29826) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,32932,00:00:02/1-23:08:22,29830) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(nobody,3226468,24588,00:00:20/2-04:40:56,32451) /usr/sbin/httpd -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-20 00:24

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb108342deda

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4108,03:19:01/369-16:56:44,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:06/369-16:56:44,2) [kthreadd]
(root,0,0,00:00:00/369-16:56:44,4) [kworker/0:0H]
(root,0,0,00:40:29/369-16:56:44,6) [ksoftirqd/0]
(root,0,0,00:00:02/369-16:56:44,7) [migration/0]
(root,0,0,00:00:00/369-16:56:44,8) [rcu_bh]
(root,0,0,05:35:54/369-16:56:44,9) [rcu_sched]
(root,0,0,00:00:00/369-16:56:44,10) [lru-add-drain]
(root,0,0,00:02:54/369-16:56:44,11) [watchdog/0]
(root,0,0,00:02:24/369-16:56:44,12) [watchdog/1]
(root,0,0,00:00:02/369-16:56:44,13) [migration/1]
(root,0,0,00:00:17/369-16:56:44,14) [ksoftirqd/1]
(root,0,0,00:00:00/369-16:56:44,16) [kworker/1:0H]
(root,0,0,00:02:25/369-16:56:44,17) [watchdog/2]
(root,0,0,00:00:02/369-16:56:44,18) [migration/2]
(root,0,0,00:00:16/369-16:56:44,19) [ksoftirqd/2]
(root,0,0,00:00:00/369-16:56:44,21) [kworker/2:0H]
(root,0,0,00:02:28/369-16:56:44,22) [watchdog/3]
(root,0,0,00:00:02/369-16:56:44,23) [migration/3]
(root,0,0,00:00:15/369-16:56:44,24) [ksoftirqd/3]
(root,0,0,00:00:00/369-16:56:44,26) [kworker/3:0H]
(root,0,0,00:02:21/369-16:56:44,27) [watchdog/4]
(root,0,0,00:01:15/369-16:56:44,28) [migration/4]
(root,0,0,00:00:24/369-16:56:44,29) [ksoftirqd/4]
(root,0,0,00:00:00/369-16:56:44,31) [kworker/4:0H]
(root,0,0,00:02:16/369-16:56:44,32) [watchdog/5]
(root,0,0,00:01:36/369-16:56:44,33) [migration/5]
(root,0,0,00:00:32/369-16:56:44,34) [ksoftirqd/5]
(root,0,0,00:00:00/369-16:56:44,36) [kworker/5:0H]
(root,0,0,00:02:16/369-16:56:44,37) [watchdog/6]
(root,0,0,00:01:10/369-16:56:44,38) [migration/6]
(root,0,0,00:00:32/369-16:56:44,39) [ksoftirqd/6]
(root,0,0,00:00:00/369-16:56:44,41) [kworker/6:0H]
(root,0,0,00:02:30/369-16:56:44,42) [watchdog/7]
(root,0,0,00:01:09/369-16:56:44,43) [migration/7]
(root,0,0,00:11:57/369-16:56:44,44) [ksoftirqd/7]
(root,0,0,00:00:00/369-16:56:44,46) [kworker/7:0H]
(root,0,0,00:00:00/369-16:56:44,48) [kdevtmpfs]
(root,0,0,00:00:00/369-16:56:44,49) [netns]
(root,0,0,00:00:27/369-16:56:44,50) [khungtaskd]
(root,0,0,00:00:00/369-16:56:44,51) [writeback]
(root,0,0,00:00:00/369-16:56:44,52) [kintegrityd]
(root,0,0,00:00:00/369-16:56:44,53) [bioset]
(root,0,0,00:00:00/369-16:56:44,54) [bioset]
(root,0,0,00:00:00/369-16:56:44,55) [bioset]
(root,0,0,00:00:00/369-16:56:44,56) [kblockd]
(root,0,0,00:00:00/369-16:56:44,57) [md]
(root,0,0,00:00:00/369-16:56:44,58) [edac-poller]
(root,0,0,00:00:00/369-16:56:44,59) [watchdogd]
(root,0,0,01:00:39/369-16:56:44,66) [kswapd0]
(root,0,0,00:00:00/369-16:56:44,67) [ksmd]
(root,0,0,00:01:58/369-16:56:44,68) [khugepaged]
(root,0,0,00:00:00/369-16:56:44,69) [crypto]
(root,0,0,00:00:00/369-16:56:44,77) [kthrotld]
(root,0,0,00:00:00/369-16:56:44,80) [kmpath_rdacd]
(root,0,0,00:00:00/369-16:56:44,81) [kaluad]
(root,0,0,00:00:00/369-16:56:44,82) [kpsmoused]
(root,0,0,00:00:00/369-16:56:44,84) [ipv6_addrconf]
(root,0,0,00:00:00/369-16:56:44,97) [deferwq]
(root,0,0,00:17:35/369-16:56:43,144) [kauditd]
(root,0,0,00:00:00/369-16:56:43,368) [ata_sff]
(root,0,0,00:00:00/369-16:56:43,404) [scsi_eh_0]
(root,0,0,00:00:00/369-16:56:43,405) [scsi_tmf_0]
(root,0,0,00:00:00/369-16:56:43,406) [scsi_eh_1]
(root,0,0,00:00:00/369-16:56:43,407) [scsi_tmf_1]
(root,0,0,00:00:00/369-16:56:43,408) [scsi_eh_2]
(root,0,0,00:00:00/369-16:56:43,409) [scsi_tmf_2]
(root,0,0,00:00:00/369-16:56:43,410) [scsi_eh_3]
(root,0,0,00:00:00/369-16:56:43,411) [scsi_tmf_3]
(root,0,0,00:00:00/369-16:56:43,412) [scsi_eh_4]
(root,0,0,00:00:00/369-16:56:43,413) [scsi_tmf_4]
(root,0,0,00:00:00/369-16:56:43,414) [scsi_eh_5]
(root,0,0,00:00:00/369-16:56:43,415) [scsi_tmf_5]
(root,0,0,00:00:00/369-16:56:41,488) [kdmflush]
(root,0,0,00:00:00/369-16:56:41,489) [bioset]
(root,0,0,00:00:16/369-16:56:41,506) [kworker/0:1H]
(root,0,0,01:06:38/369-16:56:41,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/369-16:56:41,514) [ext4-rsv-conver]
(root,174576,109728,04:33:45/369-16:56:39,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/369-16:56:39,627) [kworker/4:1H]
(root,0,0,00:00:06/369-16:56:38,629) [kworker/1:1H]
(root,198572,760,00:00:00/369-16:56:38,633) /usr/sbin/lvmetad -f
(root,46060,956,00:00:00/369-16:56:38,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/369-16:56:37,644) [kworker/2:1H]
(root,0,0,00:23:07/369-16:56:37,645) [kworker/7:1H]
(root,0,0,00:00:02/369-16:56:36,687) [kworker/5:1H]
(root,0,0,00:00:00/369-16:56:36,688) [irq/125-mei_me]
(root,0,0,00:00:00/369-16:56:36,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/369-16:56:34,714) [jbd2/sda2-8]
(root,0,0,00:00:00/369-16:56:34,715) [ext4-rsv-conver]
(root,0,0,00:04:25/369-16:56:33,719) [jbd2/sda3-8]
(root,0,0,00:00:00/369-16:56:33,720) [ext4-rsv-conver]
(root,0,0,00:11:02/369-16:56:33,724) [jbd2/sdb-8]
(root,0,0,00:00:00/369-16:56:33,725) [ext4-rsv-conver]
(root,0,0,00:00:02/369-16:56:31,740) [kworker/6:1H]
(root,57704,724,00:37:48/369-16:56:21,748) /sbin/auditd
(dbus,58232,1912,01:22:53/369-16:56:20,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,1764,00:41:37/369-16:56:19,788) /usr/lib/systemd/systemd-logind
(root,229032,8916,00:14:18/369-16:56:19,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5812,01:49:02/369-16:56:19,794) /usr/sbin/nscd
(root,52900,1892,00:00:19/369-16:56:19,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:22:54/369-16:56:19,849) /usr/sbin/irqbalance --foreground
(root,24208,720,00:00:00/369-16:56:19,862) /usr/sbin/atd -f
(root,124504,1372,00:07:23/369-16:56:19,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/369-16:56:19,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/369-16:56:19,869) [kworker/3:1H]
(chrony,97380,1320,00:02:02/369-16:56:19,888) /usr/sbin/chronyd
(root,113472,3140,00:33:30/369-16:56:10,1226) /usr/sbin/sshd -D
(root,1084876,14516,02:23:16/369-16:56:10,1237) /usr/sbin/rsyslogd -n
(root,27380,808,00:02:50/369-16:56:10,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,41960,02:04:41/369-16:56:09,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4200,00:16:19/369-16:56:06,1820) dnsadmin - dormant mode
(root,214712,19160,03:48:04/369-16:56:06,1825) tailwatchd
(root,183604,6556,00:14:50/369-16:56:06,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,259504,27156,00:02:18/13-11:28:31,1861) cpsrvd (SSL) - waiting for connections                   
(root,130156,2272,00:01:57/369-16:56:06,1863) cpanellogd - sleeping for logs
(cpanelconnecttrack,9804,3244,01:33:09/13-11:28:31,1874) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(nobody,3160932,27700,00:00:33/2-14:16:59,2827) /usr/sbin/httpd -k start
(root,189796,12164,00:01:26/13-11:22:42,2979) cPhulkd - processor
(root,152700,11560,00:01:18/13-11:22:38,3007) cPhulkd - dbprocessor
(root,51440,2428,00:03:00/13-11:22:35,3041) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovenull,52344,8164,00:06:11/13-11:22:35,3051) dovecot/pop3-login
(dovenull,55208,10856,00:06:45/13-11:22:35,3052) dovecot/imap-login
(dovecot,10272,1296,00:01:03/13-11:22:35,3053) dovecot/anvil
(root,10524,1616,00:01:39/13-11:22:35,3054) dovecot/log
(dovenull,51380,7056,00:00:41/13-11:22:35,3055) dovecot/pop3-login
(dovenull,52336,8088,00:01:20/13-11:22:35,3056) dovecot/imap-login
(root,15960,3484,00:02:43/13-11:22:35,3057) dovecot/config
(dovecot,50440,3932,00:01:50/13-11:22:35,3058) dovecot/stats
(dovecot,10412,1504,00:00:31/13-11:22:00,3201) dovecot/imap-hibernate
(root,245632,90608,00:00:07/05:13:59,3718) spamd child
(root,0,0,00:00:01/1-00:14:33,5982) [kworker/4:0]
(root,0,0,00:00:00/18:09:32,9030) [kworker/2:0]
(root,3108,36,00:03:09/369-12:53:47,12075) /usr/bin/RCdaemon
(root,0,0,00:00:00/08:54:29,15564) [kworker/1:1]
(dovecot,74060,5664,00:01:02/22:09:38,16686) dovecot/auth
(root,0,0,00:00:00/22:04:11,17256) [kworker/6:2]
(root,178524,29044,00:00:04/02:34:33,17461) lfd - sleeping
(root,0,0,00:00:01/1-14:29:30,18719) [kworker/3:0]
(root,0,0,00:00:00/02:13:33,19665) [kworker/0:1]
(polkitd,610664,2976,00:29:49/369-15:58:38,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763956,27136,03:06:37/369-15:58:36,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,0,0,00:00:00/01:44:32,21937) [kworker/3:1]
(root,0,0,00:00:02/01:42:17,22154) [kworker/u16:0]
(root,12728,1356,00:00:04/3-15:48:30,23807) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12732,1372,00:00:04/3-15:48:30,23808) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235460,3940,00:00:00/3-15:48:30,23809) /usr/sbin/httpd -k start
(root,53088,11768,00:00:00/3-15:48:30,23810) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3292004,28964,00:00:49/3-15:48:28,23815) /usr/sbin/httpd -k start
(nobody,3160932,28244,00:00:50/3-15:48:27,23868) /usr/sbin/httpd -k start
(nobody,3292004,27924,00:00:51/3-15:48:26,23921) /usr/sbin/httpd -k start
(nobody,3226468,29104,00:00:50/3-15:48:10,23983) /usr/sbin/httpd -k start
(root,237312,80264,00:00:00/07:23:02,24369) spamd child
(mysql,3441212,685180,09:08:58/135-14:45:32,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,0,0,00:00:00/54:32,26179) [kworker/1:2]
(mailnull,89200,13212,00:02:48/23-13:10:19,26568) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:02/06:52:30,27140) [kworker/7:0]
(root,2565472,1674732,08:30:40/365-20:58:54,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,0,0,00:00:00/34:33,27895) [kworker/5:0]
(root,0,0,00:00:00/32:41,28206) [kworker/7:1]
(scliegyp,29056,2580,00:00:00/29:44,28380) dovecot/quota-status -p postfix
(root,0,0,00:00:00/29:33,28494) [kworker/4:1]
(scliegyp,38152,3368,00:00:00/26:59,28744) dovecot/imap
(scliegyp,38296,3596,00:00:00/26:01,28785) dovecot/imap
(root,0,0,00:00:00/20:34,29229) [kworker/u16:2]
(root,235460,14972,00:02:50/19-18:15:37,29363) /usr/sbin/httpd -k start
(root,33404,3480,00:01:42/332-06:12:14,29439) /sbin/rsyslogd
(root,292800,5460,00:00:00/18:57,29705) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,0,0,00:00:00/18:57,29728) [kworker/6:0]
(root,445328,23728,00:00:00/18:57,29729) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404404,48708,00:00:00/18:52,29826) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387836,32488,00:00:00/18:52,29830) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(scliegyp,37752,3072,00:00:00/17:57,29996) dovecot/imap
(scliegyp,38152,3364,00:00:00/15:27,30140) dovecot/imap
(root,0,0,00:00:00/14:33,30211) [kworker/2:2]
(scliegyp,37948,3332,00:00:00/13:17,30415) dovecot/imap
(root,0,0,00:00:00/09:32,30651) [kworker/5:1]
(root,72960,4260,00:00:00/00:29,31305) dovecot/auth -w
(scliegyp,40140,4040,00:00:00/00:29,31307) dovecot/imap
(root,0,0,00:00:00/00:26,31315) [cpsrvd (SSL) - ] <defunct>
(root,0,0,00:00:04/19:44:46,31432) [kworker/0:0]
(root,113500,1620,00:00:00/00:00,31443) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,31461) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,31462) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(nobody,3095396,19288,00:00:01/05:51:26,32451) /usr/sbin/httpd -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-18 01:34

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb103f8444f0

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4108,03:17:53/367-14:30:13,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:06/367-14:30:13,2) [kthreadd]
(root,0,0,00:00:00/367-14:30:13,4) [kworker/0:0H]
(root,0,0,00:40:16/367-14:30:13,6) [ksoftirqd/0]
(root,0,0,00:00:02/367-14:30:13,7) [migration/0]
(root,0,0,00:00:00/367-14:30:13,8) [rcu_bh]
(root,0,0,05:33:40/367-14:30:13,9) [rcu_sched]
(root,0,0,00:00:00/367-14:30:13,10) [lru-add-drain]
(root,0,0,00:02:53/367-14:30:13,11) [watchdog/0]
(root,0,0,00:02:23/367-14:30:13,12) [watchdog/1]
(root,0,0,00:00:02/367-14:30:13,13) [migration/1]
(root,0,0,00:00:17/367-14:30:13,14) [ksoftirqd/1]
(root,0,0,00:00:00/367-14:30:13,16) [kworker/1:0H]
(root,0,0,00:02:24/367-14:30:13,17) [watchdog/2]
(root,0,0,00:00:02/367-14:30:13,18) [migration/2]
(root,0,0,00:00:16/367-14:30:13,19) [ksoftirqd/2]
(root,0,0,00:00:00/367-14:30:13,21) [kworker/2:0H]
(root,0,0,00:02:27/367-14:30:13,22) [watchdog/3]
(root,0,0,00:00:02/367-14:30:13,23) [migration/3]
(root,0,0,00:00:15/367-14:30:13,24) [ksoftirqd/3]
(root,0,0,00:00:00/367-14:30:13,26) [kworker/3:0H]
(root,0,0,00:02:20/367-14:30:13,27) [watchdog/4]
(root,0,0,00:01:14/367-14:30:13,28) [migration/4]
(root,0,0,00:00:24/367-14:30:13,29) [ksoftirqd/4]
(root,0,0,00:00:00/367-14:30:13,31) [kworker/4:0H]
(root,0,0,00:02:15/367-14:30:13,32) [watchdog/5]
(root,0,0,00:01:35/367-14:30:13,33) [migration/5]
(root,0,0,00:00:32/367-14:30:13,34) [ksoftirqd/5]
(root,0,0,00:00:00/367-14:30:13,36) [kworker/5:0H]
(root,0,0,00:02:16/367-14:30:13,37) [watchdog/6]
(root,0,0,00:01:10/367-14:30:13,38) [migration/6]
(root,0,0,00:00:32/367-14:30:13,39) [ksoftirqd/6]
(root,0,0,00:00:00/367-14:30:13,41) [kworker/6:0H]
(root,0,0,00:02:29/367-14:30:13,42) [watchdog/7]
(root,0,0,00:01:08/367-14:30:13,43) [migration/7]
(root,0,0,00:11:53/367-14:30:13,44) [ksoftirqd/7]
(root,0,0,00:00:00/367-14:30:13,46) [kworker/7:0H]
(root,0,0,00:00:00/367-14:30:13,48) [kdevtmpfs]
(root,0,0,00:00:00/367-14:30:13,49) [netns]
(root,0,0,00:00:27/367-14:30:13,50) [khungtaskd]
(root,0,0,00:00:00/367-14:30:13,51) [writeback]
(root,0,0,00:00:00/367-14:30:13,52) [kintegrityd]
(root,0,0,00:00:00/367-14:30:13,53) [bioset]
(root,0,0,00:00:00/367-14:30:13,54) [bioset]
(root,0,0,00:00:00/367-14:30:13,55) [bioset]
(root,0,0,00:00:00/367-14:30:13,56) [kblockd]
(root,0,0,00:00:00/367-14:30:13,57) [md]
(root,0,0,00:00:00/367-14:30:13,58) [edac-poller]
(root,0,0,00:00:00/367-14:30:13,59) [watchdogd]
(root,0,0,01:00:28/367-14:30:13,66) [kswapd0]
(root,0,0,00:00:00/367-14:30:13,67) [ksmd]
(root,0,0,00:01:57/367-14:30:13,68) [khugepaged]
(root,0,0,00:00:00/367-14:30:13,69) [crypto]
(root,0,0,00:00:00/367-14:30:13,77) [kthrotld]
(root,0,0,00:00:00/367-14:30:13,80) [kmpath_rdacd]
(root,0,0,00:00:00/367-14:30:13,81) [kaluad]
(root,0,0,00:00:00/367-14:30:13,82) [kpsmoused]
(root,0,0,00:00:00/367-14:30:13,84) [ipv6_addrconf]
(root,0,0,00:00:00/367-14:30:13,97) [deferwq]
(root,0,0,00:17:28/367-14:30:12,144) [kauditd]
(root,0,0,00:00:00/367-14:30:12,368) [ata_sff]
(root,0,0,00:00:00/367-14:30:12,404) [scsi_eh_0]
(root,0,0,00:00:00/367-14:30:12,405) [scsi_tmf_0]
(root,0,0,00:00:00/367-14:30:12,406) [scsi_eh_1]
(root,0,0,00:00:00/367-14:30:12,407) [scsi_tmf_1]
(root,0,0,00:00:00/367-14:30:12,408) [scsi_eh_2]
(root,0,0,00:00:00/367-14:30:12,409) [scsi_tmf_2]
(root,0,0,00:00:00/367-14:30:12,410) [scsi_eh_3]
(root,0,0,00:00:00/367-14:30:12,411) [scsi_tmf_3]
(root,0,0,00:00:00/367-14:30:12,412) [scsi_eh_4]
(root,0,0,00:00:00/367-14:30:12,413) [scsi_tmf_4]
(root,0,0,00:00:00/367-14:30:12,414) [scsi_eh_5]
(root,0,0,00:00:00/367-14:30:12,415) [scsi_tmf_5]
(root,0,0,00:00:00/367-14:30:10,488) [kdmflush]
(root,0,0,00:00:00/367-14:30:10,489) [bioset]
(root,0,0,00:00:16/367-14:30:10,506) [kworker/0:1H]
(root,0,0,01:06:13/367-14:30:10,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/367-14:30:10,514) [ext4-rsv-conver]
(root,80352,35936,04:32:10/367-14:30:08,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/367-14:30:08,627) [kworker/4:1H]
(root,0,0,00:00:05/367-14:30:07,629) [kworker/1:1H]
(root,198572,760,00:00:00/367-14:30:07,633) /usr/sbin/lvmetad -f
(root,46060,956,00:00:00/367-14:30:07,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/367-14:30:06,644) [kworker/2:1H]
(root,0,0,00:23:00/367-14:30:06,645) [kworker/7:1H]
(root,0,0,00:00:02/367-14:30:05,687) [kworker/5:1H]
(root,0,0,00:00:00/367-14:30:05,688) [irq/125-mei_me]
(root,0,0,00:00:00/367-14:30:05,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/367-14:30:03,714) [jbd2/sda2-8]
(root,0,0,00:00:00/367-14:30:03,715) [ext4-rsv-conver]
(root,0,0,00:04:23/367-14:30:02,719) [jbd2/sda3-8]
(root,0,0,00:00:00/367-14:30:02,720) [ext4-rsv-conver]
(root,0,0,00:10:57/367-14:30:02,724) [jbd2/sdb-8]
(root,0,0,00:00:00/367-14:30:02,725) [ext4-rsv-conver]
(root,0,0,00:00:02/367-14:30:00,740) [kworker/6:1H]
(root,57704,724,00:37:34/367-14:29:50,748) /sbin/auditd
(dbus,58232,1912,01:22:25/367-14:29:49,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,1768,00:41:23/367-14:29:48,788) /usr/lib/systemd/systemd-logind
(root,229032,8884,00:14:12/367-14:29:48,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5808,01:48:24/367-14:29:48,794) /usr/sbin/nscd
(root,52900,1892,00:00:19/367-14:29:48,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:22:26/367-14:29:48,849) /usr/sbin/irqbalance --foreground
(root,24208,720,00:00:00/367-14:29:48,862) /usr/sbin/atd -f
(root,124504,1368,00:07:21/367-14:29:48,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/367-14:29:48,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/367-14:29:48,869) [kworker/3:1H]
(chrony,97380,1320,00:02:01/367-14:29:48,888) /usr/sbin/chronyd
(root,113472,3140,00:33:16/367-14:29:39,1226) /usr/sbin/sshd -D
(root,1076684,20000,02:22:27/367-14:29:39,1237) /usr/sbin/rsyslogd -n
(root,27380,808,00:02:50/367-14:29:39,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,41844,02:03:59/367-14:29:38,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4200,00:16:14/367-14:29:35,1820) dnsadmin - dormant mode
(root,214712,19160,03:46:48/367-14:29:35,1825) tailwatchd
(root,183604,6556,00:14:45/367-14:29:35,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,259092,27096,00:01:53/11-09:02:00,1861) cpsrvd (SSL) - waiting for connections                   
(root,130156,2272,00:01:57/367-14:29:35,1863) cpanellogd - sleeping for logs
(cpanelconnecttrack,9804,3244,01:17:41/11-09:02:00,1874) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,0,0,00:00:00/01:08:02,2113) [kworker/3:0]
(nobody,3029860,23140,00:00:08/11:50:28,2827) /usr/sbin/httpd -k start
(root,189796,12164,00:01:13/11-08:56:11,2979) cPhulkd - processor
(scliegyp,29056,2580,00:00:00/59:20,2980) dovecot/quota-status -p postfix
(root,152700,11560,00:01:03/11-08:56:07,3007) cPhulkd - dbprocessor
(root,51440,2428,00:02:25/11-08:56:04,3041) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovenull,52572,8400,00:05:02/11-08:56:04,3051) dovecot/pop3-login
(dovenull,55208,10868,00:05:41/11-08:56:04,3052) dovecot/imap-login
(dovecot,10272,1296,00:00:50/11-08:56:04,3053) dovecot/anvil
(root,10524,1616,00:01:20/11-08:56:04,3054) dovecot/log
(dovenull,51156,6816,00:00:34/11-08:56:04,3055) dovecot/pop3-login
(dovenull,52336,8100,00:01:03/11-08:56:04,3056) dovecot/imap-login
(root,15960,3484,00:02:15/11-08:56:04,3057) dovecot/config
(dovecot,50440,3932,00:01:28/11-08:56:04,3058) dovecot/stats
(dovecot,10412,1504,00:00:26/11-08:55:29,3201) dovecot/imap-hibernate
(root,226220,53500,00:00:00/52:10,3646) spamd child
(root,0,0,00:00:00/48:02,3954) [kworker/0:0]
(root,0,0,00:00:00/33:02,5108) [kworker/5:0]
(root,0,0,00:00:00/18:02,6264) [kworker/7:2]
(scliegyp,38424,3796,00:00:00/11:42,6853) dovecot/imap
(root,0,0,00:00:00/08:02,7099) [kworker/1:0]
(root,178360,28912,00:00:00/08:01,7168) lfd - sleeping
(root,0,0,00:00:00/06:13:02,7400) [kworker/6:1]
(scliegyp,39032,4200,00:00:00/07:22,7452) dovecot/imap
(root,72960,4264,00:00:00/02:27,7878) dovecot/auth -w
(root,72960,4236,00:00:00/00:51,8031) dovecot/auth -w
(scliegyp,31596,3536,00:00:00/00:51,8033) dovecot/pop3
(scliegyp,31560,3440,00:00:00/00:51,8035) dovecot/pop3
(root,0,0,00:00:00/00:17,8056) [cpsrvd (SSL) - ] <defunct>
(scliegyp,39028,4332,00:00:00/00:06,8061) dovecot/imap
(scliegyp,39956,4432,00:00:00/00:00,8125) dovecot/imap
(scliegyp,519952,40964,00:00:00/00:00,8197) /opt/cpanel/ea-php55/root/usr/bin/php-cgi /home/scliegyp/public_html/index.php
(root,113500,1620,00:00:00/00:00,8198) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,8216) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,8217) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(dovecot,74184,5788,00:01:51/2-23:03:34,8361) dovecot/auth
(root,0,0,00:00:03/10:56:40,10617) [kworker/7:1]
(root,0,0,00:00:02/1-21:58:25,10775) [kworker/2:1]
(root,3108,36,00:03:08/367-10:27:16,12075) /usr/bin/RCdaemon
(root,0,0,00:00:00/05:18:02,12694) [kworker/3:1]
(root,0,0,00:00:00/19:48:02,14010) [kworker/1:2]
(polkitd,610664,3028,00:29:39/367-13:32:07,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763956,27140,03:05:20/367-13:32:05,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,0,0,00:00:00/03:28:02,22513) [kworker/4:0]
(root,238496,80548,00:00:04/09:10:14,23193) spamd child
(root,12736,1360,00:00:01/1-13:21:59,23807) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12744,1376,00:00:01/1-13:21:59,23808) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235460,3940,00:00:00/1-13:21:59,23809) /usr/sbin/httpd -k start
(root,53088,11768,00:00:00/1-13:21:59,23810) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3292004,26480,00:00:23/1-13:21:57,23815) /usr/sbin/httpd -k start
(nobody,3095396,25804,00:00:23/1-13:21:56,23868) /usr/sbin/httpd -k start
(nobody,3095396,25656,00:00:24/1-13:21:55,23921) /usr/sbin/httpd -k start
(nobody,3226468,26784,00:00:23/1-13:21:39,23983) /usr/sbin/httpd -k start
(mysql,3441212,649936,08:59:42/133-12:19:01,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(mailnull,89200,13212,00:02:32/21-10:43:48,26568) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,2630380,1657176,08:27:16/363-18:32:23,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,0,0,00:00:00/02:28:34,27557) [kworker/u16:0]
(root,292800,1084,00:00:57/13-20:55:43,28704) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,18972,00:00:18/13-20:55:42,28729) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404400,47636,00:12:44/13-20:55:38,28818) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,32564,00:00:17/13-20:55:38,28822) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,0,0,00:00:00/23:18:18,29110) [kworker/5:2]
(root,235460,15108,00:02:32/17-15:49:06,29363) /usr/sbin/httpd -k start
(root,33404,3480,00:01:41/330-03:45:43,29439) /sbin/rsyslogd
(root,0,0,00:00:10/2-00:18:22,30310) [kworker/0:2]
(root,0,0,00:00:00/01:46:27,31320) [kworker/u16:2]
(root,0,0,00:00:00/01:40:02,31866) [kworker/6:2]
(root,0,0,00:00:00/01:33:01,32437) [kworker/2:2]
(root,0,0,00:00:00/01:31:46,32610) [kworker/4:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-15 23:08

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb101b7afd49

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4108,03:16:49/365-14:38:18,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:06/365-14:38:18,2) [kthreadd]
(root,0,0,00:00:00/365-14:38:18,4) [kworker/0:0H]
(root,0,0,00:40:06/365-14:38:18,6) [ksoftirqd/0]
(root,0,0,00:00:02/365-14:38:18,7) [migration/0]
(root,0,0,00:00:00/365-14:38:18,8) [rcu_bh]
(root,0,0,05:31:48/365-14:38:18,9) [rcu_sched]
(root,0,0,00:00:00/365-14:38:18,10) [lru-add-drain]
(root,0,0,00:02:52/365-14:38:18,11) [watchdog/0]
(root,0,0,00:02:23/365-14:38:18,12) [watchdog/1]
(root,0,0,00:00:02/365-14:38:18,13) [migration/1]
(root,0,0,00:00:17/365-14:38:18,14) [ksoftirqd/1]
(root,0,0,00:00:00/365-14:38:18,16) [kworker/1:0H]
(root,0,0,00:02:23/365-14:38:18,17) [watchdog/2]
(root,0,0,00:00:02/365-14:38:18,18) [migration/2]
(root,0,0,00:00:16/365-14:38:18,19) [ksoftirqd/2]
(root,0,0,00:00:00/365-14:38:18,21) [kworker/2:0H]
(root,0,0,00:02:26/365-14:38:18,22) [watchdog/3]
(root,0,0,00:00:02/365-14:38:18,23) [migration/3]
(root,0,0,00:00:15/365-14:38:18,24) [ksoftirqd/3]
(root,0,0,00:00:00/365-14:38:18,26) [kworker/3:0H]
(root,0,0,00:02:20/365-14:38:18,27) [watchdog/4]
(root,0,0,00:01:14/365-14:38:18,28) [migration/4]
(root,0,0,00:00:24/365-14:38:18,29) [ksoftirqd/4]
(root,0,0,00:00:00/365-14:38:18,31) [kworker/4:0H]
(root,0,0,00:02:14/365-14:38:18,32) [watchdog/5]
(root,0,0,00:01:35/365-14:38:18,33) [migration/5]
(root,0,0,00:00:32/365-14:38:18,34) [ksoftirqd/5]
(root,0,0,00:00:00/365-14:38:18,36) [kworker/5:0H]
(root,0,0,00:02:15/365-14:38:18,37) [watchdog/6]
(root,0,0,00:01:10/365-14:38:18,38) [migration/6]
(root,0,0,00:00:32/365-14:38:18,39) [ksoftirqd/6]
(root,0,0,00:00:00/365-14:38:18,41) [kworker/6:0H]
(root,0,0,00:02:28/365-14:38:18,42) [watchdog/7]
(root,0,0,00:01:08/365-14:38:18,43) [migration/7]
(root,0,0,00:11:49/365-14:38:18,44) [ksoftirqd/7]
(root,0,0,00:00:00/365-14:38:18,46) [kworker/7:0H]
(root,0,0,00:00:00/365-14:38:18,48) [kdevtmpfs]
(root,0,0,00:00:00/365-14:38:18,49) [netns]
(root,0,0,00:00:27/365-14:38:18,50) [khungtaskd]
(root,0,0,00:00:00/365-14:38:18,51) [writeback]
(root,0,0,00:00:00/365-14:38:18,52) [kintegrityd]
(root,0,0,00:00:00/365-14:38:18,53) [bioset]
(root,0,0,00:00:00/365-14:38:18,54) [bioset]
(root,0,0,00:00:00/365-14:38:18,55) [bioset]
(root,0,0,00:00:00/365-14:38:18,56) [kblockd]
(root,0,0,00:00:00/365-14:38:18,57) [md]
(root,0,0,00:00:00/365-14:38:18,58) [edac-poller]
(root,0,0,00:00:00/365-14:38:18,59) [watchdogd]
(root,0,0,01:00:22/365-14:38:18,66) [kswapd0]
(root,0,0,00:00:00/365-14:38:18,67) [ksmd]
(root,0,0,00:01:57/365-14:38:18,68) [khugepaged]
(root,0,0,00:00:00/365-14:38:18,69) [crypto]
(root,0,0,00:00:00/365-14:38:18,77) [kthrotld]
(root,0,0,00:00:00/365-14:38:18,80) [kmpath_rdacd]
(root,0,0,00:00:00/365-14:38:18,81) [kaluad]
(root,0,0,00:00:00/365-14:38:18,82) [kpsmoused]
(root,0,0,00:00:00/365-14:38:18,84) [ipv6_addrconf]
(root,0,0,00:00:00/365-14:38:18,97) [deferwq]
(root,0,0,00:17:23/365-14:38:17,144) [kauditd]
(scliegyp,39628,4756,00:00:00/04:02,322) dovecot/imap
(root,0,0,00:00:00/365-14:38:17,368) [ata_sff]
(root,72960,4276,00:00:00/02:08,395) dovecot/auth -w
(root,0,0,00:00:00/365-14:38:17,404) [scsi_eh_0]
(root,0,0,00:00:00/365-14:38:17,405) [scsi_tmf_0]
(root,0,0,00:00:00/365-14:38:17,406) [scsi_eh_1]
(root,0,0,00:00:00/365-14:38:17,407) [scsi_tmf_1]
(root,0,0,00:00:00/365-14:38:17,408) [scsi_eh_2]
(root,0,0,00:00:00/365-14:38:17,409) [scsi_tmf_2]
(root,0,0,00:00:00/365-14:38:17,410) [scsi_eh_3]
(root,0,0,00:00:00/365-14:38:17,411) [scsi_tmf_3]
(root,0,0,00:00:00/365-14:38:17,412) [scsi_eh_4]
(root,0,0,00:00:00/365-14:38:17,413) [scsi_tmf_4]
(root,0,0,00:00:00/365-14:38:17,414) [scsi_eh_5]
(root,0,0,00:00:00/365-14:38:17,415) [scsi_tmf_5]
(scliegyp,38436,3596,00:00:00/01:34,439) dovecot/imap
(root,185004,2412,00:00:00/01:06,471) /usr/sbin/CROND -n
(root,113280,1208,00:00:00/01:06,476) /bin/sh -c /usr/local/cpanel/scripts/autorepair recoverymgmt >/dev/null 2>&1
(root,159536,13840,00:00:00/01:06,482) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/scripts/autorepair recoverymgmt
(root,0,0,00:00:00/365-14:38:15,488) [kdmflush]
(root,0,0,00:00:00/365-14:38:15,489) [bioset]
(root,0,0,00:00:16/365-14:38:15,506) [kworker/0:1H]
(root,0,0,01:05:53/365-14:38:15,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/365-14:38:15,514) [ext4-rsv-conver]
(root,55832,14828,04:31:04/365-14:38:13,593) /usr/lib/systemd/systemd-journald
(scliegyp,38176,3392,00:00:00/00:51,610) dovecot/imap
(root,0,0,00:00:02/365-14:38:13,627) [kworker/4:1H]
(root,0,0,00:00:05/365-14:38:12,629) [kworker/1:1H]
(root,198572,760,00:00:00/365-14:38:12,633) /usr/sbin/lvmetad -f
(root,46060,1024,00:00:00/365-14:38:12,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/365-14:38:11,644) [kworker/2:1H]
(root,0,0,00:22:54/365-14:38:11,645) [kworker/7:1H]
(root,190060,11916,00:00:00/00:08,651) cPhulkd - processor - http socket
(root,0,0,00:00:00/00:07,652) [cpsrvd (SSL) - ] <defunct>
(scliegyp,31616,3512,00:00:00/00:07,653) dovecot/pop3
(root,0,0,00:00:02/365-14:38:10,687) [kworker/5:1H]
(root,0,0,00:00:00/365-14:38:10,688) [irq/125-mei_me]
(root,0,0,00:00:00/365-14:38:10,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/365-14:38:08,714) [jbd2/sda2-8]
(root,0,0,00:00:00/365-14:38:08,715) [ext4-rsv-conver]
(root,0,0,00:04:22/365-14:38:07,719) [jbd2/sda3-8]
(root,0,0,00:00:00/365-14:38:07,720) [ext4-rsv-conver]
(root,0,0,00:10:52/365-14:38:07,724) [jbd2/sdb-8]
(root,0,0,00:00:00/365-14:38:07,725) [ext4-rsv-conver]
(root,0,0,00:00:02/365-14:38:05,740) [kworker/6:1H]
(root,57704,724,00:37:23/365-14:37:55,748) /sbin/auditd
(root,248536,95532,00:00:10/06:05:50,771) spamd child
(dbus,58232,1912,01:21:59/365-14:37:54,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,1768,00:41:10/365-14:37:53,788) /usr/lib/systemd/systemd-logind
(root,229032,8876,00:14:08/365-14:37:53,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5800,01:47:55/365-14:37:53,794) /usr/sbin/nscd
(root,113500,1620,00:00:00/00:01,801) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,828) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,944,00:00:00/00:00,829) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,52900,1892,00:00:19/365-14:37:53,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:21:59/365-14:37:53,849) /usr/sbin/irqbalance --foreground
(root,24208,720,00:00:00/365-14:37:53,862) /usr/sbin/atd -f
(root,124504,1368,00:07:18/365-14:37:53,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/365-14:37:53,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/365-14:37:53,869) [kworker/3:1H]
(chrony,97380,1320,00:02:01/365-14:37:53,888) /usr/sbin/chronyd
(root,113472,3140,00:33:07/365-14:37:44,1226) /usr/sbin/sshd -D
(root,1068492,11936,02:21:49/365-14:37:44,1237) /usr/sbin/rsyslogd -n
(root,27380,808,00:02:50/365-14:37:44,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,41856,02:03:18/365-14:37:43,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4200,00:16:08/365-14:37:40,1820) dnsadmin - dormant mode
(root,214712,19168,03:45:34/365-14:37:40,1825) tailwatchd
(root,183604,6560,00:14:40/365-14:37:40,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,259092,27072,00:01:36/9-09:10:05,1861) cpsrvd (SSL) - waiting for connections                   
(root,130156,2272,00:01:56/365-14:37:40,1863) cpanellogd - sleeping for logs
(cpanelconnecttrack,9812,3224,01:04:30/9-09:10:05,1874) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,12740,1232,00:00:21/15-01:48:34,2668) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12748,1244,00:00:20/15-01:48:34,2669) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235460,1892,00:00:00/15-01:48:34,2670) /usr/sbin/httpd -k start
(root,53088,2468,00:00:00/15-01:48:34,2671) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,189796,12164,00:01:00/9-09:04:16,2979) cPhulkd - processor
(root,152260,11176,00:00:51/9-09:04:12,3007) cPhulkd - dbprocessor
(root,51440,2428,00:02:01/9-09:04:09,3041) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovenull,52140,7968,00:04:09/9-09:04:09,3051) dovecot/pop3-login
(dovenull,55208,10868,00:04:20/9-09:04:09,3052) dovecot/imap-login
(dovecot,10272,1296,00:00:42/9-09:04:09,3053) dovecot/anvil
(root,10524,1616,00:01:07/9-09:04:09,3054) dovecot/log
(dovenull,50800,6508,00:00:29/9-09:04:09,3055) dovecot/pop3-login
(dovenull,52336,8100,00:00:53/9-09:04:09,3056) dovecot/imap-login
(root,15960,3484,00:01:56/9-09:04:09,3057) dovecot/config
(dovecot,50232,3664,00:01:13/9-09:04:09,3058) dovecot/stats
(dovecot,10412,1504,00:00:21/9-09:03:34,3201) dovecot/imap-hibernate
(nobody,3226440,29876,00:01:26/5-05:30:15,5152) /usr/sbin/httpd -k start
(nobody,3291976,29572,00:01:28/5-05:29:47,5236) /usr/sbin/httpd -k start
(nobody,3226440,27976,00:01:26/5-05:29:33,5391) /usr/sbin/httpd -k start
(dovecot,73440,5004,00:00:23/23:11:39,8361) dovecot/auth
(root,0,0,00:00:00/10:31:04,9693) [kworker/4:1]
(root,0,0,00:00:00/04:26:24,9880) [kworker/1:2]
(root,252372,96108,00:00:02/16:28:35,11341) spamd child
(root,0,0,00:00:00/04:06:07,11611) [kworker/4:2]
(root,3108,36,00:03:07/365-10:35:21,12075) /usr/bin/RCdaemon
(root,0,0,00:00:03/08:51:07,18430) [kworker/7:2]
(polkitd,610664,2852,00:29:29/365-13:40:12,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763956,27152,03:04:26/365-13:40:10,19737) /usr/sbin/named -u named -c /etc/named.conf
(nobody,3423048,27248,00:00:57/3-12:20:23,20213) /usr/sbin/httpd -k start
(nobody,2964296,25524,00:00:56/3-12:19:51,20298) /usr/sbin/httpd -k start
(root,0,0,00:00:00/02:11:07,21543) [kworker/3:2]
(root,0,0,00:00:00/02:06:06,21952) [kworker/6:1]
(root,0,0,00:00:00/01:38:50,24398) [kworker/5:0]
(mysql,3441212,623712,08:52:13/131-12:27:06,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,0,0,00:00:00/19:40:54,26409) [kworker/2:0]
(mailnull,89252,13176,00:02:22/19-10:51:53,26568) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:00/01:11:04,26733) [kworker/5:1]
(root,0,0,00:00:00/01:06:07,27115) [kworker/3:0]
(root,0,0,00:00:00/01:03:45,27335) [kworker/u16:0]
(root,2630184,1627280,08:24:48/361-18:40:28,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(nobody,3226440,28648,00:01:19/4-19:06:36,28140) /usr/sbin/httpd -k start
(root,292800,5136,00:00:49/11-21:03:48,28704) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,20248,00:00:15/11-21:03:47,28729) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(root,0,0,00:00:00/46:07,28734) [kworker/0:0]
(wp-toolkit,404400,47636,00:10:52/11-21:03:43,28818) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,32564,00:00:15/11-21:03:43,28822) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,235460,12140,00:02:14/15-15:57:11,29363) /usr/sbin/httpd -k start
(root,33404,3480,00:01:40/328-03:53:48,29439) /sbin/rsyslogd
(root,28844,2324,00:00:00/27:29,30244) dovecot/quota-status -p postfix
(root,0,0,00:00:00/26:27,30310) [kworker/0:2]
(scliegyp,38176,3396,00:00:00/16:57,31142) dovecot/imap
(root,0,0,00:00:00/16:07,31278) [kworker/7:1]
(root,178488,29036,00:00:00/16:06,31311) lfd - sleeping
(root,0,0,00:00:00/16:04,31333) [kworker/1:0]
(root,0,0,00:00:00/06:26:27,31346) [kworker/6:2]
(scliegyp,38280,3596,00:00:00/15:48,31354) dovecot/imap
(scliegyp,37752,3072,00:00:00/14:55,31891) dovecot/imap
(root,0,0,00:00:00/10:19,32238) [kworker/u16:2]
(root,0,0,00:00:00/06:07,32572) [kworker/2:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-13 23:16

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10f4d1b09d

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4108,03:15:43/363-12:59:01,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:06/363-12:59:01,2) [kthreadd]
(root,0,0,00:00:00/363-12:59:01,4) [kworker/0:0H]
(root,0,0,00:39:56/363-12:59:01,6) [ksoftirqd/0]
(root,0,0,00:00:02/363-12:59:01,7) [migration/0]
(root,0,0,00:00:00/363-12:59:01,8) [rcu_bh]
(root,0,0,05:29:50/363-12:59:01,9) [rcu_sched]
(root,0,0,00:00:00/363-12:59:01,10) [lru-add-drain]
(root,0,0,00:02:51/363-12:59:01,11) [watchdog/0]
(root,0,0,00:02:22/363-12:59:01,12) [watchdog/1]
(root,0,0,00:00:02/363-12:59:01,13) [migration/1]
(root,0,0,00:00:16/363-12:59:01,14) [ksoftirqd/1]
(root,0,0,00:00:00/363-12:59:01,16) [kworker/1:0H]
(root,0,0,00:02:22/363-12:59:01,17) [watchdog/2]
(root,0,0,00:00:02/363-12:59:01,18) [migration/2]
(root,0,0,00:00:15/363-12:59:01,19) [ksoftirqd/2]
(root,0,0,00:00:00/363-12:59:01,21) [kworker/2:0H]
(root,0,0,00:02:25/363-12:59:01,22) [watchdog/3]
(root,0,0,00:00:01/363-12:59:01,23) [migration/3]
(root,0,0,00:00:14/363-12:59:01,24) [ksoftirqd/3]
(root,0,0,00:00:00/363-12:59:01,26) [kworker/3:0H]
(root,0,0,00:02:19/363-12:59:01,27) [watchdog/4]
(root,0,0,00:01:14/363-12:59:01,28) [migration/4]
(root,0,0,00:00:23/363-12:59:01,29) [ksoftirqd/4]
(root,0,0,00:00:00/363-12:59:01,31) [kworker/4:0H]
(root,0,0,00:02:14/363-12:59:01,32) [watchdog/5]
(root,0,0,00:01:34/363-12:59:01,33) [migration/5]
(root,0,0,00:00:31/363-12:59:01,34) [ksoftirqd/5]
(root,0,0,00:00:00/363-12:59:01,36) [kworker/5:0H]
(root,0,0,00:02:14/363-12:59:01,37) [watchdog/6]
(root,0,0,00:01:09/363-12:59:01,38) [migration/6]
(root,0,0,00:00:31/363-12:59:01,39) [ksoftirqd/6]
(root,0,0,00:00:00/363-12:59:01,41) [kworker/6:0H]
(root,0,0,00:02:27/363-12:59:01,42) [watchdog/7]
(root,0,0,00:01:08/363-12:59:01,43) [migration/7]
(root,0,0,00:11:44/363-12:59:01,44) [ksoftirqd/7]
(root,0,0,00:00:00/363-12:59:01,46) [kworker/7:0H]
(root,0,0,00:00:00/363-12:59:01,48) [kdevtmpfs]
(root,0,0,00:00:00/363-12:59:01,49) [netns]
(root,0,0,00:00:27/363-12:59:01,50) [khungtaskd]
(root,0,0,00:00:00/363-12:59:01,51) [writeback]
(root,0,0,00:00:00/363-12:59:01,52) [kintegrityd]
(root,0,0,00:00:00/363-12:59:01,53) [bioset]
(root,0,0,00:00:00/363-12:59:01,54) [bioset]
(root,0,0,00:00:00/363-12:59:01,55) [bioset]
(root,0,0,00:00:00/363-12:59:01,56) [kblockd]
(root,0,0,00:00:00/363-12:59:01,57) [md]
(root,0,0,00:00:00/363-12:59:01,58) [edac-poller]
(root,0,0,00:00:00/363-12:59:01,59) [watchdogd]
(root,0,0,01:00:11/363-12:59:01,66) [kswapd0]
(root,0,0,00:00:00/363-12:59:01,67) [ksmd]
(root,0,0,00:01:56/363-12:59:01,68) [khugepaged]
(root,0,0,00:00:00/363-12:59:01,69) [crypto]
(root,0,0,00:00:00/363-12:59:01,77) [kthrotld]
(root,0,0,00:00:00/363-12:59:01,80) [kmpath_rdacd]
(root,0,0,00:00:00/363-12:59:01,81) [kaluad]
(root,0,0,00:00:00/363-12:59:01,82) [kpsmoused]
(root,0,0,00:00:00/363-12:59:01,84) [ipv6_addrconf]
(root,0,0,00:00:00/363-12:59:01,97) [deferwq]
(root,0,0,00:17:17/363-12:59:00,144) [kauditd]
(root,0,0,00:00:00/363-12:59:00,368) [ata_sff]
(root,0,0,00:00:00/363-12:59:00,404) [scsi_eh_0]
(root,0,0,00:00:00/363-12:59:00,405) [scsi_tmf_0]
(root,0,0,00:00:00/363-12:59:00,406) [scsi_eh_1]
(root,0,0,00:00:00/363-12:59:00,407) [scsi_tmf_1]
(root,0,0,00:00:00/363-12:59:00,408) [scsi_eh_2]
(root,0,0,00:00:00/363-12:59:00,409) [scsi_tmf_2]
(root,0,0,00:00:00/363-12:59:00,410) [scsi_eh_3]
(root,0,0,00:00:00/363-12:59:00,411) [scsi_tmf_3]
(root,0,0,00:00:00/363-12:59:00,412) [scsi_eh_4]
(root,0,0,00:00:00/363-12:59:00,413) [scsi_tmf_4]
(root,0,0,00:00:00/363-12:59:00,414) [scsi_eh_5]
(root,0,0,00:00:00/363-12:59:00,415) [scsi_tmf_5]
(root,0,0,00:00:00/363-12:58:58,488) [kdmflush]
(root,0,0,00:00:00/363-12:58:58,489) [bioset]
(root,0,0,00:00:16/363-12:58:58,506) [kworker/0:1H]
(root,0,0,01:05:25/363-12:58:58,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/363-12:58:58,514) [ext4-rsv-conver]
(root,0,0,00:00:00/16:46:50,519) [kworker/2:2]
(root,158324,96232,04:29:54/363-12:58:56,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/363-12:58:56,627) [kworker/4:1H]
(root,0,0,00:00:05/363-12:58:55,629) [kworker/1:1H]
(root,198572,760,00:00:00/363-12:58:55,633) /usr/sbin/lvmetad -f
(root,46060,1024,00:00:00/363-12:58:55,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/363-12:58:54,644) [kworker/2:1H]
(root,0,0,00:22:46/363-12:58:54,645) [kworker/7:1H]
(root,0,0,00:00:02/363-12:58:53,687) [kworker/5:1H]
(root,0,0,00:00:00/363-12:58:53,688) [irq/125-mei_me]
(root,0,0,00:00:00/363-12:58:53,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/363-12:58:51,714) [jbd2/sda2-8]
(root,0,0,00:00:00/363-12:58:51,715) [ext4-rsv-conver]
(root,0,0,00:04:19/363-12:58:50,719) [jbd2/sda3-8]
(root,0,0,00:00:00/363-12:58:50,720) [ext4-rsv-conver]
(root,0,0,00:10:47/363-12:58:50,724) [jbd2/sdb-8]
(root,0,0,00:00:00/363-12:58:50,725) [ext4-rsv-conver]
(root,0,0,00:00:02/363-12:58:48,740) [kworker/6:1H]
(root,57704,724,00:37:11/363-12:58:38,748) /sbin/auditd
(dbus,58232,1912,01:21:32/363-12:58:37,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,1768,00:40:56/363-12:58:36,788) /usr/lib/systemd/systemd-logind
(root,229032,8888,00:14:02/363-12:58:36,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5824,01:47:09/363-12:58:36,794) /usr/sbin/nscd
(root,52900,1892,00:00:19/363-12:58:36,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:21:31/363-12:58:36,849) /usr/sbin/irqbalance --foreground
(root,24208,720,00:00:00/363-12:58:36,862) /usr/sbin/atd -f
(root,124504,1368,00:07:16/363-12:58:36,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/363-12:58:36,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/363-12:58:36,869) [kworker/3:1H]
(chrony,97380,1320,00:02:01/363-12:58:36,888) /usr/sbin/chronyd
(root,113472,3140,00:32:56/363-12:58:27,1226) /usr/sbin/sshd -D
(root,1076244,15248,02:21:09/363-12:58:27,1237) /usr/sbin/rsyslogd -n
(root,27380,804,00:02:50/363-12:58:27,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,0,0,00:00:00/01:16:50,1255) [kworker/3:1]
(root,225548,41828,02:02:36/363-12:58:26,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4200,00:16:03/363-12:58:23,1820) dnsadmin - dormant mode
(root,214712,19172,03:44:18/363-12:58:23,1825) tailwatchd
(root,183604,6556,00:14:36/363-12:58:23,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,259092,28548,00:01:17/7-07:30:48,1861) cpsrvd (SSL) - waiting for connections                   
(root,130156,2268,00:01:55/363-12:58:23,1863) cpanellogd - sleeping for logs
(cpanelconnecttrack,9812,3224,00:49:56/7-07:30:48,1874) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,0,0,00:00:00/01:06:50,2135) [kworker/6:2]
(root,0,0,00:00:00/01:05:50,2242) [kworker/2:1]
(root,12736,1232,00:00:17/13-00:09:17,2668) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12748,1244,00:00:17/13-00:09:17,2669) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235460,1892,00:00:00/13-00:09:17,2670) /usr/sbin/httpd -k start
(root,53088,2468,00:00:00/13-00:09:17,2671) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,189796,12164,00:00:46/7-07:24:59,2979) cPhulkd - processor
(root,152260,11172,00:00:41/7-07:24:55,3007) cPhulkd - dbprocessor
(root,51440,2432,00:01:38/7-07:24:52,3041) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovenull,52140,7964,00:03:16/7-07:24:52,3051) dovecot/pop3-login
(dovenull,55208,10896,00:03:01/7-07:24:52,3052) dovecot/imap-login
(dovecot,10272,1296,00:00:34/7-07:24:52,3053) dovecot/anvil
(root,10524,1616,00:00:55/7-07:24:52,3054) dovecot/log
(dovenull,50680,6496,00:00:22/7-07:24:52,3055) dovecot/pop3-login
(dovenull,52336,8128,00:00:43/7-07:24:52,3056) dovecot/imap-login
(root,15960,3484,00:01:38/7-07:24:52,3057) dovecot/config
(dovecot,50232,3672,00:00:59/7-07:24:52,3058) dovecot/stats
(dovecot,74284,5888,00:05:42/7-07:24:52,3059) dovecot/auth
(dovecot,10412,1504,00:00:16/7-07:24:17,3201) dovecot/imap-hibernate
(root,244612,87576,00:00:14/49:11,3785) spamd child
(root,232640,72696,00:00:00/38:44,4974) spamd child
(root,0,0,00:00:00/36:50,5151) [kworker/4:0]
(nobody,3226440,27784,00:00:47/3-03:50:58,5152) /usr/sbin/httpd -k start
(nobody,3226440,28076,00:00:49/3-03:50:30,5236) /usr/sbin/httpd -k start
(nobody,3095368,26452,00:00:46/3-03:50:16,5391) /usr/sbin/httpd -k start
(root,0,0,00:00:00/35:49,5474) [kworker/5:1]
(scliegyp,38416,3784,00:00:00/34:53,5710) dovecot/imap
(root,0,0,00:00:00/32:07,5898) [kworker/u16:1]
(root,0,0,00:00:00/26:50,6447) [kworker/0:0]
(root,0,0,00:00:00/16:50,7362) [kworker/7:1]
(root,0,0,00:00:00/11:50,7825) [kworker/1:1]
(root,0,0,00:00:00/08:47,8175) [kworker/4:1]
(scliegyp,38072,3072,00:00:00/05:56,8401) dovecot/imap
(root,0,0,00:00:00/03:40,8606) [kworker/4:2]
(root,72960,4240,00:00:00/01:07,8816) dovecot/auth -w
(scliegyp,38280,3600,00:00:00/00:33,8859) dovecot/imap
(root,62912,4496,00:00:00/00:14,8904) dovecot/lmtp
(root,192560,11736,00:00:00/00:14,8910) cPhulkd - processor - http socket
(root,0,0,00:00:00/00:14,8929) [whostmgrd - ser] <defunct>
(cpanelphpmyadmin,292768,5372,00:00:00/00:14,8944) php-fpm: pool cpanelphpmyadmin
(root,113472,4596,00:00:00/00:00,9094) sshd: [accepted]
(root,113500,1620,00:00:00/00:00,9099) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,9117) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,9118) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,3108,36,00:03:06/363-08:56:04,12075) /usr/bin/RCdaemon
(root,0,0,00:00:01/05:01:50,12906) [kworker/7:2]
(polkitd,610664,2852,00:29:20/363-12:00:55,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763956,27156,03:03:28/363-12:00:53,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,0,0,00:00:00/03:43:59,19919) [kworker/u16:0]
(nobody,3423048,23992,00:00:17/1-10:41:06,20213) /usr/sbin/httpd -k start
(nobody,2964296,23032,00:00:18/1-10:40:34,20298) /usr/sbin/httpd -k start
(root,0,0,00:00:01/08:50:34,21996) [kworker/0:1]
(mysql,3441212,520676,08:33:25/129-10:47:49,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,0,0,00:00:00/12:35:50,26152) [kworker/5:2]
(mailnull,89252,13196,00:02:17/17-09:12:36,26568) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,2564228,1585936,08:22:51/359-17:01:11,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,0,0,00:00:00/17:35:50,27450) [kworker/3:0]
(nobody,3226440,26700,00:00:41/2-17:27:19,28140) /usr/sbin/httpd -k start
(root,292800,5128,00:00:40/9-19:24:31,28704) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,20248,00:00:12/9-19:24:30,28729) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404400,47636,00:08:58/9-19:24:26,28818) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,32556,00:00:12/9-19:24:26,28822) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,235460,12140,00:01:56/13-14:17:54,29363) /usr/sbin/httpd -k start
(root,33404,3480,00:01:40/326-02:14:31,29439) /sbin/rsyslogd
(root,0,0,00:00:00/17:04:05,30900) [kworker/6:0]
(root,0,0,00:00:00/01:31:50,32233) [kworker/1:0]
(root,179640,30176,00:00:43/22:36:49,32634) lfd - sleeping

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-11 21:36

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10e7c6cf1f

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4112,03:14:39/361-14:29:40,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:06/361-14:29:40,2) [kthreadd]
(root,0,0,00:00:00/361-14:29:40,4) [kworker/0:0H]
(root,0,0,00:39:47/361-14:29:40,6) [ksoftirqd/0]
(root,0,0,00:00:02/361-14:29:40,7) [migration/0]
(root,0,0,00:00:00/361-14:29:40,8) [rcu_bh]
(root,0,0,05:27:53/361-14:29:40,9) [rcu_sched]
(root,0,0,00:00:00/361-14:29:40,10) [lru-add-drain]
(root,0,0,00:02:50/361-14:29:40,11) [watchdog/0]
(root,0,0,00:02:21/361-14:29:40,12) [watchdog/1]
(root,0,0,00:00:02/361-14:29:40,13) [migration/1]
(root,0,0,00:00:16/361-14:29:40,14) [ksoftirqd/1]
(root,0,0,00:00:00/361-14:29:40,16) [kworker/1:0H]
(root,0,0,00:02:21/361-14:29:40,17) [watchdog/2]
(root,0,0,00:00:02/361-14:29:40,18) [migration/2]
(root,0,0,00:00:15/361-14:29:40,19) [ksoftirqd/2]
(root,0,0,00:00:00/361-14:29:40,21) [kworker/2:0H]
(root,0,0,00:02:24/361-14:29:40,22) [watchdog/3]
(root,0,0,00:00:01/361-14:29:40,23) [migration/3]
(root,0,0,00:00:14/361-14:29:40,24) [ksoftirqd/3]
(root,0,0,00:00:00/361-14:29:40,26) [kworker/3:0H]
(root,0,0,00:02:18/361-14:29:40,27) [watchdog/4]
(root,0,0,00:01:14/361-14:29:40,28) [migration/4]
(root,0,0,00:00:23/361-14:29:40,29) [ksoftirqd/4]
(root,0,0,00:00:00/361-14:29:40,31) [kworker/4:0H]
(root,0,0,00:02:13/361-14:29:40,32) [watchdog/5]
(root,0,0,00:01:34/361-14:29:40,33) [migration/5]
(root,0,0,00:00:31/361-14:29:40,34) [ksoftirqd/5]
(root,0,0,00:00:00/361-14:29:40,36) [kworker/5:0H]
(root,0,0,00:02:13/361-14:29:40,37) [watchdog/6]
(root,0,0,00:01:09/361-14:29:40,38) [migration/6]
(root,0,0,00:00:31/361-14:29:40,39) [ksoftirqd/6]
(root,0,0,00:00:00/361-14:29:40,41) [kworker/6:0H]
(root,0,0,00:02:26/361-14:29:40,42) [watchdog/7]
(root,0,0,00:01:08/361-14:29:40,43) [migration/7]
(root,0,0,00:11:40/361-14:29:40,44) [ksoftirqd/7]
(root,0,0,00:00:00/361-14:29:40,46) [kworker/7:0H]
(root,0,0,00:00:00/361-14:29:40,48) [kdevtmpfs]
(root,0,0,00:00:00/361-14:29:40,49) [netns]
(root,0,0,00:00:27/361-14:29:40,50) [khungtaskd]
(root,0,0,00:00:00/361-14:29:40,51) [writeback]
(root,0,0,00:00:00/361-14:29:40,52) [kintegrityd]
(root,0,0,00:00:00/361-14:29:40,53) [bioset]
(root,0,0,00:00:00/361-14:29:40,54) [bioset]
(root,0,0,00:00:00/361-14:29:40,55) [bioset]
(root,0,0,00:00:00/361-14:29:40,56) [kblockd]
(root,0,0,00:00:00/361-14:29:40,57) [md]
(root,0,0,00:00:00/361-14:29:40,58) [edac-poller]
(root,0,0,00:00:00/361-14:29:40,59) [watchdogd]
(root,0,0,01:00:03/361-14:29:40,66) [kswapd0]
(root,0,0,00:00:00/361-14:29:40,67) [ksmd]
(root,0,0,00:01:56/361-14:29:40,68) [khugepaged]
(root,0,0,00:00:00/361-14:29:40,69) [crypto]
(root,0,0,00:00:00/361-14:29:40,77) [kthrotld]
(root,0,0,00:00:00/361-14:29:40,80) [kmpath_rdacd]
(root,0,0,00:00:00/361-14:29:40,81) [kaluad]
(root,0,0,00:00:00/361-14:29:40,82) [kpsmoused]
(root,0,0,00:00:00/361-14:29:40,84) [ipv6_addrconf]
(root,0,0,00:00:00/361-14:29:40,97) [deferwq]
(root,0,0,00:17:10/361-14:29:39,144) [kauditd]
(root,0,0,00:00:00/361-14:29:39,368) [ata_sff]
(root,0,0,00:00:00/361-14:29:39,404) [scsi_eh_0]
(root,0,0,00:00:00/361-14:29:39,405) [scsi_tmf_0]
(root,0,0,00:00:00/361-14:29:39,406) [scsi_eh_1]
(root,0,0,00:00:00/361-14:29:39,407) [scsi_tmf_1]
(root,0,0,00:00:00/361-14:29:39,408) [scsi_eh_2]
(root,0,0,00:00:00/361-14:29:39,409) [scsi_tmf_2]
(root,0,0,00:00:00/361-14:29:39,410) [scsi_eh_3]
(root,0,0,00:00:00/361-14:29:39,411) [scsi_tmf_3]
(root,0,0,00:00:00/361-14:29:39,412) [scsi_eh_4]
(root,0,0,00:00:00/361-14:29:39,413) [scsi_tmf_4]
(root,0,0,00:00:00/361-14:29:39,414) [scsi_eh_5]
(root,0,0,00:00:00/361-14:29:39,415) [scsi_tmf_5]
(root,0,0,00:00:00/361-14:29:37,488) [kdmflush]
(root,0,0,00:00:00/361-14:29:37,489) [bioset]
(root,0,0,00:00:16/361-14:29:37,506) [kworker/0:1H]
(root,0,0,01:05:01/361-14:29:37,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/361-14:29:37,514) [ext4-rsv-conver]
(root,84564,33920,04:28:23/361-14:29:35,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/361-14:29:35,627) [kworker/4:1H]
(root,0,0,00:00:05/361-14:29:34,629) [kworker/1:1H]
(root,198572,760,00:00:00/361-14:29:34,633) /usr/sbin/lvmetad -f
(root,46060,1024,00:00:00/361-14:29:34,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/361-14:29:33,644) [kworker/2:1H]
(root,0,0,00:22:39/361-14:29:33,645) [kworker/7:1H]
(root,0,0,00:00:02/361-14:29:32,687) [kworker/5:1H]
(root,0,0,00:00:00/361-14:29:32,688) [irq/125-mei_me]
(root,0,0,00:00:00/361-14:29:32,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/361-14:29:30,714) [jbd2/sda2-8]
(root,0,0,00:00:00/361-14:29:30,715) [ext4-rsv-conver]
(root,0,0,00:04:17/361-14:29:29,719) [jbd2/sda3-8]
(root,0,0,00:00:00/361-14:29:29,720) [ext4-rsv-conver]
(root,0,0,00:10:43/361-14:29:29,724) [jbd2/sdb-8]
(root,0,0,00:00:00/361-14:29:29,725) [ext4-rsv-conver]
(root,0,0,00:00:02/361-14:29:27,740) [kworker/6:1H]
(root,57704,724,00:36:57/361-14:29:17,748) /sbin/auditd
(dbus,58232,1912,01:21:06/361-14:29:16,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,1768,00:40:43/361-14:29:15,788) /usr/lib/systemd/systemd-logind
(root,229032,9024,00:13:56/361-14:29:15,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5828,01:46:33/361-14:29:15,794) /usr/sbin/nscd
(root,0,0,00:00:00/02:37:29,824) [kworker/2:2]
(root,52900,1892,00:00:19/361-14:29:15,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:21:05/361-14:29:15,849) /usr/sbin/irqbalance --foreground
(root,24208,720,00:00:00/361-14:29:15,862) /usr/sbin/atd -f
(root,124504,1368,00:07:13/361-14:29:15,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/361-14:29:15,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/361-14:29:15,869) [kworker/3:1H]
(chrony,97380,1320,00:02:00/361-14:29:15,888) /usr/sbin/chronyd
(root,113472,3140,00:32:42/361-14:29:06,1226) /usr/sbin/sshd -D
(root,1076684,18688,02:20:22/361-14:29:06,1237) /usr/sbin/rsyslogd -n
(root,27380,804,00:02:50/361-14:29:06,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,41732,02:01:56/361-14:29:05,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,247720,91660,00:00:01/08:21:42,1513) spamd child
(root,167288,4196,00:15:57/361-14:29:02,1820) dnsadmin - dormant mode
(root,214712,19184,03:43:08/361-14:29:02,1825) tailwatchd
(root,183604,6552,00:14:32/361-14:29:02,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,259092,28544,00:00:55/5-09:01:27,1861) cpsrvd (SSL) - waiting for connections                   
(root,130156,2268,00:01:55/361-14:29:02,1863) cpanellogd - sleeping for logs
(cpanelconnecttrack,9812,3224,00:37:12/5-09:01:27,1874) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,12736,1340,00:00:15/11-01:39:56,2668) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12748,1356,00:00:14/11-01:39:56,2669) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235460,3640,00:00:00/11-01:39:56,2670) /usr/sbin/httpd -k start
(root,53088,11456,00:00:00/11-01:39:56,2671) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,189796,12164,00:00:34/5-08:55:38,2979) cPhulkd - processor
(root,152260,11172,00:00:29/5-08:55:34,3007) cPhulkd - dbprocessor
(root,51440,2432,00:01:09/5-08:55:31,3041) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovenull,52388,8092,00:02:17/5-08:55:31,3051) dovecot/pop3-login
(dovenull,53116,8996,00:02:09/5-08:55:31,3052) dovecot/imap-login
(dovecot,10272,1296,00:00:24/5-08:55:31,3053) dovecot/anvil
(root,10524,1616,00:00:39/5-08:55:31,3054) dovecot/log
(dovenull,50500,6340,00:00:15/5-08:55:31,3055) dovecot/pop3-login
(dovenull,52356,8072,00:00:32/5-08:55:31,3056) dovecot/imap-login
(root,15960,3484,00:01:13/5-08:55:31,3057) dovecot/config
(dovecot,50232,3672,00:00:41/5-08:55:31,3058) dovecot/stats
(dovecot,74284,5888,00:03:54/5-08:55:31,3059) dovecot/auth
(dovecot,10412,1504,00:00:12/5-08:54:56,3201) dovecot/imap-hibernate
(nobody,3029832,24792,00:00:22/1-05:21:37,5152) /usr/sbin/httpd -k start
(nobody,3095368,26484,00:00:22/1-05:21:09,5236) /usr/sbin/httpd -k start
(nobody,3095368,23712,00:00:20/1-05:20:55,5391) /usr/sbin/httpd -k start
(root,0,0,00:00:00/01:33:05,6441) [kworker/7:1]
(root,0,0,00:00:00/07:17:29,7336) [kworker/2:1]
(root,225548,40020,00:00:00/01:10:23,8459) spamd child
(root,0,0,00:00:00/01:07:29,8758) [kworker/4:1]
(root,161752,5812,00:00:00/1-09:47:52,9272) sshd: root@pts/0
(root,114820,3204,00:00:00/1-09:47:50,9283) -bash
(root,0,0,00:00:00/06:52:26,9387) [kworker/1:2]
(root,0,0,00:00:00/47:29,10587) [kworker/5:0]
(root,0,0,00:00:00/41:41,11025) [kworker/u16:0]
(root,0,0,00:00:00/37:28,11368) [kworker/3:1]
(scliegyp,38428,3596,00:00:00/37:14,11412) dovecot/imap
(root,0,0,00:00:00/33:47,11660) [kworker/u16:2]
(root,3108,36,00:03:05/361-10:26:43,12075) /usr/bin/RCdaemon
(root,0,0,00:00:00/27:28,12222) [kworker/0:2]
(scliegyp,38268,3596,00:00:00/26:57,12279) dovecot/imap
(scliegyp,38432,3812,00:00:00/19:16,12870) dovecot/imap
(root,0,0,00:00:00/17:54,12957) [kworker/7:0]
(scliegyp,39044,4208,00:00:00/15:41,13180) dovecot/imap
(scliegyp,38432,3816,00:00:00/15:41,13181) dovecot/imap
(scliegyp,39640,4764,00:00:00/11:11,13584) dovecot/imap
(scliegyp,39044,4204,00:00:00/07:36,13854) dovecot/imap
(scliegyp,38432,3812,00:00:00/07:36,13855) dovecot/imap
(root,0,0,00:00:00/07:29,13931) [kworker/1:0]
(root,178476,28920,00:00:00/07:28,13995) lfd - sleeping
(root,0,0,00:00:01/05:57:25,14500) [kworker/0:1]
(root,62912,4496,00:00:00/00:10,14812) dovecot/lmtp
(root,192556,11652,00:00:00/00:10,14818) cPhulkd - processor - http socket
(root,0,0,00:00:00/00:09,14830) [dnsadmin - dorm] <defunct>
(root,0,0,00:00:00/00:09,14835) [whostmgrd - ser] <defunct>
(cpanelphpmyadmin,292768,5372,00:00:00/00:09,14850) php-fpm: pool cpanelphpmyadmin
(scliegyp,40020,4952,00:00:00/00:09,14862) dovecot/imap
(root,113500,1620,00:00:00/00:00,14906) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,14924) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,14925) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(polkitd,610664,3072,00:29:11/361-13:31:34,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763956,27164,03:02:21/361-13:31:32,19737) /usr/sbin/named -u named -c /etc/named.conf
(mysql,3441212,519612,08:24:22/127-12:18:28,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(mailnull,89252,13200,00:02:11/15-10:43:15,26568) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,2631972,1602116,08:19:48/357-18:31:50,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,0,0,00:00:00/03:37:29,27963) [kworker/6:2]
(nobody,3226440,24904,00:00:15/18:57:58,28140) /usr/sbin/httpd -k start
(root,292800,5128,00:00:32/7-20:55:10,28704) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,20248,00:00:10/7-20:55:09,28729) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404400,48100,00:07:11/7-20:55:05,28818) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,32564,00:00:10/7-20:55:05,28822) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,235460,13820,00:01:40/11-15:48:33,29363) /usr/sbin/httpd -k start
(root,33404,3480,00:01:39/324-03:45:10,29439) /sbin/rsyslogd
(root,0,0,00:00:00/18:31:49,31093) [kworker/6:0]
(root,0,0,00:00:02/1-23:52:29,31221) [kworker/3:2]
(root,0,0,00:00:01/1-06:27:29,31412) [kworker/4:2]
(root,0,0,00:00:00/13:17:53,31893) [kworker/5:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-09 23:07

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10a7ead5e8

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4112,03:13:33/359-15:58:08,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:06/359-15:58:08,2) [kthreadd]
(root,0,0,00:00:00/359-15:58:08,4) [kworker/0:0H]
(root,0,0,00:39:28/359-15:58:08,6) [ksoftirqd/0]
(root,0,0,00:00:02/359-15:58:08,7) [migration/0]
(root,0,0,00:00:00/359-15:58:08,8) [rcu_bh]
(root,0,0,05:25:14/359-15:58:08,9) [rcu_sched]
(root,0,0,00:00:00/359-15:58:08,10) [lru-add-drain]
(root,0,0,00:02:49/359-15:58:08,11) [watchdog/0]
(root,0,0,00:02:20/359-15:58:08,12) [watchdog/1]
(root,0,0,00:00:02/359-15:58:08,13) [migration/1]
(root,0,0,00:00:16/359-15:58:08,14) [ksoftirqd/1]
(root,0,0,00:00:00/359-15:58:08,16) [kworker/1:0H]
(root,0,0,00:02:21/359-15:58:08,17) [watchdog/2]
(root,0,0,00:00:02/359-15:58:08,18) [migration/2]
(root,0,0,00:00:15/359-15:58:08,19) [ksoftirqd/2]
(root,0,0,00:00:00/359-15:58:08,21) [kworker/2:0H]
(root,0,0,00:02:24/359-15:58:08,22) [watchdog/3]
(root,0,0,00:00:01/359-15:58:08,23) [migration/3]
(root,0,0,00:00:14/359-15:58:08,24) [ksoftirqd/3]
(root,0,0,00:00:00/359-15:58:08,26) [kworker/3:0H]
(root,0,0,00:02:18/359-15:58:08,27) [watchdog/4]
(root,0,0,00:01:13/359-15:58:08,28) [migration/4]
(root,0,0,00:00:23/359-15:58:08,29) [ksoftirqd/4]
(root,0,0,00:00:00/359-15:58:08,31) [kworker/4:0H]
(root,0,0,00:02:12/359-15:58:08,32) [watchdog/5]
(root,0,0,00:01:34/359-15:58:08,33) [migration/5]
(root,0,0,00:00:31/359-15:58:08,34) [ksoftirqd/5]
(root,0,0,00:00:00/359-15:58:08,36) [kworker/5:0H]
(root,0,0,00:02:13/359-15:58:08,37) [watchdog/6]
(root,0,0,00:01:09/359-15:58:08,38) [migration/6]
(root,0,0,00:00:31/359-15:58:08,39) [ksoftirqd/6]
(root,0,0,00:00:00/359-15:58:08,41) [kworker/6:0H]
(root,0,0,00:02:25/359-15:58:08,42) [watchdog/7]
(root,0,0,00:01:07/359-15:58:08,43) [migration/7]
(root,0,0,00:11:32/359-15:58:08,44) [ksoftirqd/7]
(root,0,0,00:00:00/359-15:58:08,46) [kworker/7:0H]
(root,0,0,00:00:00/359-15:58:08,48) [kdevtmpfs]
(root,0,0,00:00:00/359-15:58:08,49) [netns]
(root,0,0,00:00:26/359-15:58:08,50) [khungtaskd]
(root,0,0,00:00:00/359-15:58:08,51) [writeback]
(root,0,0,00:00:00/359-15:58:08,52) [kintegrityd]
(root,0,0,00:00:00/359-15:58:08,53) [bioset]
(root,0,0,00:00:00/359-15:58:08,54) [bioset]
(root,0,0,00:00:00/359-15:58:08,55) [bioset]
(root,0,0,00:00:00/359-15:58:08,56) [kblockd]
(root,0,0,00:00:00/359-15:58:08,57) [md]
(root,0,0,00:00:00/359-15:58:08,58) [edac-poller]
(root,0,0,00:00:00/359-15:58:08,59) [watchdogd]
(root,0,0,00:59:55/359-15:58:08,66) [kswapd0]
(root,0,0,00:00:00/359-15:58:08,67) [ksmd]
(root,0,0,00:01:56/359-15:58:08,68) [khugepaged]
(root,0,0,00:00:00/359-15:58:08,69) [crypto]
(root,0,0,00:00:00/359-15:58:08,77) [kthrotld]
(root,0,0,00:00:00/359-15:58:08,80) [kmpath_rdacd]
(root,0,0,00:00:00/359-15:58:08,81) [kaluad]
(root,0,0,00:00:00/359-15:58:08,82) [kpsmoused]
(root,0,0,00:00:00/359-15:58:08,84) [ipv6_addrconf]
(root,0,0,00:00:00/359-15:58:08,97) [deferwq]
(root,0,0,00:17:04/359-15:58:07,144) [kauditd]
(root,0,0,00:00:00/359-15:58:07,368) [ata_sff]
(root,0,0,00:00:00/359-15:58:07,404) [scsi_eh_0]
(root,0,0,00:00:00/359-15:58:07,405) [scsi_tmf_0]
(root,0,0,00:00:00/359-15:58:07,406) [scsi_eh_1]
(root,0,0,00:00:00/359-15:58:07,407) [scsi_tmf_1]
(root,0,0,00:00:00/359-15:58:07,408) [scsi_eh_2]
(root,0,0,00:00:00/359-15:58:07,409) [scsi_tmf_2]
(root,0,0,00:00:00/359-15:58:07,410) [scsi_eh_3]
(root,0,0,00:00:00/359-15:58:07,411) [scsi_tmf_3]
(root,0,0,00:00:00/359-15:58:07,412) [scsi_eh_4]
(root,0,0,00:00:00/359-15:58:07,413) [scsi_tmf_4]
(root,0,0,00:00:00/359-15:58:07,414) [scsi_eh_5]
(root,0,0,00:00:00/359-15:58:07,415) [scsi_tmf_5]
(root,0,0,00:00:00/01:00:57,422) [kworker/4:2]
(root,0,0,00:00:00/359-15:58:05,488) [kdmflush]
(root,0,0,00:00:00/359-15:58:05,489) [bioset]
(root,0,0,00:00:15/359-15:58:05,506) [kworker/0:1H]
(root,0,0,01:03:13/359-15:58:05,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/359-15:58:05,514) [ext4-rsv-conver]
(root,145800,94296,04:26:04/359-15:58:03,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/359-15:58:03,627) [kworker/4:1H]
(root,0,0,00:00:05/359-15:58:02,629) [kworker/1:1H]
(root,198572,760,00:00:00/359-15:58:02,633) /usr/sbin/lvmetad -f
(root,46060,1024,00:00:00/359-15:58:02,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/359-15:58:01,644) [kworker/2:1H]
(root,0,0,00:22:11/359-15:58:01,645) [kworker/7:1H]
(root,0,0,00:00:02/359-15:58:00,687) [kworker/5:1H]
(root,0,0,00:00:00/359-15:58:00,688) [irq/125-mei_me]
(root,0,0,00:00:00/359-15:58:00,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/359-15:57:58,714) [jbd2/sda2-8]
(root,0,0,00:00:00/359-15:57:58,715) [ext4-rsv-conver]
(root,0,0,00:04:15/359-15:57:57,719) [jbd2/sda3-8]
(root,0,0,00:00:00/359-15:57:57,720) [ext4-rsv-conver]
(root,0,0,00:10:40/359-15:57:57,724) [jbd2/sdb-8]
(root,0,0,00:00:00/359-15:57:57,725) [ext4-rsv-conver]
(root,0,0,00:00:02/359-15:57:55,740) [kworker/6:1H]
(root,57704,724,00:36:43/359-15:57:45,748) /sbin/auditd
(dbus,58232,1912,01:20:40/359-15:57:44,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,1768,00:40:30/359-15:57:43,788) /usr/lib/systemd/systemd-logind
(root,229032,9184,00:13:48/359-15:57:43,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5800,01:45:49/359-15:57:43,794) /usr/sbin/nscd
(root,0,0,00:00:00/55:57,821) [kworker/2:0]
(root,52900,1892,00:00:19/359-15:57:43,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:20:39/359-15:57:43,849) /usr/sbin/irqbalance --foreground
(root,24208,720,00:00:00/359-15:57:43,862) /usr/sbin/atd -f
(root,124504,1368,00:07:11/359-15:57:43,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/359-15:57:43,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/359-15:57:43,869) [kworker/3:1H]
(chrony,97380,1320,00:02:00/359-15:57:43,888) /usr/sbin/chronyd
(root,113472,3140,00:32:29/359-15:57:34,1226) /usr/sbin/sshd -D
(root,1093068,15344,02:19:16/359-15:57:34,1237) /usr/sbin/rsyslogd -n
(root,27380,808,00:02:50/359-15:57:34,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,37580,02:01:00/359-15:57:33,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4200,00:15:52/359-15:57:30,1820) dnsadmin - dormant mode
(root,214092,18368,03:31:57/359-15:57:30,1825) tailwatchd
(root,183604,6560,00:14:26/359-15:57:30,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,259092,28504,00:00:32/3-10:29:55,1861) cpsrvd (SSL) - waiting for connections                   
(root,130156,2268,00:01:54/359-15:57:30,1863) cpanellogd - sleeping for logs
(cpanelconnecttrack,9812,3224,00:23:02/3-10:29:55,1874) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,246364,90084,00:00:08/06:47:39,1968) spamd child
(root,244096,86676,00:00:01/06:47:37,1976) spamd child
(root,185004,2412,00:00:00/35:57,2435) /usr/sbin/CROND -n
(root,113280,1204,00:00:00/35:57,2444) /bin/sh -c sleep $((1 + RANDOM % 5))h $((1 + RANDOM % 60))m; /usr/local/bin/wp-toolkit update-configuration > /dev/null 2> /dev/null || /usr/local/cpanel/3rdparty/wp-toolkit/bin/wp-toolkit-installer.sh --generate-configs > /dev/null 2> /dev/null; /usr/bin/yum -y update wp-toolkit-cpanel > /dev/null 2> /dev/null
(root,108052,356,00:00:00/35:56,2451) sleep 5h 23m
(root,12736,1340,00:00:13/9-03:08:24,2668) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12744,1356,00:00:12/9-03:08:24,2669) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235460,4232,00:00:00/9-03:08:24,2670) /usr/sbin/httpd -k start
(root,53088,11456,00:00:00/9-03:08:24,2671) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3160904,32600,00:01:35/9-03:08:24,2672) /usr/sbin/httpd -k start
(nobody,3357512,34204,00:01:35/9-03:08:24,2673) /usr/sbin/httpd -k start
(nobody,3291976,33648,00:01:35/9-03:08:24,2674) /usr/sbin/httpd -k start
(nobody,3160904,34628,00:01:35/9-03:08:23,2843) /usr/sbin/httpd -k start
(nobody,3226440,34560,00:01:34/9-03:08:23,2844) /usr/sbin/httpd -k start
(root,189796,12164,00:00:22/3-10:24:06,2979) cPhulkd - processor
(root,152184,11112,00:00:15/3-10:24:02,3007) cPhulkd - dbprocessor
(root,51440,2424,00:00:38/3-10:23:59,3041) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovenull,51748,7580,00:01:16/3-10:23:59,3051) dovecot/pop3-login
(dovenull,53308,9116,00:01:17/3-10:23:59,3052) dovecot/imap-login
(dovecot,10272,1296,00:00:12/3-10:23:59,3053) dovecot/anvil
(root,10404,1492,00:00:20/3-10:23:59,3054) dovecot/log
(dovenull,50212,5976,00:00:06/3-10:23:59,3055) dovecot/pop3-login
(dovenull,51340,7024,00:00:19/3-10:23:59,3056) dovecot/imap-login
(root,15960,3484,00:00:29/3-10:23:59,3057) dovecot/config
(dovecot,50100,3676,00:00:23/3-10:23:59,3058) dovecot/stats
(dovecot,74284,5876,00:02:03/3-10:23:59,3059) dovecot/auth
(dovecot,10412,1504,00:00:07/3-10:23:24,3201) dovecot/imap-hibernate
(root,0,0,00:00:00/30:57,3217) [kworker/1:1]
(scliegyp,38280,3596,00:00:00/29:41,3296) dovecot/imap
(root,0,0,00:00:00/25:57,3590) [kworker/7:2]
(scliegyp,38268,3596,00:00:00/21:04,3931) dovecot/imap
(scliegyp,38156,3376,00:00:00/17:28,4206) dovecot/imap
(scliegyp,37752,3072,00:00:00/15:10,4489) dovecot/imap
(scliegyp,38292,3600,00:00:00/13:49,4560) dovecot/imap
(root,0,0,00:00:00/07:39,4997) [kworker/u16:2]
(root,0,0,00:00:00/05:57,5122) [kworker/3:1]
(scliegyp,38268,3600,00:00:00/05:50,5267) dovecot/imap
(scliegyp,38664,3760,00:00:00/04:12,5311) dovecot/imap
(scliegyp,38156,3372,00:00:00/01:49,5436) dovecot/imap
(root,113472,4592,00:00:00/01:15,5448) sshd: [accepted]
(root,113472,4588,00:00:00/00:58,5452) sshd: [accepted]
(root,0,0,00:00:00/00:57,5553) [kworker/0:0]
(root,62912,4492,00:00:00/00:53,5616) dovecot/lmtp
(root,113472,4592,00:00:00/00:24,5674) sshd: [accepted]
(root,113500,1624,00:00:00/00:00,5726) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,5744) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,944,00:00:00/00:00,5745) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,3108,36,00:03:04/359-11:55:11,12075) /usr/bin/RCdaemon
(root,0,0,00:00:00/11:10:54,12292) [kworker/2:2]
(root,0,0,00:00:01/04:40:54,13692) [kworker/0:2]
(nobody,3226440,33188,00:01:33/8-12:36:01,17110) /usr/sbin/httpd -k start
(root,0,0,00:00:00/03:46:23,18348) [kworker/6:2]
(polkitd,610664,3072,00:29:01/359-15:00:02,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763956,27604,03:01:11/359-15:00:00,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,0,0,00:00:00/03:00:22,22522) [kworker/4:0]
(root,0,0,00:00:00/15:12:16,23156) [kworker/1:2]
(root,0,0,00:00:00/02:46:25,23636) [kworker/5:2]
(root,0,0,00:00:00/02:46:23,23661) [kworker/6:1]
(mysql,3441212,518344,08:14:12/125-13:46:56,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(mailnull,89196,12504,00:02:02/13-12:11:43,26568) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,2566056,1602908,08:16:30/355-20:00:18,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,292800,5128,00:00:24/5-22:23:38,28704) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,20248,00:00:07/5-22:23:37,28729) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404400,48100,00:05:25/5-22:23:33,28818) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,32564,00:00:07/5-22:23:33,28822) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,235460,14300,00:01:23/9-17:17:01,29363) /usr/sbin/httpd -k start
(root,33404,3480,00:01:38/322-05:13:38,29439) /sbin/rsyslogd
(root,178524,29040,00:00:02/01:35:56,29522) lfd - sleeping
(root,0,0,00:00:02/07:38:26,29577) [kworker/7:1]
(root,0,0,00:00:00/01:20:57,31221) [kworker/3:2]
(root,0,0,00:00:00/01:15:56,31668) [kworker/0:1]
(root,0,0,00:00:00/01:05:57,32438) [kworker/5:1]
(root,0,0,00:00:00/01:03:24,32574) [kworker/u16:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-08 00:35

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10a34e0e25

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4112,03:12:30/357-16:17:49,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:06/357-16:17:49,2) [kthreadd]
(root,0,0,00:00:00/357-16:17:49,4) [kworker/0:0H]
(root,0,0,00:39:24/357-16:17:49,6) [ksoftirqd/0]
(root,0,0,00:00:02/357-16:17:49,7) [migration/0]
(root,0,0,00:00:00/357-16:17:49,8) [rcu_bh]
(root,0,0,05:23:58/357-16:17:49,9) [rcu_sched]
(root,0,0,00:00:00/357-16:17:49,10) [lru-add-drain]
(root,0,0,00:02:48/357-16:17:49,11) [watchdog/0]
(root,0,0,00:02:19/357-16:17:49,12) [watchdog/1]
(root,0,0,00:00:02/357-16:17:49,13) [migration/1]
(root,0,0,00:00:16/357-16:17:49,14) [ksoftirqd/1]
(root,0,0,00:00:00/357-16:17:49,16) [kworker/1:0H]
(root,0,0,00:02:20/357-16:17:49,17) [watchdog/2]
(root,0,0,00:00:02/357-16:17:49,18) [migration/2]
(root,0,0,00:00:15/357-16:17:49,19) [ksoftirqd/2]
(root,0,0,00:00:00/357-16:17:49,21) [kworker/2:0H]
(root,0,0,00:02:23/357-16:17:49,22) [watchdog/3]
(root,0,0,00:00:01/357-16:17:49,23) [migration/3]
(root,0,0,00:00:14/357-16:17:49,24) [ksoftirqd/3]
(root,0,0,00:00:00/357-16:17:49,26) [kworker/3:0H]
(root,0,0,00:02:17/357-16:17:49,27) [watchdog/4]
(root,0,0,00:01:13/357-16:17:49,28) [migration/4]
(root,0,0,00:00:23/357-16:17:49,29) [ksoftirqd/4]
(root,0,0,00:00:00/357-16:17:49,31) [kworker/4:0H]
(root,0,0,00:02:12/357-16:17:49,32) [watchdog/5]
(root,0,0,00:01:33/357-16:17:49,33) [migration/5]
(root,0,0,00:00:30/357-16:17:49,34) [ksoftirqd/5]
(root,0,0,00:00:00/357-16:17:49,36) [kworker/5:0H]
(root,0,0,00:02:12/357-16:17:49,37) [watchdog/6]
(root,0,0,00:01:09/357-16:17:49,38) [migration/6]
(root,0,0,00:00:31/357-16:17:49,39) [ksoftirqd/6]
(root,0,0,00:00:00/357-16:17:49,41) [kworker/6:0H]
(root,0,0,00:02:25/357-16:17:49,42) [watchdog/7]
(root,0,0,00:01:07/357-16:17:49,43) [migration/7]
(root,0,0,00:11:29/357-16:17:49,44) [ksoftirqd/7]
(root,0,0,00:00:00/357-16:17:49,46) [kworker/7:0H]
(root,0,0,00:00:00/357-16:17:49,48) [kdevtmpfs]
(root,0,0,00:00:00/357-16:17:49,49) [netns]
(root,0,0,00:00:26/357-16:17:49,50) [khungtaskd]
(root,0,0,00:00:00/357-16:17:49,51) [writeback]
(root,0,0,00:00:00/357-16:17:49,52) [kintegrityd]
(root,0,0,00:00:00/357-16:17:49,53) [bioset]
(root,0,0,00:00:00/357-16:17:49,54) [bioset]
(root,0,0,00:00:00/357-16:17:49,55) [bioset]
(root,0,0,00:00:00/357-16:17:49,56) [kblockd]
(root,0,0,00:00:00/357-16:17:49,57) [md]
(root,0,0,00:00:00/357-16:17:49,58) [edac-poller]
(root,0,0,00:00:00/357-16:17:49,59) [watchdogd]
(root,0,0,00:59:49/357-16:17:49,66) [kswapd0]
(root,0,0,00:00:00/357-16:17:49,67) [ksmd]
(root,0,0,00:01:55/357-16:17:49,68) [khugepaged]
(root,0,0,00:00:00/357-16:17:49,69) [crypto]
(root,0,0,00:00:00/357-16:17:49,77) [kthrotld]
(root,0,0,00:00:00/357-16:17:49,80) [kmpath_rdacd]
(root,0,0,00:00:00/357-16:17:49,81) [kaluad]
(root,0,0,00:00:00/357-16:17:49,82) [kpsmoused]
(root,0,0,00:00:00/357-16:17:49,84) [ipv6_addrconf]
(root,0,0,00:00:00/357-16:17:49,97) [deferwq]
(root,0,0,00:16:58/357-16:17:48,144) [kauditd]
(root,0,0,00:00:00/357-16:17:48,368) [ata_sff]
(root,0,0,00:00:00/357-16:17:48,404) [scsi_eh_0]
(root,0,0,00:00:00/357-16:17:48,405) [scsi_tmf_0]
(root,0,0,00:00:00/357-16:17:48,406) [scsi_eh_1]
(root,0,0,00:00:00/357-16:17:48,407) [scsi_tmf_1]
(root,0,0,00:00:00/357-16:17:48,408) [scsi_eh_2]
(root,0,0,00:00:00/357-16:17:48,409) [scsi_tmf_2]
(root,0,0,00:00:00/357-16:17:48,410) [scsi_eh_3]
(root,0,0,00:00:00/357-16:17:48,411) [scsi_tmf_3]
(root,0,0,00:00:00/357-16:17:48,412) [scsi_eh_4]
(root,0,0,00:00:00/357-16:17:48,413) [scsi_tmf_4]
(root,0,0,00:00:00/357-16:17:48,414) [scsi_eh_5]
(root,0,0,00:00:00/357-16:17:48,415) [scsi_tmf_5]
(root,0,0,00:00:00/357-16:17:46,488) [kdmflush]
(root,0,0,00:00:00/357-16:17:46,489) [bioset]
(root,0,0,00:00:15/357-16:17:46,506) [kworker/0:1H]
(root,0,0,01:02:57/357-16:17:46,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/357-16:17:46,514) [ext4-rsv-conver]
(root,162216,92948,04:25:08/357-16:17:44,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/357-16:17:44,627) [kworker/4:1H]
(root,0,0,00:00:05/357-16:17:43,629) [kworker/1:1H]
(root,198572,760,00:00:00/357-16:17:43,633) /usr/sbin/lvmetad -f
(root,46060,1024,00:00:00/357-16:17:43,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/357-16:17:42,644) [kworker/2:1H]
(root,0,0,00:22:05/357-16:17:42,645) [kworker/7:1H]
(root,0,0,00:00:02/357-16:17:41,687) [kworker/5:1H]
(root,0,0,00:00:00/357-16:17:41,688) [irq/125-mei_me]
(root,0,0,00:00:00/357-16:17:41,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/357-16:17:39,714) [jbd2/sda2-8]
(root,0,0,00:00:00/357-16:17:39,715) [ext4-rsv-conver]
(root,0,0,00:04:14/357-16:17:38,719) [jbd2/sda3-8]
(root,0,0,00:00:00/357-16:17:38,720) [ext4-rsv-conver]
(root,0,0,00:10:35/357-16:17:38,724) [jbd2/sdb-8]
(root,0,0,00:00:00/357-16:17:38,725) [ext4-rsv-conver]
(root,0,0,00:00:02/357-16:17:36,740) [kworker/6:1H]
(root,57704,724,00:36:31/357-16:17:26,748) /sbin/auditd
(dbus,58232,1904,01:20:14/357-16:17:25,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,1764,00:40:17/357-16:17:24,788) /usr/lib/systemd/systemd-logind
(root,229032,9164,00:13:42/357-16:17:24,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5800,01:45:24/357-16:17:24,794) /usr/sbin/nscd
(root,52900,1892,00:00:19/357-16:17:24,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:20:12/357-16:17:24,849) /usr/sbin/irqbalance --foreground
(root,24208,720,00:00:00/357-16:17:24,862) /usr/sbin/atd -f
(root,124504,1368,00:07:09/357-16:17:24,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/357-16:17:24,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/357-16:17:24,869) [kworker/3:1H]
(chrony,97380,1320,00:02:00/357-16:17:24,888) /usr/sbin/chronyd
(root,113472,3140,00:32:18/357-16:17:15,1226) /usr/sbin/sshd -D
(root,1093068,7684,02:18:42/357-16:17:15,1237) /usr/sbin/rsyslogd -n
(root,27380,808,00:02:50/357-16:17:15,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,37468,02:00:20/357-16:17:14,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4200,00:15:47/357-16:17:11,1820) dnsadmin - dormant mode
(root,214092,18352,03:31:32/357-16:17:11,1825) tailwatchd
(root,183604,6556,00:14:21/357-16:17:11,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,259092,28520,00:00:20/1-10:49:36,1861) cpsrvd (SSL) - waiting for connections                   
(root,130156,2264,00:01:54/357-16:17:11,1863) cpanellogd - sleeping for logs
(cpanelconnecttrack,9820,3152,00:10:09/1-10:49:36,1874) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,0,0,00:00:00/09:25:35,2618) [kworker/5:0]
(root,12736,1340,00:00:11/7-03:28:05,2668) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12748,1356,00:00:10/7-03:28:05,2669) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235460,4232,00:00:00/7-03:28:05,2670) /usr/sbin/httpd -k start
(root,53088,11456,00:00:00/7-03:28:05,2671) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3160904,32400,00:01:21/7-03:28:05,2672) /usr/sbin/httpd -k start
(nobody,3160904,32592,00:01:20/7-03:28:05,2673) /usr/sbin/httpd -k start
(nobody,3291976,32768,00:01:22/7-03:28:05,2674) /usr/sbin/httpd -k start
(nobody,3095368,33480,00:01:20/7-03:28:04,2843) /usr/sbin/httpd -k start
(nobody,3226440,33664,00:01:20/7-03:28:04,2844) /usr/sbin/httpd -k start
(root,189796,12168,00:00:09/1-10:43:47,2979) cPhulkd - processor
(root,152184,11132,00:00:07/1-10:43:43,3007) cPhulkd - dbprocessor
(root,51440,2424,00:00:22/1-10:43:40,3041) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovenull,51984,7676,00:00:43/1-10:43:40,3051) dovecot/pop3-login
(dovenull,52660,8456,00:00:38/1-10:43:40,3052) dovecot/imap-login
(dovecot,10272,1300,00:00:07/1-10:43:40,3053) dovecot/anvil
(root,10404,1496,00:00:12/1-10:43:40,3054) dovecot/log
(dovenull,50212,5980,00:00:04/1-10:43:40,3055) dovecot/pop3-login
(dovenull,51056,6784,00:00:10/1-10:43:40,3056) dovecot/imap-login
(root,15960,3492,00:00:19/1-10:43:40,3057) dovecot/config
(dovecot,50100,3684,00:00:14/1-10:43:40,3058) dovecot/stats
(dovecot,74264,5868,00:01:20/1-10:43:40,3059) dovecot/auth
(dovecot,10412,1508,00:00:03/1-10:43:05,3201) dovecot/imap-hibernate
(root,246204,92072,00:00:25/13:42:53,3720) spamd child
(root,233696,76608,00:00:01/09:14:01,3966) spamd child
(root,0,0,00:00:00/02:42:15,5776) [kworker/u16:2]
(root,0,0,00:00:00/02:35:38,6317) [kworker/2:2]
(root,0,0,00:00:01/22:06:07,6672) [kworker/4:2]
(root,0,0,00:00:00/02:20:38,7557) [kworker/3:0]
(root,178608,29044,00:00:03/01:55:37,9725) lfd - sleeping
(root,0,0,00:00:00/21:15:18,11258) [kworker/6:0]
(scliegyp,38588,3852,00:00:00/01:37:53,11351) dovecot/imap
(root,0,0,00:00:00/01:35:38,11696) [kworker/7:0]
(root,3108,36,00:03:03/357-12:14:52,12075) /usr/bin/RCdaemon
(root,0,0,00:00:01/21:05:37,12193) [kworker/2:0]
(root,0,0,00:00:00/01:10:38,13654) [kworker/0:1]
(root,185004,2412,00:00:00/55:38,14867) /usr/sbin/CROND -n
(root,113280,1200,00:00:00/55:38,14875) /bin/sh -c sleep $((1 + RANDOM % 5))h $((1 + RANDOM % 60))m; /usr/local/bin/wp-toolkit update-configuration > /dev/null 2> /dev/null || /usr/local/cpanel/3rdparty/wp-toolkit/bin/wp-toolkit-installer.sh --generate-configs > /dev/null 2> /dev/null; /usr/bin/yum -y update wp-toolkit-cpanel > /dev/null 2> /dev/null
(root,108052,356,00:00:00/55:38,14882) sleep 1h 23m
(root,0,0,00:00:00/45:38,15797) [kworker/6:2]
(root,0,0,00:00:00/35:37,16500) [kworker/4:1]
(nobody,3226440,32464,00:01:19/6-12:55:42,17110) /usr/sbin/httpd -k start
(scliegyp,39636,4776,00:00:00/21:37,17711) dovecot/imap
(root,0,0,00:00:00/20:38,17841) [kworker/3:1]
(scliegyp,38664,3760,00:00:00/17:20,18098) dovecot/imap
(root,0,0,00:00:00/15:38,18236) [kworker/1:2]
(root,0,0,00:00:00/15:11,18304) [kworker/7:1]
(scliegyp,38288,3596,00:00:00/12:07,18523) dovecot/imap
(root,0,0,00:00:00/05:49,19012) [kworker/u16:1]
(root,0,0,00:00:00/05:38,19084) [kworker/5:1]
(scliegyp,31612,3492,00:00:00/02:25,19363) dovecot/pop3
(root,72960,4264,00:00:00/00:58,19417) dovecot/auth -w
(root,113472,4588,00:00:00/00:44,19437) sshd: [accepted]
(root,0,0,00:00:00/00:13,19540) [cpsrvd (SSL) - ] <defunct>
(root,189796,10848,00:00:00/00:02,19553) cPhulkd - processor - http socket
(root,113500,1620,00:00:00/00:00,19699) /bin/bash /usr/bin/check_mk_agent
(polkitd,610664,2896,00:28:52/357-15:19:43,19715) /usr/lib/polkit-1/polkitd --no-debug
(root,49820,1560,00:00:00/00:00,19724) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,19725) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(named,763956,27628,03:00:23/357-15:19:41,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,0,0,00:00:06/1-07:14:22,24441) [kworker/0:0]
(mysql,3441212,501856,08:07:07/123-14:06:37,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(mailnull,89196,13052,00:01:58/11-12:31:24,26568) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,2566028,1597092,08:14:44/353-20:19:59,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,292800,5128,00:00:15/3-22:43:19,28704) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,20248,00:00:04/3-22:43:18,28729) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404400,48100,00:03:33/3-22:43:14,28818) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,32564,00:00:04/3-22:43:14,28822) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,235460,14300,00:01:06/7-17:36:42,29363) /usr/sbin/httpd -k start
(root,33404,3480,00:01:37/320-05:33:19,29439) /sbin/rsyslogd
(root,0,0,00:00:00/04:20:37,29948) [kworker/1:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-06 00:55

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb103fddf2db

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4112,03:11:26/355-16:01:44,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:06/355-16:01:44,2) [kthreadd]
(root,0,0,00:00:00/355-16:01:44,4) [kworker/0:0H]
(root,0,0,00:39:14/355-16:01:44,6) [ksoftirqd/0]
(root,0,0,00:00:02/355-16:01:44,7) [migration/0]
(root,0,0,00:00:00/355-16:01:44,8) [rcu_bh]
(root,0,0,05:22:00/355-16:01:44,9) [rcu_sched]
(root,0,0,00:00:00/355-16:01:44,10) [lru-add-drain]
(root,0,0,00:02:48/355-16:01:44,11) [watchdog/0]
(root,0,0,00:02:19/355-16:01:44,12) [watchdog/1]
(root,0,0,00:00:02/355-16:01:44,13) [migration/1]
(root,0,0,00:00:16/355-16:01:44,14) [ksoftirqd/1]
(root,0,0,00:00:00/355-16:01:44,16) [kworker/1:0H]
(root,0,0,00:02:19/355-16:01:44,17) [watchdog/2]
(root,0,0,00:00:02/355-16:01:44,18) [migration/2]
(root,0,0,00:00:15/355-16:01:44,19) [ksoftirqd/2]
(root,0,0,00:00:00/355-16:01:44,21) [kworker/2:0H]
(root,0,0,00:02:22/355-16:01:44,22) [watchdog/3]
(root,0,0,00:00:01/355-16:01:44,23) [migration/3]
(root,0,0,00:00:14/355-16:01:44,24) [ksoftirqd/3]
(root,0,0,00:00:00/355-16:01:44,26) [kworker/3:0H]
(root,0,0,00:02:16/355-16:01:44,27) [watchdog/4]
(root,0,0,00:01:13/355-16:01:44,28) [migration/4]
(root,0,0,00:00:22/355-16:01:44,29) [ksoftirqd/4]
(root,0,0,00:00:00/355-16:01:44,31) [kworker/4:0H]
(root,0,0,00:02:11/355-16:01:44,32) [watchdog/5]
(root,0,0,00:01:33/355-16:01:44,33) [migration/5]
(root,0,0,00:00:30/355-16:01:44,34) [ksoftirqd/5]
(root,0,0,00:00:00/355-16:01:44,36) [kworker/5:0H]
(root,0,0,00:02:11/355-16:01:44,37) [watchdog/6]
(root,0,0,00:01:08/355-16:01:44,38) [migration/6]
(root,0,0,00:00:31/355-16:01:44,39) [ksoftirqd/6]
(root,0,0,00:00:00/355-16:01:44,41) [kworker/6:0H]
(root,0,0,00:02:24/355-16:01:44,42) [watchdog/7]
(root,0,0,00:01:07/355-16:01:44,43) [migration/7]
(root,0,0,00:11:25/355-16:01:44,44) [ksoftirqd/7]
(root,0,0,00:00:00/355-16:01:44,46) [kworker/7:0H]
(root,0,0,00:00:00/355-16:01:44,48) [kdevtmpfs]
(root,0,0,00:00:00/355-16:01:44,49) [netns]
(root,0,0,00:00:26/355-16:01:44,50) [khungtaskd]
(root,0,0,00:00:00/355-16:01:44,51) [writeback]
(root,0,0,00:00:00/355-16:01:44,52) [kintegrityd]
(root,0,0,00:00:00/355-16:01:44,53) [bioset]
(root,0,0,00:00:00/355-16:01:44,54) [bioset]
(root,0,0,00:00:00/355-16:01:44,55) [bioset]
(root,0,0,00:00:00/355-16:01:44,56) [kblockd]
(root,0,0,00:00:00/355-16:01:44,57) [md]
(root,0,0,00:00:00/355-16:01:44,58) [edac-poller]
(root,0,0,00:00:00/355-16:01:44,59) [watchdogd]
(root,0,0,00:59:38/355-16:01:44,66) [kswapd0]
(root,0,0,00:00:00/355-16:01:44,67) [ksmd]
(root,0,0,00:01:55/355-16:01:44,68) [khugepaged]
(root,0,0,00:00:00/355-16:01:44,69) [crypto]
(root,0,0,00:00:00/355-16:01:44,77) [kthrotld]
(root,0,0,00:00:00/355-16:01:44,80) [kmpath_rdacd]
(root,0,0,00:00:00/355-16:01:44,81) [kaluad]
(root,0,0,00:00:00/355-16:01:44,82) [kpsmoused]
(root,0,0,00:00:00/355-16:01:44,84) [ipv6_addrconf]
(root,0,0,00:00:00/355-16:01:44,97) [deferwq]
(root,0,0,00:16:52/355-16:01:43,144) [kauditd]
(root,0,0,00:00:00/355-16:01:43,368) [ata_sff]
(root,0,0,00:00:00/355-16:01:43,404) [scsi_eh_0]
(root,0,0,00:00:00/355-16:01:43,405) [scsi_tmf_0]
(root,0,0,00:00:00/355-16:01:43,406) [scsi_eh_1]
(root,0,0,00:00:00/355-16:01:43,407) [scsi_tmf_1]
(root,0,0,00:00:00/355-16:01:43,408) [scsi_eh_2]
(root,0,0,00:00:00/355-16:01:43,409) [scsi_tmf_2]
(root,0,0,00:00:00/355-16:01:43,410) [scsi_eh_3]
(root,0,0,00:00:00/355-16:01:43,411) [scsi_tmf_3]
(root,0,0,00:00:00/355-16:01:43,412) [scsi_eh_4]
(root,0,0,00:00:00/355-16:01:43,413) [scsi_tmf_4]
(root,0,0,00:00:00/355-16:01:43,414) [scsi_eh_5]
(root,0,0,00:00:00/355-16:01:43,415) [scsi_tmf_5]
(root,245436,91280,00:00:04/11:00:22,433) spamd child
(root,0,0,00:00:00/355-16:01:41,488) [kdmflush]
(root,0,0,00:00:00/355-16:01:41,489) [bioset]
(root,0,0,00:00:15/355-16:01:41,506) [kworker/0:1H]
(root,0,0,01:02:32/355-16:01:41,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/355-16:01:41,514) [ext4-rsv-conver]
(root,80408,33144,04:23:39/355-16:01:39,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/355-16:01:39,627) [kworker/4:1H]
(root,0,0,00:00:05/355-16:01:38,629) [kworker/1:1H]
(root,198572,760,00:00:00/355-16:01:38,633) /usr/sbin/lvmetad -f
(root,46060,1024,00:00:00/355-16:01:38,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/355-16:01:37,644) [kworker/2:1H]
(root,0,0,00:21:58/355-16:01:37,645) [kworker/7:1H]
(root,0,0,00:00:02/355-16:01:36,687) [kworker/5:1H]
(root,0,0,00:00:00/355-16:01:36,688) [irq/125-mei_me]
(root,0,0,00:00:00/355-16:01:36,689) [kvm-irqfd-clean]
(root,151528,10264,00:00:03/19:51:41,700) cPhulkd - dbprocessor
(root,0,0,00:00:00/355-16:01:34,714) [jbd2/sda2-8]
(root,0,0,00:00:00/355-16:01:34,715) [ext4-rsv-conver]
(root,0,0,00:04:08/355-16:01:33,719) [jbd2/sda3-8]
(root,0,0,00:00:00/355-16:01:33,720) [ext4-rsv-conver]
(root,0,0,00:10:31/355-16:01:33,724) [jbd2/sdb-8]
(root,0,0,00:00:00/355-16:01:33,725) [ext4-rsv-conver]
(root,0,0,00:00:02/355-16:01:31,740) [kworker/6:1H]
(root,57704,724,00:36:18/355-16:01:21,748) /sbin/auditd
(dbus,58232,1900,01:19:47/355-16:01:20,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,1768,00:40:04/355-16:01:19,788) /usr/lib/systemd/systemd-logind
(root,229032,9072,00:13:37/355-16:01:19,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5828,01:44:45/355-16:01:19,794) /usr/sbin/nscd
(root,52900,1892,00:00:19/355-16:01:19,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:19:45/355-16:01:19,849) /usr/sbin/irqbalance --foreground
(root,24208,720,00:00:00/355-16:01:19,862) /usr/sbin/atd -f
(root,124504,1368,00:07:06/355-16:01:19,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/355-16:01:19,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/355-16:01:19,869) [kworker/3:1H]
(chrony,97380,1328,00:01:59/355-16:01:19,888) /usr/sbin/chronyd
(root,113472,3148,00:32:06/355-16:01:10,1226) /usr/sbin/sshd -D
(root,1084876,15400,02:17:55/355-16:01:10,1237) /usr/sbin/rsyslogd -n
(root,27380,808,00:02:50/355-16:01:10,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,37908,01:59:39/355-16:01:09,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4204,00:15:42/355-16:01:06,1820) dnsadmin - dormant mode
(root,214092,18328,03:30:15/355-16:01:06,1825) tailwatchd
(root,183604,6556,00:14:17/355-16:01:06,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,130156,2264,00:01:53/355-16:01:06,1863) cpanellogd - sleeping for logs
(root,12740,1340,00:00:04/5-03:12:00,2668) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12748,1356,00:00:04/5-03:12:00,2669) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235460,4228,00:00:00/5-03:12:00,2670) /usr/sbin/httpd -k start
(root,53088,11720,00:00:00/5-03:12:00,2671) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3160904,29740,00:00:42/5-03:12:00,2672) /usr/sbin/httpd -k start
(nobody,3160904,30712,00:00:42/5-03:12:00,2673) /usr/sbin/httpd -k start
(nobody,3291976,30260,00:00:43/5-03:12:00,2674) /usr/sbin/httpd -k start
(dovenull,51636,7436,00:02:08/5-03:12:00,2831) dovecot/pop3-login
(dovenull,51764,7288,00:00:32/5-03:12:00,2832) dovecot/imap-login
(root,10528,1612,00:00:42/5-03:12:00,2833) dovecot/log
(dovenull,50560,6144,00:00:22/5-03:12:00,2834) dovecot/pop3-login
(dovenull,53040,8676,00:02:07/5-03:12:00,2835) dovecot/imap-login
(root,16052,3488,00:01:01/5-03:12:00,2836) dovecot/config
(dovecot,50336,3840,00:00:47/5-03:12:00,2837) dovecot/stats
(nobody,3095368,31224,00:00:42/5-03:11:59,2843) /usr/sbin/httpd -k start
(nobody,3226440,30852,00:00:41/5-03:11:59,2844) /usr/sbin/httpd -k start
(dovecot,10412,1508,00:00:12/5-03:11:23,3005) dovecot/imap-hibernate
(root,0,0,00:00:03/3-04:04:33,3951) [kworker/6:0]
(root,0,0,00:00:09/1-20:14:30,8654) [kworker/0:0]
(root,225548,36456,00:00:00/03:20:22,11193) spamd child
(root,3108,36,00:03:02/355-11:58:47,12075) /usr/bin/RCdaemon
(root,0,0,00:00:00/03:06:29,12384) [kworker/5:2]
(root,0,0,00:00:00/02:38:33,14842) [kworker/6:1]
(nobody,3226440,28952,00:00:39/4-12:39:37,17110) /usr/sbin/httpd -k start
(root,0,0,00:00:00/02:09:33,17204) [kworker/3:0]
(root,0,0,00:00:01/17:09:32,17372) [kworker/1:2]
(root,0,0,00:00:00/01:49:33,18829) [kworker/3:1]
(dovecot,74280,5884,00:04:41/4-18:18:56,19477) dovecot/auth
(root,0,0,00:00:00/01:39:32,19626) [kworker/7:0]
(root,0,0,00:00:00/01:39:32,19665) [kworker/1:1]
(root,178612,29056,00:00:02/01:39:32,19698) lfd - sleeping
(polkitd,610664,2896,00:28:42/355-15:03:38,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763956,27716,02:59:08/355-15:03:36,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,230008,24048,00:00:00/01:38:35,20085) cpsrvd (SSL) - waiting for connections                   
(root,0,0,00:00:00/07:39:33,21000) [kworker/4:0]
(root,0,0,00:00:00/01:02:35,23041) [kworker/u16:2]
(root,185104,2424,00:00:00/39:32,24799) /usr/sbin/CROND -n
(root,113280,1204,00:00:00/39:32,24808) /bin/sh -c sleep $((1 + RANDOM % 5))h $((1 + RANDOM % 60))m; /usr/local/bin/wp-toolkit update-configuration > /dev/null 2> /dev/null || /usr/local/cpanel/3rdparty/wp-toolkit/bin/wp-toolkit-installer.sh --generate-configs > /dev/null 2> /dev/null; /usr/bin/yum -y update wp-toolkit-cpanel > /dev/null 2> /dev/null
(root,108052,356,00:00:00/39:32,24813) sleep 5h 46m
(mysql,3441212,439592,07:58:25/121-13:50:32,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,189788,12536,00:12:23/121-13:50:28,25125) cPhulkd - processor
(scliegyp,38612,3732,00:00:00/29:18,25766) dovecot/imap
(scliegyp,38024,3328,00:00:00/26:42,25934) dovecot/imap
(root,0,0,00:00:00/24:41,26029) [kworker/7:2]
(root,51488,2268,00:02:47/9-12:15:33,26149) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(scliegyp,37752,3072,00:00:00/24:22,26153) dovecot/imap
(dovecot,10272,1212,00:00:58/9-12:15:33,26168) dovecot/anvil
(scliegyp,38024,3332,00:00:00/20:59,26372) dovecot/imap
(root,0,0,00:00:00/19:33,26475) [kworker/2:2]
(root,0,0,00:00:00/19:33,26510) [kworker/5:0]
(scliegyp,37752,3076,00:00:00/18:57,26558) dovecot/imap
(mailnull,89196,13204,00:01:39/9-12:15:19,26568) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(cpanelconnecttrack,9800,3072,01:11:48/9-12:15:01,26635) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(scliegyp,39028,4188,00:00:00/16:47,26728) dovecot/imap
(root,0,0,00:00:00/13:33,26939) [kworker/0:1]
(scliegyp,38024,3328,00:00:00/09:22,27288) dovecot/imap
(root,2565848,1602668,08:11:06/351-20:03:54,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(scliegyp,37752,3076,00:00:00/07:21,27390) dovecot/imap
(root,0,0,00:00:01/20:47:53,27418) [kworker/4:2]
(root,0,0,00:00:00/05:11,27575) [kworker/u16:0]
(root,0,0,00:00:00/04:33,27686) [kworker/5:1]
(root,0,0,00:00:00/02:30,27778) [kworker/7:1]
(mailnull,89428,9424,00:00:00/01:46,27802) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89428,9424,00:00:00/01:26,27905) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89428,9424,00:00:00/01:06,27916) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89428,9424,00:00:00/00:47,27938) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89428,9424,00:00:00/00:25,27958) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,189788,10876,00:00:00/00:11,27971) cPhulkd - processor - http socket
(mailnull,89428,9424,00:00:00/00:06,27976) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,113500,1624,00:00:00/00:00,28115) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,28133) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,944,00:00:00/00:00,28134) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,292800,5116,00:00:07/1-22:27:14,28704) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,20252,00:00:01/1-22:27:13,28729) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404400,48100,00:01:42/1-22:27:09,28818) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,32564,00:00:02/1-22:27:09,28822) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,235460,14300,00:00:48/5-17:20:37,29363) /usr/sbin/httpd -k start
(root,33404,3480,00:01:37/318-05:17:14,29439) /sbin/rsyslogd
(root,0,0,00:00:02/2-10:04:32,29741) [kworker/2:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-04 00:39

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb102ff6d35c

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4108,03:10:28/353-16:25:39,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:06/353-16:25:39,2) [kthreadd]
(root,0,0,00:00:00/353-16:25:39,4) [kworker/0:0H]
(root,0,0,00:38:55/353-16:25:39,6) [ksoftirqd/0]
(root,0,0,00:00:02/353-16:25:39,7) [migration/0]
(root,0,0,00:00:00/353-16:25:39,8) [rcu_bh]
(root,0,0,05:20:12/353-16:25:39,9) [rcu_sched]
(root,0,0,00:00:00/353-16:25:39,10) [lru-add-drain]
(root,0,0,00:02:47/353-16:25:39,11) [watchdog/0]
(root,0,0,00:02:18/353-16:25:39,12) [watchdog/1]
(root,0,0,00:00:02/353-16:25:39,13) [migration/1]
(root,0,0,00:00:16/353-16:25:39,14) [ksoftirqd/1]
(root,0,0,00:00:00/353-16:25:39,16) [kworker/1:0H]
(root,0,0,00:02:18/353-16:25:39,17) [watchdog/2]
(root,0,0,00:00:02/353-16:25:39,18) [migration/2]
(root,0,0,00:00:15/353-16:25:39,19) [ksoftirqd/2]
(root,0,0,00:00:00/353-16:25:39,21) [kworker/2:0H]
(root,0,0,00:02:21/353-16:25:39,22) [watchdog/3]
(root,0,0,00:00:01/353-16:25:39,23) [migration/3]
(root,0,0,00:00:14/353-16:25:39,24) [ksoftirqd/3]
(root,0,0,00:00:00/353-16:25:39,26) [kworker/3:0H]
(root,0,0,00:02:15/353-16:25:39,27) [watchdog/4]
(root,0,0,00:01:13/353-16:25:39,28) [migration/4]
(root,0,0,00:00:22/353-16:25:39,29) [ksoftirqd/4]
(root,0,0,00:00:00/353-16:25:39,31) [kworker/4:0H]
(root,0,0,00:02:10/353-16:25:39,32) [watchdog/5]
(root,0,0,00:01:33/353-16:25:39,33) [migration/5]
(root,0,0,00:00:30/353-16:25:39,34) [ksoftirqd/5]
(root,0,0,00:00:00/353-16:25:39,36) [kworker/5:0H]
(root,0,0,00:02:10/353-16:25:39,37) [watchdog/6]
(root,0,0,00:01:08/353-16:25:39,38) [migration/6]
(root,0,0,00:00:30/353-16:25:39,39) [ksoftirqd/6]
(root,0,0,00:00:00/353-16:25:39,41) [kworker/6:0H]
(root,0,0,00:02:23/353-16:25:39,42) [watchdog/7]
(root,0,0,00:01:06/353-16:25:39,43) [migration/7]
(root,0,0,00:11:21/353-16:25:39,44) [ksoftirqd/7]
(root,0,0,00:00:00/353-16:25:39,46) [kworker/7:0H]
(root,0,0,00:00:00/353-16:25:39,48) [kdevtmpfs]
(root,0,0,00:00:00/353-16:25:39,49) [netns]
(root,0,0,00:00:26/353-16:25:39,50) [khungtaskd]
(root,0,0,00:00:00/353-16:25:39,51) [writeback]
(root,0,0,00:00:00/353-16:25:39,52) [kintegrityd]
(root,0,0,00:00:00/353-16:25:39,53) [bioset]
(root,0,0,00:00:00/353-16:25:39,54) [bioset]
(root,0,0,00:00:00/353-16:25:39,55) [bioset]
(root,0,0,00:00:00/353-16:25:39,56) [kblockd]
(root,0,0,00:00:00/353-16:25:39,57) [md]
(root,0,0,00:00:00/353-16:25:39,58) [edac-poller]
(root,0,0,00:00:00/353-16:25:39,59) [watchdogd]
(root,0,0,00:59:22/353-16:25:39,66) [kswapd0]
(root,0,0,00:00:00/353-16:25:39,67) [ksmd]
(root,0,0,00:01:54/353-16:25:39,68) [khugepaged]
(root,0,0,00:00:00/353-16:25:39,69) [crypto]
(root,0,0,00:00:00/353-16:25:39,77) [kthrotld]
(root,0,0,00:00:00/353-16:25:39,80) [kmpath_rdacd]
(root,0,0,00:00:00/353-16:25:39,81) [kaluad]
(root,0,0,00:00:00/353-16:25:39,82) [kpsmoused]
(root,0,0,00:00:00/353-16:25:39,84) [ipv6_addrconf]
(root,0,0,00:00:00/353-16:25:39,97) [deferwq]
(root,0,0,00:16:47/353-16:25:38,144) [kauditd]
(root,0,0,00:00:00/353-16:25:38,368) [ata_sff]
(root,0,0,00:00:00/353-16:25:38,404) [scsi_eh_0]
(root,0,0,00:00:00/353-16:25:38,405) [scsi_tmf_0]
(root,0,0,00:00:00/353-16:25:38,406) [scsi_eh_1]
(root,0,0,00:00:00/353-16:25:38,407) [scsi_tmf_1]
(root,0,0,00:00:00/353-16:25:38,408) [scsi_eh_2]
(root,0,0,00:00:00/353-16:25:38,409) [scsi_tmf_2]
(root,0,0,00:00:00/353-16:25:38,410) [scsi_eh_3]
(root,0,0,00:00:00/353-16:25:38,411) [scsi_tmf_3]
(root,0,0,00:00:00/353-16:25:38,412) [scsi_eh_4]
(root,0,0,00:00:00/353-16:25:38,413) [scsi_tmf_4]
(root,0,0,00:00:00/353-16:25:38,414) [scsi_eh_5]
(root,0,0,00:00:00/353-16:25:38,415) [scsi_tmf_5]
(root,0,0,00:00:01/23:14:08,461) [kworker/4:2]
(root,0,0,00:00:00/353-16:25:36,488) [kdmflush]
(root,0,0,00:00:00/353-16:25:36,489) [bioset]
(root,0,0,00:00:15/353-16:25:36,506) [kworker/0:1H]
(root,0,0,01:02:09/353-16:25:36,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/353-16:25:36,514) [ext4-rsv-conver]
(root,129660,65676,04:22:05/353-16:25:34,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/353-16:25:34,627) [kworker/4:1H]
(root,0,0,00:00:05/353-16:25:33,629) [kworker/1:1H]
(root,198572,760,00:00:00/353-16:25:33,633) /usr/sbin/lvmetad -f
(root,46060,1072,00:00:00/353-16:25:33,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/353-16:25:32,644) [kworker/2:1H]
(root,0,0,00:21:50/353-16:25:32,645) [kworker/7:1H]
(root,0,0,00:00:02/353-16:25:31,687) [kworker/5:1H]
(root,0,0,00:00:00/353-16:25:31,688) [irq/125-mei_me]
(root,0,0,00:00:00/353-16:25:31,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/353-16:25:29,714) [jbd2/sda2-8]
(root,0,0,00:00:00/353-16:25:29,715) [ext4-rsv-conver]
(root,0,0,00:03:58/353-16:25:28,719) [jbd2/sda3-8]
(root,0,0,00:00:00/353-16:25:28,720) [ext4-rsv-conver]
(root,0,0,00:10:27/353-16:25:28,724) [jbd2/sdb-8]
(root,0,0,00:00:00/353-16:25:28,725) [ext4-rsv-conver]
(root,0,0,00:00:02/353-16:25:26,740) [kworker/6:1H]
(root,57704,724,00:36:07/353-16:25:16,748) /sbin/auditd
(dbus,58232,1908,01:19:25/353-16:25:15,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,1764,00:39:53/353-16:25:14,788) /usr/lib/systemd/systemd-logind
(root,229032,9216,00:13:32/353-16:25:14,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5844,01:44:12/353-16:25:14,794) /usr/sbin/nscd
(root,52900,1892,00:00:19/353-16:25:14,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:19:19/353-16:25:14,849) /usr/sbin/irqbalance --foreground
(root,24208,720,00:00:00/353-16:25:14,862) /usr/sbin/atd -f
(root,124504,1368,00:07:04/353-16:25:14,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/353-16:25:14,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/353-16:25:14,869) [kworker/3:1H]
(chrony,97380,1360,00:01:59/353-16:25:14,888) /usr/sbin/chronyd
(root,0,0,00:00:02/2-10:14:10,1165) [kworker/1:2]
(root,113472,3148,00:31:55/353-16:25:05,1226) /usr/sbin/sshd -D
(root,1093068,16592,02:17:07/353-16:25:05,1237) /usr/sbin/rsyslogd -n
(root,27380,808,00:02:50/353-16:25:05,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,38080,01:59:00/353-16:25:04,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,229604,18608,00:15:36/353-16:25:01,1820) dnsadmin - server mode
(root,213960,24128,03:29:00/353-16:25:01,1825) tailwatchd
(root,183604,6560,00:14:11/353-16:25:01,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,130156,2264,00:01:52/353-16:25:01,1863) cpanellogd - sleeping for logs
(root,292800,1084,00:03:09/45-23:01:16,2272) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,4400,00:01:04/45-23:01:16,2297) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404492,6932,00:42:09/45-23:01:12,2387) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,8520,00:00:58/45-23:01:12,2391) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,12736,1340,00:00:02/3-03:35:55,2668) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12740,1356,00:00:02/3-03:35:55,2669) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235460,4316,00:00:00/3-03:35:55,2670) /usr/sbin/httpd -k start
(root,53088,11756,00:00:00/3-03:35:55,2671) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3160904,28320,00:00:24/3-03:35:55,2672) /usr/sbin/httpd -k start
(nobody,3095368,29956,00:00:25/3-03:35:55,2673) /usr/sbin/httpd -k start
(nobody,3291976,29864,00:00:25/3-03:35:55,2674) /usr/sbin/httpd -k start
(dovenull,51640,7472,00:01:04/3-03:35:55,2831) dovecot/pop3-login
(dovenull,51132,6580,00:00:15/3-03:35:55,2832) dovecot/imap-login
(root,10528,1612,00:00:20/3-03:35:55,2833) dovecot/log
(dovenull,50328,5836,00:00:11/3-03:35:55,2834) dovecot/pop3-login
(dovenull,52592,8080,00:01:11/3-03:35:55,2835) dovecot/imap-login
(root,16052,3488,00:00:28/3-03:35:55,2836) dovecot/config
(dovecot,50204,3588,00:00:23/3-03:35:55,2837) dovecot/stats
(nobody,3029832,29340,00:00:24/3-03:35:54,2843) /usr/sbin/httpd -k start
(nobody,3160904,30056,00:00:24/3-03:35:54,2844) /usr/sbin/httpd -k start
(dovecot,10412,1508,00:00:07/3-03:35:18,3005) dovecot/imap-hibernate
(root,0,0,00:00:00/03:22:48,3591) [kworker/u16:2]
(root,0,0,00:00:01/1-04:28:28,3951) [kworker/6:0]
(root,244072,88092,00:00:10/08:53:52,6920) spamd child
(root,240256,83016,00:00:00/08:53:52,6921) spamd child
(root,0,0,00:00:00/1-03:22:21,10166) [kworker/5:1]
(root,178612,29144,00:00:03/02:03:28,10531) lfd - sleeping
(root,0,0,00:00:00/02:03:12,10662) [kworker/u16:1]
(root,3108,36,00:03:01/353-12:22:42,12075) /usr/bin/RCdaemon
(root,0,0,00:00:00/01:18:28,15218) [kworker/5:2]
(root,185104,2420,00:00:00/01:03:28,16739) /usr/sbin/CROND -n
(root,113280,1208,00:00:00/01:03:28,16745) /bin/sh -c sleep $((1 + RANDOM % 5))h $((1 + RANDOM % 60))m; /usr/local/bin/wp-toolkit update-configuration > /dev/null 2> /dev/null || /usr/local/cpanel/3rdparty/wp-toolkit/bin/wp-toolkit-installer.sh --generate-configs > /dev/null 2> /dev/null; /usr/bin/yum -y update wp-toolkit-cpanel > /dev/null 2> /dev/null
(root,108052,356,00:00:00/01:03:28,16751) sleep 2h 11m
(root,0,0,00:00:00/01:03:25,16853) [kworker/4:0]
(nobody,3226440,27840,00:00:21/2-13:03:32,17110) /usr/sbin/httpd -k start
(root,0,0,00:00:00/53:28,17619) [kworker/2:2]
(root,0,0,00:00:00/43:27,18456) [kworker/3:0]
(scliegyp,38296,3596,00:00:00/42:59,18579) dovecot/imap
(scliegyp,38268,3600,00:00:00/36:05,19057) dovecot/imap
(root,0,0,00:00:00/33:28,19172) [kworker/0:2]
(dovecot,74120,5688,00:02:00/2-18:42:51,19477) dovecot/auth
(root,0,0,00:00:00/28:45,19531) [kworker/7:1]
(root,0,0,00:00:00/28:27,19638) [kworker/3:2]
(polkitd,610664,3092,00:28:33/353-15:27:33,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763956,28592,02:57:54/353-15:27:31,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,0,0,00:00:00/23:28,20008) [kworker/1:0]
(scliegyp,29056,2580,00:00:00/21:53,20140) dovecot/quota-status -p postfix
(scliegyp,38428,3540,00:00:00/20:04,20333) dovecot/imap
(scliegyp,38144,3356,00:00:00/19:04,20393) dovecot/imap
(scliegyp,37752,3076,00:00:00/17:03,20559) dovecot/imap
(root,161752,5784,00:00:00/3-14:57:27,20630) sshd: root@pts/0
(root,114936,3372,00:00:00/3-14:57:25,20635) -bash
(root,0,0,00:00:00/14:07,20832) [kworker/7:2]
(root,0,0,00:00:00/13:28,20922) [kworker/6:2]
(scliegyp,32116,3664,00:00:00/09:58,21211) dovecot/pop3
(scliegyp,38784,4448,00:00:00/06:28,21523) dovecot/imap
(scliegyp,38144,3356,00:00:00/04:47,21607) dovecot/imap
(root,0,0,00:00:00/03:27,21730) [kworker/6:1]
(root,235896,31620,00:00:00/03:27,21770) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/backup
(root,0,0,00:00:00/03:22,21794) [kworker/u16:0]
(root,4356,612,00:00:00/03:05,21866) /usr/local/cpanel/bin/cpuwatch 7.0000 --report-fd 8 /usr/local/cpanel/bin/pkgacct --link_dest=/backup/2024-12-01/accounts/scliegyp --incremental scliegyp /backup/2024-12-02/accounts backup
(root,277328,33268,00:00:00/03:05,21867) pkgacct - scliegyp - av: 4 - waiting for subprocess: 21870
(root,284524,34904,00:01:23/03:02,21870) pkgacct - scliegyp - av: 4 - subprocess
(scliegyp,37752,3076,00:00:00/02:41,21880) dovecot/imap
(root,125300,8328,00:00:05/00:36,22081) rsync --archive --human-readable --from0 --no-owner --no-group --delete-excluded --exclude-from=/var/cpanel/safesync/excludelist.1001.work.1f4d52bc --link-dest=/backup/2024-12-01/accounts/scliegyp/homedir --rsh /usr/local/cpanel/bin/run_as_user scliegyp:/home/scliegyp/ /backup/2024-12-02/accounts/scliegyp/homedir
(scliegyp,179092,17424,00:00:02/00:36,22082) rsync --server --sender -lDtpre.iLsfxC . /home/scliegyp/
(root,159004,13508,00:00:00/00:36,22083) rsync --archive --human-readable --from0 --no-owner --no-group --delete-excluded --exclude-from=/var/cpanel/safesync/excludelist.1001.work.1f4d52bc --link-dest=/backup/2024-12-01/accounts/scliegyp/homedir --rsh /usr/local/cpanel/bin/run_as_user scliegyp:/home/scliegyp/ /backup/2024-12-02/accounts/scliegyp/homedir
(root,189788,11068,00:00:00/00:03,22113) cPhulkd - processor - http socket
(root,113500,1624,00:00:00/00:00,22137) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,22155) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,22156) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(mysql,3441212,459984,07:50:56/119-14:14:27,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,189788,12160,00:12:11/119-14:14:23,25125) cPhulkd - processor
(root,51488,2556,00:02:08/7-12:39:28,26149) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1296,00:00:45/7-12:39:28,26168) dovecot/anvil
(root,151524,10296,00:00:15/3-14:17:27,26283) cPhulkd - dbprocessor
(mailnull,89196,13208,00:01:25/7-12:39:14,26568) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,258368,28416,00:02:14/7-12:38:56,26624) cpsrvd (SSL) - waiting for connections                   
(cpanelconnecttrack,9800,3208,00:55:16/7-12:38:56,26635) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,2629340,1623044,08:07:32/349-20:27:49,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,0,0,00:00:02/14:35:14,27678) [kworker/0:0]
(root,235460,14612,00:00:32/3-17:44:32,29363) /usr/sbin/httpd -k start
(root,33404,3480,00:01:36/316-05:41:09,29439) /sbin/rsyslogd
(root,0,0,00:00:00/10:28:27,29741) [kworker/2:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-02 01:03

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10670f9d87

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4108,03:09:22/351-16:19:51,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:06/351-16:19:51,2) [kthreadd]
(root,0,0,00:00:00/351-16:19:51,4) [kworker/0:0H]
(root,0,0,00:38:39/351-16:19:51,6) [ksoftirqd/0]
(root,0,0,00:00:02/351-16:19:51,7) [migration/0]
(root,0,0,00:00:00/351-16:19:51,8) [rcu_bh]
(root,0,0,05:18:25/351-16:19:51,9) [rcu_sched]
(root,0,0,00:00:00/351-16:19:51,10) [lru-add-drain]
(root,0,0,00:02:46/351-16:19:51,11) [watchdog/0]
(root,0,0,00:02:17/351-16:19:51,12) [watchdog/1]
(root,0,0,00:00:02/351-16:19:51,13) [migration/1]
(root,0,0,00:00:15/351-16:19:51,14) [ksoftirqd/1]
(root,0,0,00:00:00/351-16:19:51,16) [kworker/1:0H]
(root,0,0,00:02:17/351-16:19:51,17) [watchdog/2]
(root,0,0,00:00:02/351-16:19:51,18) [migration/2]
(root,0,0,00:00:15/351-16:19:51,19) [ksoftirqd/2]
(root,0,0,00:00:00/351-16:19:51,21) [kworker/2:0H]
(root,0,0,00:02:20/351-16:19:51,22) [watchdog/3]
(root,0,0,00:00:01/351-16:19:51,23) [migration/3]
(root,0,0,00:00:14/351-16:19:51,24) [ksoftirqd/3]
(root,0,0,00:00:00/351-16:19:51,26) [kworker/3:0H]
(root,0,0,00:02:15/351-16:19:51,27) [watchdog/4]
(root,0,0,00:01:12/351-16:19:51,28) [migration/4]
(root,0,0,00:00:22/351-16:19:51,29) [ksoftirqd/4]
(root,0,0,00:00:00/351-16:19:51,31) [kworker/4:0H]
(root,0,0,00:02:09/351-16:19:51,32) [watchdog/5]
(root,0,0,00:01:32/351-16:19:51,33) [migration/5]
(root,0,0,00:00:30/351-16:19:51,34) [ksoftirqd/5]
(root,0,0,00:00:00/351-16:19:51,36) [kworker/5:0H]
(root,0,0,00:02:09/351-16:19:51,37) [watchdog/6]
(root,0,0,00:01:08/351-16:19:51,38) [migration/6]
(root,0,0,00:00:30/351-16:19:51,39) [ksoftirqd/6]
(root,0,0,00:00:00/351-16:19:51,41) [kworker/6:0H]
(root,0,0,00:02:22/351-16:19:51,42) [watchdog/7]
(root,0,0,00:01:06/351-16:19:51,43) [migration/7]
(root,0,0,00:11:17/351-16:19:51,44) [ksoftirqd/7]
(root,0,0,00:00:00/351-16:19:51,46) [kworker/7:0H]
(root,0,0,00:00:00/351-16:19:51,48) [kdevtmpfs]
(root,0,0,00:00:00/351-16:19:51,49) [netns]
(root,0,0,00:00:26/351-16:19:51,50) [khungtaskd]
(root,0,0,00:00:00/351-16:19:51,51) [writeback]
(root,0,0,00:00:00/351-16:19:51,52) [kintegrityd]
(root,0,0,00:00:00/351-16:19:51,53) [bioset]
(root,0,0,00:00:00/351-16:19:51,54) [bioset]
(root,0,0,00:00:00/351-16:19:51,55) [bioset]
(root,0,0,00:00:00/351-16:19:51,56) [kblockd]
(root,0,0,00:00:00/351-16:19:51,57) [md]
(root,0,0,00:00:00/351-16:19:51,58) [edac-poller]
(root,0,0,00:00:00/351-16:19:51,59) [watchdogd]
(root,0,0,00:59:09/351-16:19:51,66) [kswapd0]
(root,0,0,00:00:00/351-16:19:51,67) [ksmd]
(root,0,0,00:01:54/351-16:19:51,68) [khugepaged]
(root,0,0,00:00:00/351-16:19:51,69) [crypto]
(root,0,0,00:00:00/351-16:19:51,77) [kthrotld]
(root,0,0,00:00:00/351-16:19:51,80) [kmpath_rdacd]
(root,0,0,00:00:00/351-16:19:51,81) [kaluad]
(root,0,0,00:00:00/351-16:19:51,82) [kpsmoused]
(root,0,0,00:00:00/351-16:19:51,84) [ipv6_addrconf]
(root,0,0,00:00:00/351-16:19:51,97) [deferwq]
(root,0,0,00:16:38/351-16:19:50,144) [kauditd]
(root,0,0,00:00:00/351-16:19:50,368) [ata_sff]
(root,0,0,00:00:00/351-16:19:50,404) [scsi_eh_0]
(root,0,0,00:00:00/351-16:19:50,405) [scsi_tmf_0]
(root,0,0,00:00:00/351-16:19:50,406) [scsi_eh_1]
(root,0,0,00:00:00/351-16:19:50,407) [scsi_tmf_1]
(root,0,0,00:00:00/351-16:19:50,408) [scsi_eh_2]
(root,0,0,00:00:00/351-16:19:50,409) [scsi_tmf_2]
(root,0,0,00:00:00/351-16:19:50,410) [scsi_eh_3]
(root,0,0,00:00:00/351-16:19:50,411) [scsi_tmf_3]
(root,0,0,00:00:00/351-16:19:50,412) [scsi_eh_4]
(root,0,0,00:00:00/351-16:19:50,413) [scsi_tmf_4]
(root,0,0,00:00:00/351-16:19:50,414) [scsi_eh_5]
(root,0,0,00:00:00/351-16:19:50,415) [scsi_tmf_5]
(root,0,0,00:00:00/351-16:19:48,488) [kdmflush]
(root,0,0,00:00:00/351-16:19:48,489) [bioset]
(root,0,0,00:00:15/351-16:19:48,506) [kworker/0:1H]
(root,0,0,01:01:48/351-16:19:48,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/351-16:19:48,514) [ext4-rsv-conver]
(root,47640,11132,04:20:38/351-16:19:46,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/351-16:19:46,627) [kworker/4:1H]
(root,0,0,00:00:05/351-16:19:45,629) [kworker/1:1H]
(root,198572,760,00:00:00/351-16:19:45,633) /usr/sbin/lvmetad -f
(root,46060,1076,00:00:00/351-16:19:45,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/351-16:19:44,644) [kworker/2:1H]
(root,0,0,00:21:42/351-16:19:44,645) [kworker/7:1H]
(root,0,0,00:00:02/351-16:19:43,687) [kworker/5:1H]
(root,0,0,00:00:00/351-16:19:43,688) [irq/125-mei_me]
(root,0,0,00:00:00/351-16:19:43,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/351-16:19:41,714) [jbd2/sda2-8]
(root,0,0,00:00:00/351-16:19:41,715) [ext4-rsv-conver]
(root,0,0,00:03:54/351-16:19:40,719) [jbd2/sda3-8]
(root,0,0,00:00:00/351-16:19:40,720) [ext4-rsv-conver]
(root,0,0,00:10:22/351-16:19:40,724) [jbd2/sdb-8]
(root,0,0,00:00:00/351-16:19:40,725) [ext4-rsv-conver]
(root,0,0,00:00:02/351-16:19:38,740) [kworker/6:1H]
(root,57704,724,00:35:49/351-16:19:28,748) /sbin/auditd
(dbus,58232,1908,01:18:59/351-16:19:27,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,1736,00:39:39/351-16:19:26,788) /usr/lib/systemd/systemd-logind
(root,229032,9320,00:13:28/351-16:19:26,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5796,01:43:37/351-16:19:26,794) /usr/sbin/nscd
(root,52900,1892,00:00:19/351-16:19:26,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:18:52/351-16:19:26,849) /usr/sbin/irqbalance --foreground
(root,24208,720,00:00:00/351-16:19:26,862) /usr/sbin/atd -f
(root,124504,1368,00:07:02/351-16:19:26,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/351-16:19:26,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/351-16:19:26,869) [kworker/3:1H]
(chrony,97380,1372,00:01:59/351-16:19:26,888) /usr/sbin/chronyd
(root,0,0,00:00:00/10:08:22,1165) [kworker/1:2]
(root,113472,3148,00:31:38/351-16:19:17,1226) /usr/sbin/sshd -D
(root,1084876,9508,02:16:21/351-16:19:17,1237) /usr/sbin/rsyslogd -n
(root,27380,808,00:02:50/351-16:19:17,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,38280,01:58:20/351-16:19:16,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4200,00:15:31/351-16:19:13,1820) dnsadmin - dormant mode
(root,213960,24192,03:28:06/351-16:19:13,1825) tailwatchd
(root,183604,6556,00:14:07/351-16:19:13,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,130156,2264,00:01:52/351-16:19:13,1863) cpanellogd - sleeping for logs
(root,292800,1084,00:03:01/43-22:55:28,2272) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,4400,00:01:01/43-22:55:28,2297) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404492,6932,00:40:18/43-22:55:24,2387) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,8520,00:00:56/43-22:55:24,2391) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,12736,1360,00:00:00/1-03:30:07,2668) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12744,1376,00:00:00/1-03:30:07,2669) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235460,4208,00:00:00/1-03:30:07,2670) /usr/sbin/httpd -k start
(root,53088,11760,00:00:00/1-03:30:07,2671) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,2964296,24792,00:00:08/1-03:30:07,2672) /usr/sbin/httpd -k start
(nobody,3095368,26724,00:00:09/1-03:30:07,2673) /usr/sbin/httpd -k start
(nobody,3029832,25900,00:00:09/1-03:30:07,2674) /usr/sbin/httpd -k start
(dovenull,51664,7116,00:00:18/1-03:30:07,2831) dovecot/pop3-login
(dovenull,50648,6188,00:00:04/1-03:30:07,2832) dovecot/imap-login
(root,10404,1496,00:00:05/1-03:30:07,2833) dovecot/log
(dovenull,50020,5484,00:00:02/1-03:30:07,2834) dovecot/pop3-login
(dovenull,52736,7920,00:00:24/1-03:30:07,2835) dovecot/imap-login
(root,16052,3564,00:00:06/1-03:30:07,2836) dovecot/config
(dovecot,49968,3344,00:00:06/1-03:30:07,2837) dovecot/stats
(nobody,3029832,25820,00:00:08/1-03:30:06,2843) /usr/sbin/httpd -k start
(nobody,3160904,26368,00:00:07/1-03:30:06,2844) /usr/sbin/httpd -k start
(dovecot,10412,1520,00:00:02/1-03:29:30,3005) dovecot/imap-hibernate
(root,0,0,00:00:00/03:20:08,6183) [kworker/4:1]
(root,0,0,00:00:00/14:37:39,7905) [kworker/6:2]
(root,257088,103296,00:00:27/1-08:01:50,9649) spamd child
(root,0,0,00:00:00/02:17:40,11909) [kworker/4:0]
(root,3108,36,00:03:00/351-12:16:54,12075) /usr/bin/RCdaemon
(root,178624,29056,00:00:03/01:57:39,13861) lfd - sleeping
(root,0,0,00:00:00/01:42:37,15498) [kworker/6:1]
(root,0,0,00:00:00/01:37:40,15799) [kworker/3:2]
(nobody,3029832,24000,00:00:05/12:57:44,17110) /usr/sbin/httpd -k start
(root,0,0,00:00:00/01:19:06,17582) [kworker/u16:0]
(root,0,0,00:00:00/01:17:40,17725) [kworker/7:0]
(scliegyp,38588,3836,00:00:00/01:09:29,18450) dovecot/imap
(root,185004,2412,00:00:00/57:39,19397) /usr/sbin/CROND -n
(root,113280,1204,00:00:00/57:39,19405) /bin/sh -c sleep $((1 + RANDOM % 5))h $((1 + RANDOM % 60))m; /usr/local/bin/wp-toolkit update-configuration > /dev/null 2> /dev/null || /usr/local/cpanel/3rdparty/wp-toolkit/bin/wp-toolkit-installer.sh --generate-configs > /dev/null 2> /dev/null; /usr/bin/yum -y update wp-toolkit-cpanel > /dev/null 2> /dev/null
(root,108052,360,00:00:00/57:39,19409) sleep 1h 14m
(dovecot,73408,5008,00:00:20/18:37:03,19477) dovecot/auth
(polkitd,610664,2948,00:28:24/351-15:21:45,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763956,28944,02:56:40/351-15:21:43,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,161752,5824,00:00:00/1-14:51:39,20630) sshd: root@pts/0
(root,114936,3412,00:00:00/1-14:51:37,20635) -bash
(scliegyp,39044,4208,00:00:00/43:39,20734) dovecot/imap
(scliegyp,38448,3844,00:00:00/43:39,20735) dovecot/imap
(root,0,0,00:00:00/36:27,21378) [kworker/u16:2]
(root,0,0,00:00:00/27:40,22566) [kworker/5:0]
(root,0,0,00:00:08/1-14:37:40,22767) [kworker/0:0]
(scliegyp,38268,3596,00:00:00/22:30,23049) dovecot/imap
(root,0,0,00:00:00/22:13,23055) [kworker/7:1]
(scliegyp,38268,3600,00:00:00/10:25,23939) dovecot/imap
(root,0,0,00:00:00/08:24,24050) [kworker/0:1]
(root,0,0,00:00:00/08:22,24078) [kworker/1:1]
(root,0,0,00:00:00/07:40,24164) [kworker/2:1]
(scliegyp,36096,5852,00:00:00/03:41,24464) dovecot/pop3
(scliegyp,38268,3596,00:00:00/00:13,24788) dovecot/imap
(root,0,0,00:00:00/00:03,24791) [kworker/7:2]
(root,113500,1620,00:00:00/00:00,24823) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,24841) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,944,00:00:00/00:00,24842) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(mysql,3441212,560168,07:43:21/117-14:08:39,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,189788,12552,00:11:58/117-14:08:35,25125) cPhulkd - processor
(root,51488,2572,00:01:40/5-12:33:40,26149) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1296,00:00:35/5-12:33:40,26168) dovecot/anvil
(root,151524,10312,00:00:05/1-14:11:39,26283) cPhulkd - dbprocessor
(mailnull,89196,9552,00:01:14/5-12:33:26,26568) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,258364,28408,00:01:40/5-12:33:08,26624) cpsrvd (SSL) - waiting for connections                   
(cpanelconnecttrack,9800,3224,00:41:42/5-12:33:08,26635) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,2563468,1602908,08:04:13/347-20:22:01,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,0,0,00:00:00/22:47:40,28534) [kworker/3:0]
(root,0,0,00:00:00/05:07:40,28601) [kworker/5:2]
(root,235460,15468,00:00:15/1-17:38:44,29363) /usr/sbin/httpd -k start
(root,33404,3480,00:01:35/314-05:35:21,29439) /sbin/rsyslogd
(root,0,0,00:00:01/1-13:44:40,30881) [kworker/2:0]
(root,225548,36812,00:00:00/10:18:07,32748) spamd child

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-30 00:57

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb109c367d25

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4108,03:08:16/349-16:22:42,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:06/349-16:22:42,2) [kthreadd]
(root,0,0,00:00:00/349-16:22:42,4) [kworker/0:0H]
(root,0,0,00:38:27/349-16:22:42,6) [ksoftirqd/0]
(root,0,0,00:00:02/349-16:22:42,7) [migration/0]
(root,0,0,00:00:00/349-16:22:42,8) [rcu_bh]
(root,0,0,05:16:45/349-16:22:42,9) [rcu_sched]
(root,0,0,00:00:00/349-16:22:42,10) [lru-add-drain]
(root,0,0,00:02:45/349-16:22:42,11) [watchdog/0]
(root,0,0,00:02:16/349-16:22:42,12) [watchdog/1]
(root,0,0,00:00:02/349-16:22:42,13) [migration/1]
(root,0,0,00:00:15/349-16:22:42,14) [ksoftirqd/1]
(root,0,0,00:00:00/349-16:22:42,16) [kworker/1:0H]
(root,0,0,00:02:17/349-16:22:42,17) [watchdog/2]
(root,0,0,00:00:02/349-16:22:42,18) [migration/2]
(root,0,0,00:00:15/349-16:22:42,19) [ksoftirqd/2]
(root,0,0,00:00:00/349-16:22:42,21) [kworker/2:0H]
(root,0,0,00:02:20/349-16:22:42,22) [watchdog/3]
(root,0,0,00:00:01/349-16:22:42,23) [migration/3]
(root,0,0,00:00:14/349-16:22:42,24) [ksoftirqd/3]
(root,0,0,00:00:00/349-16:22:42,26) [kworker/3:0H]
(root,0,0,00:02:14/349-16:22:42,27) [watchdog/4]
(root,0,0,00:01:12/349-16:22:42,28) [migration/4]
(root,0,0,00:00:22/349-16:22:42,29) [ksoftirqd/4]
(root,0,0,00:00:00/349-16:22:42,31) [kworker/4:0H]
(root,0,0,00:02:09/349-16:22:42,32) [watchdog/5]
(root,0,0,00:01:32/349-16:22:42,33) [migration/5]
(root,0,0,00:00:30/349-16:22:42,34) [ksoftirqd/5]
(root,0,0,00:00:00/349-16:22:42,36) [kworker/5:0H]
(root,0,0,00:02:09/349-16:22:42,37) [watchdog/6]
(root,0,0,00:01:08/349-16:22:42,38) [migration/6]
(root,0,0,00:00:30/349-16:22:42,39) [ksoftirqd/6]
(root,0,0,00:00:00/349-16:22:42,41) [kworker/6:0H]
(root,0,0,00:02:21/349-16:22:42,42) [watchdog/7]
(root,0,0,00:01:06/349-16:22:42,43) [migration/7]
(root,0,0,00:11:13/349-16:22:42,44) [ksoftirqd/7]
(root,0,0,00:00:00/349-16:22:42,46) [kworker/7:0H]
(root,0,0,00:00:00/349-16:22:42,48) [kdevtmpfs]
(root,0,0,00:00:00/349-16:22:42,49) [netns]
(root,0,0,00:00:26/349-16:22:42,50) [khungtaskd]
(root,0,0,00:00:00/349-16:22:42,51) [writeback]
(root,0,0,00:00:00/349-16:22:42,52) [kintegrityd]
(root,0,0,00:00:00/349-16:22:42,53) [bioset]
(root,0,0,00:00:00/349-16:22:42,54) [bioset]
(root,0,0,00:00:00/349-16:22:42,55) [bioset]
(root,0,0,00:00:00/349-16:22:42,56) [kblockd]
(root,0,0,00:00:00/349-16:22:42,57) [md]
(root,0,0,00:00:00/349-16:22:42,58) [edac-poller]
(root,0,0,00:00:00/349-16:22:42,59) [watchdogd]
(root,0,0,00:59:04/349-16:22:42,66) [kswapd0]
(root,0,0,00:00:00/349-16:22:42,67) [ksmd]
(root,0,0,00:01:54/349-16:22:42,68) [khugepaged]
(root,0,0,00:00:00/349-16:22:42,69) [crypto]
(root,0,0,00:00:00/349-16:22:42,77) [kthrotld]
(root,0,0,00:00:00/349-16:22:42,80) [kmpath_rdacd]
(root,0,0,00:00:00/349-16:22:42,81) [kaluad]
(root,0,0,00:00:00/349-16:22:42,82) [kpsmoused]
(root,0,0,00:00:00/349-16:22:42,84) [ipv6_addrconf]
(root,0,0,00:00:00/349-16:22:42,97) [deferwq]
(root,0,0,00:16:29/349-16:22:41,144) [kauditd]
(root,0,0,00:00:00/349-16:22:41,368) [ata_sff]
(root,0,0,00:00:00/349-16:22:41,404) [scsi_eh_0]
(root,0,0,00:00:00/349-16:22:41,405) [scsi_tmf_0]
(root,0,0,00:00:00/349-16:22:41,406) [scsi_eh_1]
(root,0,0,00:00:00/349-16:22:41,407) [scsi_tmf_1]
(root,0,0,00:00:00/349-16:22:41,408) [scsi_eh_2]
(root,0,0,00:00:00/349-16:22:41,409) [scsi_tmf_2]
(root,0,0,00:00:00/349-16:22:41,410) [scsi_eh_3]
(root,0,0,00:00:00/349-16:22:41,411) [scsi_tmf_3]
(root,0,0,00:00:00/349-16:22:41,412) [scsi_eh_4]
(root,0,0,00:00:00/349-16:22:41,413) [scsi_tmf_4]
(root,0,0,00:00:00/349-16:22:41,414) [scsi_eh_5]
(root,0,0,00:00:00/349-16:22:41,415) [scsi_tmf_5]
(root,0,0,00:00:00/349-16:22:39,488) [kdmflush]
(root,0,0,00:00:00/349-16:22:39,489) [bioset]
(root,0,0,00:00:15/349-16:22:39,506) [kworker/0:1H]
(root,0,0,01:01:27/349-16:22:39,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/349-16:22:39,514) [ext4-rsv-conver]
(root,109136,53504,04:19:04/349-16:22:37,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/349-16:22:37,627) [kworker/4:1H]
(root,0,0,00:00:05/349-16:22:36,629) [kworker/1:1H]
(root,198572,760,00:00:00/349-16:22:36,633) /usr/sbin/lvmetad -f
(root,46060,1076,00:00:00/349-16:22:36,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/349-16:22:35,644) [kworker/2:1H]
(root,0,0,00:21:34/349-16:22:35,645) [kworker/7:1H]
(root,0,0,00:00:02/349-16:22:34,687) [kworker/5:1H]
(root,0,0,00:00:00/349-16:22:34,688) [irq/125-mei_me]
(root,0,0,00:00:00/349-16:22:34,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/349-16:22:32,714) [jbd2/sda2-8]
(root,0,0,00:00:00/349-16:22:32,715) [ext4-rsv-conver]
(root,0,0,00:03:53/349-16:22:31,719) [jbd2/sda3-8]
(root,0,0,00:00:00/349-16:22:31,720) [ext4-rsv-conver]
(root,0,0,00:10:17/349-16:22:31,724) [jbd2/sdb-8]
(root,0,0,00:00:00/349-16:22:31,725) [ext4-rsv-conver]
(root,0,0,00:00:02/349-16:22:29,740) [kworker/6:1H]
(root,57704,724,00:35:30/349-16:22:19,748) /sbin/auditd
(dbus,58232,1908,01:18:32/349-16:22:18,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,1736,00:39:26/349-16:22:17,788) /usr/lib/systemd/systemd-logind
(root,229032,9384,00:13:22/349-16:22:17,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5792,01:43:02/349-16:22:17,794) /usr/sbin/nscd
(root,52900,1892,00:00:18/349-16:22:17,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:18:25/349-16:22:17,849) /usr/sbin/irqbalance --foreground
(root,24208,720,00:00:00/349-16:22:17,862) /usr/sbin/atd -f
(root,124504,1368,00:06:59/349-16:22:17,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/349-16:22:17,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/349-16:22:17,869) [kworker/3:1H]
(chrony,97380,1376,00:01:59/349-16:22:17,888) /usr/sbin/chronyd
(root,113472,3148,00:31:20/349-16:22:08,1226) /usr/sbin/sshd -D
(root,1093068,13820,02:15:32/349-16:22:08,1237) /usr/sbin/rsyslogd -n
(root,27380,804,00:02:50/349-16:22:08,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,38216,01:57:39/349-16:22:07,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,0,0,00:00:00/09:35:31,1593) [kworker/2:2]
(root,229604,18608,00:15:26/349-16:22:04,1820) dnsadmin - server mode
(root,213960,24208,03:27:10/349-16:22:04,1825) tailwatchd
(root,183604,6560,00:14:03/349-16:22:04,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,130156,2264,00:01:51/349-16:22:04,1863) cpanellogd - sleeping for logs
(root,292800,1076,00:02:53/41-22:58:19,2272) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,4400,00:00:58/41-22:58:19,2297) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404492,6932,00:38:27/41-22:58:15,2387) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,8520,00:00:53/41-22:58:15,2391) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,0,0,00:00:00/09:10:31,3839) [kworker/4:1]
(root,237952,80892,00:00:04/02:43:45,6746) spamd child
(root,0,0,00:00:00/13:11:16,8634) [kworker/5:1]
(root,178520,29044,00:00:03/02:00:31,10829) lfd - sleeping
(root,0,0,00:00:00/01:50:31,11851) [kworker/2:0]
(root,3108,36,00:02:59/349-12:19:45,12075) /usr/bin/RCdaemon
(root,0,0,00:00:00/01:42:50,12679) [kworker/u16:0]
(root,0,0,00:00:00/01:25:31,14344) [kworker/7:0]
(root,0,0,00:00:05/1-03:30:11,14603) [kworker/0:2]
(root,185004,2412,00:00:00/01:00:31,16628) /usr/sbin/CROND -n
(root,113280,1208,00:00:00/01:00:31,16634) /bin/sh -c sleep $((1 + RANDOM % 5))h $((1 + RANDOM % 60))m; /usr/local/bin/wp-toolkit update-configuration > /dev/null 2> /dev/null || /usr/local/cpanel/3rdparty/wp-toolkit/bin/wp-toolkit-installer.sh --generate-configs > /dev/null 2> /dev/null; /usr/bin/yum -y update wp-toolkit-cpanel > /dev/null 2> /dev/null
(root,108052,360,00:00:00/01:00:31,16640) sleep 2h 59m
(root,0,0,00:00:00/01:00:31,16683) [kworker/1:1]
(root,0,0,00:00:00/50:30,17507) [kworker/6:0]
(root,225548,36744,00:00:00/43:15,18077) spamd child
(root,0,0,00:00:00/40:31,18355) [kworker/0:0]
(scliegyp,38268,3600,00:00:00/32:59,18954) dovecot/imap
(scliegyp,38584,3832,00:00:00/26:44,19539) dovecot/imap
(root,0,0,00:00:00/25:30,19681) [kworker/4:2]
(polkitd,610664,2948,00:28:14/349-15:24:36,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763956,28824,02:55:22/349-15:24:34,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,0,0,00:00:00/23:21,19835) [kworker/u16:1]
(root,0,0,00:00:00/19:15,20217) [kworker/7:2]
(scliegyp,38268,3596,00:00:00/19:14,20221) dovecot/imap
(root,0,0,00:00:00/10:30,21073) [kworker/3:1]
(root,72960,4268,00:00:00/03:38,21711) dovecot/auth -w
(scliegyp,38268,3596,00:00:00/03:13,21769) dovecot/imap
(mailnull,89428,8760,00:00:00/01:54,21860) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89428,8760,00:00:00/01:53,21926) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,113472,4588,00:00:00/01:45,21955) sshd: [accepted]
(sshd,113472,1752,00:00:00/01:45,21956) sshd: [net]
(mailnull,89428,8760,00:00:00/01:34,21966) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89428,8760,00:00:00/01:34,21967) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,113472,4592,00:00:00/01:20,21998) sshd: [accepted]
(sshd,113472,1760,00:00:00/01:20,22001) sshd: [net]
(mailnull,89428,8760,00:00:00/01:15,22002) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89428,8760,00:00:00/01:14,22003) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,113472,4596,00:00:00/01:12,22004) sshd: [accepted]
(mailnull,89428,8760,00:00:00/00:55,22028) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89428,8760,00:00:00/00:55,22029) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,72960,4240,00:00:00/00:46,22039) dovecot/auth -w
(mailnull,89428,8760,00:00:00/00:36,22051) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,113472,4596,00:00:00/00:34,22054) sshd: [accepted]
(sshd,113472,1756,00:00:00/00:33,22057) sshd: [net]
(root,235428,31692,00:00:00/00:30,22162) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/backup
(mailnull,89428,8760,00:00:00/00:20,22248) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,4356,604,00:00:00/00:17,22268) /usr/local/cpanel/bin/cpuwatch 7.0000 --report-fd 8 /usr/local/cpanel/bin/pkgacct --link_dest=/backup/2024-11-27/accounts/scliegyp --incremental scliegyp /backup/2024-11-28/accounts backup
(root,277328,33264,00:00:00/00:17,22269) pkgacct - scliegyp - av: 4 - waiting for subprocess: 22273
(root,0,0,00:00:00/00:16,22271) [kworker/u16:2]
(root,229608,14504,00:00:00/00:15,22272) dnsadmin - waiting for request 2 on connected socket
(scliegyp,279804,29960,00:00:14/00:15,22273) pkgacct - scliegyp - av: 4 - subprocess
(root,113472,4596,00:00:00/00:09,22278) sshd: [accepted]
(sshd,113472,1752,00:00:00/00:08,22279) sshd: [net]
(root,113472,4768,00:00:00/00:02,22286) sshd: [accepted]
(sshd,113472,2008,00:00:00/00:02,22287) sshd: [net]
(root,113500,1624,00:00:00/00:01,22322) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,22340) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,22341) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,12736,1364,00:00:00/15:18:14,22737) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12744,1364,00:00:00/15:18:14,22738) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235448,4208,00:00:00/15:18:14,22739) /usr/sbin/httpd -k start
(dovenull,50372,5836,00:00:03/15:18:14,22740) dovecot/pop3-login
(dovenull,49428,5124,00:00:01/15:18:14,22741) dovecot/imap-login
(root,10404,1496,00:00:06/15:18:14,22742) dovecot/log
(dovenull,52176,7732,00:00:24/15:18:14,22743) dovecot/pop3-login
(root,53088,11760,00:00:00/15:18:14,22744) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(dovenull,51700,7228,00:00:12/15:18:14,22745) dovecot/imap-login
(nobody,3095376,23532,00:00:11/15:18:14,22746) /usr/sbin/httpd -k start
(nobody,3095376,23480,00:00:12/15:18:14,22747) /usr/sbin/httpd -k start
(nobody,3160912,22616,00:00:12/15:18:14,22748) /usr/sbin/httpd -k start
(root,15828,3432,00:00:09/15:18:14,22803) dovecot/config
(dovecot,50100,3444,00:00:06/15:18:14,22812) dovecot/stats
(dovecot,73996,5592,00:00:40/15:18:14,22907) dovecot/auth
(nobody,3095376,22808,00:00:11/15:18:13,22909) /usr/sbin/httpd -k start
(nobody,2964304,22268,00:00:11/15:18:13,22910) /usr/sbin/httpd -k start
(dovecot,10412,1544,00:00:01/15:17:37,23210) dovecot/imap-hibernate
(root,0,0,00:00:00/05:30:31,24195) [kworker/5:0]
(root,0,0,00:00:00/15:10:31,24217) [kworker/6:1]
(mysql,3441212,567380,07:36:02/115-14:11:30,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,189788,12152,00:11:45/115-14:11:26,25125) cPhulkd - processor
(root,51488,2560,00:01:11/3-12:36:31,26149) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1296,00:00:25/3-12:36:31,26168) dovecot/anvil
(root,0,0,00:00:00/10:55:31,26384) [kworker/3:2]
(mailnull,89196,9552,00:01:01/3-12:36:17,26568) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,258360,28408,00:01:01/3-12:35:59,26624) cpsrvd (SSL) - waiting for connections                   
(cpanelconnecttrack,9800,3224,00:28:46/3-12:35:59,26635) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,0,0,00:00:01/1-12:10:31,26971) [kworker/1:2]
(root,235448,15476,00:00:29/3-12:35:33,26996) /usr/sbin/httpd -k start
(root,2563216,1544852,08:01:24/345-20:24:52,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,151544,10276,00:00:11/2-07:29:34,28355) cPhulkd - dbprocessor
(root,33404,3480,00:01:34/312-05:38:12,29439) /sbin/rsyslogd

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-28 01:00

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10b1dc6dd1

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4108,03:07:13/347-16:19:20,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:06/347-16:19:20,2) [kthreadd]
(root,0,0,00:00:00/347-16:19:20,4) [kworker/0:0H]
(root,0,0,00:38:08/347-16:19:20,6) [ksoftirqd/0]
(root,0,0,00:00:02/347-16:19:20,7) [migration/0]
(root,0,0,00:00:00/347-16:19:20,8) [rcu_bh]
(root,0,0,05:14:50/347-16:19:20,9) [rcu_sched]
(root,0,0,00:00:00/347-16:19:20,10) [lru-add-drain]
(root,0,0,00:02:44/347-16:19:20,11) [watchdog/0]
(root,0,0,00:02:16/347-16:19:20,12) [watchdog/1]
(root,0,0,00:00:02/347-16:19:20,13) [migration/1]
(root,0,0,00:00:15/347-16:19:20,14) [ksoftirqd/1]
(root,0,0,00:00:00/347-16:19:20,16) [kworker/1:0H]
(root,0,0,00:02:16/347-16:19:20,17) [watchdog/2]
(root,0,0,00:00:02/347-16:19:20,18) [migration/2]
(root,0,0,00:00:15/347-16:19:20,19) [ksoftirqd/2]
(root,0,0,00:00:00/347-16:19:20,21) [kworker/2:0H]
(root,0,0,00:02:19/347-16:19:20,22) [watchdog/3]
(root,0,0,00:00:01/347-16:19:20,23) [migration/3]
(root,0,0,00:00:14/347-16:19:20,24) [ksoftirqd/3]
(root,0,0,00:00:00/347-16:19:20,26) [kworker/3:0H]
(root,0,0,00:02:13/347-16:19:20,27) [watchdog/4]
(root,0,0,00:01:12/347-16:19:20,28) [migration/4]
(root,0,0,00:00:22/347-16:19:20,29) [ksoftirqd/4]
(root,0,0,00:00:00/347-16:19:20,31) [kworker/4:0H]
(root,0,0,00:02:08/347-16:19:20,32) [watchdog/5]
(root,0,0,00:01:31/347-16:19:20,33) [migration/5]
(root,0,0,00:00:30/347-16:19:20,34) [ksoftirqd/5]
(root,0,0,00:00:00/347-16:19:20,36) [kworker/5:0H]
(root,0,0,00:02:08/347-16:19:20,37) [watchdog/6]
(root,0,0,00:01:07/347-16:19:20,38) [migration/6]
(root,0,0,00:00:29/347-16:19:20,39) [ksoftirqd/6]
(root,0,0,00:00:00/347-16:19:20,41) [kworker/6:0H]
(root,0,0,00:02:21/347-16:19:20,42) [watchdog/7]
(root,0,0,00:01:06/347-16:19:20,43) [migration/7]
(root,0,0,00:11:09/347-16:19:20,44) [ksoftirqd/7]
(root,0,0,00:00:00/347-16:19:20,46) [kworker/7:0H]
(root,0,0,00:00:00/347-16:19:20,48) [kdevtmpfs]
(root,0,0,00:00:00/347-16:19:20,49) [netns]
(root,0,0,00:00:26/347-16:19:20,50) [khungtaskd]
(root,0,0,00:00:00/347-16:19:20,51) [writeback]
(root,0,0,00:00:00/347-16:19:20,52) [kintegrityd]
(root,0,0,00:00:00/347-16:19:20,53) [bioset]
(root,0,0,00:00:00/347-16:19:20,54) [bioset]
(root,0,0,00:00:00/347-16:19:20,55) [bioset]
(root,0,0,00:00:00/347-16:19:20,56) [kblockd]
(root,0,0,00:00:00/347-16:19:20,57) [md]
(root,0,0,00:00:00/347-16:19:20,58) [edac-poller]
(root,0,0,00:00:00/347-16:19:20,59) [watchdogd]
(root,0,0,00:58:57/347-16:19:20,66) [kswapd0]
(root,0,0,00:00:00/347-16:19:20,67) [ksmd]
(root,0,0,00:01:53/347-16:19:20,68) [khugepaged]
(root,0,0,00:00:00/347-16:19:20,69) [crypto]
(root,0,0,00:00:00/347-16:19:20,77) [kthrotld]
(root,0,0,00:00:00/347-16:19:20,80) [kmpath_rdacd]
(root,0,0,00:00:00/347-16:19:20,81) [kaluad]
(root,0,0,00:00:00/347-16:19:20,82) [kpsmoused]
(root,0,0,00:00:00/347-16:19:20,84) [ipv6_addrconf]
(root,0,0,00:00:00/347-16:19:20,97) [deferwq]
(root,0,0,00:16:25/347-16:19:19,144) [kauditd]
(root,0,0,00:00:00/347-16:19:19,368) [ata_sff]
(root,0,0,00:00:00/347-16:19:19,404) [scsi_eh_0]
(root,0,0,00:00:00/347-16:19:19,405) [scsi_tmf_0]
(root,0,0,00:00:00/347-16:19:19,406) [scsi_eh_1]
(root,0,0,00:00:00/347-16:19:19,407) [scsi_tmf_1]
(root,0,0,00:00:00/347-16:19:19,408) [scsi_eh_2]
(root,0,0,00:00:00/347-16:19:19,409) [scsi_tmf_2]
(root,0,0,00:00:00/347-16:19:19,410) [scsi_eh_3]
(root,0,0,00:00:00/347-16:19:19,411) [scsi_tmf_3]
(root,0,0,00:00:00/347-16:19:19,412) [scsi_eh_4]
(root,0,0,00:00:00/347-16:19:19,413) [scsi_tmf_4]
(root,0,0,00:00:00/347-16:19:19,414) [scsi_eh_5]
(root,0,0,00:00:00/347-16:19:19,415) [scsi_tmf_5]
(root,0,0,00:00:00/347-16:19:17,488) [kdmflush]
(root,0,0,00:00:00/347-16:19:17,489) [bioset]
(root,0,0,00:00:15/347-16:19:17,506) [kworker/0:1H]
(root,0,0,01:01:05/347-16:19:17,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/347-16:19:17,514) [ext4-rsv-conver]
(root,161952,93116,04:17:34/347-16:19:15,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/347-16:19:15,627) [kworker/4:1H]
(root,0,0,00:00:05/347-16:19:14,629) [kworker/1:1H]
(root,198572,760,00:00:00/347-16:19:14,633) /usr/sbin/lvmetad -f
(root,46060,1076,00:00:00/347-16:19:14,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/347-16:19:13,644) [kworker/2:1H]
(root,0,0,00:21:26/347-16:19:13,645) [kworker/7:1H]
(root,0,0,00:00:02/347-16:19:12,687) [kworker/5:1H]
(root,0,0,00:00:00/347-16:19:12,688) [irq/125-mei_me]
(root,0,0,00:00:00/347-16:19:12,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/347-16:19:10,714) [jbd2/sda2-8]
(root,0,0,00:00:00/347-16:19:10,715) [ext4-rsv-conver]
(root,0,0,00:03:46/347-16:19:09,719) [jbd2/sda3-8]
(root,0,0,00:00:00/347-16:19:09,720) [ext4-rsv-conver]
(root,0,0,00:10:13/347-16:19:09,724) [jbd2/sdb-8]
(root,0,0,00:00:00/347-16:19:09,725) [ext4-rsv-conver]
(root,0,0,00:00:02/347-16:19:07,740) [kworker/6:1H]
(root,57704,720,00:35:20/347-16:18:57,748) /sbin/auditd
(dbus,58232,1908,01:18:06/347-16:18:56,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,2180,00:39:13/347-16:18:55,788) /usr/lib/systemd/systemd-logind
(root,229032,9204,00:13:17/347-16:18:55,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5756,01:42:31/347-16:18:55,794) /usr/sbin/nscd
(root,52900,1892,00:00:18/347-16:18:55,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:17:59/347-16:18:55,849) /usr/sbin/irqbalance --foreground
(root,24208,720,00:00:00/347-16:18:55,862) /usr/sbin/atd -f
(root,124504,1368,00:06:57/347-16:18:55,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/347-16:18:55,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/347-16:18:55,869) [kworker/3:1H]
(chrony,97380,1372,00:01:58/347-16:18:55,888) /usr/sbin/chronyd
(nobody,3029736,23008,00:00:07/1-00:46:22,993) /usr/sbin/httpd -k start
(root,185004,2412,00:00:00/57:09,1180) /usr/sbin/CROND -n
(root,113280,1208,00:00:00/57:09,1191) /bin/sh -c sleep $((1 + RANDOM % 5))h $((1 + RANDOM % 60))m; /usr/local/bin/wp-toolkit update-configuration > /dev/null 2> /dev/null || /usr/local/cpanel/3rdparty/wp-toolkit/bin/wp-toolkit-installer.sh --generate-configs > /dev/null 2> /dev/null; /usr/bin/yum -y update wp-toolkit-cpanel > /dev/null 2> /dev/null
(root,108052,356,00:00:00/57:09,1196) sleep 1h 38m
(root,113472,3148,00:31:12/347-16:18:46,1226) /usr/sbin/sshd -D
(root,0,0,00:00:00/57:09,1236) [kworker/7:0]
(root,1101260,11544,02:14:45/347-16:18:46,1237) /usr/sbin/rsyslogd -n
(root,27380,808,00:02:50/347-16:18:46,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,38252,01:56:59/347-16:18:45,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4192,00:15:20/347-16:18:42,1820) dnsadmin - dormant mode
(root,213960,24392,03:25:42/347-16:18:42,1825) tailwatchd
(root,183604,6556,00:13:57/347-16:18:42,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,130156,2268,00:01:50/347-16:18:42,1863) cpanellogd - sleeping for logs
(root,292800,1072,00:02:45/39-22:54:57,2272) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,4400,00:00:55/39-22:54:57,2297) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404492,6932,00:36:38/39-22:54:53,2387) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,8552,00:00:51/39-22:54:53,2391) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,0,0,00:00:00/37:09,3109) [kworker/1:1]
(scliegyp,38160,3376,00:00:00/29:45,3777) dovecot/imap
(scliegyp,37752,3076,00:00:00/27:43,3887) dovecot/imap
(scliegyp,41968,4600,00:01:57/25:09,4200) dovecot/pop3
(root,0,0,00:00:00/22:08,4448) [kworker/4:2]
(scliegyp,38296,3596,00:00:00/21:59,4467) dovecot/imap
(scliegyp,38300,3600,00:00:00/21:47,4470) dovecot/imap
(scliegyp,39040,4204,00:00:00/20:22,4633) dovecot/imap
(root,0,0,00:00:00/17:17,4773) [kworker/7:1]
(root,0,0,00:00:00/17:09,4844) [kworker/3:0]
(scliegyp,38416,3528,00:00:00/16:22,4930) dovecot/imap
(root,0,0,00:00:00/15:47,5043) [kworker/u16:1]
(scliegyp,38160,3376,00:00:00/15:09,5080) dovecot/imap
(scliegyp,37752,3072,00:00:00/13:07,5191) dovecot/imap
(root,0,0,00:00:00/11:07:58,5239) [kworker/5:2]
(scliegyp,42464,4432,00:00:00/11:51,5341) dovecot/imap
(scliegyp,29056,2580,00:00:00/02:57,6175) dovecot/quota-status -p postfix
(mailnull,89428,9416,00:00:00/02:39,6196) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89428,9416,00:00:00/02:27,6212) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89428,9416,00:00:00/02:26,6213) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89428,9416,00:00:00/02:21,6218) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:01/18:07:57,6267) [kworker/4:1]
(mailnull,89428,9416,00:00:00/01:59,6321) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89428,9416,00:00:00/01:49,6332) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:00/01:46,6333) [kworker/u16:0]
(mailnull,89428,9416,00:00:00/01:31,6349) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89428,9416,00:00:00/01:31,6350) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89428,9416,00:00:00/01:26,6351) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89428,9416,00:00:00/01:22,6354) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89428,9416,00:00:00/00:56,6371) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89428,9416,00:00:00/00:54,6372) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,72960,4260,00:00:00/00:51,6376) dovecot/auth -w
(root,62912,4496,00:00:00/00:51,6419) dovecot/lmtp
(mailnull,89428,9416,00:00:00/00:49,6467) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89428,9416,00:00:00/00:47,6468) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89428,9416,00:00:00/00:31,6489) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:00/00:12,6494) [cpsrvd (SSL) - ] <defunct>
(mailnull,89428,9416,00:00:00/00:11,6495) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89428,9416,00:00:00/00:09,6504) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89428,9416,00:00:00/00:02,6518) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,113500,1620,00:00:00/00:00,6559) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,6577) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,6578) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,3108,36,00:02:58/347-12:16:23,12075) /usr/bin/RCdaemon
(root,0,0,00:00:02/13:07:09,19533) [kworker/0:2]
(polkitd,610664,3108,00:28:05/347-15:21:14,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763956,28252,02:54:14/347-15:21:12,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,245488,91324,00:00:19/08:48:48,20021) spamd child
(root,225548,36784,00:00:00/08:46:58,20237) spamd child
(root,0,0,00:00:01/20:52:09,22761) [kworker/2:2]
(root,0,0,00:00:01/02:43:52,22849) [kworker/u16:2]
(mysql,3441212,633932,07:29:08/113-14:08:08,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,189788,12532,00:11:33/113-14:08:04,25125) cPhulkd - processor
(root,0,0,00:00:00/07:47:08,25746) [kworker/2:1]
(root,51440,2416,00:00:32/1-12:33:09,26149) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovenull,50440,6028,00:00:11/1-12:33:09,26166) dovecot/pop3-login
(dovenull,50696,6484,00:00:10/1-12:33:09,26167) dovecot/imap-login
(dovecot,10272,1300,00:00:11/1-12:33:09,26168) dovecot/anvil
(root,10404,1492,00:00:18/1-12:33:09,26169) dovecot/log
(dovenull,51816,7564,00:00:54/1-12:33:09,26170) dovecot/pop3-login
(dovenull,52908,8608,00:00:32/1-12:33:09,26171) dovecot/imap-login
(root,15960,3300,00:00:27/1-12:33:09,26172) dovecot/config
(dovecot,50100,3588,00:00:21/1-12:33:09,26173) dovecot/stats
(dovecot,74268,5868,00:02:44/1-12:33:09,26174) dovecot/auth
(root,0,0,00:00:00/07:42:09,26296) [kworker/6:0]
(mailnull,89196,10208,00:00:30/1-12:32:55,26568) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,258356,28408,00:00:26/1-12:32:37,26624) cpsrvd (SSL) - waiting for connections                   
(cpanelconnecttrack,9820,3264,00:13:55/1-12:32:37,26635) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(dovecot,10412,1508,00:00:03/1-12:32:35,26715) dovecot/imap-hibernate
(root,235324,12068,00:00:12/1-12:32:11,26996) /usr/sbin/httpd -k start
(root,12732,1348,00:00:01/1-12:32:11,26997) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12740,1352,00:00:01/1-12:32:11,26998) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,229936,4280,00:00:00/1-12:32:11,26999) /usr/sbin/httpd -k start
(root,53088,11848,00:00:00/1-12:32:11,27000) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3029736,25132,00:00:12/1-12:32:11,27002) /usr/sbin/httpd -k start
(nobody,3029736,25264,00:00:14/1-12:32:11,27003) /usr/sbin/httpd -k start
(nobody,3029736,25384,00:00:12/1-12:32:11,27004) /usr/sbin/httpd -k start
(nobody,2964200,24712,00:00:12/1-12:32:11,27022) /usr/sbin/httpd -k start
(nobody,3029736,25180,00:00:12/1-12:32:11,27050) /usr/sbin/httpd -k start
(root,2562988,1559052,07:58:16/343-20:21:30,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,178520,29016,00:00:03/01:57:08,27908) lfd - sleeping
(root,0,0,00:00:00/01:56:09,28311) [kworker/0:1]
(root,151544,10284,00:00:01/07:26:12,28355) cPhulkd - dbprocessor
(root,33404,3480,00:01:34/310-05:34:50,29439) /sbin/rsyslogd
(root,0,0,00:00:00/01:22:08,31080) [kworker/1:0]
(root,0,0,00:00:00/01:18:09,31364) [kworker/3:1]
(root,0,0,00:00:00/01:17:09,31435) [kworker/5:0]
(root,0,0,00:00:00/01:17:09,31471) [kworker/6:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-26 00:57

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10e35583e8

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4108,03:06:10/345-15:20:20,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:06/345-15:20:20,2) [kthreadd]
(root,0,0,00:00:00/345-15:20:20,4) [kworker/0:0H]
(root,0,0,00:37:45/345-15:20:20,6) [ksoftirqd/0]
(root,0,0,00:00:02/345-15:20:20,7) [migration/0]
(root,0,0,00:00:00/345-15:20:20,8) [rcu_bh]
(root,0,0,05:12:48/345-15:20:20,9) [rcu_sched]
(root,0,0,00:00:00/345-15:20:20,10) [lru-add-drain]
(root,0,0,00:02:43/345-15:20:20,11) [watchdog/0]
(root,0,0,00:02:15/345-15:20:20,12) [watchdog/1]
(root,0,0,00:00:02/345-15:20:20,13) [migration/1]
(root,0,0,00:00:15/345-15:20:20,14) [ksoftirqd/1]
(root,0,0,00:00:00/345-15:20:20,16) [kworker/1:0H]
(root,0,0,00:02:15/345-15:20:20,17) [watchdog/2]
(root,0,0,00:00:02/345-15:20:20,18) [migration/2]
(root,0,0,00:00:14/345-15:20:20,19) [ksoftirqd/2]
(root,0,0,00:00:00/345-15:20:20,21) [kworker/2:0H]
(root,0,0,00:02:18/345-15:20:20,22) [watchdog/3]
(root,0,0,00:00:01/345-15:20:20,23) [migration/3]
(root,0,0,00:00:14/345-15:20:20,24) [ksoftirqd/3]
(root,0,0,00:00:00/345-15:20:20,26) [kworker/3:0H]
(root,0,0,00:02:12/345-15:20:20,27) [watchdog/4]
(root,0,0,00:01:11/345-15:20:20,28) [migration/4]
(root,0,0,00:00:22/345-15:20:20,29) [ksoftirqd/4]
(root,0,0,00:00:00/345-15:20:20,31) [kworker/4:0H]
(root,0,0,00:02:07/345-15:20:20,32) [watchdog/5]
(root,0,0,00:01:31/345-15:20:20,33) [migration/5]
(root,0,0,00:00:30/345-15:20:20,34) [ksoftirqd/5]
(root,0,0,00:00:00/345-15:20:20,36) [kworker/5:0H]
(root,0,0,00:02:07/345-15:20:20,37) [watchdog/6]
(root,0,0,00:01:07/345-15:20:20,38) [migration/6]
(root,0,0,00:00:29/345-15:20:20,39) [ksoftirqd/6]
(root,0,0,00:00:00/345-15:20:20,41) [kworker/6:0H]
(root,0,0,00:02:20/345-15:20:20,42) [watchdog/7]
(root,0,0,00:01:05/345-15:20:20,43) [migration/7]
(root,0,0,00:11:05/345-15:20:20,44) [ksoftirqd/7]
(root,0,0,00:00:00/345-15:20:20,46) [kworker/7:0H]
(root,0,0,00:00:00/345-15:20:20,48) [kdevtmpfs]
(root,0,0,00:00:00/345-15:20:20,49) [netns]
(root,0,0,00:00:25/345-15:20:20,50) [khungtaskd]
(root,0,0,00:00:00/345-15:20:20,51) [writeback]
(root,0,0,00:00:00/345-15:20:20,52) [kintegrityd]
(root,0,0,00:00:00/345-15:20:20,53) [bioset]
(root,0,0,00:00:00/345-15:20:20,54) [bioset]
(root,0,0,00:00:00/345-15:20:20,55) [bioset]
(root,0,0,00:00:00/345-15:20:20,56) [kblockd]
(root,0,0,00:00:00/345-15:20:20,57) [md]
(root,0,0,00:00:00/345-15:20:20,58) [edac-poller]
(root,0,0,00:00:00/345-15:20:20,59) [watchdogd]
(root,0,0,00:58:30/345-15:20:20,66) [kswapd0]
(root,0,0,00:00:00/345-15:20:20,67) [ksmd]
(root,0,0,00:01:53/345-15:20:20,68) [khugepaged]
(root,0,0,00:00:00/345-15:20:20,69) [crypto]
(root,0,0,00:00:00/345-15:20:20,77) [kthrotld]
(root,0,0,00:00:00/345-15:20:20,80) [kmpath_rdacd]
(root,0,0,00:00:00/345-15:20:20,81) [kaluad]
(root,0,0,00:00:00/345-15:20:20,82) [kpsmoused]
(root,0,0,00:00:00/345-15:20:20,84) [ipv6_addrconf]
(root,0,0,00:00:00/345-15:20:20,97) [deferwq]
(root,0,0,00:16:21/345-15:20:19,144) [kauditd]
(root,0,0,00:00:00/345-15:20:19,368) [ata_sff]
(root,244196,90968,00:00:17/22:57:36,387) spamd child
(root,0,0,00:00:00/345-15:20:19,404) [scsi_eh_0]
(root,0,0,00:00:00/345-15:20:19,405) [scsi_tmf_0]
(root,0,0,00:00:00/345-15:20:19,406) [scsi_eh_1]
(root,0,0,00:00:00/345-15:20:19,407) [scsi_tmf_1]
(root,0,0,00:00:00/345-15:20:19,408) [scsi_eh_2]
(root,0,0,00:00:00/345-15:20:19,409) [scsi_tmf_2]
(root,0,0,00:00:00/345-15:20:19,410) [scsi_eh_3]
(root,0,0,00:00:00/345-15:20:19,411) [scsi_tmf_3]
(root,0,0,00:00:00/345-15:20:19,412) [scsi_eh_4]
(root,0,0,00:00:00/345-15:20:19,413) [scsi_tmf_4]
(root,0,0,00:00:00/345-15:20:19,414) [scsi_eh_5]
(root,0,0,00:00:00/345-15:20:19,415) [scsi_tmf_5]
(root,0,0,00:00:00/345-15:20:17,488) [kdmflush]
(root,0,0,00:00:00/345-15:20:17,489) [bioset]
(root,0,0,00:00:15/345-15:20:17,506) [kworker/0:1H]
(root,0,0,01:00:43/345-15:20:17,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/345-15:20:17,514) [ext4-rsv-conver]
(root,55832,14356,04:15:58/345-15:20:15,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/345-15:20:15,627) [kworker/4:1H]
(root,0,0,00:00:05/345-15:20:14,629) [kworker/1:1H]
(root,198572,760,00:00:00/345-15:20:14,633) /usr/sbin/lvmetad -f
(root,46060,952,00:00:00/345-15:20:14,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/345-15:20:13,644) [kworker/2:1H]
(root,0,0,00:21:19/345-15:20:13,645) [kworker/7:1H]
(root,0,0,00:00:02/345-15:20:12,687) [kworker/5:1H]
(root,0,0,00:00:00/345-15:20:12,688) [irq/125-mei_me]
(root,0,0,00:00:00/345-15:20:12,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/345-15:20:10,714) [jbd2/sda2-8]
(root,0,0,00:00:00/345-15:20:10,715) [ext4-rsv-conver]
(root,0,0,00:03:32/345-15:20:09,719) [jbd2/sda3-8]
(root,0,0,00:00:00/345-15:20:09,720) [ext4-rsv-conver]
(root,0,0,00:10:10/345-15:20:09,724) [jbd2/sdb-8]
(root,0,0,00:00:00/345-15:20:09,725) [ext4-rsv-conver]
(root,0,0,00:00:02/345-15:20:07,740) [kworker/6:1H]
(root,57704,724,00:35:12/345-15:19:57,748) /sbin/auditd
(dbus,58232,1912,01:17:41/345-15:19:56,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,2288,00:39:00/345-15:19:55,788) /usr/lib/systemd/systemd-logind
(root,229032,9260,00:13:12/345-15:19:55,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5852,01:42:01/345-15:19:55,794) /usr/sbin/nscd
(root,52900,1892,00:00:18/345-15:19:55,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:17:33/345-15:19:55,849) /usr/sbin/irqbalance --foreground
(root,24208,720,00:00:00/345-15:19:55,862) /usr/sbin/atd -f
(root,124504,1372,00:06:54/345-15:19:55,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/345-15:19:55,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/345-15:19:55,869) [kworker/3:1H]
(chrony,97380,1376,00:01:58/345-15:19:55,888) /usr/sbin/chronyd
(dovecot,73416,5004,00:00:22/22:49:47,1052) dovecot/auth
(root,113472,3144,00:31:05/345-15:19:46,1226) /usr/sbin/sshd -D
(root,1076684,11744,02:13:56/345-15:19:46,1237) /usr/sbin/rsyslogd -n
(root,27380,808,00:02:50/345-15:19:46,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,38532,01:56:20/345-15:19:45,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4200,00:15:15/345-15:19:42,1820) dnsadmin - dormant mode
(root,214612,10640,03:24:11/345-15:19:42,1825) tailwatchd
(root,263736,24352,00:13:51/345-15:19:42,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078
(root,130156,2268,00:01:50/345-15:19:42,1863) cpanellogd - sleeping for logs
(root,292800,2572,00:02:37/37-21:55:57,2272) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,4404,00:00:52/37-21:55:57,2297) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404492,6936,00:34:53/37-21:55:53,2387) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,8556,00:00:48/37-21:55:53,2391) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,0,0,00:00:00/01:33:10,3543) [kworker/7:2]
(root,0,0,00:00:00/01:23:08,4329) [kworker/3:1]
(root,0,0,00:00:00/01:10:10,5211) [kworker/u16:2]
(root,234844,77684,00:00:01/07:44:37,5835) spamd child
(root,0,0,00:00:00/58:09,6121) [kworker/2:1]
(root,0,0,00:00:00/58:09,6147) [kworker/1:2]
(root,0,0,00:00:00/57:09,6434) [kworker/0:0]
(root,231104,14168,00:19:21/100-00:58:51,6674) cpsrvd (SSL) - waiting for connections                   
(root,0,0,00:00:00/48:09,7056) [kworker/7:1]
(root,0,0,00:00:00/45:08,7278) [kworker/3:2]
(root,0,0,00:00:00/38:09,7768) [kworker/5:0]
(nobody,3292000,26028,00:00:17/2-07:36:39,8344) /usr/sbin/httpd -k start
(scliegyp,37948,3332,00:00:00/29:33,8414) dovecot/imap
(root,0,0,00:00:00/23:52,8810) [kworker/u16:1]
(root,0,0,00:00:00/23:09,8931) [kworker/6:2]
(scliegyp,38420,3600,00:00:00/22:08,8971) dovecot/imap
(root,0,0,00:00:00/18:09,9213) [kworker/0:1]
(scliegyp,32104,3776,00:00:00/09:59,9861) dovecot/pop3
(scliegyp,32088,3720,00:00:00/09:52,9864) dovecot/pop3
(scliegyp,38288,3596,00:00:00/09:50,9865) dovecot/imap
(mailnull,89436,9432,00:00:00/02:34,10443) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89436,9432,00:00:00/02:22,10454) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89436,9432,00:00:00/02:14,10464) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89436,9432,00:00:00/02:03,10483) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89436,9432,00:00:00/01:55,10484) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89436,9432,00:00:00/01:35,10487) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89436,9432,00:00:00/01:20,10489) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89436,9432,00:00:00/01:16,10491) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,72960,4220,00:00:00/01:13,10493) dovecot/auth -w
(mailnull,89436,9432,00:00:00/01:01,10517) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89436,9432,00:00:00/00:56,10518) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89436,9432,00:00:00/00:37,10521) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89436,9432,00:00:00/00:18,10524) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,62912,4492,00:00:00/00:13,10569) dovecot/lmtp
(root,0,0,00:00:00/00:12,10591) [whostmgrd - ser] <defunct>
(cpanelphpmyadmin,292768,3120,00:00:00/00:12,10606) php-fpm: pool cpanelphpmyadmin
(root,0,0,00:00:00/00:09,10627) [kworker/3:0]
(root,189788,10888,00:00:00/00:01,10639) cPhulkd - processor - http socket
(scliegyp,31464,3268,00:00:00/00:01,10640) dovecot/pop3
(root,113500,1624,00:00:00/00:00,10665) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,10683) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,10684) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,3108,36,00:02:57/345-11:17:23,12075) /usr/bin/RCdaemon
(root,0,0,00:00:00/19:57:10,13634) [kworker/1:0]
(root,235464,15156,00:15:31/106-13:03:26,18989) /usr/sbin/httpd -k start
(root,12740,1360,00:00:02/3-08:15:39,19253) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12748,1376,00:00:02/3-08:15:39,19254) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235464,3952,00:00:00/3-08:15:38,19255) /usr/sbin/httpd -k start
(root,53088,11772,00:00:00/3-08:15:38,19256) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3095392,27808,00:00:31/3-08:15:38,19257) /usr/sbin/httpd -k start
(dovenull,50104,5676,00:00:06/3-08:15:38,19311) dovecot/pop3-login
(dovenull,54748,10276,00:01:05/3-08:15:38,19312) dovecot/imap-login
(root,10404,1500,00:00:22/3-08:15:38,19313) dovecot/log
(dovenull,51236,7080,00:01:19/3-08:15:38,19314) dovecot/pop3-login
(dovenull,50648,6248,00:00:14/3-08:15:38,19315) dovecot/imap-login
(root,15968,3296,00:00:30/3-08:15:38,19316) dovecot/config
(dovecot,50232,3700,00:00:27/3-08:15:38,19317) dovecot/stats
(nobody,3357536,27892,00:00:32/3-08:15:37,19323) /usr/sbin/httpd -k start
(nobody,3160928,26248,00:00:32/3-08:15:36,19376) /usr/sbin/httpd -k start
(nobody,3488608,29396,00:00:31/3-08:15:29,19437) /usr/sbin/httpd -k start
(dovecot,10412,1516,00:00:07/3-08:15:02,19530) dovecot/imap-hibernate
(polkitd,610664,3160,00:27:56/345-14:22:14,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763956,28500,02:53:05/345-14:22:12,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,0,0,00:00:00/11:08:59,22554) [kworker/5:1]
(root,151656,10380,00:00:08/2-10:36:05,23040) cPhulkd - dbprocessor
(root,51596,2276,00:34:23/111-13:10:24,23691) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1204,00:13:09/111-13:10:24,23695) dovecot/anvil
(cpanelconnecttrack,9876,3076,12:51:03/111-13:10:09,24111) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(mysql,3441212,691756,07:22:15/111-13:09:08,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,189788,12548,00:11:21/111-13:09:04,25125) cPhulkd - processor
(mailnull,89176,13192,00:09:18/111-13:09:01,25204) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,2562724,1587436,07:54:43/341-19:22:30,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,33404,3480,00:01:34/308-04:35:50,29439) /sbin/rsyslogd
(root,0,0,00:00:01/2-03:09:04,30330) [kworker/6:0]
(root,0,0,00:00:00/02:38:08,30600) [kworker/4:0]
(root,0,0,00:00:00/23:23:06,30937) [kworker/2:2]
(root,0,0,00:00:00/02:26:56,31724) [kworker/4:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-23 23:58

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10cb3a3b01

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4108,03:05:04/343-13:31:03,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:05/343-13:31:03,2) [kthreadd]
(root,0,0,00:00:00/343-13:31:03,4) [kworker/0:0H]
(root,0,0,00:37:42/343-13:31:03,6) [ksoftirqd/0]
(root,0,0,00:00:02/343-13:31:03,7) [migration/0]
(root,0,0,00:00:00/343-13:31:03,8) [rcu_bh]
(root,0,0,05:11:30/343-13:31:03,9) [rcu_sched]
(root,0,0,00:00:00/343-13:31:03,10) [lru-add-drain]
(root,0,0,00:02:42/343-13:31:03,11) [watchdog/0]
(root,0,0,00:02:14/343-13:31:03,12) [watchdog/1]
(root,0,0,00:00:02/343-13:31:03,13) [migration/1]
(root,0,0,00:00:15/343-13:31:03,14) [ksoftirqd/1]
(root,0,0,00:00:00/343-13:31:03,16) [kworker/1:0H]
(root,0,0,00:02:14/343-13:31:03,17) [watchdog/2]
(root,0,0,00:00:02/343-13:31:03,18) [migration/2]
(root,0,0,00:00:14/343-13:31:03,19) [ksoftirqd/2]
(root,0,0,00:00:00/343-13:31:03,21) [kworker/2:0H]
(root,0,0,00:02:17/343-13:31:03,22) [watchdog/3]
(root,0,0,00:00:01/343-13:31:03,23) [migration/3]
(root,0,0,00:00:14/343-13:31:03,24) [ksoftirqd/3]
(root,0,0,00:00:00/343-13:31:03,26) [kworker/3:0H]
(root,0,0,00:02:12/343-13:31:03,27) [watchdog/4]
(root,0,0,00:01:11/343-13:31:03,28) [migration/4]
(root,0,0,00:00:22/343-13:31:03,29) [ksoftirqd/4]
(root,0,0,00:00:00/343-13:31:03,31) [kworker/4:0H]
(root,0,0,00:02:06/343-13:31:03,32) [watchdog/5]
(root,0,0,00:01:31/343-13:31:03,33) [migration/5]
(root,0,0,00:00:29/343-13:31:03,34) [ksoftirqd/5]
(root,0,0,00:00:00/343-13:31:03,36) [kworker/5:0H]
(root,0,0,00:02:06/343-13:31:03,37) [watchdog/6]
(root,0,0,00:01:07/343-13:31:03,38) [migration/6]
(root,0,0,00:00:29/343-13:31:03,39) [ksoftirqd/6]
(root,0,0,00:00:00/343-13:31:03,41) [kworker/6:0H]
(root,0,0,00:02:19/343-13:31:03,42) [watchdog/7]
(root,0,0,00:01:05/343-13:31:03,43) [migration/7]
(root,0,0,00:11:02/343-13:31:03,44) [ksoftirqd/7]
(root,0,0,00:00:00/343-13:31:03,46) [kworker/7:0H]
(root,0,0,00:00:00/343-13:31:03,48) [kdevtmpfs]
(root,0,0,00:00:00/343-13:31:03,49) [netns]
(root,0,0,00:00:25/343-13:31:03,50) [khungtaskd]
(root,0,0,00:00:00/343-13:31:03,51) [writeback]
(root,0,0,00:00:00/343-13:31:03,52) [kintegrityd]
(root,0,0,00:00:00/343-13:31:03,53) [bioset]
(root,0,0,00:00:00/343-13:31:03,54) [bioset]
(root,0,0,00:00:00/343-13:31:03,55) [bioset]
(root,0,0,00:00:00/343-13:31:03,56) [kblockd]
(root,0,0,00:00:00/343-13:31:03,57) [md]
(root,0,0,00:00:00/343-13:31:03,58) [edac-poller]
(root,0,0,00:00:00/343-13:31:03,59) [watchdogd]
(root,0,0,00:58:23/343-13:31:03,66) [kswapd0]
(root,0,0,00:00:00/343-13:31:03,67) [ksmd]
(root,0,0,00:01:52/343-13:31:03,68) [khugepaged]
(root,0,0,00:00:00/343-13:31:03,69) [crypto]
(root,0,0,00:00:00/343-13:31:03,77) [kthrotld]
(root,0,0,00:00:00/343-13:31:03,80) [kmpath_rdacd]
(root,0,0,00:00:00/343-13:31:03,81) [kaluad]
(root,0,0,00:00:00/343-13:31:03,82) [kpsmoused]
(root,0,0,00:00:00/343-13:31:03,84) [ipv6_addrconf]
(root,0,0,00:00:00/343-13:31:03,97) [deferwq]
(root,0,0,00:16:17/343-13:31:02,144) [kauditd]
(root,0,0,00:00:00/343-13:31:02,368) [ata_sff]
(root,0,0,00:00:00/343-13:31:02,404) [scsi_eh_0]
(root,0,0,00:00:00/343-13:31:02,405) [scsi_tmf_0]
(root,0,0,00:00:00/343-13:31:02,406) [scsi_eh_1]
(root,0,0,00:00:00/343-13:31:02,407) [scsi_tmf_1]
(root,0,0,00:00:00/343-13:31:02,408) [scsi_eh_2]
(root,0,0,00:00:00/343-13:31:02,409) [scsi_tmf_2]
(root,0,0,00:00:00/343-13:31:02,410) [scsi_eh_3]
(root,0,0,00:00:00/343-13:31:02,411) [scsi_tmf_3]
(root,0,0,00:00:00/343-13:31:02,412) [scsi_eh_4]
(root,0,0,00:00:00/343-13:31:02,413) [scsi_tmf_4]
(root,0,0,00:00:00/343-13:31:02,414) [scsi_eh_5]
(root,0,0,00:00:00/343-13:31:02,415) [scsi_tmf_5]
(root,0,0,00:00:00/343-13:31:00,488) [kdmflush]
(root,0,0,00:00:00/343-13:31:00,489) [bioset]
(root,0,0,00:00:15/343-13:31:00,506) [kworker/0:1H]
(root,0,0,01:00:26/343-13:31:00,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/343-13:31:00,514) [ext4-rsv-conver]
(root,47640,12160,04:15:04/343-13:30:58,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/343-13:30:58,627) [kworker/4:1H]
(root,0,0,00:00:05/343-13:30:57,629) [kworker/1:1H]
(root,198572,760,00:00:00/343-13:30:57,633) /usr/sbin/lvmetad -f
(root,46060,952,00:00:00/343-13:30:57,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/343-13:30:56,644) [kworker/2:1H]
(root,0,0,00:21:13/343-13:30:56,645) [kworker/7:1H]
(root,0,0,00:00:00/42:13,686) [kworker/7:0]
(root,0,0,00:00:02/343-13:30:55,687) [kworker/5:1H]
(root,0,0,00:00:00/343-13:30:55,688) [irq/125-mei_me]
(root,0,0,00:00:00/343-13:30:55,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/343-13:30:53,714) [jbd2/sda2-8]
(root,0,0,00:00:00/343-13:30:53,715) [ext4-rsv-conver]
(root,0,0,00:03:32/343-13:30:52,719) [jbd2/sda3-8]
(root,0,0,00:00:00/343-13:30:52,720) [ext4-rsv-conver]
(root,0,0,00:10:05/343-13:30:52,724) [jbd2/sdb-8]
(root,0,0,00:00:00/343-13:30:52,725) [ext4-rsv-conver]
(root,0,0,00:00:02/343-13:30:50,740) [kworker/6:1H]
(root,57704,724,00:35:03/343-13:30:40,748) /sbin/auditd
(dbus,58232,1904,01:17:13/343-13:30:39,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,2284,00:38:46/343-13:30:38,788) /usr/lib/systemd/systemd-logind
(root,229032,9256,00:13:07/343-13:30:38,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5836,01:41:36/343-13:30:38,794) /usr/sbin/nscd
(root,52900,1892,00:00:18/343-13:30:38,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:17:05/343-13:30:38,849) /usr/sbin/irqbalance --foreground
(root,24208,720,00:00:00/343-13:30:38,862) /usr/sbin/atd -f
(root,124504,1372,00:06:52/343-13:30:38,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/343-13:30:38,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/343-13:30:38,869) [kworker/3:1H]
(chrony,97380,1376,00:01:57/343-13:30:38,888) /usr/sbin/chronyd
(scliegyp,38520,3592,00:00:00/39:13,954) dovecot/imap
(scliegyp,39032,4196,00:00:00/39:13,955) dovecot/imap
(root,0,0,00:00:00/38:53,1042) [kworker/0:2]
(root,113472,3144,00:30:57/343-13:30:29,1226) /usr/sbin/sshd -D
(root,1075044,10396,02:13:22/343-13:30:29,1237) /usr/sbin/rsyslogd -n
(root,27380,808,00:02:50/343-13:30:29,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(scliegyp,38400,3596,00:00:00/35:47,1346) dovecot/imap
(root,225548,38480,01:55:38/343-13:30:28,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,0,0,00:00:00/33:53,1547) [kworker/7:2]
(root,0,0,00:00:00/32:26,1669) [kworker/u16:2]
(root,167288,4200,00:15:10/343-13:30:25,1820) dnsadmin - dormant mode
(root,214612,10636,03:22:54/343-13:30:25,1825) tailwatchd
(root,183604,6552,00:13:47/343-13:30:25,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,130156,2268,00:01:49/343-13:30:25,1863) cpanellogd - sleeping for logs
(scliegyp,39632,4776,00:00:00/30:17,1897) dovecot/imap
(root,292800,2572,00:02:28/35-20:06:40,2272) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,4404,00:00:49/35-20:06:40,2297) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404492,6936,00:32:55/35-20:06:36,2387) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,8556,00:00:45/35-20:06:36,2391) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(scliegyp,38152,3380,00:00:00/24:44,2415) dovecot/imap
(scliegyp,37752,3072,00:00:00/22:43,2643) dovecot/imap
(root,0,0,00:00:00/21:35,2708) [kworker/u16:1]
(scliegyp,38408,3520,00:00:00/18:51,3083) dovecot/imap
(root,0,0,00:00:00/08:53,3904) [kworker/1:0]
(scliegyp,33680,4644,00:00:00/04:51,4206) dovecot/pop3
(root,72960,4268,00:00:00/04:46,4210) dovecot/auth -w
(root,0,0,00:00:00/03:52,4337) [kworker/7:1]
(scliegyp,38400,3596,00:00:00/03:50,4342) dovecot/imap
(scliegyp,42912,5820,00:00:00/02:38,4397) dovecot/pop3
(scliegyp,38408,3520,00:00:00/02:25,4417) dovecot/imap
(mailnull,89436,9432,00:00:00/02:22,4419) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89436,9432,00:00:00/02:02,4423) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89436,9432,00:00:00/01:20,4455) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,89436,9432,00:00:00/01:00,4466) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,62912,4492,00:00:00/00:53,4515) dovecot/lmtp
(mailnull,89436,9432,00:00:00/00:18,4578) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,113500,1620,00:00:00/00:00,4669) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,4687) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,4688) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,248496,95876,00:00:16/10:39:37,5675) spamd child
(root,231104,14168,00:19:08/97-23:09:34,6674) cpsrvd (SSL) - waiting for connections                   
(root,0,0,00:00:01/1-02:43:54,6768) [kworker/3:2]
(nobody,2898784,20420,00:00:02/05:47:22,8344) /usr/sbin/httpd -k start
(root,231736,74584,00:00:01/05:31:59,9674) spamd child
(root,3108,36,00:02:56/343-09:28:06,12075) /usr/bin/RCdaemon
(root,0,0,00:00:00/13:28:50,13038) [kworker/5:2]
(root,0,0,00:00:01/1-01:19:48,13158) [kworker/4:0]
(root,235464,15156,00:15:13/104-11:14:09,18989) /usr/sbin/httpd -k start
(root,12732,1360,00:00:01/1-06:26:22,19253) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12736,1376,00:00:01/1-06:26:22,19254) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235464,3800,00:00:00/1-06:26:21,19255) /usr/sbin/httpd -k start
(root,53088,11772,00:00:00/1-06:26:21,19256) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3029856,24388,00:00:16/1-06:26:21,19257) /usr/sbin/httpd -k start
(dovenull,49996,5640,00:00:04/1-06:26:21,19311) dovecot/pop3-login
(dovenull,52624,8160,00:00:34/1-06:26:21,19312) dovecot/imap-login
(root,10404,1500,00:00:13/1-06:26:21,19313) dovecot/log
(dovenull,50996,6832,00:00:45/1-06:26:21,19314) dovecot/pop3-login
(dovenull,50636,5952,00:00:06/1-06:26:21,19315) dovecot/imap-login
(root,15968,3296,00:00:18/1-06:26:21,19316) dovecot/config
(dovecot,50232,3700,00:00:15/1-06:26:21,19317) dovecot/stats
(dovecot,74112,5712,00:01:45/1-06:26:21,19318) dovecot/auth
(nobody,3357536,25188,00:00:16/1-06:26:20,19323) /usr/sbin/httpd -k start
(nobody,3160928,25044,00:00:16/1-06:26:19,19376) /usr/sbin/httpd -k start
(nobody,3488608,26780,00:00:16/1-06:26:12,19437) /usr/sbin/httpd -k start
(dovecot,10412,1516,00:00:02/1-06:25:45,19530) dovecot/imap-hibernate
(polkitd,610664,2984,00:27:46/343-12:32:57,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763956,28240,02:52:15/343-12:32:55,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,0,0,00:00:01/1-10:33:53,22304) [kworker/2:2]
(root,151544,10264,00:00:01/08:46:48,23040) cPhulkd - dbprocessor
(root,51596,2276,00:34:04/109-11:21:07,23691) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1204,00:13:03/109-11:21:07,23695) dovecot/anvil
(cpanelconnecttrack,9876,3076,12:37:50/109-11:20:52,24111) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(mysql,3441212,653412,07:14:54/109-11:19:51,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,189788,12532,00:11:07/109-11:19:47,25125) cPhulkd - processor
(mailnull,89176,13192,00:09:10/109-11:19:44,25204) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:00/02:08:53,26696) [kworker/4:2]
(root,0,0,00:00:03/16:19:48,27154) [kworker/0:1]
(root,2562588,1641888,07:53:32/339-17:33:13,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,0,0,00:00:00/01:33:54,29350) [kworker/6:2]
(root,33404,3480,00:01:33/306-02:46:33,29439) /sbin/rsyslogd
(root,0,0,00:00:00/01:19:47,30330) [kworker/6:0]
(root,0,0,00:00:00/01:18:54,30451) [kworker/2:0]
(root,0,0,00:00:00/01:08:54,31157) [kworker/5:0]
(root,0,0,00:00:00/01:07:53,31273) [kworker/3:0]
(root,0,0,00:00:00/07:38:50,31746) [kworker/1:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-21 22:08

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb1054ffd478

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4108,03:04:04/341-16:51:53,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:05/341-16:51:53,2) [kthreadd]
(root,0,0,00:00:00/341-16:51:53,4) [kworker/0:0H]
(root,0,0,00:37:35/341-16:51:53,6) [ksoftirqd/0]
(root,0,0,00:00:02/341-16:51:53,7) [migration/0]
(root,0,0,00:00:00/341-16:51:53,8) [rcu_bh]
(root,0,0,05:09:32/341-16:51:53,9) [rcu_sched]
(root,0,0,00:00:00/341-16:51:53,10) [lru-add-drain]
(root,0,0,00:02:41/341-16:51:53,11) [watchdog/0]
(root,0,0,00:02:13/341-16:51:53,12) [watchdog/1]
(root,0,0,00:00:02/341-16:51:53,13) [migration/1]
(root,0,0,00:00:15/341-16:51:53,14) [ksoftirqd/1]
(root,0,0,00:00:00/341-16:51:53,16) [kworker/1:0H]
(root,0,0,00:02:14/341-16:51:53,17) [watchdog/2]
(root,0,0,00:00:02/341-16:51:53,18) [migration/2]
(root,0,0,00:00:14/341-16:51:53,19) [ksoftirqd/2]
(root,0,0,00:00:00/341-16:51:53,21) [kworker/2:0H]
(root,0,0,00:02:17/341-16:51:53,22) [watchdog/3]
(root,0,0,00:00:01/341-16:51:53,23) [migration/3]
(root,0,0,00:00:14/341-16:51:53,24) [ksoftirqd/3]
(root,0,0,00:00:00/341-16:51:53,26) [kworker/3:0H]
(root,0,0,00:02:11/341-16:51:53,27) [watchdog/4]
(root,0,0,00:01:11/341-16:51:53,28) [migration/4]
(root,0,0,00:00:22/341-16:51:53,29) [ksoftirqd/4]
(root,0,0,00:00:00/341-16:51:53,31) [kworker/4:0H]
(root,0,0,00:02:06/341-16:51:53,32) [watchdog/5]
(root,0,0,00:01:31/341-16:51:53,33) [migration/5]
(root,0,0,00:00:29/341-16:51:53,34) [ksoftirqd/5]
(root,0,0,00:00:00/341-16:51:53,36) [kworker/5:0H]
(root,0,0,00:02:06/341-16:51:53,37) [watchdog/6]
(root,0,0,00:01:07/341-16:51:53,38) [migration/6]
(root,0,0,00:00:29/341-16:51:53,39) [ksoftirqd/6]
(root,0,0,00:00:00/341-16:51:53,41) [kworker/6:0H]
(root,0,0,00:02:18/341-16:51:53,42) [watchdog/7]
(root,0,0,00:01:05/341-16:51:53,43) [migration/7]
(root,0,0,00:10:58/341-16:51:53,44) [ksoftirqd/7]
(root,0,0,00:00:00/341-16:51:53,46) [kworker/7:0H]
(root,0,0,00:00:00/341-16:51:53,48) [kdevtmpfs]
(root,0,0,00:00:00/341-16:51:53,49) [netns]
(root,0,0,00:00:25/341-16:51:53,50) [khungtaskd]
(root,0,0,00:00:00/341-16:51:53,51) [writeback]
(root,0,0,00:00:00/341-16:51:53,52) [kintegrityd]
(root,0,0,00:00:00/341-16:51:53,53) [bioset]
(root,0,0,00:00:00/341-16:51:53,54) [bioset]
(root,0,0,00:00:00/341-16:51:53,55) [bioset]
(root,0,0,00:00:00/341-16:51:53,56) [kblockd]
(root,0,0,00:00:00/341-16:51:53,57) [md]
(root,0,0,00:00:00/341-16:51:53,58) [edac-poller]
(root,0,0,00:00:00/341-16:51:53,59) [watchdogd]
(root,0,0,00:58:17/341-16:51:53,66) [kswapd0]
(root,0,0,00:00:00/341-16:51:53,67) [ksmd]
(root,0,0,00:01:52/341-16:51:53,68) [khugepaged]
(root,0,0,00:00:00/341-16:51:53,69) [crypto]
(root,0,0,00:00:00/341-16:51:53,77) [kthrotld]
(root,0,0,00:00:00/341-16:51:53,80) [kmpath_rdacd]
(root,0,0,00:00:00/341-16:51:53,81) [kaluad]
(root,0,0,00:00:00/341-16:51:53,82) [kpsmoused]
(root,0,0,00:00:00/341-16:51:53,84) [ipv6_addrconf]
(root,0,0,00:00:00/341-16:51:53,97) [deferwq]
(root,0,0,00:16:11/341-16:51:52,144) [kauditd]
(root,0,0,00:00:00/341-16:51:52,368) [ata_sff]
(root,0,0,00:00:00/341-16:51:52,404) [scsi_eh_0]
(root,0,0,00:00:00/341-16:51:52,405) [scsi_tmf_0]
(root,0,0,00:00:00/341-16:51:52,406) [scsi_eh_1]
(root,0,0,00:00:00/341-16:51:52,407) [scsi_tmf_1]
(root,0,0,00:00:00/341-16:51:52,408) [scsi_eh_2]
(root,0,0,00:00:00/341-16:51:52,409) [scsi_tmf_2]
(root,0,0,00:00:00/341-16:51:52,410) [scsi_eh_3]
(root,0,0,00:00:00/341-16:51:52,411) [scsi_tmf_3]
(root,0,0,00:00:00/341-16:51:52,412) [scsi_eh_4]
(root,0,0,00:00:00/341-16:51:52,413) [scsi_tmf_4]
(root,0,0,00:00:00/341-16:51:52,414) [scsi_eh_5]
(root,0,0,00:00:00/341-16:51:52,415) [scsi_tmf_5]
(root,0,0,00:00:00/341-16:51:50,488) [kdmflush]
(root,0,0,00:00:00/341-16:51:50,489) [bioset]
(root,0,0,00:00:15/341-16:51:50,506) [kworker/0:1H]
(root,0,0,01:00:05/341-16:51:50,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/341-16:51:50,514) [ext4-rsv-conver]
(root,88564,41500,04:13:25/341-16:51:48,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/341-16:51:48,627) [kworker/4:1H]
(root,0,0,00:00:05/341-16:51:47,629) [kworker/1:1H]
(root,198572,760,00:00:00/341-16:51:47,633) /usr/sbin/lvmetad -f
(root,46060,952,00:00:00/341-16:51:47,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/341-16:51:46,644) [kworker/2:1H]
(root,0,0,00:21:08/341-16:51:46,645) [kworker/7:1H]
(root,0,0,00:00:02/341-16:51:45,687) [kworker/5:1H]
(root,0,0,00:00:00/341-16:51:45,688) [irq/125-mei_me]
(root,0,0,00:00:00/341-16:51:45,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/341-16:51:43,714) [jbd2/sda2-8]
(root,0,0,00:00:00/341-16:51:43,715) [ext4-rsv-conver]
(root,0,0,00:03:30/341-16:51:42,719) [jbd2/sda3-8]
(root,0,0,00:00:00/341-16:51:42,720) [ext4-rsv-conver]
(root,0,0,00:10:03/341-16:51:42,724) [jbd2/sdb-8]
(root,0,0,00:00:00/341-16:51:42,725) [ext4-rsv-conver]
(root,0,0,00:00:02/341-16:51:40,740) [kworker/6:1H]
(root,57704,724,00:34:50/341-16:51:30,748) /sbin/auditd
(dbus,58232,1904,01:16:49/341-16:51:29,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,2284,00:38:34/341-16:51:28,788) /usr/lib/systemd/systemd-logind
(root,229032,8800,00:13:02/341-16:51:28,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5840,01:41:04/341-16:51:28,794) /usr/sbin/nscd
(root,52900,1892,00:00:18/341-16:51:28,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:16:39/341-16:51:28,849) /usr/sbin/irqbalance --foreground
(root,24208,720,00:00:00/341-16:51:28,862) /usr/sbin/atd -f
(root,124504,1372,00:06:50/341-16:51:28,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/341-16:51:28,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/341-16:51:28,869) [kworker/3:1H]
(chrony,97380,1376,00:01:57/341-16:51:28,888) /usr/sbin/chronyd
(root,113472,3144,00:30:45/341-16:51:19,1226) /usr/sbin/sshd -D
(root,1076648,18304,02:12:33/341-16:51:19,1237) /usr/sbin/rsyslogd -n
(root,27380,808,00:02:50/341-16:51:19,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,38304,01:55:00/341-16:51:18,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4196,00:15:05/341-16:51:15,1820) dnsadmin - dormant mode
(root,214612,10628,03:21:46/341-16:51:15,1825) tailwatchd
(root,183604,6556,00:13:40/341-16:51:15,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,130156,2268,00:01:49/341-16:51:15,1863) cpanellogd - sleeping for logs
(root,240388,84756,00:00:03/10:46:30,2111) spamd child
(root,292800,2572,00:02:20/33-23:27:30,2272) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,4404,00:00:47/33-23:27:30,2297) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404492,6936,00:31:12/33-23:27:26,2387) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,8572,00:00:43/33-23:27:26,2391) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,0,0,00:00:01/1-06:54:46,2610) [kworker/5:0]
(dovecot,74112,5716,00:01:09/23:52:13,4495) dovecot/auth
(root,0,0,00:00:00/03:52:01,4738) [kworker/6:2]
(root,231104,14172,00:18:43/96-02:30:24,6674) cpsrvd (SSL) - waiting for connections                   
(root,0,0,00:00:00/09:54:41,6721) [kworker/1:0]
(nobody,3160900,29396,00:01:19/8-00:54:53,9006) /usr/sbin/httpd -k start
(nobody,3226436,28768,00:01:17/8-00:54:49,9062) /usr/sbin/httpd -k start
(nobody,3226436,28156,00:01:20/8-00:54:42,9218) /usr/sbin/httpd -k start
(root,0,0,00:00:00/02:24:45,11780) [kworker/0:0]
(root,3108,36,00:02:55/341-12:48:56,12075) /usr/bin/RCdaemon
(root,0,0,00:00:00/02:09:44,12867) [kworker/2:2]
(nobody,3160900,28564,00:01:18/8-00:04:06,13127) /usr/sbin/httpd -k start
(root,0,0,00:00:00/13:28:44,14549) [kworker/2:0]
(root,151512,10280,00:00:11/2-08:31:18,15160) cPhulkd - dbprocessor
(root,185004,2416,00:00:00/01:29:45,15953) /usr/sbin/CROND -n
(root,113280,1204,00:00:00/01:29:45,15960) /bin/sh -c sleep $((1 + RANDOM % 5))h $((1 + RANDOM % 60))m; /usr/local/bin/wp-toolkit update-configuration > /dev/null 2> /dev/null || /usr/local/cpanel/3rdparty/wp-toolkit/bin/wp-toolkit-installer.sh --generate-configs > /dev/null 2> /dev/null; /usr/bin/yum -y update wp-toolkit-cpanel > /dev/null 2> /dev/null
(root,108052,356,00:00:00/01:29:45,15966) sleep 5h 54m
(root,0,0,00:00:02/2-01:39:43,16097) [kworker/3:1]
(nobody,3226436,26868,00:00:57/5-14:54:27,17767) /usr/sbin/httpd -k start
(root,225548,36788,00:00:00/01:00:51,18065) spamd child
(root,0,0,00:00:00/59:45,18216) [kworker/6:0]
(root,0,0,00:00:00/07:40:37,18559) [kworker/4:1]
(root,0,0,00:00:00/49:45,18923) [kworker/5:2]
(root,235464,12076,00:14:56/102-14:34:59,18989) /usr/sbin/httpd -k start
(root,0,0,00:00:00/40:39,19559) [kworker/7:1]
(root,0,0,00:00:00/39:45,19671) [kworker/4:0]
(polkitd,610664,2984,00:27:37/341-15:53:47,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763176,26320,02:51:05/341-15:53:45,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,0,0,00:00:00/29:39,20442) [kworker/u16:1]
(root,0,0,00:00:00/28:45,20563) [kworker/0:1]
(root,0,0,00:00:00/27:04,20634) [kworker/7:2]
(scliegyp,38296,3588,00:00:00/23:24,21002) dovecot/imap
(scliegyp,38032,3336,00:00:00/19:00,21344) dovecot/imap
(root,0,0,00:00:00/18:45,21358) [kworker/3:2]
(scliegyp,37752,3076,00:00:00/16:59,21406) dovecot/imap
(scliegyp,38288,3588,00:00:00/16:41,21421) dovecot/imap
(root,0,0,00:00:00/16:33,21434) [kworker/u16:0]
(scliegyp,38032,3332,00:00:00/11:45,21777) dovecot/imap
(root,0,0,00:00:00/09:45,21994) [kworker/1:1]
(scliegyp,37752,3072,00:00:00/09:44,22036) dovecot/imap
(scliegyp,38400,3600,00:00:00/06:55,22151) dovecot/imap
(scliegyp,38032,3336,00:00:00/04:40,22416) dovecot/imap
(scliegyp,36020,6108,00:00:00/03:30,22487) dovecot/pop3
(scliegyp,37752,3072,00:00:00/02:38,22508) dovecot/imap
(root,62904,4568,00:00:00/00:39,22616) dovecot/lmtp
(root,189788,10844,00:00:00/00:03,22674) cPhulkd - processor - http socket
(root,72960,4236,00:00:00/00:03,22675) dovecot/auth -w
(root,0,0,00:00:00/00:03,22676) [cpsrvd (SSL) - ] <defunct>
(root,113472,4596,00:00:00/00:01,22678) sshd: [accepted]
(sshd,113472,1760,00:00:00/00:01,22679) sshd: [net]
(root,113500,1620,00:00:00/00:00,22703) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,22721) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,22722) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,51596,2100,00:33:24/107-14:41:57,23691) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1204,00:12:48/107-14:41:57,23695) dovecot/anvil
(cpanelconnecttrack,9876,3076,12:25:08/107-14:41:42,24111) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(mysql,3441212,611624,07:08:11/107-14:40:41,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,189788,12160,00:10:56/107-14:40:37,25125) cPhulkd - processor
(mailnull,89176,13212,00:08:50/107-14:40:34,25204) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,12740,1232,00:00:16/16-20:50:05,26992) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12756,1244,00:00:15/16-20:50:05,26993) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235464,1912,00:00:00/16-20:50:05,26994) /usr/sbin/httpd -k start
(root,53088,2460,00:00:00/16-20:50:04,26995) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,2630124,1635752,07:49:24/337-20:54:03,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,33404,3480,00:01:32/304-06:07:23,29439) /sbin/rsyslogd
(dovenull,52032,5996,00:04:56/60-09:47:58,31246) dovecot/pop3-login
(dovenull,53628,7700,00:04:44/60-09:47:58,31247) dovecot/imap-login
(root,10640,1580,00:11:42/60-09:47:58,31248) dovecot/log
(dovenull,51688,6328,00:42:01/60-09:47:58,31249) dovecot/pop3-login
(dovenull,59216,12432,00:22:03/60-09:47:58,31250) dovecot/imap-login
(root,15988,2720,00:16:06/60-09:47:58,31251) dovecot/config
(dovecot,50808,3736,00:12:42/60-09:47:58,31252) dovecot/stats
(dovecot,10404,1524,00:02:03/60-09:47:22,31510) dovecot/imap-hibernate

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-20 01:29

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb1083ebda87

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4100,03:02:55/339-15:25:48,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:05/339-15:25:48,2) [kthreadd]
(root,0,0,00:00:00/339-15:25:48,4) [kworker/0:0H]
(root,0,0,00:37:26/339-15:25:48,6) [ksoftirqd/0]
(root,0,0,00:00:02/339-15:25:48,7) [migration/0]
(root,0,0,00:00:00/339-15:25:48,8) [rcu_bh]
(root,0,0,05:07:24/339-15:25:48,9) [rcu_sched]
(root,0,0,00:00:00/339-15:25:48,10) [lru-add-drain]
(root,0,0,00:02:40/339-15:25:48,11) [watchdog/0]
(root,0,0,00:02:12/339-15:25:48,12) [watchdog/1]
(root,0,0,00:00:01/339-15:25:48,13) [migration/1]
(root,0,0,00:00:15/339-15:25:48,14) [ksoftirqd/1]
(root,0,0,00:00:00/339-15:25:48,16) [kworker/1:0H]
(root,0,0,00:02:13/339-15:25:48,17) [watchdog/2]
(root,0,0,00:00:02/339-15:25:48,18) [migration/2]
(root,0,0,00:00:14/339-15:25:48,19) [ksoftirqd/2]
(root,0,0,00:00:00/339-15:25:48,21) [kworker/2:0H]
(root,0,0,00:02:16/339-15:25:48,22) [watchdog/3]
(root,0,0,00:00:01/339-15:25:48,23) [migration/3]
(root,0,0,00:00:13/339-15:25:48,24) [ksoftirqd/3]
(root,0,0,00:00:00/339-15:25:48,26) [kworker/3:0H]
(root,0,0,00:02:10/339-15:25:48,27) [watchdog/4]
(root,0,0,00:01:11/339-15:25:48,28) [migration/4]
(root,0,0,00:00:22/339-15:25:48,29) [ksoftirqd/4]
(root,0,0,00:00:00/339-15:25:48,31) [kworker/4:0H]
(root,0,0,00:02:05/339-15:25:48,32) [watchdog/5]
(root,0,0,00:01:30/339-15:25:48,33) [migration/5]
(root,0,0,00:00:29/339-15:25:48,34) [ksoftirqd/5]
(root,0,0,00:00:00/339-15:25:48,36) [kworker/5:0H]
(root,0,0,00:02:05/339-15:25:48,37) [watchdog/6]
(root,0,0,00:01:06/339-15:25:48,38) [migration/6]
(root,0,0,00:00:29/339-15:25:48,39) [ksoftirqd/6]
(root,0,0,00:00:00/339-15:25:48,41) [kworker/6:0H]
(root,0,0,00:02:17/339-15:25:48,42) [watchdog/7]
(root,0,0,00:01:05/339-15:25:48,43) [migration/7]
(root,0,0,00:10:54/339-15:25:48,44) [ksoftirqd/7]
(root,0,0,00:00:00/339-15:25:48,46) [kworker/7:0H]
(root,0,0,00:00:00/339-15:25:48,48) [kdevtmpfs]
(root,0,0,00:00:00/339-15:25:48,49) [netns]
(root,0,0,00:00:25/339-15:25:48,50) [khungtaskd]
(root,0,0,00:00:00/339-15:25:48,51) [writeback]
(root,0,0,00:00:00/339-15:25:48,52) [kintegrityd]
(root,0,0,00:00:00/339-15:25:48,53) [bioset]
(root,0,0,00:00:00/339-15:25:48,54) [bioset]
(root,0,0,00:00:00/339-15:25:48,55) [bioset]
(root,0,0,00:00:00/339-15:25:48,56) [kblockd]
(root,0,0,00:00:00/339-15:25:48,57) [md]
(root,0,0,00:00:00/339-15:25:48,58) [edac-poller]
(root,0,0,00:00:00/339-15:25:48,59) [watchdogd]
(root,0,0,00:58:04/339-15:25:48,66) [kswapd0]
(root,0,0,00:00:00/339-15:25:48,67) [ksmd]
(root,0,0,00:01:51/339-15:25:48,68) [khugepaged]
(root,0,0,00:00:00/339-15:25:48,69) [crypto]
(root,0,0,00:00:00/339-15:25:48,77) [kthrotld]
(root,0,0,00:00:00/339-15:25:48,80) [kmpath_rdacd]
(root,0,0,00:00:00/339-15:25:48,81) [kaluad]
(root,0,0,00:00:00/339-15:25:48,82) [kpsmoused]
(root,0,0,00:00:00/339-15:25:48,84) [ipv6_addrconf]
(root,0,0,00:00:00/339-15:25:48,97) [deferwq]
(root,0,0,00:16:00/339-15:25:47,144) [kauditd]
(root,0,0,00:00:00/339-15:25:47,368) [ata_sff]
(root,0,0,00:00:00/339-15:25:47,404) [scsi_eh_0]
(root,0,0,00:00:00/339-15:25:47,405) [scsi_tmf_0]
(root,0,0,00:00:00/339-15:25:47,406) [scsi_eh_1]
(root,0,0,00:00:00/339-15:25:47,407) [scsi_tmf_1]
(root,0,0,00:00:00/339-15:25:47,408) [scsi_eh_2]
(root,0,0,00:00:00/339-15:25:47,409) [scsi_tmf_2]
(root,0,0,00:00:00/339-15:25:47,410) [scsi_eh_3]
(root,0,0,00:00:00/339-15:25:47,411) [scsi_tmf_3]
(root,0,0,00:00:00/339-15:25:47,412) [scsi_eh_4]
(root,0,0,00:00:00/339-15:25:47,413) [scsi_tmf_4]
(root,0,0,00:00:00/339-15:25:47,414) [scsi_eh_5]
(root,0,0,00:00:00/339-15:25:47,415) [scsi_tmf_5]
(root,0,0,00:00:00/339-15:25:45,488) [kdmflush]
(root,0,0,00:00:00/339-15:25:45,489) [bioset]
(root,0,0,00:00:14/339-15:25:45,506) [kworker/0:1H]
(root,0,0,00:59:42/339-15:25:45,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/339-15:25:45,514) [ext4-rsv-conver]
(root,121440,59336,04:11:37/339-15:25:43,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/339-15:25:43,627) [kworker/4:1H]
(root,0,0,00:00:05/339-15:25:42,629) [kworker/1:1H]
(root,198572,760,00:00:00/339-15:25:42,633) /usr/sbin/lvmetad -f
(root,46060,952,00:00:00/339-15:25:42,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/339-15:25:41,644) [kworker/2:1H]
(root,0,0,00:21:01/339-15:25:41,645) [kworker/7:1H]
(root,0,0,00:00:02/339-15:25:40,687) [kworker/5:1H]
(root,0,0,00:00:00/339-15:25:40,688) [irq/125-mei_me]
(root,0,0,00:00:00/339-15:25:40,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/339-15:25:38,714) [jbd2/sda2-8]
(root,0,0,00:00:00/339-15:25:38,715) [ext4-rsv-conver]
(root,0,0,00:03:29/339-15:25:37,719) [jbd2/sda3-8]
(root,0,0,00:00:00/339-15:25:37,720) [ext4-rsv-conver]
(root,0,0,00:09:58/339-15:25:37,724) [jbd2/sdb-8]
(root,0,0,00:00:00/339-15:25:37,725) [ext4-rsv-conver]
(root,0,0,00:00:02/339-15:25:35,740) [kworker/6:1H]
(root,57704,724,00:34:29/339-15:25:25,748) /sbin/auditd
(dbus,58232,1912,01:16:21/339-15:25:24,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,2288,00:38:20/339-15:25:23,788) /usr/lib/systemd/systemd-logind
(root,229032,8904,00:12:58/339-15:25:23,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5828,01:40:25/339-15:25:23,794) /usr/sbin/nscd
(root,0,0,00:00:00/03:23:41,824) [kworker/4:2]
(root,52900,1892,00:00:18/339-15:25:23,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:16:12/339-15:25:23,849) /usr/sbin/irqbalance --foreground
(root,24208,720,00:00:00/339-15:25:23,862) /usr/sbin/atd -f
(root,124504,1372,00:06:47/339-15:25:23,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/339-15:25:23,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/339-15:25:23,869) [kworker/3:1H]
(chrony,97380,1380,00:01:57/339-15:25:23,888) /usr/sbin/chronyd
(root,113472,3144,00:30:25/339-15:25:14,1226) /usr/sbin/sshd -D
(root,1076684,13372,02:11:39/339-15:25:14,1237) /usr/sbin/rsyslogd -n
(root,27380,808,00:02:50/339-15:25:14,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,38272,01:54:18/339-15:25:13,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4200,00:14:59/339-15:25:10,1820) dnsadmin - dormant mode
(root,214612,10656,03:20:31/339-15:25:10,1825) tailwatchd
(root,183604,6564,00:13:35/339-15:25:10,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,130156,2268,00:01:48/339-15:25:10,1863) cpanellogd - sleeping for logs
(root,292800,2568,00:02:11/31-22:01:25,2272) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,6940,00:00:44/31-22:01:25,2297) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404492,6936,00:29:17/31-22:01:21,2387) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,8572,00:00:40/31-22:01:21,2391) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,0,0,00:00:00/02:23:09,5376) [kworker/5:2]
(root,231104,14236,00:18:17/94-01:04:19,6674) cpsrvd (SSL) - waiting for connections                   
(root,0,0,00:00:00/13:03:41,8204) [kworker/1:2]
(nobody,3160900,28480,00:00:55/5-23:28:48,9006) /usr/sbin/httpd -k start
(nobody,3226436,27552,00:00:55/5-23:28:44,9062) /usr/sbin/httpd -k start
(nobody,3095364,27160,00:00:57/5-23:28:37,9218) /usr/sbin/httpd -k start
(root,0,0,00:00:00/01:30:56,9480) [kworker/u16:2]
(root,0,0,00:00:01/17:14:38,10011) [kworker/4:1]
(root,0,0,00:00:00/01:23:41,10168) [kworker/2:0]
(root,3108,36,00:02:54/339-11:22:51,12075) /usr/bin/RCdaemon
(nobody,3160900,27692,00:00:55/5-22:38:01,13127) /usr/sbin/httpd -k start
(root,0,0,00:00:00/43:41,13840) [kworker/6:0]
(scliegyp,38276,3600,00:00:00/43:24,13886) dovecot/imap
(root,237408,81252,00:00:02/07:17:25,13954) spamd child
(scliegyp,38636,4356,00:00:00/37:46,14257) dovecot/imap
(root,234336,77340,00:00:00/34:35,14400) spamd child
(root,0,0,00:00:00/33:41,14562) [kworker/1:0]
(root,0,0,00:00:00/30:50,14689) [kworker/u16:1]
(scliegyp,38428,3524,00:00:00/26:45,15024) dovecot/imap
(root,151512,10304,00:00:01/07:05:13,15160) cPhulkd - dbprocessor
(scliegyp,38140,3360,00:00:00/23:54,15222) dovecot/imap
(root,0,0,00:00:00/23:41,15277) [kworker/5:1]
(scliegyp,37752,3076,00:00:00/21:52,15383) dovecot/imap
(root,0,0,00:00:00/20:41,15458) [kworker/3:0]
(root,0,0,00:00:00/18:41,15711) [kworker/0:0]
(root,0,0,00:00:00/17:41,15753) [kworker/7:1]
(root,0,0,00:00:00/14:37,15862) [kworker/6:1]
(root,0,0,00:00:00/13:38,16097) [kworker/3:1]
(dovecot,74240,5844,00:01:39/22:40:16,16307) dovecot/auth
(scliegyp,38140,3360,00:00:00/09:04,16343) dovecot/imap
(scliegyp,37752,3072,00:00:00/07:02,16503) dovecot/imap
(scliegyp,33652,4600,00:00:00/06:48,16523) dovecot/pop3
(scliegyp,32080,3712,00:00:00/06:05,16606) dovecot/pop3
(root,185004,2416,00:00:00/03:41,16782) /usr/sbin/CROND -n
(root,113280,1208,00:00:00/03:41,16788) /bin/sh -c sleep $((1 + RANDOM % 5))h $((1 + RANDOM % 60))m; /usr/local/bin/wp-toolkit update-configuration > /dev/null 2> /dev/null || /usr/local/cpanel/3rdparty/wp-toolkit/bin/wp-toolkit-installer.sh --generate-configs > /dev/null 2> /dev/null; /usr/bin/yum -y update wp-toolkit-cpanel > /dev/null 2> /dev/null
(root,108052,356,00:00:00/03:41,16794) sleep 1h 14m
(root,0,0,00:00:00/03:41,16839) [kworker/0:1]
(scliegyp,38440,3600,00:00:00/03:37,16883) dovecot/imap
(scliegyp,38432,3600,00:00:00/02:23,16964) dovecot/imap
(scliegyp,38428,3524,00:00:00/01:06,17009) dovecot/imap
(root,72960,4220,00:00:00/00:41,17023) dovecot/auth -w
(root,113500,1620,00:00:00/00:00,17145) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,17163) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,17164) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(nobody,3160900,25136,00:00:33/3-13:28:22,17767) /usr/sbin/httpd -k start
(root,0,0,00:00:01/06:23:35,18886) [kworker/7:2]
(root,235464,12080,00:14:38/100-13:08:54,18989) /usr/sbin/httpd -k start
(polkitd,610664,3204,00:27:28/339-14:27:42,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763176,26392,02:49:50/339-14:27:40,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,51596,2100,00:32:44/105-13:15:52,23691) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1204,00:12:33/105-13:15:52,23695) dovecot/anvil
(cpanelconnecttrack,9876,3080,12:10:31/105-13:15:37,24111) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(mysql,3441212,657880,07:00:45/105-13:14:36,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,189788,12536,00:10:43/105-13:14:32,25125) cPhulkd - processor
(mailnull,89176,13216,00:08:39/105-13:14:29,25204) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:07/1-10:13:42,26679) [kworker/0:2]
(root,12736,1232,00:00:14/14-19:24:00,26992) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12744,1244,00:00:13/14-19:24:00,26993) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235464,1912,00:00:00/14-19:24:00,26994) /usr/sbin/httpd -k start
(root,53088,2460,00:00:00/14-19:23:59,26995) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,2564520,1621752,07:45:47/335-19:27:58,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,33404,3480,00:01:31/302-04:41:18,29439) /sbin/rsyslogd
(root,0,0,00:00:00/04:02:41,30367) [kworker/2:1]
(dovenull,52032,6104,00:04:48/58-08:21:53,31246) dovecot/pop3-login
(dovenull,53628,7588,00:04:33/58-08:21:53,31247) dovecot/imap-login
(root,10640,1584,00:11:19/58-08:21:53,31248) dovecot/log
(dovenull,51772,6548,00:40:43/58-08:21:53,31249) dovecot/pop3-login
(dovenull,59632,12840,00:21:13/58-08:21:53,31250) dovecot/imap-login
(root,15988,2720,00:15:33/58-08:21:53,31251) dovecot/config
(dovecot,50808,3736,00:12:17/58-08:21:53,31252) dovecot/stats
(dovecot,10404,1524,00:01:58/58-08:21:17,31510) dovecot/imap-hibernate

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-18 00:03

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10f7a28838

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4100,03:01:49/337-13:42:03,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:05/337-13:42:03,2) [kthreadd]
(root,0,0,00:00:00/337-13:42:03,4) [kworker/0:0H]
(root,0,0,00:37:20/337-13:42:03,6) [ksoftirqd/0]
(root,0,0,00:00:02/337-13:42:03,7) [migration/0]
(root,0,0,00:00:00/337-13:42:03,8) [rcu_bh]
(root,0,0,05:05:40/337-13:42:03,9) [rcu_sched]
(root,0,0,00:00:00/337-13:42:03,10) [lru-add-drain]
(root,0,0,00:02:39/337-13:42:03,11) [watchdog/0]
(root,0,0,00:02:12/337-13:42:03,12) [watchdog/1]
(root,0,0,00:00:01/337-13:42:03,13) [migration/1]
(root,0,0,00:00:15/337-13:42:03,14) [ksoftirqd/1]
(root,0,0,00:00:00/337-13:42:03,16) [kworker/1:0H]
(root,0,0,00:02:12/337-13:42:03,17) [watchdog/2]
(root,0,0,00:00:02/337-13:42:03,18) [migration/2]
(root,0,0,00:00:14/337-13:42:03,19) [ksoftirqd/2]
(root,0,0,00:00:00/337-13:42:03,21) [kworker/2:0H]
(root,0,0,00:02:15/337-13:42:03,22) [watchdog/3]
(root,0,0,00:00:01/337-13:42:03,23) [migration/3]
(root,0,0,00:00:13/337-13:42:03,24) [ksoftirqd/3]
(root,0,0,00:00:00/337-13:42:03,26) [kworker/3:0H]
(root,0,0,00:02:09/337-13:42:03,27) [watchdog/4]
(root,0,0,00:01:10/337-13:42:03,28) [migration/4]
(root,0,0,00:00:22/337-13:42:03,29) [ksoftirqd/4]
(root,0,0,00:00:00/337-13:42:03,31) [kworker/4:0H]
(root,0,0,00:02:04/337-13:42:03,32) [watchdog/5]
(root,0,0,00:01:30/337-13:42:03,33) [migration/5]
(root,0,0,00:00:29/337-13:42:03,34) [ksoftirqd/5]
(root,0,0,00:00:00/337-13:42:03,36) [kworker/5:0H]
(root,0,0,00:02:04/337-13:42:03,37) [watchdog/6]
(root,0,0,00:01:06/337-13:42:03,38) [migration/6]
(root,0,0,00:00:29/337-13:42:03,39) [ksoftirqd/6]
(root,0,0,00:00:00/337-13:42:03,41) [kworker/6:0H]
(root,0,0,00:02:16/337-13:42:03,42) [watchdog/7]
(root,0,0,00:01:04/337-13:42:03,43) [migration/7]
(root,0,0,00:10:50/337-13:42:03,44) [ksoftirqd/7]
(root,0,0,00:00:00/337-13:42:03,46) [kworker/7:0H]
(root,0,0,00:00:00/337-13:42:03,48) [kdevtmpfs]
(root,0,0,00:00:00/337-13:42:03,49) [netns]
(root,0,0,00:00:25/337-13:42:03,50) [khungtaskd]
(root,0,0,00:00:00/337-13:42:03,51) [writeback]
(root,0,0,00:00:00/337-13:42:03,52) [kintegrityd]
(root,0,0,00:00:00/337-13:42:03,53) [bioset]
(root,0,0,00:00:00/337-13:42:03,54) [bioset]
(root,0,0,00:00:00/337-13:42:03,55) [bioset]
(root,0,0,00:00:00/337-13:42:03,56) [kblockd]
(root,0,0,00:00:00/337-13:42:03,57) [md]
(root,0,0,00:00:00/337-13:42:03,58) [edac-poller]
(root,0,0,00:00:00/337-13:42:03,59) [watchdogd]
(root,0,0,00:57:54/337-13:42:03,66) [kswapd0]
(root,0,0,00:00:00/337-13:42:03,67) [ksmd]
(root,0,0,00:01:51/337-13:42:03,68) [khugepaged]
(root,0,0,00:00:00/337-13:42:03,69) [crypto]
(root,0,0,00:00:00/337-13:42:03,77) [kthrotld]
(root,0,0,00:00:00/337-13:42:03,80) [kmpath_rdacd]
(root,0,0,00:00:00/337-13:42:03,81) [kaluad]
(root,0,0,00:00:00/337-13:42:03,82) [kpsmoused]
(root,0,0,00:00:00/337-13:42:03,84) [ipv6_addrconf]
(root,0,0,00:00:00/337-13:42:03,97) [deferwq]
(root,0,0,00:15:55/337-13:42:02,144) [kauditd]
(root,0,0,00:00:00/337-13:42:02,368) [ata_sff]
(root,0,0,00:00:00/337-13:42:02,404) [scsi_eh_0]
(root,0,0,00:00:00/337-13:42:02,405) [scsi_tmf_0]
(root,0,0,00:00:00/337-13:42:02,406) [scsi_eh_1]
(root,0,0,00:00:00/337-13:42:02,407) [scsi_tmf_1]
(root,0,0,00:00:00/337-13:42:02,408) [scsi_eh_2]
(root,0,0,00:00:00/337-13:42:02,409) [scsi_tmf_2]
(root,0,0,00:00:00/337-13:42:02,410) [scsi_eh_3]
(root,0,0,00:00:00/337-13:42:02,411) [scsi_tmf_3]
(root,0,0,00:00:00/337-13:42:02,412) [scsi_eh_4]
(root,0,0,00:00:00/337-13:42:02,413) [scsi_tmf_4]
(root,0,0,00:00:00/337-13:42:02,414) [scsi_eh_5]
(root,0,0,00:00:00/337-13:42:02,415) [scsi_tmf_5]
(root,0,0,00:00:00/337-13:42:00,488) [kdmflush]
(root,0,0,00:00:00/337-13:42:00,489) [bioset]
(root,0,0,00:00:14/337-13:42:00,506) [kworker/0:1H]
(root,0,0,00:59:22/337-13:42:00,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/337-13:42:00,514) [ext4-rsv-conver]
(root,47640,9828,04:10:17/337-13:41:58,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/337-13:41:58,627) [kworker/4:1H]
(root,0,0,00:00:05/337-13:41:57,629) [kworker/1:1H]
(root,198572,760,00:00:00/337-13:41:57,633) /usr/sbin/lvmetad -f
(root,46060,952,00:00:00/337-13:41:57,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/337-13:41:56,644) [kworker/2:1H]
(root,0,0,00:20:56/337-13:41:56,645) [kworker/7:1H]
(root,0,0,00:00:02/337-13:41:55,687) [kworker/5:1H]
(root,0,0,00:00:00/337-13:41:55,688) [irq/125-mei_me]
(root,0,0,00:00:00/337-13:41:55,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/337-13:41:53,714) [jbd2/sda2-8]
(root,0,0,00:00:00/337-13:41:53,715) [ext4-rsv-conver]
(root,0,0,00:03:28/337-13:41:52,719) [jbd2/sda3-8]
(root,0,0,00:00:00/337-13:41:52,720) [ext4-rsv-conver]
(root,0,0,00:09:55/337-13:41:52,724) [jbd2/sdb-8]
(root,0,0,00:00:00/337-13:41:52,725) [ext4-rsv-conver]
(root,0,0,00:00:02/337-13:41:50,740) [kworker/6:1H]
(root,57704,724,00:34:17/337-13:41:40,748) /sbin/auditd
(dbus,58232,1904,01:15:54/337-13:41:39,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,2288,00:38:06/337-13:41:38,788) /usr/lib/systemd/systemd-logind
(root,229032,8948,00:12:53/337-13:41:38,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5824,01:39:56/337-13:41:38,794) /usr/sbin/nscd
(root,52900,1892,00:00:18/337-13:41:38,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:15:43/337-13:41:38,849) /usr/sbin/irqbalance --foreground
(root,24208,720,00:00:00/337-13:41:38,862) /usr/sbin/atd -f
(root,124504,1372,00:06:45/337-13:41:38,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/337-13:41:38,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/337-13:41:38,869) [kworker/3:1H]
(chrony,97380,1380,00:01:56/337-13:41:38,888) /usr/sbin/chronyd
(root,113472,3148,00:30:15/337-13:41:29,1226) /usr/sbin/sshd -D
(root,1068172,8092,02:10:56/337-13:41:29,1237) /usr/sbin/rsyslogd -n
(root,27380,792,00:02:50/337-13:41:29,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,38260,01:53:36/337-13:41:28,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4192,00:14:53/337-13:41:25,1820) dnsadmin - dormant mode
(root,214612,10672,03:19:16/337-13:41:25,1825) tailwatchd
(root,183604,6556,00:13:31/337-13:41:25,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,130156,2268,00:01:47/337-13:41:25,1863) cpanellogd - sleeping for logs
(root,292800,2580,00:02:03/29-20:17:40,2272) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,6940,00:00:41/29-20:17:40,2297) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404492,6936,00:27:22/29-20:17:36,2387) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,8576,00:00:38/29-20:17:36,2391) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,251932,97240,00:00:27/08:41:03,3447) spamd child
(root,246472,91028,00:00:03/08:41:03,3448) spamd child
(root,0,0,00:00:00/02:04:54,3510) [kworker/5:2]
(root,0,0,00:00:00/01:29:58,6558) [kworker/4:0]
(root,231104,14240,00:17:57/91-23:20:34,6674) cpsrvd (SSL) - waiting for connections                   
(root,151544,10324,00:00:05/1-03:13:47,6799) cPhulkd - dbprocessor
(root,0,0,00:00:00/01:18:58,7460) [kworker/0:1]
(nobody,3095364,26928,00:00:35/3-21:45:03,9006) /usr/sbin/httpd -k start
(nobody,3226436,26852,00:00:34/3-21:44:59,9062) /usr/sbin/httpd -k start
(nobody,3095364,26072,00:00:36/3-21:44:52,9218) /usr/sbin/httpd -k start
(root,0,0,00:00:00/54:57,9477) [kworker/0:0]
(root,0,0,00:00:00/53:50,9576) [kworker/4:2]
(root,0,0,00:00:00/44:57,10253) [kworker/3:1]
(scliegyp,42596,7996,00:00:00/44:46,10258) dovecot/imap
(root,0,0,00:00:00/38:57,10655) [kworker/1:1]
(root,0,0,00:00:00/21:44,11972) [kworker/u16:2]
(root,3108,36,00:02:52/337-09:39:06,12075) /usr/bin/RCdaemon
(root,0,0,00:00:00/19:57,12193) [kworker/5:1]
(scliegyp,38428,3524,00:00:00/17:23,12362) dovecot/imap
(scliegyp,38436,3600,00:00:00/14:57,12639) dovecot/imap
(root,0,0,00:00:00/10:57,12782) [kworker/7:1]
(root,0,0,00:00:00/09:57,12945) [kworker/2:2]
(scliegyp,39832,5256,00:00:00/08:38,13039) dovecot/imap
(scliegyp,39832,5256,00:00:00/08:35,13040) dovecot/imap
(scliegyp,39832,5252,00:00:00/08:33,13041) dovecot/imap
(scliegyp,39832,5252,00:00:00/08:31,13042) dovecot/imap
(root,0,0,00:00:00/07:42,13068) [kworker/u16:0]
(nobody,3160900,26600,00:00:35/3-20:54:16,13127) /usr/sbin/httpd -k start
(root,72960,4268,00:00:00/04:10,13409) dovecot/auth -w
(scliegyp,38284,3588,00:00:00/02:48,13500) dovecot/imap
(scliegyp,31588,3440,00:00:00/02:39,13505) dovecot/pop3
(root,62904,4572,00:00:00/00:39,13625) dovecot/lmtp
(scliegyp,31840,3616,00:00:00/00:35,13675) dovecot/pop3
(scliegyp,39732,3988,00:00:00/00:28,13676) dovecot/imap
(root,0,0,00:00:00/00:03,13701) [cpsrvd (SSL) - ] <defunct>
(root,0,0,00:00:00/00:02,13702) [cpaneld - servi] <defunct>
(root,113500,1620,00:00:00/00:00,13742) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,13760) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,13761) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/13:04:57,13920) [kworker/1:0]
(nobody,3160900,24052,00:00:13/1-11:44:37,17767) /usr/sbin/httpd -k start
(root,235464,12080,00:14:20/98-11:25:09,18989) /usr/sbin/httpd -k start
(dovecot,74292,5896,00:08:43/7-18:37:57,19283) dovecot/auth
(polkitd,610664,2764,00:27:18/337-12:43:57,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763176,26404,02:48:47/337-12:43:55,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,0,0,00:00:03/11:37:58,21635) [kworker/7:0]
(root,0,0,00:00:00/11:30:56,22130) [kworker/6:2]
(root,51596,2100,00:32:12/103-11:32:07,23691) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1204,00:12:22/103-11:32:07,23695) dovecot/anvil
(cpanelconnecttrack,9876,3084,11:56:19/103-11:31:52,24111) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(mysql,3441212,661168,06:53:01/103-11:30:51,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,189788,12548,00:10:30/103-11:30:47,25125) cPhulkd - processor
(mailnull,89184,13180,00:08:30/103-11:30:44,25204) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,12732,1232,00:00:12/12-17:40:15,26992) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12740,1244,00:00:12/12-17:40:15,26993) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235464,1912,00:00:00/12-17:40:15,26994) /usr/sbin/httpd -k start
(root,53088,2460,00:00:00/12-17:40:14,26995) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,0,0,00:00:01/1-05:33:58,27323) [kworker/3:2]
(root,2564504,1613904,07:43:24/333-17:44:13,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,0,0,00:00:00/16:30:56,28634) [kworker/2:1]
(root,33404,3480,00:01:31/300-02:57:33,29439) /sbin/rsyslogd
(dovenull,52064,6068,00:04:42/56-06:38:08,31246) dovecot/pop3-login
(dovenull,53628,7588,00:04:23/56-06:38:08,31247) dovecot/imap-login
(root,10640,1588,00:11:01/56-06:38:08,31248) dovecot/log
(dovenull,51688,6432,00:39:47/56-06:38:08,31249) dovecot/pop3-login
(dovenull,59640,12732,00:20:23/56-06:38:08,31250) dovecot/imap-login
(root,15988,2728,00:15:07/56-06:38:08,31251) dovecot/config
(dovecot,50684,3472,00:11:57/56-06:38:08,31252) dovecot/stats
(dovecot,10404,1524,00:01:53/56-06:37:32,31510) dovecot/imap-hibernate
(root,0,0,00:00:00/02:44:58,32760) [kworker/6:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-15 22:19

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb108e423c21

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4100,03:00:45/335-13:34:24,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:05/335-13:34:24,2) [kthreadd]
(root,0,0,00:00:00/335-13:34:24,4) [kworker/0:0H]
(root,0,0,00:37:08/335-13:34:24,6) [ksoftirqd/0]
(root,0,0,00:00:02/335-13:34:24,7) [migration/0]
(root,0,0,00:00:00/335-13:34:24,8) [rcu_bh]
(root,0,0,05:04:01/335-13:34:24,9) [rcu_sched]
(root,0,0,00:00:00/335-13:34:24,10) [lru-add-drain]
(root,0,0,00:02:38/335-13:34:24,11) [watchdog/0]
(root,0,0,00:02:11/335-13:34:24,12) [watchdog/1]
(root,0,0,00:00:01/335-13:34:24,13) [migration/1]
(root,0,0,00:00:15/335-13:34:24,14) [ksoftirqd/1]
(root,0,0,00:00:00/335-13:34:24,16) [kworker/1:0H]
(root,0,0,00:02:11/335-13:34:24,17) [watchdog/2]
(root,0,0,00:00:02/335-13:34:24,18) [migration/2]
(root,0,0,00:00:14/335-13:34:24,19) [ksoftirqd/2]
(root,0,0,00:00:00/335-13:34:24,21) [kworker/2:0H]
(root,0,0,00:02:14/335-13:34:24,22) [watchdog/3]
(root,0,0,00:00:01/335-13:34:24,23) [migration/3]
(root,0,0,00:00:13/335-13:34:24,24) [ksoftirqd/3]
(root,0,0,00:00:00/335-13:34:24,26) [kworker/3:0H]
(root,0,0,00:02:09/335-13:34:24,27) [watchdog/4]
(root,0,0,00:01:10/335-13:34:24,28) [migration/4]
(root,0,0,00:00:21/335-13:34:24,29) [ksoftirqd/4]
(root,0,0,00:00:00/335-13:34:24,31) [kworker/4:0H]
(root,0,0,00:02:04/335-13:34:24,32) [watchdog/5]
(root,0,0,00:01:29/335-13:34:24,33) [migration/5]
(root,0,0,00:00:29/335-13:34:24,34) [ksoftirqd/5]
(root,0,0,00:00:00/335-13:34:24,36) [kworker/5:0H]
(root,0,0,00:02:03/335-13:34:24,37) [watchdog/6]
(root,0,0,00:01:06/335-13:34:24,38) [migration/6]
(root,0,0,00:00:28/335-13:34:24,39) [ksoftirqd/6]
(root,0,0,00:00:00/335-13:34:24,41) [kworker/6:0H]
(root,0,0,00:02:16/335-13:34:24,42) [watchdog/7]
(root,0,0,00:01:04/335-13:34:24,43) [migration/7]
(root,0,0,00:10:45/335-13:34:24,44) [ksoftirqd/7]
(root,0,0,00:00:00/335-13:34:24,46) [kworker/7:0H]
(root,0,0,00:00:00/335-13:34:24,48) [kdevtmpfs]
(root,0,0,00:00:00/335-13:34:24,49) [netns]
(root,0,0,00:00:25/335-13:34:24,50) [khungtaskd]
(root,0,0,00:00:00/335-13:34:24,51) [writeback]
(root,0,0,00:00:00/335-13:34:24,52) [kintegrityd]
(root,0,0,00:00:00/335-13:34:24,53) [bioset]
(root,0,0,00:00:00/335-13:34:24,54) [bioset]
(root,0,0,00:00:00/335-13:34:24,55) [bioset]
(root,0,0,00:00:00/335-13:34:24,56) [kblockd]
(root,0,0,00:00:00/335-13:34:24,57) [md]
(root,0,0,00:00:00/335-13:34:24,58) [edac-poller]
(root,0,0,00:00:00/335-13:34:24,59) [watchdogd]
(root,0,0,00:57:40/335-13:34:24,66) [kswapd0]
(root,0,0,00:00:00/335-13:34:24,67) [ksmd]
(root,0,0,00:01:50/335-13:34:24,68) [khugepaged]
(root,0,0,00:00:00/335-13:34:24,69) [crypto]
(root,0,0,00:00:00/335-13:34:24,77) [kthrotld]
(root,0,0,00:00:00/335-13:34:24,80) [kmpath_rdacd]
(root,0,0,00:00:00/335-13:34:24,81) [kaluad]
(root,0,0,00:00:00/335-13:34:24,82) [kpsmoused]
(root,0,0,00:00:00/335-13:34:24,84) [ipv6_addrconf]
(root,0,0,00:00:00/335-13:34:24,97) [deferwq]
(root,0,0,00:15:50/335-13:34:23,144) [kauditd]
(root,0,0,00:00:00/335-13:34:23,368) [ata_sff]
(root,0,0,00:00:00/335-13:34:23,404) [scsi_eh_0]
(root,0,0,00:00:00/335-13:34:23,405) [scsi_tmf_0]
(root,0,0,00:00:00/335-13:34:23,406) [scsi_eh_1]
(root,0,0,00:00:00/335-13:34:23,407) [scsi_tmf_1]
(root,0,0,00:00:00/335-13:34:23,408) [scsi_eh_2]
(root,0,0,00:00:00/335-13:34:23,409) [scsi_tmf_2]
(root,0,0,00:00:00/335-13:34:23,410) [scsi_eh_3]
(root,0,0,00:00:00/335-13:34:23,411) [scsi_tmf_3]
(root,0,0,00:00:00/335-13:34:23,412) [scsi_eh_4]
(root,0,0,00:00:00/335-13:34:23,413) [scsi_tmf_4]
(root,0,0,00:00:00/335-13:34:23,414) [scsi_eh_5]
(root,0,0,00:00:00/335-13:34:23,415) [scsi_tmf_5]
(root,0,0,00:00:00/335-13:34:21,488) [kdmflush]
(root,0,0,00:00:00/335-13:34:21,489) [bioset]
(root,0,0,00:00:14/335-13:34:21,506) [kworker/0:1H]
(root,0,0,00:59:00/335-13:34:21,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/335-13:34:21,514) [ext4-rsv-conver]
(root,117348,58388,04:08:51/335-13:34:19,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/335-13:34:19,627) [kworker/4:1H]
(root,0,0,00:00:05/335-13:34:18,629) [kworker/1:1H]
(root,198572,760,00:00:00/335-13:34:18,633) /usr/sbin/lvmetad -f
(root,46060,952,00:00:00/335-13:34:18,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/335-13:34:17,644) [kworker/2:1H]
(root,0,0,00:20:49/335-13:34:17,645) [kworker/7:1H]
(root,0,0,00:00:02/335-13:34:16,687) [kworker/5:1H]
(root,0,0,00:00:00/335-13:34:16,688) [irq/125-mei_me]
(root,0,0,00:00:00/335-13:34:16,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/335-13:34:14,714) [jbd2/sda2-8]
(root,0,0,00:00:00/335-13:34:14,715) [ext4-rsv-conver]
(root,0,0,00:03:15/335-13:34:13,719) [jbd2/sda3-8]
(root,0,0,00:00:00/335-13:34:13,720) [ext4-rsv-conver]
(root,0,0,00:09:47/335-13:34:13,724) [jbd2/sdb-8]
(root,0,0,00:00:00/335-13:34:13,725) [ext4-rsv-conver]
(root,0,0,00:00:01/335-13:34:11,740) [kworker/6:1H]
(root,57704,724,00:34:06/335-13:34:01,748) /sbin/auditd
(dbus,58232,1904,01:15:28/335-13:34:00,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,2316,00:37:54/335-13:33:59,788) /usr/lib/systemd/systemd-logind
(root,229032,8996,00:12:48/335-13:33:59,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5784,01:39:26/335-13:33:59,794) /usr/sbin/nscd
(root,52900,1892,00:00:18/335-13:33:59,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:15:18/335-13:33:59,849) /usr/sbin/irqbalance --foreground
(root,24208,720,00:00:00/335-13:33:59,862) /usr/sbin/atd -f
(root,124504,1372,00:06:42/335-13:33:59,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/335-13:33:59,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/335-13:33:59,869) [kworker/3:1H]
(chrony,97380,1352,00:01:56/335-13:33:59,888) /usr/sbin/chronyd
(root,113472,3148,00:30:03/335-13:33:50,1226) /usr/sbin/sshd -D
(root,1076684,12784,02:10:12/335-13:33:50,1237) /usr/sbin/rsyslogd -n
(root,27380,744,00:02:50/335-13:33:50,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,38676,01:52:57/335-13:33:49,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,0,0,00:00:00/02:11:20,1751) [kworker/3:2]
(root,167288,4196,00:14:48/335-13:33:46,1820) dnsadmin - dormant mode
(root,214612,10652,03:18:06/335-13:33:46,1825) tailwatchd
(root,263628,24280,00:13:26/335-13:33:46,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078
(root,130156,2268,00:01:47/335-13:33:46,1863) cpanellogd - sleeping for logs
(root,292800,2580,00:01:55/27-20:10:01,2272) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,6940,00:00:38/27-20:10:01,2297) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404492,6952,00:25:36/27-20:09:57,2387) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,8036,00:00:35/27-20:09:57,2391) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,0,0,00:00:00/02:02:19,2568) [kworker/5:1]
(root,0,0,00:00:01/02:01:34,2630) [kworker/u16:2]
(root,0,0,00:00:01/1-06:23:20,4274) [kworker/5:0]
(root,0,0,00:00:00/01:23:19,5835) [kworker/4:0]
(root,0,0,00:00:00/01:12:58,6617) [kworker/7:1]
(root,231104,14224,00:17:37/89-23:12:55,6674) cpsrvd (SSL) - waiting for connections                   
(root,151548,10320,00:00:01/06:52:35,8502) cPhulkd - dbprocessor
(root,0,0,00:00:00/47:19,8740) [kworker/7:0]
(nobody,3029828,24064,00:00:17/1-21:37:24,9006) /usr/sbin/httpd -k start
(nobody,3226436,23968,00:00:17/1-21:37:20,9062) /usr/sbin/httpd -k start
(nobody,3095364,23288,00:00:18/1-21:37:13,9218) /usr/sbin/httpd -k start
(root,0,0,00:00:00/42:16,9342) [kworker/1:1]
(root,0,0,00:00:00/38:42,9495) [kworker/0:0]
(root,0,0,00:00:00/37:19,9715) [kworker/6:2]
(scliegyp,38168,3372,00:00:00/26:50,10468) dovecot/imap
(scliegyp,37752,3072,00:00:00/24:49,10570) dovecot/imap
(root,0,0,00:00:00/22:19,10875) [kworker/0:1]
(scliegyp,48276,11816,00:00:04/15:30,11332) dovecot/pop3
(root,0,0,00:00:00/12:20,11584) [kworker/2:2]
(scliegyp,38168,3380,00:00:00/12:03,11639) dovecot/imap
(scliegyp,39272,4596,00:00:00/09:12,11846) dovecot/imap
(scliegyp,37752,3072,00:00:00/07:35,12036) dovecot/imap
(root,3108,36,00:02:51/335-09:31:27,12075) /usr/bin/RCdaemon
(root,248400,94260,00:00:34/06:16:58,12181) spamd child
(scliegyp,40676,9004,00:00:00/04:54,12316) dovecot/pop3
(scliegyp,38432,3540,00:00:00/04:17,12352) dovecot/imap
(root,0,0,00:00:03/06:13:03,12493) [kworker/u16:0]
(root,0,0,00:00:00/02:19,12587) [kworker/4:2]
(root,72960,4260,00:00:00/01:26,12644) dovecot/auth -w
(scliegyp,29056,2580,00:00:00/00:46,12676) dovecot/quota-status -p postfix
(scliegyp,65212,7404,00:00:00/00:37,12687) dovecot/lmtp
(root,0,0,00:00:00/00:21,12707) [cpsrvd (SSL) - ] <defunct>
(scliegyp,38924,4580,00:00:00/00:13,12716) dovecot/imap
(root,113472,4596,00:00:00/00:01,12722) sshd: [accepted]
(sshd,113472,1752,00:00:00/00:01,12723) sshd: [net]
(root,113500,1624,00:00:00/00:00,12738) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,12759) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,944,00:00:00/00:00,12760) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(nobody,3160900,22440,00:00:18/1-20:46:37,13127) /usr/sbin/httpd -k start
(root,0,0,00:00:01/1-04:30:20,15717) [kworker/3:1]
(root,0,0,00:00:01/21:37:17,15747) [kworker/2:0]
(root,240224,82576,00:00:02/05:17:57,17725) spamd child
(root,235464,12104,00:14:03/96-11:17:30,18989) /usr/sbin/httpd -k start
(dovecot,74268,5872,00:06:10/5-18:30:18,19283) dovecot/auth
(polkitd,610664,2764,00:27:09/335-12:36:18,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763176,26496,02:47:50/335-12:36:16,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,51596,2100,00:31:41/101-11:24:28,23691) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1204,00:12:11/101-11:24:28,23695) dovecot/anvil
(root,0,0,00:00:01/1-08:37:19,24091) [kworker/6:1]
(cpanelconnecttrack,9876,3084,11:37:53/101-11:24:13,24111) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(mysql,3441212,625328,06:45:27/101-11:23:12,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,189788,12532,00:10:18/101-11:23:08,25125) cPhulkd - processor
(mailnull,89184,13180,00:08:22/101-11:23:05,25204) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,12732,1232,00:00:11/10-17:32:36,26992) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12740,1244,00:00:10/10-17:32:36,26993) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235464,1944,00:00:00/10-17:32:36,26994) /usr/sbin/httpd -k start
(root,53088,8228,00:00:00/10-17:32:35,26995) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,2564796,1626688,07:40:16/331-17:36:34,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,0,0,00:00:00/08:47:19,29024) [kworker/1:2]
(root,33404,3480,00:01:30/298-02:49:54,29439) /sbin/rsyslogd
(root,0,0,00:00:01/18:37:55,30147) [kworker/4:1]
(dovenull,52064,6108,00:04:34/54-06:30:29,31246) dovecot/pop3-login
(dovenull,53628,7596,00:04:10/54-06:30:29,31247) dovecot/imap-login
(root,10640,1588,00:10:43/54-06:30:29,31248) dovecot/log
(dovenull,51684,6344,00:38:58/54-06:30:29,31249) dovecot/pop3-login
(dovenull,59640,12788,00:19:47/54-06:30:29,31250) dovecot/imap-login
(root,15988,2728,00:14:42/54-06:30:29,31251) dovecot/config
(dovecot,50684,3472,00:11:37/54-06:30:29,31252) dovecot/stats
(dovecot,10404,1524,00:01:49/54-06:29:53,31510) dovecot/imap-hibernate

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-13 22:12

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb102116184f

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4100,02:59:42/333-14:17:54,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:05/333-14:17:54,2) [kthreadd]
(root,0,0,00:00:00/333-14:17:54,4) [kworker/0:0H]
(root,0,0,00:36:58/333-14:17:54,6) [ksoftirqd/0]
(root,0,0,00:00:02/333-14:17:54,7) [migration/0]
(root,0,0,00:00:00/333-14:17:54,8) [rcu_bh]
(root,0,0,05:02:06/333-14:17:54,9) [rcu_sched]
(root,0,0,00:00:00/333-14:17:54,10) [lru-add-drain]
(root,0,0,00:02:37/333-14:17:54,11) [watchdog/0]
(root,0,0,00:02:10/333-14:17:54,12) [watchdog/1]
(root,0,0,00:00:01/333-14:17:54,13) [migration/1]
(root,0,0,00:00:15/333-14:17:54,14) [ksoftirqd/1]
(root,0,0,00:00:00/333-14:17:54,16) [kworker/1:0H]
(root,0,0,00:02:10/333-14:17:54,17) [watchdog/2]
(root,0,0,00:00:02/333-14:17:54,18) [migration/2]
(root,0,0,00:00:14/333-14:17:54,19) [ksoftirqd/2]
(root,0,0,00:00:00/333-14:17:54,21) [kworker/2:0H]
(root,0,0,00:02:13/333-14:17:54,22) [watchdog/3]
(root,0,0,00:00:01/333-14:17:54,23) [migration/3]
(root,0,0,00:00:13/333-14:17:54,24) [ksoftirqd/3]
(root,0,0,00:00:00/333-14:17:54,26) [kworker/3:0H]
(root,0,0,00:02:08/333-14:17:54,27) [watchdog/4]
(root,0,0,00:01:10/333-14:17:54,28) [migration/4]
(root,0,0,00:00:21/333-14:17:54,29) [ksoftirqd/4]
(root,0,0,00:00:00/333-14:17:54,31) [kworker/4:0H]
(root,0,0,00:02:03/333-14:17:54,32) [watchdog/5]
(root,0,0,00:01:29/333-14:17:54,33) [migration/5]
(root,0,0,00:00:29/333-14:17:54,34) [ksoftirqd/5]
(root,0,0,00:00:00/333-14:17:54,36) [kworker/5:0H]
(root,0,0,00:02:03/333-14:17:54,37) [watchdog/6]
(root,0,0,00:01:06/333-14:17:54,38) [migration/6]
(root,0,0,00:00:28/333-14:17:54,39) [ksoftirqd/6]
(root,0,0,00:00:00/333-14:17:54,41) [kworker/6:0H]
(root,0,0,00:02:15/333-14:17:54,42) [watchdog/7]
(root,0,0,00:01:04/333-14:17:54,43) [migration/7]
(root,0,0,00:10:41/333-14:17:54,44) [ksoftirqd/7]
(root,0,0,00:00:00/333-14:17:54,46) [kworker/7:0H]
(root,0,0,00:00:00/333-14:17:54,48) [kdevtmpfs]
(root,0,0,00:00:00/333-14:17:54,49) [netns]
(root,0,0,00:00:24/333-14:17:54,50) [khungtaskd]
(root,0,0,00:00:00/333-14:17:54,51) [writeback]
(root,0,0,00:00:00/333-14:17:54,52) [kintegrityd]
(root,0,0,00:00:00/333-14:17:54,53) [bioset]
(root,0,0,00:00:00/333-14:17:54,54) [bioset]
(root,0,0,00:00:00/333-14:17:54,55) [bioset]
(root,0,0,00:00:00/333-14:17:54,56) [kblockd]
(root,0,0,00:00:00/333-14:17:54,57) [md]
(root,0,0,00:00:00/333-14:17:54,58) [edac-poller]
(root,0,0,00:00:00/333-14:17:54,59) [watchdogd]
(root,0,0,00:57:22/333-14:17:54,66) [kswapd0]
(root,0,0,00:00:00/333-14:17:54,67) [ksmd]
(root,0,0,00:01:50/333-14:17:54,68) [khugepaged]
(root,0,0,00:00:00/333-14:17:54,69) [crypto]
(root,0,0,00:00:00/333-14:17:54,77) [kthrotld]
(root,0,0,00:00:00/333-14:17:54,80) [kmpath_rdacd]
(root,0,0,00:00:00/333-14:17:54,81) [kaluad]
(root,0,0,00:00:00/333-14:17:54,82) [kpsmoused]
(root,0,0,00:00:00/333-14:17:54,84) [ipv6_addrconf]
(root,0,0,00:00:00/333-14:17:54,97) [deferwq]
(root,0,0,00:15:45/333-14:17:53,144) [kauditd]
(root,0,0,00:00:00/05:48,359) [kworker/7:1]
(root,0,0,00:00:00/333-14:17:53,368) [ata_sff]
(root,0,0,00:00:00/333-14:17:53,404) [scsi_eh_0]
(root,0,0,00:00:00/333-14:17:53,405) [scsi_tmf_0]
(root,0,0,00:00:00/333-14:17:53,406) [scsi_eh_1]
(root,0,0,00:00:00/333-14:17:53,407) [scsi_tmf_1]
(root,0,0,00:00:00/333-14:17:53,408) [scsi_eh_2]
(root,0,0,00:00:00/333-14:17:53,409) [scsi_tmf_2]
(root,0,0,00:00:00/333-14:17:53,410) [scsi_eh_3]
(root,0,0,00:00:00/333-14:17:53,411) [scsi_tmf_3]
(root,0,0,00:00:00/333-14:17:53,412) [scsi_eh_4]
(root,0,0,00:00:00/333-14:17:53,413) [scsi_tmf_4]
(root,0,0,00:00:00/333-14:17:53,414) [scsi_eh_5]
(root,0,0,00:00:00/333-14:17:53,415) [scsi_tmf_5]
(root,0,0,00:00:00/333-14:17:51,488) [kdmflush]
(root,0,0,00:00:00/333-14:17:51,489) [bioset]
(root,0,0,00:00:14/333-14:17:51,506) [kworker/0:1H]
(root,0,0,00:58:39/333-14:17:51,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/333-14:17:51,514) [ext4-rsv-conver]
(root,170804,100488,04:07:22/333-14:17:49,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/333-14:17:49,627) [kworker/4:1H]
(root,0,0,00:00:05/333-14:17:48,629) [kworker/1:1H]
(scliegyp,29056,2576,00:00:00/01:19,632) dovecot/quota-status -p postfix
(root,198572,760,00:00:00/333-14:17:48,633) /usr/sbin/lvmetad -f
(root,46060,952,00:00:00/333-14:17:48,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/333-14:17:47,644) [kworker/2:1H]
(root,0,0,00:20:44/333-14:17:47,645) [kworker/7:1H]
(root,0,0,00:00:02/333-14:17:46,687) [kworker/5:1H]
(root,0,0,00:00:00/333-14:17:46,688) [irq/125-mei_me]
(root,0,0,00:00:00/333-14:17:46,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/333-14:17:44,714) [jbd2/sda2-8]
(root,0,0,00:00:00/333-14:17:44,715) [ext4-rsv-conver]
(root,0,0,00:03:09/333-14:17:43,719) [jbd2/sda3-8]
(root,0,0,00:00:00/333-14:17:43,720) [ext4-rsv-conver]
(root,0,0,00:09:44/333-14:17:43,724) [jbd2/sdb-8]
(root,0,0,00:00:00/333-14:17:43,725) [ext4-rsv-conver]
(root,0,0,00:00:01/333-14:17:41,740) [kworker/6:1H]
(root,57704,724,00:33:55/333-14:17:31,748) /sbin/auditd
(dbus,58232,1912,01:15:03/333-14:17:30,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,2320,00:37:41/333-14:17:29,788) /usr/lib/systemd/systemd-logind
(root,229032,9252,00:12:43/333-14:17:29,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5860,01:38:55/333-14:17:29,794) /usr/sbin/nscd
(root,62904,4568,00:00:00/00:35,802) dovecot/lmtp
(root,52900,1892,00:00:18/333-14:17:29,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:14:52/333-14:17:29,849) /usr/sbin/irqbalance --foreground
(root,24208,720,00:00:00/333-14:17:29,862) /usr/sbin/atd -f
(root,124504,1372,00:06:40/333-14:17:29,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/333-14:17:29,866) /sbin/agetty --noclear tty1 linux
(mailnull,89320,9688,00:00:00/00:23,868) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:01/333-14:17:29,869) [kworker/3:1H]
(root,189788,11068,00:00:00/00:11,870) cPhulkd - processor - http socket
(root,72960,4256,00:00:00/00:11,871) dovecot/auth -w
(root,0,0,00:00:00/00:10,874) [cpsrvd (SSL) - ] <defunct>
(chrony,97380,1380,00:01:55/333-14:17:29,888) /usr/sbin/chronyd
(root,113500,1620,00:00:00/00:01,903) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,921) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,922) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,343076,185172,00:00:19/06:44:30,934) spamd child
(root,113472,3148,00:29:53/333-14:17:20,1226) /usr/sbin/sshd -D
(root,1084876,12212,02:09:26/333-14:17:20,1237) /usr/sbin/rsyslogd -n
(root,27380,804,00:02:50/333-14:17:20,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,38776,01:52:17/333-14:17:19,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4196,00:14:43/333-14:17:16,1820) dnsadmin - dormant mode
(root,214612,11056,03:16:56/333-14:17:16,1825) tailwatchd
(root,183604,6560,00:13:20/333-14:17:16,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,130156,2268,00:01:46/333-14:17:16,1863) cpanellogd - sleeping for logs
(root,292800,2852,00:01:47/25-20:53:31,2272) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,7176,00:00:35/25-20:53:31,2297) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404492,9508,00:23:49/25-20:53:27,2387) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,8900,00:00:33/25-20:53:27,2391) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,246800,90236,00:00:03/11:30:42,2926) spamd child
(nobody,3488580,32644,00:01:23/7-13:40:12,5730) /usr/sbin/httpd -k start
(root,231104,14276,00:17:11/87-23:56:25,6674) cpsrvd (SSL) - waiting for connections                   
(root,3108,36,00:02:50/333-10:14:57,12075) /usr/bin/RCdaemon
(root,0,0,00:00:02/2-01:15:50,12262) [kworker/2:1]
(root,0,0,00:00:01/04:15:05,13507) [kworker/7:0]
(root,0,0,00:00:00/10:05:49,14471) [kworker/6:2]
(root,0,0,00:00:00/03:35:50,16504) [kworker/5:0]
(root,235464,13960,00:13:47/94-12:01:00,18989) /usr/sbin/httpd -k start
(dovecot,74268,5868,00:03:15/3-19:13:48,19283) dovecot/auth
(root,151536,10296,00:00:20/3-19:12:12,19394) cPhulkd - dbprocessor
(root,0,0,00:00:00/02:55:17,19537) [kworker/u16:0]
(polkitd,610664,2984,00:26:59/333-13:19:48,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763176,27052,02:46:44/333-13:19:46,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,51596,2128,00:31:01/99-12:07:58,23691) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1204,00:11:56/99-12:07:58,23695) dovecot/anvil
(cpanelconnecttrack,9876,3116,11:22:14/99-12:07:43,24111) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,0,0,00:00:00/01:55:50,24414) [kworker/6:1]
(root,0,0,00:00:00/01:55:50,24442) [kworker/1:2]
(mysql,3441212,572576,06:39:06/99-12:06:42,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,189788,12504,00:10:06/99-12:06:38,25125) cPhulkd - processor
(mailnull,89184,13204,00:08:12/99-12:06:35,25204) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:00/01:35:50,25913) [kworker/2:2]
(root,0,0,00:00:00/08:05:50,26026) [kworker/1:1]
(root,12732,1344,00:00:09/8-18:16:06,26992) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12736,1352,00:00:09/8-18:16:06,26993) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235464,3972,00:00:00/8-18:16:06,26994) /usr/sbin/httpd -k start
(root,53088,11832,00:00:00/8-18:16:05,26995) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3619652,31980,00:01:40/8-18:16:05,26996) /usr/sbin/httpd -k start
(nobody,3357508,34440,00:01:41/8-18:16:05,26997) /usr/sbin/httpd -k start
(nobody,3226436,32304,00:01:39/8-18:16:05,26998) /usr/sbin/httpd -k start
(nobody,3488580,32544,00:01:40/8-18:16:05,26999) /usr/sbin/httpd -k start
(nobody,3291972,34172,00:01:41/8-18:16:05,27018) /usr/sbin/httpd -k start
(root,2564596,1668540,07:37:05/329-18:20:04,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,0,0,00:00:00/01:15:42,27712) [kworker/5:1]
(root,0,0,00:00:00/01:05:50,28356) [kworker/3:0]
(root,33404,3480,00:01:30/296-03:33:24,29439) /sbin/rsyslogd
(root,0,0,00:00:03/16:45:08,29933) [kworker/0:2]
(scliegyp,38424,3596,00:00:00/39:38,30373) dovecot/imap
(root,0,0,00:00:00/35:50,30594) [kworker/4:2]
(root,0,0,00:00:00/12:05:52,30843) [kworker/4:1]
(scliegyp,38268,3596,00:00:00/26:03,31245) dovecot/imap
(dovenull,52064,6264,00:04:10/52-07:13:59,31246) dovecot/pop3-login
(dovenull,53628,8116,00:03:59/52-07:13:59,31247) dovecot/imap-login
(root,10640,1588,00:10:20/52-07:13:59,31248) dovecot/log
(dovenull,51684,6388,00:36:16/52-07:13:59,31249) dovecot/pop3-login
(dovenull,60060,13268,00:19:04/52-07:13:59,31250) dovecot/imap-login
(root,15988,2728,00:14:07/52-07:13:59,31251) dovecot/config
(dovecot,50684,3228,00:11:12/52-07:13:59,31252) dovecot/stats
(root,0,0,00:00:00/25:46,31365) [kworker/3:2]
(dovecot,10404,1524,00:01:44/52-07:13:23,31510) dovecot/imap-hibernate
(scliegyp,38604,3856,00:00:00/18:50,31882) dovecot/imap
(scliegyp,39600,4748,00:00:00/17:19,31918) dovecot/imap
(root,0,0,00:00:00/15:50,32020) [kworker/0:0]
(root,0,0,00:00:00/11:36,32305) [kworker/u16:1]
(scliegyp,36024,6096,00:00:00/09:47,32541) dovecot/pop3

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-11 22:55

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb1084947bc7

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4108,02:58:38/331-14:21:10,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:05/331-14:21:10,2) [kthreadd]
(root,0,0,00:00:00/331-14:21:10,4) [kworker/0:0H]
(root,0,0,00:36:50/331-14:21:10,6) [ksoftirqd/0]
(root,0,0,00:00:02/331-14:21:10,7) [migration/0]
(root,0,0,00:00:00/331-14:21:10,8) [rcu_bh]
(root,0,0,05:00:10/331-14:21:10,9) [rcu_sched]
(root,0,0,00:00:00/331-14:21:10,10) [lru-add-drain]
(root,0,0,00:02:36/331-14:21:10,11) [watchdog/0]
(root,0,0,00:02:09/331-14:21:10,12) [watchdog/1]
(root,0,0,00:00:01/331-14:21:10,13) [migration/1]
(root,0,0,00:00:15/331-14:21:10,14) [ksoftirqd/1]
(root,0,0,00:00:00/331-14:21:10,16) [kworker/1:0H]
(root,0,0,00:02:10/331-14:21:10,17) [watchdog/2]
(root,0,0,00:00:02/331-14:21:10,18) [migration/2]
(root,0,0,00:00:14/331-14:21:10,19) [ksoftirqd/2]
(root,0,0,00:00:00/331-14:21:10,21) [kworker/2:0H]
(root,0,0,00:02:12/331-14:21:10,22) [watchdog/3]
(root,0,0,00:00:01/331-14:21:10,23) [migration/3]
(root,0,0,00:00:13/331-14:21:10,24) [ksoftirqd/3]
(root,0,0,00:00:00/331-14:21:10,26) [kworker/3:0H]
(root,0,0,00:02:07/331-14:21:10,27) [watchdog/4]
(root,0,0,00:01:09/331-14:21:10,28) [migration/4]
(root,0,0,00:00:21/331-14:21:10,29) [ksoftirqd/4]
(root,0,0,00:00:00/331-14:21:10,31) [kworker/4:0H]
(root,0,0,00:02:02/331-14:21:10,32) [watchdog/5]
(root,0,0,00:01:29/331-14:21:10,33) [migration/5]
(root,0,0,00:00:29/331-14:21:10,34) [ksoftirqd/5]
(root,0,0,00:00:00/331-14:21:10,36) [kworker/5:0H]
(root,0,0,00:02:02/331-14:21:10,37) [watchdog/6]
(root,0,0,00:01:05/331-14:21:10,38) [migration/6]
(root,0,0,00:00:28/331-14:21:10,39) [ksoftirqd/6]
(root,0,0,00:00:00/331-14:21:10,41) [kworker/6:0H]
(root,0,0,00:02:14/331-14:21:10,42) [watchdog/7]
(root,0,0,00:01:03/331-14:21:10,43) [migration/7]
(root,0,0,00:10:37/331-14:21:10,44) [ksoftirqd/7]
(root,0,0,00:00:00/331-14:21:10,46) [kworker/7:0H]
(root,0,0,00:00:00/331-14:21:10,48) [kdevtmpfs]
(root,0,0,00:00:00/331-14:21:10,49) [netns]
(root,0,0,00:00:24/331-14:21:10,50) [khungtaskd]
(root,0,0,00:00:00/331-14:21:10,51) [writeback]
(root,0,0,00:00:00/331-14:21:10,52) [kintegrityd]
(root,0,0,00:00:00/331-14:21:10,53) [bioset]
(root,0,0,00:00:00/331-14:21:10,54) [bioset]
(root,0,0,00:00:00/331-14:21:10,55) [bioset]
(root,0,0,00:00:00/331-14:21:10,56) [kblockd]
(root,0,0,00:00:00/331-14:21:10,57) [md]
(root,0,0,00:00:00/331-14:21:10,58) [edac-poller]
(root,0,0,00:00:00/331-14:21:10,59) [watchdogd]
(root,0,0,00:57:13/331-14:21:10,66) [kswapd0]
(root,0,0,00:00:00/331-14:21:10,67) [ksmd]
(root,0,0,00:01:50/331-14:21:10,68) [khugepaged]
(root,0,0,00:00:00/331-14:21:10,69) [crypto]
(root,0,0,00:00:00/331-14:21:10,77) [kthrotld]
(root,0,0,00:00:00/331-14:21:10,80) [kmpath_rdacd]
(root,0,0,00:00:00/331-14:21:10,81) [kaluad]
(root,0,0,00:00:00/331-14:21:10,82) [kpsmoused]
(root,0,0,00:00:00/331-14:21:10,84) [ipv6_addrconf]
(root,0,0,00:00:00/331-14:21:10,97) [deferwq]
(root,0,0,00:15:39/331-14:21:09,144) [kauditd]
(root,0,0,00:00:00/331-14:21:09,368) [ata_sff]
(root,0,0,00:00:00/331-14:21:09,404) [scsi_eh_0]
(root,0,0,00:00:00/331-14:21:09,405) [scsi_tmf_0]
(root,0,0,00:00:00/331-14:21:09,406) [scsi_eh_1]
(root,0,0,00:00:00/331-14:21:09,407) [scsi_tmf_1]
(root,0,0,00:00:00/331-14:21:09,408) [scsi_eh_2]
(root,0,0,00:00:00/331-14:21:09,409) [scsi_tmf_2]
(root,0,0,00:00:00/331-14:21:09,410) [scsi_eh_3]
(root,0,0,00:00:00/331-14:21:09,411) [scsi_tmf_3]
(root,0,0,00:00:00/331-14:21:09,412) [scsi_eh_4]
(root,0,0,00:00:00/331-14:21:09,413) [scsi_tmf_4]
(root,0,0,00:00:00/331-14:21:09,414) [scsi_eh_5]
(root,0,0,00:00:00/331-14:21:09,415) [scsi_tmf_5]
(root,0,0,00:00:00/331-14:21:07,488) [kdmflush]
(root,0,0,00:00:00/331-14:21:07,489) [bioset]
(root,0,0,00:00:14/331-14:21:07,506) [kworker/0:1H]
(root,0,0,00:58:17/331-14:21:07,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/331-14:21:07,514) [ext4-rsv-conver]
(root,72216,29156,04:05:49/331-14:21:05,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/331-14:21:05,627) [kworker/4:1H]
(root,0,0,00:00:05/331-14:21:04,629) [kworker/1:1H]
(root,198572,760,00:00:00/331-14:21:04,633) /usr/sbin/lvmetad -f
(root,46060,952,00:00:00/331-14:21:04,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/331-14:21:03,644) [kworker/2:1H]
(root,0,0,00:20:37/331-14:21:03,645) [kworker/7:1H]
(root,0,0,00:00:02/331-14:21:02,687) [kworker/5:1H]
(root,0,0,00:00:00/331-14:21:02,688) [irq/125-mei_me]
(root,0,0,00:00:00/331-14:21:02,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/331-14:21:00,714) [jbd2/sda2-8]
(root,0,0,00:00:00/331-14:21:00,715) [ext4-rsv-conver]
(root,0,0,00:03:08/331-14:20:59,719) [jbd2/sda3-8]
(root,0,0,00:00:00/331-14:20:59,720) [ext4-rsv-conver]
(root,0,0,00:09:41/331-14:20:59,724) [jbd2/sdb-8]
(root,0,0,00:00:00/331-14:20:59,725) [ext4-rsv-conver]
(root,0,0,00:00:01/331-14:20:57,740) [kworker/6:1H]
(root,57704,724,00:33:42/331-14:20:47,748) /sbin/auditd
(dbus,58232,1916,01:14:36/331-14:20:46,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,2320,00:37:27/331-14:20:45,788) /usr/lib/systemd/systemd-logind
(root,229032,9224,00:12:38/331-14:20:45,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5844,01:38:23/331-14:20:45,794) /usr/sbin/nscd
(root,52900,1892,00:00:17/331-14:20:45,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:14:25/331-14:20:45,849) /usr/sbin/irqbalance --foreground
(root,24208,720,00:00:00/331-14:20:45,862) /usr/sbin/atd -f
(root,124504,1372,00:06:37/331-14:20:45,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/331-14:20:45,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/331-14:20:45,869) [kworker/3:1H]
(chrony,97380,1372,00:01:55/331-14:20:45,888) /usr/sbin/chronyd
(root,113472,3148,00:29:42/331-14:20:36,1226) /usr/sbin/sshd -D
(root,1060300,16044,02:08:38/331-14:20:36,1237) /usr/sbin/rsyslogd -n
(root,27380,804,00:02:50/331-14:20:36,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,38740,01:51:36/331-14:20:35,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,0,0,00:00:00/03:19:07,1633) [kworker/2:2]
(root,167288,4196,00:14:38/331-14:20:32,1820) dnsadmin - dormant mode
(root,214612,13776,03:15:43/331-14:20:32,1825) tailwatchd
(root,183604,6552,00:13:16/331-14:20:32,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,130156,2268,00:01:46/331-14:20:32,1863) cpanellogd - sleeping for logs
(root,292800,2944,00:01:39/23-20:56:47,2272) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,7176,00:00:32/23-20:56:47,2297) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404492,10004,00:21:58/23-20:56:43,2387) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,9080,00:00:30/23-20:56:43,2391) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(nobody,3488580,30320,00:01:03/5-13:43:28,5730) /usr/sbin/httpd -k start
(root,231104,14392,00:16:45/85-23:59:41,6674) cpsrvd (SSL) - waiting for connections                   
(root,263420,109268,00:00:15/08:36:33,6972) spamd child
(root,0,0,00:00:00/02:09:06,7634) [kworker/5:2]
(root,0,0,00:00:00/01:35:05,10980) [kworker/7:0]
(root,0,0,00:00:00/01:32:59,11311) [kworker/4:1]
(root,3108,36,00:02:49/331-10:18:13,12075) /usr/bin/RCdaemon
(root,0,0,00:00:00/01:19:06,12262) [kworker/2:1]
(root,0,0,00:00:00/01:18:26,12437) [kworker/0:2]
(root,0,0,00:00:00/59:06,13747) [kworker/6:1]
(root,0,0,00:00:00/49:07,14498) [kworker/0:0]
(scliegyp,29056,2576,00:00:00/48:42,14549) dovecot/quota-status -p postfix
(root,0,0,00:00:00/44:49,14835) [kworker/u16:0]
(root,244216,87104,00:00:01/06:58:16,15695) spamd child
(root,0,0,00:00:00/29:06,15977) [kworker/1:0]
(root,0,0,00:00:00/19:06,16725) [kworker/7:1]
(scliegyp,38140,3644,00:00:00/15:28,17000) dovecot/imap
(scliegyp,38616,3724,00:00:00/15:09,17014) dovecot/imap
(scliegyp,38720,3784,00:00:00/15:08,17015) dovecot/imap
(scliegyp,38620,3732,00:00:00/15:05,17031) dovecot/imap
(scliegyp,37752,3076,00:00:00/13:27,17217) dovecot/imap
(root,0,0,00:00:00/09:06,17527) [kworker/3:0]
(root,0,0,00:00:00/08:03,17696) [kworker/u16:2]
(scliegyp,32092,3740,00:00:00/04:50,17807) dovecot/pop3
(scliegyp,38404,3780,00:00:00/02:37,18056) dovecot/imap
(root,72960,4260,00:00:00/01:39,18091) dovecot/auth -w
(root,0,0,00:00:00/01:28,18105) [kworker/u16:1]
(root,113500,1620,00:00:00/00:00,18213) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,18231) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,18232) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,235464,13960,00:13:29/92-12:04:16,18989) /usr/sbin/httpd -k start
(dovecot,73628,5224,00:00:48/1-19:17:04,19283) dovecot/auth
(root,151536,10336,00:00:08/1-19:15:28,19394) cPhulkd - dbprocessor
(polkitd,610664,2984,00:26:50/331-13:23:04,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763176,27084,02:45:34/331-13:23:02,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,0,0,00:00:00/18:30:03,23318) [kworker/6:2]
(root,51596,2128,00:30:24/97-12:11:14,23691) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1204,00:11:43/97-12:11:14,23695) dovecot/anvil
(cpanelconnecttrack,9876,3116,11:08:45/97-12:10:59,24111) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(mysql,3441212,539104,06:31:42/97-12:09:58,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,0,0,00:00:00/05:09:10,25060) [kworker/4:2]
(root,189788,12544,00:09:53/97-12:09:54,25125) cPhulkd - processor
(mailnull,89188,13172,00:07:59/97-12:09:51,25204) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,12732,1344,00:00:07/6-18:19:22,26992) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12740,1352,00:00:07/6-18:19:22,26993) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235464,3972,00:00:00/6-18:19:22,26994) /usr/sbin/httpd -k start
(root,53088,11832,00:00:00/6-18:19:21,26995) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3619652,31272,00:01:21/6-18:19:21,26996) /usr/sbin/httpd -k start
(nobody,3357508,32208,00:01:20/6-18:19:21,26997) /usr/sbin/httpd -k start
(nobody,3226436,30956,00:01:20/6-18:19:21,26998) /usr/sbin/httpd -k start
(nobody,3488580,31800,00:01:19/6-18:19:21,26999) /usr/sbin/httpd -k start
(nobody,3291972,31168,00:01:21/6-18:19:21,27018) /usr/sbin/httpd -k start
(root,2564492,1644540,07:33:46/327-18:23:20,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,0,0,00:00:00/04:24:07,29071) [kworker/5:1]
(root,33404,3480,00:01:29/294-03:36:40,29439) /sbin/rsyslogd
(root,0,0,00:00:01/1-11:24:07,30408) [kworker/1:2]
(root,0,0,00:00:00/17:09:11,30543) [kworker/3:1]
(dovenull,52048,5952,00:04:04/50-07:17:15,31246) dovecot/pop3-login
(dovenull,53628,8008,00:03:47/50-07:17:15,31247) dovecot/imap-login
(root,10640,1588,00:10:00/50-07:17:15,31248) dovecot/log
(dovenull,51684,6388,00:35:02/50-07:17:15,31249) dovecot/pop3-login
(dovenull,59720,12908,00:18:17/50-07:17:15,31250) dovecot/imap-login
(root,15988,2728,00:13:32/50-07:17:15,31251) dovecot/config
(dovecot,50684,3228,00:10:49/50-07:17:15,31252) dovecot/stats
(dovecot,10404,1524,00:01:39/50-07:16:39,31510) dovecot/imap-hibernate

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-09 22:59

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10adecd81a

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4108,02:57:31/329-14:25:57,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:05/329-14:25:57,2) [kthreadd]
(root,0,0,00:00:00/329-14:25:57,4) [kworker/0:0H]
(root,0,0,00:36:46/329-14:25:57,6) [ksoftirqd/0]
(root,0,0,00:00:02/329-14:25:57,7) [migration/0]
(root,0,0,00:00:00/329-14:25:57,8) [rcu_bh]
(root,0,0,04:58:29/329-14:25:57,9) [rcu_sched]
(root,0,0,00:00:00/329-14:25:57,10) [lru-add-drain]
(root,0,0,00:02:35/329-14:25:57,11) [watchdog/0]
(root,0,0,00:02:08/329-14:25:57,12) [watchdog/1]
(root,0,0,00:00:01/329-14:25:57,13) [migration/1]
(root,0,0,00:00:15/329-14:25:57,14) [ksoftirqd/1]
(root,0,0,00:00:00/329-14:25:57,16) [kworker/1:0H]
(root,0,0,00:02:09/329-14:25:57,17) [watchdog/2]
(root,0,0,00:00:02/329-14:25:57,18) [migration/2]
(root,0,0,00:00:14/329-14:25:57,19) [ksoftirqd/2]
(root,0,0,00:00:00/329-14:25:57,21) [kworker/2:0H]
(root,0,0,00:02:12/329-14:25:57,22) [watchdog/3]
(root,0,0,00:00:01/329-14:25:57,23) [migration/3]
(root,0,0,00:00:13/329-14:25:57,24) [ksoftirqd/3]
(root,0,0,00:00:00/329-14:25:57,26) [kworker/3:0H]
(root,0,0,00:02:06/329-14:25:57,27) [watchdog/4]
(root,0,0,00:01:09/329-14:25:57,28) [migration/4]
(root,0,0,00:00:21/329-14:25:57,29) [ksoftirqd/4]
(root,0,0,00:00:00/329-14:25:57,31) [kworker/4:0H]
(root,0,0,00:02:01/329-14:25:57,32) [watchdog/5]
(root,0,0,00:01:28/329-14:25:57,33) [migration/5]
(root,0,0,00:00:28/329-14:25:57,34) [ksoftirqd/5]
(root,0,0,00:00:00/329-14:25:57,36) [kworker/5:0H]
(root,0,0,00:02:01/329-14:25:57,37) [watchdog/6]
(root,0,0,00:01:05/329-14:25:57,38) [migration/6]
(root,0,0,00:00:28/329-14:25:57,39) [ksoftirqd/6]
(root,0,0,00:00:00/329-14:25:57,41) [kworker/6:0H]
(root,0,0,00:02:13/329-14:25:57,42) [watchdog/7]
(root,0,0,00:01:03/329-14:25:57,43) [migration/7]
(root,0,0,00:10:33/329-14:25:57,44) [ksoftirqd/7]
(root,0,0,00:00:00/329-14:25:57,46) [kworker/7:0H]
(root,0,0,00:00:00/329-14:25:57,48) [kdevtmpfs]
(root,0,0,00:00:00/329-14:25:57,49) [netns]
(root,0,0,00:00:24/329-14:25:57,50) [khungtaskd]
(root,0,0,00:00:00/329-14:25:57,51) [writeback]
(root,0,0,00:00:00/329-14:25:57,52) [kintegrityd]
(root,0,0,00:00:00/329-14:25:57,53) [bioset]
(root,0,0,00:00:00/329-14:25:57,54) [bioset]
(root,0,0,00:00:00/329-14:25:57,55) [bioset]
(root,0,0,00:00:00/329-14:25:57,56) [kblockd]
(root,0,0,00:00:00/329-14:25:57,57) [md]
(root,0,0,00:00:00/329-14:25:57,58) [edac-poller]
(root,0,0,00:00:00/329-14:25:57,59) [watchdogd]
(root,0,0,00:57:05/329-14:25:57,66) [kswapd0]
(root,0,0,00:00:00/329-14:25:57,67) [ksmd]
(root,0,0,00:01:49/329-14:25:57,68) [khugepaged]
(root,0,0,00:00:00/329-14:25:57,69) [crypto]
(root,0,0,00:00:00/329-14:25:57,77) [kthrotld]
(root,0,0,00:00:00/329-14:25:57,80) [kmpath_rdacd]
(root,0,0,00:00:00/329-14:25:57,81) [kaluad]
(root,0,0,00:00:00/329-14:25:57,82) [kpsmoused]
(root,0,0,00:00:00/329-14:25:57,84) [ipv6_addrconf]
(root,0,0,00:00:00/329-14:25:57,97) [deferwq]
(root,0,0,00:15:30/329-14:25:56,144) [kauditd]
(root,0,0,00:00:00/329-14:25:56,368) [ata_sff]
(root,0,0,00:00:00/329-14:25:56,404) [scsi_eh_0]
(root,0,0,00:00:00/329-14:25:56,405) [scsi_tmf_0]
(root,0,0,00:00:00/329-14:25:56,406) [scsi_eh_1]
(root,0,0,00:00:00/329-14:25:56,407) [scsi_tmf_1]
(root,0,0,00:00:00/329-14:25:56,408) [scsi_eh_2]
(root,0,0,00:00:00/329-14:25:56,409) [scsi_tmf_2]
(root,0,0,00:00:00/329-14:25:56,410) [scsi_eh_3]
(root,0,0,00:00:00/329-14:25:56,411) [scsi_tmf_3]
(root,0,0,00:00:00/329-14:25:56,412) [scsi_eh_4]
(root,0,0,00:00:00/329-14:25:56,413) [scsi_tmf_4]
(root,0,0,00:00:00/329-14:25:56,414) [scsi_eh_5]
(root,0,0,00:00:00/329-14:25:56,415) [scsi_tmf_5]
(root,0,0,00:00:00/329-14:25:54,488) [kdmflush]
(root,0,0,00:00:00/329-14:25:54,489) [bioset]
(root,0,0,00:00:14/329-14:25:54,506) [kworker/0:1H]
(root,0,0,00:57:55/329-14:25:54,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/329-14:25:54,514) [ext4-rsv-conver]
(root,166336,99252,04:04:26/329-14:25:52,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/329-14:25:52,627) [kworker/4:1H]
(root,0,0,00:00:05/329-14:25:51,629) [kworker/1:1H]
(root,198572,760,00:00:00/329-14:25:51,633) /usr/sbin/lvmetad -f
(root,46060,952,00:00:00/329-14:25:51,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/329-14:25:50,644) [kworker/2:1H]
(root,0,0,00:20:31/329-14:25:50,645) [kworker/7:1H]
(root,0,0,00:00:02/329-14:25:49,687) [kworker/5:1H]
(root,0,0,00:00:00/329-14:25:49,688) [irq/125-mei_me]
(root,0,0,00:00:00/329-14:25:49,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/329-14:25:47,714) [jbd2/sda2-8]
(root,0,0,00:00:00/329-14:25:47,715) [ext4-rsv-conver]
(root,0,0,00:03:07/329-14:25:46,719) [jbd2/sda3-8]
(root,0,0,00:00:00/329-14:25:46,720) [ext4-rsv-conver]
(root,0,0,00:09:36/329-14:25:46,724) [jbd2/sdb-8]
(root,0,0,00:00:00/329-14:25:46,725) [ext4-rsv-conver]
(root,0,0,00:00:01/329-14:25:44,740) [kworker/6:1H]
(root,57704,724,00:33:24/329-14:25:34,748) /sbin/auditd
(dbus,58232,1908,01:14:10/329-14:25:33,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,2320,00:37:14/329-14:25:32,788) /usr/lib/systemd/systemd-logind
(root,229032,9268,00:12:33/329-14:25:32,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5860,01:37:51/329-14:25:32,794) /usr/sbin/nscd
(root,52900,1892,00:00:17/329-14:25:32,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:13:58/329-14:25:32,849) /usr/sbin/irqbalance --foreground
(root,24208,720,00:00:00/329-14:25:32,862) /usr/sbin/atd -f
(root,124504,1372,00:06:35/329-14:25:32,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/329-14:25:32,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/329-14:25:32,869) [kworker/3:1H]
(chrony,97380,1372,00:01:54/329-14:25:32,888) /usr/sbin/chronyd
(root,113472,3148,00:29:23/329-14:25:23,1226) /usr/sbin/sshd -D
(root,1076684,15356,02:07:54/329-14:25:23,1237) /usr/sbin/rsyslogd -n
(root,27380,804,00:02:50/329-14:25:23,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(dovecot,74308,5864,00:01:32/1-01:22:51,1277) dovecot/auth
(root,225548,39316,01:50:56/329-14:25:22,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4196,00:14:32/329-14:25:19,1820) dnsadmin - dormant mode
(root,214612,13816,03:14:29/329-14:25:19,1825) tailwatchd
(root,183604,6556,00:13:10/329-14:25:19,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,130156,2268,00:01:45/329-14:25:19,1863) cpanellogd - sleeping for logs
(root,292800,2944,00:01:30/21-21:01:34,2272) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,7180,00:00:29/21-21:01:34,2297) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404492,10784,00:20:05/21-21:01:30,2387) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,9088,00:00:28/21-21:01:30,2391) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(nobody,3488580,27876,00:00:46/3-13:48:15,5730) /usr/sbin/httpd -k start
(root,231104,14472,00:16:29/84-00:04:28,6674) cpsrvd (SSL) - waiting for connections                   
(root,0,0,00:00:00/18:23:29,7010) [kworker/6:2]
(root,244716,91100,00:00:10/09:24:49,10064) spamd child
(root,151532,10288,00:00:01/09:16:06,11276) cPhulkd - dbprocessor
(root,3108,36,00:02:48/329-10:23:00,12075) /usr/bin/RCdaemon
(root,0,0,00:00:00/03:03:54,13020) [kworker/3:1]
(root,0,0,00:00:00/02:53:51,13862) [kworker/4:0]
(root,0,0,00:00:00/16:50:53,14460) [kworker/1:2]
(root,0,0,00:00:00/02:33:54,15452) [kworker/1:1]
(root,0,0,00:00:00/02:14:00,17035) [kworker/3:0]
(root,235464,13960,00:13:11/90-12:09:03,18989) /usr/sbin/httpd -k start
(polkitd,610664,2808,00:26:40/329-13:27:51,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763176,27112,02:44:42/329-13:27:49,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,0,0,00:00:00/01:28:54,20874) [kworker/0:1]
(root,0,0,00:00:00/01:16:10,21844) [kworker/u16:0]
(root,0,0,00:00:00/01:13:54,22052) [kworker/7:1]
(root,0,0,00:00:00/01:03:57,22787) [kworker/7:0]
(root,51596,2128,00:30:06/95-12:16:01,23691) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1204,00:11:37/95-12:16:01,23695) dovecot/anvil
(root,0,0,00:00:00/07:21:53,23721) [kworker/2:1]
(root,0,0,00:00:00/50:54,23886) [kworker/2:0]
(scliegyp,39052,4220,00:00:00/48:07,24089) dovecot/imap
(scliegyp,38420,3812,00:00:00/48:07,24090) dovecot/imap
(cpanelconnecttrack,9876,3120,10:55:55/95-12:15:46,24111) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,0,0,00:00:00/43:54,24413) [kworker/6:0]
(root,0,0,00:00:00/20:43:51,24638) [kworker/5:1]
(mysql,3441212,489632,06:23:09/95-12:14:45,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,189784,12552,00:09:39/95-12:14:41,25125) cPhulkd - processor
(root,0,0,00:00:00/33:53,25159) [kworker/5:0]
(mailnull,89188,13172,00:07:53/95-12:14:38,25204) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(scliegyp,38400,3516,00:00:00/26:20,25736) dovecot/imap
(scliegyp,38600,3852,00:00:00/26:17,25740) dovecot/imap
(root,0,0,00:00:00/23:54,25890) [kworker/4:1]
(scliegyp,38140,3640,00:00:00/18:01,26383) dovecot/imap
(scliegyp,37752,3072,00:00:00/16:00,26568) dovecot/imap
(scliegyp,39616,4760,00:00:00/15:06,26608) dovecot/imap
(root,12736,1344,00:00:05/4-18:24:09,26992) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12744,1344,00:00:05/4-18:24:09,26993) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235464,3972,00:00:00/4-18:24:09,26994) /usr/sbin/httpd -k start
(root,53088,11832,00:00:00/4-18:24:08,26995) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3357508,30128,00:01:05/4-18:24:08,26996) /usr/sbin/httpd -k start
(nobody,3357508,30936,00:01:03/4-18:24:08,26997) /usr/sbin/httpd -k start
(nobody,3226436,28896,00:01:03/4-18:24:08,26998) /usr/sbin/httpd -k start
(nobody,3488580,29544,00:01:02/4-18:24:08,26999) /usr/sbin/httpd -k start
(nobody,3291972,30028,00:01:04/4-18:24:08,27018) /usr/sbin/httpd -k start
(root,2562224,1670580,07:31:34/325-18:28:07,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,0,0,00:00:00/09:20,27394) [kworker/u16:2]
(scliegyp,38616,3872,00:00:00/07:21,27668) dovecot/imap
(scliegyp,38072,3072,00:00:00/05:09,27771) dovecot/imap
(root,0,0,00:00:00/03:54,27867) [kworker/2:2]
(scliegyp,38140,3640,00:00:00/02:39,28317) dovecot/imap
(scliegyp,37948,3332,00:00:00/00:38,28402) dovecot/imap
(root,72960,4252,00:00:00/00:31,28403) dovecot/auth -w
(scliegyp,38424,3600,00:00:00/00:28,28408) dovecot/imap
(root,0,0,00:00:00/00:21,28410) [cpsrvd (SSL) - ] <defunct>
(root,113500,1624,00:00:00/00:00,28561) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,28579) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,28580) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,225548,37816,00:00:00/06:23:03,29026) spamd child
(root,33404,3480,00:01:28/292-03:41:27,29439) /sbin/rsyslogd
(root,0,0,00:00:04/19:43:54,30129) [kworker/0:2]
(dovenull,52048,5952,00:04:01/48-07:22:02,31246) dovecot/pop3-login
(dovenull,53628,8016,00:03:41/48-07:22:02,31247) dovecot/imap-login
(root,10640,1588,00:09:50/48-07:22:02,31248) dovecot/log
(dovenull,51684,6388,00:34:21/48-07:22:02,31249) dovecot/pop3-login
(dovenull,58980,11940,00:17:43/48-07:22:02,31250) dovecot/imap-login
(root,15988,2728,00:13:21/48-07:22:02,31251) dovecot/config
(dovecot,50684,3228,00:10:39/48-07:22:02,31252) dovecot/stats
(dovecot,10404,1524,00:01:35/48-07:21:26,31510) dovecot/imap-hibernate

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-07 23:03

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb1059c70cbd

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4100,02:56:22/327-13:30:56,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:05/327-13:30:56,2) [kthreadd]
(root,0,0,00:00:00/327-13:30:56,4) [kworker/0:0H]
(root,0,0,00:36:35/327-13:30:56,6) [ksoftirqd/0]
(root,0,0,00:00:02/327-13:30:56,7) [migration/0]
(root,0,0,00:00:00/327-13:30:56,8) [rcu_bh]
(root,0,0,04:56:19/327-13:30:56,9) [rcu_sched]
(root,0,0,00:00:00/327-13:30:56,10) [lru-add-drain]
(root,0,0,00:02:34/327-13:30:56,11) [watchdog/0]
(root,0,0,00:02:08/327-13:30:56,12) [watchdog/1]
(root,0,0,00:00:01/327-13:30:56,13) [migration/1]
(root,0,0,00:00:15/327-13:30:56,14) [ksoftirqd/1]
(root,0,0,00:00:00/327-13:30:56,16) [kworker/1:0H]
(root,0,0,00:02:08/327-13:30:56,17) [watchdog/2]
(root,0,0,00:00:02/327-13:30:56,18) [migration/2]
(root,0,0,00:00:14/327-13:30:56,19) [ksoftirqd/2]
(root,0,0,00:00:00/327-13:30:56,21) [kworker/2:0H]
(root,0,0,00:02:11/327-13:30:56,22) [watchdog/3]
(root,0,0,00:00:01/327-13:30:56,23) [migration/3]
(root,0,0,00:00:13/327-13:30:56,24) [ksoftirqd/3]
(root,0,0,00:00:00/327-13:30:56,26) [kworker/3:0H]
(root,0,0,00:02:06/327-13:30:56,27) [watchdog/4]
(root,0,0,00:01:09/327-13:30:56,28) [migration/4]
(root,0,0,00:00:21/327-13:30:56,29) [ksoftirqd/4]
(root,0,0,00:00:00/327-13:30:56,31) [kworker/4:0H]
(root,0,0,00:02:01/327-13:30:56,32) [watchdog/5]
(root,0,0,00:01:28/327-13:30:56,33) [migration/5]
(root,0,0,00:00:28/327-13:30:56,34) [ksoftirqd/5]
(root,0,0,00:00:00/327-13:30:56,36) [kworker/5:0H]
(root,0,0,00:02:00/327-13:30:56,37) [watchdog/6]
(root,0,0,00:01:05/327-13:30:56,38) [migration/6]
(root,0,0,00:00:28/327-13:30:56,39) [ksoftirqd/6]
(root,0,0,00:00:00/327-13:30:56,41) [kworker/6:0H]
(root,0,0,00:02:12/327-13:30:56,42) [watchdog/7]
(root,0,0,00:01:03/327-13:30:56,43) [migration/7]
(root,0,0,00:10:27/327-13:30:56,44) [ksoftirqd/7]
(root,0,0,00:00:00/327-13:30:56,46) [kworker/7:0H]
(root,0,0,00:00:00/327-13:30:56,48) [kdevtmpfs]
(root,0,0,00:00:00/327-13:30:56,49) [netns]
(root,0,0,00:00:24/327-13:30:56,50) [khungtaskd]
(root,0,0,00:00:00/327-13:30:56,51) [writeback]
(root,0,0,00:00:00/327-13:30:56,52) [kintegrityd]
(root,0,0,00:00:00/327-13:30:56,53) [bioset]
(root,0,0,00:00:00/327-13:30:56,54) [bioset]
(root,0,0,00:00:00/327-13:30:56,55) [bioset]
(root,0,0,00:00:00/327-13:30:56,56) [kblockd]
(root,0,0,00:00:00/327-13:30:56,57) [md]
(root,0,0,00:00:00/327-13:30:56,58) [edac-poller]
(root,0,0,00:00:00/327-13:30:56,59) [watchdogd]
(root,0,0,00:52:42/327-13:30:56,66) [kswapd0]
(root,0,0,00:00:00/327-13:30:56,67) [ksmd]
(root,0,0,00:01:49/327-13:30:56,68) [khugepaged]
(root,0,0,00:00:00/327-13:30:56,69) [crypto]
(root,0,0,00:00:00/327-13:30:56,77) [kthrotld]
(root,0,0,00:00:00/327-13:30:56,80) [kmpath_rdacd]
(root,0,0,00:00:00/327-13:30:56,81) [kaluad]
(root,0,0,00:00:00/327-13:30:56,82) [kpsmoused]
(root,0,0,00:00:00/327-13:30:56,84) [ipv6_addrconf]
(root,0,0,00:00:00/327-13:30:56,97) [deferwq]
(root,0,0,00:15:20/327-13:30:55,144) [kauditd]
(root,0,0,00:00:00/327-13:30:55,368) [ata_sff]
(root,0,0,00:00:00/327-13:30:55,404) [scsi_eh_0]
(root,0,0,00:00:00/327-13:30:55,405) [scsi_tmf_0]
(root,0,0,00:00:00/327-13:30:55,406) [scsi_eh_1]
(root,0,0,00:00:00/327-13:30:55,407) [scsi_tmf_1]
(root,0,0,00:00:00/327-13:30:55,408) [scsi_eh_2]
(root,0,0,00:00:00/327-13:30:55,409) [scsi_tmf_2]
(root,0,0,00:00:00/327-13:30:55,410) [scsi_eh_3]
(root,0,0,00:00:00/327-13:30:55,411) [scsi_tmf_3]
(root,0,0,00:00:00/327-13:30:55,412) [scsi_eh_4]
(root,0,0,00:00:00/327-13:30:55,413) [scsi_tmf_4]
(root,0,0,00:00:00/327-13:30:55,414) [scsi_eh_5]
(root,0,0,00:00:00/327-13:30:55,415) [scsi_tmf_5]
(root,0,0,00:00:00/327-13:30:53,488) [kdmflush]
(root,0,0,00:00:00/327-13:30:53,489) [bioset]
(root,0,0,00:00:14/327-13:30:53,506) [kworker/0:1H]
(root,0,0,00:57:30/327-13:30:53,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/327-13:30:53,514) [ext4-rsv-conver]
(root,154420,83216,04:02:16/327-13:30:51,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/327-13:30:51,627) [kworker/4:1H]
(root,0,0,00:00:05/327-13:30:50,629) [kworker/1:1H]
(root,198572,760,00:00:00/327-13:30:50,633) /usr/sbin/lvmetad -f
(root,46060,1016,00:00:00/327-13:30:50,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/327-13:30:49,644) [kworker/2:1H]
(root,0,0,00:20:24/327-13:30:49,645) [kworker/7:1H]
(root,0,0,00:00:02/327-13:30:48,687) [kworker/5:1H]
(root,0,0,00:00:00/327-13:30:48,688) [irq/125-mei_me]
(root,0,0,00:00:00/327-13:30:48,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/327-13:30:46,714) [jbd2/sda2-8]
(root,0,0,00:00:00/327-13:30:46,715) [ext4-rsv-conver]
(root,0,0,00:03:02/327-13:30:45,719) [jbd2/sda3-8]
(root,0,0,00:00:00/327-13:30:45,720) [ext4-rsv-conver]
(root,0,0,00:09:30/327-13:30:45,724) [jbd2/sdb-8]
(root,0,0,00:00:00/327-13:30:45,725) [ext4-rsv-conver]
(root,0,0,00:00:01/327-13:30:43,740) [kworker/6:1H]
(root,57704,724,00:33:03/327-13:30:33,748) /sbin/auditd
(dbus,58232,1908,01:13:42/327-13:30:32,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,2316,00:37:00/327-13:30:31,788) /usr/lib/systemd/systemd-logind
(root,229032,9768,00:12:28/327-13:30:31,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5896,01:37:11/327-13:30:31,794) /usr/sbin/nscd
(root,52900,1804,00:00:17/327-13:30:31,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:13:31/327-13:30:31,849) /usr/sbin/irqbalance --foreground
(root,24208,752,00:00:00/327-13:30:31,862) /usr/sbin/atd -f
(root,124504,1364,00:06:33/327-13:30:31,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/327-13:30:31,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/327-13:30:31,869) [kworker/3:1H]
(chrony,97380,1524,00:01:54/327-13:30:31,888) /usr/sbin/chronyd
(root,113472,3148,00:29:04/327-13:30:22,1226) /usr/sbin/sshd -D
(root,1068476,12748,02:06:52/327-13:30:22,1237) /usr/sbin/rsyslogd -n
(root,27380,808,00:02:50/327-13:30:22,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,40668,01:50:15/327-13:30:21,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,241808,86640,00:00:04/02:40:44,1565) spamd child
(root,234520,77368,00:00:01/02:40:44,1566) spamd child
(root,0,0,00:00:01/1-13:23:51,1632) [kworker/3:2]
(root,167288,4200,00:14:27/327-13:30:18,1820) dnsadmin - dormant mode
(root,214612,18308,03:13:17/327-13:30:18,1825) tailwatchd
(root,183604,6560,00:13:05/327-13:30:18,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,130156,2268,00:01:44/327-13:30:18,1863) cpanellogd - sleeping for logs
(root,0,0,00:00:00/02:37:27,1999) [kworker/7:1]
(root,292800,5116,00:01:22/19-20:06:33,2272) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,14588,00:00:27/19-20:06:33,2297) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404492,39160,00:18:14/19-20:06:29,2387) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,23808,00:00:25/19-20:06:29,2391) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,0,0,00:00:00/02:26:54,3036) [kworker/0:1]
(nobody,3160900,29312,00:00:25/1-12:53:14,5730) /usr/sbin/httpd -k start
(root,0,0,00:00:00/01:58:54,6315) [kworker/5:2]
(root,231104,14588,00:16:00/81-23:09:27,6674) cpsrvd (SSL) - waiting for connections                   
(root,0,0,00:00:00/07:18:59,6902) [kworker/5:0]
(root,0,0,00:00:00/01:48:54,7192) [kworker/4:2]
(dovecot,74260,5860,00:20:28/9-21:16:19,8109) dovecot/auth
(root,151544,10280,00:00:00/01:26:56,9090) cPhulkd - dbprocessor
(root,0,0,00:00:00/01:08:54,10532) [kworker/2:1]
(root,0,0,00:00:00/01:08:54,10557) [kworker/6:0]
(root,0,0,00:00:00/01:07:54,10638) [kworker/3:1]
(root,0,0,00:00:00/01:05:19,10862) [kworker/u16:1]
(root,0,0,00:00:00/53:54,11993) [kworker/1:2]
(root,3108,36,00:02:47/327-09:27:59,12075) /usr/bin/RCdaemon
(root,0,0,00:00:00/28:55,14270) [kworker/7:0]
(root,0,0,00:00:01/19:58:55,15193) [kworker/1:0]
(root,0,0,00:00:00/16:59,15418) [kworker/u16:2]
(scliegyp,39620,4764,00:00:00/16:22,15468) dovecot/imap
(scliegyp,29056,2576,00:00:00/09:02,16019) dovecot/quota-status -p postfix
(root,72960,4268,00:00:00/05:05,16465) dovecot/auth -w
(scliegyp,32084,3744,00:00:00/02:19,16853) dovecot/pop3
(scliegyp,38428,3632,00:00:00/01:22,16908) dovecot/imap
(scliegyp,38416,3596,00:00:00/00:29,16961) dovecot/imap
(root,189788,11112,00:00:00/00:04,16974) cPhulkd - processor - http socket
(scliegyp,31596,3460,00:00:00/00:04,16976) dovecot/pop3
(mailnull,89740,12560,00:00:00/00:02,16978) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,113472,4592,00:00:00/00:00,16980) sshd: [accepted]
(sshd,113472,1756,00:00:00/00:00,16981) sshd: [net]
(root,86004,9964,00:00:00/00:00,16983) /usr/sbin/exim -Mc 1t8RjL-0004Pq-SZ
(mailnull,86008,5740,00:00:00/00:00,17009) /usr/sbin/exim -Mc 1t8RjL-0004Pq-SZ
(scliegyp,65252,7304,00:00:00/00:00,17010) dovecot/lmtp
(root,113500,1620,00:00:00/00:00,17012) /bin/bash /usr/bin/check_mk_agent
(root,0,0,00:00:00/00:00,17013) [cpsrvd (SSL) - ] <defunct>
(root,49820,1560,00:00:00/00:00,17031) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,17032) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,235464,15180,00:12:54/88-11:14:02,18989) /usr/sbin/httpd -k start
(polkitd,610664,2824,00:26:31/327-12:32:50,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763176,27264,02:43:28/327-12:32:48,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,0,0,00:00:03/18:23:51,23449) [kworker/0:0]
(root,51596,2216,00:29:21/93-11:21:00,23691) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1208,00:11:22/93-11:21:00,23695) dovecot/anvil
(cpanelconnecttrack,9876,3208,10:40:49/93-11:20:45,24111) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(mysql,3441212,533784,06:15:07/93-11:19:44,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,189788,12544,00:09:26/93-11:19:40,25125) cPhulkd - processor
(mailnull,89188,13212,00:07:42/93-11:19:37,25204) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:01/18:07:48,25474) [kworker/4:1]
(root,0,0,00:00:00/03:58:51,26038) [kworker/2:0]
(root,12732,1356,00:00:03/2-17:29:08,26992) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12732,1356,00:00:03/2-17:29:08,26993) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235464,4064,00:00:00/2-17:29:08,26994) /usr/sbin/httpd -k start
(root,53088,11844,00:00:00/2-17:29:07,26995) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3095364,28644,00:00:44/2-17:29:07,26996) /usr/sbin/httpd -k start
(nobody,3357508,30220,00:00:42/2-17:29:07,26997) /usr/sbin/httpd -k start
(nobody,3226436,28896,00:00:42/2-17:29:07,26998) /usr/sbin/httpd -k start
(nobody,3160900,28412,00:00:41/2-17:29:07,26999) /usr/sbin/httpd -k start
(nobody,3291972,29896,00:00:42/2-17:29:07,27018) /usr/sbin/httpd -k start
(root,2562268,1734400,07:27:43/323-17:33:06,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,33404,3480,00:01:27/290-02:46:26,29439) /sbin/rsyslogd
(root,0,0,00:00:00/23:07:55,31190) [kworker/6:1]
(dovenull,51772,7092,00:03:51/46-06:27:01,31246) dovecot/pop3-login
(dovenull,53692,9492,00:03:30/46-06:27:01,31247) dovecot/imap-login
(root,10640,1744,00:09:25/46-06:27:01,31248) dovecot/log
(dovenull,51684,7372,00:33:04/46-06:27:01,31249) dovecot/pop3-login
(dovenull,58980,13820,00:16:57/46-06:27:01,31250) dovecot/imap-login
(root,15988,3424,00:12:45/46-06:27:01,31251) dovecot/config
(dovecot,50684,3924,00:10:11/46-06:27:01,31252) dovecot/stats
(dovecot,10404,1608,00:01:31/46-06:26:25,31510) dovecot/imap-hibernate

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-05 22:08

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10298f7f2e

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4100,02:55:21/325-16:38:59,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:05/325-16:38:59,2) [kthreadd]
(root,0,0,00:00:00/325-16:38:59,4) [kworker/0:0H]
(root,0,0,00:36:27/325-16:38:59,6) [ksoftirqd/0]
(root,0,0,00:00:02/325-16:38:59,7) [migration/0]
(root,0,0,00:00:00/325-16:38:59,8) [rcu_bh]
(root,0,0,04:54:19/325-16:38:59,9) [rcu_sched]
(root,0,0,00:00:00/325-16:38:59,10) [lru-add-drain]
(root,0,0,00:02:33/325-16:38:59,11) [watchdog/0]
(root,0,0,00:02:07/325-16:38:59,12) [watchdog/1]
(root,0,0,00:00:01/325-16:38:59,13) [migration/1]
(root,0,0,00:00:15/325-16:38:59,14) [ksoftirqd/1]
(root,0,0,00:00:00/325-16:38:59,16) [kworker/1:0H]
(root,0,0,00:02:07/325-16:38:59,17) [watchdog/2]
(root,0,0,00:00:02/325-16:38:59,18) [migration/2]
(root,0,0,00:00:14/325-16:38:59,19) [ksoftirqd/2]
(root,0,0,00:00:00/325-16:38:59,21) [kworker/2:0H]
(root,0,0,00:02:10/325-16:38:59,22) [watchdog/3]
(root,0,0,00:00:01/325-16:38:59,23) [migration/3]
(root,0,0,00:00:13/325-16:38:59,24) [ksoftirqd/3]
(root,0,0,00:00:00/325-16:38:59,26) [kworker/3:0H]
(root,0,0,00:02:05/325-16:38:59,27) [watchdog/4]
(root,0,0,00:01:08/325-16:38:59,28) [migration/4]
(root,0,0,00:00:21/325-16:38:59,29) [ksoftirqd/4]
(root,0,0,00:00:00/325-16:38:59,31) [kworker/4:0H]
(root,0,0,00:02:00/325-16:38:59,32) [watchdog/5]
(root,0,0,00:01:27/325-16:38:59,33) [migration/5]
(root,0,0,00:00:28/325-16:38:59,34) [ksoftirqd/5]
(root,0,0,00:00:00/325-16:38:59,36) [kworker/5:0H]
(root,0,0,00:02:00/325-16:38:59,37) [watchdog/6]
(root,0,0,00:01:05/325-16:38:59,38) [migration/6]
(root,0,0,00:00:28/325-16:38:59,39) [ksoftirqd/6]
(root,0,0,00:00:00/325-16:38:59,41) [kworker/6:0H]
(root,0,0,00:02:11/325-16:38:59,42) [watchdog/7]
(root,0,0,00:01:03/325-16:38:59,43) [migration/7]
(root,0,0,00:10:24/325-16:38:59,44) [ksoftirqd/7]
(root,0,0,00:00:00/325-16:38:59,46) [kworker/7:0H]
(root,0,0,00:00:00/325-16:38:59,48) [kdevtmpfs]
(root,0,0,00:00:00/325-16:38:59,49) [netns]
(root,0,0,00:00:24/325-16:38:59,50) [khungtaskd]
(root,0,0,00:00:00/325-16:38:59,51) [writeback]
(root,0,0,00:00:00/325-16:38:59,52) [kintegrityd]
(root,0,0,00:00:00/325-16:38:59,53) [bioset]
(root,0,0,00:00:00/325-16:38:59,54) [bioset]
(root,0,0,00:00:00/325-16:38:59,55) [bioset]
(root,0,0,00:00:00/325-16:38:59,56) [kblockd]
(root,0,0,00:00:00/325-16:38:59,57) [md]
(root,0,0,00:00:00/325-16:38:59,58) [edac-poller]
(root,0,0,00:00:00/325-16:38:59,59) [watchdogd]
(root,0,0,00:51:57/325-16:38:59,66) [kswapd0]
(root,0,0,00:00:00/325-16:38:59,67) [ksmd]
(root,0,0,00:01:48/325-16:38:59,68) [khugepaged]
(root,0,0,00:00:00/325-16:38:59,69) [crypto]
(root,0,0,00:00:00/325-16:38:59,77) [kthrotld]
(root,0,0,00:00:00/325-16:38:59,80) [kmpath_rdacd]
(root,0,0,00:00:00/325-16:38:59,81) [kaluad]
(root,0,0,00:00:00/325-16:38:59,82) [kpsmoused]
(root,0,0,00:00:00/325-16:38:59,84) [ipv6_addrconf]
(root,0,0,00:00:00/325-16:38:59,97) [deferwq]
(root,0,0,00:15:13/325-16:38:58,144) [kauditd]
(root,0,0,00:00:00/325-16:38:58,368) [ata_sff]
(root,0,0,00:00:00/325-16:38:58,404) [scsi_eh_0]
(root,0,0,00:00:00/325-16:38:58,405) [scsi_tmf_0]
(root,0,0,00:00:00/325-16:38:58,406) [scsi_eh_1]
(root,0,0,00:00:00/325-16:38:58,407) [scsi_tmf_1]
(root,0,0,00:00:00/325-16:38:58,408) [scsi_eh_2]
(root,0,0,00:00:00/325-16:38:58,409) [scsi_tmf_2]
(root,0,0,00:00:00/325-16:38:58,410) [scsi_eh_3]
(root,0,0,00:00:00/325-16:38:58,411) [scsi_tmf_3]
(root,0,0,00:00:00/325-16:38:58,412) [scsi_eh_4]
(root,0,0,00:00:00/325-16:38:58,413) [scsi_tmf_4]
(root,0,0,00:00:00/325-16:38:58,414) [scsi_eh_5]
(root,0,0,00:00:00/325-16:38:58,415) [scsi_tmf_5]
(root,0,0,00:00:00/325-16:38:56,488) [kdmflush]
(root,0,0,00:00:00/325-16:38:56,489) [bioset]
(root,0,0,00:00:14/325-16:38:56,506) [kworker/0:1H]
(root,0,0,00:57:07/325-16:38:56,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/325-16:38:56,514) [ext4-rsv-conver]
(root,109088,52052,04:00:01/325-16:38:54,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:02/325-16:38:54,627) [kworker/4:1H]
(root,0,0,00:00:05/325-16:38:53,629) [kworker/1:1H]
(root,198572,760,00:00:00/325-16:38:53,633) /usr/sbin/lvmetad -f
(root,46060,1016,00:00:00/325-16:38:53,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:02/325-16:38:52,644) [kworker/2:1H]
(root,0,0,00:20:18/325-16:38:52,645) [kworker/7:1H]
(root,0,0,00:00:02/325-16:38:51,687) [kworker/5:1H]
(root,0,0,00:00:00/325-16:38:51,688) [irq/125-mei_me]
(root,0,0,00:00:00/325-16:38:51,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/325-16:38:49,714) [jbd2/sda2-8]
(root,0,0,00:00:00/325-16:38:49,715) [ext4-rsv-conver]
(root,0,0,00:03:00/325-16:38:48,719) [jbd2/sda3-8]
(root,0,0,00:00:00/325-16:38:48,720) [ext4-rsv-conver]
(root,0,0,00:09:28/325-16:38:48,724) [jbd2/sdb-8]
(root,0,0,00:00:00/325-16:38:48,725) [ext4-rsv-conver]
(root,0,0,00:00:01/325-16:38:46,740) [kworker/6:1H]
(root,57704,724,00:32:49/325-16:38:36,748) /sbin/auditd
(dbus,58232,1916,01:13:18/325-16:38:35,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,2320,00:36:48/325-16:38:34,788) /usr/lib/systemd/systemd-logind
(root,229032,9952,00:12:23/325-16:38:34,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5892,01:36:34/325-16:38:34,794) /usr/sbin/nscd
(root,52900,1804,00:00:17/325-16:38:34,848) /usr/sbin/smartd -n -q never
(root,21540,1056,01:13:06/325-16:38:34,849) /usr/sbin/irqbalance --foreground
(root,24208,752,00:00:00/325-16:38:34,862) /usr/sbin/atd -f
(root,124504,1364,00:06:30/325-16:38:34,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/325-16:38:34,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/325-16:38:34,869) [kworker/3:1H]
(chrony,97380,1524,00:01:54/325-16:38:34,888) /usr/sbin/chronyd
(root,113472,3148,00:28:50/325-16:38:25,1226) /usr/sbin/sshd -D
(root,1076176,16228,02:05:49/325-16:38:25,1237) /usr/sbin/rsyslogd -n
(root,27380,808,00:02:50/325-16:38:25,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,40548,01:49:37/325-16:38:24,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4200,00:14:22/325-16:38:21,1820) dnsadmin - dormant mode
(root,214612,18308,03:12:10/325-16:38:21,1825) tailwatchd
(root,183604,6556,00:12:58/325-16:38:21,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,130156,2268,00:01:44/325-16:38:21,1863) cpanellogd - sleeping for logs
(root,292800,5116,00:01:14/17-23:14:36,2272) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,14588,00:00:24/17-23:14:36,2297) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(root,151544,10292,00:00:00/04:44:31,2300) cPhulkd - dbprocessor
(wp-toolkit,404492,39160,00:16:32/17-23:14:32,2387) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387864,23808,00:00:23/17-23:14:32,2391) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,0,0,00:00:00/03:56:59,6078) [kworker/6:0]
(root,246524,91336,00:00:18/14:12:23,6613) spamd child
(root,231104,14592,00:15:32/80-02:17:30,6674) cpsrvd (SSL) - waiting for connections                   
(dovecot,74260,5856,00:15:22/8-00:24:22,8109) dovecot/auth
(root,232752,75680,00:00:00/08:51:18,11281) spamd child
(root,3108,36,00:02:46/325-12:36:02,12075) /usr/bin/RCdaemon
(root,0,0,00:00:00/02:26:59,13365) [kworker/4:0]
(root,0,0,00:00:00/01:56:59,16057) [kworker/5:1]
(root,0,0,00:00:00/01:36:58,17590) [kworker/5:2]
(root,0,0,00:00:00/01:25:59,18522) [kworker/0:1]
(root,235464,15268,00:12:38/86-14:22:05,18989) /usr/sbin/httpd -k start
(root,185004,2416,00:00:00/01:16:59,19097) /usr/sbin/CROND -n
(root,113280,1208,00:00:00/01:16:59,19107) /bin/sh -c sleep $((1 + RANDOM % 5))h $((1 + RANDOM % 60))m; /usr/local/bin/wp-toolkit update-configuration > /dev/null 2> /dev/null || /usr/local/cpanel/3rdparty/wp-toolkit/bin/wp-toolkit-installer.sh --generate-configs > /dev/null 2> /dev/null; /usr/bin/yum -y update wp-toolkit-cpanel > /dev/null 2> /dev/null
(root,108052,356,00:00:00/01:16:59,19111) sleep 1h 48m
(polkitd,610664,3040,00:26:22/325-15:40:53,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763176,27196,02:42:17/325-15:40:51,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,0,0,00:00:00/56:59,20631) [kworker/1:2]
(root,0,0,00:00:00/07:07:59,21415) [kworker/1:1]
(root,0,0,00:00:00/39:58,21780) [kworker/7:0]
(scliegyp,38400,3596,00:00:00/37:35,21940) dovecot/imap
(root,0,0,00:00:01/31:29,22407) [kworker/u16:2]
(root,0,0,00:00:00/27:04,22672) [kworker/2:2]
(root,0,0,00:00:00/26:58,22757) [kworker/3:2]
(scliegyp,38424,3600,00:00:00/19:37,23274) dovecot/imap
(root,0,0,00:00:00/16:58,23472) [kworker/2:0]
(root,0,0,00:00:01/16:45,23594) [kworker/u16:0]
(scliegyp,38140,3364,00:00:00/15:17,23672) dovecot/imap
(root,51596,2220,00:28:31/91-14:29:03,23691) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1208,00:11:03/91-14:29:03,23695) dovecot/anvil
(root,28844,2324,00:00:00/13:16,23826) dovecot/quota-status -p postfix
(root,0,0,00:00:00/10:49,24025) [kworker/7:1]
(scliegyp,37752,3076,00:00:00/09:46,24077) dovecot/imap
(cpanelconnecttrack,9876,3208,10:27:39/91-14:28:48,24111) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(scliegyp,38140,3360,00:00:00/03:01,24561) dovecot/imap
(root,0,0,00:00:00/02:59,24570) [kworker/0:2]
(scliegyp,38580,3828,00:00:00/02:22,24587) dovecot/imap
(root,72960,4256,00:00:00/01:13,24713) dovecot/auth -w
(scliegyp,38400,3596,00:00:00/01:13,24715) dovecot/imap
(scliegyp,37988,3572,00:00:00/00:24,24739) dovecot/imap
(root,189788,10860,00:00:00/00:18,24740) cPhulkd - processor - http socket
(root,0,0,00:00:00/00:18,24741) [cpsrvd (SSL) - ] <defunct>
(root,113500,1624,00:00:00/00:00,24763) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,24781) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,944,00:00:00/00:00,24782) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(mysql,3441212,493752,06:07:13/91-14:27:47,25028) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,189788,12536,00:09:15/91-14:27:43,25125) cPhulkd - processor
(mailnull,89188,13212,00:07:33/91-14:27:40,25204) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:01/20:43:05,26251) [kworker/4:2]
(root,0,0,00:00:01/1-03:26:59,26516) [kworker/3:0]
(root,12732,1364,00:00:01/20:37:11,26992) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12740,1364,00:00:01/20:37:11,26993) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235464,4064,00:00:00/20:37:11,26994) /usr/sbin/httpd -k start
(root,53088,11844,00:00:00/20:37:10,26995) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3029828,23216,00:00:17/20:37:10,26996) /usr/sbin/httpd -k start
(nobody,3095364,23172,00:00:16/20:37:10,26997) /usr/sbin/httpd -k start
(nobody,3160900,24068,00:00:16/20:37:10,26998) /usr/sbin/httpd -k start
(nobody,3029828,24404,00:00:14/20:37:10,26999) /usr/sbin/httpd -k start
(nobody,3095364,24160,00:00:15/20:37:10,27018) /usr/sbin/httpd -k start
(root,2562216,1657040,07:23:47/321-20:41:09,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,0,0,00:00:07/1-09:27:07,28373) [kworker/0:0]
(root,33404,3480,00:01:26/288-05:54:29,29439) /sbin/rsyslogd
(root,0,0,00:00:00/20:01:58,30199) [kworker/6:1]
(dovenull,51772,7116,00:03:41/44-09:35:04,31246) dovecot/pop3-login
(dovenull,53692,9516,00:03:19/44-09:35:04,31247) dovecot/imap-login
(root,10640,1744,00:08:53/44-09:35:04,31248) dovecot/log
(dovenull,51688,7400,00:31:44/44-09:35:04,31249) dovecot/pop3-login
(dovenull,58980,13844,00:16:08/44-09:35:04,31250) dovecot/imap-login
(root,15988,3424,00:12:04/44-09:35:04,31251) dovecot/config
(dovecot,50684,3924,00:09:38/44-09:35:04,31252) dovecot/stats
(dovecot,10404,1608,00:01:27/44-09:34:28,31510) dovecot/imap-hibernate

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-04 01:17

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10fb5e7b82

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4100,02:05:21/230-12:02:54,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:04/230-12:02:54,2) [kthreadd]
(root,0,0,00:00:00/230-12:02:54,4) [kworker/0:0H]
(root,0,0,00:30:30/230-12:02:54,6) [ksoftirqd/0]
(root,0,0,00:00:01/230-12:02:54,7) [migration/0]
(root,0,0,00:00:00/230-12:02:54,8) [rcu_bh]
(root,0,0,03:26:48/230-12:02:54,9) [rcu_sched]
(root,0,0,00:00:00/230-12:02:54,10) [lru-add-drain]
(root,0,0,00:01:51/230-12:02:54,11) [watchdog/0]
(root,0,0,00:01:29/230-12:02:54,12) [watchdog/1]
(root,0,0,00:00:01/230-12:02:54,13) [migration/1]
(root,0,0,00:00:09/230-12:02:54,14) [ksoftirqd/1]
(root,0,0,00:00:00/230-12:02:54,16) [kworker/1:0H]
(root,0,0,00:01:30/230-12:02:54,17) [watchdog/2]
(root,0,0,00:00:01/230-12:02:54,18) [migration/2]
(root,0,0,00:00:09/230-12:02:54,19) [ksoftirqd/2]
(root,0,0,00:00:00/230-12:02:54,21) [kworker/2:0H]
(root,0,0,00:01:31/230-12:02:54,22) [watchdog/3]
(root,0,0,00:00:01/230-12:02:54,23) [migration/3]
(root,0,0,00:00:09/230-12:02:54,24) [ksoftirqd/3]
(root,0,0,00:00:00/230-12:02:54,26) [kworker/3:0H]
(root,0,0,00:01:29/230-12:02:54,27) [watchdog/4]
(root,0,0,00:00:53/230-12:02:54,28) [migration/4]
(root,0,0,00:00:15/230-12:02:54,29) [ksoftirqd/4]
(root,0,0,00:00:00/230-12:02:54,31) [kworker/4:0H]
(root,0,0,00:01:25/230-12:02:54,32) [watchdog/5]
(root,0,0,00:01:10/230-12:02:54,33) [migration/5]
(root,0,0,00:00:20/230-12:02:54,34) [ksoftirqd/5]
(root,0,0,00:00:00/230-12:02:54,36) [kworker/5:0H]
(root,0,0,00:01:25/230-12:02:54,37) [watchdog/6]
(root,0,0,00:00:51/230-12:02:54,38) [migration/6]
(root,0,0,00:00:22/230-12:02:54,39) [ksoftirqd/6]
(root,0,0,00:00:00/230-12:02:54,41) [kworker/6:0H]
(root,0,0,00:01:30/230-12:02:54,42) [watchdog/7]
(root,0,0,00:00:48/230-12:02:54,43) [migration/7]
(root,0,0,00:07:20/230-12:02:54,44) [ksoftirqd/7]
(root,0,0,00:00:00/230-12:02:54,46) [kworker/7:0H]
(root,0,0,00:00:00/230-12:02:54,48) [kdevtmpfs]
(root,0,0,00:00:00/230-12:02:54,49) [netns]
(root,0,0,00:00:17/230-12:02:54,50) [khungtaskd]
(root,0,0,00:00:00/230-12:02:54,51) [writeback]
(root,0,0,00:00:00/230-12:02:54,52) [kintegrityd]
(root,0,0,00:00:00/230-12:02:54,53) [bioset]
(root,0,0,00:00:00/230-12:02:54,54) [bioset]
(root,0,0,00:00:00/230-12:02:54,55) [bioset]
(root,0,0,00:00:00/230-12:02:54,56) [kblockd]
(root,0,0,00:00:00/230-12:02:54,57) [md]
(root,0,0,00:00:00/230-12:02:54,58) [edac-poller]
(root,0,0,00:00:00/230-12:02:54,59) [watchdogd]
(root,0,0,00:25:19/230-12:02:54,66) [kswapd0]
(root,0,0,00:00:00/230-12:02:54,67) [ksmd]
(root,0,0,00:01:28/230-12:02:54,68) [khugepaged]
(root,0,0,00:00:00/230-12:02:54,69) [crypto]
(root,0,0,00:00:00/230-12:02:54,77) [kthrotld]
(root,0,0,00:00:00/230-12:02:54,80) [kmpath_rdacd]
(root,0,0,00:00:00/230-12:02:54,81) [kaluad]
(root,0,0,00:00:00/230-12:02:54,82) [kpsmoused]
(root,0,0,00:00:00/230-12:02:54,84) [ipv6_addrconf]
(root,0,0,00:00:00/230-12:02:54,97) [deferwq]
(root,0,0,00:11:14/230-12:02:53,144) [kauditd]
(root,0,0,00:00:00/230-12:02:53,368) [ata_sff]
(root,0,0,00:00:00/230-12:02:53,404) [scsi_eh_0]
(root,0,0,00:00:00/230-12:02:53,405) [scsi_tmf_0]
(root,0,0,00:00:00/230-12:02:53,406) [scsi_eh_1]
(root,0,0,00:00:00/230-12:02:53,407) [scsi_tmf_1]
(root,0,0,00:00:00/230-12:02:53,408) [scsi_eh_2]
(root,0,0,00:00:00/230-12:02:53,409) [scsi_tmf_2]
(root,0,0,00:00:00/230-12:02:53,410) [scsi_eh_3]
(root,0,0,00:00:00/230-12:02:53,411) [scsi_tmf_3]
(root,0,0,00:00:00/230-12:02:53,412) [scsi_eh_4]
(root,0,0,00:00:00/230-12:02:53,413) [scsi_tmf_4]
(root,0,0,00:00:00/230-12:02:53,414) [scsi_eh_5]
(root,0,0,00:00:00/230-12:02:53,415) [scsi_tmf_5]
(root,0,0,00:00:00/230-12:02:51,488) [kdmflush]
(root,0,0,00:00:00/230-12:02:51,489) [bioset]
(root,0,0,00:00:09/230-12:02:51,506) [kworker/0:1H]
(root,0,0,00:38:51/230-12:02:51,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/230-12:02:51,514) [ext4-rsv-conver]
(root,174296,114172,02:48:52/230-12:02:49,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:01/230-12:02:49,627) [kworker/4:1H]
(root,0,0,00:00:03/230-12:02:48,629) [kworker/1:1H]
(root,198572,892,00:00:00/230-12:02:48,633) /usr/sbin/lvmetad -f
(root,46060,968,00:00:00/230-12:02:48,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:01/230-12:02:47,644) [kworker/2:1H]
(root,0,0,00:15:00/230-12:02:47,645) [kworker/7:1H]
(root,0,0,00:00:01/230-12:02:46,687) [kworker/5:1H]
(root,0,0,00:00:00/230-12:02:46,688) [irq/125-mei_me]
(root,0,0,00:00:00/230-12:02:46,689) [kvm-irqfd-clean]
(scliegyp,31848,3724,00:00:00/08:14,694) dovecot/pop3
(root,0,0,00:00:00/230-12:02:44,714) [jbd2/sda2-8]
(root,0,0,00:00:00/230-12:02:44,715) [ext4-rsv-conver]
(root,0,0,00:02:00/230-12:02:43,719) [jbd2/sda3-8]
(root,0,0,00:00:00/230-12:02:43,720) [ext4-rsv-conver]
(root,0,0,00:06:21/230-12:02:43,724) [jbd2/sdb-8]
(root,0,0,00:00:00/230-12:02:43,725) [ext4-rsv-conver]
(root,0,0,00:00:01/230-12:02:41,740) [kworker/6:1H]
(root,57704,724,00:24:22/230-12:02:31,748) /sbin/auditd
(dbus,58232,1912,00:52:31/230-12:02:30,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,2328,00:26:22/230-12:02:29,788) /usr/lib/systemd/systemd-logind
(root,229020,9000,00:08:35/230-12:02:29,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5732,01:09:38/230-12:02:29,794) /usr/sbin/nscd
(root,52900,1924,00:00:12/230-12:02:29,848) /usr/sbin/smartd -n -q never
(root,21540,1056,00:51:47/230-12:02:29,849) /usr/sbin/irqbalance --foreground
(root,24208,608,00:00:00/230-12:02:29,862) /usr/sbin/atd -f
(root,124504,1372,00:04:35/230-12:02:29,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/230-12:02:29,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/230-12:02:29,869) [kworker/3:1H]
(chrony,97380,1528,00:01:22/230-12:02:29,888) /usr/sbin/chronyd
(root,0,0,00:00:00/06:52,1019) [kworker/5:0]
(scliegyp,32084,3720,00:00:00/06:09,1121) dovecot/pop3
(root,113472,3152,00:21:35/230-12:02:20,1226) /usr/sbin/sshd -D
(cpanelconnecttrack,9820,3156,1-01:53:14/230-12:02:20,1235) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,1068492,15632,01:28:41/230-12:02:20,1237) /usr/sbin/rsyslogd -n
(root,27380,836,00:02:40/230-12:02:20,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(scliegyp,38276,3596,00:00:00/05:12,1246) dovecot/imap
(root,243184,88904,00:00:05/10:02:58,1315) spamd child
(root,225548,38924,01:17:28/230-12:02:19,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4196,00:10:10/230-12:02:16,1820) dnsadmin - dormant mode
(root,213976,19036,02:14:56/230-12:02:16,1825) tailwatchd
(root,183604,6556,00:09:01/230-12:02:16,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,72960,4264,00:00:00/01:07,1840) dovecot/auth -w
(scliegyp,31740,3524,00:00:00/01:03,1845) dovecot/pop3
(root,130156,2268,00:01:13/230-12:02:16,1863) cpanellogd - sleeping for logs
(scliegyp,39032,4212,00:00:00/00:47,1931) dovecot/imap
(mailnull,89344,10196,00:00:00/00:07,1947) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,189788,11120,00:00:00/00:07,1948) cPhulkd - processor - http socket
(root,0,0,00:00:00/00:01,1951) [cpsrvd (SSL) - ] <defunct>
(root,113500,1620,00:00:00/00:00,1973) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,1991) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,1992) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,235468,14288,00:27:46/193-00:49:15,2481) /usr/sbin/httpd -k start
(root,0,0,00:00:01/22:51:52,2521) [kworker/1:2]
(mysql,4494004,869608,13:21:53/230-12:01:54,3134) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,0,0,00:00:00/03:32:51,3279) [kworker/7:2]
(root,12732,1340,00:00:11/10-04:59:34,3688) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12740,1352,00:00:11/10-04:59:34,3689) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235468,3864,00:00:00/10-04:59:34,3690) /usr/sbin/httpd -k start
(root,53088,11764,00:00:00/10-04:59:34,3691) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(dovenull,52168,7980,00:06:26/10-04:59:34,3799) dovecot/pop3-login
(dovenull,55812,11324,00:03:03/10-04:59:34,3800) dovecot/imap-login
(root,10524,1620,00:01:45/10-04:59:34,3801) dovecot/log
(dovenull,50976,6812,00:00:52/10-04:59:34,3802) dovecot/pop3-login
(dovenull,51688,7512,00:00:49/10-04:59:34,3803) dovecot/imap-login
(root,15896,3488,00:02:28/10-04:59:34,3804) dovecot/config
(dovecot,50308,3660,00:01:58/10-04:59:34,3805) dovecot/stats
(dovecot,10412,1508,00:00:20/10-04:58:57,4010) dovecot/imap-hibernate
(root,225548,36980,00:00:00/03:27:51,4058) spamd child
(root,0,0,00:00:01/1-14:26:10,4292) [kworker/2:1]
(root,292800,5132,00:00:40/9-18:07:20,6491) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,20496,00:00:12/9-18:07:19,6517) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404396,48100,00:08:58/9-18:07:15,6604) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387868,32872,00:00:12/9-18:07:15,6608) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,189788,12548,00:21:26/205-12:29:10,8719) cPhulkd - processor
(nobody,3160900,27468,00:00:25/2-00:20:45,9437) /usr/sbin/httpd -k start
(nobody,3095364,25804,00:00:19/1-11:07:57,10641) /usr/sbin/httpd -k start
(root,3108,36,00:01:57/230-07:59:57,12075) /usr/bin/RCdaemon
(root,0,0,00:00:00/02:21:52,13881) [kworker/4:1]
(nobody,3226436,29300,00:00:40/2-22:13:10,15763) /usr/sbin/httpd -k start
(root,0,0,00:00:00/08:52:00,15915) [kworker/5:2]
(root,0,0,00:00:00/21:16:52,17306) [kworker/6:0]
(nobody,3160900,29116,00:00:37/2-11:51:41,18758) /usr/sbin/httpd -k start
(nobody,3226436,28100,00:00:34/2-11:51:39,18812) /usr/sbin/httpd -k start
(polkitd,610664,3116,00:18:52/230-11:04:48,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763176,27544,01:48:49/230-11:04:46,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,0,0,00:00:00/01:41:52,19805) [kworker/2:0]
(root,0,0,00:00:00/01:35:52,20666) [kworker/u16:1]
(root,0,0,00:00:00/01:21:52,22696) [kworker/0:1]
(dovecot,74184,5784,00:01:17/16:54:53,23564) dovecot/auth
(root,0,0,00:00:00/01:01:52,25523) [kworker/1:0]
(root,231088,13268,00:34:39/187-21:43:27,25777) cpsrvd (SSL) - waiting for connections                   
(root,0,0,00:00:00/56:52,26260) [kworker/0:0]
(root,2492148,1604896,05:02:32/226-16:05:04,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,33404,3084,00:00:59/193-01:18:24,29439) /sbin/rsyslogd
(mailnull,89176,13216,00:12:14/193-01:18:24,29453) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51576,2272,00:51:07/193-01:18:20,29530) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1192,00:18:53/193-01:18:20,29536) dovecot/anvil
(root,0,0,00:00:00/28:45,30245) [kworker/u16:0]
(scliegyp,38400,3600,00:00:00/26:49,30619) dovecot/imap
(scliegyp,38228,3892,00:00:00/24:49,30854) dovecot/imap
(root,0,0,00:00:01/16:08:07,31011) [kworker/4:0]
(root,0,0,00:00:00/21:52,31256) [kworker/6:2]
(root,0,0,00:00:00/07:31:49,31352) [kworker/3:1]
(root,0,0,00:00:00/19:28,31569) [kworker/7:0]
(root,151548,10340,00:00:07/1-11:58:57,32447) cPhulkd - dbprocessor
(root,0,0,00:00:00/11:51,32646) [kworker/3:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-07-31 20:41

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10cb8688db

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4100,02:04:19/228-12:03:43,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:04/228-12:03:43,2) [kthreadd]
(root,0,0,00:00:00/228-12:03:43,4) [kworker/0:0H]
(root,0,0,00:30:11/228-12:03:43,6) [ksoftirqd/0]
(root,0,0,00:00:01/228-12:03:43,7) [migration/0]
(root,0,0,00:00:00/228-12:03:43,8) [rcu_bh]
(root,0,0,03:24:53/228-12:03:43,9) [rcu_sched]
(root,0,0,00:00:00/228-12:03:43,10) [lru-add-drain]
(root,0,0,00:01:50/228-12:03:43,11) [watchdog/0]
(root,0,0,00:01:28/228-12:03:43,12) [watchdog/1]
(root,0,0,00:00:01/228-12:03:43,13) [migration/1]
(root,0,0,00:00:09/228-12:03:43,14) [ksoftirqd/1]
(root,0,0,00:00:00/228-12:03:43,16) [kworker/1:0H]
(root,0,0,00:01:29/228-12:03:43,17) [watchdog/2]
(root,0,0,00:00:01/228-12:03:43,18) [migration/2]
(root,0,0,00:00:09/228-12:03:43,19) [ksoftirqd/2]
(root,0,0,00:00:00/228-12:03:43,21) [kworker/2:0H]
(root,0,0,00:01:31/228-12:03:43,22) [watchdog/3]
(root,0,0,00:00:01/228-12:03:43,23) [migration/3]
(root,0,0,00:00:09/228-12:03:43,24) [ksoftirqd/3]
(root,0,0,00:00:00/228-12:03:43,26) [kworker/3:0H]
(root,0,0,00:01:29/228-12:03:43,27) [watchdog/4]
(root,0,0,00:00:52/228-12:03:43,28) [migration/4]
(root,0,0,00:00:15/228-12:03:43,29) [ksoftirqd/4]
(root,0,0,00:00:00/228-12:03:43,31) [kworker/4:0H]
(root,0,0,00:01:24/228-12:03:43,32) [watchdog/5]
(root,0,0,00:01:09/228-12:03:43,33) [migration/5]
(root,0,0,00:00:20/228-12:03:43,34) [ksoftirqd/5]
(root,0,0,00:00:00/228-12:03:43,36) [kworker/5:0H]
(root,0,0,00:01:24/228-12:03:43,37) [watchdog/6]
(root,0,0,00:00:51/228-12:03:43,38) [migration/6]
(root,0,0,00:00:22/228-12:03:43,39) [ksoftirqd/6]
(root,0,0,00:00:00/228-12:03:43,41) [kworker/6:0H]
(root,0,0,00:01:29/228-12:03:43,42) [watchdog/7]
(root,0,0,00:00:48/228-12:03:43,43) [migration/7]
(root,0,0,00:07:16/228-12:03:43,44) [ksoftirqd/7]
(root,0,0,00:00:00/228-12:03:43,46) [kworker/7:0H]
(root,0,0,00:00:00/228-12:03:43,48) [kdevtmpfs]
(root,0,0,00:00:00/228-12:03:43,49) [netns]
(root,0,0,00:00:16/228-12:03:43,50) [khungtaskd]
(root,0,0,00:00:00/228-12:03:43,51) [writeback]
(root,0,0,00:00:00/228-12:03:43,52) [kintegrityd]
(root,0,0,00:00:00/228-12:03:43,53) [bioset]
(root,0,0,00:00:00/228-12:03:43,54) [bioset]
(root,0,0,00:00:00/228-12:03:43,55) [bioset]
(root,0,0,00:00:00/228-12:03:43,56) [kblockd]
(root,0,0,00:00:00/228-12:03:43,57) [md]
(root,0,0,00:00:00/228-12:03:43,58) [edac-poller]
(root,0,0,00:00:00/228-12:03:43,59) [watchdogd]
(root,0,0,00:24:59/228-12:03:43,66) [kswapd0]
(root,0,0,00:00:00/228-12:03:43,67) [ksmd]
(root,0,0,00:01:27/228-12:03:43,68) [khugepaged]
(root,0,0,00:00:00/228-12:03:43,69) [crypto]
(root,0,0,00:00:00/228-12:03:43,77) [kthrotld]
(root,0,0,00:00:00/228-12:03:43,80) [kmpath_rdacd]
(root,0,0,00:00:00/228-12:03:43,81) [kaluad]
(root,0,0,00:00:00/228-12:03:43,82) [kpsmoused]
(root,0,0,00:00:00/228-12:03:43,84) [ipv6_addrconf]
(root,0,0,00:00:00/228-12:03:43,97) [deferwq]
(root,0,0,00:11:10/228-12:03:42,144) [kauditd]
(root,0,0,00:00:00/228-12:03:42,368) [ata_sff]
(root,0,0,00:00:00/228-12:03:42,404) [scsi_eh_0]
(root,0,0,00:00:00/228-12:03:42,405) [scsi_tmf_0]
(root,0,0,00:00:00/228-12:03:42,406) [scsi_eh_1]
(root,0,0,00:00:00/228-12:03:42,407) [scsi_tmf_1]
(root,0,0,00:00:00/228-12:03:42,408) [scsi_eh_2]
(root,0,0,00:00:00/228-12:03:42,409) [scsi_tmf_2]
(root,0,0,00:00:00/228-12:03:42,410) [scsi_eh_3]
(root,0,0,00:00:00/228-12:03:42,411) [scsi_tmf_3]
(root,0,0,00:00:00/228-12:03:42,412) [scsi_eh_4]
(root,0,0,00:00:00/228-12:03:42,413) [scsi_tmf_4]
(root,0,0,00:00:00/228-12:03:42,414) [scsi_eh_5]
(root,0,0,00:00:00/228-12:03:42,415) [scsi_tmf_5]
(root,0,0,00:00:00/228-12:03:40,488) [kdmflush]
(root,0,0,00:00:00/228-12:03:40,489) [bioset]
(root,0,0,00:00:09/228-12:03:40,506) [kworker/0:1H]
(root,0,0,00:38:31/228-12:03:40,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/228-12:03:40,514) [ext4-rsv-conver]
(root,92740,43844,02:47:22/228-12:03:38,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:01/228-12:03:38,627) [kworker/4:1H]
(root,0,0,00:00:03/228-12:03:37,629) [kworker/1:1H]
(root,198572,892,00:00:00/228-12:03:37,633) /usr/sbin/lvmetad -f
(root,46060,968,00:00:00/228-12:03:37,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:01/228-12:03:36,644) [kworker/2:1H]
(root,0,0,00:14:53/228-12:03:36,645) [kworker/7:1H]
(root,0,0,00:00:01/228-12:03:35,687) [kworker/5:1H]
(root,0,0,00:00:00/228-12:03:35,688) [irq/125-mei_me]
(root,0,0,00:00:00/228-12:03:35,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/228-12:03:33,714) [jbd2/sda2-8]
(root,0,0,00:00:00/228-12:03:33,715) [ext4-rsv-conver]
(root,0,0,00:01:59/228-12:03:32,719) [jbd2/sda3-8]
(root,0,0,00:00:00/228-12:03:32,720) [ext4-rsv-conver]
(root,0,0,00:06:18/228-12:03:32,724) [jbd2/sdb-8]
(root,0,0,00:00:00/228-12:03:32,725) [ext4-rsv-conver]
(root,0,0,00:00:01/228-12:03:30,740) [kworker/6:1H]
(root,57704,724,00:24:13/228-12:03:20,748) /sbin/auditd
(dbus,58232,1920,00:52:05/228-12:03:19,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,2332,00:26:09/228-12:03:18,788) /usr/lib/systemd/systemd-logind
(root,229020,8976,00:08:30/228-12:03:18,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5696,01:09:03/228-12:03:18,794) /usr/sbin/nscd
(root,52900,1924,00:00:12/228-12:03:18,848) /usr/sbin/smartd -n -q never
(root,21540,1056,00:51:21/228-12:03:18,849) /usr/sbin/irqbalance --foreground
(root,24208,608,00:00:00/228-12:03:18,862) /usr/sbin/atd -f
(root,124504,1372,00:04:32/228-12:03:18,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/228-12:03:18,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/228-12:03:18,869) [kworker/3:1H]
(chrony,97380,1528,00:01:21/228-12:03:18,888) /usr/sbin/chronyd
(root,113472,3152,00:21:28/228-12:03:09,1226) /usr/sbin/sshd -D
(cpanelconnecttrack,9820,3160,1-01:39:41/228-12:03:09,1235) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,1068492,14980,01:27:54/228-12:03:09,1237) /usr/sbin/rsyslogd -n
(root,27380,836,00:02:39/228-12:03:09,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,38820,01:16:48/228-12:03:08,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4196,00:10:04/228-12:03:05,1820) dnsadmin - dormant mode
(root,213720,22288,02:13:41/228-12:03:05,1825) tailwatchd
(root,183604,6560,00:08:56/228-12:03:05,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,130156,2268,00:01:13/228-12:03:05,1863) cpanellogd - sleeping for logs
(root,235468,14288,00:27:29/191-00:50:04,2481) /usr/sbin/httpd -k start
(mysql,4494004,881568,13:15:03/228-12:02:43,3134) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,0,0,00:00:00/07:52:54,3465) [kworker/4:1]
(root,12732,1340,00:00:09/8-05:00:23,3688) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12736,1352,00:00:09/8-05:00:23,3689) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235468,3864,00:00:00/8-05:00:23,3690) /usr/sbin/httpd -k start
(root,53088,11764,00:00:00/8-05:00:23,3691) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(dovenull,52168,8000,00:04:50/8-05:00:23,3799) dovecot/pop3-login
(dovenull,55812,11348,00:02:20/8-05:00:23,3800) dovecot/imap-login
(root,10524,1620,00:01:21/8-05:00:23,3801) dovecot/log
(dovenull,51128,6696,00:00:38/8-05:00:23,3802) dovecot/pop3-login
(dovenull,51220,7076,00:00:39/8-05:00:23,3803) dovecot/imap-login
(root,15896,3488,00:01:52/8-05:00:23,3804) dovecot/config
(dovecot,50308,3660,00:01:31/8-05:00:23,3805) dovecot/stats
(dovecot,74276,5888,00:09:12/8-05:00:23,3806) dovecot/auth
(dovecot,10412,1508,00:00:16/8-04:59:46,4010) dovecot/imap-hibernate
(root,250132,94384,00:00:15/10:20:15,5393) spamd child
(root,0,0,00:00:01/23:22:38,5992) [kworker/2:2]
(root,0,0,00:00:00/42:42,6397) [kworker/5:2]
(root,292800,5140,00:00:32/7-18:08:09,6491) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,20780,00:00:09/7-18:08:08,6517) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404396,48104,00:07:08/7-18:08:04,6604) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387868,32868,00:00:10/7-18:08:04,6608) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(scliegyp,38596,3844,00:00:00/40:00,6754) dovecot/imap
(root,0,0,00:00:00/19:33:20,7129) [kworker/3:0]
(root,0,0,00:00:00/36:58,7236) [kworker/u16:2]
(root,0,0,00:00:00/32:38,7866) [kworker/7:1]
(scliegyp,38596,3860,00:00:00/29:54,8184) dovecot/imap
(root,189788,12544,00:21:14/203-12:29:59,8719) cPhulkd - processor
(root,0,0,00:00:00/23:03:40,8724) [kworker/6:1]
(root,0,0,00:00:00/03:52:41,8927) [kworker/6:0]
(root,0,0,00:00:00/03:52:38,8929) [kworker/0:1]
(root,0,0,00:00:00/22:41,9199) [kworker/3:1]
(nobody,2308932,9800,00:00:00/21:34,9437) /usr/sbin/httpd -k start
(root,0,0,00:00:01/2-12:23:26,9765) [kworker/5:0]
(scliegyp,38572,3836,00:00:00/14:52,10370) dovecot/imap
(root,0,0,00:00:00/13:56,10483) [kworker/7:0]
(root,0,0,00:00:00/12:42,10638) [kworker/4:2]
(root,0,0,00:00:00/12:42,10659) [kworker/0:2]
(scliegyp,38368,3728,00:00:00/09:53,11111) dovecot/imap
(scliegyp,38360,3952,00:00:00/08:32,11246) dovecot/imap
(root,0,0,00:00:00/07:41,11430) [kworker/1:1]
(root,3108,36,00:01:56/228-08:00:46,12075) /usr/bin/RCdaemon
(root,0,0,00:00:00/02:42,12107) [kworker/5:1]
(scliegyp,38400,3600,00:00:00/02:16,12320) dovecot/imap
(root,0,0,00:00:00/01:25,12362) [kworker/7:2]
(root,72960,4256,00:00:00/01:14,12437) dovecot/auth -w
(root,189788,11092,00:00:00/00:15,12536) cPhulkd - processor - http socket
(root,0,0,00:00:00/00:15,12537) [cpsrvd (SSL) - ] <defunct>
(scliegyp,36148,6108,00:00:00/00:04,12539) dovecot/pop3
(root,113500,1624,00:00:00/00:00,12580) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,12598) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,12599) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(nobody,3226436,26172,00:00:14/22:13:59,15763) /usr/sbin/httpd -k start
(root,151596,10392,00:00:04/12:02:18,16832) cPhulkd - dbprocessor
(nobody,3095364,23936,00:00:10/11:52:30,18758) /usr/sbin/httpd -k start
(nobody,2964292,23896,00:00:09/11:52:28,18812) /usr/sbin/httpd -k start
(polkitd,610664,3140,00:18:43/228-11:05:37,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763176,27544,01:47:36/228-11:05:35,19737) /usr/sbin/named -u named -c /etc/named.conf
(nobody,3095364,30484,00:01:23/7-08:22:21,19787) /usr/sbin/httpd -k start
(root,0,0,00:00:01/21:37:42,21469) [kworker/1:2]
(root,230276,72944,00:00:00/05:43:18,24460) spamd child
(root,0,0,00:00:00/02:02:41,25354) [kworker/2:1]
(root,231088,13268,00:34:12/185-21:44:16,25777) cpsrvd (SSL) - waiting for connections                   
(root,2494028,1618300,04:58:58/224-16:05:53,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,0,0,00:00:00/01:41:06,29286) [kworker/u16:0]
(root,33404,3084,00:00:59/191-01:19:13,29439) /sbin/rsyslogd
(mailnull,89176,13216,00:12:09/191-01:19:13,29453) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51576,2276,00:50:24/191-01:19:09,29530) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1192,00:18:37/191-01:19:09,29536) dovecot/anvil

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-07-29 20:42

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10f704ff0e

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4100,02:03:22/226-15:00:21,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:04/226-15:00:21,2) [kthreadd]
(root,0,0,00:00:00/226-15:00:21,4) [kworker/0:0H]
(root,0,0,00:29:51/226-15:00:21,6) [ksoftirqd/0]
(root,0,0,00:00:01/226-15:00:21,7) [migration/0]
(root,0,0,00:00:00/226-15:00:21,8) [rcu_bh]
(root,0,0,03:22:51/226-15:00:21,9) [rcu_sched]
(root,0,0,00:00:00/226-15:00:21,10) [lru-add-drain]
(root,0,0,00:01:49/226-15:00:21,11) [watchdog/0]
(root,0,0,00:01:28/226-15:00:21,12) [watchdog/1]
(root,0,0,00:00:01/226-15:00:21,13) [migration/1]
(root,0,0,00:00:09/226-15:00:21,14) [ksoftirqd/1]
(root,0,0,00:00:00/226-15:00:21,16) [kworker/1:0H]
(root,0,0,00:01:28/226-15:00:21,17) [watchdog/2]
(root,0,0,00:00:01/226-15:00:21,18) [migration/2]
(root,0,0,00:00:08/226-15:00:21,19) [ksoftirqd/2]
(root,0,0,00:00:00/226-15:00:21,21) [kworker/2:0H]
(root,0,0,00:01:30/226-15:00:21,22) [watchdog/3]
(root,0,0,00:00:01/226-15:00:21,23) [migration/3]
(root,0,0,00:00:09/226-15:00:21,24) [ksoftirqd/3]
(root,0,0,00:00:00/226-15:00:21,26) [kworker/3:0H]
(root,0,0,00:01:28/226-15:00:21,27) [watchdog/4]
(root,0,0,00:00:52/226-15:00:21,28) [migration/4]
(root,0,0,00:00:15/226-15:00:21,29) [ksoftirqd/4]
(root,0,0,00:00:00/226-15:00:21,31) [kworker/4:0H]
(root,0,0,00:01:23/226-15:00:21,32) [watchdog/5]
(root,0,0,00:01:08/226-15:00:21,33) [migration/5]
(root,0,0,00:00:20/226-15:00:21,34) [ksoftirqd/5]
(root,0,0,00:00:00/226-15:00:21,36) [kworker/5:0H]
(root,0,0,00:01:23/226-15:00:21,37) [watchdog/6]
(root,0,0,00:00:50/226-15:00:21,38) [migration/6]
(root,0,0,00:00:21/226-15:00:21,39) [ksoftirqd/6]
(root,0,0,00:00:00/226-15:00:21,41) [kworker/6:0H]
(root,0,0,00:01:28/226-15:00:21,42) [watchdog/7]
(root,0,0,00:00:47/226-15:00:21,43) [migration/7]
(root,0,0,00:07:12/226-15:00:21,44) [ksoftirqd/7]
(root,0,0,00:00:00/226-15:00:21,46) [kworker/7:0H]
(root,0,0,00:00:00/226-15:00:21,48) [kdevtmpfs]
(root,0,0,00:00:00/226-15:00:21,49) [netns]
(root,0,0,00:00:16/226-15:00:21,50) [khungtaskd]
(root,0,0,00:00:00/226-15:00:21,51) [writeback]
(root,0,0,00:00:00/226-15:00:21,52) [kintegrityd]
(root,0,0,00:00:00/226-15:00:21,53) [bioset]
(root,0,0,00:00:00/226-15:00:21,54) [bioset]
(root,0,0,00:00:00/226-15:00:21,55) [bioset]
(root,0,0,00:00:00/226-15:00:21,56) [kblockd]
(root,0,0,00:00:00/226-15:00:21,57) [md]
(root,0,0,00:00:00/226-15:00:21,58) [edac-poller]
(root,0,0,00:00:00/226-15:00:21,59) [watchdogd]
(root,0,0,00:24:27/226-15:00:21,66) [kswapd0]
(root,0,0,00:00:00/226-15:00:21,67) [ksmd]
(root,0,0,00:01:27/226-15:00:21,68) [khugepaged]
(root,0,0,00:00:00/226-15:00:21,69) [crypto]
(root,0,0,00:00:00/226-15:00:21,77) [kthrotld]
(root,0,0,00:00:00/226-15:00:21,80) [kmpath_rdacd]
(root,0,0,00:00:00/226-15:00:21,81) [kaluad]
(root,0,0,00:00:00/226-15:00:21,82) [kpsmoused]
(root,0,0,00:00:00/226-15:00:21,84) [ipv6_addrconf]
(root,0,0,00:00:00/226-15:00:21,97) [deferwq]
(root,0,0,00:11:07/226-15:00:20,144) [kauditd]
(root,0,0,00:00:00/226-15:00:20,368) [ata_sff]
(root,0,0,00:00:00/226-15:00:20,404) [scsi_eh_0]
(root,0,0,00:00:00/226-15:00:20,405) [scsi_tmf_0]
(root,0,0,00:00:00/226-15:00:20,406) [scsi_eh_1]
(root,0,0,00:00:00/226-15:00:20,407) [scsi_tmf_1]
(root,0,0,00:00:00/226-15:00:20,408) [scsi_eh_2]
(root,0,0,00:00:00/226-15:00:20,409) [scsi_tmf_2]
(root,0,0,00:00:00/226-15:00:20,410) [scsi_eh_3]
(root,0,0,00:00:00/226-15:00:20,411) [scsi_tmf_3]
(root,0,0,00:00:00/226-15:00:20,412) [scsi_eh_4]
(root,0,0,00:00:00/226-15:00:20,413) [scsi_tmf_4]
(root,0,0,00:00:00/226-15:00:20,414) [scsi_eh_5]
(root,0,0,00:00:00/226-15:00:20,415) [scsi_tmf_5]
(root,0,0,00:00:00/226-15:00:18,488) [kdmflush]
(root,0,0,00:00:00/226-15:00:18,489) [bioset]
(root,0,0,00:00:09/226-15:00:18,506) [kworker/0:1H]
(root,0,0,00:38:09/226-15:00:18,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/226-15:00:18,514) [ext4-rsv-conver]
(root,162268,94968,02:45:58/226-15:00:16,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:00/01:59:20,609) [kworker/3:0]
(root,0,0,00:00:01/226-15:00:16,627) [kworker/4:1H]
(root,0,0,00:00:03/226-15:00:15,629) [kworker/1:1H]
(root,198572,892,00:00:00/226-15:00:15,633) /usr/sbin/lvmetad -f
(root,46060,968,00:00:00/226-15:00:15,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:01/226-15:00:14,644) [kworker/2:1H]
(root,0,0,00:14:45/226-15:00:14,645) [kworker/7:1H]
(root,0,0,00:00:01/226-15:00:13,687) [kworker/5:1H]
(root,0,0,00:00:00/226-15:00:13,688) [irq/125-mei_me]
(root,0,0,00:00:00/226-15:00:13,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/226-15:00:11,714) [jbd2/sda2-8]
(root,0,0,00:00:00/226-15:00:11,715) [ext4-rsv-conver]
(root,0,0,00:01:58/226-15:00:10,719) [jbd2/sda3-8]
(root,0,0,00:00:00/226-15:00:10,720) [ext4-rsv-conver]
(root,0,0,00:06:15/226-15:00:10,724) [jbd2/sdb-8]
(root,0,0,00:00:00/226-15:00:10,725) [ext4-rsv-conver]
(root,0,0,00:00:01/226-15:00:08,740) [kworker/6:1H]
(root,57704,724,00:24:07/226-14:59:58,748) /sbin/auditd
(dbus,58232,1920,00:51:40/226-14:59:57,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,2332,00:25:56/226-14:59:56,788) /usr/lib/systemd/systemd-logind
(root,228888,8708,00:08:26/226-14:59:56,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5732,01:08:30/226-14:59:56,794) /usr/sbin/nscd
(root,52900,1924,00:00:12/226-14:59:56,848) /usr/sbin/smartd -n -q never
(root,21540,1056,00:50:56/226-14:59:56,849) /usr/sbin/irqbalance --foreground
(root,24208,608,00:00:00/226-14:59:56,862) /usr/sbin/atd -f
(root,124504,1372,00:04:30/226-14:59:56,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/226-14:59:56,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/226-14:59:56,869) [kworker/3:1H]
(chrony,97380,1528,00:01:20/226-14:59:56,888) /usr/sbin/chronyd
(root,113472,3152,00:21:23/226-14:59:47,1226) /usr/sbin/sshd -D
(cpanelconnecttrack,9820,3160,1-01:26:48/226-14:59:47,1235) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,1084876,16524,01:27:10/226-14:59:47,1237) /usr/sbin/rsyslogd -n
(root,27380,840,00:02:38/226-14:59:47,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,38820,01:16:10/226-14:59:46,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4200,00:09:59/226-14:59:43,1820) dnsadmin - dormant mode
(root,213976,24240,02:12:24/226-14:59:43,1825) tailwatchd
(root,183604,6556,00:08:52/226-14:59:43,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,130156,2268,00:01:12/226-14:59:43,1863) cpanellogd - sleeping for logs
(root,0,0,00:00:00/01:49:20,2136) [kworker/5:2]
(root,235468,14364,00:27:13/189-03:46:42,2481) /usr/sbin/httpd -k start
(mysql,4494004,899660,13:07:53/226-14:59:21,3134) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,12728,1340,00:00:06/6-07:57:01,3688) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12732,1352,00:00:06/6-07:57:01,3689) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235468,3912,00:00:00/6-07:57:01,3690) /usr/sbin/httpd -k start
(root,53088,11764,00:00:00/6-07:57:01,3691) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,4496244,31772,00:01:11/6-07:57:01,3692) /usr/sbin/httpd -k start
(nobody,3160900,28968,00:01:11/6-07:57:01,3693) /usr/sbin/httpd -k start
(dovenull,52168,8000,00:03:31/6-07:57:01,3799) dovecot/pop3-login
(dovenull,55812,11348,00:01:30/6-07:57:01,3800) dovecot/imap-login
(root,10404,1488,00:00:56/6-07:57:01,3801) dovecot/log
(dovenull,50648,6348,00:00:26/6-07:57:01,3802) dovecot/pop3-login
(dovenull,51156,6812,00:00:28/6-07:57:01,3803) dovecot/imap-login
(root,15896,3488,00:01:16/6-07:57:01,3804) dovecot/config
(dovecot,50308,3660,00:01:04/6-07:57:01,3805) dovecot/stats
(dovecot,74288,5896,00:06:23/6-07:57:01,3806) dovecot/auth
(nobody,3160900,28468,00:01:10/6-07:57:00,3808) /usr/sbin/httpd -k start
(nobody,3160900,29256,00:01:10/6-07:57:00,3809) /usr/sbin/httpd -k start
(dovecot,10412,1508,00:00:12/6-07:56:24,4010) dovecot/imap-hibernate
(root,242860,88536,00:00:11/22:54:46,5628) spamd child
(root,292800,5160,00:00:24/5-21:04:47,6491) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,23728,00:00:07/5-21:04:46,6517) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404396,48104,00:05:25/5-21:04:42,6604) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387868,32888,00:00:07/5-21:04:42,6608) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,0,0,00:00:00/01:11:20,7745) [kworker/2:1]
(root,0,0,00:00:00/01:09:20,8080) [kworker/4:1]
(root,189788,12512,00:21:03/201-15:26:37,8719) cPhulkd - processor
(root,0,0,00:00:00/01:04:20,8816) [kworker/1:1]
(root,0,0,00:00:00/15:23:28,9372) [kworker/3:2]
(root,0,0,00:00:00/15:20:04,9765) [kworker/5:0]
(root,0,0,00:00:00/15:19:12,9886) [kworker/1:2]
(root,0,0,00:00:00/49:34,10794) [kworker/7:1]
(root,3108,36,00:01:55/226-10:57:24,12075) /usr/bin/RCdaemon
(root,0,0,00:00:00/29:20,14002) [kworker/0:2]
(root,151600,10384,00:00:30/5-14:24:04,14021) cPhulkd - dbprocessor
(root,0,0,00:00:00/27:04,14245) [kworker/u16:2]
(root,0,0,00:00:00/21:04,15079) [kworker/u16:0]
(scliegyp,39008,4188,00:00:00/17:23,15675) dovecot/imap
(root,0,0,00:00:00/09:11,16812) [kworker/7:0]
(root,0,0,00:00:00/04:20,17497) [kworker/0:0]
(root,0,0,00:00:00/04:00,17505) [kworker/7:2]
(root,72960,4268,00:00:00/02:17,17783) dovecot/auth -w
(scliegyp,31864,3652,00:00:00/02:17,17785) dovecot/pop3
(scliegyp,39544,4716,00:00:00/01:58,17787) dovecot/imap
(scliegyp,38596,3840,00:00:00/01:25,17878) dovecot/imap
(scliegyp,31444,3396,00:00:00/00:46,17965) dovecot/pop3
(root,0,0,00:00:00/00:21,17984) [cpsrvd (SSL) - ] <defunct>
(root,113500,1620,00:00:00/00:00,18135) /bin/bash /usr/bin/check_mk_agent
(root,49820,1564,00:00:00/00:00,18153) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,18154) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(polkitd,610664,3140,00:18:34/226-14:02:15,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763176,27568,01:46:30/226-14:02:13,19737) /usr/sbin/named -u named -c /etc/named.conf
(nobody,3095364,28224,00:00:53/5-11:18:59,19787) /usr/sbin/httpd -k start
(root,0,0,00:00:01/06:49:21,21610) [kworker/0:1]
(root,231088,13268,00:33:45/184-00:40:54,25777) cpsrvd (SSL) - waiting for connections                   
(root,234892,78268,00:00:00/06:18:31,26313) spamd child
(root,0,0,00:00:00/09:49:34,27141) [kworker/2:2]
(root,2494052,1619420,04:55:33/222-19:02:31,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,0,0,00:00:00/06:09:17,27684) [kworker/6:2]
(root,33404,3084,00:00:59/189-04:15:51,29439) /sbin/rsyslogd
(mailnull,89192,13184,00:12:03/189-04:15:51,29453) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51576,2276,00:49:41/189-04:15:47,29530) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1192,00:18:21/189-04:15:47,29536) dovecot/anvil
(root,0,0,00:00:00/02:19:21,30091) [kworker/6:1]
(root,0,0,00:00:00/02:02:07,32694) [kworker/4:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-07-27 23:39

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb102e1ef808

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4100,02:02:21/224-15:07:59,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:04/224-15:07:59,2) [kthreadd]
(root,0,0,00:00:00/224-15:07:59,4) [kworker/0:0H]
(root,0,0,00:29:43/224-15:07:59,6) [ksoftirqd/0]
(root,0,0,00:00:01/224-15:07:59,7) [migration/0]
(root,0,0,00:00:00/224-15:07:59,8) [rcu_bh]
(root,0,0,03:21:27/224-15:07:59,9) [rcu_sched]
(root,0,0,00:00:00/224-15:07:59,10) [lru-add-drain]
(root,0,0,00:01:48/224-15:07:59,11) [watchdog/0]
(root,0,0,00:01:27/224-15:07:59,12) [watchdog/1]
(root,0,0,00:00:01/224-15:07:59,13) [migration/1]
(root,0,0,00:00:09/224-15:07:59,14) [ksoftirqd/1]
(root,0,0,00:00:00/224-15:07:59,16) [kworker/1:0H]
(root,0,0,00:01:27/224-15:07:59,17) [watchdog/2]
(root,0,0,00:00:01/224-15:07:59,18) [migration/2]
(root,0,0,00:00:08/224-15:07:59,19) [ksoftirqd/2]
(root,0,0,00:00:00/224-15:07:59,21) [kworker/2:0H]
(root,0,0,00:01:29/224-15:07:59,22) [watchdog/3]
(root,0,0,00:00:01/224-15:07:59,23) [migration/3]
(root,0,0,00:00:08/224-15:07:59,24) [ksoftirqd/3]
(root,0,0,00:00:00/224-15:07:59,26) [kworker/3:0H]
(root,0,0,00:01:27/224-15:07:59,27) [watchdog/4]
(root,0,0,00:00:51/224-15:07:59,28) [migration/4]
(root,0,0,00:00:14/224-15:07:59,29) [ksoftirqd/4]
(root,0,0,00:00:00/224-15:07:59,31) [kworker/4:0H]
(root,0,0,00:01:22/224-15:07:59,32) [watchdog/5]
(root,0,0,00:01:08/224-15:07:59,33) [migration/5]
(root,0,0,00:00:20/224-15:07:59,34) [ksoftirqd/5]
(root,0,0,00:00:00/224-15:07:59,36) [kworker/5:0H]
(root,0,0,00:01:22/224-15:07:59,37) [watchdog/6]
(root,0,0,00:00:50/224-15:07:59,38) [migration/6]
(root,0,0,00:00:21/224-15:07:59,39) [ksoftirqd/6]
(root,0,0,00:00:00/224-15:07:59,41) [kworker/6:0H]
(root,0,0,00:01:27/224-15:07:59,42) [watchdog/7]
(root,0,0,00:00:47/224-15:07:59,43) [migration/7]
(root,0,0,00:07:08/224-15:07:59,44) [ksoftirqd/7]
(root,0,0,00:00:00/224-15:07:59,46) [kworker/7:0H]
(root,0,0,00:00:00/224-15:07:59,48) [kdevtmpfs]
(root,0,0,00:00:00/224-15:07:59,49) [netns]
(root,0,0,00:00:16/224-15:07:59,50) [khungtaskd]
(root,0,0,00:00:00/224-15:07:59,51) [writeback]
(root,0,0,00:00:00/224-15:07:59,52) [kintegrityd]
(root,0,0,00:00:00/224-15:07:59,53) [bioset]
(root,0,0,00:00:00/224-15:07:59,54) [bioset]
(root,0,0,00:00:00/224-15:07:59,55) [bioset]
(root,0,0,00:00:00/224-15:07:59,56) [kblockd]
(root,0,0,00:00:00/224-15:07:59,57) [md]
(root,0,0,00:00:00/224-15:07:59,58) [edac-poller]
(root,0,0,00:00:00/224-15:07:59,59) [watchdogd]
(root,0,0,00:24:21/224-15:07:59,66) [kswapd0]
(root,0,0,00:00:00/224-15:07:59,67) [ksmd]
(root,0,0,00:01:26/224-15:07:59,68) [khugepaged]
(root,0,0,00:00:00/224-15:07:59,69) [crypto]
(root,0,0,00:00:00/224-15:07:59,77) [kthrotld]
(root,0,0,00:00:00/224-15:07:59,80) [kmpath_rdacd]
(root,0,0,00:00:00/224-15:07:59,81) [kaluad]
(root,0,0,00:00:00/224-15:07:59,82) [kpsmoused]
(root,0,0,00:00:00/224-15:07:59,84) [ipv6_addrconf]
(root,0,0,00:00:00/224-15:07:59,97) [deferwq]
(root,0,0,00:11:04/224-15:07:58,144) [kauditd]
(root,0,0,00:00:00/224-15:07:58,368) [ata_sff]
(root,0,0,00:00:00/224-15:07:58,404) [scsi_eh_0]
(root,0,0,00:00:00/224-15:07:58,405) [scsi_tmf_0]
(root,0,0,00:00:00/224-15:07:58,406) [scsi_eh_1]
(root,0,0,00:00:00/224-15:07:58,407) [scsi_tmf_1]
(root,0,0,00:00:00/224-15:07:58,408) [scsi_eh_2]
(root,0,0,00:00:00/224-15:07:58,409) [scsi_tmf_2]
(root,0,0,00:00:00/224-15:07:58,410) [scsi_eh_3]
(root,0,0,00:00:00/224-15:07:58,411) [scsi_tmf_3]
(root,0,0,00:00:00/224-15:07:58,412) [scsi_eh_4]
(root,0,0,00:00:00/224-15:07:58,413) [scsi_tmf_4]
(root,0,0,00:00:00/224-15:07:58,414) [scsi_eh_5]
(root,0,0,00:00:00/224-15:07:58,415) [scsi_tmf_5]
(root,0,0,00:00:00/224-15:07:56,488) [kdmflush]
(root,0,0,00:00:00/224-15:07:56,489) [bioset]
(root,0,0,00:00:09/224-15:07:56,506) [kworker/0:1H]
(root,0,0,00:37:54/224-15:07:56,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/224-15:07:56,514) [ext4-rsv-conver]
(root,158276,95960,02:45:06/224-15:07:54,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:01/224-15:07:54,627) [kworker/4:1H]
(root,0,0,00:00:03/224-15:07:53,629) [kworker/1:1H]
(root,198572,892,00:00:00/224-15:07:53,633) /usr/sbin/lvmetad -f
(root,46060,968,00:00:00/224-15:07:53,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:01/224-15:07:52,644) [kworker/2:1H]
(root,0,0,00:14:38/224-15:07:52,645) [kworker/7:1H]
(root,0,0,00:00:01/224-15:07:51,687) [kworker/5:1H]
(root,0,0,00:00:00/224-15:07:51,688) [irq/125-mei_me]
(root,0,0,00:00:00/224-15:07:51,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/224-15:07:49,714) [jbd2/sda2-8]
(root,0,0,00:00:00/224-15:07:49,715) [ext4-rsv-conver]
(root,0,0,00:01:57/224-15:07:48,719) [jbd2/sda3-8]
(root,0,0,00:00:00/224-15:07:48,720) [ext4-rsv-conver]
(root,0,0,00:06:10/224-15:07:48,724) [jbd2/sdb-8]
(root,0,0,00:00:00/224-15:07:48,725) [ext4-rsv-conver]
(root,0,0,00:00:01/224-15:07:46,740) [kworker/6:1H]
(root,57704,724,00:23:59/224-15:07:36,748) /sbin/auditd
(dbus,58232,1912,00:51:14/224-15:07:35,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,2328,00:25:43/224-15:07:34,788) /usr/lib/systemd/systemd-logind
(root,228888,8708,00:08:21/224-15:07:34,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5724,01:08:03/224-15:07:34,794) /usr/sbin/nscd
(root,52900,1924,00:00:12/224-15:07:34,848) /usr/sbin/smartd -n -q never
(root,21540,1056,00:50:29/224-15:07:34,849) /usr/sbin/irqbalance --foreground
(root,24208,608,00:00:00/224-15:07:34,862) /usr/sbin/atd -f
(root,124504,1364,00:04:28/224-15:07:34,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/224-15:07:34,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/224-15:07:34,869) [kworker/3:1H]
(chrony,97380,1528,00:01:19/224-15:07:34,888) /usr/sbin/chronyd
(root,113472,3152,00:21:17/224-15:07:25,1226) /usr/sbin/sshd -D
(cpanelconnecttrack,9820,3160,1-01:14:02/224-15:07:25,1235) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,1068492,15120,01:26:37/224-15:07:25,1237) /usr/sbin/rsyslogd -n
(root,27380,840,00:02:36/224-15:07:25,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,38788,01:15:30/224-15:07:24,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4192,00:09:54/224-15:07:21,1820) dnsadmin - dormant mode
(root,213976,24228,02:11:52/224-15:07:21,1825) tailwatchd
(root,183604,6560,00:08:47/224-15:07:21,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,130156,2268,00:01:11/224-15:07:21,1863) cpanellogd - sleeping for logs
(root,0,0,00:00:00/46:43,1912) [kworker/u16:0]
(root,235468,14368,00:26:56/187-03:54:20,2481) /usr/sbin/httpd -k start
(root,0,0,00:00:02/15:06:59,2865) [kworker/0:2]
(mysql,4494004,893268,13:00:43/224-15:06:59,3134) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,0,0,00:00:00/36:59,3221) [kworker/2:0]
(scliegyp,38432,3600,00:00:00/34:15,3675) dovecot/imap
(root,12732,1340,00:00:04/4-08:04:39,3688) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12740,1352,00:00:04/4-08:04:39,3689) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235468,3920,00:00:00/4-08:04:39,3690) /usr/sbin/httpd -k start
(root,53088,11764,00:00:00/4-08:04:39,3691) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,4496244,30956,00:00:53/4-08:04:39,3692) /usr/sbin/httpd -k start
(nobody,3160900,27652,00:00:52/4-08:04:39,3693) /usr/sbin/httpd -k start
(dovenull,52384,8124,00:02:47/4-08:04:39,3799) dovecot/pop3-login
(dovenull,55832,11328,00:01:07/4-08:04:39,3800) dovecot/imap-login
(root,10404,1488,00:00:46/4-08:04:39,3801) dovecot/log
(dovenull,50648,6348,00:00:22/4-08:04:39,3802) dovecot/pop3-login
(dovenull,51156,6812,00:00:22/4-08:04:39,3803) dovecot/imap-login
(root,15896,3488,00:01:04/4-08:04:39,3804) dovecot/config
(dovecot,50308,3660,00:00:51/4-08:04:39,3805) dovecot/stats
(dovecot,74288,5896,00:05:11/4-08:04:39,3806) dovecot/auth
(nobody,3095364,28712,00:00:52/4-08:04:38,3808) /usr/sbin/httpd -k start
(nobody,3160900,27376,00:00:53/4-08:04:38,3809) /usr/sbin/httpd -k start
(dovecot,10412,1508,00:00:08/4-08:04:02,4010) dovecot/imap-hibernate
(root,0,0,00:00:00/31:56,4244) [kworker/1:2]
(scliegyp,39544,4716,00:00:00/30:19,4553) dovecot/imap
(root,0,0,00:00:00/26:59,4937) [kworker/0:0]
(root,0,0,00:00:00/24:00,5429) [kworker/2:2]
(root,0,0,00:00:00/03:57:15,5660) [kworker/4:0]
(root,237736,82576,00:00:08/03:55:12,6009) spamd child
(root,292800,5160,00:00:15/3-21:12:25,6491) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,23728,00:00:04/3-21:12:24,6517) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404396,48104,00:03:34/3-21:12:20,6604) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387868,32888,00:00:05/3-21:12:20,6608) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,0,0,00:00:00/16:59,6696) [kworker/6:2]
(scliegyp,38432,3596,00:00:00/12:39,7322) dovecot/imap
(root,0,0,00:00:00/11:59,7503) [kworker/7:0]
(scliegyp,31780,3552,00:00:00/07:17,8082) dovecot/pop3
(root,0,0,00:00:00/06:59,8139) [kworker/5:2]
(root,0,0,00:00:00/06:13,8269) [kworker/7:2]
(root,189788,12512,00:20:50/199-15:34:15,8719) cPhulkd - processor
(root,0,0,00:00:00/01:59,8884) [kworker/2:1]
(root,0,0,00:00:00/00:56,8991) [kworker/7:1]
(root,62912,4496,00:00:00/00:28,9048) dovecot/lmtp
(root,0,0,00:00:00/00:27,9070) [whostmgrd - ser] <defunct>
(root,113500,1616,00:00:00/00:00,9203) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,9221) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,9222) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,3108,36,00:01:54/224-11:05:02,12075) /usr/bin/RCdaemon
(root,151536,10300,00:00:16/3-14:31:42,14021) cPhulkd - dbprocessor
(root,0,0,00:00:00/02:45:59,16420) [kworker/6:1]
(root,0,0,00:00:00/16:57:14,19416) [kworker/3:1]
(polkitd,610664,2964,00:18:25/224-14:09:53,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763176,27568,01:45:42/224-14:09:51,19737) /usr/sbin/named -u named -c /etc/named.conf
(nobody,3095364,26288,00:00:34/3-11:26:37,19787) /usr/sbin/httpd -k start
(root,235808,79208,00:00:02/09:29:00,21328) spamd child
(root,0,0,00:00:00/02:05:52,22685) [kworker/5:0]
(root,231088,13268,00:33:33/182-00:48:32,25777) cpsrvd (SSL) - waiting for connections                   
(root,0,0,00:00:00/05:16:59,26372) [kworker/4:2]
(root,2493804,1598612,04:53:41/220-19:10:09,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,0,0,00:00:00/01:25:37,28390) [kworker/u16:1]
(root,33404,3084,00:00:59/187-04:23:29,29439) /sbin/rsyslogd
(mailnull,89192,13184,00:11:59/187-04:23:29,29453) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51576,2276,00:49:20/187-04:23:25,29530) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1192,00:18:14/187-04:23:25,29536) dovecot/anvil
(root,0,0,00:00:00/01:06:59,31157) [kworker/3:2]
(root,0,0,00:00:00/57:15,32561) [kworker/1:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-07-25 23:47

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10e1cc6ab7

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4108,02:01:18/222-14:33:15,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:04/222-14:33:15,2) [kthreadd]
(root,0,0,00:00:00/222-14:33:15,4) [kworker/0:0H]
(root,0,0,00:29:32/222-14:33:15,6) [ksoftirqd/0]
(root,0,0,00:00:01/222-14:33:15,7) [migration/0]
(root,0,0,00:00:00/222-14:33:15,8) [rcu_bh]
(root,0,0,03:19:50/222-14:33:15,9) [rcu_sched]
(root,0,0,00:00:00/222-14:33:15,10) [lru-add-drain]
(root,0,0,00:01:48/222-14:33:15,11) [watchdog/0]
(root,0,0,00:01:26/222-14:33:15,12) [watchdog/1]
(root,0,0,00:00:01/222-14:33:15,13) [migration/1]
(root,0,0,00:00:09/222-14:33:15,14) [ksoftirqd/1]
(root,0,0,00:00:00/222-14:33:15,16) [kworker/1:0H]
(root,0,0,00:01:27/222-14:33:15,17) [watchdog/2]
(root,0,0,00:00:01/222-14:33:15,18) [migration/2]
(root,0,0,00:00:08/222-14:33:15,19) [ksoftirqd/2]
(root,0,0,00:00:00/222-14:33:15,21) [kworker/2:0H]
(root,0,0,00:01:28/222-14:33:15,22) [watchdog/3]
(root,0,0,00:00:01/222-14:33:15,23) [migration/3]
(root,0,0,00:00:08/222-14:33:15,24) [ksoftirqd/3]
(root,0,0,00:00:00/222-14:33:15,26) [kworker/3:0H]
(root,0,0,00:01:26/222-14:33:15,27) [watchdog/4]
(root,0,0,00:00:51/222-14:33:15,28) [migration/4]
(root,0,0,00:00:14/222-14:33:15,29) [ksoftirqd/4]
(root,0,0,00:00:00/222-14:33:15,31) [kworker/4:0H]
(root,0,0,00:01:22/222-14:33:15,32) [watchdog/5]
(root,0,0,00:01:07/222-14:33:15,33) [migration/5]
(root,0,0,00:00:19/222-14:33:15,34) [ksoftirqd/5]
(root,0,0,00:00:00/222-14:33:15,36) [kworker/5:0H]
(root,0,0,00:01:22/222-14:33:15,37) [watchdog/6]
(root,0,0,00:00:50/222-14:33:15,38) [migration/6]
(root,0,0,00:00:21/222-14:33:15,39) [ksoftirqd/6]
(root,0,0,00:00:00/222-14:33:15,41) [kworker/6:0H]
(root,0,0,00:01:27/222-14:33:15,42) [watchdog/7]
(root,0,0,00:00:46/222-14:33:15,43) [migration/7]
(root,0,0,00:07:04/222-14:33:15,44) [ksoftirqd/7]
(root,0,0,00:00:00/222-14:33:15,46) [kworker/7:0H]
(root,0,0,00:00:00/222-14:33:15,48) [kdevtmpfs]
(root,0,0,00:00:00/222-14:33:15,49) [netns]
(root,0,0,00:00:16/222-14:33:15,50) [khungtaskd]
(root,0,0,00:00:00/222-14:33:15,51) [writeback]
(root,0,0,00:00:00/222-14:33:15,52) [kintegrityd]
(root,0,0,00:00:00/222-14:33:15,53) [bioset]
(root,0,0,00:00:00/222-14:33:15,54) [bioset]
(root,0,0,00:00:00/222-14:33:15,55) [bioset]
(root,0,0,00:00:00/222-14:33:15,56) [kblockd]
(root,0,0,00:00:00/222-14:33:15,57) [md]
(root,0,0,00:00:00/222-14:33:15,58) [edac-poller]
(root,0,0,00:00:00/222-14:33:15,59) [watchdogd]
(root,0,0,00:24:00/222-14:33:15,66) [kswapd0]
(root,0,0,00:00:00/222-14:33:15,67) [ksmd]
(root,0,0,00:01:26/222-14:33:15,68) [khugepaged]
(root,0,0,00:00:00/222-14:33:15,69) [crypto]
(root,0,0,00:00:00/222-14:33:15,77) [kthrotld]
(root,0,0,00:00:00/222-14:33:15,80) [kmpath_rdacd]
(root,0,0,00:00:00/222-14:33:15,81) [kaluad]
(root,0,0,00:00:00/222-14:33:15,82) [kpsmoused]
(root,0,0,00:00:00/222-14:33:15,84) [ipv6_addrconf]
(root,0,0,00:00:00/222-14:33:15,97) [deferwq]
(root,0,0,00:11:00/222-14:33:14,144) [kauditd]
(root,0,0,00:00:00/222-14:33:14,368) [ata_sff]
(root,0,0,00:00:00/222-14:33:14,404) [scsi_eh_0]
(root,0,0,00:00:00/222-14:33:14,405) [scsi_tmf_0]
(root,0,0,00:00:00/222-14:33:14,406) [scsi_eh_1]
(root,0,0,00:00:00/222-14:33:14,407) [scsi_tmf_1]
(root,0,0,00:00:00/222-14:33:14,408) [scsi_eh_2]
(root,0,0,00:00:00/222-14:33:14,409) [scsi_tmf_2]
(root,0,0,00:00:00/222-14:33:14,410) [scsi_eh_3]
(root,0,0,00:00:00/222-14:33:14,411) [scsi_tmf_3]
(root,0,0,00:00:00/222-14:33:14,412) [scsi_eh_4]
(root,0,0,00:00:00/222-14:33:14,413) [scsi_tmf_4]
(root,0,0,00:00:00/222-14:33:14,414) [scsi_eh_5]
(root,0,0,00:00:00/222-14:33:14,415) [scsi_tmf_5]
(root,0,0,00:00:00/222-14:33:12,488) [kdmflush]
(root,0,0,00:00:00/222-14:33:12,489) [bioset]
(root,0,0,00:00:08/222-14:33:12,506) [kworker/0:1H]
(root,0,0,00:37:38/222-14:33:12,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/222-14:33:12,514) [ext4-rsv-conver]
(root,129220,64904,02:43:55/222-14:33:10,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:01/222-14:33:10,627) [kworker/4:1H]
(root,0,0,00:00:03/222-14:33:09,629) [kworker/1:1H]
(root,198572,892,00:00:00/222-14:33:09,633) /usr/sbin/lvmetad -f
(root,46060,968,00:00:00/222-14:33:09,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:01/222-14:33:08,644) [kworker/2:1H]
(root,0,0,00:14:32/222-14:33:08,645) [kworker/7:1H]
(root,0,0,00:00:01/222-14:33:07,687) [kworker/5:1H]
(root,0,0,00:00:00/222-14:33:07,688) [irq/125-mei_me]
(root,0,0,00:00:00/222-14:33:07,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/222-14:33:05,714) [jbd2/sda2-8]
(root,0,0,00:00:00/222-14:33:05,715) [ext4-rsv-conver]
(root,0,0,00:01:56/222-14:33:04,719) [jbd2/sda3-8]
(root,0,0,00:00:00/222-14:33:04,720) [ext4-rsv-conver]
(root,0,0,00:06:07/222-14:33:04,724) [jbd2/sdb-8]
(root,0,0,00:00:00/222-14:33:04,725) [ext4-rsv-conver]
(root,0,0,00:00:01/222-14:33:02,740) [kworker/6:1H]
(root,57704,724,00:23:51/222-14:32:52,748) /sbin/auditd
(dbus,58232,1920,00:50:47/222-14:32:51,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,2332,00:25:30/222-14:32:50,788) /usr/lib/systemd/systemd-logind
(root,228888,8696,00:08:15/222-14:32:50,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5728,01:07:33/222-14:32:50,794) /usr/sbin/nscd
(root,52900,1924,00:00:12/222-14:32:50,848) /usr/sbin/smartd -n -q never
(root,21540,1056,00:50:02/222-14:32:50,849) /usr/sbin/irqbalance --foreground
(root,24208,608,00:00:00/222-14:32:50,862) /usr/sbin/atd -f
(root,124504,1364,00:04:25/222-14:32:50,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/222-14:32:50,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/222-14:32:50,869) [kworker/3:1H]
(chrony,97380,1528,00:01:18/222-14:32:50,888) /usr/sbin/chronyd
(root,113472,3152,00:21:10/222-14:32:41,1226) /usr/sbin/sshd -D
(cpanelconnecttrack,9820,3160,1-01:00:50/222-14:32:41,1235) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,1076684,17840,01:25:57/222-14:32:41,1237) /usr/sbin/rsyslogd -n
(root,27380,840,00:02:35/222-14:32:41,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,38736,01:14:49/222-14:32:40,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4204,00:09:49/222-14:32:37,1820) dnsadmin - dormant mode
(root,213976,24216,02:11:00/222-14:32:37,1825) tailwatchd
(root,183604,6560,00:08:42/222-14:32:37,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,130156,2268,00:01:11/222-14:32:37,1863) cpanellogd - sleeping for logs
(root,0,0,00:00:00/19:43:03,2221) [kworker/5:1]
(scliegyp,38432,3596,00:00:00/25:05,2355) dovecot/imap
(root,235468,15212,00:26:38/185-03:19:36,2481) /usr/sbin/httpd -k start
(root,0,0,00:00:00/22:16,2873) [kworker/2:0]
(root,0,0,00:00:00/10:52:16,3022) [kworker/3:0]
(mysql,4494004,893444,12:54:08/222-14:32:15,3134) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(scliegyp,38288,3600,00:00:00/18:37,3329) dovecot/imap
(root,12732,1360,00:00:02/2-07:29:55,3688) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12740,1364,00:00:02/2-07:29:55,3689) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235468,3952,00:00:00/2-07:29:55,3690) /usr/sbin/httpd -k start
(root,53088,11764,00:00:00/2-07:29:55,3691) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3095364,28984,00:00:34/2-07:29:55,3692) /usr/sbin/httpd -k start
(nobody,3160900,26688,00:00:33/2-07:29:55,3693) /usr/sbin/httpd -k start
(dovenull,52384,7872,00:01:44/2-07:29:55,3799) dovecot/pop3-login
(dovenull,54500,9636,00:00:35/2-07:29:55,3800) dovecot/imap-login
(root,10404,1496,00:00:28/2-07:29:55,3801) dovecot/log
(dovenull,50504,5996,00:00:15/2-07:29:55,3802) dovecot/pop3-login
(dovenull,51156,6556,00:00:13/2-07:29:55,3803) dovecot/imap-login
(root,15896,3564,00:00:40/2-07:29:55,3804) dovecot/config
(dovecot,50176,3700,00:00:31/2-07:29:55,3805) dovecot/stats
(dovecot,74276,5884,00:03:19/2-07:29:55,3806) dovecot/auth
(nobody,3095364,27948,00:00:33/2-07:29:54,3808) /usr/sbin/httpd -k start
(nobody,3095364,27296,00:00:34/2-07:29:54,3809) /usr/sbin/httpd -k start
(dovecot,10412,1520,00:00:04/2-07:29:18,4010) dovecot/imap-hibernate
(root,0,0,00:00:00/13:01,4352) [kworker/7:0]
(root,0,0,00:00:00/12:17,4538) [kworker/3:1]
(root,0,0,00:00:00/12:16,4564) [kworker/0:2]
(scliegyp,38436,3812,00:00:00/12:09,4677) dovecot/imap
(root,235204,79460,00:00:01/10:42:32,5022) spamd child
(root,0,0,00:00:00/08:02,5322) [kworker/u16:2]
(root,0,0,00:00:00/03:37:17,6029) [kworker/6:1]
(root,72960,4264,00:00:00/01:15,6324) dovecot/auth -w
(root,292800,5496,00:00:07/1-20:37:41,6491) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,189788,11108,00:00:00/00:04,6504) cPhulkd - processor - http socket
(root,0,0,00:00:00/00:04,6505) [cpsrvd (SSL) - ] <defunct>
(root,445328,23736,00:00:01/1-20:37:40,6517) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404396,48108,00:01:42/1-20:37:36,6604) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387868,32892,00:00:02/1-20:37:36,6608) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,113500,1616,00:00:00/00:00,6619) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,6637) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,6638) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:01/19:11:17,7912) [kworker/4:0]
(root,0,0,00:00:00/07:02:17,8022) [kworker/5:0]
(root,189788,12552,00:20:37/197-14:59:31,8719) cPhulkd - processor
(root,3108,36,00:01:53/222-10:30:18,12075) /usr/bin/RCdaemon
(root,151536,10296,00:00:06/1-13:56:58,14021) cPhulkd - dbprocessor
(root,0,0,00:00:00/09:47:16,14873) [kworker/1:2]
(root,0,0,00:00:00/02:22:17,17467) [kworker/1:0]
(root,0,0,00:00:00/02:22:12,17503) [kworker/0:1]
(polkitd,610664,3000,00:18:15/222-13:35:09,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763176,27712,01:44:40/222-13:35:07,19737) /usr/sbin/named -u named -c /etc/named.conf
(nobody,3095364,25484,00:00:18/1-10:51:53,19787) /usr/sbin/httpd -k start
(root,0,0,00:00:00/01:45:23,23192) [kworker/u16:1]
(root,0,0,00:00:00/01:43:15,23525) [kworker/7:3]
(root,225548,36812,00:00:00/01:39:42,24091) spamd child
(root,0,0,00:00:00/08:42:13,24986) [kworker/2:1]
(root,231088,13272,00:33:14/180-00:13:48,25777) cpsrvd (SSL) - waiting for connections                   
(root,0,0,00:00:00/01:22:16,26698) [kworker/4:2]
(root,2428176,1594564,04:51:00/218-18:35:25,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,33404,3084,00:00:58/185-03:48:45,29439) /sbin/rsyslogd
(mailnull,89192,13208,00:11:55/185-03:48:45,29453) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51576,2284,00:48:48/185-03:48:41,29530) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1192,00:18:03/185-03:48:41,29536) dovecot/anvil
(root,0,0,00:00:00/1-06:22:33,31167) [kworker/6:2]
(scliegyp,38432,3596,00:00:00/42:55,32244) dovecot/imap

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-07-23 23:12

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10b32c4dc4

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4100,02:00:21/220-14:54:54,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:04/220-14:54:54,2) [kthreadd]
(root,0,0,00:00:00/220-14:54:54,4) [kworker/0:0H]
(root,0,0,00:29:11/220-14:54:54,6) [ksoftirqd/0]
(root,0,0,00:00:01/220-14:54:54,7) [migration/0]
(root,0,0,00:00:00/220-14:54:54,8) [rcu_bh]
(root,0,0,03:17:53/220-14:54:54,9) [rcu_sched]
(root,0,0,00:00:00/220-14:54:54,10) [lru-add-drain]
(root,0,0,00:01:47/220-14:54:54,11) [watchdog/0]
(root,0,0,00:01:25/220-14:54:54,12) [watchdog/1]
(root,0,0,00:00:01/220-14:54:54,13) [migration/1]
(root,0,0,00:00:09/220-14:54:54,14) [ksoftirqd/1]
(root,0,0,00:00:00/220-14:54:54,16) [kworker/1:0H]
(root,0,0,00:01:26/220-14:54:54,17) [watchdog/2]
(root,0,0,00:00:01/220-14:54:54,18) [migration/2]
(root,0,0,00:00:08/220-14:54:54,19) [ksoftirqd/2]
(root,0,0,00:00:00/220-14:54:54,21) [kworker/2:0H]
(root,0,0,00:01:27/220-14:54:54,22) [watchdog/3]
(root,0,0,00:00:01/220-14:54:54,23) [migration/3]
(root,0,0,00:00:08/220-14:54:54,24) [ksoftirqd/3]
(root,0,0,00:00:00/220-14:54:54,26) [kworker/3:0H]
(root,0,0,00:01:26/220-14:54:54,27) [watchdog/4]
(root,0,0,00:00:50/220-14:54:54,28) [migration/4]
(root,0,0,00:00:14/220-14:54:54,29) [ksoftirqd/4]
(root,0,0,00:00:00/220-14:54:54,31) [kworker/4:0H]
(root,0,0,00:01:21/220-14:54:54,32) [watchdog/5]
(root,0,0,00:01:07/220-14:54:54,33) [migration/5]
(root,0,0,00:00:19/220-14:54:54,34) [ksoftirqd/5]
(root,0,0,00:00:00/220-14:54:54,36) [kworker/5:0H]
(root,0,0,00:01:21/220-14:54:54,37) [watchdog/6]
(root,0,0,00:00:49/220-14:54:54,38) [migration/6]
(root,0,0,00:00:21/220-14:54:54,39) [ksoftirqd/6]
(root,0,0,00:00:00/220-14:54:54,41) [kworker/6:0H]
(root,0,0,00:01:26/220-14:54:54,42) [watchdog/7]
(root,0,0,00:00:46/220-14:54:54,43) [migration/7]
(root,0,0,00:07:00/220-14:54:54,44) [ksoftirqd/7]
(root,0,0,00:00:00/220-14:54:54,46) [kworker/7:0H]
(root,0,0,00:00:00/220-14:54:54,48) [kdevtmpfs]
(root,0,0,00:00:00/220-14:54:54,49) [netns]
(root,0,0,00:00:16/220-14:54:54,50) [khungtaskd]
(root,0,0,00:00:00/220-14:54:54,51) [writeback]
(root,0,0,00:00:00/220-14:54:54,52) [kintegrityd]
(root,0,0,00:00:00/220-14:54:54,53) [bioset]
(root,0,0,00:00:00/220-14:54:54,54) [bioset]
(root,0,0,00:00:00/220-14:54:54,55) [bioset]
(root,0,0,00:00:00/220-14:54:54,56) [kblockd]
(root,0,0,00:00:00/220-14:54:54,57) [md]
(root,0,0,00:00:00/220-14:54:54,58) [edac-poller]
(root,0,0,00:00:00/220-14:54:54,59) [watchdogd]
(root,0,0,00:23:17/220-14:54:54,66) [kswapd0]
(root,0,0,00:00:00/220-14:54:54,67) [ksmd]
(root,0,0,00:01:25/220-14:54:54,68) [khugepaged]
(root,0,0,00:00:00/220-14:54:54,69) [crypto]
(root,0,0,00:00:00/220-14:54:54,77) [kthrotld]
(root,0,0,00:00:00/220-14:54:54,80) [kmpath_rdacd]
(root,0,0,00:00:00/220-14:54:54,81) [kaluad]
(root,0,0,00:00:00/220-14:54:54,82) [kpsmoused]
(root,0,0,00:00:00/220-14:54:54,84) [ipv6_addrconf]
(root,0,0,00:00:00/220-14:54:54,97) [deferwq]
(root,0,0,00:10:55/220-14:54:53,144) [kauditd]
(root,0,0,00:00:00/220-14:54:53,368) [ata_sff]
(root,0,0,00:00:00/220-14:54:53,404) [scsi_eh_0]
(root,0,0,00:00:00/220-14:54:53,405) [scsi_tmf_0]
(root,0,0,00:00:00/220-14:54:53,406) [scsi_eh_1]
(root,0,0,00:00:00/220-14:54:53,407) [scsi_tmf_1]
(root,0,0,00:00:00/220-14:54:53,408) [scsi_eh_2]
(root,0,0,00:00:00/220-14:54:53,409) [scsi_tmf_2]
(root,0,0,00:00:00/220-14:54:53,410) [scsi_eh_3]
(root,0,0,00:00:00/220-14:54:53,411) [scsi_tmf_3]
(root,0,0,00:00:00/220-14:54:53,412) [scsi_eh_4]
(root,0,0,00:00:00/220-14:54:53,413) [scsi_tmf_4]
(root,0,0,00:00:00/220-14:54:53,414) [scsi_eh_5]
(root,0,0,00:00:00/220-14:54:53,415) [scsi_tmf_5]
(root,0,0,00:00:00/220-14:54:51,488) [kdmflush]
(root,0,0,00:00:00/220-14:54:51,489) [bioset]
(root,0,0,00:00:08/220-14:54:51,506) [kworker/0:1H]
(root,0,0,00:37:14/220-14:54:51,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/220-14:54:51,514) [ext4-rsv-conver]
(root,166496,96136,02:42:18/220-14:54:49,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:01/220-14:54:49,627) [kworker/4:1H]
(root,0,0,00:00:03/220-14:54:48,629) [kworker/1:1H]
(root,198572,892,00:00:00/220-14:54:48,633) /usr/sbin/lvmetad -f
(root,46060,968,00:00:00/220-14:54:48,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:01/220-14:54:47,644) [kworker/2:1H]
(root,0,0,00:14:23/220-14:54:47,645) [kworker/7:1H]
(root,0,0,00:00:01/220-14:54:46,687) [kworker/5:1H]
(root,0,0,00:00:00/220-14:54:46,688) [irq/125-mei_me]
(root,0,0,00:00:00/220-14:54:46,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/220-14:54:44,714) [jbd2/sda2-8]
(root,0,0,00:00:00/220-14:54:44,715) [ext4-rsv-conver]
(root,0,0,00:01:55/220-14:54:43,719) [jbd2/sda3-8]
(root,0,0,00:00:00/220-14:54:43,720) [ext4-rsv-conver]
(root,0,0,00:06:04/220-14:54:43,724) [jbd2/sdb-8]
(root,0,0,00:00:00/220-14:54:43,725) [ext4-rsv-conver]
(root,0,0,00:00:01/220-14:54:41,740) [kworker/6:1H]
(root,57704,724,00:23:41/220-14:54:31,748) /sbin/auditd
(dbus,58232,1920,00:50:25/220-14:54:30,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,2332,00:25:18/220-14:54:29,788) /usr/lib/systemd/systemd-logind
(root,228888,8716,00:08:11/220-14:54:29,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5716,01:06:56/220-14:54:29,794) /usr/sbin/nscd
(root,52900,1924,00:00:12/220-14:54:29,848) /usr/sbin/smartd -n -q never
(root,21540,1056,00:49:35/220-14:54:29,849) /usr/sbin/irqbalance --foreground
(root,24208,608,00:00:00/220-14:54:29,862) /usr/sbin/atd -f
(root,124504,1360,00:04:23/220-14:54:29,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/220-14:54:29,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/220-14:54:29,869) [kworker/3:1H]
(chrony,97380,1528,00:01:17/220-14:54:29,888) /usr/sbin/chronyd
(root,0,0,00:00:00/01:08:17,1068) [kworker/u16:1]
(root,113472,3152,00:21:02/220-14:54:20,1226) /usr/sbin/sshd -D
(cpanelconnecttrack,9820,3164,1-00:47:15/220-14:54:20,1235) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,1068492,14256,01:25:07/220-14:54:20,1237) /usr/sbin/rsyslogd -n
(root,27380,840,00:02:34/220-14:54:20,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,38632,01:14:09/220-14:54:19,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,246928,91344,00:00:09/08:05:35,1463) spamd child
(root,167288,4196,00:09:44/220-14:54:16,1820) dnsadmin - dormant mode
(root,214024,24184,02:09:38/220-14:54:16,1825) tailwatchd
(root,183604,6560,00:08:37/220-14:54:16,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,130156,2268,00:01:10/220-14:54:16,1863) cpanellogd - sleeping for logs
(root,235468,15212,00:26:21/183-03:41:15,2481) /usr/sbin/httpd -k start
(root,0,0,00:00:00/56:56,2595) [kworker/7:0]
(mysql,4494004,896716,12:46:29/220-14:53:54,3134) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,12740,1360,00:00:00/07:51:34,3688) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12748,1364,00:00:00/07:51:34,3689) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235468,3808,00:00:00/07:51:34,3690) /usr/sbin/httpd -k start
(root,53088,11764,00:00:00/07:51:34,3691) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3029828,22820,00:00:05/07:51:34,3692) /usr/sbin/httpd -k start
(nobody,3160900,22340,00:00:06/07:51:34,3693) /usr/sbin/httpd -k start
(root,248220,90832,00:00:01/13:48:43,3704) spamd child
(dovenull,50928,6404,00:00:09/07:51:34,3799) dovecot/pop3-login
(dovenull,52220,7576,00:00:04/07:51:34,3800) dovecot/imap-login
(root,10404,1496,00:00:01/07:51:34,3801) dovecot/log
(dovenull,49576,5104,00:00:00/07:51:34,3802) dovecot/pop3-login
(dovenull,50872,6028,00:00:01/07:51:34,3803) dovecot/imap-login
(root,15896,3564,00:00:02/07:51:34,3804) dovecot/config
(dovecot,50060,3468,00:00:01/07:51:34,3805) dovecot/stats
(dovecot,73320,4924,00:00:09/07:51:34,3806) dovecot/auth
(nobody,3095364,21508,00:00:05/07:51:33,3808) /usr/sbin/httpd -k start
(nobody,3029828,20752,00:00:05/07:51:33,3809) /usr/sbin/httpd -k start
(dovecot,10412,1520,00:00:00/07:50:57,4010) dovecot/imap-hibernate
(root,0,0,00:00:00/48:53,4073) [kworker/5:0]
(root,0,0,00:00:00/43:56,4787) [kworker/3:1]
(root,0,0,00:00:01/2-00:23:55,5426) [kworker/1:2]
(root,0,0,00:00:00/33:56,6209) [kworker/4:2]
(root,0,0,00:00:00/16:08:56,6830) [kworker/2:0]
(scliegyp,38296,3596,00:00:00/30:40,6852) dovecot/imap
(scliegyp,38044,3332,00:00:00/28:01,7311) dovecot/imap
(scliegyp,37752,3072,00:00:00/25:59,7506) dovecot/imap
(root,0,0,00:00:00/23:56,7767) [kworker/2:1]
(root,0,0,00:00:02/10:44:06,7845) [kworker/0:0]
(root,0,0,00:00:00/18:53,8559) [kworker/0:1]
(root,189788,12160,00:20:25/195-15:21:10,8719) cPhulkd - processor
(root,0,0,00:00:00/1-02:08:57,9299) [kworker/5:2]
(scliegyp,37752,3072,00:00:00/12:42,9516) dovecot/imap
(scliegyp,38440,3596,00:00:00/10:54,9701) dovecot/imap
(scliegyp,38072,3072,00:00:00/09:04,9898) dovecot/imap
(scliegyp,33668,4480,00:00:00/08:54,9990) dovecot/pop3
(root,0,0,00:00:00/03:57,10653) [kworker/7:2]
(scliegyp,38268,3596,00:00:00/02:37,10901) dovecot/imap
(scliegyp,32576,4480,00:00:00/01:08,11108) dovecot/pop3
(root,0,0,00:00:00/00:49,11119) [kworker/u16:0]
(root,113500,1624,00:00:00/00:00,11349) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,11367) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,11368) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,3108,36,00:01:52/220-10:51:57,12075) /usr/bin/RCdaemon
(root,0,0,00:00:00/03:17:56,14041) [kworker/4:0]
(root,151552,10324,00:00:20/5-14:48:45,16620) cPhulkd - dbprocessor
(root,0,0,00:00:00/06:23:33,16917) [kworker/1:0]
(root,0,0,00:00:00/02:43:56,18952) [kworker/6:2]
(polkitd,610664,3184,00:18:06/220-13:56:48,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763176,27900,01:43:29/220-13:56:46,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,231088,13268,00:32:49/178-00:35:27,25777) cpsrvd (SSL) - waiting for connections                   
(root,292800,1156,00:02:03/29-20:01:53,26313) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,13604,00:00:41/29-20:01:53,26338) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404388,17644,00:27:33/29-20:01:49,26520) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387868,18036,00:00:38/29-20:01:49,26524) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,2491652,1648624,04:48:00/216-18:57:04,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,33404,3084,00:00:58/183-04:10:24,29439) /sbin/rsyslogd
(mailnull,89192,13208,00:11:50/183-04:10:24,29453) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51576,2284,00:48:02/183-04:10:20,29530) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1192,00:17:45/183-04:10:20,29536) dovecot/anvil
(root,0,0,00:00:00/01:26:13,30955) [kworker/7:1]
(root,0,0,00:00:00/01:24:55,31087) [kworker/u16:2]
(root,0,0,00:00:00/19:59:55,31610) [kworker/6:0]
(root,0,0,00:00:01/1-21:33:54,31741) [kworker/3:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-07-21 23:33

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb103c37ce7f

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4108,01:59:17/218-13:53:16,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:04/218-13:53:16,2) [kthreadd]
(root,0,0,00:00:00/218-13:53:16,4) [kworker/0:0H]
(root,0,0,00:28:58/218-13:53:16,6) [ksoftirqd/0]
(root,0,0,00:00:01/218-13:53:16,7) [migration/0]
(root,0,0,00:00:00/218-13:53:16,8) [rcu_bh]
(root,0,0,03:16:09/218-13:53:16,9) [rcu_sched]
(root,0,0,00:00:00/218-13:53:16,10) [lru-add-drain]
(root,0,0,00:01:46/218-13:53:16,11) [watchdog/0]
(root,0,0,00:01:25/218-13:53:16,12) [watchdog/1]
(root,0,0,00:00:01/218-13:53:16,13) [migration/1]
(root,0,0,00:00:09/218-13:53:16,14) [ksoftirqd/1]
(root,0,0,00:00:00/218-13:53:16,16) [kworker/1:0H]
(root,0,0,00:01:25/218-13:53:16,17) [watchdog/2]
(root,0,0,00:00:01/218-13:53:16,18) [migration/2]
(root,0,0,00:00:08/218-13:53:16,19) [ksoftirqd/2]
(root,0,0,00:00:00/218-13:53:16,21) [kworker/2:0H]
(root,0,0,00:01:27/218-13:53:16,22) [watchdog/3]
(root,0,0,00:00:01/218-13:53:16,23) [migration/3]
(root,0,0,00:00:08/218-13:53:16,24) [ksoftirqd/3]
(root,0,0,00:00:00/218-13:53:16,26) [kworker/3:0H]
(root,0,0,00:01:25/218-13:53:16,27) [watchdog/4]
(root,0,0,00:00:50/218-13:53:16,28) [migration/4]
(root,0,0,00:00:14/218-13:53:16,29) [ksoftirqd/4]
(root,0,0,00:00:00/218-13:53:16,31) [kworker/4:0H]
(root,0,0,00:01:20/218-13:53:16,32) [watchdog/5]
(root,0,0,00:01:06/218-13:53:16,33) [migration/5]
(root,0,0,00:00:19/218-13:53:16,34) [ksoftirqd/5]
(root,0,0,00:00:00/218-13:53:16,36) [kworker/5:0H]
(root,0,0,00:01:20/218-13:53:16,37) [watchdog/6]
(root,0,0,00:00:49/218-13:53:16,38) [migration/6]
(root,0,0,00:00:21/218-13:53:16,39) [ksoftirqd/6]
(root,0,0,00:00:00/218-13:53:16,41) [kworker/6:0H]
(root,0,0,00:01:25/218-13:53:16,42) [watchdog/7]
(root,0,0,00:00:45/218-13:53:16,43) [migration/7]
(root,0,0,00:06:57/218-13:53:16,44) [ksoftirqd/7]
(root,0,0,00:00:00/218-13:53:16,46) [kworker/7:0H]
(root,0,0,00:00:00/218-13:53:16,48) [kdevtmpfs]
(root,0,0,00:00:00/218-13:53:16,49) [netns]
(root,0,0,00:00:16/218-13:53:16,50) [khungtaskd]
(root,0,0,00:00:00/218-13:53:16,51) [writeback]
(root,0,0,00:00:00/218-13:53:16,52) [kintegrityd]
(root,0,0,00:00:00/218-13:53:16,53) [bioset]
(root,0,0,00:00:00/218-13:53:16,54) [bioset]
(root,0,0,00:00:00/218-13:53:16,55) [bioset]
(root,0,0,00:00:00/218-13:53:16,56) [kblockd]
(root,0,0,00:00:00/218-13:53:16,57) [md]
(root,0,0,00:00:00/218-13:53:16,58) [edac-poller]
(root,0,0,00:00:00/218-13:53:16,59) [watchdogd]
(root,0,0,00:22:54/218-13:53:16,66) [kswapd0]
(root,0,0,00:00:00/218-13:53:16,67) [ksmd]
(root,0,0,00:01:25/218-13:53:16,68) [khugepaged]
(root,0,0,00:00:00/218-13:53:16,69) [crypto]
(root,0,0,00:00:00/218-13:53:16,77) [kthrotld]
(root,0,0,00:00:00/218-13:53:16,80) [kmpath_rdacd]
(root,0,0,00:00:00/218-13:53:16,81) [kaluad]
(root,0,0,00:00:00/218-13:53:16,82) [kpsmoused]
(root,0,0,00:00:00/218-13:53:16,84) [ipv6_addrconf]
(root,0,0,00:00:00/218-13:53:16,97) [deferwq]
(root,0,0,00:10:50/218-13:53:15,144) [kauditd]
(root,0,0,00:00:00/218-13:53:15,368) [ata_sff]
(root,0,0,00:00:00/218-13:53:15,404) [scsi_eh_0]
(root,0,0,00:00:00/218-13:53:15,405) [scsi_tmf_0]
(root,0,0,00:00:00/218-13:53:15,406) [scsi_eh_1]
(root,0,0,00:00:00/218-13:53:15,407) [scsi_tmf_1]
(root,0,0,00:00:00/218-13:53:15,408) [scsi_eh_2]
(root,0,0,00:00:00/218-13:53:15,409) [scsi_tmf_2]
(root,0,0,00:00:00/218-13:53:15,410) [scsi_eh_3]
(root,0,0,00:00:00/218-13:53:15,411) [scsi_tmf_3]
(root,0,0,00:00:00/218-13:53:15,412) [scsi_eh_4]
(root,0,0,00:00:00/218-13:53:15,413) [scsi_tmf_4]
(root,0,0,00:00:00/218-13:53:15,414) [scsi_eh_5]
(root,0,0,00:00:00/218-13:53:15,415) [scsi_tmf_5]
(root,0,0,00:00:00/218-13:53:13,488) [kdmflush]
(root,0,0,00:00:00/218-13:53:13,489) [bioset]
(root,0,0,00:00:08/218-13:53:13,506) [kworker/0:1H]
(root,0,0,00:36:55/218-13:53:13,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/218-13:53:13,514) [ext4-rsv-conver]
(root,109088,50652,02:41:04/218-13:53:11,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:01/218-13:53:11,627) [kworker/4:1H]
(root,0,0,00:00:03/218-13:53:10,629) [kworker/1:1H]
(root,198572,892,00:00:00/218-13:53:10,633) /usr/sbin/lvmetad -f
(root,46060,968,00:00:00/218-13:53:10,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:01/218-13:53:09,644) [kworker/2:1H]
(root,0,0,00:14:15/218-13:53:09,645) [kworker/7:1H]
(root,0,0,00:00:01/218-13:53:08,687) [kworker/5:1H]
(root,0,0,00:00:00/218-13:53:08,688) [irq/125-mei_me]
(root,0,0,00:00:00/218-13:53:08,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/218-13:53:06,714) [jbd2/sda2-8]
(root,0,0,00:00:00/218-13:53:06,715) [ext4-rsv-conver]
(root,0,0,00:01:54/218-13:53:05,719) [jbd2/sda3-8]
(root,0,0,00:00:00/218-13:53:05,720) [ext4-rsv-conver]
(root,0,0,00:06:01/218-13:53:05,724) [jbd2/sdb-8]
(root,0,0,00:00:00/218-13:53:05,725) [ext4-rsv-conver]
(root,0,0,00:00:01/218-13:53:03,740) [kworker/6:1H]
(root,57704,724,00:23:30/218-13:52:53,748) /sbin/auditd
(dbus,58232,1912,00:49:58/218-13:52:52,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,2328,00:25:05/218-13:52:51,788) /usr/lib/systemd/systemd-logind
(root,228888,8228,00:08:06/218-13:52:51,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5724,01:06:24/218-13:52:51,794) /usr/sbin/nscd
(root,52900,1924,00:00:11/218-13:52:51,848) /usr/sbin/smartd -n -q never
(root,21540,1056,00:49:08/218-13:52:51,849) /usr/sbin/irqbalance --foreground
(root,24208,608,00:00:00/218-13:52:51,862) /usr/sbin/atd -f
(root,124504,1360,00:04:20/218-13:52:51,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/218-13:52:51,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/218-13:52:51,869) [kworker/3:1H]
(chrony,97380,1528,00:01:15/218-13:52:51,888) /usr/sbin/chronyd
(root,113472,3152,00:20:53/218-13:52:42,1226) /usr/sbin/sshd -D
(cpanelconnecttrack,9820,3164,1-00:33:56/218-13:52:42,1235) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,1068492,12752,01:24:26/218-13:52:42,1237) /usr/sbin/rsyslogd -n
(root,27380,840,00:02:32/218-13:52:42,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,38828,01:13:29/218-13:52:41,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4200,00:09:38/218-13:52:38,1820) dnsadmin - dormant mode
(root,213180,23720,02:08:47/218-13:52:38,1825) tailwatchd
(root,183604,6556,00:08:33/218-13:52:38,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,130156,2268,00:01:09/218-13:52:38,1863) cpanellogd - sleeping for logs
(root,244124,87428,00:00:09/06:52:26,2138) spamd child
(root,235468,12160,00:26:03/181-02:39:37,2481) /usr/sbin/httpd -k start
(mysql,4494004,893704,12:39:17/218-13:52:16,3134) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(nobody,3226436,29236,00:01:17/6-06:08:21,3362) /usr/sbin/httpd -k start
(root,0,0,00:00:00/03:02:20,4404) [kworker/5:0]
(root,0,0,00:00:00/06:31:20,5438) [kworker/5:1]
(root,244584,89004,00:00:15/1-00:25:44,7069) spamd child
(root,0,0,00:00:00/06:20:33,7128) [kworker/u16:1]
(dovecot,10412,1456,00:01:02/38-08:42:05,8170) dovecot/imap-hibernate
(root,189788,12160,00:20:13/193-14:19:32,8719) cPhulkd - processor
(root,0,0,00:00:00/02:27:19,9288) [kworker/6:2]
(dovecot,73456,5048,00:00:24/16:57:59,9737) dovecot/auth
(root,0,0,00:00:01/1-16:12:20,10522) [kworker/3:0]
(root,12732,1236,00:01:02/59-06:50:31,11846) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12736,1252,00:01:00/59-06:50:31,11847) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235468,1896,00:00:00/59-06:50:30,11849) /usr/sbin/httpd -k start
(root,53088,2444,00:00:00/59-06:50:30,11850) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(dovenull,55664,10284,00:39:50/59-06:50:30,12064) dovecot/pop3-login
(dovenull,63944,17548,00:28:38/59-06:50:30,12065) dovecot/imap-login
(root,10644,1440,00:08:33/59-06:50:30,12066) dovecot/log
(dovenull,55424,9784,00:05:21/59-06:50:30,12067) dovecot/pop3-login
(dovenull,54164,8420,00:04:42/59-06:50:30,12068) dovecot/imap-login
(root,15952,2792,00:12:08/59-06:50:30,12069) dovecot/config
(dovecot,50620,3520,00:09:32/59-06:50:30,12070) dovecot/stats
(root,3108,36,00:01:51/218-09:50:19,12075) /usr/bin/RCdaemon
(root,0,0,00:00:00/09:17:20,13454) [kworker/4:1]
(root,0,0,00:00:00/01:52:19,14143) [kworker/1:1]
(root,0,0,00:00:00/01:47:16,14881) [kworker/4:2]
(root,151552,10324,00:00:15/3-13:47:07,16620) cPhulkd - dbprocessor
(root,0,0,00:00:00/08:42:31,18541) [kworker/2:1]
(nobody,3160900,26852,00:00:56/4-12:49:43,18819) /usr/sbin/httpd -k start
(polkitd,610664,3008,00:17:56/218-12:55:10,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763176,26728,01:42:32/218-12:55:08,19737) /usr/sbin/named -u named -c /etc/named.conf
(nobody,3226436,23112,00:00:16/1-18:29:10,20369) /usr/sbin/httpd -k start
(root,0,0,00:00:00/59:59,22364) [kworker/7:3]
(nobody,3226436,27520,00:01:03/4-21:49:09,23784) /usr/sbin/httpd -k start
(root,0,0,00:00:00/44:19,24679) [kworker/2:2]
(scliegyp,39536,4708,00:00:00/38:55,25420) dovecot/imap
(root,0,0,00:00:00/38:16,25514) [kworker/u16:2]
(root,231088,13272,00:32:31/175-23:33:49,25777) cpsrvd (SSL) - waiting for connections                   
(root,292800,1156,00:01:54/27-19:00:15,26313) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,13604,00:00:38/27-19:00:15,26338) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(root,0,0,00:00:00/32:19,26472) [kworker/7:1]
(wp-toolkit,404388,34052,00:25:40/27-19:00:11,26520) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387868,22048,00:00:35/27-19:00:11,26524) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,2491400,1647900,04:45:51/214-17:55:26,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,0,0,00:00:01/07:42:33,27428) [kworker/0:1]
(root,0,0,00:00:00/07:42:19,27571) [kworker/1:0]
(root,0,0,00:00:00/22:20,27815) [kworker/0:0]
(root,33404,3084,00:00:57/181-03:08:46,29439) /sbin/rsyslogd
(mailnull,89188,13184,00:11:46/181-03:08:46,29453) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51576,2108,00:47:33/181-03:08:42,29530) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1192,00:17:35/181-03:08:42,29536) dovecot/anvil
(root,0,0,00:00:00/12:20,29584) [kworker/3:1]
(root,0,0,00:00:00/12:20,29622) [kworker/6:1]
(nobody,3029828,25720,00:00:37/3-06:30:43,30035) /usr/sbin/httpd -k start
(scliegyp,38436,3596,00:00:00/08:51,30127) dovecot/imap
(root,0,0,00:00:00/02:19,31197) [kworker/7:0]
(scliegyp,39952,5708,00:00:00/00:13,31553) dovecot/imap
(root,0,0,00:00:00/00:06,31556) [kworker/u16:0]
(scliegyp,39048,4276,00:00:00/00:06,31557) dovecot/imap
(root,113500,1620,00:00:00/00:00,31584) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,31602) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,944,00:00:00/00:00,31603) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-07-19 22:32

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10bcbfe6c5

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191716,4108,01:57:42/215-13:41:35,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:04/215-13:41:35,2) [kthreadd]
(root,0,0,00:00:00/215-13:41:35,4) [kworker/0:0H]
(root,0,0,00:28:39/215-13:41:35,6) [ksoftirqd/0]
(root,0,0,00:00:01/215-13:41:35,7) [migration/0]
(root,0,0,00:00:00/215-13:41:35,8) [rcu_bh]
(root,0,0,03:13:39/215-13:41:35,9) [rcu_sched]
(root,0,0,00:00:00/215-13:41:35,10) [lru-add-drain]
(root,0,0,00:01:44/215-13:41:35,11) [watchdog/0]
(root,0,0,00:01:23/215-13:41:35,12) [watchdog/1]
(root,0,0,00:00:01/215-13:41:35,13) [migration/1]
(root,0,0,00:00:09/215-13:41:35,14) [ksoftirqd/1]
(root,0,0,00:00:00/215-13:41:35,16) [kworker/1:0H]
(root,0,0,00:01:24/215-13:41:35,17) [watchdog/2]
(root,0,0,00:00:01/215-13:41:35,18) [migration/2]
(root,0,0,00:00:08/215-13:41:35,19) [ksoftirqd/2]
(root,0,0,00:00:00/215-13:41:35,21) [kworker/2:0H]
(root,0,0,00:01:25/215-13:41:35,22) [watchdog/3]
(root,0,0,00:00:01/215-13:41:35,23) [migration/3]
(root,0,0,00:00:08/215-13:41:35,24) [ksoftirqd/3]
(root,0,0,00:00:00/215-13:41:35,26) [kworker/3:0H]
(root,0,0,00:01:24/215-13:41:35,27) [watchdog/4]
(root,0,0,00:00:49/215-13:41:35,28) [migration/4]
(root,0,0,00:00:14/215-13:41:35,29) [ksoftirqd/4]
(root,0,0,00:00:00/215-13:41:35,31) [kworker/4:0H]
(root,0,0,00:01:19/215-13:41:35,32) [watchdog/5]
(root,0,0,00:01:05/215-13:41:35,33) [migration/5]
(root,0,0,00:00:19/215-13:41:35,34) [ksoftirqd/5]
(root,0,0,00:00:00/215-13:41:35,36) [kworker/5:0H]
(root,0,0,00:01:19/215-13:41:35,37) [watchdog/6]
(root,0,0,00:00:48/215-13:41:35,38) [migration/6]
(root,0,0,00:00:20/215-13:41:35,39) [ksoftirqd/6]
(root,0,0,00:00:00/215-13:41:35,41) [kworker/6:0H]
(root,0,0,00:01:24/215-13:41:35,42) [watchdog/7]
(root,0,0,00:00:45/215-13:41:35,43) [migration/7]
(root,0,0,00:06:51/215-13:41:35,44) [ksoftirqd/7]
(root,0,0,00:00:00/215-13:41:35,46) [kworker/7:0H]
(root,0,0,00:00:00/215-13:41:35,48) [kdevtmpfs]
(root,0,0,00:00:00/215-13:41:35,49) [netns]
(root,0,0,00:00:15/215-13:41:35,50) [khungtaskd]
(root,0,0,00:00:00/215-13:41:35,51) [writeback]
(root,0,0,00:00:00/215-13:41:35,52) [kintegrityd]
(root,0,0,00:00:00/215-13:41:35,53) [bioset]
(root,0,0,00:00:00/215-13:41:35,54) [bioset]
(root,0,0,00:00:00/215-13:41:35,55) [bioset]
(root,0,0,00:00:00/215-13:41:35,56) [kblockd]
(root,0,0,00:00:00/215-13:41:35,57) [md]
(root,0,0,00:00:00/215-13:41:35,58) [edac-poller]
(root,0,0,00:00:00/215-13:41:35,59) [watchdogd]
(root,0,0,00:22:15/215-13:41:35,66) [kswapd0]
(root,0,0,00:00:00/215-13:41:35,67) [ksmd]
(root,0,0,00:01:24/215-13:41:35,68) [khugepaged]
(root,0,0,00:00:00/215-13:41:35,69) [crypto]
(root,0,0,00:00:00/215-13:41:35,77) [kthrotld]
(root,0,0,00:00:00/215-13:41:35,80) [kmpath_rdacd]
(root,0,0,00:00:00/215-13:41:35,81) [kaluad]
(root,0,0,00:00:00/215-13:41:35,82) [kpsmoused]
(root,0,0,00:00:00/215-13:41:35,84) [ipv6_addrconf]
(root,0,0,00:00:00/215-13:41:35,97) [deferwq]
(root,0,0,00:10:42/215-13:41:34,144) [kauditd]
(root,0,0,00:00:00/215-13:41:34,368) [ata_sff]
(root,0,0,00:00:00/215-13:41:34,404) [scsi_eh_0]
(root,0,0,00:00:00/215-13:41:34,405) [scsi_tmf_0]
(root,0,0,00:00:00/215-13:41:34,406) [scsi_eh_1]
(root,0,0,00:00:00/215-13:41:34,407) [scsi_tmf_1]
(root,0,0,00:00:00/215-13:41:34,408) [scsi_eh_2]
(root,0,0,00:00:00/215-13:41:34,409) [scsi_tmf_2]
(root,0,0,00:00:00/215-13:41:34,410) [scsi_eh_3]
(root,0,0,00:00:00/215-13:41:34,411) [scsi_tmf_3]
(root,0,0,00:00:00/215-13:41:34,412) [scsi_eh_4]
(root,0,0,00:00:00/215-13:41:34,413) [scsi_tmf_4]
(root,0,0,00:00:00/215-13:41:34,414) [scsi_eh_5]
(root,0,0,00:00:00/215-13:41:34,415) [scsi_tmf_5]
(root,0,0,00:00:00/215-13:41:32,488) [kdmflush]
(root,0,0,00:00:00/215-13:41:32,489) [bioset]
(root,0,0,00:00:08/215-13:41:32,506) [kworker/0:1H]
(root,0,0,00:36:28/215-13:41:32,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/215-13:41:32,514) [ext4-rsv-conver]
(root,0,0,00:00:00/02:30:56,574) [kworker/0:0]
(root,92752,45148,02:39:11/215-13:41:30,593) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:01/215-13:41:30,627) [kworker/4:1H]
(root,0,0,00:00:03/215-13:41:29,629) [kworker/1:1H]
(root,198572,892,00:00:00/215-13:41:29,633) /usr/sbin/lvmetad -f
(root,46060,968,00:00:00/215-13:41:29,640) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:01/215-13:41:28,644) [kworker/2:1H]
(root,0,0,00:14:05/215-13:41:28,645) [kworker/7:1H]
(root,0,0,00:00:01/215-13:41:27,687) [kworker/5:1H]
(root,0,0,00:00:00/215-13:41:27,688) [irq/125-mei_me]
(root,0,0,00:00:00/215-13:41:27,689) [kvm-irqfd-clean]
(root,0,0,00:00:00/02:30:40,693) [kworker/6:0]
(root,0,0,00:00:00/215-13:41:25,714) [jbd2/sda2-8]
(root,0,0,00:00:00/215-13:41:25,715) [ext4-rsv-conver]
(root,0,0,00:01:52/215-13:41:24,719) [jbd2/sda3-8]
(root,0,0,00:00:00/215-13:41:24,720) [ext4-rsv-conver]
(root,0,0,00:05:55/215-13:41:24,724) [jbd2/sdb-8]
(root,0,0,00:00:00/215-13:41:24,725) [ext4-rsv-conver]
(root,0,0,00:00:01/215-13:41:22,740) [kworker/6:1H]
(root,57704,724,00:23:12/215-13:41:12,748) /sbin/auditd
(dbus,58232,1920,00:49:18/215-13:41:11,778) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,25284,2332,00:24:45/215-13:41:10,788) /usr/lib/systemd/systemd-logind
(root,228888,8220,00:07:58/215-13:41:10,789) queueprocd - waiting up to 60s to process a task
(nscd,2819364,5744,01:05:34/215-13:41:10,794) /usr/sbin/nscd
(root,52900,1924,00:00:11/215-13:41:10,848) /usr/sbin/smartd -n -q never
(root,21540,1056,00:48:27/215-13:41:10,849) /usr/sbin/irqbalance --foreground
(root,0,0,00:00:00/02:30:21,851) [kworker/u16:1]
(root,24208,608,00:00:00/215-13:41:10,862) /usr/sbin/atd -f
(root,124504,1360,00:04:17/215-13:41:10,864) /usr/sbin/crond -n
(root,108292,624,00:00:00/215-13:41:10,866) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/215-13:41:10,869) [kworker/3:1H]
(chrony,97380,1528,00:01:14/215-13:41:10,888) /usr/sbin/chronyd
(root,113472,3144,00:20:37/215-13:41:01,1226) /usr/sbin/sshd -D
(cpanelconnecttrack,9824,3164,1-00:14:13/215-13:41:01,1235) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,1060300,17804,01:23:23/215-13:41:01,1237) /usr/sbin/rsyslogd -n
(root,27380,840,00:02:30/215-13:41:01,1245) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,225548,38768,01:12:28/215-13:41:00,1390) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,167288,4200,00:09:30/215-13:40:57,1820) dnsadmin - dormant mode
(root,213040,23752,02:07:27/215-13:40:57,1825) tailwatchd
(root,263628,24160,00:08:24/215-13:40:57,1826) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078
(root,130156,2268,00:01:08/215-13:40:57,1863) cpanellogd - sleeping for logs
(root,231600,75596,00:00:01/02:20:19,2254) spamd child
(root,235468,12160,00:25:37/178-02:27:56,2481) /usr/sbin/httpd -k start
(mysql,4494004,887352,12:29:03/215-13:40:35,3134) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(nobody,3226436,28472,00:00:43/3-05:56:40,3362) /usr/sbin/httpd -k start
(root,0,0,00:00:00/02:00:40,5114) [kworker/1:1]
(root,0,0,00:00:00/01:40:37,8091) [kworker/1:0]
(dovecot,10412,1456,00:00:57/35-08:30:24,8170) dovecot/imap-hibernate
(root,189788,12552,00:19:56/190-14:07:51,8719) cPhulkd - processor
(root,234580,77816,00:00:00/05:05:06,9082) spamd child
(root,0,0,00:00:00/01:30:41,9476) [kworker/3:0]
(root,12736,1236,00:00:59/56-06:38:50,11846) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12744,1252,00:00:57/56-06:38:50,11847) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235468,1896,00:00:00/56-06:38:49,11849) /usr/sbin/httpd -k start
(root,53088,2444,00:00:00/56-06:38:49,11850) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(dovenull,55088,10036,00:38:14/56-06:38:49,12064) dovecot/pop3-login
(dovenull,63944,17560,00:27:51/56-06:38:49,12065) dovecot/imap-login
(root,10644,1440,00:08:08/56-06:38:49,12066) dovecot/log
(dovenull,55424,9836,00:05:09/56-06:38:49,12067) dovecot/pop3-login
(dovenull,54164,8476,00:04:29/56-06:38:49,12068) dovecot/imap-login
(root,15952,2792,00:11:33/56-06:38:49,12069) dovecot/config
(dovecot,50620,3520,00:09:04/56-06:38:49,12070) dovecot/stats
(root,3108,36,00:01:49/215-09:38:38,12075) /usr/bin/RCdaemon
(scliegyp,29056,2576,00:00:00/01:11:47,12115) dovecot/quota-status -p postfix
(root,0,0,00:00:00/43:41,16375) [kworker/4:1]
(root,151552,10324,00:00:03/13:35:26,16620) cPhulkd - dbprocessor
(root,0,0,00:00:00/30:53,18221) [kworker/4:0]
(nobody,3095364,24948,00:00:22/1-12:38:02,18819) /usr/sbin/httpd -k start
(root,0,0,00:00:00/22:40,19522) [kworker/0:1]
(scliegyp,39540,4716,00:00:00/21:47,19617) dovecot/imap
(scliegyp,67196,28572,00:00:00/21:47,19619) dovecot/imap
(polkitd,610664,3192,00:17:42/215-12:43:29,19715) /usr/lib/polkit-1/polkitd --no-debug
(named,763176,26764,01:41:03/215-12:43:27,19737) /usr/sbin/named -u named -c /etc/named.conf
(root,0,0,00:00:00/18:41,20141) [kworker/7:2]
(scliegyp,38148,3384,00:00:00/17:07,20339) dovecot/imap
(scliegyp,37752,3072,00:00:00/15:04,20635) dovecot/imap
(root,0,0,00:00:00/11:43,21044) [kworker/u16:0]
(root,0,0,00:00:00/10:40,21214) [kworker/2:2]
(root,0,0,00:00:00/09:19,21452) [kworker/7:1]
(scliegyp,38280,3596,00:00:00/07:27,21749) dovecot/imap
(scliegyp,38404,3588,00:00:00/05:16,22050) dovecot/imap
(scliegyp,31712,3604,00:00:00/05:06,22053) dovecot/pop3
(root,0,0,00:00:00/02:45,22360) [kworker/7:0]
(scliegyp,32104,3744,00:00:00/02:15,22466) dovecot/pop3
(root,72960,4260,00:00:00/01:40,22477) dovecot/auth -w
(scliegyp,39468,5252,00:00:00/00:57,22588) dovecot/imap
(scliegyp,38148,3384,00:00:00/00:52,22591) dovecot/imap
(scliegyp,39468,5256,00:00:00/00:51,22592) dovecot/imap
(root,185004,2416,00:00:00/00:40,22595) /usr/sbin/CROND -n
(root,113280,1388,00:00:00/00:40,22601) /bin/sh -c    bash -c "sleep $((RANDOM % 60))" ; /opt/imunify360/venv/share/imunify360/scripts/check-detached.py > /dev/null 2>&1 || :
(root,0,0,00:00:00/00:40,22661) [kworker/0:2]
(scliegyp,37988,3688,00:00:00/00:12,22777) dovecot/imap
(root,251652,31468,00:00:00/00:00,22876) /opt/imunify360/venv/bin/python /opt/imunify360/venv/share/imunify360/scripts/check-detached.py
(root,113500,1616,00:00:00/00:00,22908) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,22926) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,22927) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(nobody,3160900,26508,00:00:26/1-21:37:28,23784) /usr/sbin/httpd -k start
(root,0,0,00:00:01/1-06:00:41,24546) [kworker/2:1]
(root,0,0,00:00:02/2-08:20:39,24833) [kworker/3:2]
(root,231088,13292,00:32:02/172-23:22:08,25777) cpsrvd (SSL) - waiting for connections                   
(dovecot,75836,7448,00:15:15/14-22:13:07,25835) dovecot/auth
(root,292800,5132,00:01:42/24-18:48:34,26313) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,445328,20204,00:00:34/24-18:48:34,26338) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,404388,47700,00:22:53/24-18:48:30,26520) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,387868,32412,00:00:31/24-18:48:30,26524) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,0,0,00:00:00/18:52:23,27207) [kworker/6:2]
(root,2425484,1594680,04:42:36/211-17:43:45,27388) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,33404,3084,00:00:56/178-02:57:05,29439) /sbin/rsyslogd
(mailnull,89188,13184,00:11:39/178-02:57:05,29453) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51576,2108,00:46:47/178-02:57:01,29530) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1192,00:17:19/178-02:57:01,29536) dovecot/anvil
(root,0,0,00:00:00/18:40:57,29577) [kworker/5:1]
(nobody,2964292,20048,00:00:04/06:19:02,30035) /usr/sbin/httpd -k start
(root,0,0,00:00:00/02:35:40,32397) [kworker/5:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-07-16 22:20

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb1068943011

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191460,3824,04:15:35/387-18:00:11,1) /usr/lib/systemd/systemd --system --deserialize 21
(root,0,0,00:00:06/387-18:00:11,2) [kthreadd]
(root,0,0,00:00:00/387-18:00:11,4) [kworker/0:0H]
(root,0,0,00:20:09/387-18:00:11,6) [ksoftirqd/0]
(root,0,0,00:00:03/387-18:00:11,7) [migration/0]
(root,0,0,00:00:00/387-18:00:11,8) [rcu_bh]
(root,0,0,04:34:43/387-18:00:11,9) [rcu_sched]
(root,0,0,00:00:00/387-18:00:11,10) [lru-add-drain]
(root,0,0,00:02:50/387-18:00:11,11) [watchdog/0]
(root,0,0,00:02:29/387-18:00:11,12) [watchdog/1]
(root,0,0,00:00:02/387-18:00:11,13) [migration/1]
(root,0,0,00:00:13/387-18:00:11,14) [ksoftirqd/1]
(root,0,0,00:00:00/387-18:00:11,16) [kworker/1:0H]
(root,0,0,00:02:30/387-18:00:11,17) [watchdog/2]
(root,0,0,00:00:02/387-18:00:11,18) [migration/2]
(root,0,0,00:00:12/387-18:00:11,19) [ksoftirqd/2]
(root,0,0,00:00:00/387-18:00:11,21) [kworker/2:0H]
(root,0,0,00:02:33/387-18:00:11,22) [watchdog/3]
(root,0,0,00:00:02/387-18:00:11,23) [migration/3]
(root,0,0,00:00:11/387-18:00:11,24) [ksoftirqd/3]
(root,0,0,00:00:00/387-18:00:11,26) [kworker/3:0H]
(root,0,0,00:02:23/387-18:00:11,27) [watchdog/4]
(root,0,0,00:01:06/387-18:00:11,28) [migration/4]
(root,0,0,00:00:16/387-18:00:11,29) [ksoftirqd/4]
(root,0,0,00:00:00/387-18:00:11,31) [kworker/4:0H]
(root,0,0,00:02:24/387-18:00:11,32) [watchdog/5]
(root,0,0,00:01:27/387-18:00:11,33) [migration/5]
(root,0,0,00:00:38/387-18:00:11,34) [ksoftirqd/5]
(root,0,0,00:00:00/387-18:00:11,36) [kworker/5:0H]
(root,0,0,00:02:22/387-18:00:11,37) [watchdog/6]
(root,0,0,00:01:09/387-18:00:11,38) [migration/6]
(root,0,0,00:00:28/387-18:00:11,39) [ksoftirqd/6]
(root,0,0,00:00:00/387-18:00:11,41) [kworker/6:0H]
(root,0,0,00:02:33/387-18:00:11,42) [watchdog/7]
(root,0,0,00:01:09/387-18:00:11,43) [migration/7]
(root,0,0,00:11:59/387-18:00:11,44) [ksoftirqd/7]
(root,0,0,00:00:00/387-18:00:11,46) [kworker/7:0H]
(root,0,0,00:00:00/387-18:00:11,48) [kdevtmpfs]
(root,0,0,00:00:00/387-18:00:11,49) [netns]
(root,0,0,00:00:26/387-18:00:11,50) [khungtaskd]
(root,0,0,00:00:00/387-18:00:11,51) [writeback]
(root,0,0,00:00:00/387-18:00:11,52) [kintegrityd]
(root,0,0,00:00:00/387-18:00:11,53) [bioset]
(root,0,0,00:00:00/387-18:00:11,54) [bioset]
(root,0,0,00:00:00/387-18:00:11,55) [bioset]
(root,0,0,00:00:00/387-18:00:11,56) [kblockd]
(root,0,0,00:00:00/387-18:00:11,57) [md]
(root,0,0,00:00:00/387-18:00:11,58) [edac-poller]
(root,0,0,00:00:00/387-18:00:11,59) [watchdogd]
(root,0,0,00:35:32/387-18:00:11,66) [kswapd0]
(root,0,0,00:00:00/387-18:00:11,67) [ksmd]
(root,0,0,00:01:25/387-18:00:11,68) [khugepaged]
(root,0,0,00:00:00/387-18:00:11,69) [crypto]
(root,0,0,00:00:00/387-18:00:11,77) [kthrotld]
(root,0,0,00:00:00/387-18:00:11,80) [kmpath_rdacd]
(root,0,0,00:00:00/387-18:00:11,81) [kaluad]
(root,0,0,00:00:00/387-18:00:11,82) [kpsmoused]
(root,0,0,00:00:00/387-18:00:11,84) [ipv6_addrconf]
(root,0,0,00:00:00/387-18:00:11,97) [deferwq]
(root,0,0,00:09:57/387-18:00:11,138) [kauditd]
(root,0,0,00:00:00/387-18:00:10,372) [ata_sff]
(root,0,0,00:00:00/387-18:00:10,404) [scsi_eh_0]
(root,0,0,00:00:00/387-18:00:10,405) [scsi_tmf_0]
(root,0,0,00:00:00/387-18:00:10,406) [scsi_eh_1]
(root,0,0,00:00:00/387-18:00:10,407) [scsi_tmf_1]
(root,0,0,00:00:00/387-18:00:10,408) [scsi_eh_2]
(root,0,0,00:00:00/387-18:00:10,409) [scsi_tmf_2]
(root,0,0,00:00:00/387-18:00:10,410) [scsi_eh_3]
(root,0,0,00:00:00/387-18:00:10,411) [scsi_tmf_3]
(root,0,0,00:00:00/387-18:00:10,412) [scsi_eh_4]
(root,0,0,00:00:00/387-18:00:10,413) [scsi_tmf_4]
(root,0,0,00:00:00/387-18:00:10,414) [scsi_eh_5]
(root,0,0,00:00:00/387-18:00:10,415) [scsi_tmf_5]
(root,0,0,00:00:00/387-18:00:08,488) [kdmflush]
(root,0,0,00:00:00/387-18:00:08,489) [bioset]
(root,0,0,00:00:12/387-18:00:08,506) [kworker/0:1H]
(root,0,0,00:53:47/387-18:00:08,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/387-18:00:08,514) [ext4-rsv-conver]
(root,0,0,00:00:02/387-18:00:05,628) [kworker/3:1H]
(root,0,0,00:00:00/387-18:00:05,674) [irq/125-mei_me]
(root,0,0,00:00:01/387-18:00:05,678) [kworker/6:1H]
(root,0,0,00:00:01/387-18:00:05,680) [kworker/5:1H]
(root,0,0,00:00:05/387-18:00:05,682) [kworker/1:1H]
(root,0,0,00:00:00/387-18:00:05,687) [kvm-irqfd-clean]
(root,0,0,00:00:03/387-18:00:04,704) [kworker/2:1H]
(root,0,0,00:02:47/387-18:00:03,713) [jbd2/sda3-8]
(root,0,0,00:00:00/387-18:00:03,714) [ext4-rsv-conver]
(root,0,0,00:00:00/387-18:00:03,716) [jbd2/sda2-8]
(root,0,0,00:00:00/387-18:00:03,717) [ext4-rsv-conver]
(root,0,0,00:06:37/387-18:00:03,722) [jbd2/sdb-8]
(root,0,0,00:00:00/387-18:00:03,723) [ext4-rsv-conver]
(root,0,0,00:00:01/387-18:00:02,742) [kworker/4:1H]
(root,55532,512,00:21:51/387-18:00:01,747) /sbin/auditd
(dbus,58236,1248,01:23:33/387-18:00:00,795) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,0,0,00:00:00/50:07,1013) [kworker/6:0]
(root,0,0,00:21:48/387-17:59:59,1040) [kworker/7:1H]
(root,167288,4200,00:16:55/387-17:59:51,1704) dnsadmin - dormant mode
(root,214780,19104,03:35:41/387-17:59:51,1706) tailwatchd
(root,183604,6560,00:10:03/387-17:59:51,1707) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,0,0,00:00:05/20:35:36,3217) [kworker/0:2]
(root,0,0,00:00:00/35:07,3509) [kworker/2:1]
(root,180072,30500,00:00:39/20:25:06,4913) lfd - sleeping
(root,0,0,00:00:00/25:06,5120) [kworker/7:0]
(dovecot,72260,5824,00:03:34/5-10:45:18,5540) dovecot/auth
(root,0,0,00:00:00/20:02,5981) [kworker/1:2]
(root,0,0,00:00:00/13:35:06,6941) [kworker/4:1]
(root,233292,13236,00:15:16/107-05:01:16,7392) /usr/sbin/httpd -k start
(root,12732,1248,00:00:12/17-03:42:50,7917) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12740,1256,00:00:12/17-03:42:50,7918) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,233292,2176,00:00:00/17-03:42:50,7920) /usr/sbin/httpd -k start
(root,53088,2516,00:00:00/17-03:42:50,7921) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,0,0,00:00:00/07:26,8004) [kworker/7:2]
(scliegyp,38400,3796,00:00:00/06:59,8039) dovecot/imap
(scliegyp,38280,3596,00:00:00/06:59,8040) dovecot/imap
(dovenull,49296,7216,00:00:44/17-03:42:50,8084) dovecot/pop3-login
(dovenull,53408,10976,00:00:26/17-03:42:50,8085) dovecot/imap-login
(root,10524,1624,00:01:25/17-03:42:50,8086) dovecot/log
(dovenull,67668,25428,00:09:12/17-03:42:50,8087) dovecot/pop3-login
(dovenull,55524,13176,00:02:57/17-03:42:50,8089) dovecot/imap-login
(root,15776,3444,00:01:59/17-03:42:50,8090) dovecot/config
(dovecot,48836,4480,00:01:30/17-03:42:50,8091) dovecot/stats
(scliegyp,44872,8468,00:00:00/05:39,8346) dovecot/imap
(root,0,0,00:00:00/05:06,8449) [kworker/5:1]
(scliegyp,38904,4140,00:00:00/00:41,9074) dovecot/imap
(root,60732,4440,00:00:00/00:41,9115) dovecot/lmtp
(scliegyp,38904,4136,00:00:00/00:20,9182) dovecot/imap
(root,0,0,00:00:00/00:08,9196) [cpsrvd (SSL) - ] <defunct>
(root,242508,91580,00:00:17/19:58:08,9273) spamd child
(root,111300,4244,00:00:00/00:01,9384) sshd: [accepted]
(sshd,111300,1716,00:00:00/00:01,9388) sshd: [net]
(root,113500,1624,00:00:00/00:00,9399) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,9417) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,9418) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/03:15:07,9487) [kworker/6:2]
(root,24208,540,00:00:00/290-12:07:04,9564) /usr/sbin/atd -f
(nobody,3158764,24868,00:00:24/2-10:12:04,10777) /usr/sbin/httpd -k start
(root,0,0,00:00:00/03:05:07,11165) [kworker/0:1]
(root,0,0,00:00:01/1-02:35:36,11687) [kworker/2:0]
(root,0,0,00:00:00/09:35:06,12452) [kworker/3:1]
(nobody,3158764,25344,00:00:44/4-06:23:26,12955) /usr/sbin/httpd -k start
(nobody,3224300,26980,00:00:42/4-06:22:31,13176) /usr/sbin/httpd -k start
(root,0,0,00:00:00/02:48:55,13846) [kworker/u16:1]
(root,229132,74216,00:00:00/08:57:57,18165) spamd child
(mysql,4536220,627064,09:22:17/199-16:26:28,18332) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,3108,800,00:00:02/4-08:30:58,18918) /usr/bin/RCdaemon
(root,70788,4220,00:00:05/22:11:37,20939) dovecot/auth -w
(named,759180,7348,01:27:56/207-09:59:47,21481) /usr/sbin/named -u named -c /etc/named.conf
(root,0,0,00:00:00/08:35:35,21904) [kworker/5:0]
(chrony,97380,1332,00:00:57/207-09:58:19,22618) /usr/sbin/chronyd
(root,27380,832,00:02:19/207-09:58:14,22646) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,111300,2852,00:13:57/207-09:58:01,22813) /usr/sbin/sshd -D
(root,2486136,1536116,04:15:17/207-09:57:56,22836) /usr/local/cpanel/3rdparty/bin/clamd -F
(mailnull,86940,13024,00:16:23/207-09:57:06,23010) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51592,2332,01:09:45/207-09:57:03,23032) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1188,00:23:27/207-09:57:03,23038) dovecot/anvil
(polkitd,610668,2604,00:15:51/207-09:57:00,23061) /usr/lib/polkit-1/polkitd --no-debug
(root,0,0,00:00:00/01:45:07,24187) [kworker/1:0]
(root,0,0,00:00:00/01:41:42,24844) [kworker/u16:0]
(root,108292,624,00:00:00/290-12:04:27,24969) /sbin/agetty --noclear tty1 linux
(root,124504,1356,00:05:50/290-12:03:52,25238) /usr/sbin/crond -n
(root,21540,956,01:18:13/290-12:03:45,25358) /usr/sbin/irqbalance --foreground
(root,290616,5456,00:00:26/6-17:47:47,25597) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,228940,18968,00:40:24/122-19:22:56,25617) cpsrvd (SSL) - waiting for connections                   
(root,366000,18748,00:00:08/6-17:47:46,25624) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,384416,38028,00:06:21/6-17:47:44,25711) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,372020,28344,00:00:08/6-17:47:44,25715) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,25288,2332,00:25:21/242-10:00:48,25923) /usr/lib/systemd/systemd-logind
(root,1084816,12784,01:16:02/242-10:00:40,25996) /usr/sbin/rsyslogd -n
(root,42912,828,00:00:00/242-10:00:31,26125) /usr/sbin/lvmetad -f
(root,55824,15424,02:18:13/242-10:00:03,26284) /usr/lib/systemd/systemd-journald
(root,43528,928,00:00:00/242-09:59:52,26391) /usr/lib/systemd/systemd-udevd
(root,52900,1580,00:00:15/242-09:59:51,26407) /usr/sbin/smartd -n -q never
(root,228996,8564,00:05:02/169-05:43:16,28951) queueprocd - waiting up to 60s to process a task
(nscd,1805544,2832,00:43:20/169-05:36:50,29094) /usr/sbin/nscd
(root,0,0,00:00:00/01:15:07,29321) [kworker/3:0]
(cpanelconnecttrack,9760,2980,17:28:13/169-05:36:07,29332) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,130156,2284,00:00:56/169-05:36:07,29372) cpanellogd - sleeping for logs
(root,223264,37716,00:56:37/169-05:34:42,30251) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,128508,480,00:00:00/259-20:27:50,30546) SCREEN
(root,114712,1436,00:00:00/259-20:27:50,30547) /bin/bash
(root,0,0,00:00:00/01:05:07,30978) [kworker/4:0]
(nobody,3224300,25888,00:00:40/4-04:44:26,31589) /usr/sbin/httpd -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-05-04 18:25

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10bacb7d61

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191460,3816,04:04:27/365-20:59:32,1) /usr/lib/systemd/systemd --system --deserialize 21
(root,0,0,00:00:06/365-20:59:32,2) [kthreadd]
(root,0,0,00:00:00/365-20:59:32,4) [kworker/0:0H]
(root,0,0,00:18:41/365-20:59:32,6) [ksoftirqd/0]
(root,0,0,00:00:02/365-20:59:32,7) [migration/0]
(root,0,0,00:00:00/365-20:59:32,8) [rcu_bh]
(root,0,0,04:20:28/365-20:59:32,9) [rcu_sched]
(root,0,0,00:00:00/365-20:59:32,10) [lru-add-drain]
(root,0,0,00:02:39/365-20:59:32,11) [watchdog/0]
(root,0,0,00:02:21/365-20:59:32,12) [watchdog/1]
(root,0,0,00:00:02/365-20:59:32,13) [migration/1]
(root,0,0,00:00:12/365-20:59:32,14) [ksoftirqd/1]
(root,0,0,00:00:00/365-20:59:32,16) [kworker/1:0H]
(root,0,0,00:02:21/365-20:59:32,17) [watchdog/2]
(root,0,0,00:00:02/365-20:59:32,18) [migration/2]
(root,0,0,00:00:11/365-20:59:32,19) [ksoftirqd/2]
(root,0,0,00:00:00/365-20:59:32,21) [kworker/2:0H]
(root,0,0,00:02:25/365-20:59:32,22) [watchdog/3]
(root,0,0,00:00:02/365-20:59:32,23) [migration/3]
(root,0,0,00:00:10/365-20:59:32,24) [ksoftirqd/3]
(root,0,0,00:00:00/365-20:59:32,26) [kworker/3:0H]
(root,0,0,00:02:15/365-20:59:32,27) [watchdog/4]
(root,0,0,00:01:03/365-20:59:32,28) [migration/4]
(root,0,0,00:00:15/365-20:59:32,29) [ksoftirqd/4]
(root,0,0,00:00:00/365-20:59:32,31) [kworker/4:0H]
(root,0,0,00:02:16/365-20:59:32,32) [watchdog/5]
(root,0,0,00:01:22/365-20:59:32,33) [migration/5]
(root,0,0,00:00:37/365-20:59:32,34) [ksoftirqd/5]
(root,0,0,00:00:00/365-20:59:32,36) [kworker/5:0H]
(root,0,0,00:02:14/365-20:59:32,37) [watchdog/6]
(root,0,0,00:01:05/365-20:59:32,38) [migration/6]
(root,0,0,00:00:26/365-20:59:32,39) [ksoftirqd/6]
(root,0,0,00:00:00/365-20:59:32,41) [kworker/6:0H]
(root,0,0,00:02:25/365-20:59:32,42) [watchdog/7]
(root,0,0,00:01:05/365-20:59:32,43) [migration/7]
(root,0,0,00:11:19/365-20:59:32,44) [ksoftirqd/7]
(root,0,0,00:00:00/365-20:59:32,46) [kworker/7:0H]
(root,0,0,00:00:00/365-20:59:32,48) [kdevtmpfs]
(root,0,0,00:00:00/365-20:59:32,49) [netns]
(root,0,0,00:00:25/365-20:59:32,50) [khungtaskd]
(root,0,0,00:00:00/365-20:59:32,51) [writeback]
(root,0,0,00:00:00/365-20:59:32,52) [kintegrityd]
(root,0,0,00:00:00/365-20:59:32,53) [bioset]
(root,0,0,00:00:00/365-20:59:32,54) [bioset]
(root,0,0,00:00:00/365-20:59:32,55) [bioset]
(root,0,0,00:00:00/365-20:59:32,56) [kblockd]
(root,0,0,00:00:00/365-20:59:32,57) [md]
(root,0,0,00:00:00/365-20:59:32,58) [edac-poller]
(root,0,0,00:00:00/365-20:59:32,59) [watchdogd]
(root,0,0,00:34:26/365-20:59:32,66) [kswapd0]
(root,0,0,00:00:00/365-20:59:32,67) [ksmd]
(root,0,0,00:01:20/365-20:59:32,68) [khugepaged]
(root,0,0,00:00:00/365-20:59:32,69) [crypto]
(root,0,0,00:00:00/365-20:59:32,77) [kthrotld]
(root,0,0,00:00:00/365-20:59:32,80) [kmpath_rdacd]
(root,0,0,00:00:00/365-20:59:32,81) [kaluad]
(root,0,0,00:00:00/365-20:59:32,82) [kpsmoused]
(root,0,0,00:00:00/365-20:59:32,84) [ipv6_addrconf]
(root,0,0,00:00:00/365-20:59:32,97) [deferwq]
(root,0,0,00:09:10/365-20:59:32,138) [kauditd]
(root,0,0,00:00:00/365-20:59:31,372) [ata_sff]
(root,0,0,00:00:00/365-20:59:31,404) [scsi_eh_0]
(root,0,0,00:00:00/365-20:59:31,405) [scsi_tmf_0]
(root,0,0,00:00:00/365-20:59:31,406) [scsi_eh_1]
(root,0,0,00:00:00/365-20:59:31,407) [scsi_tmf_1]
(root,0,0,00:00:00/365-20:59:31,408) [scsi_eh_2]
(root,0,0,00:00:00/365-20:59:31,409) [scsi_tmf_2]
(root,0,0,00:00:00/365-20:59:31,410) [scsi_eh_3]
(root,0,0,00:00:00/365-20:59:31,411) [scsi_tmf_3]
(root,0,0,00:00:00/365-20:59:31,412) [scsi_eh_4]
(root,0,0,00:00:00/365-20:59:31,413) [scsi_tmf_4]
(root,0,0,00:00:00/365-20:59:31,414) [scsi_eh_5]
(root,0,0,00:00:00/365-20:59:31,415) [scsi_tmf_5]
(root,0,0,00:00:00/365-20:59:29,488) [kdmflush]
(root,0,0,00:00:00/365-20:59:29,489) [bioset]
(root,0,0,00:00:11/365-20:59:29,506) [kworker/0:1H]
(root,0,0,00:51:05/365-20:59:29,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/365-20:59:29,514) [ext4-rsv-conver]
(root,0,0,00:00:02/365-20:59:26,628) [kworker/3:1H]
(root,0,0,00:00:00/365-20:59:26,674) [irq/125-mei_me]
(root,0,0,00:00:01/365-20:59:26,678) [kworker/6:1H]
(root,0,0,00:00:01/365-20:59:26,680) [kworker/5:1H]
(root,0,0,00:00:05/365-20:59:26,682) [kworker/1:1H]
(root,0,0,00:00:00/365-20:59:26,687) [kvm-irqfd-clean]
(root,0,0,00:00:03/365-20:59:25,704) [kworker/2:1H]
(root,0,0,00:00:00/54:37,710) [kworker/1:1]
(root,0,0,00:02:38/365-20:59:24,713) [jbd2/sda3-8]
(root,0,0,00:00:00/365-20:59:24,714) [ext4-rsv-conver]
(root,0,0,00:00:00/365-20:59:24,716) [jbd2/sda2-8]
(root,0,0,00:00:00/365-20:59:24,717) [ext4-rsv-conver]
(root,0,0,00:06:10/365-20:59:24,722) [jbd2/sdb-8]
(root,0,0,00:00:00/365-20:59:24,723) [ext4-rsv-conver]
(root,0,0,00:00:01/365-20:59:23,742) [kworker/4:1H]
(root,55532,512,00:20:07/365-20:59:22,747) /sbin/auditd
(dbus,58236,1248,01:18:53/365-20:59:21,795) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,0,0,00:20:34/365-20:59:20,1040) [kworker/7:1H]
(root,167288,4200,00:15:58/365-20:59:12,1704) dnsadmin - dormant mode
(root,214780,19100,03:25:02/365-20:59:12,1706) tailwatchd
(root,183604,6560,00:09:15/365-20:59:12,1707) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,0,0,00:00:00/48:41,1858) [kworker/0:2]
(root,0,0,00:00:00/44:27,2590) [kworker/3:0]
(root,0,0,00:00:00/42:13,2953) [kworker/2:1]
(root,0,0,00:00:00/42:07,2967) [kworker/6:1]
(root,0,0,00:00:00/36:32,4028) [kworker/3:1]
(root,0,0,00:00:00/36:09,4061) [kworker/u16:2]
(root,0,0,00:00:00/34:42,4432) [kworker/2:0]
(nobody,3820228,27620,00:01:01/9-14:22:37,4579) /usr/sbin/httpd -k start
(root,0,0,00:00:00/24:28,6518) [kworker/5:0]
(root,3108,40,00:01:02/187-01:24:15,6995) /usr/bin/RCdaemon
(root,233292,14948,00:12:08/85-08:00:37,7392) /usr/sbin/httpd -k start
(root,0,0,00:00:00/16:28,7957) [kworker/7:0]
(root,0,0,00:00:00/10:58,8903) [kworker/u16:1]
(root,24208,540,00:00:00/268-15:06:25,9564) /usr/sbin/atd -f
(root,0,0,00:00:00/04:38,10143) [kworker/u16:0]
(root,0,0,00:00:00/04:27,10221) [kworker/1:2]
(root,0,0,00:00:00/04:27,10259) [kworker/7:1]
(scliegyp,41300,8824,00:00:00/03:06,10448) dovecot/pop3
(scliegyp,29056,2580,00:00:00/02:28,10567) dovecot/quota-status -p postfix
(scliegyp,38040,3672,00:00:00/00:28,10868) dovecot/imap
(scliegyp,38408,4084,00:00:00/00:21,10887) dovecot/imap
(scliegyp,38532,4072,00:00:00/00:13,10894) dovecot/imap
(root,0,0,00:00:00/00:10,10896) [whostmgrd - ser] <defunct>
(root,60732,4444,00:00:00/00:06,10948) dovecot/lmtp
(root,0,0,00:00:00/00:06,10966) [dnsadmin - dorm] <defunct>
(root,0,0,00:00:00/00:06,10971) [whostmgrd - ser] <defunct>
(cpanelphpmyadmin,290584,1884,00:00:00/00:06,10981) php-fpm: pool cpanelphpmyadmin
(scliegyp,38192,3740,00:00:00/00:01,10995) dovecot/imap
(root,113500,1624,00:00:00/00:00,11089) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,11107) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,11108) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,679412,50640,00:00:53/02:19:40,16976) /opt/imunify360/venv/bin/python3 -m defence360agent.run
(root,290616,968,00:02:17/34-16:23:33,17519) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,366000,3464,00:00:48/34-16:23:33,17543) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,382236,13520,00:32:09/34-16:23:31,17631) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,372020,8316,00:00:45/34-16:23:31,17635) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(mysql,4536220,630948,08:20:21/177-19:25:49,18332) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,70788,4228,00:00:00/01:57:01,21325) dovecot/auth -w
(root,243384,88028,00:00:11/05:14:41,21382) spamd child
(named,759180,7464,01:20:51/185-12:59:08,21481) /usr/sbin/named -u named -c /etc/named.conf
(chrony,97380,1332,00:00:50/185-12:57:40,22618) /usr/sbin/chronyd
(root,27380,832,00:02:04/185-12:57:35,22646) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,111300,2816,00:12:26/185-12:57:22,22813) /usr/sbin/sshd -D
(root,2415200,1518288,03:53:52/185-12:57:17,22836) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,228596,74176,00:00:00/05:05:41,22845) spamd child
(mailnull,86936,13024,00:13:42/185-12:56:27,23010) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51592,2280,01:05:29/185-12:56:24,23032) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1188,00:21:41/185-12:56:24,23038) dovecot/anvil
(polkitd,610668,2644,00:14:09/185-12:56:21,23061) /usr/lib/polkit-1/polkitd --no-debug
(root,0,0,00:00:00/01:44:54,23703) [kworker/6:2]
(root,12736,1340,00:00:08/9-15:42:04,24432) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12744,1356,00:00:08/9-15:42:04,24433) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,233292,3924,00:00:00/9-15:42:04,24435) /usr/sbin/httpd -k start
(root,53088,11844,00:00:00/9-15:42:04,24436) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3224248,26960,00:01:02/9-15:42:04,24437) /usr/sbin/httpd -k start
(nobody,3289784,27316,00:01:04/9-15:42:04,24438) /usr/sbin/httpd -k start
(dovenull,48748,6540,00:00:30/9-15:42:04,24544) dovecot/pop3-login
(dovenull,54756,11988,00:15:41/9-15:42:04,24545) dovecot/imap-login
(root,10404,1500,00:01:40/9-15:42:04,24546) dovecot/log
(dovenull,60300,18168,00:05:02/9-15:42:04,24547) dovecot/pop3-login
(dovenull,49956,7664,00:03:31/9-15:42:04,24548) dovecot/imap-login
(root,16092,3456,00:02:45/9-15:42:04,24549) dovecot/config
(dovecot,48292,3788,00:02:19/9-15:42:04,24550) dovecot/stats
(dovecot,72312,5824,00:07:40/9-15:42:04,24551) dovecot/auth
(nobody,3093176,27016,00:01:00/9-15:42:03,24552) /usr/sbin/httpd -k start
(nobody,3289784,27636,00:01:03/9-15:42:03,24553) /usr/sbin/httpd -k start
(root,108292,624,00:00:00/268-15:03:48,24969) /sbin/agetty --noclear tty1 linux
(root,124504,1352,00:05:23/268-15:03:13,25238) /usr/sbin/crond -n
(root,21540,956,01:12:18/268-15:03:06,25358) /usr/sbin/irqbalance --foreground
(root,228940,20280,00:32:07/100-22:22:17,25617) cpsrvd (SSL) - waiting for connections                   
(dovecot,10780,1952,00:01:07/9-15:34:56,25727) dovecot/imap-hibernate
(root,0,0,00:00:00/01:34:43,25779) [kworker/4:0]
(root,25288,2332,00:23:03/220-13:00:09,25923) /usr/lib/systemd/systemd-logind
(root,1076416,11868,01:09:32/220-13:00:01,25996) /usr/sbin/rsyslogd -n
(root,42912,828,00:00:00/220-12:59:52,26125) /usr/sbin/lvmetad -f
(root,104780,47640,02:07:17/220-12:59:24,26284) /usr/lib/systemd/systemd-journald
(root,43528,928,00:00:00/220-12:59:13,26391) /usr/lib/systemd/systemd-udevd
(root,52900,1580,00:00:13/220-12:59:12,26407) /usr/sbin/smartd -n -q never
(root,0,0,00:00:00/01:25:11,27504) [kworker/0:0]
(root,179568,29948,00:00:45/23:24:27,27656) lfd - sleeping
(root,0,0,00:00:00/16:34:43,28413) [kworker/4:1]
(root,228996,8608,00:04:23/147-08:42:37,28951) queueprocd - waiting up to 60s to process a task
(nscd,1805544,2792,00:38:24/147-08:36:11,29094) /usr/sbin/nscd
(cpanelconnecttrack,9904,3124,15:14:51/147-08:35:28,29332) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,130156,2284,00:00:49/147-08:35:28,29372) cpanellogd - sleeping for logs
(root,223264,38404,00:49:18/147-08:34:03,30251) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,128508,480,00:00:00/237-23:27:11,30546) SCREEN
(root,114712,1436,00:00:00/237-23:27:11,30547) /bin/bash
(root,0,0,00:00:00/01:04:28,31313) [kworker/5:1]
(root,0,0,00:00:00/01:03:36,31546) [kworker/7:2]
(root,0,0,00:00:00/01:01:02,31956) [kworker/1:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-04-12 21:24

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10447c0262

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191460,3816,04:03:46/364-13:12:51,1) /usr/lib/systemd/systemd --system --deserialize 21
(root,0,0,00:00:06/364-13:12:51,2) [kthreadd]
(root,0,0,00:00:00/364-13:12:51,4) [kworker/0:0H]
(root,0,0,00:18:33/364-13:12:51,6) [ksoftirqd/0]
(root,0,0,00:00:02/364-13:12:51,7) [migration/0]
(root,0,0,00:00:00/364-13:12:51,8) [rcu_bh]
(root,0,0,04:19:18/364-13:12:51,9) [rcu_sched]
(root,0,0,00:00:00/364-13:12:51,10) [lru-add-drain]
(root,0,0,00:02:39/364-13:12:51,11) [watchdog/0]
(root,0,0,00:02:20/364-13:12:51,12) [watchdog/1]
(root,0,0,00:00:02/364-13:12:51,13) [migration/1]
(root,0,0,00:00:12/364-13:12:51,14) [ksoftirqd/1]
(root,0,0,00:00:00/364-13:12:51,16) [kworker/1:0H]
(root,0,0,00:02:21/364-13:12:51,17) [watchdog/2]
(root,0,0,00:00:02/364-13:12:51,18) [migration/2]
(root,0,0,00:00:11/364-13:12:51,19) [ksoftirqd/2]
(root,0,0,00:00:00/364-13:12:51,21) [kworker/2:0H]
(root,0,0,00:02:24/364-13:12:51,22) [watchdog/3]
(root,0,0,00:00:02/364-13:12:51,23) [migration/3]
(root,0,0,00:00:10/364-13:12:51,24) [ksoftirqd/3]
(root,0,0,00:00:00/364-13:12:51,26) [kworker/3:0H]
(root,0,0,00:02:15/364-13:12:51,27) [watchdog/4]
(root,0,0,00:01:03/364-13:12:51,28) [migration/4]
(root,0,0,00:00:15/364-13:12:51,29) [ksoftirqd/4]
(root,0,0,00:00:00/364-13:12:51,31) [kworker/4:0H]
(root,0,0,00:02:16/364-13:12:51,32) [watchdog/5]
(root,0,0,00:01:22/364-13:12:51,33) [migration/5]
(root,0,0,00:00:37/364-13:12:51,34) [ksoftirqd/5]
(root,0,0,00:00:00/364-13:12:51,36) [kworker/5:0H]
(root,0,0,00:02:14/364-13:12:51,37) [watchdog/6]
(root,0,0,00:01:05/364-13:12:51,38) [migration/6]
(root,0,0,00:00:26/364-13:12:51,39) [ksoftirqd/6]
(root,0,0,00:00:00/364-13:12:51,41) [kworker/6:0H]
(root,0,0,00:02:24/364-13:12:51,42) [watchdog/7]
(root,0,0,00:01:05/364-13:12:51,43) [migration/7]
(root,0,0,00:11:16/364-13:12:51,44) [ksoftirqd/7]
(root,0,0,00:00:00/364-13:12:51,46) [kworker/7:0H]
(root,0,0,00:00:00/364-13:12:51,48) [kdevtmpfs]
(root,0,0,00:00:00/364-13:12:51,49) [netns]
(root,0,0,00:00:25/364-13:12:51,50) [khungtaskd]
(root,0,0,00:00:00/364-13:12:51,51) [writeback]
(root,0,0,00:00:00/364-13:12:51,52) [kintegrityd]
(root,0,0,00:00:00/364-13:12:51,53) [bioset]
(root,0,0,00:00:00/364-13:12:51,54) [bioset]
(root,0,0,00:00:00/364-13:12:51,55) [bioset]
(root,0,0,00:00:00/364-13:12:51,56) [kblockd]
(root,0,0,00:00:00/364-13:12:51,57) [md]
(root,0,0,00:00:00/364-13:12:51,58) [edac-poller]
(root,0,0,00:00:00/364-13:12:51,59) [watchdogd]
(root,0,0,00:34:25/364-13:12:51,66) [kswapd0]
(root,0,0,00:00:00/364-13:12:51,67) [ksmd]
(root,0,0,00:01:20/364-13:12:51,68) [khugepaged]
(root,0,0,00:00:00/364-13:12:51,69) [crypto]
(root,0,0,00:00:00/364-13:12:51,77) [kthrotld]
(root,0,0,00:00:00/364-13:12:51,80) [kmpath_rdacd]
(root,0,0,00:00:00/364-13:12:51,81) [kaluad]
(root,0,0,00:00:00/364-13:12:51,82) [kpsmoused]
(root,0,0,00:00:00/364-13:12:51,84) [ipv6_addrconf]
(root,0,0,00:00:00/364-13:12:51,97) [deferwq]
(root,0,0,00:09:07/364-13:12:51,138) [kauditd]
(root,0,0,00:00:00/364-13:12:50,372) [ata_sff]
(root,0,0,00:00:00/364-13:12:50,404) [scsi_eh_0]
(root,0,0,00:00:00/364-13:12:50,405) [scsi_tmf_0]
(root,0,0,00:00:00/364-13:12:50,406) [scsi_eh_1]
(root,0,0,00:00:00/364-13:12:50,407) [scsi_tmf_1]
(root,0,0,00:00:00/364-13:12:50,408) [scsi_eh_2]
(root,0,0,00:00:00/364-13:12:50,409) [scsi_tmf_2]
(root,0,0,00:00:00/364-13:12:50,410) [scsi_eh_3]
(root,0,0,00:00:00/364-13:12:50,411) [scsi_tmf_3]
(root,0,0,00:00:00/364-13:12:50,412) [scsi_eh_4]
(root,0,0,00:00:00/364-13:12:50,413) [scsi_tmf_4]
(root,0,0,00:00:00/364-13:12:50,414) [scsi_eh_5]
(root,0,0,00:00:00/364-13:12:50,415) [scsi_tmf_5]
(root,0,0,00:00:00/364-13:12:48,488) [kdmflush]
(root,0,0,00:00:00/364-13:12:48,489) [bioset]
(root,0,0,00:00:11/364-13:12:48,506) [kworker/0:1H]
(root,0,0,00:50:52/364-13:12:48,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/364-13:12:48,514) [ext4-rsv-conver]
(root,0,0,00:00:02/364-13:12:45,628) [kworker/3:1H]
(root,0,0,00:00:03/13:48:02,665) [kworker/0:1]
(root,0,0,00:00:00/364-13:12:45,674) [irq/125-mei_me]
(root,0,0,00:00:01/364-13:12:45,678) [kworker/6:1H]
(root,0,0,00:00:01/364-13:12:45,680) [kworker/5:1H]
(root,0,0,00:00:05/364-13:12:45,682) [kworker/1:1H]
(root,0,0,00:00:00/364-13:12:45,687) [kvm-irqfd-clean]
(root,0,0,00:00:03/364-13:12:44,704) [kworker/2:1H]
(root,0,0,00:02:37/364-13:12:43,713) [jbd2/sda3-8]
(root,0,0,00:00:00/364-13:12:43,714) [ext4-rsv-conver]
(root,0,0,00:00:00/364-13:12:43,716) [jbd2/sda2-8]
(root,0,0,00:00:00/364-13:12:43,717) [ext4-rsv-conver]
(root,0,0,00:06:09/364-13:12:43,722) [jbd2/sdb-8]
(root,0,0,00:00:00/364-13:12:43,723) [ext4-rsv-conver]
(root,0,0,00:00:01/364-13:12:42,742) [kworker/4:1H]
(root,55532,512,00:20:01/364-13:12:41,747) /sbin/auditd
(dbus,58236,1248,01:18:35/364-13:12:40,795) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,0,0,00:20:29/364-13:12:39,1040) [kworker/7:1H]
(root,0,0,00:00:00/04:02:46,1670) [kworker/4:1]
(root,167288,4196,00:15:54/364-13:12:31,1704) dnsadmin - dormant mode
(root,214780,19100,03:23:56/364-13:12:31,1706) tailwatchd
(root,183604,6560,00:09:13/364-13:12:31,1707) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,0,0,00:00:00/01:12:46,1735) [kworker/6:1]
(root,0,0,00:00:01/1-03:12:46,2300) [kworker/2:2]
(root,0,0,00:00:00/13:37:47,2373) [kworker/1:2]
(scliegyp,38416,4180,00:00:00/59:47,3782) dovecot/imap
(scliegyp,39096,4312,00:00:00/59:18,3802) dovecot/imap
(nobody,3820228,27184,00:00:51/8-06:35:56,4579) /usr/sbin/httpd -k start
(root,0,0,00:00:00/47:47,5849) [kworker/3:1]
(root,0,0,00:00:00/44:44,6262) [kworker/u16:1]
(root,0,0,00:00:00/03:36:46,6578) [kworker/0:0]
(root,3108,40,00:01:02/185-17:37:34,6995) /usr/bin/RCdaemon
(root,0,0,00:00:00/09:48:04,7102) [kworker/6:0]
(root,233292,14948,00:11:56/84-00:13:56,7392) /usr/sbin/httpd -k start
(root,0,0,00:00:00/35:21,7715) [kworker/7:0]
(root,0,0,00:00:00/28:46,8797) [kworker/u16:2]
(root,0,0,00:00:00/27:46,9049) [kworker/2:1]
(root,24208,540,00:00:00/267-07:19:44,9564) /usr/sbin/atd -f
(root,0,0,00:00:00/17:44,10607) [kworker/7:1]
(root,0,0,00:00:00/07:47,11999) [kworker/1:0]
(root,70788,4212,00:00:00/05:28,12385) dovecot/auth -w
(scliegyp,38912,4152,00:00:00/02:52,12726) dovecot/imap
(root,0,0,00:00:00/02:46,12830) [kworker/0:2]
(root,0,0,00:00:00/01:38,13076) [kworker/u16:0]
(scliegyp,38520,4004,00:00:00/00:10,13301) dovecot/imap
(root,0,0,00:00:00/00:10,13302) [cpsrvd (SSL) - ] <defunct>
(scliegyp,38056,3684,00:00:00/00:05,13305) dovecot/imap
(root,113500,1628,00:00:00/00:00,13400) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,13418) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,13419) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,178996,29412,00:00:29/15:37:46,16242) lfd - sleeping
(root,290616,964,00:02:12/33-08:36:52,17519) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,366000,3464,00:00:46/33-08:36:52,17543) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,382236,14336,00:30:55/33-08:36:50,17631) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,372020,8316,00:00:43/33-08:36:50,17635) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(mysql,4536220,617884,08:16:09/176-11:39:08,18332) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,248364,95264,00:00:13/02:30:18,18898) spamd child
(named,759180,7720,01:20:16/184-05:12:27,21481) /usr/sbin/named -u named -c /etc/named.conf
(root,244212,92144,00:00:22/14:58:21,22269) spamd child
(chrony,97380,1332,00:00:50/184-05:10:59,22618) /usr/sbin/chronyd
(root,27380,832,00:02:03/184-05:10:54,22646) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,111300,2816,00:12:22/184-05:10:41,22813) /usr/sbin/sshd -D
(root,2349304,1454780,03:52:36/184-05:10:36,22836) /usr/local/cpanel/3rdparty/bin/clamd -F
(mailnull,86936,13024,00:13:34/184-05:09:46,23010) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51592,2280,01:04:56/184-05:09:43,23032) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1188,00:21:30/184-05:09:43,23038) dovecot/anvil
(polkitd,610668,2644,00:14:03/184-05:09:40,23061) /usr/lib/polkit-1/polkitd --no-debug
(root,0,0,00:00:00/11:32:46,23242) [kworker/5:0]
(root,0,0,00:00:02/1-13:47:46,24260) [kworker/3:2]
(root,12732,1356,00:00:07/8-07:55:23,24432) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12740,1372,00:00:06/8-07:55:23,24433) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,233292,3924,00:00:00/8-07:55:23,24435) /usr/sbin/httpd -k start
(root,53088,11844,00:00:00/8-07:55:23,24436) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3224248,26704,00:00:53/8-07:55:23,24437) /usr/sbin/httpd -k start
(nobody,3289784,26368,00:00:55/8-07:55:23,24438) /usr/sbin/httpd -k start
(dovenull,48516,6456,00:00:25/8-07:55:23,24544) dovecot/pop3-login
(dovenull,54448,11716,00:13:37/8-07:55:23,24545) dovecot/imap-login
(root,10404,1500,00:01:25/8-07:55:23,24546) dovecot/log
(dovenull,58700,16516,00:04:21/8-07:55:23,24547) dovecot/pop3-login
(dovenull,49916,7688,00:02:57/8-07:55:23,24548) dovecot/imap-login
(root,16092,3456,00:02:20/8-07:55:23,24549) dovecot/config
(dovecot,48156,3800,00:01:59/8-07:55:23,24550) dovecot/stats
(dovecot,72312,5824,00:06:33/8-07:55:23,24551) dovecot/auth
(nobody,3093176,26740,00:00:51/8-07:55:22,24552) /usr/sbin/httpd -k start
(nobody,3289784,26480,00:00:54/8-07:55:22,24553) /usr/sbin/httpd -k start
(root,108292,624,00:00:00/267-07:17:07,24969) /sbin/agetty --noclear tty1 linux
(root,124504,1352,00:05:22/267-07:16:32,25238) /usr/sbin/crond -n
(root,21540,956,01:11:57/267-07:16:25,25358) /usr/sbin/irqbalance --foreground
(root,228940,20340,00:31:39/99-14:35:36,25617) cpsrvd (SSL) - waiting for connections                   
(dovecot,10780,1952,00:00:57/8-07:48:15,25727) dovecot/imap-hibernate
(root,25288,2332,00:22:55/219-05:13:28,25923) /usr/lib/systemd/systemd-logind
(root,1076624,16160,01:09:03/219-05:13:20,25996) /usr/sbin/rsyslogd -n
(root,42912,828,00:00:00/219-05:13:11,26125) /usr/sbin/lvmetad -f
(root,109108,50424,02:06:22/219-05:12:43,26284) /usr/lib/systemd/systemd-journald
(root,43528,928,00:00:00/219-05:12:32,26391) /usr/lib/systemd/systemd-udevd
(root,52900,1580,00:00:13/219-05:12:31,26407) /usr/sbin/smartd -n -q never
(root,0,0,00:00:00/01:48:03,27362) [kworker/4:0]
(root,228996,8624,00:04:21/146-00:55:56,28951) queueprocd - waiting up to 60s to process a task
(nscd,1805544,2808,00:38:02/146-00:49:30,29094) /usr/sbin/nscd
(cpanelconnecttrack,9904,3124,15:06:34/146-00:48:47,29332) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,130156,2284,00:00:48/146-00:48:47,29372) cpanellogd - sleeping for logs
(root,0,0,00:00:00/01:37:46,29495) [kworker/5:1]
(root,223264,38460,00:48:52/146-00:47:22,30251) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,128508,480,00:00:00/236-15:40:30,30546) SCREEN
(root,114712,1436,00:00:00/236-15:40:30,30547) /bin/bash

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-04-11 13:37

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10f07c4da4

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191460,3812,03:42:51/324-00:18:36,1) /usr/lib/systemd/systemd --system --deserialize 21
(root,0,0,00:00:05/324-00:18:36,2) [kthreadd]
(root,0,0,00:00:00/324-00:18:36,4) [kworker/0:0H]
(root,0,0,00:14:23/324-00:18:36,6) [ksoftirqd/0]
(root,0,0,00:00:02/324-00:18:36,7) [migration/0]
(root,0,0,00:00:00/324-00:18:36,8) [rcu_bh]
(root,0,0,03:47:50/324-00:18:36,9) [rcu_sched]
(root,0,0,00:00:00/324-00:18:36,10) [lru-add-drain]
(root,0,0,00:02:20/324-00:18:36,11) [watchdog/0]
(root,0,0,00:02:05/324-00:18:36,12) [watchdog/1]
(root,0,0,00:00:02/324-00:18:36,13) [migration/1]
(root,0,0,00:00:11/324-00:18:36,14) [ksoftirqd/1]
(root,0,0,00:00:00/324-00:18:36,16) [kworker/1:0H]
(root,0,0,00:02:06/324-00:18:36,17) [watchdog/2]
(root,0,0,00:00:02/324-00:18:36,18) [migration/2]
(root,0,0,00:00:10/324-00:18:36,19) [ksoftirqd/2]
(root,0,0,00:00:00/324-00:18:36,21) [kworker/2:0H]
(root,0,0,00:02:09/324-00:18:36,22) [watchdog/3]
(root,0,0,00:00:01/324-00:18:36,23) [migration/3]
(root,0,0,00:00:09/324-00:18:36,24) [ksoftirqd/3]
(root,0,0,00:00:00/324-00:18:36,26) [kworker/3:0H]
(root,0,0,00:01:59/324-00:18:36,27) [watchdog/4]
(root,0,0,00:00:55/324-00:18:36,28) [migration/4]
(root,0,0,00:00:13/324-00:18:36,29) [ksoftirqd/4]
(root,0,0,00:00:00/324-00:18:36,31) [kworker/4:0H]
(root,0,0,00:02:01/324-00:18:36,32) [watchdog/5]
(root,0,0,00:01:11/324-00:18:36,33) [migration/5]
(root,0,0,00:00:35/324-00:18:36,34) [ksoftirqd/5]
(root,0,0,00:00:00/324-00:18:36,36) [kworker/5:0H]
(root,0,0,00:01:59/324-00:18:36,37) [watchdog/6]
(root,0,0,00:00:57/324-00:18:36,38) [migration/6]
(root,0,0,00:00:23/324-00:18:36,39) [ksoftirqd/6]
(root,0,0,00:00:00/324-00:18:36,41) [kworker/6:0H]
(root,0,0,00:02:08/324-00:18:36,42) [watchdog/7]
(root,0,0,00:00:57/324-00:18:36,43) [migration/7]
(root,0,0,00:09:58/324-00:18:36,44) [ksoftirqd/7]
(root,0,0,00:00:00/324-00:18:36,46) [kworker/7:0H]
(root,0,0,00:00:00/324-00:18:36,48) [kdevtmpfs]
(root,0,0,00:00:00/324-00:18:36,49) [netns]
(root,0,0,00:00:22/324-00:18:36,50) [khungtaskd]
(root,0,0,00:00:00/324-00:18:36,51) [writeback]
(root,0,0,00:00:00/324-00:18:36,52) [kintegrityd]
(root,0,0,00:00:00/324-00:18:36,53) [bioset]
(root,0,0,00:00:00/324-00:18:36,54) [bioset]
(root,0,0,00:00:00/324-00:18:36,55) [bioset]
(root,0,0,00:00:00/324-00:18:36,56) [kblockd]
(root,0,0,00:00:00/324-00:18:36,57) [md]
(root,0,0,00:00:00/324-00:18:36,58) [edac-poller]
(root,0,0,00:00:00/324-00:18:36,59) [watchdogd]
(root,0,0,00:30:05/324-00:18:36,66) [kswapd0]
(root,0,0,00:00:00/324-00:18:36,67) [ksmd]
(root,0,0,00:01:11/324-00:18:36,68) [khugepaged]
(root,0,0,00:00:00/324-00:18:36,69) [crypto]
(root,0,0,00:00:00/324-00:18:36,77) [kthrotld]
(root,0,0,00:00:00/324-00:18:36,80) [kmpath_rdacd]
(root,0,0,00:00:00/324-00:18:36,81) [kaluad]
(root,0,0,00:00:00/324-00:18:36,82) [kpsmoused]
(root,0,0,00:00:00/324-00:18:36,84) [ipv6_addrconf]
(root,0,0,00:00:00/324-00:18:36,97) [deferwq]
(root,0,0,00:07:34/324-00:18:36,138) [kauditd]
(root,0,0,00:00:00/03:42,337) [kworker/u16:1]
(root,0,0,00:00:00/324-00:18:35,372) [ata_sff]
(root,0,0,00:00:00/324-00:18:35,404) [scsi_eh_0]
(root,0,0,00:00:00/324-00:18:35,405) [scsi_tmf_0]
(root,0,0,00:00:00/324-00:18:35,406) [scsi_eh_1]
(root,0,0,00:00:00/324-00:18:35,407) [scsi_tmf_1]
(root,0,0,00:00:00/324-00:18:35,408) [scsi_eh_2]
(root,0,0,00:00:00/324-00:18:35,409) [scsi_tmf_2]
(root,0,0,00:00:00/324-00:18:35,410) [scsi_eh_3]
(root,0,0,00:00:00/324-00:18:35,411) [scsi_tmf_3]
(root,0,0,00:00:00/324-00:18:35,412) [scsi_eh_4]
(root,0,0,00:00:00/324-00:18:35,413) [scsi_tmf_4]
(root,0,0,00:00:00/324-00:18:35,414) [scsi_eh_5]
(root,0,0,00:00:00/324-00:18:35,415) [scsi_tmf_5]
(scliegyp,37752,3072,00:00:00/03:31,458) dovecot/imap
(root,0,0,00:00:00/324-00:18:33,488) [kdmflush]
(root,0,0,00:00:00/324-00:18:33,489) [bioset]
(root,0,0,00:00:10/324-00:18:33,506) [kworker/0:1H]
(root,0,0,00:45:18/324-00:18:33,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/324-00:18:33,514) [ext4-rsv-conver]
(root,0,0,00:00:02/324-00:18:30,628) [kworker/3:1H]
(root,0,0,00:00:00/324-00:18:30,674) [irq/125-mei_me]
(root,0,0,00:00:01/324-00:18:30,678) [kworker/6:1H]
(root,0,0,00:00:01/324-00:18:30,680) [kworker/5:1H]
(root,0,0,00:00:05/324-00:18:30,682) [kworker/1:1H]
(root,0,0,00:00:00/324-00:18:30,687) [kvm-irqfd-clean]
(root,0,0,00:00:02/324-00:18:29,704) [kworker/2:1H]
(root,0,0,00:02:19/324-00:18:28,713) [jbd2/sda3-8]
(root,0,0,00:00:00/324-00:18:28,714) [ext4-rsv-conver]
(root,0,0,00:00:00/324-00:18:28,716) [jbd2/sda2-8]
(root,0,0,00:00:00/324-00:18:28,717) [ext4-rsv-conver]
(root,0,0,00:05:22/324-00:18:28,722) [jbd2/sdb-8]
(root,0,0,00:00:00/324-00:18:28,723) [ext4-rsv-conver]
(root,0,0,00:00:01/324-00:18:27,742) [kworker/4:1H]
(root,55532,516,00:16:34/324-00:18:26,747) /sbin/auditd
(dbus,58236,1360,01:09:46/324-00:18:25,795) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,60732,4444,00:00:00/00:35,859) dovecot/lmtp
(scliegyp,38104,3828,00:00:00/00:26,926) dovecot/imap
(scliegyp,38288,4000,00:00:00/00:25,927) dovecot/imap
(root,0,0,00:00:00/00:18,930) [cpsrvd (SSL) - ] <defunct>
(scliegyp,38080,3796,00:00:00/00:06,931) dovecot/imap
(scliegyp,38132,3828,00:00:00/00:03,1005) dovecot/imap
(root,0,0,00:18:09/324-00:18:24,1040) [kworker/7:1H]
(root,113500,1624,00:00:00/00:00,1137) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,1155) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,944,00:00:00/00:00,1156) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,167288,4200,00:14:09/324-00:18:16,1704) dnsadmin - dormant mode
(root,214780,19212,02:52:36/324-00:18:16,1706) tailwatchd
(root,183604,6556,00:07:49/324-00:18:16,1707) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,0,0,00:00:02/09:38:32,3382) [kworker/0:1]
(root,70788,4220,00:00:03/09:33:37,4150) dovecot/auth -w
(root,3108,40,00:00:48/145-04:43:19,6995) /usr/bin/RCdaemon
(root,233292,14984,00:06:12/43-11:19:41,7392) /usr/sbin/httpd -k start
(root,24208,604,00:00:00/226-18:25:29,9564) /usr/sbin/atd -f
(root,0,0,00:00:00/02:03:31,12908) [kworker/3:2]
(nobody,3158716,26216,00:00:22/3-05:42:48,13918) /usr/sbin/httpd -k start
(nobody,3158716,24816,00:00:22/3-05:42:47,14038) /usr/sbin/httpd -k start
(root,0,0,00:00:01/20:08:31,15553) [kworker/5:0]
(root,178576,29096,00:00:03/01:43:31,16272) lfd - sleeping
(root,0,0,00:00:00/01:42:31,16620) [kworker/1:2]
(mysql,4536220,867872,06:20:04/135-22:44:53,18332) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,12728,1352,00:00:16/14-12:01:16,19564) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12732,1364,00:00:15/14-12:01:16,19565) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(dovenull,67712,25620,00:08:07/14-12:01:16,19566) dovecot/pop3-login
(dovenull,53568,10844,00:21:28/14-12:01:16,19567) dovecot/imap-login
(root,10520,1604,00:02:33/14-12:01:16,19568) dovecot/log
(dovenull,49380,6976,00:00:48/14-12:01:16,19569) dovecot/pop3-login
(dovenull,51392,9308,00:07:07/14-12:01:16,19570) dovecot/imap-login
(root,15928,3372,00:04:09/14-12:01:16,19571) dovecot/config
(dovecot,48064,3520,00:03:33/14-12:01:16,19572) dovecot/stats
(dovecot,72192,5716,00:12:02/14-12:01:16,19573) dovecot/auth
(nobody,233292,3992,00:00:00/14-12:01:16,19574) /usr/sbin/httpd -k start
(root,53088,11840,00:00:00/14-12:01:16,19575) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,0,0,00:00:00/01:23:32,19585) [kworker/6:2]
(dovecot,10780,1908,00:01:42/14-11:56:50,21048) dovecot/imap-hibernate
(root,0,0,00:00:00/07:53:40,21059) [kworker/3:1]
(root,0,0,00:00:00/01:13:32,21257) [kworker/4:0]
(named,759180,7596,01:04:41/143-16:18:12,21481) /usr/sbin/named -u named -c /etc/named.conf
(root,293228,141372,00:00:08/13:27:50,21666) spamd child
(chrony,97380,1468,00:00:38/143-16:16:44,22618) /usr/sbin/chronyd
(root,27380,872,00:01:36/143-16:16:39,22646) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,111300,3408,00:09:19/143-16:16:26,22813) /usr/sbin/sshd -D
(root,2339744,1533260,02:58:19/143-16:16:21,22836) /usr/local/cpanel/3rdparty/bin/clamd -F
(mailnull,86932,13012,00:09:37/143-16:15:31,23010) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51592,2336,00:49:43/143-16:15:28,23032) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1200,00:16:08/143-16:15:28,23038) dovecot/anvil
(polkitd,610668,2876,00:10:54/143-16:15:25,23061) /usr/lib/polkit-1/polkitd --no-debug
(root,108292,624,00:00:00/226-18:22:52,24969) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00/52:09,24983) [kworker/u16:2]
(root,124504,1392,00:04:33/226-18:22:17,25238) /usr/sbin/crond -n
(root,21540,960,01:01:07/226-18:22:10,25358) /usr/sbin/irqbalance --foreground
(root,0,0,00:00:00/04:08:32,25411) [kworker/1:1]
(root,0,0,00:00:01/16:06:32,25602) [kworker/2:1]
(root,228940,22692,00:17:10/59-01:41:21,25617) cpsrvd (SSL) - waiting for connections                   
(nobody,3158716,30800,00:01:05/7-17:00:19,25821) /usr/sbin/httpd -k start
(root,25288,2336,00:18:35/178-16:19:13,25923) /usr/lib/systemd/systemd-logind
(root,1041788,16876,00:54:06/178-16:19:05,25996) /usr/sbin/rsyslogd -n
(nobody,3224252,31712,00:01:05/7-16:59:06,26106) /usr/sbin/httpd -k start
(root,42912,828,00:00:00/178-16:18:56,26125) /usr/sbin/lvmetad -f
(nobody,3158716,30132,00:01:06/7-16:58:58,26200) /usr/sbin/httpd -k start
(root,133628,74008,01:38:00/178-16:18:28,26284) /usr/lib/systemd/systemd-journald
(root,43528,932,00:00:00/178-16:18:17,26391) /usr/lib/systemd/systemd-udevd
(root,52900,2240,00:00:11/178-16:18:16,26407) /usr/sbin/smartd -n -q never
(root,290616,5460,00:01:00/14-23:06:04,26536) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,366000,13736,00:00:20/14-23:06:03,26560) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(root,185136,2420,00:00:00/43:31,26581) /usr/sbin/CROND -n
(root,113280,1208,00:00:00/43:31,26592) /bin/sh -c sleep $((1 + RANDOM % 5))h $((1 + RANDOM % 60))m; /usr/local/bin/wp-toolkit update-configuration > /dev/null 2> /dev/null || /usr/local/cpanel/3rdparty/wp-toolkit/bin/wp-toolkit-installer.sh --generate-configs > /dev/null 2> /dev/null; /usr/bin/yum -y update wp-toolkit-cpanel > /dev/null 2> /dev/null
(root,108052,360,00:00:00/43:31,26596) sleep 3h 41m
(wp-toolkit,382236,37272,00:14:01/14-23:06:01,26662) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,372020,27872,00:00:19/14-23:06:01,26666) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,223264,43040,00:00:00/07:17:54,27549) spamd child
(root,0,0,00:00:01/18:53:41,27572) [kworker/6:1]
(root,0,0,00:00:01/1-16:58:32,28756) [kworker/4:1]
(root,228996,8792,00:03:10/105-12:01:41,28951) queueprocd - waiting up to 60s to process a task
(nscd,1670368,2772,00:26:57/105-11:55:15,29094) /usr/sbin/nscd
(cpanelconnecttrack,9904,3120,10:54:12/105-11:54:32,29332) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,130156,2284,00:00:35/105-11:54:32,29372) cpanellogd - sleeping for logs
(root,223264,45180,00:35:25/105-11:53:07,30251) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,0,0,00:00:00/18:40,30497) [kworker/u16:0]
(root,128508,508,00:00:00/196-02:46:15,30546) SCREEN
(root,114712,1448,00:00:00/196-02:46:15,30547) /bin/bash
(root,0,0,00:00:00/18:29,30603) [kworker/7:2]
(root,0,0,00:00:00/18:29,30605) [kworker/0:2]
(nobody,3420860,30620,00:00:56/7-07:28:19,31005) /usr/sbin/httpd -k start
(root,0,0,00:00:00/13:32,31378) [kworker/5:1]
(root,0,0,00:00:00/10:38,31849) [kworker/7:1]
(root,0,0,00:00:00/08:32,32166) [kworker/2:2]
(scliegyp,38100,3332,00:00:00/05:33,32586) dovecot/imap
(scliegyp,38100,3336,00:00:00/05:32,32588) dovecot/imap
(root,0,0,00:00:00/04:21,32716) [kworker/7:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-03-02 00:43

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10f6ae86a7

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191460,3812,03:39:43/317-22:09:54,1) /usr/lib/systemd/systemd --system --deserialize 21
(root,0,0,00:00:05/317-22:09:54,2) [kthreadd]
(root,0,0,00:00:00/317-22:09:54,4) [kworker/0:0H]
(root,0,0,00:13:43/317-22:09:54,6) [ksoftirqd/0]
(root,0,0,00:00:02/317-22:09:54,7) [migration/0]
(root,0,0,00:00:00/317-22:09:54,8) [rcu_bh]
(root,0,0,03:43:06/317-22:09:54,9) [rcu_sched]
(root,0,0,00:00:00/317-22:09:54,10) [lru-add-drain]
(root,0,0,00:02:17/317-22:09:54,11) [watchdog/0]
(root,0,0,00:02:03/317-22:09:54,12) [watchdog/1]
(root,0,0,00:00:01/317-22:09:54,13) [migration/1]
(root,0,0,00:00:10/317-22:09:54,14) [ksoftirqd/1]
(root,0,0,00:00:00/317-22:09:54,16) [kworker/1:0H]
(root,0,0,00:02:03/317-22:09:54,17) [watchdog/2]
(root,0,0,00:00:02/317-22:09:54,18) [migration/2]
(root,0,0,00:00:10/317-22:09:54,19) [ksoftirqd/2]
(root,0,0,00:00:00/317-22:09:54,21) [kworker/2:0H]
(root,0,0,00:02:06/317-22:09:54,22) [watchdog/3]
(root,0,0,00:00:01/317-22:09:54,23) [migration/3]
(root,0,0,00:00:09/317-22:09:54,24) [ksoftirqd/3]
(root,0,0,00:00:00/317-22:09:54,26) [kworker/3:0H]
(root,0,0,00:01:57/317-22:09:54,27) [watchdog/4]
(root,0,0,00:00:54/317-22:09:54,28) [migration/4]
(root,0,0,00:00:13/317-22:09:54,29) [ksoftirqd/4]
(root,0,0,00:00:00/317-22:09:54,31) [kworker/4:0H]
(root,0,0,00:01:59/317-22:09:54,32) [watchdog/5]
(root,0,0,00:01:10/317-22:09:54,33) [migration/5]
(root,0,0,00:00:34/317-22:09:54,34) [ksoftirqd/5]
(root,0,0,00:00:00/317-22:09:54,36) [kworker/5:0H]
(root,0,0,00:01:57/317-22:09:54,37) [watchdog/6]
(root,0,0,00:00:55/317-22:09:54,38) [migration/6]
(root,0,0,00:00:23/317-22:09:54,39) [ksoftirqd/6]
(root,0,0,00:00:00/317-22:09:54,41) [kworker/6:0H]
(root,0,0,00:02:06/317-22:09:54,42) [watchdog/7]
(root,0,0,00:00:56/317-22:09:54,43) [migration/7]
(root,0,0,00:09:46/317-22:09:54,44) [ksoftirqd/7]
(root,0,0,00:00:00/317-22:09:54,46) [kworker/7:0H]
(root,0,0,00:00:00/317-22:09:54,48) [kdevtmpfs]
(root,0,0,00:00:00/317-22:09:54,49) [netns]
(root,0,0,00:00:21/317-22:09:54,50) [khungtaskd]
(root,0,0,00:00:00/317-22:09:54,51) [writeback]
(root,0,0,00:00:00/317-22:09:54,52) [kintegrityd]
(root,0,0,00:00:00/317-22:09:54,53) [bioset]
(root,0,0,00:00:00/317-22:09:54,54) [bioset]
(root,0,0,00:00:00/317-22:09:54,55) [bioset]
(root,0,0,00:00:00/317-22:09:54,56) [kblockd]
(root,0,0,00:00:00/317-22:09:54,57) [md]
(root,0,0,00:00:00/317-22:09:54,58) [edac-poller]
(root,0,0,00:00:00/317-22:09:54,59) [watchdogd]
(root,0,0,00:29:41/317-22:09:54,66) [kswapd0]
(root,0,0,00:00:00/317-22:09:54,67) [ksmd]
(root,0,0,00:01:10/317-22:09:54,68) [khugepaged]
(root,0,0,00:00:00/317-22:09:54,69) [crypto]
(root,0,0,00:00:00/317-22:09:54,77) [kthrotld]
(root,0,0,00:00:00/317-22:09:54,80) [kmpath_rdacd]
(root,0,0,00:00:00/317-22:09:54,81) [kaluad]
(root,0,0,00:00:00/317-22:09:54,82) [kpsmoused]
(root,0,0,00:00:00/317-22:09:54,84) [ipv6_addrconf]
(root,0,0,00:00:00/317-22:09:54,97) [deferwq]
(root,0,0,00:07:20/317-22:09:54,138) [kauditd]
(root,0,0,00:00:00/317-22:09:53,372) [ata_sff]
(root,0,0,00:00:00/317-22:09:53,404) [scsi_eh_0]
(root,0,0,00:00:00/317-22:09:53,405) [scsi_tmf_0]
(root,0,0,00:00:00/317-22:09:53,406) [scsi_eh_1]
(root,0,0,00:00:00/317-22:09:53,407) [scsi_tmf_1]
(root,0,0,00:00:00/317-22:09:53,408) [scsi_eh_2]
(root,0,0,00:00:00/317-22:09:53,409) [scsi_tmf_2]
(root,0,0,00:00:00/317-22:09:53,410) [scsi_eh_3]
(root,0,0,00:00:00/317-22:09:53,411) [scsi_tmf_3]
(root,0,0,00:00:00/317-22:09:53,412) [scsi_eh_4]
(root,0,0,00:00:00/317-22:09:53,413) [scsi_tmf_4]
(root,0,0,00:00:00/317-22:09:53,414) [scsi_eh_5]
(root,0,0,00:00:00/317-22:09:53,415) [scsi_tmf_5]
(root,0,0,00:00:00/317-22:09:51,488) [kdmflush]
(root,0,0,00:00:00/317-22:09:51,489) [bioset]
(root,0,0,00:00:10/317-22:09:51,506) [kworker/0:1H]
(root,0,0,00:44:27/317-22:09:51,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/317-22:09:51,514) [ext4-rsv-conver]
(root,0,0,00:00:01/317-22:09:48,628) [kworker/3:1H]
(root,0,0,00:00:00/317-22:09:48,674) [irq/125-mei_me]
(root,0,0,00:00:01/317-22:09:48,678) [kworker/6:1H]
(root,0,0,00:00:01/317-22:09:48,680) [kworker/5:1H]
(root,0,0,00:00:04/317-22:09:48,682) [kworker/1:1H]
(root,0,0,00:00:00/317-22:09:48,687) [kvm-irqfd-clean]
(root,0,0,00:00:02/317-22:09:47,704) [kworker/2:1H]
(root,0,0,00:02:17/317-22:09:46,713) [jbd2/sda3-8]
(root,0,0,00:00:00/317-22:09:46,714) [ext4-rsv-conver]
(root,0,0,00:00:00/317-22:09:46,716) [jbd2/sda2-8]
(root,0,0,00:00:00/317-22:09:46,717) [ext4-rsv-conver]
(root,0,0,00:05:14/317-22:09:46,722) [jbd2/sdb-8]
(root,0,0,00:00:00/317-22:09:46,723) [ext4-rsv-conver]
(root,0,0,00:00:01/317-22:09:45,742) [kworker/4:1H]
(root,55532,516,00:16:04/317-22:09:44,747) /sbin/auditd
(dbus,58236,1360,01:08:25/317-22:09:43,795) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,0,0,00:17:48/317-22:09:42,1040) [kworker/7:1H]
(root,167288,4196,00:13:53/317-22:09:34,1704) dnsadmin - dormant mode
(root,214780,19216,02:47:54/317-22:09:34,1706) tailwatchd
(root,183604,6556,00:07:38/317-22:09:34,1707) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,245480,93360,00:00:17/12:32:19,4322) spamd child
(root,3108,40,00:00:46/139-02:34:37,6995) /usr/bin/RCdaemon
(root,233292,15028,00:05:20/37-09:10:59,7392) /usr/sbin/httpd -k start
(root,0,0,00:00:11/1-16:24:49,8870) [kworker/0:2]
(root,0,0,00:00:00/02:33:50,9416) [kworker/3:1]
(root,24208,604,00:00:00/220-16:16:47,9564) /usr/sbin/atd -f
(root,0,0,00:00:00/02:12:33,12675) [kworker/u16:1]
(root,229792,77856,00:00:01/08:39:06,16561) spamd child
(root,0,0,00:00:00/05:14:50,16774) [kworker/6:0]
(root,0,0,00:00:01/17:19:49,17050) [kworker/3:2]
(mysql,4536220,878936,06:02:46/129-20:36:11,18332) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,12736,1352,00:00:10/8-09:52:34,19564) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12744,1364,00:00:10/8-09:52:34,19565) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(dovenull,60880,18572,00:04:41/8-09:52:34,19566) dovecot/pop3-login
(dovenull,53452,10676,00:12:25/8-09:52:34,19567) dovecot/imap-login
(root,10520,1604,00:01:29/8-09:52:34,19568) dovecot/log
(dovenull,48512,6396,00:00:27/8-09:52:34,19569) dovecot/pop3-login
(dovenull,51392,9288,00:04:30/8-09:52:34,19570) dovecot/imap-login
(root,15928,3372,00:02:26/8-09:52:34,19571) dovecot/config
(dovecot,47932,3520,00:02:04/8-09:52:34,19572) dovecot/stats
(dovecot,72192,5716,00:07:02/8-09:52:34,19573) dovecot/auth
(nobody,233292,3992,00:00:00/8-09:52:34,19574) /usr/sbin/httpd -k start
(root,53088,11840,00:00:00/8-09:52:34,19575) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,179528,30036,00:00:45/23:34:50,19909) lfd - sleeping
(root,0,0,00:00:02/1-15:19:49,20810) [kworker/1:2]
(dovecot,10780,1908,00:00:59/8-09:48:08,21048) dovecot/imap-hibernate
(root,0,0,00:00:00/01:14:50,21197) [kworker/0:0]
(named,759180,7864,01:02:16/137-14:09:30,21481) /usr/sbin/named -u named -c /etc/named.conf
(chrony,97380,1468,00:00:36/137-14:08:02,22618) /usr/sbin/chronyd
(root,27380,872,00:01:32/137-14:07:57,22646) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,0,0,00:00:00/01:04:50,22764) [kworker/6:2]
(root,111300,3408,00:08:53/137-14:07:44,22813) /usr/sbin/sshd -D
(root,2341092,1504000,02:51:00/137-14:07:39,22836) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,0,0,00:00:00/13:45:07,22934) [kworker/4:0]
(root,0,0,00:00:00/13:45:07,22937) [kworker/2:0]
(mailnull,86940,13028,00:09:09/137-14:06:49,23010) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51592,2336,00:47:19/137-14:06:46,23032) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1200,00:15:19/137-14:06:46,23038) dovecot/anvil
(polkitd,610668,2876,00:10:26/137-14:06:43,23061) /usr/lib/polkit-1/polkitd --no-debug
(root,0,0,00:00:00/59:49,23573) [kworker/4:1]
(root,0,0,00:00:00/50:30,24964) [kworker/7:0]
(root,108292,624,00:00:00/220-16:14:10,24969) /sbin/agetty --noclear tty1 linux
(root,124504,1392,00:04:26/220-16:13:35,25238) /usr/sbin/crond -n
(root,21540,960,00:59:29/220-16:13:28,25358) /usr/sbin/irqbalance --foreground
(root,228940,22944,00:15:16/52-23:32:39,25617) cpsrvd (SSL) - waiting for connections                   
(root,0,0,00:00:00/45:06,25707) [kworker/5:1]
(root,0,0,00:00:00/44:49,25813) [kworker/2:1]
(nobody,3158716,26788,00:00:19/1-14:51:37,25821) /usr/sbin/httpd -k start
(root,25288,2336,00:17:56/172-14:10:31,25923) /usr/lib/systemd/systemd-logind
(root,1035496,15304,00:51:47/172-14:10:23,25996) /usr/sbin/rsyslogd -n
(nobody,3158716,26488,00:00:18/1-14:50:24,26106) /usr/sbin/httpd -k start
(root,42912,828,00:00:00/172-14:10:14,26125) /usr/sbin/lvmetad -f
(nobody,3093180,24692,00:00:18/1-14:50:16,26200) /usr/sbin/httpd -k start
(root,157984,95616,01:33:38/172-14:09:46,26284) /usr/lib/systemd/systemd-journald
(root,43528,932,00:00:00/172-14:09:35,26391) /usr/lib/systemd/systemd-udevd
(root,52900,2240,00:00:10/172-14:09:34,26407) /usr/sbin/smartd -n -q never
(root,290616,5472,00:00:35/8-20:57:22,26536) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,366000,15208,00:00:11/8-20:57:21,26560) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,382236,38060,00:08:18/8-20:57:19,26662) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,372020,28856,00:00:11/8-20:57:19,26666) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(scliegyp,29056,2576,00:00:00/28:59,28274) dovecot/quota-status -p postfix
(root,228996,8768,00:02:59/99-09:52:59,28951) queueprocd - waiting up to 60s to process a task
(nscd,1670368,2784,00:25:21/99-09:46:33,29094) /usr/sbin/nscd
(root,0,0,00:00:00/23:04,29107) [kworker/u16:0]
(cpanelconnecttrack,9904,3120,10:16:03/99-09:45:50,29332) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,130156,2284,00:00:33/99-09:45:50,29372) cpanellogd - sleeping for logs
(scliegyp,38900,4140,00:00:00/21:38,29408) dovecot/imap
(root,223264,45144,00:33:23/99-09:44:25,30251) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,0,0,00:00:00/14:49,30319) [kworker/5:0]
(root,128508,508,00:00:00/190-00:37:33,30546) SCREEN
(root,114712,1448,00:00:00/190-00:37:33,30547) /bin/bash
(nobody,3027644,22096,00:00:10/1-05:19:37,31005) /usr/sbin/httpd -k start
(root,0,0,00:00:00/09:50,31109) [kworker/7:2]
(root,70788,4216,00:00:00/06:35,31500) dovecot/auth -w
(root,0,0,00:00:00/04:50,31764) [kworker/6:1]
(root,0,0,00:00:00/03:34:50,32270) [kworker/1:1]
(root,0,0,00:00:00/00:14,32395) [cpsrvd (SSL) - ] <defunct>
(scliegyp,38212,3936,00:00:00/00:08,32397) dovecot/imap
(root,113500,1620,00:00:00/00:00,32541) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,32559) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,944,00:00:00/00:00,32560) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-02-23 22:34

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10c51f5494

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191460,3812,03:38:15/315-02:26:51,1) /usr/lib/systemd/systemd --system --deserialize 21
(root,0,0,00:00:05/315-02:26:51,2) [kthreadd]
(root,0,0,00:00:00/315-02:26:51,4) [kworker/0:0H]
(root,0,0,00:13:19/315-02:26:51,6) [ksoftirqd/0]
(root,0,0,00:00:02/315-02:26:51,7) [migration/0]
(root,0,0,00:00:00/315-02:26:51,8) [rcu_bh]
(root,0,0,03:40:38/315-02:26:51,9) [rcu_sched]
(root,0,0,00:00:00/315-02:26:51,10) [lru-add-drain]
(root,0,0,00:02:16/315-02:26:51,11) [watchdog/0]
(root,0,0,00:02:01/315-02:26:51,12) [watchdog/1]
(root,0,0,00:00:01/315-02:26:51,13) [migration/1]
(root,0,0,00:00:10/315-02:26:51,14) [ksoftirqd/1]
(root,0,0,00:00:00/315-02:26:51,16) [kworker/1:0H]
(root,0,0,00:02:02/315-02:26:51,17) [watchdog/2]
(root,0,0,00:00:02/315-02:26:51,18) [migration/2]
(root,0,0,00:00:10/315-02:26:51,19) [ksoftirqd/2]
(root,0,0,00:00:00/315-02:26:51,21) [kworker/2:0H]
(root,0,0,00:02:05/315-02:26:51,22) [watchdog/3]
(root,0,0,00:00:01/315-02:26:51,23) [migration/3]
(root,0,0,00:00:09/315-02:26:51,24) [ksoftirqd/3]
(root,0,0,00:00:00/315-02:26:51,26) [kworker/3:0H]
(root,0,0,00:01:56/315-02:26:51,27) [watchdog/4]
(root,0,0,00:00:53/315-02:26:51,28) [migration/4]
(root,0,0,00:00:12/315-02:26:51,29) [ksoftirqd/4]
(root,0,0,00:00:00/315-02:26:51,31) [kworker/4:0H]
(root,0,0,00:01:58/315-02:26:51,32) [watchdog/5]
(root,0,0,00:01:09/315-02:26:51,33) [migration/5]
(root,0,0,00:00:34/315-02:26:51,34) [ksoftirqd/5]
(root,0,0,00:00:00/315-02:26:51,36) [kworker/5:0H]
(root,0,0,00:01:56/315-02:26:51,37) [watchdog/6]
(root,0,0,00:00:55/315-02:26:51,38) [migration/6]
(root,0,0,00:00:22/315-02:26:51,39) [ksoftirqd/6]
(root,0,0,00:00:00/315-02:26:51,41) [kworker/6:0H]
(root,0,0,00:02:05/315-02:26:51,42) [watchdog/7]
(root,0,0,00:00:55/315-02:26:51,43) [migration/7]
(root,0,0,00:09:40/315-02:26:51,44) [ksoftirqd/7]
(root,0,0,00:00:00/315-02:26:51,46) [kworker/7:0H]
(root,0,0,00:00:00/315-02:26:51,48) [kdevtmpfs]
(root,0,0,00:00:00/315-02:26:51,49) [netns]
(root,0,0,00:00:21/315-02:26:51,50) [khungtaskd]
(root,0,0,00:00:00/315-02:26:51,51) [writeback]
(root,0,0,00:00:00/315-02:26:51,52) [kintegrityd]
(root,0,0,00:00:00/315-02:26:51,53) [bioset]
(root,0,0,00:00:00/315-02:26:51,54) [bioset]
(root,0,0,00:00:00/315-02:26:51,55) [bioset]
(root,0,0,00:00:00/315-02:26:51,56) [kblockd]
(root,0,0,00:00:00/315-02:26:51,57) [md]
(root,0,0,00:00:00/315-02:26:51,58) [edac-poller]
(root,0,0,00:00:00/315-02:26:51,59) [watchdogd]
(root,0,0,00:29:00/315-02:26:51,66) [kswapd0]
(root,0,0,00:00:00/315-02:26:51,67) [ksmd]
(root,0,0,00:01:09/315-02:26:51,68) [khugepaged]
(root,0,0,00:00:00/315-02:26:51,69) [crypto]
(root,0,0,00:00:00/315-02:26:51,77) [kthrotld]
(root,0,0,00:00:00/315-02:26:51,80) [kmpath_rdacd]
(root,0,0,00:00:00/315-02:26:51,81) [kaluad]
(root,0,0,00:00:00/315-02:26:51,82) [kpsmoused]
(root,0,0,00:00:00/315-02:26:51,84) [ipv6_addrconf]
(root,0,0,00:00:00/315-02:26:51,97) [deferwq]
(root,0,0,00:07:13/315-02:26:51,138) [kauditd]
(root,0,0,00:00:00/315-02:26:50,372) [ata_sff]
(root,0,0,00:00:00/315-02:26:50,404) [scsi_eh_0]
(root,0,0,00:00:00/315-02:26:50,405) [scsi_tmf_0]
(root,0,0,00:00:00/315-02:26:50,406) [scsi_eh_1]
(root,0,0,00:00:00/315-02:26:50,407) [scsi_tmf_1]
(root,0,0,00:00:00/315-02:26:50,408) [scsi_eh_2]
(root,0,0,00:00:00/315-02:26:50,409) [scsi_tmf_2]
(root,0,0,00:00:00/315-02:26:50,410) [scsi_eh_3]
(root,0,0,00:00:00/315-02:26:50,411) [scsi_tmf_3]
(root,0,0,00:00:00/315-02:26:50,412) [scsi_eh_4]
(root,0,0,00:00:00/315-02:26:50,413) [scsi_tmf_4]
(root,0,0,00:00:00/315-02:26:50,414) [scsi_eh_5]
(root,0,0,00:00:00/315-02:26:50,415) [scsi_tmf_5]
(root,0,0,00:00:00/315-02:26:48,488) [kdmflush]
(root,0,0,00:00:00/315-02:26:48,489) [bioset]
(root,0,0,00:00:10/315-02:26:48,506) [kworker/0:1H]
(root,0,0,00:44:01/315-02:26:48,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/315-02:26:48,514) [ext4-rsv-conver]
(root,0,0,00:00:01/315-02:26:45,628) [kworker/3:1H]
(root,0,0,00:00:00/315-02:26:45,674) [irq/125-mei_me]
(root,0,0,00:00:01/315-02:26:45,678) [kworker/6:1H]
(root,0,0,00:00:01/315-02:26:45,680) [kworker/5:1H]
(root,0,0,00:00:04/315-02:26:45,682) [kworker/1:1H]
(root,0,0,00:00:00/315-02:26:45,687) [kvm-irqfd-clean]
(root,0,0,00:00:02/315-02:26:44,704) [kworker/2:1H]
(root,0,0,00:02:15/315-02:26:43,713) [jbd2/sda3-8]
(root,0,0,00:00:00/315-02:26:43,714) [ext4-rsv-conver]
(root,0,0,00:00:00/315-02:26:43,716) [jbd2/sda2-8]
(root,0,0,00:00:00/315-02:26:43,717) [ext4-rsv-conver]
(root,0,0,00:05:13/315-02:26:43,722) [jbd2/sdb-8]
(root,0,0,00:00:00/315-02:26:43,723) [ext4-rsv-conver]
(root,0,0,00:00:01/315-02:26:42,742) [kworker/4:1H]
(root,55532,516,00:15:50/315-02:26:41,747) /sbin/auditd
(dbus,58236,1360,01:07:48/315-02:26:40,795) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,0,0,00:17:36/315-02:26:39,1040) [kworker/7:1H]
(root,167288,4200,00:13:46/315-02:26:31,1704) dnsadmin - dormant mode
(root,214780,19212,02:45:16/315-02:26:31,1706) tailwatchd
(root,183604,6564,00:07:34/315-02:26:31,1707) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,0,0,00:00:05/18:01:47,1932) [kworker/0:1]
(root,0,0,00:00:00/08:46:47,4989) [kworker/2:1]
(root,3108,40,00:00:45/136-06:51:34,6995) /usr/bin/RCdaemon
(root,233292,15060,00:04:56/34-13:27:56,7392) /usr/sbin/httpd -k start
(nobody,3093180,28544,00:00:44/4-19:22:39,7706) /usr/sbin/httpd -k start
(root,0,0,00:00:00/01:34:14,8304) [kworker/u16:0]
(root,0,0,00:00:00/01:31:47,8658) [kworker/5:1]
(root,24208,604,00:00:00/217-20:33:44,9564) /usr/sbin/atd -f
(root,0,0,00:00:00/04:50:46,10525) [kworker/4:0]
(root,0,0,00:00:00/01:11:46,11890) [kworker/6:2]
(root,0,0,00:00:01/23:02:08,13832) [kworker/6:1]
(root,132960,4548,00:00:00/45:46,15861) ConfigServer Version Check
(root,108052,360,00:00:00/45:46,15870) sleep 16018
(root,0,0,00:00:00/40:45,16747) [kworker/7:1]
(root,0,0,00:00:00/14:02:07,17072) [kworker/5:2]
(root,267284,116128,00:00:01/10:54:14,17643) spamd child
(root,0,0,00:00:01/19:23:46,18125) [kworker/3:2]
(root,223264,43080,00:00:00/34:32,18146) spamd child
(mysql,4536220,869892,05:54:11/127-00:53:08,18332) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,0,0,00:00:00/31:46,18625) [kworker/3:0]
(root,12732,1364,00:00:06/5-14:09:31,19564) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12736,1380,00:00:06/5-14:09:31,19565) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(dovenull,56260,14100,00:02:52/5-14:09:31,19566) dovecot/pop3-login
(dovenull,53316,10684,00:08:12/5-14:09:31,19567) dovecot/imap-login
(root,10524,1612,00:00:54/5-14:09:31,19568) dovecot/log
(dovenull,48140,6028,00:00:15/5-14:09:31,19569) dovecot/pop3-login
(dovenull,51552,9028,00:02:59/5-14:09:31,19570) dovecot/imap-login
(root,15776,3188,00:01:27/5-14:09:31,19571) dovecot/config
(dovecot,47800,3300,00:01:16/5-14:09:31,19572) dovecot/stats
(dovecot,72104,5688,00:04:21/5-14:09:31,19573) dovecot/auth
(nobody,233292,4024,00:00:00/5-14:09:31,19574) /usr/sbin/httpd -k start
(root,53088,11840,00:00:00/5-14:09:31,19575) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3093180,29316,00:00:50/5-14:09:31,19576) /usr/sbin/httpd -k start
(nobody,3158716,28776,00:00:51/5-14:09:31,19577) /usr/sbin/httpd -k start
(nobody,3093180,29076,00:00:50/5-14:09:30,19689) /usr/sbin/httpd -k start
(root,178504,29012,00:00:06/03:51:46,19761) lfd - sleeping
(root,0,0,00:00:00/24:47,19816) [kworker/2:2]
(nobody,3158716,29060,00:00:52/5-14:08:33,19965) /usr/sbin/httpd -k start
(root,0,0,00:00:00/22:14,20194) [kworker/u16:2]
(root,0,0,00:00:00/21:46,20333) [kworker/4:2]
(root,28844,2320,00:00:00/20:50,20494) dovecot/quota-status -p postfix
(dovecot,10780,1920,00:00:39/5-14:05:05,21048) dovecot/imap-hibernate
(root,0,0,00:00:00/16:47,21122) [kworker/7:0]
(named,759180,7864,01:00:56/134-18:26:27,21481) /usr/sbin/named -u named -c /etc/named.conf
(chrony,97380,1468,00:00:35/134-18:24:59,22618) /usr/sbin/chronyd
(root,27380,872,00:01:30/134-18:24:54,22646) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,70788,4204,00:00:00/05:42,22719) dovecot/auth -w
(root,111300,3408,00:08:40/134-18:24:41,22813) /usr/sbin/sshd -D
(root,2341140,1430292,02:47:07/134-18:24:36,22836) /usr/local/cpanel/3rdparty/bin/clamd -F
(mailnull,86940,13028,00:08:57/134-18:23:46,23010) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51592,2336,00:46:02/134-18:23:43,23032) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1200,00:14:53/134-18:23:43,23038) dovecot/anvil
(polkitd,610668,2876,00:10:13/134-18:23:40,23061) /usr/lib/polkit-1/polkitd --no-debug
(root,0,0,00:00:00/02:07,23178) [kworker/7:2]
(root,0,0,00:00:00/02:06,23221) [kworker/4:1]
(root,0,0,00:00:00/01:47,23358) [kworker/1:2]
(scliegyp,38136,3840,00:00:00/00:10,23532) dovecot/imap
(scliegyp,38288,3988,00:00:00/00:06,23535) dovecot/imap
(mailnull,87328,9992,00:00:00/00:00,23718) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:00/00:00,23740) [cpsrvd (SSL) - ] <defunct>
(root,113500,1624,00:00:00/00:00,23741) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,23759) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,23760) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,108292,624,00:00:00/217-20:31:07,24969) /sbin/agetty --noclear tty1 linux
(root,124504,1392,00:04:23/217-20:30:32,25238) /usr/sbin/crond -n
(root,21540,960,00:58:44/217-20:30:25,25358) /usr/sbin/irqbalance --foreground
(root,228940,22936,00:14:19/50-03:49:36,25617) cpsrvd (SSL) - waiting for connections                   
(root,25288,2336,00:17:37/169-18:27:28,25923) /usr/lib/systemd/systemd-logind
(root,1027472,18864,00:50:39/169-18:27:20,25996) /usr/sbin/rsyslogd -n
(root,42912,828,00:00:00/169-18:27:11,26125) /usr/sbin/lvmetad -f
(root,92728,45880,01:31:21/169-18:26:43,26284) /usr/lib/systemd/systemd-journald
(root,43528,932,00:00:00/169-18:26:32,26391) /usr/lib/systemd/systemd-udevd
(root,52900,2240,00:00:10/169-18:26:31,26407) /usr/sbin/smartd -n -q never
(root,290616,5468,00:00:24/6-01:14:19,26536) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,366000,16400,00:00:07/6-01:14:18,26560) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,382236,38060,00:05:40/6-01:14:16,26662) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,372020,28856,00:00:08/6-01:14:16,26666) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,228996,8768,00:02:54/96-14:09:56,28951) queueprocd - waiting up to 60s to process a task
(nscd,1670368,2792,00:24:32/96-14:03:30,29094) /usr/sbin/nscd
(root,0,0,00:00:00/02:51:46,29158) [kworker/1:1]
(cpanelconnecttrack,9904,3120,09:57:43/96-14:02:47,29332) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,130156,2284,00:00:32/96-14:02:47,29372) cpanellogd - sleeping for logs
(root,0,0,00:00:00/13:02:08,29484) [kworker/1:0]
(root,223264,45100,00:32:26/96-14:01:22,30251) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,128508,508,00:00:00/187-04:54:30,30546) SCREEN
(root,114712,1448,00:00:00/187-04:54:30,30547) /bin/bash
(root,0,0,00:00:00/02:31:47,32051) [kworker/0:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-02-21 02:51

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10bfccbbbd

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191460,3832,03:32:31/303-21:19:41,1) /usr/lib/systemd/systemd --system --deserialize 21
(root,0,0,00:00:05/303-21:19:41,2) [kthreadd]
(root,0,0,00:00:00/303-21:19:41,4) [kworker/0:0H]
(root,0,0,00:12:10/303-21:19:41,6) [ksoftirqd/0]
(root,0,0,00:00:02/303-21:19:41,7) [migration/0]
(root,0,0,00:00:00/303-21:19:41,8) [rcu_bh]
(root,0,0,03:31:39/303-21:19:41,9) [rcu_sched]
(root,0,0,00:00:00/303-21:19:41,10) [lru-add-drain]
(root,0,0,00:02:11/303-21:19:41,11) [watchdog/0]
(root,0,0,00:01:57/303-21:19:41,12) [watchdog/1]
(root,0,0,00:00:01/303-21:19:41,13) [migration/1]
(root,0,0,00:00:10/303-21:19:41,14) [ksoftirqd/1]
(root,0,0,00:00:00/303-21:19:41,16) [kworker/1:0H]
(root,0,0,00:01:58/303-21:19:41,17) [watchdog/2]
(root,0,0,00:00:01/303-21:19:41,18) [migration/2]
(root,0,0,00:00:09/303-21:19:41,19) [ksoftirqd/2]
(root,0,0,00:00:00/303-21:19:41,21) [kworker/2:0H]
(root,0,0,00:02:01/303-21:19:41,22) [watchdog/3]
(root,0,0,00:00:01/303-21:19:41,23) [migration/3]
(root,0,0,00:00:09/303-21:19:41,24) [ksoftirqd/3]
(root,0,0,00:00:00/303-21:19:41,26) [kworker/3:0H]
(root,0,0,00:01:51/303-21:19:41,27) [watchdog/4]
(root,0,0,00:00:51/303-21:19:41,28) [migration/4]
(root,0,0,00:00:12/303-21:19:41,29) [ksoftirqd/4]
(root,0,0,00:00:00/303-21:19:41,31) [kworker/4:0H]
(root,0,0,00:01:54/303-21:19:41,32) [watchdog/5]
(root,0,0,00:01:06/303-21:19:41,33) [migration/5]
(root,0,0,00:00:34/303-21:19:41,34) [ksoftirqd/5]
(root,0,0,00:00:00/303-21:19:41,36) [kworker/5:0H]
(root,0,0,00:01:52/303-21:19:41,37) [watchdog/6]
(root,0,0,00:00:53/303-21:19:41,38) [migration/6]
(root,0,0,00:00:22/303-21:19:41,39) [ksoftirqd/6]
(root,0,0,00:00:00/303-21:19:41,41) [kworker/6:0H]
(root,0,0,00:02:00/303-21:19:41,42) [watchdog/7]
(root,0,0,00:00:53/303-21:19:41,43) [migration/7]
(root,0,0,00:09:18/303-21:19:41,44) [ksoftirqd/7]
(root,0,0,00:00:00/303-21:19:41,46) [kworker/7:0H]
(root,0,0,00:00:00/303-21:19:41,48) [kdevtmpfs]
(root,0,0,00:00:00/303-21:19:41,49) [netns]
(root,0,0,00:00:21/303-21:19:41,50) [khungtaskd]
(root,0,0,00:00:00/303-21:19:41,51) [writeback]
(root,0,0,00:00:00/303-21:19:41,52) [kintegrityd]
(root,0,0,00:00:00/303-21:19:41,53) [bioset]
(root,0,0,00:00:00/303-21:19:41,54) [bioset]
(root,0,0,00:00:00/303-21:19:41,55) [bioset]
(root,0,0,00:00:00/303-21:19:41,56) [kblockd]
(root,0,0,00:00:00/303-21:19:41,57) [md]
(root,0,0,00:00:00/303-21:19:41,58) [edac-poller]
(root,0,0,00:00:00/303-21:19:41,59) [watchdogd]
(root,0,0,00:27:50/303-21:19:41,66) [kswapd0]
(root,0,0,00:00:00/303-21:19:41,67) [ksmd]
(root,0,0,00:01:07/303-21:19:41,68) [khugepaged]
(root,0,0,00:00:00/303-21:19:41,69) [crypto]
(root,0,0,00:00:00/303-21:19:41,77) [kthrotld]
(root,0,0,00:00:00/303-21:19:41,80) [kmpath_rdacd]
(root,0,0,00:00:00/303-21:19:41,81) [kaluad]
(root,0,0,00:00:00/303-21:19:41,82) [kpsmoused]
(root,0,0,00:00:00/303-21:19:41,84) [ipv6_addrconf]
(root,0,0,00:00:00/303-21:19:41,97) [deferwq]
(root,0,0,00:06:46/303-21:19:41,138) [kauditd]
(root,0,0,00:00:00/303-21:19:40,372) [ata_sff]
(root,0,0,00:00:00/303-21:19:40,404) [scsi_eh_0]
(root,0,0,00:00:00/303-21:19:40,405) [scsi_tmf_0]
(root,0,0,00:00:00/303-21:19:40,406) [scsi_eh_1]
(root,0,0,00:00:00/303-21:19:40,407) [scsi_tmf_1]
(root,0,0,00:00:00/303-21:19:40,408) [scsi_eh_2]
(root,0,0,00:00:00/303-21:19:40,409) [scsi_tmf_2]
(root,0,0,00:00:00/303-21:19:40,410) [scsi_eh_3]
(root,0,0,00:00:00/303-21:19:40,411) [scsi_tmf_3]
(root,0,0,00:00:00/303-21:19:40,412) [scsi_eh_4]
(root,0,0,00:00:00/303-21:19:40,413) [scsi_tmf_4]
(root,0,0,00:00:00/303-21:19:40,414) [scsi_eh_5]
(root,0,0,00:00:00/303-21:19:40,415) [scsi_tmf_5]
(root,0,0,00:00:00/303-21:19:38,488) [kdmflush]
(root,0,0,00:00:00/303-21:19:38,489) [bioset]
(root,0,0,00:00:09/303-21:19:38,506) [kworker/0:1H]
(root,0,0,00:42:25/303-21:19:38,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/303-21:19:38,514) [ext4-rsv-conver]
(root,0,0,00:00:01/303-21:19:35,628) [kworker/3:1H]
(root,0,0,00:00:00/303-21:19:35,674) [irq/125-mei_me]
(root,0,0,00:00:01/303-21:19:35,678) [kworker/6:1H]
(root,0,0,00:00:01/303-21:19:35,680) [kworker/5:1H]
(root,0,0,00:00:04/303-21:19:35,682) [kworker/1:1H]
(root,0,0,00:00:00/303-21:19:35,687) [kvm-irqfd-clean]
(root,0,0,00:00:02/303-21:19:34,704) [kworker/2:1H]
(root,0,0,00:02:10/303-21:19:33,713) [jbd2/sda3-8]
(root,0,0,00:00:00/303-21:19:33,714) [ext4-rsv-conver]
(root,0,0,00:00:00/303-21:19:33,716) [jbd2/sda2-8]
(root,0,0,00:00:00/303-21:19:33,717) [ext4-rsv-conver]
(root,0,0,00:04:59/303-21:19:33,722) [jbd2/sdb-8]
(root,0,0,00:00:00/303-21:19:33,723) [ext4-rsv-conver]
(root,0,0,00:00:01/303-21:19:32,742) [kworker/4:1H]
(root,55532,516,00:14:50/303-21:19:31,747) /sbin/auditd
(dbus,58236,1360,01:05:24/303-21:19:30,795) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,0,0,00:16:55/303-21:19:29,1040) [kworker/7:1H]
(root,167288,4192,00:13:16/303-21:19:21,1704) dnsadmin - dormant mode
(root,214780,19264,02:35:41/303-21:19:21,1706) tailwatchd
(root,183604,6556,00:07:14/303-21:19:21,1707) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,0,0,00:00:00/01:34:36,2249) [kworker/1:2]
(root,0,0,00:00:00/04:55:00,3092) [kworker/5:1]
(root,0,0,00:00:03/13:59:37,3871) [kworker/0:1]
(root,0,0,00:00:00/01:09:36,6032) [kworker/5:2]
(root,0,0,00:00:00/01:06:39,6354) [kworker/u16:1]
(root,3108,40,00:00:42/125-01:44:24,6995) /usr/bin/RCdaemon
(root,233164,14548,00:03:20/23-08:20:46,7392) /usr/sbin/httpd -k start
(root,0,0,00:00:01/2-00:29:37,7851) [kworker/4:0]
(root,0,0,00:00:01/16:39:37,8840) [kworker/1:0]
(root,24208,604,00:00:00/206-15:26:34,9564) /usr/sbin/atd -f
(root,0,0,00:00:00/44:36,9885) [kworker/2:0]
(root,0,0,00:00:00/37:13,11006) [kworker/7:1]
(root,0,0,00:00:00/34:37,11504) [kworker/0:2]
(scliegyp,38900,4140,00:00:00/31:39,11942) dovecot/imap
(root,244728,92208,00:00:14/07:25:59,12205) spamd child
(root,0,0,00:00:00/24:37,13214) [kworker/7:2]
(root,0,0,00:00:00/24:37,13242) [kworker/6:1]
(root,179164,29576,00:00:42/22:44:36,13966) lfd - sleeping
(root,244484,92748,00:00:19/12:56:38,14927) spamd child
(root,0,0,00:00:00/03:39:37,14946) [kworker/3:1]
(root,0,0,00:00:00/14:37,15003) [kworker/3:0]
(root,0,0,00:00:00/12:55:00,15341) [kworker/6:0]
(root,12732,1364,00:00:12/8-18:02:14,15495) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12736,1376,00:00:11/8-18:02:14,15496) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,233164,3328,00:00:00/8-18:02:14,15497) /usr/sbin/httpd -k start
(root,53088,11772,00:00:00/8-18:02:14,15498) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(dovenull,48844,6812,00:00:34/8-18:02:14,15607) dovecot/pop3-login
(dovenull,53840,10836,00:12:17/8-18:02:14,15608) dovecot/imap-login
(root,10404,1492,00:01:34/8-18:02:14,15609) dovecot/log
(dovenull,62000,19912,00:05:30/8-18:02:14,15610) dovecot/pop3-login
(dovenull,50228,7964,00:03:00/8-18:02:14,15611) dovecot/imap-login
(root,16008,3344,00:02:43/8-18:02:14,15612) dovecot/config
(dovecot,48168,3788,00:02:08/8-18:02:14,15613) dovecot/stats
(dovecot,72056,5588,00:06:20/8-18:02:14,15614) dovecot/auth
(dovecot,10780,1944,00:01:02/8-18:00:59,15917) dovecot/imap-hibernate
(root,0,0,00:00:00/04:37,16676) [kworker/3:2]
(root,0,0,00:00:00/03:37,16851) [kworker/7:0]
(root,70788,4180,00:00:00/01:39,17095) dovecot/auth -w
(root,0,0,00:00:00/00:16,17234) [cpsrvd (SSL) - ] <defunct>
(scliegyp,38092,3604,00:00:00/00:07,17240) dovecot/imap
(scliegyp,38080,3772,00:00:00/00:07,17241) dovecot/imap
(scliegyp,38024,3672,00:00:00/00:01,17248) dovecot/imap
(scliegyp,38060,3800,00:00:00/00:00,17336) dovecot/imap
(root,113500,1620,00:00:00/00:00,17337) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,17355) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,17356) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(mysql,4536220,890164,05:19:21/115-19:45:58,18332) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(named,759180,7748,00:56:18/123-13:19:17,21481) /usr/sbin/named -u named -c /etc/named.conf
(chrony,97380,1464,00:00:33/123-13:17:49,22618) /usr/sbin/chronyd
(root,27380,872,00:01:23/123-13:17:44,22646) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,111300,3408,00:07:47/123-13:17:31,22813) /usr/sbin/sshd -D
(root,2339996,1448512,02:32:58/123-13:17:26,22836) /usr/local/cpanel/3rdparty/bin/clamd -F
(mailnull,86936,13020,00:07:24/123-13:16:36,23010) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51640,2324,00:41:43/123-13:16:33,23032) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1200,00:13:17/123-13:16:33,23038) dovecot/anvil
(polkitd,610668,2876,00:09:21/123-13:16:30,23061) /usr/lib/polkit-1/polkitd --no-debug
(root,0,0,00:00:00/02:44:37,24013) [kworker/4:2]
(nobody,3158644,25124,00:00:27/2-05:39:31,24333) /usr/sbin/httpd -k start
(nobody,3093108,24924,00:00:28/2-05:39:30,24386) /usr/sbin/httpd -k start
(nobody,3027572,24960,00:00:29/2-05:39:29,24441) /usr/sbin/httpd -k start
(root,108292,624,00:00:00/206-15:23:57,24969) /sbin/agetty --noclear tty1 linux
(root,290616,5364,00:00:26/6-17:33:11,25197) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,366000,18936,00:00:08/6-17:33:11,25222) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(root,124504,1388,00:04:09/206-15:23:22,25238) /usr/sbin/crond -n
(wp-toolkit,382236,38064,00:06:19/6-17:33:09,25304) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,372020,28860,00:00:08/6-17:33:09,25308) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,21540,960,00:55:43/206-15:23:15,25358) /usr/sbin/irqbalance --foreground
(root,228940,23188,00:09:53/38-22:42:26,25617) cpsrvd (SSL) - waiting for connections                   
(root,25288,2336,00:16:27/158-13:20:18,25923) /usr/lib/systemd/systemd-logind
(root,1018516,9664,00:46:39/158-13:20:10,25996) /usr/sbin/rsyslogd -n
(root,42912,828,00:00:00/158-13:20:01,26125) /usr/sbin/lvmetad -f
(root,47632,11296,01:23:52/158-13:19:33,26284) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:00/05:55:00,26343) [kworker/2:1]
(root,43528,932,00:00:00/158-13:19:22,26391) /usr/lib/systemd/systemd-udevd
(root,52900,2240,00:00:10/158-13:19:21,26407) /usr/sbin/smartd -n -q never
(root,0,0,00:00:00/02:28:02,26700) [kworker/u16:0]
(root,228996,8936,00:02:34/85-09:02:46,28951) queueprocd - waiting up to 60s to process a task
(nscd,1670368,2744,00:21:21/85-08:56:20,29094) /usr/sbin/nscd
(cpanelconnecttrack,9796,3016,08:47:20/85-08:55:37,29332) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,130156,2284,00:00:28/85-08:55:37,29372) cpanellogd - sleeping for logs
(root,223264,45140,00:28:41/85-08:54:12,30251) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,128508,508,00:00:00/175-23:47:20,30546) SCREEN
(root,114712,1448,00:00:00/175-23:47:20,30547) /bin/bash
(nobody,3027572,22988,00:00:12/1-00:12:10,31699) /usr/sbin/httpd -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-02-09 21:44

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10e8643098

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191460,3816,03:28:44/296-13:30:07,1) /usr/lib/systemd/systemd --system --deserialize 21
(root,0,0,00:00:05/296-13:30:07,2) [kthreadd]
(root,0,0,00:00:00/296-13:30:07,4) [kworker/0:0H]
(root,0,0,00:11:28/296-13:30:07,6) [ksoftirqd/0]
(root,0,0,00:00:02/296-13:30:07,7) [migration/0]
(root,0,0,00:00:00/296-13:30:07,8) [rcu_bh]
(root,0,0,03:26:09/296-13:30:07,9) [rcu_sched]
(root,0,0,00:00:00/296-13:30:07,10) [lru-add-drain]
(root,0,0,00:02:07/296-13:30:07,11) [watchdog/0]
(root,0,0,00:01:54/296-13:30:07,12) [watchdog/1]
(root,0,0,00:00:01/296-13:30:07,13) [migration/1]
(root,0,0,00:00:09/296-13:30:07,14) [ksoftirqd/1]
(root,0,0,00:00:00/296-13:30:07,16) [kworker/1:0H]
(root,0,0,00:01:55/296-13:30:07,17) [watchdog/2]
(root,0,0,00:00:01/296-13:30:07,18) [migration/2]
(root,0,0,00:00:09/296-13:30:07,19) [ksoftirqd/2]
(root,0,0,00:00:00/296-13:30:07,21) [kworker/2:0H]
(root,0,0,00:01:58/296-13:30:07,22) [watchdog/3]
(root,0,0,00:00:01/296-13:30:07,23) [migration/3]
(root,0,0,00:00:08/296-13:30:07,24) [ksoftirqd/3]
(root,0,0,00:00:00/296-13:30:07,26) [kworker/3:0H]
(root,0,0,00:01:49/296-13:30:07,27) [watchdog/4]
(root,0,0,00:00:50/296-13:30:07,28) [migration/4]
(root,0,0,00:00:12/296-13:30:07,29) [ksoftirqd/4]
(root,0,0,00:00:00/296-13:30:07,31) [kworker/4:0H]
(root,0,0,00:01:51/296-13:30:07,32) [watchdog/5]
(root,0,0,00:01:04/296-13:30:07,33) [migration/5]
(root,0,0,00:00:33/296-13:30:07,34) [ksoftirqd/5]
(root,0,0,00:00:00/296-13:30:07,36) [kworker/5:0H]
(root,0,0,00:01:49/296-13:30:07,37) [watchdog/6]
(root,0,0,00:00:51/296-13:30:07,38) [migration/6]
(root,0,0,00:00:21/296-13:30:07,39) [ksoftirqd/6]
(root,0,0,00:00:00/296-13:30:07,41) [kworker/6:0H]
(root,0,0,00:01:57/296-13:30:07,42) [watchdog/7]
(root,0,0,00:00:51/296-13:30:07,43) [migration/7]
(root,0,0,00:09:04/296-13:30:07,44) [ksoftirqd/7]
(root,0,0,00:00:00/296-13:30:07,46) [kworker/7:0H]
(root,0,0,00:00:00/296-13:30:07,48) [kdevtmpfs]
(root,0,0,00:00:00/296-13:30:07,49) [netns]
(root,0,0,00:00:20/296-13:30:07,50) [khungtaskd]
(root,0,0,00:00:00/296-13:30:07,51) [writeback]
(root,0,0,00:00:00/296-13:30:07,52) [kintegrityd]
(root,0,0,00:00:00/296-13:30:07,53) [bioset]
(root,0,0,00:00:00/296-13:30:07,54) [bioset]
(root,0,0,00:00:00/296-13:30:07,55) [bioset]
(root,0,0,00:00:00/296-13:30:07,56) [kblockd]
(root,0,0,00:00:00/296-13:30:07,57) [md]
(root,0,0,00:00:00/296-13:30:07,58) [edac-poller]
(root,0,0,00:00:00/296-13:30:07,59) [watchdogd]
(root,0,0,00:27:12/296-13:30:07,66) [kswapd0]
(root,0,0,00:00:00/296-13:30:07,67) [ksmd]
(root,0,0,00:01:05/296-13:30:07,68) [khugepaged]
(root,0,0,00:00:00/296-13:30:07,69) [crypto]
(root,0,0,00:00:00/296-13:30:07,77) [kthrotld]
(root,0,0,00:00:00/296-13:30:07,80) [kmpath_rdacd]
(root,0,0,00:00:00/296-13:30:07,81) [kaluad]
(root,0,0,00:00:00/296-13:30:07,82) [kpsmoused]
(root,0,0,00:00:00/296-13:30:07,84) [ipv6_addrconf]
(root,0,0,00:00:00/296-13:30:07,97) [deferwq]
(root,0,0,00:06:22/296-13:30:07,138) [kauditd]
(root,0,0,00:00:00/296-13:30:06,372) [ata_sff]
(root,0,0,00:00:00/296-13:30:06,404) [scsi_eh_0]
(root,0,0,00:00:00/296-13:30:06,405) [scsi_tmf_0]
(root,0,0,00:00:00/296-13:30:06,406) [scsi_eh_1]
(root,0,0,00:00:00/296-13:30:06,407) [scsi_tmf_1]
(root,0,0,00:00:00/296-13:30:06,408) [scsi_eh_2]
(root,0,0,00:00:00/296-13:30:06,409) [scsi_tmf_2]
(root,0,0,00:00:00/296-13:30:06,410) [scsi_eh_3]
(root,0,0,00:00:00/296-13:30:06,411) [scsi_tmf_3]
(root,0,0,00:00:00/296-13:30:06,412) [scsi_eh_4]
(root,0,0,00:00:00/296-13:30:06,413) [scsi_tmf_4]
(root,0,0,00:00:00/296-13:30:06,414) [scsi_eh_5]
(root,0,0,00:00:00/296-13:30:06,415) [scsi_tmf_5]
(root,0,0,00:00:00/296-13:30:04,488) [kdmflush]
(root,0,0,00:00:00/296-13:30:04,489) [bioset]
(root,0,0,00:00:09/296-13:30:04,506) [kworker/0:1H]
(root,0,0,00:41:22/296-13:30:04,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/296-13:30:04,514) [ext4-rsv-conver]
(root,0,0,00:00:01/296-13:30:01,628) [kworker/3:1H]
(root,0,0,00:00:00/296-13:30:01,674) [irq/125-mei_me]
(root,0,0,00:00:01/296-13:30:01,678) [kworker/6:1H]
(root,0,0,00:00:01/296-13:30:01,680) [kworker/5:1H]
(root,0,0,00:00:04/296-13:30:01,682) [kworker/1:1H]
(root,0,0,00:00:00/296-13:30:01,687) [kvm-irqfd-clean]
(root,0,0,00:00:02/296-13:30:00,704) [kworker/2:1H]
(root,0,0,00:02:06/296-13:29:59,713) [jbd2/sda3-8]
(root,0,0,00:00:00/296-13:29:59,714) [ext4-rsv-conver]
(root,0,0,00:00:00/296-13:29:59,716) [jbd2/sda2-8]
(root,0,0,00:00:00/296-13:29:59,717) [ext4-rsv-conver]
(root,0,0,00:04:52/296-13:29:59,722) [jbd2/sdb-8]
(root,0,0,00:00:00/296-13:29:59,723) [ext4-rsv-conver]
(root,0,0,00:00:01/296-13:29:58,742) [kworker/4:1H]
(root,55532,516,00:13:58/296-13:29:57,747) /sbin/auditd
(dbus,58236,1352,01:03:51/296-13:29:56,795) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,0,0,00:16:29/296-13:29:55,1040) [kworker/7:1H]
(root,167288,4200,00:12:57/296-13:29:47,1704) dnsadmin - dormant mode
(root,214780,19256,02:30:37/296-13:29:47,1706) tailwatchd
(root,183604,6560,00:06:59/296-13:29:47,1707) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,0,0,00:00:00/16:25:01,2156) [kworker/5:2]
(root,0,0,00:00:00/01:45:03,3193) [kworker/2:2]
(root,0,0,00:00:02/1-11:20:02,4451) [kworker/2:0]
(root,241304,88792,00:00:06/01:34:33,5172) spamd child
(root,3108,40,00:00:39/117-17:54:50,6995) /usr/bin/RCdaemon
(root,233164,15340,00:02:17/16-00:31:12,7392) /usr/sbin/httpd -k start
(root,0,0,00:00:00/01:15:03,9461) [kworker/6:0]
(root,24208,604,00:00:00/199-07:37:00,9564) /usr/sbin/atd -f
(root,0,0,00:00:00/04:05:03,9734) [kworker/4:1]
(root,258284,106520,00:00:11/19:07:35,9893) spamd child
(root,0,0,00:00:00/01:05:05,11261) [kworker/7:0]
(root,0,0,00:00:00/01:05:03,11273) [kworker/4:2]
(root,0,0,00:00:00/54:03,13601) [kworker/1:0]
(root,12736,1364,00:00:01/1-10:12:40,15495) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12744,1376,00:00:01/1-10:12:40,15496) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,233164,4232,00:00:00/1-10:12:40,15497) /usr/sbin/httpd -k start
(root,53088,11772,00:00:00/1-10:12:40,15498) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3093108,23048,00:00:14/1-10:12:40,15499) /usr/sbin/httpd -k start
(nobody,3224180,25064,00:00:14/1-10:12:40,15500) /usr/sbin/httpd -k start
(dovenull,48100,5628,00:00:09/1-10:12:40,15607) dovecot/pop3-login
(dovenull,53464,10228,00:01:39/1-10:12:40,15608) dovecot/imap-login
(root,10404,1496,00:00:19/1-10:12:40,15609) dovecot/log
(dovenull,50340,8264,00:01:06/1-10:12:40,15610) dovecot/pop3-login
(dovenull,49364,7184,00:00:26/1-10:12:40,15611) dovecot/imap-login
(root,16008,3392,00:00:41/1-10:12:40,15612) dovecot/config
(dovecot,48168,3812,00:00:23/1-10:12:40,15613) dovecot/stats
(dovecot,72056,5576,00:01:12/1-10:12:40,15614) dovecot/auth
(nobody,2962036,23552,00:00:14/1-10:12:39,15615) /usr/sbin/httpd -k start
(nobody,3093108,23948,00:00:15/1-10:12:06,15758) /usr/sbin/httpd -k start
(dovecot,10780,1952,00:00:10/1-10:11:25,15917) dovecot/imap-hibernate
(root,179000,29472,00:00:31/14:55:03,16100) lfd - sleeping
(root,0,0,00:00:00/40:57,16245) [kworker/u16:0]
(mysql,4536220,876528,04:57:04/108-11:56:24,18332) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(scliegyp,38880,4124,00:00:00/24:54,19461) dovecot/imap
(root,0,0,00:00:00/20:02,20422) [kworker/5:1]
(root,0,0,00:00:00/03:05:05,20908) [kworker/1:1]
(named,759180,8072,00:53:19/116-05:29:43,21481) /usr/sbin/named -u named -c /etc/named.conf
(root,0,0,00:00:00/15:03,21518) [kworker/0:2]
(root,0,0,00:00:00/14:18,21594) [kworker/u16:2]
(root,70788,4212,00:00:00/14:14,21673) dovecot/auth -w
(root,0,0,00:00:00/10:37,22303) [kworker/7:1]
(root,290616,5064,00:01:04/16-07:54:31,22393) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,366000,6128,00:00:22/16-07:54:31,22417) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,382236,22356,00:15:21/16-07:54:28,22496) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,372020,15356,00:00:21/16-07:54:28,22500) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(chrony,97380,1464,00:00:31/116-05:28:15,22618) /usr/sbin/chronyd
(root,27380,872,00:01:18/116-05:28:10,22646) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,0,0,00:00:00/02:55:03,22782) [kworker/0:0]
(root,111300,3408,00:06:59/116-05:27:57,22813) /usr/sbin/sshd -D
(root,2273672,1408892,02:24:01/116-05:27:52,22836) /usr/local/cpanel/3rdparty/bin/clamd -F
(mailnull,86936,12852,00:07:11/116-05:27:02,23010) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51640,2324,00:38:53/116-05:26:59,23032) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1200,00:12:24/116-05:26:59,23038) dovecot/anvil
(polkitd,610668,2828,00:08:47/116-05:26:56,23061) /usr/lib/polkit-1/polkitd --no-debug
(scliegyp,32492,3812,00:00:01/05:26,23200) dovecot/pop3
(root,0,0,00:00:00/05:03,23424) [kworker/3:2]
(root,0,0,00:00:00/04:05,23611) [kworker/u16:1]
(scliegyp,29056,2580,00:00:00/01:53,24005) dovecot/quota-status -p postfix
(scliegyp,64100,6636,00:00:00/01:52,24015) dovecot/lmtp
(root,0,0,00:00:00/00:32,24187) [kworker/7:2]
(scliegyp,38328,4024,00:00:00/00:30,24189) dovecot/imap
(scliegyp,38076,3776,00:00:00/00:22,24193) dovecot/imap
(mailnull,87124,10760,00:00:00/00:06,24277) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:00/00:06,24278) [cpsrvd (SSL) - ] <defunct>
(root,185136,2416,00:00:00/00:02,24284) /usr/sbin/CROND -n
(root,185136,2420,00:00:00/00:02,24287) /usr/sbin/CROND -n
(root,113280,1208,00:00:00/00:02,24289) /bin/sh -c    imunify360-agent malware on-demand check-detached > /dev/null 2>&1  || :
(root,113280,1208,00:00:00/00:02,24291) /bin/sh -c /usr/local/cpanel/scripts/dcpumon-wrapper >/dev/null 2>&1
(root,263292,26816,00:00:00/00:02,24293) /opt/alt/python38/bin/python3 /usr/bin/imunify360-agent malware on-demand check-detached
(root,187792,10720,00:00:00/00:02,24294) /usr/local/cpanel/bin/dcpumon
(root,160220,2316,00:00:00/00:02,24363) top -n 2 -b -c
(root,113500,1620,00:00:00/00:01,24466) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,24484) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,24485) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:01/1-03:05:03,24578) [kworker/6:1]
(root,108292,624,00:00:00/199-07:34:23,24969) /sbin/agetty --noclear tty1 linux
(root,124504,1388,00:04:00/199-07:33:48,25238) /usr/sbin/crond -n
(root,21540,960,00:53:46/199-07:33:41,25358) /usr/sbin/irqbalance --foreground
(root,228940,23420,00:08:14/31-14:52:52,25617) cpsrvd (SSL) - waiting for connections                   
(root,25288,2332,00:15:41/151-05:30:44,25923) /usr/lib/systemd/systemd-logind
(root,1019280,10744,00:43:45/151-05:30:36,25996) /usr/sbin/rsyslogd -n
(root,0,0,00:00:02/1-23:05:08,26103) [kworker/3:1]
(root,42912,828,00:00:00/151-05:30:27,26125) /usr/sbin/lvmetad -f
(root,182944,110388,01:18:09/151-05:29:59,26284) /usr/lib/systemd/systemd-journald
(root,43528,932,00:00:00/151-05:29:48,26391) /usr/lib/systemd/systemd-udevd
(root,52900,2240,00:00:09/151-05:29:47,26407) /usr/sbin/smartd -n -q never
(root,228996,8852,00:02:21/78-01:13:12,28951) queueprocd - waiting up to 60s to process a task
(nscd,1670368,2740,00:19:18/78-01:06:46,29094) /usr/sbin/nscd
(cpanelconnecttrack,9792,2932,08:01:26/78-01:06:03,29332) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,130156,2284,00:00:26/78-01:06:03,29372) cpanellogd - sleeping for logs
(root,223264,44924,00:26:14/78-01:04:38,30251) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,128508,508,00:00:00/168-15:57:46,30546) SCREEN
(root,114712,1448,00:00:00/168-15:57:46,30547) /bin/bash

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-02-02 13:55

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10c9f5c11a

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191460,4052,03:22:11/283-19:35:43,1) /usr/lib/systemd/systemd --system --deserialize 21
(root,0,0,00:00:05/283-19:35:43,2) [kthreadd]
(root,0,0,00:00:00/283-19:35:43,4) [kworker/0:0H]
(root,0,0,00:10:26/283-19:35:43,6) [ksoftirqd/0]
(root,0,0,00:00:02/283-19:35:43,7) [migration/0]
(root,0,0,00:00:00/283-19:35:43,8) [rcu_bh]
(root,0,0,03:16:41/283-19:35:43,9) [rcu_sched]
(root,0,0,00:00:00/283-19:35:43,10) [lru-add-drain]
(root,0,0,00:02:02/283-19:35:43,11) [watchdog/0]
(root,0,0,00:01:50/283-19:35:43,12) [watchdog/1]
(root,0,0,00:00:01/283-19:35:43,13) [migration/1]
(root,0,0,00:00:09/283-19:35:43,14) [ksoftirqd/1]
(root,0,0,00:00:00/283-19:35:43,16) [kworker/1:0H]
(root,0,0,00:01:50/283-19:35:43,17) [watchdog/2]
(root,0,0,00:00:01/283-19:35:43,18) [migration/2]
(root,0,0,00:00:08/283-19:35:43,19) [ksoftirqd/2]
(root,0,0,00:00:00/283-19:35:43,21) [kworker/2:0H]
(root,0,0,00:01:53/283-19:35:43,22) [watchdog/3]
(root,0,0,00:00:01/283-19:35:43,23) [migration/3]
(root,0,0,00:00:08/283-19:35:43,24) [ksoftirqd/3]
(root,0,0,00:00:00/283-19:35:43,26) [kworker/3:0H]
(root,0,0,00:01:44/283-19:35:43,27) [watchdog/4]
(root,0,0,00:00:47/283-19:35:43,28) [migration/4]
(root,0,0,00:00:11/283-19:35:43,29) [ksoftirqd/4]
(root,0,0,00:00:00/283-19:35:43,31) [kworker/4:0H]
(root,0,0,00:01:46/283-19:35:43,32) [watchdog/5]
(root,0,0,00:01:01/283-19:35:43,33) [migration/5]
(root,0,0,00:00:32/283-19:35:43,34) [ksoftirqd/5]
(root,0,0,00:00:00/283-19:35:43,36) [kworker/5:0H]
(root,0,0,00:01:44/283-19:35:43,37) [watchdog/6]
(root,0,0,00:00:48/283-19:35:43,38) [migration/6]
(root,0,0,00:00:20/283-19:35:43,39) [ksoftirqd/6]
(root,0,0,00:00:00/283-19:35:43,41) [kworker/6:0H]
(root,0,0,00:01:52/283-19:35:43,42) [watchdog/7]
(root,0,0,00:00:49/283-19:35:43,43) [migration/7]
(root,0,0,00:08:39/283-19:35:43,44) [ksoftirqd/7]
(root,0,0,00:00:00/283-19:35:43,46) [kworker/7:0H]
(root,0,0,00:00:00/283-19:35:43,48) [kdevtmpfs]
(root,0,0,00:00:00/283-19:35:43,49) [netns]
(root,0,0,00:00:19/283-19:35:43,50) [khungtaskd]
(root,0,0,00:00:00/283-19:35:43,51) [writeback]
(root,0,0,00:00:00/283-19:35:43,52) [kintegrityd]
(root,0,0,00:00:00/283-19:35:43,53) [bioset]
(root,0,0,00:00:00/283-19:35:43,54) [bioset]
(root,0,0,00:00:00/283-19:35:43,55) [bioset]
(root,0,0,00:00:00/283-19:35:43,56) [kblockd]
(root,0,0,00:00:00/283-19:35:43,57) [md]
(root,0,0,00:00:00/283-19:35:43,58) [edac-poller]
(root,0,0,00:00:00/283-19:35:43,59) [watchdogd]
(root,0,0,00:25:47/283-19:35:43,66) [kswapd0]
(root,0,0,00:00:00/283-19:35:43,67) [ksmd]
(root,0,0,00:01:03/283-19:35:43,68) [khugepaged]
(root,0,0,00:00:00/283-19:35:43,69) [crypto]
(root,0,0,00:00:00/283-19:35:43,77) [kthrotld]
(root,0,0,00:00:00/283-19:35:43,80) [kmpath_rdacd]
(root,0,0,00:00:00/283-19:35:43,81) [kaluad]
(root,0,0,00:00:00/283-19:35:43,82) [kpsmoused]
(root,0,0,00:00:00/283-19:35:43,84) [ipv6_addrconf]
(root,0,0,00:00:00/283-19:35:43,97) [deferwq]
(root,0,0,00:05:53/283-19:35:43,138) [kauditd]
(root,0,0,00:00:00/283-19:35:42,372) [ata_sff]
(root,0,0,00:00:00/283-19:35:42,404) [scsi_eh_0]
(root,0,0,00:00:00/283-19:35:42,405) [scsi_tmf_0]
(root,0,0,00:00:00/283-19:35:42,406) [scsi_eh_1]
(root,0,0,00:00:00/283-19:35:42,407) [scsi_tmf_1]
(root,0,0,00:00:00/283-19:35:42,408) [scsi_eh_2]
(root,0,0,00:00:00/283-19:35:42,409) [scsi_tmf_2]
(root,0,0,00:00:00/283-19:35:42,410) [scsi_eh_3]
(root,0,0,00:00:00/283-19:35:42,411) [scsi_tmf_3]
(root,0,0,00:00:00/283-19:35:42,412) [scsi_eh_4]
(root,0,0,00:00:00/283-19:35:42,413) [scsi_tmf_4]
(root,0,0,00:00:00/283-19:35:42,414) [scsi_eh_5]
(root,0,0,00:00:00/283-19:35:42,415) [scsi_tmf_5]
(root,0,0,00:00:00/283-19:35:40,488) [kdmflush]
(root,0,0,00:00:00/283-19:35:40,489) [bioset]
(root,0,0,00:00:09/283-19:35:40,506) [kworker/0:1H]
(root,0,0,00:39:25/283-19:35:40,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/283-19:35:40,514) [ext4-rsv-conver]
(root,0,0,00:00:01/283-19:35:37,628) [kworker/3:1H]
(root,0,0,00:00:00/283-19:35:37,674) [irq/125-mei_me]
(root,0,0,00:00:00/283-19:35:37,678) [kworker/6:1H]
(root,0,0,00:00:01/283-19:35:37,680) [kworker/5:1H]
(root,0,0,00:00:04/283-19:35:37,682) [kworker/1:1H]
(root,0,0,00:00:00/283-19:35:37,687) [kvm-irqfd-clean]
(root,0,0,00:00:02/283-19:35:36,704) [kworker/2:1H]
(root,0,0,00:02:01/283-19:35:35,713) [jbd2/sda3-8]
(root,0,0,00:00:00/283-19:35:35,714) [ext4-rsv-conver]
(root,0,0,00:00:00/283-19:35:35,716) [jbd2/sda2-8]
(root,0,0,00:00:00/283-19:35:35,717) [ext4-rsv-conver]
(root,0,0,00:04:39/283-19:35:35,722) [jbd2/sdb-8]
(root,0,0,00:00:00/283-19:35:35,723) [ext4-rsv-conver]
(root,0,0,00:00:01/283-19:35:34,742) [kworker/4:1H]
(root,55532,516,00:12:54/283-19:35:33,747) /sbin/auditd
(dbus,58236,1380,01:01:04/283-19:35:32,795) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,0,0,00:00:00/02:10:57,826) [kworker/0:1]
(root,0,0,00:15:40/283-19:35:31,1040) [kworker/7:1H]
(root,167288,4200,00:12:24/283-19:35:23,1704) dnsadmin - dormant mode
(root,213244,17832,02:21:01/283-19:35:23,1706) tailwatchd
(root,183604,6560,00:06:37/283-19:35:23,1707) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,234516,82908,00:00:01/02:02:37,2077) spamd child
(root,3108,40,00:00:35/105-00:00:26,6995) /usr/bin/RCdaemon
(root,233164,12172,00:00:28/3-06:36:48,7392) /usr/sbin/httpd -k start
(root,12736,1360,00:00:03/3-06:36:48,7393) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12744,1376,00:00:03/3-06:36:48,7394) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,227776,4260,00:00:00/3-06:36:48,7395) /usr/sbin/httpd -k start
(root,53088,11848,00:00:00/3-06:36:48,7396) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3093092,24672,00:00:23/3-06:36:48,7398) /usr/sbin/httpd -k start
(nobody,3158628,26244,00:00:23/3-06:36:48,7399) /usr/sbin/httpd -k start
(nobody,3093092,25472,00:00:24/3-06:36:48,7400) /usr/sbin/httpd -k start
(nobody,3355236,27068,00:00:23/3-06:36:48,7405) /usr/sbin/httpd -k start
(nobody,3224164,26288,00:00:22/3-06:36:48,7433) /usr/sbin/httpd -k start
(root,0,0,00:00:00/01:20:39,8500) [kworker/2:1]
(root,24208,616,00:00:00/186-13:42:36,9564) /usr/sbin/atd -f
(root,0,0,00:00:00/01:10:59,9840) [kworker/7:2]
(root,0,0,00:00:00/15:11:00,9899) [kworker/5:1]
(root,0,0,00:00:00/01:00:38,11468) [kworker/0:2]
(root,0,0,00:00:00/50:38,12901) [kworker/5:0]
(scliegyp,38868,4120,00:00:00/32:43,15568) dovecot/imap
(root,0,0,00:00:00/30:38,15878) [kworker/6:2]
(scliegyp,39584,3932,00:00:00/26:10,16430) dovecot/imap
(root,0,0,00:00:00/26:09,16432) [kworker/u16:2]
(root,0,0,00:00:00/25:39,16621) [kworker/3:1]
(root,0,0,00:00:00/16:49,17852) [kworker/7:1]
(root,0,0,00:00:00/15:38,18060) [kworker/4:1]
(mysql,4536220,916520,04:19:21/95-18:02:00,18332) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(scliegyp,29052,2588,00:00:00/12:48,18496) dovecot/quota-status -p postfix
(root,233324,81412,00:00:00/12:44,18504) spamd child
(root,0,0,00:00:00/07:10:59,18545) [kworker/6:0]
(root,0,0,00:00:00/07:10:59,18549) [kworker/4:2]
(root,0,0,00:00:00/10:39,18875) [kworker/1:0]
(root,0,0,00:00:00/06:47,19439) [kworker/u16:1]
(root,0,0,00:00:00/00:39,20282) [kworker/1:1]
(mailnull,87208,10784,00:00:00/00:32,20357) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(scliegyp,38024,3676,00:00:00/00:19,20363) dovecot/imap
(root,179312,29800,00:00:35/21:00:38,20430) lfd - sleeping
(root,113500,1620,00:00:00/00:00,20451) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,20469) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,20470) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(nobody,3027556,20820,00:00:02/10:23:12,20531) /usr/sbin/httpd -k start
(named,759180,8608,00:48:03/103-11:35:19,21481) /usr/sbin/named -u named -c /etc/named.conf
(root,290616,5464,00:00:14/3-14:00:07,22393) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,366000,18628,00:00:03/3-14:00:07,22417) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,382236,38056,00:03:23/3-14:00:04,22496) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,372020,28852,00:00:04/3-14:00:04,22500) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(chrony,97380,1508,00:00:27/103-11:33:51,22618) /usr/sbin/chronyd
(root,27380,876,00:01:09/103-11:33:46,22646) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,111300,3408,00:06:03/103-11:33:33,22813) /usr/sbin/sshd -D
(root,2337324,1436896,02:07:02/103-11:33:28,22836) /usr/local/cpanel/3rdparty/bin/clamd -F
(mailnull,86936,13012,00:06:41/103-11:32:38,23010) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51480,2324,00:33:57/103-11:32:35,23032) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1200,00:10:49/103-11:32:35,23038) dovecot/anvil
(polkitd,610668,3096,00:07:47/103-11:32:32,23061) /usr/lib/polkit-1/polkitd --no-debug
(root,0,0,00:00:00/03:10:39,23750) [kworker/1:2]
(root,108292,668,00:00:00/186-13:39:59,24969) /sbin/agetty --noclear tty1 linux
(root,124504,1388,00:03:45/186-13:39:24,25238) /usr/sbin/crond -n
(root,21540,996,00:50:20/186-13:39:17,25358) /usr/sbin/irqbalance --foreground
(root,228940,23872,00:05:12/18-20:58:28,25617) cpsrvd (SSL) - waiting for connections                   
(root,25288,2336,00:14:19/138-11:36:20,25923) /usr/lib/systemd/systemd-logind
(root,953744,13156,00:39:12/138-11:36:12,25996) /usr/sbin/rsyslogd -n
(root,42912,864,00:00:00/138-11:36:03,26125) /usr/sbin/lvmetad -f
(root,104976,50240,01:09:30/138-11:35:35,26284) /usr/lib/systemd/systemd-journald
(root,43528,968,00:00:00/138-11:35:24,26391) /usr/lib/systemd/systemd-udevd
(root,52900,2240,00:00:08/138-11:35:23,26407) /usr/sbin/smartd -n -q never
(dovenull,52208,10060,00:01:46/35-07:18:22,27074) dovecot/pop3-login
(dovenull,52180,10048,00:11:58/35-07:18:22,27075) dovecot/imap-login
(root,10524,1616,00:05:08/35-07:18:22,27076) dovecot/log
(dovenull,68192,25764,00:21:29/35-07:18:22,27077) dovecot/pop3-login
(dovenull,53912,10908,00:42:06/35-07:18:22,27078) dovecot/imap-login
(root,16080,3488,00:08:37/35-07:18:22,27079) dovecot/config
(dovecot,48140,3648,00:07:08/35-07:18:22,27080) dovecot/stats
(dovecot,72560,6052,00:21:52/35-07:18:22,27081) dovecot/auth
(dovecot,10756,1964,00:03:58/35-07:17:21,27301) dovecot/imap-hibernate
(root,0,0,00:00:00/02:40:38,28580) [kworker/2:0]
(root,228996,9576,00:01:59/65-07:18:48,28951) queueprocd - waiting up to 60s to process a task
(nscd,1602780,2676,00:16:00/65-07:12:22,29094) /usr/sbin/nscd
(cpanelconnecttrack,9792,2936,06:41:50/65-07:11:39,29332) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,130156,2328,00:00:21/65-07:11:39,29372) cpanellogd - sleeping for logs
(root,223264,45000,00:21:58/65-07:10:14,30251) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,128508,868,00:00:00/155-22:03:22,30546) SCREEN
(root,114712,1564,00:00:00/155-22:03:22,30547) /bin/bash
(root,0,0,00:00:01/1-11:59:38,31114) [kworker/3:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-01-20 20:00

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb1069a30c31

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191460,4036,03:17:42/275-00:40:11,1) /usr/lib/systemd/systemd --system --deserialize 21
(root,0,0,00:00:05/275-00:40:11,2) [kthreadd]
(root,0,0,00:00:00/275-00:40:11,4) [kworker/0:0H]
(root,0,0,00:10:01/275-00:40:11,6) [ksoftirqd/0]
(root,0,0,00:00:02/275-00:40:11,7) [migration/0]
(root,0,0,00:00:00/275-00:40:11,8) [rcu_bh]
(root,0,0,03:10:23/275-00:40:11,9) [rcu_sched]
(root,0,0,00:00:00/275-00:40:11,10) [lru-add-drain]
(root,0,0,00:01:58/275-00:40:11,11) [watchdog/0]
(root,0,0,00:01:46/275-00:40:11,12) [watchdog/1]
(root,0,0,00:00:01/275-00:40:11,13) [migration/1]
(root,0,0,00:00:08/275-00:40:11,14) [ksoftirqd/1]
(root,0,0,00:00:00/275-00:40:11,16) [kworker/1:0H]
(root,0,0,00:01:47/275-00:40:11,17) [watchdog/2]
(root,0,0,00:00:01/275-00:40:11,18) [migration/2]
(root,0,0,00:00:08/275-00:40:11,19) [ksoftirqd/2]
(root,0,0,00:00:00/275-00:40:11,21) [kworker/2:0H]
(root,0,0,00:01:49/275-00:40:11,22) [watchdog/3]
(root,0,0,00:00:01/275-00:40:11,23) [migration/3]
(root,0,0,00:00:08/275-00:40:11,24) [ksoftirqd/3]
(root,0,0,00:00:00/275-00:40:11,26) [kworker/3:0H]
(root,0,0,00:01:41/275-00:40:11,27) [watchdog/4]
(root,0,0,00:00:45/275-00:40:11,28) [migration/4]
(root,0,0,00:00:11/275-00:40:11,29) [ksoftirqd/4]
(root,0,0,00:00:00/275-00:40:11,31) [kworker/4:0H]
(root,0,0,00:01:43/275-00:40:11,32) [watchdog/5]
(root,0,0,00:00:58/275-00:40:11,33) [migration/5]
(root,0,0,00:00:31/275-00:40:11,34) [ksoftirqd/5]
(root,0,0,00:00:00/275-00:40:11,36) [kworker/5:0H]
(root,0,0,00:01:41/275-00:40:11,37) [watchdog/6]
(root,0,0,00:00:47/275-00:40:11,38) [migration/6]
(root,0,0,00:00:20/275-00:40:11,39) [ksoftirqd/6]
(root,0,0,00:00:00/275-00:40:11,41) [kworker/6:0H]
(root,0,0,00:01:49/275-00:40:11,42) [watchdog/7]
(root,0,0,00:00:47/275-00:40:11,43) [migration/7]
(root,0,0,00:08:22/275-00:40:11,44) [ksoftirqd/7]
(root,0,0,00:00:00/275-00:40:11,46) [kworker/7:0H]
(root,0,0,00:00:00/275-00:40:11,48) [kdevtmpfs]
(root,0,0,00:00:00/275-00:40:11,49) [netns]
(root,0,0,00:00:19/275-00:40:11,50) [khungtaskd]
(root,0,0,00:00:00/275-00:40:11,51) [writeback]
(root,0,0,00:00:00/275-00:40:11,52) [kintegrityd]
(root,0,0,00:00:00/275-00:40:11,53) [bioset]
(root,0,0,00:00:00/275-00:40:11,54) [bioset]
(root,0,0,00:00:00/275-00:40:11,55) [bioset]
(root,0,0,00:00:00/275-00:40:11,56) [kblockd]
(root,0,0,00:00:00/275-00:40:11,57) [md]
(root,0,0,00:00:00/275-00:40:11,58) [edac-poller]
(root,0,0,00:00:00/275-00:40:11,59) [watchdogd]
(root,0,0,00:25:28/275-00:40:11,66) [kswapd0]
(root,0,0,00:00:00/275-00:40:11,67) [ksmd]
(root,0,0,00:01:01/275-00:40:11,68) [khugepaged]
(root,0,0,00:00:00/275-00:40:11,69) [crypto]
(root,0,0,00:00:00/275-00:40:11,77) [kthrotld]
(root,0,0,00:00:00/275-00:40:11,80) [kmpath_rdacd]
(root,0,0,00:00:00/275-00:40:11,81) [kaluad]
(root,0,0,00:00:00/275-00:40:11,82) [kpsmoused]
(root,0,0,00:00:00/275-00:40:11,84) [ipv6_addrconf]
(root,0,0,00:00:00/275-00:40:11,97) [deferwq]
(root,0,0,00:05:30/275-00:40:11,138) [kauditd]
(root,0,0,00:00:00/275-00:40:10,372) [ata_sff]
(root,0,0,00:00:00/275-00:40:10,404) [scsi_eh_0]
(root,0,0,00:00:00/275-00:40:10,405) [scsi_tmf_0]
(root,0,0,00:00:00/275-00:40:10,406) [scsi_eh_1]
(root,0,0,00:00:00/275-00:40:10,407) [scsi_tmf_1]
(root,0,0,00:00:00/275-00:40:10,408) [scsi_eh_2]
(root,0,0,00:00:00/275-00:40:10,409) [scsi_tmf_2]
(root,0,0,00:00:00/275-00:40:10,410) [scsi_eh_3]
(root,0,0,00:00:00/275-00:40:10,411) [scsi_tmf_3]
(root,0,0,00:00:00/275-00:40:10,412) [scsi_eh_4]
(root,0,0,00:00:00/275-00:40:10,413) [scsi_tmf_4]
(root,0,0,00:00:00/275-00:40:10,414) [scsi_eh_5]
(root,0,0,00:00:00/275-00:40:10,415) [scsi_tmf_5]
(root,0,0,00:00:00/275-00:40:08,488) [kdmflush]
(root,0,0,00:00:00/275-00:40:08,489) [bioset]
(root,0,0,00:00:08/275-00:40:08,506) [kworker/0:1H]
(root,0,0,00:38:11/275-00:40:08,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/275-00:40:08,514) [ext4-rsv-conver]
(root,0,0,00:00:01/275-00:40:05,628) [kworker/3:1H]
(root,0,0,00:00:00/275-00:40:05,674) [irq/125-mei_me]
(root,0,0,00:00:00/275-00:40:05,678) [kworker/6:1H]
(root,0,0,00:00:01/275-00:40:05,680) [kworker/5:1H]
(root,0,0,00:00:04/275-00:40:05,682) [kworker/1:1H]
(root,0,0,00:00:00/275-00:40:05,687) [kvm-irqfd-clean]
(root,0,0,00:00:02/275-00:40:04,704) [kworker/2:1H]
(root,0,0,00:01:57/275-00:40:03,713) [jbd2/sda3-8]
(root,0,0,00:00:00/275-00:40:03,714) [ext4-rsv-conver]
(root,0,0,00:00:00/275-00:40:03,716) [jbd2/sda2-8]
(root,0,0,00:00:00/275-00:40:03,717) [ext4-rsv-conver]
(root,0,0,00:04:29/275-00:40:03,722) [jbd2/sdb-8]
(root,0,0,00:00:00/275-00:40:03,723) [ext4-rsv-conver]
(root,0,0,00:00:01/275-00:40:02,742) [kworker/4:1H]
(root,55532,516,00:12:05/275-00:40:01,747) /sbin/auditd
(dbus,58236,1380,00:59:11/275-00:40:00,795) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,0,0,00:15:09/275-00:39:59,1040) [kworker/7:1H]
(root,227408,18560,00:12:01/275-00:39:51,1704) dnsadmin - server mode
(root,213244,17836,02:15:08/275-00:39:51,1706) tailwatchd
(root,183604,6556,00:06:23/275-00:39:51,1707) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,0,0,00:00:01/17:45:07,3559) [kworker/1:2]
(nobody,3289784,28592,00:00:57/6-11:09:45,3858) /usr/sbin/httpd -k start
(root,0,0,00:00:00/01:30:03,4512) [kworker/3:1]
(root,241976,89828,00:00:14/11:46:42,5864) spamd child
(root,0,0,00:00:00/01:15:07,6592) [kworker/0:0]
(root,3108,40,00:00:32/96-05:04:54,6995) /usr/bin/RCdaemon
(root,185136,2420,00:00:00/01:05:07,7951) /usr/sbin/CROND -n
(root,113280,1204,00:00:00/01:05:07,7958) /bin/sh -c sleep $((1 + RANDOM % 5))h $((1 + RANDOM % 60))m; /usr/local/bin/wp-toolkit update-configuration > /dev/null 2> /dev/null || /usr/local/cpanel/3rdparty/wp-toolkit/bin/wp-toolkit-installer.sh --generate-configs > /dev/null 2> /dev/null; /usr/bin/yum -y update wp-toolkit-cpanel > /dev/null 2> /dev/null
(root,108052,360,00:00:00/01:05:07,7964) sleep 4h 30m
(root,24208,616,00:00:00/177-18:47:04,9564) /usr/sbin/atd -f
(root,0,0,00:00:00/52:07,9924) [kworker/6:0]
(root,0,0,00:00:01/46:13,10689) [kworker/u16:1]
(root,0,0,00:00:00/45:06,10909) [kworker/1:0]
(root,0,0,00:00:01/23:45:06,11119) [kworker/2:1]
(root,0,0,00:00:01/20:15:40,11858) [kworker/5:0]
(root,0,0,00:00:06/23:39:46,11934) [kworker/0:1]
(root,290616,1956,00:02:54/43-19:53:42,14923) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,366000,18632,00:01:00/43-19:53:42,14947) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,382232,37752,00:41:19/43-19:53:40,15043) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,372020,28564,00:00:58/43-19:53:40,15053) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,0,0,00:00:00/15:38,15162) [kworker/3:2]
(root,0,0,00:00:00/15:37,15190) [kworker/7:0]
(root,0,0,00:00:00/15:07,15350) [kworker/2:0]
(root,223264,42560,00:00:00/07:21:55,15364) spamd child
(root,0,0,00:00:00/12:36,15696) [kworker/u16:0]
(nobody,2765496,19380,00:00:01/03:40:39,16275) /usr/sbin/httpd -k start
(scliegyp,31584,3440,00:00:00/06:17,16599) dovecot/pop3
(root,0,0,00:00:00/05:06,16854) [kworker/5:2]
(root,0,0,00:00:00/05:01,16966) [kworker/u16:2]
(root,0,0,00:00:00/04:07,17099) [kworker/0:2]
(root,181404,18696,00:00:00/03:16,17157) cpbackup_transporter - Waiting up to 180s for new tasks
(mailnull,87212,10784,00:00:00/00:44,17564) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,70788,4200,00:00:00/00:13,17567) dovecot/auth -w
(root,0,0,00:00:00/00:11,17642) [cpsrvd (SSL) - ] <defunct>
(scliegyp,38268,3796,00:00:00/00:05,17743) dovecot/imap
(scliegyp,38172,3720,00:00:00/00:03,17745) dovecot/imap
(root,113500,1620,00:00:00/00:00,17865) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,17883) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,944,00:00:00/00:00,17884) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(mysql,4536220,862764,03:54:31/86-23:06:28,18332) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(nobody,3027640,23788,00:00:17/2-01:32:06,19011) /usr/sbin/httpd -k start
(root,0,0,00:00:00/10:15:07,21282) [kworker/6:2]
(named,759180,8260,00:44:31/94-16:39:47,21481) /usr/sbin/named -u named -c /etc/named.conf
(chrony,97380,1508,00:00:25/94-16:38:19,22618) /usr/sbin/chronyd
(root,27380,876,00:01:03/94-16:38:14,22646) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,111300,3408,00:05:20/94-16:38:01,22813) /usr/sbin/sshd -D
(root,2333836,1447640,01:56:09/94-16:37:56,22836) /usr/local/cpanel/3rdparty/bin/clamd -F
(nobody,3158712,29260,00:00:56/6-15:13:20,22910) /usr/sbin/httpd -k start
(mailnull,86940,13020,00:06:19/94-16:37:06,23010) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51480,2324,00:30:50/94-16:37:03,23032) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1200,00:09:51/94-16:37:03,23038) dovecot/anvil
(polkitd,610668,3104,00:07:07/94-16:37:00,23061) /usr/lib/polkit-1/polkitd --no-debug
(root,108292,668,00:00:00/177-18:44:27,24969) /sbin/agetty --noclear tty1 linux
(root,124504,1388,00:03:35/177-18:43:52,25238) /usr/sbin/crond -n
(root,21540,996,00:47:58/177-18:43:45,25358) /usr/sbin/irqbalance --foreground
(root,228572,25000,00:02:59/10-02:02:56,25617) cpsrvd (SSL) - waiting for connections                   
(root,25288,2336,00:13:24/129-16:40:48,25923) /usr/lib/systemd/systemd-logind
(root,920976,13620,00:36:06/129-16:40:40,25996) /usr/sbin/rsyslogd -n
(root,42912,864,00:00:00/129-16:40:31,26125) /usr/sbin/lvmetad -f
(root,178524,112528,01:03:39/129-16:40:03,26284) /usr/lib/systemd/systemd-journald
(root,43528,968,00:00:00/129-16:39:52,26391) /usr/lib/systemd/systemd-udevd
(root,52900,2240,00:00:08/129-16:39:51,26407) /usr/sbin/smartd -n -q never
(root,12732,1348,00:00:25/26-12:22:50,27017) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12740,1360,00:00:24/26-12:22:50,27018) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,233292,4020,00:00:00/26-12:22:50,27019) /usr/sbin/httpd -k start
(root,53088,11772,00:00:00/26-12:22:50,27020) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(dovenull,51112,8864,00:01:16/26-12:22:50,27074) dovecot/pop3-login
(dovenull,52108,9652,00:08:40/26-12:22:50,27075) dovecot/imap-login
(root,10524,1616,00:03:50/26-12:22:50,27076) dovecot/log
(dovenull,68192,25736,00:15:55/26-12:22:50,27077) dovecot/pop3-login
(dovenull,53912,11036,00:32:06/26-12:22:50,27078) dovecot/imap-login
(root,15944,3488,00:06:25/26-12:22:50,27079) dovecot/config
(dovecot,48140,3648,00:05:20/26-12:22:50,27080) dovecot/stats
(dovecot,72560,6096,00:16:40/26-12:22:50,27081) dovecot/auth
(dovecot,10756,1964,00:02:58/26-12:21:49,27301) dovecot/imap-hibernate
(root,233292,14992,00:08:00/56-12:17:30,28366) /usr/sbin/httpd -k start
(root,228996,9580,00:01:43/56-12:23:16,28951) queueprocd - waiting up to 60s to process a task
(nscd,1602780,2688,00:13:47/56-12:16:50,29094) /usr/sbin/nscd
(cpanelconnecttrack,9792,2936,05:47:48/56-12:16:07,29332) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,130156,2328,00:00:18/56-12:16:07,29372) cpanellogd - sleeping for logs
(root,0,0,00:00:00/02:15:37,29762) [kworker/7:2]
(root,0,0,00:00:00/02:15:07,29912) [kworker/4:0]
(root,223264,44784,00:19:01/56-12:14:42,30251) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,128508,868,00:00:00/147-03:07:50,30546) SCREEN
(root,114712,1564,00:00:00/147-03:07:50,30547) /bin/bash
(root,178508,29004,00:00:03/02:05:07,31487) lfd - sleeping
(root,0,0,00:00:00/15:15:39,31930) [kworker/4:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-01-12 01:05

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb107471a5ea

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191460,4076,03:15:41/271-01:53:45,1) /usr/lib/systemd/systemd --system --deserialize 21
(root,0,0,00:00:04/271-01:53:45,2) [kthreadd]
(root,0,0,00:00:00/271-01:53:45,4) [kworker/0:0H]
(root,0,0,00:09:48/271-01:53:45,6) [ksoftirqd/0]
(root,0,0,00:00:02/271-01:53:45,7) [migration/0]
(root,0,0,00:00:00/271-01:53:45,8) [rcu_bh]
(root,0,0,03:07:18/271-01:53:45,9) [rcu_sched]
(root,0,0,00:00:00/271-01:53:45,10) [lru-add-drain]
(root,0,0,00:01:56/271-01:53:45,11) [watchdog/0]
(root,0,0,00:01:45/271-01:53:45,12) [watchdog/1]
(root,0,0,00:00:01/271-01:53:45,13) [migration/1]
(root,0,0,00:00:08/271-01:53:45,14) [ksoftirqd/1]
(root,0,0,00:00:00/271-01:53:45,16) [kworker/1:0H]
(root,0,0,00:01:45/271-01:53:45,17) [watchdog/2]
(root,0,0,00:00:01/271-01:53:45,18) [migration/2]
(root,0,0,00:00:08/271-01:53:45,19) [ksoftirqd/2]
(root,0,0,00:00:00/271-01:53:45,21) [kworker/2:0H]
(root,0,0,00:01:48/271-01:53:45,22) [watchdog/3]
(root,0,0,00:00:01/271-01:53:45,23) [migration/3]
(root,0,0,00:00:07/271-01:53:45,24) [ksoftirqd/3]
(root,0,0,00:00:00/271-01:53:45,26) [kworker/3:0H]
(root,0,0,00:01:39/271-01:53:45,27) [watchdog/4]
(root,0,0,00:00:45/271-01:53:45,28) [migration/4]
(root,0,0,00:00:10/271-01:53:45,29) [ksoftirqd/4]
(root,0,0,00:00:00/271-01:53:45,31) [kworker/4:0H]
(root,0,0,00:01:41/271-01:53:45,32) [watchdog/5]
(root,0,0,00:00:57/271-01:53:45,33) [migration/5]
(root,0,0,00:00:31/271-01:53:45,34) [ksoftirqd/5]
(root,0,0,00:00:00/271-01:53:45,36) [kworker/5:0H]
(root,0,0,00:01:40/271-01:53:45,37) [watchdog/6]
(root,0,0,00:00:46/271-01:53:45,38) [migration/6]
(root,0,0,00:00:19/271-01:53:45,39) [ksoftirqd/6]
(root,0,0,00:00:00/271-01:53:45,41) [kworker/6:0H]
(root,0,0,00:01:47/271-01:53:45,42) [watchdog/7]
(root,0,0,00:00:46/271-01:53:45,43) [migration/7]
(root,0,0,00:08:14/271-01:53:45,44) [ksoftirqd/7]
(root,0,0,00:00:00/271-01:53:45,46) [kworker/7:0H]
(root,0,0,00:00:00/271-01:53:45,48) [kdevtmpfs]
(root,0,0,00:00:00/271-01:53:45,49) [netns]
(root,0,0,00:00:18/271-01:53:45,50) [khungtaskd]
(root,0,0,00:00:00/271-01:53:45,51) [writeback]
(root,0,0,00:00:00/271-01:53:45,52) [kintegrityd]
(root,0,0,00:00:00/271-01:53:45,53) [bioset]
(root,0,0,00:00:00/271-01:53:45,54) [bioset]
(root,0,0,00:00:00/271-01:53:45,55) [bioset]
(root,0,0,00:00:00/271-01:53:45,56) [kblockd]
(root,0,0,00:00:00/271-01:53:45,57) [md]
(root,0,0,00:00:00/271-01:53:45,58) [edac-poller]
(root,0,0,00:00:00/271-01:53:45,59) [watchdogd]
(root,0,0,00:25:07/271-01:53:45,66) [kswapd0]
(root,0,0,00:00:00/271-01:53:45,67) [ksmd]
(root,0,0,00:01:00/271-01:53:45,68) [khugepaged]
(root,0,0,00:00:00/271-01:53:45,69) [crypto]
(root,0,0,00:00:00/271-01:53:45,77) [kthrotld]
(root,0,0,00:00:00/271-01:53:45,80) [kmpath_rdacd]
(root,0,0,00:00:00/271-01:53:45,81) [kaluad]
(root,0,0,00:00:00/271-01:53:45,82) [kpsmoused]
(root,0,0,00:00:00/271-01:53:45,84) [ipv6_addrconf]
(root,0,0,00:00:00/271-01:53:45,97) [deferwq]
(root,0,0,00:05:23/271-01:53:45,138) [kauditd]
(root,0,0,00:00:00/271-01:53:44,372) [ata_sff]
(root,0,0,00:00:00/271-01:53:44,404) [scsi_eh_0]
(root,0,0,00:00:00/271-01:53:44,405) [scsi_tmf_0]
(root,0,0,00:00:00/271-01:53:44,406) [scsi_eh_1]
(root,0,0,00:00:00/271-01:53:44,407) [scsi_tmf_1]
(root,0,0,00:00:00/271-01:53:44,408) [scsi_eh_2]
(root,0,0,00:00:00/271-01:53:44,409) [scsi_tmf_2]
(root,0,0,00:00:00/271-01:53:44,410) [scsi_eh_3]
(root,0,0,00:00:00/271-01:53:44,411) [scsi_tmf_3]
(root,0,0,00:00:00/271-01:53:44,412) [scsi_eh_4]
(root,0,0,00:00:00/271-01:53:44,413) [scsi_tmf_4]
(root,0,0,00:00:00/271-01:53:44,414) [scsi_eh_5]
(root,0,0,00:00:00/271-01:53:44,415) [scsi_tmf_5]
(root,0,0,00:00:00/271-01:53:42,488) [kdmflush]
(root,0,0,00:00:00/271-01:53:42,489) [bioset]
(root,0,0,00:00:08/271-01:53:42,506) [kworker/0:1H]
(root,0,0,00:37:37/271-01:53:42,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/271-01:53:42,514) [ext4-rsv-conver]
(root,0,0,00:00:01/271-01:53:39,628) [kworker/3:1H]
(root,0,0,00:00:00/271-01:53:39,674) [irq/125-mei_me]
(root,0,0,00:00:00/271-01:53:39,678) [kworker/6:1H]
(root,0,0,00:00:01/271-01:53:39,680) [kworker/5:1H]
(root,0,0,00:00:04/271-01:53:39,682) [kworker/1:1H]
(root,0,0,00:00:00/271-01:53:39,687) [kvm-irqfd-clean]
(root,0,0,00:00:02/271-01:53:38,704) [kworker/2:1H]
(root,0,0,00:01:55/271-01:53:37,713) [jbd2/sda3-8]
(root,0,0,00:00:00/271-01:53:37,714) [ext4-rsv-conver]
(root,0,0,00:00:00/271-01:53:37,716) [jbd2/sda2-8]
(root,0,0,00:00:00/271-01:53:37,717) [ext4-rsv-conver]
(root,0,0,00:04:26/271-01:53:37,722) [jbd2/sdb-8]
(root,0,0,00:00:00/271-01:53:37,723) [ext4-rsv-conver]
(root,0,0,00:00:01/271-01:53:36,742) [kworker/4:1H]
(root,55532,516,00:11:49/271-01:53:35,747) /sbin/auditd
(dbus,58236,1380,00:58:19/271-01:53:34,795) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,0,0,00:14:55/271-01:53:33,1040) [kworker/7:1H]
(root,167288,4200,00:11:51/271-01:53:25,1704) dnsadmin - dormant mode
(root,213244,17988,02:12:22/271-01:53:25,1706) tailwatchd
(root,183604,6560,00:06:14/271-01:53:25,1707) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(nobody,3027640,25488,00:00:25/3-07:35:23,1803) /usr/sbin/httpd -k start
(root,0,0,00:00:00/29:18,2576) [kworker/5:2]
(root,0,0,00:00:00/14:28:41,2582) [kworker/3:1]
(root,0,0,00:00:00/29:18,2602) [kworker/7:2]
(root,0,0,00:00:00/28:41,2671) [kworker/1:2]
(root,240996,88640,00:00:08/11:03:47,2779) spamd child
(root,0,0,00:00:13/2-01:53:20,3167) [kworker/0:0]
(nobody,3224248,23972,00:00:18/2-12:23:19,3858) /usr/sbin/httpd -k start
(root,123572,736,00:00:00/17:41,4430) /usr/sbin/anacron -s
(root,0,0,00:00:00/11:29,5408) [kworker/u16:1]
(root,0,0,00:00:00/08:40,5789) [kworker/6:1]
(root,0,0,00:00:00/06:58,6053) [kworker/7:0]
(root,113280,1480,00:00:00/06:41,6074) /bin/bash /bin/run-parts /etc/cron.daily
(root,132960,4548,00:00:00/06:41,6080) ConfigServer Version Check
(root,108052,360,00:00:00/06:41,6087) sleep 11168
(root,113280,1488,00:00:00/06:23,6303) bash /etc/cron.daily/maldet
(root,113640,980,00:00:00/06:23,6304) awk -v progname=/etc/cron.daily/maldet progname { ....   print progname ":\n" ....   progname=""; ...       } ...       { print; }
(root,108052,360,00:00:00/06:23,6380) sleep 502
(root,70788,4208,00:00:00/04:37,6587) dovecot/auth -w
(root,3108,40,00:00:31/92-06:18:28,6995) /usr/bin/RCdaemon
(scliegyp,32532,4408,00:00:00/00:56,7207) dovecot/pop3
(scliegyp,40304,5964,00:00:00/00:08,7319) dovecot/imap
(root,0,0,00:00:00/00:03,7324) [cpsrvd (SSL) - ] <defunct>
(root,113500,1620,00:00:00/00:00,7458) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,7476) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,944,00:00:00/00:00,7477) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,178616,29024,00:00:05/03:18:40,8803) lfd - sleeping
(root,0,0,00:00:01/1-07:29:20,9231) [kworker/6:0]
(root,24208,616,00:00:00/173-20:00:38,9564) /usr/sbin/atd -f
(root,290616,5112,00:02:38/39-21:07:16,14923) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,366000,18632,00:00:55/39-21:07:16,14947) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,382232,37788,00:37:36/39-21:07:14,15043) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,372020,28892,00:00:52/39-21:07:14,15053) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(nobody,3289784,27864,00:00:49/6-04:14:08,16260) /usr/sbin/httpd -k start
(root,238588,87400,00:00:01/19:49:09,17559) spamd child
(root,185136,2424,00:00:00/02:18:40,18265) /usr/sbin/CROND -n
(root,113280,1204,00:00:00/02:18:40,18274) /bin/sh -c sleep $((1 + RANDOM % 5))h $((1 + RANDOM % 60))m; /usr/local/bin/wp-toolkit update-configuration > /dev/null 2> /dev/null || /usr/local/cpanel/3rdparty/wp-toolkit/bin/wp-toolkit-installer.sh --generate-configs > /dev/null 2> /dev/null; /usr/bin/yum -y update wp-toolkit-cpanel > /dev/null 2> /dev/null
(root,108052,356,00:00:00/02:18:40,18279) sleep 3h 60m
(mysql,4536220,842536,03:42:17/83-00:20:02,18332) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(named,759180,8428,00:42:50/90-17:53:21,21481) /usr/sbin/named -u named -c /etc/named.conf
(chrony,97380,1512,00:00:24/90-17:51:53,22618) /usr/sbin/chronyd
(root,27380,876,00:01:01/90-17:51:48,22646) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,111300,3408,00:05:06/90-17:51:35,22813) /usr/sbin/sshd -D
(root,2267516,1379804,01:51:53/90-17:51:30,22836) /usr/local/cpanel/3rdparty/bin/clamd -F
(nobody,3158712,26076,00:00:21/2-16:26:54,22910) /usr/sbin/httpd -k start
(mailnull,86940,13020,00:06:07/90-17:50:40,23010) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51480,2324,00:29:25/90-17:50:37,23032) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1200,00:09:24/90-17:50:37,23038) dovecot/anvil
(polkitd,610668,3104,00:06:48/90-17:50:34,23061) /usr/lib/polkit-1/polkitd --no-debug
(root,0,0,00:00:00/01:38:40,24131) [kworker/0:1]
(root,0,0,00:00:00/01:35:41,24586) [kworker/2:0]
(root,108292,668,00:00:00/173-19:58:01,24969) /sbin/agetty --noclear tty1 linux
(root,124504,1384,00:03:30/173-19:57:26,25238) /usr/sbin/crond -n
(root,21540,996,00:46:54/173-19:57:19,25358) /usr/sbin/irqbalance --foreground
(root,228572,25088,00:01:51/6-03:16:30,25617) cpsrvd (SSL) - waiting for connections                   
(root,25288,2336,00:12:59/125-17:54:22,25923) /usr/lib/systemd/systemd-logind
(root,904592,17276,00:34:52/125-17:54:14,25996) /usr/sbin/rsyslogd -n
(root,42912,864,00:00:00/125-17:54:05,26125) /usr/sbin/lvmetad -f
(root,88592,43604,01:01:21/125-17:53:37,26284) /usr/lib/systemd/systemd-journald
(root,43528,968,00:00:00/125-17:53:26,26391) /usr/lib/systemd/systemd-udevd
(root,52900,2240,00:00:08/125-17:53:25,26407) /usr/sbin/smartd -n -q never
(root,12732,1348,00:00:20/22-13:36:24,27017) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12740,1360,00:00:19/22-13:36:24,27018) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,233292,4020,00:00:00/22-13:36:24,27019) /usr/sbin/httpd -k start
(root,53088,11772,00:00:00/22-13:36:24,27020) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,0,0,00:00:00/01:18:41,27040) [kworker/4:0]
(dovenull,50536,8256,00:01:02/22-13:36:24,27074) dovecot/pop3-login
(dovenull,52108,9428,00:07:19/22-13:36:24,27075) dovecot/imap-login
(root,10524,1616,00:03:14/22-13:36:24,27076) dovecot/log
(dovenull,67932,25744,00:13:15/22-13:36:24,27077) dovecot/pop3-login
(dovenull,53912,11060,00:27:41/22-13:36:24,27078) dovecot/imap-login
(root,15944,3488,00:05:25/22-13:36:24,27079) dovecot/config
(dovecot,48140,3648,00:04:30/22-13:36:24,27080) dovecot/stats
(dovecot,72560,6096,00:14:18/22-13:36:24,27081) dovecot/auth
(dovecot,10756,1964,00:02:31/22-13:35:23,27301) dovecot/imap-hibernate
(root,0,0,00:00:00/18:43:37,27387) [kworker/2:1]
(root,233292,14992,00:07:26/52-13:31:04,28366) /usr/sbin/httpd -k start
(root,0,0,00:00:00/01:08:40,28711) [kworker/3:0]
(root,228996,9600,00:01:36/52-13:36:50,28951) queueprocd - waiting up to 60s to process a task
(nscd,1467604,2556,00:12:50/52-13:30:24,29094) /usr/sbin/nscd
(cpanelconnecttrack,9792,2936,05:22:35/52-13:29:41,29332) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,130156,2332,00:00:17/52-13:29:41,29372) cpanellogd - sleeping for logs
(root,0,0,00:00:02/2-02:29:19,29981) [kworker/1:1]
(root,223264,45140,00:17:42/52-13:28:16,30251) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,0,0,00:00:00/04:29:17,30535) [kworker/5:0]
(root,128508,868,00:00:00/143-04:21:24,30546) SCREEN
(root,114712,1564,00:00:00/143-04:21:24,30547) /bin/bash
(root,28844,2324,00:00:00/48:59,31841) dovecot/quota-status -p postfix
(root,0,0,00:00:00/48:41,31920) [kworker/4:1]
(nobody,3224248,25208,00:00:25/3-07:48:12,32313) /usr/sbin/httpd -k start
(root,0,0,00:00:00/44:09,32674) [kworker/u16:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-01-08 02:18

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10a0dad159

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191460,4120,03:04:39/249-18:30:45,1) /usr/lib/systemd/systemd --system --deserialize 21
(root,0,0,00:00:04/249-18:30:45,2) [kthreadd]
(root,0,0,00:00:00/249-18:30:45,4) [kworker/0:0H]
(root,0,0,00:08:51/249-18:30:45,6) [ksoftirqd/0]
(root,0,0,00:00:01/249-18:30:45,7) [migration/0]
(root,0,0,00:00:00/249-18:30:45,8) [rcu_bh]
(root,0,0,02:51:36/249-18:30:45,9) [rcu_sched]
(root,0,0,00:00:00/249-18:30:45,10) [lru-add-drain]
(root,0,0,00:01:47/249-18:30:45,11) [watchdog/0]
(root,0,0,00:01:36/249-18:30:45,12) [watchdog/1]
(root,0,0,00:00:01/249-18:30:45,13) [migration/1]
(root,0,0,00:00:08/249-18:30:45,14) [ksoftirqd/1]
(root,0,0,00:00:00/249-18:30:45,16) [kworker/1:0H]
(root,0,0,00:01:37/249-18:30:45,17) [watchdog/2]
(root,0,0,00:00:01/249-18:30:45,18) [migration/2]
(root,0,0,00:00:07/249-18:30:45,19) [ksoftirqd/2]
(root,0,0,00:00:00/249-18:30:45,21) [kworker/2:0H]
(root,0,0,00:01:40/249-18:30:45,22) [watchdog/3]
(root,0,0,00:00:01/249-18:30:45,23) [migration/3]
(root,0,0,00:00:07/249-18:30:45,24) [ksoftirqd/3]
(root,0,0,00:00:00/249-18:30:45,26) [kworker/3:0H]
(root,0,0,00:01:31/249-18:30:45,27) [watchdog/4]
(root,0,0,00:00:41/249-18:30:45,28) [migration/4]
(root,0,0,00:00:09/249-18:30:45,29) [ksoftirqd/4]
(root,0,0,00:00:00/249-18:30:45,31) [kworker/4:0H]
(root,0,0,00:01:32/249-18:30:45,32) [watchdog/5]
(root,0,0,00:00:52/249-18:30:45,33) [migration/5]
(root,0,0,00:00:29/249-18:30:45,34) [ksoftirqd/5]
(root,0,0,00:00:00/249-18:30:45,36) [kworker/5:0H]
(root,0,0,00:01:32/249-18:30:45,37) [watchdog/6]
(root,0,0,00:00:42/249-18:30:45,38) [migration/6]
(root,0,0,00:00:18/249-18:30:45,39) [ksoftirqd/6]
(root,0,0,00:00:00/249-18:30:45,41) [kworker/6:0H]
(root,0,0,00:01:39/249-18:30:45,42) [watchdog/7]
(root,0,0,00:00:42/249-18:30:45,43) [migration/7]
(root,0,0,00:07:32/249-18:30:45,44) [ksoftirqd/7]
(root,0,0,00:00:00/249-18:30:45,46) [kworker/7:0H]
(root,0,0,00:00:00/249-18:30:45,48) [kdevtmpfs]
(root,0,0,00:00:00/249-18:30:45,49) [netns]
(root,0,0,00:00:17/249-18:30:45,50) [khungtaskd]
(root,0,0,00:00:00/249-18:30:45,51) [writeback]
(root,0,0,00:00:00/249-18:30:45,52) [kintegrityd]
(root,0,0,00:00:00/249-18:30:45,53) [bioset]
(root,0,0,00:00:00/249-18:30:45,54) [bioset]
(root,0,0,00:00:00/249-18:30:45,55) [bioset]
(root,0,0,00:00:00/249-18:30:45,56) [kblockd]
(root,0,0,00:00:00/249-18:30:45,57) [md]
(root,0,0,00:00:00/249-18:30:45,58) [edac-poller]
(root,0,0,00:00:00/249-18:30:45,59) [watchdogd]
(root,0,0,00:24:18/249-18:30:45,66) [kswapd0]
(root,0,0,00:00:00/249-18:30:45,67) [ksmd]
(root,0,0,00:00:55/249-18:30:45,68) [khugepaged]
(root,0,0,00:00:00/249-18:30:45,69) [crypto]
(root,0,0,00:00:00/249-18:30:45,77) [kthrotld]
(root,0,0,00:00:00/249-18:30:45,80) [kmpath_rdacd]
(root,0,0,00:00:00/249-18:30:45,81) [kaluad]
(root,0,0,00:00:00/249-18:30:45,82) [kpsmoused]
(root,0,0,00:00:00/249-18:30:45,84) [ipv6_addrconf]
(root,0,0,00:00:00/249-18:30:45,97) [deferwq]
(root,0,0,00:04:29/249-18:30:45,138) [kauditd]
(root,0,0,00:00:00/249-18:30:44,372) [ata_sff]
(root,0,0,00:00:00/249-18:30:44,404) [scsi_eh_0]
(root,0,0,00:00:00/249-18:30:44,405) [scsi_tmf_0]
(root,0,0,00:00:00/249-18:30:44,406) [scsi_eh_1]
(root,0,0,00:00:00/249-18:30:44,407) [scsi_tmf_1]
(root,0,0,00:00:00/249-18:30:44,408) [scsi_eh_2]
(root,0,0,00:00:00/249-18:30:44,409) [scsi_tmf_2]
(root,0,0,00:00:00/249-18:30:44,410) [scsi_eh_3]
(root,0,0,00:00:00/249-18:30:44,411) [scsi_tmf_3]
(root,0,0,00:00:00/249-18:30:44,412) [scsi_eh_4]
(root,0,0,00:00:00/249-18:30:44,413) [scsi_tmf_4]
(root,0,0,00:00:00/249-18:30:44,414) [scsi_eh_5]
(root,0,0,00:00:00/249-18:30:44,415) [scsi_tmf_5]
(root,0,0,00:00:00/249-18:30:42,488) [kdmflush]
(root,0,0,00:00:00/249-18:30:42,489) [bioset]
(root,0,0,00:00:08/249-18:30:42,506) [kworker/0:1H]
(root,0,0,00:34:30/249-18:30:42,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/249-18:30:42,514) [ext4-rsv-conver]
(root,0,0,00:00:01/249-18:30:39,628) [kworker/3:1H]
(root,0,0,00:00:00/249-18:30:39,674) [irq/125-mei_me]
(root,0,0,00:00:00/249-18:30:39,678) [kworker/6:1H]
(root,0,0,00:00:01/249-18:30:39,680) [kworker/5:1H]
(root,0,0,00:00:03/249-18:30:39,682) [kworker/1:1H]
(root,0,0,00:00:00/249-18:30:39,687) [kvm-irqfd-clean]
(root,0,0,00:00:01/249-18:30:38,704) [kworker/2:1H]
(root,0,0,00:01:45/249-18:30:37,713) [jbd2/sda3-8]
(root,0,0,00:00:00/249-18:30:37,714) [ext4-rsv-conver]
(root,0,0,00:00:00/249-18:30:37,716) [jbd2/sda2-8]
(root,0,0,00:00:00/249-18:30:37,717) [ext4-rsv-conver]
(root,0,0,00:04:04/249-18:30:37,722) [jbd2/sdb-8]
(root,0,0,00:00:00/249-18:30:37,723) [ext4-rsv-conver]
(root,0,0,00:00:01/249-18:30:36,742) [kworker/4:1H]
(root,55532,516,00:09:53/249-18:30:35,747) /sbin/auditd
(dbus,58236,1380,00:53:39/249-18:30:34,795) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,0,0,00:13:37/249-18:30:33,1040) [kworker/7:1H]
(root,167288,4196,00:10:55/249-18:30:25,1704) dnsadmin - dormant mode
(root,213324,24052,01:56:21/249-18:30:25,1706) tailwatchd
(root,183604,6556,00:05:34/249-18:30:25,1707) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,0,0,00:00:02/08:35:41,1733) [kworker/0:0]
(root,0,0,00:00:00/01:40:41,2569) [kworker/5:1]
(root,231996,106364,00:00:02/01:26:53,4559) spamd child
(root,0,0,00:00:00/15:05:49,5749) [kworker/4:1]
(root,3108,40,00:00:23/70-22:55:28,6995) /usr/bin/RCdaemon
(root,0,0,00:00:00/11:25:40,7241) [kworker/3:0]
(root,0,0,00:00:00/01:05:47,7782) [kworker/7:2]
(root,0,0,00:00:00/01:05:46,7802) [kworker/0:2]
(root,24208,616,00:00:00/152-12:37:38,9564) /usr/sbin/atd -f
(root,0,0,00:00:00/45:41,10949) [kworker/4:2]
(root,0,0,00:00:00/35:40,12506) [kworker/2:2]
(root,0,0,00:00:00/29:18,13386) [kworker/u16:1]
(root,0,0,00:00:00/20:40,14783) [kworker/1:0]
(root,290616,5092,00:01:14/18-13:44:16,14923) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,366000,18932,00:00:25/18-13:44:16,14947) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,382232,37788,00:17:31/18-13:44:14,15043) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,372020,28892,00:00:24/18-13:44:14,15053) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,230400,104600,00:00:00/10:29:53,15757) spamd child
(root,0,0,00:00:00/12:41,15883) [kworker/3:2]
(root,0,0,00:00:00/10:31,16288) [kworker/7:0]
(scliegyp,38400,4156,00:00:00/05:46,16897) dovecot/imap
(scliegyp,38404,3764,00:00:00/05:46,16898) dovecot/imap
(root,0,0,00:00:00/05:40,16990) [kworker/6:1]
(root,0,0,00:00:00/04:07,17251) [kworker/7:1]
(root,70788,4184,00:00:00/00:54,17654) dovecot/auth -w
(root,60732,4444,00:00:00/00:30,17809) dovecot/lmtp
(root,0,0,00:00:00/00:29,17832) [whostmgrd - ser] <defunct>
(scliegyp,38940,4616,00:00:00/00:14,17874) dovecot/imap
(scliegyp,38112,3832,00:00:00/00:04,17877) dovecot/imap
(root,113500,1624,00:00:00/00:00,18016) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,18034) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,18035) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(mysql,2759620,473608,02:38:13/61-16:57:02,18332) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,0,0,00:00:01/1-14:05:50,20220) [kworker/6:2]
(named,759180,9184,00:34:15/69-10:30:21,21481) /usr/sbin/named -u named -c /etc/named.conf
(chrony,97380,1508,00:00:19/69-10:28:53,22618) /usr/sbin/chronyd
(root,27380,868,00:00:46/69-10:28:48,22646) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,111300,3408,00:03:23/69-10:28:35,22813) /usr/sbin/sshd -D
(root,2331032,1542604,01:26:50/69-10:28:30,22836) /usr/local/cpanel/3rdparty/bin/clamd -F
(mailnull,86936,13020,00:04:07/69-10:27:40,23010) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51480,2336,00:21:48/69-10:27:37,23032) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1204,00:06:51/69-10:27:37,23038) dovecot/anvil
(polkitd,610668,3284,00:05:09/69-10:27:34,23061) /usr/lib/polkit-1/polkitd --no-debug
(root,180024,30364,00:00:35/19:55:41,24288) lfd - sleeping
(root,108292,668,00:00:00/152-12:35:01,24969) /sbin/agetty --noclear tty1 linux
(root,124504,1380,00:03:04/152-12:34:26,25238) /usr/sbin/crond -n
(root,21540,996,00:41:09/152-12:34:19,25358) /usr/sbin/irqbalance --foreground
(root,25288,2336,00:10:42/104-10:31:22,25923) /usr/lib/systemd/systemd-logind
(root,814480,19436,00:27:47/104-10:31:14,25996) /usr/sbin/rsyslogd -n
(root,42912,864,00:00:00/104-10:31:05,26125) /usr/sbin/lvmetad -f
(root,80400,36376,00:48:01/104-10:30:37,26284) /usr/lib/systemd/systemd-journald
(root,43528,968,00:00:00/104-10:30:26,26391) /usr/lib/systemd/systemd-udevd
(root,52900,2240,00:00:06/104-10:30:25,26407) /usr/sbin/smartd -n -q never
(root,12732,1360,00:00:00/1-06:13:24,27017) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12740,1364,00:00:00/1-06:13:24,27018) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,233292,4312,00:00:00/1-06:13:24,27019) /usr/sbin/httpd -k start
(root,53088,11772,00:00:00/1-06:13:24,27020) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3093176,22744,00:00:06/1-06:13:24,27021) /usr/sbin/httpd -k start
(dovenull,48024,5892,00:00:02/1-06:13:24,27074) dovecot/pop3-login
(dovenull,48836,6124,00:00:17/1-06:13:24,27075) dovecot/imap-login
(root,10404,1500,00:00:07/1-06:13:24,27076) dovecot/log
(dovenull,50008,7824,00:00:32/1-06:13:24,27077) dovecot/pop3-login
(dovenull,53032,9804,00:01:24/1-06:13:24,27078) dovecot/imap-login
(root,15808,3304,00:00:11/1-06:13:24,27079) dovecot/config
(dovecot,47788,3308,00:00:10/1-06:13:24,27080) dovecot/stats
(dovecot,71528,4976,00:00:31/1-06:13:24,27081) dovecot/auth
(nobody,3420856,23572,00:00:06/1-06:13:23,27082) /usr/sbin/httpd -k start
(nobody,3551928,22880,00:00:06/1-06:13:23,27083) /usr/sbin/httpd -k start
(dovecot,10664,1780,00:00:07/1-06:12:23,27301) dovecot/imap-hibernate
(nobody,3093176,21932,00:00:07/1-06:12:07,27309) /usr/sbin/httpd -k start
(nobody,3887816,24200,00:00:07/1-06:11:14,27516) /usr/sbin/httpd -k start
(root,233292,15432,00:04:25/31-06:08:04,28366) /usr/sbin/httpd -k start
(root,228996,17044,00:00:58/31-06:13:50,28951) queueprocd - waiting up to 60s to process a task
(nscd,1467604,2820,00:07:02/31-06:07:24,29094) /usr/sbin/nscd
(root,256864,28624,00:08:23/31-06:06:42,29240) cpsrvd (SSL) - waiting for connections                   
(cpanelconnecttrack,9792,3132,03:11:53/31-06:06:41,29332) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,130156,2728,00:00:10/31-06:06:41,29372) cpanellogd - sleeping for logs
(root,0,0,00:00:00/09:05:48,29386) [kworker/5:2]
(root,223264,98972,00:10:33/31-06:05:16,30251) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,128508,868,00:00:00/121-20:58:24,30546) SCREEN
(root,114712,1564,00:00:00/121-20:58:24,30547) /bin/bash
(root,0,0,00:00:00/05:35:40,30992) [kworker/2:0]
(root,0,0,00:00:00/02:05:40,31214) [kworker/1:2]
(root,0,0,00:00:00/01:58:02,32242) [kworker/u16:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-12-17 18:55

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10a5616e1c

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191460,4116,03:01:33/243-18:57:06,1) /usr/lib/systemd/systemd --system --deserialize 21
(root,0,0,00:00:04/243-18:57:06,2) [kthreadd]
(root,0,0,00:00:00/243-18:57:06,4) [kworker/0:0H]
(root,0,0,00:08:37/243-18:57:06,6) [ksoftirqd/0]
(root,0,0,00:00:01/243-18:57:06,7) [migration/0]
(root,0,0,00:00:00/243-18:57:06,8) [rcu_bh]
(root,0,0,02:47:28/243-18:57:06,9) [rcu_sched]
(root,0,0,00:00:00/243-18:57:06,10) [lru-add-drain]
(root,0,0,00:01:45/243-18:57:06,11) [watchdog/0]
(root,0,0,00:01:34/243-18:57:06,12) [watchdog/1]
(root,0,0,00:00:01/243-18:57:06,13) [migration/1]
(root,0,0,00:00:07/243-18:57:06,14) [ksoftirqd/1]
(root,0,0,00:00:00/243-18:57:06,16) [kworker/1:0H]
(root,0,0,00:01:35/243-18:57:06,17) [watchdog/2]
(root,0,0,00:00:01/243-18:57:06,18) [migration/2]
(root,0,0,00:00:07/243-18:57:06,19) [ksoftirqd/2]
(root,0,0,00:00:00/243-18:57:06,21) [kworker/2:0H]
(root,0,0,00:01:37/243-18:57:06,22) [watchdog/3]
(root,0,0,00:00:01/243-18:57:06,23) [migration/3]
(root,0,0,00:00:07/243-18:57:06,24) [ksoftirqd/3]
(root,0,0,00:00:00/243-18:57:06,26) [kworker/3:0H]
(root,0,0,00:01:29/243-18:57:06,27) [watchdog/4]
(root,0,0,00:00:40/243-18:57:06,28) [migration/4]
(root,0,0,00:00:09/243-18:57:06,29) [ksoftirqd/4]
(root,0,0,00:00:00/243-18:57:06,31) [kworker/4:0H]
(root,0,0,00:01:30/243-18:57:06,32) [watchdog/5]
(root,0,0,00:00:51/243-18:57:06,33) [migration/5]
(root,0,0,00:00:28/243-18:57:06,34) [ksoftirqd/5]
(root,0,0,00:00:00/243-18:57:06,36) [kworker/5:0H]
(root,0,0,00:01:30/243-18:57:06,37) [watchdog/6]
(root,0,0,00:00:41/243-18:57:06,38) [migration/6]
(root,0,0,00:00:18/243-18:57:06,39) [ksoftirqd/6]
(root,0,0,00:00:00/243-18:57:06,41) [kworker/6:0H]
(root,0,0,00:01:37/243-18:57:06,42) [watchdog/7]
(root,0,0,00:00:41/243-18:57:06,43) [migration/7]
(root,0,0,00:07:20/243-18:57:06,44) [ksoftirqd/7]
(root,0,0,00:00:00/243-18:57:06,46) [kworker/7:0H]
(root,0,0,00:00:00/243-18:57:06,48) [kdevtmpfs]
(root,0,0,00:00:00/243-18:57:06,49) [netns]
(root,0,0,00:00:16/243-18:57:06,50) [khungtaskd]
(root,0,0,00:00:00/243-18:57:06,51) [writeback]
(root,0,0,00:00:00/243-18:57:06,52) [kintegrityd]
(root,0,0,00:00:00/243-18:57:06,53) [bioset]
(root,0,0,00:00:00/243-18:57:06,54) [bioset]
(root,0,0,00:00:00/243-18:57:06,55) [bioset]
(root,0,0,00:00:00/243-18:57:06,56) [kblockd]
(root,0,0,00:00:00/243-18:57:06,57) [md]
(root,0,0,00:00:00/243-18:57:06,58) [edac-poller]
(root,0,0,00:00:00/243-18:57:06,59) [watchdogd]
(root,0,0,00:24:07/243-18:57:06,66) [kswapd0]
(root,0,0,00:00:00/243-18:57:06,67) [ksmd]
(root,0,0,00:00:54/243-18:57:06,68) [khugepaged]
(root,0,0,00:00:00/243-18:57:06,69) [crypto]
(root,0,0,00:00:00/243-18:57:06,77) [kthrotld]
(root,0,0,00:00:00/243-18:57:06,80) [kmpath_rdacd]
(root,0,0,00:00:00/243-18:57:06,81) [kaluad]
(root,0,0,00:00:00/243-18:57:06,82) [kpsmoused]
(root,0,0,00:00:00/243-18:57:06,84) [ipv6_addrconf]
(root,0,0,00:00:00/243-18:57:06,97) [deferwq]
(root,0,0,00:04:15/243-18:57:06,138) [kauditd]
(root,0,0,00:00:00/243-18:57:05,372) [ata_sff]
(root,0,0,00:00:00/243-18:57:05,404) [scsi_eh_0]
(root,0,0,00:00:00/243-18:57:05,405) [scsi_tmf_0]
(root,0,0,00:00:00/243-18:57:05,406) [scsi_eh_1]
(root,0,0,00:00:00/243-18:57:05,407) [scsi_tmf_1]
(root,0,0,00:00:00/243-18:57:05,408) [scsi_eh_2]
(root,0,0,00:00:00/243-18:57:05,409) [scsi_tmf_2]
(root,0,0,00:00:00/243-18:57:05,410) [scsi_eh_3]
(root,0,0,00:00:00/243-18:57:05,411) [scsi_tmf_3]
(root,0,0,00:00:00/243-18:57:05,412) [scsi_eh_4]
(root,0,0,00:00:00/243-18:57:05,413) [scsi_tmf_4]
(root,0,0,00:00:00/243-18:57:05,414) [scsi_eh_5]
(root,0,0,00:00:00/243-18:57:05,415) [scsi_tmf_5]
(root,0,0,00:00:00/243-18:57:03,488) [kdmflush]
(root,0,0,00:00:00/243-18:57:03,489) [bioset]
(root,0,0,00:00:07/243-18:57:03,506) [kworker/0:1H]
(root,0,0,00:33:37/243-18:57:03,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/243-18:57:03,514) [ext4-rsv-conver]
(root,0,0,00:00:01/243-18:57:00,628) [kworker/3:1H]
(root,0,0,00:00:00/243-18:57:00,674) [irq/125-mei_me]
(root,0,0,00:00:00/243-18:57:00,678) [kworker/6:1H]
(root,0,0,00:00:00/243-18:57:00,680) [kworker/5:1H]
(root,0,0,00:00:03/243-18:57:00,682) [kworker/1:1H]
(root,0,0,00:00:00/243-18:57:00,687) [kvm-irqfd-clean]
(root,0,0,00:00:01/243-18:56:59,704) [kworker/2:1H]
(root,0,0,00:01:42/243-18:56:58,713) [jbd2/sda3-8]
(root,0,0,00:00:00/243-18:56:58,714) [ext4-rsv-conver]
(root,0,0,00:00:00/243-18:56:58,716) [jbd2/sda2-8]
(root,0,0,00:00:00/243-18:56:58,717) [ext4-rsv-conver]
(root,0,0,00:03:58/243-18:56:58,722) [jbd2/sdb-8]
(root,0,0,00:00:00/243-18:56:58,723) [ext4-rsv-conver]
(root,0,0,00:00:01/243-18:56:57,742) [kworker/4:1H]
(root,55532,516,00:09:21/243-18:56:56,747) /sbin/auditd
(dbus,58236,1380,00:52:20/243-18:56:55,795) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,0,0,00:13:15/243-18:56:54,1040) [kworker/7:1H]
(root,167288,4204,00:10:39/243-18:56:46,1704) dnsadmin - dormant mode
(root,213236,23720,01:52:21/243-18:56:46,1706) tailwatchd
(root,183604,6564,00:05:23/243-18:56:46,1707) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,0,0,00:00:00/02:32:15,2728) [kworker/6:0]
(root,240652,113096,00:00:09/05:39:55,5903) spamd child
(root,243632,117792,00:00:01/05:39:55,5904) spamd child
(root,3108,40,00:00:21/64-23:21:49,6995) /usr/bin/RCdaemon
(root,0,0,00:00:00/01:53:48,8703) [kworker/u16:0]
(root,0,0,00:00:01/17:47:01,8834) [kworker/3:2]
(root,0,0,00:00:02/11:02:02,8850) [kworker/0:1]
(root,0,0,00:00:00/11:02:02,8879) [kworker/2:2]
(root,24208,616,00:00:00/146-13:03:59,9564) /usr/sbin/atd -f
(root,0,0,00:00:00/08:07:02,10699) [kworker/1:2]
(root,0,0,00:00:00/17:32:18,10921) [kworker/4:0]
(root,0,0,00:00:00/01:22:01,13843) [kworker/3:0]
(root,290616,5092,00:00:50/12-14:10:37,14923) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,366000,18932,00:00:16/12-14:10:37,14947) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,382232,37788,00:11:53/12-14:10:35,15043) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,372020,28892,00:00:16/12-14:10:35,15053) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,0,0,00:00:00/01:12:01,15382) [kworker/7:1]
(root,0,0,00:00:00/01:02:02,16941) [kworker/4:1]
(root,0,0,00:00:00/01:02:02,16975) [kworker/1:0]
(root,179280,29708,00:00:37/20:22:01,17464) lfd - sleeping
(root,0,0,00:00:00/04:22:02,18058) [kworker/5:0]
(mysql,1970020,384012,02:20:03/55-17:23:23,18332) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,0,0,00:00:00/51:08,18655) [kworker/u16:2]
(root,0,0,00:00:00/32:17,21421) [kworker/5:1]
(root,0,0,00:00:00/32:17,21444) [kworker/6:2]
(named,758920,8684,00:31:49/63-10:56:42,21481) /usr/sbin/named -u named -c /etc/named.conf
(chrony,97380,1512,00:00:17/63-10:55:14,22618) /usr/sbin/chronyd
(root,27380,868,00:00:42/63-10:55:09,22646) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,111300,3408,00:02:55/63-10:54:56,22813) /usr/sbin/sshd -D
(root,2330472,1553088,01:19:46/63-10:54:51,22836) /usr/local/cpanel/3rdparty/bin/clamd -F
(mailnull,86936,13020,00:03:49/63-10:54:01,23010) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51480,2324,00:19:50/63-10:53:58,23032) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1204,00:06:14/63-10:53:58,23038) dovecot/anvil
(polkitd,610668,3284,00:04:41/63-10:53:55,23061) /usr/lib/polkit-1/polkitd --no-debug
(root,0,0,00:00:00/22:01,23182) [kworker/0:0]
(root,12736,1364,00:00:07/9-15:39:39,23343) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12740,1380,00:00:07/9-15:39:39,23344) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,233164,4264,00:00:00/9-15:39:39,23346) /usr/sbin/httpd -k start
(root,53088,11768,00:00:00/9-15:39:39,23347) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3158728,29992,00:01:04/9-15:39:39,23348) /usr/sbin/httpd -k start
(nobody,3224264,28556,00:01:03/9-15:39:39,23349) /usr/sbin/httpd -k start
(nobody,3289800,29344,00:01:05/9-15:39:39,23350) /usr/sbin/httpd -k start
(dovenull,49004,6748,00:00:28/9-15:39:39,23507) dovecot/pop3-login
(dovenull,50844,8492,00:02:23/9-15:39:39,23508) dovecot/imap-login
(root,10524,1604,00:01:21/9-15:39:39,23509) dovecot/log
(dovenull,65360,23040,00:05:25/9-15:39:39,23510) dovecot/pop3-login
(dovenull,53700,10880,00:10:33/9-15:39:39,23511) dovecot/imap-login
(root,15668,3332,00:02:12/9-15:39:39,23512) dovecot/config
(dovecot,47764,3416,00:01:50/9-15:39:39,23513) dovecot/stats
(dovecot,72000,5568,00:04:59/9-15:39:39,23514) dovecot/auth
(nobody,3093192,28544,00:01:04/9-15:39:38,23515) /usr/sbin/httpd -k start
(nobody,3224264,29764,00:01:06/9-15:39:38,23516) /usr/sbin/httpd -k start
(dovecot,10744,1932,00:01:01/9-15:38:27,23755) dovecot/imap-hibernate
(root,108292,668,00:00:00/146-13:01:22,24969) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00/12:02,25034) [kworker/2:0]
(root,124504,1380,00:02:57/146-13:00:47,25238) /usr/sbin/crond -n
(root,21540,996,00:39:32/146-13:00:40,25358) /usr/sbin/irqbalance --foreground
(root,0,0,00:00:00/08:14,25551) [kworker/7:2]
(root,25288,2336,00:10:03/98-10:57:43,25923) /usr/lib/systemd/systemd-logind
(root,781712,13308,00:25:49/98-10:57:35,25996) /usr/sbin/rsyslogd -n
(root,42912,864,00:00:00/98-10:57:26,26125) /usr/sbin/lvmetad -f
(root,55824,18248,00:44:17/98-10:56:58,26284) /usr/lib/systemd/systemd-journald
(root,43528,968,00:00:00/98-10:56:47,26391) /usr/lib/systemd/systemd-udevd
(root,52900,2240,00:00:06/98-10:56:46,26407) /usr/sbin/smartd -n -q never
(root,0,0,00:00:00/02:01,26576) [kworker/7:0]
(scliegyp,38024,3704,00:00:00/00:27,26751) dovecot/imap
(scliegyp,38024,3672,00:00:00/00:18,26758) dovecot/imap
(root,60732,4444,00:00:00/00:08,26803) dovecot/lmtp
(root,0,0,00:00:00/00:07,26821) [dnsadmin - dorm] <defunct>
(root,0,0,00:00:00/00:07,26826) [whostmgrd - ser] <defunct>
(cpanelphpmyadmin,290584,5344,00:00:00/00:07,26836) php-fpm: pool cpanelphpmyadmin
(scliegyp,38064,3700,00:00:00/00:05,26918) dovecot/imap
(root,113500,1624,00:00:00/00:00,27038) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,27056) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,27057) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,233164,15300,00:03:34/25-06:34:25,28366) /usr/sbin/httpd -k start
(root,228996,17044,00:00:47/25-06:40:11,28951) queueprocd - waiting up to 60s to process a task
(nscd,1467604,2820,00:05:28/25-06:33:45,29094) /usr/sbin/nscd
(root,256188,28364,00:06:40/25-06:33:03,29240) cpsrvd (SSL) - waiting for connections                   
(cpanelconnecttrack,9792,3132,02:35:38/25-06:33:02,29332) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,130156,2728,00:00:08/25-06:33:02,29372) cpanellogd - sleeping for logs
(root,223264,98972,00:08:32/25-06:31:37,30251) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,128508,868,00:00:00/115-21:24:45,30546) SCREEN
(root,114712,1564,00:00:00/115-21:24:45,30547) /bin/bash

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-12-11 19:22

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb10300973bb

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191460,4168,02:48:25/217-02:36:33,1) /usr/lib/systemd/systemd --system --deserialize 21
(root,0,0,00:00:04/217-02:36:33,2) [kthreadd]
(root,0,0,00:00:00/217-02:36:33,4) [kworker/0:0H]
(root,0,0,00:07:37/217-02:36:33,6) [ksoftirqd/0]
(root,0,0,00:00:01/217-02:36:33,7) [migration/0]
(root,0,0,00:00:00/217-02:36:33,8) [rcu_bh]
(root,0,0,02:30:15/217-02:36:33,9) [rcu_sched]
(root,0,0,00:00:00/217-02:36:33,10) [lru-add-drain]
(root,0,0,00:01:33/217-02:36:33,11) [watchdog/0]
(root,0,0,00:01:23/217-02:36:33,12) [watchdog/1]
(root,0,0,00:00:01/217-02:36:33,13) [migration/1]
(root,0,0,00:00:06/217-02:36:33,14) [ksoftirqd/1]
(root,0,0,00:00:00/217-02:36:33,16) [kworker/1:0H]
(root,0,0,00:01:24/217-02:36:33,17) [watchdog/2]
(root,0,0,00:00:01/217-02:36:33,18) [migration/2]
(root,0,0,00:00:06/217-02:36:33,19) [ksoftirqd/2]
(root,0,0,00:00:00/217-02:36:33,21) [kworker/2:0H]
(root,0,0,00:01:27/217-02:36:33,22) [watchdog/3]
(root,0,0,00:00:01/217-02:36:33,23) [migration/3]
(root,0,0,00:00:06/217-02:36:33,24) [ksoftirqd/3]
(root,0,0,00:00:00/217-02:36:33,26) [kworker/3:0H]
(root,0,0,00:01:19/217-02:36:33,27) [watchdog/4]
(root,0,0,00:00:35/217-02:36:33,28) [migration/4]
(root,0,0,00:00:08/217-02:36:33,29) [ksoftirqd/4]
(root,0,0,00:00:00/217-02:36:33,31) [kworker/4:0H]
(root,0,0,00:01:19/217-02:36:33,32) [watchdog/5]
(root,0,0,00:00:45/217-02:36:33,33) [migration/5]
(root,0,0,00:00:26/217-02:36:33,34) [ksoftirqd/5]
(root,0,0,00:00:00/217-02:36:33,36) [kworker/5:0H]
(root,0,0,00:01:20/217-02:36:33,37) [watchdog/6]
(root,0,0,00:00:36/217-02:36:33,38) [migration/6]
(root,0,0,00:00:16/217-02:36:33,39) [ksoftirqd/6]
(root,0,0,00:00:00/217-02:36:33,41) [kworker/6:0H]
(root,0,0,00:01:26/217-02:36:33,42) [watchdog/7]
(root,0,0,00:00:36/217-02:36:33,43) [migration/7]
(root,0,0,00:06:31/217-02:36:33,44) [ksoftirqd/7]
(root,0,0,00:00:00/217-02:36:33,46) [kworker/7:0H]
(root,0,0,00:00:00/217-02:36:33,48) [kdevtmpfs]
(root,0,0,00:00:00/217-02:36:33,49) [netns]
(root,0,0,00:00:14/217-02:36:33,50) [khungtaskd]
(root,0,0,00:00:00/217-02:36:33,51) [writeback]
(root,0,0,00:00:00/217-02:36:33,52) [kintegrityd]
(root,0,0,00:00:00/217-02:36:33,53) [bioset]
(root,0,0,00:00:00/217-02:36:33,54) [bioset]
(root,0,0,00:00:00/217-02:36:33,55) [bioset]
(root,0,0,00:00:00/217-02:36:33,56) [kblockd]
(root,0,0,00:00:00/217-02:36:33,57) [md]
(root,0,0,00:00:00/217-02:36:33,58) [edac-poller]
(root,0,0,00:00:00/217-02:36:33,59) [watchdogd]
(root,0,0,00:23:08/217-02:36:33,66) [kswapd0]
(root,0,0,00:00:00/217-02:36:33,67) [ksmd]
(root,0,0,00:00:48/217-02:36:33,68) [khugepaged]
(root,0,0,00:00:00/217-02:36:33,69) [crypto]
(root,0,0,00:00:00/217-02:36:33,77) [kthrotld]
(root,0,0,00:00:00/217-02:36:33,80) [kmpath_rdacd]
(root,0,0,00:00:00/217-02:36:33,81) [kaluad]
(root,0,0,00:00:00/217-02:36:33,82) [kpsmoused]
(root,0,0,00:00:00/217-02:36:33,84) [ipv6_addrconf]
(root,0,0,00:00:00/217-02:36:33,97) [deferwq]
(root,0,0,00:03:46/217-02:36:33,138) [kauditd]
(root,0,0,00:00:00/217-02:36:32,372) [ata_sff]
(root,0,0,00:00:00/217-02:36:32,404) [scsi_eh_0]
(root,0,0,00:00:00/217-02:36:32,405) [scsi_tmf_0]
(root,0,0,00:00:00/217-02:36:32,406) [scsi_eh_1]
(root,0,0,00:00:00/217-02:36:32,407) [scsi_tmf_1]
(root,0,0,00:00:00/217-02:36:32,408) [scsi_eh_2]
(root,0,0,00:00:00/217-02:36:32,409) [scsi_tmf_2]
(root,0,0,00:00:00/217-02:36:32,410) [scsi_eh_3]
(root,0,0,00:00:00/217-02:36:32,411) [scsi_tmf_3]
(root,0,0,00:00:00/217-02:36:32,412) [scsi_eh_4]
(root,0,0,00:00:00/217-02:36:32,413) [scsi_tmf_4]
(root,0,0,00:00:00/217-02:36:32,414) [scsi_eh_5]
(root,0,0,00:00:00/217-02:36:32,415) [scsi_tmf_5]
(root,0,0,00:00:00/217-02:36:30,488) [kdmflush]
(root,0,0,00:00:00/217-02:36:30,489) [bioset]
(root,0,0,00:00:07/217-02:36:30,506) [kworker/0:1H]
(root,0,0,00:30:09/217-02:36:30,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/217-02:36:30,514) [ext4-rsv-conver]
(root,0,0,00:00:01/217-02:36:27,628) [kworker/3:1H]
(root,0,0,00:00:00/217-02:36:27,674) [irq/125-mei_me]
(root,0,0,00:00:00/217-02:36:27,678) [kworker/6:1H]
(root,0,0,00:00:00/217-02:36:27,680) [kworker/5:1H]
(root,0,0,00:00:03/217-02:36:27,682) [kworker/1:1H]
(root,0,0,00:00:00/217-02:36:27,687) [kvm-irqfd-clean]
(root,0,0,00:00:01/217-02:36:26,704) [kworker/2:1H]
(root,0,0,00:01:30/217-02:36:25,713) [jbd2/sda3-8]
(root,0,0,00:00:00/217-02:36:25,714) [ext4-rsv-conver]
(root,0,0,00:00:00/217-02:36:25,716) [jbd2/sda2-8]
(root,0,0,00:00:00/217-02:36:25,717) [ext4-rsv-conver]
(root,0,0,00:03:33/217-02:36:25,722) [jbd2/sdb-8]
(root,0,0,00:00:00/217-02:36:25,723) [ext4-rsv-conver]
(root,0,0,00:00:00/217-02:36:24,742) [kworker/4:1H]
(root,55532,516,00:08:17/217-02:36:23,747) /sbin/auditd
(dbus,58236,1380,00:46:38/217-02:36:22,795) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,0,0,00:11:44/217-02:36:21,1040) [kworker/7:1H]
(root,167288,4200,00:09:29/217-02:36:13,1704) dnsadmin - dormant mode
(root,216624,25260,01:35:41/217-02:36:13,1706) tailwatchd
(root,183604,6560,00:04:42/217-02:36:13,1707) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,0,0,00:00:02/09:06:47,2944) [kworker/0:2]
(root,0,0,00:00:00/01:51:28,4257) [kworker/2:0]
(root,228868,16840,00:00:16/8-19:25:34,4319) queueprocd - waiting up to 60s to process a task
(root,233164,15228,00:01:14/8-19:23:04,5552) /usr/sbin/httpd -k start
(root,0,0,00:00:04/4-02:11:42,5766) [kworker/5:0]
(root,12732,1348,00:00:31/8-19:22:34,5914) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12740,1356,00:00:29/8-19:22:34,5915) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,233164,4228,00:00:00/8-19:22:34,5916) /usr/sbin/httpd -k start
(root,53088,11764,00:00:00/8-19:22:34,5917) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3289716,32120,00:01:50/8-19:22:34,5918) /usr/sbin/httpd -k start
(nobody,3093108,31000,00:01:42/8-19:22:34,5919) /usr/sbin/httpd -k start
(nobody,3289716,29860,00:01:38/8-19:22:33,6072) /usr/sbin/httpd -k start
(cpanelconnecttrack,9780,3100,00:56:04/8-19:22:33,6220) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,130156,2724,00:00:02/8-19:22:33,6230) cpanellogd - sleeping for logs
(nscd,1400016,2516,00:02:00/8-19:22:33,6248) /usr/sbin/nscd
(root,290616,5412,00:00:34/8-19:22:29,6346) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(nobody,3224180,32828,00:02:02/8-19:22:10,6413) /usr/sbin/httpd -k start
(root,3108,40,00:00:12/38-07:01:16,6995) /usr/bin/RCdaemon
(root,223644,99348,00:03:01/8-19:21:02,7221) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,0,0,00:00:00/01:31:29,7480) [kworker/0:0]
(root,0,0,00:00:00/01:26:28,8272) [kworker/5:1]
(root,0,0,00:00:00/21:11:38,8949) [kworker/4:2]
(root,0,0,00:00:00/01:21:29,9007) [kworker/6:0]
(root,24208,616,00:00:00/119-20:43:26,9564) /usr/sbin/atd -f
(root,244800,117160,00:00:08/15:03:24,9802) spamd child
(dovenull,50592,8236,00:01:29/29-15:19:12,11396) dovecot/pop3-login
(dovenull,54412,11504,00:22:16/29-15:19:12,11402) dovecot/imap-login
(root,10896,2008,00:03:37/29-15:19:12,11412) dovecot/log
(dovenull,68092,25648,00:17:30/29-15:19:12,11425) dovecot/pop3-login
(dovenull,52480,10208,00:10:13/29-15:19:12,11426) dovecot/imap-login
(root,15992,3344,00:06:12/29-15:19:12,11427) dovecot/config
(dovecot,48060,3644,00:05:00/29-15:19:12,11428) dovecot/stats
(dovecot,72360,5884,00:13:30/29-15:19:12,11429) dovecot/auth
(root,227568,101488,00:00:00/08:11:07,11582) spamd child
(dovecot,10748,1940,00:03:09/29-15:18:14,11644) dovecot/imap-hibernate
(root,123572,728,00:00:00/01:00:28,12256) /usr/sbin/anacron -s
(root,0,0,00:00:00/57:53,12574) [kworker/7:0]
(root,0,0,00:00:00/04:26:29,13062) [kworker/2:2]
(root,0,0,00:00:00/17:41:29,13068) [kworker/6:2]
(root,0,0,00:00:00/51:29,13585) [kworker/1:0]
(root,0,0,00:00:00/07:46:28,15262) [kworker/1:1]
(root,178780,29248,00:00:06/04:01:28,16861) lfd - sleeping
(root,0,0,00:00:00/26:28,17257) [kworker/3:2]
(scliegyp,38528,4072,00:00:00/25:34,17301) dovecot/imap
(scliegyp,38416,3944,00:00:00/25:34,17303) dovecot/imap
(root,0,0,00:00:00/21:29,17965) [kworker/7:1]
(mysql,1772620,342720,01:04:53/29-01:02:50,18332) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,113280,1488,00:00:00/13:28,19084) /bin/bash /bin/run-parts /etc/cron.daily
(root,132960,4552,00:00:00/13:28,19090) ConfigServer Version Check
(root,108052,360,00:00:00/13:28,19100) sleep 5027
(root,0,0,00:00:00/13:28,19115) [kworker/u16:1]
(root,113280,1488,00:00:00/13:21,19170) bash /etc/cron.daily/maldet
(root,113640,976,00:00:00/13:21,19171) awk -v progname=/etc/cron.daily/maldet progname { ....   print progname ":\n" ....   progname=""; ...       } ...       { print; }
(root,108052,360,00:00:00/13:21,19252) sleep 881
(root,0,0,00:00:00/11:36,19466) [kworker/4:1]
(root,0,0,00:00:00/05:36,20446) [kworker/u16:2]
(root,70788,4212,00:00:00/02:23,20889) dovecot/auth -w
(root,0,0,00:00:00/01:28,21144) [kworker/0:1]
(root,0,0,00:00:00/00:28,21308) [kworker/7:2]
(root,0,0,00:00:00/00:22,21311) [cpsrvd (SSL) - ] <defunct>
(mailnull,87436,10908,00:00:00/00:10,21319) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,113500,1616,00:00:00/00:00,21451) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,21469) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,21470) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(named,758920,9208,00:21:24/36-18:36:09,21481) /usr/sbin/named -u named -c /etc/named.conf
(chrony,97380,1512,00:00:11/36-18:34:41,22618) /usr/sbin/chronyd
(root,27380,868,00:00:24/36-18:34:36,22646) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(nobody,3158644,29460,00:01:24/8-08:13:39,22679) /usr/sbin/httpd -k start
(wp-toolkit,372020,17332,00:00:48/36-18:34:28,22746) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,111300,3408,00:02:10/36-18:34:23,22813) /usr/sbin/sshd -D
(root,2264848,1495148,00:44:19/36-18:34:18,22836) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,366000,15804,00:00:51/36-18:34:00,22863) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,382236,37564,00:34:16/36-18:33:58,22880) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(mailnull,86940,13024,00:02:38/36-18:33:28,23010) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51480,2556,00:11:08/36-18:33:25,23032) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1276,00:03:33/36-18:33:25,23038) dovecot/anvil
(polkitd,610668,5668,00:02:41/36-18:33:22,23061) /usr/lib/polkit-1/polkitd --no-debug
(root,108292,668,00:00:00/119-20:40:49,24969) /sbin/agetty --noclear tty1 linux
(root,124504,1376,00:02:25/119-20:40:14,25238) /usr/sbin/crond -n
(root,21540,996,00:32:20/119-20:40:07,25358) /usr/sbin/irqbalance --foreground
(root,25288,2332,00:07:17/71-18:37:10,25923) /usr/lib/systemd/systemd-logind
(root,740324,23448,00:18:42/71-18:37:02,25996) /usr/sbin/rsyslogd -n
(root,185136,2416,00:00:00/03:01:29,26110) /usr/sbin/CROND -n
(root,113280,1204,00:00:00/03:01:28,26119) /bin/sh -c sleep $((1 + RANDOM % 5))h $((1 + RANDOM % 60))m; /usr/local/bin/wp-toolkit update-configuration > /dev/null 2> /dev/null || /usr/local/cpanel/3rdparty/wp-toolkit/bin/wp-toolkit-installer.sh --generate-configs > /dev/null 2> /dev/null; /usr/bin/yum -y update wp-toolkit-cpanel > /dev/null 2> /dev/null
(root,42912,864,00:00:00/71-18:36:53,26125) /usr/sbin/lvmetad -f
(root,108052,356,00:00:00/03:01:28,26126) sleep 3h 5m
(root,88528,38628,00:32:01/71-18:36:25,26284) /usr/lib/systemd/systemd-journald
(root,43528,968,00:00:00/71-18:36:14,26391) /usr/lib/systemd/systemd-udevd
(root,52900,2240,00:00:04/71-18:36:13,26407) /usr/sbin/smartd -n -q never
(root,0,0,00:00:01/1-05:26:29,29820) [kworker/3:0]
(nobody,3289716,31144,00:01:48/8-00:10:20,30118) /usr/sbin/httpd -k start
(root,256180,28360,00:05:03/15-19:23:17,30414) cpsrvd (SSL) - waiting for connections                   
(root,128508,868,00:00:00/89-05:04:12,30546) SCREEN
(root,114712,1564,00:00:00/89-05:04:12,30547) /bin/bash

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-11-15 03:01

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb107d7193fb

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191460,4168,02:43:20/206-22:33:07,1) /usr/lib/systemd/systemd --system --deserialize 21
(root,0,0,00:00:03/206-22:33:07,2) [kthreadd]
(root,0,0,00:00:00/206-22:33:07,4) [kworker/0:0H]
(root,0,0,00:07:14/206-22:33:07,6) [ksoftirqd/0]
(root,0,0,00:00:01/206-22:33:07,7) [migration/0]
(root,0,0,00:00:00/206-22:33:07,8) [rcu_bh]
(root,0,0,02:22:38/206-22:33:07,9) [rcu_sched]
(root,0,0,00:00:00/206-22:33:07,10) [lru-add-drain]
(root,0,0,00:01:29/206-22:33:07,11) [watchdog/0]
(root,0,0,00:01:20/206-22:33:07,12) [watchdog/1]
(root,0,0,00:00:01/206-22:33:07,13) [migration/1]
(root,0,0,00:00:06/206-22:33:07,14) [ksoftirqd/1]
(root,0,0,00:00:00/206-22:33:07,16) [kworker/1:0H]
(root,0,0,00:01:20/206-22:33:07,17) [watchdog/2]
(root,0,0,00:00:01/206-22:33:07,18) [migration/2]
(root,0,0,00:00:06/206-22:33:07,19) [ksoftirqd/2]
(root,0,0,00:00:00/206-22:33:07,21) [kworker/2:0H]
(root,0,0,00:01:23/206-22:33:07,22) [watchdog/3]
(root,0,0,00:00:01/206-22:33:07,23) [migration/3]
(root,0,0,00:00:06/206-22:33:07,24) [ksoftirqd/3]
(root,0,0,00:00:00/206-22:33:07,26) [kworker/3:0H]
(root,0,0,00:01:16/206-22:33:07,27) [watchdog/4]
(root,0,0,00:00:34/206-22:33:07,28) [migration/4]
(root,0,0,00:00:08/206-22:33:07,29) [ksoftirqd/4]
(root,0,0,00:00:00/206-22:33:07,31) [kworker/4:0H]
(root,0,0,00:01:15/206-22:33:07,32) [watchdog/5]
(root,0,0,00:00:43/206-22:33:07,33) [migration/5]
(root,0,0,00:00:25/206-22:33:07,34) [ksoftirqd/5]
(root,0,0,00:00:00/206-22:33:07,36) [kworker/5:0H]
(root,0,0,00:01:16/206-22:33:07,37) [watchdog/6]
(root,0,0,00:00:34/206-22:33:07,38) [migration/6]
(root,0,0,00:00:15/206-22:33:07,39) [ksoftirqd/6]
(root,0,0,00:00:00/206-22:33:07,41) [kworker/6:0H]
(root,0,0,00:01:22/206-22:33:07,42) [watchdog/7]
(root,0,0,00:00:34/206-22:33:07,43) [migration/7]
(root,0,0,00:06:12/206-22:33:07,44) [ksoftirqd/7]
(root,0,0,00:00:00/206-22:33:07,46) [kworker/7:0H]
(root,0,0,00:00:00/206-22:33:07,48) [kdevtmpfs]
(root,0,0,00:00:00/206-22:33:07,49) [netns]
(root,0,0,00:00:14/206-22:33:07,50) [khungtaskd]
(root,0,0,00:00:00/206-22:33:07,51) [writeback]
(root,0,0,00:00:00/206-22:33:07,52) [kintegrityd]
(root,0,0,00:00:00/206-22:33:07,53) [bioset]
(root,0,0,00:00:00/206-22:33:07,54) [bioset]
(root,0,0,00:00:00/206-22:33:07,55) [bioset]
(root,0,0,00:00:00/206-22:33:07,56) [kblockd]
(root,0,0,00:00:00/206-22:33:07,57) [md]
(root,0,0,00:00:00/206-22:33:07,58) [edac-poller]
(root,0,0,00:00:00/206-22:33:07,59) [watchdogd]
(root,0,0,00:22:49/206-22:33:07,66) [kswapd0]
(root,0,0,00:00:00/206-22:33:07,67) [ksmd]
(root,0,0,00:00:46/206-22:33:07,68) [khugepaged]
(root,0,0,00:00:00/206-22:33:07,69) [crypto]
(root,0,0,00:00:00/206-22:33:07,77) [kthrotld]
(root,0,0,00:00:00/206-22:33:07,80) [kmpath_rdacd]
(root,0,0,00:00:00/206-22:33:07,81) [kaluad]
(root,0,0,00:00:00/206-22:33:07,82) [kpsmoused]
(root,0,0,00:00:00/206-22:33:07,84) [ipv6_addrconf]
(root,0,0,00:00:00/206-22:33:07,97) [deferwq]
(root,0,0,00:03:27/206-22:33:07,138) [kauditd]
(root,0,0,00:00:00/206-22:33:06,372) [ata_sff]
(root,0,0,00:00:00/206-22:33:06,404) [scsi_eh_0]
(root,0,0,00:00:00/206-22:33:06,405) [scsi_tmf_0]
(root,0,0,00:00:00/206-22:33:06,406) [scsi_eh_1]
(root,0,0,00:00:00/206-22:33:06,407) [scsi_tmf_1]
(root,0,0,00:00:00/206-22:33:06,408) [scsi_eh_2]
(root,0,0,00:00:00/206-22:33:06,409) [scsi_tmf_2]
(root,0,0,00:00:00/206-22:33:06,410) [scsi_eh_3]
(root,0,0,00:00:00/206-22:33:06,411) [scsi_tmf_3]
(root,0,0,00:00:00/206-22:33:06,412) [scsi_eh_4]
(root,0,0,00:00:00/206-22:33:06,413) [scsi_tmf_4]
(root,0,0,00:00:00/206-22:33:06,414) [scsi_eh_5]
(root,0,0,00:00:00/206-22:33:06,415) [scsi_tmf_5]
(root,0,0,00:00:00/206-22:33:04,488) [kdmflush]
(root,0,0,00:00:00/206-22:33:04,489) [bioset]
(root,0,0,00:00:06/206-22:33:04,506) [kworker/0:1H]
(root,0,0,00:28:48/206-22:33:04,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/206-22:33:04,514) [ext4-rsv-conver]
(root,0,0,00:00:01/206-22:33:01,628) [kworker/3:1H]
(root,0,0,00:00:00/206-22:33:01,674) [irq/125-mei_me]
(root,0,0,00:00:00/206-22:33:01,678) [kworker/6:1H]
(root,0,0,00:00:00/206-22:33:01,680) [kworker/5:1H]
(root,0,0,00:00:03/206-22:33:01,682) [kworker/1:1H]
(root,0,0,00:00:00/206-22:33:01,687) [kvm-irqfd-clean]
(root,0,0,00:00:01/206-22:33:00,704) [kworker/2:1H]
(root,0,0,00:01:27/206-22:32:59,713) [jbd2/sda3-8]
(root,0,0,00:00:00/206-22:32:59,714) [ext4-rsv-conver]
(root,0,0,00:00:00/206-22:32:59,716) [jbd2/sda2-8]
(root,0,0,00:00:00/206-22:32:59,717) [ext4-rsv-conver]
(root,0,0,00:03:23/206-22:32:59,722) [jbd2/sdb-8]
(root,0,0,00:00:00/206-22:32:59,723) [ext4-rsv-conver]
(root,0,0,00:00:00/206-22:32:58,742) [kworker/4:1H]
(root,55532,516,00:07:37/206-22:32:57,747) /sbin/auditd
(root,111300,4240,00:00:00/01:46,774) sshd: [accepted]
(sshd,111300,1712,00:00:00/01:45,775) sshd: [net]
(dbus,58236,1388,00:44:29/206-22:32:56,795) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(mailnull,87320,10736,00:00:00/01:06,863) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(scliegyp,29056,2580,00:00:00/01:05,865) dovecot/quota-status -p postfix
(scliegyp,38064,3612,00:00:00/00:18,968) dovecot/imap
(root,0,0,00:00:00/00:06,977) [cpsrvd (SSL) - ] <defunct>
(root,0,0,00:11:14/206-22:32:55,1040) [kworker/7:1H]
(root,113500,1624,00:00:00/00:00,1084) /bin/bash /usr/bin/check_mk_agent
(root,49820,1564,00:00:00/00:00,1102) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,1103) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,245012,117452,00:00:15/1-01:30:08,1449) spamd child
(root,167288,4200,00:09:03/206-22:32:47,1704) dnsadmin - dormant mode
(root,212904,23632,01:29:09/206-22:32:47,1706) tailwatchd
(root,183604,6556,00:04:27/206-22:32:47,1707) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,0,0,00:00:01/1-18:08:26,4247) [kworker/6:0]
(root,3108,40,00:00:09/28-02:57:50,6995) /usr/bin/RCdaemon
(root,239568,113548,00:00:00/10:09:01,8415) spamd child
(root,0,0,00:00:00/02:48:03,8637) [kworker/4:1]
(root,24208,616,00:00:00/109-16:40:00,9564) /usr/sbin/atd -f
(dovenull,49900,7528,00:01:05/19-11:15:46,11396) dovecot/pop3-login
(dovenull,54412,11252,00:14:01/19-11:15:46,11402) dovecot/imap-login
(root,10896,2008,00:02:18/19-11:15:46,11412) dovecot/log
(dovenull,67740,25628,00:11:22/19-11:15:46,11425) dovecot/pop3-login
(dovenull,51284,8708,00:06:57/19-11:15:46,11426) dovecot/imap-login
(root,15992,3344,00:03:51/19-11:15:46,11427) dovecot/config
(dovecot,48060,3644,00:03:12/19-11:15:46,11428) dovecot/stats
(dovecot,72028,5572,00:08:28/19-11:15:46,11429) dovecot/auth
(dovecot,10664,1784,00:02:02/19-11:14:48,11644) dovecot/imap-hibernate
(root,0,0,00:00:01/1-07:28:03,12895) [kworker/1:2]
(root,0,0,00:00:00/02:04:50,14875) [kworker/0:2]
(root,179676,30072,00:00:37/23:58:02,14899) lfd - sleeping
(root,0,0,00:00:01/23:45:03,16955) [kworker/3:2]
(mysql,1772620,340156,00:40:47/18-20:59:24,18332) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(nobody,3158648,25800,00:00:39/3-16:26:47,20366) /usr/sbin/httpd -k start
(named,758920,35480,00:09:43/26-14:32:43,21481) /usr/sbin/named -u named -c /etc/named.conf
(root,0,0,00:00:00/01:18:03,21859) [kworker/2:0]
(chrony,97380,1700,00:00:08/26-14:31:15,22618) /usr/sbin/chronyd
(root,0,0,00:00:00/01:12:59,22628) [kworker/5:1]
(root,27380,1064,00:00:17/26-14:31:10,22646) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(wp-toolkit,372020,28888,00:00:35/26-14:31:02,22746) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,111300,4312,00:01:41/26-14:30:57,22813) /usr/sbin/sshd -D
(root,1983572,1454456,00:32:46/26-14:30:52,22836) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,366000,18936,00:00:36/26-14:30:34,22863) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,382236,37764,00:24:45/26-14:30:32,22880) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(mailnull,86936,13024,00:01:53/26-14:30:02,23010) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51480,2556,00:07:54/26-14:29:59,23032) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1292,00:02:30/26-14:29:59,23038) dovecot/anvil
(polkitd,610668,6700,00:01:56/26-14:29:56,23061) /usr/lib/polkit-1/polkitd --no-debug
(root,0,0,00:00:00/01:08:03,23349) [kworker/3:1]
(root,108292,672,00:00:00/109-16:37:23,24969) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01/1-15:53:03,25087) [kworker/4:0]
(root,124504,1372,00:02:13/109-16:36:48,25238) /usr/sbin/crond -n
(root,21540,996,00:29:34/109-16:36:41,25358) /usr/sbin/irqbalance --foreground
(root,25288,2336,00:06:14/61-14:33:44,25923) /usr/lib/systemd/systemd-logind
(root,740752,18104,00:15:46/61-14:33:36,25996) /usr/sbin/rsyslogd -n
(root,0,0,00:00:00/08:08:24,26047) [kworker/2:1]
(root,42912,864,00:00:00/61-14:33:27,26125) /usr/sbin/lvmetad -f
(root,64008,24616,00:26:43/61-14:32:59,26284) /usr/lib/systemd/systemd-journald
(root,43528,968,00:00:00/61-14:32:48,26391) /usr/lib/systemd/systemd-udevd
(root,52900,2240,00:00:04/61-14:32:47,26407) /usr/sbin/smartd -n -q never
(root,0,0,00:00:00/38:03,27688) [kworker/5:2]
(scliegyp,38860,4116,00:00:00/33:31,28304) dovecot/imap
(root,228872,16852,00:00:10/5-15:21:32,28657) queueprocd - waiting up to 60s to process a task
(root,0,0,00:00:00/28:02,29115) [kworker/6:2]
(root,0,0,00:00:00/24:18,29568) [kworker/7:0]
(root,233168,15332,00:00:48/5-15:20:40,29645) /usr/sbin/httpd -k start
(root,0,0,00:00:00/23:03,29870) [kworker/0:1]
(root,12732,1364,00:00:20/5-15:20:33,29968) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12736,1368,00:00:19/5-15:20:33,29969) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,233168,4228,00:00:00/5-15:20:33,29970) /usr/sbin/httpd -k start
(root,53088,11772,00:00:00/5-15:20:33,29971) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3158648,30168,00:01:05/5-15:20:33,29972) /usr/sbin/httpd -k start
(nobody,4223640,32108,00:01:17/5-15:20:33,29973) /usr/sbin/httpd -k start
(nobody,3289720,30204,00:01:33/5-15:20:33,29979) /usr/sbin/httpd -k start
(nobody,4493992,31064,00:01:05/5-15:20:33,30001) /usr/sbin/httpd -k start
(nscd,1535192,2852,00:01:13/5-15:20:32,30236) /usr/sbin/nscd
(nobody,3224184,29436,00:01:11/5-15:20:32,30289) /usr/sbin/httpd -k start
(root,256176,28356,00:01:37/5-15:19:51,30414) cpsrvd (SSL) - waiting for connections                   
(root,128508,872,00:00:00/79-01:00:46,30546) SCREEN
(root,114712,1564,00:00:00/79-01:00:46,30547) /bin/bash
(root,290616,5472,00:00:22/5-15:19:49,30572) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(cpanelconnecttrack,9784,3160,00:34:46/5-15:19:49,30579) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,130156,2728,00:00:01/5-15:19:49,30587) cpanellogd - sleeping for logs
(root,223720,99432,00:01:56/5-15:18:23,31244) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,0,0,00:00:00/14:02,31321) [kworker/7:2]
(root,0,0,00:00:00/13:35,31403) [kworker/u16:2]
(scliegyp,37752,3072,00:00:00/08:32,32110) dovecot/imap
(root,0,0,00:00:00/08:03,32323) [kworker/1:1]
(root,70788,4208,00:00:00/06:55,32488) dovecot/auth -w
(scliegyp,38100,3332,00:00:00/06:12,32584) dovecot/imap
(root,0,0,00:00:00/05:09,32690) [kworker/u16:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-11-04 22:58

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb1003f3d29a

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191460,4168,02:29:30/190-01:52:06,1) /usr/lib/systemd/systemd --system --deserialize 21
(root,0,0,00:00:03/190-01:52:06,2) [kthreadd]
(root,0,0,00:00:00/190-01:52:06,4) [kworker/0:0H]
(root,0,0,00:06:40/190-01:52:06,6) [ksoftirqd/0]
(root,0,0,00:00:01/190-01:52:06,7) [migration/0]
(root,0,0,00:00:00/190-01:52:06,8) [rcu_bh]
(root,0,0,02:10:35/190-01:52:06,9) [rcu_sched]
(root,0,0,00:00:00/190-01:52:06,10) [lru-add-drain]
(root,0,0,00:01:22/190-01:52:06,11) [watchdog/0]
(root,0,0,00:01:13/190-01:52:06,12) [watchdog/1]
(root,0,0,00:00:01/190-01:52:06,13) [migration/1]
(root,0,0,00:00:06/190-01:52:06,14) [ksoftirqd/1]
(root,0,0,00:00:00/190-01:52:06,16) [kworker/1:0H]
(root,0,0,00:01:13/190-01:52:06,17) [watchdog/2]
(root,0,0,00:00:01/190-01:52:06,18) [migration/2]
(root,0,0,00:00:06/190-01:52:06,19) [ksoftirqd/2]
(root,0,0,00:00:00/190-01:52:06,21) [kworker/2:0H]
(root,0,0,00:01:16/190-01:52:06,22) [watchdog/3]
(root,0,0,00:00:00/190-01:52:06,23) [migration/3]
(root,0,0,00:00:05/190-01:52:06,24) [ksoftirqd/3]
(root,0,0,00:00:00/190-01:52:06,26) [kworker/3:0H]
(root,0,0,00:01:09/190-01:52:06,27) [watchdog/4]
(root,0,0,00:00:31/190-01:52:06,28) [migration/4]
(root,0,0,00:00:07/190-01:52:06,29) [ksoftirqd/4]
(root,0,0,00:00:00/190-01:52:06,31) [kworker/4:0H]
(root,0,0,00:01:09/190-01:52:06,32) [watchdog/5]
(root,0,0,00:00:38/190-01:52:06,33) [migration/5]
(root,0,0,00:00:24/190-01:52:06,34) [ksoftirqd/5]
(root,0,0,00:00:00/190-01:52:06,36) [kworker/5:0H]
(root,0,0,00:01:10/190-01:52:06,37) [watchdog/6]
(root,0,0,00:00:31/190-01:52:06,38) [migration/6]
(root,0,0,00:00:14/190-01:52:06,39) [ksoftirqd/6]
(root,0,0,00:00:00/190-01:52:06,41) [kworker/6:0H]
(root,0,0,00:01:15/190-01:52:06,42) [watchdog/7]
(root,0,0,00:00:31/190-01:52:06,43) [migration/7]
(root,0,0,00:05:42/190-01:52:06,44) [ksoftirqd/7]
(root,0,0,00:00:00/190-01:52:06,46) [kworker/7:0H]
(root,0,0,00:00:00/190-01:52:06,48) [kdevtmpfs]
(root,0,0,00:00:00/190-01:52:06,49) [netns]
(root,0,0,00:00:13/190-01:52:06,50) [khungtaskd]
(root,0,0,00:00:00/190-01:52:06,51) [writeback]
(root,0,0,00:00:00/190-01:52:06,52) [kintegrityd]
(root,0,0,00:00:00/190-01:52:06,53) [bioset]
(root,0,0,00:00:00/190-01:52:06,54) [bioset]
(root,0,0,00:00:00/190-01:52:06,55) [bioset]
(root,0,0,00:00:00/190-01:52:06,56) [kblockd]
(root,0,0,00:00:00/190-01:52:06,57) [md]
(root,0,0,00:00:00/190-01:52:06,58) [edac-poller]
(root,0,0,00:00:00/190-01:52:06,59) [watchdogd]
(root,0,0,00:22:25/190-01:52:06,66) [kswapd0]
(root,0,0,00:00:00/190-01:52:06,67) [ksmd]
(root,0,0,00:00:42/190-01:52:06,68) [khugepaged]
(root,0,0,00:00:00/190-01:52:06,69) [crypto]
(root,0,0,00:00:00/190-01:52:06,77) [kthrotld]
(root,0,0,00:00:00/190-01:52:06,80) [kmpath_rdacd]
(root,0,0,00:00:00/190-01:52:06,81) [kaluad]
(root,0,0,00:00:00/190-01:52:06,82) [kpsmoused]
(root,0,0,00:00:00/190-01:52:06,84) [ipv6_addrconf]
(root,0,0,00:00:00/190-01:52:06,97) [deferwq]
(root,0,0,00:02:51/190-01:52:06,138) [kauditd]
(root,0,0,00:00:00/190-01:52:05,372) [ata_sff]
(root,0,0,00:00:00/190-01:52:05,404) [scsi_eh_0]
(root,0,0,00:00:00/190-01:52:05,405) [scsi_tmf_0]
(root,0,0,00:00:00/190-01:52:05,406) [scsi_eh_1]
(root,0,0,00:00:00/190-01:52:05,407) [scsi_tmf_1]
(root,0,0,00:00:00/190-01:52:05,408) [scsi_eh_2]
(root,0,0,00:00:00/190-01:52:05,409) [scsi_tmf_2]
(root,0,0,00:00:00/190-01:52:05,410) [scsi_eh_3]
(root,0,0,00:00:00/190-01:52:05,411) [scsi_tmf_3]
(root,0,0,00:00:00/190-01:52:05,412) [scsi_eh_4]
(root,0,0,00:00:00/190-01:52:05,413) [scsi_tmf_4]
(root,0,0,00:00:00/190-01:52:05,414) [scsi_eh_5]
(root,0,0,00:00:00/190-01:52:05,415) [scsi_tmf_5]
(root,0,0,00:00:00/190-01:52:03,488) [kdmflush]
(root,0,0,00:00:00/190-01:52:03,489) [bioset]
(root,0,0,00:00:06/190-01:52:03,506) [kworker/0:1H]
(root,0,0,00:26:50/190-01:52:03,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/190-01:52:03,514) [ext4-rsv-conver]
(root,0,0,00:00:01/190-01:52:00,628) [kworker/3:1H]
(root,0,0,00:00:00/190-01:52:00,674) [irq/125-mei_me]
(root,0,0,00:00:00/190-01:52:00,678) [kworker/6:1H]
(root,0,0,00:00:00/190-01:52:00,680) [kworker/5:1H]
(root,0,0,00:00:02/190-01:52:00,682) [kworker/1:1H]
(root,0,0,00:00:00/190-01:52:00,687) [kvm-irqfd-clean]
(root,0,0,00:00:01/190-01:51:59,704) [kworker/2:1H]
(root,0,0,00:01:21/190-01:51:58,713) [jbd2/sda3-8]
(root,0,0,00:00:00/190-01:51:58,714) [ext4-rsv-conver]
(root,0,0,00:00:00/190-01:51:58,716) [jbd2/sda2-8]
(root,0,0,00:00:00/190-01:51:58,717) [ext4-rsv-conver]
(root,0,0,00:03:10/190-01:51:58,722) [jbd2/sdb-8]
(root,0,0,00:00:00/190-01:51:58,723) [ext4-rsv-conver]
(root,0,0,00:00:00/190-01:51:57,742) [kworker/4:1H]
(root,55532,516,00:06:20/190-01:51:56,747) /sbin/auditd
(dbus,58236,1388,00:40:56/190-01:51:55,795) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,0,0,00:10:25/190-01:51:54,1040) [kworker/7:1H]
(root,0,0,00:00:00/05:16:02,1311) [kworker/4:1]
(root,167288,4196,00:08:18/190-01:51:46,1704) dnsadmin - dormant mode
(root,212652,23384,01:20:29/190-01:51:46,1706) tailwatchd
(root,183604,6556,00:04:04/190-01:51:46,1707) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,0,0,00:00:01/05:02:01,3516) [kworker/0:0]
(root,0,0,00:00:00/01:04:01,6759) [kworker/7:0]
(root,3108,40,00:00:03/11-06:16:49,6995) /usr/bin/RCdaemon
(root,132960,4548,00:00:00/57:02,7683) ConfigServer Version Check
(root,108052,356,00:00:00/57:02,7690) sleep 18852
(root,0,0,00:00:00/57:02,7793) [kworker/4:0]
(root,24208,616,00:00:00/92-19:58:59,9564) /usr/sbin/atd -f
(root,0,0,00:00:00/47:01,9844) [kworker/3:1]
(root,178608,29024,00:00:06/04:17:01,10279) lfd - sleeping
(root,0,0,00:00:05/4-00:57:02,10300) [kworker/1:2]
(root,0,0,00:00:00/42:02,10619) [kworker/0:1]
(dovenull,47988,5672,00:00:06/2-14:34:45,11396) dovecot/pop3-login
(dovenull,53480,10428,00:01:56/2-14:34:45,11402) dovecot/imap-login
(root,10404,1500,00:00:19/2-14:34:45,11412) dovecot/log
(dovenull,52864,10576,00:01:41/2-14:34:45,11425) dovecot/pop3-login
(dovenull,48800,6820,00:00:48/2-14:34:45,11426) dovecot/imap-login
(root,15776,3420,00:00:33/2-14:34:45,11427) dovecot/config
(dovecot,47924,3424,00:00:26/2-14:34:45,11428) dovecot/stats
(dovecot,72028,5548,00:01:07/2-14:34:45,11429) dovecot/auth
(dovecot,10664,1796,00:00:16/2-14:33:47,11644) dovecot/imap-hibernate
(nobody,3158924,20044,00:00:04/07:33:56,12741) /usr/sbin/httpd -k start
(root,0,0,00:00:00/27:02,12847) [kworker/6:1]
(root,0,0,00:00:00/03:57:02,13540) [kworker/6:0]
(root,0,0,00:00:00/17:01,14285) [kworker/1:0]
(root,0,0,00:00:00/15:34,14457) [kworker/7:1]
(root,0,0,00:00:00/10:20,15225) [kworker/u16:2]
(scliegyp,31868,3668,00:00:00/07:40,15603) dovecot/pop3
(root,0,0,00:00:00/03:22,16243) [kworker/7:2]
(root,70788,4208,00:00:00/03:13,16249) dovecot/auth -w
(root,0,0,00:00:00/03:37:01,16437) [kworker/2:1]
(root,111300,4244,00:00:00/00:52,16648) sshd: [accepted]
(sshd,111300,1716,00:00:00/00:51,16650) sshd: [net]
(scliegyp,38244,3916,00:00:00/00:17,16671) dovecot/imap
(scliegyp,38024,3704,00:00:00/00:09,16672) dovecot/imap
(root,60732,4444,00:00:00/00:06,16714) dovecot/lmtp
(root,0,0,00:00:00/00:05,16732) [dnsadmin - dorm] <defunct>
(cpanelphpmyadmin,290584,5680,00:00:00/00:05,16747) php-fpm: pool cpanelphpmyadmin
(root,0,0,00:00:00/00:05,16758) [cpsrvd (SSL) - ] <defunct>
(root,111300,4236,00:00:00/00:04,16759) sshd: [accepted]
(sshd,111300,1716,00:00:00/00:03,16832) sshd: [net]
(root,185136,2420,00:00:00/00:02,16833) /usr/sbin/CROND -n
(root,113280,1208,00:00:00/00:02,16835) /bin/sh -c    /opt/alt/python38/share/imunify360/scripts/report-command-error /opt/alt/python38/share/imunify360/scripts/update_components_versions.py > /dev/null 2>&1
(root,224128,16412,00:00:00/00:02,16837) /opt/alt/python38/bin/python3 /opt/alt/python38/share/imunify360/scripts/report-command-error /opt/alt/python38/share/imunify360/scripts/update_components_versions.py
(root,248504,21164,00:00:00/00:02,16849) /opt/alt/python38/bin/python3 /opt/alt/python38/share/imunify360/scripts/update_components_versions.py
(root,352764,30828,00:00:00/00:02,16851) /opt/alt/python38/bin/python3 /usr/bin/imunify360-agent list-docroots --json
(root,264100,24116,00:00:00/00:01,16861) /opt/alt/python38/bin/python3 -m defence360agent.run
(root,113500,1620,00:00:00/00:00,16998) /bin/bash /usr/bin/check_mk_agent
(root,228864,16836,00:00:03/2-00:19:56,17009) queueprocd - waiting up to 60s to process a task
(root,49820,1560,00:00:00/00:00,17017) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,948,00:00:00/00:00,17018) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,12732,1360,00:00:05/2-00:18:39,17984) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12740,1372,00:00:05/2-00:18:39,17985) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,233504,4108,00:00:00/2-00:18:39,17986) /usr/sbin/httpd -k start
(root,53088,11764,00:00:00/2-00:18:39,17987) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,3158924,24660,00:00:27/2-00:18:39,17988) /usr/sbin/httpd -k start
(nobody,3289996,24620,00:00:24/2-00:18:39,17989) /usr/sbin/httpd -k start
(nscd,1400016,2688,00:00:24/2-00:18:39,18143) /usr/sbin/nscd
(nobody,3617676,24648,00:00:25/2-00:18:38,18158) /usr/sbin/httpd -k start
(mysql,1509420,213104,00:04:18/2-00:18:23,18332) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(root,256852,28484,00:00:35/2-00:17:57,18466) cpsrvd (SSL) - waiting for connections                   
(root,290616,5464,00:00:07/2-00:17:56,18552) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(cpanelconnecttrack,9816,3264,00:12:10/2-00:17:56,18553) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,130156,2732,00:00:00/2-00:17:56,18565) cpanellogd - sleeping for logs
(root,223684,99388,00:00:43/2-00:16:28,19308) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,0,0,00:00:00/13:57:01,19630) [kworker/5:0]
(nobody,3158924,24636,00:00:27/2-00:15:02,19711) /usr/sbin/httpd -k start
(named,758920,95208,00:03:44/9-17:51:42,21481) /usr/sbin/named -u named -c /etc/named.conf
(root,237088,109372,00:00:01/03:01:25,21902) spamd child
(root,236336,109932,00:00:00/13:39:19,22611) spamd child
(chrony,97380,1704,00:00:03/9-17:50:14,22618) /usr/sbin/chronyd
(root,27380,1068,00:00:06/9-17:50:09,22646) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(wp-toolkit,372020,28888,00:00:12/9-17:50:01,22746) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,111300,4312,00:00:32/9-17:49:56,22813) /usr/sbin/sshd -D
(root,1981552,1331900,00:13:29/9-17:49:51,22836) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,366000,18936,00:00:12/9-17:49:33,22863) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,382236,37764,00:09:06/9-17:49:31,22880) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(mailnull,86936,13024,00:00:54/9-17:49:01,23010) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,51480,2556,00:02:56/9-17:48:58,23032) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1296,00:00:58/9-17:48:58,23038) dovecot/anvil
(polkitd,610668,7940,00:00:42/9-17:48:55,23061) /usr/lib/polkit-1/polkitd --no-debug
(root,0,0,00:00:00/02:47:02,24094) [kworker/5:2]
(root,108292,672,00:00:00/92-19:56:22,24969) /sbin/agetty --noclear tty1 linux
(root,124504,1372,00:01:53/92-19:55:47,25238) /usr/sbin/crond -n
(root,21540,996,00:25:02/92-19:55:40,25358) /usr/sbin/irqbalance --foreground
(root,25288,1876,00:04:30/44-17:52:43,25923) /usr/lib/systemd/systemd-logind
(root,740752,12332,00:10:51/44-17:52:35,25996) /usr/sbin/rsyslogd -n
(root,0,0,00:00:00/02:33:46,26041) [kworker/u16:0]
(root,42912,864,00:00:00/44-17:52:26,26125) /usr/sbin/lvmetad -f
(root,166728,98056,00:17:39/44-17:51:58,26284) /usr/lib/systemd/systemd-journald
(root,43528,968,00:00:00/44-17:51:47,26391) /usr/lib/systemd/systemd-udevd
(root,52900,2240,00:00:02/44-17:51:46,26407) /usr/sbin/smartd -n -q never
(root,0,0,00:00:03/2-02:37:02,27297) [kworker/2:0]
(root,0,0,00:00:00/13:04:01,28416) [kworker/3:0]
(root,233504,15212,00:05:21/37-18:34:24,28938) /usr/sbin/httpd -k start
(root,128508,872,00:00:00/62-04:19:45,30546) SCREEN
(root,114712,1564,00:00:00/62-04:19:45,30547) /bin/bash

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-10-19 02:17

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbaf2bceae37299a542230ffd8c0dcb101aaba7e7

Found public CheckMk agent:
Version: 1.5.0p12
AgentOS: linux
Hostname: server.scli-egypt.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,191704,3868,00:57:04/66-22:01:08,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 21
(root,0,0,00:00:01/66-22:01:08,2) [kthreadd]
(root,0,0,00:00:00/66-22:01:08,4) [kworker/0:0H]
(root,0,0,00:02:44/66-22:01:08,6) [ksoftirqd/0]
(root,0,0,00:00:00/66-22:01:08,7) [migration/0]
(root,0,0,00:00:00/66-22:01:08,8) [rcu_bh]
(root,0,0,00:47:20/66-22:01:08,9) [rcu_sched]
(root,0,0,00:00:00/66-22:01:08,10) [lru-add-drain]
(root,0,0,00:00:28/66-22:01:08,11) [watchdog/0]
(root,0,0,00:00:25/66-22:01:08,12) [watchdog/1]
(root,0,0,00:00:00/66-22:01:08,13) [migration/1]
(root,0,0,00:00:02/66-22:01:08,14) [ksoftirqd/1]
(root,0,0,00:00:00/66-22:01:08,16) [kworker/1:0H]
(root,0,0,00:00:25/66-22:01:08,17) [watchdog/2]
(root,0,0,00:00:00/66-22:01:08,18) [migration/2]
(root,0,0,00:00:02/66-22:01:08,19) [ksoftirqd/2]
(root,0,0,00:00:00/66-22:01:08,21) [kworker/2:0H]
(root,0,0,00:00:26/66-22:01:08,22) [watchdog/3]
(root,0,0,00:00:00/66-22:01:08,23) [migration/3]
(root,0,0,00:00:01/66-22:01:08,24) [ksoftirqd/3]
(root,0,0,00:00:00/66-22:01:08,26) [kworker/3:0H]
(root,0,0,00:00:24/66-22:01:08,27) [watchdog/4]
(root,0,0,00:00:12/66-22:01:08,28) [migration/4]
(root,0,0,00:00:03/66-22:01:08,29) [ksoftirqd/4]
(root,0,0,00:00:00/66-22:01:08,31) [kworker/4:0H]
(root,0,0,00:00:24/66-22:01:08,32) [watchdog/5]
(root,0,0,00:00:13/66-22:01:08,33) [migration/5]
(root,0,0,00:00:19/66-22:01:08,34) [ksoftirqd/5]
(root,0,0,00:00:00/66-22:01:08,36) [kworker/5:0H]
(root,0,0,00:00:23/66-22:01:08,37) [watchdog/6]
(root,0,0,00:00:10/66-22:01:08,38) [migration/6]
(root,0,0,00:00:06/66-22:01:08,39) [ksoftirqd/6]
(root,0,0,00:00:00/66-22:01:08,41) [kworker/6:0H]
(root,0,0,00:00:26/66-22:01:08,42) [watchdog/7]
(root,0,0,00:00:12/66-22:01:08,43) [migration/7]
(root,0,0,00:02:06/66-22:01:08,44) [ksoftirqd/7]
(root,0,0,00:00:00/66-22:01:08,46) [kworker/7:0H]
(root,0,0,00:00:00/66-22:01:08,48) [kdevtmpfs]
(root,0,0,00:00:00/66-22:01:08,49) [netns]
(root,0,0,00:00:04/66-22:01:08,50) [khungtaskd]
(root,0,0,00:00:00/66-22:01:08,51) [writeback]
(root,0,0,00:00:00/66-22:01:08,52) [kintegrityd]
(root,0,0,00:00:00/66-22:01:08,53) [bioset]
(root,0,0,00:00:00/66-22:01:08,54) [bioset]
(root,0,0,00:00:00/66-22:01:08,55) [bioset]
(root,0,0,00:00:00/66-22:01:08,56) [kblockd]
(root,0,0,00:00:00/66-22:01:08,57) [md]
(root,0,0,00:00:00/66-22:01:08,58) [edac-poller]
(root,0,0,00:00:00/66-22:01:08,59) [watchdogd]
(root,0,0,00:09:24/66-22:01:08,66) [kswapd0]
(root,0,0,00:00:00/66-22:01:08,67) [ksmd]
(root,0,0,00:00:16/66-22:01:08,68) [khugepaged]
(root,0,0,00:00:00/66-22:01:08,69) [crypto]
(root,0,0,00:00:00/66-22:01:08,77) [kthrotld]
(root,0,0,00:00:00/66-22:01:08,80) [kmpath_rdacd]
(root,0,0,00:00:00/66-22:01:08,81) [kaluad]
(root,0,0,00:00:00/66-22:01:08,82) [kpsmoused]
(root,0,0,00:00:00/66-22:01:08,84) [ipv6_addrconf]
(root,0,0,00:00:00/66-22:01:08,97) [deferwq]
(root,0,0,00:00:51/66-22:01:08,138) [kauditd]
(root,0,0,00:00:00/66-22:01:07,372) [ata_sff]
(root,0,0,00:00:00/66-22:01:07,404) [scsi_eh_0]
(root,0,0,00:00:00/66-22:01:07,405) [scsi_tmf_0]
(root,0,0,00:00:00/66-22:01:07,406) [scsi_eh_1]
(root,0,0,00:00:00/66-22:01:07,407) [scsi_tmf_1]
(root,0,0,00:00:00/66-22:01:07,408) [scsi_eh_2]
(root,0,0,00:00:00/66-22:01:07,409) [scsi_tmf_2]
(root,0,0,00:00:00/66-22:01:07,410) [scsi_eh_3]
(root,0,0,00:00:00/66-22:01:07,411) [scsi_tmf_3]
(root,0,0,00:00:00/66-22:01:07,412) [scsi_eh_4]
(root,0,0,00:00:00/66-22:01:07,413) [scsi_tmf_4]
(root,0,0,00:00:00/66-22:01:07,414) [scsi_eh_5]
(root,0,0,00:00:00/66-22:01:07,415) [scsi_tmf_5]
(root,0,0,00:00:00/66-22:01:05,488) [kdmflush]
(root,0,0,00:00:00/66-22:01:05,489) [bioset]
(root,0,0,00:00:02/66-22:01:05,506) [kworker/0:1H]
(root,0,0,00:12:28/66-22:01:05,513) [jbd2/dm-0-8]
(root,0,0,00:00:00/66-22:01:05,514) [ext4-rsv-conver]
(root,125436,62640,00:23:27/66-22:01:03,593) /usr/lib/systemd/systemd-journald
(root,45468,972,00:00:00/66-22:01:02,616) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/66-22:01:02,628) [kworker/3:1H]
(root,198572,892,00:00:00/66-22:01:02,630) /usr/sbin/lvmetad -f
(root,0,0,00:00:00/66-22:01:02,674) [irq/125-mei_me]
(root,0,0,00:00:00/66-22:01:02,678) [kworker/6:1H]
(root,0,0,00:00:00/66-22:01:02,680) [kworker/5:1H]
(root,0,0,00:00:01/66-22:01:02,682) [kworker/1:1H]
(root,0,0,00:00:00/66-22:01:02,687) [kvm-irqfd-clean]
(root,0,0,00:00:00/66-22:01:01,704) [kworker/2:1H]
(root,0,0,00:00:42/66-22:01:00,713) [jbd2/sda3-8]
(root,0,0,00:00:00/66-22:01:00,714) [ext4-rsv-conver]
(root,0,0,00:00:00/66-22:01:00,716) [jbd2/sda2-8]
(root,0,0,00:00:00/66-22:01:00,717) [ext4-rsv-conver]
(root,0,0,00:00:41/66-22:01:00,722) [jbd2/sdb-8]
(root,0,0,00:00:00/66-22:01:00,723) [ext4-rsv-conver]
(root,0,0,00:00:00/66-22:00:59,742) [kworker/4:1H]
(root,55532,716,00:01:53/66-22:00:58,747) /sbin/auditd
(root,21540,1056,00:14:40/66-22:00:58,776) /usr/sbin/irqbalance --foreground
(root,52900,1924,00:00:04/66-22:00:57,780) /usr/sbin/smartd -n -q never
(root,24832,1868,00:07:01/66-22:00:57,781) /usr/lib/systemd/systemd-logind
(dbus,58136,1988,00:14:12/66-22:00:57,795) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(nscd,1670372,2748,00:14:13/51-13:17:00,956) /usr/sbin/nscd
(chrony,97380,1376,00:00:25/66-22:00:57,974) /usr/sbin/chronyd
(root,124512,1372,00:01:11/66-22:00:57,1020) /usr/sbin/crond -n
(root,108296,632,00:00:00/66-22:00:57,1023) /sbin/agetty --noclear tty1 linux
(root,24208,748,00:00:00/66-22:00:57,1024) /usr/sbin/atd -f
(root,0,0,00:05:04/66-22:00:56,1040) [kworker/7:1H]
(root,130160,2320,00:00:18/51-13:16:57,1054) cpanellogd - sleeping for logs
(root,795840,37920,00:14:34/66-22:00:50,1185) /usr/sbin/rsyslogd -n
(root,2298928,1588000,1-16:34:40/66-22:00:50,1188) /usr/local/cpanel/3rdparty/bin/clamd -F
(root,167292,4204,00:02:56/66-22:00:48,1704) dnsadmin - dormant mode
(root,213308,18988,00:31:11/66-22:00:48,1706) tailwatchd
(root,183608,6552,00:01:17/66-22:00:48,1707) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,0,0,00:00:02/2-02:26:04,1723) [kworker/6:0]
(root,27380,836,00:00:44/66-17:44:14,2047) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,0,0,00:00:01/1-13:36:30,2221) [kworker/3:2]
(root,3108,36,00:00:18/51-13:05:35,4962) /usr/bin/RCdaemon
(root,0,0,00:00:00/01:54:19,6441) [kworker/u16:2]
(root,290604,4944,00:00:30/8-20:23:43,8067) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,379688,9532,00:00:09/8-20:23:43,8091) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,395924,29444,00:07:03/8-20:23:40,8188) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,385708,19356,00:00:09/8-20:23:40,8195) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,0,0,00:00:00/14:06:04,9231) [kworker/2:2]
(root,236296,110784,00:00:17/06:51:50,9302) spamd child
(root,111284,3408,00:01:00/59-00:37:45,11505) /usr/sbin/sshd -D
(root,12732,1364,00:00:00/1-10:43:47,11855) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --suffix=-bytes_log
(root,12736,1368,00:00:00/1-10:43:47,11856) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.scli-egypt.com --mainout=/etc/apache2/logs/access_log
(nobody,235324,4144,00:00:00/1-10:43:47,11857) /usr/sbin/httpd -k start
(root,53084,11844,00:00:00/1-10:43:47,11858) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,2308776,23044,00:00:09/1-10:43:47,11859) /usr/sbin/httpd -k start
(nobody,3095208,25492,00:00:10/1-10:43:47,11860) /usr/sbin/httpd -k start
(nobody,2898600,25260,00:00:09/1-10:43:47,11861) /usr/sbin/httpd -k start
(dovenull,50252,8196,00:00:23/1-10:43:47,11862) dovecot/pop3-login
(dovenull,50252,7688,00:00:14/1-10:43:47,11863) dovecot/imap-login
(root,10404,1500,00:00:03/1-10:43:47,11864) dovecot/log
(dovenull,47768,5672,00:00:01/1-10:43:47,11865) dovecot/pop3-login
(dovenull,49428,7148,00:00:16/1-10:43:47,11866) dovecot/imap-login
(root,15796,3328,00:00:07/1-10:43:47,12023) dovecot/config
(dovecot,48060,3700,00:00:05/1-10:43:47,12024) dovecot/stats
(nobody,2767528,24484,00:00:09/1-10:43:46,12029) /usr/sbin/httpd -k start
(dovecot,10540,1644,00:00:03/1-10:43:06,12356) dovecot/imap-hibernate
(root,0,0,00:00:00/01:25:53,12532) [kworker/0:0]
(root,232552,106608,00:00:00/06:36:30,12590) spamd child
(root,0,0,00:00:00/03:51:03,14621) [kworker/4:1]
(root,0,0,00:00:00/13:36:03,15166) [kworker/4:0]
(root,0,0,00:00:00/58:04,17852) [kworker/2:0]
(root,0,0,00:00:00/46:04,20286) [kworker/5:0]
(root,0,0,00:00:00/36:29,22050) [kworker/5:2]
(root,0,0,00:00:00/34:40,22785) [kworker/7:0]
(root,224124,99884,00:00:29/1-21:57:05,23745) /usr/local/cpanel/3rdparty/perl/532/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(mailnull,86676,9836,00:00:03/1-21:57:03,23807) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,256216,28392,00:01:28/4-12:06:58,24031) cpsrvd (SSL) - waiting for connections                   
(cpanelconnecttrack,9912,3308,00:19:27/4-12:06:57,24070) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,51488,2548,00:00:57/4-12:06:50,24131) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovecot,10272,1296,00:00:17/4-12:06:50,24142) dovecot/anvil
(root,0,0,00:00:00/26:03,24718) [kworker/3:0]
(root,178584,29004,00:00:01/26:03,24760) lfd - sleeping
(root,235324,15392,00:00:07/1-12:02:04,25777) /usr/sbin/httpd -k start
(root,0,0,00:00:00/19:19,26210) [kworker/u16:0]
(dovecot,71008,4524,00:00:01/02:55:30,26317) dovecot/auth
(root,0,0,00:00:00/17:04,26656) [kworker/7:2]
(root,0,0,00:00:00/02:43:04,28811) [kworker/1:1]
(root,0,0,00:00:00/06:04,28903) [kworker/1:2]
(root,0,0,00:00:00/06:03,28919) [kworker/6:1]
(scliegyp,29052,2588,00:00:00/04:35,29127) dovecot/quota-status -p postfix
(root,0,0,00:00:00/02:04,29610) [kworker/2:1]
(root,70756,4232,00:00:00/00:48,29981) dovecot/auth -w
(root,0,0,00:00:00/00:15,30088) [cpsrvd (SSL) - ] <defunct>
(scliegyp,38116,3696,00:00:00/00:14,30090) dovecot/imap
(root,0,0,00:00:00/02:36:04,30213) [kworker/0:1]
(root,113504,1628,00:00:00/00:00,30239) /bin/bash /usr/bin/check_mk_agent
(root,49820,1560,00:00:00/00:00,30257) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,944,00:00:00/00:00,30258) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(named,757616,118184,00:00:17/1-13:45:10,31475) /usr/sbin/named -u named -c /etc/named.conf
(mysql,1706568,271032,00:05:16/1-21:16:16,32071) /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
(polkitd,610644,2892,00:04:53/66-18:02:55,32259) /usr/lib/polkit-1/polkitd --no-debug
(root,228972,9068,00:08:27/51-13:17:18,32474) queueprocd - waiting up to 60s to process a task

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:96:43:f2 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-06-17 22:26

Create report

Open service 138.201.128.114:443 · www.scli-egypt.com

2024-11-28 21:25

HTTP/1.1 200 OK
Date: Thu, 28 Nov 2024 21:25:35 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 2583c463a75690ccbbf0cdfa8f4a8922=pf86hosbdtqft8gcbckv6b7mt1; path=/; HttpOnly
Upgrade: h2,h2c
Connection: Upgrade, close
Last-Modified: Thu, 28 Nov 2024 21:25:35 GMT
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

Found 2024-11-28 by HttpPlugin

Create report

Open service 138.201.128.114:80 · www.scli-egypt.com

2024-11-28 21:25

HTTP/1.1 200 OK
Date: Thu, 28 Nov 2024 21:25:35 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 2583c463a75690ccbbf0cdfa8f4a8922=m70j2h5b004ku6lc5esfn1tr22; path=/; HttpOnly
Upgrade: h2,h2c
Connection: Upgrade, close
Last-Modified: Thu, 28 Nov 2024 21:25:35 GMT
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

Found 2024-11-28 by HttpPlugin

Create report

Open service 138.201.128.114:80 · scli-egypt.com

2024-11-27 00:43

HTTP/1.1 200 OK
Date: Wed, 27 Nov 2024 00:43:19 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 2583c463a75690ccbbf0cdfa8f4a8922=ptjki29ep1e64d5r0s93m2aup3; path=/; HttpOnly
Upgrade: h2,h2c
Connection: Upgrade, close
Last-Modified: Wed, 27 Nov 2024 00:43:20 GMT
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

Found 2024-11-27 by HttpPlugin

Create report

Open service 138.201.128.114:443 · scli-egypt.com

2024-11-27 00:43

HTTP/1.1 200 OK
Date: Wed, 27 Nov 2024 00:43:18 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 2583c463a75690ccbbf0cdfa8f4a8922=jdcqdspr2gcafm6ev99egj6fm3; path=/; HttpOnly
Upgrade: h2,h2c
Connection: Upgrade, close
Last-Modified: Wed, 27 Nov 2024 00:43:19 GMT
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

Found 2024-11-27 by HttpPlugin

Create report

Open service 138.201.128.114:443

2024-11-20 17:49

HTTP/1.1 302 Moved Temporarily
Date: Wed, 20 Nov 2024 17:49:22 GMT
Server: Apache
Set-Cookie: ci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%220658902889da5604c36fcda502001fbf%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%2264.226.78.121%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Linux%3B+Android+6.0%3B+HTC+One+M9+Build%2F%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221732124962%22%3B%7D3500d4d65c8c6373193be26b477672eb; expires=Wed, 20-Nov-2024 19:49:22 GMT; Max-Age=7200; path=/
Set-Cookie: ci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%220658902889da5604c36fcda502001fbf%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%2264.226.78.121%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Linux%3B+Android+6.0%3B+HTC+One+M9+Build%2F%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221732124962%22%3B%7D3500d4d65c8c6373193be26b477672eb; expires=Wed, 20-Nov-2024 19:49:22 GMT; Max-Age=7200; path=/
Upgrade: h2,h2c
Connection: Upgrade, close
Location: http://scli-egypt.com/admindemo/www/login
Transfer-Encoding: chunked
Content-Type: text/html

Found 2024-11-20 by HttpPlugin

Create report

Open service 138.201.128.114:443 · scli-egypt.com

2024-11-20 15:44

HTTP/1.1 200 OK
Date: Wed, 20 Nov 2024 15:44:23 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 2583c463a75690ccbbf0cdfa8f4a8922=urhc0a9ikp91u0daj0emmhrvt5; path=/; HttpOnly
Upgrade: h2,h2c
Connection: Upgrade, close
Last-Modified: Wed, 20 Nov 2024 15:44:23 GMT
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

Found 2024-11-20 by HttpPlugin

Create report

Open service 138.201.128.114:80 · scli-egypt.com

2024-11-20 15:44

HTTP/1.1 200 OK
Date: Wed, 20 Nov 2024 15:44:10 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 2583c463a75690ccbbf0cdfa8f4a8922=e00d8naaq6scq2k5j9osd1toq7; path=/; HttpOnly
Upgrade: h2,h2c
Connection: Upgrade, close
Last-Modified: Wed, 20 Nov 2024 15:44:10 GMT
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

Found 2024-11-20 by HttpPlugin

Create report

*.scli-egypt.com

Fingerprint:

bff5aeadae023323c43094c6bf12adbbb1388a62143e9a4ffd226e6f21e12645

CN:

*.scli-egypt.com

Key:

RSA-2048

Issuer:

R11

Not before:

2024-11-28 11:43

Not after:

2025-02-26 11:43

*.scli-egypt.com

Fingerprint:

a200cae240d204d48f4cd46f90609d4ff329034a07934a43a5b854b45d981efa

CN:

*.scli-egypt.com

Key:

RSA-2048

Issuer:

R11

Not before:

2024-11-26 23:43

Not after:

2025-02-24 23:43

gate.scli-egypt.comwww.gate.scli-egypt.com

Fingerprint:

570ead3efb5662b5f150b0df972d49e4a768bb0c6dcfce8ae3e70a1f2da4cc22

CN:

www.gate.scli-egypt.com

Key:

RSA-2048

Issuer:

Not before:

2023-12-17 05:42

Not after:

2024-03-16 05:42

scli-egypt.comwww.scli-egypt.com

Fingerprint:

9390b1adcca6a163222c063baecff0487fbf7ce2081ce5aac989f2d00c5677c9

CN:

scli-egypt.com

Key:

RSA-2048

Issuer:

Sectigo RSA Domain Validation Secure Server CA

Not before:

2023-11-30 00:00

Not after:

2024-11-29 23:59

Domain summary

www.scli-egypt.com 1 scli-egypt.com 3

2 recorded