Host 141.9.169.62
Germany
Verein zur Foerderung eines Deutschen Forschungsnetzes e.V.
-
CheckMK monitoring endpoint publicly available
An open CheckMK agent is publicly available.
This could leak sensitive information such as :
- Process list ( maybe credentials )
- Network interfaces
- Running services
- Firewall rules
- Internal OS configuration
https://docs.checkmk.com/latest/en/wato_monitoringagents.html
First seen 2024-09-11 05:31
Last seen 2024-12-22 00:58
Open for 101 days-
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683636727b8a7Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12584,00:01:36/39-14:35:59,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-14:35:59,2) [kthreadd] (root,0,0,00:00:00/39-14:35:59,3) [rcu_gp] (root,0,0,00:00:00/39-14:35:59,4) [rcu_par_gp] (root,0,0,00:00:00/39-14:35:59,5) [slub_flushwq] (root,0,0,00:00:00/39-14:35:59,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-14:35:59,9) [mm_percpu_wq] (root,0,0,00:00:00/39-14:35:59,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-14:35:59,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-14:35:59,12) [rcu_tasks_trace] (root,0,0,00:01:15/39-14:35:59,13) [ksoftirqd/0] (root,0,0,01:45:18/39-14:35:59,14) [rcu_preempt] (root,0,0,00:00:15/39-14:35:59,15) [migration/0] (root,0,0,00:00:00/39-14:35:59,16) [idle_inject/0] (root,0,0,00:00:00/39-14:35:59,18) [cpuhp/0] (root,0,0,00:00:00/39-14:35:59,19) [cpuhp/1] (root,0,0,00:00:00/39-14:35:59,20) [idle_inject/1] (root,0,0,00:00:15/39-14:35:59,21) [migration/1] (root,0,0,00:01:05/39-14:35:59,22) [ksoftirqd/1] (root,0,0,00:00:00/39-14:35:59,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-14:35:59,25) [cpuhp/2] (root,0,0,00:00:00/39-14:35:59,26) [idle_inject/2] (root,0,0,00:00:12/39-14:35:59,27) [migration/2] (root,0,0,01:14:06/39-14:35:59,28) [ksoftirqd/2] (root,0,0,00:00:00/39-14:35:59,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-14:35:59,31) [cpuhp/3] (root,0,0,00:00:00/39-14:35:59,32) [idle_inject/3] (root,0,0,00:00:14/39-14:35:59,33) [migration/3] (root,0,0,00:03:31/39-14:35:59,34) [ksoftirqd/3] (root,0,0,00:00:00/39-14:35:59,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-14:35:59,39) [kdevtmpfs] (root,0,0,00:00:00/39-14:35:59,40) [netns] (root,0,0,00:00:00/39-14:35:59,41) [inet_frag_wq] (root,0,0,00:00:09/39-14:35:59,42) [kauditd] (root,0,0,00:00:00/39-14:35:59,43) [khungtaskd] (root,0,0,00:00:00/39-14:35:59,44) [oom_reaper] (root,0,0,00:00:00/39-14:35:59,45) [writeback] (root,0,0,00:01:56/39-14:35:59,46) [kcompactd0] (root,0,0,00:00:00/39-14:35:59,47) [ksmd] (root,0,0,00:01:57/39-14:35:59,48) [khugepaged] (root,0,0,00:00:00/39-14:35:59,74) [kintegrityd] (root,0,0,00:00:00/39-14:35:59,75) [kblockd] (root,0,0,00:00:00/39-14:35:59,76) [blkcg_punt_bio] (root,0,0,00:00:00/39-14:35:59,78) [tpm_dev_wq] (root,0,0,00:00:00/39-14:35:59,79) [edac-poller] (root,0,0,00:00:00/39-14:35:59,80) [devfreq_wq] (root,0,0,00:00:00/39-14:35:59,110) [watchdogd] (root,0,0,00:00:08/39-14:35:59,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/39-14:35:59,112) [kswapd0] (root,0,0,00:00:00/39-14:35:58,114) [kthrotld] (root,0,0,00:00:00/39-14:35:58,115) [mld] (root,0,0,00:00:00/39-14:35:58,116) [ipv6_addrconf] (root,0,0,00:00:17/39-14:35:58,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/39-14:35:58,122) [kstrp] (root,0,0,00:00:00/39-14:35:58,123) [zswap-shrink] (root,0,0,00:00:00/39-14:35:58,124) [kworker/u9:0] (root,0,0,00:00:00/39-14:35:58,129) [charger_manager] (root,0,0,00:00:08/39-14:35:57,172) [kworker/3:1H-kblockd] (root,0,0,00:00:09/39-14:35:57,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-14:35:57,205) [kaluad] (root,0,0,00:00:00/39-14:35:57,250) [kmpath_rdacd] (root,0,0,00:00:00/39-14:35:57,293) [kmpathd] (root,0,0,00:00:00/39-14:35:57,294) [kmpath_handlerd] (root,0,0,00:00:00/39-14:35:57,342) [ata_sff] (root,0,0,00:00:00/39-14:35:56,343) [scsi_eh_0] (root,0,0,00:00:00/39-14:35:56,344) [scsi_tmf_0] (root,0,0,00:00:00/39-14:35:56,345) [scsi_eh_1] (root,0,0,00:00:00/39-14:35:56,346) [scsi_tmf_1] (root,0,0,00:01:05/39-14:35:54,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-14:35:54,367) [ext4-rsv-conver] (root,38604,7788,00:00:54/39-14:35:42,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/39-14:35:41,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:59/39-14:35:39,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:19/39-14:35:05,512) /sbin/auditd (messagebus,22936,5548,00:01:45/39-14:35:05,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:01:01/39-14:35:05,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/39-14:35:05,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/39-14:35:04,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/39-14:35:04,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:44/39-14:34:50,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/39-14:34:50,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:45/39-14:34:49,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/39-14:34:49,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/39-14:34:49,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/39-14:34:49,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/39-14:34:49,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:50/39-14:34:49,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:23/39-14:34:49,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/39-14:34:49,1206) bpfilter_umh (root,26204,8212,00:00:16/39-14:34:49,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/39-14:34:49,1215) ntpd: asynchronous dns resolver (spot,299248,183036,2-02:58:37/39-14:34:49,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/39-14:34:48,1228) (sd-pam) (checkmk,48532,3192,00:00:00/39-14:34:48,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/39-14:34:48,1245) (sd-pam) (root,24216,5344,00:00:13/39-14:34:47,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/39-14:34:47,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/39-14:34:46,1354) /usr/sbin/cron -n (root,698484,82656,00:51:44/39-14:34:40,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,66924,00:17:03/39-14:34:26,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/01:58:48,2674) [kworker/0:2-events] (root,0,0,00:00:00/39:29,5528) [kworker/1:2-events] (root,0,0,00:00:00/05:16,7221) [kworker/3:0-events] (root,0,0,00:00:00/01:33:04,9266) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/01:17,10883) [kworker/0:1] (root,0,0,00:00:00/24:17,12385) [kworker/0:0-cgroup_destroy] (postfix,24244,8292,00:00:00/03:18,13685) pickup -l -t fifo -u (root,0,0,00:00:00/02:06:50,15256) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/33-12:25:42,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:51/33-12:25:41,15391) sshd: cm-ssh (root,0,0,00:00:00/03:10,15706) [kworker/1:1-ata_sff] (root,35308,10072,00:00:00/23-13:54:20,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:22/23-13:54:19,16977) sshd: syslogtunnel (root,0,0,00:00:00/44:18,19043) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/11:40,24965) [kworker/2:0-events] (root,6656,3488,00:00:00/00:00,25810) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,25851) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,25852) /bin/bash /usr/bin/check_mk_agent (root,4480,1156,00:00:00/00:00,25853) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,772,00:00:00/00:00,25854) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2676,1304,00:00:00/00:00,25855) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3488,00:00:00/00:00,25856) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,25880) /bin/bash /usr/bin/check_mk_agent (root,6656,1828,00:00:00/00:00,25911) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,25912) /bin/bash /usr/bin/check_mk_agent (root,4480,1156,00:00:00/00:00,25913) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,860,00:00:00/00:00,25917) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,736,00:00:00/00:00,25919) cat /proc/net/tcp /proc/net/tcp6 (root,13744,3508,00:00:00/00:00,25920) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,25921) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/20:11,29419) [kworker/2:2-cgroup_destroy] (postfix,44628,9272,00:00:01/33-19:11:27,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/08:23,31013) [kworker/1:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-22 00:58 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a427d24dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:26/37-14:09:48,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-14:09:48,2) [kthreadd] (root,0,0,00:00:00/37-14:09:48,3) [rcu_gp] (root,0,0,00:00:00/37-14:09:48,4) [rcu_par_gp] (root,0,0,00:00:00/37-14:09:48,5) [slub_flushwq] (root,0,0,00:00:00/37-14:09:48,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-14:09:48,9) [mm_percpu_wq] (root,0,0,00:00:00/37-14:09:48,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-14:09:48,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-14:09:48,12) [rcu_tasks_trace] (root,0,0,00:01:09/37-14:09:48,13) [ksoftirqd/0] (root,0,0,01:39:43/37-14:09:48,14) [rcu_preempt] (root,0,0,00:00:14/37-14:09:48,15) [migration/0] (root,0,0,00:00:00/37-14:09:48,16) [idle_inject/0] (root,0,0,00:00:00/37-14:09:48,18) [cpuhp/0] (root,0,0,00:00:00/37-14:09:48,19) [cpuhp/1] (root,0,0,00:00:00/37-14:09:48,20) [idle_inject/1] (root,0,0,00:00:14/37-14:09:48,21) [migration/1] (root,0,0,00:01:00/37-14:09:48,22) [ksoftirqd/1] (root,0,0,00:00:00/37-14:09:48,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-14:09:48,25) [cpuhp/2] (root,0,0,00:00:00/37-14:09:48,26) [idle_inject/2] (root,0,0,00:00:11/37-14:09:48,27) [migration/2] (root,0,0,01:10:41/37-14:09:48,28) [ksoftirqd/2] (root,0,0,00:00:00/37-14:09:48,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-14:09:48,31) [cpuhp/3] (root,0,0,00:00:00/37-14:09:48,32) [idle_inject/3] (root,0,0,00:00:14/37-14:09:48,33) [migration/3] (root,0,0,00:03:20/37-14:09:48,34) [ksoftirqd/3] (root,0,0,00:00:00/37-14:09:48,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-14:09:48,39) [kdevtmpfs] (root,0,0,00:00:00/37-14:09:48,40) [netns] (root,0,0,00:00:00/37-14:09:48,41) [inet_frag_wq] (root,0,0,00:00:08/37-14:09:48,42) [kauditd] (root,0,0,00:00:00/37-14:09:48,43) [khungtaskd] (root,0,0,00:00:00/37-14:09:48,44) [oom_reaper] (root,0,0,00:00:00/37-14:09:48,45) [writeback] (root,0,0,00:01:50/37-14:09:48,46) [kcompactd0] (root,0,0,00:00:00/37-14:09:48,47) [ksmd] (root,0,0,00:01:50/37-14:09:48,48) [khugepaged] (root,0,0,00:00:00/37-14:09:48,74) [kintegrityd] (root,0,0,00:00:00/37-14:09:48,75) [kblockd] (root,0,0,00:00:00/37-14:09:48,76) [blkcg_punt_bio] (root,0,0,00:00:00/37-14:09:48,78) [tpm_dev_wq] (root,0,0,00:00:00/37-14:09:48,79) [edac-poller] (root,0,0,00:00:00/37-14:09:48,80) [devfreq_wq] (root,0,0,00:00:00/37-14:09:48,110) [watchdogd] (root,0,0,00:00:07/37-14:09:48,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/37-14:09:48,112) [kswapd0] (root,0,0,00:00:00/37-14:09:47,114) [kthrotld] (root,0,0,00:00:00/37-14:09:47,115) [mld] (root,0,0,00:00:00/37-14:09:47,116) [ipv6_addrconf] (root,0,0,00:00:16/37-14:09:47,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/37-14:09:47,122) [kstrp] (root,0,0,00:00:00/37-14:09:47,123) [zswap-shrink] (root,0,0,00:00:00/37-14:09:47,124) [kworker/u9:0] (root,0,0,00:00:00/37-14:09:47,129) [charger_manager] (root,0,0,00:00:08/37-14:09:46,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/37-14:09:46,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-14:09:46,205) [kaluad] (root,0,0,00:00:00/37-14:09:46,250) [kmpath_rdacd] (root,0,0,00:00:00/37-14:09:46,293) [kmpathd] (root,0,0,00:00:00/37-14:09:46,294) [kmpath_handlerd] (root,0,0,00:00:00/37-14:09:46,342) [ata_sff] (root,0,0,00:00:00/37-14:09:45,343) [scsi_eh_0] (root,0,0,00:00:00/37-14:09:45,344) [scsi_tmf_0] (root,0,0,00:00:00/37-14:09:45,345) [scsi_eh_1] (root,0,0,00:00:00/37-14:09:45,346) [scsi_tmf_1] (root,0,0,00:01:01/37-14:09:43,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-14:09:43,367) [ext4-rsv-conver] (root,38604,7788,00:00:48/37-14:09:31,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/37-14:09:30,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:56/37-14:09:28,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:17/37-14:08:54,512) /sbin/auditd (messagebus,22936,5548,00:01:32/37-14:08:54,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:54/37-14:08:54,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/37-14:08:54,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/37-14:08:53,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/37-14:08:53,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:42/37-14:08:39,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/37-14:08:39,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:32/37-14:08:38,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/37-14:08:38,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/37-14:08:38,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/37-14:08:38,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/37-14:08:38,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:46/37-14:08:38,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:06/37-14:08:38,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/37-14:08:38,1206) bpfilter_umh (root,26204,8212,00:00:14/37-14:08:38,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/37-14:08:38,1215) ntpd: asynchronous dns resolver (spot,296416,182148,1-23:14:17/37-14:08:38,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/37-14:08:37,1228) (sd-pam) (checkmk,48532,3192,00:00:00/37-14:08:37,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/37-14:08:37,1245) (sd-pam) (root,24216,5344,00:00:12/37-14:08:36,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/37-14:08:36,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/37-14:08:35,1354) /usr/sbin/cron -n (root,698484,82412,00:49:06/37-14:08:29,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66044,00:16:08/37-14:08:15,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/09:24,2838) [kworker/3:1-events] (root,0,0,00:00:00/08:49,4583) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/08:27,6208) [kworker/1:2-ata_sff] (root,0,0,00:00:00/07:18,10180) [kworker/2:2-events] (root,35308,10012,00:00:00/31-11:59:31,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:44/31-11:59:30,15391) sshd: cm-ssh (root,0,0,00:00:00/16:30,16397) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10072,00:00:00/21-13:28:09,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:14/21-13:28:08,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:51:50,17446) [kworker/0:2-events] (root,0,0,00:00:00/15:31,18386) [kworker/3:2-events] (root,0,0,00:00:00/01:00:20,21022) [kworker/1:1-events] (root,0,0,00:00:00/03:15,21821) [kworker/1:0-ata_sff] (root,0,0,00:00:00/25:44,26953) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/01:29,27235) [kworker/u8:2-flush-253:0] (postfix,44628,9272,00:00:01/31-18:45:16,30472) tlsmgr -l -t unix -u (root,6656,3484,00:00:00/00:00,31679) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,31697) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,31698) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:02/01:55:50,32596) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-20 00:32 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836301855fabFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:22/35-15:17:45,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/35-15:17:45,2) [kthreadd] (root,0,0,00:00:00/35-15:17:45,3) [rcu_gp] (root,0,0,00:00:00/35-15:17:45,4) [rcu_par_gp] (root,0,0,00:00:00/35-15:17:45,5) [slub_flushwq] (root,0,0,00:00:00/35-15:17:45,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-15:17:45,9) [mm_percpu_wq] (root,0,0,00:00:00/35-15:17:45,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-15:17:45,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-15:17:45,12) [rcu_tasks_trace] (root,0,0,00:01:05/35-15:17:45,13) [ksoftirqd/0] (root,0,0,01:34:30/35-15:17:45,14) [rcu_preempt] (root,0,0,00:00:13/35-15:17:45,15) [migration/0] (root,0,0,00:00:00/35-15:17:45,16) [idle_inject/0] (root,0,0,00:00:00/35-15:17:45,18) [cpuhp/0] (root,0,0,00:00:00/35-15:17:45,19) [cpuhp/1] (root,0,0,00:00:00/35-15:17:45,20) [idle_inject/1] (root,0,0,00:00:14/35-15:17:45,21) [migration/1] (root,0,0,00:00:57/35-15:17:45,22) [ksoftirqd/1] (root,0,0,00:00:00/35-15:17:45,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-15:17:45,25) [cpuhp/2] (root,0,0,00:00:00/35-15:17:45,26) [idle_inject/2] (root,0,0,00:00:11/35-15:17:45,27) [migration/2] (root,0,0,01:07:42/35-15:17:45,28) [ksoftirqd/2] (root,0,0,00:00:00/35-15:17:45,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-15:17:45,31) [cpuhp/3] (root,0,0,00:00:00/35-15:17:45,32) [idle_inject/3] (root,0,0,00:00:13/35-15:17:45,33) [migration/3] (root,0,0,00:03:11/35-15:17:45,34) [ksoftirqd/3] (root,0,0,00:00:00/35-15:17:45,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-15:17:45,39) [kdevtmpfs] (root,0,0,00:00:00/35-15:17:45,40) [netns] (root,0,0,00:00:00/35-15:17:45,41) [inet_frag_wq] (root,0,0,00:00:07/35-15:17:45,42) [kauditd] (root,0,0,00:00:00/35-15:17:45,43) [khungtaskd] (root,0,0,00:00:00/35-15:17:45,44) [oom_reaper] (root,0,0,00:00:00/35-15:17:45,45) [writeback] (root,0,0,00:01:45/35-15:17:45,46) [kcompactd0] (root,0,0,00:00:00/35-15:17:45,47) [ksmd] (root,0,0,00:01:43/35-15:17:45,48) [khugepaged] (root,0,0,00:00:00/35-15:17:45,74) [kintegrityd] (root,0,0,00:00:00/35-15:17:45,75) [kblockd] (root,0,0,00:00:00/35-15:17:45,76) [blkcg_punt_bio] (root,0,0,00:00:00/35-15:17:45,78) [tpm_dev_wq] (root,0,0,00:00:00/35-15:17:45,79) [edac-poller] (root,0,0,00:00:00/35-15:17:45,80) [devfreq_wq] (root,0,0,00:00:00/35-15:17:45,110) [watchdogd] (root,0,0,00:00:07/35-15:17:45,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/35-15:17:45,112) [kswapd0] (root,0,0,00:00:00/35-15:17:44,114) [kthrotld] (root,0,0,00:00:00/35-15:17:44,115) [mld] (root,0,0,00:00:00/35-15:17:44,116) [ipv6_addrconf] (root,0,0,00:00:15/35-15:17:44,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/35-15:17:44,122) [kstrp] (root,0,0,00:00:00/35-15:17:44,123) [zswap-shrink] (root,0,0,00:00:00/35-15:17:44,124) [kworker/u9:0] (root,0,0,00:00:00/35-15:17:44,129) [charger_manager] (root,0,0,00:00:07/35-15:17:43,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/35-15:17:43,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-15:17:43,205) [kaluad] (root,0,0,00:00:00/35-15:17:43,250) [kmpath_rdacd] (root,0,0,00:00:00/35-15:17:43,293) [kmpathd] (root,0,0,00:00:00/35-15:17:43,294) [kmpath_handlerd] (root,0,0,00:00:00/35-15:17:43,342) [ata_sff] (root,0,0,00:00:00/35-15:17:42,343) [scsi_eh_0] (root,0,0,00:00:00/35-15:17:42,344) [scsi_tmf_0] (root,0,0,00:00:00/35-15:17:42,345) [scsi_eh_1] (root,0,0,00:00:00/35-15:17:42,346) [scsi_tmf_1] (root,0,0,00:00:58/35-15:17:40,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-15:17:40,367) [ext4-rsv-conver] (root,38604,7788,00:00:46/35-15:17:28,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/35-15:17:27,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:53/35-15:17:25,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/35-15:16:51,512) /sbin/auditd (messagebus,22936,5548,00:01:28/35-15:16:51,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:51/35-15:16:51,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/35-15:16:51,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/35-15:16:50,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/35-15:16:50,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32960,00:00:40/35-15:16:36,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/35-15:16:36,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:21/35-15:16:35,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/35-15:16:35,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/35-15:16:35,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/35-15:16:35,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/35-15:16:35,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:44/35-15:16:35,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:50/35-15:16:35,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/35-15:16:35,1206) bpfilter_umh (root,26204,8212,00:00:13/35-15:16:35,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/35-15:16:35,1215) ntpd: asynchronous dns resolver (spot,293944,180120,1-20:13:12/35-15:16:35,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/35-15:16:34,1228) (sd-pam) (checkmk,48532,3192,00:00:00/35-15:16:34,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/35-15:16:34,1245) (sd-pam) (root,24216,5344,00:00:11/35-15:16:33,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/35-15:16:33,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/35-15:16:32,1354) /usr/sbin/cron -n (root,698228,81996,00:46:34/35-15:16:26,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,223680,64164,00:15:16/35-15:16:12,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/03:14,4297) [kworker/1:2-events] (root,0,0,00:00:00/01:00:19,7081) [kworker/1:1-ata_sff] (root,0,0,00:00:00/01:09:27,10630) [kworker/u8:2-ext4-rsv-conversion] (root,6656,3484,00:00:00/00:00,14357) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,14398) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,14399) /bin/bash /usr/bin/check_mk_agent (root,4480,1152,00:00:00/00:00,14400) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,828,00:00:00/00:00,14401) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2676,1300,00:00:00/00:00,14402) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3484,00:00:00/00:00,14403) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,14421) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,14422) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10012,00:00:00/29-13:07:28,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:38/29-13:07:27,15391) sshd: cm-ssh (root,0,0,00:00:00/04:53:01,15974) [kworker/u8:1-writeback] (postfix,24244,8228,00:00:00/01:28:53,16513) pickup -l -t fifo -u (root,35308,10072,00:00:00/19-14:36:06,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:07/19-14:36:05,16977) sshd: syslogtunnel (root,0,0,00:00:00/08:26,17230) [kworker/1:0-ata_sff] (root,0,0,00:00:00/54:26,19051) [kworker/0:0-events] (root,0,0,00:00:00/02:11:18,25943) [kworker/3:1] (root,0,0,00:00:00/05:58,27958) [kworker/2:0-events] (root,0,0,00:00:00/02:39:47,29889) [kworker/3:0-events] (postfix,44628,9272,00:00:01/29-19:53:13,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:48:16,31877) [kworker/0:1-events] (root,0,0,00:00:00/31:13,32365) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-18 01:39 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836349642602Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:18/33-12:58:29,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/33-12:58:29,2) [kthreadd] (root,0,0,00:00:00/33-12:58:29,3) [rcu_gp] (root,0,0,00:00:00/33-12:58:29,4) [rcu_par_gp] (root,0,0,00:00:00/33-12:58:29,5) [slub_flushwq] (root,0,0,00:00:00/33-12:58:29,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-12:58:29,9) [mm_percpu_wq] (root,0,0,00:00:00/33-12:58:29,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-12:58:29,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-12:58:29,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-12:58:29,13) [ksoftirqd/0] (root,0,0,01:29:04/33-12:58:29,14) [rcu_preempt] (root,0,0,00:00:12/33-12:58:29,15) [migration/0] (root,0,0,00:00:00/33-12:58:29,16) [idle_inject/0] (root,0,0,00:00:00/33-12:58:29,18) [cpuhp/0] (root,0,0,00:00:00/33-12:58:29,19) [cpuhp/1] (root,0,0,00:00:00/33-12:58:29,20) [idle_inject/1] (root,0,0,00:00:13/33-12:58:29,21) [migration/1] (root,0,0,00:00:53/33-12:58:29,22) [ksoftirqd/1] (root,0,0,00:00:00/33-12:58:29,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-12:58:29,25) [cpuhp/2] (root,0,0,00:00:00/33-12:58:29,26) [idle_inject/2] (root,0,0,00:00:10/33-12:58:29,27) [migration/2] (root,0,0,01:04:48/33-12:58:29,28) [ksoftirqd/2] (root,0,0,00:00:00/33-12:58:29,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-12:58:29,31) [cpuhp/3] (root,0,0,00:00:00/33-12:58:29,32) [idle_inject/3] (root,0,0,00:00:12/33-12:58:29,33) [migration/3] (root,0,0,00:03:01/33-12:58:29,34) [ksoftirqd/3] (root,0,0,00:00:00/33-12:58:29,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-12:58:29,39) [kdevtmpfs] (root,0,0,00:00:00/33-12:58:29,40) [netns] (root,0,0,00:00:00/33-12:58:29,41) [inet_frag_wq] (root,0,0,00:00:07/33-12:58:29,42) [kauditd] (root,0,0,00:00:00/33-12:58:29,43) [khungtaskd] (root,0,0,00:00:00/33-12:58:29,44) [oom_reaper] (root,0,0,00:00:00/33-12:58:29,45) [writeback] (root,0,0,00:01:38/33-12:58:29,46) [kcompactd0] (root,0,0,00:00:00/33-12:58:29,47) [ksmd] (root,0,0,00:01:37/33-12:58:29,48) [khugepaged] (root,0,0,00:00:00/33-12:58:29,74) [kintegrityd] (root,0,0,00:00:00/33-12:58:29,75) [kblockd] (root,0,0,00:00:00/33-12:58:29,76) [blkcg_punt_bio] (root,0,0,00:00:00/33-12:58:29,78) [tpm_dev_wq] (root,0,0,00:00:00/33-12:58:29,79) [edac-poller] (root,0,0,00:00:00/33-12:58:29,80) [devfreq_wq] (root,0,0,00:00:00/33-12:58:29,110) [watchdogd] (root,0,0,00:00:07/33-12:58:29,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/33-12:58:29,112) [kswapd0] (root,0,0,00:00:00/33-12:58:28,114) [kthrotld] (root,0,0,00:00:00/33-12:58:28,115) [mld] (root,0,0,00:00:00/33-12:58:28,116) [ipv6_addrconf] (root,0,0,00:00:14/33-12:58:28,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/33-12:58:28,122) [kstrp] (root,0,0,00:00:00/33-12:58:28,123) [zswap-shrink] (root,0,0,00:00:00/33-12:58:28,124) [kworker/u9:0] (root,0,0,00:00:00/33-12:58:28,129) [charger_manager] (root,0,0,00:00:07/33-12:58:27,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/33-12:58:27,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-12:58:27,205) [kaluad] (root,0,0,00:00:00/33-12:58:27,250) [kmpath_rdacd] (root,0,0,00:00:00/33-12:58:27,293) [kmpathd] (root,0,0,00:00:00/33-12:58:27,294) [kmpath_handlerd] (root,0,0,00:00:00/33-12:58:27,342) [ata_sff] (root,0,0,00:00:00/33-12:58:26,343) [scsi_eh_0] (root,0,0,00:00:00/33-12:58:26,344) [scsi_tmf_0] (root,0,0,00:00:00/33-12:58:26,345) [scsi_eh_1] (root,0,0,00:00:00/33-12:58:26,346) [scsi_tmf_1] (root,0,0,00:00:54/33-12:58:24,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-12:58:24,367) [ext4-rsv-conver] (root,38604,7788,00:00:44/33-12:58:12,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/33-12:58:11,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:50/33-12:58:09,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/33-12:57:35,512) /sbin/auditd (messagebus,22936,5548,00:01:25/33-12:57:35,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:49/33-12:57:35,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/33-12:57:35,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/33-12:57:34,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/33-12:57:34,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:50:08,727) [kworker/u8:2-ext4-rsv-conversion] (root,548360,32524,00:00:38/33-12:57:20,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/33-12:57:20,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:08/33-12:57:19,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/33-12:57:19,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/33-12:57:19,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/33-12:57:19,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/33-12:57:19,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:42/33-12:57:19,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:34/33-12:57:19,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/33-12:57:19,1206) bpfilter_umh (root,26204,8212,00:00:13/33-12:57:19,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/33-12:57:19,1215) ntpd: asynchronous dns resolver (spot,293512,180056,1-17:43:47/33-12:57:19,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/33-12:57:18,1228) (sd-pam) (checkmk,48532,3192,00:00:00/33-12:57:18,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/33-12:57:18,1245) (sd-pam) (root,24216,5344,00:00:11/33-12:57:17,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/33-12:57:17,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/33-12:57:16,1354) /usr/sbin/cron -n (root,697972,81828,00:43:52/33-12:57:10,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,222656,63272,00:14:26/33-12:56:56,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/51:51,3524) [kworker/2:2-events] (root,0,0,00:00:00/05:28,3850) [kworker/1:1-ata_sff] (root,0,0,00:00:00/05:08,7073) [kworker/u8:1-writeback] (root,0,0,00:00:00/31:24,7957) [kworker/1:0-mm_percpu_wq] (postfix,24244,8272,00:00:00/01:10:32,13877) pickup -l -t fifo -u (root,35308,10012,00:00:00/27-10:48:12,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:31/27-10:48:11,15391) sshd: cm-ssh (root,35308,10072,00:00:00/17-12:16:50,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:00/17-12:16:49,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:28:46,18088) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/22:10,19428) [kworker/0:2-events] (root,0,0,00:00:03/01:58:26,24863) [kworker/2:1-events] (root,0,0,00:00:00/00:15,25067) [kworker/1:2-ata_sff] (root,6656,3484,00:00:00/00:00,25845) /bin/bash /usr/bin/check_mk_agent (root,13744,3424,00:00:00/00:00,25863) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,25864) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:02/02:20:44,29457) [kworker/3:0-events] (postfix,44628,9316,00:00:01/27-17:33:57,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/29:37,31017) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-15 23:20 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363606d95e1Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:15/31-12:36:39,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-12:36:39,2) [kthreadd] (root,0,0,00:00:00/31-12:36:39,3) [rcu_gp] (root,0,0,00:00:00/31-12:36:39,4) [rcu_par_gp] (root,0,0,00:00:00/31-12:36:39,5) [slub_flushwq] (root,0,0,00:00:00/31-12:36:39,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-12:36:39,9) [mm_percpu_wq] (root,0,0,00:00:00/31-12:36:39,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-12:36:39,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-12:36:39,12) [rcu_tasks_trace] (root,0,0,00:00:57/31-12:36:39,13) [ksoftirqd/0] (root,0,0,01:23:49/31-12:36:39,14) [rcu_preempt] (root,0,0,00:00:11/31-12:36:39,15) [migration/0] (root,0,0,00:00:00/31-12:36:39,16) [idle_inject/0] (root,0,0,00:00:00/31-12:36:39,18) [cpuhp/0] (root,0,0,00:00:00/31-12:36:39,19) [cpuhp/1] (root,0,0,00:00:00/31-12:36:39,20) [idle_inject/1] (root,0,0,00:00:12/31-12:36:39,21) [migration/1] (root,0,0,00:00:50/31-12:36:39,22) [ksoftirqd/1] (root,0,0,00:00:00/31-12:36:39,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-12:36:39,25) [cpuhp/2] (root,0,0,00:00:00/31-12:36:39,26) [idle_inject/2] (root,0,0,00:00:09/31-12:36:39,27) [migration/2] (root,0,0,01:01:42/31-12:36:39,28) [ksoftirqd/2] (root,0,0,00:00:00/31-12:36:39,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-12:36:39,31) [cpuhp/3] (root,0,0,00:00:00/31-12:36:39,32) [idle_inject/3] (root,0,0,00:00:11/31-12:36:39,33) [migration/3] (root,0,0,00:02:51/31-12:36:39,34) [ksoftirqd/3] (root,0,0,00:00:00/31-12:36:39,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-12:36:39,39) [kdevtmpfs] (root,0,0,00:00:00/31-12:36:39,40) [netns] (root,0,0,00:00:00/31-12:36:39,41) [inet_frag_wq] (root,0,0,00:00:07/31-12:36:39,42) [kauditd] (root,0,0,00:00:00/31-12:36:39,43) [khungtaskd] (root,0,0,00:00:00/31-12:36:39,44) [oom_reaper] (root,0,0,00:00:00/31-12:36:39,45) [writeback] (root,0,0,00:01:32/31-12:36:39,46) [kcompactd0] (root,0,0,00:00:00/31-12:36:39,47) [ksmd] (root,0,0,00:01:31/31-12:36:39,48) [khugepaged] (root,0,0,00:00:00/31-12:36:39,74) [kintegrityd] (root,0,0,00:00:00/31-12:36:39,75) [kblockd] (root,0,0,00:00:00/31-12:36:39,76) [blkcg_punt_bio] (root,0,0,00:00:00/31-12:36:39,78) [tpm_dev_wq] (root,0,0,00:00:00/31-12:36:39,79) [edac-poller] (root,0,0,00:00:00/31-12:36:39,80) [devfreq_wq] (root,0,0,00:00:00/31-12:36:39,110) [watchdogd] (root,0,0,00:00:06/31-12:36:39,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/31-12:36:39,112) [kswapd0] (root,0,0,00:00:00/31-12:36:38,114) [kthrotld] (root,0,0,00:00:00/31-12:36:38,115) [mld] (root,0,0,00:00:00/31-12:36:38,116) [ipv6_addrconf] (root,0,0,00:00:13/31-12:36:38,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/31-12:36:38,122) [kstrp] (root,0,0,00:00:00/31-12:36:38,123) [zswap-shrink] (root,0,0,00:00:00/31-12:36:38,124) [kworker/u9:0] (root,0,0,00:00:00/31-12:36:38,129) [charger_manager] (root,0,0,00:00:07/31-12:36:37,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/31-12:36:37,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-12:36:37,205) [kaluad] (root,0,0,00:00:00/31-12:36:37,250) [kmpath_rdacd] (root,0,0,00:00:00/31-12:36:37,293) [kmpathd] (root,0,0,00:00:00/31-12:36:37,294) [kmpath_handlerd] (root,0,0,00:00:00/31-12:36:37,342) [ata_sff] (root,0,0,00:00:00/31-12:36:36,343) [scsi_eh_0] (root,0,0,00:00:00/31-12:36:36,344) [scsi_tmf_0] (root,0,0,00:00:00/31-12:36:36,345) [scsi_eh_1] (root,0,0,00:00:00/31-12:36:36,346) [scsi_tmf_1] (root,0,0,00:00:51/31-12:36:34,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-12:36:34,367) [ext4-rsv-conver] (root,38604,7788,00:00:42/31-12:36:22,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/31-12:36:21,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:47/31-12:36:19,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:15/31-12:35:45,512) /sbin/auditd (messagebus,22936,5548,00:01:21/31-12:35:45,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:47/31-12:35:45,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/31-12:35:45,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/31-12:35:44,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/31-12:35:44,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/53:19,843) [kworker/u8:2-writeback] (root,548360,31484,00:00:35/31-12:35:30,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/31-12:35:30,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:02:55/31-12:35:29,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/31-12:35:29,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/31-12:35:29,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/31-12:35:29,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/31-12:35:29,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:40/31-12:35:29,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:17/31-12:35:29,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/31-12:35:29,1206) bpfilter_umh (root,26204,8212,00:00:12/31-12:35:29,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/31-12:35:29,1215) ntpd: asynchronous dns resolver (spot,286600,173752,1-15:26:27/31-12:35:29,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/31-12:35:28,1228) (sd-pam) (checkmk,48532,3192,00:00:00/31-12:35:28,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/31-12:35:28,1245) (sd-pam) (root,24216,5344,00:00:10/31-12:35:27,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/31-12:35:27,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/31-12:35:26,1354) /usr/sbin/cron -n (root,697972,81512,00:41:14/31-12:35:20,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,221632,61380,00:13:36/31-12:35:06,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:02/03:50:01,5886) [kworker/3:1-events] (root,0,0,00:00:02/03:27:30,8787) [kworker/0:2-events] (root,0,0,00:00:00/07:58,9978) [kworker/3:0-cgroup_destroy] (root,0,0,00:00:01/52:25,11542) [kworker/2:0-events] (root,35308,10012,00:00:00/25-10:26:22,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:24/25-10:26:21,15391) sshd: cm-ssh (root,0,0,00:00:00/01:03:17,16327) [kworker/u8:0-writeback] (root,35308,10072,00:00:00/15-11:55:00,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:53/15-11:54:59,16977) sshd: syslogtunnel (root,0,0,00:00:00/09:03,24941) [kworker/1:2-ata_sff] (postfix,24244,8232,00:00:00/01:10:39,25164) pickup -l -t fifo -u (root,0,0,00:00:00/00:33,27074) [kworker/3:2-events] (root,0,0,00:00:00/30:02,29649) [kworker/2:2-events] (root,0,0,00:00:00/03:53,29982) [kworker/1:1-ata_sff] (postfix,44628,9316,00:00:01/25-17:12:07,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/29:49,31543) [kworker/1:0-events] (root,0,0,00:00:00/04:41:58,31966) [kworker/0:0-events] (root,6656,3476,00:00:00/00:00,32672) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,32690) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,32691) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-13 22:58 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683637b3be41fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:12/29-13:00:29,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-13:00:29,2) [kthreadd] (root,0,0,00:00:00/29-13:00:29,3) [rcu_gp] (root,0,0,00:00:00/29-13:00:29,4) [rcu_par_gp] (root,0,0,00:00:00/29-13:00:29,5) [slub_flushwq] (root,0,0,00:00:00/29-13:00:29,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-13:00:29,9) [mm_percpu_wq] (root,0,0,00:00:00/29-13:00:29,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-13:00:29,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-13:00:29,12) [rcu_tasks_trace] (root,0,0,00:00:52/29-13:00:29,13) [ksoftirqd/0] (root,0,0,01:18:41/29-13:00:29,14) [rcu_preempt] (root,0,0,00:00:11/29-13:00:29,15) [migration/0] (root,0,0,00:00:00/29-13:00:29,16) [idle_inject/0] (root,0,0,00:00:00/29-13:00:29,18) [cpuhp/0] (root,0,0,00:00:00/29-13:00:29,19) [cpuhp/1] (root,0,0,00:00:00/29-13:00:29,20) [idle_inject/1] (root,0,0,00:00:11/29-13:00:29,21) [migration/1] (root,0,0,00:00:46/29-13:00:29,22) [ksoftirqd/1] (root,0,0,00:00:00/29-13:00:29,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-13:00:29,25) [cpuhp/2] (root,0,0,00:00:00/29-13:00:29,26) [idle_inject/2] (root,0,0,00:00:09/29-13:00:29,27) [migration/2] (root,0,0,00:58:02/29-13:00:29,28) [ksoftirqd/2] (root,0,0,00:00:00/29-13:00:29,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-13:00:29,31) [cpuhp/3] (root,0,0,00:00:00/29-13:00:29,32) [idle_inject/3] (root,0,0,00:00:11/29-13:00:29,33) [migration/3] (root,0,0,00:02:40/29-13:00:29,34) [ksoftirqd/3] (root,0,0,00:00:00/29-13:00:29,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-13:00:29,39) [kdevtmpfs] (root,0,0,00:00:00/29-13:00:29,40) [netns] (root,0,0,00:00:00/29-13:00:29,41) [inet_frag_wq] (root,0,0,00:00:06/29-13:00:29,42) [kauditd] (root,0,0,00:00:00/29-13:00:29,43) [khungtaskd] (root,0,0,00:00:00/29-13:00:29,44) [oom_reaper] (root,0,0,00:00:00/29-13:00:29,45) [writeback] (root,0,0,00:01:26/29-13:00:29,46) [kcompactd0] (root,0,0,00:00:00/29-13:00:29,47) [ksmd] (root,0,0,00:01:25/29-13:00:29,48) [khugepaged] (root,0,0,00:00:00/29-13:00:29,74) [kintegrityd] (root,0,0,00:00:00/29-13:00:29,75) [kblockd] (root,0,0,00:00:00/29-13:00:29,76) [blkcg_punt_bio] (root,0,0,00:00:00/29-13:00:29,78) [tpm_dev_wq] (root,0,0,00:00:00/29-13:00:29,79) [edac-poller] (root,0,0,00:00:00/29-13:00:29,80) [devfreq_wq] (root,0,0,00:00:00/29-13:00:29,110) [watchdogd] (root,0,0,00:00:06/29-13:00:29,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/29-13:00:29,112) [kswapd0] (root,0,0,00:00:00/29-13:00:28,114) [kthrotld] (root,0,0,00:00:00/29-13:00:28,115) [mld] (root,0,0,00:00:00/29-13:00:28,116) [ipv6_addrconf] (root,0,0,00:00:12/29-13:00:28,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/29-13:00:28,122) [kstrp] (root,0,0,00:00:00/29-13:00:28,123) [zswap-shrink] (root,0,0,00:00:00/29-13:00:28,124) [kworker/u9:0] (root,0,0,00:00:00/29-13:00:28,129) [charger_manager] (root,0,0,00:00:06/29-13:00:27,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/29-13:00:27,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-13:00:27,205) [kaluad] (root,0,0,00:00:00/29-13:00:27,250) [kmpath_rdacd] (root,0,0,00:00:00/29-13:00:27,293) [kmpathd] (root,0,0,00:00:00/29-13:00:27,294) [kmpath_handlerd] (root,0,0,00:00:00/29-13:00:27,342) [ata_sff] (root,0,0,00:00:00/29-13:00:26,343) [scsi_eh_0] (root,0,0,00:00:00/29-13:00:26,344) [scsi_tmf_0] (root,0,0,00:00:00/29-13:00:26,345) [scsi_eh_1] (root,0,0,00:00:00/29-13:00:26,346) [scsi_tmf_1] (root,0,0,00:00:48/29-13:00:24,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-13:00:24,367) [ext4-rsv-conver] (root,38604,7788,00:00:40/29-13:00:12,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/29-13:00:11,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:44/29-13:00:09,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/29-12:59:35,512) /sbin/auditd (messagebus,22936,5548,00:01:18/29-12:59:35,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:45/29-12:59:35,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/29-12:59:35,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/29-12:59:34,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/29-12:59:34,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:33/29-12:59:20,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/29-12:59:20,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:41/29-12:59:19,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/29-12:59:19,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/29-12:59:19,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/29-12:59:19,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/29-12:59:19,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:38/29-12:59:19,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:01/29-12:59:19,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/29-12:59:19,1206) bpfilter_umh (root,26204,8212,00:00:12/29-12:59:19,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/29-12:59:19,1215) ntpd: asynchronous dns resolver (spot,291500,178788,1-12:56:18/29-12:59:19,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/29-12:59:18,1228) (sd-pam) (checkmk,48532,3192,00:00:00/29-12:59:18,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/29-12:59:18,1245) (sd-pam) (root,24216,5344,00:00:09/29-12:59:17,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/29-12:59:17,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/29-12:59:16,1354) /usr/sbin/cron -n (root,697576,81132,00:38:38/29-12:59:10,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,220608,60496,00:12:52/29-12:58:56,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/02:20,3727) [kworker/2:1] (root,0,0,00:00:00/02:16,3949) [kworker/u8:1-writeback] (root,0,0,00:00:00/10:14:43,6101) [kworker/0:2-events] (root,0,0,00:00:00/01:15,7065) [kworker/1:2-ata_sff] (root,0,0,00:00:00/02:07:36,8802) [kworker/u8:0] (root,6656,3488,00:00:00/00:00,10715) /bin/bash /usr/bin/check_mk_agent (root,13744,3524,00:00:00/00:00,10733) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,10734) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/24:17,12543) [kworker/3:2-events] (root,0,0,00:00:00/22:41,13387) [kworker/2:0-events] (root,0,0,00:00:00/01:27:30,14764) [kworker/3:0-events] (root,35308,10012,00:00:00/23-10:50:12,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:18/23-10:50:11,15391) sshd: cm-ssh (root,35308,10072,00:00:00/13-12:18:50,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:46/13-12:18:49,16977) sshd: syslogtunnel (root,0,0,00:00:01/05:43:02,20264) [kworker/0:1-events] (root,0,0,00:00:00/06:25,23832) [kworker/1:1-ata_sff] (postfix,24244,8172,00:00:00/16:15,28504) pickup -l -t fifo -u (root,0,0,00:00:07/15:19:35,29407) [kworker/1:0-events] (postfix,44628,9316,00:00:01/23-17:35:57,30472) tlsmgr -l -t unix -u (root,0,0,00:00:02/02:46:13,31583) [kworker/2:2-mm_percpu_wq] (root,0,0,00:00:00/02:32:11,32428) [kworker/u8:2-ext4-rsv-conversion] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-11 23:22 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b2bf0d79Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:08/27-13:22:26,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-13:22:26,2) [kthreadd] (root,0,0,00:00:00/27-13:22:26,3) [rcu_gp] (root,0,0,00:00:00/27-13:22:26,4) [rcu_par_gp] (root,0,0,00:00:00/27-13:22:26,5) [slub_flushwq] (root,0,0,00:00:00/27-13:22:26,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-13:22:26,9) [mm_percpu_wq] (root,0,0,00:00:00/27-13:22:26,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-13:22:26,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-13:22:26,12) [rcu_tasks_trace] (root,0,0,00:00:50/27-13:22:26,13) [ksoftirqd/0] (root,0,0,01:13:36/27-13:22:26,14) [rcu_preempt] (root,0,0,00:00:10/27-13:22:26,15) [migration/0] (root,0,0,00:00:00/27-13:22:26,16) [idle_inject/0] (root,0,0,00:00:00/27-13:22:26,18) [cpuhp/0] (root,0,0,00:00:00/27-13:22:26,19) [cpuhp/1] (root,0,0,00:00:00/27-13:22:26,20) [idle_inject/1] (root,0,0,00:00:10/27-13:22:26,21) [migration/1] (root,0,0,00:00:43/27-13:22:26,22) [ksoftirqd/1] (root,0,0,00:00:00/27-13:22:26,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-13:22:26,25) [cpuhp/2] (root,0,0,00:00:00/27-13:22:26,26) [idle_inject/2] (root,0,0,00:00:08/27-13:22:26,27) [migration/2] (root,0,0,00:55:22/27-13:22:26,28) [ksoftirqd/2] (root,0,0,00:00:00/27-13:22:26,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-13:22:26,31) [cpuhp/3] (root,0,0,00:00:00/27-13:22:26,32) [idle_inject/3] (root,0,0,00:00:10/27-13:22:26,33) [migration/3] (root,0,0,00:02:31/27-13:22:26,34) [ksoftirqd/3] (root,0,0,00:00:00/27-13:22:26,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-13:22:26,39) [kdevtmpfs] (root,0,0,00:00:00/27-13:22:26,40) [netns] (root,0,0,00:00:00/27-13:22:26,41) [inet_frag_wq] (root,0,0,00:00:06/27-13:22:26,42) [kauditd] (root,0,0,00:00:00/27-13:22:26,43) [khungtaskd] (root,0,0,00:00:00/27-13:22:26,44) [oom_reaper] (root,0,0,00:00:00/27-13:22:26,45) [writeback] (root,0,0,00:01:21/27-13:22:26,46) [kcompactd0] (root,0,0,00:00:00/27-13:22:26,47) [ksmd] (root,0,0,00:01:19/27-13:22:26,48) [khugepaged] (root,0,0,00:00:00/27-13:22:26,74) [kintegrityd] (root,0,0,00:00:00/27-13:22:26,75) [kblockd] (root,0,0,00:00:00/27-13:22:26,76) [blkcg_punt_bio] (root,0,0,00:00:00/27-13:22:26,78) [tpm_dev_wq] (root,0,0,00:00:00/27-13:22:26,79) [edac-poller] (root,0,0,00:00:00/27-13:22:26,80) [devfreq_wq] (root,0,0,00:00:00/27-13:22:26,110) [watchdogd] (root,0,0,00:00:05/27-13:22:26,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/27-13:22:26,112) [kswapd0] (root,0,0,00:00:00/27-13:22:25,114) [kthrotld] (root,0,0,00:00:00/27-13:22:25,115) [mld] (root,0,0,00:00:00/27-13:22:25,116) [ipv6_addrconf] (root,0,0,00:00:11/27-13:22:25,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/27-13:22:25,122) [kstrp] (root,0,0,00:00:00/27-13:22:25,123) [zswap-shrink] (root,0,0,00:00:00/27-13:22:25,124) [kworker/u9:0] (root,0,0,00:00:00/27-13:22:25,129) [charger_manager] (root,0,0,00:00:06/27-13:22:24,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/27-13:22:24,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-13:22:24,205) [kaluad] (root,0,0,00:00:00/27-13:22:24,250) [kmpath_rdacd] (root,0,0,00:00:00/27-13:22:24,293) [kmpathd] (root,0,0,00:00:00/27-13:22:24,294) [kmpath_handlerd] (root,0,0,00:00:00/27-13:22:24,342) [ata_sff] (root,0,0,00:00:00/27-13:22:23,343) [scsi_eh_0] (root,0,0,00:00:00/27-13:22:23,344) [scsi_tmf_0] (root,0,0,00:00:00/27-13:22:23,345) [scsi_eh_1] (root,0,0,00:00:00/27-13:22:23,346) [scsi_tmf_1] (root,0,0,00:00:44/27-13:22:21,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-13:22:21,367) [ext4-rsv-conver] (root,6656,3488,00:00:00/00:00,381) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,399) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,400) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,38604,7788,00:00:38/27-13:22:09,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/27-13:22:08,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:41/27-13:22:06,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/27-13:21:32,512) /sbin/auditd (messagebus,22936,5548,00:01:14/27-13:21:32,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8520,00:00:43/27-13:21:32,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/27-13:21:32,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/27-13:21:31,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/27-13:21:31,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:31/27-13:21:17,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/27-13:21:17,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:33/27-13:21:16,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/27-13:21:16,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/27-13:21:16,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/27-13:21:16,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/27-13:21:16,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:36/27-13:21:16,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:03:45/27-13:21:16,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/27-13:21:16,1206) bpfilter_umh (root,26204,8212,00:00:11/27-13:21:16,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/27-13:21:16,1215) ntpd: asynchronous dns resolver (spot,290216,176708,1-10:36:51/27-13:21:16,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/27-13:21:15,1228) (sd-pam) (checkmk,48532,3192,00:00:00/27-13:21:15,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/27-13:21:15,1245) (sd-pam) (root,24216,5344,00:00:09/27-13:21:14,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/27-13:21:14,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/27-13:21:13,1354) /usr/sbin/cron -n (root,697064,80568,00:36:04/27-13:21:07,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,219584,58616,00:11:34/27-13:20:53,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/02:35:58,1639) [kworker/3:1-events] (root,0,0,00:00:00/09:33,8451) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/06:52,13512) [kworker/1:3-events] (postfix,24244,8148,00:00:00/01:00:12,14566) pickup -l -t fifo -u (root,35308,10012,00:00:00/21-11:12:09,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:11/21-11:12:08,15391) sshd: cm-ssh (root,0,0,00:00:00/59:08,16439) [kworker/u8:1-ext4-rsv-conversion] (root,35308,10072,00:00:00/11-12:40:47,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:40/11-12:40:46,16977) sshd: syslogtunnel (root,0,0,00:00:01/05:32:33,18730) [kworker/0:0-mm_percpu_wq] (root,0,0,00:00:00/35:36,20552) [kworker/2:1] (root,0,0,00:00:00/56:59,23802) [kworker/0:1] (root,0,0,00:00:00/14:14,26286) [kworker/1:1-ata_sff] (root,0,0,00:00:00/01:50,27852) [kworker/1:0-ata_sff] (root,0,0,00:00:00/44:28,27932) [kworker/2:2-events] (postfix,44628,9316,00:00:00/21-17:57:54,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:28:53,32261) [kworker/3:0-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-09 23:44 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363fcbca864Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12816,00:01:04/25-13:02:58,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-13:02:58,2) [kthreadd] (root,0,0,00:00:00/25-13:02:58,3) [rcu_gp] (root,0,0,00:00:00/25-13:02:58,4) [rcu_par_gp] (root,0,0,00:00:00/25-13:02:58,5) [slub_flushwq] (root,0,0,00:00:00/25-13:02:58,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-13:02:58,9) [mm_percpu_wq] (root,0,0,00:00:00/25-13:02:58,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-13:02:58,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-13:02:58,12) [rcu_tasks_trace] (root,0,0,00:00:46/25-13:02:58,13) [ksoftirqd/0] (root,0,0,01:08:16/25-13:02:58,14) [rcu_preempt] (root,0,0,00:00:09/25-13:02:58,15) [migration/0] (root,0,0,00:00:00/25-13:02:58,16) [idle_inject/0] (root,0,0,00:00:00/25-13:02:58,18) [cpuhp/0] (root,0,0,00:00:00/25-13:02:58,19) [cpuhp/1] (root,0,0,00:00:00/25-13:02:58,20) [idle_inject/1] (root,0,0,00:00:10/25-13:02:58,21) [migration/1] (root,0,0,00:00:40/25-13:02:58,22) [ksoftirqd/1] (root,0,0,00:00:00/25-13:02:58,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-13:02:58,25) [cpuhp/2] (root,0,0,00:00:00/25-13:02:58,26) [idle_inject/2] (root,0,0,00:00:08/25-13:02:58,27) [migration/2] (root,0,0,00:52:04/25-13:02:58,28) [ksoftirqd/2] (root,0,0,00:00:00/25-13:02:58,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-13:02:58,31) [cpuhp/3] (root,0,0,00:00:00/25-13:02:58,32) [idle_inject/3] (root,0,0,00:00:09/25-13:02:58,33) [migration/3] (root,0,0,00:02:21/25-13:02:58,34) [ksoftirqd/3] (root,0,0,00:00:00/25-13:02:58,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-13:02:58,39) [kdevtmpfs] (root,0,0,00:00:00/25-13:02:58,40) [netns] (root,0,0,00:00:00/25-13:02:58,41) [inet_frag_wq] (root,0,0,00:00:06/25-13:02:58,42) [kauditd] (root,0,0,00:00:00/25-13:02:58,43) [khungtaskd] (root,0,0,00:00:00/25-13:02:58,44) [oom_reaper] (root,0,0,00:00:00/25-13:02:58,45) [writeback] (root,0,0,00:01:14/25-13:02:58,46) [kcompactd0] (root,0,0,00:00:00/25-13:02:58,47) [ksmd] (root,0,0,00:01:13/25-13:02:58,48) [khugepaged] (root,0,0,00:00:00/25-13:02:58,74) [kintegrityd] (root,0,0,00:00:00/25-13:02:58,75) [kblockd] (root,0,0,00:00:00/25-13:02:58,76) [blkcg_punt_bio] (root,0,0,00:00:00/25-13:02:58,78) [tpm_dev_wq] (root,0,0,00:00:00/25-13:02:58,79) [edac-poller] (root,0,0,00:00:00/25-13:02:58,80) [devfreq_wq] (root,0,0,00:00:00/25-13:02:58,110) [watchdogd] (root,0,0,00:00:05/25-13:02:58,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/25-13:02:58,112) [kswapd0] (root,0,0,00:00:00/25-13:02:57,114) [kthrotld] (root,0,0,00:00:00/25-13:02:57,115) [mld] (root,0,0,00:00:00/25-13:02:57,116) [ipv6_addrconf] (root,0,0,00:00:11/25-13:02:57,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/25-13:02:57,122) [kstrp] (root,0,0,00:00:00/25-13:02:57,123) [zswap-shrink] (root,0,0,00:00:00/25-13:02:57,124) [kworker/u9:0] (root,0,0,00:00:00/25-13:02:57,129) [charger_manager] (root,0,0,00:00:05/25-13:02:56,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/25-13:02:56,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-13:02:56,205) [kaluad] (root,0,0,00:00:00/25-13:02:56,250) [kmpath_rdacd] (root,0,0,00:00:00/25-13:02:56,293) [kmpathd] (root,0,0,00:00:00/25-13:02:56,294) [kmpath_handlerd] (root,0,0,00:00:00/25-13:02:56,342) [ata_sff] (root,0,0,00:00:00/25-13:02:55,343) [scsi_eh_0] (root,0,0,00:00:00/25-13:02:55,344) [scsi_tmf_0] (root,0,0,00:00:00/25-13:02:55,345) [scsi_eh_1] (root,0,0,00:00:00/25-13:02:55,346) [scsi_tmf_1] (root,0,0,00:00:40/25-13:02:53,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-13:02:53,367) [ext4-rsv-conver] (root,38604,7876,00:00:36/25-13:02:41,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:03/25-13:02:40,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:38/25-13:02:38,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:13/25-13:02:04,512) /sbin/auditd (messagebus,22936,5640,00:01:10/25-13:02:04,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:40/25-13:02:04,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/25-13:02:04,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/25-13:02:03,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/25-13:02:03,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,30844,00:00:29/25-13:01:49,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/25-13:01:49,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:19/25-13:01:48,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/25-13:01:48,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/25-13:01:48,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/25-13:01:48,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/25-13:01:48,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:34/25-13:01:48,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:28/25-13:01:48,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/25-13:01:48,1206) bpfilter_umh (root,26204,8300,00:00:11/25-13:01:48,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/25-13:01:48,1215) ntpd: asynchronous dns resolver (spot,301936,188388,1-08:01:58/25-13:01:48,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/25-13:01:47,1228) (sd-pam) (checkmk,48532,3192,00:00:00/25-13:01:47,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/25-13:01:47,1245) (sd-pam) (root,24216,5348,00:00:08/25-13:01:46,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/25-13:01:46,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/25-13:01:45,1354) /usr/sbin/cron -n (root,694116,77808,00:33:25/25-13:01:39,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,218560,57992,00:10:09/25-13:01:25,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/00:14,3014) [kworker/1:0-ata_sff] (root,6656,3488,00:00:00/00:00,4435) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,4453) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,4454) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/32:33,7950) [kworker/2:2-events] (root,0,0,00:00:00/02:21:13,15018) [kworker/0:2-events] (root,35308,10012,00:00:00/19-10:52:41,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:05/19-10:52:40,15391) sshd: cm-ssh (root,0,0,00:00:00/25:45,16404) [kworker/0:1-events] (root,35308,10072,00:00:00/9-12:21:19,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:33/9-12:21:18,16977) sshd: syslogtunnel (root,0,0,00:00:00/05:26,17007) [kworker/1:2-ata_sff] (root,0,0,00:00:00/08:55:09,17512) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:01/07:19:59,18263) [kworker/3:2-events] (root,0,0,00:00:05/06:05:33,21123) [kworker/2:1-events] (root,0,0,00:00:00/55:01,25316) [kworker/u8:0-flush-253:0] (postfix,44628,9372,00:00:00/19-17:38:26,30472) tlsmgr -l -t unix -u (postfix,24244,8260,00:00:00/01:01:38,30743) pickup -l -t fifo -u (root,0,0,00:00:00/18:54,31436) [kworker/3:1] (root,0,0,00:00:02/03:22:35,31732) [kworker/1:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-07 23:25 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c7135a68Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:01:01/23-13:22:23,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-13:22:23,2) [kthreadd] (root,0,0,00:00:00/23-13:22:23,3) [rcu_gp] (root,0,0,00:00:00/23-13:22:23,4) [rcu_par_gp] (root,0,0,00:00:00/23-13:22:23,5) [slub_flushwq] (root,0,0,00:00:00/23-13:22:23,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-13:22:23,9) [mm_percpu_wq] (root,0,0,00:00:00/23-13:22:23,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-13:22:23,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-13:22:23,12) [rcu_tasks_trace] (root,0,0,00:00:42/23-13:22:23,13) [ksoftirqd/0] (root,0,0,01:02:43/23-13:22:23,14) [rcu_preempt] (root,0,0,00:00:08/23-13:22:23,15) [migration/0] (root,0,0,00:00:00/23-13:22:23,16) [idle_inject/0] (root,0,0,00:00:00/23-13:22:23,18) [cpuhp/0] (root,0,0,00:00:00/23-13:22:23,19) [cpuhp/1] (root,0,0,00:00:00/23-13:22:23,20) [idle_inject/1] (root,0,0,00:00:09/23-13:22:23,21) [migration/1] (root,0,0,00:00:37/23-13:22:23,22) [ksoftirqd/1] (root,0,0,00:00:00/23-13:22:23,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-13:22:23,25) [cpuhp/2] (root,0,0,00:00:00/23-13:22:23,26) [idle_inject/2] (root,0,0,00:00:07/23-13:22:23,27) [migration/2] (root,0,0,00:47:28/23-13:22:23,28) [ksoftirqd/2] (root,0,0,00:00:00/23-13:22:23,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-13:22:23,31) [cpuhp/3] (root,0,0,00:00:00/23-13:22:23,32) [idle_inject/3] (root,0,0,00:00:08/23-13:22:23,33) [migration/3] (root,0,0,00:02:10/23-13:22:23,34) [ksoftirqd/3] (root,0,0,00:00:00/23-13:22:23,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-13:22:23,39) [kdevtmpfs] (root,0,0,00:00:00/23-13:22:23,40) [netns] (root,0,0,00:00:00/23-13:22:23,41) [inet_frag_wq] (root,0,0,00:00:05/23-13:22:23,42) [kauditd] (root,0,0,00:00:00/23-13:22:23,43) [khungtaskd] (root,0,0,00:00:00/23-13:22:23,44) [oom_reaper] (root,0,0,00:00:00/23-13:22:23,45) [writeback] (root,0,0,00:01:09/23-13:22:23,46) [kcompactd0] (root,0,0,00:00:00/23-13:22:23,47) [ksmd] (root,0,0,00:01:08/23-13:22:23,48) [khugepaged] (root,0,0,00:00:00/23-13:22:23,74) [kintegrityd] (root,0,0,00:00:00/23-13:22:23,75) [kblockd] (root,0,0,00:00:00/23-13:22:23,76) [blkcg_punt_bio] (root,0,0,00:00:00/23-13:22:23,78) [tpm_dev_wq] (root,0,0,00:00:00/23-13:22:23,79) [edac-poller] (root,0,0,00:00:00/23-13:22:23,80) [devfreq_wq] (root,0,0,00:00:00/23-13:22:23,110) [watchdogd] (root,0,0,00:00:04/23-13:22:23,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/23-13:22:23,112) [kswapd0] (root,0,0,00:00:00/23-13:22:22,114) [kthrotld] (root,0,0,00:00:00/23-13:22:22,115) [mld] (root,0,0,00:00:00/23-13:22:22,116) [ipv6_addrconf] (root,0,0,00:00:10/23-13:22:22,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/23-13:22:22,122) [kstrp] (root,0,0,00:00:00/23-13:22:22,123) [zswap-shrink] (root,0,0,00:00:00/23-13:22:22,124) [kworker/u9:0] (root,0,0,00:00:00/23-13:22:22,129) [charger_manager] (root,0,0,00:00:05/23-13:22:21,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/23-13:22:21,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-13:22:21,205) [kaluad] (root,0,0,00:00:00/23-13:22:21,250) [kmpath_rdacd] (root,0,0,00:00:00/23-13:22:21,293) [kmpathd] (root,0,0,00:00:00/23-13:22:21,294) [kmpath_handlerd] (root,0,0,00:00:00/23-13:22:21,342) [ata_sff] (root,0,0,00:00:00/23-13:22:20,343) [scsi_eh_0] (root,0,0,00:00:00/23-13:22:20,344) [scsi_tmf_0] (root,0,0,00:00:00/23-13:22:20,345) [scsi_eh_1] (root,0,0,00:00:00/23-13:22:20,346) [scsi_tmf_1] (root,0,0,00:00:37/23-13:22:18,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-13:22:18,367) [ext4-rsv-conver] (root,38604,7876,00:00:34/23-13:22:06,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/23-13:22:05,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:35/23-13:22:03,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:12/23-13:21:29,512) /sbin/auditd (messagebus,22936,5640,00:01:07/23-13:21:29,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:38/23-13:21:29,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/23-13:21:29,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/23-13:21:28,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/23-13:21:28,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,30324,00:00:26/23-13:21:14,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/23-13:21:14,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:08/23-13:21:13,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/23-13:21:13,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/23-13:21:13,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/23-13:21:13,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/23-13:21:13,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:32/23-13:21:13,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:12/23-13:21:13,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/23-13:21:13,1206) bpfilter_umh (root,26204,8300,00:00:10/23-13:21:13,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/23-13:21:13,1215) ntpd: asynchronous dns resolver (spot,285404,172708,1-05:37:13/23-13:21:13,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/23-13:21:12,1228) (sd-pam) (checkmk,48532,3192,00:00:00/23-13:21:12,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/23-13:21:12,1245) (sd-pam) (root,24216,5348,00:00:07/23-13:21:11,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/23-13:21:11,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/23-13:21:10,1354) /usr/sbin/cron -n (root,693860,77156,00:30:43/23-13:21:04,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,55852,00:08:43/23-13:20:50,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/51:59,3891) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/43:53,7143) [kworker/u8:1-writeback] (root,0,0,00:00:00/03:57,7327) [kworker/0:0-events] (root,0,0,00:00:00/02:12:48,7973) [kworker/0:1-events] (root,35308,10012,00:00:00/17-11:12:06,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:58/17-11:12:05,15391) sshd: cm-ssh (postfix,24244,8204,00:00:00/02:47,15690) pickup -l -t fifo -u (root,0,0,00:00:01/04:06:26,16672) [kworker/3:2-events] (root,35308,10072,00:00:00/7-12:40:44,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:26/7-12:40:43,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:41,19725) [kworker/1:1-ata_sff] (root,0,0,00:00:00/10:42,19831) [kworker/2:1-events] (root,0,0,00:00:00/17:34,26295) [kworker/0:2-cgroup_destroy] (root,0,0,00:00:00/31:16,27140) [kworker/2:2-events] (root,6656,3488,00:00:00/00:00,28940) /bin/bash /usr/bin/check_mk_agent (root,13744,3460,00:00:00/00:00,28958) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,28959) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/02:26:57,30106) [kworker/1:2-events] (root,0,0,00:00:00/06:52,30408) [kworker/1:0-ata_sff] (postfix,44628,9372,00:00:00/17-17:57:51,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:12:03,31932) [kworker/3:1] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-05 23:44 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a40c7284Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12808,00:00:57/21-13:30:53,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-13:30:53,2) [kthreadd] (root,0,0,00:00:00/21-13:30:53,3) [rcu_gp] (root,0,0,00:00:00/21-13:30:53,4) [rcu_par_gp] (root,0,0,00:00:00/21-13:30:53,5) [slub_flushwq] (root,0,0,00:00:00/21-13:30:53,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-13:30:53,9) [mm_percpu_wq] (root,0,0,00:00:00/21-13:30:53,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-13:30:53,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-13:30:53,12) [rcu_tasks_trace] (root,0,0,00:00:39/21-13:30:53,13) [ksoftirqd/0] (root,0,0,00:57:24/21-13:30:53,14) [rcu_preempt] (root,0,0,00:00:08/21-13:30:53,15) [migration/0] (root,0,0,00:00:00/21-13:30:53,16) [idle_inject/0] (root,0,0,00:00:00/21-13:30:53,18) [cpuhp/0] (root,0,0,00:00:00/21-13:30:53,19) [cpuhp/1] (root,0,0,00:00:00/21-13:30:53,20) [idle_inject/1] (root,0,0,00:00:08/21-13:30:53,21) [migration/1] (root,0,0,00:00:34/21-13:30:53,22) [ksoftirqd/1] (root,0,0,00:00:00/21-13:30:53,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-13:30:53,25) [cpuhp/2] (root,0,0,00:00:00/21-13:30:53,26) [idle_inject/2] (root,0,0,00:00:06/21-13:30:53,27) [migration/2] (root,0,0,00:43:34/21-13:30:53,28) [ksoftirqd/2] (root,0,0,00:00:00/21-13:30:53,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-13:30:53,31) [cpuhp/3] (root,0,0,00:00:00/21-13:30:53,32) [idle_inject/3] (root,0,0,00:00:08/21-13:30:53,33) [migration/3] (root,0,0,00:02:00/21-13:30:53,34) [ksoftirqd/3] (root,0,0,00:00:00/21-13:30:53,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-13:30:53,39) [kdevtmpfs] (root,0,0,00:00:00/21-13:30:53,40) [netns] (root,0,0,00:00:00/21-13:30:53,41) [inet_frag_wq] (root,0,0,00:00:05/21-13:30:53,42) [kauditd] (root,0,0,00:00:00/21-13:30:53,43) [khungtaskd] (root,0,0,00:00:00/21-13:30:53,44) [oom_reaper] (root,0,0,00:00:00/21-13:30:53,45) [writeback] (root,0,0,00:01:03/21-13:30:53,46) [kcompactd0] (root,0,0,00:00:00/21-13:30:53,47) [ksmd] (root,0,0,00:01:02/21-13:30:53,48) [khugepaged] (root,0,0,00:00:00/21-13:30:53,74) [kintegrityd] (root,0,0,00:00:00/21-13:30:53,75) [kblockd] (root,0,0,00:00:00/21-13:30:53,76) [blkcg_punt_bio] (root,0,0,00:00:00/21-13:30:53,78) [tpm_dev_wq] (root,0,0,00:00:00/21-13:30:53,79) [edac-poller] (root,0,0,00:00:00/21-13:30:53,80) [devfreq_wq] (root,0,0,00:00:00/21-13:30:53,110) [watchdogd] (root,0,0,00:00:04/21-13:30:53,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/21-13:30:53,112) [kswapd0] (root,0,0,00:00:00/21-13:30:52,114) [kthrotld] (root,0,0,00:00:00/21-13:30:52,115) [mld] (root,0,0,00:00:00/21-13:30:52,116) [ipv6_addrconf] (root,0,0,00:00:09/21-13:30:52,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/21-13:30:52,122) [kstrp] (root,0,0,00:00:00/21-13:30:52,123) [zswap-shrink] (root,0,0,00:00:00/21-13:30:52,124) [kworker/u9:0] (root,0,0,00:00:00/21-13:30:52,129) [charger_manager] (root,0,0,00:00:04/21-13:30:51,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/21-13:30:51,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-13:30:51,205) [kaluad] (root,0,0,00:00:00/21-13:30:51,250) [kmpath_rdacd] (root,0,0,00:00:00/21-13:30:51,293) [kmpathd] (root,0,0,00:00:00/21-13:30:51,294) [kmpath_handlerd] (root,0,0,00:00:00/21-13:30:51,342) [ata_sff] (root,0,0,00:00:00/21-13:30:50,343) [scsi_eh_0] (root,0,0,00:00:00/21-13:30:50,344) [scsi_tmf_0] (root,0,0,00:00:00/21-13:30:50,345) [scsi_eh_1] (root,0,0,00:00:00/21-13:30:50,346) [scsi_tmf_1] (root,0,0,00:00:33/21-13:30:48,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-13:30:48,367) [ext4-rsv-conver] (root,38604,7876,00:00:31/21-13:30:36,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/21-13:30:35,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:32/21-13:30:33,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:11/21-13:29:59,512) /sbin/auditd (messagebus,22936,5640,00:01:03/21-13:29:59,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:36/21-13:29:59,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/21-13:29:59,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/21-13:29:58,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/21-13:29:58,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29804,00:00:24/21-13:29:44,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/21-13:29:44,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:59/21-13:29:43,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/21-13:29:43,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/21-13:29:43,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/21-13:29:43,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/21-13:29:43,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:30/21-13:29:43,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:02:55/21-13:29:43,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/21-13:29:43,1206) bpfilter_umh (root,26204,8300,00:00:09/21-13:29:43,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/21-13:29:43,1215) ntpd: asynchronous dns resolver (spot,285692,172000,1-03:16:21/21-13:29:43,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/21-13:29:42,1228) (sd-pam) (checkmk,48532,3192,00:00:00/21-13:29:42,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/21-13:29:42,1245) (sd-pam) (root,24216,5348,00:00:07/21-13:29:41,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/21-13:29:41,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/21-13:29:40,1354) /usr/sbin/cron -n (root,693604,76796,00:28:04/21-13:29:34,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,216512,54956,00:07:23/21-13:29:20,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:02/02:11:36,1511) [kworker/2:0-events] (root,0,0,00:00:00/44:19,3242) [kworker/1:2-events] (root,0,0,00:00:00/09:37,3967) [kworker/0:1-events] (root,6656,3488,00:00:00/00:00,5859) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,5877) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,924,00:00:00/00:00,5878) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8180,00:00:00/33:11,7480) pickup -l -t fifo -u (root,0,0,00:00:00/08:02,9181) [kworker/1:1-ata_sff] (root,0,0,00:00:00/15:55,9645) [kworker/2:1] (root,35308,10012,00:00:00/15-11:20:36,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:51/15-11:20:35,15391) sshd: cm-ssh (root,0,0,00:00:00/22:15,15943) [kworker/3:2-events] (root,35308,10072,00:00:00/5-12:49:14,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:19/5-12:49:13,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:01:16,20180) [kworker/0:0-events] (root,0,0,00:00:00/01:08:02,27154) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/04:05:53,28374) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/02:50,28466) [kworker/1:0-ata_sff] (root,0,0,00:00:01/08:02:10,30433) [kworker/3:1-events] (postfix,44628,9372,00:00:00/15-18:06:21,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-03 23:53 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f3b684c0Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12828,00:00:53/19-12:58:30,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-12:58:30,2) [kthreadd] (root,0,0,00:00:00/19-12:58:30,3) [rcu_gp] (root,0,0,00:00:00/19-12:58:30,4) [rcu_par_gp] (root,0,0,00:00:00/19-12:58:30,5) [slub_flushwq] (root,0,0,00:00:00/19-12:58:30,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-12:58:30,9) [mm_percpu_wq] (root,0,0,00:00:00/19-12:58:30,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-12:58:30,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-12:58:30,12) [rcu_tasks_trace] (root,0,0,00:00:36/19-12:58:30,13) [ksoftirqd/0] (root,0,0,00:52:04/19-12:58:30,14) [rcu_preempt] (root,0,0,00:00:07/19-12:58:30,15) [migration/0] (root,0,0,00:00:00/19-12:58:30,16) [idle_inject/0] (root,0,0,00:00:00/19-12:58:30,18) [cpuhp/0] (root,0,0,00:00:00/19-12:58:30,19) [cpuhp/1] (root,0,0,00:00:00/19-12:58:30,20) [idle_inject/1] (root,0,0,00:00:07/19-12:58:30,21) [migration/1] (root,0,0,00:00:31/19-12:58:30,22) [ksoftirqd/1] (root,0,0,00:00:00/19-12:58:30,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-12:58:30,25) [cpuhp/2] (root,0,0,00:00:00/19-12:58:30,26) [idle_inject/2] (root,0,0,00:00:06/19-12:58:30,27) [migration/2] (root,0,0,00:38:54/19-12:58:30,28) [ksoftirqd/2] (root,0,0,00:00:00/19-12:58:30,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-12:58:30,31) [cpuhp/3] (root,0,0,00:00:00/19-12:58:30,32) [idle_inject/3] (root,0,0,00:00:07/19-12:58:30,33) [migration/3] (root,0,0,00:01:48/19-12:58:30,34) [ksoftirqd/3] (root,0,0,00:00:00/19-12:58:30,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-12:58:30,39) [kdevtmpfs] (root,0,0,00:00:00/19-12:58:30,40) [netns] (root,0,0,00:00:00/19-12:58:30,41) [inet_frag_wq] (root,0,0,00:00:05/19-12:58:30,42) [kauditd] (root,0,0,00:00:00/19-12:58:30,43) [khungtaskd] (root,0,0,00:00:00/19-12:58:30,44) [oom_reaper] (root,0,0,00:00:00/19-12:58:30,45) [writeback] (root,0,0,00:00:56/19-12:58:30,46) [kcompactd0] (root,0,0,00:00:00/19-12:58:30,47) [ksmd] (root,0,0,00:00:57/19-12:58:30,48) [khugepaged] (root,0,0,00:00:00/19-12:58:30,74) [kintegrityd] (root,0,0,00:00:00/19-12:58:30,75) [kblockd] (root,0,0,00:00:00/19-12:58:30,76) [blkcg_punt_bio] (root,0,0,00:00:00/19-12:58:30,78) [tpm_dev_wq] (root,0,0,00:00:00/19-12:58:30,79) [edac-poller] (root,0,0,00:00:00/19-12:58:30,80) [devfreq_wq] (root,0,0,00:00:00/19-12:58:30,110) [watchdogd] (root,0,0,00:00:03/19-12:58:30,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/19-12:58:30,112) [kswapd0] (root,0,0,00:00:00/19-12:58:29,114) [kthrotld] (root,0,0,00:00:00/19-12:58:29,115) [mld] (root,0,0,00:00:00/19-12:58:29,116) [ipv6_addrconf] (root,0,0,00:00:08/19-12:58:29,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/19-12:58:29,122) [kstrp] (root,0,0,00:00:00/19-12:58:29,123) [zswap-shrink] (root,0,0,00:00:00/19-12:58:29,124) [kworker/u9:0] (root,0,0,00:00:00/19-12:58:29,129) [charger_manager] (root,0,0,00:00:04/19-12:58:28,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/19-12:58:28,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-12:58:28,205) [kaluad] (root,0,0,00:00:00/19-12:58:28,250) [kmpath_rdacd] (root,0,0,00:00:00/19-12:58:28,293) [kmpathd] (root,0,0,00:00:00/19-12:58:28,294) [kmpath_handlerd] (root,0,0,00:00:00/19-12:58:28,342) [ata_sff] (root,0,0,00:00:00/19-12:58:27,343) [scsi_eh_0] (root,0,0,00:00:00/19-12:58:27,344) [scsi_tmf_0] (root,0,0,00:00:00/19-12:58:27,345) [scsi_eh_1] (root,0,0,00:00:00/19-12:58:27,346) [scsi_tmf_1] (root,0,0,00:00:29/19-12:58:25,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-12:58:25,367) [ext4-rsv-conver] (root,38604,7876,00:00:29/19-12:58:13,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/19-12:58:12,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:29/19-12:58:10,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:10/19-12:57:36,512) /sbin/auditd (messagebus,22936,5672,00:00:58/19-12:57:36,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:33/19-12:57:36,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/19-12:57:36,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,0,0,00:00:00/01:54,577) [kworker/1:2-ata_sff] (root,31876,16220,00:00:03/19-12:57:35,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/19-12:57:35,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29812,00:00:22/19-12:57:21,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/19-12:57:21,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:48/19-12:57:20,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/19-12:57:20,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/19-12:57:20,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/19-12:57:20,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/19-12:57:20,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:28/19-12:57:20,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:39/19-12:57:20,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/19-12:57:20,1206) bpfilter_umh (root,26204,8300,00:00:09/19-12:57:20,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/19-12:57:20,1215) ntpd: asynchronous dns resolver (spot,284700,171752,1-01:00:57/19-12:57:20,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/19-12:57:19,1228) (sd-pam) (checkmk,48532,3192,00:00:00/19-12:57:19,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/19-12:57:19,1245) (sd-pam) (root,24216,5348,00:00:06/19-12:57:18,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/19-12:57:18,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/19-12:57:17,1354) /usr/sbin/cron -n (root,692836,75756,00:25:22/19-12:57:11,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,215488,53048,00:06:33/19-12:56:57,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:12:17,3881) [kworker/0:0] (root,0,0,00:00:01/04:59:54,3898) [kworker/3:2-events] (root,0,0,00:00:00/00:08,4121) [kworker/u8:0-flush-253:0] (root,6656,3488,00:00:00/00:00,4174) /bin/bash /usr/bin/check_mk_agent (root,13744,3504,00:00:00/00:00,4192) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,4193) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:31:08,5253) [kworker/u8:2-writeback] (root,0,0,00:00:00/54:10,5674) [kworker/3:1] (root,0,0,00:00:00/53:47,7240) [kworker/1:1-events] (root,0,0,00:00:00/07:05,14977) [kworker/1:0-ata_sff] (root,35308,10012,00:00:00/13-10:48:13,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:44/13-10:48:12,15391) sshd: cm-ssh (root,35308,10072,00:00:00/3-12:16:51,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:12/3-12:16:50,16977) sshd: syslogtunnel (root,0,0,00:00:00/04:10:09,17740) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:02/02:44:22,19370) [kworker/2:0-events] (root,0,0,00:00:00/16:40,21913) [kworker/2:2-events] (postfix,24244,8204,00:00:00/21:46,22577) pickup -l -t fifo -u (root,0,0,00:00:00/01:24:32,26126) [kworker/0:2-events] (postfix,44628,9416,00:00:00/13-17:33:58,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-01 23:20 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e58b4956Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:49/17-13:05:21,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-13:05:21,2) [kthreadd] (root,0,0,00:00:00/17-13:05:21,3) [rcu_gp] (root,0,0,00:00:00/17-13:05:21,4) [rcu_par_gp] (root,0,0,00:00:00/17-13:05:21,5) [slub_flushwq] (root,0,0,00:00:00/17-13:05:21,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-13:05:21,9) [mm_percpu_wq] (root,0,0,00:00:00/17-13:05:21,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-13:05:21,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-13:05:21,12) [rcu_tasks_trace] (root,0,0,00:00:32/17-13:05:21,13) [ksoftirqd/0] (root,0,0,00:46:57/17-13:05:21,14) [rcu_preempt] (root,0,0,00:00:06/17-13:05:21,15) [migration/0] (root,0,0,00:00:00/17-13:05:21,16) [idle_inject/0] (root,0,0,00:00:00/17-13:05:21,18) [cpuhp/0] (root,0,0,00:00:00/17-13:05:21,19) [cpuhp/1] (root,0,0,00:00:00/17-13:05:21,20) [idle_inject/1] (root,0,0,00:00:07/17-13:05:21,21) [migration/1] (root,0,0,00:00:28/17-13:05:21,22) [ksoftirqd/1] (root,0,0,00:00:00/17-13:05:21,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-13:05:21,25) [cpuhp/2] (root,0,0,00:00:00/17-13:05:21,26) [idle_inject/2] (root,0,0,00:00:05/17-13:05:21,27) [migration/2] (root,0,0,00:35:44/17-13:05:21,28) [ksoftirqd/2] (root,0,0,00:00:00/17-13:05:21,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-13:05:21,31) [cpuhp/3] (root,0,0,00:00:00/17-13:05:21,32) [idle_inject/3] (root,0,0,00:00:06/17-13:05:21,33) [migration/3] (root,0,0,00:01:39/17-13:05:21,34) [ksoftirqd/3] (root,0,0,00:00:00/17-13:05:21,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-13:05:21,39) [kdevtmpfs] (root,0,0,00:00:00/17-13:05:21,40) [netns] (root,0,0,00:00:00/17-13:05:21,41) [inet_frag_wq] (root,0,0,00:00:04/17-13:05:21,42) [kauditd] (root,0,0,00:00:00/17-13:05:21,43) [khungtaskd] (root,0,0,00:00:00/17-13:05:21,44) [oom_reaper] (root,0,0,00:00:00/17-13:05:21,45) [writeback] (root,0,0,00:00:51/17-13:05:21,46) [kcompactd0] (root,0,0,00:00:00/17-13:05:21,47) [ksmd] (root,0,0,00:00:51/17-13:05:21,48) [khugepaged] (root,0,0,00:00:00/17-13:05:21,74) [kintegrityd] (root,0,0,00:00:00/17-13:05:21,75) [kblockd] (root,0,0,00:00:00/17-13:05:21,76) [blkcg_punt_bio] (root,0,0,00:00:00/17-13:05:21,78) [tpm_dev_wq] (root,0,0,00:00:00/17-13:05:21,79) [edac-poller] (root,0,0,00:00:00/17-13:05:21,80) [devfreq_wq] (root,0,0,00:00:00/17-13:05:21,110) [watchdogd] (root,0,0,00:00:03/17-13:05:21,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/17-13:05:21,112) [kswapd0] (root,0,0,00:00:00/17-13:05:20,114) [kthrotld] (root,0,0,00:00:00/17-13:05:20,115) [mld] (root,0,0,00:00:00/17-13:05:20,116) [ipv6_addrconf] (root,0,0,00:00:07/17-13:05:20,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/17-13:05:20,122) [kstrp] (root,0,0,00:00:00/17-13:05:20,123) [zswap-shrink] (root,0,0,00:00:00/17-13:05:20,124) [kworker/u9:0] (root,0,0,00:00:00/17-13:05:20,129) [charger_manager] (root,0,0,00:00:03/17-13:05:19,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/17-13:05:19,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-13:05:19,205) [kaluad] (root,0,0,00:00:00/17-13:05:19,250) [kmpath_rdacd] (root,0,0,00:00:00/17-13:05:19,293) [kmpathd] (root,0,0,00:00:00/17-13:05:19,294) [kmpath_handlerd] (root,0,0,00:00:00/17-13:05:19,342) [ata_sff] (root,0,0,00:00:00/17-13:05:18,343) [scsi_eh_0] (root,0,0,00:00:00/17-13:05:18,344) [scsi_tmf_0] (root,0,0,00:00:00/17-13:05:18,345) [scsi_eh_1] (root,0,0,00:00:00/17-13:05:18,346) [scsi_tmf_1] (root,0,0,00:00:26/17-13:05:16,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-13:05:16,367) [ext4-rsv-conver] (root,38604,7876,00:00:27/17-13:05:04,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/17-13:05:03,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:26/17-13:05:01,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:10/17-13:04:27,512) /sbin/auditd (messagebus,22936,5672,00:00:54/17-13:04:27,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:31/17-13:04:27,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/17-13:04:27,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/17-13:04:26,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/17-13:04:26,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,6656,3488,00:00:00/00:00,968) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,986) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,987) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,547848,29016,00:00:19/17-13:04:12,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/17-13:04:12,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:36/17-13:04:11,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/17-13:04:11,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/17-13:04:11,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/17-13:04:11,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/17-13:04:11,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:26/17-13:04:11,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:22/17-13:04:11,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/17-13:04:11,1206) bpfilter_umh (root,26204,8300,00:00:08/17-13:04:11,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/17-13:04:11,1215) ntpd: asynchronous dns resolver (spot,285404,171928,23:04:31/17-13:04:11,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/17-13:04:10,1228) (sd-pam) (checkmk,48532,3192,00:00:00/17-13:04:10,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/17-13:04:10,1245) (sd-pam) (root,24216,5348,00:00:05/17-13:04:09,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/17-13:04:09,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/17-13:04:08,1354) /usr/sbin/cron -n (root,692236,75412,00:22:47/17-13:04:02,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,214464,51012,00:05:52/17-13:03:48,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/08:46,2274) [kworker/1:1-ata_sff] (root,0,0,00:00:03/02:22:06,3299) [kworker/2:0-events] (root,0,0,00:00:00/31:33,6422) [kworker/0:2-events] (root,0,0,00:00:00/03:35,9703) [kworker/1:0-ata_sff] (postfix,24244,8240,00:00:00/50:29,9878) pickup -l -t fifo -u (root,0,0,00:00:00/06:59,14121) [kworker/3:0-cgroup_destroy] (root,35308,10012,00:00:00/11-10:55:04,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:38/11-10:55:03,15391) sshd: cm-ssh (root,35308,10072,00:00:00/1-12:23:42,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:05/1-12:23:41,16977) sshd: syslogtunnel (root,0,0,00:00:00/19:07,19748) [kworker/2:2-events] (root,0,0,00:00:02/04:48:56,19752) [kworker/1:2-events] (root,0,0,00:00:00/01:22:28,19953) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:01/04:06:40,24312) [kworker/0:0-events] (root,0,0,00:00:00/07:10:27,28658) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/00:50,29069) [kworker/3:2] (postfix,44628,9416,00:00:00/11-17:40:49,30472) tlsmgr -l -t unix -u (root,0,0,00:00:01/02:52:30,32305) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-29 23:27 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d76522ccFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:45/15-13:35:53,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-13:35:53,2) [kthreadd] (root,0,0,00:00:00/15-13:35:53,3) [rcu_gp] (root,0,0,00:00:00/15-13:35:53,4) [rcu_par_gp] (root,0,0,00:00:00/15-13:35:53,5) [slub_flushwq] (root,0,0,00:00:00/15-13:35:53,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-13:35:53,9) [mm_percpu_wq] (root,0,0,00:00:00/15-13:35:53,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-13:35:53,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-13:35:53,12) [rcu_tasks_trace] (root,0,0,00:00:29/15-13:35:53,13) [ksoftirqd/0] (root,0,0,00:41:47/15-13:35:53,14) [rcu_preempt] (root,0,0,00:00:05/15-13:35:53,15) [migration/0] (root,0,0,00:00:00/15-13:35:53,16) [idle_inject/0] (root,0,0,00:00:00/15-13:35:53,18) [cpuhp/0] (root,0,0,00:00:00/15-13:35:53,19) [cpuhp/1] (root,0,0,00:00:00/15-13:35:53,20) [idle_inject/1] (root,0,0,00:00:06/15-13:35:53,21) [migration/1] (root,0,0,00:00:25/15-13:35:53,22) [ksoftirqd/1] (root,0,0,00:00:00/15-13:35:53,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-13:35:53,25) [cpuhp/2] (root,0,0,00:00:00/15-13:35:53,26) [idle_inject/2] (root,0,0,00:00:05/15-13:35:53,27) [migration/2] (root,0,0,00:32:19/15-13:35:53,28) [ksoftirqd/2] (root,0,0,00:00:00/15-13:35:53,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-13:35:53,31) [cpuhp/3] (root,0,0,00:00:00/15-13:35:53,32) [idle_inject/3] (root,0,0,00:00:05/15-13:35:53,33) [migration/3] (root,0,0,00:01:29/15-13:35:53,34) [ksoftirqd/3] (root,0,0,00:00:00/15-13:35:53,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-13:35:53,39) [kdevtmpfs] (root,0,0,00:00:00/15-13:35:53,40) [netns] (root,0,0,00:00:00/15-13:35:53,41) [inet_frag_wq] (root,0,0,00:00:04/15-13:35:53,42) [kauditd] (root,0,0,00:00:00/15-13:35:53,43) [khungtaskd] (root,0,0,00:00:00/15-13:35:53,44) [oom_reaper] (root,0,0,00:00:00/15-13:35:53,45) [writeback] (root,0,0,00:00:46/15-13:35:53,46) [kcompactd0] (root,0,0,00:00:00/15-13:35:53,47) [ksmd] (root,0,0,00:00:46/15-13:35:53,48) [khugepaged] (root,0,0,00:00:00/15-13:35:53,74) [kintegrityd] (root,0,0,00:00:00/15-13:35:53,75) [kblockd] (root,0,0,00:00:00/15-13:35:53,76) [blkcg_punt_bio] (root,0,0,00:00:00/15-13:35:53,78) [tpm_dev_wq] (root,0,0,00:00:00/15-13:35:53,79) [edac-poller] (root,0,0,00:00:00/15-13:35:53,80) [devfreq_wq] (root,0,0,00:00:00/15-13:35:53,110) [watchdogd] (root,0,0,00:00:03/15-13:35:53,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/15-13:35:53,112) [kswapd0] (root,0,0,00:00:00/15-13:35:52,114) [kthrotld] (root,0,0,00:00:00/15-13:35:52,115) [mld] (root,0,0,00:00:00/15-13:35:52,116) [ipv6_addrconf] (root,0,0,00:00:06/15-13:35:52,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/15-13:35:52,122) [kstrp] (root,0,0,00:00:00/15-13:35:52,123) [zswap-shrink] (root,0,0,00:00:00/15-13:35:52,124) [kworker/u9:0] (root,0,0,00:00:00/15-13:35:52,129) [charger_manager] (root,0,0,00:00:03/15-13:35:51,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/15-13:35:51,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-13:35:51,205) [kaluad] (root,0,0,00:00:00/15-13:35:51,250) [kmpath_rdacd] (root,0,0,00:00:00/15-13:35:51,293) [kmpathd] (root,0,0,00:00:00/15-13:35:51,294) [kmpath_handlerd] (root,0,0,00:00:00/15-13:35:51,342) [ata_sff] (root,0,0,00:00:00/15-13:35:50,343) [scsi_eh_0] (root,0,0,00:00:00/15-13:35:50,344) [scsi_tmf_0] (root,0,0,00:00:00/15-13:35:50,345) [scsi_eh_1] (root,0,0,00:00:00/15-13:35:50,346) [scsi_tmf_1] (root,0,0,00:00:23/15-13:35:48,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-13:35:48,367) [ext4-rsv-conver] (root,38604,7876,00:00:24/15-13:35:36,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/15-13:35:35,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:23/15-13:35:33,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:09/15-13:34:59,512) /sbin/auditd (messagebus,22936,5672,00:00:49/15-13:34:59,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:28/15-13:34:59,531) /usr/lib/systemd/systemd-logind (root,0,0,00:00:00/39:30,539) [kworker/0:2] (root,20556,5140,00:00:00/15-13:34:59,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/15-13:34:58,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/15-13:34:58,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27976,00:00:17/15-13:34:44,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/15-13:34:44,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:24/15-13:34:43,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/15-13:34:43,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/15-13:34:43,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/15-13:34:43,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/15-13:34:43,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:24/15-13:34:43,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:06/15-13:34:43,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/15-13:34:43,1206) bpfilter_umh (root,26204,8300,00:00:07/15-13:34:43,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/15-13:34:43,1215) ntpd: asynchronous dns resolver (spot,285348,171356,20:56:09/15-13:34:43,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/15-13:34:42,1228) (sd-pam) (checkmk,48532,3192,00:00:00/15-13:34:42,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/15-13:34:42,1245) (sd-pam) (root,24216,5348,00:00:05/15-13:34:41,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/15-13:34:41,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/15-13:34:40,1354) /usr/sbin/cron -n (root,691980,74872,00:20:09/15-13:34:34,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,213440,49184,00:05:10/15-13:34:20,1380) /usr/bin/python3.11 /usr/bin/spot (postfix,24244,8144,00:00:00/03:01,7227) pickup -l -t fifo -u (root,35308,10012,00:00:00/8-05:30:47,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:29/8-05:30:47,8749) sshd: syslogtunnel (root,0,0,00:00:00/28:11,10498) [kworker/3:0-events] (root,0,0,00:00:01/50:49,10640) [kworker/2:2-events] (root,0,0,00:00:00/22:34,12886) [kworker/2:0] (root,35308,10012,00:00:00/9-11:25:36,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:31/9-11:25:35,15391) sshd: cm-ssh (root,0,0,00:00:00/27:04,16028) [kworker/1:1-events] (root,0,0,00:00:00/01:07,16228) [kworker/1:0-ata_sff] (root,0,0,00:00:00/06:18,23211) [kworker/1:2-ata_sff] (root,6656,3492,00:00:00/00:00,25920) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,25938) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,25939) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:01:59,26890) [kworker/0:1-events] (root,0,0,00:00:00/05:09,28652) [kworker/u8:0-flush-253:0] (postfix,44628,9416,00:00:00/9-18:11:21,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/57:10,30764) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:01/05:25:11,31041) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-27 23:58 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363bc7f9022Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:40/13-13:49:59,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-13:49:59,2) [kthreadd] (root,0,0,00:00:00/13-13:49:59,3) [rcu_gp] (root,0,0,00:00:00/13-13:49:59,4) [rcu_par_gp] (root,0,0,00:00:00/13-13:49:59,5) [slub_flushwq] (root,0,0,00:00:00/13-13:49:59,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-13:49:59,9) [mm_percpu_wq] (root,0,0,00:00:00/13-13:49:59,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-13:49:59,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-13:49:59,12) [rcu_tasks_trace] (root,0,0,00:00:25/13-13:49:59,13) [ksoftirqd/0] (root,0,0,00:36:34/13-13:49:59,14) [rcu_preempt] (root,0,0,00:00:05/13-13:49:59,15) [migration/0] (root,0,0,00:00:00/13-13:49:59,16) [idle_inject/0] (root,0,0,00:00:00/13-13:49:59,18) [cpuhp/0] (root,0,0,00:00:00/13-13:49:59,19) [cpuhp/1] (root,0,0,00:00:00/13-13:49:59,20) [idle_inject/1] (root,0,0,00:00:05/13-13:49:59,21) [migration/1] (root,0,0,00:00:22/13-13:49:59,22) [ksoftirqd/1] (root,0,0,00:00:00/13-13:49:59,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-13:49:59,25) [cpuhp/2] (root,0,0,00:00:00/13-13:49:59,26) [idle_inject/2] (root,0,0,00:00:04/13-13:49:59,27) [migration/2] (root,0,0,00:28:51/13-13:49:59,28) [ksoftirqd/2] (root,0,0,00:00:00/13-13:49:59,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-13:49:59,31) [cpuhp/3] (root,0,0,00:00:00/13-13:49:59,32) [idle_inject/3] (root,0,0,00:00:05/13-13:49:59,33) [migration/3] (root,0,0,00:01:19/13-13:49:59,34) [ksoftirqd/3] (root,0,0,00:00:00/13-13:49:59,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-13:49:59,39) [kdevtmpfs] (root,0,0,00:00:00/13-13:49:59,40) [netns] (root,0,0,00:00:00/13-13:49:59,41) [inet_frag_wq] (root,0,0,00:00:04/13-13:49:59,42) [kauditd] (root,0,0,00:00:00/13-13:49:59,43) [khungtaskd] (root,0,0,00:00:00/13-13:49:59,44) [oom_reaper] (root,0,0,00:00:00/13-13:49:59,45) [writeback] (root,0,0,00:00:40/13-13:49:59,46) [kcompactd0] (root,0,0,00:00:00/13-13:49:59,47) [ksmd] (root,0,0,00:00:40/13-13:49:59,48) [khugepaged] (root,0,0,00:00:00/13-13:49:59,74) [kintegrityd] (root,0,0,00:00:00/13-13:49:59,75) [kblockd] (root,0,0,00:00:00/13-13:49:59,76) [blkcg_punt_bio] (root,0,0,00:00:00/13-13:49:59,78) [tpm_dev_wq] (root,0,0,00:00:00/13-13:49:59,79) [edac-poller] (root,0,0,00:00:00/13-13:49:59,80) [devfreq_wq] (root,0,0,00:00:00/13-13:49:59,110) [watchdogd] (root,0,0,00:00:02/13-13:49:59,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/13-13:49:59,112) [kswapd0] (root,0,0,00:00:00/13-13:49:58,114) [kthrotld] (root,0,0,00:00:00/13-13:49:58,115) [mld] (root,0,0,00:00:00/13-13:49:58,116) [ipv6_addrconf] (root,0,0,00:00:05/13-13:49:58,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/13-13:49:58,122) [kstrp] (root,0,0,00:00:00/13-13:49:58,123) [zswap-shrink] (root,0,0,00:00:00/13-13:49:58,124) [kworker/u9:0] (root,0,0,00:00:00/13-13:49:58,129) [charger_manager] (root,0,0,00:00:02/13-13:49:57,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/13-13:49:57,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-13:49:57,205) [kaluad] (root,0,0,00:00:00/13-13:49:57,250) [kmpath_rdacd] (root,0,0,00:00:00/13-13:49:57,293) [kmpathd] (root,0,0,00:00:00/13-13:49:57,294) [kmpath_handlerd] (root,0,0,00:00:00/13-13:49:57,342) [ata_sff] (root,0,0,00:00:00/13-13:49:56,343) [scsi_eh_0] (root,0,0,00:00:00/13-13:49:56,344) [scsi_tmf_0] (root,0,0,00:00:00/13-13:49:56,345) [scsi_eh_1] (root,0,0,00:00:00/13-13:49:56,346) [scsi_tmf_1] (root,0,0,00:00:20/13-13:49:54,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-13:49:54,367) [ext4-rsv-conver] (root,38604,7876,00:00:22/13-13:49:42,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/13-13:49:41,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:20/13-13:49:39,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:08/13-13:49:05,512) /sbin/auditd (messagebus,22936,5672,00:00:45/13-13:49:05,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8536,00:00:25/13-13:49:05,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/13-13:49:05,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/13-13:49:04,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/13-13:49:04,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27716,00:00:15/13-13:48:50,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/13-13:48:50,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:12/13-13:48:49,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/13-13:48:49,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/13-13:48:49,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/13-13:48:49,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/13-13:48:49,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:21/13-13:48:49,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:01:50/13-13:48:49,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/13-13:48:49,1206) bpfilter_umh (root,26204,8300,00:00:07/13-13:48:49,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/13-13:48:49,1215) ntpd: asynchronous dns resolver (spot,286660,171612,18:13:40/13-13:48:49,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/13-13:48:48,1228) (sd-pam) (checkmk,48532,3192,00:00:00/13-13:48:48,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/13-13:48:48,1245) (sd-pam) (root,24216,5348,00:00:04/13-13:48:47,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/13-13:48:47,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/13-13:48:46,1354) /usr/sbin/cron -n (root,691980,74552,00:17:33/13-13:48:40,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,47904,00:04:29/13-13:48:26,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/28:00,2659) [kworker/2:0-events] (root,0,0,00:00:00/09:14,3454) [kworker/1:1-events] (root,0,0,00:00:04/03:46:37,4939) [kworker/2:2-events] (root,0,0,00:00:00/35:11,6937) [kworker/1:0-ata_sff] (root,6656,3480,00:00:00/00:00,7363) /bin/bash /usr/bin/check_mk_agent (root,13744,3504,00:00:00/00:00,7381) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,7382) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10012,00:00:00/6-05:44:53,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:22/6-05:44:53,8749) sshd: syslogtunnel (root,0,0,00:00:00/33:00,13988) [kworker/0:0-events] (root,35308,10012,00:00:00/7-11:39:42,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:25/7-11:39:41,15391) sshd: cm-ssh (postfix,24244,8212,00:00:00/39:01,19097) pickup -l -t fifo -u (root,0,0,00:00:00/53:27,23451) [kworker/3:1-events] (root,0,0,00:00:00/04:04,24026) [kworker/1:2-ata_sff] (root,0,0,00:00:00/01:23:47,24348) [kworker/u8:1-ext4-rsv-conversion] (postfix,44628,9416,00:00:00/7-18:25:27,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/43:14,31001) [kworker/0:2-events] (root,0,0,00:00:00/11:37,31497) [kworker/u8:2-flush-253:0] (root,0,0,00:00:01/04:17:17,31777) [kworker/3:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-26 00:12 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683635b5372e9Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:35/11-13:03:58,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-13:03:58,2) [kthreadd] (root,0,0,00:00:00/11-13:03:58,3) [rcu_gp] (root,0,0,00:00:00/11-13:03:58,4) [rcu_par_gp] (root,0,0,00:00:00/11-13:03:58,5) [slub_flushwq] (root,0,0,00:00:00/11-13:03:58,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-13:03:58,9) [mm_percpu_wq] (root,0,0,00:00:00/11-13:03:58,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-13:03:58,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-13:03:58,12) [rcu_tasks_trace] (root,0,0,00:00:20/11-13:03:58,13) [ksoftirqd/0] (root,0,0,00:30:43/11-13:03:58,14) [rcu_preempt] (root,0,0,00:00:04/11-13:03:58,15) [migration/0] (root,0,0,00:00:00/11-13:03:58,16) [idle_inject/0] (root,0,0,00:00:00/11-13:03:58,18) [cpuhp/0] (root,0,0,00:00:00/11-13:03:58,19) [cpuhp/1] (root,0,0,00:00:00/11-13:03:58,20) [idle_inject/1] (root,0,0,00:00:04/11-13:03:58,21) [migration/1] (root,0,0,00:00:17/11-13:03:58,22) [ksoftirqd/1] (root,0,0,00:00:00/11-13:03:58,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-13:03:58,25) [cpuhp/2] (root,0,0,00:00:00/11-13:03:58,26) [idle_inject/2] (root,0,0,00:00:03/11-13:03:58,27) [migration/2] (root,0,0,00:24:12/11-13:03:58,28) [ksoftirqd/2] (root,0,0,00:00:00/11-13:03:58,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-13:03:58,31) [cpuhp/3] (root,0,0,00:00:00/11-13:03:58,32) [idle_inject/3] (root,0,0,00:00:04/11-13:03:58,33) [migration/3] (root,0,0,00:01:05/11-13:03:58,34) [ksoftirqd/3] (root,0,0,00:00:00/11-13:03:58,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-13:03:58,39) [kdevtmpfs] (root,0,0,00:00:00/11-13:03:58,40) [netns] (root,0,0,00:00:00/11-13:03:58,41) [inet_frag_wq] (root,0,0,00:00:03/11-13:03:58,42) [kauditd] (root,0,0,00:00:00/11-13:03:58,43) [khungtaskd] (root,0,0,00:00:00/11-13:03:58,44) [oom_reaper] (root,0,0,00:00:00/11-13:03:58,45) [writeback] (root,0,0,00:00:33/11-13:03:58,46) [kcompactd0] (root,0,0,00:00:00/11-13:03:58,47) [ksmd] (root,0,0,00:00:34/11-13:03:58,48) [khugepaged] (root,0,0,00:00:00/11-13:03:58,74) [kintegrityd] (root,0,0,00:00:00/11-13:03:58,75) [kblockd] (root,0,0,00:00:00/11-13:03:58,76) [blkcg_punt_bio] (root,0,0,00:00:00/11-13:03:58,78) [tpm_dev_wq] (root,0,0,00:00:00/11-13:03:58,79) [edac-poller] (root,0,0,00:00:00/11-13:03:58,80) [devfreq_wq] (root,0,0,00:00:00/11-13:03:58,110) [watchdogd] (root,0,0,00:00:02/11-13:03:58,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-13:03:58,112) [kswapd0] (root,0,0,00:00:00/11-13:03:57,114) [kthrotld] (root,0,0,00:00:00/11-13:03:57,115) [mld] (root,0,0,00:00:00/11-13:03:57,116) [ipv6_addrconf] (root,0,0,00:00:04/11-13:03:57,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/11-13:03:57,122) [kstrp] (root,0,0,00:00:00/11-13:03:57,123) [zswap-shrink] (root,0,0,00:00:00/11-13:03:57,124) [kworker/u9:0] (root,0,0,00:00:00/11-13:03:57,129) [charger_manager] (root,0,0,00:00:02/11-13:03:56,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/11-13:03:56,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-13:03:56,205) [kaluad] (root,0,0,00:00:00/11-13:03:56,250) [kmpath_rdacd] (root,0,0,00:00:00/11-13:03:56,293) [kmpathd] (root,0,0,00:00:00/11-13:03:56,294) [kmpath_handlerd] (root,0,0,00:00:00/11-13:03:56,342) [ata_sff] (root,0,0,00:00:00/11-13:03:55,343) [scsi_eh_0] (root,0,0,00:00:00/11-13:03:55,344) [scsi_tmf_0] (root,0,0,00:00:00/11-13:03:55,345) [scsi_eh_1] (root,0,0,00:00:00/11-13:03:55,346) [scsi_tmf_1] (root,0,0,00:00:17/11-13:03:53,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-13:03:53,367) [ext4-rsv-conver] (root,38604,7900,00:00:19/11-13:03:41,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/11-13:03:40,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:17/11-13:03:38,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:07/11-13:03:04,512) /sbin/auditd (messagebus,22936,5672,00:00:39/11-13:03:04,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8548,00:00:22/11-13:03:04,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/11-13:03:04,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/11-13:03:03,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/11-13:03:03,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27724,00:00:13/11-13:02:49,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/11-13:02:49,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:00/11-13:02:48,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/11-13:02:48,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/11-13:02:48,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/11-13:02:48,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/11-13:02:48,1201) /usr/lib/systemd/systemd --user (root,448968,9084,00:00:18/11-13:02:48,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:33/11-13:02:48,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/11-13:02:48,1206) bpfilter_umh (root,26204,8300,00:00:06/11-13:02:48,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/11-13:02:48,1215) ntpd: asynchronous dns resolver (spot,285284,171264,14:18:59/11-13:02:48,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/11-13:02:47,1228) (sd-pam) (checkmk,48532,3192,00:00:00/11-13:02:47,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/11-13:02:47,1245) (sd-pam) (root,24216,5348,00:00:03/11-13:02:46,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/11-13:02:46,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/11-13:02:45,1354) /usr/sbin/cron -n (root,691724,74148,00:14:52/11-13:02:39,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,211392,46608,00:03:46/11-13:02:25,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/10:26:07,4619) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/01:07:14,6242) [kworker/3:1-cgroup_destroy] (postfix,24244,8200,00:00:00/13:40,7853) pickup -l -t fifo -u (root,35308,10012,00:00:00/4-04:58:52,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:15/4-04:58:52,8749) sshd: syslogtunnel (root,0,0,00:00:00/01:35:53,9247) [kworker/0:1-events] (root,0,0,00:00:00/05:01,10561) [kworker/1:2-ata_sff] (root,35308,10012,00:00:00/5-10:53:41,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:18/5-10:53:40,15391) sshd: cm-ssh (root,0,0,00:00:00/02:29:11,16718) [kworker/2:2-events] (root,0,0,00:00:00/03:20,17431) [kworker/3:0] (root,0,0,00:00:00/10:14,18508) [kworker/1:0-ata_sff] (root,0,0,00:00:00/02:08:17,18633) [kworker/3:2-events] (root,0,0,00:00:02/03:11:48,21671) [kworker/1:1-events] (root,6656,3484,00:00:00/00:00,22287) /bin/bash /usr/bin/check_mk_agent (root,6656,1820,00:00:00/00:00,22352) /bin/bash /usr/bin/check_mk_agent (root,6656,2012,00:00:00/00:00,22353) /bin/bash /usr/bin/check_mk_agent (root,4480,1168,00:00:00/00:00,22354) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,788,00:00:00/00:00,22355) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,680,00:00:00/00:00,22356) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3484,00:00:00/00:00,22357) /bin/bash /usr/bin/check_mk_agent (root,13744,3372,00:00:00/00:00,22375) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,22376) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:34,27030) [kworker/2:0-events] (root,0,0,00:00:00/38:35,30297) [kworker/0:2-events] (postfix,44628,9464,00:00:00/5-17:39:26,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:45:04,31970) [kworker/u8:2-flush-253:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-23 23:26 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683638cd348dfFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:30/9-13:21:05,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-13:21:05,2) [kthreadd] (root,0,0,00:00:00/9-13:21:05,3) [rcu_gp] (root,0,0,00:00:00/9-13:21:05,4) [rcu_par_gp] (root,0,0,00:00:00/9-13:21:05,5) [slub_flushwq] (root,0,0,00:00:00/9-13:21:05,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-13:21:05,9) [mm_percpu_wq] (root,0,0,00:00:00/9-13:21:05,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-13:21:05,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-13:21:05,12) [rcu_tasks_trace] (root,0,0,00:00:16/9-13:21:05,13) [ksoftirqd/0] (root,0,0,00:25:18/9-13:21:05,14) [rcu_preempt] (root,0,0,00:00:03/9-13:21:05,15) [migration/0] (root,0,0,00:00:00/9-13:21:05,16) [idle_inject/0] (root,0,0,00:00:00/9-13:21:05,18) [cpuhp/0] (root,0,0,00:00:00/9-13:21:05,19) [cpuhp/1] (root,0,0,00:00:00/9-13:21:05,20) [idle_inject/1] (root,0,0,00:00:03/9-13:21:05,21) [migration/1] (root,0,0,00:00:14/9-13:21:05,22) [ksoftirqd/1] (root,0,0,00:00:00/9-13:21:05,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-13:21:05,25) [cpuhp/2] (root,0,0,00:00:00/9-13:21:05,26) [idle_inject/2] (root,0,0,00:00:03/9-13:21:05,27) [migration/2] (root,0,0,00:20:18/9-13:21:05,28) [ksoftirqd/2] (root,0,0,00:00:00/9-13:21:05,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-13:21:05,31) [cpuhp/3] (root,0,0,00:00:00/9-13:21:05,32) [idle_inject/3] (root,0,0,00:00:03/9-13:21:05,33) [migration/3] (root,0,0,00:00:54/9-13:21:05,34) [ksoftirqd/3] (root,0,0,00:00:00/9-13:21:05,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-13:21:05,39) [kdevtmpfs] (root,0,0,00:00:00/9-13:21:05,40) [netns] (root,0,0,00:00:00/9-13:21:05,41) [inet_frag_wq] (root,0,0,00:00:03/9-13:21:05,42) [kauditd] (root,0,0,00:00:00/9-13:21:05,43) [khungtaskd] (root,0,0,00:00:00/9-13:21:05,44) [oom_reaper] (root,0,0,00:00:00/9-13:21:05,45) [writeback] (root,0,0,00:00:27/9-13:21:05,46) [kcompactd0] (root,0,0,00:00:00/9-13:21:05,47) [ksmd] (root,0,0,00:00:29/9-13:21:05,48) [khugepaged] (root,0,0,00:00:00/9-13:21:05,74) [kintegrityd] (root,0,0,00:00:00/9-13:21:05,75) [kblockd] (root,0,0,00:00:00/9-13:21:05,76) [blkcg_punt_bio] (root,0,0,00:00:00/9-13:21:05,78) [tpm_dev_wq] (root,0,0,00:00:00/9-13:21:05,79) [edac-poller] (root,0,0,00:00:00/9-13:21:05,80) [devfreq_wq] (root,0,0,00:00:00/9-13:21:05,110) [watchdogd] (root,0,0,00:00:01/9-13:21:05,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-13:21:05,112) [kswapd0] (root,0,0,00:00:00/9-13:21:04,114) [kthrotld] (root,0,0,00:00:00/9-13:21:04,115) [mld] (root,0,0,00:00:00/9-13:21:04,116) [ipv6_addrconf] (root,0,0,00:00:04/9-13:21:04,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/9-13:21:04,122) [kstrp] (root,0,0,00:00:00/9-13:21:04,123) [zswap-shrink] (root,0,0,00:00:00/9-13:21:04,124) [kworker/u9:0] (root,0,0,00:00:00/9-13:21:04,129) [charger_manager] (root,0,0,00:00:02/9-13:21:03,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/9-13:21:03,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-13:21:03,205) [kaluad] (root,0,0,00:00:00/9-13:21:03,250) [kmpath_rdacd] (root,0,0,00:00:00/9-13:21:03,293) [kmpathd] (root,0,0,00:00:00/9-13:21:03,294) [kmpath_handlerd] (root,0,0,00:00:00/9-13:21:03,342) [ata_sff] (root,0,0,00:00:00/9-13:21:02,343) [scsi_eh_0] (root,0,0,00:00:00/9-13:21:02,344) [scsi_tmf_0] (root,0,0,00:00:00/9-13:21:02,345) [scsi_eh_1] (root,0,0,00:00:00/9-13:21:02,346) [scsi_tmf_1] (root,0,0,00:00:14/9-13:21:00,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-13:21:00,367) [ext4-rsv-conver] (root,38604,7900,00:00:16/9-13:20:48,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/9-13:20:47,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:14/9-13:20:45,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:06/9-13:20:11,512) /sbin/auditd (messagebus,22936,5672,00:00:33/9-13:20:11,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:19/9-13:20:11,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/9-13:20:11,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/9-13:20:10,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/9-13:20:10,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,26656,00:00:11/9-13:19:56,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/9-13:19:56,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:50/9-13:19:55,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/9-13:19:55,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/9-13:19:55,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/9-13:19:55,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/9-13:19:55,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:16/9-13:19:55,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:16/9-13:19:55,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/9-13:19:55,1206) bpfilter_umh (root,26204,8300,00:00:05/9-13:19:55,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/9-13:19:55,1215) ntpd: asynchronous dns resolver (spot,282804,169204,11:10:53/9-13:19:55,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/9-13:19:54,1228) (sd-pam) (checkmk,48532,3192,00:00:00/9-13:19:54,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/9-13:19:54,1245) (sd-pam) (root,24216,5348,00:00:02/9-13:19:53,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/9-13:19:53,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/9-13:19:52,1354) /usr/sbin/cron -n (root,691336,73820,00:12:17/9-13:19:46,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,210368,45328,00:03:06/9-13:19:32,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:04/04:48:12,2819) [kworker/2:2-events] (root,0,0,00:00:00/49:30,6061) [kworker/1:0-events] (root,35308,10012,00:00:00/2-05:15:59,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:08/2-05:15:59,8749) sshd: syslogtunnel (root,0,0,00:00:00/02:48,10706) [kworker/1:1-ata_sff] (root,0,0,00:00:00/22:32,12858) [kworker/3:2] (root,35308,10012,00:00:00/3-11:10:48,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:11/3-11:10:47,15391) sshd: cm-ssh (root,0,0,00:00:00/43:07,15939) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/42:34,16117) [kworker/u8:0-writeback] (root,6656,3480,00:00:00/00:00,21347) /bin/bash /usr/bin/check_mk_agent (root,13744,3364,00:00:00/00:00,21365) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,924,00:00:00/00:00,21366) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:36:10,22141) [kworker/3:0-events] (root,0,0,00:00:00/31:03,22486) [kworker/u8:1] (root,0,0,00:00:00/01:32:06,25498) [kworker/0:1-events] (root,0,0,00:00:00/08:00,26528) [kworker/1:2-ata_sff] (postfix,24244,8308,00:00:00/52:40,28263) pickup -l -t fifo -u (root,0,0,00:00:00/27:25,29484) [kworker/0:0] (postfix,44628,9464,00:00:00/3-17:56:33,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-21 23:43 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683636680c276Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:24/7-13:42:30,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-13:42:30,2) [kthreadd] (root,0,0,00:00:00/7-13:42:30,3) [rcu_gp] (root,0,0,00:00:00/7-13:42:30,4) [rcu_par_gp] (root,0,0,00:00:00/7-13:42:30,5) [slub_flushwq] (root,0,0,00:00:00/7-13:42:30,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-13:42:30,9) [mm_percpu_wq] (root,0,0,00:00:00/7-13:42:30,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-13:42:30,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-13:42:30,12) [rcu_tasks_trace] (root,0,0,00:00:13/7-13:42:30,13) [ksoftirqd/0] (root,0,0,00:19:56/7-13:42:30,14) [rcu_preempt] (root,0,0,00:00:02/7-13:42:30,15) [migration/0] (root,0,0,00:00:00/7-13:42:30,16) [idle_inject/0] (root,0,0,00:00:00/7-13:42:30,18) [cpuhp/0] (root,0,0,00:00:00/7-13:42:30,19) [cpuhp/1] (root,0,0,00:00:00/7-13:42:30,20) [idle_inject/1] (root,0,0,00:00:03/7-13:42:30,21) [migration/1] (root,0,0,00:00:11/7-13:42:30,22) [ksoftirqd/1] (root,0,0,00:00:00/7-13:42:30,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-13:42:30,25) [cpuhp/2] (root,0,0,00:00:00/7-13:42:30,26) [idle_inject/2] (root,0,0,00:00:02/7-13:42:30,27) [migration/2] (root,0,0,00:16:02/7-13:42:30,28) [ksoftirqd/2] (root,0,0,00:00:00/7-13:42:30,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-13:42:30,31) [cpuhp/3] (root,0,0,00:00:00/7-13:42:30,32) [idle_inject/3] (root,0,0,00:00:03/7-13:42:30,33) [migration/3] (root,0,0,00:00:43/7-13:42:30,34) [ksoftirqd/3] (root,0,0,00:00:00/7-13:42:30,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-13:42:30,39) [kdevtmpfs] (root,0,0,00:00:00/7-13:42:30,40) [netns] (root,0,0,00:00:00/7-13:42:30,41) [inet_frag_wq] (root,0,0,00:00:02/7-13:42:30,42) [kauditd] (root,0,0,00:00:00/7-13:42:30,43) [khungtaskd] (root,0,0,00:00:00/7-13:42:30,44) [oom_reaper] (root,0,0,00:00:00/7-13:42:30,45) [writeback] (root,0,0,00:00:22/7-13:42:30,46) [kcompactd0] (root,0,0,00:00:00/7-13:42:30,47) [ksmd] (root,0,0,00:00:23/7-13:42:30,48) [khugepaged] (root,0,0,00:00:00/7-13:42:30,74) [kintegrityd] (root,0,0,00:00:00/7-13:42:30,75) [kblockd] (root,0,0,00:00:00/7-13:42:30,76) [blkcg_punt_bio] (root,0,0,00:00:00/7-13:42:30,78) [tpm_dev_wq] (root,0,0,00:00:00/7-13:42:30,79) [edac-poller] (root,0,0,00:00:00/7-13:42:30,80) [devfreq_wq] (root,0,0,00:00:00/7-13:42:30,110) [watchdogd] (root,0,0,00:00:01/7-13:42:30,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-13:42:30,112) [kswapd0] (root,0,0,00:00:00/7-13:42:29,114) [kthrotld] (root,0,0,00:00:00/7-13:42:29,115) [mld] (root,0,0,00:00:00/7-13:42:29,116) [ipv6_addrconf] (root,0,0,00:00:03/7-13:42:29,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/7-13:42:29,122) [kstrp] (root,0,0,00:00:00/7-13:42:29,123) [zswap-shrink] (root,0,0,00:00:00/7-13:42:29,124) [kworker/u9:0] (root,0,0,00:00:00/7-13:42:29,129) [charger_manager] (root,0,0,00:00:01/7-13:42:28,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/7-13:42:28,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-13:42:28,205) [kaluad] (root,0,0,00:00:00/7-13:42:28,250) [kmpath_rdacd] (root,0,0,00:00:00/7-13:42:28,293) [kmpathd] (root,0,0,00:00:00/7-13:42:28,294) [kmpath_handlerd] (root,0,0,00:00:00/7-13:42:28,342) [ata_sff] (root,0,0,00:00:00/7-13:42:27,343) [scsi_eh_0] (root,0,0,00:00:00/7-13:42:27,344) [scsi_tmf_0] (root,0,0,00:00:00/7-13:42:27,345) [scsi_eh_1] (root,0,0,00:00:00/7-13:42:27,346) [scsi_tmf_1] (root,0,0,00:00:11/7-13:42:25,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-13:42:25,367) [ext4-rsv-conver] (root,38604,7900,00:00:13/7-13:42:13,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/7-13:42:12,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:11/7-13:42:10,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:04/7-13:41:36,512) /sbin/auditd (messagebus,22936,5672,00:00:27/7-13:41:36,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:15/7-13:41:36,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/7-13:41:36,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,0,0,00:00:00/01:26:36,589) [kworker/u8:0-writeback] (root,31876,16220,00:00:03/7-13:41:35,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/7-13:41:35,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25356,00:00:08/7-13:41:21,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/7-13:41:21,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:40/7-13:41:20,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/7-13:41:20,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/7-13:41:20,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/7-13:41:20,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/7-13:41:20,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:13/7-13:41:20,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:00/7-13:41:20,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/7-13:41:20,1206) bpfilter_umh (root,26204,8300,00:00:04/7-13:41:20,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/7-13:41:20,1215) ntpd: asynchronous dns resolver (spot,284484,169624,08:37:25/7-13:41:20,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/7-13:41:19,1228) (sd-pam) (checkmk,48532,3192,00:00:00/7-13:41:19,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/7-13:41:19,1245) (sd-pam) (root,24216,5348,00:00:02/7-13:41:18,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/7-13:41:18,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/7-13:41:17,1354) /usr/sbin/cron -n (root,691080,73620,00:09:42/7-13:41:11,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,43784,00:02:25/7-13:40:57,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:52:09,1729) [kworker/0:2-events] (root,0,0,00:00:01/01:44:56,3298) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/03:39,3478) [kworker/2:2-events] (root,0,0,00:00:00/25:30,4855) [kworker/2:0-events] (root,0,0,00:00:00/57:39,5222) [kworker/3:1] (root,0,0,00:00:01/02:21:25,7055) [kworker/3:2-events] (root,35308,10012,00:00:00/05:37:24,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:00/05:37:24,8749) sshd: syslogtunnel (root,0,0,00:00:00/01:52,9084) [kworker/1:0-ata_sff] (root,0,0,00:00:00/10:47,11487) [kworker/0:1-events] (root,35308,10012,00:00:00/1-11:32:13,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:05/1-11:32:12,15391) sshd: cm-ssh (root,6656,3484,00:00:00/00:00,17721) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,17732) /bin/bash /usr/bin/check_mk_agent (root,13744,3532,00:00:00/00:00,17761) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,17762) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8324,00:00:00/01:35:54,18194) pickup -l -t fifo -u (root,0,0,00:00:00/07:02,22446) [kworker/1:1-ata_sff] (root,0,0,00:00:00/01:04:32,28289) [kworker/u8:2-ext4-rsv-conversion] (postfix,44628,9464,00:00:00/1-18:17:58,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/17:25,32522) [kworker/1:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-20 00:04 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363978468f5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:18/5-13:33:45,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-13:33:45,2) [kthreadd] (root,0,0,00:00:00/5-13:33:45,3) [rcu_gp] (root,0,0,00:00:00/5-13:33:45,4) [rcu_par_gp] (root,0,0,00:00:00/5-13:33:45,5) [slub_flushwq] (root,0,0,00:00:00/5-13:33:45,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-13:33:45,9) [mm_percpu_wq] (root,0,0,00:00:00/5-13:33:45,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-13:33:45,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-13:33:45,12) [rcu_tasks_trace] (root,0,0,00:00:09/5-13:33:45,13) [ksoftirqd/0] (root,0,0,00:14:29/5-13:33:45,14) [rcu_preempt] (root,0,0,00:00:02/5-13:33:45,15) [migration/0] (root,0,0,00:00:00/5-13:33:45,16) [idle_inject/0] (root,0,0,00:00:00/5-13:33:45,18) [cpuhp/0] (root,0,0,00:00:00/5-13:33:45,19) [cpuhp/1] (root,0,0,00:00:00/5-13:33:45,20) [idle_inject/1] (root,0,0,00:00:02/5-13:33:45,21) [migration/1] (root,0,0,00:00:07/5-13:33:45,22) [ksoftirqd/1] (root,0,0,00:00:00/5-13:33:45,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-13:33:45,25) [cpuhp/2] (root,0,0,00:00:00/5-13:33:45,26) [idle_inject/2] (root,0,0,00:00:01/5-13:33:45,27) [migration/2] (root,0,0,00:11:59/5-13:33:45,28) [ksoftirqd/2] (root,0,0,00:00:00/5-13:33:45,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-13:33:45,31) [cpuhp/3] (root,0,0,00:00:00/5-13:33:45,32) [idle_inject/3] (root,0,0,00:00:02/5-13:33:45,33) [migration/3] (root,0,0,00:00:30/5-13:33:45,34) [ksoftirqd/3] (root,0,0,00:00:00/5-13:33:45,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-13:33:45,39) [kdevtmpfs] (root,0,0,00:00:00/5-13:33:45,40) [netns] (root,0,0,00:00:00/5-13:33:45,41) [inet_frag_wq] (root,0,0,00:00:01/5-13:33:45,42) [kauditd] (root,0,0,00:00:00/5-13:33:45,43) [khungtaskd] (root,0,0,00:00:00/5-13:33:45,44) [oom_reaper] (root,0,0,00:00:00/5-13:33:45,45) [writeback] (root,0,0,00:00:15/5-13:33:45,46) [kcompactd0] (root,0,0,00:00:00/5-13:33:45,47) [ksmd] (root,0,0,00:00:15/5-13:33:45,48) [khugepaged] (root,0,0,00:00:00/5-13:33:45,74) [kintegrityd] (root,0,0,00:00:00/5-13:33:45,75) [kblockd] (root,0,0,00:00:00/5-13:33:45,76) [blkcg_punt_bio] (root,0,0,00:00:00/5-13:33:45,78) [tpm_dev_wq] (root,0,0,00:00:00/5-13:33:45,79) [edac-poller] (root,0,0,00:00:00/5-13:33:45,80) [devfreq_wq] (root,0,0,00:00:00/5-13:33:45,110) [watchdogd] (root,0,0,00:00:01/5-13:33:45,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-13:33:45,112) [kswapd0] (root,0,0,00:00:00/5-13:33:44,114) [kthrotld] (root,0,0,00:00:00/5-13:33:44,115) [mld] (root,0,0,00:00:00/5-13:33:44,116) [ipv6_addrconf] (root,0,0,00:00:02/5-13:33:44,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/5-13:33:44,122) [kstrp] (root,0,0,00:00:00/5-13:33:44,123) [zswap-shrink] (root,0,0,00:00:00/5-13:33:44,124) [kworker/u9:0] (root,0,0,00:00:00/5-13:33:44,129) [charger_manager] (root,0,0,00:00:01/5-13:33:43,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/5-13:33:43,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-13:33:43,205) [kaluad] (root,0,0,00:00:00/5-13:33:43,250) [kmpath_rdacd] (root,0,0,00:00:00/5-13:33:43,293) [kmpathd] (root,0,0,00:00:00/5-13:33:43,294) [kmpath_handlerd] (root,0,0,00:00:00/5-13:33:43,342) [ata_sff] (root,0,0,00:00:00/5-13:33:42,343) [scsi_eh_0] (root,0,0,00:00:00/5-13:33:42,344) [scsi_tmf_0] (root,0,0,00:00:00/5-13:33:42,345) [scsi_eh_1] (root,0,0,00:00:00/5-13:33:42,346) [scsi_tmf_1] (root,0,0,00:00:08/5-13:33:40,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-13:33:40,367) [ext4-rsv-conver] (root,38604,7544,00:00:10/5-13:33:28,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/5-13:33:27,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:08/5-13:33:25,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/5-13:32:51,512) /sbin/auditd (messagebus,22936,5824,00:00:20/5-13:32:51,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:11/5-13:32:51,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/5-13:32:51,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/5-13:32:50,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/5-13:32:50,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25572,00:00:06/5-13:32:36,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/5-13:32:36,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:29/5-13:32:35,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/5-13:32:35,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/5-13:32:35,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/5-13:32:35,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/5-13:32:35,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:10/5-13:32:35,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:43/5-13:32:35,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/5-13:32:35,1206) bpfilter_umh (root,26204,8340,00:00:03/5-13:32:35,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/5-13:32:35,1215) ntpd: asynchronous dns resolver (spot,276008,163700,06:05:59/5-13:32:35,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/5-13:32:34,1228) (sd-pam) (checkmk,48532,3192,00:00:00/5-13:32:34,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/5-13:32:34,1245) (sd-pam) (root,24216,5348,00:00:01/5-13:32:33,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/5-13:32:33,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/5-13:32:32,1354) /usr/sbin/cron -n (root,691080,73464,00:07:04/5-13:32:26,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,42496,00:01:45/5-13:32:12,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/30:28,4571) [kworker/2:0-cgroup_destroy] (root,35308,10024,00:00:00/3-15:25:21,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:12/3-15:25:21,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/3-15:25:06,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:11/3-15:25:06,4688) sshd: cm-ssh (root,0,0,00:00:00/29:45,9134) [kworker/3:0] (postfix,24244,8216,00:00:00/07:57,11162) pickup -l -t fifo -u (root,0,0,00:00:00/00:14,13611) [kworker/1:0-ata_sff] (root,6656,3508,00:00:00/00:00,15431) /bin/bash /usr/bin/check_mk_agent (root,6656,3516,00:00:00/00:00,15451) /bin/bash /usr/bin/check_mk_agent (root,6656,3476,00:00:00/00:00,15566) /bin/bash /usr/bin/check_mk_agent (root,6656,1840,00:00:00/00:00,15595) /bin/bash /usr/bin/check_mk_agent (root,25444,8820,00:00:00/00:00,15596) postconf -c /etc/postfix (root,5280,804,00:00:00/00:00,15597) grep ^multi_instance_directories (root,11644,964,00:00:00/00:00,15598) sed s/.*=[[:space:]]*//g (root,13744,3412,00:00:00/00:00,15607) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,15608) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/59:50,17810) [kworker/3:1-events] (root,0,0,00:00:00/05:26,20628) [kworker/1:1-ata_sff] (root,0,0,00:00:00/33:57,22337) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/05:25:24,26136) [kworker/u8:1-flush-253:0] (root,0,0,00:00:01/02:04:46,28062) [kworker/1:2-events] (root,0,0,00:00:00/03:51,29441) [kworker/0:0-events] (root,0,0,00:00:00/01:35:24,30976) [kworker/u8:0-writeback] (root,0,0,00:00:01/02:41:44,31879) [kworker/0:2-events] (root,0,0,00:00:00/42:29,32749) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-17 23:55 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a6e63c99Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12692,00:00:13/3-12:09:45,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-12:09:45,2) [kthreadd] (root,0,0,00:00:00/3-12:09:45,3) [rcu_gp] (root,0,0,00:00:00/3-12:09:45,4) [rcu_par_gp] (root,0,0,00:00:00/3-12:09:45,5) [slub_flushwq] (root,0,0,00:00:00/3-12:09:45,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-12:09:45,9) [mm_percpu_wq] (root,0,0,00:00:00/3-12:09:45,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-12:09:45,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-12:09:45,12) [rcu_tasks_trace] (root,0,0,00:00:05/3-12:09:45,13) [ksoftirqd/0] (root,0,0,00:09:08/3-12:09:45,14) [rcu_preempt] (root,0,0,00:00:01/3-12:09:45,15) [migration/0] (root,0,0,00:00:00/3-12:09:45,16) [idle_inject/0] (root,0,0,00:00:00/3-12:09:45,18) [cpuhp/0] (root,0,0,00:00:00/3-12:09:45,19) [cpuhp/1] (root,0,0,00:00:00/3-12:09:45,20) [idle_inject/1] (root,0,0,00:00:01/3-12:09:45,21) [migration/1] (root,0,0,00:00:04/3-12:09:45,22) [ksoftirqd/1] (root,0,0,00:00:00/3-12:09:45,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-12:09:45,25) [cpuhp/2] (root,0,0,00:00:00/3-12:09:45,26) [idle_inject/2] (root,0,0,00:00:01/3-12:09:45,27) [migration/2] (root,0,0,00:07:38/3-12:09:45,28) [ksoftirqd/2] (root,0,0,00:00:00/3-12:09:45,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-12:09:45,31) [cpuhp/3] (root,0,0,00:00:00/3-12:09:45,32) [idle_inject/3] (root,0,0,00:00:01/3-12:09:45,33) [migration/3] (root,0,0,00:00:19/3-12:09:45,34) [ksoftirqd/3] (root,0,0,00:00:00/3-12:09:45,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-12:09:45,39) [kdevtmpfs] (root,0,0,00:00:00/3-12:09:45,40) [netns] (root,0,0,00:00:00/3-12:09:45,41) [inet_frag_wq] (root,0,0,00:00:01/3-12:09:45,42) [kauditd] (root,0,0,00:00:00/3-12:09:45,43) [khungtaskd] (root,0,0,00:00:00/3-12:09:45,44) [oom_reaper] (root,0,0,00:00:00/3-12:09:45,45) [writeback] (root,0,0,00:00:09/3-12:09:45,46) [kcompactd0] (root,0,0,00:00:00/3-12:09:45,47) [ksmd] (root,0,0,00:00:10/3-12:09:45,48) [khugepaged] (root,0,0,00:00:00/3-12:09:45,74) [kintegrityd] (root,0,0,00:00:00/3-12:09:45,75) [kblockd] (root,0,0,00:00:00/3-12:09:45,76) [blkcg_punt_bio] (root,0,0,00:00:00/3-12:09:45,78) [tpm_dev_wq] (root,0,0,00:00:00/3-12:09:45,79) [edac-poller] (root,0,0,00:00:00/3-12:09:45,80) [devfreq_wq] (root,0,0,00:00:00/3-12:09:45,110) [watchdogd] (root,0,0,00:00:00/3-12:09:45,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-12:09:45,112) [kswapd0] (root,0,0,00:00:00/3-12:09:44,114) [kthrotld] (root,0,0,00:00:00/3-12:09:44,115) [mld] (root,0,0,00:00:00/3-12:09:44,116) [ipv6_addrconf] (root,0,0,00:00:01/3-12:09:44,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-12:09:44,122) [kstrp] (root,0,0,00:00:00/3-12:09:44,123) [zswap-shrink] (root,0,0,00:00:00/3-12:09:44,124) [kworker/u9:0] (root,0,0,00:00:00/3-12:09:44,129) [charger_manager] (root,0,0,00:00:00/3-12:09:43,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-12:09:43,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-12:09:43,205) [kaluad] (root,0,0,00:00:00/3-12:09:43,250) [kmpath_rdacd] (root,0,0,00:00:00/3-12:09:43,293) [kmpathd] (root,0,0,00:00:00/3-12:09:43,294) [kmpath_handlerd] (root,0,0,00:00:00/3-12:09:43,342) [ata_sff] (root,0,0,00:00:00/3-12:09:42,343) [scsi_eh_0] (root,0,0,00:00:00/3-12:09:42,344) [scsi_tmf_0] (root,0,0,00:00:00/3-12:09:42,345) [scsi_eh_1] (root,0,0,00:00:00/3-12:09:42,346) [scsi_tmf_1] (root,0,0,00:00:05/3-12:09:40,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-12:09:40,367) [ext4-rsv-conver] (root,38604,7544,00:00:06/3-12:09:28,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/3-12:09:27,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:05/3-12:09:25,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/3-12:08:51,512) /sbin/auditd (messagebus,22936,5824,00:00:14/3-12:08:51,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8536,00:00:07/3-12:08:51,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/3-12:08:51,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/3-12:08:50,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/3-12:08:50,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24748,00:00:04/3-12:08:36,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/3-12:08:36,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:14/3-12:08:35,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/3-12:08:35,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/3-12:08:35,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/3-12:08:35,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/3-12:08:35,1201) /usr/lib/systemd/systemd --user (root,448724,8116,00:00:07/3-12:08:35,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:27/3-12:08:35,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/3-12:08:35,1206) bpfilter_umh (root,26204,8340,00:00:02/3-12:08:35,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/3-12:08:35,1215) ntpd: asynchronous dns resolver (spot,274780,163292,04:04:40/3-12:08:35,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/3-12:08:34,1228) (sd-pam) (checkmk,48532,3192,00:00:00/3-12:08:34,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/3-12:08:34,1245) (sd-pam) (root,24216,5348,00:00:01/3-12:08:33,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-12:08:33,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/3-12:08:32,1354) /usr/sbin/cron -n (root,689544,71904,00:04:29/3-12:08:26,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,207296,41140,00:01:08/3-12:08:12,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/41:07,3235) [kworker/2:0-events] (root,0,0,00:00:00/51:10,4422) [kworker/1:2-events] (root,35308,10024,00:00:00/1-14:01:21,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:05/1-14:01:21,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/1-14:01:06,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:04/1-14:01:06,4688) sshd: cm-ssh (root,0,0,00:00:00/15:14,7443) [kworker/3:1-events] (root,0,0,00:00:00/08:18,8027) [kworker/1:0-ata_sff] (root,6656,3484,00:00:00/00:00,10747) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,10765) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,10766) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/06:46,13813) [kworker/3:2-events] (root,0,0,00:00:00/06:23,16604) [kworker/u8:0-writeback] (root,0,0,00:00:00/19:28,25690) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/53:55,26476) [kworker/0:2-events] (postfix,24244,8288,00:00:00/46:04,29806) pickup -l -t fifo -u (root,0,0,00:00:00/03:07,30011) [kworker/1:1-ata_sff] (root,0,0,00:00:00/02:16:22,30146) [kworker/u8:2] (root,0,0,00:00:00/45:25,30247) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-15 22:31 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836355681467Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12668,00:00:07/1-11:43:39,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-11:43:39,2) [kthreadd] (root,0,0,00:00:00/1-11:43:39,3) [rcu_gp] (root,0,0,00:00:00/1-11:43:39,4) [rcu_par_gp] (root,0,0,00:00:00/1-11:43:39,5) [slub_flushwq] (root,0,0,00:00:00/1-11:43:39,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-11:43:39,9) [mm_percpu_wq] (root,0,0,00:00:00/1-11:43:39,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-11:43:39,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-11:43:39,12) [rcu_tasks_trace] (root,0,0,00:00:02/1-11:43:39,13) [ksoftirqd/0] (root,0,0,00:03:49/1-11:43:39,14) [rcu_preempt] (root,0,0,00:00:00/1-11:43:39,15) [migration/0] (root,0,0,00:00:00/1-11:43:39,16) [idle_inject/0] (root,0,0,00:00:00/1-11:43:39,18) [cpuhp/0] (root,0,0,00:00:00/1-11:43:39,19) [cpuhp/1] (root,0,0,00:00:00/1-11:43:39,20) [idle_inject/1] (root,0,0,00:00:00/1-11:43:39,21) [migration/1] (root,0,0,00:00:01/1-11:43:39,22) [ksoftirqd/1] (root,0,0,00:00:00/1-11:43:39,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-11:43:39,25) [cpuhp/2] (root,0,0,00:00:00/1-11:43:39,26) [idle_inject/2] (root,0,0,00:00:00/1-11:43:39,27) [migration/2] (root,0,0,00:03:04/1-11:43:39,28) [ksoftirqd/2] (root,0,0,00:00:00/1-11:43:39,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-11:43:39,31) [cpuhp/3] (root,0,0,00:00:00/1-11:43:39,32) [idle_inject/3] (root,0,0,00:00:00/1-11:43:39,33) [migration/3] (root,0,0,00:00:07/1-11:43:39,34) [ksoftirqd/3] (root,0,0,00:00:00/1-11:43:39,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-11:43:39,39) [kdevtmpfs] (root,0,0,00:00:00/1-11:43:39,40) [netns] (root,0,0,00:00:00/1-11:43:39,41) [inet_frag_wq] (root,0,0,00:00:00/1-11:43:39,42) [kauditd] (root,0,0,00:00:00/1-11:43:39,43) [khungtaskd] (root,0,0,00:00:00/1-11:43:39,44) [oom_reaper] (root,0,0,00:00:00/1-11:43:39,45) [writeback] (root,0,0,00:00:04/1-11:43:39,46) [kcompactd0] (root,0,0,00:00:00/1-11:43:39,47) [ksmd] (root,0,0,00:00:04/1-11:43:39,48) [khugepaged] (root,0,0,00:00:00/1-11:43:39,74) [kintegrityd] (root,0,0,00:00:00/1-11:43:39,75) [kblockd] (root,0,0,00:00:00/1-11:43:39,76) [blkcg_punt_bio] (root,0,0,00:00:00/1-11:43:39,78) [tpm_dev_wq] (root,0,0,00:00:00/1-11:43:39,79) [edac-poller] (root,0,0,00:00:00/1-11:43:39,80) [devfreq_wq] (root,0,0,00:00:00/1-11:43:39,110) [watchdogd] (root,0,0,00:00:00/1-11:43:39,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-11:43:39,112) [kswapd0] (root,0,0,00:00:00/1-11:43:38,114) [kthrotld] (root,0,0,00:00:00/1-11:43:38,115) [mld] (root,0,0,00:00:00/1-11:43:38,116) [ipv6_addrconf] (root,0,0,00:00:00/1-11:43:38,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-11:43:38,122) [kstrp] (root,0,0,00:00:00/1-11:43:38,123) [zswap-shrink] (root,0,0,00:00:00/1-11:43:38,124) [kworker/u9:0] (root,0,0,00:00:00/1-11:43:38,129) [charger_manager] (root,0,0,00:00:00/1-11:43:37,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-11:43:37,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-11:43:37,205) [kaluad] (root,0,0,00:00:00/1-11:43:37,250) [kmpath_rdacd] (root,0,0,00:00:00/1-11:43:37,293) [kmpathd] (root,0,0,00:00:00/1-11:43:37,294) [kmpath_handlerd] (root,0,0,00:00:00/1-11:43:37,342) [ata_sff] (root,0,0,00:00:00/1-11:43:36,343) [scsi_eh_0] (root,0,0,00:00:00/1-11:43:36,344) [scsi_tmf_0] (root,0,0,00:00:00/1-11:43:36,345) [scsi_eh_1] (root,0,0,00:00:00/1-11:43:36,346) [scsi_tmf_1] (root,0,0,00:00:02/1-11:43:34,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-11:43:34,367) [ext4-rsv-conver] (root,38604,7544,00:00:03/1-11:43:22,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/1-11:43:21,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:02/1-11:43:19,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/1-11:42:45,512) /sbin/auditd (messagebus,22936,5824,00:00:06/1-11:42:45,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8504,00:00:03/1-11:42:45,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/1-11:42:45,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/1-11:42:44,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/1-11:42:44,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24220,00:00:01/1-11:42:30,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/1-11:42:30,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:05/1-11:42:29,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/1-11:42:29,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/1-11:42:29,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/1-11:42:29,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/1-11:42:29,1201) /usr/lib/systemd/systemd --user (root,448724,7840,00:00:03/1-11:42:29,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:11/1-11:42:29,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/1-11:42:29,1206) bpfilter_umh (root,26204,8340,00:00:01/1-11:42:29,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/1-11:42:29,1215) ntpd: asynchronous dns resolver (spot,198852,161648,01:40:38/1-11:42:29,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/1-11:42:28,1228) (sd-pam) (checkmk,48532,3192,00:00:00/1-11:42:28,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/1-11:42:28,1245) (sd-pam) (root,24216,5348,00:00:00/1-11:42:27,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/1-11:42:27,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/1-11:42:26,1354) /usr/sbin/cron -n (root,35308,9992,00:00:00/1-11:42:22,1368) sshd: syslogtunnel [priv] (syslogtunnel,35308,5400,00:00:05/1-11:42:22,1371) sshd: syslogtunnel (root,689288,71280,00:01:56/1-11:42:20,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,40780,00:00:30/1-11:42:06,1380) /usr/bin/python3.11 /usr/bin/spot (root,35308,9976,00:00:00/1-11:41:47,1434) sshd: cm-ssh [priv] (cm-ssh,35308,5468,00:00:04/1-11:41:47,1436) sshd: cm-ssh (root,0,0,00:00:00/22:46,1742) [kworker/0:0-events] (root,0,0,00:00:03/06:08:04,3139) [kworker/1:0-events] (root,0,0,00:00:01/03:31:58,3220) [kworker/3:2-events] (postfix,24244,8272,00:00:00/41:55,11816) pickup -l -t fifo -u (root,0,0,00:00:01/01:21:14,13438) [kworker/2:0-events] (root,0,0,00:00:00/00:33,17851) [kworker/1:2-ata_sff] (root,6764,3516,00:00:00/00:01,18710) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,18850) /bin/bash /usr/bin/check_mk_agent (root,6292,3184,00:00:00/00:00,18869) /bin/bash ././spot.bash (root,13744,3488,00:00:00/00:00,18889) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,18890) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/29:21,22827) [kworker/0:2-events] (root,0,0,00:00:00/09:08,22974) [kworker/2:2-events] (root,0,0,00:00:00/02:35:21,23925) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/29:16,24085) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/03:38:46,24173) [kworker/3:0-events] (root,0,0,00:00:00/05:43,32104) [kworker/1:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-13 22:05 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683638d333250Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12368,00:03:06/62-12:18:32,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/62-12:18:32,2) [kthreadd] (root,0,0,00:00:00/62-12:18:32,3) [rcu_gp] (root,0,0,00:00:00/62-12:18:32,4) [rcu_par_gp] (root,0,0,00:00:00/62-12:18:32,5) [slub_flushwq] (root,0,0,00:00:00/62-12:18:32,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/62-12:18:32,9) [mm_percpu_wq] (root,0,0,00:00:00/62-12:18:32,10) [rcu_tasks_kthre] (root,0,0,00:00:00/62-12:18:32,11) [rcu_tasks_rude_] (root,0,0,00:00:00/62-12:18:32,12) [rcu_tasks_trace] (root,0,0,00:01:52/62-12:18:32,13) [ksoftirqd/0] (root,0,0,02:54:00/62-12:18:32,14) [rcu_preempt] (root,0,0,00:00:23/62-12:18:32,15) [migration/0] (root,0,0,00:00:00/62-12:18:32,16) [idle_inject/0] (root,0,0,00:00:00/62-12:18:32,18) [cpuhp/0] (root,0,0,00:00:00/62-12:18:32,19) [cpuhp/1] (root,0,0,00:00:00/62-12:18:32,20) [idle_inject/1] (root,0,0,00:00:23/62-12:18:32,21) [migration/1] (root,0,0,00:01:32/62-12:18:32,22) [ksoftirqd/1] (root,0,0,00:00:00/62-12:18:32,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/62-12:18:32,25) [cpuhp/2] (root,0,0,00:00:00/62-12:18:32,26) [idle_inject/2] (root,0,0,00:00:17/62-12:18:32,27) [migration/2] (root,0,0,01:53:20/62-12:18:32,28) [ksoftirqd/2] (root,0,0,00:00:00/62-12:18:32,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/62-12:18:32,31) [cpuhp/3] (root,0,0,00:00:00/62-12:18:32,32) [idle_inject/3] (root,0,0,00:00:22/62-12:18:32,33) [migration/3] (root,0,0,00:05:42/62-12:18:32,34) [ksoftirqd/3] (root,0,0,00:00:00/62-12:18:32,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/62-12:18:32,40) [kdevtmpfs] (root,0,0,00:00:00/62-12:18:32,41) [netns] (root,0,0,00:00:00/62-12:18:32,42) [inet_frag_wq] (root,0,0,00:00:22/62-12:18:32,43) [kauditd] (root,0,0,00:00:00/62-12:18:32,44) [khungtaskd] (root,0,0,00:00:00/62-12:18:32,45) [oom_reaper] (root,0,0,00:00:00/62-12:18:32,46) [writeback] (root,0,0,00:03:10/62-12:18:32,47) [kcompactd0] (root,0,0,00:00:00/62-12:18:32,48) [ksmd] (root,0,0,00:03:27/62-12:18:32,49) [khugepaged] (root,0,0,00:00:00/62-12:18:32,75) [kintegrityd] (root,0,0,00:00:00/62-12:18:32,76) [kblockd] (root,0,0,00:00:00/62-12:18:32,77) [blkcg_punt_bio] (root,0,0,00:00:00/62-12:18:32,79) [tpm_dev_wq] (root,0,0,00:00:00/62-12:18:32,80) [edac-poller] (root,0,0,00:00:00/62-12:18:32,81) [devfreq_wq] (root,0,0,00:00:00/62-12:18:32,110) [watchdogd] (root,0,0,00:00:05/62-12:18:32,111) [kswapd0] (root,0,0,00:00:15/62-12:18:32,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/62-12:18:30,115) [kthrotld] (root,0,0,00:00:00/62-12:18:30,116) [mld] (root,0,0,00:00:00/62-12:18:30,117) [ipv6_addrconf] (root,0,0,00:00:16/62-12:18:30,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/62-12:18:30,123) [kstrp] (root,0,0,00:00:00/62-12:18:30,124) [zswap-shrink] (root,0,0,00:00:00/62-12:18:30,125) [kworker/u9:0] (root,0,0,00:00:00/62-12:18:30,130) [charger_manager] (root,0,0,00:00:18/62-12:18:30,172) [kworker/1:1H-kblockd] (root,0,0,00:00:27/62-12:18:30,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/62-12:18:29,239) [kaluad] (root,0,0,00:00:00/62-12:18:29,258) [kmpath_rdacd] (root,0,0,00:00:00/62-12:18:29,304) [kmpathd] (root,0,0,00:00:00/62-12:18:29,305) [kmpath_handlerd] (root,0,0,00:00:00/62-12:18:28,342) [ata_sff] (root,0,0,00:00:00/62-12:18:28,343) [scsi_eh_0] (root,0,0,00:00:00/62-12:18:28,344) [scsi_tmf_0] (root,0,0,00:00:00/62-12:18:28,345) [scsi_eh_1] (root,0,0,00:00:00/62-12:18:28,346) [scsi_tmf_1] (root,0,0,00:01:59/62-12:18:25,366) [jbd2/vda1-8] (root,0,0,00:00:00/62-12:18:25,367) [ext4-rsv-conver] (root,38604,7852,00:01:47/62-12:18:13,440) /usr/lib/systemd/systemd-journald (root,53296,9324,00:00:07/62-12:18:12,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:36/62-12:18:10,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1584,00:00:39/62-12:17:39,511) /sbin/auditd (messagebus,22932,5400,00:03:34/62-12:17:38,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38880,8288,00:02:01/62-12:17:38,530) /usr/lib/systemd/systemd-logind (root,20556,4152,00:00:00/62-12:17:38,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15472,00:00:03/62-12:17:36,611) /usr/sbin/wickedd --systemd --foreground (root,31900,15904,00:00:00/62-12:17:36,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/56:41,1067) [kworker/u8:0-ext4-rsv-conversion] (root,549384,31628,00:01:13/62-12:17:22,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/62-12:17:22,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:06:03/62-12:17:22,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/62-12:17:22,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/62-12:17:22,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/62-12:17:22,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/62-12:17:22,1343) /usr/lib/systemd/systemd --user (root,449060,7988,00:01:55/62-12:17:22,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:52/62-12:17:22,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/62-12:17:22,1352) bpfilter_umh (root,26204,8096,00:00:33/62-12:17:22,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/62-12:17:22,1359) ntpd: asynchronous dns resolver (spot,362432,213500,3-11:00:54/62-12:17:21,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/62-12:17:21,1371) (sd-pam) (checkmk,48528,3180,00:00:00/62-12:17:21,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/62-12:17:21,1373) (sd-pam) (root,24216,5256,00:00:22/62-12:17:19,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/62-12:17:19,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/62-12:17:19,1485) /usr/sbin/cron -n (root,0,0,00:00:00/08:51,1490) [kworker/3:1-ata_sff] (root,699464,78276,01:26:21/62-12:17:13,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,236992,82960,00:31:53/62-12:17:01,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9104,00:00:02/56-17:52:36,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/15:47,3845) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/00:27,5552) [kworker/2:1] (root,6656,3484,00:00:00/00:00,7638) /bin/bash /usr/bin/check_mk_agent (root,13744,3364,00:00:00/00:00,7656) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,7657) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35304,10040,00:00:00/24-12:45:31,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:32/24-12:45:30,10514) sshd: syslogtunnel (postfix,24244,8240,00:00:00/01:08:08,10568) pickup -l -t fifo -u (root,0,0,00:00:00/06:34,12427) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/13:22,15942) [kworker/0:2-cgroup_destroy] (root,0,0,00:00:00/01:14:21,17828) [kworker/0:0-events] (root,0,0,00:00:00/28:07,17955) [kworker/1:1-events] (root,0,0,00:00:01/01:19:10,19079) [kworker/2:2-events] (root,0,0,00:00:00/03:39,23548) [kworker/3:2-ata_sff] (root,0,0,00:00:00/50:21,30091) [kworker/3:0-events] (root,35308,10028,00:00:00/24-13:31:44,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:21/24-13:31:43,30947) sshd: cm-ssh (root,0,0,00:00:00/50:05,32761) [kworker/1:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-11 23:07 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836365a2ce83Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:58/60-12:01:15,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/60-12:01:15,2) [kthreadd] (root,0,0,00:00:00/60-12:01:15,3) [rcu_gp] (root,0,0,00:00:00/60-12:01:15,4) [rcu_par_gp] (root,0,0,00:00:00/60-12:01:15,5) [slub_flushwq] (root,0,0,00:00:00/60-12:01:15,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/60-12:01:15,9) [mm_percpu_wq] (root,0,0,00:00:00/60-12:01:15,10) [rcu_tasks_kthre] (root,0,0,00:00:00/60-12:01:15,11) [rcu_tasks_rude_] (root,0,0,00:00:00/60-12:01:15,12) [rcu_tasks_trace] (root,0,0,00:01:48/60-12:01:15,13) [ksoftirqd/0] (root,0,0,02:48:52/60-12:01:15,14) [rcu_preempt] (root,0,0,00:00:23/60-12:01:15,15) [migration/0] (root,0,0,00:00:00/60-12:01:15,16) [idle_inject/0] (root,0,0,00:00:00/60-12:01:15,18) [cpuhp/0] (root,0,0,00:00:00/60-12:01:15,19) [cpuhp/1] (root,0,0,00:00:00/60-12:01:15,20) [idle_inject/1] (root,0,0,00:00:23/60-12:01:15,21) [migration/1] (root,0,0,00:01:29/60-12:01:15,22) [ksoftirqd/1] (root,0,0,00:00:00/60-12:01:15,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/60-12:01:15,25) [cpuhp/2] (root,0,0,00:00:00/60-12:01:15,26) [idle_inject/2] (root,0,0,00:00:17/60-12:01:15,27) [migration/2] (root,0,0,01:49:24/60-12:01:15,28) [ksoftirqd/2] (root,0,0,00:00:00/60-12:01:15,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/60-12:01:15,31) [cpuhp/3] (root,0,0,00:00:00/60-12:01:15,32) [idle_inject/3] (root,0,0,00:00:21/60-12:01:15,33) [migration/3] (root,0,0,00:05:32/60-12:01:15,34) [ksoftirqd/3] (root,0,0,00:00:00/60-12:01:15,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/60-12:01:15,40) [kdevtmpfs] (root,0,0,00:00:00/60-12:01:15,41) [netns] (root,0,0,00:00:00/60-12:01:15,42) [inet_frag_wq] (root,0,0,00:00:21/60-12:01:15,43) [kauditd] (root,0,0,00:00:00/60-12:01:15,44) [khungtaskd] (root,0,0,00:00:00/60-12:01:15,45) [oom_reaper] (root,0,0,00:00:00/60-12:01:15,46) [writeback] (root,0,0,00:03:04/60-12:01:15,47) [kcompactd0] (root,0,0,00:00:00/60-12:01:15,48) [ksmd] (root,0,0,00:03:20/60-12:01:15,49) [khugepaged] (root,0,0,00:00:00/60-12:01:15,75) [kintegrityd] (root,0,0,00:00:00/60-12:01:15,76) [kblockd] (root,0,0,00:00:00/60-12:01:15,77) [blkcg_punt_bio] (root,0,0,00:00:00/60-12:01:15,79) [tpm_dev_wq] (root,0,0,00:00:00/60-12:01:15,80) [edac-poller] (root,0,0,00:00:00/60-12:01:15,81) [devfreq_wq] (root,0,0,00:00:00/60-12:01:15,110) [watchdogd] (root,0,0,00:00:04/60-12:01:15,111) [kswapd0] (root,0,0,00:00:15/60-12:01:15,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/60-12:01:13,115) [kthrotld] (root,0,0,00:00:00/60-12:01:13,116) [mld] (root,0,0,00:00:00/60-12:01:13,117) [ipv6_addrconf] (root,0,0,00:00:16/60-12:01:13,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/60-12:01:13,123) [kstrp] (root,0,0,00:00:00/60-12:01:13,124) [zswap-shrink] (root,0,0,00:00:00/60-12:01:13,125) [kworker/u9:0] (root,0,0,00:00:00/60-12:01:13,130) [charger_manager] (root,0,0,00:00:18/60-12:01:13,172) [kworker/1:1H-kblockd] (root,0,0,00:00:26/60-12:01:13,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/60-12:01:12,239) [kaluad] (root,0,0,00:00:00/60-12:01:12,258) [kmpath_rdacd] (root,0,0,00:00:00/60-12:01:12,304) [kmpathd] (root,0,0,00:00:00/60-12:01:12,305) [kmpath_handlerd] (root,0,0,00:00:00/60-12:01:11,342) [ata_sff] (root,0,0,00:00:00/60-12:01:11,343) [scsi_eh_0] (root,0,0,00:00:00/60-12:01:11,344) [scsi_tmf_0] (root,0,0,00:00:00/60-12:01:11,345) [scsi_eh_1] (root,0,0,00:00:00/60-12:01:11,346) [scsi_tmf_1] (root,0,0,00:01:56/60-12:01:08,366) [jbd2/vda1-8] (root,0,0,00:00:00/60-12:01:08,367) [ext4-rsv-conver] (root,38604,7852,00:01:43/60-12:00:56,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/60-12:00:55,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:33/60-12:00:53,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:37/60-12:00:22,511) /sbin/auditd (messagebus,22932,5400,00:03:23/60-12:00:21,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:55/60-12:00:21,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/60-12:00:21,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/60-12:00:19,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/60-12:00:19,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549384,31636,00:01:11/60-12:00:05,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/60-12:00:05,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:52/60-12:00:05,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/60-12:00:05,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/60-12:00:05,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/60-12:00:05,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/60-12:00:05,1343) /usr/lib/systemd/systemd --user (root,449060,8208,00:01:51/60-12:00:05,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:36/60-12:00:05,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/60-12:00:05,1352) bpfilter_umh (root,26204,8096,00:00:31/60-12:00:05,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/60-12:00:05,1359) ntpd: asynchronous dns resolver (spot,361968,213400,3-08:22:39/60-12:00:04,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/60-12:00:04,1371) (sd-pam) (checkmk,48528,3180,00:00:00/60-12:00:04,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/60-12:00:04,1373) (sd-pam) (root,24216,5260,00:00:21/60-12:00:02,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/60-12:00:02,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/60-12:00:02,1485) /usr/sbin/cron -n (root,699208,80092,01:23:38/60-11:59:56,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,235968,82036,00:31:03/60-11:59:44,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/54-17:35:19,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:25:52,4301) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/13:41,7246) [kworker/1:0-events] (root,35304,10040,00:00:00/22-12:28:14,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:24/22-12:28:13,10514) sshd: syslogtunnel (root,0,0,00:00:00/19:55,12806) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/37:26,16122) [kworker/0:0-cgroup_destroy] (postfix,24244,8276,00:00:00/01:11:52,18926) pickup -l -t fifo -u (root,0,0,00:00:00/02:30,19277) [kworker/3:0-events] (root,0,0,00:00:00/01:53,22406) [kworker/1:2-events] (root,0,0,00:00:00/35:04,25987) [kworker/1:1-events] (root,0,0,00:00:00/01:09:58,28209) [kworker/3:1-ata_sff] (root,0,0,00:00:00/49:19,29474) [kworker/0:2-events] (root,35308,10028,00:00:00/22-13:14:27,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:15/22-13:14:26,30947) sshd: cm-ssh (root,6656,3488,00:00:00/00:00,31889) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,31907) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,31908) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/23:13,32105) [kworker/2:1-events] (root,0,0,00:00:00/07:42,32261) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:15:20,32443) [kworker/2:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-09 22:49 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363407ec5b9Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,14416,00:02:49/58-12:27:20,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/58-12:27:20,2) [kthreadd] (root,0,0,00:00:00/58-12:27:20,3) [rcu_gp] (root,0,0,00:00:00/58-12:27:20,4) [rcu_par_gp] (root,0,0,00:00:00/58-12:27:20,5) [slub_flushwq] (root,0,0,00:00:00/58-12:27:20,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/58-12:27:20,9) [mm_percpu_wq] (root,0,0,00:00:00/58-12:27:20,10) [rcu_tasks_kthre] (root,0,0,00:00:00/58-12:27:20,11) [rcu_tasks_rude_] (root,0,0,00:00:00/58-12:27:20,12) [rcu_tasks_trace] (root,0,0,00:01:44/58-12:27:20,13) [ksoftirqd/0] (root,0,0,02:43:43/58-12:27:20,14) [rcu_preempt] (root,0,0,00:00:22/58-12:27:20,15) [migration/0] (root,0,0,00:00:00/58-12:27:20,16) [idle_inject/0] (root,0,0,00:00:00/58-12:27:20,18) [cpuhp/0] (root,0,0,00:00:00/58-12:27:20,19) [cpuhp/1] (root,0,0,00:00:00/58-12:27:20,20) [idle_inject/1] (root,0,0,00:00:22/58-12:27:20,21) [migration/1] (root,0,0,00:01:26/58-12:27:20,22) [ksoftirqd/1] (root,0,0,00:00:00/58-12:27:20,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/58-12:27:20,25) [cpuhp/2] (root,0,0,00:00:00/58-12:27:20,26) [idle_inject/2] (root,0,0,00:00:16/58-12:27:20,27) [migration/2] (root,0,0,01:44:32/58-12:27:20,28) [ksoftirqd/2] (root,0,0,00:00:00/58-12:27:20,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/58-12:27:20,31) [cpuhp/3] (root,0,0,00:00:00/58-12:27:20,32) [idle_inject/3] (root,0,0,00:00:20/58-12:27:20,33) [migration/3] (root,0,0,00:05:20/58-12:27:20,34) [ksoftirqd/3] (root,0,0,00:00:00/58-12:27:20,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/58-12:27:20,40) [kdevtmpfs] (root,0,0,00:00:00/58-12:27:20,41) [netns] (root,0,0,00:00:00/58-12:27:20,42) [inet_frag_wq] (root,0,0,00:00:20/58-12:27:20,43) [kauditd] (root,0,0,00:00:00/58-12:27:20,44) [khungtaskd] (root,0,0,00:00:00/58-12:27:20,45) [oom_reaper] (root,0,0,00:00:00/58-12:27:20,46) [writeback] (root,0,0,00:02:59/58-12:27:20,47) [kcompactd0] (root,0,0,00:00:00/58-12:27:20,48) [ksmd] (root,0,0,00:03:14/58-12:27:20,49) [khugepaged] (root,0,0,00:00:00/58-12:27:20,75) [kintegrityd] (root,0,0,00:00:00/58-12:27:20,76) [kblockd] (root,0,0,00:00:00/58-12:27:20,77) [blkcg_punt_bio] (root,0,0,00:00:00/58-12:27:20,79) [tpm_dev_wq] (root,0,0,00:00:00/58-12:27:20,80) [edac-poller] (root,0,0,00:00:00/58-12:27:20,81) [devfreq_wq] (root,0,0,00:00:00/58-12:27:20,110) [watchdogd] (root,0,0,00:00:04/58-12:27:20,111) [kswapd0] (root,0,0,00:00:15/58-12:27:20,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/58-12:27:18,115) [kthrotld] (root,0,0,00:00:00/58-12:27:18,116) [mld] (root,0,0,00:00:00/58-12:27:18,117) [ipv6_addrconf] (root,0,0,00:00:16/58-12:27:18,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/58-12:27:18,123) [kstrp] (root,0,0,00:00:00/58-12:27:18,124) [zswap-shrink] (root,0,0,00:00:00/58-12:27:18,125) [kworker/u9:0] (root,0,0,00:00:00/58-12:27:18,130) [charger_manager] (root,0,0,00:00:17/58-12:27:18,172) [kworker/1:1H-kblockd] (root,0,0,00:00:25/58-12:27:18,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/58-12:27:17,239) [kaluad] (root,0,0,00:00:00/58-12:27:17,258) [kmpath_rdacd] (root,0,0,00:00:00/58-12:27:17,304) [kmpathd] (root,0,0,00:00:00/58-12:27:17,305) [kmpath_handlerd] (root,0,0,00:00:00/58-12:27:16,342) [ata_sff] (root,0,0,00:00:00/58-12:27:16,343) [scsi_eh_0] (root,0,0,00:00:00/58-12:27:16,344) [scsi_tmf_0] (root,0,0,00:00:00/58-12:27:16,345) [scsi_eh_1] (root,0,0,00:00:00/58-12:27:16,346) [scsi_tmf_1] (root,0,0,00:01:52/58-12:27:13,366) [jbd2/vda1-8] (root,0,0,00:00:00/58-12:27:13,367) [ext4-rsv-conver] (root,38604,7852,00:01:38/58-12:27:01,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/58-12:27:00,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:30/58-12:26:58,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:35/58-12:26:27,511) /sbin/auditd (messagebus,22932,5400,00:03:12/58-12:26:26,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:48/58-12:26:26,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/58-12:26:26,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/58-12:26:24,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/58-12:26:24,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/08:41,788) [kworker/3:0-events] (root,549128,31272,00:01:09/58-12:26:10,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/58-12:26:10,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:42/58-12:26:10,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/58-12:26:10,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/58-12:26:10,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/58-12:26:10,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/58-12:26:10,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:47/58-12:26:10,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:20/58-12:26:10,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/58-12:26:10,1352) bpfilter_umh (root,26204,8096,00:00:30/58-12:26:10,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/58-12:26:10,1359) ntpd: asynchronous dns resolver (spot,363056,214412,3-05:19:01/58-12:26:09,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/58-12:26:09,1371) (sd-pam) (checkmk,48528,3180,00:00:00/58-12:26:09,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/58-12:26:09,1373) (sd-pam) (root,24216,5260,00:00:20/58-12:26:07,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/58-12:26:07,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/58-12:26:07,1485) /usr/sbin/cron -n (root,698952,77684,01:20:56/58-12:26:01,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,234944,80360,00:30:16/58-12:25:49,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/52-18:01:24,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/15:29,4789) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/15:19,5373) [kworker/1:2-events] (root,0,0,00:00:00/14:55,6651) [kworker/u8:2-flush-253:0] (root,35304,10040,00:00:00/20-12:54:19,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:16/20-12:54:18,10514) sshd: syslogtunnel (root,0,0,00:00:00/29:20,14847) [kworker/2:0-events] (root,0,0,00:00:00/01:49:56,16568) [kworker/2:2-events] (root,0,0,00:00:00/03:30,17198) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:13:10,18323) [kworker/1:0-events] (root,0,0,00:00:00/03:08,19316) [kworker/0:0-cgroup_destroy] (postfix,24244,8272,00:00:00/19:43,20776) pickup -l -t fifo -u (root,0,0,00:00:00/01:37:54,22600) [kworker/u8:0-writeback] (root,0,0,00:00:00/01:29:18,26097) [kworker/0:2-events] (root,35308,10028,00:00:00/20-13:40:32,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:09/20-13:40:31,30947) sshd: cm-ssh (root,6656,3488,00:00:00/00:00,31462) /bin/bash /usr/bin/check_mk_agent (root,13744,3444,00:00:00/00:00,31480) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,31481) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/34:37,31562) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-07 23:16 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363199929d6Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:39/56-11:08:26,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/56-11:08:26,2) [kthreadd] (root,0,0,00:00:00/56-11:08:26,3) [rcu_gp] (root,0,0,00:00:00/56-11:08:26,4) [rcu_par_gp] (root,0,0,00:00:00/56-11:08:26,5) [slub_flushwq] (root,0,0,00:00:00/56-11:08:26,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/56-11:08:26,9) [mm_percpu_wq] (root,0,0,00:00:00/56-11:08:26,10) [rcu_tasks_kthre] (root,0,0,00:00:00/56-11:08:26,11) [rcu_tasks_rude_] (root,0,0,00:00:00/56-11:08:26,12) [rcu_tasks_trace] (root,0,0,00:01:40/56-11:08:26,13) [ksoftirqd/0] (root,0,0,02:38:14/56-11:08:26,14) [rcu_preempt] (root,0,0,00:00:21/56-11:08:26,15) [migration/0] (root,0,0,00:00:00/56-11:08:26,16) [idle_inject/0] (root,0,0,00:00:00/56-11:08:26,18) [cpuhp/0] (root,0,0,00:00:00/56-11:08:26,19) [cpuhp/1] (root,0,0,00:00:00/56-11:08:26,20) [idle_inject/1] (root,0,0,00:00:21/56-11:08:26,21) [migration/1] (root,0,0,00:01:23/56-11:08:26,22) [ksoftirqd/1] (root,0,0,00:00:00/56-11:08:26,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/56-11:08:26,25) [cpuhp/2] (root,0,0,00:00:00/56-11:08:26,26) [idle_inject/2] (root,0,0,00:00:16/56-11:08:26,27) [migration/2] (root,0,0,01:40:02/56-11:08:26,28) [ksoftirqd/2] (root,0,0,00:00:00/56-11:08:26,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/56-11:08:26,31) [cpuhp/3] (root,0,0,00:00:00/56-11:08:26,32) [idle_inject/3] (root,0,0,00:00:20/56-11:08:26,33) [migration/3] (root,0,0,00:05:08/56-11:08:26,34) [ksoftirqd/3] (root,0,0,00:00:00/56-11:08:26,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/56-11:08:26,40) [kdevtmpfs] (root,0,0,00:00:00/56-11:08:26,41) [netns] (root,0,0,00:00:00/56-11:08:26,42) [inet_frag_wq] (root,0,0,00:00:19/56-11:08:26,43) [kauditd] (root,0,0,00:00:00/56-11:08:26,44) [khungtaskd] (root,0,0,00:00:00/56-11:08:26,45) [oom_reaper] (root,0,0,00:00:00/56-11:08:26,46) [writeback] (root,0,0,00:02:53/56-11:08:26,47) [kcompactd0] (root,0,0,00:00:00/56-11:08:26,48) [ksmd] (root,0,0,00:03:07/56-11:08:26,49) [khugepaged] (root,0,0,00:00:00/56-11:08:26,75) [kintegrityd] (root,0,0,00:00:00/56-11:08:26,76) [kblockd] (root,0,0,00:00:00/56-11:08:26,77) [blkcg_punt_bio] (root,0,0,00:00:00/56-11:08:26,79) [tpm_dev_wq] (root,0,0,00:00:00/56-11:08:26,80) [edac-poller] (root,0,0,00:00:00/56-11:08:26,81) [devfreq_wq] (root,0,0,00:00:00/56-11:08:26,110) [watchdogd] (root,0,0,00:00:04/56-11:08:26,111) [kswapd0] (root,0,0,00:00:14/56-11:08:26,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/56-11:08:24,115) [kthrotld] (root,0,0,00:00:00/56-11:08:24,116) [mld] (root,0,0,00:00:00/56-11:08:24,117) [ipv6_addrconf] (root,0,0,00:00:15/56-11:08:24,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/56-11:08:24,123) [kstrp] (root,0,0,00:00:00/56-11:08:24,124) [zswap-shrink] (root,0,0,00:00:00/56-11:08:24,125) [kworker/u9:0] (root,0,0,00:00:00/56-11:08:24,130) [charger_manager] (root,0,0,00:00:17/56-11:08:24,172) [kworker/1:1H-kblockd] (root,0,0,00:00:25/56-11:08:24,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/56-11:08:23,239) [kaluad] (root,0,0,00:00:00/56-11:08:23,258) [kmpath_rdacd] (root,0,0,00:00:00/56-11:08:23,304) [kmpathd] (root,0,0,00:00:00/56-11:08:23,305) [kmpath_handlerd] (root,0,0,00:00:00/56-11:08:22,342) [ata_sff] (root,0,0,00:00:00/56-11:08:22,343) [scsi_eh_0] (root,0,0,00:00:00/56-11:08:22,344) [scsi_tmf_0] (root,0,0,00:00:00/56-11:08:22,345) [scsi_eh_1] (root,0,0,00:00:00/56-11:08:22,346) [scsi_tmf_1] (root,0,0,00:01:49/56-11:08:19,366) [jbd2/vda1-8] (root,0,0,00:00:00/56-11:08:19,367) [ext4-rsv-conver] (root,38604,7852,00:01:33/56-11:08:07,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/56-11:08:06,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:27/56-11:08:04,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:32/56-11:07:33,511) /sbin/auditd (messagebus,22932,5400,00:02:59/56-11:07:32,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:41/56-11:07:32,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/56-11:07:32,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/56-11:07:30,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/56-11:07:30,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549128,31272,00:01:07/56-11:07:16,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/56-11:07:16,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:32/56-11:07:16,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/56-11:07:16,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/56-11:07:16,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/56-11:07:16,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/56-11:07:16,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:42/56-11:07:16,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:03/56-11:07:16,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/56-11:07:16,1352) bpfilter_umh (root,26204,8096,00:00:28/56-11:07:16,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/56-11:07:16,1359) ntpd: asynchronous dns resolver (spot,364864,215660,3-02:18:13/56-11:07:15,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/56-11:07:15,1371) (sd-pam) (checkmk,48528,3180,00:00:00/56-11:07:15,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/56-11:07:15,1373) (sd-pam) (root,24216,5260,00:00:19/56-11:07:13,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/56-11:07:13,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:07/56-11:07:13,1485) /usr/sbin/cron -n (root,698412,77180,01:18:05/56-11:07:07,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,233920,79172,00:29:27/56-11:06:55,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/50-16:42:30,2557) tlsmgr -l -t unix -u (postfix,24244,8248,00:00:00/01:02:45,4682) pickup -l -t fifo -u (root,0,0,00:00:00/01:00:54,4870) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/18:18,5175) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/56:52,5436) [kworker/1:1-events] (root,0,0,00:00:00/12:17,9074) [kworker/0:2-events] (root,0,0,00:00:00/01:51,9537) [kworker/1:2-events] (root,35304,10040,00:00:00/18-11:35:25,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:08/18-11:35:24,10514) sshd: syslogtunnel (root,0,0,00:00:00/00:16,16436) [kworker/3:1-ata_sff] (root,6656,3488,00:00:00/00:00,18071) /bin/bash /usr/bin/check_mk_agent (root,13744,3380,00:00:00/00:00,18089) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,18090) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/36:35,22652) [kworker/u8:2-writeback] (root,0,0,00:00:00/05:29,25333) [kworker/3:0-ata_sff] (root,0,0,00:00:01/02:25:33,26766) [kworker/3:2-events] (root,0,0,00:00:00/02:01:45,29783) [kworker/2:1-events] (root,0,0,00:00:00/01:55:26,30582) [kworker/u8:1-ext4-rsv-conversion] (root,35308,10028,00:00:00/18-12:21:38,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:02/18-12:21:37,30947) sshd: cm-ssh (root,0,0,00:00:00/01:47:08,31588) [kworker/0:1-events] (root,0,0,00:00:00/03:58,32010) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-05 21:57 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683631db7d79cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:34/54-14:35:49,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/54-14:35:49,2) [kthreadd] (root,0,0,00:00:00/54-14:35:49,3) [rcu_gp] (root,0,0,00:00:00/54-14:35:49,4) [rcu_par_gp] (root,0,0,00:00:00/54-14:35:49,5) [slub_flushwq] (root,0,0,00:00:00/54-14:35:49,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/54-14:35:49,9) [mm_percpu_wq] (root,0,0,00:00:00/54-14:35:49,10) [rcu_tasks_kthre] (root,0,0,00:00:00/54-14:35:49,11) [rcu_tasks_rude_] (root,0,0,00:00:00/54-14:35:49,12) [rcu_tasks_trace] (root,0,0,00:01:37/54-14:35:49,13) [ksoftirqd/0] (root,0,0,02:33:29/54-14:35:49,14) [rcu_preempt] (root,0,0,00:00:21/54-14:35:49,15) [migration/0] (root,0,0,00:00:00/54-14:35:49,16) [idle_inject/0] (root,0,0,00:00:00/54-14:35:49,18) [cpuhp/0] (root,0,0,00:00:00/54-14:35:49,19) [cpuhp/1] (root,0,0,00:00:00/54-14:35:49,20) [idle_inject/1] (root,0,0,00:00:21/54-14:35:49,21) [migration/1] (root,0,0,00:01:20/54-14:35:49,22) [ksoftirqd/1] (root,0,0,00:00:00/54-14:35:49,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/54-14:35:49,25) [cpuhp/2] (root,0,0,00:00:00/54-14:35:49,26) [idle_inject/2] (root,0,0,00:00:15/54-14:35:49,27) [migration/2] (root,0,0,01:36:46/54-14:35:49,28) [ksoftirqd/2] (root,0,0,00:00:00/54-14:35:49,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/54-14:35:49,31) [cpuhp/3] (root,0,0,00:00:00/54-14:35:49,32) [idle_inject/3] (root,0,0,00:00:19/54-14:35:49,33) [migration/3] (root,0,0,00:05:00/54-14:35:49,34) [ksoftirqd/3] (root,0,0,00:00:00/54-14:35:49,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/54-14:35:49,40) [kdevtmpfs] (root,0,0,00:00:00/54-14:35:49,41) [netns] (root,0,0,00:00:00/54-14:35:49,42) [inet_frag_wq] (root,0,0,00:00:18/54-14:35:49,43) [kauditd] (root,0,0,00:00:00/54-14:35:49,44) [khungtaskd] (root,0,0,00:00:00/54-14:35:49,45) [oom_reaper] (root,0,0,00:00:00/54-14:35:49,46) [writeback] (root,0,0,00:02:47/54-14:35:49,47) [kcompactd0] (root,0,0,00:00:00/54-14:35:49,48) [ksmd] (root,0,0,00:03:02/54-14:35:49,49) [khugepaged] (root,0,0,00:00:00/54-14:35:49,75) [kintegrityd] (root,0,0,00:00:00/54-14:35:49,76) [kblockd] (root,0,0,00:00:00/54-14:35:49,77) [blkcg_punt_bio] (root,0,0,00:00:00/54-14:35:49,79) [tpm_dev_wq] (root,0,0,00:00:00/54-14:35:49,80) [edac-poller] (root,0,0,00:00:00/54-14:35:49,81) [devfreq_wq] (root,0,0,00:00:00/54-14:35:49,110) [watchdogd] (root,0,0,00:00:04/54-14:35:49,111) [kswapd0] (root,0,0,00:00:14/54-14:35:49,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/54-14:35:47,115) [kthrotld] (root,0,0,00:00:00/54-14:35:47,116) [mld] (root,0,0,00:00:00/54-14:35:47,117) [ipv6_addrconf] (root,0,0,00:00:15/54-14:35:47,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/54-14:35:47,123) [kstrp] (root,0,0,00:00:00/54-14:35:47,124) [zswap-shrink] (root,0,0,00:00:00/54-14:35:47,125) [kworker/u9:0] (root,0,0,00:00:00/54-14:35:47,130) [charger_manager] (root,0,0,00:00:16/54-14:35:47,172) [kworker/1:1H-kblockd] (root,0,0,00:00:24/54-14:35:47,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/54-14:35:46,239) [kaluad] (root,0,0,00:00:00/54-14:35:46,258) [kmpath_rdacd] (root,0,0,00:00:00/54-14:35:46,304) [kmpathd] (root,0,0,00:00:00/54-14:35:46,305) [kmpath_handlerd] (root,0,0,00:00:00/54-14:35:45,342) [ata_sff] (root,0,0,00:00:00/54-14:35:45,343) [scsi_eh_0] (root,0,0,00:00:00/54-14:35:45,344) [scsi_tmf_0] (root,0,0,00:00:00/54-14:35:45,345) [scsi_eh_1] (root,0,0,00:00:00/54-14:35:45,346) [scsi_tmf_1] (root,0,0,00:01:46/54-14:35:42,366) [jbd2/vda1-8] (root,0,0,00:00:00/54-14:35:42,367) [ext4-rsv-conver] (root,38604,7852,00:01:30/54-14:35:30,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/54-14:35:29,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:24/54-14:35:27,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:31/54-14:34:56,511) /sbin/auditd (messagebus,22932,5400,00:02:54/54-14:34:55,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:38/54-14:34:55,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/54-14:34:55,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/54-14:34:53,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/54-14:34:53,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/16:33,729) [kworker/3:1-events] (root,549128,31272,00:01:04/54-14:34:39,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/54-14:34:39,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:24/54-14:34:39,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/54-14:34:39,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/54-14:34:39,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/54-14:34:39,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/54-14:34:39,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:39/54-14:34:39,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:07:48/54-14:34:39,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/54-14:34:39,1352) bpfilter_umh (root,26204,8096,00:00:27/54-14:34:39,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/54-14:34:39,1359) ntpd: asynchronous dns resolver (spot,365248,215804,2-23:41:08/54-14:34:38,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/54-14:34:38,1371) (sd-pam) (checkmk,48528,3180,00:00:00/54-14:34:38,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/54-14:34:38,1373) (sd-pam) (root,24216,5260,00:00:19/54-14:34:36,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/54-14:34:36,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:07/54-14:34:36,1485) /usr/sbin/cron -n (root,698412,79072,01:15:34/54-14:34:30,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,232896,77764,00:28:45/54-14:34:18,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9160,00:00:02/48-20:09:53,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/14:41,6889) [kworker/0:1] (root,0,0,00:00:00/02:54:29,7540) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/13:55,9879) [kworker/u8:1-writeback] (root,0,0,00:00:00/41:30,10451) [kworker/0:2-events] (root,35304,10040,00:00:00/16-15:02:48,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:02/16-15:02:47,10514) sshd: syslogtunnel (root,0,0,00:00:00/01:00,12778) [kworker/3:0-ata_sff] (root,6656,3488,00:00:00/00:00,17333) /bin/bash /usr/bin/check_mk_agent (root,6656,3472,00:00:00/00:00,17417) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,17435) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,17436) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8220,00:00:00/01:31:00,18539) pickup -l -t fifo -u (root,0,0,00:00:00/09:11,23551) [kworker/2:2] (root,0,0,00:00:00/36:15,24374) [kworker/1:1] (root,0,0,00:00:01/03:52:17,25166) [kworker/2:1-events] (root,0,0,00:00:00/01:59:35,27550) [kworker/1:0-events] (root,0,0,00:00:00/06:10,29248) [kworker/3:2-ata_sff] (root,35308,10028,00:00:00/16-15:49:01,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:56/16-15:49:00,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-04 01:24 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683632c51c7aeFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12464,00:02:18/47-14:00:23,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/47-14:00:23,2) [kthreadd] (root,0,0,00:00:00/47-14:00:23,3) [rcu_gp] (root,0,0,00:00:00/47-14:00:23,4) [rcu_par_gp] (root,0,0,00:00:00/47-14:00:23,5) [slub_flushwq] (root,0,0,00:00:00/47-14:00:23,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/47-14:00:23,9) [mm_percpu_wq] (root,0,0,00:00:00/47-14:00:23,10) [rcu_tasks_kthre] (root,0,0,00:00:00/47-14:00:23,11) [rcu_tasks_rude_] (root,0,0,00:00:00/47-14:00:23,12) [rcu_tasks_trace] (root,0,0,00:01:26/47-14:00:23,13) [ksoftirqd/0] (root,0,0,02:15:55/47-14:00:23,14) [rcu_preempt] (root,0,0,00:00:18/47-14:00:23,15) [migration/0] (root,0,0,00:00:00/47-14:00:23,16) [idle_inject/0] (root,0,0,00:00:00/47-14:00:23,18) [cpuhp/0] (root,0,0,00:00:00/47-14:00:23,19) [cpuhp/1] (root,0,0,00:00:00/47-14:00:23,20) [idle_inject/1] (root,0,0,00:00:18/47-14:00:23,21) [migration/1] (root,0,0,00:01:11/47-14:00:23,22) [ksoftirqd/1] (root,0,0,00:00:00/47-14:00:23,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/47-14:00:23,25) [cpuhp/2] (root,0,0,00:00:00/47-14:00:23,26) [idle_inject/2] (root,0,0,00:00:13/47-14:00:23,27) [migration/2] (root,0,0,01:27:44/47-14:00:23,28) [ksoftirqd/2] (root,0,0,00:00:00/47-14:00:23,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/47-14:00:23,31) [cpuhp/3] (root,0,0,00:00:00/47-14:00:23,32) [idle_inject/3] (root,0,0,00:00:17/47-14:00:23,33) [migration/3] (root,0,0,00:04:30/47-14:00:23,34) [ksoftirqd/3] (root,0,0,00:00:00/47-14:00:23,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/47-14:00:23,40) [kdevtmpfs] (root,0,0,00:00:00/47-14:00:23,41) [netns] (root,0,0,00:00:00/47-14:00:23,42) [inet_frag_wq] (root,0,0,00:00:16/47-14:00:23,43) [kauditd] (root,0,0,00:00:00/47-14:00:23,44) [khungtaskd] (root,0,0,00:00:00/47-14:00:23,45) [oom_reaper] (root,0,0,00:00:00/47-14:00:23,46) [writeback] (root,0,0,00:02:29/47-14:00:23,47) [kcompactd0] (root,0,0,00:00:00/47-14:00:23,48) [ksmd] (root,0,0,00:02:37/47-14:00:23,49) [khugepaged] (root,0,0,00:00:00/47-14:00:23,75) [kintegrityd] (root,0,0,00:00:00/47-14:00:23,76) [kblockd] (root,0,0,00:00:00/47-14:00:23,77) [blkcg_punt_bio] (root,0,0,00:00:00/47-14:00:23,79) [tpm_dev_wq] (root,0,0,00:00:00/47-14:00:23,80) [edac-poller] (root,0,0,00:00:00/47-14:00:23,81) [devfreq_wq] (root,0,0,00:00:00/47-14:00:23,110) [watchdogd] (root,0,0,00:00:03/47-14:00:23,111) [kswapd0] (root,0,0,00:00:12/47-14:00:23,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/47-14:00:21,115) [kthrotld] (root,0,0,00:00:00/47-14:00:21,116) [mld] (root,0,0,00:00:00/47-14:00:21,117) [ipv6_addrconf] (root,0,0,00:00:13/47-14:00:21,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/47-14:00:21,123) [kstrp] (root,0,0,00:00:00/47-14:00:21,124) [zswap-shrink] (root,0,0,00:00:00/47-14:00:21,125) [kworker/u9:0] (root,0,0,00:00:00/47-14:00:21,130) [charger_manager] (root,0,0,00:00:14/47-14:00:21,172) [kworker/1:1H-kblockd] (root,0,0,00:00:21/47-14:00:21,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/47-14:00:20,239) [kaluad] (root,0,0,00:00:00/47-14:00:20,258) [kmpath_rdacd] (root,0,0,00:00:00/47-14:00:20,304) [kmpathd] (root,0,0,00:00:00/47-14:00:20,305) [kmpath_handlerd] (root,0,0,00:00:00/47-14:00:19,342) [ata_sff] (root,0,0,00:00:00/47-14:00:19,343) [scsi_eh_0] (root,0,0,00:00:00/47-14:00:19,344) [scsi_tmf_0] (root,0,0,00:00:00/47-14:00:19,345) [scsi_eh_1] (root,0,0,00:00:00/47-14:00:19,346) [scsi_tmf_1] (root,0,0,00:01:34/47-14:00:16,366) [jbd2/vda1-8] (root,0,0,00:00:00/47-14:00:16,367) [ext4-rsv-conver] (root,38604,7856,00:01:20/47-14:00:04,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/47-14:00:03,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:14/47-14:00:01,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:28/47-13:59:30,511) /sbin/auditd (messagebus,22932,5408,00:02:36/47-13:59:29,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:28/47-13:59:29,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/47-13:59:29,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/47-13:59:27,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/47-13:59:27,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:56/47-13:59:13,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/47-13:59:13,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:45/47-13:59:13,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/47-13:59:13,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/47-13:59:13,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/47-13:59:13,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/47-13:59:13,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:30/47-13:59:13,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:52/47-13:59:13,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/47-13:59:13,1352) bpfilter_umh (root,26204,8096,00:00:24/47-13:59:13,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/47-13:59:13,1359) ntpd: asynchronous dns resolver (spot,361456,212100,2-16:42:25/47-13:59:12,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/47-13:59:12,1371) (sd-pam) (checkmk,48528,3180,00:00:00/47-13:59:12,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/47-13:59:12,1373) (sd-pam) (root,24216,5260,00:00:16/47-13:59:10,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/47-13:59:10,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/47-13:59:10,1485) /usr/sbin/cron -n (root,697508,77208,01:06:10/47-13:59:04,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,229824,73032,00:25:46/47-13:58:52,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/41-19:34:27,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/53:46,2570) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/02:53,4555) [kworker/2:2-events] (root,0,0,00:00:00/13:00,4768) [kworker/0:1-events] (root,35304,10040,00:00:00/9-14:27:22,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:38/9-14:27:21,10514) sshd: syslogtunnel (postfix,24244,8256,00:00:00/01:21:15,10898) pickup -l -t fifo -u (root,0,0,00:00:00/36:16,11263) [kworker/3:1-events] (root,6656,3524,00:00:00/00:00,13756) /bin/bash /usr/bin/check_mk_agent (root,13744,3364,00:00:00/00:00,13774) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,13775) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/10:19,14475) [kworker/3:0-ata_sff] (root,0,0,00:00:01/04:28:14,15451) [kworker/1:1-events] (root,0,0,00:00:00/48:33,15704) [kworker/2:0-events] (root,0,0,00:00:00/48:31,15769) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/33:16,17795) [kworker/1:0-events] (root,0,0,00:00:00/01:47:23,21827) [kworker/u8:0-events_unbound] (root,0,0,00:00:00/59:16,25528) [kworker/0:2-events] (root,0,0,00:00:00/05:07,29928) [kworker/3:2-ata_sff] (root,35308,10028,00:00:00/9-15:13:35,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:34/9-15:13:34,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-28 00:49 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363043afbabFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12460,00:02:13/45-13:10:01,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/45-13:10:01,2) [kthreadd] (root,0,0,00:00:00/45-13:10:01,3) [rcu_gp] (root,0,0,00:00:00/45-13:10:01,4) [rcu_par_gp] (root,0,0,00:00:00/45-13:10:01,5) [slub_flushwq] (root,0,0,00:00:00/45-13:10:01,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/45-13:10:01,9) [mm_percpu_wq] (root,0,0,00:00:00/45-13:10:01,10) [rcu_tasks_kthre] (root,0,0,00:00:00/45-13:10:01,11) [rcu_tasks_rude_] (root,0,0,00:00:00/45-13:10:01,12) [rcu_tasks_trace] (root,0,0,00:01:23/45-13:10:01,13) [ksoftirqd/0] (root,0,0,02:10:37/45-13:10:01,14) [rcu_preempt] (root,0,0,00:00:17/45-13:10:01,15) [migration/0] (root,0,0,00:00:00/45-13:10:01,16) [idle_inject/0] (root,0,0,00:00:00/45-13:10:01,18) [cpuhp/0] (root,0,0,00:00:00/45-13:10:01,19) [cpuhp/1] (root,0,0,00:00:00/45-13:10:01,20) [idle_inject/1] (root,0,0,00:00:17/45-13:10:01,21) [migration/1] (root,0,0,00:01:08/45-13:10:01,22) [ksoftirqd/1] (root,0,0,00:00:00/45-13:10:01,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/45-13:10:01,25) [cpuhp/2] (root,0,0,00:00:00/45-13:10:01,26) [idle_inject/2] (root,0,0,00:00:13/45-13:10:01,27) [migration/2] (root,0,0,01:25:15/45-13:10:01,28) [ksoftirqd/2] (root,0,0,00:00:00/45-13:10:01,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/45-13:10:01,31) [cpuhp/3] (root,0,0,00:00:00/45-13:10:01,32) [idle_inject/3] (root,0,0,00:00:16/45-13:10:01,33) [migration/3] (root,0,0,00:04:22/45-13:10:01,34) [ksoftirqd/3] (root,0,0,00:00:00/45-13:10:01,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/45-13:10:01,40) [kdevtmpfs] (root,0,0,00:00:00/45-13:10:01,41) [netns] (root,0,0,00:00:00/45-13:10:01,42) [inet_frag_wq] (root,0,0,00:00:16/45-13:10:01,43) [kauditd] (root,0,0,00:00:00/45-13:10:01,44) [khungtaskd] (root,0,0,00:00:00/45-13:10:01,45) [oom_reaper] (root,0,0,00:00:00/45-13:10:01,46) [writeback] (root,0,0,00:02:23/45-13:10:01,47) [kcompactd0] (root,0,0,00:00:00/45-13:10:01,48) [ksmd] (root,0,0,00:02:30/45-13:10:01,49) [khugepaged] (root,0,0,00:00:00/45-13:10:01,75) [kintegrityd] (root,0,0,00:00:00/45-13:10:01,76) [kblockd] (root,0,0,00:00:00/45-13:10:01,77) [blkcg_punt_bio] (root,0,0,00:00:00/45-13:10:01,79) [tpm_dev_wq] (root,0,0,00:00:00/45-13:10:01,80) [edac-poller] (root,0,0,00:00:00/45-13:10:01,81) [devfreq_wq] (root,0,0,00:00:00/45-13:10:01,110) [watchdogd] (root,0,0,00:00:03/45-13:10:01,111) [kswapd0] (root,0,0,00:00:12/45-13:10:01,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/45-13:09:59,115) [kthrotld] (root,0,0,00:00:00/45-13:09:59,116) [mld] (root,0,0,00:00:00/45-13:09:59,117) [ipv6_addrconf] (root,0,0,00:00:12/45-13:09:59,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/45-13:09:59,123) [kstrp] (root,0,0,00:00:00/45-13:09:59,124) [zswap-shrink] (root,0,0,00:00:00/45-13:09:59,125) [kworker/u9:0] (root,0,0,00:00:00/45-13:09:59,130) [charger_manager] (root,0,0,00:00:14/45-13:09:59,172) [kworker/1:1H-kblockd] (root,0,0,00:00:20/45-13:09:59,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/45-13:09:58,239) [kaluad] (root,0,0,00:00:00/45-13:09:58,258) [kmpath_rdacd] (root,0,0,00:00:00/45-13:09:58,304) [kmpathd] (root,0,0,00:00:00/45-13:09:58,305) [kmpath_handlerd] (root,0,0,00:00:00/45-13:09:57,342) [ata_sff] (root,0,0,00:00:00/45-13:09:57,343) [scsi_eh_0] (root,0,0,00:00:00/45-13:09:57,344) [scsi_tmf_0] (root,0,0,00:00:00/45-13:09:57,345) [scsi_eh_1] (root,0,0,00:00:00/45-13:09:57,346) [scsi_tmf_1] (root,0,0,00:01:31/45-13:09:54,366) [jbd2/vda1-8] (root,0,0,00:00:00/45-13:09:54,367) [ext4-rsv-conver] (root,38604,7856,00:01:17/45-13:09:42,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/45-13:09:41,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:11/45-13:09:39,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:27/45-13:09:08,511) /sbin/auditd (messagebus,22932,5408,00:02:30/45-13:09:07,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:25/45-13:09:07,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/45-13:09:07,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/45-13:09:05,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/45-13:09:05,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:54/45-13:08:51,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/45-13:08:51,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:34/45-13:08:51,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/45-13:08:51,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/45-13:08:51,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/45-13:08:51,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/45-13:08:51,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:28/45-13:08:51,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:36/45-13:08:51,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/45-13:08:51,1352) bpfilter_umh (root,26204,8096,00:00:23/45-13:08:51,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/45-13:08:51,1359) ntpd: asynchronous dns resolver (spot,362080,206200,2-14:33:34/45-13:08:50,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/45-13:08:50,1371) (sd-pam) (checkmk,48528,3180,00:00:00/45-13:08:50,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/45-13:08:50,1373) (sd-pam) (root,24216,5260,00:00:16/45-13:08:48,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/45-13:08:48,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/45-13:08:48,1485) /usr/sbin/cron -n (root,697508,78836,01:03:23/45-13:08:42,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,228800,71512,00:24:48/45-13:08:30,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:08:12,2530) [kworker/u8:2-ext4-rsv-conversion] (postfix,44628,9184,00:00:01/39-18:44:05,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/37:56,2565) [kworker/0:0] (root,0,0,00:00:01/02:23:37,7467) [kworker/1:1-events] (root,0,0,00:00:00/27:59,8464) [kworker/3:1-events] (postfix,24244,8216,00:00:00/52:50,9742) pickup -l -t fifo -u (root,0,0,00:00:00/01:23:09,9975) [kworker/2:2-events] (root,35304,10040,00:00:00/7-13:37:00,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:30/7-13:36:59,10514) sshd: syslogtunnel (root,0,0,00:00:00/01:38:12,13466) [kworker/1:2] (root,0,0,00:00:00/02:35,15812) [kworker/u8:0-writeback] (root,0,0,00:00:00/02:03,16485) [kworker/3:2-ata_sff] (root,0,0,00:00:01/03:59:17,23049) [kworker/0:2-events] (root,6656,3488,00:00:00/00:00,24044) /bin/bash /usr/bin/check_mk_agent (root,13744,3420,00:00:00/00:00,24062) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,24063) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:13,28407) [kworker/3:0-ata_sff] (root,0,0,00:00:00/47:50,30660) [kworker/2:1-events] (root,35308,10028,00:00:00/7-14:23:13,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:27/7-14:23:12,30947) sshd: cm-ssh (root,0,0,00:00:00/03:08:47,32405) [kworker/u8:1-flush-253:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-25 23:58 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683632a7d843fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:08/43-13:10:49,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/43-13:10:49,2) [kthreadd] (root,0,0,00:00:00/43-13:10:49,3) [rcu_gp] (root,0,0,00:00:00/43-13:10:49,4) [rcu_par_gp] (root,0,0,00:00:00/43-13:10:49,5) [slub_flushwq] (root,0,0,00:00:00/43-13:10:49,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/43-13:10:49,9) [mm_percpu_wq] (root,0,0,00:00:00/43-13:10:49,10) [rcu_tasks_kthre] (root,0,0,00:00:00/43-13:10:49,11) [rcu_tasks_rude_] (root,0,0,00:00:00/43-13:10:49,12) [rcu_tasks_trace] (root,0,0,00:01:20/43-13:10:49,13) [ksoftirqd/0] (root,0,0,02:05:09/43-13:10:49,14) [rcu_preempt] (root,0,0,00:00:16/43-13:10:49,15) [migration/0] (root,0,0,00:00:00/43-13:10:49,16) [idle_inject/0] (root,0,0,00:00:00/43-13:10:49,18) [cpuhp/0] (root,0,0,00:00:00/43-13:10:49,19) [cpuhp/1] (root,0,0,00:00:00/43-13:10:49,20) [idle_inject/1] (root,0,0,00:00:16/43-13:10:49,21) [migration/1] (root,0,0,00:01:05/43-13:10:49,22) [ksoftirqd/1] (root,0,0,00:00:00/43-13:10:49,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/43-13:10:49,25) [cpuhp/2] (root,0,0,00:00:00/43-13:10:49,26) [idle_inject/2] (root,0,0,00:00:12/43-13:10:49,27) [migration/2] (root,0,0,01:22:28/43-13:10:49,28) [ksoftirqd/2] (root,0,0,00:00:00/43-13:10:49,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/43-13:10:49,31) [cpuhp/3] (root,0,0,00:00:00/43-13:10:49,32) [idle_inject/3] (root,0,0,00:00:15/43-13:10:49,33) [migration/3] (root,0,0,00:04:12/43-13:10:49,34) [ksoftirqd/3] (root,0,0,00:00:00/43-13:10:49,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/43-13:10:49,40) [kdevtmpfs] (root,0,0,00:00:00/43-13:10:49,41) [netns] (root,0,0,00:00:00/43-13:10:49,42) [inet_frag_wq] (root,0,0,00:00:15/43-13:10:49,43) [kauditd] (root,0,0,00:00:00/43-13:10:49,44) [khungtaskd] (root,0,0,00:00:00/43-13:10:49,45) [oom_reaper] (root,0,0,00:00:00/43-13:10:49,46) [writeback] (root,0,0,00:02:17/43-13:10:49,47) [kcompactd0] (root,0,0,00:00:00/43-13:10:49,48) [ksmd] (root,0,0,00:02:24/43-13:10:49,49) [khugepaged] (root,0,0,00:00:00/43-13:10:49,75) [kintegrityd] (root,0,0,00:00:00/43-13:10:49,76) [kblockd] (root,0,0,00:00:00/43-13:10:49,77) [blkcg_punt_bio] (root,0,0,00:00:00/43-13:10:49,79) [tpm_dev_wq] (root,0,0,00:00:00/43-13:10:49,80) [edac-poller] (root,0,0,00:00:00/43-13:10:49,81) [devfreq_wq] (root,0,0,00:00:00/43-13:10:49,110) [watchdogd] (root,0,0,00:00:03/43-13:10:49,111) [kswapd0] (root,0,0,00:00:11/43-13:10:49,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/43-13:10:47,115) [kthrotld] (root,0,0,00:00:00/43-13:10:47,116) [mld] (root,0,0,00:00:00/43-13:10:47,117) [ipv6_addrconf] (root,0,0,00:00:12/43-13:10:47,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/43-13:10:47,123) [kstrp] (root,0,0,00:00:00/43-13:10:47,124) [zswap-shrink] (root,0,0,00:00:00/43-13:10:47,125) [kworker/u9:0] (root,0,0,00:00:00/43-13:10:47,130) [charger_manager] (root,0,0,00:00:13/43-13:10:47,172) [kworker/1:1H-kblockd] (root,0,0,00:00:19/43-13:10:47,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/43-13:10:46,239) [kaluad] (root,0,0,00:00:00/43-13:10:46,258) [kmpath_rdacd] (root,0,0,00:00:00/43-13:10:46,304) [kmpathd] (root,0,0,00:00:00/43-13:10:46,305) [kmpath_handlerd] (root,0,0,00:00:00/43-13:10:45,342) [ata_sff] (root,0,0,00:00:00/43-13:10:45,343) [scsi_eh_0] (root,0,0,00:00:00/43-13:10:45,344) [scsi_tmf_0] (root,0,0,00:00:00/43-13:10:45,345) [scsi_eh_1] (root,0,0,00:00:00/43-13:10:45,346) [scsi_tmf_1] (root,0,0,00:01:27/43-13:10:42,366) [jbd2/vda1-8] (root,0,0,00:00:00/43-13:10:42,367) [ext4-rsv-conver] (root,38604,7856,00:01:15/43-13:10:30,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/43-13:10:29,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:08/43-13:10:27,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:26/43-13:09:56,511) /sbin/auditd (messagebus,22932,5408,00:02:24/43-13:09:55,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:22/43-13:09:55,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/43-13:09:55,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/43-13:09:53,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/43-13:09:53,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/43:15,883) [kworker/2:0-events] (root,548872,30852,00:00:52/43-13:09:39,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/43-13:09:39,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:21/43-13:09:39,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/43-13:09:39,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/43-13:09:39,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/43-13:09:39,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/43-13:09:39,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:25/43-13:09:39,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:19/43-13:09:39,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/43-13:09:39,1352) bpfilter_umh (root,26204,8096,00:00:22/43-13:09:39,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/43-13:09:39,1359) ntpd: asynchronous dns resolver (spot,361584,206076,2-12:18:22/43-13:09:38,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/43-13:09:38,1371) (sd-pam) (checkmk,48528,3180,00:00:00/43-13:09:38,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/43-13:09:38,1373) (sd-pam) (root,24216,5260,00:00:15/43-13:09:36,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/43-13:09:36,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/43-13:09:36,1485) /usr/sbin/cron -n (root,697508,78764,01:00:35/43-13:09:30,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,227776,70172,00:23:49/43-13:09:18,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/37-18:44:53,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/23:42,3115) [kworker/0:0-events] (root,0,0,00:00:00/23:04,5878) [kworker/3:1-events] (root,35304,10040,00:00:00/5-13:37:48,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:23/5-13:37:47,10514) sshd: syslogtunnel (root,0,0,00:00:01/03:01:36,12041) [kworker/1:0-events] (root,0,0,00:00:00/28:34,14385) [kworker/2:2-events] (root,0,0,00:00:00/03:42,15011) [kworker/0:2-events] (root,0,0,00:00:00/18:53,16743) [kworker/1:2-events] (root,0,0,00:00:00/59:01,19317) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/02:20,20415) [kworker/3:0-ata_sff] (root,0,0,00:00:00/09:04,21985) [kworker/0:1-events] (postfix,24244,8252,00:00:00/01:15:21,22335) pickup -l -t fifo -u (root,0,0,00:00:00/01:14:28,23914) [kworker/u8:0-flush-253:0] (root,6656,3484,00:00:00/00:00,29650) /bin/bash /usr/bin/check_mk_agent (root,13744,3356,00:00:00/00:00,29668) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,29669) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10028,00:00:00/5-14:24:01,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:21/5-14:24:00,30947) sshd: cm-ssh (root,0,0,00:00:00/07:31,31306) [kworker/3:2-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-23 23:59 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a5e24d09Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:03/41-13:13:05,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/41-13:13:05,2) [kthreadd] (root,0,0,00:00:00/41-13:13:05,3) [rcu_gp] (root,0,0,00:00:00/41-13:13:05,4) [rcu_par_gp] (root,0,0,00:00:00/41-13:13:05,5) [slub_flushwq] (root,0,0,00:00:00/41-13:13:05,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/41-13:13:05,9) [mm_percpu_wq] (root,0,0,00:00:00/41-13:13:05,10) [rcu_tasks_kthre] (root,0,0,00:00:00/41-13:13:05,11) [rcu_tasks_rude_] (root,0,0,00:00:00/41-13:13:05,12) [rcu_tasks_trace] (root,0,0,00:01:16/41-13:13:05,13) [ksoftirqd/0] (root,0,0,01:59:17/41-13:13:05,14) [rcu_preempt] (root,0,0,00:00:16/41-13:13:05,15) [migration/0] (root,0,0,00:00:00/41-13:13:05,16) [idle_inject/0] (root,0,0,00:00:00/41-13:13:05,18) [cpuhp/0] (root,0,0,00:00:00/41-13:13:05,19) [cpuhp/1] (root,0,0,00:00:00/41-13:13:05,20) [idle_inject/1] (root,0,0,00:00:16/41-13:13:05,21) [migration/1] (root,0,0,00:01:02/41-13:13:05,22) [ksoftirqd/1] (root,0,0,00:00:00/41-13:13:05,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/41-13:13:05,25) [cpuhp/2] (root,0,0,00:00:00/41-13:13:05,26) [idle_inject/2] (root,0,0,00:00:12/41-13:13:05,27) [migration/2] (root,0,0,01:18:31/41-13:13:05,28) [ksoftirqd/2] (root,0,0,00:00:00/41-13:13:05,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/41-13:13:05,31) [cpuhp/3] (root,0,0,00:00:00/41-13:13:05,32) [idle_inject/3] (root,0,0,00:00:15/41-13:13:05,33) [migration/3] (root,0,0,00:03:59/41-13:13:05,34) [ksoftirqd/3] (root,0,0,00:00:00/41-13:13:05,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/41-13:13:05,40) [kdevtmpfs] (root,0,0,00:00:00/41-13:13:05,41) [netns] (root,0,0,00:00:00/41-13:13:05,42) [inet_frag_wq] (root,0,0,00:00:14/41-13:13:05,43) [kauditd] (root,0,0,00:00:00/41-13:13:05,44) [khungtaskd] (root,0,0,00:00:00/41-13:13:05,45) [oom_reaper] (root,0,0,00:00:00/41-13:13:05,46) [writeback] (root,0,0,00:02:11/41-13:13:05,47) [kcompactd0] (root,0,0,00:00:00/41-13:13:05,48) [ksmd] (root,0,0,00:02:17/41-13:13:05,49) [khugepaged] (root,0,0,00:00:00/41-13:13:05,75) [kintegrityd] (root,0,0,00:00:00/41-13:13:05,76) [kblockd] (root,0,0,00:00:00/41-13:13:05,77) [blkcg_punt_bio] (root,0,0,00:00:00/41-13:13:05,79) [tpm_dev_wq] (root,0,0,00:00:00/41-13:13:05,80) [edac-poller] (root,0,0,00:00:00/41-13:13:05,81) [devfreq_wq] (root,0,0,00:00:00/41-13:13:05,110) [watchdogd] (root,0,0,00:00:03/41-13:13:05,111) [kswapd0] (root,0,0,00:00:11/41-13:13:05,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/41-13:13:03,115) [kthrotld] (root,0,0,00:00:00/41-13:13:03,116) [mld] (root,0,0,00:00:00/41-13:13:03,117) [ipv6_addrconf] (root,0,0,00:00:11/41-13:13:03,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/41-13:13:03,123) [kstrp] (root,0,0,00:00:00/41-13:13:03,124) [zswap-shrink] (root,0,0,00:00:00/41-13:13:03,125) [kworker/u9:0] (root,0,0,00:00:00/41-13:13:03,130) [charger_manager] (root,0,0,00:00:13/41-13:13:03,172) [kworker/1:1H-kblockd] (root,0,0,00:00:18/41-13:13:03,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/41-13:13:02,239) [kaluad] (root,0,0,00:00:00/41-13:13:02,258) [kmpath_rdacd] (root,0,0,00:00:00/41-13:13:02,304) [kmpathd] (root,0,0,00:00:00/41-13:13:02,305) [kmpath_handlerd] (root,0,0,00:00:00/41-13:13:01,342) [ata_sff] (root,0,0,00:00:00/41-13:13:01,343) [scsi_eh_0] (root,0,0,00:00:00/41-13:13:01,344) [scsi_tmf_0] (root,0,0,00:00:00/41-13:13:01,345) [scsi_eh_1] (root,0,0,00:00:00/41-13:13:01,346) [scsi_tmf_1] (root,0,0,00:01:23/41-13:12:58,366) [jbd2/vda1-8] (root,0,0,00:00:00/41-13:12:58,367) [ext4-rsv-conver] (root,38604,7856,00:01:12/41-13:12:46,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:04/41-13:12:45,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:05/41-13:12:43,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:25/41-13:12:12,511) /sbin/auditd (messagebus,22932,5408,00:02:19/41-13:12:11,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:18/41-13:12:11,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/41-13:12:11,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/41-13:12:09,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/41-13:12:09,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30208,00:00:49/41-13:11:55,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/41-13:11:55,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:10/41-13:11:55,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/41-13:11:55,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/41-13:11:55,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/41-13:11:55,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/41-13:11:55,1343) /usr/lib/systemd/systemd --user (root,449060,8448,00:01:22/41-13:11:55,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:01/41-13:11:55,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/41-13:11:55,1352) bpfilter_umh (root,26204,8096,00:00:21/41-13:11:55,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/41-13:11:55,1359) ntpd: asynchronous dns resolver (spot,361728,206100,2-09:31:26/41-13:11:54,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/41-13:11:54,1371) (sd-pam) (checkmk,48528,3180,00:00:00/41-13:11:54,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/41-13:11:54,1373) (sd-pam) (root,24216,5260,00:00:14/41-13:11:52,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/41-13:11:52,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/41-13:11:52,1485) /usr/sbin/cron -n (root,697108,78400,00:57:44/41-13:11:46,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,226752,68936,00:22:49/41-13:11:34,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/35-18:47:09,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:00:41,3309) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/38:18,4186) [kworker/0:0] (root,0,0,00:00:00/04:04,5533) [kworker/3:0-ata_sff] (root,35304,10040,00:00:00/3-13:40:04,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:15/3-13:40:03,10514) sshd: syslogtunnel (root,0,0,00:00:00/19:40,12259) [kworker/3:1-events] (root,0,0,00:00:00/01:21:26,15424) [kworker/0:2-events] (root,0,0,00:00:02/10:37:45,16954) [kworker/2:1-events] (root,0,0,00:00:00/00:04,18912) [kworker/2:0-events] (root,6656,3488,00:00:00/00:00,19748) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,19766) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,19767) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/43:02,21069) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/09:17,21189) [kworker/3:2-ata_sff] (root,0,0,00:00:00/05:45,22117) [kworker/u8:0-writeback] (root,0,0,00:00:00/23:54,23332) [kworker/1:1-events] (root,0,0,00:00:00/14:26,27124) [kworker/1:0-events] (root,35308,10028,00:00:00/3-14:26:17,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:14/3-14:26:16,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-22 00:01 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f6019bd5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:57/39-13:09:08,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-13:09:08,2) [kthreadd] (root,0,0,00:00:00/39-13:09:08,3) [rcu_gp] (root,0,0,00:00:00/39-13:09:08,4) [rcu_par_gp] (root,0,0,00:00:00/39-13:09:08,5) [slub_flushwq] (root,0,0,00:00:00/39-13:09:08,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-13:09:08,9) [mm_percpu_wq] (root,0,0,00:00:00/39-13:09:08,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-13:09:08,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-13:09:08,12) [rcu_tasks_trace] (root,0,0,00:01:12/39-13:09:08,13) [ksoftirqd/0] (root,0,0,01:53:31/39-13:09:08,14) [rcu_preempt] (root,0,0,00:00:15/39-13:09:08,15) [migration/0] (root,0,0,00:00:00/39-13:09:08,16) [idle_inject/0] (root,0,0,00:00:00/39-13:09:08,18) [cpuhp/0] (root,0,0,00:00:00/39-13:09:08,19) [cpuhp/1] (root,0,0,00:00:00/39-13:09:08,20) [idle_inject/1] (root,0,0,00:00:15/39-13:09:08,21) [migration/1] (root,0,0,00:00:59/39-13:09:08,22) [ksoftirqd/1] (root,0,0,00:00:00/39-13:09:08,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-13:09:08,25) [cpuhp/2] (root,0,0,00:00:00/39-13:09:08,26) [idle_inject/2] (root,0,0,00:00:11/39-13:09:08,27) [migration/2] (root,0,0,01:13:55/39-13:09:08,28) [ksoftirqd/2] (root,0,0,00:00:00/39-13:09:08,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-13:09:08,31) [cpuhp/3] (root,0,0,00:00:00/39-13:09:08,32) [idle_inject/3] (root,0,0,00:00:14/39-13:09:08,33) [migration/3] (root,0,0,00:03:47/39-13:09:08,34) [ksoftirqd/3] (root,0,0,00:00:00/39-13:09:08,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-13:09:08,40) [kdevtmpfs] (root,0,0,00:00:00/39-13:09:08,41) [netns] (root,0,0,00:00:00/39-13:09:08,42) [inet_frag_wq] (root,0,0,00:00:14/39-13:09:08,43) [kauditd] (root,0,0,00:00:00/39-13:09:08,44) [khungtaskd] (root,0,0,00:00:00/39-13:09:08,45) [oom_reaper] (root,0,0,00:00:00/39-13:09:08,46) [writeback] (root,0,0,00:02:04/39-13:09:08,47) [kcompactd0] (root,0,0,00:00:00/39-13:09:08,48) [ksmd] (root,0,0,00:02:09/39-13:09:08,49) [khugepaged] (root,0,0,00:00:00/39-13:09:08,75) [kintegrityd] (root,0,0,00:00:00/39-13:09:08,76) [kblockd] (root,0,0,00:00:00/39-13:09:08,77) [blkcg_punt_bio] (root,0,0,00:00:00/39-13:09:08,79) [tpm_dev_wq] (root,0,0,00:00:00/39-13:09:08,80) [edac-poller] (root,0,0,00:00:00/39-13:09:08,81) [devfreq_wq] (root,0,0,00:00:00/39-13:09:08,110) [watchdogd] (root,0,0,00:00:02/39-13:09:08,111) [kswapd0] (root,0,0,00:00:10/39-13:09:08,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/39-13:09:06,115) [kthrotld] (root,0,0,00:00:00/39-13:09:06,116) [mld] (root,0,0,00:00:00/39-13:09:06,117) [ipv6_addrconf] (root,0,0,00:00:11/39-13:09:06,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-13:09:06,123) [kstrp] (root,0,0,00:00:00/39-13:09:06,124) [zswap-shrink] (root,0,0,00:00:00/39-13:09:06,125) [kworker/u9:0] (root,0,0,00:00:00/39-13:09:06,130) [charger_manager] (root,0,0,00:00:12/39-13:09:06,172) [kworker/1:1H-kblockd] (root,0,0,00:00:17/39-13:09:06,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/39-13:09:05,239) [kaluad] (root,0,0,00:00:00/39-13:09:05,258) [kmpath_rdacd] (root,0,0,00:00:00/39-13:09:05,304) [kmpathd] (root,0,0,00:00:00/39-13:09:05,305) [kmpath_handlerd] (root,0,0,00:00:00/39-13:09:04,342) [ata_sff] (root,0,0,00:00:00/39-13:09:04,343) [scsi_eh_0] (root,0,0,00:00:00/39-13:09:04,344) [scsi_tmf_0] (root,0,0,00:00:00/39-13:09:04,345) [scsi_eh_1] (root,0,0,00:00:00/39-13:09:04,346) [scsi_tmf_1] (root,0,0,00:01:19/39-13:09:01,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-13:09:01,367) [ext4-rsv-conver] (root,38604,7924,00:01:09/39-13:08:49,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/39-13:08:48,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:01:02/39-13:08:46,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:24/39-13:08:15,511) /sbin/auditd (messagebus,22932,5436,00:02:12/39-13:08:14,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:15/39-13:08:14,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/39-13:08:14,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/39-13:08:12,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/39-13:08:12,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30300,00:00:47/39-13:07:58,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/39-13:07:58,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:57/39-13:07:58,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/39-13:07:58,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/39-13:07:58,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/39-13:07:58,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/39-13:07:58,1343) /usr/lib/systemd/systemd --user (root,449060,8596,00:01:19/39-13:07:58,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:44/39-13:07:58,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/39-13:07:58,1352) bpfilter_umh (root,26204,8116,00:00:20/39-13:07:58,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/39-13:07:58,1359) ntpd: asynchronous dns resolver (spot,360848,198188,2-07:21:55/39-13:07:57,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/39-13:07:57,1371) (sd-pam) (checkmk,48528,3192,00:00:00/39-13:07:57,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/39-13:07:57,1373) (sd-pam) (root,24216,5260,00:00:14/39-13:07:55,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/39-13:07:55,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/39-13:07:55,1485) /usr/sbin/cron -n (root,697108,76496,00:54:52/39-13:07:49,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,67440,00:21:45/39-13:07:37,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/33-18:43:12,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:12:05,3019) [kworker/1:2-events] (root,0,0,00:00:00/02:36,4954) [kworker/u8:0-writeback] (root,0,0,00:00:00/24:37,6192) [kworker/2:2-events] (root,0,0,00:00:00/01:33,6910) [kworker/0:0] (root,0,0,00:00:00/01:31,6911) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:25:09,8710) [kworker/0:2-events] (root,35304,10040,00:00:00/1-13:36:07,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:07/1-13:36:06,10514) sshd: syslogtunnel (root,6656,3488,00:00:00/00:00,11703) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,11721) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,11722) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8232,00:00:00/16:25,11858) pickup -l -t fifo -u (root,0,0,00:00:00/02:57:21,12444) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:01/01:57:35,15998) [kworker/2:1-events] (root,0,0,00:00:00/22:18,17829) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:22:18,18830) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/29:10,21979) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/06:44,22374) [kworker/3:1-events] (root,35308,10028,00:00:00/1-14:22:20,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:07/1-14:22:19,30947) sshd: cm-ssh (root,0,0,00:00:00/01:11:17,31080) [kworker/1:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-19 23:57 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683636d93a81dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:51/37-12:03:58,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-12:03:58,2) [kthreadd] (root,0,0,00:00:00/37-12:03:58,3) [rcu_gp] (root,0,0,00:00:00/37-12:03:58,4) [rcu_par_gp] (root,0,0,00:00:00/37-12:03:58,5) [slub_flushwq] (root,0,0,00:00:00/37-12:03:58,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-12:03:58,9) [mm_percpu_wq] (root,0,0,00:00:00/37-12:03:58,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-12:03:58,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-12:03:58,12) [rcu_tasks_trace] (root,0,0,00:01:07/37-12:03:58,13) [ksoftirqd/0] (root,0,0,01:47:18/37-12:03:58,14) [rcu_preempt] (root,0,0,00:00:14/37-12:03:58,15) [migration/0] (root,0,0,00:00:00/37-12:03:58,16) [idle_inject/0] (root,0,0,00:00:00/37-12:03:58,18) [cpuhp/0] (root,0,0,00:00:00/37-12:03:58,19) [cpuhp/1] (root,0,0,00:00:00/37-12:03:58,20) [idle_inject/1] (root,0,0,00:00:14/37-12:03:58,21) [migration/1] (root,0,0,00:00:55/37-12:03:58,22) [ksoftirqd/1] (root,0,0,00:00:00/37-12:03:58,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-12:03:58,25) [cpuhp/2] (root,0,0,00:00:00/37-12:03:58,26) [idle_inject/2] (root,0,0,00:00:10/37-12:03:58,27) [migration/2] (root,0,0,01:07:50/37-12:03:58,28) [ksoftirqd/2] (root,0,0,00:00:00/37-12:03:58,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-12:03:58,31) [cpuhp/3] (root,0,0,00:00:00/37-12:03:58,32) [idle_inject/3] (root,0,0,00:00:13/37-12:03:58,33) [migration/3] (root,0,0,00:03:29/37-12:03:58,34) [ksoftirqd/3] (root,0,0,00:00:00/37-12:03:58,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-12:03:58,40) [kdevtmpfs] (root,0,0,00:00:00/37-12:03:58,41) [netns] (root,0,0,00:00:00/37-12:03:58,42) [inet_frag_wq] (root,0,0,00:00:13/37-12:03:58,43) [kauditd] (root,0,0,00:00:00/37-12:03:58,44) [khungtaskd] (root,0,0,00:00:00/37-12:03:58,45) [oom_reaper] (root,0,0,00:00:00/37-12:03:58,46) [writeback] (root,0,0,00:01:58/37-12:03:58,47) [kcompactd0] (root,0,0,00:00:00/37-12:03:58,48) [ksmd] (root,0,0,00:02:02/37-12:03:58,49) [khugepaged] (root,0,0,00:00:00/37-12:03:58,75) [kintegrityd] (root,0,0,00:00:00/37-12:03:58,76) [kblockd] (root,0,0,00:00:00/37-12:03:58,77) [blkcg_punt_bio] (root,0,0,00:00:00/37-12:03:58,79) [tpm_dev_wq] (root,0,0,00:00:00/37-12:03:58,80) [edac-poller] (root,0,0,00:00:00/37-12:03:58,81) [devfreq_wq] (root,0,0,00:00:00/37-12:03:58,110) [watchdogd] (root,0,0,00:00:02/37-12:03:58,111) [kswapd0] (root,0,0,00:00:10/37-12:03:58,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/37-12:03:56,115) [kthrotld] (root,0,0,00:00:00/37-12:03:56,116) [mld] (root,0,0,00:00:00/37-12:03:56,117) [ipv6_addrconf] (root,0,0,00:00:10/37-12:03:56,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-12:03:56,123) [kstrp] (root,0,0,00:00:00/37-12:03:56,124) [zswap-shrink] (root,0,0,00:00:00/37-12:03:56,125) [kworker/u9:0] (root,0,0,00:00:00/37-12:03:56,130) [charger_manager] (root,0,0,00:00:11/37-12:03:56,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/37-12:03:56,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/37-12:03:55,239) [kaluad] (root,0,0,00:00:00/37-12:03:55,258) [kmpath_rdacd] (root,0,0,00:00:00/37-12:03:55,304) [kmpathd] (root,0,0,00:00:00/37-12:03:55,305) [kmpath_handlerd] (root,0,0,00:00:00/37-12:03:54,342) [ata_sff] (root,0,0,00:00:00/37-12:03:54,343) [scsi_eh_0] (root,0,0,00:00:00/37-12:03:54,344) [scsi_tmf_0] (root,0,0,00:00:00/37-12:03:54,345) [scsi_eh_1] (root,0,0,00:00:00/37-12:03:54,346) [scsi_tmf_1] (root,0,0,00:01:14/37-12:03:51,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-12:03:51,367) [ext4-rsv-conver] (root,38604,7924,00:01:01/37-12:03:39,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/37-12:03:38,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:00:58/37-12:03:36,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:22/37-12:03:05,511) /sbin/auditd (messagebus,22932,5436,00:02:06/37-12:03:04,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:11/37-12:03:04,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/37-12:03:04,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/37-12:03:02,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/37-12:03:02,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30292,00:00:44/37-12:02:48,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/37-12:02:48,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:44/37-12:02:48,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/37-12:02:48,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/37-12:02:48,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/37-12:02:48,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/37-12:02:48,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:58/37-12:02:48,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:25/37-12:02:48,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/37-12:02:48,1352) bpfilter_umh (root,26204,8116,00:00:19/37-12:02:48,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/37-12:02:48,1359) ntpd: asynchronous dns resolver (spot,361680,198420,2-04:20:32/37-12:02:47,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/37-12:02:47,1371) (sd-pam) (checkmk,48528,3192,00:00:00/37-12:02:47,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/37-12:02:47,1373) (sd-pam) (root,24216,5260,00:00:13/37-12:02:45,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/37-12:02:45,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/37-12:02:45,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/37-12:02:42,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:19/37-12:02:41,1527) sshd: syslogtunnel (root,696596,75960,00:51:54/37-12:02:39,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66204,00:20:40/37-12:02:27,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/31-17:38:02,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/20:34,2691) [kworker/u8:1-ext4-rsv-conversion] (root,35308,10108,00:00:00/37-12:02:02,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:02:04/37-12:02:02,3218) sshd: cm-ssh (postfix,24244,8256,00:00:00/01:13:12,4691) pickup -l -t fifo -u (root,0,0,00:00:00/09:34,9208) [kworker/3:0-ata_sff] (root,6656,3452,00:00:00/00:00,11604) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,11622) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,11623) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:27:37,18233) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/07:09,18319) [kworker/1:2-events] (root,0,0,00:00:00/02:01:20,19177) [kworker/0:2-events] (root,0,0,00:00:00/53:22,19789) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/43:43,24321) [kworker/2:1-events] (root,0,0,00:00:00/01:06:58,26865) [kworker/1:0-events] (root,0,0,00:00:00/04:24,28403) [kworker/3:1-ata_sff] (root,0,0,00:00:00/57:56,32400) [kworker/2:2] (root,0,0,00:00:02/03:42:18,32737) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-17 22:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d88efdf6Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12620,00:01:45/35-11:03:21,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/35-11:03:21,2) [kthreadd] (root,0,0,00:00:00/35-11:03:21,3) [rcu_gp] (root,0,0,00:00:00/35-11:03:21,4) [rcu_par_gp] (root,0,0,00:00:00/35-11:03:21,5) [slub_flushwq] (root,0,0,00:00:00/35-11:03:21,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-11:03:21,9) [mm_percpu_wq] (root,0,0,00:00:00/35-11:03:21,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-11:03:21,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-11:03:21,12) [rcu_tasks_trace] (root,0,0,00:01:04/35-11:03:21,13) [ksoftirqd/0] (root,0,0,01:41:52/35-11:03:21,14) [rcu_preempt] (root,0,0,00:00:13/35-11:03:21,15) [migration/0] (root,0,0,00:00:00/35-11:03:21,16) [idle_inject/0] (root,0,0,00:00:00/35-11:03:21,18) [cpuhp/0] (root,0,0,00:00:00/35-11:03:21,19) [cpuhp/1] (root,0,0,00:00:00/35-11:03:21,20) [idle_inject/1] (root,0,0,00:00:13/35-11:03:21,21) [migration/1] (root,0,0,00:00:52/35-11:03:21,22) [ksoftirqd/1] (root,0,0,00:00:00/35-11:03:21,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-11:03:21,25) [cpuhp/2] (root,0,0,00:00:00/35-11:03:21,26) [idle_inject/2] (root,0,0,00:00:10/35-11:03:21,27) [migration/2] (root,0,0,01:04:50/35-11:03:21,28) [ksoftirqd/2] (root,0,0,00:00:00/35-11:03:21,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-11:03:21,31) [cpuhp/3] (root,0,0,00:00:00/35-11:03:21,32) [idle_inject/3] (root,0,0,00:00:12/35-11:03:21,33) [migration/3] (root,0,0,00:03:20/35-11:03:21,34) [ksoftirqd/3] (root,0,0,00:00:00/35-11:03:21,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-11:03:21,40) [kdevtmpfs] (root,0,0,00:00:00/35-11:03:21,41) [netns] (root,0,0,00:00:00/35-11:03:21,42) [inet_frag_wq] (root,0,0,00:00:12/35-11:03:21,43) [kauditd] (root,0,0,00:00:00/35-11:03:21,44) [khungtaskd] (root,0,0,00:00:00/35-11:03:21,45) [oom_reaper] (root,0,0,00:00:00/35-11:03:21,46) [writeback] (root,0,0,00:01:52/35-11:03:21,47) [kcompactd0] (root,0,0,00:00:00/35-11:03:21,48) [ksmd] (root,0,0,00:01:55/35-11:03:21,49) [khugepaged] (root,0,0,00:00:00/35-11:03:21,75) [kintegrityd] (root,0,0,00:00:00/35-11:03:21,76) [kblockd] (root,0,0,00:00:00/35-11:03:21,77) [blkcg_punt_bio] (root,0,0,00:00:00/35-11:03:21,79) [tpm_dev_wq] (root,0,0,00:00:00/35-11:03:21,80) [edac-poller] (root,0,0,00:00:00/35-11:03:21,81) [devfreq_wq] (root,0,0,00:00:00/35-11:03:21,110) [watchdogd] (root,0,0,00:00:02/35-11:03:21,111) [kswapd0] (root,0,0,00:00:09/35-11:03:21,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/35-11:03:19,115) [kthrotld] (root,0,0,00:00:00/35-11:03:19,116) [mld] (root,0,0,00:00:00/35-11:03:19,117) [ipv6_addrconf] (root,0,0,00:00:10/35-11:03:19,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-11:03:19,123) [kstrp] (root,0,0,00:00:00/35-11:03:19,124) [zswap-shrink] (root,0,0,00:00:00/35-11:03:19,125) [kworker/u9:0] (root,0,0,00:00:00/35-11:03:19,130) [charger_manager] (root,0,0,00:00:10/35-11:03:19,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/35-11:03:19,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/35-11:03:18,239) [kaluad] (root,0,0,00:00:00/35-11:03:18,258) [kmpath_rdacd] (root,0,0,00:00:00/35-11:03:18,304) [kmpathd] (root,0,0,00:00:00/35-11:03:18,305) [kmpath_handlerd] (root,0,0,00:00:00/35-11:03:17,342) [ata_sff] (root,0,0,00:00:00/35-11:03:17,343) [scsi_eh_0] (root,0,0,00:00:00/35-11:03:17,344) [scsi_tmf_0] (root,0,0,00:00:00/35-11:03:17,345) [scsi_eh_1] (root,0,0,00:00:00/35-11:03:17,346) [scsi_tmf_1] (root,0,0,00:01:11/35-11:03:14,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-11:03:14,367) [ext4-rsv-conver] (root,38604,7924,00:00:58/35-11:03:02,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/35-11:03:01,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:00:55/35-11:02:59,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:21/35-11:02:28,511) /sbin/auditd (messagebus,22932,5436,00:01:59/35-11:02:27,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:07/35-11:02:27,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/35-11:02:27,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/35-11:02:25,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/35-11:02:25,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29640,00:00:41/35-11:02:11,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/35-11:02:11,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:31/35-11:02:11,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/35-11:02:11,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/35-11:02:11,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/35-11:02:11,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/35-11:02:11,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:55/35-11:02:11,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:07/35-11:02:11,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/35-11:02:11,1352) bpfilter_umh (root,26204,8116,00:00:18/35-11:02:11,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/35-11:02:11,1359) ntpd: asynchronous dns resolver (spot,361552,198388,2-02:10:43/35-11:02:10,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/35-11:02:10,1371) (sd-pam) (checkmk,48528,3192,00:00:00/35-11:02:10,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/35-11:02:10,1373) (sd-pam) (root,24216,5260,00:00:12/35-11:02:08,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/35-11:02:08,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/35-11:02:08,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/35-11:02:05,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:12/35-11:02:04,1527) sshd: syslogtunnel (root,696596,77900,00:49:05/35-11:02:02,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,223680,64848,00:19:38/35-11:01:50,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/29-16:37:25,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/35-11:01:25,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:57/35-11:01:25,3218) sshd: cm-ssh (root,0,0,00:00:00/10:55,3248) [kworker/2:1] (root,0,0,00:00:00/40:02,3274) [kworker/0:2-events] (postfix,24244,8256,00:00:00/34:25,11037) pickup -l -t fifo -u (root,0,0,00:00:00/05:49,13732) [kworker/3:1-ata_sff] (root,0,0,00:00:00/04:25:09,14251) [kworker/u8:1] (root,0,0,00:00:00/04:21:29,14637) [kworker/2:0-events] (root,0,0,00:00:00/21:22,16573) [kworker/3:0-events] (root,0,0,00:00:00/19:15,19269) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/02:30,20362) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/01:09:51,23023) [kworker/1:1-events] (root,0,0,00:00:00/02:42:01,24304) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/00:36,25972) [kworker/3:2-ata_sff] (root,6656,3492,00:00:00/00:00,28335) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,28338) /bin/bash /usr/bin/check_mk_agent (root,13744,3532,00:00:00/00:00,28370) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,28371) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/15:03,28809) [kworker/0:1] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-15 21:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683631c2cf243Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:39/33-12:24:27,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/33-12:24:27,2) [kthreadd] (root,0,0,00:00:00/33-12:24:27,3) [rcu_gp] (root,0,0,00:00:00/33-12:24:27,4) [rcu_par_gp] (root,0,0,00:00:00/33-12:24:27,5) [slub_flushwq] (root,0,0,00:00:00/33-12:24:27,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-12:24:27,9) [mm_percpu_wq] (root,0,0,00:00:00/33-12:24:27,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-12:24:27,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-12:24:27,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-12:24:27,13) [ksoftirqd/0] (root,0,0,01:36:42/33-12:24:27,14) [rcu_preempt] (root,0,0,00:00:12/33-12:24:27,15) [migration/0] (root,0,0,00:00:00/33-12:24:27,16) [idle_inject/0] (root,0,0,00:00:00/33-12:24:27,18) [cpuhp/0] (root,0,0,00:00:00/33-12:24:27,19) [cpuhp/1] (root,0,0,00:00:00/33-12:24:27,20) [idle_inject/1] (root,0,0,00:00:12/33-12:24:27,21) [migration/1] (root,0,0,00:00:50/33-12:24:27,22) [ksoftirqd/1] (root,0,0,00:00:00/33-12:24:27,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-12:24:27,25) [cpuhp/2] (root,0,0,00:00:00/33-12:24:27,26) [idle_inject/2] (root,0,0,00:00:09/33-12:24:27,27) [migration/2] (root,0,0,01:01:49/33-12:24:27,28) [ksoftirqd/2] (root,0,0,00:00:00/33-12:24:27,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-12:24:27,31) [cpuhp/3] (root,0,0,00:00:00/33-12:24:27,32) [idle_inject/3] (root,0,0,00:00:12/33-12:24:27,33) [migration/3] (root,0,0,00:03:11/33-12:24:27,34) [ksoftirqd/3] (root,0,0,00:00:00/33-12:24:27,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-12:24:27,40) [kdevtmpfs] (root,0,0,00:00:00/33-12:24:27,41) [netns] (root,0,0,00:00:00/33-12:24:27,42) [inet_frag_wq] (root,0,0,00:00:12/33-12:24:27,43) [kauditd] (root,0,0,00:00:00/33-12:24:27,44) [khungtaskd] (root,0,0,00:00:00/33-12:24:27,45) [oom_reaper] (root,0,0,00:00:00/33-12:24:27,46) [writeback] (root,0,0,00:01:46/33-12:24:27,47) [kcompactd0] (root,0,0,00:00:00/33-12:24:27,48) [ksmd] (root,0,0,00:01:49/33-12:24:27,49) [khugepaged] (root,0,0,00:00:00/33-12:24:27,75) [kintegrityd] (root,0,0,00:00:00/33-12:24:27,76) [kblockd] (root,0,0,00:00:00/33-12:24:27,77) [blkcg_punt_bio] (root,0,0,00:00:00/33-12:24:27,79) [tpm_dev_wq] (root,0,0,00:00:00/33-12:24:27,80) [edac-poller] (root,0,0,00:00:00/33-12:24:27,81) [devfreq_wq] (root,0,0,00:00:00/33-12:24:27,110) [watchdogd] (root,0,0,00:00:02/33-12:24:27,111) [kswapd0] (root,0,0,00:00:09/33-12:24:27,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/33-12:24:25,115) [kthrotld] (root,0,0,00:00:00/33-12:24:25,116) [mld] (root,0,0,00:00:00/33-12:24:25,117) [ipv6_addrconf] (root,0,0,00:00:09/33-12:24:25,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-12:24:25,123) [kstrp] (root,0,0,00:00:00/33-12:24:25,124) [zswap-shrink] (root,0,0,00:00:00/33-12:24:25,125) [kworker/u9:0] (root,0,0,00:00:00/33-12:24:25,130) [charger_manager] (root,0,0,00:00:10/33-12:24:25,172) [kworker/1:1H-kblockd] (root,0,0,00:00:15/33-12:24:25,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/33-12:24:24,239) [kaluad] (root,0,0,00:00:00/33-12:24:24,258) [kmpath_rdacd] (root,0,0,00:00:00/33-12:24:24,304) [kmpathd] (root,0,0,00:00:00/33-12:24:24,305) [kmpath_handlerd] (root,0,0,00:00:00/33-12:24:23,342) [ata_sff] (root,0,0,00:00:00/33-12:24:23,343) [scsi_eh_0] (root,0,0,00:00:00/33-12:24:23,344) [scsi_tmf_0] (root,0,0,00:00:00/33-12:24:23,345) [scsi_eh_1] (root,0,0,00:00:00/33-12:24:23,346) [scsi_tmf_1] (root,0,0,00:01:07/33-12:24:20,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-12:24:20,367) [ext4-rsv-conver] (root,38604,7944,00:00:54/33-12:24:08,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/33-12:24:07,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:52/33-12:24:05,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:20/33-12:23:34,511) /sbin/auditd (messagebus,22932,5632,00:01:52/33-12:23:33,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:01:03/33-12:23:33,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/33-12:23:33,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/33-12:23:31,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/33-12:23:31,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:39/33-12:23:17,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/33-12:23:17,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:22/33-12:23:17,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/33-12:23:17,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/33-12:23:17,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/33-12:23:17,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/33-12:23:17,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:51/33-12:23:17,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:51/33-12:23:17,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/33-12:23:17,1352) bpfilter_umh (root,26204,8128,00:00:17/33-12:23:17,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/33-12:23:17,1359) ntpd: asynchronous dns resolver (spot,360976,199960,2-00:17:08/33-12:23:16,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/33-12:23:16,1371) (sd-pam) (checkmk,48528,3192,00:00:00/33-12:23:16,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/33-12:23:16,1373) (sd-pam) (root,24216,5260,00:00:11/33-12:23:14,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/33-12:23:14,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/33-12:23:14,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/33-12:23:11,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:05/33-12:23:10,1527) sshd: syslogtunnel (root,694036,73228,00:46:23/33-12:23:08,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,222656,63352,00:18:41/33-12:22:56,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/27-17:58:31,2557) tlsmgr -l -t unix -u (root,0,0,00:00:01/01:40:19,2925) [kworker/3:2-events] (root,0,0,00:00:00/01:43,3078) [kworker/3:0-ata_sff] (root,35308,10108,00:00:00/33-12:22:31,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:51/33-12:22:31,3218) sshd: cm-ssh (root,0,0,00:00:00/22:44,3835) [kworker/1:1-cgroup_destroy] (root,0,0,00:00:00/12:40,7410) [kworker/u8:1-writeback] (root,0,0,00:00:00/12:06,10297) [kworker/3:1-ata_sff] (root,6656,3488,00:00:00/00:00,12220) /bin/bash /usr/bin/check_mk_agent (root,13744,3476,00:00:00/00:00,12238) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,12239) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/04:09:50,15620) [kworker/2:2-events] (root,0,0,00:00:00/29:23,17463) [kworker/0:0] (root,0,0,00:00:00/49:31,21273) [kworker/0:1-events] (root,0,0,00:00:00/01:23:06,22539) [kworker/u8:2-ext4-rsv-conversion] (postfix,24244,8228,00:00:00/36:22,25034) pickup -l -t fifo -u (root,0,0,00:00:00/36:10,25667) [kworker/1:0-events] (root,0,0,00:00:00/56:22,29580) [kworker/2:1] (root,0,0,00:00:00/02:50,30034) [kworker/1:2] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-13 23:13 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f3548b95Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:32/31-10:36:16,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-10:36:16,2) [kthreadd] (root,0,0,00:00:00/31-10:36:16,3) [rcu_gp] (root,0,0,00:00:00/31-10:36:16,4) [rcu_par_gp] (root,0,0,00:00:00/31-10:36:16,5) [slub_flushwq] (root,0,0,00:00:00/31-10:36:16,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-10:36:16,9) [mm_percpu_wq] (root,0,0,00:00:00/31-10:36:16,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-10:36:16,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-10:36:16,12) [rcu_tasks_trace] (root,0,0,00:00:58/31-10:36:16,13) [ksoftirqd/0] (root,0,0,01:31:06/31-10:36:16,14) [rcu_preempt] (root,0,0,00:00:12/31-10:36:16,15) [migration/0] (root,0,0,00:00:00/31-10:36:16,16) [idle_inject/0] (root,0,0,00:00:00/31-10:36:16,18) [cpuhp/0] (root,0,0,00:00:00/31-10:36:16,19) [cpuhp/1] (root,0,0,00:00:00/31-10:36:16,20) [idle_inject/1] (root,0,0,00:00:12/31-10:36:16,21) [migration/1] (root,0,0,00:00:47/31-10:36:16,22) [ksoftirqd/1] (root,0,0,00:00:00/31-10:36:16,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-10:36:16,25) [cpuhp/2] (root,0,0,00:00:00/31-10:36:16,26) [idle_inject/2] (root,0,0,00:00:09/31-10:36:16,27) [migration/2] (root,0,0,00:58:25/31-10:36:16,28) [ksoftirqd/2] (root,0,0,00:00:00/31-10:36:16,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-10:36:16,31) [cpuhp/3] (root,0,0,00:00:00/31-10:36:16,32) [idle_inject/3] (root,0,0,00:00:11/31-10:36:16,33) [migration/3] (root,0,0,00:03:01/31-10:36:16,34) [ksoftirqd/3] (root,0,0,00:00:00/31-10:36:16,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-10:36:16,40) [kdevtmpfs] (root,0,0,00:00:00/31-10:36:16,41) [netns] (root,0,0,00:00:00/31-10:36:16,42) [inet_frag_wq] (root,0,0,00:00:11/31-10:36:16,43) [kauditd] (root,0,0,00:00:00/31-10:36:16,44) [khungtaskd] (root,0,0,00:00:00/31-10:36:16,45) [oom_reaper] (root,0,0,00:00:00/31-10:36:16,46) [writeback] (root,0,0,00:01:40/31-10:36:16,47) [kcompactd0] (root,0,0,00:00:00/31-10:36:16,48) [ksmd] (root,0,0,00:01:43/31-10:36:16,49) [khugepaged] (root,0,0,00:00:00/31-10:36:16,75) [kintegrityd] (root,0,0,00:00:00/31-10:36:16,76) [kblockd] (root,0,0,00:00:00/31-10:36:16,77) [blkcg_punt_bio] (root,0,0,00:00:00/31-10:36:16,79) [tpm_dev_wq] (root,0,0,00:00:00/31-10:36:16,80) [edac-poller] (root,0,0,00:00:00/31-10:36:16,81) [devfreq_wq] (root,0,0,00:00:00/31-10:36:16,110) [watchdogd] (root,0,0,00:00:02/31-10:36:16,111) [kswapd0] (root,0,0,00:00:08/31-10:36:16,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/31-10:36:14,115) [kthrotld] (root,0,0,00:00:00/31-10:36:14,116) [mld] (root,0,0,00:00:00/31-10:36:14,117) [ipv6_addrconf] (root,0,0,00:00:09/31-10:36:14,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-10:36:14,123) [kstrp] (root,0,0,00:00:00/31-10:36:14,124) [zswap-shrink] (root,0,0,00:00:00/31-10:36:14,125) [kworker/u9:0] (root,0,0,00:00:00/31-10:36:14,130) [charger_manager] (root,0,0,00:00:09/31-10:36:14,172) [kworker/1:1H-kblockd] (root,0,0,00:00:14/31-10:36:14,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/31-10:36:13,239) [kaluad] (root,0,0,00:00:00/31-10:36:13,258) [kmpath_rdacd] (root,0,0,00:00:00/31-10:36:13,304) [kmpathd] (root,0,0,00:00:00/31-10:36:13,305) [kmpath_handlerd] (root,0,0,00:00:00/31-10:36:12,342) [ata_sff] (root,0,0,00:00:00/31-10:36:12,343) [scsi_eh_0] (root,0,0,00:00:00/31-10:36:12,344) [scsi_tmf_0] (root,0,0,00:00:00/31-10:36:12,345) [scsi_eh_1] (root,0,0,00:00:00/31-10:36:12,346) [scsi_tmf_1] (root,0,0,00:01:03/31-10:36:09,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-10:36:09,367) [ext4-rsv-conver] (root,38604,7944,00:00:50/31-10:35:57,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/31-10:35:56,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:49/31-10:35:54,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:18/31-10:35:23,511) /sbin/auditd (messagebus,22932,5632,00:01:44/31-10:35:22,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:58/31-10:35:22,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/31-10:35:22,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/31-10:35:20,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/31-10:35:20,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:37/31-10:35:06,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/31-10:35:06,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:09/31-10:35:06,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/31-10:35:06,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/31-10:35:06,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/31-10:35:06,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/31-10:35:06,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:48/31-10:35:06,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:34/31-10:35:06,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/31-10:35:06,1352) bpfilter_umh (root,26204,8128,00:00:16/31-10:35:06,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/31-10:35:06,1359) ntpd: asynchronous dns resolver (spot,361888,200216,1-22:01:10/31-10:35:05,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/31-10:35:05,1371) (sd-pam) (checkmk,48528,3192,00:00:00/31-10:35:05,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/31-10:35:05,1373) (sd-pam) (root,24216,5260,00:00:11/31-10:35:03,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/31-10:35:03,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/31-10:35:03,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/31-10:35:00,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:57/31-10:34:59,1527) sshd: syslogtunnel (root,693780,74896,00:43:33/31-10:34:57,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,221632,61976,00:17:36/31-10:34:45,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/25-16:10:20,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/31-10:34:20,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:44/31-10:34:20,3218) sshd: cm-ssh (root,0,0,00:00:00/33:20,5424) [kworker/0:2-events] (root,0,0,00:00:00/14:17,8236) [kworker/3:1-events] (root,0,0,00:00:00/14:05,8237) [kworker/u8:0-writeback] (root,0,0,00:00:00/02:13:28,8637) [kworker/1:1-mm_percpu_wq] (root,0,0,00:00:00/40:01,10736) [kworker/0:0-events] (root,0,0,00:00:00/15:44:52,11736) [kworker/u8:1-ext4-rsv-conversion] (postfix,24244,8172,00:00:00/50:13,12724) pickup -l -t fifo -u (root,0,0,00:00:00/03:54,13427) [kworker/3:2-ata_sff] (root,0,0,00:00:00/30:02,17037) [kworker/2:2-events] (root,0,0,00:00:00/02:44,18658) [kworker/2:0] (root,0,0,00:00:00/56:48,22602) [kworker/2:1-events] (root,0,0,00:00:00/46:47,23131) [kworker/1:0-events] (root,0,0,00:00:00/09:05,26150) [kworker/3:0-ata_sff] (root,6656,3488,00:00:00/00:00,27237) /bin/bash /usr/bin/check_mk_agent (root,13744,3380,00:00:00/00:00,27255) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,27256) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-11 21:24 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a87a51f4Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:25/29-11:19:53,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-11:19:53,2) [kthreadd] (root,0,0,00:00:00/29-11:19:53,3) [rcu_gp] (root,0,0,00:00:00/29-11:19:53,4) [rcu_par_gp] (root,0,0,00:00:00/29-11:19:53,5) [slub_flushwq] (root,0,0,00:00:00/29-11:19:53,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-11:19:53,9) [mm_percpu_wq] (root,0,0,00:00:00/29-11:19:53,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-11:19:53,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-11:19:53,12) [rcu_tasks_trace] (root,0,0,00:00:55/29-11:19:53,13) [ksoftirqd/0] (root,0,0,01:25:25/29-11:19:53,14) [rcu_preempt] (root,0,0,00:00:11/29-11:19:53,15) [migration/0] (root,0,0,00:00:00/29-11:19:53,16) [idle_inject/0] (root,0,0,00:00:00/29-11:19:53,18) [cpuhp/0] (root,0,0,00:00:00/29-11:19:53,19) [cpuhp/1] (root,0,0,00:00:00/29-11:19:53,20) [idle_inject/1] (root,0,0,00:00:11/29-11:19:53,21) [migration/1] (root,0,0,00:00:44/29-11:19:53,22) [ksoftirqd/1] (root,0,0,00:00:00/29-11:19:53,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-11:19:53,25) [cpuhp/2] (root,0,0,00:00:00/29-11:19:53,26) [idle_inject/2] (root,0,0,00:00:08/29-11:19:53,27) [migration/2] (root,0,0,00:54:28/29-11:19:53,28) [ksoftirqd/2] (root,0,0,00:00:00/29-11:19:53,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-11:19:53,31) [cpuhp/3] (root,0,0,00:00:00/29-11:19:53,32) [idle_inject/3] (root,0,0,00:00:10/29-11:19:53,33) [migration/3] (root,0,0,00:02:50/29-11:19:53,34) [ksoftirqd/3] (root,0,0,00:00:00/29-11:19:53,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-11:19:53,40) [kdevtmpfs] (root,0,0,00:00:00/29-11:19:53,41) [netns] (root,0,0,00:00:00/29-11:19:53,42) [inet_frag_wq] (root,0,0,00:00:10/29-11:19:53,43) [kauditd] (root,0,0,00:00:00/29-11:19:53,44) [khungtaskd] (root,0,0,00:00:00/29-11:19:53,45) [oom_reaper] (root,0,0,00:00:00/29-11:19:53,46) [writeback] (root,0,0,00:01:34/29-11:19:53,47) [kcompactd0] (root,0,0,00:00:00/29-11:19:53,48) [ksmd] (root,0,0,00:01:35/29-11:19:53,49) [khugepaged] (root,0,0,00:00:00/29-11:19:53,75) [kintegrityd] (root,0,0,00:00:00/29-11:19:53,76) [kblockd] (root,0,0,00:00:00/29-11:19:53,77) [blkcg_punt_bio] (root,0,0,00:00:00/29-11:19:53,79) [tpm_dev_wq] (root,0,0,00:00:00/29-11:19:53,80) [edac-poller] (root,0,0,00:00:00/29-11:19:53,81) [devfreq_wq] (root,0,0,00:00:00/29-11:19:53,110) [watchdogd] (root,0,0,00:00:02/29-11:19:53,111) [kswapd0] (root,0,0,00:00:08/29-11:19:53,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/29-11:19:51,115) [kthrotld] (root,0,0,00:00:00/29-11:19:51,116) [mld] (root,0,0,00:00:00/29-11:19:51,117) [ipv6_addrconf] (root,0,0,00:00:08/29-11:19:51,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-11:19:51,123) [kstrp] (root,0,0,00:00:00/29-11:19:51,124) [zswap-shrink] (root,0,0,00:00:00/29-11:19:51,125) [kworker/u9:0] (root,0,0,00:00:00/29-11:19:51,130) [charger_manager] (root,0,0,00:00:09/29-11:19:51,172) [kworker/1:1H-kblockd] (root,0,0,00:00:13/29-11:19:51,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/29-11:19:50,239) [kaluad] (root,0,0,00:00:00/29-11:19:50,258) [kmpath_rdacd] (root,0,0,00:00:00/29-11:19:50,304) [kmpathd] (root,0,0,00:00:00/29-11:19:50,305) [kmpath_handlerd] (root,0,0,00:00:00/29-11:19:49,342) [ata_sff] (root,0,0,00:00:00/29-11:19:49,343) [scsi_eh_0] (root,0,0,00:00:00/29-11:19:49,344) [scsi_tmf_0] (root,0,0,00:00:00/29-11:19:49,345) [scsi_eh_1] (root,0,0,00:00:00/29-11:19:49,346) [scsi_tmf_1] (root,0,0,00:00:59/29-11:19:46,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-11:19:46,367) [ext4-rsv-conver] (root,38604,7944,00:00:47/29-11:19:34,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/29-11:19:33,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:46/29-11:19:31,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:17/29-11:19:00,511) /sbin/auditd (messagebus,22932,5632,00:01:35/29-11:18:59,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:54/29-11:18:59,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/29-11:18:59,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/29-11:18:57,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/29-11:18:57,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:34/29-11:18:43,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/29-11:18:43,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:59/29-11:18:43,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/29-11:18:43,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/29-11:18:43,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/29-11:18:43,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/29-11:18:43,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:45/29-11:18:43,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:16/29-11:18:43,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/29-11:18:43,1352) bpfilter_umh (root,26204,8128,00:00:14/29-11:18:43,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/29-11:18:43,1359) ntpd: asynchronous dns resolver (spot,361456,200116,1-19:43:05/29-11:18:42,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/29-11:18:42,1371) (sd-pam) (checkmk,48528,3192,00:00:00/29-11:18:42,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/29-11:18:42,1373) (sd-pam) (root,24216,5260,00:00:10/29-11:18:40,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/29-11:18:40,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/29-11:18:40,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/29-11:18:37,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:50/29-11:18:36,1527) sshd: syslogtunnel (root,693524,74428,00:40:44/29-11:18:34,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,220608,60744,00:16:34/29-11:18:22,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/23-16:53:57,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/29-11:17:57,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:38/29-11:17:57,3218) sshd: cm-ssh (root,0,0,00:00:00/08:20,4977) [kworker/2:0-events] (root,0,0,00:00:00/02:49:33,5369) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/01:34,9799) [kworker/1:0-mm_percpu_wq] (root,0,0,00:00:00/58:05,9946) [kworker/u8:1-flush-253:0] (root,0,0,00:00:01/01:27:09,16583) [kworker/3:2-events] (root,6656,3492,00:00:00/00:00,17366) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,17384) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,1012,00:00:00/00:00,17385) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/11:46,18169) [kworker/0:2-events] (root,0,0,00:00:00/01:26:02,20379) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/04:57,21874) [kworker/3:0-ata_sff] (root,0,0,00:00:00/43:56,22291) [kworker/0:1-events] (postfix,24244,8236,00:00:00/15:45,24925) pickup -l -t fifo -u (root,0,0,00:00:00/10:08,26080) [kworker/3:1-ata_sff] (root,0,0,00:00:00/15:00,31224) [kworker/1:1-events] (root,0,0,00:00:00/03:24:45,31631) [kworker/u8:0-ext4-rsv-conversion] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-09 22:08 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ebfa136fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:18/27-11:24:51,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-11:24:51,2) [kthreadd] (root,0,0,00:00:00/27-11:24:51,3) [rcu_gp] (root,0,0,00:00:00/27-11:24:51,4) [rcu_par_gp] (root,0,0,00:00:00/27-11:24:51,5) [slub_flushwq] (root,0,0,00:00:00/27-11:24:51,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-11:24:51,9) [mm_percpu_wq] (root,0,0,00:00:00/27-11:24:51,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-11:24:51,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-11:24:51,12) [rcu_tasks_trace] (root,0,0,00:00:51/27-11:24:51,13) [ksoftirqd/0] (root,0,0,01:19:58/27-11:24:51,14) [rcu_preempt] (root,0,0,00:00:10/27-11:24:51,15) [migration/0] (root,0,0,00:00:00/27-11:24:51,16) [idle_inject/0] (root,0,0,00:00:00/27-11:24:51,18) [cpuhp/0] (root,0,0,00:00:00/27-11:24:51,19) [cpuhp/1] (root,0,0,00:00:00/27-11:24:51,20) [idle_inject/1] (root,0,0,00:00:10/27-11:24:51,21) [migration/1] (root,0,0,00:00:42/27-11:24:51,22) [ksoftirqd/1] (root,0,0,00:00:00/27-11:24:51,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-11:24:51,25) [cpuhp/2] (root,0,0,00:00:00/27-11:24:51,26) [idle_inject/2] (root,0,0,00:00:08/27-11:24:51,27) [migration/2] (root,0,0,00:51:25/27-11:24:51,28) [ksoftirqd/2] (root,0,0,00:00:00/27-11:24:51,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-11:24:51,31) [cpuhp/3] (root,0,0,00:00:00/27-11:24:51,32) [idle_inject/3] (root,0,0,00:00:10/27-11:24:51,33) [migration/3] (root,0,0,00:02:40/27-11:24:51,34) [ksoftirqd/3] (root,0,0,00:00:00/27-11:24:51,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-11:24:51,40) [kdevtmpfs] (root,0,0,00:00:00/27-11:24:51,41) [netns] (root,0,0,00:00:00/27-11:24:51,42) [inet_frag_wq] (root,0,0,00:00:09/27-11:24:51,43) [kauditd] (root,0,0,00:00:00/27-11:24:51,44) [khungtaskd] (root,0,0,00:00:00/27-11:24:51,45) [oom_reaper] (root,0,0,00:00:00/27-11:24:51,46) [writeback] (root,0,0,00:01:28/27-11:24:51,47) [kcompactd0] (root,0,0,00:00:00/27-11:24:51,48) [ksmd] (root,0,0,00:01:29/27-11:24:51,49) [khugepaged] (root,0,0,00:00:00/27-11:24:51,75) [kintegrityd] (root,0,0,00:00:00/27-11:24:51,76) [kblockd] (root,0,0,00:00:00/27-11:24:51,77) [blkcg_punt_bio] (root,0,0,00:00:00/27-11:24:51,79) [tpm_dev_wq] (root,0,0,00:00:00/27-11:24:51,80) [edac-poller] (root,0,0,00:00:00/27-11:24:51,81) [devfreq_wq] (root,0,0,00:00:00/27-11:24:51,110) [watchdogd] (root,0,0,00:00:02/27-11:24:51,111) [kswapd0] (root,0,0,00:00:07/27-11:24:51,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/27-11:24:49,115) [kthrotld] (root,0,0,00:00:00/27-11:24:49,116) [mld] (root,0,0,00:00:00/27-11:24:49,117) [ipv6_addrconf] (root,0,0,00:00:07/27-11:24:49,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-11:24:49,123) [kstrp] (root,0,0,00:00:00/27-11:24:49,124) [zswap-shrink] (root,0,0,00:00:00/27-11:24:49,125) [kworker/u9:0] (root,0,0,00:00:00/27-11:24:49,130) [charger_manager] (root,0,0,00:00:08/27-11:24:49,172) [kworker/1:1H-kblockd] (root,0,0,00:00:12/27-11:24:49,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/27-11:24:48,239) [kaluad] (root,0,0,00:00:00/27-11:24:48,258) [kmpath_rdacd] (root,0,0,00:00:00/27-11:24:48,304) [kmpathd] (root,0,0,00:00:00/27-11:24:48,305) [kmpath_handlerd] (root,0,0,00:00:00/27-11:24:47,342) [ata_sff] (root,0,0,00:00:00/27-11:24:47,343) [scsi_eh_0] (root,0,0,00:00:00/27-11:24:47,344) [scsi_tmf_0] (root,0,0,00:00:00/27-11:24:47,345) [scsi_eh_1] (root,0,0,00:00:00/27-11:24:47,346) [scsi_tmf_1] (root,0,0,00:00:55/27-11:24:44,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-11:24:44,367) [ext4-rsv-conver] (root,38604,7944,00:00:43/27-11:24:32,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/27-11:24:31,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:43/27-11:24:29,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:15/27-11:23:58,511) /sbin/auditd (messagebus,22932,5632,00:01:26/27-11:23:57,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8328,00:00:49/27-11:23:57,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/27-11:23:57,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/27-11:23:55,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/27-11:23:55,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28512,00:00:32/27-11:23:41,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/27-11:23:41,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:47/27-11:23:41,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/27-11:23:41,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/27-11:23:41,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/27-11:23:41,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/27-11:23:41,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:41/27-11:23:41,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:03:59/27-11:23:41,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/27-11:23:41,1352) bpfilter_umh (root,26204,8128,00:00:13/27-11:23:41,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/27-11:23:41,1359) ntpd: asynchronous dns resolver (spot,296000,194992,1-17:07:28/27-11:23:40,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/27-11:23:40,1371) (sd-pam) (checkmk,48528,3192,00:00:00/27-11:23:40,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/27-11:23:40,1373) (sd-pam) (root,24216,5260,00:00:09/27-11:23:38,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:01/27-11:23:38,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/27-11:23:38,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/27-11:23:35,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:42/27-11:23:34,1527) sshd: syslogtunnel (root,693268,74056,00:37:59/27-11:23:32,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/30:41,1861) [kworker/0:2-events] (spot,219584,59116,00:15:32/27-11:23:20,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/39:58,2214) [kworker/2:2] (postfix,44628,9244,00:00:00/21-16:58:55,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/27-11:22:55,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:31/27-11:22:55,3218) sshd: cm-ssh (root,0,0,00:00:00/01:29,4433) [kworker/3:0-ata_sff] (root,0,0,00:00:00/52:07,6602) [kworker/2:0-events] (root,0,0,00:00:00/27:40,7994) [kworker/1:0-events] (root,0,0,00:00:00/50:47,8895) [kworker/u8:0-flush-253:0] (root,6656,3492,00:00:00/00:00,10771) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,10789) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,10790) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/06:41,14429) [kworker/3:1-ata_sff] (root,0,0,00:00:00/12:38,21414) [kworker/0:0-events] (root,0,0,00:00:00/12:36,21505) [kworker/u8:2-flush-253:0] (root,0,0,00:00:01/02:11:11,24222) [kworker/3:2-events_freezable_power_] (postfix,24244,8264,00:00:00/42:30,28642) pickup -l -t fifo -u (root,0,0,00:00:00/18:28,32123) [kworker/1:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-07 22:13 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363261a4893Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:10/25-11:50:50,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-11:50:50,2) [kthreadd] (root,0,0,00:00:00/25-11:50:50,3) [rcu_gp] (root,0,0,00:00:00/25-11:50:50,4) [rcu_par_gp] (root,0,0,00:00:00/25-11:50:50,5) [slub_flushwq] (root,0,0,00:00:00/25-11:50:50,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-11:50:50,9) [mm_percpu_wq] (root,0,0,00:00:00/25-11:50:50,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-11:50:50,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-11:50:50,12) [rcu_tasks_trace] (root,0,0,00:00:48/25-11:50:50,13) [ksoftirqd/0] (root,0,0,01:14:35/25-11:50:50,14) [rcu_preempt] (root,0,0,00:00:09/25-11:50:50,15) [migration/0] (root,0,0,00:00:00/25-11:50:50,16) [idle_inject/0] (root,0,0,00:00:00/25-11:50:50,18) [cpuhp/0] (root,0,0,00:00:00/25-11:50:50,19) [cpuhp/1] (root,0,0,00:00:00/25-11:50:50,20) [idle_inject/1] (root,0,0,00:00:09/25-11:50:50,21) [migration/1] (root,0,0,00:00:39/25-11:50:50,22) [ksoftirqd/1] (root,0,0,00:00:00/25-11:50:50,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-11:50:50,25) [cpuhp/2] (root,0,0,00:00:00/25-11:50:50,26) [idle_inject/2] (root,0,0,00:00:07/25-11:50:50,27) [migration/2] (root,0,0,00:48:42/25-11:50:50,28) [ksoftirqd/2] (root,0,0,00:00:00/25-11:50:50,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-11:50:50,31) [cpuhp/3] (root,0,0,00:00:00/25-11:50:50,32) [idle_inject/3] (root,0,0,00:00:09/25-11:50:50,33) [migration/3] (root,0,0,00:02:30/25-11:50:50,34) [ksoftirqd/3] (root,0,0,00:00:00/25-11:50:50,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-11:50:50,40) [kdevtmpfs] (root,0,0,00:00:00/25-11:50:50,41) [netns] (root,0,0,00:00:00/25-11:50:50,42) [inet_frag_wq] (root,0,0,00:00:08/25-11:50:50,43) [kauditd] (root,0,0,00:00:00/25-11:50:50,44) [khungtaskd] (root,0,0,00:00:00/25-11:50:50,45) [oom_reaper] (root,0,0,00:00:00/25-11:50:50,46) [writeback] (root,0,0,00:01:21/25-11:50:50,47) [kcompactd0] (root,0,0,00:00:00/25-11:50:50,48) [ksmd] (root,0,0,00:01:23/25-11:50:50,49) [khugepaged] (root,0,0,00:00:00/25-11:50:50,75) [kintegrityd] (root,0,0,00:00:00/25-11:50:50,76) [kblockd] (root,0,0,00:00:00/25-11:50:50,77) [blkcg_punt_bio] (root,0,0,00:00:00/25-11:50:50,79) [tpm_dev_wq] (root,0,0,00:00:00/25-11:50:50,80) [edac-poller] (root,0,0,00:00:00/25-11:50:50,81) [devfreq_wq] (root,0,0,00:00:00/25-11:50:50,110) [watchdogd] (root,0,0,00:00:01/25-11:50:50,111) [kswapd0] (root,0,0,00:00:07/25-11:50:50,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/25-11:50:48,115) [kthrotld] (root,0,0,00:00:00/25-11:50:48,116) [mld] (root,0,0,00:00:00/25-11:50:48,117) [ipv6_addrconf] (root,0,0,00:00:07/25-11:50:48,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-11:50:48,123) [kstrp] (root,0,0,00:00:00/25-11:50:48,124) [zswap-shrink] (root,0,0,00:00:00/25-11:50:48,125) [kworker/u9:0] (root,0,0,00:00:00/25-11:50:48,130) [charger_manager] (root,0,0,00:00:07/25-11:50:48,172) [kworker/1:1H-kblockd] (root,0,0,00:00:11/25-11:50:48,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/25-11:50:47,239) [kaluad] (root,0,0,00:00:00/25-11:50:47,258) [kmpath_rdacd] (root,0,0,00:00:00/25-11:50:47,304) [kmpathd] (root,0,0,00:00:00/25-11:50:47,305) [kmpath_handlerd] (root,0,0,00:00:00/25-11:50:46,342) [ata_sff] (root,0,0,00:00:00/25-11:50:46,343) [scsi_eh_0] (root,0,0,00:00:00/25-11:50:46,344) [scsi_tmf_0] (root,0,0,00:00:00/25-11:50:46,345) [scsi_eh_1] (root,0,0,00:00:00/25-11:50:46,346) [scsi_tmf_1] (root,0,0,00:00:51/25-11:50:43,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-11:50:43,367) [ext4-rsv-conver] (root,38604,7992,00:00:39/25-11:50:31,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:03/25-11:50:30,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:40/25-11:50:28,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:14/25-11:49:57,511) /sbin/auditd (messagebus,22932,5912,00:01:17/25-11:49:56,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:44/25-11:49:56,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/25-11:49:56,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/25-11:49:54,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/25-11:49:54,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/05:56,1160) [kworker/3:0-ata_sff] (root,548104,29508,00:00:30/25-11:49:40,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/25-11:49:40,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:36/25-11:49:40,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/25-11:49:40,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/25-11:49:40,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/25-11:49:40,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/25-11:49:40,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:37/25-11:49:40,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:42/25-11:49:40,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/25-11:49:40,1352) bpfilter_umh (root,26204,8212,00:00:12/25-11:49:40,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/25-11:49:40,1359) ntpd: asynchronous dns resolver (spot,296336,191556,1-14:54:53/25-11:49:39,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/25-11:49:39,1371) (sd-pam) (checkmk,48528,3192,00:00:00/25-11:49:39,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/25-11:49:39,1373) (sd-pam) (root,24216,5268,00:00:09/25-11:49:37,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/25-11:49:37,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/25-11:49:37,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/25-11:49:34,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:34/25-11:49:33,1527) sshd: syslogtunnel (root,693268,75792,00:35:17/25-11:49:31,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,218560,57868,00:14:34/25-11:49:19,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/19-17:24:54,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/25-11:48:54,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:25/25-11:48:54,3218) sshd: cm-ssh (root,0,0,00:00:00/21:53,8745) [kworker/0:0-events] (root,0,0,00:00:00/12:22,11861) [kworker/u8:0] (root,0,0,00:00:00/02:39:03,16766) [kworker/u8:2-flush-253:0] (postfix,24244,8260,00:00:00/01:29:34,17284) pickup -l -t fifo -u (root,0,0,00:00:00/00:44,17502) [kworker/3:1-ata_sff] (root,6656,3480,00:00:00/00:00,19497) /bin/bash /usr/bin/check_mk_agent (root,13744,3412,00:00:00/00:00,19515) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,19516) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/09:56,19952) [kworker/2:0-events] (root,0,0,00:00:00/33:56,20358) [kworker/2:1-events] (root,0,0,00:00:00/49:30,21873) [kworker/1:0-events] (root,0,0,00:00:00/18:54,22480) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/31:53,27643) [kworker/3:2-events] (root,0,0,00:00:00/46:31,31404) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-05 22:39 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683634c7acebeFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12708,00:01:02/23-09:31:18,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-09:31:18,2) [kthreadd] (root,0,0,00:00:00/23-09:31:18,3) [rcu_gp] (root,0,0,00:00:00/23-09:31:18,4) [rcu_par_gp] (root,0,0,00:00:00/23-09:31:18,5) [slub_flushwq] (root,0,0,00:00:00/23-09:31:18,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-09:31:18,9) [mm_percpu_wq] (root,0,0,00:00:00/23-09:31:18,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-09:31:18,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-09:31:18,12) [rcu_tasks_trace] (root,0,0,00:00:44/23-09:31:18,13) [ksoftirqd/0] (root,0,0,01:08:40/23-09:31:18,14) [rcu_preempt] (root,0,0,00:00:08/23-09:31:18,15) [migration/0] (root,0,0,00:00:00/23-09:31:18,16) [idle_inject/0] (root,0,0,00:00:00/23-09:31:18,18) [cpuhp/0] (root,0,0,00:00:00/23-09:31:18,19) [cpuhp/1] (root,0,0,00:00:00/23-09:31:18,20) [idle_inject/1] (root,0,0,00:00:09/23-09:31:18,21) [migration/1] (root,0,0,00:00:36/23-09:31:18,22) [ksoftirqd/1] (root,0,0,00:00:00/23-09:31:18,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-09:31:18,25) [cpuhp/2] (root,0,0,00:00:00/23-09:31:18,26) [idle_inject/2] (root,0,0,00:00:06/23-09:31:18,27) [migration/2] (root,0,0,00:45:13/23-09:31:18,28) [ksoftirqd/2] (root,0,0,00:00:00/23-09:31:18,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-09:31:18,31) [cpuhp/3] (root,0,0,00:00:00/23-09:31:18,32) [idle_inject/3] (root,0,0,00:00:08/23-09:31:18,33) [migration/3] (root,0,0,00:02:20/23-09:31:18,34) [ksoftirqd/3] (root,0,0,00:00:00/23-09:31:18,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-09:31:18,40) [kdevtmpfs] (root,0,0,00:00:00/23-09:31:18,41) [netns] (root,0,0,00:00:00/23-09:31:18,42) [inet_frag_wq] (root,0,0,00:00:07/23-09:31:18,43) [kauditd] (root,0,0,00:00:00/23-09:31:18,44) [khungtaskd] (root,0,0,00:00:00/23-09:31:18,45) [oom_reaper] (root,0,0,00:00:00/23-09:31:18,46) [writeback] (root,0,0,00:01:15/23-09:31:18,47) [kcompactd0] (root,0,0,00:00:00/23-09:31:18,48) [ksmd] (root,0,0,00:01:16/23-09:31:18,49) [khugepaged] (root,0,0,00:00:00/23-09:31:18,75) [kintegrityd] (root,0,0,00:00:00/23-09:31:18,76) [kblockd] (root,0,0,00:00:00/23-09:31:18,77) [blkcg_punt_bio] (root,0,0,00:00:00/23-09:31:18,79) [tpm_dev_wq] (root,0,0,00:00:00/23-09:31:18,80) [edac-poller] (root,0,0,00:00:00/23-09:31:18,81) [devfreq_wq] (root,0,0,00:00:00/23-09:31:18,110) [watchdogd] (root,0,0,00:00:01/23-09:31:18,111) [kswapd0] (root,0,0,00:00:06/23-09:31:18,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/23-09:31:16,115) [kthrotld] (root,0,0,00:00:00/23-09:31:16,116) [mld] (root,0,0,00:00:00/23-09:31:16,117) [ipv6_addrconf] (root,0,0,00:00:06/23-09:31:16,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-09:31:16,123) [kstrp] (root,0,0,00:00:00/23-09:31:16,124) [zswap-shrink] (root,0,0,00:00:00/23-09:31:16,125) [kworker/u9:0] (root,0,0,00:00:00/23-09:31:16,130) [charger_manager] (root,0,0,00:00:07/23-09:31:16,172) [kworker/1:1H-kblockd] (root,0,0,00:00:10/23-09:31:16,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/23-09:31:15,239) [kaluad] (root,0,0,00:00:00/23-09:31:15,258) [kmpath_rdacd] (root,0,0,00:00:00/23-09:31:15,304) [kmpathd] (root,0,0,00:00:00/23-09:31:15,305) [kmpath_handlerd] (root,0,0,00:00:00/23-09:31:14,342) [ata_sff] (root,0,0,00:00:00/23-09:31:14,343) [scsi_eh_0] (root,0,0,00:00:00/23-09:31:14,344) [scsi_tmf_0] (root,0,0,00:00:00/23-09:31:14,345) [scsi_eh_1] (root,0,0,00:00:00/23-09:31:14,346) [scsi_tmf_1] (root,0,0,00:00:47/23-09:31:11,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-09:31:11,367) [ext4-rsv-conver] (root,38604,7992,00:00:34/23-09:30:59,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/23-09:30:58,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:37/23-09:30:56,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:12/23-09:30:25,511) /sbin/auditd (messagebus,22932,5912,00:01:07/23-09:30:24,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:38/23-09:30:24,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/23-09:30:24,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/23-09:30:22,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/23-09:30:22,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28468,00:00:27/23-09:30:08,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/23-09:30:08,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:24/23-09:30:08,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/23-09:30:08,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/23-09:30:08,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/23-09:30:08,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/23-09:30:08,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:33/23-09:30:08,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:23/23-09:30:08,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/23-09:30:08,1352) bpfilter_umh (root,26204,8212,00:00:10/23-09:30:08,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/23-09:30:08,1359) ntpd: asynchronous dns resolver (spot,291328,177932,1-12:21:00/23-09:30:07,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/23-09:30:07,1371) (sd-pam) (checkmk,48528,3192,00:00:00/23-09:30:07,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/23-09:30:07,1373) (sd-pam) (root,24216,5268,00:00:08/23-09:30:05,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/23-09:30:05,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/23-09:30:05,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/23-09:30:02,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:26/23-09:30:01,1527) sshd: syslogtunnel (root,692644,75216,00:32:22/23-09:29:59,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,56536,00:13:30/23-09:29:47,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/17-15:05:22,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/23-09:29:22,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:18/23-09:29:22,3218) sshd: cm-ssh (root,0,0,00:00:00/02:12:53,4562) [kworker/u8:0-writeback] (root,0,0,00:00:00/02:04:45,6029) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/04:18,6171) [kworker/1:1-events] (root,0,0,00:00:00/01:41:42,10233) [kworker/2:2-events] (root,0,0,00:00:00/01:41:16,10234) [kworker/3:0-events] (root,0,0,00:00:00/12:59,10556) [kworker/1:0-events] (root,0,0,00:00:00/02:43,13625) [kworker/3:2-ata_sff] (postfix,24244,8252,00:00:00/01:11:54,14834) pickup -l -t fifo -u (root,0,0,00:00:00/03:13:48,16118) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/01:24,18956) [kworker/0:2-mm_percpu_wq] (root,0,0,00:00:00/33:13,19667) [kworker/0:1-events] (root,0,0,00:00:00/21:38,22286) [kworker/2:0-events] (root,0,0,00:00:00/07:53,23794) [kworker/3:1-ata_sff] (root,6656,3516,00:00:00/00:01,24951) /bin/bash /usr/bin/check_mk_agent (root,13744,3464,00:00:00/00:00,24969) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,24970) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/18:46,25217) [kworker/1:2-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-03 20:20 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633ef489aaFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:54/21-10:28:31,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-10:28:31,2) [kthreadd] (root,0,0,00:00:00/21-10:28:31,3) [rcu_gp] (root,0,0,00:00:00/21-10:28:31,4) [rcu_par_gp] (root,0,0,00:00:00/21-10:28:31,5) [slub_flushwq] (root,0,0,00:00:00/21-10:28:31,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-10:28:31,9) [mm_percpu_wq] (root,0,0,00:00:00/21-10:28:31,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-10:28:31,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-10:28:31,12) [rcu_tasks_trace] (root,0,0,00:00:41/21-10:28:31,13) [ksoftirqd/0] (root,0,0,01:03:05/21-10:28:31,14) [rcu_preempt] (root,0,0,00:00:08/21-10:28:31,15) [migration/0] (root,0,0,00:00:00/21-10:28:31,16) [idle_inject/0] (root,0,0,00:00:00/21-10:28:31,18) [cpuhp/0] (root,0,0,00:00:00/21-10:28:31,19) [cpuhp/1] (root,0,0,00:00:00/21-10:28:31,20) [idle_inject/1] (root,0,0,00:00:08/21-10:28:31,21) [migration/1] (root,0,0,00:00:34/21-10:28:31,22) [ksoftirqd/1] (root,0,0,00:00:00/21-10:28:31,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-10:28:31,25) [cpuhp/2] (root,0,0,00:00:00/21-10:28:31,26) [idle_inject/2] (root,0,0,00:00:06/21-10:28:31,27) [migration/2] (root,0,0,00:42:25/21-10:28:31,28) [ksoftirqd/2] (root,0,0,00:00:00/21-10:28:31,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-10:28:31,31) [cpuhp/3] (root,0,0,00:00:00/21-10:28:31,32) [idle_inject/3] (root,0,0,00:00:07/21-10:28:31,33) [migration/3] (root,0,0,00:02:10/21-10:28:31,34) [ksoftirqd/3] (root,0,0,00:00:00/21-10:28:31,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-10:28:31,40) [kdevtmpfs] (root,0,0,00:00:00/21-10:28:31,41) [netns] (root,0,0,00:00:00/21-10:28:31,42) [inet_frag_wq] (root,0,0,00:00:06/21-10:28:31,43) [kauditd] (root,0,0,00:00:00/21-10:28:31,44) [khungtaskd] (root,0,0,00:00:00/21-10:28:31,45) [oom_reaper] (root,0,0,00:00:00/21-10:28:31,46) [writeback] (root,0,0,00:01:09/21-10:28:31,47) [kcompactd0] (root,0,0,00:00:00/21-10:28:31,48) [ksmd] (root,0,0,00:01:10/21-10:28:31,49) [khugepaged] (root,0,0,00:00:00/21-10:28:31,75) [kintegrityd] (root,0,0,00:00:00/21-10:28:31,76) [kblockd] (root,0,0,00:00:00/21-10:28:31,77) [blkcg_punt_bio] (root,0,0,00:00:00/21-10:28:31,79) [tpm_dev_wq] (root,0,0,00:00:00/21-10:28:31,80) [edac-poller] (root,0,0,00:00:00/21-10:28:31,81) [devfreq_wq] (root,0,0,00:00:00/21-10:28:31,110) [watchdogd] (root,0,0,00:00:01/21-10:28:31,111) [kswapd0] (root,0,0,00:00:05/21-10:28:31,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/21-10:28:29,115) [kthrotld] (root,0,0,00:00:00/21-10:28:29,116) [mld] (root,0,0,00:00:00/21-10:28:29,117) [ipv6_addrconf] (root,0,0,00:00:06/21-10:28:29,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-10:28:29,123) [kstrp] (root,0,0,00:00:00/21-10:28:29,124) [zswap-shrink] (root,0,0,00:00:00/21-10:28:29,125) [kworker/u9:0] (root,0,0,00:00:00/21-10:28:29,130) [charger_manager] (root,0,0,00:00:06/21-10:28:29,172) [kworker/1:1H-kblockd] (root,0,0,00:00:09/21-10:28:29,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/21-10:28:28,239) [kaluad] (root,0,0,00:00:00/21-10:28:28,258) [kmpath_rdacd] (root,0,0,00:00:00/21-10:28:28,304) [kmpathd] (root,0,0,00:00:00/21-10:28:28,305) [kmpath_handlerd] (root,0,0,00:00:00/21-10:28:27,342) [ata_sff] (root,0,0,00:00:00/21-10:28:27,343) [scsi_eh_0] (root,0,0,00:00:00/21-10:28:27,344) [scsi_tmf_0] (root,0,0,00:00:00/21-10:28:27,345) [scsi_eh_1] (root,0,0,00:00:00/21-10:28:27,346) [scsi_tmf_1] (root,0,0,00:00:43/21-10:28:24,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-10:28:24,367) [ext4-rsv-conver] (root,38604,7992,00:00:30/21-10:28:12,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/21-10:28:11,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:34/21-10:28:09,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:10/21-10:27:38,511) /sbin/auditd (messagebus,22932,5912,00:00:57/21-10:27:37,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:33/21-10:27:37,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/21-10:27:37,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/21-10:27:35,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/21-10:27:35,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/02:19,1257) [kworker/3:0-ata_sff] (root,548104,28468,00:00:25/21-10:27:21,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/21-10:27:21,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:13/21-10:27:21,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/21-10:27:21,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/21-10:27:21,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/21-10:27:21,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/21-10:27:21,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:29/21-10:27:21,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:06/21-10:27:21,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/21-10:27:21,1352) bpfilter_umh (root,26204,8212,00:00:08/21-10:27:21,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/21-10:27:21,1359) ntpd: asynchronous dns resolver (spot,312652,199200,1-09:46:24/21-10:27:20,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/21-10:27:20,1371) (sd-pam) (checkmk,48528,3192,00:00:00/21-10:27:20,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/21-10:27:20,1373) (sd-pam) (root,24216,5268,00:00:07/21-10:27:18,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/21-10:27:18,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/21-10:27:18,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/21-10:27:15,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:19/21-10:27:14,1527) sshd: syslogtunnel (root,692388,74908,00:29:38/21-10:27:12,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,215488,54944,00:12:28/21-10:27:00,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/01:56:28,2406) [kworker/3:2-events] (postfix,44628,9292,00:00:00/15-16:02:35,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:55,2657) [kworker/0:2] (root,35308,10108,00:00:00/21-10:26:35,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:11/21-10:26:35,3218) sshd: cm-ssh (root,0,0,00:00:00/44:50,3830) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/53:24,5153) [kworker/1:0-events] (root,6656,3492,00:00:00/00:00,5249) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,5267) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,5268) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/33:32,6042) [kworker/1:2] (postfix,24244,8172,00:00:00/50:57,11110) pickup -l -t fifo -u (root,0,0,00:00:00/59:01,17228) [kworker/0:1-events] (root,0,0,00:00:00/07:53,18491) [kworker/2:0-events] (root,0,0,00:00:00/07:31,19082) [kworker/3:1-ata_sff] (root,0,0,00:00:00/01:24:48,19554) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/02:07:06,29790) [kworker/2:2-events] (root,0,0,00:00:00/21:45,32635) [kworker/u8:0-writeback] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-01 21:17 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b44ef70cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:44/19-12:57:45,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-12:57:45,2) [kthreadd] (root,0,0,00:00:00/19-12:57:45,3) [rcu_gp] (root,0,0,00:00:00/19-12:57:45,4) [rcu_par_gp] (root,0,0,00:00:00/19-12:57:45,5) [slub_flushwq] (root,0,0,00:00:00/19-12:57:45,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-12:57:45,9) [mm_percpu_wq] (root,0,0,00:00:00/19-12:57:45,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-12:57:45,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-12:57:45,12) [rcu_tasks_trace] (root,0,0,00:00:38/19-12:57:45,13) [ksoftirqd/0] (root,0,0,00:57:22/19-12:57:45,14) [rcu_preempt] (root,0,0,00:00:07/19-12:57:45,15) [migration/0] (root,0,0,00:00:00/19-12:57:45,16) [idle_inject/0] (root,0,0,00:00:00/19-12:57:45,18) [cpuhp/0] (root,0,0,00:00:00/19-12:57:45,19) [cpuhp/1] (root,0,0,00:00:00/19-12:57:45,20) [idle_inject/1] (root,0,0,00:00:07/19-12:57:45,21) [migration/1] (root,0,0,00:00:31/19-12:57:45,22) [ksoftirqd/1] (root,0,0,00:00:00/19-12:57:45,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-12:57:45,25) [cpuhp/2] (root,0,0,00:00:00/19-12:57:45,26) [idle_inject/2] (root,0,0,00:00:05/19-12:57:45,27) [migration/2] (root,0,0,00:39:19/19-12:57:45,28) [ksoftirqd/2] (root,0,0,00:00:00/19-12:57:45,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-12:57:45,31) [cpuhp/3] (root,0,0,00:00:00/19-12:57:45,32) [idle_inject/3] (root,0,0,00:00:07/19-12:57:45,33) [migration/3] (root,0,0,00:01:59/19-12:57:45,34) [ksoftirqd/3] (root,0,0,00:00:00/19-12:57:45,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-12:57:45,40) [kdevtmpfs] (root,0,0,00:00:00/19-12:57:45,41) [netns] (root,0,0,00:00:00/19-12:57:45,42) [inet_frag_wq] (root,0,0,00:00:05/19-12:57:45,43) [kauditd] (root,0,0,00:00:00/19-12:57:45,44) [khungtaskd] (root,0,0,00:00:00/19-12:57:45,45) [oom_reaper] (root,0,0,00:00:00/19-12:57:45,46) [writeback] (root,0,0,00:01:02/19-12:57:45,47) [kcompactd0] (root,0,0,00:00:00/19-12:57:45,48) [ksmd] (root,0,0,00:01:03/19-12:57:45,49) [khugepaged] (root,0,0,00:00:00/19-12:57:45,75) [kintegrityd] (root,0,0,00:00:00/19-12:57:45,76) [kblockd] (root,0,0,00:00:00/19-12:57:45,77) [blkcg_punt_bio] (root,0,0,00:00:00/19-12:57:45,79) [tpm_dev_wq] (root,0,0,00:00:00/19-12:57:45,80) [edac-poller] (root,0,0,00:00:00/19-12:57:45,81) [devfreq_wq] (root,0,0,00:00:00/19-12:57:45,110) [watchdogd] (root,0,0,00:00:01/19-12:57:45,111) [kswapd0] (root,0,0,00:00:05/19-12:57:45,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/19-12:57:43,115) [kthrotld] (root,0,0,00:00:00/19-12:57:43,116) [mld] (root,0,0,00:00:00/19-12:57:43,117) [ipv6_addrconf] (root,0,0,00:00:05/19-12:57:43,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-12:57:43,123) [kstrp] (root,0,0,00:00:00/19-12:57:43,124) [zswap-shrink] (root,0,0,00:00:00/19-12:57:43,125) [kworker/u9:0] (root,0,0,00:00:00/19-12:57:43,130) [charger_manager] (root,0,0,00:00:06/19-12:57:43,172) [kworker/1:1H-kblockd] (root,0,0,00:00:09/19-12:57:43,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/19-12:57:42,239) [kaluad] (root,0,0,00:00:00/19-12:57:42,258) [kmpath_rdacd] (root,0,0,00:00:00/19-12:57:42,304) [kmpathd] (root,0,0,00:00:00/19-12:57:42,305) [kmpath_handlerd] (root,0,0,00:00:00/19-12:57:41,342) [ata_sff] (root,0,0,00:00:00/19-12:57:41,343) [scsi_eh_0] (root,0,0,00:00:00/19-12:57:41,344) [scsi_tmf_0] (root,0,0,00:00:00/19-12:57:41,345) [scsi_eh_1] (root,0,0,00:00:00/19-12:57:41,346) [scsi_tmf_1] (root,0,0,00:00:39/19-12:57:38,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-12:57:38,367) [ext4-rsv-conver] (root,38604,7616,00:00:25/19-12:57:26,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/19-12:57:25,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:31/19-12:57:23,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:08/19-12:56:52,511) /sbin/auditd (messagebus,22932,5912,00:00:45/19-12:56:51,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:26/19-12:56:51,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/19-12:56:51,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/19-12:56:49,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/19-12:56:49,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:23/19-12:56:35,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/19-12:56:35,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:05/19-12:56:35,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/19-12:56:35,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/19-12:56:35,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/19-12:56:35,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/19-12:56:35,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:25/19-12:56:35,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:49/19-12:56:35,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/19-12:56:35,1352) bpfilter_umh (root,26204,8212,00:00:07/19-12:56:35,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/19-12:56:35,1359) ntpd: asynchronous dns resolver (spot,313900,199524,1-07:06:49/19-12:56:34,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/19-12:56:34,1371) (sd-pam) (checkmk,48528,3192,00:00:00/19-12:56:34,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/19-12:56:34,1373) (sd-pam) (root,24216,5268,00:00:06/19-12:56:32,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/19-12:56:32,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/19-12:56:32,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/19-12:56:29,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:10/19-12:56:28,1527) sshd: syslogtunnel (root,618656,71492,00:26:56/19-12:56:26,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,215488,53708,00:11:20/19-12:56:14,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/13-18:31:49,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/19-12:55:49,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:05/19-12:55:49,3218) sshd: cm-ssh (root,0,0,00:00:00/50:27,4244) [kworker/0:0-events] (root,0,0,00:00:00/04:46,5008) [kworker/u8:1] (root,0,0,00:00:00/31:44,7171) [kworker/3:2-events] (root,0,0,00:00:00/48:03,10508) [kworker/2:2-events] (root,0,0,00:00:01/03:08:29,12961) [kworker/2:0-events] (root,0,0,00:00:00/37:28,15979) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/10:37,16908) [kworker/0:2-events] (root,0,0,00:00:00/10:36,16909) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/01:45:56,17258) [kworker/1:0-events] (postfix,24244,8296,00:00:00/20:57,18563) pickup -l -t fifo -u (root,0,0,00:00:00/00:35,21706) [kworker/3:1-ata_sff] (root,6656,3492,00:00:00/00:00,25770) /bin/bash /usr/bin/check_mk_agent (root,13744,3520,00:00:00/00:00,25788) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,25789) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/08:00,29017) [kworker/1:1] (root,0,0,00:00:00/05:47,32535) [kworker/3:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-29 23:46 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ee1d3b9bFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:33/17-12:57:26,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-12:57:26,2) [kthreadd] (root,0,0,00:00:00/17-12:57:26,3) [rcu_gp] (root,0,0,00:00:00/17-12:57:26,4) [rcu_par_gp] (root,0,0,00:00:00/17-12:57:26,5) [slub_flushwq] (root,0,0,00:00:00/17-12:57:26,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-12:57:26,9) [mm_percpu_wq] (root,0,0,00:00:00/17-12:57:26,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-12:57:26,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-12:57:26,12) [rcu_tasks_trace] (root,0,0,00:00:33/17-12:57:26,13) [ksoftirqd/0] (root,0,0,00:50:24/17-12:57:26,14) [rcu_preempt] (root,0,0,00:00:06/17-12:57:26,15) [migration/0] (root,0,0,00:00:00/17-12:57:26,16) [idle_inject/0] (root,0,0,00:00:00/17-12:57:26,18) [cpuhp/0] (root,0,0,00:00:00/17-12:57:26,19) [cpuhp/1] (root,0,0,00:00:00/17-12:57:26,20) [idle_inject/1] (root,0,0,00:00:06/17-12:57:26,21) [migration/1] (root,0,0,00:00:27/17-12:57:26,22) [ksoftirqd/1] (root,0,0,00:00:00/17-12:57:26,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-12:57:26,25) [cpuhp/2] (root,0,0,00:00:00/17-12:57:26,26) [idle_inject/2] (root,0,0,00:00:05/17-12:57:26,27) [migration/2] (root,0,0,00:33:47/17-12:57:26,28) [ksoftirqd/2] (root,0,0,00:00:00/17-12:57:26,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-12:57:26,31) [cpuhp/3] (root,0,0,00:00:00/17-12:57:26,32) [idle_inject/3] (root,0,0,00:00:06/17-12:57:26,33) [migration/3] (root,0,0,00:01:41/17-12:57:26,34) [ksoftirqd/3] (root,0,0,00:00:00/17-12:57:26,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-12:57:26,40) [kdevtmpfs] (root,0,0,00:00:00/17-12:57:26,41) [netns] (root,0,0,00:00:00/17-12:57:26,42) [inet_frag_wq] (root,0,0,00:00:03/17-12:57:26,43) [kauditd] (root,0,0,00:00:00/17-12:57:26,44) [khungtaskd] (root,0,0,00:00:00/17-12:57:26,45) [oom_reaper] (root,0,0,00:00:00/17-12:57:26,46) [writeback] (root,0,0,00:00:55/17-12:57:26,47) [kcompactd0] (root,0,0,00:00:00/17-12:57:26,48) [ksmd] (root,0,0,00:00:56/17-12:57:26,49) [khugepaged] (root,0,0,00:00:00/17-12:57:26,75) [kintegrityd] (root,0,0,00:00:00/17-12:57:26,76) [kblockd] (root,0,0,00:00:00/17-12:57:26,77) [blkcg_punt_bio] (root,0,0,00:00:00/17-12:57:26,79) [tpm_dev_wq] (root,0,0,00:00:00/17-12:57:26,80) [edac-poller] (root,0,0,00:00:00/17-12:57:26,81) [devfreq_wq] (root,0,0,00:00:00/17-12:57:26,110) [watchdogd] (root,0,0,00:00:01/17-12:57:26,111) [kswapd0] (root,0,0,00:00:04/17-12:57:26,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/17-12:57:24,115) [kthrotld] (root,0,0,00:00:00/17-12:57:24,116) [mld] (root,0,0,00:00:00/17-12:57:24,117) [ipv6_addrconf] (root,0,0,00:00:04/17-12:57:24,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-12:57:24,123) [kstrp] (root,0,0,00:00:00/17-12:57:24,124) [zswap-shrink] (root,0,0,00:00:00/17-12:57:24,125) [kworker/u9:0] (root,0,0,00:00:00/17-12:57:24,130) [charger_manager] (root,0,0,00:00:05/17-12:57:24,172) [kworker/1:1H-kblockd] (root,0,0,00:00:08/17-12:57:24,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/17-12:57:23,239) [kaluad] (root,0,0,00:00:00/17-12:57:23,258) [kmpath_rdacd] (root,0,0,00:00:00/17-12:57:23,304) [kmpathd] (root,0,0,00:00:00/17-12:57:23,305) [kmpath_handlerd] (root,0,0,00:00:00/17-12:57:22,342) [ata_sff] (root,0,0,00:00:00/17-12:57:22,343) [scsi_eh_0] (root,0,0,00:00:00/17-12:57:22,344) [scsi_tmf_0] (root,0,0,00:00:00/17-12:57:22,345) [scsi_eh_1] (root,0,0,00:00:00/17-12:57:22,346) [scsi_tmf_1] (root,0,0,00:00:34/17-12:57:19,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-12:57:19,367) [ext4-rsv-conver] (root,38604,7616,00:00:19/17-12:57:07,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/17-12:57:06,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:27/17-12:57:04,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:06/17-12:56:33,511) /sbin/auditd (messagebus,22932,5912,00:00:31/17-12:56:32,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:18/17-12:56:32,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/17-12:56:32,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/17-12:56:30,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/17-12:56:30,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,6656,3488,00:00:00/00:00,926) /bin/bash /usr/bin/check_mk_agent (root,13744,3364,00:00:00/00:00,944) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,945) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,547848,27472,00:00:20/17-12:56:16,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/17-12:56:16,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:51/17-12:56:16,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/17-12:56:16,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/17-12:56:16,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/17-12:56:16,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/17-12:56:16,1343) /usr/lib/systemd/systemd --user (root,448964,9120,00:00:19/17-12:56:16,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:30/17-12:56:16,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/17-12:56:16,1352) bpfilter_umh (root,26204,8212,00:00:04/17-12:56:16,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/17-12:56:16,1359) ntpd: asynchronous dns resolver (spot,315532,199932,1-03:05:14/17-12:56:15,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/17-12:56:15,1371) (sd-pam) (checkmk,48528,3192,00:00:00/17-12:56:15,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/17-12:56:15,1373) (sd-pam) (root,24216,5268,00:00:06/17-12:56:13,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/17-12:56:13,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/17-12:56:13,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/17-12:56:10,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:01/17-12:56:09,1527) sshd: syslogtunnel (root,618256,71120,00:23:58/17-12:56:07,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/16:42,1721) [kworker/3:1-events] (spot,214464,51672,00:10:02/17-12:55:55,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/11-18:31:30,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/08:32,2711) [kworker/2:1-cgroup_destroy] (root,35308,10108,00:00:00/17-12:55:30,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:57/17-12:55:30,3218) sshd: cm-ssh (root,0,0,00:00:00/16:05,3936) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/25:26,6092) [kworker/0:2-events] (root,0,0,00:00:00/14:52,9322) [kworker/0:1] (root,0,0,00:00:00/06:19,13680) [kworker/3:0-ata_sff] (root,0,0,00:00:00/33:55,15869) [kworker/1:1] (root,0,0,00:00:00/55:48,17782) [kworker/1:2-events] (root,0,0,00:00:01/03:18:00,19474) [kworker/2:0-events] (root,0,0,00:00:00/01:04:10,21562) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/01:57,26111) [kworker/2:2-events] (root,0,0,00:00:00/01:08,27757) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:05,27758) [kworker/u8:1-flush-253:0] (postfix,24244,8224,00:00:00/42:35,29850) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-27 23:46 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683630020e565Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:23/15-12:58:35,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-12:58:35,2) [kthreadd] (root,0,0,00:00:00/15-12:58:35,3) [rcu_gp] (root,0,0,00:00:00/15-12:58:35,4) [rcu_par_gp] (root,0,0,00:00:00/15-12:58:35,5) [slub_flushwq] (root,0,0,00:00:00/15-12:58:35,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-12:58:35,9) [mm_percpu_wq] (root,0,0,00:00:00/15-12:58:35,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-12:58:35,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-12:58:35,12) [rcu_tasks_trace] (root,0,0,00:00:28/15-12:58:35,13) [ksoftirqd/0] (root,0,0,00:43:35/15-12:58:35,14) [rcu_preempt] (root,0,0,00:00:05/15-12:58:35,15) [migration/0] (root,0,0,00:00:00/15-12:58:35,16) [idle_inject/0] (root,0,0,00:00:00/15-12:58:35,18) [cpuhp/0] (root,0,0,00:00:00/15-12:58:35,19) [cpuhp/1] (root,0,0,00:00:00/15-12:58:35,20) [idle_inject/1] (root,0,0,00:00:06/15-12:58:35,21) [migration/1] (root,0,0,00:00:23/15-12:58:35,22) [ksoftirqd/1] (root,0,0,00:00:00/15-12:58:35,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-12:58:35,25) [cpuhp/2] (root,0,0,00:00:00/15-12:58:35,26) [idle_inject/2] (root,0,0,00:00:04/15-12:58:35,27) [migration/2] (root,0,0,00:28:30/15-12:58:35,28) [ksoftirqd/2] (root,0,0,00:00:00/15-12:58:35,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-12:58:35,31) [cpuhp/3] (root,0,0,00:00:00/15-12:58:35,32) [idle_inject/3] (root,0,0,00:00:05/15-12:58:35,33) [migration/3] (root,0,0,00:01:24/15-12:58:35,34) [ksoftirqd/3] (root,0,0,00:00:00/15-12:58:35,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-12:58:35,40) [kdevtmpfs] (root,0,0,00:00:00/15-12:58:35,41) [netns] (root,0,0,00:00:00/15-12:58:35,42) [inet_frag_wq] (root,0,0,00:00:01/15-12:58:35,43) [kauditd] (root,0,0,00:00:00/15-12:58:35,44) [khungtaskd] (root,0,0,00:00:00/15-12:58:35,45) [oom_reaper] (root,0,0,00:00:00/15-12:58:35,46) [writeback] (root,0,0,00:00:48/15-12:58:35,47) [kcompactd0] (root,0,0,00:00:00/15-12:58:35,48) [ksmd] (root,0,0,00:00:50/15-12:58:35,49) [khugepaged] (root,0,0,00:00:00/15-12:58:35,75) [kintegrityd] (root,0,0,00:00:00/15-12:58:35,76) [kblockd] (root,0,0,00:00:00/15-12:58:35,77) [blkcg_punt_bio] (root,0,0,00:00:00/15-12:58:35,79) [tpm_dev_wq] (root,0,0,00:00:00/15-12:58:35,80) [edac-poller] (root,0,0,00:00:00/15-12:58:35,81) [devfreq_wq] (root,0,0,00:00:00/15-12:58:35,110) [watchdogd] (root,0,0,00:00:01/15-12:58:35,111) [kswapd0] (root,0,0,00:00:04/15-12:58:35,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/15-12:58:33,115) [kthrotld] (root,0,0,00:00:00/15-12:58:33,116) [mld] (root,0,0,00:00:00/15-12:58:33,117) [ipv6_addrconf] (root,0,0,00:00:04/15-12:58:33,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-12:58:33,123) [kstrp] (root,0,0,00:00:00/15-12:58:33,124) [zswap-shrink] (root,0,0,00:00:00/15-12:58:33,125) [kworker/u9:0] (root,0,0,00:00:00/15-12:58:33,130) [charger_manager] (root,0,0,00:00:04/15-12:58:33,172) [kworker/1:1H-kblockd] (root,0,0,00:00:06/15-12:58:33,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/15-12:58:32,239) [kaluad] (root,0,0,00:00:00/15-12:58:32,258) [kmpath_rdacd] (root,0,0,00:00:00/15-12:58:32,304) [kmpathd] (root,0,0,00:00:00/15-12:58:32,305) [kmpath_handlerd] (root,0,0,00:00:00/15-12:58:31,342) [ata_sff] (root,0,0,00:00:00/15-12:58:31,343) [scsi_eh_0] (root,0,0,00:00:00/15-12:58:31,344) [scsi_tmf_0] (root,0,0,00:00:00/15-12:58:31,345) [scsi_eh_1] (root,0,0,00:00:00/15-12:58:31,346) [scsi_tmf_1] (root,0,0,00:00:29/15-12:58:28,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-12:58:28,367) [ext4-rsv-conver] (root,38604,7616,00:00:14/15-12:58:16,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/15-12:58:15,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:24/15-12:58:13,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:04/15-12:57:42,511) /sbin/auditd (messagebus,22932,5912,00:00:19/15-12:57:41,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:12/15-12:57:41,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/15-12:57:41,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/15-12:57:39,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/15-12:57:39,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26432,00:00:18/15-12:57:25,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/15-12:57:25,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:38/15-12:57:25,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/15-12:57:25,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/15-12:57:25,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/15-12:57:25,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/15-12:57:25,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:14/15-12:57:25,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:12/15-12:57:25,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/15-12:57:25,1352) bpfilter_umh (root,26204,8212,00:00:03/15-12:57:25,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/15-12:57:25,1359) ntpd: asynchronous dns resolver (spot,314188,199596,22:23:28/15-12:57:24,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/15-12:57:24,1371) (sd-pam) (checkmk,48528,3192,00:00:00/15-12:57:24,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/15-12:57:24,1373) (sd-pam) (root,24216,5268,00:00:05/15-12:57:22,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/15-12:57:22,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/15-12:57:22,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/15-12:57:19,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:53/15-12:57:18,1527) sshd: syslogtunnel (root,617868,70916,00:21:04/15-12:57:16,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,213440,49872,00:08:45/15-12:57:04,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/02:15:20,2076) [kworker/2:0-events] (postfix,44628,9336,00:00:00/9-18:32:39,2557) tlsmgr -l -t unix -u (root,0,0,00:00:02/05:22:12,2845) [kworker/0:2-events] (root,35308,10108,00:00:00/15-12:56:39,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:50/15-12:56:39,3218) sshd: cm-ssh (root,0,0,00:00:00/26:39,3630) [kworker/2:1-events] (root,0,0,00:00:00/08:02,5722) [kworker/3:0-ata_sff] (root,0,0,00:00:00/44:22,8954) [kworker/3:2-ata_sff] (root,0,0,00:00:00/02:01:49,9961) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:46:11,11304) [kworker/1:1-events] (root,0,0,00:00:00/49:26,15580) [kworker/1:0] (root,0,0,00:00:00/09:05:42,21313) [kworker/0:0-events] (root,0,0,00:00:00/02:51,22803) [kworker/3:1-events] (root,0,0,00:00:00/01:16:11,26431) [kworker/u8:1-writeback] (postfix,24244,8212,00:00:00/01:05:34,28252) pickup -l -t fifo -u (root,6656,3488,00:00:00/00:00,32648) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,32689) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,32690) /bin/bash /usr/bin/check_mk_agent (root,4480,1192,00:00:00/00:00,32691) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,788,00:00:00/00:00,32692) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,716,00:00:00/00:00,32693) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3480,00:00:00/00:00,32694) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,32712) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,32713) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-25 23:47 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ef0544ecFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:20/13-13:02:39,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-13:02:39,2) [kthreadd] (root,0,0,00:00:00/13-13:02:39,3) [rcu_gp] (root,0,0,00:00:00/13-13:02:39,4) [rcu_par_gp] (root,0,0,00:00:00/13-13:02:39,5) [slub_flushwq] (root,0,0,00:00:00/13-13:02:39,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-13:02:39,9) [mm_percpu_wq] (root,0,0,00:00:00/13-13:02:39,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-13:02:39,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-13:02:39,12) [rcu_tasks_trace] (root,0,0,00:00:24/13-13:02:39,13) [ksoftirqd/0] (root,0,0,00:37:18/13-13:02:39,14) [rcu_preempt] (root,0,0,00:00:05/13-13:02:39,15) [migration/0] (root,0,0,00:00:00/13-13:02:39,16) [idle_inject/0] (root,0,0,00:00:00/13-13:02:39,18) [cpuhp/0] (root,0,0,00:00:00/13-13:02:39,19) [cpuhp/1] (root,0,0,00:00:00/13-13:02:39,20) [idle_inject/1] (root,0,0,00:00:05/13-13:02:39,21) [migration/1] (root,0,0,00:00:20/13-13:02:39,22) [ksoftirqd/1] (root,0,0,00:00:00/13-13:02:39,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-13:02:39,25) [cpuhp/2] (root,0,0,00:00:00/13-13:02:39,26) [idle_inject/2] (root,0,0,00:00:03/13-13:02:39,27) [migration/2] (root,0,0,00:24:38/13-13:02:39,28) [ksoftirqd/2] (root,0,0,00:00:00/13-13:02:39,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-13:02:39,31) [cpuhp/3] (root,0,0,00:00:00/13-13:02:39,32) [idle_inject/3] (root,0,0,00:00:05/13-13:02:39,33) [migration/3] (root,0,0,00:01:11/13-13:02:39,34) [ksoftirqd/3] (root,0,0,00:00:00/13-13:02:39,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-13:02:39,40) [kdevtmpfs] (root,0,0,00:00:00/13-13:02:39,41) [netns] (root,0,0,00:00:00/13-13:02:39,42) [inet_frag_wq] (root,0,0,00:00:01/13-13:02:39,43) [kauditd] (root,0,0,00:00:00/13-13:02:39,44) [khungtaskd] (root,0,0,00:00:00/13-13:02:39,45) [oom_reaper] (root,0,0,00:00:00/13-13:02:39,46) [writeback] (root,0,0,00:00:41/13-13:02:39,47) [kcompactd0] (root,0,0,00:00:00/13-13:02:39,48) [ksmd] (root,0,0,00:00:44/13-13:02:39,49) [khugepaged] (root,0,0,00:00:00/13-13:02:39,75) [kintegrityd] (root,0,0,00:00:00/13-13:02:39,76) [kblockd] (root,0,0,00:00:00/13-13:02:39,77) [blkcg_punt_bio] (root,0,0,00:00:00/13-13:02:39,79) [tpm_dev_wq] (root,0,0,00:00:00/13-13:02:39,80) [edac-poller] (root,0,0,00:00:00/13-13:02:39,81) [devfreq_wq] (root,0,0,00:00:00/13-13:02:39,110) [watchdogd] (root,0,0,00:00:01/13-13:02:39,111) [kswapd0] (root,0,0,00:00:03/13-13:02:39,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/13-13:02:37,115) [kthrotld] (root,0,0,00:00:00/13-13:02:37,116) [mld] (root,0,0,00:00:00/13-13:02:37,117) [ipv6_addrconf] (root,0,0,00:00:03/13-13:02:37,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-13:02:37,123) [kstrp] (root,0,0,00:00:00/13-13:02:37,124) [zswap-shrink] (root,0,0,00:00:00/13-13:02:37,125) [kworker/u9:0] (root,0,0,00:00:00/13-13:02:37,130) [charger_manager] (root,0,0,00:00:04/13-13:02:37,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/13-13:02:37,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/13-13:02:36,239) [kaluad] (root,0,0,00:00:00/13-13:02:36,258) [kmpath_rdacd] (root,0,0,00:00:00/13-13:02:36,304) [kmpathd] (root,0,0,00:00:00/13-13:02:36,305) [kmpath_handlerd] (root,0,0,00:00:00/13-13:02:35,342) [ata_sff] (root,0,0,00:00:00/13-13:02:35,343) [scsi_eh_0] (root,0,0,00:00:00/13-13:02:35,344) [scsi_tmf_0] (root,0,0,00:00:00/13-13:02:35,345) [scsi_eh_1] (root,0,0,00:00:00/13-13:02:35,346) [scsi_tmf_1] (root,0,0,00:00:25/13-13:02:32,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-13:02:32,367) [ext4-rsv-conver] (root,38604,7616,00:00:12/13-13:02:20,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/13-13:02:19,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:21/13-13:02:17,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/13-13:01:46,511) /sbin/auditd (messagebus,22932,5912,00:00:16/13-13:01:45,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:10/13-13:01:45,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/13-13:01:45,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/13-13:01:43,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/13-13:01:43,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26172,00:00:15/13-13:01:29,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/13-13:01:29,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:25/13-13:01:29,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/13-13:01:29,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/13-13:01:29,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/13-13:01:29,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/13-13:01:29,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:13/13-13:01:29,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:54/13-13:01:29,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/13-13:01:29,1352) bpfilter_umh (root,26204,8212,00:00:02/13-13:01:29,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/13-13:01:29,1359) ntpd: asynchronous dns resolver (spot,305436,189728,18:43:38/13-13:01:28,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/13-13:01:28,1371) (sd-pam) (checkmk,48528,3192,00:00:00/13-13:01:28,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/13-13:01:28,1373) (sd-pam) (root,24216,5268,00:00:04/13-13:01:26,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/13-13:01:26,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/13-13:01:26,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/13-13:01:23,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:46/13-13:01:22,1527) sshd: syslogtunnel (root,617868,70668,00:18:15/13-13:01:20,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,48320,00:07:30/13-13:01:08,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/7-18:36:43,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/06:24,2894) [kworker/3:1-ata_sff] (root,35308,10108,00:00:00/13-13:00:43,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:43/13-13:00:43,3218) sshd: cm-ssh (root,0,0,00:00:00/01:44:21,5639) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/18:03,14597) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:01/02:08:54,14919) [kworker/1:0-events] (root,0,0,00:00:00/32:21,15998) [kworker/3:2-events] (root,0,0,00:00:00/02:57:32,16390) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/01:56:45,21914) [kworker/1:1-cgroup_destroy] (root,0,0,00:00:00/40:51,22455) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/01:14,22599) [kworker/3:0-ata_sff] (postfix,24244,8228,00:00:00/01:31:35,24772) pickup -l -t fifo -u (root,0,0,00:00:01/02:45:53,25621) [kworker/2:0-events] (root,6656,3480,00:00:00/00:00,26482) /bin/bash /usr/bin/check_mk_agent (root,13744,3520,00:00:00/00:00,26500) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,26501) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:20:05,29874) [kworker/0:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-23 23:51 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363de31c780Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:18/11-12:33:31,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-12:33:31,2) [kthreadd] (root,0,0,00:00:00/11-12:33:31,3) [rcu_gp] (root,0,0,00:00:00/11-12:33:31,4) [rcu_par_gp] (root,0,0,00:00:00/11-12:33:31,5) [slub_flushwq] (root,0,0,00:00:00/11-12:33:31,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-12:33:31,9) [mm_percpu_wq] (root,0,0,00:00:00/11-12:33:31,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-12:33:31,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-12:33:31,12) [rcu_tasks_trace] (root,0,0,00:00:20/11-12:33:31,13) [ksoftirqd/0] (root,0,0,00:31:40/11-12:33:31,14) [rcu_preempt] (root,0,0,00:00:04/11-12:33:31,15) [migration/0] (root,0,0,00:00:00/11-12:33:31,16) [idle_inject/0] (root,0,0,00:00:00/11-12:33:31,18) [cpuhp/0] (root,0,0,00:00:00/11-12:33:31,19) [cpuhp/1] (root,0,0,00:00:00/11-12:33:31,20) [idle_inject/1] (root,0,0,00:00:04/11-12:33:31,21) [migration/1] (root,0,0,00:00:17/11-12:33:31,22) [ksoftirqd/1] (root,0,0,00:00:00/11-12:33:31,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-12:33:31,25) [cpuhp/2] (root,0,0,00:00:00/11-12:33:31,26) [idle_inject/2] (root,0,0,00:00:03/11-12:33:31,27) [migration/2] (root,0,0,00:21:06/11-12:33:31,28) [ksoftirqd/2] (root,0,0,00:00:00/11-12:33:31,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-12:33:31,31) [cpuhp/3] (root,0,0,00:00:00/11-12:33:31,32) [idle_inject/3] (root,0,0,00:00:04/11-12:33:31,33) [migration/3] (root,0,0,00:01:00/11-12:33:31,34) [ksoftirqd/3] (root,0,0,00:00:00/11-12:33:31,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-12:33:31,40) [kdevtmpfs] (root,0,0,00:00:00/11-12:33:31,41) [netns] (root,0,0,00:00:00/11-12:33:31,42) [inet_frag_wq] (root,0,0,00:00:01/11-12:33:31,43) [kauditd] (root,0,0,00:00:00/11-12:33:31,44) [khungtaskd] (root,0,0,00:00:00/11-12:33:31,45) [oom_reaper] (root,0,0,00:00:00/11-12:33:31,46) [writeback] (root,0,0,00:00:34/11-12:33:31,47) [kcompactd0] (root,0,0,00:00:00/11-12:33:31,48) [ksmd] (root,0,0,00:00:37/11-12:33:31,49) [khugepaged] (root,0,0,00:00:00/11-12:33:31,75) [kintegrityd] (root,0,0,00:00:00/11-12:33:31,76) [kblockd] (root,0,0,00:00:00/11-12:33:31,77) [blkcg_punt_bio] (root,0,0,00:00:00/11-12:33:31,79) [tpm_dev_wq] (root,0,0,00:00:00/11-12:33:31,80) [edac-poller] (root,0,0,00:00:00/11-12:33:31,81) [devfreq_wq] (root,0,0,00:00:00/11-12:33:31,110) [watchdogd] (root,0,0,00:00:00/11-12:33:31,111) [kswapd0] (root,0,0,00:00:02/11-12:33:31,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-12:33:29,115) [kthrotld] (root,0,0,00:00:00/11-12:33:29,116) [mld] (root,0,0,00:00:00/11-12:33:29,117) [ipv6_addrconf] (root,0,0,00:00:03/11-12:33:29,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-12:33:29,123) [kstrp] (root,0,0,00:00:00/11-12:33:29,124) [zswap-shrink] (root,0,0,00:00:00/11-12:33:29,125) [kworker/u9:0] (root,0,0,00:00:00/11-12:33:29,130) [charger_manager] (root,0,0,00:00:03/11-12:33:29,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/11-12:33:29,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/11-12:33:28,239) [kaluad] (root,0,0,00:00:00/11-12:33:28,258) [kmpath_rdacd] (root,0,0,00:00:00/11-12:33:28,304) [kmpathd] (root,0,0,00:00:00/11-12:33:28,305) [kmpath_handlerd] (root,0,0,00:00:00/11-12:33:27,342) [ata_sff] (root,0,0,00:00:00/11-12:33:27,343) [scsi_eh_0] (root,0,0,00:00:00/11-12:33:27,344) [scsi_tmf_0] (root,0,0,00:00:00/11-12:33:27,345) [scsi_eh_1] (root,0,0,00:00:00/11-12:33:27,346) [scsi_tmf_1] (root,0,0,00:00:21/11-12:33:24,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-12:33:24,367) [ext4-rsv-conver] (root,38604,7616,00:00:10/11-12:33:12,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/11-12:33:11,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:17/11-12:33:09,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/11-12:32:38,511) /sbin/auditd (messagebus,22932,5912,00:00:14/11-12:32:37,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8380,00:00:08/11-12:32:37,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/11-12:32:37,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/11-12:32:35,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/11-12:32:35,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25104,00:00:13/11-12:32:21,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/11-12:32:21,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:12/11-12:32:21,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/11-12:32:21,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/11-12:32:21,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/11-12:32:21,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/11-12:32:21,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:11/11-12:32:21,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:37/11-12:32:21,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/11-12:32:21,1352) bpfilter_umh (root,26204,8212,00:00:02/11-12:32:21,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/11-12:32:21,1359) ntpd: asynchronous dns resolver (spot,292860,179064,15:30:29/11-12:32:20,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/11-12:32:20,1371) (sd-pam) (checkmk,48528,3192,00:00:00/11-12:32:20,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/11-12:32:20,1373) (sd-pam) (root,24216,5268,00:00:03/11-12:32:18,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/11-12:32:18,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/11-12:32:18,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/11-12:32:15,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:39/11-12:32:14,1527) sshd: syslogtunnel (root,617612,70248,00:15:30/11-12:32:12,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,211392,47284,00:06:18/11-12:32:00,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/08:27,2364) [kworker/3:0-ata_sff] (postfix,44628,9380,00:00:00/5-18:07:35,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/11-12:31:35,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:36/11-12:31:35,3218) sshd: cm-ssh (root,0,0,00:00:00/26:43,5235) [kworker/2:2-events] (root,0,0,00:00:03/22:42:04,7785) [kworker/2:1-events] (root,6656,3484,00:00:00/00:00,12613) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,12654) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,12655) /bin/bash /usr/bin/check_mk_agent (root,4480,1016,00:00:00/00:00,12656) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,792,00:00:00/00:00,12657) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,6656,3484,00:00:00/00:00,12658) /bin/bash /usr/bin/check_mk_agent (root,2680,656,00:00:00/00:00,12659) cat /proc/net/tcp /proc/net/tcp6 (root,13744,3500,00:00:00/00:00,12677) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,12678) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8224,00:00:00/01:23:22,13066) pickup -l -t fifo -u (root,0,0,00:00:00/06:10,14236) [kworker/u8:2-writeback] (root,0,0,00:00:00/05:30:38,19628) [kworker/0:1-events] (root,0,0,00:00:00/05:06:11,20763) [kworker/1:0-events] (root,0,0,00:00:00/51:42,24598) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/03:16,28033) [kworker/3:2-ata_sff] (root,0,0,00:00:01/04:05:54,28099) [kworker/1:2-events] (root,0,0,00:00:00/39:34,28318) [kworker/3:1-events] (root,0,0,00:00:01/03:41:45,29792) [kworker/0:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-21 23:22 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683631f6c20a6Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:15/9-11:23:53,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-11:23:53,2) [kthreadd] (root,0,0,00:00:00/9-11:23:53,3) [rcu_gp] (root,0,0,00:00:00/9-11:23:53,4) [rcu_par_gp] (root,0,0,00:00:00/9-11:23:53,5) [slub_flushwq] (root,0,0,00:00:00/9-11:23:53,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-11:23:53,9) [mm_percpu_wq] (root,0,0,00:00:00/9-11:23:53,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-11:23:53,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-11:23:53,12) [rcu_tasks_trace] (root,0,0,00:00:16/9-11:23:53,13) [ksoftirqd/0] (root,0,0,00:25:45/9-11:23:53,14) [rcu_preempt] (root,0,0,00:00:03/9-11:23:53,15) [migration/0] (root,0,0,00:00:00/9-11:23:53,16) [idle_inject/0] (root,0,0,00:00:00/9-11:23:53,18) [cpuhp/0] (root,0,0,00:00:00/9-11:23:53,19) [cpuhp/1] (root,0,0,00:00:00/9-11:23:53,20) [idle_inject/1] (root,0,0,00:00:03/9-11:23:53,21) [migration/1] (root,0,0,00:00:14/9-11:23:53,22) [ksoftirqd/1] (root,0,0,00:00:00/9-11:23:53,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-11:23:53,25) [cpuhp/2] (root,0,0,00:00:00/9-11:23:53,26) [idle_inject/2] (root,0,0,00:00:02/9-11:23:53,27) [migration/2] (root,0,0,00:17:23/9-11:23:53,28) [ksoftirqd/2] (root,0,0,00:00:00/9-11:23:53,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-11:23:53,31) [cpuhp/3] (root,0,0,00:00:00/9-11:23:53,32) [idle_inject/3] (root,0,0,00:00:03/9-11:23:53,33) [migration/3] (root,0,0,00:00:49/9-11:23:53,34) [ksoftirqd/3] (root,0,0,00:00:00/9-11:23:53,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-11:23:53,40) [kdevtmpfs] (root,0,0,00:00:00/9-11:23:53,41) [netns] (root,0,0,00:00:00/9-11:23:53,42) [inet_frag_wq] (root,0,0,00:00:01/9-11:23:53,43) [kauditd] (root,0,0,00:00:00/9-11:23:53,44) [khungtaskd] (root,0,0,00:00:00/9-11:23:53,45) [oom_reaper] (root,0,0,00:00:00/9-11:23:53,46) [writeback] (root,0,0,00:00:28/9-11:23:53,47) [kcompactd0] (root,0,0,00:00:00/9-11:23:53,48) [ksmd] (root,0,0,00:00:31/9-11:23:53,49) [khugepaged] (root,0,0,00:00:00/9-11:23:53,75) [kintegrityd] (root,0,0,00:00:00/9-11:23:53,76) [kblockd] (root,0,0,00:00:00/9-11:23:53,77) [blkcg_punt_bio] (root,0,0,00:00:00/9-11:23:53,79) [tpm_dev_wq] (root,0,0,00:00:00/9-11:23:53,80) [edac-poller] (root,0,0,00:00:00/9-11:23:53,81) [devfreq_wq] (root,0,0,00:00:00/9-11:23:53,110) [watchdogd] (root,0,0,00:00:00/9-11:23:53,111) [kswapd0] (root,0,0,00:00:02/9-11:23:53,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-11:23:51,115) [kthrotld] (root,0,0,00:00:00/9-11:23:51,116) [mld] (root,0,0,00:00:00/9-11:23:51,117) [ipv6_addrconf] (root,0,0,00:00:02/9-11:23:51,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-11:23:51,123) [kstrp] (root,0,0,00:00:00/9-11:23:51,124) [zswap-shrink] (root,0,0,00:00:00/9-11:23:51,125) [kworker/u9:0] (root,0,0,00:00:00/9-11:23:51,130) [charger_manager] (root,0,0,00:00:02/9-11:23:51,172) [kworker/1:1H-kblockd] (root,0,0,00:00:04/9-11:23:51,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/9-11:23:50,239) [kaluad] (root,0,0,00:00:00/9-11:23:50,258) [kmpath_rdacd] (root,0,0,00:00:00/9-11:23:50,304) [kmpathd] (root,0,0,00:00:00/9-11:23:50,305) [kmpath_handlerd] (root,0,0,00:00:00/9-11:23:49,342) [ata_sff] (root,0,0,00:00:00/9-11:23:49,343) [scsi_eh_0] (root,0,0,00:00:00/9-11:23:49,344) [scsi_tmf_0] (root,0,0,00:00:00/9-11:23:49,345) [scsi_eh_1] (root,0,0,00:00:00/9-11:23:49,346) [scsi_tmf_1] (root,0,0,00:00:17/9-11:23:46,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-11:23:46,367) [ext4-rsv-conver] (root,38604,7616,00:00:08/9-11:23:34,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/9-11:23:33,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:14/9-11:23:31,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/9-11:23:00,511) /sbin/auditd (messagebus,22932,5912,00:00:12/9-11:22:59,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8368,00:00:07/9-11:22:59,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/9-11:22:59,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/9-11:22:57,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/9-11:22:57,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,24840,00:00:10/9-11:22:43,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/9-11:22:43,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:01/9-11:22:43,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/9-11:22:43,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/9-11:22:43,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/9-11:22:43,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/9-11:22:43,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:09/9-11:22:43,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:20/9-11:22:43,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/9-11:22:43,1352) bpfilter_umh (root,26204,8212,00:00:01/9-11:22:43,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/9-11:22:43,1359) ntpd: asynchronous dns resolver (spot,294544,180360,12:17:32/9-11:22:42,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/9-11:22:42,1371) (sd-pam) (checkmk,48528,3192,00:00:00/9-11:22:42,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/9-11:22:42,1373) (sd-pam) (root,24216,5268,00:00:03/9-11:22:40,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/9-11:22:40,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/9-11:22:40,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/9-11:22:37,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:32/9-11:22:36,1527) sshd: syslogtunnel (root,617356,71960,00:12:41/9-11:22:34,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,45732,00:05:07/9-11:22:22,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/3-16:57:57,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/9-11:21:57,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:30/9-11:21:57,3218) sshd: cm-ssh (root,0,0,00:00:00/13:06,4425) [kworker/2:2-events] (root,0,0,00:00:00/01:15:12,9613) [kworker/1:0-events] (root,0,0,00:00:00/02:16:27,11212) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/21:18,12819) [kworker/3:1-events] (root,0,0,00:00:00/04:42:06,14431) [kworker/u8:0-writeback] (root,0,0,00:00:00/03:42:03,14915) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:01/03:28:30,15893) [kworker/0:0-mm_percpu_wq] (postfix,24244,8268,00:00:00/35:32,17707) pickup -l -t fifo -u (root,0,0,00:00:00/00:34,19885) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:03:01,20227) [kworker/0:1] (root,6656,3476,00:00:00/00:00,22833) /bin/bash /usr/bin/check_mk_agent (root,6656,3480,00:00:00/00:00,22851) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,22852) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,22853) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/06:41:57,26887) [kworker/1:2-events] (root,0,0,00:00:00/05:44,30549) [kworker/3:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-19 22:12 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d7bf47ccFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:12/7-11:52:55,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-11:52:55,2) [kthreadd] (root,0,0,00:00:00/7-11:52:55,3) [rcu_gp] (root,0,0,00:00:00/7-11:52:55,4) [rcu_par_gp] (root,0,0,00:00:00/7-11:52:55,5) [slub_flushwq] (root,0,0,00:00:00/7-11:52:55,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-11:52:55,9) [mm_percpu_wq] (root,0,0,00:00:00/7-11:52:55,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-11:52:55,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-11:52:55,12) [rcu_tasks_trace] (root,0,0,00:00:12/7-11:52:55,13) [ksoftirqd/0] (root,0,0,00:19:56/7-11:52:55,14) [rcu_preempt] (root,0,0,00:00:02/7-11:52:55,15) [migration/0] (root,0,0,00:00:00/7-11:52:55,16) [idle_inject/0] (root,0,0,00:00:00/7-11:52:55,18) [cpuhp/0] (root,0,0,00:00:00/7-11:52:55,19) [cpuhp/1] (root,0,0,00:00:00/7-11:52:55,20) [idle_inject/1] (root,0,0,00:00:03/7-11:52:55,21) [migration/1] (root,0,0,00:00:10/7-11:52:55,22) [ksoftirqd/1] (root,0,0,00:00:00/7-11:52:55,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-11:52:55,25) [cpuhp/2] (root,0,0,00:00:00/7-11:52:55,26) [idle_inject/2] (root,0,0,00:00:02/7-11:52:55,27) [migration/2] (root,0,0,00:13:10/7-11:52:55,28) [ksoftirqd/2] (root,0,0,00:00:00/7-11:52:55,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-11:52:55,31) [cpuhp/3] (root,0,0,00:00:00/7-11:52:55,32) [idle_inject/3] (root,0,0,00:00:02/7-11:52:55,33) [migration/3] (root,0,0,00:00:36/7-11:52:55,34) [ksoftirqd/3] (root,0,0,00:00:00/7-11:52:55,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-11:52:55,40) [kdevtmpfs] (root,0,0,00:00:00/7-11:52:55,41) [netns] (root,0,0,00:00:00/7-11:52:55,42) [inet_frag_wq] (root,0,0,00:00:00/7-11:52:55,43) [kauditd] (root,0,0,00:00:00/7-11:52:55,44) [khungtaskd] (root,0,0,00:00:00/7-11:52:55,45) [oom_reaper] (root,0,0,00:00:00/7-11:52:55,46) [writeback] (root,0,0,00:00:22/7-11:52:55,47) [kcompactd0] (root,0,0,00:00:00/7-11:52:55,48) [ksmd] (root,0,0,00:00:24/7-11:52:55,49) [khugepaged] (root,0,0,00:00:00/7-11:52:55,75) [kintegrityd] (root,0,0,00:00:00/7-11:52:55,76) [kblockd] (root,0,0,00:00:00/7-11:52:55,77) [blkcg_punt_bio] (root,0,0,00:00:00/7-11:52:55,79) [tpm_dev_wq] (root,0,0,00:00:00/7-11:52:55,80) [edac-poller] (root,0,0,00:00:00/7-11:52:55,81) [devfreq_wq] (root,0,0,00:00:00/7-11:52:55,110) [watchdogd] (root,0,0,00:00:00/7-11:52:55,111) [kswapd0] (root,0,0,00:00:01/7-11:52:55,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-11:52:53,115) [kthrotld] (root,0,0,00:00:00/7-11:52:53,116) [mld] (root,0,0,00:00:00/7-11:52:53,117) [ipv6_addrconf] (root,0,0,00:00:01/7-11:52:53,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-11:52:53,123) [kstrp] (root,0,0,00:00:00/7-11:52:53,124) [zswap-shrink] (root,0,0,00:00:00/7-11:52:53,125) [kworker/u9:0] (root,0,0,00:00:00/7-11:52:53,130) [charger_manager] (root,0,0,00:00:02/7-11:52:53,172) [kworker/1:1H-kblockd] (root,0,0,00:00:03/7-11:52:53,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/7-11:52:52,239) [kaluad] (root,0,0,00:00:00/7-11:52:52,258) [kmpath_rdacd] (root,0,0,00:00:00/7-11:52:52,304) [kmpathd] (root,0,0,00:00:00/7-11:52:52,305) [kmpath_handlerd] (root,0,0,00:00:00/7-11:52:51,342) [ata_sff] (root,0,0,00:00:00/7-11:52:51,343) [scsi_eh_0] (root,0,0,00:00:00/7-11:52:51,344) [scsi_tmf_0] (root,0,0,00:00:00/7-11:52:51,345) [scsi_eh_1] (root,0,0,00:00:00/7-11:52:51,346) [scsi_tmf_1] (root,0,0,00:00:13/7-11:52:48,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-11:52:48,367) [ext4-rsv-conver] (root,38604,7616,00:00:07/7-11:52:36,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/7-11:52:35,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:11/7-11:52:33,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/7-11:52:02,511) /sbin/auditd (messagebus,22932,5912,00:00:09/7-11:52:01,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:05/7-11:52:01,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/7-11:52:01,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,0,0,00:00:00/01:25,599) [kworker/1:2] (root,31704,17436,00:00:03/7-11:51:59,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/7-11:51:59,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,23800,00:00:08/7-11:51:45,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/7-11:51:45,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:46/7-11:51:45,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/7-11:51:45,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/7-11:51:45,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/7-11:51:45,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/7-11:51:45,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:08/7-11:51:45,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:02/7-11:51:45,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/7-11:51:45,1352) bpfilter_umh (root,26204,8212,00:00:01/7-11:51:45,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/7-11:51:45,1359) ntpd: asynchronous dns resolver (spot,290156,176720,09:11:05/7-11:51:44,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/7-11:51:44,1371) (sd-pam) (checkmk,48528,3192,00:00:00/7-11:51:44,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/7-11:51:44,1373) (sd-pam) (root,24216,5268,00:00:02/7-11:51:42,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/7-11:51:42,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/7-11:51:42,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/7-11:51:39,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:25/7-11:51:38,1527) sshd: syslogtunnel (root,617356,69812,00:09:57/7-11:51:36,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,44436,00:03:53/7-11:51:24,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/1-17:26:59,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/7-11:50:59,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:23/7-11:50:59,3218) sshd: cm-ssh (root,6656,3484,00:00:00/00:00,5912) /bin/bash /usr/bin/check_mk_agent (root,6656,3480,00:00:00/00:00,5937) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,5976) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,5977) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,6656,1820,00:00:00/00:00,5978) /bin/bash /usr/bin/check_mk_agent (root,0,0,00:00:01/08:38:08,6969) [kworker/0:2-events] (root,0,0,00:00:00/08:20,12166) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:22:43,12808) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/01:29:47,17990) [kworker/2:0-events] (root,0,0,00:00:01/06:03:06,18376) [kworker/2:2-events] (root,0,0,00:00:00/41:05,20009) [kworker/u8:2-writeback] (root,0,0,00:00:00/55:01,22475) [kworker/3:2-events] (root,0,0,00:00:00/03:08,25546) [kworker/3:1-ata_sff] (root,0,0,00:00:00/12:21,26012) [kworker/0:0-events] (root,0,0,00:00:00/23:52,27655) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/35:02,27803) [kworker/1:1-events] (postfix,24244,8296,00:00:00/01:26:37,29149) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-17 22:41 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836356a0a03fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:09/5-11:53:24,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-11:53:24,2) [kthreadd] (root,0,0,00:00:00/5-11:53:24,3) [rcu_gp] (root,0,0,00:00:00/5-11:53:24,4) [rcu_par_gp] (root,0,0,00:00:00/5-11:53:24,5) [slub_flushwq] (root,0,0,00:00:00/5-11:53:24,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-11:53:24,9) [mm_percpu_wq] (root,0,0,00:00:00/5-11:53:24,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-11:53:24,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-11:53:24,12) [rcu_tasks_trace] (root,0,0,00:00:09/5-11:53:24,13) [ksoftirqd/0] (root,0,0,00:14:10/5-11:53:24,14) [rcu_preempt] (root,0,0,00:00:02/5-11:53:24,15) [migration/0] (root,0,0,00:00:00/5-11:53:24,16) [idle_inject/0] (root,0,0,00:00:00/5-11:53:24,18) [cpuhp/0] (root,0,0,00:00:00/5-11:53:24,19) [cpuhp/1] (root,0,0,00:00:00/5-11:53:24,20) [idle_inject/1] (root,0,0,00:00:02/5-11:53:24,21) [migration/1] (root,0,0,00:00:07/5-11:53:24,22) [ksoftirqd/1] (root,0,0,00:00:00/5-11:53:24,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-11:53:24,25) [cpuhp/2] (root,0,0,00:00:00/5-11:53:24,26) [idle_inject/2] (root,0,0,00:00:01/5-11:53:24,27) [migration/2] (root,0,0,00:09:14/5-11:53:24,28) [ksoftirqd/2] (root,0,0,00:00:00/5-11:53:24,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-11:53:24,31) [cpuhp/3] (root,0,0,00:00:00/5-11:53:24,32) [idle_inject/3] (root,0,0,00:00:02/5-11:53:24,33) [migration/3] (root,0,0,00:00:25/5-11:53:24,34) [ksoftirqd/3] (root,0,0,00:00:00/5-11:53:24,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-11:53:24,40) [kdevtmpfs] (root,0,0,00:00:00/5-11:53:24,41) [netns] (root,0,0,00:00:00/5-11:53:24,42) [inet_frag_wq] (root,0,0,00:00:00/5-11:53:24,43) [kauditd] (root,0,0,00:00:00/5-11:53:24,44) [khungtaskd] (root,0,0,00:00:00/5-11:53:24,45) [oom_reaper] (root,0,0,00:00:00/5-11:53:24,46) [writeback] (root,0,0,00:00:15/5-11:53:24,47) [kcompactd0] (root,0,0,00:00:00/5-11:53:24,48) [ksmd] (root,0,0,00:00:16/5-11:53:24,49) [khugepaged] (root,0,0,00:00:00/5-11:53:24,75) [kintegrityd] (root,0,0,00:00:00/5-11:53:24,76) [kblockd] (root,0,0,00:00:00/5-11:53:24,77) [blkcg_punt_bio] (root,0,0,00:00:00/5-11:53:24,79) [tpm_dev_wq] (root,0,0,00:00:00/5-11:53:24,80) [edac-poller] (root,0,0,00:00:00/5-11:53:24,81) [devfreq_wq] (root,0,0,00:00:00/5-11:53:24,110) [watchdogd] (root,0,0,00:00:00/5-11:53:24,111) [kswapd0] (root,0,0,00:00:01/5-11:53:24,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-11:53:22,115) [kthrotld] (root,0,0,00:00:00/5-11:53:22,116) [mld] (root,0,0,00:00:00/5-11:53:22,117) [ipv6_addrconf] (root,0,0,00:00:01/5-11:53:22,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-11:53:22,123) [kstrp] (root,0,0,00:00:00/5-11:53:22,124) [zswap-shrink] (root,0,0,00:00:00/5-11:53:22,125) [kworker/u9:0] (root,0,0,00:00:00/5-11:53:22,130) [charger_manager] (root,0,0,00:00:01/5-11:53:22,172) [kworker/1:1H-kblockd] (root,0,0,00:00:02/5-11:53:22,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/5-11:53:21,239) [kaluad] (root,0,0,00:00:00/5-11:53:21,258) [kmpath_rdacd] (root,0,0,00:00:00/5-11:53:21,304) [kmpathd] (root,0,0,00:00:00/5-11:53:21,305) [kmpath_handlerd] (root,0,0,00:00:00/5-11:53:20,342) [ata_sff] (root,0,0,00:00:00/5-11:53:20,343) [scsi_eh_0] (root,0,0,00:00:00/5-11:53:20,344) [scsi_tmf_0] (root,0,0,00:00:00/5-11:53:20,345) [scsi_eh_1] (root,0,0,00:00:00/5-11:53:20,346) [scsi_tmf_1] (root,0,0,00:00:09/5-11:53:17,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-11:53:17,367) [ext4-rsv-conver] (root,38604,7616,00:00:05/5-11:53:05,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/5-11:53:04,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:08/5-11:53:02,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/5-11:52:31,511) /sbin/auditd (messagebus,22932,5912,00:00:07/5-11:52:30,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:04/5-11:52:30,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/5-11:52:30,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/5-11:52:28,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/5-11:52:28,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,23628,00:00:06/5-11:52:14,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/5-11:52:14,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:33/5-11:52:14,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/5-11:52:14,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/5-11:52:14,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/5-11:52:14,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/5-11:52:14,1343) /usr/lib/systemd/systemd --user (root,448964,8616,00:00:06/5-11:52:14,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:44/5-11:52:14,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/5-11:52:14,1352) bpfilter_umh (root,26204,8212,00:00:01/5-11:52:14,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/5-11:52:14,1359) ntpd: asynchronous dns resolver (spot,212476,174704,06:15:55/5-11:52:13,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/5-11:52:13,1371) (sd-pam) (checkmk,48528,3192,00:00:00/5-11:52:13,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/5-11:52:13,1373) (sd-pam) (root,24216,5268,00:00:01/5-11:52:11,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/5-11:52:11,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/5-11:52:11,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/5-11:52:08,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:18/5-11:52:07,1527) sshd: syslogtunnel (root,617100,69464,00:07:09/5-11:52:05,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/42:19,1947) [kworker/1:1-events] (spot,208320,43148,00:02:45/5-11:51:53,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/02:50,2273) [kworker/3:1-ata_sff] (root,35308,10108,00:00:00/5-11:51:28,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:17/5-11:51:28,3218) sshd: cm-ssh (root,6656,3488,00:00:00/00:00,7499) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,7540) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,7541) /bin/bash /usr/bin/check_mk_agent (root,4480,1184,00:00:00/00:00,7542) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,824,00:00:00/00:00,7543) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,660,00:00:00/00:00,7544) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3488,00:00:00/00:00,7545) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,7563) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,7564) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/22:05,8519) [kworker/u8:1-writeback] (root,0,0,00:00:00/08:00,15242) [kworker/3:2-ata_sff] (postfix,24244,8228,00:00:00/07:57,15243) pickup -l -t fifo -u (root,0,0,00:00:00/01:26:51,18842) [kworker/0:0-events] (root,0,0,00:00:00/04:33:55,19129) [kworker/0:1-events] (root,0,0,00:00:00/28:46,19687) [kworker/3:0-events] (root,0,0,00:00:00/04:12:00,20908) [kworker/2:1-events] (root,0,0,00:00:00/02:54:49,25521) [kworker/1:2-events] (root,0,0,00:00:00/08:46:37,28908) [kworker/u8:2-writeback] (root,0,0,00:00:00/53:59,31575) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-15 22:42 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639dbfa7ceFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:07/3-11:05:57,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-11:05:57,2) [kthreadd] (root,0,0,00:00:00/3-11:05:57,3) [rcu_gp] (root,0,0,00:00:00/3-11:05:57,4) [rcu_par_gp] (root,0,0,00:00:00/3-11:05:57,5) [slub_flushwq] (root,0,0,00:00:00/3-11:05:57,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-11:05:57,9) [mm_percpu_wq] (root,0,0,00:00:00/3-11:05:57,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-11:05:57,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-11:05:57,12) [rcu_tasks_trace] (root,0,0,00:00:05/3-11:05:57,13) [ksoftirqd/0] (root,0,0,00:08:51/3-11:05:57,14) [rcu_preempt] (root,0,0,00:00:01/3-11:05:57,15) [migration/0] (root,0,0,00:00:00/3-11:05:57,16) [idle_inject/0] (root,0,0,00:00:00/3-11:05:57,18) [cpuhp/0] (root,0,0,00:00:00/3-11:05:57,19) [cpuhp/1] (root,0,0,00:00:00/3-11:05:57,20) [idle_inject/1] (root,0,0,00:00:01/3-11:05:57,21) [migration/1] (root,0,0,00:00:04/3-11:05:57,22) [ksoftirqd/1] (root,0,0,00:00:00/3-11:05:57,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-11:05:57,25) [cpuhp/2] (root,0,0,00:00:00/3-11:05:57,26) [idle_inject/2] (root,0,0,00:00:01/3-11:05:57,27) [migration/2] (root,0,0,00:05:59/3-11:05:57,28) [ksoftirqd/2] (root,0,0,00:00:00/3-11:05:57,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-11:05:57,31) [cpuhp/3] (root,0,0,00:00:00/3-11:05:57,32) [idle_inject/3] (root,0,0,00:00:01/3-11:05:57,33) [migration/3] (root,0,0,00:00:16/3-11:05:57,34) [ksoftirqd/3] (root,0,0,00:00:00/3-11:05:57,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-11:05:57,40) [kdevtmpfs] (root,0,0,00:00:00/3-11:05:57,41) [netns] (root,0,0,00:00:00/3-11:05:57,42) [inet_frag_wq] (root,0,0,00:00:00/3-11:05:57,43) [kauditd] (root,0,0,00:00:00/3-11:05:57,44) [khungtaskd] (root,0,0,00:00:00/3-11:05:57,45) [oom_reaper] (root,0,0,00:00:00/3-11:05:57,46) [writeback] (root,0,0,00:00:09/3-11:05:57,47) [kcompactd0] (root,0,0,00:00:00/3-11:05:57,48) [ksmd] (root,0,0,00:00:10/3-11:05:57,49) [khugepaged] (root,0,0,00:00:00/3-11:05:57,75) [kintegrityd] (root,0,0,00:00:00/3-11:05:57,76) [kblockd] (root,0,0,00:00:00/3-11:05:57,77) [blkcg_punt_bio] (root,0,0,00:00:00/3-11:05:57,79) [tpm_dev_wq] (root,0,0,00:00:00/3-11:05:57,80) [edac-poller] (root,0,0,00:00:00/3-11:05:57,81) [devfreq_wq] (root,0,0,00:00:00/3-11:05:57,110) [watchdogd] (root,0,0,00:00:00/3-11:05:57,111) [kswapd0] (root,0,0,00:00:00/3-11:05:57,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-11:05:55,115) [kthrotld] (root,0,0,00:00:00/3-11:05:55,116) [mld] (root,0,0,00:00:00/3-11:05:55,117) [ipv6_addrconf] (root,0,0,00:00:00/3-11:05:55,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-11:05:55,123) [kstrp] (root,0,0,00:00:00/3-11:05:55,124) [zswap-shrink] (root,0,0,00:00:00/3-11:05:55,125) [kworker/u9:0] (root,0,0,00:00:00/3-11:05:55,130) [charger_manager] (root,0,0,00:00:00/3-11:05:55,172) [kworker/1:1H-kblockd] (root,0,0,00:00:01/3-11:05:55,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-11:05:54,239) [kaluad] (root,0,0,00:00:00/3-11:05:54,258) [kmpath_rdacd] (root,0,0,00:00:00/3-11:05:54,304) [kmpathd] (root,0,0,00:00:00/3-11:05:54,305) [kmpath_handlerd] (root,0,0,00:00:00/3-11:05:53,342) [ata_sff] (root,0,0,00:00:00/3-11:05:53,343) [scsi_eh_0] (root,0,0,00:00:00/3-11:05:53,344) [scsi_tmf_0] (root,0,0,00:00:00/3-11:05:53,345) [scsi_eh_1] (root,0,0,00:00:00/3-11:05:53,346) [scsi_tmf_1] (root,0,0,00:00:05/3-11:05:50,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-11:05:50,367) [ext4-rsv-conver] (root,38604,7616,00:00:03/3-11:05:38,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/3-11:05:37,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:05/3-11:05:35,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/3-11:05:04,511) /sbin/auditd (messagebus,22932,5912,00:00:04/3-11:05:03,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8356,00:00:02/3-11:05:03,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/3-11:05:03,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/3-11:05:01,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/3-11:05:01,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22784,00:00:04/3-11:04:47,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/3-11:04:47,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:21/3-11:04:47,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/3-11:04:47,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/3-11:04:47,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/3-11:04:47,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/3-11:04:47,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:04/3-11:04:47,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:27/3-11:04:47,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/3-11:04:47,1352) bpfilter_umh (root,26204,8212,00:00:00/3-11:04:47,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/3-11:04:47,1359) ntpd: asynchronous dns resolver (spot,206044,169212,04:00:28/3-11:04:46,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/3-11:04:46,1371) (sd-pam) (checkmk,48528,3192,00:00:00/3-11:04:46,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/3-11:04:46,1373) (sd-pam) (root,24216,5268,00:00:01/3-11:04:44,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/3-11:04:44,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/3-11:04:44,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/3-11:04:41,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:11/3-11:04:40,1527) sshd: syslogtunnel (root,615564,69936,00:04:31/3-11:04:38,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41868,00:01:47/3-11:04:26,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/06:32:38,2276) [kworker/1:2-events] (root,35308,10108,00:00:00/3-11:04:01,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:10/3-11:04:01,3218) sshd: cm-ssh (root,0,0,00:00:00/12:53,4067) [kworker/1:1] (root,0,0,00:00:00/04:19,4576) [kworker/3:2-ata_sff] (root,0,0,00:00:01/06:16:35,5266) [kworker/2:1-events] (postfix,24244,8264,00:00:00/01:22:30,8312) pickup -l -t fifo -u (root,0,0,00:00:00/01:30:17,11441) [kworker/0:2-events] (root,0,0,00:00:00/02:25:16,13615) [kworker/2:2] (root,0,0,00:00:00/25:03,15073) [kworker/3:0-events] (root,0,0,00:00:00/24:35,16927) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/09:29,18524) [kworker/3:1-ata_sff] (root,6656,3488,00:00:00/00:00,19191) /bin/bash /usr/bin/check_mk_agent (root,13744,3412,00:00:00/00:00,19209) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,19210) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/31:31,22015) [kworker/u8:1-flush-253:0] (root,0,0,00:00:02/16:09:51,28478) [kworker/0:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-13 21:54 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639074e42dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:04/1-13:52:27,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-13:52:27,2) [kthreadd] (root,0,0,00:00:00/1-13:52:27,3) [rcu_gp] (root,0,0,00:00:00/1-13:52:27,4) [rcu_par_gp] (root,0,0,00:00:00/1-13:52:27,5) [slub_flushwq] (root,0,0,00:00:00/1-13:52:27,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-13:52:27,9) [mm_percpu_wq] (root,0,0,00:00:00/1-13:52:27,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-13:52:27,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-13:52:27,12) [rcu_tasks_trace] (root,0,0,00:00:02/1-13:52:27,13) [ksoftirqd/0] (root,0,0,00:04:10/1-13:52:27,14) [rcu_preempt] (root,0,0,00:00:00/1-13:52:27,15) [migration/0] (root,0,0,00:00:00/1-13:52:27,16) [idle_inject/0] (root,0,0,00:00:00/1-13:52:27,18) [cpuhp/0] (root,0,0,00:00:00/1-13:52:27,19) [cpuhp/1] (root,0,0,00:00:00/1-13:52:27,20) [idle_inject/1] (root,0,0,00:00:00/1-13:52:27,21) [migration/1] (root,0,0,00:00:02/1-13:52:27,22) [ksoftirqd/1] (root,0,0,00:00:00/1-13:52:27,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-13:52:27,25) [cpuhp/2] (root,0,0,00:00:00/1-13:52:27,26) [idle_inject/2] (root,0,0,00:00:00/1-13:52:27,27) [migration/2] (root,0,0,00:02:42/1-13:52:27,28) [ksoftirqd/2] (root,0,0,00:00:00/1-13:52:27,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-13:52:27,31) [cpuhp/3] (root,0,0,00:00:00/1-13:52:27,32) [idle_inject/3] (root,0,0,00:00:00/1-13:52:27,33) [migration/3] (root,0,0,00:00:08/1-13:52:27,34) [ksoftirqd/3] (root,0,0,00:00:00/1-13:52:27,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-13:52:27,40) [kdevtmpfs] (root,0,0,00:00:00/1-13:52:27,41) [netns] (root,0,0,00:00:00/1-13:52:27,42) [inet_frag_wq] (root,0,0,00:00:00/1-13:52:27,43) [kauditd] (root,0,0,00:00:00/1-13:52:27,44) [khungtaskd] (root,0,0,00:00:00/1-13:52:27,45) [oom_reaper] (root,0,0,00:00:00/1-13:52:27,46) [writeback] (root,0,0,00:00:04/1-13:52:27,47) [kcompactd0] (root,0,0,00:00:00/1-13:52:27,48) [ksmd] (root,0,0,00:00:05/1-13:52:27,49) [khugepaged] (root,0,0,00:00:00/1-13:52:27,75) [kintegrityd] (root,0,0,00:00:00/1-13:52:27,76) [kblockd] (root,0,0,00:00:00/1-13:52:27,77) [blkcg_punt_bio] (root,0,0,00:00:00/1-13:52:27,79) [tpm_dev_wq] (root,0,0,00:00:00/1-13:52:27,80) [edac-poller] (root,0,0,00:00:00/1-13:52:27,81) [devfreq_wq] (root,0,0,00:00:00/1-13:52:27,110) [watchdogd] (root,0,0,00:00:00/1-13:52:27,111) [kswapd0] (root,0,0,00:00:00/1-13:52:27,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-13:52:25,115) [kthrotld] (root,0,0,00:00:00/1-13:52:25,116) [mld] (root,0,0,00:00:00/1-13:52:25,117) [ipv6_addrconf] (root,0,0,00:00:00/1-13:52:25,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-13:52:25,123) [kstrp] (root,0,0,00:00:00/1-13:52:25,124) [zswap-shrink] (root,0,0,00:00:00/1-13:52:25,125) [kworker/u9:0] (root,0,0,00:00:00/1-13:52:25,130) [charger_manager] (root,0,0,00:00:00/1-13:52:25,172) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-13:52:25,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-13:52:24,239) [kaluad] (root,0,0,00:00:00/1-13:52:24,258) [kmpath_rdacd] (root,0,0,00:00:00/1-13:52:24,304) [kmpathd] (root,0,0,00:00:00/1-13:52:24,305) [kmpath_handlerd] (root,0,0,00:00:00/1-13:52:23,342) [ata_sff] (root,0,0,00:00:00/1-13:52:23,343) [scsi_eh_0] (root,0,0,00:00:00/1-13:52:23,344) [scsi_tmf_0] (root,0,0,00:00:00/1-13:52:23,345) [scsi_eh_1] (root,0,0,00:00:00/1-13:52:23,346) [scsi_tmf_1] (root,0,0,00:00:02/1-13:52:20,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-13:52:20,367) [ext4-rsv-conver] (root,38604,7616,00:00:01/1-13:52:08,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/1-13:52:07,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:02/1-13:52:05,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/1-13:51:34,511) /sbin/auditd (messagebus,22932,5912,00:00:02/1-13:51:33,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:01/1-13:51:33,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/1-13:51:33,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/1-13:51:31,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/1-13:51:31,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22256,00:00:02/1-13:51:17,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/1-13:51:17,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:10/1-13:51:17,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/1-13:51:17,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/1-13:51:17,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/1-13:51:17,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/1-13:51:17,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:02/1-13:51:17,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:12/1-13:51:17,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/1-13:51:17,1352) bpfilter_umh (root,26204,8212,00:00:00/1-13:51:17,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/1-13:51:17,1359) ntpd: asynchronous dns resolver (spot,204748,167868,02:02:20/1-13:51:16,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/1-13:51:16,1371) (sd-pam) (checkmk,48528,3192,00:00:00/1-13:51:16,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/1-13:51:16,1373) (sd-pam) (root,24216,5268,00:00:00/1-13:51:14,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/1-13:51:14,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/1-13:51:14,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/1-13:51:11,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:05/1-13:51:10,1527) sshd: syslogtunnel (root,615564,69636,00:02:08/1-13:51:08,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/01:45:37,1585) [kworker/u8:0-flush-253:0] (spot,206272,41356,00:00:51/1-13:50:56,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/1-13:50:31,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:04/1-13:50:31,3218) sshd: cm-ssh (postfix,24244,8204,00:00:00/01:10:49,5964) pickup -l -t fifo -u (root,0,0,00:00:00/09:26,9104) [kworker/3:1-events] (root,0,0,00:00:01/02:03:35,10989) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:28:30,11820) [kworker/2:2-events] (root,0,0,00:00:00/04:16,16816) [kworker/3:0-ata_sff] (root,0,0,00:00:00/02:01:49,17596) [kworker/0:0-events] (root,6656,3488,00:00:00/00:00,22493) /bin/bash /usr/bin/check_mk_agent (root,13744,3464,00:00:00/00:00,22511) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,22512) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/03:01:06,22963) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:08/07:51:49,25188) [kworker/1:2-events] (root,0,0,00:00:00/44:33,27435) [kworker/2:0-events] (root,0,0,00:00:00/21:04,27675) [kworker/1:1] (root,0,0,00:00:01/05:08:18,31079) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-12 00:41 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ff0dcb64Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12528,00:00:03/18:43:12,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/18:43:12,2) [kthreadd] (root,0,0,00:00:00/18:43:12,3) [rcu_gp] (root,0,0,00:00:00/18:43:12,4) [rcu_par_gp] (root,0,0,00:00:00/18:43:12,5) [slub_flushwq] (root,0,0,00:00:00/18:43:12,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/18:43:12,9) [mm_percpu_wq] (root,0,0,00:00:00/18:43:12,10) [rcu_tasks_kthre] (root,0,0,00:00:00/18:43:12,11) [rcu_tasks_rude_] (root,0,0,00:00:00/18:43:12,12) [rcu_tasks_trace] (root,0,0,00:00:01/18:43:12,13) [ksoftirqd/0] (root,0,0,00:02:06/18:43:12,14) [rcu_preempt] (root,0,0,00:00:00/18:43:12,15) [migration/0] (root,0,0,00:00:00/18:43:12,16) [idle_inject/0] (root,0,0,00:00:00/18:43:12,18) [cpuhp/0] (root,0,0,00:00:00/18:43:12,19) [cpuhp/1] (root,0,0,00:00:00/18:43:12,20) [idle_inject/1] (root,0,0,00:00:00/18:43:12,21) [migration/1] (root,0,0,00:00:00/18:43:12,22) [ksoftirqd/1] (root,0,0,00:00:00/18:43:12,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/18:43:12,25) [cpuhp/2] (root,0,0,00:00:00/18:43:12,26) [idle_inject/2] (root,0,0,00:00:00/18:43:12,27) [migration/2] (root,0,0,00:01:28/18:43:12,28) [ksoftirqd/2] (root,0,0,00:00:00/18:43:12,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/18:43:12,31) [cpuhp/3] (root,0,0,00:00:00/18:43:12,32) [idle_inject/3] (root,0,0,00:00:00/18:43:12,33) [migration/3] (root,0,0,00:00:04/18:43:12,34) [ksoftirqd/3] (root,0,0,00:00:00/18:43:12,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/18:43:12,40) [kdevtmpfs] (root,0,0,00:00:00/18:43:12,41) [netns] (root,0,0,00:00:00/18:43:12,42) [inet_frag_wq] (root,0,0,00:00:00/18:43:12,43) [kauditd] (root,0,0,00:00:00/18:43:12,44) [khungtaskd] (root,0,0,00:00:00/18:43:12,45) [oom_reaper] (root,0,0,00:00:00/18:43:12,46) [writeback] (root,0,0,00:00:02/18:43:12,47) [kcompactd0] (root,0,0,00:00:00/18:43:12,48) [ksmd] (root,0,0,00:00:02/18:43:12,49) [khugepaged] (root,0,0,00:00:00/18:43:12,75) [kintegrityd] (root,0,0,00:00:00/18:43:12,76) [kblockd] (root,0,0,00:00:00/18:43:12,77) [blkcg_punt_bio] (root,0,0,00:00:00/18:43:12,79) [tpm_dev_wq] (root,0,0,00:00:00/18:43:12,80) [edac-poller] (root,0,0,00:00:00/18:43:12,81) [devfreq_wq] (root,0,0,00:00:00/18:43:12,110) [watchdogd] (root,0,0,00:00:00/18:43:12,111) [kswapd0] (root,0,0,00:00:00/18:43:12,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/18:43:10,115) [kthrotld] (root,0,0,00:00:00/18:43:10,116) [mld] (root,0,0,00:00:00/18:43:10,117) [ipv6_addrconf] (root,0,0,00:00:00/18:43:10,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/18:43:10,123) [kstrp] (root,0,0,00:00:00/18:43:10,124) [zswap-shrink] (root,0,0,00:00:00/18:43:10,125) [kworker/u9:0] (root,0,0,00:00:00/18:43:10,130) [charger_manager] (root,0,0,00:00:00/18:43:10,172) [kworker/1:1H-kblockd] (root,0,0,00:00:00/18:43:10,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/18:43:09,239) [kaluad] (root,0,0,00:00:00/18:43:09,258) [kmpath_rdacd] (root,0,0,00:00:00/18:43:09,304) [kmpathd] (root,0,0,00:00:00/18:43:09,305) [kmpath_handlerd] (root,0,0,00:00:00/18:43:08,342) [ata_sff] (root,0,0,00:00:00/18:43:08,343) [scsi_eh_0] (root,0,0,00:00:00/18:43:08,344) [scsi_tmf_0] (root,0,0,00:00:00/18:43:08,345) [scsi_eh_1] (root,0,0,00:00:00/18:43:08,346) [scsi_tmf_1] (root,0,0,00:00:01/18:43:05,366) [jbd2/vda1-8] (root,0,0,00:00:00/18:43:05,367) [ext4-rsv-conver] (root,38604,7616,00:00:00/18:42:53,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/18:42:52,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:01/18:42:50,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/18:42:19,511) /sbin/auditd (messagebus,22932,5912,00:00:01/18:42:18,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8324,00:00:00/18:42:18,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/18:42:18,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/18:42:16,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/18:42:16,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22256,00:00:01/18:42:02,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/18:42:02,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:02/18:42:02,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/18:42:02,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/18:42:02,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/18:42:02,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/18:42:02,1343) /usr/lib/systemd/systemd --user (root,448724,7512,00:00:01/18:42:02,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:06/18:42:02,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/18:42:02,1352) bpfilter_umh (root,26204,8212,00:00:00/18:42:02,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/18:42:02,1359) ntpd: asynchronous dns resolver (spot,192140,155104,01:06:35/18:42:01,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/18:42:01,1371) (sd-pam) (checkmk,48528,3192,00:00:00/18:42:01,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/18:42:01,1373) (sd-pam) (root,24216,5268,00:00:00/18:41:59,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/18:41:59,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/18:41:59,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/18:41:56,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:02/18:41:55,1527) sshd: syslogtunnel (root,615564,67536,00:01:05/18:41:53,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41064,00:00:26/18:41:41,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/06:49,2807) [kworker/3:2-ata_sff] (root,35308,10108,00:00:00/18:41:16,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:02/18:41:16,3218) sshd: cm-ssh (root,0,0,00:00:00/01:37,6086) [kworker/3:1-ata_sff] (root,6656,3488,00:00:00/00:00,7629) /bin/bash /usr/bin/check_mk_agent (root,13744,3524,00:00:00/00:00,7647) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,7648) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:14:15,7659) [kworker/3:0-events] (root,0,0,00:00:01/05:10:03,12661) [kworker/0:1-events] (root,0,0,00:00:00/51:10,13353) [kworker/1:0] (root,0,0,00:00:00/01:12:14,13479) [kworker/0:0-events] (root,0,0,00:00:03/03:26:59,21206) [kworker/1:2-events] (root,0,0,00:00:00/01:23:02,21448) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/03:26:57,21526) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/01:22:53,22046) [kworker/2:1] (root,0,0,00:00:01/04:47:36,26524) [kworker/2:0-events] (postfix,24244,8220,00:00:00/22:14,28550) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-11 05:31
-
SSH is potenitally vulnerable
WARNING: This plugin will generate false positive and is purely informative:
regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (CVE-2024-6387)
First seen 2024-09-09 11:59
Last seen 2024-12-19 22:45
Open for 101 days-
Severity: info
Fingerprint: 3f43e0ebb5dce37ab8b59eb5ffe8ab2b0c11d8260c11d8260c11d8260c11d826Found potentially vulnerable SSH version: SSH-2.0-OpenSSH_4.3 WARNING, RISK IS ESTIMATED FALSE POSITIVE ARE LIKELY
Found on 2024-12-19 22:45
-
-
Open service 141.9.169.62:22
2024-12-19 22:45
Found 3 days ago by SSHOpenPluginCreate report
-
Open service 141.9.169.62:22
2024-12-15 23:29
Found 2024-12-15 by SSHOpenPluginCreate report
-
Open service 141.9.169.62:22
2024-12-12 00:01
Found 2024-12-12 by SSHOpenPluginCreate report
-
Open service 141.9.169.62:22
2024-11-29 22:00
Found 2024-11-29 by SSHOpenPluginCreate report
-
Open service 141.9.169.62:22
2024-11-28 00:18
Found 2024-11-28 by SSHOpenPluginCreate report
Domain summary
No record