Host 141.9.169.97
Germany
Verein zur Foerderung eines Deutschen Forschungsnetzes e.V.
-
CheckMK monitoring endpoint publicly available
An open CheckMK agent is publicly available.
This could leak sensitive information such as :
- Process list ( maybe credentials )
- Network interfaces
- Running services
- Firewall rules
- Internal OS configuration
https://docs.checkmk.com/latest/en/wato_monitoringagents.html
First seen 2024-09-11 01:01
Last seen 2024-12-22 00:58
Open for 101 days-
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683632856755bFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12584,00:01:36/39-14:36:27,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-14:36:27,2) [kthreadd] (root,0,0,00:00:00/39-14:36:27,3) [rcu_gp] (root,0,0,00:00:00/39-14:36:27,4) [rcu_par_gp] (root,0,0,00:00:00/39-14:36:27,5) [slub_flushwq] (root,0,0,00:00:00/39-14:36:27,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-14:36:27,9) [mm_percpu_wq] (root,0,0,00:00:00/39-14:36:27,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-14:36:27,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-14:36:27,12) [rcu_tasks_trace] (root,0,0,00:01:15/39-14:36:27,13) [ksoftirqd/0] (root,0,0,01:45:18/39-14:36:27,14) [rcu_preempt] (root,0,0,00:00:15/39-14:36:27,15) [migration/0] (root,0,0,00:00:00/39-14:36:27,16) [idle_inject/0] (root,0,0,00:00:00/39-14:36:27,18) [cpuhp/0] (root,0,0,00:00:00/39-14:36:27,19) [cpuhp/1] (root,0,0,00:00:00/39-14:36:27,20) [idle_inject/1] (root,0,0,00:00:15/39-14:36:27,21) [migration/1] (root,0,0,00:01:05/39-14:36:27,22) [ksoftirqd/1] (root,0,0,00:00:00/39-14:36:27,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-14:36:27,25) [cpuhp/2] (root,0,0,00:00:00/39-14:36:27,26) [idle_inject/2] (root,0,0,00:00:12/39-14:36:27,27) [migration/2] (root,0,0,01:14:06/39-14:36:27,28) [ksoftirqd/2] (root,0,0,00:00:00/39-14:36:27,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-14:36:27,31) [cpuhp/3] (root,0,0,00:00:00/39-14:36:27,32) [idle_inject/3] (root,0,0,00:00:14/39-14:36:27,33) [migration/3] (root,0,0,00:03:31/39-14:36:27,34) [ksoftirqd/3] (root,0,0,00:00:00/39-14:36:27,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-14:36:27,39) [kdevtmpfs] (root,0,0,00:00:00/39-14:36:27,40) [netns] (root,0,0,00:00:00/39-14:36:27,41) [inet_frag_wq] (root,0,0,00:00:09/39-14:36:27,42) [kauditd] (root,0,0,00:00:00/39-14:36:27,43) [khungtaskd] (root,0,0,00:00:00/39-14:36:27,44) [oom_reaper] (root,0,0,00:00:00/39-14:36:27,45) [writeback] (root,0,0,00:01:56/39-14:36:27,46) [kcompactd0] (root,0,0,00:00:00/39-14:36:27,47) [ksmd] (root,0,0,00:01:57/39-14:36:27,48) [khugepaged] (root,0,0,00:00:00/39-14:36:27,74) [kintegrityd] (root,0,0,00:00:00/39-14:36:27,75) [kblockd] (root,0,0,00:00:00/39-14:36:27,76) [blkcg_punt_bio] (root,0,0,00:00:00/39-14:36:27,78) [tpm_dev_wq] (root,0,0,00:00:00/39-14:36:27,79) [edac-poller] (root,0,0,00:00:00/39-14:36:27,80) [devfreq_wq] (root,0,0,00:00:00/39-14:36:27,110) [watchdogd] (root,0,0,00:00:08/39-14:36:27,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/39-14:36:27,112) [kswapd0] (root,0,0,00:00:00/39-14:36:26,114) [kthrotld] (root,0,0,00:00:00/39-14:36:26,115) [mld] (root,0,0,00:00:00/39-14:36:26,116) [ipv6_addrconf] (root,0,0,00:00:17/39-14:36:26,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/39-14:36:26,122) [kstrp] (root,0,0,00:00:00/39-14:36:26,123) [zswap-shrink] (root,0,0,00:00:00/39-14:36:26,124) [kworker/u9:0] (root,0,0,00:00:00/39-14:36:26,129) [charger_manager] (root,0,0,00:00:08/39-14:36:25,172) [kworker/3:1H-kblockd] (root,0,0,00:00:09/39-14:36:25,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-14:36:25,205) [kaluad] (root,0,0,00:00:00/39-14:36:25,250) [kmpath_rdacd] (root,0,0,00:00:00/39-14:36:25,293) [kmpathd] (root,0,0,00:00:00/39-14:36:25,294) [kmpath_handlerd] (root,0,0,00:00:00/39-14:36:25,342) [ata_sff] (root,0,0,00:00:00/39-14:36:24,343) [scsi_eh_0] (root,0,0,00:00:00/39-14:36:24,344) [scsi_tmf_0] (root,0,0,00:00:00/39-14:36:24,345) [scsi_eh_1] (root,0,0,00:00:00/39-14:36:24,346) [scsi_tmf_1] (root,0,0,00:01:05/39-14:36:22,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-14:36:22,367) [ext4-rsv-conver] (root,38604,7788,00:00:54/39-14:36:10,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/39-14:36:09,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:59/39-14:36:07,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:19/39-14:35:33,512) /sbin/auditd (messagebus,22936,5548,00:01:45/39-14:35:33,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:01:01/39-14:35:33,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/39-14:35:33,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/39-14:35:32,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/39-14:35:32,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:44/39-14:35:18,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/39-14:35:18,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:45/39-14:35:17,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/39-14:35:17,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/39-14:35:17,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/39-14:35:17,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/39-14:35:17,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:50/39-14:35:17,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:23/39-14:35:17,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/39-14:35:17,1206) bpfilter_umh (root,26204,8212,00:00:16/39-14:35:17,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/39-14:35:17,1215) ntpd: asynchronous dns resolver (spot,299440,183084,2-02:58:40/39-14:35:17,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/39-14:35:16,1228) (sd-pam) (checkmk,48532,3192,00:00:00/39-14:35:16,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/39-14:35:16,1245) (sd-pam) (root,24216,5344,00:00:13/39-14:35:15,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/39-14:35:15,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/39-14:35:14,1354) /usr/sbin/cron -n (root,698484,82656,00:51:44/39-14:35:08,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,66924,00:17:03/39-14:34:54,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/01:59:16,2674) [kworker/0:2-events] (root,0,0,00:00:00/39:57,5528) [kworker/1:2-events] (root,0,0,00:00:00/05:44,7221) [kworker/3:0-events] (root,0,0,00:00:00/01:33:32,9266) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/01:45,10883) [kworker/0:1] (root,0,0,00:00:00/24:45,12385) [kworker/0:0-cgroup_destroy] (postfix,24244,8292,00:00:00/03:46,13685) pickup -l -t fifo -u (root,0,0,00:00:00/02:07:18,15256) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/33-12:26:10,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:51/33-12:26:09,15391) sshd: cm-ssh (root,0,0,00:00:00/03:38,15706) [kworker/1:1-ata_sff] (root,35308,10072,00:00:00/23-13:54:48,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:22/23-13:54:47,16977) sshd: syslogtunnel (root,0,0,00:00:00/44:46,19043) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/12:08,24965) [kworker/2:0-events] (root,0,0,00:00:00/20:39,29419) [kworker/2:2-cgroup_destroy] (postfix,44628,9272,00:00:01/33-19:11:55,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/08:51,31013) [kworker/1:0-ata_sff] (root,6656,3492,00:00:00/00:00,32108) /bin/bash /usr/bin/check_mk_agent (root,13744,3380,00:00:00/00:00,32126) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,32127) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-22 00:58 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b3c1617eFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:26/37-14:07:22,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-14:07:22,2) [kthreadd] (root,0,0,00:00:00/37-14:07:22,3) [rcu_gp] (root,0,0,00:00:00/37-14:07:22,4) [rcu_par_gp] (root,0,0,00:00:00/37-14:07:22,5) [slub_flushwq] (root,0,0,00:00:00/37-14:07:22,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-14:07:22,9) [mm_percpu_wq] (root,0,0,00:00:00/37-14:07:22,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-14:07:22,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-14:07:22,12) [rcu_tasks_trace] (root,0,0,00:01:09/37-14:07:22,13) [ksoftirqd/0] (root,0,0,01:39:42/37-14:07:22,14) [rcu_preempt] (root,0,0,00:00:14/37-14:07:22,15) [migration/0] (root,0,0,00:00:00/37-14:07:22,16) [idle_inject/0] (root,0,0,00:00:00/37-14:07:22,18) [cpuhp/0] (root,0,0,00:00:00/37-14:07:22,19) [cpuhp/1] (root,0,0,00:00:00/37-14:07:22,20) [idle_inject/1] (root,0,0,00:00:14/37-14:07:22,21) [migration/1] (root,0,0,00:01:00/37-14:07:22,22) [ksoftirqd/1] (root,0,0,00:00:00/37-14:07:22,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-14:07:22,25) [cpuhp/2] (root,0,0,00:00:00/37-14:07:22,26) [idle_inject/2] (root,0,0,00:00:11/37-14:07:22,27) [migration/2] (root,0,0,01:10:40/37-14:07:22,28) [ksoftirqd/2] (root,0,0,00:00:00/37-14:07:22,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-14:07:22,31) [cpuhp/3] (root,0,0,00:00:00/37-14:07:22,32) [idle_inject/3] (root,0,0,00:00:14/37-14:07:22,33) [migration/3] (root,0,0,00:03:20/37-14:07:22,34) [ksoftirqd/3] (root,0,0,00:00:00/37-14:07:22,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-14:07:22,39) [kdevtmpfs] (root,0,0,00:00:00/37-14:07:22,40) [netns] (root,0,0,00:00:00/37-14:07:22,41) [inet_frag_wq] (root,0,0,00:00:08/37-14:07:22,42) [kauditd] (root,0,0,00:00:00/37-14:07:22,43) [khungtaskd] (root,0,0,00:00:00/37-14:07:22,44) [oom_reaper] (root,0,0,00:00:00/37-14:07:22,45) [writeback] (root,0,0,00:01:50/37-14:07:22,46) [kcompactd0] (root,0,0,00:00:00/37-14:07:22,47) [ksmd] (root,0,0,00:01:50/37-14:07:22,48) [khugepaged] (root,0,0,00:00:00/37-14:07:22,74) [kintegrityd] (root,0,0,00:00:00/37-14:07:22,75) [kblockd] (root,0,0,00:00:00/37-14:07:22,76) [blkcg_punt_bio] (root,0,0,00:00:00/37-14:07:22,78) [tpm_dev_wq] (root,0,0,00:00:00/37-14:07:22,79) [edac-poller] (root,0,0,00:00:00/37-14:07:22,80) [devfreq_wq] (root,0,0,00:00:00/37-14:07:22,110) [watchdogd] (root,0,0,00:00:07/37-14:07:22,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/37-14:07:22,112) [kswapd0] (root,0,0,00:00:00/37-14:07:21,114) [kthrotld] (root,0,0,00:00:00/37-14:07:21,115) [mld] (root,0,0,00:00:00/37-14:07:21,116) [ipv6_addrconf] (root,0,0,00:00:16/37-14:07:21,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/37-14:07:21,122) [kstrp] (root,0,0,00:00:00/37-14:07:21,123) [zswap-shrink] (root,0,0,00:00:00/37-14:07:21,124) [kworker/u9:0] (root,0,0,00:00:00/37-14:07:21,129) [charger_manager] (root,0,0,00:00:08/37-14:07:20,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/37-14:07:20,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-14:07:20,205) [kaluad] (root,0,0,00:00:00/37-14:07:20,250) [kmpath_rdacd] (root,0,0,00:00:00/37-14:07:20,293) [kmpathd] (root,0,0,00:00:00/37-14:07:20,294) [kmpath_handlerd] (root,0,0,00:00:00/37-14:07:20,342) [ata_sff] (root,0,0,00:00:00/37-14:07:19,343) [scsi_eh_0] (root,0,0,00:00:00/37-14:07:19,344) [scsi_tmf_0] (root,0,0,00:00:00/37-14:07:19,345) [scsi_eh_1] (root,0,0,00:00:00/37-14:07:19,346) [scsi_tmf_1] (root,0,0,00:01:01/37-14:07:17,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-14:07:17,367) [ext4-rsv-conver] (root,38604,7788,00:00:48/37-14:07:05,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/37-14:07:04,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:56/37-14:07:02,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:17/37-14:06:28,512) /sbin/auditd (messagebus,22936,5548,00:01:32/37-14:06:28,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:54/37-14:06:28,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/37-14:06:28,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/37-14:06:27,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/37-14:06:27,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:42/37-14:06:13,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/37-14:06:13,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:32/37-14:06:12,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/37-14:06:12,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/37-14:06:12,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/37-14:06:12,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/37-14:06:12,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:46/37-14:06:12,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:06/37-14:06:12,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/37-14:06:12,1206) bpfilter_umh (root,26204,8212,00:00:14/37-14:06:12,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/37-14:06:12,1215) ntpd: asynchronous dns resolver (spot,296272,182112,1-23:14:07/37-14:06:12,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/37-14:06:11,1228) (sd-pam) (checkmk,48532,3192,00:00:00/37-14:06:11,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/37-14:06:11,1245) (sd-pam) (root,24216,5344,00:00:12/37-14:06:10,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/37-14:06:10,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/37-14:06:09,1354) /usr/sbin/cron -n (root,698484,82412,00:49:06/37-14:06:03,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66044,00:16:08/37-14:05:49,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/06:58,2838) [kworker/3:1-events] (root,0,0,00:00:00/06:23,4583) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/06:01,6208) [kworker/1:2-ata_sff] (root,0,0,00:00:00/04:52,10180) [kworker/2:2-events] (root,35308,10012,00:00:00/31-11:57:05,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:44/31-11:57:04,15391) sshd: cm-ssh (root,0,0,00:00:00/14:04,16397) [kworker/u8:0-writeback] (root,35308,10072,00:00:00/21-13:25:43,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:14/21-13:25:42,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:49:24,17446) [kworker/0:2-events] (root,0,0,00:00:00/13:05,18386) [kworker/3:2-events] (root,0,0,00:00:00/57:54,21022) [kworker/1:1-events] (root,0,0,00:00:00/00:49,21821) [kworker/1:0-ata_sff] (postfix,24244,8204,00:00:00/01:36:44,22497) pickup -l -t fifo -u (root,0,0,00:00:00/25:20,23807) [kworker/2:0-events] (root,6656,3484,00:00:00/00:01,24001) /bin/bash /usr/bin/check_mk_agent (root,13744,3412,00:00:00/00:00,24032) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,24033) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/23:18,26953) [kworker/0:1-cgroup_destroy] (postfix,44628,9272,00:00:01/31-18:42:50,30472) tlsmgr -l -t unix -u (root,0,0,00:00:02/01:53:24,32596) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-20 00:29 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c5471e7cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:22/35-15:11:49,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/35-15:11:49,2) [kthreadd] (root,0,0,00:00:00/35-15:11:49,3) [rcu_gp] (root,0,0,00:00:00/35-15:11:49,4) [rcu_par_gp] (root,0,0,00:00:00/35-15:11:49,5) [slub_flushwq] (root,0,0,00:00:00/35-15:11:49,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-15:11:49,9) [mm_percpu_wq] (root,0,0,00:00:00/35-15:11:49,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-15:11:49,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-15:11:49,12) [rcu_tasks_trace] (root,0,0,00:01:05/35-15:11:49,13) [ksoftirqd/0] (root,0,0,01:34:29/35-15:11:49,14) [rcu_preempt] (root,0,0,00:00:13/35-15:11:49,15) [migration/0] (root,0,0,00:00:00/35-15:11:49,16) [idle_inject/0] (root,0,0,00:00:00/35-15:11:49,18) [cpuhp/0] (root,0,0,00:00:00/35-15:11:49,19) [cpuhp/1] (root,0,0,00:00:00/35-15:11:49,20) [idle_inject/1] (root,0,0,00:00:14/35-15:11:49,21) [migration/1] (root,0,0,00:00:57/35-15:11:49,22) [ksoftirqd/1] (root,0,0,00:00:00/35-15:11:49,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-15:11:49,25) [cpuhp/2] (root,0,0,00:00:00/35-15:11:49,26) [idle_inject/2] (root,0,0,00:00:11/35-15:11:49,27) [migration/2] (root,0,0,01:07:41/35-15:11:49,28) [ksoftirqd/2] (root,0,0,00:00:00/35-15:11:49,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-15:11:49,31) [cpuhp/3] (root,0,0,00:00:00/35-15:11:49,32) [idle_inject/3] (root,0,0,00:00:13/35-15:11:49,33) [migration/3] (root,0,0,00:03:11/35-15:11:49,34) [ksoftirqd/3] (root,0,0,00:00:00/35-15:11:49,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-15:11:49,39) [kdevtmpfs] (root,0,0,00:00:00/35-15:11:49,40) [netns] (root,0,0,00:00:00/35-15:11:49,41) [inet_frag_wq] (root,0,0,00:00:07/35-15:11:49,42) [kauditd] (root,0,0,00:00:00/35-15:11:49,43) [khungtaskd] (root,0,0,00:00:00/35-15:11:49,44) [oom_reaper] (root,0,0,00:00:00/35-15:11:49,45) [writeback] (root,0,0,00:01:45/35-15:11:49,46) [kcompactd0] (root,0,0,00:00:00/35-15:11:49,47) [ksmd] (root,0,0,00:01:43/35-15:11:49,48) [khugepaged] (root,0,0,00:00:00/35-15:11:49,74) [kintegrityd] (root,0,0,00:00:00/35-15:11:49,75) [kblockd] (root,0,0,00:00:00/35-15:11:49,76) [blkcg_punt_bio] (root,0,0,00:00:00/35-15:11:49,78) [tpm_dev_wq] (root,0,0,00:00:00/35-15:11:49,79) [edac-poller] (root,0,0,00:00:00/35-15:11:49,80) [devfreq_wq] (root,0,0,00:00:00/35-15:11:49,110) [watchdogd] (root,0,0,00:00:07/35-15:11:49,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/35-15:11:49,112) [kswapd0] (root,0,0,00:00:00/35-15:11:48,114) [kthrotld] (root,0,0,00:00:00/35-15:11:48,115) [mld] (root,0,0,00:00:00/35-15:11:48,116) [ipv6_addrconf] (root,0,0,00:00:15/35-15:11:48,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/35-15:11:48,122) [kstrp] (root,0,0,00:00:00/35-15:11:48,123) [zswap-shrink] (root,0,0,00:00:00/35-15:11:48,124) [kworker/u9:0] (root,0,0,00:00:00/35-15:11:48,129) [charger_manager] (root,0,0,00:00:07/35-15:11:47,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/35-15:11:47,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-15:11:47,205) [kaluad] (root,0,0,00:00:00/35-15:11:47,250) [kmpath_rdacd] (root,0,0,00:00:00/35-15:11:47,293) [kmpathd] (root,0,0,00:00:00/35-15:11:47,294) [kmpath_handlerd] (root,0,0,00:00:00/35-15:11:47,342) [ata_sff] (root,0,0,00:00:00/35-15:11:46,343) [scsi_eh_0] (root,0,0,00:00:00/35-15:11:46,344) [scsi_tmf_0] (root,0,0,00:00:00/35-15:11:46,345) [scsi_eh_1] (root,0,0,00:00:00/35-15:11:46,346) [scsi_tmf_1] (root,0,0,00:00:58/35-15:11:44,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-15:11:44,367) [ext4-rsv-conver] (root,38604,7788,00:00:46/35-15:11:32,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/35-15:11:31,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:53/35-15:11:29,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/35-15:10:55,512) /sbin/auditd (messagebus,22936,5548,00:01:28/35-15:10:55,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:51/35-15:10:55,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/35-15:10:55,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/35-15:10:54,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/35-15:10:54,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32960,00:00:40/35-15:10:40,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/35-15:10:40,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:21/35-15:10:39,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/35-15:10:39,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/35-15:10:39,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/35-15:10:39,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/35-15:10:39,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:44/35-15:10:39,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:50/35-15:10:39,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/35-15:10:39,1206) bpfilter_umh (root,26204,8212,00:00:13/35-15:10:39,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/35-15:10:39,1215) ntpd: asynchronous dns resolver (spot,293352,179972,1-20:12:52/35-15:10:39,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/35-15:10:38,1228) (sd-pam) (checkmk,48532,3192,00:00:00/35-15:10:38,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/35-15:10:38,1245) (sd-pam) (root,24216,5344,00:00:11/35-15:10:37,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/35-15:10:37,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/35-15:10:36,1354) /usr/sbin/cron -n (root,698228,81996,00:46:34/35-15:10:30,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,223680,64164,00:15:16/35-15:10:16,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/54:23,7081) [kworker/1:1-events] (root,0,0,00:00:00/01:03:31,10630) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/29-13:01:32,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:37/29-13:01:31,15391) sshd: cm-ssh (root,0,0,00:00:00/04:47:05,15974) [kworker/u8:1-writeback] (postfix,24244,8228,00:00:00/01:22:57,16513) pickup -l -t fifo -u (root,35308,10072,00:00:00/19-14:30:10,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:07/19-14:30:09,16977) sshd: syslogtunnel (root,0,0,00:00:00/02:30,17230) [kworker/1:0-ata_sff] (root,0,0,00:00:00/48:30,19051) [kworker/0:0-events] (root,0,0,00:00:00/17:41,25607) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/02:05:22,25943) [kworker/3:1] (root,0,0,00:00:00/00:02,27958) [kworker/2:0-events] (root,0,0,00:00:00/07:41,28071) [kworker/1:2-ata_sff] (root,6656,3488,00:00:00/00:00,28266) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,28284) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,28285) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:33:51,29889) [kworker/3:0-events] (postfix,44628,9272,00:00:01/29-19:47:17,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:42:20,31877) [kworker/0:1-events] (root,0,0,00:00:00/25:17,32365) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-18 01:34 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e7575de4Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:18/33-12:46:46,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/33-12:46:46,2) [kthreadd] (root,0,0,00:00:00/33-12:46:46,3) [rcu_gp] (root,0,0,00:00:00/33-12:46:46,4) [rcu_par_gp] (root,0,0,00:00:00/33-12:46:46,5) [slub_flushwq] (root,0,0,00:00:00/33-12:46:46,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-12:46:46,9) [mm_percpu_wq] (root,0,0,00:00:00/33-12:46:46,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-12:46:46,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-12:46:46,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-12:46:46,13) [ksoftirqd/0] (root,0,0,01:29:03/33-12:46:46,14) [rcu_preempt] (root,0,0,00:00:12/33-12:46:46,15) [migration/0] (root,0,0,00:00:00/33-12:46:46,16) [idle_inject/0] (root,0,0,00:00:00/33-12:46:46,18) [cpuhp/0] (root,0,0,00:00:00/33-12:46:46,19) [cpuhp/1] (root,0,0,00:00:00/33-12:46:46,20) [idle_inject/1] (root,0,0,00:00:13/33-12:46:46,21) [migration/1] (root,0,0,00:00:53/33-12:46:46,22) [ksoftirqd/1] (root,0,0,00:00:00/33-12:46:46,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-12:46:46,25) [cpuhp/2] (root,0,0,00:00:00/33-12:46:46,26) [idle_inject/2] (root,0,0,00:00:10/33-12:46:46,27) [migration/2] (root,0,0,01:04:47/33-12:46:46,28) [ksoftirqd/2] (root,0,0,00:00:00/33-12:46:46,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-12:46:46,31) [cpuhp/3] (root,0,0,00:00:00/33-12:46:46,32) [idle_inject/3] (root,0,0,00:00:12/33-12:46:46,33) [migration/3] (root,0,0,00:03:01/33-12:46:46,34) [ksoftirqd/3] (root,0,0,00:00:00/33-12:46:46,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-12:46:46,39) [kdevtmpfs] (root,0,0,00:00:00/33-12:46:46,40) [netns] (root,0,0,00:00:00/33-12:46:46,41) [inet_frag_wq] (root,0,0,00:00:07/33-12:46:46,42) [kauditd] (root,0,0,00:00:00/33-12:46:46,43) [khungtaskd] (root,0,0,00:00:00/33-12:46:46,44) [oom_reaper] (root,0,0,00:00:00/33-12:46:46,45) [writeback] (root,0,0,00:01:38/33-12:46:46,46) [kcompactd0] (root,0,0,00:00:00/33-12:46:46,47) [ksmd] (root,0,0,00:01:37/33-12:46:46,48) [khugepaged] (root,0,0,00:00:00/33-12:46:46,74) [kintegrityd] (root,0,0,00:00:00/33-12:46:46,75) [kblockd] (root,0,0,00:00:00/33-12:46:46,76) [blkcg_punt_bio] (root,0,0,00:00:00/33-12:46:46,78) [tpm_dev_wq] (root,0,0,00:00:00/33-12:46:46,79) [edac-poller] (root,0,0,00:00:00/33-12:46:46,80) [devfreq_wq] (root,0,0,00:00:00/33-12:46:46,110) [watchdogd] (root,0,0,00:00:07/33-12:46:46,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/33-12:46:46,112) [kswapd0] (root,0,0,00:00:00/33-12:46:45,114) [kthrotld] (root,0,0,00:00:00/33-12:46:45,115) [mld] (root,0,0,00:00:00/33-12:46:45,116) [ipv6_addrconf] (root,0,0,00:00:14/33-12:46:45,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/33-12:46:45,122) [kstrp] (root,0,0,00:00:00/33-12:46:45,123) [zswap-shrink] (root,0,0,00:00:00/33-12:46:45,124) [kworker/u9:0] (root,0,0,00:00:00/33-12:46:45,129) [charger_manager] (root,0,0,00:00:07/33-12:46:44,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/33-12:46:44,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-12:46:44,205) [kaluad] (root,0,0,00:00:00/33-12:46:44,250) [kmpath_rdacd] (root,0,0,00:00:00/33-12:46:44,293) [kmpathd] (root,0,0,00:00:00/33-12:46:44,294) [kmpath_handlerd] (root,0,0,00:00:00/33-12:46:44,342) [ata_sff] (root,0,0,00:00:00/33-12:46:43,343) [scsi_eh_0] (root,0,0,00:00:00/33-12:46:43,344) [scsi_tmf_0] (root,0,0,00:00:00/33-12:46:43,345) [scsi_eh_1] (root,0,0,00:00:00/33-12:46:43,346) [scsi_tmf_1] (root,0,0,00:00:54/33-12:46:41,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-12:46:41,367) [ext4-rsv-conver] (root,38604,7788,00:00:44/33-12:46:29,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/33-12:46:28,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:50/33-12:46:26,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/33-12:45:52,512) /sbin/auditd (messagebus,22936,5548,00:01:25/33-12:45:52,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:49/33-12:45:52,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/33-12:45:52,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/33-12:45:51,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/33-12:45:51,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:38:25,727) [kworker/u8:2-ext4-rsv-conversion] (root,548360,32524,00:00:38/33-12:45:37,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/33-12:45:37,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:08/33-12:45:36,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/33-12:45:36,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/33-12:45:36,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/33-12:45:36,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/33-12:45:36,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:42/33-12:45:36,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:34/33-12:45:36,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/33-12:45:36,1206) bpfilter_umh (root,26204,8212,00:00:13/33-12:45:36,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/33-12:45:36,1215) ntpd: asynchronous dns resolver (spot,293640,180088,1-17:43:08/33-12:45:36,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/33-12:45:35,1228) (sd-pam) (checkmk,48532,3192,00:00:00/33-12:45:35,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/33-12:45:35,1245) (sd-pam) (root,24216,5344,00:00:11/33-12:45:34,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/33-12:45:34,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/33-12:45:33,1354) /usr/sbin/cron -n (root,697972,81828,00:43:51/33-12:45:27,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,222656,63272,00:14:25/33-12:45:13,1380) /usr/bin/python3.11 /usr/bin/spot (root,6764,3604,00:00:00/00:00,3218) /bin/bash /usr/bin/check_mk_agent (root,6764,3612,00:00:00/00:00,3223) /bin/bash /usr/bin/check_mk_agent (root,6656,3508,00:00:00/00:00,3385) /bin/bash /usr/bin/check_mk_agent (root,0,0,00:00:00/40:08,3524) [kworker/2:2-events] (root,6656,3488,00:00:00/00:00,3712) /bin/bash /usr/bin/check_mk_agent (root,6656,1904,00:00:00/00:00,3793) /bin/bash /usr/bin/check_mk_agent (root,25444,8856,00:00:00/00:00,3797) postconf -h queue_directory (root,8488,6228,00:00:00/00:00,3800) python ././remotecheck (root,13744,3504,00:00:00/00:00,3804) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,3806) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/09:18,6053) [kworker/1:2-ata_sff] (root,0,0,00:00:00/19:41,7957) [kworker/1:0-events] (postfix,24244,8272,00:00:00/58:49,13877) pickup -l -t fifo -u (root,0,0,00:00:00/04:08,13940) [kworker/1:1-ata_sff] (root,0,0,00:00:00/08:48,14111) [kworker/u8:0-flush-253:0] (root,35308,10012,00:00:00/27-10:36:29,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:31/27-10:36:28,15391) sshd: cm-ssh (root,35308,10072,00:00:00/17-12:05:07,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:00/17-12:05:06,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:17:03,18088) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/10:27,19428) [kworker/0:2-events] (root,0,0,00:00:03/01:46:43,24863) [kworker/2:1-events] (root,0,0,00:00:01/02:09:01,29457) [kworker/3:0-events] (postfix,44628,9316,00:00:01/27-17:22:14,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/17:54,31017) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-15 23:08 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363874c3fd1Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:15/31-12:53:12,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-12:53:12,2) [kthreadd] (root,0,0,00:00:00/31-12:53:12,3) [rcu_gp] (root,0,0,00:00:00/31-12:53:12,4) [rcu_par_gp] (root,0,0,00:00:00/31-12:53:12,5) [slub_flushwq] (root,0,0,00:00:00/31-12:53:12,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-12:53:12,9) [mm_percpu_wq] (root,0,0,00:00:00/31-12:53:12,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-12:53:12,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-12:53:12,12) [rcu_tasks_trace] (root,0,0,00:00:57/31-12:53:12,13) [ksoftirqd/0] (root,0,0,01:23:51/31-12:53:12,14) [rcu_preempt] (root,0,0,00:00:11/31-12:53:12,15) [migration/0] (root,0,0,00:00:00/31-12:53:12,16) [idle_inject/0] (root,0,0,00:00:00/31-12:53:12,18) [cpuhp/0] (root,0,0,00:00:00/31-12:53:12,19) [cpuhp/1] (root,0,0,00:00:00/31-12:53:12,20) [idle_inject/1] (root,0,0,00:00:12/31-12:53:12,21) [migration/1] (root,0,0,00:00:50/31-12:53:12,22) [ksoftirqd/1] (root,0,0,00:00:00/31-12:53:12,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-12:53:12,25) [cpuhp/2] (root,0,0,00:00:00/31-12:53:12,26) [idle_inject/2] (root,0,0,00:00:09/31-12:53:12,27) [migration/2] (root,0,0,01:01:43/31-12:53:12,28) [ksoftirqd/2] (root,0,0,00:00:00/31-12:53:12,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-12:53:12,31) [cpuhp/3] (root,0,0,00:00:00/31-12:53:12,32) [idle_inject/3] (root,0,0,00:00:11/31-12:53:12,33) [migration/3] (root,0,0,00:02:51/31-12:53:12,34) [ksoftirqd/3] (root,0,0,00:00:00/31-12:53:12,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-12:53:12,39) [kdevtmpfs] (root,0,0,00:00:00/31-12:53:12,40) [netns] (root,0,0,00:00:00/31-12:53:12,41) [inet_frag_wq] (root,0,0,00:00:07/31-12:53:12,42) [kauditd] (root,0,0,00:00:00/31-12:53:12,43) [khungtaskd] (root,0,0,00:00:00/31-12:53:12,44) [oom_reaper] (root,0,0,00:00:00/31-12:53:12,45) [writeback] (root,0,0,00:01:32/31-12:53:12,46) [kcompactd0] (root,0,0,00:00:00/31-12:53:12,47) [ksmd] (root,0,0,00:01:31/31-12:53:12,48) [khugepaged] (root,0,0,00:00:00/31-12:53:12,74) [kintegrityd] (root,0,0,00:00:00/31-12:53:12,75) [kblockd] (root,0,0,00:00:00/31-12:53:12,76) [blkcg_punt_bio] (root,0,0,00:00:00/31-12:53:12,78) [tpm_dev_wq] (root,0,0,00:00:00/31-12:53:12,79) [edac-poller] (root,0,0,00:00:00/31-12:53:12,80) [devfreq_wq] (root,0,0,00:00:00/31-12:53:12,110) [watchdogd] (root,0,0,00:00:06/31-12:53:12,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/31-12:53:12,112) [kswapd0] (root,0,0,00:00:00/31-12:53:11,114) [kthrotld] (root,0,0,00:00:00/31-12:53:11,115) [mld] (root,0,0,00:00:00/31-12:53:11,116) [ipv6_addrconf] (root,0,0,00:00:13/31-12:53:11,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/31-12:53:11,122) [kstrp] (root,0,0,00:00:00/31-12:53:11,123) [zswap-shrink] (root,0,0,00:00:00/31-12:53:11,124) [kworker/u9:0] (root,0,0,00:00:00/31-12:53:11,129) [charger_manager] (root,0,0,00:00:07/31-12:53:10,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/31-12:53:10,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-12:53:10,205) [kaluad] (root,0,0,00:00:00/31-12:53:10,250) [kmpath_rdacd] (root,0,0,00:00:00/31-12:53:10,293) [kmpathd] (root,0,0,00:00:00/31-12:53:10,294) [kmpath_handlerd] (root,0,0,00:00:00/31-12:53:10,342) [ata_sff] (root,0,0,00:00:00/31-12:53:09,343) [scsi_eh_0] (root,0,0,00:00:00/31-12:53:09,344) [scsi_tmf_0] (root,0,0,00:00:00/31-12:53:09,345) [scsi_eh_1] (root,0,0,00:00:00/31-12:53:09,346) [scsi_tmf_1] (root,0,0,00:00:51/31-12:53:07,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-12:53:07,367) [ext4-rsv-conver] (root,38604,7788,00:00:42/31-12:52:55,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/31-12:52:54,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:47/31-12:52:52,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:15/31-12:52:18,512) /sbin/auditd (messagebus,22936,5548,00:01:21/31-12:52:18,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:47/31-12:52:18,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/31-12:52:18,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/31-12:52:17,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/31-12:52:17,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:09:52,843) [kworker/u8:2-ext4-rsv-conversion] (root,548360,31484,00:00:35/31-12:52:03,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/31-12:52:03,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:02:55/31-12:52:02,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/31-12:52:02,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/31-12:52:02,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/31-12:52:02,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/31-12:52:02,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:40/31-12:52:02,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:17/31-12:52:02,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/31-12:52:02,1206) bpfilter_umh (root,26204,8212,00:00:12/31-12:52:02,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/31-12:52:02,1215) ntpd: asynchronous dns resolver (spot,286840,173816,1-15:27:18/31-12:52:02,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/31-12:52:01,1228) (sd-pam) (checkmk,48532,3192,00:00:00/31-12:52:01,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/31-12:52:01,1245) (sd-pam) (root,24216,5344,00:00:10/31-12:52:00,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/31-12:52:00,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/31-12:51:59,1354) /usr/sbin/cron -n (root,697972,81512,00:41:15/31-12:51:53,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,221632,61380,00:13:37/31-12:51:39,1380) /usr/bin/python3.11 /usr/bin/spot (root,6656,3484,00:00:00/00:00,1989) /bin/bash /usr/bin/check_mk_agent (root,13744,3504,00:00:00/00:00,2007) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,2008) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:02/04:06:34,5886) [kworker/3:1-cgroup_destroy] (root,0,0,00:00:02/03:44:03,8787) [kworker/0:2-cgroup_destroy] (root,0,0,00:00:02/01:08:58,11542) [kworker/2:0-events] (root,0,0,00:00:00/04:50,12030) [kworker/1:0-ata_sff] (root,35308,10012,00:00:00/25-10:42:55,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:24/25-10:42:54,15391) sshd: cm-ssh (root,0,0,00:00:00/01:19:50,16327) [kworker/u8:0-writeback] (root,35308,10072,00:00:00/15-12:11:33,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:53/15-12:11:32,16977) sshd: syslogtunnel (root,0,0,00:00:00/10:02,21948) [kworker/1:1-ata_sff] (root,0,0,00:00:00/15:14,22377) [kworker/0:1-events] (root,0,0,00:00:00/15:13,23196) [kworker/1:2-events] (root,0,0,00:00:00/09:25,24430) [kworker/3:0-events] (root,0,0,00:00:00/01:50,24816) [kworker/3:2] (postfix,24244,8232,00:00:00/01:27:12,25164) pickup -l -t fifo -u (root,0,0,00:00:00/46:35,29649) [kworker/2:2-events] (postfix,44628,9316,00:00:01/25-17:28:40,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/00:23,31712) [kworker/u8:1] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-13 23:15 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b242ceb5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:11/29-11:15:42,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-11:15:42,2) [kthreadd] (root,0,0,00:00:00/29-11:15:42,3) [rcu_gp] (root,0,0,00:00:00/29-11:15:42,4) [rcu_par_gp] (root,0,0,00:00:00/29-11:15:42,5) [slub_flushwq] (root,0,0,00:00:00/29-11:15:42,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-11:15:42,9) [mm_percpu_wq] (root,0,0,00:00:00/29-11:15:42,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-11:15:42,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-11:15:42,12) [rcu_tasks_trace] (root,0,0,00:00:52/29-11:15:42,13) [ksoftirqd/0] (root,0,0,01:18:29/29-11:15:42,14) [rcu_preempt] (root,0,0,00:00:11/29-11:15:42,15) [migration/0] (root,0,0,00:00:00/29-11:15:42,16) [idle_inject/0] (root,0,0,00:00:00/29-11:15:42,18) [cpuhp/0] (root,0,0,00:00:00/29-11:15:42,19) [cpuhp/1] (root,0,0,00:00:00/29-11:15:42,20) [idle_inject/1] (root,0,0,00:00:11/29-11:15:42,21) [migration/1] (root,0,0,00:00:45/29-11:15:42,22) [ksoftirqd/1] (root,0,0,00:00:00/29-11:15:42,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-11:15:42,25) [cpuhp/2] (root,0,0,00:00:00/29-11:15:42,26) [idle_inject/2] (root,0,0,00:00:09/29-11:15:42,27) [migration/2] (root,0,0,00:57:51/29-11:15:42,28) [ksoftirqd/2] (root,0,0,00:00:00/29-11:15:42,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-11:15:42,31) [cpuhp/3] (root,0,0,00:00:00/29-11:15:42,32) [idle_inject/3] (root,0,0,00:00:11/29-11:15:42,33) [migration/3] (root,0,0,00:02:39/29-11:15:42,34) [ksoftirqd/3] (root,0,0,00:00:00/29-11:15:42,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-11:15:42,39) [kdevtmpfs] (root,0,0,00:00:00/29-11:15:42,40) [netns] (root,0,0,00:00:00/29-11:15:42,41) [inet_frag_wq] (root,0,0,00:00:06/29-11:15:42,42) [kauditd] (root,0,0,00:00:00/29-11:15:42,43) [khungtaskd] (root,0,0,00:00:00/29-11:15:42,44) [oom_reaper] (root,0,0,00:00:00/29-11:15:42,45) [writeback] (root,0,0,00:01:26/29-11:15:42,46) [kcompactd0] (root,0,0,00:00:00/29-11:15:42,47) [ksmd] (root,0,0,00:01:25/29-11:15:42,48) [khugepaged] (root,0,0,00:00:00/29-11:15:42,74) [kintegrityd] (root,0,0,00:00:00/29-11:15:42,75) [kblockd] (root,0,0,00:00:00/29-11:15:42,76) [blkcg_punt_bio] (root,0,0,00:00:00/29-11:15:42,78) [tpm_dev_wq] (root,0,0,00:00:00/29-11:15:42,79) [edac-poller] (root,0,0,00:00:00/29-11:15:42,80) [devfreq_wq] (root,0,0,00:00:00/29-11:15:42,110) [watchdogd] (root,0,0,00:00:06/29-11:15:42,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/29-11:15:42,112) [kswapd0] (root,0,0,00:00:00/29-11:15:41,114) [kthrotld] (root,0,0,00:00:00/29-11:15:41,115) [mld] (root,0,0,00:00:00/29-11:15:41,116) [ipv6_addrconf] (root,0,0,00:00:12/29-11:15:41,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/29-11:15:41,122) [kstrp] (root,0,0,00:00:00/29-11:15:41,123) [zswap-shrink] (root,0,0,00:00:00/29-11:15:41,124) [kworker/u9:0] (root,0,0,00:00:00/29-11:15:41,129) [charger_manager] (root,0,0,00:00:06/29-11:15:40,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/29-11:15:40,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-11:15:40,205) [kaluad] (root,0,0,00:00:00/29-11:15:40,250) [kmpath_rdacd] (root,0,0,00:00:00/29-11:15:40,293) [kmpathd] (root,0,0,00:00:00/29-11:15:40,294) [kmpath_handlerd] (root,0,0,00:00:00/29-11:15:40,342) [ata_sff] (root,0,0,00:00:00/29-11:15:39,343) [scsi_eh_0] (root,0,0,00:00:00/29-11:15:39,344) [scsi_tmf_0] (root,0,0,00:00:00/29-11:15:39,345) [scsi_eh_1] (root,0,0,00:00:00/29-11:15:39,346) [scsi_tmf_1] (root,0,0,00:00:48/29-11:15:37,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-11:15:37,367) [ext4-rsv-conver] (root,38604,7788,00:00:40/29-11:15:25,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/29-11:15:24,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:44/29-11:15:22,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/29-11:14:48,512) /sbin/auditd (messagebus,22936,5548,00:01:18/29-11:14:48,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:45/29-11:14:48,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/29-11:14:48,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/29-11:14:47,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/29-11:14:47,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:33/29-11:14:33,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/29-11:14:33,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:39/29-11:14:32,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/29-11:14:32,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/29-11:14:32,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/29-11:14:32,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/29-11:14:32,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:38/29-11:14:32,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:01/29-11:14:32,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/29-11:14:32,1206) bpfilter_umh (root,26204,8212,00:00:12/29-11:14:32,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/29-11:14:32,1215) ntpd: asynchronous dns resolver (spot,291356,178752,1-12:51:48/29-11:14:32,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/29-11:14:31,1228) (sd-pam) (checkmk,48532,3192,00:00:00/29-11:14:31,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/29-11:14:31,1245) (sd-pam) (root,24216,5344,00:00:09/29-11:14:30,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/29-11:14:30,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/29-11:14:29,1354) /usr/sbin/cron -n (root,697576,81112,00:38:32/29-11:14:23,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,220608,60492,00:12:51/29-11:14:09,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/08:29:56,6101) [kworker/0:2-events] (root,0,0,00:00:00/22:49,8802) [kworker/u8:0] (root,0,0,00:00:00/00:13,14977) [kworker/1:2-ata_sff] (root,35308,10012,00:00:00/23-09:05:25,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:17/23-09:05:24,15391) sshd: cm-ssh (root,6656,3488,00:00:00/00:00,16228) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,16260) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,16294) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,16295) /bin/bash /usr/bin/check_mk_agent (root,4480,1016,00:00:00/00:00,16296) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,784,00:00:00/00:00,16298) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,704,00:00:00/00:00,16299) cat /proc/net/tcp /proc/net/tcp6 (root,13744,3408,00:00:00/00:00,16300) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,16301) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10072,00:00:00/13-10:34:03,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:46/13-10:34:02,16977) sshd: syslogtunnel (root,0,0,00:00:00/03:58:15,20264) [kworker/0:1-events] (root,0,0,00:00:00/03:51:05,20750) [kworker/3:2-events] (root,0,0,00:00:00/18:25,21020) [kworker/3:1] (postfix,24244,8204,00:00:00/11:33,22540) pickup -l -t fifo -u (root,0,0,00:00:00/05:26,28266) [kworker/1:1-ata_sff] (root,0,0,00:00:06/13:34:48,29407) [kworker/1:0-events] (postfix,44628,9316,00:00:01/23-15:51:10,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:01:26,31583) [kworker/2:2-events] (root,0,0,00:00:00/54:25,32047) [kworker/2:0-events] (root,0,0,00:00:00/47:24,32428) [kworker/u8:2-writeback] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-11 21:37 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683636d3fb265Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:08/27-12:42:13,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-12:42:13,2) [kthreadd] (root,0,0,00:00:00/27-12:42:13,3) [rcu_gp] (root,0,0,00:00:00/27-12:42:13,4) [rcu_par_gp] (root,0,0,00:00:00/27-12:42:13,5) [slub_flushwq] (root,0,0,00:00:00/27-12:42:13,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-12:42:13,9) [mm_percpu_wq] (root,0,0,00:00:00/27-12:42:13,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-12:42:13,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-12:42:13,12) [rcu_tasks_trace] (root,0,0,00:00:50/27-12:42:13,13) [ksoftirqd/0] (root,0,0,01:13:31/27-12:42:13,14) [rcu_preempt] (root,0,0,00:00:10/27-12:42:13,15) [migration/0] (root,0,0,00:00:00/27-12:42:13,16) [idle_inject/0] (root,0,0,00:00:00/27-12:42:13,18) [cpuhp/0] (root,0,0,00:00:00/27-12:42:13,19) [cpuhp/1] (root,0,0,00:00:00/27-12:42:13,20) [idle_inject/1] (root,0,0,00:00:10/27-12:42:13,21) [migration/1] (root,0,0,00:00:43/27-12:42:13,22) [ksoftirqd/1] (root,0,0,00:00:00/27-12:42:13,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-12:42:13,25) [cpuhp/2] (root,0,0,00:00:00/27-12:42:13,26) [idle_inject/2] (root,0,0,00:00:08/27-12:42:13,27) [migration/2] (root,0,0,00:55:19/27-12:42:13,28) [ksoftirqd/2] (root,0,0,00:00:00/27-12:42:13,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-12:42:13,31) [cpuhp/3] (root,0,0,00:00:00/27-12:42:13,32) [idle_inject/3] (root,0,0,00:00:10/27-12:42:13,33) [migration/3] (root,0,0,00:02:31/27-12:42:13,34) [ksoftirqd/3] (root,0,0,00:00:00/27-12:42:13,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-12:42:13,39) [kdevtmpfs] (root,0,0,00:00:00/27-12:42:13,40) [netns] (root,0,0,00:00:00/27-12:42:13,41) [inet_frag_wq] (root,0,0,00:00:06/27-12:42:13,42) [kauditd] (root,0,0,00:00:00/27-12:42:13,43) [khungtaskd] (root,0,0,00:00:00/27-12:42:13,44) [oom_reaper] (root,0,0,00:00:00/27-12:42:13,45) [writeback] (root,0,0,00:01:21/27-12:42:13,46) [kcompactd0] (root,0,0,00:00:00/27-12:42:13,47) [ksmd] (root,0,0,00:01:19/27-12:42:13,48) [khugepaged] (root,0,0,00:00:00/27-12:42:13,74) [kintegrityd] (root,0,0,00:00:00/27-12:42:13,75) [kblockd] (root,0,0,00:00:00/27-12:42:13,76) [blkcg_punt_bio] (root,0,0,00:00:00/27-12:42:13,78) [tpm_dev_wq] (root,0,0,00:00:00/27-12:42:13,79) [edac-poller] (root,0,0,00:00:00/27-12:42:13,80) [devfreq_wq] (root,0,0,00:00:00/27-12:42:13,110) [watchdogd] (root,0,0,00:00:05/27-12:42:13,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/27-12:42:13,112) [kswapd0] (root,0,0,00:00:00/27-12:42:12,114) [kthrotld] (root,0,0,00:00:00/27-12:42:12,115) [mld] (root,0,0,00:00:00/27-12:42:12,116) [ipv6_addrconf] (root,0,0,00:00:11/27-12:42:12,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/27-12:42:12,122) [kstrp] (root,0,0,00:00:00/27-12:42:12,123) [zswap-shrink] (root,0,0,00:00:00/27-12:42:12,124) [kworker/u9:0] (root,0,0,00:00:00/27-12:42:12,129) [charger_manager] (root,0,0,00:00:06/27-12:42:11,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/27-12:42:11,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-12:42:11,205) [kaluad] (root,0,0,00:00:00/27-12:42:11,250) [kmpath_rdacd] (root,0,0,00:00:00/27-12:42:11,293) [kmpathd] (root,0,0,00:00:00/27-12:42:11,294) [kmpath_handlerd] (root,0,0,00:00:00/27-12:42:11,342) [ata_sff] (root,0,0,00:00:00/27-12:42:10,343) [scsi_eh_0] (root,0,0,00:00:00/27-12:42:10,344) [scsi_tmf_0] (root,0,0,00:00:00/27-12:42:10,345) [scsi_eh_1] (root,0,0,00:00:00/27-12:42:10,346) [scsi_tmf_1] (root,0,0,00:00:44/27-12:42:08,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-12:42:08,367) [ext4-rsv-conver] (root,38604,7788,00:00:38/27-12:41:56,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/27-12:41:55,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:41/27-12:41:53,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/27-12:41:19,512) /sbin/auditd (messagebus,22936,5548,00:01:14/27-12:41:19,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8520,00:00:43/27-12:41:19,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/27-12:41:19,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/27-12:41:18,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/27-12:41:18,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:31/27-12:41:04,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/27-12:41:04,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:32/27-12:41:03,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/27-12:41:03,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/27-12:41:03,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/27-12:41:03,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/27-12:41:03,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:36/27-12:41:03,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:03:45/27-12:41:03,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/27-12:41:03,1206) bpfilter_umh (root,26204,8212,00:00:11/27-12:41:03,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/27-12:41:03,1215) ntpd: asynchronous dns resolver (spot,289592,176552,1-10:34:53/27-12:41:03,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/27-12:41:02,1228) (sd-pam) (checkmk,48532,3192,00:00:00/27-12:41:02,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/27-12:41:02,1245) (sd-pam) (root,24216,5344,00:00:09/27-12:41:01,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/27-12:41:01,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/27-12:41:00,1354) /usr/sbin/cron -n (root,697064,80556,00:36:01/27-12:40:54,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,219584,58612,00:11:33/27-12:40:40,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:55:45,1639) [kworker/3:1-events] (root,6656,3512,00:00:00/00:00,4592) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,4672) /bin/bash /usr/bin/check_mk_agent (root,6656,1908,00:00:00/00:00,4686) /bin/bash /usr/bin/check_mk_agent (root,25444,8876,00:00:00/00:00,4687) postconf -h queue_directory (root,13744,3436,00:00:00/00:00,4692) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,4693) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/55:22,6650) [kworker/1:1-events] (postfix,24244,8148,00:00:00/19:59,14566) pickup -l -t fifo -u (root,0,0,00:00:02/02:44:40,14796) [kworker/2:0-events] (root,35308,10012,00:00:00/21-10:31:56,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:11/21-10:31:55,15391) sshd: cm-ssh (root,0,0,00:00:00/18:55,16439) [kworker/u8:1-writeback] (root,0,0,00:00:00/10:20,16444) [kworker/1:2-ata_sff] (root,35308,10072,00:00:00/11-12:00:34,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:40/11-12:00:33,16977) sshd: syslogtunnel (root,0,0,00:00:00/02:23:52,17950) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:01/04:52:20,18730) [kworker/0:0-events] (root,0,0,00:00:00/16:46,23802) [kworker/0:1] (root,0,0,00:00:00/59:27,24399) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/05:08,25959) [kworker/1:0-ata_sff] (root,0,0,00:00:00/04:15,27932) [kworker/2:2-events] (root,0,0,00:00:00/03:22,28653) [kworker/u8:0] (postfix,44628,9316,00:00:00/21-17:17:41,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:48:40,32261) [kworker/3:0-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-09 23:04 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836303aadca3Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12816,00:01:04/25-14:19:33,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-14:19:33,2) [kthreadd] (root,0,0,00:00:00/25-14:19:33,3) [rcu_gp] (root,0,0,00:00:00/25-14:19:33,4) [rcu_par_gp] (root,0,0,00:00:00/25-14:19:33,5) [slub_flushwq] (root,0,0,00:00:00/25-14:19:33,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-14:19:33,9) [mm_percpu_wq] (root,0,0,00:00:00/25-14:19:33,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-14:19:33,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-14:19:33,12) [rcu_tasks_trace] (root,0,0,00:00:46/25-14:19:33,13) [ksoftirqd/0] (root,0,0,01:08:25/25-14:19:33,14) [rcu_preempt] (root,0,0,00:00:09/25-14:19:33,15) [migration/0] (root,0,0,00:00:00/25-14:19:33,16) [idle_inject/0] (root,0,0,00:00:00/25-14:19:33,18) [cpuhp/0] (root,0,0,00:00:00/25-14:19:33,19) [cpuhp/1] (root,0,0,00:00:00/25-14:19:33,20) [idle_inject/1] (root,0,0,00:00:10/25-14:19:33,21) [migration/1] (root,0,0,00:00:40/25-14:19:33,22) [ksoftirqd/1] (root,0,0,00:00:00/25-14:19:33,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-14:19:33,25) [cpuhp/2] (root,0,0,00:00:00/25-14:19:33,26) [idle_inject/2] (root,0,0,00:00:08/25-14:19:33,27) [migration/2] (root,0,0,00:52:17/25-14:19:33,28) [ksoftirqd/2] (root,0,0,00:00:00/25-14:19:33,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-14:19:33,31) [cpuhp/3] (root,0,0,00:00:00/25-14:19:33,32) [idle_inject/3] (root,0,0,00:00:09/25-14:19:33,33) [migration/3] (root,0,0,00:02:22/25-14:19:33,34) [ksoftirqd/3] (root,0,0,00:00:00/25-14:19:33,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-14:19:33,39) [kdevtmpfs] (root,0,0,00:00:00/25-14:19:33,40) [netns] (root,0,0,00:00:00/25-14:19:33,41) [inet_frag_wq] (root,0,0,00:00:06/25-14:19:33,42) [kauditd] (root,0,0,00:00:00/25-14:19:33,43) [khungtaskd] (root,0,0,00:00:00/25-14:19:33,44) [oom_reaper] (root,0,0,00:00:00/25-14:19:33,45) [writeback] (root,0,0,00:01:15/25-14:19:33,46) [kcompactd0] (root,0,0,00:00:00/25-14:19:33,47) [ksmd] (root,0,0,00:01:14/25-14:19:33,48) [khugepaged] (root,0,0,00:00:00/25-14:19:33,74) [kintegrityd] (root,0,0,00:00:00/25-14:19:33,75) [kblockd] (root,0,0,00:00:00/25-14:19:33,76) [blkcg_punt_bio] (root,0,0,00:00:00/25-14:19:33,78) [tpm_dev_wq] (root,0,0,00:00:00/25-14:19:33,79) [edac-poller] (root,0,0,00:00:00/25-14:19:33,80) [devfreq_wq] (root,0,0,00:00:00/25-14:19:33,110) [watchdogd] (root,0,0,00:00:05/25-14:19:33,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/25-14:19:33,112) [kswapd0] (root,0,0,00:00:00/25-14:19:32,114) [kthrotld] (root,0,0,00:00:00/25-14:19:32,115) [mld] (root,0,0,00:00:00/25-14:19:32,116) [ipv6_addrconf] (root,0,0,00:00:11/25-14:19:32,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/25-14:19:32,122) [kstrp] (root,0,0,00:00:00/25-14:19:32,123) [zswap-shrink] (root,0,0,00:00:00/25-14:19:32,124) [kworker/u9:0] (root,0,0,00:00:00/25-14:19:32,129) [charger_manager] (root,0,0,00:00:05/25-14:19:31,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/25-14:19:31,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-14:19:31,205) [kaluad] (root,0,0,00:00:00/25-14:19:31,250) [kmpath_rdacd] (root,0,0,00:00:00/25-14:19:31,293) [kmpathd] (root,0,0,00:00:00/25-14:19:31,294) [kmpath_handlerd] (root,0,0,00:00:00/25-14:19:31,342) [ata_sff] (root,0,0,00:00:00/25-14:19:30,343) [scsi_eh_0] (root,0,0,00:00:00/25-14:19:30,344) [scsi_tmf_0] (root,0,0,00:00:00/25-14:19:30,345) [scsi_eh_1] (root,0,0,00:00:00/25-14:19:30,346) [scsi_tmf_1] (root,0,0,00:00:41/25-14:19:28,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-14:19:28,367) [ext4-rsv-conver] (root,38604,7876,00:00:36/25-14:19:16,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:03/25-14:19:15,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:38/25-14:19:13,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:13/25-14:18:39,512) /sbin/auditd (messagebus,22936,5640,00:01:11/25-14:18:39,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:40/25-14:18:39,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/25-14:18:39,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/25-14:18:38,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/25-14:18:38,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,30844,00:00:29/25-14:18:24,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/25-14:18:24,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:21/25-14:18:23,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/25-14:18:23,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/25-14:18:23,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/25-14:18:23,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/25-14:18:23,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:34/25-14:18:23,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:29/25-14:18:23,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/25-14:18:23,1206) bpfilter_umh (root,26204,8300,00:00:11/25-14:18:23,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/25-14:18:23,1215) ntpd: asynchronous dns resolver (spot,301968,188396,1-08:06:00/25-14:18:23,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/25-14:18:22,1228) (sd-pam) (checkmk,48532,3192,00:00:00/25-14:18:22,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/25-14:18:22,1245) (sd-pam) (root,24216,5348,00:00:08/25-14:18:21,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/25-14:18:21,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/25-14:18:20,1354) /usr/sbin/cron -n (root,694116,77808,00:33:29/25-14:18:14,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,218560,57996,00:10:11/25-14:18:00,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/24:56,6090) [kworker/1:0-events] (root,0,0,00:00:00/26:39,6321) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/04:12,6582) [kworker/1:1-ata_sff] (root,0,0,00:00:00/01:14:46,14356) [kworker/2:0-events] (root,35308,10012,00:00:00/19-12:09:16,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:05/19-12:09:15,15391) sshd: cm-ssh (root,0,0,00:00:01/01:42:20,16404) [kworker/0:1-events] (root,35308,10072,00:00:00/9-13:37:54,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:33/9-13:37:53,16977) sshd: syslogtunnel (root,0,0,00:00:00/10:11:44,17512) [kworker/u8:2-ext4-rsv-conversion] (postfix,24244,8240,00:00:00/38:09,17853) pickup -l -t fifo -u (root,0,0,00:00:00/00:12,18061) [kworker/3:0] (root,0,0,00:00:02/08:36:34,18263) [kworker/3:2-cgroup_destroy] (root,6656,3488,00:00:00/00:00,18374) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,18392) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,18393) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/09:22,20325) [kworker/1:2-ata_sff] (root,0,0,00:00:07/07:22:08,21123) [kworker/2:1-events] (postfix,44628,9372,00:00:00/19-18:55:01,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/06:49,30755) [kworker/3:1-events] (root,0,0,00:00:00/13:30,31934) [kworker/0:2] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-08 00:41 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e958356dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:01:01/23-14:04:38,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-14:04:38,2) [kthreadd] (root,0,0,00:00:00/23-14:04:38,3) [rcu_gp] (root,0,0,00:00:00/23-14:04:38,4) [rcu_par_gp] (root,0,0,00:00:00/23-14:04:38,5) [slub_flushwq] (root,0,0,00:00:00/23-14:04:38,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-14:04:38,9) [mm_percpu_wq] (root,0,0,00:00:00/23-14:04:38,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-14:04:38,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-14:04:38,12) [rcu_tasks_trace] (root,0,0,00:00:42/23-14:04:38,13) [ksoftirqd/0] (root,0,0,01:02:48/23-14:04:38,14) [rcu_preempt] (root,0,0,00:00:08/23-14:04:38,15) [migration/0] (root,0,0,00:00:00/23-14:04:38,16) [idle_inject/0] (root,0,0,00:00:00/23-14:04:38,18) [cpuhp/0] (root,0,0,00:00:00/23-14:04:38,19) [cpuhp/1] (root,0,0,00:00:00/23-14:04:38,20) [idle_inject/1] (root,0,0,00:00:09/23-14:04:38,21) [migration/1] (root,0,0,00:00:37/23-14:04:38,22) [ksoftirqd/1] (root,0,0,00:00:00/23-14:04:38,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-14:04:38,25) [cpuhp/2] (root,0,0,00:00:00/23-14:04:38,26) [idle_inject/2] (root,0,0,00:00:07/23-14:04:38,27) [migration/2] (root,0,0,00:47:33/23-14:04:38,28) [ksoftirqd/2] (root,0,0,00:00:00/23-14:04:38,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-14:04:38,31) [cpuhp/3] (root,0,0,00:00:00/23-14:04:38,32) [idle_inject/3] (root,0,0,00:00:08/23-14:04:38,33) [migration/3] (root,0,0,00:02:10/23-14:04:38,34) [ksoftirqd/3] (root,0,0,00:00:00/23-14:04:38,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-14:04:38,39) [kdevtmpfs] (root,0,0,00:00:00/23-14:04:38,40) [netns] (root,0,0,00:00:00/23-14:04:38,41) [inet_frag_wq] (root,0,0,00:00:05/23-14:04:38,42) [kauditd] (root,0,0,00:00:00/23-14:04:38,43) [khungtaskd] (root,0,0,00:00:00/23-14:04:38,44) [oom_reaper] (root,0,0,00:00:00/23-14:04:38,45) [writeback] (root,0,0,00:01:09/23-14:04:38,46) [kcompactd0] (root,0,0,00:00:00/23-14:04:38,47) [ksmd] (root,0,0,00:01:08/23-14:04:38,48) [khugepaged] (root,0,0,00:00:00/23-14:04:38,74) [kintegrityd] (root,0,0,00:00:00/23-14:04:38,75) [kblockd] (root,0,0,00:00:00/23-14:04:38,76) [blkcg_punt_bio] (root,0,0,00:00:00/23-14:04:38,78) [tpm_dev_wq] (root,0,0,00:00:00/23-14:04:38,79) [edac-poller] (root,0,0,00:00:00/23-14:04:38,80) [devfreq_wq] (root,0,0,00:00:00/23-14:04:38,110) [watchdogd] (root,0,0,00:00:04/23-14:04:38,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/23-14:04:38,112) [kswapd0] (root,0,0,00:00:00/23-14:04:37,114) [kthrotld] (root,0,0,00:00:00/23-14:04:37,115) [mld] (root,0,0,00:00:00/23-14:04:37,116) [ipv6_addrconf] (root,0,0,00:00:10/23-14:04:37,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/23-14:04:37,122) [kstrp] (root,0,0,00:00:00/23-14:04:37,123) [zswap-shrink] (root,0,0,00:00:00/23-14:04:37,124) [kworker/u9:0] (root,0,0,00:00:00/23-14:04:37,129) [charger_manager] (root,0,0,00:00:05/23-14:04:36,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/23-14:04:36,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-14:04:36,205) [kaluad] (root,0,0,00:00:00/23-14:04:36,250) [kmpath_rdacd] (root,0,0,00:00:00/23-14:04:36,293) [kmpathd] (root,0,0,00:00:00/23-14:04:36,294) [kmpath_handlerd] (root,0,0,00:00:00/23-14:04:36,342) [ata_sff] (root,0,0,00:00:00/23-14:04:35,343) [scsi_eh_0] (root,0,0,00:00:00/23-14:04:35,344) [scsi_tmf_0] (root,0,0,00:00:00/23-14:04:35,345) [scsi_eh_1] (root,0,0,00:00:00/23-14:04:35,346) [scsi_tmf_1] (root,0,0,00:00:37/23-14:04:33,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-14:04:33,367) [ext4-rsv-conver] (root,38604,7876,00:00:34/23-14:04:21,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/23-14:04:20,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:35/23-14:04:18,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:12/23-14:03:44,512) /sbin/auditd (messagebus,22936,5640,00:01:07/23-14:03:44,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:38/23-14:03:44,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/23-14:03:44,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/23-14:03:43,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/23-14:03:43,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,30324,00:00:26/23-14:03:29,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/23-14:03:29,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:08/23-14:03:28,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/23-14:03:28,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/23-14:03:28,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/23-14:03:28,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/23-14:03:28,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:32/23-14:03:28,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:12/23-14:03:28,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/23-14:03:28,1206) bpfilter_umh (root,26204,8300,00:00:10/23-14:03:28,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/23-14:03:28,1215) ntpd: asynchronous dns resolver (spot,285372,172700,1-05:39:23/23-14:03:28,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/23-14:03:27,1228) (sd-pam) (checkmk,48532,3192,00:00:00/23-14:03:27,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/23-14:03:27,1245) (sd-pam) (root,24216,5348,00:00:07/23-14:03:26,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/23-14:03:26,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/23-14:03:25,1354) /usr/sbin/cron -n (root,693860,77156,00:30:46/23-14:03:19,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,55852,00:08:44/23-14:03:05,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:34:14,3891) [kworker/u8:2-writeback] (root,0,0,00:00:00/01:26:08,7143) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/46:12,7327) [kworker/0:0-events] (root,0,0,00:00:00/02:55:03,7973) [kworker/0:1-events] (root,6656,3488,00:00:00/00:00,8790) /bin/bash /usr/bin/check_mk_agent (root,13744,3456,00:00:00/00:00,8808) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,8809) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10012,00:00:00/17-11:54:21,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:58/17-11:54:20,15391) sshd: cm-ssh (postfix,24244,8204,00:00:00/45:02,15690) pickup -l -t fifo -u (root,0,0,00:00:01/04:48:41,16672) [kworker/3:2-events] (root,35308,10072,00:00:00/7-13:22:59,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:26/7-13:22:58,16977) sshd: syslogtunnel (root,0,0,00:00:01/52:57,19831) [kworker/2:1-events] (root,0,0,00:00:00/02:24,22791) [kworker/1:1-ata_sff] (root,0,0,00:00:00/25:59,26074) [kworker/2:0] (root,0,0,00:00:00/07:37,28705) [kworker/1:0-ata_sff] (root,0,0,00:00:02/03:09:12,30106) [kworker/1:2-events] (postfix,44628,9372,00:00:00/17-18:40:06,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:54:18,31932) [kworker/3:1] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-06 00:26 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836369b33c7fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12808,00:00:57/21-12:50:47,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-12:50:47,2) [kthreadd] (root,0,0,00:00:00/21-12:50:47,3) [rcu_gp] (root,0,0,00:00:00/21-12:50:47,4) [rcu_par_gp] (root,0,0,00:00:00/21-12:50:47,5) [slub_flushwq] (root,0,0,00:00:00/21-12:50:47,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-12:50:47,9) [mm_percpu_wq] (root,0,0,00:00:00/21-12:50:47,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-12:50:47,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-12:50:47,12) [rcu_tasks_trace] (root,0,0,00:00:39/21-12:50:47,13) [ksoftirqd/0] (root,0,0,00:57:19/21-12:50:47,14) [rcu_preempt] (root,0,0,00:00:08/21-12:50:47,15) [migration/0] (root,0,0,00:00:00/21-12:50:47,16) [idle_inject/0] (root,0,0,00:00:00/21-12:50:47,18) [cpuhp/0] (root,0,0,00:00:00/21-12:50:47,19) [cpuhp/1] (root,0,0,00:00:00/21-12:50:47,20) [idle_inject/1] (root,0,0,00:00:08/21-12:50:47,21) [migration/1] (root,0,0,00:00:34/21-12:50:47,22) [ksoftirqd/1] (root,0,0,00:00:00/21-12:50:47,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-12:50:47,25) [cpuhp/2] (root,0,0,00:00:00/21-12:50:47,26) [idle_inject/2] (root,0,0,00:00:06/21-12:50:47,27) [migration/2] (root,0,0,00:43:28/21-12:50:47,28) [ksoftirqd/2] (root,0,0,00:00:00/21-12:50:47,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-12:50:47,31) [cpuhp/3] (root,0,0,00:00:00/21-12:50:47,32) [idle_inject/3] (root,0,0,00:00:08/21-12:50:47,33) [migration/3] (root,0,0,00:01:59/21-12:50:47,34) [ksoftirqd/3] (root,0,0,00:00:00/21-12:50:47,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-12:50:47,39) [kdevtmpfs] (root,0,0,00:00:00/21-12:50:47,40) [netns] (root,0,0,00:00:00/21-12:50:47,41) [inet_frag_wq] (root,0,0,00:00:05/21-12:50:47,42) [kauditd] (root,0,0,00:00:00/21-12:50:47,43) [khungtaskd] (root,0,0,00:00:00/21-12:50:47,44) [oom_reaper] (root,0,0,00:00:00/21-12:50:47,45) [writeback] (root,0,0,00:01:03/21-12:50:47,46) [kcompactd0] (root,0,0,00:00:00/21-12:50:47,47) [ksmd] (root,0,0,00:01:02/21-12:50:47,48) [khugepaged] (root,0,0,00:00:00/21-12:50:47,74) [kintegrityd] (root,0,0,00:00:00/21-12:50:47,75) [kblockd] (root,0,0,00:00:00/21-12:50:47,76) [blkcg_punt_bio] (root,0,0,00:00:00/21-12:50:47,78) [tpm_dev_wq] (root,0,0,00:00:00/21-12:50:47,79) [edac-poller] (root,0,0,00:00:00/21-12:50:47,80) [devfreq_wq] (root,0,0,00:00:00/21-12:50:47,110) [watchdogd] (root,0,0,00:00:04/21-12:50:47,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/21-12:50:47,112) [kswapd0] (root,0,0,00:00:00/21-12:50:46,114) [kthrotld] (root,0,0,00:00:00/21-12:50:46,115) [mld] (root,0,0,00:00:00/21-12:50:46,116) [ipv6_addrconf] (root,0,0,00:00:09/21-12:50:46,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/21-12:50:46,122) [kstrp] (root,0,0,00:00:00/21-12:50:46,123) [zswap-shrink] (root,0,0,00:00:00/21-12:50:46,124) [kworker/u9:0] (root,0,0,00:00:00/21-12:50:46,129) [charger_manager] (root,0,0,00:00:04/21-12:50:45,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/21-12:50:45,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-12:50:45,205) [kaluad] (root,0,0,00:00:00/21-12:50:45,250) [kmpath_rdacd] (root,0,0,00:00:00/21-12:50:45,293) [kmpathd] (root,0,0,00:00:00/21-12:50:45,294) [kmpath_handlerd] (root,0,0,00:00:00/21-12:50:45,342) [ata_sff] (root,0,0,00:00:00/21-12:50:44,343) [scsi_eh_0] (root,0,0,00:00:00/21-12:50:44,344) [scsi_tmf_0] (root,0,0,00:00:00/21-12:50:44,345) [scsi_eh_1] (root,0,0,00:00:00/21-12:50:44,346) [scsi_tmf_1] (root,0,0,00:00:33/21-12:50:42,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-12:50:42,367) [ext4-rsv-conver] (root,38604,7876,00:00:31/21-12:50:30,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/21-12:50:29,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:32/21-12:50:27,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:11/21-12:49:53,512) /sbin/auditd (messagebus,22936,5640,00:01:02/21-12:49:53,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:36/21-12:49:53,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/21-12:49:53,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/21-12:49:52,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/21-12:49:52,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29804,00:00:24/21-12:49:38,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/21-12:49:38,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:58/21-12:49:37,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/21-12:49:37,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/21-12:49:37,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/21-12:49:37,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/21-12:49:37,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:30/21-12:49:37,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:02:55/21-12:49:37,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/21-12:49:37,1206) bpfilter_umh (root,26204,8300,00:00:09/21-12:49:37,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/21-12:49:37,1215) ntpd: asynchronous dns resolver (spot,285084,171848,1-03:14:02/21-12:49:37,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/21-12:49:36,1228) (sd-pam) (checkmk,48532,3192,00:00:00/21-12:49:36,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/21-12:49:36,1245) (sd-pam) (root,24216,5348,00:00:07/21-12:49:35,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/21-12:49:35,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/21-12:49:34,1354) /usr/sbin/cron -n (root,693604,76796,00:28:01/21-12:49:28,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,216512,54956,00:07:22/21-12:49:14,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/01:31:30,1511) [kworker/2:0-events] (root,0,0,00:00:00/04:13,3242) [kworker/1:2-ata_sff] (root,0,0,00:00:00/14:50,4642) [kworker/2:2-events] (root,0,0,00:00:00/01:12:29,10019) [kworker/0:2-events] (root,0,0,00:00:03/07:10:29,10383) [kworker/1:0-events] (root,35308,10012,00:00:00/15-10:40:30,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:51/15-10:40:29,15391) sshd: cm-ssh (root,6656,3480,00:00:00/00:00,16711) /bin/bash /usr/bin/check_mk_agent (root,13744,3512,00:00:00/00:00,16729) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,16730) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10072,00:00:00/5-12:09:08,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:19/5-12:09:07,16977) sshd: syslogtunnel (root,0,0,00:00:00/02:22:38,20036) [kworker/3:0] (root,0,0,00:00:00/21:10,20180) [kworker/0:0-events] (root,0,0,00:00:00/09:26,21998) [kworker/1:1-ata_sff] (root,0,0,00:00:00/27:56,27154) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/03:25:47,28374) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:01/07:22:04,30433) [kworker/3:1-events] (postfix,44628,9372,00:00:00/15-17:26:15,30472) tlsmgr -l -t unix -u (postfix,24244,8260,00:00:00/01:33:07,30884) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-03 23:12 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683632bf8dab3Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12828,00:00:53/19-14:32:43,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-14:32:43,2) [kthreadd] (root,0,0,00:00:00/19-14:32:43,3) [rcu_gp] (root,0,0,00:00:00/19-14:32:43,4) [rcu_par_gp] (root,0,0,00:00:00/19-14:32:43,5) [slub_flushwq] (root,0,0,00:00:00/19-14:32:43,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-14:32:43,9) [mm_percpu_wq] (root,0,0,00:00:00/19-14:32:43,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-14:32:43,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-14:32:43,12) [rcu_tasks_trace] (root,0,0,00:00:36/19-14:32:43,13) [ksoftirqd/0] (root,0,0,00:52:15/19-14:32:43,14) [rcu_preempt] (root,0,0,00:00:07/19-14:32:43,15) [migration/0] (root,0,0,00:00:00/19-14:32:43,16) [idle_inject/0] (root,0,0,00:00:00/19-14:32:43,18) [cpuhp/0] (root,0,0,00:00:00/19-14:32:43,19) [cpuhp/1] (root,0,0,00:00:00/19-14:32:43,20) [idle_inject/1] (root,0,0,00:00:07/19-14:32:43,21) [migration/1] (root,0,0,00:00:31/19-14:32:43,22) [ksoftirqd/1] (root,0,0,00:00:00/19-14:32:43,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-14:32:43,25) [cpuhp/2] (root,0,0,00:00:00/19-14:32:43,26) [idle_inject/2] (root,0,0,00:00:06/19-14:32:43,27) [migration/2] (root,0,0,00:39:04/19-14:32:43,28) [ksoftirqd/2] (root,0,0,00:00:00/19-14:32:43,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-14:32:43,31) [cpuhp/3] (root,0,0,00:00:00/19-14:32:43,32) [idle_inject/3] (root,0,0,00:00:07/19-14:32:43,33) [migration/3] (root,0,0,00:01:49/19-14:32:43,34) [ksoftirqd/3] (root,0,0,00:00:00/19-14:32:43,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-14:32:43,39) [kdevtmpfs] (root,0,0,00:00:00/19-14:32:43,40) [netns] (root,0,0,00:00:00/19-14:32:43,41) [inet_frag_wq] (root,0,0,00:00:05/19-14:32:43,42) [kauditd] (root,0,0,00:00:00/19-14:32:43,43) [khungtaskd] (root,0,0,00:00:00/19-14:32:43,44) [oom_reaper] (root,0,0,00:00:00/19-14:32:43,45) [writeback] (root,0,0,00:00:57/19-14:32:43,46) [kcompactd0] (root,0,0,00:00:00/19-14:32:43,47) [ksmd] (root,0,0,00:00:57/19-14:32:43,48) [khugepaged] (root,0,0,00:00:00/19-14:32:43,74) [kintegrityd] (root,0,0,00:00:00/19-14:32:43,75) [kblockd] (root,0,0,00:00:00/19-14:32:43,76) [blkcg_punt_bio] (root,0,0,00:00:00/19-14:32:43,78) [tpm_dev_wq] (root,0,0,00:00:00/19-14:32:43,79) [edac-poller] (root,0,0,00:00:00/19-14:32:43,80) [devfreq_wq] (root,0,0,00:00:00/19-14:32:43,110) [watchdogd] (root,0,0,00:00:03/19-14:32:43,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/19-14:32:43,112) [kswapd0] (root,0,0,00:00:00/19-14:32:42,114) [kthrotld] (root,0,0,00:00:00/19-14:32:42,115) [mld] (root,0,0,00:00:00/19-14:32:42,116) [ipv6_addrconf] (root,0,0,00:00:08/19-14:32:42,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/19-14:32:42,122) [kstrp] (root,0,0,00:00:00/19-14:32:42,123) [zswap-shrink] (root,0,0,00:00:00/19-14:32:42,124) [kworker/u9:0] (root,0,0,00:00:00/19-14:32:42,129) [charger_manager] (root,0,0,00:00:04/19-14:32:41,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/19-14:32:41,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-14:32:41,205) [kaluad] (root,0,0,00:00:00/19-14:32:41,250) [kmpath_rdacd] (root,0,0,00:00:00/19-14:32:41,293) [kmpathd] (root,0,0,00:00:00/19-14:32:41,294) [kmpath_handlerd] (root,0,0,00:00:00/19-14:32:41,342) [ata_sff] (root,0,0,00:00:00/19-14:32:40,343) [scsi_eh_0] (root,0,0,00:00:00/19-14:32:40,344) [scsi_tmf_0] (root,0,0,00:00:00/19-14:32:40,345) [scsi_eh_1] (root,0,0,00:00:00/19-14:32:40,346) [scsi_tmf_1] (root,0,0,00:00:29/19-14:32:38,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-14:32:38,367) [ext4-rsv-conver] (root,38604,7876,00:00:29/19-14:32:26,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/19-14:32:25,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:29/19-14:32:23,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:11/19-14:31:49,512) /sbin/auditd (messagebus,22936,5672,00:00:58/19-14:31:49,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:33/19-14:31:49,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/19-14:31:49,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/19-14:31:48,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/19-14:31:48,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29812,00:00:22/19-14:31:34,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/19-14:31:34,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:49/19-14:31:33,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/19-14:31:33,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/19-14:31:33,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/19-14:31:33,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/19-14:31:33,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:28/19-14:31:33,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:40/19-14:31:33,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/19-14:31:33,1206) bpfilter_umh (root,26204,8300,00:00:09/19-14:31:33,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/19-14:31:33,1215) ntpd: asynchronous dns resolver (spot,284908,171804,1-01:04:47/19-14:31:33,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/19-14:31:32,1228) (sd-pam) (checkmk,48532,3192,00:00:00/19-14:31:32,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/19-14:31:32,1245) (sd-pam) (root,24216,5348,00:00:06/19-14:31:31,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/19-14:31:31,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/19-14:31:30,1354) /usr/sbin/cron -n (root,692836,75756,00:25:28/19-14:31:24,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,215488,53056,00:06:34/19-14:31:10,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/06:34:07,3898) [kworker/3:2-events] (root,0,0,00:00:00/01:34:21,4121) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/02:42,7229) [kworker/1:0-ata_sff] (postfix,24244,8224,00:00:00/15:54,8017) pickup -l -t fifo -u (root,35308,10012,00:00:00/13-12:22:26,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:45/13-12:22:25,15391) sshd: cm-ssh (root,35308,10072,00:00:00/3-13:51:04,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:12/3-13:51:03,16977) sshd: syslogtunnel (root,0,0,00:00:00/07:55,18611) [kworker/1:1-ata_sff] (root,0,0,00:00:00/24:51,20923) [kworker/u8:2-writeback] (root,6656,3488,00:00:00/00:00,21298) /bin/bash /usr/bin/check_mk_agent (root,13744,3372,00:00:00/00:00,21316) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,21317) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/36:39,21337) [kworker/2:0] (root,0,0,00:00:00/01:01:48,22032) [kworker/3:0-cgroup_destroy] (root,0,0,00:00:00/49:19,22794) [kworker/0:1] (root,0,0,00:00:01/01:01:36,23007) [kworker/2:2-events] (root,0,0,00:00:01/01:25:44,24029) [kworker/1:2-events] (root,0,0,00:00:01/02:58:45,26126) [kworker/0:2-events] (postfix,44628,9416,00:00:00/13-19:08:11,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-02 00:54 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639c6b324cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:49/17-13:21:33,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-13:21:33,2) [kthreadd] (root,0,0,00:00:00/17-13:21:33,3) [rcu_gp] (root,0,0,00:00:00/17-13:21:33,4) [rcu_par_gp] (root,0,0,00:00:00/17-13:21:33,5) [slub_flushwq] (root,0,0,00:00:00/17-13:21:33,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-13:21:33,9) [mm_percpu_wq] (root,0,0,00:00:00/17-13:21:33,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-13:21:33,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-13:21:33,12) [rcu_tasks_trace] (root,0,0,00:00:32/17-13:21:33,13) [ksoftirqd/0] (root,0,0,00:47:00/17-13:21:33,14) [rcu_preempt] (root,0,0,00:00:06/17-13:21:33,15) [migration/0] (root,0,0,00:00:00/17-13:21:33,16) [idle_inject/0] (root,0,0,00:00:00/17-13:21:33,18) [cpuhp/0] (root,0,0,00:00:00/17-13:21:33,19) [cpuhp/1] (root,0,0,00:00:00/17-13:21:33,20) [idle_inject/1] (root,0,0,00:00:07/17-13:21:33,21) [migration/1] (root,0,0,00:00:28/17-13:21:33,22) [ksoftirqd/1] (root,0,0,00:00:00/17-13:21:33,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-13:21:33,25) [cpuhp/2] (root,0,0,00:00:00/17-13:21:33,26) [idle_inject/2] (root,0,0,00:00:05/17-13:21:33,27) [migration/2] (root,0,0,00:35:47/17-13:21:33,28) [ksoftirqd/2] (root,0,0,00:00:00/17-13:21:33,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-13:21:33,31) [cpuhp/3] (root,0,0,00:00:00/17-13:21:33,32) [idle_inject/3] (root,0,0,00:00:06/17-13:21:33,33) [migration/3] (root,0,0,00:01:39/17-13:21:33,34) [ksoftirqd/3] (root,0,0,00:00:00/17-13:21:33,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-13:21:33,39) [kdevtmpfs] (root,0,0,00:00:00/17-13:21:33,40) [netns] (root,0,0,00:00:00/17-13:21:33,41) [inet_frag_wq] (root,0,0,00:00:04/17-13:21:33,42) [kauditd] (root,0,0,00:00:00/17-13:21:33,43) [khungtaskd] (root,0,0,00:00:00/17-13:21:33,44) [oom_reaper] (root,0,0,00:00:00/17-13:21:33,45) [writeback] (root,0,0,00:00:51/17-13:21:33,46) [kcompactd0] (root,0,0,00:00:00/17-13:21:33,47) [ksmd] (root,0,0,00:00:51/17-13:21:33,48) [khugepaged] (root,0,0,00:00:00/17-13:21:33,74) [kintegrityd] (root,0,0,00:00:00/17-13:21:33,75) [kblockd] (root,0,0,00:00:00/17-13:21:33,76) [blkcg_punt_bio] (root,0,0,00:00:00/17-13:21:33,78) [tpm_dev_wq] (root,0,0,00:00:00/17-13:21:33,79) [edac-poller] (root,0,0,00:00:00/17-13:21:33,80) [devfreq_wq] (root,0,0,00:00:00/17-13:21:33,110) [watchdogd] (root,0,0,00:00:03/17-13:21:33,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/17-13:21:33,112) [kswapd0] (root,0,0,00:00:00/17-13:21:32,114) [kthrotld] (root,0,0,00:00:00/17-13:21:32,115) [mld] (root,0,0,00:00:00/17-13:21:32,116) [ipv6_addrconf] (root,0,0,00:00:07/17-13:21:32,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/17-13:21:32,122) [kstrp] (root,0,0,00:00:00/17-13:21:32,123) [zswap-shrink] (root,0,0,00:00:00/17-13:21:32,124) [kworker/u9:0] (root,0,0,00:00:00/17-13:21:32,129) [charger_manager] (root,0,0,00:00:03/17-13:21:31,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/17-13:21:31,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-13:21:31,205) [kaluad] (root,0,0,00:00:00/17-13:21:31,250) [kmpath_rdacd] (root,0,0,00:00:00/17-13:21:31,293) [kmpathd] (root,0,0,00:00:00/17-13:21:31,294) [kmpath_handlerd] (root,0,0,00:00:00/17-13:21:31,342) [ata_sff] (root,0,0,00:00:00/17-13:21:30,343) [scsi_eh_0] (root,0,0,00:00:00/17-13:21:30,344) [scsi_tmf_0] (root,0,0,00:00:00/17-13:21:30,345) [scsi_eh_1] (root,0,0,00:00:00/17-13:21:30,346) [scsi_tmf_1] (root,0,0,00:00:26/17-13:21:28,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-13:21:28,367) [ext4-rsv-conver] (root,38604,7876,00:00:27/17-13:21:16,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/17-13:21:15,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:26/17-13:21:13,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:10/17-13:20:39,512) /sbin/auditd (messagebus,22936,5672,00:00:54/17-13:20:39,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:31/17-13:20:39,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/17-13:20:39,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/17-13:20:38,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/17-13:20:38,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,29016,00:00:19/17-13:20:24,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/17-13:20:24,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:36/17-13:20:23,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/17-13:20:23,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/17-13:20:23,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/17-13:20:23,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/17-13:20:23,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:26/17-13:20:23,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:22/17-13:20:23,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/17-13:20:23,1206) bpfilter_umh (root,26204,8300,00:00:08/17-13:20:23,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/17-13:20:23,1215) ntpd: asynchronous dns resolver (spot,284812,171780,23:05:22/17-13:20:23,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/17-13:20:22,1228) (sd-pam) (checkmk,48532,3192,00:00:00/17-13:20:22,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/17-13:20:22,1245) (sd-pam) (root,24216,5348,00:00:05/17-13:20:21,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/17-13:20:21,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/17-13:20:20,1354) /usr/sbin/cron -n (root,692236,75412,00:22:48/17-13:20:14,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,214464,51012,00:05:52/17-13:20:00,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:03/02:38:18,3299) [kworker/2:0-events] (root,0,0,00:00:00/47:45,6422) [kworker/0:2-events] (postfix,24244,8240,00:00:00/01:06:41,9878) pickup -l -t fifo -u (root,0,0,00:00:00/09:24,11512) [kworker/1:0-ata_sff] (root,0,0,00:00:00/04:44,13668) [kworker/2:1] (root,35308,10012,00:00:00/11-11:11:16,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:38/11-11:11:15,15391) sshd: cm-ssh (root,6656,3484,00:00:00/00:00,15865) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,15883) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,15884) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10072,00:00:00/1-12:39:54,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:05/1-12:39:53,16977) sshd: syslogtunnel (root,0,0,00:00:00/04:14,18158) [kworker/1:1-ata_sff] (root,0,0,00:00:00/35:19,19748) [kworker/2:2-events] (root,0,0,00:00:03/05:05:08,19752) [kworker/1:2-events] (root,0,0,00:00:00/01:38:40,19953) [kworker/u8:0-writeback] (root,0,0,00:00:01/04:22:52,24312) [kworker/0:0-events] (root,0,0,00:00:00/07:26:39,28658) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/17:02,29069) [kworker/3:2] (postfix,44628,9416,00:00:00/11-17:57:01,30472) tlsmgr -l -t unix -u (root,0,0,00:00:01/03:08:42,32305) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-29 23:43 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d8c2e102Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:45/15-13:18:13,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-13:18:13,2) [kthreadd] (root,0,0,00:00:00/15-13:18:13,3) [rcu_gp] (root,0,0,00:00:00/15-13:18:13,4) [rcu_par_gp] (root,0,0,00:00:00/15-13:18:13,5) [slub_flushwq] (root,0,0,00:00:00/15-13:18:13,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-13:18:13,9) [mm_percpu_wq] (root,0,0,00:00:00/15-13:18:13,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-13:18:13,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-13:18:13,12) [rcu_tasks_trace] (root,0,0,00:00:29/15-13:18:13,13) [ksoftirqd/0] (root,0,0,00:41:44/15-13:18:13,14) [rcu_preempt] (root,0,0,00:00:05/15-13:18:13,15) [migration/0] (root,0,0,00:00:00/15-13:18:13,16) [idle_inject/0] (root,0,0,00:00:00/15-13:18:13,18) [cpuhp/0] (root,0,0,00:00:00/15-13:18:13,19) [cpuhp/1] (root,0,0,00:00:00/15-13:18:13,20) [idle_inject/1] (root,0,0,00:00:06/15-13:18:13,21) [migration/1] (root,0,0,00:00:25/15-13:18:13,22) [ksoftirqd/1] (root,0,0,00:00:00/15-13:18:13,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-13:18:13,25) [cpuhp/2] (root,0,0,00:00:00/15-13:18:13,26) [idle_inject/2] (root,0,0,00:00:05/15-13:18:13,27) [migration/2] (root,0,0,00:32:17/15-13:18:13,28) [ksoftirqd/2] (root,0,0,00:00:00/15-13:18:13,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-13:18:13,31) [cpuhp/3] (root,0,0,00:00:00/15-13:18:13,32) [idle_inject/3] (root,0,0,00:00:05/15-13:18:13,33) [migration/3] (root,0,0,00:01:29/15-13:18:13,34) [ksoftirqd/3] (root,0,0,00:00:00/15-13:18:13,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-13:18:13,39) [kdevtmpfs] (root,0,0,00:00:00/15-13:18:13,40) [netns] (root,0,0,00:00:00/15-13:18:13,41) [inet_frag_wq] (root,0,0,00:00:04/15-13:18:13,42) [kauditd] (root,0,0,00:00:00/15-13:18:13,43) [khungtaskd] (root,0,0,00:00:00/15-13:18:13,44) [oom_reaper] (root,0,0,00:00:00/15-13:18:13,45) [writeback] (root,0,0,00:00:46/15-13:18:13,46) [kcompactd0] (root,0,0,00:00:00/15-13:18:13,47) [ksmd] (root,0,0,00:00:46/15-13:18:13,48) [khugepaged] (root,0,0,00:00:00/15-13:18:13,74) [kintegrityd] (root,0,0,00:00:00/15-13:18:13,75) [kblockd] (root,0,0,00:00:00/15-13:18:13,76) [blkcg_punt_bio] (root,0,0,00:00:00/15-13:18:13,78) [tpm_dev_wq] (root,0,0,00:00:00/15-13:18:13,79) [edac-poller] (root,0,0,00:00:00/15-13:18:13,80) [devfreq_wq] (root,0,0,00:00:00/15-13:18:13,110) [watchdogd] (root,0,0,00:00:03/15-13:18:13,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/15-13:18:13,112) [kswapd0] (root,0,0,00:00:00/15-13:18:12,114) [kthrotld] (root,0,0,00:00:00/15-13:18:12,115) [mld] (root,0,0,00:00:00/15-13:18:12,116) [ipv6_addrconf] (root,0,0,00:00:06/15-13:18:12,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/15-13:18:12,122) [kstrp] (root,0,0,00:00:00/15-13:18:12,123) [zswap-shrink] (root,0,0,00:00:00/15-13:18:12,124) [kworker/u9:0] (root,0,0,00:00:00/15-13:18:12,129) [charger_manager] (root,0,0,00:00:03/15-13:18:11,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/15-13:18:11,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-13:18:11,205) [kaluad] (root,0,0,00:00:00/15-13:18:11,250) [kmpath_rdacd] (root,0,0,00:00:00/15-13:18:11,293) [kmpathd] (root,0,0,00:00:00/15-13:18:11,294) [kmpath_handlerd] (root,0,0,00:00:00/15-13:18:11,342) [ata_sff] (root,0,0,00:00:00/15-13:18:10,343) [scsi_eh_0] (root,0,0,00:00:00/15-13:18:10,344) [scsi_tmf_0] (root,0,0,00:00:00/15-13:18:10,345) [scsi_eh_1] (root,0,0,00:00:00/15-13:18:10,346) [scsi_tmf_1] (root,0,0,00:00:23/15-13:18:08,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-13:18:08,367) [ext4-rsv-conver] (root,38604,7876,00:00:24/15-13:17:56,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/15-13:17:55,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:23/15-13:17:53,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:09/15-13:17:19,512) /sbin/auditd (messagebus,22936,5672,00:00:49/15-13:17:19,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:28/15-13:17:19,531) /usr/lib/systemd/systemd-logind (root,0,0,00:00:00/21:50,539) [kworker/0:2] (root,20556,5140,00:00:00/15-13:17:19,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/15-13:17:18,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/15-13:17:18,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27976,00:00:17/15-13:17:04,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/15-13:17:04,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:24/15-13:17:03,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/15-13:17:03,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/15-13:17:03,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/15-13:17:03,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/15-13:17:03,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:24/15-13:17:03,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:06/15-13:17:03,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/15-13:17:03,1206) bpfilter_umh (root,26204,8300,00:00:07/15-13:17:03,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/15-13:17:03,1215) ntpd: asynchronous dns resolver (spot,285252,171316,20:55:05/15-13:17:03,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/15-13:17:02,1228) (sd-pam) (checkmk,48532,3192,00:00:00/15-13:17:02,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/15-13:17:02,1245) (sd-pam) (root,24216,5348,00:00:05/15-13:17:01,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/15-13:17:01,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/15-13:17:00,1354) /usr/sbin/cron -n (root,691980,74872,00:20:08/15-13:16:54,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,213440,49184,00:05:09/15-13:16:40,1380) /usr/bin/python3.11 /usr/bin/spot (root,6656,3492,00:00:00/00:00,3223) /bin/bash /usr/bin/check_mk_agent (root,13744,3512,00:00:00/00:00,3241) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,3242) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8220,00:00:00/01:25:26,7356) pickup -l -t fifo -u (root,35308,10012,00:00:00/8-05:13:07,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:29/8-05:13:07,8749) sshd: syslogtunnel (root,0,0,00:00:00/10:31,10498) [kworker/3:0-events] (root,0,0,00:00:00/33:09,10640) [kworker/2:2-events] (root,0,0,00:00:00/04:54,12886) [kworker/2:0] (root,35308,10012,00:00:00/9-11:07:56,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:31/9-11:07:55,15391) sshd: cm-ssh (root,0,0,00:00:00/04:11,15982) [kworker/1:0-ata_sff] (root,0,0,00:00:00/09:24,16028) [kworker/1:1-events] (root,0,0,00:00:01/01:16:50,16510) [kworker/1:2-ata_sff] (root,0,0,00:00:00/14:53,26061) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/44:19,26890) [kworker/0:1-events] (postfix,44628,9416,00:00:00/9-17:53:41,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/39:30,30764) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:01/05:07:31,31041) [kworker/3:2-events] (root,0,0,00:00:00/38:49,32265) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-27 23:40 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ab0fea42Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:40/13-14:05:39,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-14:05:39,2) [kthreadd] (root,0,0,00:00:00/13-14:05:39,3) [rcu_gp] (root,0,0,00:00:00/13-14:05:39,4) [rcu_par_gp] (root,0,0,00:00:00/13-14:05:39,5) [slub_flushwq] (root,0,0,00:00:00/13-14:05:39,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-14:05:39,9) [mm_percpu_wq] (root,0,0,00:00:00/13-14:05:39,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-14:05:39,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-14:05:39,12) [rcu_tasks_trace] (root,0,0,00:00:25/13-14:05:39,13) [ksoftirqd/0] (root,0,0,00:36:36/13-14:05:39,14) [rcu_preempt] (root,0,0,00:00:05/13-14:05:39,15) [migration/0] (root,0,0,00:00:00/13-14:05:39,16) [idle_inject/0] (root,0,0,00:00:00/13-14:05:39,18) [cpuhp/0] (root,0,0,00:00:00/13-14:05:39,19) [cpuhp/1] (root,0,0,00:00:00/13-14:05:39,20) [idle_inject/1] (root,0,0,00:00:05/13-14:05:39,21) [migration/1] (root,0,0,00:00:22/13-14:05:39,22) [ksoftirqd/1] (root,0,0,00:00:00/13-14:05:39,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-14:05:39,25) [cpuhp/2] (root,0,0,00:00:00/13-14:05:39,26) [idle_inject/2] (root,0,0,00:00:04/13-14:05:39,27) [migration/2] (root,0,0,00:28:52/13-14:05:39,28) [ksoftirqd/2] (root,0,0,00:00:00/13-14:05:39,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-14:05:39,31) [cpuhp/3] (root,0,0,00:00:00/13-14:05:39,32) [idle_inject/3] (root,0,0,00:00:05/13-14:05:39,33) [migration/3] (root,0,0,00:01:19/13-14:05:39,34) [ksoftirqd/3] (root,0,0,00:00:00/13-14:05:39,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-14:05:39,39) [kdevtmpfs] (root,0,0,00:00:00/13-14:05:39,40) [netns] (root,0,0,00:00:00/13-14:05:39,41) [inet_frag_wq] (root,0,0,00:00:04/13-14:05:39,42) [kauditd] (root,0,0,00:00:00/13-14:05:39,43) [khungtaskd] (root,0,0,00:00:00/13-14:05:39,44) [oom_reaper] (root,0,0,00:00:00/13-14:05:39,45) [writeback] (root,0,0,00:00:40/13-14:05:39,46) [kcompactd0] (root,0,0,00:00:00/13-14:05:39,47) [ksmd] (root,0,0,00:00:40/13-14:05:39,48) [khugepaged] (root,0,0,00:00:00/13-14:05:39,74) [kintegrityd] (root,0,0,00:00:00/13-14:05:39,75) [kblockd] (root,0,0,00:00:00/13-14:05:39,76) [blkcg_punt_bio] (root,0,0,00:00:00/13-14:05:39,78) [tpm_dev_wq] (root,0,0,00:00:00/13-14:05:39,79) [edac-poller] (root,0,0,00:00:00/13-14:05:39,80) [devfreq_wq] (root,0,0,00:00:00/13-14:05:39,110) [watchdogd] (root,0,0,00:00:02/13-14:05:39,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/13-14:05:39,112) [kswapd0] (root,0,0,00:00:00/13-14:05:38,114) [kthrotld] (root,0,0,00:00:00/13-14:05:38,115) [mld] (root,0,0,00:00:00/13-14:05:38,116) [ipv6_addrconf] (root,0,0,00:00:05/13-14:05:38,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/13-14:05:38,122) [kstrp] (root,0,0,00:00:00/13-14:05:38,123) [zswap-shrink] (root,0,0,00:00:00/13-14:05:38,124) [kworker/u9:0] (root,0,0,00:00:00/13-14:05:38,129) [charger_manager] (root,0,0,00:00:02/13-14:05:37,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/13-14:05:37,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-14:05:37,205) [kaluad] (root,0,0,00:00:00/13-14:05:37,250) [kmpath_rdacd] (root,0,0,00:00:00/13-14:05:37,293) [kmpathd] (root,0,0,00:00:00/13-14:05:37,294) [kmpath_handlerd] (root,0,0,00:00:00/13-14:05:37,342) [ata_sff] (root,0,0,00:00:00/13-14:05:36,343) [scsi_eh_0] (root,0,0,00:00:00/13-14:05:36,344) [scsi_tmf_0] (root,0,0,00:00:00/13-14:05:36,345) [scsi_eh_1] (root,0,0,00:00:00/13-14:05:36,346) [scsi_tmf_1] (root,0,0,00:00:20/13-14:05:34,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-14:05:34,367) [ext4-rsv-conver] (root,38604,7876,00:00:22/13-14:05:22,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/13-14:05:21,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:20/13-14:05:19,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:08/13-14:04:45,512) /sbin/auditd (messagebus,22936,5672,00:00:45/13-14:04:45,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8536,00:00:25/13-14:04:45,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/13-14:04:45,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/13-14:04:44,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/13-14:04:44,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27716,00:00:15/13-14:04:30,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/13-14:04:30,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:13/13-14:04:29,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/13-14:04:29,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/13-14:04:29,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/13-14:04:29,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/13-14:04:29,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:21/13-14:04:29,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:01:50/13-14:04:29,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/13-14:04:29,1206) bpfilter_umh (root,26204,8300,00:00:07/13-14:04:29,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/13-14:04:29,1215) ntpd: asynchronous dns resolver (spot,286548,171584,18:14:45/13-14:04:29,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/13-14:04:28,1228) (sd-pam) (checkmk,48532,3192,00:00:00/13-14:04:28,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/13-14:04:28,1245) (sd-pam) (root,24216,5348,00:00:04/13-14:04:27,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/13-14:04:27,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/13-14:04:26,1354) /usr/sbin/cron -n (root,691980,74552,00:17:34/13-14:04:20,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,47904,00:04:29/13-14:04:06,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/43:40,2659) [kworker/2:0-events] (root,0,0,00:00:00/24:54,3454) [kworker/1:1-ata_sff] (root,0,0,00:00:04/04:02:17,4939) [kworker/2:2-events] (root,6656,3480,00:00:00/00:00,7369) /bin/bash /usr/bin/check_mk_agent (root,13744,3364,00:00:00/00:00,7387) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,916,00:00:00/00:00,7388) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10012,00:00:00/6-06:00:33,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:22/6-06:00:33,8749) sshd: syslogtunnel (root,0,0,00:00:00/48:40,13988) [kworker/0:0-events] (root,35308,10012,00:00:00/7-11:55:22,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:25/7-11:55:21,15391) sshd: cm-ssh (root,0,0,00:00:00/04:08,17507) [kworker/1:0-ata_sff] (postfix,24244,8212,00:00:00/54:41,19097) pickup -l -t fifo -u (root,0,0,00:00:00/01:09:07,23451) [kworker/3:1-events] (root,0,0,00:00:00/01:39:27,24348) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/09:21,29549) [kworker/1:2-events] (postfix,44628,9416,00:00:00/7-18:41:07,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/58:54,31001) [kworker/0:2-events] (root,0,0,00:00:00/27:17,31497) [kworker/u8:2-flush-253:0] (root,0,0,00:00:01/04:32:57,31777) [kworker/3:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-26 00:27 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b6213015Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:35/11-11:42:48,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-11:42:48,2) [kthreadd] (root,0,0,00:00:00/11-11:42:48,3) [rcu_gp] (root,0,0,00:00:00/11-11:42:48,4) [rcu_par_gp] (root,0,0,00:00:00/11-11:42:48,5) [slub_flushwq] (root,0,0,00:00:00/11-11:42:48,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-11:42:48,9) [mm_percpu_wq] (root,0,0,00:00:00/11-11:42:48,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-11:42:48,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-11:42:48,12) [rcu_tasks_trace] (root,0,0,00:00:20/11-11:42:48,13) [ksoftirqd/0] (root,0,0,00:30:33/11-11:42:48,14) [rcu_preempt] (root,0,0,00:00:04/11-11:42:48,15) [migration/0] (root,0,0,00:00:00/11-11:42:48,16) [idle_inject/0] (root,0,0,00:00:00/11-11:42:48,18) [cpuhp/0] (root,0,0,00:00:00/11-11:42:48,19) [cpuhp/1] (root,0,0,00:00:00/11-11:42:48,20) [idle_inject/1] (root,0,0,00:00:04/11-11:42:48,21) [migration/1] (root,0,0,00:00:17/11-11:42:48,22) [ksoftirqd/1] (root,0,0,00:00:00/11-11:42:48,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-11:42:48,25) [cpuhp/2] (root,0,0,00:00:00/11-11:42:48,26) [idle_inject/2] (root,0,0,00:00:03/11-11:42:48,27) [migration/2] (root,0,0,00:24:03/11-11:42:48,28) [ksoftirqd/2] (root,0,0,00:00:00/11-11:42:48,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-11:42:48,31) [cpuhp/3] (root,0,0,00:00:00/11-11:42:48,32) [idle_inject/3] (root,0,0,00:00:04/11-11:42:48,33) [migration/3] (root,0,0,00:01:05/11-11:42:48,34) [ksoftirqd/3] (root,0,0,00:00:00/11-11:42:48,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-11:42:48,39) [kdevtmpfs] (root,0,0,00:00:00/11-11:42:48,40) [netns] (root,0,0,00:00:00/11-11:42:48,41) [inet_frag_wq] (root,0,0,00:00:03/11-11:42:48,42) [kauditd] (root,0,0,00:00:00/11-11:42:48,43) [khungtaskd] (root,0,0,00:00:00/11-11:42:48,44) [oom_reaper] (root,0,0,00:00:00/11-11:42:48,45) [writeback] (root,0,0,00:00:33/11-11:42:48,46) [kcompactd0] (root,0,0,00:00:00/11-11:42:48,47) [ksmd] (root,0,0,00:00:34/11-11:42:48,48) [khugepaged] (root,0,0,00:00:00/11-11:42:48,74) [kintegrityd] (root,0,0,00:00:00/11-11:42:48,75) [kblockd] (root,0,0,00:00:00/11-11:42:48,76) [blkcg_punt_bio] (root,0,0,00:00:00/11-11:42:48,78) [tpm_dev_wq] (root,0,0,00:00:00/11-11:42:48,79) [edac-poller] (root,0,0,00:00:00/11-11:42:48,80) [devfreq_wq] (root,0,0,00:00:00/11-11:42:48,110) [watchdogd] (root,0,0,00:00:02/11-11:42:48,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-11:42:48,112) [kswapd0] (root,0,0,00:00:00/11-11:42:47,114) [kthrotld] (root,0,0,00:00:00/11-11:42:47,115) [mld] (root,0,0,00:00:00/11-11:42:47,116) [ipv6_addrconf] (root,0,0,00:00:04/11-11:42:47,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/11-11:42:47,122) [kstrp] (root,0,0,00:00:00/11-11:42:47,123) [zswap-shrink] (root,0,0,00:00:00/11-11:42:47,124) [kworker/u9:0] (root,0,0,00:00:00/11-11:42:47,129) [charger_manager] (root,0,0,00:00:02/11-11:42:46,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/11-11:42:46,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-11:42:46,205) [kaluad] (root,0,0,00:00:00/11-11:42:46,250) [kmpath_rdacd] (root,0,0,00:00:00/11-11:42:46,293) [kmpathd] (root,0,0,00:00:00/11-11:42:46,294) [kmpath_handlerd] (root,0,0,00:00:00/11-11:42:46,342) [ata_sff] (root,0,0,00:00:00/11-11:42:45,343) [scsi_eh_0] (root,0,0,00:00:00/11-11:42:45,344) [scsi_tmf_0] (root,0,0,00:00:00/11-11:42:45,345) [scsi_eh_1] (root,0,0,00:00:00/11-11:42:45,346) [scsi_tmf_1] (root,0,0,00:00:17/11-11:42:43,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-11:42:43,367) [ext4-rsv-conver] (root,38604,7900,00:00:19/11-11:42:31,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/11-11:42:30,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:17/11-11:42:28,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:07/11-11:41:54,512) /sbin/auditd (messagebus,22936,5672,00:00:39/11-11:41:54,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8548,00:00:22/11-11:41:54,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/11-11:41:54,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/11-11:41:53,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/11-11:41:53,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27724,00:00:13/11-11:41:39,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/11-11:41:39,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:00:59/11-11:41:38,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/11-11:41:38,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/11-11:41:38,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/11-11:41:38,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/11-11:41:38,1201) /usr/lib/systemd/systemd --user (root,448968,9084,00:00:18/11-11:41:38,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:32/11-11:41:38,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/11-11:41:38,1206) bpfilter_umh (root,26204,8300,00:00:06/11-11:41:38,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/11-11:41:38,1215) ntpd: asynchronous dns resolver (spot,285940,171428,14:13:31/11-11:41:38,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/11-11:41:37,1228) (sd-pam) (checkmk,48532,3192,00:00:00/11-11:41:37,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/11-11:41:37,1245) (sd-pam) (root,24216,5348,00:00:03/11-11:41:36,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/11-11:41:36,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/11-11:41:35,1354) /usr/sbin/cron -n (root,691724,74148,00:14:47/11-11:41:29,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,211392,46340,00:03:45/11-11:41:15,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/51:18,1935) [kworker/2:0-events] (postfix,24244,8236,00:00:00/32:35,2309) pickup -l -t fifo -u (root,0,0,00:00:00/09:04:57,4619) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10012,00:00:00/4-03:37:42,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:14/4-03:37:42,8749) sshd: syslogtunnel (root,0,0,00:00:00/14:43,9247) [kworker/0:1-events] (root,0,0,00:00:00/02:22:08,10972) [kworker/0:2-events] (root,0,0,00:00:00/01:40,13585) [kworker/1:0-ata_sff] (root,35308,10012,00:00:00/5-09:32:31,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:18/5-09:32:30,15391) sshd: cm-ssh (root,0,0,00:00:00/01:08:01,16718) [kworker/2:2-events] (root,0,0,00:00:00/47:07,18633) [kworker/3:2-events] (root,6656,3488,00:00:00/00:00,20232) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,20250) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,20251) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/01:50:38,21671) [kworker/1:1-events] (root,0,0,00:00:00/06:53,28128) [kworker/1:2-ata_sff] (root,0,0,00:00:00/06:30,29635) [kworker/3:1-events] (postfix,44628,9464,00:00:00/5-16:18:16,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:23:54,31970) [kworker/u8:2-writeback] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-23 22:05 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363dba9f56cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:30/9-11:37:11,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-11:37:11,2) [kthreadd] (root,0,0,00:00:00/9-11:37:11,3) [rcu_gp] (root,0,0,00:00:00/9-11:37:11,4) [rcu_par_gp] (root,0,0,00:00:00/9-11:37:11,5) [slub_flushwq] (root,0,0,00:00:00/9-11:37:11,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-11:37:11,9) [mm_percpu_wq] (root,0,0,00:00:00/9-11:37:11,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-11:37:11,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-11:37:11,12) [rcu_tasks_trace] (root,0,0,00:00:16/9-11:37:11,13) [ksoftirqd/0] (root,0,0,00:25:05/9-11:37:11,14) [rcu_preempt] (root,0,0,00:00:03/9-11:37:11,15) [migration/0] (root,0,0,00:00:00/9-11:37:11,16) [idle_inject/0] (root,0,0,00:00:00/9-11:37:11,18) [cpuhp/0] (root,0,0,00:00:00/9-11:37:11,19) [cpuhp/1] (root,0,0,00:00:00/9-11:37:11,20) [idle_inject/1] (root,0,0,00:00:03/9-11:37:11,21) [migration/1] (root,0,0,00:00:14/9-11:37:11,22) [ksoftirqd/1] (root,0,0,00:00:00/9-11:37:11,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-11:37:11,25) [cpuhp/2] (root,0,0,00:00:00/9-11:37:11,26) [idle_inject/2] (root,0,0,00:00:03/9-11:37:11,27) [migration/2] (root,0,0,00:20:07/9-11:37:11,28) [ksoftirqd/2] (root,0,0,00:00:00/9-11:37:11,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-11:37:11,31) [cpuhp/3] (root,0,0,00:00:00/9-11:37:11,32) [idle_inject/3] (root,0,0,00:00:03/9-11:37:11,33) [migration/3] (root,0,0,00:00:53/9-11:37:11,34) [ksoftirqd/3] (root,0,0,00:00:00/9-11:37:11,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-11:37:11,39) [kdevtmpfs] (root,0,0,00:00:00/9-11:37:11,40) [netns] (root,0,0,00:00:00/9-11:37:11,41) [inet_frag_wq] (root,0,0,00:00:03/9-11:37:11,42) [kauditd] (root,0,0,00:00:00/9-11:37:11,43) [khungtaskd] (root,0,0,00:00:00/9-11:37:11,44) [oom_reaper] (root,0,0,00:00:00/9-11:37:11,45) [writeback] (root,0,0,00:00:27/9-11:37:11,46) [kcompactd0] (root,0,0,00:00:00/9-11:37:11,47) [ksmd] (root,0,0,00:00:28/9-11:37:11,48) [khugepaged] (root,0,0,00:00:00/9-11:37:11,74) [kintegrityd] (root,0,0,00:00:00/9-11:37:11,75) [kblockd] (root,0,0,00:00:00/9-11:37:11,76) [blkcg_punt_bio] (root,0,0,00:00:00/9-11:37:11,78) [tpm_dev_wq] (root,0,0,00:00:00/9-11:37:11,79) [edac-poller] (root,0,0,00:00:00/9-11:37:11,80) [devfreq_wq] (root,0,0,00:00:00/9-11:37:11,110) [watchdogd] (root,0,0,00:00:01/9-11:37:11,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-11:37:11,112) [kswapd0] (root,0,0,00:00:00/9-11:37:10,114) [kthrotld] (root,0,0,00:00:00/9-11:37:10,115) [mld] (root,0,0,00:00:00/9-11:37:10,116) [ipv6_addrconf] (root,0,0,00:00:04/9-11:37:10,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/9-11:37:10,122) [kstrp] (root,0,0,00:00:00/9-11:37:10,123) [zswap-shrink] (root,0,0,00:00:00/9-11:37:10,124) [kworker/u9:0] (root,0,0,00:00:00/9-11:37:10,129) [charger_manager] (root,0,0,00:00:02/9-11:37:09,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/9-11:37:09,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-11:37:09,205) [kaluad] (root,0,0,00:00:00/9-11:37:09,250) [kmpath_rdacd] (root,0,0,00:00:00/9-11:37:09,293) [kmpathd] (root,0,0,00:00:00/9-11:37:09,294) [kmpath_handlerd] (root,0,0,00:00:00/9-11:37:09,342) [ata_sff] (root,0,0,00:00:00/9-11:37:08,343) [scsi_eh_0] (root,0,0,00:00:00/9-11:37:08,344) [scsi_tmf_0] (root,0,0,00:00:00/9-11:37:08,345) [scsi_eh_1] (root,0,0,00:00:00/9-11:37:08,346) [scsi_tmf_1] (root,0,0,00:00:14/9-11:37:06,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-11:37:06,367) [ext4-rsv-conver] (root,38604,7900,00:00:16/9-11:36:54,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/9-11:36:53,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:14/9-11:36:51,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:06/9-11:36:17,512) /sbin/auditd (messagebus,22936,5672,00:00:33/9-11:36:17,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:18/9-11:36:17,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/9-11:36:17,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/9-11:36:16,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/9-11:36:16,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,26656,00:00:10/9-11:36:02,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/9-11:36:02,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:49/9-11:36:01,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/9-11:36:01,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/9-11:36:01,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/9-11:36:01,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/9-11:36:01,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:16/9-11:36:01,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:15/9-11:36:01,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/9-11:36:01,1206) bpfilter_umh (root,26204,8300,00:00:05/9-11:36:01,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/9-11:36:01,1215) ntpd: asynchronous dns resolver (spot,282852,169216,11:05:03/9-11:36:01,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/9-11:36:00,1228) (sd-pam) (checkmk,48532,3192,00:00:00/9-11:36:00,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/9-11:36:00,1245) (sd-pam) (root,24216,5348,00:00:02/9-11:35:59,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/9-11:35:59,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/9-11:35:58,1354) /usr/sbin/cron -n (root,691336,73768,00:12:12/9-11:35:52,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,210368,45064,00:03:04/9-11:35:38,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/03:23:15,1575) [kworker/u8:1-writeback] (root,0,0,00:00:02/03:04:18,2819) [kworker/2:2-events] (root,0,0,00:00:00/02:54:37,3398) [kworker/0:2-events] (root,0,0,00:00:00/02:39,4318) [kworker/1:1-ata_sff] (root,0,0,00:00:00/02:10:33,8580) [kworker/0:0] (root,35308,10012,00:00:00/2-03:32:05,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:07/2-03:32:05,8749) sshd: syslogtunnel (root,0,0,00:00:00/01:11:46,13880) [kworker/2:1-events] (root,6656,3492,00:00:00/00:00,15375) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,15377) /bin/bash /usr/bin/check_mk_agent (root,35308,10012,00:00:00/3-09:26:54,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:11/3-09:26:53,15391) sshd: cm-ssh (root,6656,3488,00:00:00/00:00,15406) /bin/bash /usr/bin/check_mk_agent (root,6656,2012,00:00:00/00:00,15454) /bin/bash /usr/bin/check_mk_agent (root,6656,1952,00:00:00/00:00,15458) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,15462) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,15463) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:53,17809) [kworker/3:1-events] (root,0,0,00:00:00/07:52,17830) [kworker/1:2-events] (root,0,0,00:00:00/52:16,22141) [kworker/3:0-events] (postfix,24244,8192,00:00:00/48:50,22236) pickup -l -t fifo -u (root,0,0,00:00:00/04:57:13,26857) [kworker/u8:0-ext4-rsv-conversion] (postfix,44628,9464,00:00:00/3-16:12:39,30472) tlsmgr -l -t unix -u (root,0,0,00:00:01/04:01:19,30834) [kworker/1:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-21 21:59 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e9ff50f8Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:24/7-15:14:18,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-15:14:18,2) [kthreadd] (root,0,0,00:00:00/7-15:14:18,3) [rcu_gp] (root,0,0,00:00:00/7-15:14:18,4) [rcu_par_gp] (root,0,0,00:00:00/7-15:14:18,5) [slub_flushwq] (root,0,0,00:00:00/7-15:14:18,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-15:14:18,9) [mm_percpu_wq] (root,0,0,00:00:00/7-15:14:18,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-15:14:18,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-15:14:18,12) [rcu_tasks_trace] (root,0,0,00:00:13/7-15:14:18,13) [ksoftirqd/0] (root,0,0,00:20:07/7-15:14:18,14) [rcu_preempt] (root,0,0,00:00:02/7-15:14:18,15) [migration/0] (root,0,0,00:00:00/7-15:14:18,16) [idle_inject/0] (root,0,0,00:00:00/7-15:14:18,18) [cpuhp/0] (root,0,0,00:00:00/7-15:14:18,19) [cpuhp/1] (root,0,0,00:00:00/7-15:14:18,20) [idle_inject/1] (root,0,0,00:00:03/7-15:14:18,21) [migration/1] (root,0,0,00:00:11/7-15:14:18,22) [ksoftirqd/1] (root,0,0,00:00:00/7-15:14:18,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-15:14:18,25) [cpuhp/2] (root,0,0,00:00:00/7-15:14:18,26) [idle_inject/2] (root,0,0,00:00:02/7-15:14:18,27) [migration/2] (root,0,0,00:16:15/7-15:14:18,28) [ksoftirqd/2] (root,0,0,00:00:00/7-15:14:18,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-15:14:18,31) [cpuhp/3] (root,0,0,00:00:00/7-15:14:18,32) [idle_inject/3] (root,0,0,00:00:03/7-15:14:18,33) [migration/3] (root,0,0,00:00:43/7-15:14:18,34) [ksoftirqd/3] (root,0,0,00:00:00/7-15:14:18,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-15:14:18,39) [kdevtmpfs] (root,0,0,00:00:00/7-15:14:18,40) [netns] (root,0,0,00:00:00/7-15:14:18,41) [inet_frag_wq] (root,0,0,00:00:02/7-15:14:18,42) [kauditd] (root,0,0,00:00:00/7-15:14:18,43) [khungtaskd] (root,0,0,00:00:00/7-15:14:18,44) [oom_reaper] (root,0,0,00:00:00/7-15:14:18,45) [writeback] (root,0,0,00:00:22/7-15:14:18,46) [kcompactd0] (root,0,0,00:00:00/7-15:14:18,47) [ksmd] (root,0,0,00:00:23/7-15:14:18,48) [khugepaged] (root,0,0,00:00:00/7-15:14:18,74) [kintegrityd] (root,0,0,00:00:00/7-15:14:18,75) [kblockd] (root,0,0,00:00:00/7-15:14:18,76) [blkcg_punt_bio] (root,0,0,00:00:00/7-15:14:18,78) [tpm_dev_wq] (root,0,0,00:00:00/7-15:14:18,79) [edac-poller] (root,0,0,00:00:00/7-15:14:18,80) [devfreq_wq] (root,0,0,00:00:00/7-15:14:18,110) [watchdogd] (root,0,0,00:00:01/7-15:14:18,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-15:14:18,112) [kswapd0] (root,0,0,00:00:00/7-15:14:17,114) [kthrotld] (root,0,0,00:00:00/7-15:14:17,115) [mld] (root,0,0,00:00:00/7-15:14:17,116) [ipv6_addrconf] (root,0,0,00:00:03/7-15:14:17,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/7-15:14:17,122) [kstrp] (root,0,0,00:00:00/7-15:14:17,123) [zswap-shrink] (root,0,0,00:00:00/7-15:14:17,124) [kworker/u9:0] (root,0,0,00:00:00/7-15:14:17,129) [charger_manager] (root,0,0,00:00:01/7-15:14:16,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/7-15:14:16,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-15:14:16,205) [kaluad] (root,0,0,00:00:00/7-15:14:16,250) [kmpath_rdacd] (root,0,0,00:00:00/7-15:14:16,293) [kmpathd] (root,0,0,00:00:00/7-15:14:16,294) [kmpath_handlerd] (root,0,0,00:00:00/7-15:14:16,342) [ata_sff] (root,0,0,00:00:00/7-15:14:15,343) [scsi_eh_0] (root,0,0,00:00:00/7-15:14:15,344) [scsi_tmf_0] (root,0,0,00:00:00/7-15:14:15,345) [scsi_eh_1] (root,0,0,00:00:00/7-15:14:15,346) [scsi_tmf_1] (root,0,0,00:00:11/7-15:14:13,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-15:14:13,367) [ext4-rsv-conver] (root,38604,7900,00:00:13/7-15:14:01,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/7-15:14:00,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:11/7-15:13:58,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:04/7-15:13:24,512) /sbin/auditd (messagebus,22936,5672,00:00:27/7-15:13:24,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:15/7-15:13:24,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/7-15:13:24,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/7-15:13:23,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/7-15:13:23,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:28:09,776) [kworker/3:0-events] (root,547592,25356,00:00:08/7-15:13:09,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/7-15:13:09,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:42/7-15:13:08,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/7-15:13:08,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/7-15:13:08,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/7-15:13:08,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/7-15:13:08,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:13/7-15:13:08,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:00/7-15:13:08,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/7-15:13:08,1206) bpfilter_umh (root,26204,8300,00:00:04/7-15:13:08,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/7-15:13:08,1215) ntpd: asynchronous dns resolver (spot,284532,169636,08:44:16/7-15:13:08,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/7-15:13:07,1228) (sd-pam) (checkmk,48532,3192,00:00:00/7-15:13:07,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/7-15:13:07,1245) (sd-pam) (root,24216,5348,00:00:02/7-15:13:06,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/7-15:13:06,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/7-15:13:05,1354) /usr/sbin/cron -n (root,691080,73620,00:09:47/7-15:12:59,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,43792,00:02:27/7-15:12:45,1380) /usr/bin/python3.11 /usr/bin/spot (postfix,24244,8216,00:00:00/01:27:38,3178) pickup -l -t fifo -u (root,0,0,00:00:00/01:26,5380) [kworker/u8:2-writeback] (root,0,0,00:00:01/03:53:13,7055) [kworker/3:2-events] (root,0,0,00:00:00/01:00:57,7981) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/00:17,8681) [kworker/1:0-ata_sff] (root,35308,10012,00:00:00/07:09:12,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:01/07:09:12,8749) sshd: syslogtunnel (root,6764,3608,00:00:00/00:01,9248) /bin/bash /usr/bin/check_mk_agent (root,6292,3124,00:00:00/00:00,9375) /bin/bash ././mk_inventory.linux (root,43076,22908,00:00:00/00:00,9379) rpm -qa --qf %{NAME}\t%{VERSION}\t%{ARCH}\trpm\t%{RELEASE}\t%{SUMMARY}\t-\n (root,6656,3492,00:00:00/00:00,9472) /bin/bash /usr/bin/check_mk_agent (root,13744,3400,00:00:00/00:00,9490) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,9491) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/17:21,10528) [kworker/2:1-events] (root,0,0,00:00:00/17:20,10529) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/59:05,13261) [kworker/0:2] (root,35308,10012,00:00:00/1-13:04:01,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:05/1-13:04:00,15391) sshd: cm-ssh (root,0,0,00:00:00/05:27,20353) [kworker/1:2-ata_sff] (root,0,0,00:00:00/01:13:23,23924) [kworker/0:0-events] (root,0,0,00:00:00/46:57,24194) [kworker/1:1-events] (postfix,44628,9464,00:00:00/1-19:49:46,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/36:34,31725) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-20 01:36 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a4768d72Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:18/5-14:22:54,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-14:22:54,2) [kthreadd] (root,0,0,00:00:00/5-14:22:54,3) [rcu_gp] (root,0,0,00:00:00/5-14:22:54,4) [rcu_par_gp] (root,0,0,00:00:00/5-14:22:54,5) [slub_flushwq] (root,0,0,00:00:00/5-14:22:54,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-14:22:54,9) [mm_percpu_wq] (root,0,0,00:00:00/5-14:22:54,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-14:22:54,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-14:22:54,12) [rcu_tasks_trace] (root,0,0,00:00:09/5-14:22:54,13) [ksoftirqd/0] (root,0,0,00:14:35/5-14:22:54,14) [rcu_preempt] (root,0,0,00:00:02/5-14:22:54,15) [migration/0] (root,0,0,00:00:00/5-14:22:54,16) [idle_inject/0] (root,0,0,00:00:00/5-14:22:54,18) [cpuhp/0] (root,0,0,00:00:00/5-14:22:54,19) [cpuhp/1] (root,0,0,00:00:00/5-14:22:54,20) [idle_inject/1] (root,0,0,00:00:02/5-14:22:54,21) [migration/1] (root,0,0,00:00:08/5-14:22:54,22) [ksoftirqd/1] (root,0,0,00:00:00/5-14:22:54,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-14:22:54,25) [cpuhp/2] (root,0,0,00:00:00/5-14:22:54,26) [idle_inject/2] (root,0,0,00:00:01/5-14:22:54,27) [migration/2] (root,0,0,00:12:06/5-14:22:54,28) [ksoftirqd/2] (root,0,0,00:00:00/5-14:22:54,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-14:22:54,31) [cpuhp/3] (root,0,0,00:00:00/5-14:22:54,32) [idle_inject/3] (root,0,0,00:00:02/5-14:22:54,33) [migration/3] (root,0,0,00:00:31/5-14:22:54,34) [ksoftirqd/3] (root,0,0,00:00:00/5-14:22:54,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-14:22:54,39) [kdevtmpfs] (root,0,0,00:00:00/5-14:22:54,40) [netns] (root,0,0,00:00:00/5-14:22:54,41) [inet_frag_wq] (root,0,0,00:00:01/5-14:22:54,42) [kauditd] (root,0,0,00:00:00/5-14:22:54,43) [khungtaskd] (root,0,0,00:00:00/5-14:22:54,44) [oom_reaper] (root,0,0,00:00:00/5-14:22:54,45) [writeback] (root,0,0,00:00:15/5-14:22:54,46) [kcompactd0] (root,0,0,00:00:00/5-14:22:54,47) [ksmd] (root,0,0,00:00:16/5-14:22:54,48) [khugepaged] (root,0,0,00:00:00/5-14:22:54,74) [kintegrityd] (root,0,0,00:00:00/5-14:22:54,75) [kblockd] (root,0,0,00:00:00/5-14:22:54,76) [blkcg_punt_bio] (root,0,0,00:00:00/5-14:22:54,78) [tpm_dev_wq] (root,0,0,00:00:00/5-14:22:54,79) [edac-poller] (root,0,0,00:00:00/5-14:22:54,80) [devfreq_wq] (root,0,0,00:00:00/5-14:22:54,110) [watchdogd] (root,0,0,00:00:01/5-14:22:54,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-14:22:54,112) [kswapd0] (root,0,0,00:00:00/5-14:22:53,114) [kthrotld] (root,0,0,00:00:00/5-14:22:53,115) [mld] (root,0,0,00:00:00/5-14:22:53,116) [ipv6_addrconf] (root,0,0,00:00:02/5-14:22:53,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/5-14:22:53,122) [kstrp] (root,0,0,00:00:00/5-14:22:53,123) [zswap-shrink] (root,0,0,00:00:00/5-14:22:53,124) [kworker/u9:0] (root,0,0,00:00:00/5-14:22:53,129) [charger_manager] (root,0,0,00:00:01/5-14:22:52,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/5-14:22:52,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-14:22:52,205) [kaluad] (root,0,0,00:00:00/5-14:22:52,250) [kmpath_rdacd] (root,0,0,00:00:00/5-14:22:52,293) [kmpathd] (root,0,0,00:00:00/5-14:22:52,294) [kmpath_handlerd] (root,0,0,00:00:00/5-14:22:52,342) [ata_sff] (root,0,0,00:00:00/5-14:22:51,343) [scsi_eh_0] (root,0,0,00:00:00/5-14:22:51,344) [scsi_tmf_0] (root,0,0,00:00:00/5-14:22:51,345) [scsi_eh_1] (root,0,0,00:00:00/5-14:22:51,346) [scsi_tmf_1] (root,0,0,00:00:08/5-14:22:49,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-14:22:49,367) [ext4-rsv-conver] (root,38604,7544,00:00:10/5-14:22:37,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/5-14:22:36,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:08/5-14:22:34,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/5-14:22:00,512) /sbin/auditd (messagebus,22936,5824,00:00:20/5-14:22:00,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:11/5-14:22:00,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/5-14:22:00,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/5-14:21:59,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/5-14:21:59,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25572,00:00:06/5-14:21:45,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/5-14:21:45,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:30/5-14:21:44,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/5-14:21:44,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/5-14:21:44,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/5-14:21:44,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/5-14:21:44,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:10/5-14:21:44,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:43/5-14:21:44,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/5-14:21:44,1206) bpfilter_umh (root,26204,8340,00:00:03/5-14:21:44,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/5-14:21:44,1215) ntpd: asynchronous dns resolver (spot,275832,163656,06:08:19/5-14:21:44,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/5-14:21:43,1228) (sd-pam) (checkmk,48532,3192,00:00:00/5-14:21:43,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/5-14:21:43,1245) (sd-pam) (root,24216,5348,00:00:01/5-14:21:42,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/5-14:21:42,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/5-14:21:41,1354) /usr/sbin/cron -n (root,691080,73464,00:07:06/5-14:21:35,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,42500,00:01:46/5-14:21:21,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/10:02,3243) [kworker/u8:1-flush-253:0] (root,6656,3484,00:00:00/00:00,3402) /bin/bash /usr/bin/check_mk_agent (root,6656,1820,00:00:00/00:00,3453) /bin/bash /usr/bin/check_mk_agent (root,6656,2012,00:00:00/00:00,3454) /bin/bash /usr/bin/check_mk_agent (root,4480,1044,00:00:00/00:00,3455) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,812,00:00:00/00:00,3456) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2676,1304,00:00:00/00:00,3457) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3476,00:00:00/00:00,3458) /bin/bash /usr/bin/check_mk_agent (root,13744,3448,00:00:00/00:00,3476) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,3477) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/24:57,4281) [kworker/u8:2] (root,35308,10024,00:00:00/3-16:14:30,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:12/3-16:14:30,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/3-16:14:15,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:11/3-16:14:15,4688) sshd: cm-ssh (root,0,0,00:00:00/05:59,7623) [kworker/3:2-events] (postfix,24244,8216,00:00:00/57:06,11162) pickup -l -t fifo -u (root,0,0,00:00:00/02:41,11640) [kworker/1:2-ata_sff] (root,0,0,00:00:00/27:12,16093) [kworker/2:0-events] (root,0,0,00:00:00/01:48:59,17810) [kworker/3:1-events] (root,0,0,00:00:00/23:27,18198) [kworker/1:1-events] (root,0,0,00:00:00/07:53,24345) [kworker/1:0-ata_sff] (root,0,0,00:00:00/53:00,29441) [kworker/0:0-events] (root,0,0,00:00:01/03:30:53,31879) [kworker/0:2-events] (root,0,0,00:00:02/01:31:38,32749) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-18 00:45 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363641491dcFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:13/3-15:13:52,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-15:13:52,2) [kthreadd] (root,0,0,00:00:00/3-15:13:52,3) [rcu_gp] (root,0,0,00:00:00/3-15:13:52,4) [rcu_par_gp] (root,0,0,00:00:00/3-15:13:52,5) [slub_flushwq] (root,0,0,00:00:00/3-15:13:52,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-15:13:52,9) [mm_percpu_wq] (root,0,0,00:00:00/3-15:13:52,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-15:13:52,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-15:13:52,12) [rcu_tasks_trace] (root,0,0,00:00:06/3-15:13:52,13) [ksoftirqd/0] (root,0,0,00:09:30/3-15:13:52,14) [rcu_preempt] (root,0,0,00:00:01/3-15:13:52,15) [migration/0] (root,0,0,00:00:00/3-15:13:52,16) [idle_inject/0] (root,0,0,00:00:00/3-15:13:52,18) [cpuhp/0] (root,0,0,00:00:00/3-15:13:52,19) [cpuhp/1] (root,0,0,00:00:00/3-15:13:52,20) [idle_inject/1] (root,0,0,00:00:01/3-15:13:52,21) [migration/1] (root,0,0,00:00:05/3-15:13:52,22) [ksoftirqd/1] (root,0,0,00:00:00/3-15:13:52,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-15:13:52,25) [cpuhp/2] (root,0,0,00:00:00/3-15:13:52,26) [idle_inject/2] (root,0,0,00:00:01/3-15:13:52,27) [migration/2] (root,0,0,00:08:02/3-15:13:52,28) [ksoftirqd/2] (root,0,0,00:00:00/3-15:13:52,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-15:13:52,31) [cpuhp/3] (root,0,0,00:00:00/3-15:13:52,32) [idle_inject/3] (root,0,0,00:00:01/3-15:13:52,33) [migration/3] (root,0,0,00:00:20/3-15:13:52,34) [ksoftirqd/3] (root,0,0,00:00:00/3-15:13:52,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-15:13:52,39) [kdevtmpfs] (root,0,0,00:00:00/3-15:13:52,40) [netns] (root,0,0,00:00:00/3-15:13:52,41) [inet_frag_wq] (root,0,0,00:00:01/3-15:13:52,42) [kauditd] (root,0,0,00:00:00/3-15:13:52,43) [khungtaskd] (root,0,0,00:00:00/3-15:13:52,44) [oom_reaper] (root,0,0,00:00:00/3-15:13:52,45) [writeback] (root,0,0,00:00:09/3-15:13:52,46) [kcompactd0] (root,0,0,00:00:00/3-15:13:52,47) [ksmd] (root,0,0,00:00:10/3-15:13:52,48) [khugepaged] (root,0,0,00:00:00/3-15:13:52,74) [kintegrityd] (root,0,0,00:00:00/3-15:13:52,75) [kblockd] (root,0,0,00:00:00/3-15:13:52,76) [blkcg_punt_bio] (root,0,0,00:00:00/3-15:13:52,78) [tpm_dev_wq] (root,0,0,00:00:00/3-15:13:52,79) [edac-poller] (root,0,0,00:00:00/3-15:13:52,80) [devfreq_wq] (root,0,0,00:00:00/3-15:13:52,110) [watchdogd] (root,0,0,00:00:00/3-15:13:52,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-15:13:52,112) [kswapd0] (root,0,0,00:00:00/3-15:13:51,114) [kthrotld] (root,0,0,00:00:00/3-15:13:51,115) [mld] (root,0,0,00:00:00/3-15:13:51,116) [ipv6_addrconf] (root,0,0,00:00:01/3-15:13:51,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-15:13:51,122) [kstrp] (root,0,0,00:00:00/3-15:13:51,123) [zswap-shrink] (root,0,0,00:00:00/3-15:13:51,124) [kworker/u9:0] (root,0,0,00:00:00/3-15:13:51,129) [charger_manager] (root,0,0,00:00:00/3-15:13:50,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-15:13:50,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-15:13:50,205) [kaluad] (root,0,0,00:00:00/3-15:13:50,250) [kmpath_rdacd] (root,0,0,00:00:00/3-15:13:50,293) [kmpathd] (root,0,0,00:00:00/3-15:13:50,294) [kmpath_handlerd] (root,0,0,00:00:00/3-15:13:50,342) [ata_sff] (root,0,0,00:00:00/3-15:13:49,343) [scsi_eh_0] (root,0,0,00:00:00/3-15:13:49,344) [scsi_tmf_0] (root,0,0,00:00:00/3-15:13:49,345) [scsi_eh_1] (root,0,0,00:00:00/3-15:13:49,346) [scsi_tmf_1] (root,0,0,00:00:05/3-15:13:47,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-15:13:47,367) [ext4-rsv-conver] (root,38604,7544,00:00:07/3-15:13:35,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/3-15:13:34,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:05/3-15:13:32,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/3-15:12:58,512) /sbin/auditd (messagebus,22936,5824,00:00:14/3-15:12:58,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:08/3-15:12:58,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/3-15:12:58,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/3-15:12:57,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/3-15:12:57,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24748,00:00:04/3-15:12:43,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/3-15:12:43,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:18/3-15:12:42,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/3-15:12:42,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/3-15:12:42,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/3-15:12:42,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/3-15:12:42,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:07/3-15:12:42,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:28/3-15:12:42,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/3-15:12:42,1206) bpfilter_umh (root,26204,8340,00:00:02/3-15:12:42,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/3-15:12:42,1215) ntpd: asynchronous dns resolver (spot,273500,162208,04:12:21/3-15:12:42,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/3-15:12:41,1228) (sd-pam) (checkmk,48532,3192,00:00:00/3-15:12:41,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/3-15:12:41,1245) (sd-pam) (root,0,0,00:00:00/20:37,1284) [kworker/2:1] (root,24216,5348,00:00:01/3-15:12:40,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-15:12:40,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/3-15:12:39,1354) /usr/sbin/cron -n (root,689544,71904,00:04:39/3-15:12:33,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,207296,41156,00:01:10/3-15:12:19,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:09:54,1655) [kworker/0:1-events] (root,0,0,00:00:04/03:45:14,3235) [kworker/2:0-events] (root,35308,10024,00:00:00/1-17:05:28,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:05/1-17:05:28,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/1-17:05:13,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:05/1-17:05:13,4688) sshd: cm-ssh (root,0,0,00:00:00/02:23:02,4707) [kworker/0:2-events] (postfix,24244,8164,00:00:00/30:02,13818) pickup -l -t fifo -u (root,6656,3488,00:00:00/00:00,18449) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,18467) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,18468) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/01:32:11,19322) [kworker/1:1-events] (root,0,0,00:00:00/01:30:31,25346) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/09:11,25518) [kworker/1:2-ata_sff] (root,0,0,00:00:00/08:50,26463) [kworker/3:0-events] (root,0,0,00:00:00/04:01,28129) [kworker/1:0-ata_sff] (root,0,0,00:00:00/05:20:29,30146) [kworker/u8:2] (root,0,0,00:00:00/44:04,30663) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-16 01:36 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363414a539bFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12672,00:00:07/1-14:29:59,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-14:29:59,2) [kthreadd] (root,0,0,00:00:00/1-14:29:59,3) [rcu_gp] (root,0,0,00:00:00/1-14:29:59,4) [rcu_par_gp] (root,0,0,00:00:00/1-14:29:59,5) [slub_flushwq] (root,0,0,00:00:00/1-14:29:59,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-14:29:59,9) [mm_percpu_wq] (root,0,0,00:00:00/1-14:29:59,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-14:29:59,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-14:29:59,12) [rcu_tasks_trace] (root,0,0,00:00:02/1-14:29:59,13) [ksoftirqd/0] (root,0,0,00:04:09/1-14:29:59,14) [rcu_preempt] (root,0,0,00:00:00/1-14:29:59,15) [migration/0] (root,0,0,00:00:00/1-14:29:59,16) [idle_inject/0] (root,0,0,00:00:00/1-14:29:59,18) [cpuhp/0] (root,0,0,00:00:00/1-14:29:59,19) [cpuhp/1] (root,0,0,00:00:00/1-14:29:59,20) [idle_inject/1] (root,0,0,00:00:00/1-14:29:59,21) [migration/1] (root,0,0,00:00:02/1-14:29:59,22) [ksoftirqd/1] (root,0,0,00:00:00/1-14:29:59,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-14:29:59,25) [cpuhp/2] (root,0,0,00:00:00/1-14:29:59,26) [idle_inject/2] (root,0,0,00:00:00/1-14:29:59,27) [migration/2] (root,0,0,00:03:26/1-14:29:59,28) [ksoftirqd/2] (root,0,0,00:00:00/1-14:29:59,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-14:29:59,31) [cpuhp/3] (root,0,0,00:00:00/1-14:29:59,32) [idle_inject/3] (root,0,0,00:00:00/1-14:29:59,33) [migration/3] (root,0,0,00:00:08/1-14:29:59,34) [ksoftirqd/3] (root,0,0,00:00:00/1-14:29:59,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-14:29:59,39) [kdevtmpfs] (root,0,0,00:00:00/1-14:29:59,40) [netns] (root,0,0,00:00:00/1-14:29:59,41) [inet_frag_wq] (root,0,0,00:00:00/1-14:29:59,42) [kauditd] (root,0,0,00:00:00/1-14:29:59,43) [khungtaskd] (root,0,0,00:00:00/1-14:29:59,44) [oom_reaper] (root,0,0,00:00:00/1-14:29:59,45) [writeback] (root,0,0,00:00:04/1-14:29:59,46) [kcompactd0] (root,0,0,00:00:00/1-14:29:59,47) [ksmd] (root,0,0,00:00:04/1-14:29:59,48) [khugepaged] (root,0,0,00:00:00/1-14:29:59,74) [kintegrityd] (root,0,0,00:00:00/1-14:29:59,75) [kblockd] (root,0,0,00:00:00/1-14:29:59,76) [blkcg_punt_bio] (root,0,0,00:00:00/1-14:29:59,78) [tpm_dev_wq] (root,0,0,00:00:00/1-14:29:59,79) [edac-poller] (root,0,0,00:00:00/1-14:29:59,80) [devfreq_wq] (root,0,0,00:00:00/1-14:29:59,110) [watchdogd] (root,0,0,00:00:00/1-14:29:59,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-14:29:59,112) [kswapd0] (root,0,0,00:00:00/1-14:29:58,114) [kthrotld] (root,0,0,00:00:00/1-14:29:58,115) [mld] (root,0,0,00:00:00/1-14:29:58,116) [ipv6_addrconf] (root,0,0,00:00:00/1-14:29:58,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-14:29:58,122) [kstrp] (root,0,0,00:00:00/1-14:29:58,123) [zswap-shrink] (root,0,0,00:00:00/1-14:29:58,124) [kworker/u9:0] (root,0,0,00:00:00/1-14:29:58,129) [charger_manager] (root,0,0,00:00:00/1-14:29:57,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-14:29:57,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-14:29:57,205) [kaluad] (root,0,0,00:00:00/1-14:29:57,250) [kmpath_rdacd] (root,0,0,00:00:00/1-14:29:57,293) [kmpathd] (root,0,0,00:00:00/1-14:29:57,294) [kmpath_handlerd] (root,0,0,00:00:00/1-14:29:57,342) [ata_sff] (root,0,0,00:00:00/1-14:29:56,343) [scsi_eh_0] (root,0,0,00:00:00/1-14:29:56,344) [scsi_tmf_0] (root,0,0,00:00:00/1-14:29:56,345) [scsi_eh_1] (root,0,0,00:00:00/1-14:29:56,346) [scsi_tmf_1] (root,0,0,00:00:02/1-14:29:54,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-14:29:54,367) [ext4-rsv-conver] (root,38604,7544,00:00:03/1-14:29:42,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/1-14:29:41,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:02/1-14:29:39,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/1-14:29:05,512) /sbin/auditd (messagebus,22936,5824,00:00:07/1-14:29:05,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8508,00:00:03/1-14:29:05,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/1-14:29:05,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/1-14:29:04,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/1-14:29:04,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24220,00:00:02/1-14:28:50,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/1-14:28:50,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:07/1-14:28:49,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/1-14:28:49,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/1-14:28:49,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/1-14:28:49,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/1-14:28:49,1201) /usr/lib/systemd/systemd --user (root,448724,7840,00:00:03/1-14:28:49,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:12/1-14:28:49,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/1-14:28:49,1206) bpfilter_umh (root,26204,8340,00:00:01/1-14:28:49,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/1-14:28:49,1215) ntpd: asynchronous dns resolver (spot,198884,161656,01:47:33/1-14:28:49,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/1-14:28:48,1228) (sd-pam) (checkmk,48532,3192,00:00:00/1-14:28:48,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/1-14:28:48,1245) (sd-pam) (root,24216,5348,00:00:00/1-14:28:47,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/1-14:28:47,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/1-14:28:46,1354) /usr/sbin/cron -n (root,35308,9992,00:00:00/1-14:28:42,1368) sshd: syslogtunnel [priv] (syslogtunnel,35308,5400,00:00:05/1-14:28:42,1371) sshd: syslogtunnel (root,689288,71288,00:02:05/1-14:28:40,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,40784,00:00:32/1-14:28:26,1380) /usr/bin/python3.11 /usr/bin/spot (root,35308,9976,00:00:00/1-14:28:07,1434) sshd: cm-ssh [priv] (cm-ssh,35308,5468,00:00:04/1-14:28:07,1436) sshd: cm-ssh (root,0,0,00:00:00/36:52,4324) [kworker/3:1-events] (root,0,0,00:00:00/02:06,9053) [kworker/0:1-events] (root,0,0,00:00:00/01:05:01,9251) [kworker/0:2-cgroup_destroy] (root,0,0,00:00:00/26:46,10983) [kworker/1:1-events] (root,0,0,00:00:00/26:40,11248) [kworker/u8:0-writeback] (root,0,0,00:00:00/00:49,13254) [kworker/1:2-ata_sff] (root,0,0,00:00:00/09:07,17050) [kworker/3:0-events] (root,6656,3484,00:00:00/00:00,18126) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,18144) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,18145) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8184,00:00:00/08:07,18869) pickup -l -t fifo -u (root,0,0,00:00:00/06:02,21402) [kworker/1:0-ata_sff] (root,0,0,00:00:00/16:15,23650) [kworker/2:1] (root,0,0,00:00:00/01:52:01,28896) [kworker/0:0-events] (root,0,0,00:00:00/01:51:41,29594) [kworker/u8:1] (root,0,0,00:00:01/01:08:38,32356) [kworker/2:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-14 00:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836340554546Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12368,00:03:07/62-14:08:03,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/62-14:08:03,2) [kthreadd] (root,0,0,00:00:00/62-14:08:03,3) [rcu_gp] (root,0,0,00:00:00/62-14:08:03,4) [rcu_par_gp] (root,0,0,00:00:00/62-14:08:03,5) [slub_flushwq] (root,0,0,00:00:00/62-14:08:03,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/62-14:08:03,9) [mm_percpu_wq] (root,0,0,00:00:00/62-14:08:03,10) [rcu_tasks_kthre] (root,0,0,00:00:00/62-14:08:03,11) [rcu_tasks_rude_] (root,0,0,00:00:00/62-14:08:03,12) [rcu_tasks_trace] (root,0,0,00:01:52/62-14:08:03,13) [ksoftirqd/0] (root,0,0,02:54:12/62-14:08:03,14) [rcu_preempt] (root,0,0,00:00:23/62-14:08:03,15) [migration/0] (root,0,0,00:00:00/62-14:08:03,16) [idle_inject/0] (root,0,0,00:00:00/62-14:08:03,18) [cpuhp/0] (root,0,0,00:00:00/62-14:08:03,19) [cpuhp/1] (root,0,0,00:00:00/62-14:08:03,20) [idle_inject/1] (root,0,0,00:00:23/62-14:08:03,21) [migration/1] (root,0,0,00:01:33/62-14:08:03,22) [ksoftirqd/1] (root,0,0,00:00:00/62-14:08:03,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/62-14:08:03,25) [cpuhp/2] (root,0,0,00:00:00/62-14:08:03,26) [idle_inject/2] (root,0,0,00:00:17/62-14:08:03,27) [migration/2] (root,0,0,01:53:33/62-14:08:03,28) [ksoftirqd/2] (root,0,0,00:00:00/62-14:08:03,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/62-14:08:03,31) [cpuhp/3] (root,0,0,00:00:00/62-14:08:03,32) [idle_inject/3] (root,0,0,00:00:22/62-14:08:03,33) [migration/3] (root,0,0,00:05:43/62-14:08:03,34) [ksoftirqd/3] (root,0,0,00:00:00/62-14:08:03,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/62-14:08:03,40) [kdevtmpfs] (root,0,0,00:00:00/62-14:08:03,41) [netns] (root,0,0,00:00:00/62-14:08:03,42) [inet_frag_wq] (root,0,0,00:00:22/62-14:08:03,43) [kauditd] (root,0,0,00:00:00/62-14:08:03,44) [khungtaskd] (root,0,0,00:00:00/62-14:08:03,45) [oom_reaper] (root,0,0,00:00:00/62-14:08:03,46) [writeback] (root,0,0,00:03:11/62-14:08:03,47) [kcompactd0] (root,0,0,00:00:00/62-14:08:03,48) [ksmd] (root,0,0,00:03:27/62-14:08:03,49) [khugepaged] (root,0,0,00:00:00/62-14:08:03,75) [kintegrityd] (root,0,0,00:00:00/62-14:08:03,76) [kblockd] (root,0,0,00:00:00/62-14:08:03,77) [blkcg_punt_bio] (root,0,0,00:00:00/62-14:08:03,79) [tpm_dev_wq] (root,0,0,00:00:00/62-14:08:03,80) [edac-poller] (root,0,0,00:00:00/62-14:08:03,81) [devfreq_wq] (root,0,0,00:00:00/62-14:08:03,110) [watchdogd] (root,0,0,00:00:05/62-14:08:03,111) [kswapd0] (root,0,0,00:00:16/62-14:08:03,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/62-14:08:01,115) [kthrotld] (root,0,0,00:00:00/62-14:08:01,116) [mld] (root,0,0,00:00:00/62-14:08:01,117) [ipv6_addrconf] (root,0,0,00:00:16/62-14:08:01,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/62-14:08:01,123) [kstrp] (root,0,0,00:00:00/62-14:08:01,124) [zswap-shrink] (root,0,0,00:00:00/62-14:08:01,125) [kworker/u9:0] (root,0,0,00:00:00/62-14:08:01,130) [charger_manager] (root,0,0,00:00:18/62-14:08:01,172) [kworker/1:1H-kblockd] (root,0,0,00:00:27/62-14:08:01,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/62-14:08:00,239) [kaluad] (root,0,0,00:00:00/62-14:08:00,258) [kmpath_rdacd] (root,0,0,00:00:00/62-14:08:00,304) [kmpathd] (root,0,0,00:00:00/62-14:08:00,305) [kmpath_handlerd] (root,0,0,00:00:00/62-14:07:59,342) [ata_sff] (root,0,0,00:00:00/62-14:07:59,343) [scsi_eh_0] (root,0,0,00:00:00/62-14:07:59,344) [scsi_tmf_0] (root,0,0,00:00:00/62-14:07:59,345) [scsi_eh_1] (root,0,0,00:00:00/62-14:07:59,346) [scsi_tmf_1] (root,0,0,00:01:59/62-14:07:56,366) [jbd2/vda1-8] (root,0,0,00:00:00/62-14:07:56,367) [ext4-rsv-conver] (root,38604,7852,00:01:47/62-14:07:44,440) /usr/lib/systemd/systemd-journald (root,53296,9324,00:00:07/62-14:07:43,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:36/62-14:07:41,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1584,00:00:39/62-14:07:10,511) /sbin/auditd (messagebus,22932,5400,00:03:34/62-14:07:09,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38880,8288,00:02:01/62-14:07:09,530) /usr/lib/systemd/systemd-logind (root,20556,4152,00:00:00/62-14:07:09,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15472,00:00:03/62-14:07:07,611) /usr/sbin/wickedd --systemd --foreground (root,31900,15904,00:00:00/62-14:07:07,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549384,31628,00:01:13/62-14:06:53,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/62-14:06:53,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:06:04/62-14:06:53,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/62-14:06:53,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/62-14:06:53,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/62-14:06:53,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/62-14:06:53,1343) /usr/lib/systemd/systemd --user (root,449060,7988,00:01:56/62-14:06:53,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:52/62-14:06:53,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/62-14:06:53,1352) bpfilter_umh (root,26204,8096,00:00:33/62-14:06:53,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/62-14:06:53,1359) ntpd: asynchronous dns resolver (spot,362672,213560,3-11:08:58/62-14:06:52,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/62-14:06:52,1371) (sd-pam) (checkmk,48528,3180,00:00:00/62-14:06:52,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/62-14:06:52,1373) (sd-pam) (root,24216,5256,00:00:22/62-14:06:50,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/62-14:06:50,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/62-14:06:50,1485) /usr/sbin/cron -n (root,699464,78300,01:26:27/62-14:06:44,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/01:42:38,1818) [kworker/1:0-events] (spot,236992,82964,00:31:55/62-14:06:32,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9104,00:00:02/56-19:42:07,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/18:29,3650) [kworker/u8:1-writeback] (root,0,0,00:00:00/04:14,4817) [kworker/0:2] (root,0,0,00:00:00/04:13,4818) [kworker/3:2-ata_sff] (root,0,0,00:00:00/11:37,6230) [kworker/2:0] (root,35304,10040,00:00:00/24-14:35:02,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:32/24-14:35:01,10514) sshd: syslogtunnel (root,0,0,00:00:00/16:34,11889) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/01:45,12388) [kworker/1:2] (root,0,0,00:00:00/01:56:05,12427) [kworker/u8:2-ext4-rsv-conversion] (root,6656,3516,00:00:00/00:00,13323) /bin/bash /usr/bin/check_mk_agent (root,6656,3480,00:00:00/00:00,13413) /bin/bash /usr/bin/check_mk_agent (root,13744,3512,00:00:00/00:00,13433) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,6656,3464,00:00:00/00:00,13434) /bin/bash /usr/bin/check_mk_agent (root,11644,964,00:00:00/00:00,13435) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/09:24,14279) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:05:48,14894) [kworker/1:1-cgroup_destroy] (root,0,0,00:00:01/03:08:41,19079) [kworker/2:2-events] (postfix,24244,8252,00:00:00/01:17:34,21014) pickup -l -t fifo -u (root,0,0,00:00:00/01:27:13,25290) [kworker/3:1-events] (root,0,0,00:00:00/01:25:27,30822) [kworker/0:1-events] (root,35308,10028,00:00:00/24-15:21:15,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:22/24-15:21:14,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-12 00:56 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e89a6b38Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:58/60-14:11:34,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/60-14:11:34,2) [kthreadd] (root,0,0,00:00:00/60-14:11:34,3) [rcu_gp] (root,0,0,00:00:00/60-14:11:34,4) [rcu_par_gp] (root,0,0,00:00:00/60-14:11:34,5) [slub_flushwq] (root,0,0,00:00:00/60-14:11:34,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/60-14:11:34,9) [mm_percpu_wq] (root,0,0,00:00:00/60-14:11:34,10) [rcu_tasks_kthre] (root,0,0,00:00:00/60-14:11:34,11) [rcu_tasks_rude_] (root,0,0,00:00:00/60-14:11:34,12) [rcu_tasks_trace] (root,0,0,00:01:48/60-14:11:34,13) [ksoftirqd/0] (root,0,0,02:49:06/60-14:11:34,14) [rcu_preempt] (root,0,0,00:00:23/60-14:11:34,15) [migration/0] (root,0,0,00:00:00/60-14:11:34,16) [idle_inject/0] (root,0,0,00:00:00/60-14:11:34,18) [cpuhp/0] (root,0,0,00:00:00/60-14:11:34,19) [cpuhp/1] (root,0,0,00:00:00/60-14:11:34,20) [idle_inject/1] (root,0,0,00:00:23/60-14:11:34,21) [migration/1] (root,0,0,00:01:30/60-14:11:34,22) [ksoftirqd/1] (root,0,0,00:00:00/60-14:11:34,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/60-14:11:34,25) [cpuhp/2] (root,0,0,00:00:00/60-14:11:34,26) [idle_inject/2] (root,0,0,00:00:17/60-14:11:34,27) [migration/2] (root,0,0,01:49:36/60-14:11:34,28) [ksoftirqd/2] (root,0,0,00:00:00/60-14:11:34,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/60-14:11:34,31) [cpuhp/3] (root,0,0,00:00:00/60-14:11:34,32) [idle_inject/3] (root,0,0,00:00:21/60-14:11:34,33) [migration/3] (root,0,0,00:05:33/60-14:11:34,34) [ksoftirqd/3] (root,0,0,00:00:00/60-14:11:34,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/60-14:11:34,40) [kdevtmpfs] (root,0,0,00:00:00/60-14:11:34,41) [netns] (root,0,0,00:00:00/60-14:11:34,42) [inet_frag_wq] (root,0,0,00:00:21/60-14:11:34,43) [kauditd] (root,0,0,00:00:00/60-14:11:34,44) [khungtaskd] (root,0,0,00:00:00/60-14:11:34,45) [oom_reaper] (root,0,0,00:00:00/60-14:11:34,46) [writeback] (root,0,0,00:03:05/60-14:11:34,47) [kcompactd0] (root,0,0,00:00:00/60-14:11:34,48) [ksmd] (root,0,0,00:03:21/60-14:11:34,49) [khugepaged] (root,0,0,00:00:00/60-14:11:34,75) [kintegrityd] (root,0,0,00:00:00/60-14:11:34,76) [kblockd] (root,0,0,00:00:00/60-14:11:34,77) [blkcg_punt_bio] (root,0,0,00:00:00/60-14:11:34,79) [tpm_dev_wq] (root,0,0,00:00:00/60-14:11:34,80) [edac-poller] (root,0,0,00:00:00/60-14:11:34,81) [devfreq_wq] (root,0,0,00:00:00/60-14:11:34,110) [watchdogd] (root,0,0,00:00:04/60-14:11:34,111) [kswapd0] (root,0,0,00:00:15/60-14:11:34,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/60-14:11:32,115) [kthrotld] (root,0,0,00:00:00/60-14:11:32,116) [mld] (root,0,0,00:00:00/60-14:11:32,117) [ipv6_addrconf] (root,0,0,00:00:16/60-14:11:32,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/60-14:11:32,123) [kstrp] (root,0,0,00:00:00/60-14:11:32,124) [zswap-shrink] (root,0,0,00:00:00/60-14:11:32,125) [kworker/u9:0] (root,0,0,00:00:00/60-14:11:32,130) [charger_manager] (root,0,0,00:00:18/60-14:11:32,172) [kworker/1:1H-kblockd] (root,0,0,00:00:26/60-14:11:32,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/60-14:11:31,239) [kaluad] (root,0,0,00:00:00/60-14:11:31,258) [kmpath_rdacd] (root,0,0,00:00:00/60-14:11:31,304) [kmpathd] (root,0,0,00:00:00/60-14:11:31,305) [kmpath_handlerd] (root,0,0,00:00:00/60-14:11:30,342) [ata_sff] (root,0,0,00:00:00/60-14:11:30,343) [scsi_eh_0] (root,0,0,00:00:00/60-14:11:30,344) [scsi_tmf_0] (root,0,0,00:00:00/60-14:11:30,345) [scsi_eh_1] (root,0,0,00:00:00/60-14:11:30,346) [scsi_tmf_1] (root,0,0,00:01:56/60-14:11:27,366) [jbd2/vda1-8] (root,0,0,00:00:00/60-14:11:27,367) [ext4-rsv-conver] (root,38604,7852,00:01:43/60-14:11:15,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/60-14:11:14,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:33/60-14:11:12,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:37/60-14:10:41,511) /sbin/auditd (messagebus,22932,5400,00:03:24/60-14:10:40,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8268,00:01:55/60-14:10:40,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/60-14:10:40,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/60-14:10:38,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/60-14:10:38,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549384,31636,00:01:11/60-14:10:24,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/60-14:10:24,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:54/60-14:10:24,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/60-14:10:24,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/60-14:10:24,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/60-14:10:24,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/60-14:10:24,1343) /usr/lib/systemd/systemd --user (root,449060,8208,00:01:51/60-14:10:24,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:36/60-14:10:24,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/60-14:10:24,1352) bpfilter_umh (root,26204,8096,00:00:31/60-14:10:24,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/60-14:10:24,1359) ntpd: asynchronous dns resolver (spot,362400,213508,3-08:29:32/60-14:10:23,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/60-14:10:23,1371) (sd-pam) (checkmk,48528,3180,00:00:00/60-14:10:23,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/60-14:10:23,1373) (sd-pam) (root,24216,5260,00:00:21/60-14:10:21,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/60-14:10:21,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/60-14:10:21,1485) /usr/sbin/cron -n (root,699208,80092,01:23:46/60-14:10:15,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,235968,82040,00:31:05/60-14:10:03,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/54-19:45:38,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/06:03,7686) [kworker/0:0] (root,0,0,00:00:00/24:55,9258) [kworker/2:2-events] (root,35304,10040,00:00:00/22-14:38:33,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:24/22-14:38:32,10514) sshd: syslogtunnel (root,0,0,00:00:00/02:30:14,12806) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:01/02:07:38,13124) [kworker/3:2-events] (root,0,0,00:00:00/02:35,14712) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:50:38,15347) [kworker/2:0-events] (postfix,24244,8244,00:00:00/02:02,16450) pickup -l -t fifo -u (root,0,0,00:00:00/34:09,17961) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/01:16,18947) [kworker/2:1] (root,0,0,00:00:00/41:33,20158) [kworker/1:1-events] (root,6656,3488,00:00:00/00:00,23424) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,23442) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,23443) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:07:43,24113) [kworker/0:2-events] (root,0,0,00:00:00/17:49,25821) [kworker/1:0-events] (root,35308,10028,00:00:00/22-15:24:46,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:15/22-15:24:45,30947) sshd: cm-ssh (root,0,0,00:00:00/07:45,31426) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-10 01:00 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d9557915Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,14416,00:02:49/58-14:24:08,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/58-14:24:08,2) [kthreadd] (root,0,0,00:00:00/58-14:24:08,3) [rcu_gp] (root,0,0,00:00:00/58-14:24:08,4) [rcu_par_gp] (root,0,0,00:00:00/58-14:24:08,5) [slub_flushwq] (root,0,0,00:00:00/58-14:24:08,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/58-14:24:08,9) [mm_percpu_wq] (root,0,0,00:00:00/58-14:24:08,10) [rcu_tasks_kthre] (root,0,0,00:00:00/58-14:24:08,11) [rcu_tasks_rude_] (root,0,0,00:00:00/58-14:24:08,12) [rcu_tasks_trace] (root,0,0,00:01:44/58-14:24:08,13) [ksoftirqd/0] (root,0,0,02:43:57/58-14:24:08,14) [rcu_preempt] (root,0,0,00:00:22/58-14:24:08,15) [migration/0] (root,0,0,00:00:00/58-14:24:08,16) [idle_inject/0] (root,0,0,00:00:00/58-14:24:08,18) [cpuhp/0] (root,0,0,00:00:00/58-14:24:08,19) [cpuhp/1] (root,0,0,00:00:00/58-14:24:08,20) [idle_inject/1] (root,0,0,00:00:22/58-14:24:08,21) [migration/1] (root,0,0,00:01:26/58-14:24:08,22) [ksoftirqd/1] (root,0,0,00:00:00/58-14:24:08,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/58-14:24:08,25) [cpuhp/2] (root,0,0,00:00:00/58-14:24:08,26) [idle_inject/2] (root,0,0,00:00:16/58-14:24:08,27) [migration/2] (root,0,0,01:44:50/58-14:24:08,28) [ksoftirqd/2] (root,0,0,00:00:00/58-14:24:08,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/58-14:24:08,31) [cpuhp/3] (root,0,0,00:00:00/58-14:24:08,32) [idle_inject/3] (root,0,0,00:00:20/58-14:24:08,33) [migration/3] (root,0,0,00:05:21/58-14:24:08,34) [ksoftirqd/3] (root,0,0,00:00:00/58-14:24:08,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/58-14:24:08,40) [kdevtmpfs] (root,0,0,00:00:00/58-14:24:08,41) [netns] (root,0,0,00:00:00/58-14:24:08,42) [inet_frag_wq] (root,0,0,00:00:20/58-14:24:08,43) [kauditd] (root,0,0,00:00:00/58-14:24:08,44) [khungtaskd] (root,0,0,00:00:00/58-14:24:08,45) [oom_reaper] (root,0,0,00:00:00/58-14:24:08,46) [writeback] (root,0,0,00:02:59/58-14:24:08,47) [kcompactd0] (root,0,0,00:00:00/58-14:24:08,48) [ksmd] (root,0,0,00:03:14/58-14:24:08,49) [khugepaged] (root,0,0,00:00:00/58-14:24:08,75) [kintegrityd] (root,0,0,00:00:00/58-14:24:08,76) [kblockd] (root,0,0,00:00:00/58-14:24:08,77) [blkcg_punt_bio] (root,0,0,00:00:00/58-14:24:08,79) [tpm_dev_wq] (root,0,0,00:00:00/58-14:24:08,80) [edac-poller] (root,0,0,00:00:00/58-14:24:08,81) [devfreq_wq] (root,0,0,00:00:00/58-14:24:08,110) [watchdogd] (root,0,0,00:00:04/58-14:24:08,111) [kswapd0] (root,0,0,00:00:15/58-14:24:08,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/58-14:24:06,115) [kthrotld] (root,0,0,00:00:00/58-14:24:06,116) [mld] (root,0,0,00:00:00/58-14:24:06,117) [ipv6_addrconf] (root,0,0,00:00:16/58-14:24:06,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/58-14:24:06,123) [kstrp] (root,0,0,00:00:00/58-14:24:06,124) [zswap-shrink] (root,0,0,00:00:00/58-14:24:06,125) [kworker/u9:0] (root,0,0,00:00:00/58-14:24:06,130) [charger_manager] (root,0,0,00:00:17/58-14:24:06,172) [kworker/1:1H-kblockd] (root,0,0,00:00:25/58-14:24:06,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/58-14:24:05,239) [kaluad] (root,0,0,00:00:00/58-14:24:05,258) [kmpath_rdacd] (root,0,0,00:00:00/58-14:24:05,304) [kmpathd] (root,0,0,00:00:00/58-14:24:05,305) [kmpath_handlerd] (root,0,0,00:00:00/58-14:24:04,342) [ata_sff] (root,0,0,00:00:00/58-14:24:04,343) [scsi_eh_0] (root,0,0,00:00:00/58-14:24:04,344) [scsi_tmf_0] (root,0,0,00:00:00/58-14:24:04,345) [scsi_eh_1] (root,0,0,00:00:00/58-14:24:04,346) [scsi_tmf_1] (root,0,0,00:01:52/58-14:24:01,366) [jbd2/vda1-8] (root,0,0,00:00:00/58-14:24:01,367) [ext4-rsv-conver] (root,38604,7852,00:01:38/58-14:23:49,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/58-14:23:48,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:30/58-14:23:46,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:35/58-14:23:15,511) /sbin/auditd (messagebus,22932,5400,00:03:13/58-14:23:14,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:49/58-14:23:14,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/58-14:23:14,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/58-14:23:12,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/58-14:23:12,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549128,31272,00:01:09/58-14:22:58,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/58-14:22:58,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:44/58-14:22:58,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/58-14:22:58,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/58-14:22:58,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/58-14:22:58,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/58-14:22:58,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:47/58-14:22:58,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:21/58-14:22:58,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/58-14:22:58,1352) bpfilter_umh (root,26204,8096,00:00:30/58-14:22:58,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/58-14:22:58,1359) ntpd: asynchronous dns resolver (spot,363904,214652,3-05:26:51/58-14:22:57,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/58-14:22:57,1371) (sd-pam) (checkmk,48528,3180,00:00:00/58-14:22:57,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/58-14:22:57,1373) (sd-pam) (root,24216,5260,00:00:20/58-14:22:55,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/58-14:22:55,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/58-14:22:55,1485) /usr/sbin/cron -n (root,698952,79684,01:21:03/58-14:22:49,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,234944,80364,00:30:17/58-14:22:37,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/52-19:58:12,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/05:18,3048) [kworker/2:2-events] (root,35304,10040,00:00:00/20-14:51:07,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:17/20-14:51:06,10514) sshd: syslogtunnel (postfix,24244,8144,00:00:00/36:26,12925) pickup -l -t fifo -u (root,0,0,00:00:00/41:38,18745) [kworker/0:1-events] (root,0,0,00:00:00/34:45,19023) [kworker/1:0-events] (root,0,0,00:00:00/21:43,19227) [kworker/3:1-events] (root,0,0,00:00:00/00:59,20983) [kworker/3:0-ata_sff] (root,0,0,00:00:00/55:29,21124) [kworker/2:1-events] (root,0,0,00:00:00/07:47,25238) [kworker/u8:2-flush-253:0] (root,0,0,00:00:01/03:26:06,26097) [kworker/0:2-events] (root,6656,3484,00:00:00/00:00,27155) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,27173) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,27174) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/16:17,28268) [kworker/1:1-events] (root,0,0,00:00:00/16:09,28459) [kworker/u8:1-flush-253:0] (root,35308,10028,00:00:00/20-15:37:20,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:09/20-15:37:19,30947) sshd: cm-ssh (root,0,0,00:00:00/06:10,31754) [kworker/3:2-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-08 01:12 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683638a0a9865Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:40/56-14:08:51,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/56-14:08:51,2) [kthreadd] (root,0,0,00:00:00/56-14:08:51,3) [rcu_gp] (root,0,0,00:00:00/56-14:08:51,4) [rcu_par_gp] (root,0,0,00:00:00/56-14:08:51,5) [slub_flushwq] (root,0,0,00:00:00/56-14:08:51,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/56-14:08:51,9) [mm_percpu_wq] (root,0,0,00:00:00/56-14:08:51,10) [rcu_tasks_kthre] (root,0,0,00:00:00/56-14:08:51,11) [rcu_tasks_rude_] (root,0,0,00:00:00/56-14:08:51,12) [rcu_tasks_trace] (root,0,0,00:01:41/56-14:08:51,13) [ksoftirqd/0] (root,0,0,02:38:36/56-14:08:51,14) [rcu_preempt] (root,0,0,00:00:21/56-14:08:51,15) [migration/0] (root,0,0,00:00:00/56-14:08:51,16) [idle_inject/0] (root,0,0,00:00:00/56-14:08:51,18) [cpuhp/0] (root,0,0,00:00:00/56-14:08:51,19) [cpuhp/1] (root,0,0,00:00:00/56-14:08:51,20) [idle_inject/1] (root,0,0,00:00:21/56-14:08:51,21) [migration/1] (root,0,0,00:01:23/56-14:08:51,22) [ksoftirqd/1] (root,0,0,00:00:00/56-14:08:51,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/56-14:08:51,25) [cpuhp/2] (root,0,0,00:00:00/56-14:08:51,26) [idle_inject/2] (root,0,0,00:00:16/56-14:08:51,27) [migration/2] (root,0,0,01:40:24/56-14:08:51,28) [ksoftirqd/2] (root,0,0,00:00:00/56-14:08:51,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/56-14:08:51,31) [cpuhp/3] (root,0,0,00:00:00/56-14:08:51,32) [idle_inject/3] (root,0,0,00:00:20/56-14:08:51,33) [migration/3] (root,0,0,00:05:10/56-14:08:51,34) [ksoftirqd/3] (root,0,0,00:00:00/56-14:08:51,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/56-14:08:51,40) [kdevtmpfs] (root,0,0,00:00:00/56-14:08:51,41) [netns] (root,0,0,00:00:00/56-14:08:51,42) [inet_frag_wq] (root,0,0,00:00:19/56-14:08:51,43) [kauditd] (root,0,0,00:00:00/56-14:08:51,44) [khungtaskd] (root,0,0,00:00:00/56-14:08:51,45) [oom_reaper] (root,0,0,00:00:00/56-14:08:51,46) [writeback] (root,0,0,00:02:53/56-14:08:51,47) [kcompactd0] (root,0,0,00:00:00/56-14:08:51,48) [ksmd] (root,0,0,00:03:08/56-14:08:51,49) [khugepaged] (root,0,0,00:00:00/56-14:08:51,75) [kintegrityd] (root,0,0,00:00:00/56-14:08:51,76) [kblockd] (root,0,0,00:00:00/56-14:08:51,77) [blkcg_punt_bio] (root,0,0,00:00:00/56-14:08:51,79) [tpm_dev_wq] (root,0,0,00:00:00/56-14:08:51,80) [edac-poller] (root,0,0,00:00:00/56-14:08:51,81) [devfreq_wq] (root,0,0,00:00:00/56-14:08:51,110) [watchdogd] (root,0,0,00:00:04/56-14:08:51,111) [kswapd0] (root,0,0,00:00:14/56-14:08:51,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/56-14:08:49,115) [kthrotld] (root,0,0,00:00:00/56-14:08:49,116) [mld] (root,0,0,00:00:00/56-14:08:49,117) [ipv6_addrconf] (root,0,0,00:00:15/56-14:08:49,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/56-14:08:49,123) [kstrp] (root,0,0,00:00:00/56-14:08:49,124) [zswap-shrink] (root,0,0,00:00:00/56-14:08:49,125) [kworker/u9:0] (root,0,0,00:00:00/56-14:08:49,130) [charger_manager] (root,0,0,00:00:17/56-14:08:49,172) [kworker/1:1H-kblockd] (root,0,0,00:00:25/56-14:08:49,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/56-14:08:48,239) [kaluad] (root,0,0,00:00:00/56-14:08:48,258) [kmpath_rdacd] (root,0,0,00:00:00/56-14:08:48,304) [kmpathd] (root,0,0,00:00:00/56-14:08:48,305) [kmpath_handlerd] (root,0,0,00:00:00/56-14:08:47,342) [ata_sff] (root,0,0,00:00:00/56-14:08:47,343) [scsi_eh_0] (root,0,0,00:00:00/56-14:08:47,344) [scsi_tmf_0] (root,0,0,00:00:00/56-14:08:47,345) [scsi_eh_1] (root,0,0,00:00:00/56-14:08:47,346) [scsi_tmf_1] (root,0,0,00:01:49/56-14:08:44,366) [jbd2/vda1-8] (root,0,0,00:00:00/56-14:08:44,367) [ext4-rsv-conver] (root,38604,7852,00:01:33/56-14:08:32,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/56-14:08:31,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:27/56-14:08:29,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:32/56-14:07:58,511) /sbin/auditd (messagebus,22932,5400,00:03:00/56-14:07:57,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:42/56-14:07:57,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/56-14:07:57,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/56-14:07:55,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/56-14:07:55,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549128,31272,00:01:07/56-14:07:41,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/56-14:07:41,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:35/56-14:07:41,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/56-14:07:41,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/56-14:07:41,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/56-14:07:41,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/56-14:07:41,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:42/56-14:07:41,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:04/56-14:07:41,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/56-14:07:41,1352) bpfilter_umh (root,26204,8096,00:00:28/56-14:07:41,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/56-14:07:41,1359) ntpd: asynchronous dns resolver (spot,365280,215764,3-02:30:51/56-14:07:40,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/56-14:07:40,1371) (sd-pam) (checkmk,48528,3180,00:00:00/56-14:07:40,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/56-14:07:40,1373) (sd-pam) (root,24216,5260,00:00:20/56-14:07:38,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/56-14:07:38,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:07/56-14:07:38,1485) /usr/sbin/cron -n (root,698412,77180,01:18:16/56-14:07:32,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,233920,79172,00:29:30/56-14:07:20,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/50-19:42:55,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/16:48,4585) [kworker/1:1-events] (root,0,0,00:00:00/56:02,6586) [kworker/1:2-events] (root,0,0,00:00:00/09:29,8863) [kworker/3:2-ata_sff] (root,0,0,00:00:00/31:37,9914) [kworker/2:0-events] (root,35304,10040,00:00:00/18-14:35:50,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:09/18-14:35:49,10514) sshd: syslogtunnel (root,0,0,00:00:00/53:50,11848) [kworker/0:2-events] (postfix,24244,8236,00:00:00/43:01,15810) pickup -l -t fifo -u (root,0,0,00:00:00/00:21,19557) [kworker/2:2-events] (root,0,0,00:00:00/42:04,20853) [kworker/u8:0-writeback] (root,6656,3488,00:00:00/00:00,21004) /bin/bash /usr/bin/check_mk_agent (root,0,0,00:00:00/42:03,21031) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/22:29,21048) [kworker/u8:1-ext4-rsv-conversion] (root,6656,1824,00:00:00/00:00,21072) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,21073) /bin/bash /usr/bin/check_mk_agent (root,4480,1144,00:00:00/00:00,21074) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,768,00:00:00/00:00,21075) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,6656,3484,00:00:00/00:00,21076) /bin/bash /usr/bin/check_mk_agent (root,2680,680,00:00:00/00:00,21077) cat /proc/net/tcp /proc/net/tcp6 (root,13744,3524,00:00:00/00:00,21095) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,21096) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/18:52,29432) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/40:36,29448) [kworker/3:0-events] (root,0,0,00:00:00/04:19,29471) [kworker/3:1-ata_sff] (root,35308,10028,00:00:00/18-15:22:03,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:03/18-15:22:02,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-06 00:57 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f06a9467Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:34/54-14:40:52,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/54-14:40:52,2) [kthreadd] (root,0,0,00:00:00/54-14:40:52,3) [rcu_gp] (root,0,0,00:00:00/54-14:40:52,4) [rcu_par_gp] (root,0,0,00:00:00/54-14:40:52,5) [slub_flushwq] (root,0,0,00:00:00/54-14:40:52,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/54-14:40:52,9) [mm_percpu_wq] (root,0,0,00:00:00/54-14:40:52,10) [rcu_tasks_kthre] (root,0,0,00:00:00/54-14:40:52,11) [rcu_tasks_rude_] (root,0,0,00:00:00/54-14:40:52,12) [rcu_tasks_trace] (root,0,0,00:01:37/54-14:40:52,13) [ksoftirqd/0] (root,0,0,02:33:30/54-14:40:52,14) [rcu_preempt] (root,0,0,00:00:21/54-14:40:52,15) [migration/0] (root,0,0,00:00:00/54-14:40:52,16) [idle_inject/0] (root,0,0,00:00:00/54-14:40:52,18) [cpuhp/0] (root,0,0,00:00:00/54-14:40:52,19) [cpuhp/1] (root,0,0,00:00:00/54-14:40:52,20) [idle_inject/1] (root,0,0,00:00:21/54-14:40:52,21) [migration/1] (root,0,0,00:01:20/54-14:40:52,22) [ksoftirqd/1] (root,0,0,00:00:00/54-14:40:52,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/54-14:40:52,25) [cpuhp/2] (root,0,0,00:00:00/54-14:40:52,26) [idle_inject/2] (root,0,0,00:00:15/54-14:40:52,27) [migration/2] (root,0,0,01:36:47/54-14:40:52,28) [ksoftirqd/2] (root,0,0,00:00:00/54-14:40:52,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/54-14:40:52,31) [cpuhp/3] (root,0,0,00:00:00/54-14:40:52,32) [idle_inject/3] (root,0,0,00:00:19/54-14:40:52,33) [migration/3] (root,0,0,00:05:00/54-14:40:52,34) [ksoftirqd/3] (root,0,0,00:00:00/54-14:40:52,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/54-14:40:52,40) [kdevtmpfs] (root,0,0,00:00:00/54-14:40:52,41) [netns] (root,0,0,00:00:00/54-14:40:52,42) [inet_frag_wq] (root,0,0,00:00:18/54-14:40:52,43) [kauditd] (root,0,0,00:00:00/54-14:40:52,44) [khungtaskd] (root,0,0,00:00:00/54-14:40:52,45) [oom_reaper] (root,0,0,00:00:00/54-14:40:52,46) [writeback] (root,0,0,00:02:47/54-14:40:52,47) [kcompactd0] (root,0,0,00:00:00/54-14:40:52,48) [ksmd] (root,0,0,00:03:02/54-14:40:52,49) [khugepaged] (root,0,0,00:00:00/54-14:40:52,75) [kintegrityd] (root,0,0,00:00:00/54-14:40:52,76) [kblockd] (root,0,0,00:00:00/54-14:40:52,77) [blkcg_punt_bio] (root,0,0,00:00:00/54-14:40:52,79) [tpm_dev_wq] (root,0,0,00:00:00/54-14:40:52,80) [edac-poller] (root,0,0,00:00:00/54-14:40:52,81) [devfreq_wq] (root,0,0,00:00:00/54-14:40:52,110) [watchdogd] (root,0,0,00:00:04/54-14:40:52,111) [kswapd0] (root,0,0,00:00:14/54-14:40:52,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/54-14:40:50,115) [kthrotld] (root,0,0,00:00:00/54-14:40:50,116) [mld] (root,0,0,00:00:00/54-14:40:50,117) [ipv6_addrconf] (root,0,0,00:00:15/54-14:40:50,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/54-14:40:50,123) [kstrp] (root,0,0,00:00:00/54-14:40:50,124) [zswap-shrink] (root,0,0,00:00:00/54-14:40:50,125) [kworker/u9:0] (root,0,0,00:00:00/54-14:40:50,130) [charger_manager] (root,0,0,00:00:16/54-14:40:50,172) [kworker/1:1H-kblockd] (root,0,0,00:00:24/54-14:40:50,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/54-14:40:49,239) [kaluad] (root,0,0,00:00:00/54-14:40:49,258) [kmpath_rdacd] (root,0,0,00:00:00/54-14:40:49,304) [kmpathd] (root,0,0,00:00:00/54-14:40:49,305) [kmpath_handlerd] (root,0,0,00:00:00/54-14:40:48,342) [ata_sff] (root,0,0,00:00:00/54-14:40:48,343) [scsi_eh_0] (root,0,0,00:00:00/54-14:40:48,344) [scsi_tmf_0] (root,0,0,00:00:00/54-14:40:48,345) [scsi_eh_1] (root,0,0,00:00:00/54-14:40:48,346) [scsi_tmf_1] (root,0,0,00:01:46/54-14:40:45,366) [jbd2/vda1-8] (root,0,0,00:00:00/54-14:40:45,367) [ext4-rsv-conver] (root,38604,7852,00:01:30/54-14:40:33,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/54-14:40:32,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:24/54-14:40:30,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:31/54-14:39:59,511) /sbin/auditd (messagebus,22932,5400,00:02:54/54-14:39:58,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:38/54-14:39:58,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/54-14:39:58,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/54-14:39:56,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/54-14:39:56,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/21:36,729) [kworker/3:1-events] (root,549128,31272,00:01:04/54-14:39:42,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/54-14:39:42,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:24/54-14:39:42,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/54-14:39:42,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/54-14:39:42,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/54-14:39:42,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/54-14:39:42,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:39/54-14:39:42,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:07:48/54-14:39:42,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/54-14:39:42,1352) bpfilter_umh (root,26204,8096,00:00:27/54-14:39:42,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/54-14:39:42,1359) ntpd: asynchronous dns resolver (spot,365008,215744,2-23:41:27/54-14:39:41,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/54-14:39:41,1371) (sd-pam) (checkmk,48528,3180,00:00:00/54-14:39:41,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/54-14:39:41,1373) (sd-pam) (root,24216,5260,00:00:19/54-14:39:39,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/54-14:39:39,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:07/54-14:39:39,1485) /usr/sbin/cron -n (root,698412,79084,01:15:35/54-14:39:33,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,6656,3488,00:00:00/00:00,1886) /bin/bash /usr/bin/check_mk_agent (root,13744,3372,00:00:00/00:00,1904) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,1905) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (spot,232896,77764,00:28:45/54-14:39:21,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9160,00:00:02/48-20:14:56,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/19:44,6889) [kworker/0:1] (root,0,0,00:00:00/02:59:32,7540) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/18:58,9879) [kworker/u8:1-writeback] (root,0,0,00:00:00/46:33,10451) [kworker/0:2-events] (root,35304,10040,00:00:00/16-15:07:51,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:02/16-15:07:50,10514) sshd: syslogtunnel (root,0,0,00:00:00/06:03,12778) [kworker/3:0-ata_sff] (postfix,24244,8220,00:00:00/01:36:03,18539) pickup -l -t fifo -u (root,0,0,00:00:00/14:14,23551) [kworker/2:2] (root,0,0,00:00:00/41:18,24374) [kworker/1:1] (root,0,0,00:00:01/03:57:20,25166) [kworker/2:1-events] (root,0,0,00:00:00/02:04:38,27550) [kworker/1:0-events] (root,0,0,00:00:00/00:50,30180) [kworker/3:2-ata_sff] (root,35308,10028,00:00:00/16-15:54:04,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:56/16-15:54:03,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-04 01:29 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363397a48bbFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12464,00:02:18/47-13:27:15,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/47-13:27:15,2) [kthreadd] (root,0,0,00:00:00/47-13:27:15,3) [rcu_gp] (root,0,0,00:00:00/47-13:27:15,4) [rcu_par_gp] (root,0,0,00:00:00/47-13:27:15,5) [slub_flushwq] (root,0,0,00:00:00/47-13:27:15,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/47-13:27:15,9) [mm_percpu_wq] (root,0,0,00:00:00/47-13:27:15,10) [rcu_tasks_kthre] (root,0,0,00:00:00/47-13:27:15,11) [rcu_tasks_rude_] (root,0,0,00:00:00/47-13:27:15,12) [rcu_tasks_trace] (root,0,0,00:01:26/47-13:27:15,13) [ksoftirqd/0] (root,0,0,02:15:50/47-13:27:15,14) [rcu_preempt] (root,0,0,00:00:18/47-13:27:15,15) [migration/0] (root,0,0,00:00:00/47-13:27:15,16) [idle_inject/0] (root,0,0,00:00:00/47-13:27:15,18) [cpuhp/0] (root,0,0,00:00:00/47-13:27:15,19) [cpuhp/1] (root,0,0,00:00:00/47-13:27:15,20) [idle_inject/1] (root,0,0,00:00:18/47-13:27:15,21) [migration/1] (root,0,0,00:01:10/47-13:27:15,22) [ksoftirqd/1] (root,0,0,00:00:00/47-13:27:15,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/47-13:27:15,25) [cpuhp/2] (root,0,0,00:00:00/47-13:27:15,26) [idle_inject/2] (root,0,0,00:00:13/47-13:27:15,27) [migration/2] (root,0,0,01:27:40/47-13:27:15,28) [ksoftirqd/2] (root,0,0,00:00:00/47-13:27:15,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/47-13:27:15,31) [cpuhp/3] (root,0,0,00:00:00/47-13:27:15,32) [idle_inject/3] (root,0,0,00:00:17/47-13:27:15,33) [migration/3] (root,0,0,00:04:30/47-13:27:15,34) [ksoftirqd/3] (root,0,0,00:00:00/47-13:27:15,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/47-13:27:15,40) [kdevtmpfs] (root,0,0,00:00:00/47-13:27:15,41) [netns] (root,0,0,00:00:00/47-13:27:15,42) [inet_frag_wq] (root,0,0,00:00:16/47-13:27:15,43) [kauditd] (root,0,0,00:00:00/47-13:27:15,44) [khungtaskd] (root,0,0,00:00:00/47-13:27:15,45) [oom_reaper] (root,0,0,00:00:00/47-13:27:15,46) [writeback] (root,0,0,00:02:28/47-13:27:15,47) [kcompactd0] (root,0,0,00:00:00/47-13:27:15,48) [ksmd] (root,0,0,00:02:37/47-13:27:15,49) [khugepaged] (root,0,0,00:00:00/47-13:27:15,75) [kintegrityd] (root,0,0,00:00:00/47-13:27:15,76) [kblockd] (root,0,0,00:00:00/47-13:27:15,77) [blkcg_punt_bio] (root,0,0,00:00:00/47-13:27:15,79) [tpm_dev_wq] (root,0,0,00:00:00/47-13:27:15,80) [edac-poller] (root,0,0,00:00:00/47-13:27:15,81) [devfreq_wq] (root,0,0,00:00:00/47-13:27:15,110) [watchdogd] (root,0,0,00:00:03/47-13:27:15,111) [kswapd0] (root,0,0,00:00:12/47-13:27:15,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/47-13:27:13,115) [kthrotld] (root,0,0,00:00:00/47-13:27:13,116) [mld] (root,0,0,00:00:00/47-13:27:13,117) [ipv6_addrconf] (root,0,0,00:00:13/47-13:27:13,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/47-13:27:13,123) [kstrp] (root,0,0,00:00:00/47-13:27:13,124) [zswap-shrink] (root,0,0,00:00:00/47-13:27:13,125) [kworker/u9:0] (root,0,0,00:00:00/47-13:27:13,130) [charger_manager] (root,0,0,00:00:14/47-13:27:13,172) [kworker/1:1H-kblockd] (root,0,0,00:00:21/47-13:27:13,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/47-13:27:12,239) [kaluad] (root,0,0,00:00:00/47-13:27:12,258) [kmpath_rdacd] (root,0,0,00:00:00/47-13:27:12,304) [kmpathd] (root,0,0,00:00:00/47-13:27:12,305) [kmpath_handlerd] (root,0,0,00:00:00/47-13:27:11,342) [ata_sff] (root,0,0,00:00:00/47-13:27:11,343) [scsi_eh_0] (root,0,0,00:00:00/47-13:27:11,344) [scsi_tmf_0] (root,0,0,00:00:00/47-13:27:11,345) [scsi_eh_1] (root,0,0,00:00:00/47-13:27:11,346) [scsi_tmf_1] (root,0,0,00:01:34/47-13:27:08,366) [jbd2/vda1-8] (root,0,0,00:00:00/47-13:27:08,367) [ext4-rsv-conver] (root,38604,7856,00:01:20/47-13:26:56,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/47-13:26:55,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:14/47-13:26:53,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:28/47-13:26:22,511) /sbin/auditd (messagebus,22932,5408,00:02:36/47-13:26:21,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:28/47-13:26:21,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/47-13:26:21,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/47-13:26:19,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/47-13:26:19,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:56/47-13:26:05,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/47-13:26:05,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:44/47-13:26:05,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/47-13:26:05,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/47-13:26:05,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/47-13:26:05,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/47-13:26:05,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:30/47-13:26:05,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:52/47-13:26:05,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/47-13:26:05,1352) bpfilter_umh (root,26204,8096,00:00:24/47-13:26:05,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/47-13:26:05,1359) ntpd: asynchronous dns resolver (spot,361408,212080,2-16:41:02/47-13:26:04,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/47-13:26:04,1371) (sd-pam) (checkmk,48528,3180,00:00:00/47-13:26:04,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/47-13:26:04,1373) (sd-pam) (root,24216,5260,00:00:16/47-13:26:02,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/47-13:26:02,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/47-13:26:02,1485) /usr/sbin/cron -n (root,697508,77208,01:06:08/47-13:25:56,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,229824,73032,00:25:46/47-13:25:44,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/41-19:01:19,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/20:38,2570) [kworker/2:1-events] (root,0,0,00:00:00/08:18,4496) [kworker/3:0-ata_sff] (root,0,0,00:00:00/36:05,6226) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/18:41,7364) [kworker/3:2-events] (root,35304,10040,00:00:00/9-13:54:14,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:37/9-13:54:13,10514) sshd: syslogtunnel (postfix,24244,8256,00:00:00/48:07,10898) pickup -l -t fifo -u (root,0,0,00:00:00/03:08,11263) [kworker/3:1-ata_sff] (root,0,0,00:00:01/03:55:06,15451) [kworker/1:1-events] (root,0,0,00:00:00/15:25,15704) [kworker/2:0-events] (root,0,0,00:00:00/15:23,15769) [kworker/u8:1-writeback] (root,0,0,00:00:00/00:08,17795) [kworker/1:0-events] (root,6656,3476,00:00:00/00:00,18640) /bin/bash /usr/bin/check_mk_agent (root,6656,1820,00:00:00/00:00,18681) /bin/bash /usr/bin/check_mk_agent (root,6656,2012,00:00:00/00:00,18682) /bin/bash /usr/bin/check_mk_agent (root,4480,1168,00:00:00/00:00,18683) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,820,00:00:00/00:00,18684) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2676,1208,00:00:00/00:00,18685) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3484,00:00:00/00:00,18686) /bin/bash /usr/bin/check_mk_agent (root,13744,3460,00:00:00/00:00,18704) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,18705) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:14:15,21827) [kworker/u8:0-events_unbound] (root,0,0,00:00:00/26:08,25528) [kworker/0:2-events] (root,0,0,00:00:01/07:37:34,29068) [kworker/0:0-events] (root,35308,10028,00:00:00/9-14:40:27,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:34/9-14:40:26,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-28 00:15 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836321761f2aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:13/45-10:46:47,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/45-10:46:47,2) [kthreadd] (root,0,0,00:00:00/45-10:46:47,3) [rcu_gp] (root,0,0,00:00:00/45-10:46:47,4) [rcu_par_gp] (root,0,0,00:00:00/45-10:46:47,5) [slub_flushwq] (root,0,0,00:00:00/45-10:46:47,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/45-10:46:47,9) [mm_percpu_wq] (root,0,0,00:00:00/45-10:46:47,10) [rcu_tasks_kthre] (root,0,0,00:00:00/45-10:46:47,11) [rcu_tasks_rude_] (root,0,0,00:00:00/45-10:46:47,12) [rcu_tasks_trace] (root,0,0,00:01:23/45-10:46:47,13) [ksoftirqd/0] (root,0,0,02:10:20/45-10:46:47,14) [rcu_preempt] (root,0,0,00:00:17/45-10:46:47,15) [migration/0] (root,0,0,00:00:00/45-10:46:47,16) [idle_inject/0] (root,0,0,00:00:00/45-10:46:47,18) [cpuhp/0] (root,0,0,00:00:00/45-10:46:47,19) [cpuhp/1] (root,0,0,00:00:00/45-10:46:47,20) [idle_inject/1] (root,0,0,00:00:17/45-10:46:47,21) [migration/1] (root,0,0,00:01:08/45-10:46:47,22) [ksoftirqd/1] (root,0,0,00:00:00/45-10:46:47,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/45-10:46:47,25) [cpuhp/2] (root,0,0,00:00:00/45-10:46:47,26) [idle_inject/2] (root,0,0,00:00:13/45-10:46:47,27) [migration/2] (root,0,0,01:25:04/45-10:46:47,28) [ksoftirqd/2] (root,0,0,00:00:00/45-10:46:47,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/45-10:46:47,31) [cpuhp/3] (root,0,0,00:00:00/45-10:46:47,32) [idle_inject/3] (root,0,0,00:00:16/45-10:46:47,33) [migration/3] (root,0,0,00:04:21/45-10:46:47,34) [ksoftirqd/3] (root,0,0,00:00:00/45-10:46:47,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/45-10:46:47,40) [kdevtmpfs] (root,0,0,00:00:00/45-10:46:47,41) [netns] (root,0,0,00:00:00/45-10:46:47,42) [inet_frag_wq] (root,0,0,00:00:16/45-10:46:47,43) [kauditd] (root,0,0,00:00:00/45-10:46:47,44) [khungtaskd] (root,0,0,00:00:00/45-10:46:47,45) [oom_reaper] (root,0,0,00:00:00/45-10:46:47,46) [writeback] (root,0,0,00:02:23/45-10:46:47,47) [kcompactd0] (root,0,0,00:00:00/45-10:46:47,48) [ksmd] (root,0,0,00:02:30/45-10:46:47,49) [khugepaged] (root,0,0,00:00:00/45-10:46:47,75) [kintegrityd] (root,0,0,00:00:00/45-10:46:47,76) [kblockd] (root,0,0,00:00:00/45-10:46:47,77) [blkcg_punt_bio] (root,0,0,00:00:00/45-10:46:47,79) [tpm_dev_wq] (root,0,0,00:00:00/45-10:46:47,80) [edac-poller] (root,0,0,00:00:00/45-10:46:47,81) [devfreq_wq] (root,0,0,00:00:00/45-10:46:47,110) [watchdogd] (root,0,0,00:00:03/45-10:46:47,111) [kswapd0] (root,0,0,00:00:12/45-10:46:47,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/45-10:46:45,115) [kthrotld] (root,0,0,00:00:00/45-10:46:45,116) [mld] (root,0,0,00:00:00/45-10:46:45,117) [ipv6_addrconf] (root,0,0,00:00:12/45-10:46:45,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/45-10:46:45,123) [kstrp] (root,0,0,00:00:00/45-10:46:45,124) [zswap-shrink] (root,0,0,00:00:00/45-10:46:45,125) [kworker/u9:0] (root,0,0,00:00:00/45-10:46:45,130) [charger_manager] (root,0,0,00:00:14/45-10:46:45,172) [kworker/1:1H-kblockd] (root,0,0,00:00:20/45-10:46:45,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/45-10:46:44,239) [kaluad] (root,0,0,00:00:00/45-10:46:44,258) [kmpath_rdacd] (root,0,0,00:00:00/45-10:46:44,304) [kmpathd] (root,0,0,00:00:00/45-10:46:44,305) [kmpath_handlerd] (root,0,0,00:00:00/45-10:46:43,342) [ata_sff] (root,0,0,00:00:00/45-10:46:43,343) [scsi_eh_0] (root,0,0,00:00:00/45-10:46:43,344) [scsi_tmf_0] (root,0,0,00:00:00/45-10:46:43,345) [scsi_eh_1] (root,0,0,00:00:00/45-10:46:43,346) [scsi_tmf_1] (root,0,0,00:01:30/45-10:46:40,366) [jbd2/vda1-8] (root,0,0,00:00:00/45-10:46:40,367) [ext4-rsv-conver] (root,38604,7856,00:01:17/45-10:46:28,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/45-10:46:27,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:11/45-10:46:25,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:27/45-10:45:54,511) /sbin/auditd (messagebus,22932,5408,00:02:30/45-10:45:53,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:25/45-10:45:53,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/45-10:45:53,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/45-10:45:51,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/45-10:45:51,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:54/45-10:45:37,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/45-10:45:37,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:32/45-10:45:37,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/45-10:45:37,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/45-10:45:37,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/45-10:45:37,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/45-10:45:37,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:28/45-10:45:37,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:35/45-10:45:37,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/45-10:45:37,1352) bpfilter_umh (root,26204,8096,00:00:23/45-10:45:37,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/45-10:45:37,1359) ntpd: asynchronous dns resolver (spot,362528,206300,2-14:26:16/45-10:45:36,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/45-10:45:36,1371) (sd-pam) (checkmk,48528,3180,00:00:00/45-10:45:36,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/45-10:45:36,1373) (sd-pam) (root,24216,5260,00:00:16/45-10:45:34,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/45-10:45:34,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/45-10:45:34,1485) /usr/sbin/cron -n (root,697508,78832,01:03:14/45-10:45:28,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,228800,71508,00:24:46/45-10:45:16,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/39-16:20:51,2557) tlsmgr -l -t unix -u (postfix,24244,8236,00:00:00/09:40,3857) pickup -l -t fifo -u (root,0,0,00:00:00/09:17,5125) [kworker/3:1-ata_sff] (root,0,0,00:00:00/00:23,7467) [kworker/1:1-events] (root,0,0,00:00:02/04:02:45,7922) [kworker/3:0-events] (root,6656,3476,00:00:00/00:00,9269) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,9284) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,9312) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,9314) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/04:10:16,9329) [kworker/2:2-events] (root,35304,10040,00:00:00/7-11:13:46,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:30/7-11:13:45,10514) sshd: syslogtunnel (root,0,0,00:00:00/01:05:36,12120) [kworker/1:2-events] (root,0,0,00:00:00/55:37,13999) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/05:28,19992) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/01:36:03,23049) [kworker/0:2-events] (root,0,0,00:00:00/04:04,25872) [kworker/3:2-ata_sff] (root,0,0,00:00:00/50:42,27729) [kworker/0:0-events] (root,35308,10028,00:00:00/7-11:59:59,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:27/7-11:59:58,30947) sshd: cm-ssh (root,0,0,00:00:00/10:22,32062) [kworker/2:1-events] (root,0,0,00:00:00/45:33,32405) [kworker/u8:1-ext4-rsv-conversion] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-25 21:35 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c7080de5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:08/43-10:40:53,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/43-10:40:53,2) [kthreadd] (root,0,0,00:00:00/43-10:40:53,3) [rcu_gp] (root,0,0,00:00:00/43-10:40:53,4) [rcu_par_gp] (root,0,0,00:00:00/43-10:40:53,5) [slub_flushwq] (root,0,0,00:00:00/43-10:40:53,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/43-10:40:53,9) [mm_percpu_wq] (root,0,0,00:00:00/43-10:40:53,10) [rcu_tasks_kthre] (root,0,0,00:00:00/43-10:40:53,11) [rcu_tasks_rude_] (root,0,0,00:00:00/43-10:40:53,12) [rcu_tasks_trace] (root,0,0,00:01:19/43-10:40:53,13) [ksoftirqd/0] (root,0,0,02:04:50/43-10:40:53,14) [rcu_preempt] (root,0,0,00:00:16/43-10:40:53,15) [migration/0] (root,0,0,00:00:00/43-10:40:53,16) [idle_inject/0] (root,0,0,00:00:00/43-10:40:53,18) [cpuhp/0] (root,0,0,00:00:00/43-10:40:53,19) [cpuhp/1] (root,0,0,00:00:00/43-10:40:53,20) [idle_inject/1] (root,0,0,00:00:16/43-10:40:53,21) [migration/1] (root,0,0,00:01:05/43-10:40:53,22) [ksoftirqd/1] (root,0,0,00:00:00/43-10:40:53,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/43-10:40:53,25) [cpuhp/2] (root,0,0,00:00:00/43-10:40:53,26) [idle_inject/2] (root,0,0,00:00:12/43-10:40:53,27) [migration/2] (root,0,0,01:22:11/43-10:40:53,28) [ksoftirqd/2] (root,0,0,00:00:00/43-10:40:53,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/43-10:40:53,31) [cpuhp/3] (root,0,0,00:00:00/43-10:40:53,32) [idle_inject/3] (root,0,0,00:00:15/43-10:40:53,33) [migration/3] (root,0,0,00:04:11/43-10:40:53,34) [ksoftirqd/3] (root,0,0,00:00:00/43-10:40:53,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/43-10:40:53,40) [kdevtmpfs] (root,0,0,00:00:00/43-10:40:53,41) [netns] (root,0,0,00:00:00/43-10:40:53,42) [inet_frag_wq] (root,0,0,00:00:15/43-10:40:53,43) [kauditd] (root,0,0,00:00:00/43-10:40:53,44) [khungtaskd] (root,0,0,00:00:00/43-10:40:53,45) [oom_reaper] (root,0,0,00:00:00/43-10:40:53,46) [writeback] (root,0,0,00:02:17/43-10:40:53,47) [kcompactd0] (root,0,0,00:00:00/43-10:40:53,48) [ksmd] (root,0,0,00:02:23/43-10:40:53,49) [khugepaged] (root,0,0,00:00:00/43-10:40:53,75) [kintegrityd] (root,0,0,00:00:00/43-10:40:53,76) [kblockd] (root,0,0,00:00:00/43-10:40:53,77) [blkcg_punt_bio] (root,0,0,00:00:00/43-10:40:53,79) [tpm_dev_wq] (root,0,0,00:00:00/43-10:40:53,80) [edac-poller] (root,0,0,00:00:00/43-10:40:53,81) [devfreq_wq] (root,0,0,00:00:00/43-10:40:53,110) [watchdogd] (root,0,0,00:00:03/43-10:40:53,111) [kswapd0] (root,0,0,00:00:11/43-10:40:53,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/43-10:40:51,115) [kthrotld] (root,0,0,00:00:00/43-10:40:51,116) [mld] (root,0,0,00:00:00/43-10:40:51,117) [ipv6_addrconf] (root,0,0,00:00:12/43-10:40:51,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/43-10:40:51,123) [kstrp] (root,0,0,00:00:00/43-10:40:51,124) [zswap-shrink] (root,0,0,00:00:00/43-10:40:51,125) [kworker/u9:0] (root,0,0,00:00:00/43-10:40:51,130) [charger_manager] (root,0,0,00:00:13/43-10:40:51,172) [kworker/1:1H-kblockd] (root,0,0,00:00:19/43-10:40:51,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/43-10:40:50,239) [kaluad] (root,0,0,00:00:00/43-10:40:50,258) [kmpath_rdacd] (root,0,0,00:00:00/43-10:40:50,304) [kmpathd] (root,0,0,00:00:00/43-10:40:50,305) [kmpath_handlerd] (root,0,0,00:00:00/43-10:40:49,342) [ata_sff] (root,0,0,00:00:00/43-10:40:49,343) [scsi_eh_0] (root,0,0,00:00:00/43-10:40:49,344) [scsi_tmf_0] (root,0,0,00:00:00/43-10:40:49,345) [scsi_eh_1] (root,0,0,00:00:00/43-10:40:49,346) [scsi_tmf_1] (root,0,0,00:01:26/43-10:40:46,366) [jbd2/vda1-8] (root,0,0,00:00:00/43-10:40:46,367) [ext4-rsv-conver] (root,38604,7856,00:01:14/43-10:40:34,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/43-10:40:33,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:08/43-10:40:31,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:26/43-10:40:00,511) /sbin/auditd (messagebus,22932,5408,00:02:24/43-10:39:59,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:21/43-10:39:59,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/43-10:39:59,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/43-10:39:57,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/43-10:39:57,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30208,00:00:51/43-10:39:43,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/43-10:39:43,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:19/43-10:39:43,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/43-10:39:43,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/43-10:39:43,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/43-10:39:43,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/43-10:39:43,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:25/43-10:39:43,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:18/43-10:39:43,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/43-10:39:43,1352) bpfilter_umh (root,26204,8096,00:00:22/43-10:39:43,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/43-10:39:43,1359) ntpd: asynchronous dns resolver (spot,361488,206052,2-12:11:05/43-10:39:42,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/43-10:39:42,1371) (sd-pam) (checkmk,48528,3180,00:00:00/43-10:39:42,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/43-10:39:42,1373) (sd-pam) (root,24216,5260,00:00:15/43-10:39:40,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/43-10:39:40,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/43-10:39:40,1485) /usr/sbin/cron -n (root,697508,78760,01:00:26/43-10:39:34,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,227776,70160,00:23:46/43-10:39:22,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/37-16:14:57,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:51,6955) [kworker/3:0-ata_sff] (root,0,0,00:00:00/12:11,8260) [kworker/0:1] (root,35304,10040,00:00:00/5-11:07:52,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:22/5-11:07:51,10514) sshd: syslogtunnel (root,0,0,00:00:00/31:40,12041) [kworker/1:0-mm_percpu_wq] (root,6656,3488,00:00:00/00:01,12172) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,12253) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,12254) /bin/bash /usr/bin/check_mk_agent (root,4480,1192,00:00:00/00:00,12255) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,872,00:00:00/00:00,12256) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,732,00:00:00/00:00,12258) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3492,00:00:00/00:00,12262) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,12280) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,948,00:00:00/00:00,12281) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:35:06,13819) [kworker/0:2-events] (postfix,24244,8304,00:00:00/25:30,13890) pickup -l -t fifo -u (root,0,0,00:00:00/01:10:04,16939) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/39:33,17327) [kworker/u8:2-flush-253:0] (root,0,0,00:00:01/01:31:03,21017) [kworker/3:2-events] (root,0,0,00:00:00/21:53,21552) [kworker/1:1] (root,0,0,00:00:00/08:03,23245) [kworker/3:1-ata_sff] (root,0,0,00:00:00/01:15:29,30419) [kworker/2:2] (root,35308,10028,00:00:00/5-11:54:05,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:20/5-11:54:04,30947) sshd: cm-ssh (root,0,0,00:00:00/02:04:24,31069) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-23 21:29 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ad14443dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:03/41-11:14:30,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/41-11:14:30,2) [kthreadd] (root,0,0,00:00:00/41-11:14:30,3) [rcu_gp] (root,0,0,00:00:00/41-11:14:30,4) [rcu_par_gp] (root,0,0,00:00:00/41-11:14:30,5) [slub_flushwq] (root,0,0,00:00:00/41-11:14:30,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/41-11:14:30,9) [mm_percpu_wq] (root,0,0,00:00:00/41-11:14:30,10) [rcu_tasks_kthre] (root,0,0,00:00:00/41-11:14:30,11) [rcu_tasks_rude_] (root,0,0,00:00:00/41-11:14:30,12) [rcu_tasks_trace] (root,0,0,00:01:15/41-11:14:30,13) [ksoftirqd/0] (root,0,0,01:59:01/41-11:14:30,14) [rcu_preempt] (root,0,0,00:00:15/41-11:14:30,15) [migration/0] (root,0,0,00:00:00/41-11:14:30,16) [idle_inject/0] (root,0,0,00:00:00/41-11:14:30,18) [cpuhp/0] (root,0,0,00:00:00/41-11:14:30,19) [cpuhp/1] (root,0,0,00:00:00/41-11:14:30,20) [idle_inject/1] (root,0,0,00:00:16/41-11:14:30,21) [migration/1] (root,0,0,00:01:01/41-11:14:30,22) [ksoftirqd/1] (root,0,0,00:00:00/41-11:14:30,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/41-11:14:30,25) [cpuhp/2] (root,0,0,00:00:00/41-11:14:30,26) [idle_inject/2] (root,0,0,00:00:12/41-11:14:30,27) [migration/2] (root,0,0,01:18:18/41-11:14:30,28) [ksoftirqd/2] (root,0,0,00:00:00/41-11:14:30,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/41-11:14:30,31) [cpuhp/3] (root,0,0,00:00:00/41-11:14:30,32) [idle_inject/3] (root,0,0,00:00:15/41-11:14:30,33) [migration/3] (root,0,0,00:03:58/41-11:14:30,34) [ksoftirqd/3] (root,0,0,00:00:00/41-11:14:30,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/41-11:14:30,40) [kdevtmpfs] (root,0,0,00:00:00/41-11:14:30,41) [netns] (root,0,0,00:00:00/41-11:14:30,42) [inet_frag_wq] (root,0,0,00:00:14/41-11:14:30,43) [kauditd] (root,0,0,00:00:00/41-11:14:30,44) [khungtaskd] (root,0,0,00:00:00/41-11:14:30,45) [oom_reaper] (root,0,0,00:00:00/41-11:14:30,46) [writeback] (root,0,0,00:02:11/41-11:14:30,47) [kcompactd0] (root,0,0,00:00:00/41-11:14:30,48) [ksmd] (root,0,0,00:02:16/41-11:14:30,49) [khugepaged] (root,0,0,00:00:00/41-11:14:30,75) [kintegrityd] (root,0,0,00:00:00/41-11:14:30,76) [kblockd] (root,0,0,00:00:00/41-11:14:30,77) [blkcg_punt_bio] (root,0,0,00:00:00/41-11:14:30,79) [tpm_dev_wq] (root,0,0,00:00:00/41-11:14:30,80) [edac-poller] (root,0,0,00:00:00/41-11:14:30,81) [devfreq_wq] (root,0,0,00:00:00/41-11:14:30,110) [watchdogd] (root,0,0,00:00:03/41-11:14:30,111) [kswapd0] (root,0,0,00:00:11/41-11:14:30,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/41-11:14:28,115) [kthrotld] (root,0,0,00:00:00/41-11:14:28,116) [mld] (root,0,0,00:00:00/41-11:14:28,117) [ipv6_addrconf] (root,0,0,00:00:11/41-11:14:28,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/41-11:14:28,123) [kstrp] (root,0,0,00:00:00/41-11:14:28,124) [zswap-shrink] (root,0,0,00:00:00/41-11:14:28,125) [kworker/u9:0] (root,0,0,00:00:00/41-11:14:28,130) [charger_manager] (root,0,0,00:00:12/41-11:14:28,172) [kworker/1:1H-kblockd] (root,0,0,00:00:18/41-11:14:28,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/41-11:14:27,239) [kaluad] (root,0,0,00:00:00/41-11:14:27,258) [kmpath_rdacd] (root,0,0,00:00:00/41-11:14:27,304) [kmpathd] (root,0,0,00:00:00/41-11:14:27,305) [kmpath_handlerd] (root,0,0,00:00:00/41-11:14:26,342) [ata_sff] (root,0,0,00:00:00/41-11:14:26,343) [scsi_eh_0] (root,0,0,00:00:00/41-11:14:26,344) [scsi_tmf_0] (root,0,0,00:00:00/41-11:14:26,345) [scsi_eh_1] (root,0,0,00:00:00/41-11:14:26,346) [scsi_tmf_1] (root,0,0,00:01:23/41-11:14:23,366) [jbd2/vda1-8] (root,0,0,00:00:00/41-11:14:23,367) [ext4-rsv-conver] (root,38604,7856,00:01:11/41-11:14:11,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:04/41-11:14:10,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:05/41-11:14:08,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:25/41-11:13:37,511) /sbin/auditd (messagebus,22932,5408,00:02:18/41-11:13:36,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:18/41-11:13:36,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/41-11:13:36,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/41-11:13:34,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/41-11:13:34,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30208,00:00:49/41-11:13:20,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/41-11:13:20,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:08/41-11:13:20,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/41-11:13:20,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/41-11:13:20,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/41-11:13:20,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/41-11:13:20,1343) /usr/lib/systemd/systemd --user (root,449060,8448,00:01:22/41-11:13:20,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:01/41-11:13:20,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/41-11:13:20,1352) bpfilter_umh (root,26204,8096,00:00:21/41-11:13:20,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/41-11:13:20,1359) ntpd: asynchronous dns resolver (spot,362032,206188,2-09:25:29/41-11:13:19,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/41-11:13:19,1371) (sd-pam) (checkmk,48528,3180,00:00:00/41-11:13:19,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/41-11:13:19,1373) (sd-pam) (root,0,0,00:00:00/01:56:09,1398) [kworker/1:0-cgroup_destroy] (root,24216,5260,00:00:14/41-11:13:17,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/41-11:13:17,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/41-11:13:17,1485) /usr/sbin/cron -n (root,697108,78364,00:57:37/41-11:13:11,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,226752,68932,00:22:47/41-11:12:59,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/35-16:48:34,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/25:34,2589) [kworker/3:0-events] (root,0,0,00:00:00/02:06,3309) [kworker/u8:2-writeback] (root,0,0,00:00:00/02:06,3311) [kworker/1:1] (postfix,24244,8272,00:00:00/01:21:03,8568) pickup -l -t fifo -u (root,35304,10040,00:00:00/3-11:41:29,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:14/3-11:41:28,10514) sshd: syslogtunnel (root,0,0,00:00:00/30:30,11751) [kworker/0:1-events] (root,6656,3484,00:00:00/00:00,12056) /bin/bash /usr/bin/check_mk_agent (root,6656,1820,00:00:00/00:00,12097) /bin/bash /usr/bin/check_mk_agent (root,6656,2012,00:00:00/00:00,12098) /bin/bash /usr/bin/check_mk_agent (root,4480,1152,00:00:00/00:00,12099) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,812,00:00:00/00:00,12100) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2676,1208,00:00:00/00:00,12101) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3484,00:00:00/00:00,12102) /bin/bash /usr/bin/check_mk_agent (root,13744,3520,00:00:00/00:00,12120) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,940,00:00:00/00:00,12121) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:27:42,15370) [kworker/u8:1-events_unbound] (root,0,0,00:00:01/08:39:10,16954) [kworker/2:1-events] (root,0,0,00:00:00/01:18:12,18031) [kworker/1:2-events] (root,0,0,00:00:00/01:13:29,20231) [kworker/0:0-events] (root,0,0,00:00:00/35:10,21149) [kworker/u8:0] (root,0,0,00:00:00/04:50,21964) [kworker/3:2-ata_sff] (root,0,0,00:00:00/54:26,29732) [kworker/2:0-events] (root,35308,10028,00:00:00/3-12:27:42,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:13/3-12:27:41,30947) sshd: cm-ssh (root,0,0,00:00:00/10:01,32022) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-21 22:03 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ad3e4beaFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:57/39-10:32:06,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-10:32:06,2) [kthreadd] (root,0,0,00:00:00/39-10:32:06,3) [rcu_gp] (root,0,0,00:00:00/39-10:32:06,4) [rcu_par_gp] (root,0,0,00:00:00/39-10:32:06,5) [slub_flushwq] (root,0,0,00:00:00/39-10:32:06,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-10:32:06,9) [mm_percpu_wq] (root,0,0,00:00:00/39-10:32:06,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-10:32:06,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-10:32:06,12) [rcu_tasks_trace] (root,0,0,00:01:12/39-10:32:06,13) [ksoftirqd/0] (root,0,0,01:53:07/39-10:32:06,14) [rcu_preempt] (root,0,0,00:00:15/39-10:32:06,15) [migration/0] (root,0,0,00:00:00/39-10:32:06,16) [idle_inject/0] (root,0,0,00:00:00/39-10:32:06,18) [cpuhp/0] (root,0,0,00:00:00/39-10:32:06,19) [cpuhp/1] (root,0,0,00:00:00/39-10:32:06,20) [idle_inject/1] (root,0,0,00:00:15/39-10:32:06,21) [migration/1] (root,0,0,00:00:58/39-10:32:06,22) [ksoftirqd/1] (root,0,0,00:00:00/39-10:32:06,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-10:32:06,25) [cpuhp/2] (root,0,0,00:00:00/39-10:32:06,26) [idle_inject/2] (root,0,0,00:00:11/39-10:32:06,27) [migration/2] (root,0,0,01:13:18/39-10:32:06,28) [ksoftirqd/2] (root,0,0,00:00:00/39-10:32:06,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-10:32:06,31) [cpuhp/3] (root,0,0,00:00:00/39-10:32:06,32) [idle_inject/3] (root,0,0,00:00:14/39-10:32:06,33) [migration/3] (root,0,0,00:03:45/39-10:32:06,34) [ksoftirqd/3] (root,0,0,00:00:00/39-10:32:06,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-10:32:06,40) [kdevtmpfs] (root,0,0,00:00:00/39-10:32:06,41) [netns] (root,0,0,00:00:00/39-10:32:06,42) [inet_frag_wq] (root,0,0,00:00:14/39-10:32:06,43) [kauditd] (root,0,0,00:00:00/39-10:32:06,44) [khungtaskd] (root,0,0,00:00:00/39-10:32:06,45) [oom_reaper] (root,0,0,00:00:00/39-10:32:06,46) [writeback] (root,0,0,00:02:04/39-10:32:06,47) [kcompactd0] (root,0,0,00:00:00/39-10:32:06,48) [ksmd] (root,0,0,00:02:09/39-10:32:06,49) [khugepaged] (root,0,0,00:00:00/39-10:32:06,75) [kintegrityd] (root,0,0,00:00:00/39-10:32:06,76) [kblockd] (root,0,0,00:00:00/39-10:32:06,77) [blkcg_punt_bio] (root,0,0,00:00:00/39-10:32:06,79) [tpm_dev_wq] (root,0,0,00:00:00/39-10:32:06,80) [edac-poller] (root,0,0,00:00:00/39-10:32:06,81) [devfreq_wq] (root,0,0,00:00:00/39-10:32:06,110) [watchdogd] (root,0,0,00:00:02/39-10:32:06,111) [kswapd0] (root,0,0,00:00:10/39-10:32:06,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/39-10:32:04,115) [kthrotld] (root,0,0,00:00:00/39-10:32:04,116) [mld] (root,0,0,00:00:00/39-10:32:04,117) [ipv6_addrconf] (root,0,0,00:00:11/39-10:32:04,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-10:32:04,123) [kstrp] (root,0,0,00:00:00/39-10:32:04,124) [zswap-shrink] (root,0,0,00:00:00/39-10:32:04,125) [kworker/u9:0] (root,0,0,00:00:00/39-10:32:04,130) [charger_manager] (root,0,0,00:00:12/39-10:32:04,172) [kworker/1:1H-kblockd] (root,0,0,00:00:17/39-10:32:04,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/39-10:32:03,239) [kaluad] (root,0,0,00:00:00/39-10:32:03,258) [kmpath_rdacd] (root,0,0,00:00:00/39-10:32:03,304) [kmpathd] (root,0,0,00:00:00/39-10:32:03,305) [kmpath_handlerd] (root,0,0,00:00:00/39-10:32:02,342) [ata_sff] (root,0,0,00:00:00/39-10:32:02,343) [scsi_eh_0] (root,0,0,00:00:00/39-10:32:02,344) [scsi_tmf_0] (root,0,0,00:00:00/39-10:32:02,345) [scsi_eh_1] (root,0,0,00:00:00/39-10:32:02,346) [scsi_tmf_1] (root,0,0,00:01:18/39-10:31:59,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-10:31:59,367) [ext4-rsv-conver] (root,38604,7924,00:01:08/39-10:31:47,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/39-10:31:46,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:01:02/39-10:31:44,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:24/39-10:31:13,511) /sbin/auditd (messagebus,22932,5436,00:02:12/39-10:31:12,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:15/39-10:31:12,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/39-10:31:12,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/39-10:31:10,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/39-10:31:10,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/31:03,1266) [kworker/2:0-events] (root,548616,30300,00:00:46/39-10:30:56,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/39-10:30:56,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:54/39-10:30:56,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/39-10:30:56,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/39-10:30:56,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/39-10:30:56,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/39-10:30:56,1343) /usr/lib/systemd/systemd --user (root,449060,8596,00:01:19/39-10:30:56,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:42/39-10:30:56,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/39-10:30:56,1352) bpfilter_umh (root,26204,8116,00:00:20/39-10:30:56,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/39-10:30:56,1359) ntpd: asynchronous dns resolver (spot,361504,198348,2-07:14:01/39-10:30:55,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/39-10:30:55,1371) (sd-pam) (checkmk,48528,3192,00:00:00/39-10:30:55,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/39-10:30:55,1373) (sd-pam) (root,24216,5260,00:00:14/39-10:30:53,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/39-10:30:53,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/39-10:30:53,1485) /usr/sbin/cron -n (root,697108,78496,00:54:42/39-10:30:47,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,67424,00:21:42/39-10:30:35,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/33-16:06:10,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:05:47,4221) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/20:54,10453) [kworker/3:0-events] (root,35304,10040,00:00:00/1-10:59:05,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:06/1-10:59:04,10514) sshd: syslogtunnel (root,0,0,00:00:00/20:19,12444) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/17:04,14542) [kworker/0:2] (root,0,0,00:00:00/05:21,14996) [kworker/3:1-ata_sff] (root,0,0,00:00:00/40:18,15042) [kworker/1:1-events] (root,0,0,00:00:00/01:22:24,16553) [kworker/0:0-events] (postfix,24244,8244,00:00:00/59:31,20658) pickup -l -t fifo -u (root,0,0,00:00:00/00:08,29460) [kworker/3:2-ata_sff] (root,6656,3484,00:00:00/00:00,30177) /bin/bash /usr/bin/check_mk_agent (root,13744,3524,00:00:00/00:00,30195) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,30196) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10028,00:00:00/1-11:45:18,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:06/1-11:45:17,30947) sshd: cm-ssh (root,0,0,00:00:00/54:16,31742) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/44:55,32470) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-19 21:20 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a298e7f0Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:51/37-11:49:34,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-11:49:34,2) [kthreadd] (root,0,0,00:00:00/37-11:49:34,3) [rcu_gp] (root,0,0,00:00:00/37-11:49:34,4) [rcu_par_gp] (root,0,0,00:00:00/37-11:49:34,5) [slub_flushwq] (root,0,0,00:00:00/37-11:49:34,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-11:49:34,9) [mm_percpu_wq] (root,0,0,00:00:00/37-11:49:34,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-11:49:34,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-11:49:34,12) [rcu_tasks_trace] (root,0,0,00:01:07/37-11:49:34,13) [ksoftirqd/0] (root,0,0,01:47:16/37-11:49:34,14) [rcu_preempt] (root,0,0,00:00:14/37-11:49:34,15) [migration/0] (root,0,0,00:00:00/37-11:49:34,16) [idle_inject/0] (root,0,0,00:00:00/37-11:49:34,18) [cpuhp/0] (root,0,0,00:00:00/37-11:49:34,19) [cpuhp/1] (root,0,0,00:00:00/37-11:49:34,20) [idle_inject/1] (root,0,0,00:00:14/37-11:49:34,21) [migration/1] (root,0,0,00:00:55/37-11:49:34,22) [ksoftirqd/1] (root,0,0,00:00:00/37-11:49:34,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-11:49:34,25) [cpuhp/2] (root,0,0,00:00:00/37-11:49:34,26) [idle_inject/2] (root,0,0,00:00:10/37-11:49:34,27) [migration/2] (root,0,0,01:07:48/37-11:49:34,28) [ksoftirqd/2] (root,0,0,00:00:00/37-11:49:34,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-11:49:34,31) [cpuhp/3] (root,0,0,00:00:00/37-11:49:34,32) [idle_inject/3] (root,0,0,00:00:13/37-11:49:34,33) [migration/3] (root,0,0,00:03:29/37-11:49:34,34) [ksoftirqd/3] (root,0,0,00:00:00/37-11:49:34,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-11:49:34,40) [kdevtmpfs] (root,0,0,00:00:00/37-11:49:34,41) [netns] (root,0,0,00:00:00/37-11:49:34,42) [inet_frag_wq] (root,0,0,00:00:13/37-11:49:34,43) [kauditd] (root,0,0,00:00:00/37-11:49:34,44) [khungtaskd] (root,0,0,00:00:00/37-11:49:34,45) [oom_reaper] (root,0,0,00:00:00/37-11:49:34,46) [writeback] (root,0,0,00:01:58/37-11:49:34,47) [kcompactd0] (root,0,0,00:00:00/37-11:49:34,48) [ksmd] (root,0,0,00:02:02/37-11:49:34,49) [khugepaged] (root,0,0,00:00:00/37-11:49:34,75) [kintegrityd] (root,0,0,00:00:00/37-11:49:34,76) [kblockd] (root,0,0,00:00:00/37-11:49:34,77) [blkcg_punt_bio] (root,0,0,00:00:00/37-11:49:34,79) [tpm_dev_wq] (root,0,0,00:00:00/37-11:49:34,80) [edac-poller] (root,0,0,00:00:00/37-11:49:34,81) [devfreq_wq] (root,0,0,00:00:00/37-11:49:34,110) [watchdogd] (root,0,0,00:00:02/37-11:49:34,111) [kswapd0] (root,0,0,00:00:10/37-11:49:34,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/37-11:49:32,115) [kthrotld] (root,0,0,00:00:00/37-11:49:32,116) [mld] (root,0,0,00:00:00/37-11:49:32,117) [ipv6_addrconf] (root,0,0,00:00:10/37-11:49:32,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-11:49:32,123) [kstrp] (root,0,0,00:00:00/37-11:49:32,124) [zswap-shrink] (root,0,0,00:00:00/37-11:49:32,125) [kworker/u9:0] (root,0,0,00:00:00/37-11:49:32,130) [charger_manager] (root,0,0,00:00:11/37-11:49:32,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/37-11:49:32,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/37-11:49:31,239) [kaluad] (root,0,0,00:00:00/37-11:49:31,258) [kmpath_rdacd] (root,0,0,00:00:00/37-11:49:31,304) [kmpathd] (root,0,0,00:00:00/37-11:49:31,305) [kmpath_handlerd] (root,0,0,00:00:00/37-11:49:30,342) [ata_sff] (root,0,0,00:00:00/37-11:49:30,343) [scsi_eh_0] (root,0,0,00:00:00/37-11:49:30,344) [scsi_tmf_0] (root,0,0,00:00:00/37-11:49:30,345) [scsi_eh_1] (root,0,0,00:00:00/37-11:49:30,346) [scsi_tmf_1] (root,0,0,00:01:14/37-11:49:27,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-11:49:27,367) [ext4-rsv-conver] (root,38604,7924,00:01:01/37-11:49:15,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/37-11:49:14,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:00:58/37-11:49:12,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:22/37-11:48:41,511) /sbin/auditd (messagebus,22932,5436,00:02:06/37-11:48:40,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:11/37-11:48:40,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/37-11:48:40,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/37-11:48:38,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/37-11:48:38,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30292,00:00:44/37-11:48:24,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/37-11:48:24,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:43/37-11:48:24,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/37-11:48:24,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/37-11:48:24,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/37-11:48:24,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/37-11:48:24,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:58/37-11:48:24,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:25/37-11:48:24,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/37-11:48:24,1352) bpfilter_umh (root,26204,8116,00:00:19/37-11:48:24,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/37-11:48:24,1359) ntpd: asynchronous dns resolver (spot,361920,198472,2-04:19:45/37-11:48:23,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/37-11:48:23,1371) (sd-pam) (checkmk,48528,3192,00:00:00/37-11:48:23,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/37-11:48:23,1373) (sd-pam) (root,24216,5260,00:00:13/37-11:48:21,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/37-11:48:21,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/37-11:48:21,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/37-11:48:18,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:19/37-11:48:17,1527) sshd: syslogtunnel (root,696596,77960,00:51:53/37-11:48:15,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66204,00:20:40/37-11:48:03,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/31-17:23:38,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/06:10,2691) [kworker/u8:1-writeback] (root,35308,10108,00:00:00/37-11:47:38,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:02:04/37-11:47:38,3218) sshd: cm-ssh (postfix,24244,8256,00:00:00/58:48,4691) pickup -l -t fifo -u (root,0,0,00:00:00/05:33,5154) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:13:13,18233) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/01:46:56,19177) [kworker/0:2-events] (root,0,0,00:00:00/38:58,19789) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/29:19,24321) [kworker/2:1-events] (root,0,0,00:00:00/37:10,26327) [kworker/1:1-events] (root,0,0,00:00:00/52:34,26865) [kworker/1:0-events] (root,0,0,00:00:00/00:23,28064) [kworker/3:1-ata_sff] (root,6656,3492,00:00:00/00:00,29015) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,29033) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,29034) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/43:32,32400) [kworker/2:2] (root,0,0,00:00:02/03:27:54,32737) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-17 22:38 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b3181fc7Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12620,00:01:45/35-11:23:20,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/35-11:23:20,2) [kthreadd] (root,0,0,00:00:00/35-11:23:20,3) [rcu_gp] (root,0,0,00:00:00/35-11:23:20,4) [rcu_par_gp] (root,0,0,00:00:00/35-11:23:20,5) [slub_flushwq] (root,0,0,00:00:00/35-11:23:20,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-11:23:20,9) [mm_percpu_wq] (root,0,0,00:00:00/35-11:23:20,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-11:23:20,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-11:23:20,12) [rcu_tasks_trace] (root,0,0,00:01:04/35-11:23:20,13) [ksoftirqd/0] (root,0,0,01:41:54/35-11:23:20,14) [rcu_preempt] (root,0,0,00:00:13/35-11:23:20,15) [migration/0] (root,0,0,00:00:00/35-11:23:20,16) [idle_inject/0] (root,0,0,00:00:00/35-11:23:20,18) [cpuhp/0] (root,0,0,00:00:00/35-11:23:20,19) [cpuhp/1] (root,0,0,00:00:00/35-11:23:20,20) [idle_inject/1] (root,0,0,00:00:13/35-11:23:20,21) [migration/1] (root,0,0,00:00:52/35-11:23:20,22) [ksoftirqd/1] (root,0,0,00:00:00/35-11:23:20,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-11:23:20,25) [cpuhp/2] (root,0,0,00:00:00/35-11:23:20,26) [idle_inject/2] (root,0,0,00:00:10/35-11:23:20,27) [migration/2] (root,0,0,01:04:51/35-11:23:20,28) [ksoftirqd/2] (root,0,0,00:00:00/35-11:23:20,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-11:23:20,31) [cpuhp/3] (root,0,0,00:00:00/35-11:23:20,32) [idle_inject/3] (root,0,0,00:00:12/35-11:23:20,33) [migration/3] (root,0,0,00:03:20/35-11:23:20,34) [ksoftirqd/3] (root,0,0,00:00:00/35-11:23:20,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-11:23:20,40) [kdevtmpfs] (root,0,0,00:00:00/35-11:23:20,41) [netns] (root,0,0,00:00:00/35-11:23:20,42) [inet_frag_wq] (root,0,0,00:00:12/35-11:23:20,43) [kauditd] (root,0,0,00:00:00/35-11:23:20,44) [khungtaskd] (root,0,0,00:00:00/35-11:23:20,45) [oom_reaper] (root,0,0,00:00:00/35-11:23:20,46) [writeback] (root,0,0,00:01:52/35-11:23:20,47) [kcompactd0] (root,0,0,00:00:00/35-11:23:20,48) [ksmd] (root,0,0,00:01:55/35-11:23:20,49) [khugepaged] (root,0,0,00:00:00/35-11:23:20,75) [kintegrityd] (root,0,0,00:00:00/35-11:23:20,76) [kblockd] (root,0,0,00:00:00/35-11:23:20,77) [blkcg_punt_bio] (root,0,0,00:00:00/35-11:23:20,79) [tpm_dev_wq] (root,0,0,00:00:00/35-11:23:20,80) [edac-poller] (root,0,0,00:00:00/35-11:23:20,81) [devfreq_wq] (root,0,0,00:00:00/35-11:23:20,110) [watchdogd] (root,0,0,00:00:02/35-11:23:20,111) [kswapd0] (root,0,0,00:00:09/35-11:23:20,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/35-11:23:18,115) [kthrotld] (root,0,0,00:00:00/35-11:23:18,116) [mld] (root,0,0,00:00:00/35-11:23:18,117) [ipv6_addrconf] (root,0,0,00:00:10/35-11:23:18,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-11:23:18,123) [kstrp] (root,0,0,00:00:00/35-11:23:18,124) [zswap-shrink] (root,0,0,00:00:00/35-11:23:18,125) [kworker/u9:0] (root,0,0,00:00:00/35-11:23:18,130) [charger_manager] (root,0,0,00:00:10/35-11:23:18,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/35-11:23:18,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/35-11:23:17,239) [kaluad] (root,0,0,00:00:00/35-11:23:17,258) [kmpath_rdacd] (root,0,0,00:00:00/35-11:23:17,304) [kmpathd] (root,0,0,00:00:00/35-11:23:17,305) [kmpath_handlerd] (root,0,0,00:00:00/35-11:23:16,342) [ata_sff] (root,0,0,00:00:00/35-11:23:16,343) [scsi_eh_0] (root,0,0,00:00:00/35-11:23:16,344) [scsi_tmf_0] (root,0,0,00:00:00/35-11:23:16,345) [scsi_eh_1] (root,0,0,00:00:00/35-11:23:16,346) [scsi_tmf_1] (root,0,0,00:01:11/35-11:23:13,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-11:23:13,367) [ext4-rsv-conver] (root,38604,7924,00:00:58/35-11:23:01,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/35-11:23:00,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:00:55/35-11:22:58,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:21/35-11:22:27,511) /sbin/auditd (messagebus,22932,5436,00:01:59/35-11:22:26,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:07/35-11:22:26,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/35-11:22:26,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/35-11:22:24,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/35-11:22:24,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29680,00:00:41/35-11:22:10,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/35-11:22:10,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:31/35-11:22:10,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/35-11:22:10,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/35-11:22:10,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/35-11:22:10,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/35-11:22:10,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:55/35-11:22:10,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:07/35-11:22:10,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/35-11:22:10,1352) bpfilter_umh (root,26204,8116,00:00:18/35-11:22:10,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/35-11:22:10,1359) ntpd: asynchronous dns resolver (spot,361760,198440,2-02:11:41/35-11:22:09,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/35-11:22:09,1371) (sd-pam) (checkmk,48528,3192,00:00:00/35-11:22:09,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/35-11:22:09,1373) (sd-pam) (root,24216,5260,00:00:12/35-11:22:07,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/35-11:22:07,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/35-11:22:07,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/35-11:22:04,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:12/35-11:22:03,1527) sshd: syslogtunnel (root,696596,77900,00:49:06/35-11:22:01,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/17:49,1640) [kworker/2:2-events] (spot,223680,64852,00:19:39/35-11:21:49,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/29-16:57:24,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/35-11:21:24,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:57/35-11:21:24,3218) sshd: cm-ssh (root,0,0,00:00:00/01:00:01,3274) [kworker/0:2-events] (postfix,24244,8256,00:00:00/54:24,11037) pickup -l -t fifo -u (root,6656,3492,00:00:00/00:00,13325) /bin/bash /usr/bin/check_mk_agent (root,13744,3532,00:00:00/00:00,13343) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,13344) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/04:41:28,14637) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/41:21,16573) [kworker/3:0-events] (root,0,0,00:00:00/10:56,16692) [kworker/u8:0-events_unbound] (root,0,0,00:00:00/39:14,19269) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/22:29,20362) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/10:12,21188) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:29:50,23023) [kworker/1:1-events] (root,0,0,00:00:00/35:02,28809) [kworker/0:1] (root,0,0,00:00:00/05:02,32420) [kworker/3:1-ata_sff] (root,0,0,00:00:00/04:52,32725) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-15 22:12 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363515b8a6cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:39/33-11:05:10,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/33-11:05:10,2) [kthreadd] (root,0,0,00:00:00/33-11:05:10,3) [rcu_gp] (root,0,0,00:00:00/33-11:05:10,4) [rcu_par_gp] (root,0,0,00:00:00/33-11:05:10,5) [slub_flushwq] (root,0,0,00:00:00/33-11:05:10,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-11:05:10,9) [mm_percpu_wq] (root,0,0,00:00:00/33-11:05:10,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-11:05:10,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-11:05:10,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-11:05:10,13) [ksoftirqd/0] (root,0,0,01:36:31/33-11:05:10,14) [rcu_preempt] (root,0,0,00:00:12/33-11:05:10,15) [migration/0] (root,0,0,00:00:00/33-11:05:10,16) [idle_inject/0] (root,0,0,00:00:00/33-11:05:10,18) [cpuhp/0] (root,0,0,00:00:00/33-11:05:10,19) [cpuhp/1] (root,0,0,00:00:00/33-11:05:10,20) [idle_inject/1] (root,0,0,00:00:12/33-11:05:10,21) [migration/1] (root,0,0,00:00:50/33-11:05:10,22) [ksoftirqd/1] (root,0,0,00:00:00/33-11:05:10,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-11:05:10,25) [cpuhp/2] (root,0,0,00:00:00/33-11:05:10,26) [idle_inject/2] (root,0,0,00:00:09/33-11:05:10,27) [migration/2] (root,0,0,01:01:36/33-11:05:10,28) [ksoftirqd/2] (root,0,0,00:00:00/33-11:05:10,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-11:05:10,31) [cpuhp/3] (root,0,0,00:00:00/33-11:05:10,32) [idle_inject/3] (root,0,0,00:00:12/33-11:05:10,33) [migration/3] (root,0,0,00:03:10/33-11:05:10,34) [ksoftirqd/3] (root,0,0,00:00:00/33-11:05:10,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-11:05:10,40) [kdevtmpfs] (root,0,0,00:00:00/33-11:05:10,41) [netns] (root,0,0,00:00:00/33-11:05:10,42) [inet_frag_wq] (root,0,0,00:00:12/33-11:05:10,43) [kauditd] (root,0,0,00:00:00/33-11:05:10,44) [khungtaskd] (root,0,0,00:00:00/33-11:05:10,45) [oom_reaper] (root,0,0,00:00:00/33-11:05:10,46) [writeback] (root,0,0,00:01:45/33-11:05:10,47) [kcompactd0] (root,0,0,00:00:00/33-11:05:10,48) [ksmd] (root,0,0,00:01:49/33-11:05:10,49) [khugepaged] (root,0,0,00:00:00/33-11:05:10,75) [kintegrityd] (root,0,0,00:00:00/33-11:05:10,76) [kblockd] (root,0,0,00:00:00/33-11:05:10,77) [blkcg_punt_bio] (root,0,0,00:00:00/33-11:05:10,79) [tpm_dev_wq] (root,0,0,00:00:00/33-11:05:10,80) [edac-poller] (root,0,0,00:00:00/33-11:05:10,81) [devfreq_wq] (root,0,0,00:00:00/33-11:05:10,110) [watchdogd] (root,0,0,00:00:02/33-11:05:10,111) [kswapd0] (root,0,0,00:00:09/33-11:05:10,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/33-11:05:08,115) [kthrotld] (root,0,0,00:00:00/33-11:05:08,116) [mld] (root,0,0,00:00:00/33-11:05:08,117) [ipv6_addrconf] (root,0,0,00:00:09/33-11:05:08,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-11:05:08,123) [kstrp] (root,0,0,00:00:00/33-11:05:08,124) [zswap-shrink] (root,0,0,00:00:00/33-11:05:08,125) [kworker/u9:0] (root,0,0,00:00:00/33-11:05:08,130) [charger_manager] (root,0,0,00:00:10/33-11:05:08,172) [kworker/1:1H-kblockd] (root,0,0,00:00:15/33-11:05:08,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/33-11:05:07,239) [kaluad] (root,0,0,00:00:00/33-11:05:07,258) [kmpath_rdacd] (root,0,0,00:00:00/33-11:05:07,304) [kmpathd] (root,0,0,00:00:00/33-11:05:07,305) [kmpath_handlerd] (root,0,0,00:00:00/33-11:05:06,342) [ata_sff] (root,0,0,00:00:00/33-11:05:06,343) [scsi_eh_0] (root,0,0,00:00:00/33-11:05:06,344) [scsi_tmf_0] (root,0,0,00:00:00/33-11:05:06,345) [scsi_eh_1] (root,0,0,00:00:00/33-11:05:06,346) [scsi_tmf_1] (root,0,0,00:01:07/33-11:05:03,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-11:05:03,367) [ext4-rsv-conver] (root,38604,7944,00:00:54/33-11:04:51,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/33-11:04:50,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:52/33-11:04:48,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:20/33-11:04:17,511) /sbin/auditd (messagebus,22932,5632,00:01:51/33-11:04:16,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:01:03/33-11:04:16,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/33-11:04:16,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/33-11:04:14,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/33-11:04:14,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:39/33-11:04:00,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/33-11:04:00,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:21/33-11:04:00,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/33-11:04:00,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/33-11:04:00,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/33-11:04:00,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/33-11:04:00,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:51/33-11:04:00,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:50/33-11:04:00,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/33-11:04:00,1352) bpfilter_umh (root,26204,8128,00:00:17/33-11:04:00,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/33-11:04:00,1359) ntpd: asynchronous dns resolver (spot,361264,200032,2-00:13:12/33-11:03:59,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/33-11:03:59,1371) (sd-pam) (checkmk,48528,3192,00:00:00/33-11:03:59,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/33-11:03:59,1373) (sd-pam) (root,24216,5260,00:00:11/33-11:03:57,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/33-11:03:57,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/33-11:03:57,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/33-11:03:54,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:05/33-11:03:53,1527) sshd: syslogtunnel (root,694036,75228,00:46:19/33-11:03:51,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,222656,63340,00:18:39/33-11:03:39,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/27-16:39:14,2557) tlsmgr -l -t unix -u (postfix,24244,8240,00:00:00/57:10,2889) pickup -l -t fifo -u (root,0,0,00:00:00/21:02,2925) [kworker/3:2-events] (root,35308,10108,00:00:00/33-11:03:14,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:51/33-11:03:14,3218) sshd: cm-ssh (root,0,0,00:00:00/44:02,3437) [kworker/0:2-events] (root,0,0,00:00:00/00:48,7507) [kworker/2:1] (root,0,0,00:00:00/00:16,9007) [kworker/3:0-ata_sff] (root,0,0,00:00:00/07:26,9144) [kworker/1:1] (root,6656,3484,00:00:00/00:00,11131) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,11149) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,11150) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:53:53,15338) [kworker/1:0-events] (root,0,0,00:00:00/02:50:33,15620) [kworker/2:2-events] (root,0,0,00:00:00/05:28,18480) [kworker/3:1-ata_sff] (root,0,0,00:00:00/03:49,22539) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/01:07:20,26016) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/01:07:19,26130) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/27:19,26155) [kworker/0:0-events] (root,0,0,00:00:00/01:43:35,28574) [kworker/u8:0-flush-253:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-13 21:53 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363eb74a6ceFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:32/31-10:28:13,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-10:28:13,2) [kthreadd] (root,0,0,00:00:00/31-10:28:13,3) [rcu_gp] (root,0,0,00:00:00/31-10:28:13,4) [rcu_par_gp] (root,0,0,00:00:00/31-10:28:13,5) [slub_flushwq] (root,0,0,00:00:00/31-10:28:13,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-10:28:13,9) [mm_percpu_wq] (root,0,0,00:00:00/31-10:28:13,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-10:28:13,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-10:28:13,12) [rcu_tasks_trace] (root,0,0,00:00:58/31-10:28:13,13) [ksoftirqd/0] (root,0,0,01:31:05/31-10:28:13,14) [rcu_preempt] (root,0,0,00:00:12/31-10:28:13,15) [migration/0] (root,0,0,00:00:00/31-10:28:13,16) [idle_inject/0] (root,0,0,00:00:00/31-10:28:13,18) [cpuhp/0] (root,0,0,00:00:00/31-10:28:13,19) [cpuhp/1] (root,0,0,00:00:00/31-10:28:13,20) [idle_inject/1] (root,0,0,00:00:12/31-10:28:13,21) [migration/1] (root,0,0,00:00:47/31-10:28:13,22) [ksoftirqd/1] (root,0,0,00:00:00/31-10:28:13,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-10:28:13,25) [cpuhp/2] (root,0,0,00:00:00/31-10:28:13,26) [idle_inject/2] (root,0,0,00:00:09/31-10:28:13,27) [migration/2] (root,0,0,00:58:23/31-10:28:13,28) [ksoftirqd/2] (root,0,0,00:00:00/31-10:28:13,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-10:28:13,31) [cpuhp/3] (root,0,0,00:00:00/31-10:28:13,32) [idle_inject/3] (root,0,0,00:00:11/31-10:28:13,33) [migration/3] (root,0,0,00:03:01/31-10:28:13,34) [ksoftirqd/3] (root,0,0,00:00:00/31-10:28:13,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-10:28:13,40) [kdevtmpfs] (root,0,0,00:00:00/31-10:28:13,41) [netns] (root,0,0,00:00:00/31-10:28:13,42) [inet_frag_wq] (root,0,0,00:00:11/31-10:28:13,43) [kauditd] (root,0,0,00:00:00/31-10:28:13,44) [khungtaskd] (root,0,0,00:00:00/31-10:28:13,45) [oom_reaper] (root,0,0,00:00:00/31-10:28:13,46) [writeback] (root,0,0,00:01:40/31-10:28:13,47) [kcompactd0] (root,0,0,00:00:00/31-10:28:13,48) [ksmd] (root,0,0,00:01:43/31-10:28:13,49) [khugepaged] (root,0,0,00:00:00/31-10:28:13,75) [kintegrityd] (root,0,0,00:00:00/31-10:28:13,76) [kblockd] (root,0,0,00:00:00/31-10:28:13,77) [blkcg_punt_bio] (root,0,0,00:00:00/31-10:28:13,79) [tpm_dev_wq] (root,0,0,00:00:00/31-10:28:13,80) [edac-poller] (root,0,0,00:00:00/31-10:28:13,81) [devfreq_wq] (root,0,0,00:00:00/31-10:28:13,110) [watchdogd] (root,0,0,00:00:02/31-10:28:13,111) [kswapd0] (root,0,0,00:00:08/31-10:28:13,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/31-10:28:11,115) [kthrotld] (root,0,0,00:00:00/31-10:28:11,116) [mld] (root,0,0,00:00:00/31-10:28:11,117) [ipv6_addrconf] (root,0,0,00:00:09/31-10:28:11,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-10:28:11,123) [kstrp] (root,0,0,00:00:00/31-10:28:11,124) [zswap-shrink] (root,0,0,00:00:00/31-10:28:11,125) [kworker/u9:0] (root,0,0,00:00:00/31-10:28:11,130) [charger_manager] (root,0,0,00:00:09/31-10:28:11,172) [kworker/1:1H-kblockd] (root,0,0,00:00:14/31-10:28:11,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/31-10:28:10,239) [kaluad] (root,0,0,00:00:00/31-10:28:10,258) [kmpath_rdacd] (root,0,0,00:00:00/31-10:28:10,304) [kmpathd] (root,0,0,00:00:00/31-10:28:10,305) [kmpath_handlerd] (root,0,0,00:00:00/31-10:28:09,342) [ata_sff] (root,0,0,00:00:00/31-10:28:09,343) [scsi_eh_0] (root,0,0,00:00:00/31-10:28:09,344) [scsi_tmf_0] (root,0,0,00:00:00/31-10:28:09,345) [scsi_eh_1] (root,0,0,00:00:00/31-10:28:09,346) [scsi_tmf_1] (root,0,0,00:01:03/31-10:28:06,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-10:28:06,367) [ext4-rsv-conver] (root,38604,7944,00:00:50/31-10:27:54,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/31-10:27:53,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:49/31-10:27:51,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:18/31-10:27:20,511) /sbin/auditd (messagebus,22932,5632,00:01:43/31-10:27:19,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:58/31-10:27:19,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/31-10:27:19,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/31-10:27:17,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/31-10:27:17,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:37/31-10:27:03,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/31-10:27:03,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:09/31-10:27:03,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/31-10:27:03,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/31-10:27:03,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/31-10:27:03,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/31-10:27:03,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:48/31-10:27:03,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:34/31-10:27:03,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/31-10:27:03,1352) bpfilter_umh (root,26204,8128,00:00:16/31-10:27:03,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/31-10:27:03,1359) ntpd: asynchronous dns resolver (spot,361984,200240,1-22:00:42/31-10:27:02,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/31-10:27:02,1371) (sd-pam) (checkmk,48528,3192,00:00:00/31-10:27:02,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/31-10:27:02,1373) (sd-pam) (root,24216,5260,00:00:11/31-10:27:00,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/31-10:27:00,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/31-10:27:00,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/31-10:26:57,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:57/31-10:26:56,1527) sshd: syslogtunnel (root,693780,72896,00:43:33/31-10:26:54,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,221632,61976,00:17:36/31-10:26:42,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/25-16:02:17,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/31-10:26:17,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:44/31-10:26:17,3218) sshd: cm-ssh (root,0,0,00:00:00/25:17,5424) [kworker/0:2-events] (root,0,0,00:00:00/06:14,8236) [kworker/3:1-events] (root,0,0,00:00:00/06:02,8237) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/02:05:25,8637) [kworker/1:1-events] (root,0,0,00:00:00/31:58,10736) [kworker/0:0-events] (root,0,0,00:00:00/15:36:49,11736) [kworker/u8:1-ext4-rsv-conversion] (postfix,24244,8172,00:00:00/42:10,12724) pickup -l -t fifo -u (root,0,0,00:00:00/21:59,17037) [kworker/2:2] (root,0,0,00:00:00/21:48,17525) [kworker/3:2-ata_sff] (root,0,0,00:00:00/48:45,22602) [kworker/2:1-events] (root,0,0,00:00:00/38:44,23131) [kworker/1:0-events] (root,0,0,00:00:00/01:02,26150) [kworker/3:0-ata_sff] (root,6656,3492,00:00:00/00:00,29996) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,30014) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,30015) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-11 21:16 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ea03be87Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:25/29-11:33:43,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-11:33:43,2) [kthreadd] (root,0,0,00:00:00/29-11:33:43,3) [rcu_gp] (root,0,0,00:00:00/29-11:33:43,4) [rcu_par_gp] (root,0,0,00:00:00/29-11:33:43,5) [slub_flushwq] (root,0,0,00:00:00/29-11:33:43,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-11:33:43,9) [mm_percpu_wq] (root,0,0,00:00:00/29-11:33:43,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-11:33:43,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-11:33:43,12) [rcu_tasks_trace] (root,0,0,00:00:55/29-11:33:43,13) [ksoftirqd/0] (root,0,0,01:25:27/29-11:33:43,14) [rcu_preempt] (root,0,0,00:00:11/29-11:33:43,15) [migration/0] (root,0,0,00:00:00/29-11:33:43,16) [idle_inject/0] (root,0,0,00:00:00/29-11:33:43,18) [cpuhp/0] (root,0,0,00:00:00/29-11:33:43,19) [cpuhp/1] (root,0,0,00:00:00/29-11:33:43,20) [idle_inject/1] (root,0,0,00:00:11/29-11:33:43,21) [migration/1] (root,0,0,00:00:44/29-11:33:43,22) [ksoftirqd/1] (root,0,0,00:00:00/29-11:33:43,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-11:33:43,25) [cpuhp/2] (root,0,0,00:00:00/29-11:33:43,26) [idle_inject/2] (root,0,0,00:00:08/29-11:33:43,27) [migration/2] (root,0,0,00:54:30/29-11:33:43,28) [ksoftirqd/2] (root,0,0,00:00:00/29-11:33:43,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-11:33:43,31) [cpuhp/3] (root,0,0,00:00:00/29-11:33:43,32) [idle_inject/3] (root,0,0,00:00:10/29-11:33:43,33) [migration/3] (root,0,0,00:02:50/29-11:33:43,34) [ksoftirqd/3] (root,0,0,00:00:00/29-11:33:43,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-11:33:43,40) [kdevtmpfs] (root,0,0,00:00:00/29-11:33:43,41) [netns] (root,0,0,00:00:00/29-11:33:43,42) [inet_frag_wq] (root,0,0,00:00:10/29-11:33:43,43) [kauditd] (root,0,0,00:00:00/29-11:33:43,44) [khungtaskd] (root,0,0,00:00:00/29-11:33:43,45) [oom_reaper] (root,0,0,00:00:00/29-11:33:43,46) [writeback] (root,0,0,00:01:34/29-11:33:43,47) [kcompactd0] (root,0,0,00:00:00/29-11:33:43,48) [ksmd] (root,0,0,00:01:35/29-11:33:43,49) [khugepaged] (root,0,0,00:00:00/29-11:33:43,75) [kintegrityd] (root,0,0,00:00:00/29-11:33:43,76) [kblockd] (root,0,0,00:00:00/29-11:33:43,77) [blkcg_punt_bio] (root,0,0,00:00:00/29-11:33:43,79) [tpm_dev_wq] (root,0,0,00:00:00/29-11:33:43,80) [edac-poller] (root,0,0,00:00:00/29-11:33:43,81) [devfreq_wq] (root,0,0,00:00:00/29-11:33:43,110) [watchdogd] (root,0,0,00:00:02/29-11:33:43,111) [kswapd0] (root,0,0,00:00:08/29-11:33:43,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/29-11:33:41,115) [kthrotld] (root,0,0,00:00:00/29-11:33:41,116) [mld] (root,0,0,00:00:00/29-11:33:41,117) [ipv6_addrconf] (root,0,0,00:00:08/29-11:33:41,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-11:33:41,123) [kstrp] (root,0,0,00:00:00/29-11:33:41,124) [zswap-shrink] (root,0,0,00:00:00/29-11:33:41,125) [kworker/u9:0] (root,0,0,00:00:00/29-11:33:41,130) [charger_manager] (root,0,0,00:00:09/29-11:33:41,172) [kworker/1:1H-kblockd] (root,0,0,00:00:13/29-11:33:41,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/29-11:33:40,239) [kaluad] (root,0,0,00:00:00/29-11:33:40,258) [kmpath_rdacd] (root,0,0,00:00:00/29-11:33:40,304) [kmpathd] (root,0,0,00:00:00/29-11:33:40,305) [kmpath_handlerd] (root,0,0,00:00:00/29-11:33:39,342) [ata_sff] (root,0,0,00:00:00/29-11:33:39,343) [scsi_eh_0] (root,0,0,00:00:00/29-11:33:39,344) [scsi_tmf_0] (root,0,0,00:00:00/29-11:33:39,345) [scsi_eh_1] (root,0,0,00:00:00/29-11:33:39,346) [scsi_tmf_1] (root,0,0,00:00:59/29-11:33:36,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-11:33:36,367) [ext4-rsv-conver] (root,38604,7944,00:00:47/29-11:33:24,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/29-11:33:23,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:46/29-11:33:21,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:17/29-11:32:50,511) /sbin/auditd (messagebus,22932,5632,00:01:35/29-11:32:49,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:54/29-11:32:49,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/29-11:32:49,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/29-11:32:47,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/29-11:32:47,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:34/29-11:32:33,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/29-11:32:33,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:59/29-11:32:33,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/29-11:32:33,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/29-11:32:33,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/29-11:32:33,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/29-11:32:33,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:45/29-11:32:33,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:16/29-11:32:33,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/29-11:32:33,1352) bpfilter_umh (root,26204,8128,00:00:14/29-11:32:33,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/29-11:32:33,1359) ntpd: asynchronous dns resolver (spot,361616,200156,1-19:43:48/29-11:32:32,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/29-11:32:32,1371) (sd-pam) (checkmk,48528,3192,00:00:00/29-11:32:32,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/29-11:32:32,1373) (sd-pam) (root,24216,5260,00:00:10/29-11:32:30,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/29-11:32:30,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/29-11:32:30,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/29-11:32:27,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:50/29-11:32:26,1527) sshd: syslogtunnel (root,693524,72428,00:40:45/29-11:32:24,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,220608,60744,00:16:35/29-11:32:12,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/23-17:07:47,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/29-11:31:47,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:38/29-11:31:47,3218) sshd: cm-ssh (root,0,0,00:00:00/22:10,4977) [kworker/2:0-events] (root,0,0,00:00:00/09:00,8232) [kworker/2:2-events] (root,0,0,00:00:00/15:24,9799) [kworker/1:0-events] (root,0,0,00:00:00/01:11:55,9946) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/08:24,10898) [kworker/3:0-events] (root,0,0,00:00:00/03:14,12880) [kworker/3:1-ata_sff] (root,0,0,00:00:00/02:32,15765) [kworker/1:2-events] (root,0,0,00:00:01/01:40:59,16583) [kworker/3:2-ata_sff] (root,0,0,00:00:00/25:36,18169) [kworker/0:2-events] (root,0,0,00:00:00/57:46,22291) [kworker/0:1-events] (postfix,24244,8236,00:00:00/29:35,24925) pickup -l -t fifo -u (root,0,0,00:00:00/28:50,31224) [kworker/1:1-events] (root,0,0,00:00:00/03:38:35,31631) [kworker/u8:0-ext4-rsv-conversion] (root,6656,3484,00:00:00/00:00,32425) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,32443) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,32444) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-09 22:22 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363debf7c45Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:17/27-11:03:37,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-11:03:37,2) [kthreadd] (root,0,0,00:00:00/27-11:03:37,3) [rcu_gp] (root,0,0,00:00:00/27-11:03:37,4) [rcu_par_gp] (root,0,0,00:00:00/27-11:03:37,5) [slub_flushwq] (root,0,0,00:00:00/27-11:03:37,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-11:03:37,9) [mm_percpu_wq] (root,0,0,00:00:00/27-11:03:37,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-11:03:37,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-11:03:37,12) [rcu_tasks_trace] (root,0,0,00:00:51/27-11:03:37,13) [ksoftirqd/0] (root,0,0,01:19:55/27-11:03:37,14) [rcu_preempt] (root,0,0,00:00:10/27-11:03:37,15) [migration/0] (root,0,0,00:00:00/27-11:03:37,16) [idle_inject/0] (root,0,0,00:00:00/27-11:03:37,18) [cpuhp/0] (root,0,0,00:00:00/27-11:03:37,19) [cpuhp/1] (root,0,0,00:00:00/27-11:03:37,20) [idle_inject/1] (root,0,0,00:00:10/27-11:03:37,21) [migration/1] (root,0,0,00:00:42/27-11:03:37,22) [ksoftirqd/1] (root,0,0,00:00:00/27-11:03:37,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-11:03:37,25) [cpuhp/2] (root,0,0,00:00:00/27-11:03:37,26) [idle_inject/2] (root,0,0,00:00:08/27-11:03:37,27) [migration/2] (root,0,0,00:51:23/27-11:03:37,28) [ksoftirqd/2] (root,0,0,00:00:00/27-11:03:37,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-11:03:37,31) [cpuhp/3] (root,0,0,00:00:00/27-11:03:37,32) [idle_inject/3] (root,0,0,00:00:10/27-11:03:37,33) [migration/3] (root,0,0,00:02:40/27-11:03:37,34) [ksoftirqd/3] (root,0,0,00:00:00/27-11:03:37,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-11:03:37,40) [kdevtmpfs] (root,0,0,00:00:00/27-11:03:37,41) [netns] (root,0,0,00:00:00/27-11:03:37,42) [inet_frag_wq] (root,0,0,00:00:09/27-11:03:37,43) [kauditd] (root,0,0,00:00:00/27-11:03:37,44) [khungtaskd] (root,0,0,00:00:00/27-11:03:37,45) [oom_reaper] (root,0,0,00:00:00/27-11:03:37,46) [writeback] (root,0,0,00:01:28/27-11:03:37,47) [kcompactd0] (root,0,0,00:00:00/27-11:03:37,48) [ksmd] (root,0,0,00:01:29/27-11:03:37,49) [khugepaged] (root,0,0,00:00:00/27-11:03:37,75) [kintegrityd] (root,0,0,00:00:00/27-11:03:37,76) [kblockd] (root,0,0,00:00:00/27-11:03:37,77) [blkcg_punt_bio] (root,0,0,00:00:00/27-11:03:37,79) [tpm_dev_wq] (root,0,0,00:00:00/27-11:03:37,80) [edac-poller] (root,0,0,00:00:00/27-11:03:37,81) [devfreq_wq] (root,0,0,00:00:00/27-11:03:37,110) [watchdogd] (root,0,0,00:00:02/27-11:03:37,111) [kswapd0] (root,0,0,00:00:07/27-11:03:37,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/27-11:03:35,115) [kthrotld] (root,0,0,00:00:00/27-11:03:35,116) [mld] (root,0,0,00:00:00/27-11:03:35,117) [ipv6_addrconf] (root,0,0,00:00:07/27-11:03:35,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-11:03:35,123) [kstrp] (root,0,0,00:00:00/27-11:03:35,124) [zswap-shrink] (root,0,0,00:00:00/27-11:03:35,125) [kworker/u9:0] (root,0,0,00:00:00/27-11:03:35,130) [charger_manager] (root,0,0,00:00:08/27-11:03:35,172) [kworker/1:1H-kblockd] (root,0,0,00:00:12/27-11:03:35,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/27-11:03:34,239) [kaluad] (root,0,0,00:00:00/27-11:03:34,258) [kmpath_rdacd] (root,0,0,00:00:00/27-11:03:34,304) [kmpathd] (root,0,0,00:00:00/27-11:03:34,305) [kmpath_handlerd] (root,0,0,00:00:00/27-11:03:33,342) [ata_sff] (root,0,0,00:00:00/27-11:03:33,343) [scsi_eh_0] (root,0,0,00:00:00/27-11:03:33,344) [scsi_tmf_0] (root,0,0,00:00:00/27-11:03:33,345) [scsi_eh_1] (root,0,0,00:00:00/27-11:03:33,346) [scsi_tmf_1] (root,0,0,00:00:55/27-11:03:30,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-11:03:30,367) [ext4-rsv-conver] (root,38604,7944,00:00:43/27-11:03:18,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/27-11:03:17,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:43/27-11:03:15,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:15/27-11:02:44,511) /sbin/auditd (messagebus,22932,5632,00:01:26/27-11:02:43,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8320,00:00:49/27-11:02:43,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/27-11:02:43,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/27-11:02:41,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/27-11:02:41,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/02:23:21,879) [kworker/u8:1-ext4-rsv-conversion] (root,548104,28512,00:00:32/27-11:02:27,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/27-11:02:27,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:47/27-11:02:27,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/27-11:02:27,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/27-11:02:27,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/27-11:02:27,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/27-11:02:27,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:41/27-11:02:27,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:03:59/27-11:02:27,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/27-11:02:27,1352) bpfilter_umh (root,26204,8128,00:00:13/27-11:02:27,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/27-11:02:27,1359) ntpd: asynchronous dns resolver (spot,296672,195184,1-17:06:21/27-11:02:26,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/27-11:02:26,1371) (sd-pam) (checkmk,48528,3192,00:00:00/27-11:02:26,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/27-11:02:26,1373) (sd-pam) (root,24216,5260,00:00:09/27-11:02:24,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:01/27-11:02:24,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/27-11:02:24,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/27-11:02:21,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:42/27-11:02:20,1527) sshd: syslogtunnel (root,693268,74056,00:37:58/27-11:02:18,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/09:27,1861) [kworker/0:2-events] (spot,219584,59116,00:15:32/27-11:02:06,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/18:44,2214) [kworker/2:2] (postfix,44628,9244,00:00:00/21-16:37:41,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/27-11:01:41,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:31/27-11:01:41,3218) sshd: cm-ssh (root,0,0,00:00:00/30:53,6602) [kworker/2:0-events] (root,0,0,00:00:00/06:26,7994) [kworker/1:0-events] (root,0,0,00:00:00/06:12,8417) [kworker/3:1-ata_sff] (root,0,0,00:00:00/29:33,8895) [kworker/u8:0-writeback] (root,0,0,00:00:01/05:11:04,11138) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/01:01,18000) [kworker/3:0-ata_sff] (root,0,0,00:00:00/00:21,20342) [kworker/0:1] (root,6656,3484,00:00:00/00:00,20815) /bin/bash /usr/bin/check_mk_agent (root,13744,3420,00:00:00/00:00,20833) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,20834) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/01:49:57,24222) [kworker/3:2-events] (postfix,24244,8264,00:00:00/21:16,28642) pickup -l -t fifo -u (root,0,0,00:00:00/40:09,30517) [kworker/1:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-07 21:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e777ef17Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:10/25-12:12:59,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-12:12:59,2) [kthreadd] (root,0,0,00:00:00/25-12:12:59,3) [rcu_gp] (root,0,0,00:00:00/25-12:12:59,4) [rcu_par_gp] (root,0,0,00:00:00/25-12:12:59,5) [slub_flushwq] (root,0,0,00:00:00/25-12:12:59,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-12:12:59,9) [mm_percpu_wq] (root,0,0,00:00:00/25-12:12:59,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-12:12:59,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-12:12:59,12) [rcu_tasks_trace] (root,0,0,00:00:48/25-12:12:59,13) [ksoftirqd/0] (root,0,0,01:14:38/25-12:12:59,14) [rcu_preempt] (root,0,0,00:00:09/25-12:12:59,15) [migration/0] (root,0,0,00:00:00/25-12:12:59,16) [idle_inject/0] (root,0,0,00:00:00/25-12:12:59,18) [cpuhp/0] (root,0,0,00:00:00/25-12:12:59,19) [cpuhp/1] (root,0,0,00:00:00/25-12:12:59,20) [idle_inject/1] (root,0,0,00:00:09/25-12:12:59,21) [migration/1] (root,0,0,00:00:39/25-12:12:59,22) [ksoftirqd/1] (root,0,0,00:00:00/25-12:12:59,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-12:12:59,25) [cpuhp/2] (root,0,0,00:00:00/25-12:12:59,26) [idle_inject/2] (root,0,0,00:00:07/25-12:12:59,27) [migration/2] (root,0,0,00:48:46/25-12:12:59,28) [ksoftirqd/2] (root,0,0,00:00:00/25-12:12:59,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-12:12:59,31) [cpuhp/3] (root,0,0,00:00:00/25-12:12:59,32) [idle_inject/3] (root,0,0,00:00:09/25-12:12:59,33) [migration/3] (root,0,0,00:02:31/25-12:12:59,34) [ksoftirqd/3] (root,0,0,00:00:00/25-12:12:59,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-12:12:59,40) [kdevtmpfs] (root,0,0,00:00:00/25-12:12:59,41) [netns] (root,0,0,00:00:00/25-12:12:59,42) [inet_frag_wq] (root,0,0,00:00:08/25-12:12:59,43) [kauditd] (root,0,0,00:00:00/25-12:12:59,44) [khungtaskd] (root,0,0,00:00:00/25-12:12:59,45) [oom_reaper] (root,0,0,00:00:00/25-12:12:59,46) [writeback] (root,0,0,00:01:21/25-12:12:59,47) [kcompactd0] (root,0,0,00:00:00/25-12:12:59,48) [ksmd] (root,0,0,00:01:23/25-12:12:59,49) [khugepaged] (root,0,0,00:00:00/25-12:12:59,75) [kintegrityd] (root,0,0,00:00:00/25-12:12:59,76) [kblockd] (root,0,0,00:00:00/25-12:12:59,77) [blkcg_punt_bio] (root,0,0,00:00:00/25-12:12:59,79) [tpm_dev_wq] (root,0,0,00:00:00/25-12:12:59,80) [edac-poller] (root,0,0,00:00:00/25-12:12:59,81) [devfreq_wq] (root,0,0,00:00:00/25-12:12:59,110) [watchdogd] (root,0,0,00:00:01/25-12:12:59,111) [kswapd0] (root,0,0,00:00:07/25-12:12:59,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/25-12:12:57,115) [kthrotld] (root,0,0,00:00:00/25-12:12:57,116) [mld] (root,0,0,00:00:00/25-12:12:57,117) [ipv6_addrconf] (root,0,0,00:00:07/25-12:12:57,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-12:12:57,123) [kstrp] (root,0,0,00:00:00/25-12:12:57,124) [zswap-shrink] (root,0,0,00:00:00/25-12:12:57,125) [kworker/u9:0] (root,0,0,00:00:00/25-12:12:57,130) [charger_manager] (root,0,0,00:00:07/25-12:12:57,172) [kworker/1:1H-kblockd] (root,0,0,00:00:11/25-12:12:57,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/25-12:12:56,239) [kaluad] (root,0,0,00:00:00/25-12:12:56,258) [kmpath_rdacd] (root,0,0,00:00:00/25-12:12:56,304) [kmpathd] (root,0,0,00:00:00/25-12:12:56,305) [kmpath_handlerd] (root,0,0,00:00:00/25-12:12:55,342) [ata_sff] (root,0,0,00:00:00/25-12:12:55,343) [scsi_eh_0] (root,0,0,00:00:00/25-12:12:55,344) [scsi_tmf_0] (root,0,0,00:00:00/25-12:12:55,345) [scsi_eh_1] (root,0,0,00:00:00/25-12:12:55,346) [scsi_tmf_1] (root,0,0,00:00:51/25-12:12:52,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-12:12:52,367) [ext4-rsv-conver] (root,38604,7992,00:00:39/25-12:12:40,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:03/25-12:12:39,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:40/25-12:12:37,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:14/25-12:12:06,511) /sbin/auditd (messagebus,22932,5912,00:01:17/25-12:12:05,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:44/25-12:12:05,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/25-12:12:05,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/25-12:12:03,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/25-12:12:03,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29508,00:00:30/25-12:11:49,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/25-12:11:49,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:36/25-12:11:49,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/25-12:11:49,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/25-12:11:49,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/25-12:11:49,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/25-12:11:49,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:37/25-12:11:49,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:42/25-12:11:49,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/25-12:11:49,1352) bpfilter_umh (root,26204,8212,00:00:12/25-12:11:49,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/25-12:11:49,1359) ntpd: asynchronous dns resolver (spot,296464,191616,1-14:56:11/25-12:11:48,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/25-12:11:48,1371) (sd-pam) (checkmk,48528,3192,00:00:00/25-12:11:48,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/25-12:11:48,1373) (sd-pam) (root,24216,5268,00:00:09/25-12:11:46,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/25-12:11:46,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/25-12:11:46,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/25-12:11:43,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:34/25-12:11:42,1527) sshd: syslogtunnel (root,693268,73792,00:35:18/25-12:11:40,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,218560,57872,00:14:35/25-12:11:28,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/19-17:47:03,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/25-12:11:03,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:25/25-12:11:03,3218) sshd: cm-ssh (root,0,0,00:00:00/44:02,8745) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/02:09,8785) [kworker/3:1-ata_sff] (root,0,0,00:00:00/34:31,11861) [kworker/u8:0] (root,6656,3488,00:00:00/00:00,15185) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,15203) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,15204) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:51,16699) [kworker/2:2-events] (root,0,0,00:00:00/32:05,19952) [kworker/2:0-events] (root,0,0,00:00:00/07:19,20657) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:11:39,21873) [kworker/1:0-events] (root,0,0,00:00:00/41:03,22480) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/21:12,22713) [kworker/u8:1-writeback] (root,0,0,00:00:00/54:02,27643) [kworker/3:2-events] (root,0,0,00:00:00/19:54,28674) [kworker/0:2-events] (root,0,0,00:00:00/04:52,31921) [kworker/0:1] (postfix,24244,8204,00:00:00/11:38,32576) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-05 23:01 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683630b88f29dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12708,00:01:02/23-09:22:30,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-09:22:30,2) [kthreadd] (root,0,0,00:00:00/23-09:22:30,3) [rcu_gp] (root,0,0,00:00:00/23-09:22:30,4) [rcu_par_gp] (root,0,0,00:00:00/23-09:22:30,5) [slub_flushwq] (root,0,0,00:00:00/23-09:22:30,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-09:22:30,9) [mm_percpu_wq] (root,0,0,00:00:00/23-09:22:30,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-09:22:30,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-09:22:30,12) [rcu_tasks_trace] (root,0,0,00:00:44/23-09:22:30,13) [ksoftirqd/0] (root,0,0,01:08:39/23-09:22:30,14) [rcu_preempt] (root,0,0,00:00:08/23-09:22:30,15) [migration/0] (root,0,0,00:00:00/23-09:22:30,16) [idle_inject/0] (root,0,0,00:00:00/23-09:22:30,18) [cpuhp/0] (root,0,0,00:00:00/23-09:22:30,19) [cpuhp/1] (root,0,0,00:00:00/23-09:22:30,20) [idle_inject/1] (root,0,0,00:00:09/23-09:22:30,21) [migration/1] (root,0,0,00:00:36/23-09:22:30,22) [ksoftirqd/1] (root,0,0,00:00:00/23-09:22:30,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-09:22:30,25) [cpuhp/2] (root,0,0,00:00:00/23-09:22:30,26) [idle_inject/2] (root,0,0,00:00:06/23-09:22:30,27) [migration/2] (root,0,0,00:45:11/23-09:22:30,28) [ksoftirqd/2] (root,0,0,00:00:00/23-09:22:30,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-09:22:30,31) [cpuhp/3] (root,0,0,00:00:00/23-09:22:30,32) [idle_inject/3] (root,0,0,00:00:08/23-09:22:30,33) [migration/3] (root,0,0,00:02:20/23-09:22:30,34) [ksoftirqd/3] (root,0,0,00:00:00/23-09:22:30,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-09:22:30,40) [kdevtmpfs] (root,0,0,00:00:00/23-09:22:30,41) [netns] (root,0,0,00:00:00/23-09:22:30,42) [inet_frag_wq] (root,0,0,00:00:07/23-09:22:30,43) [kauditd] (root,0,0,00:00:00/23-09:22:30,44) [khungtaskd] (root,0,0,00:00:00/23-09:22:30,45) [oom_reaper] (root,0,0,00:00:00/23-09:22:30,46) [writeback] (root,0,0,00:01:15/23-09:22:30,47) [kcompactd0] (root,0,0,00:00:00/23-09:22:30,48) [ksmd] (root,0,0,00:01:16/23-09:22:30,49) [khugepaged] (root,0,0,00:00:00/23-09:22:30,75) [kintegrityd] (root,0,0,00:00:00/23-09:22:30,76) [kblockd] (root,0,0,00:00:00/23-09:22:30,77) [blkcg_punt_bio] (root,0,0,00:00:00/23-09:22:30,79) [tpm_dev_wq] (root,0,0,00:00:00/23-09:22:30,80) [edac-poller] (root,0,0,00:00:00/23-09:22:30,81) [devfreq_wq] (root,0,0,00:00:00/23-09:22:30,110) [watchdogd] (root,0,0,00:00:01/23-09:22:30,111) [kswapd0] (root,0,0,00:00:06/23-09:22:30,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/23-09:22:28,115) [kthrotld] (root,0,0,00:00:00/23-09:22:28,116) [mld] (root,0,0,00:00:00/23-09:22:28,117) [ipv6_addrconf] (root,0,0,00:00:06/23-09:22:28,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-09:22:28,123) [kstrp] (root,0,0,00:00:00/23-09:22:28,124) [zswap-shrink] (root,0,0,00:00:00/23-09:22:28,125) [kworker/u9:0] (root,0,0,00:00:00/23-09:22:28,130) [charger_manager] (root,0,0,00:00:07/23-09:22:28,172) [kworker/1:1H-kblockd] (root,0,0,00:00:10/23-09:22:28,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/23-09:22:27,239) [kaluad] (root,0,0,00:00:00/23-09:22:27,258) [kmpath_rdacd] (root,0,0,00:00:00/23-09:22:27,304) [kmpathd] (root,0,0,00:00:00/23-09:22:27,305) [kmpath_handlerd] (root,0,0,00:00:00/23-09:22:26,342) [ata_sff] (root,0,0,00:00:00/23-09:22:26,343) [scsi_eh_0] (root,0,0,00:00:00/23-09:22:26,344) [scsi_tmf_0] (root,0,0,00:00:00/23-09:22:26,345) [scsi_eh_1] (root,0,0,00:00:00/23-09:22:26,346) [scsi_tmf_1] (root,0,0,00:00:47/23-09:22:23,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-09:22:23,367) [ext4-rsv-conver] (root,38604,7992,00:00:34/23-09:22:11,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/23-09:22:10,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:37/23-09:22:08,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:12/23-09:21:37,511) /sbin/auditd (messagebus,22932,5912,00:01:07/23-09:21:36,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:38/23-09:21:36,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/23-09:21:36,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/23-09:21:34,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/23-09:21:34,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28468,00:00:27/23-09:21:20,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/23-09:21:20,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:23/23-09:21:20,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/23-09:21:20,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/23-09:21:20,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/23-09:21:20,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/23-09:21:20,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:33/23-09:21:20,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:23/23-09:21:20,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/23-09:21:20,1352) bpfilter_umh (root,26204,8212,00:00:10/23-09:21:20,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/23-09:21:20,1359) ntpd: asynchronous dns resolver (spot,291408,177964,1-12:20:25/23-09:21:19,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/23-09:21:19,1371) (sd-pam) (checkmk,48528,3192,00:00:00/23-09:21:19,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/23-09:21:19,1373) (sd-pam) (root,24216,5268,00:00:08/23-09:21:17,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/23-09:21:17,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/23-09:21:17,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/23-09:21:14,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:26/23-09:21:13,1527) sshd: syslogtunnel (root,692644,73216,00:32:21/23-09:21:11,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,56536,00:13:30/23-09:20:59,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/17-14:56:34,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/23-09:20:34,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:18/23-09:20:34,3218) sshd: cm-ssh (root,0,0,00:00:00/02:04:05,4562) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/01:55:57,6029) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/01:32:54,10233) [kworker/2:2-events] (root,0,0,00:00:00/01:32:28,10234) [kworker/3:0-events] (root,0,0,00:00:00/04:16,10378) [kworker/3:2-ata_sff] (root,0,0,00:00:00/04:11,10556) [kworker/1:0-events] (postfix,24244,8252,00:00:00/01:03:06,14834) pickup -l -t fifo -u (root,0,0,00:00:00/03:05:00,16118) [kworker/0:0-events] (root,0,0,00:00:00/24:25,19667) [kworker/0:1-events] (root,0,0,00:00:00/15:40,21369) [kworker/1:1-events] (root,6656,3492,00:00:00/00:00,21547) /bin/bash /usr/bin/check_mk_agent (root,13744,3464,00:00:00/00:00,21565) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,21566) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/12:50,22286) [kworker/2:0-events] (root,0,0,00:00:00/09:58,25217) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/09:28,25948) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-03 20:11 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b62a9851Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:54/21-10:57:31,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-10:57:31,2) [kthreadd] (root,0,0,00:00:00/21-10:57:31,3) [rcu_gp] (root,0,0,00:00:00/21-10:57:31,4) [rcu_par_gp] (root,0,0,00:00:00/21-10:57:31,5) [slub_flushwq] (root,0,0,00:00:00/21-10:57:31,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-10:57:31,9) [mm_percpu_wq] (root,0,0,00:00:00/21-10:57:31,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-10:57:31,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-10:57:31,12) [rcu_tasks_trace] (root,0,0,00:00:41/21-10:57:31,13) [ksoftirqd/0] (root,0,0,01:03:09/21-10:57:31,14) [rcu_preempt] (root,0,0,00:00:08/21-10:57:31,15) [migration/0] (root,0,0,00:00:00/21-10:57:31,16) [idle_inject/0] (root,0,0,00:00:00/21-10:57:31,18) [cpuhp/0] (root,0,0,00:00:00/21-10:57:31,19) [cpuhp/1] (root,0,0,00:00:00/21-10:57:31,20) [idle_inject/1] (root,0,0,00:00:08/21-10:57:31,21) [migration/1] (root,0,0,00:00:34/21-10:57:31,22) [ksoftirqd/1] (root,0,0,00:00:00/21-10:57:31,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-10:57:31,25) [cpuhp/2] (root,0,0,00:00:00/21-10:57:31,26) [idle_inject/2] (root,0,0,00:00:06/21-10:57:31,27) [migration/2] (root,0,0,00:42:28/21-10:57:31,28) [ksoftirqd/2] (root,0,0,00:00:00/21-10:57:31,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-10:57:31,31) [cpuhp/3] (root,0,0,00:00:00/21-10:57:31,32) [idle_inject/3] (root,0,0,00:00:07/21-10:57:31,33) [migration/3] (root,0,0,00:02:10/21-10:57:31,34) [ksoftirqd/3] (root,0,0,00:00:00/21-10:57:31,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-10:57:31,40) [kdevtmpfs] (root,0,0,00:00:00/21-10:57:31,41) [netns] (root,0,0,00:00:00/21-10:57:31,42) [inet_frag_wq] (root,0,0,00:00:06/21-10:57:31,43) [kauditd] (root,0,0,00:00:00/21-10:57:31,44) [khungtaskd] (root,0,0,00:00:00/21-10:57:31,45) [oom_reaper] (root,0,0,00:00:00/21-10:57:31,46) [writeback] (root,0,0,00:01:09/21-10:57:31,47) [kcompactd0] (root,0,0,00:00:00/21-10:57:31,48) [ksmd] (root,0,0,00:01:10/21-10:57:31,49) [khugepaged] (root,0,0,00:00:00/21-10:57:31,75) [kintegrityd] (root,0,0,00:00:00/21-10:57:31,76) [kblockd] (root,0,0,00:00:00/21-10:57:31,77) [blkcg_punt_bio] (root,0,0,00:00:00/21-10:57:31,79) [tpm_dev_wq] (root,0,0,00:00:00/21-10:57:31,80) [edac-poller] (root,0,0,00:00:00/21-10:57:31,81) [devfreq_wq] (root,0,0,00:00:00/21-10:57:31,110) [watchdogd] (root,0,0,00:00:01/21-10:57:31,111) [kswapd0] (root,0,0,00:00:05/21-10:57:31,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/21-10:57:29,115) [kthrotld] (root,0,0,00:00:00/21-10:57:29,116) [mld] (root,0,0,00:00:00/21-10:57:29,117) [ipv6_addrconf] (root,0,0,00:00:06/21-10:57:29,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-10:57:29,123) [kstrp] (root,0,0,00:00:00/21-10:57:29,124) [zswap-shrink] (root,0,0,00:00:00/21-10:57:29,125) [kworker/u9:0] (root,0,0,00:00:00/21-10:57:29,130) [charger_manager] (root,0,0,00:00:06/21-10:57:29,172) [kworker/1:1H-kblockd] (root,0,0,00:00:09/21-10:57:29,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/21-10:57:28,239) [kaluad] (root,0,0,00:00:00/21-10:57:28,258) [kmpath_rdacd] (root,0,0,00:00:00/21-10:57:28,304) [kmpathd] (root,0,0,00:00:00/21-10:57:28,305) [kmpath_handlerd] (root,0,0,00:00:00/21-10:57:27,342) [ata_sff] (root,0,0,00:00:00/21-10:57:27,343) [scsi_eh_0] (root,0,0,00:00:00/21-10:57:27,344) [scsi_tmf_0] (root,0,0,00:00:00/21-10:57:27,345) [scsi_eh_1] (root,0,0,00:00:00/21-10:57:27,346) [scsi_tmf_1] (root,0,0,00:00:43/21-10:57:24,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-10:57:24,367) [ext4-rsv-conver] (root,38604,7992,00:00:30/21-10:57:12,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/21-10:57:11,454) /usr/lib/systemd/systemd-udevd (root,0,0,00:00:00/00:12,461) [kworker/3:0-ata_sff] (root,8624,6244,00:00:34/21-10:57:09,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:10/21-10:56:38,511) /sbin/auditd (messagebus,22932,5912,00:00:57/21-10:56:37,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:33/21-10:56:37,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/21-10:56:37,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/21-10:56:35,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/21-10:56:35,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,6656,3484,00:00:00/00:00,1265) /bin/bash /usr/bin/check_mk_agent (root,13744,3460,00:00:00/00:00,1283) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,1284) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,548104,28468,00:00:25/21-10:56:21,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/21-10:56:21,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:14/21-10:56:21,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/21-10:56:21,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/21-10:56:21,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/21-10:56:21,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/21-10:56:21,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:29/21-10:56:21,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:07/21-10:56:21,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/21-10:56:21,1352) bpfilter_umh (root,26204,8212,00:00:08/21-10:56:21,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/21-10:56:21,1359) ntpd: asynchronous dns resolver (spot,312604,199200,1-09:48:01/21-10:56:20,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/21-10:56:20,1371) (sd-pam) (checkmk,48528,3192,00:00:00/21-10:56:20,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/21-10:56:20,1373) (sd-pam) (root,24216,5268,00:00:07/21-10:56:18,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/21-10:56:18,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/21-10:56:18,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/21-10:56:15,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:19/21-10:56:14,1527) sshd: syslogtunnel (root,692388,72908,00:29:40/21-10:56:12,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,215488,54944,00:12:29/21-10:56:00,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/02:25:28,2406) [kworker/3:2-events] (postfix,44628,9292,00:00:00/15-16:31:35,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/21-10:55:35,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:11/21-10:55:35,3218) sshd: cm-ssh (root,0,0,00:00:00/01:13:50,3830) [kworker/u8:1-writeback] (root,0,0,00:00:00/01:22:24,5153) [kworker/1:0-events] (root,0,0,00:00:00/01:02:32,6042) [kworker/1:2] (root,0,0,00:00:00/16:50,6565) [kworker/0:0] (root,0,0,00:00:00/16:08,9313) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/05:24,10973) [kworker/3:1-ata_sff] (postfix,24244,8172,00:00:00/01:19:57,11110) pickup -l -t fifo -u (root,0,0,00:00:00/01:28:01,17228) [kworker/0:1-events] (root,0,0,00:00:00/11:12,22368) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/02:36:06,29790) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-01 21:46 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e08fcbf9Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:44/19-12:13:08,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-12:13:08,2) [kthreadd] (root,0,0,00:00:00/19-12:13:08,3) [rcu_gp] (root,0,0,00:00:00/19-12:13:08,4) [rcu_par_gp] (root,0,0,00:00:00/19-12:13:08,5) [slub_flushwq] (root,0,0,00:00:00/19-12:13:08,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-12:13:08,9) [mm_percpu_wq] (root,0,0,00:00:00/19-12:13:08,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-12:13:08,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-12:13:08,12) [rcu_tasks_trace] (root,0,0,00:00:37/19-12:13:08,13) [ksoftirqd/0] (root,0,0,00:57:14/19-12:13:08,14) [rcu_preempt] (root,0,0,00:00:07/19-12:13:08,15) [migration/0] (root,0,0,00:00:00/19-12:13:08,16) [idle_inject/0] (root,0,0,00:00:00/19-12:13:08,18) [cpuhp/0] (root,0,0,00:00:00/19-12:13:08,19) [cpuhp/1] (root,0,0,00:00:00/19-12:13:08,20) [idle_inject/1] (root,0,0,00:00:07/19-12:13:08,21) [migration/1] (root,0,0,00:00:31/19-12:13:08,22) [ksoftirqd/1] (root,0,0,00:00:00/19-12:13:08,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-12:13:08,25) [cpuhp/2] (root,0,0,00:00:00/19-12:13:08,26) [idle_inject/2] (root,0,0,00:00:05/19-12:13:08,27) [migration/2] (root,0,0,00:39:11/19-12:13:08,28) [ksoftirqd/2] (root,0,0,00:00:00/19-12:13:08,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-12:13:08,31) [cpuhp/3] (root,0,0,00:00:00/19-12:13:08,32) [idle_inject/3] (root,0,0,00:00:07/19-12:13:08,33) [migration/3] (root,0,0,00:01:58/19-12:13:08,34) [ksoftirqd/3] (root,0,0,00:00:00/19-12:13:08,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-12:13:08,40) [kdevtmpfs] (root,0,0,00:00:00/19-12:13:08,41) [netns] (root,0,0,00:00:00/19-12:13:08,42) [inet_frag_wq] (root,0,0,00:00:05/19-12:13:08,43) [kauditd] (root,0,0,00:00:00/19-12:13:08,44) [khungtaskd] (root,0,0,00:00:00/19-12:13:08,45) [oom_reaper] (root,0,0,00:00:00/19-12:13:08,46) [writeback] (root,0,0,00:01:02/19-12:13:08,47) [kcompactd0] (root,0,0,00:00:00/19-12:13:08,48) [ksmd] (root,0,0,00:01:03/19-12:13:08,49) [khugepaged] (root,0,0,00:00:00/19-12:13:08,75) [kintegrityd] (root,0,0,00:00:00/19-12:13:08,76) [kblockd] (root,0,0,00:00:00/19-12:13:08,77) [blkcg_punt_bio] (root,0,0,00:00:00/19-12:13:08,79) [tpm_dev_wq] (root,0,0,00:00:00/19-12:13:08,80) [edac-poller] (root,0,0,00:00:00/19-12:13:08,81) [devfreq_wq] (root,0,0,00:00:00/19-12:13:08,110) [watchdogd] (root,0,0,00:00:01/19-12:13:08,111) [kswapd0] (root,0,0,00:00:05/19-12:13:08,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/19-12:13:06,115) [kthrotld] (root,0,0,00:00:00/19-12:13:06,116) [mld] (root,0,0,00:00:00/19-12:13:06,117) [ipv6_addrconf] (root,0,0,00:00:05/19-12:13:06,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-12:13:06,123) [kstrp] (root,0,0,00:00:00/19-12:13:06,124) [zswap-shrink] (root,0,0,00:00:00/19-12:13:06,125) [kworker/u9:0] (root,0,0,00:00:00/19-12:13:06,130) [charger_manager] (root,0,0,00:00:05/19-12:13:06,172) [kworker/1:1H-kblockd] (root,0,0,00:00:08/19-12:13:06,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/19-12:13:05,239) [kaluad] (root,0,0,00:00:00/19-12:13:05,258) [kmpath_rdacd] (root,0,0,00:00:00/19-12:13:05,304) [kmpathd] (root,0,0,00:00:00/19-12:13:05,305) [kmpath_handlerd] (root,0,0,00:00:00/19-12:13:04,342) [ata_sff] (root,0,0,00:00:00/19-12:13:04,343) [scsi_eh_0] (root,0,0,00:00:00/19-12:13:04,344) [scsi_tmf_0] (root,0,0,00:00:00/19-12:13:04,345) [scsi_eh_1] (root,0,0,00:00:00/19-12:13:04,346) [scsi_tmf_1] (root,0,0,00:00:38/19-12:13:01,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-12:13:01,367) [ext4-rsv-conver] (root,38604,7616,00:00:25/19-12:12:49,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/19-12:12:48,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:31/19-12:12:46,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:08/19-12:12:15,511) /sbin/auditd (messagebus,22932,5912,00:00:45/19-12:12:14,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:26/19-12:12:14,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/19-12:12:14,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/19-12:12:12,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/19-12:12:12,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:23/19-12:11:58,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/19-12:11:58,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:04/19-12:11:58,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/19-12:11:58,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/19-12:11:58,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/19-12:11:58,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/19-12:11:58,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:24/19-12:11:58,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:49/19-12:11:58,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/19-12:11:58,1352) bpfilter_umh (root,26204,8212,00:00:07/19-12:11:58,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/19-12:11:58,1359) ntpd: asynchronous dns resolver (spot,315084,199820,1-07:02:51/19-12:11:57,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/19-12:11:57,1371) (sd-pam) (checkmk,48528,3192,00:00:00/19-12:11:57,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/19-12:11:57,1373) (sd-pam) (root,24216,5268,00:00:06/19-12:11:55,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/19-12:11:55,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/19-12:11:55,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/19-12:11:52,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:10/19-12:11:51,1527) sshd: syslogtunnel (root,618656,71492,00:26:53/19-12:11:49,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/23:25,1678) [kworker/3:1-events] (spot,215488,53708,00:11:19/19-12:11:37,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/13-17:47:12,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/19-12:11:12,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:04/19-12:11:12,3218) sshd: cm-ssh (root,0,0,00:00:00/05:50,4244) [kworker/0:0-events] (root,0,0,00:00:00/07:01:47,5852) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/03:26,10508) [kworker/2:2-events] (root,0,0,00:00:00/12:08,11634) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/02:41,11713) [kworker/3:0-ata_sff] (root,0,0,00:00:01/02:23:52,12961) [kworker/2:0-events] (root,0,0,00:00:00/01:44,14005) [kworker/u8:1-writeback] (root,0,0,00:00:00/01:01:19,17258) [kworker/1:0-events] (root,6656,3484,00:00:00/00:00,19478) /bin/bash /usr/bin/check_mk_agent (root,6656,1820,00:00:00/00:00,19519) /bin/bash /usr/bin/check_mk_agent (root,6656,2012,00:00:00/00:00,19520) /bin/bash /usr/bin/check_mk_agent (root,4480,1184,00:00:00/00:00,19521) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,788,00:00:00/00:00,19522) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2676,1356,00:00:00/00:00,19523) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3488,00:00:00/00:00,19524) /bin/bash /usr/bin/check_mk_agent (root,13744,3524,00:00:00/00:00,19542) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,19543) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:17:49,25296) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/01:47:43,29630) [kworker/1:2-events] (root,0,0,00:00:00/01:37:23,29670) [kworker/0:2-events] (postfix,24244,8268,00:00:00/01:16:24,29784) pickup -l -t fifo -u (root,0,0,00:00:00/07:51,30258) [kworker/3:2-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-29 23:01 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836395e337c0Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:33/17-11:19:33,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-11:19:33,2) [kthreadd] (root,0,0,00:00:00/17-11:19:33,3) [rcu_gp] (root,0,0,00:00:00/17-11:19:33,4) [rcu_par_gp] (root,0,0,00:00:00/17-11:19:33,5) [slub_flushwq] (root,0,0,00:00:00/17-11:19:33,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-11:19:33,9) [mm_percpu_wq] (root,0,0,00:00:00/17-11:19:33,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-11:19:33,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-11:19:33,12) [rcu_tasks_trace] (root,0,0,00:00:32/17-11:19:33,13) [ksoftirqd/0] (root,0,0,00:50:09/17-11:19:33,14) [rcu_preempt] (root,0,0,00:00:06/17-11:19:33,15) [migration/0] (root,0,0,00:00:00/17-11:19:33,16) [idle_inject/0] (root,0,0,00:00:00/17-11:19:33,18) [cpuhp/0] (root,0,0,00:00:00/17-11:19:33,19) [cpuhp/1] (root,0,0,00:00:00/17-11:19:33,20) [idle_inject/1] (root,0,0,00:00:06/17-11:19:33,21) [migration/1] (root,0,0,00:00:27/17-11:19:33,22) [ksoftirqd/1] (root,0,0,00:00:00/17-11:19:33,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-11:19:33,25) [cpuhp/2] (root,0,0,00:00:00/17-11:19:33,26) [idle_inject/2] (root,0,0,00:00:05/17-11:19:33,27) [migration/2] (root,0,0,00:33:30/17-11:19:33,28) [ksoftirqd/2] (root,0,0,00:00:00/17-11:19:33,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-11:19:33,31) [cpuhp/3] (root,0,0,00:00:00/17-11:19:33,32) [idle_inject/3] (root,0,0,00:00:06/17-11:19:33,33) [migration/3] (root,0,0,00:01:40/17-11:19:33,34) [ksoftirqd/3] (root,0,0,00:00:00/17-11:19:33,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-11:19:33,40) [kdevtmpfs] (root,0,0,00:00:00/17-11:19:33,41) [netns] (root,0,0,00:00:00/17-11:19:33,42) [inet_frag_wq] (root,0,0,00:00:03/17-11:19:33,43) [kauditd] (root,0,0,00:00:00/17-11:19:33,44) [khungtaskd] (root,0,0,00:00:00/17-11:19:33,45) [oom_reaper] (root,0,0,00:00:00/17-11:19:33,46) [writeback] (root,0,0,00:00:54/17-11:19:33,47) [kcompactd0] (root,0,0,00:00:00/17-11:19:33,48) [ksmd] (root,0,0,00:00:56/17-11:19:33,49) [khugepaged] (root,0,0,00:00:00/17-11:19:33,75) [kintegrityd] (root,0,0,00:00:00/17-11:19:33,76) [kblockd] (root,0,0,00:00:00/17-11:19:33,77) [blkcg_punt_bio] (root,0,0,00:00:00/17-11:19:33,79) [tpm_dev_wq] (root,0,0,00:00:00/17-11:19:33,80) [edac-poller] (root,0,0,00:00:00/17-11:19:33,81) [devfreq_wq] (root,0,0,00:00:00/17-11:19:33,110) [watchdogd] (root,0,0,00:00:01/17-11:19:33,111) [kswapd0] (root,0,0,00:00:04/17-11:19:33,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/17-11:19:31,115) [kthrotld] (root,0,0,00:00:00/17-11:19:31,116) [mld] (root,0,0,00:00:00/17-11:19:31,117) [ipv6_addrconf] (root,0,0,00:00:04/17-11:19:31,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-11:19:31,123) [kstrp] (root,0,0,00:00:00/17-11:19:31,124) [zswap-shrink] (root,0,0,00:00:00/17-11:19:31,125) [kworker/u9:0] (root,0,0,00:00:00/17-11:19:31,130) [charger_manager] (root,0,0,00:00:05/17-11:19:31,172) [kworker/1:1H-kblockd] (root,0,0,00:00:07/17-11:19:31,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/17-11:19:30,239) [kaluad] (root,0,0,00:00:00/17-11:19:30,258) [kmpath_rdacd] (root,0,0,00:00:00/17-11:19:30,304) [kmpathd] (root,0,0,00:00:00/17-11:19:30,305) [kmpath_handlerd] (root,0,0,00:00:00/17-11:19:29,342) [ata_sff] (root,0,0,00:00:00/17-11:19:29,343) [scsi_eh_0] (root,0,0,00:00:00/17-11:19:29,344) [scsi_tmf_0] (root,0,0,00:00:00/17-11:19:29,345) [scsi_eh_1] (root,0,0,00:00:00/17-11:19:29,346) [scsi_tmf_1] (root,0,0,00:00:34/17-11:19:26,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-11:19:26,367) [ext4-rsv-conver] (root,38604,7616,00:00:19/17-11:19:14,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/17-11:19:13,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:27/17-11:19:11,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:06/17-11:18:40,511) /sbin/auditd (messagebus,22932,5912,00:00:31/17-11:18:39,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:18/17-11:18:39,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/17-11:18:39,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/17-11:18:37,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/17-11:18:37,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:20/17-11:18:23,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/17-11:18:23,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:49/17-11:18:23,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/17-11:18:23,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/17-11:18:23,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/17-11:18:23,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/17-11:18:23,1343) /usr/lib/systemd/systemd --user (root,448964,9120,00:00:19/17-11:18:23,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:29/17-11:18:23,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/17-11:18:23,1352) bpfilter_umh (root,26204,8212,00:00:04/17-11:18:23,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/17-11:18:23,1359) ntpd: asynchronous dns resolver (spot,316076,200068,1-02:54:37/17-11:18:22,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/17-11:18:22,1371) (sd-pam) (checkmk,48528,3192,00:00:00/17-11:18:22,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/17-11:18:22,1373) (sd-pam) (root,24216,5268,00:00:06/17-11:18:20,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/17-11:18:20,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/17-11:18:20,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/17-11:18:17,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:01/17-11:18:16,1527) sshd: syslogtunnel (root,618256,73108,00:23:52/17-11:18:14,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,213440,51668,00:10:00/17-11:18:02,1995) /usr/bin/python3.11 /usr/bin/spot (root,6656,3488,00:00:00/00:01,2010) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:01,2051) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:01,2052) /bin/bash /usr/bin/check_mk_agent (root,4480,1160,00:00:00/00:01,2053) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,872,00:00:00/00:01,2054) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,6656,3516,00:00:00/00:01,2089) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:01,2135) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:01,2160) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:01,2161) /bin/bash /usr/bin/check_mk_agent (root,4480,1192,00:00:00/00:01,2162) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,816,00:00:00/00:01,2163) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,660,00:00:00/00:01,2167) cat /proc/net/tcp /proc/net/tcp6 (root,13744,3416,00:00:00/00:00,2172) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,2173) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,6656,3476,00:00:00/00:00,2174) /bin/bash /usr/bin/check_mk_agent (postfix,44628,9336,00:00:00/11-16:53:37,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/05:05,2865) [kworker/0:0-events] (root,35308,10108,00:00:00/17-11:17:37,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:57/17-11:17:37,3218) sshd: cm-ssh (root,0,0,00:00:00/04:49,3701) [kworker/3:0-ata_sff] (root,0,0,00:00:00/22:15,5463) [kworker/2:2] (root,0,0,00:00:00/47:52,8974) [kworker/0:2-cgroup_destroy] (root,0,0,00:00:00/10:01,13904) [kworker/3:1-ata_sff] (root,0,0,00:00:00/29:13,14908) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/29:13,14912) [kworker/1:2] (root,0,0,00:00:00/01:42:16,15458) [kworker/0:1-events] (postfix,24244,8324,00:00:00/44:46,18468) pickup -l -t fifo -u (root,0,0,00:00:00/01:40:07,19474) [kworker/2:0-mm_percpu_wq] (root,0,0,00:00:00/07:45,23140) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/15:12,25591) [kworker/3:2-events] (root,0,0,00:00:01/03:40:33,27733) [kworker/1:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-27 22:08 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363eadd4dc2Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:23/15-11:21:06,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-11:21:06,2) [kthreadd] (root,0,0,00:00:00/15-11:21:06,3) [rcu_gp] (root,0,0,00:00:00/15-11:21:06,4) [rcu_par_gp] (root,0,0,00:00:00/15-11:21:06,5) [slub_flushwq] (root,0,0,00:00:00/15-11:21:06,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-11:21:06,9) [mm_percpu_wq] (root,0,0,00:00:00/15-11:21:06,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-11:21:06,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-11:21:06,12) [rcu_tasks_trace] (root,0,0,00:00:27/15-11:21:06,13) [ksoftirqd/0] (root,0,0,00:43:20/15-11:21:06,14) [rcu_preempt] (root,0,0,00:00:05/15-11:21:06,15) [migration/0] (root,0,0,00:00:00/15-11:21:06,16) [idle_inject/0] (root,0,0,00:00:00/15-11:21:06,18) [cpuhp/0] (root,0,0,00:00:00/15-11:21:06,19) [cpuhp/1] (root,0,0,00:00:00/15-11:21:06,20) [idle_inject/1] (root,0,0,00:00:06/15-11:21:06,21) [migration/1] (root,0,0,00:00:23/15-11:21:06,22) [ksoftirqd/1] (root,0,0,00:00:00/15-11:21:06,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-11:21:06,25) [cpuhp/2] (root,0,0,00:00:00/15-11:21:06,26) [idle_inject/2] (root,0,0,00:00:04/15-11:21:06,27) [migration/2] (root,0,0,00:28:14/15-11:21:06,28) [ksoftirqd/2] (root,0,0,00:00:00/15-11:21:06,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-11:21:06,31) [cpuhp/3] (root,0,0,00:00:00/15-11:21:06,32) [idle_inject/3] (root,0,0,00:00:05/15-11:21:06,33) [migration/3] (root,0,0,00:01:23/15-11:21:06,34) [ksoftirqd/3] (root,0,0,00:00:00/15-11:21:06,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-11:21:06,40) [kdevtmpfs] (root,0,0,00:00:00/15-11:21:06,41) [netns] (root,0,0,00:00:00/15-11:21:06,42) [inet_frag_wq] (root,0,0,00:00:01/15-11:21:06,43) [kauditd] (root,0,0,00:00:00/15-11:21:06,44) [khungtaskd] (root,0,0,00:00:00/15-11:21:06,45) [oom_reaper] (root,0,0,00:00:00/15-11:21:06,46) [writeback] (root,0,0,00:00:47/15-11:21:06,47) [kcompactd0] (root,0,0,00:00:00/15-11:21:06,48) [ksmd] (root,0,0,00:00:50/15-11:21:06,49) [khugepaged] (root,0,0,00:00:00/15-11:21:06,75) [kintegrityd] (root,0,0,00:00:00/15-11:21:06,76) [kblockd] (root,0,0,00:00:00/15-11:21:06,77) [blkcg_punt_bio] (root,0,0,00:00:00/15-11:21:06,79) [tpm_dev_wq] (root,0,0,00:00:00/15-11:21:06,80) [edac-poller] (root,0,0,00:00:00/15-11:21:06,81) [devfreq_wq] (root,0,0,00:00:00/15-11:21:06,110) [watchdogd] (root,0,0,00:00:01/15-11:21:06,111) [kswapd0] (root,0,0,00:00:04/15-11:21:06,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/15-11:21:04,115) [kthrotld] (root,0,0,00:00:00/15-11:21:04,116) [mld] (root,0,0,00:00:00/15-11:21:04,117) [ipv6_addrconf] (root,0,0,00:00:04/15-11:21:04,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-11:21:04,123) [kstrp] (root,0,0,00:00:00/15-11:21:04,124) [zswap-shrink] (root,0,0,00:00:00/15-11:21:04,125) [kworker/u9:0] (root,0,0,00:00:00/15-11:21:04,130) [charger_manager] (root,0,0,00:00:04/15-11:21:04,172) [kworker/1:1H-kblockd] (root,0,0,00:00:06/15-11:21:04,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/15-11:21:03,239) [kaluad] (root,0,0,00:00:00/15-11:21:03,258) [kmpath_rdacd] (root,0,0,00:00:00/15-11:21:03,304) [kmpathd] (root,0,0,00:00:00/15-11:21:03,305) [kmpath_handlerd] (root,0,0,00:00:00/15-11:21:02,342) [ata_sff] (root,0,0,00:00:00/15-11:21:02,343) [scsi_eh_0] (root,0,0,00:00:00/15-11:21:02,344) [scsi_tmf_0] (root,0,0,00:00:00/15-11:21:02,345) [scsi_eh_1] (root,0,0,00:00:00/15-11:21:02,346) [scsi_tmf_1] (root,0,0,00:00:29/15-11:20:59,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-11:20:59,367) [ext4-rsv-conver] (root,38604,7616,00:00:14/15-11:20:47,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/15-11:20:46,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:24/15-11:20:44,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:04/15-11:20:13,511) /sbin/auditd (messagebus,22932,5912,00:00:18/15-11:20:12,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:11/15-11:20:12,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/15-11:20:12,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/15-11:20:10,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/15-11:20:10,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26432,00:00:18/15-11:19:56,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/15-11:19:56,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:36/15-11:19:56,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/15-11:19:56,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/15-11:19:56,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/15-11:19:56,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/15-11:19:56,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:14/15-11:19:56,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:11/15-11:19:56,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/15-11:19:56,1352) bpfilter_umh (root,26204,8212,00:00:03/15-11:19:56,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/15-11:19:56,1359) ntpd: asynchronous dns resolver (spot,314700,199696,22:16:04/15-11:19:55,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/15-11:19:55,1371) (sd-pam) (checkmk,48528,3192,00:00:00/15-11:19:55,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/15-11:19:55,1373) (sd-pam) (root,24216,5268,00:00:05/15-11:19:53,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/15-11:19:53,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/15-11:19:53,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/15-11:19:50,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:53/15-11:19:49,1527) sshd: syslogtunnel (root,617868,72916,00:20:58/15-11:19:47,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,49860,00:08:42/15-11:19:35,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/37:51,2076) [kworker/2:0-events] (postfix,44628,9336,00:00:00/9-16:55:10,2557) tlsmgr -l -t unix -u (root,0,0,00:00:01/03:44:43,2845) [kworker/0:2-events] (root,35308,10108,00:00:00/15-11:19:10,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:50/15-11:19:10,3218) sshd: cm-ssh (root,0,0,00:00:01/01:58:06,3282) [kworker/3:1-events] (root,0,0,00:00:00/03:57,3836) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:27:31,6286) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/03:19:49,6932) [kworker/2:2-events] (root,0,0,00:00:00/24:20,9961) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/08:42,11304) [kworker/1:1-events] (root,0,0,00:00:00/00:13,12292) [kworker/1:2] (root,6656,3468,00:00:00/00:00,13205) /bin/bash /usr/bin/check_mk_agent (root,13744,3412,00:00:00/00:00,13223) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,13224) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8228,00:00:00/01:08:09,16017) pickup -l -t fifo -u (root,0,0,00:00:00/07:28:13,21313) [kworker/0:0-events] (root,0,0,00:00:00/32:01,22921) [kworker/u8:0-writeback] (root,0,0,00:00:00/09:09,30453) [kworker/3:2-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-25 22:09 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836368416bbdFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:20/13-12:51:43,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-12:51:43,2) [kthreadd] (root,0,0,00:00:00/13-12:51:43,3) [rcu_gp] (root,0,0,00:00:00/13-12:51:43,4) [rcu_par_gp] (root,0,0,00:00:00/13-12:51:43,5) [slub_flushwq] (root,0,0,00:00:00/13-12:51:43,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-12:51:43,9) [mm_percpu_wq] (root,0,0,00:00:00/13-12:51:43,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-12:51:43,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-12:51:43,12) [rcu_tasks_trace] (root,0,0,00:00:24/13-12:51:43,13) [ksoftirqd/0] (root,0,0,00:37:16/13-12:51:43,14) [rcu_preempt] (root,0,0,00:00:05/13-12:51:43,15) [migration/0] (root,0,0,00:00:00/13-12:51:43,16) [idle_inject/0] (root,0,0,00:00:00/13-12:51:43,18) [cpuhp/0] (root,0,0,00:00:00/13-12:51:43,19) [cpuhp/1] (root,0,0,00:00:00/13-12:51:43,20) [idle_inject/1] (root,0,0,00:00:05/13-12:51:43,21) [migration/1] (root,0,0,00:00:20/13-12:51:43,22) [ksoftirqd/1] (root,0,0,00:00:00/13-12:51:43,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-12:51:43,25) [cpuhp/2] (root,0,0,00:00:00/13-12:51:43,26) [idle_inject/2] (root,0,0,00:00:03/13-12:51:43,27) [migration/2] (root,0,0,00:24:37/13-12:51:43,28) [ksoftirqd/2] (root,0,0,00:00:00/13-12:51:43,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-12:51:43,31) [cpuhp/3] (root,0,0,00:00:00/13-12:51:43,32) [idle_inject/3] (root,0,0,00:00:05/13-12:51:43,33) [migration/3] (root,0,0,00:01:11/13-12:51:43,34) [ksoftirqd/3] (root,0,0,00:00:00/13-12:51:43,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-12:51:43,40) [kdevtmpfs] (root,0,0,00:00:00/13-12:51:43,41) [netns] (root,0,0,00:00:00/13-12:51:43,42) [inet_frag_wq] (root,0,0,00:00:01/13-12:51:43,43) [kauditd] (root,0,0,00:00:00/13-12:51:43,44) [khungtaskd] (root,0,0,00:00:00/13-12:51:43,45) [oom_reaper] (root,0,0,00:00:00/13-12:51:43,46) [writeback] (root,0,0,00:00:41/13-12:51:43,47) [kcompactd0] (root,0,0,00:00:00/13-12:51:43,48) [ksmd] (root,0,0,00:00:44/13-12:51:43,49) [khugepaged] (root,0,0,00:00:00/13-12:51:43,75) [kintegrityd] (root,0,0,00:00:00/13-12:51:43,76) [kblockd] (root,0,0,00:00:00/13-12:51:43,77) [blkcg_punt_bio] (root,0,0,00:00:00/13-12:51:43,79) [tpm_dev_wq] (root,0,0,00:00:00/13-12:51:43,80) [edac-poller] (root,0,0,00:00:00/13-12:51:43,81) [devfreq_wq] (root,0,0,00:00:00/13-12:51:43,110) [watchdogd] (root,0,0,00:00:01/13-12:51:43,111) [kswapd0] (root,0,0,00:00:03/13-12:51:43,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/13-12:51:41,115) [kthrotld] (root,0,0,00:00:00/13-12:51:41,116) [mld] (root,0,0,00:00:00/13-12:51:41,117) [ipv6_addrconf] (root,0,0,00:00:03/13-12:51:41,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-12:51:41,123) [kstrp] (root,0,0,00:00:00/13-12:51:41,124) [zswap-shrink] (root,0,0,00:00:00/13-12:51:41,125) [kworker/u9:0] (root,0,0,00:00:00/13-12:51:41,130) [charger_manager] (root,0,0,00:00:04/13-12:51:41,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/13-12:51:41,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/13-12:51:40,239) [kaluad] (root,0,0,00:00:00/13-12:51:40,258) [kmpath_rdacd] (root,0,0,00:00:00/13-12:51:40,304) [kmpathd] (root,0,0,00:00:00/13-12:51:40,305) [kmpath_handlerd] (root,0,0,00:00:00/13-12:51:39,342) [ata_sff] (root,0,0,00:00:00/13-12:51:39,343) [scsi_eh_0] (root,0,0,00:00:00/13-12:51:39,344) [scsi_tmf_0] (root,0,0,00:00:00/13-12:51:39,345) [scsi_eh_1] (root,0,0,00:00:00/13-12:51:39,346) [scsi_tmf_1] (root,0,0,00:00:25/13-12:51:36,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-12:51:36,367) [ext4-rsv-conver] (root,38604,7616,00:00:12/13-12:51:24,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/13-12:51:23,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:20/13-12:51:21,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/13-12:50:50,511) /sbin/auditd (messagebus,22932,5912,00:00:16/13-12:50:49,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:10/13-12:50:49,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/13-12:50:49,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/13-12:50:47,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/13-12:50:47,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26172,00:00:15/13-12:50:33,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/13-12:50:33,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:25/13-12:50:33,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/13-12:50:33,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/13-12:50:33,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/13-12:50:33,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/13-12:50:33,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:13/13-12:50:33,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:54/13-12:50:33,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/13-12:50:33,1352) bpfilter_umh (root,26204,8212,00:00:02/13-12:50:33,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/13-12:50:33,1359) ntpd: asynchronous dns resolver (spot,305644,189780,18:42:34/13-12:50:32,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/13-12:50:32,1371) (sd-pam) (checkmk,48528,3192,00:00:00/13-12:50:32,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/13-12:50:32,1373) (sd-pam) (root,24216,5268,00:00:04/13-12:50:30,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/13-12:50:30,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/13-12:50:30,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/13-12:50:27,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:46/13-12:50:26,1527) sshd: syslogtunnel (root,617868,72668,00:18:14/13-12:50:24,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,48316,00:07:29/13-12:50:12,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/7-18:25:47,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/13-12:49:47,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:43/13-12:49:47,3218) sshd: cm-ssh (root,0,0,00:00:00/01:33:25,5639) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/00:41,6795) [kworker/3:0-ata_sff] (root,6656,3488,00:00:00/00:00,12698) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,12716) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,12717) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:07,14597) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:01/01:57:58,14919) [kworker/1:0-events] (root,0,0,00:00:00/21:25,15998) [kworker/3:2-events] (root,0,0,00:00:00/02:46:36,16390) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/05:52,18365) [kworker/3:1-ata_sff] (root,0,0,00:00:00/01:45:49,21914) [kworker/1:1-cgroup_destroy] (root,0,0,00:00:00/29:55,22455) [kworker/u8:0-ext4-rsv-conversion] (postfix,24244,8228,00:00:00/01:20:39,24772) pickup -l -t fifo -u (root,0,0,00:00:01/02:34:57,25621) [kworker/2:0-events] (root,0,0,00:00:00/01:09:09,29874) [kworker/0:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-23 23:40 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836344c795e7Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:18/11-12:45:04,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-12:45:04,2) [kthreadd] (root,0,0,00:00:00/11-12:45:04,3) [rcu_gp] (root,0,0,00:00:00/11-12:45:04,4) [rcu_par_gp] (root,0,0,00:00:00/11-12:45:04,5) [slub_flushwq] (root,0,0,00:00:00/11-12:45:04,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-12:45:04,9) [mm_percpu_wq] (root,0,0,00:00:00/11-12:45:04,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-12:45:04,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-12:45:04,12) [rcu_tasks_trace] (root,0,0,00:00:20/11-12:45:04,13) [ksoftirqd/0] (root,0,0,00:31:42/11-12:45:04,14) [rcu_preempt] (root,0,0,00:00:04/11-12:45:04,15) [migration/0] (root,0,0,00:00:00/11-12:45:04,16) [idle_inject/0] (root,0,0,00:00:00/11-12:45:04,18) [cpuhp/0] (root,0,0,00:00:00/11-12:45:04,19) [cpuhp/1] (root,0,0,00:00:00/11-12:45:04,20) [idle_inject/1] (root,0,0,00:00:04/11-12:45:04,21) [migration/1] (root,0,0,00:00:17/11-12:45:04,22) [ksoftirqd/1] (root,0,0,00:00:00/11-12:45:04,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-12:45:04,25) [cpuhp/2] (root,0,0,00:00:00/11-12:45:04,26) [idle_inject/2] (root,0,0,00:00:03/11-12:45:04,27) [migration/2] (root,0,0,00:21:09/11-12:45:04,28) [ksoftirqd/2] (root,0,0,00:00:00/11-12:45:04,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-12:45:04,31) [cpuhp/3] (root,0,0,00:00:00/11-12:45:04,32) [idle_inject/3] (root,0,0,00:00:04/11-12:45:04,33) [migration/3] (root,0,0,00:01:00/11-12:45:04,34) [ksoftirqd/3] (root,0,0,00:00:00/11-12:45:04,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-12:45:04,40) [kdevtmpfs] (root,0,0,00:00:00/11-12:45:04,41) [netns] (root,0,0,00:00:00/11-12:45:04,42) [inet_frag_wq] (root,0,0,00:00:01/11-12:45:04,43) [kauditd] (root,0,0,00:00:00/11-12:45:04,44) [khungtaskd] (root,0,0,00:00:00/11-12:45:04,45) [oom_reaper] (root,0,0,00:00:00/11-12:45:04,46) [writeback] (root,0,0,00:00:34/11-12:45:04,47) [kcompactd0] (root,0,0,00:00:00/11-12:45:04,48) [ksmd] (root,0,0,00:00:37/11-12:45:04,49) [khugepaged] (root,0,0,00:00:00/11-12:45:04,75) [kintegrityd] (root,0,0,00:00:00/11-12:45:04,76) [kblockd] (root,0,0,00:00:00/11-12:45:04,77) [blkcg_punt_bio] (root,0,0,00:00:00/11-12:45:04,79) [tpm_dev_wq] (root,0,0,00:00:00/11-12:45:04,80) [edac-poller] (root,0,0,00:00:00/11-12:45:04,81) [devfreq_wq] (root,0,0,00:00:00/11-12:45:04,110) [watchdogd] (root,0,0,00:00:00/11-12:45:04,111) [kswapd0] (root,0,0,00:00:02/11-12:45:04,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-12:45:02,115) [kthrotld] (root,0,0,00:00:00/11-12:45:02,116) [mld] (root,0,0,00:00:00/11-12:45:02,117) [ipv6_addrconf] (root,0,0,00:00:03/11-12:45:02,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-12:45:02,123) [kstrp] (root,0,0,00:00:00/11-12:45:02,124) [zswap-shrink] (root,0,0,00:00:00/11-12:45:02,125) [kworker/u9:0] (root,0,0,00:00:00/11-12:45:02,130) [charger_manager] (root,0,0,00:00:03/11-12:45:02,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/11-12:45:02,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/11-12:45:01,239) [kaluad] (root,0,0,00:00:00/11-12:45:01,258) [kmpath_rdacd] (root,0,0,00:00:00/11-12:45:01,304) [kmpathd] (root,0,0,00:00:00/11-12:45:01,305) [kmpath_handlerd] (root,0,0,00:00:00/11-12:45:00,342) [ata_sff] (root,0,0,00:00:00/11-12:45:00,343) [scsi_eh_0] (root,0,0,00:00:00/11-12:45:00,344) [scsi_tmf_0] (root,0,0,00:00:00/11-12:45:00,345) [scsi_eh_1] (root,0,0,00:00:00/11-12:45:00,346) [scsi_tmf_1] (root,0,0,00:00:21/11-12:44:57,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-12:44:57,367) [ext4-rsv-conver] (root,38604,7616,00:00:10/11-12:44:45,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/11-12:44:44,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:17/11-12:44:42,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/11-12:44:11,511) /sbin/auditd (messagebus,22932,5912,00:00:14/11-12:44:10,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8380,00:00:08/11-12:44:10,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/11-12:44:10,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/11-12:44:08,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/11-12:44:08,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25104,00:00:13/11-12:43:54,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/11-12:43:54,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:12/11-12:43:54,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/11-12:43:54,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/11-12:43:54,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/11-12:43:54,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/11-12:43:54,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:11/11-12:43:54,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:37/11-12:43:54,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/11-12:43:54,1352) bpfilter_umh (root,26204,8212,00:00:02/11-12:43:54,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/11-12:43:54,1359) ntpd: asynchronous dns resolver (spot,292380,178956,15:31:18/11-12:43:53,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/11-12:43:53,1371) (sd-pam) (checkmk,48528,3192,00:00:00/11-12:43:53,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/11-12:43:53,1373) (sd-pam) (root,24216,5268,00:00:03/11-12:43:51,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/11-12:43:51,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/11-12:43:51,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/11-12:43:48,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:39/11-12:43:47,1527) sshd: syslogtunnel (root,617612,70248,00:15:31/11-12:43:45,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,211392,47284,00:06:18/11-12:43:33,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/5-18:19:08,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/11-12:43:08,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:36/11-12:43:08,3218) sshd: cm-ssh (root,0,0,00:00:00/38:16,5235) [kworker/2:2-events] (root,0,0,00:00:00/04:26,6963) [kworker/3:2-ata_sff] (root,0,0,00:00:03/22:53:37,7785) [kworker/2:1-events] (postfix,24244,8224,00:00:00/01:34:55,13066) pickup -l -t fifo -u (root,0,0,00:00:00/17:43,14236) [kworker/u8:2-writeback] (root,6656,3484,00:00:00/00:00,18345) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,18363) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,18364) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/05:42:11,19628) [kworker/0:1-events] (root,0,0,00:00:00/09:37,20045) [kworker/3:0-ata_sff] (root,0,0,00:00:00/05:17:44,20763) [kworker/1:0-events] (root,0,0,00:00:00/01:03:15,24598) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:01/04:17:27,28099) [kworker/1:2-events] (root,0,0,00:00:00/51:07,28318) [kworker/3:1-events] (root,0,0,00:00:01/03:53:18,29792) [kworker/0:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-21 23:33 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f5cff7c6Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:15/9-09:59:04,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-09:59:04,2) [kthreadd] (root,0,0,00:00:00/9-09:59:04,3) [rcu_gp] (root,0,0,00:00:00/9-09:59:04,4) [rcu_par_gp] (root,0,0,00:00:00/9-09:59:04,5) [slub_flushwq] (root,0,0,00:00:00/9-09:59:04,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-09:59:04,9) [mm_percpu_wq] (root,0,0,00:00:00/9-09:59:04,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-09:59:04,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-09:59:04,12) [rcu_tasks_trace] (root,0,0,00:00:16/9-09:59:04,13) [ksoftirqd/0] (root,0,0,00:25:33/9-09:59:04,14) [rcu_preempt] (root,0,0,00:00:03/9-09:59:04,15) [migration/0] (root,0,0,00:00:00/9-09:59:04,16) [idle_inject/0] (root,0,0,00:00:00/9-09:59:04,18) [cpuhp/0] (root,0,0,00:00:00/9-09:59:04,19) [cpuhp/1] (root,0,0,00:00:00/9-09:59:04,20) [idle_inject/1] (root,0,0,00:00:03/9-09:59:04,21) [migration/1] (root,0,0,00:00:13/9-09:59:04,22) [ksoftirqd/1] (root,0,0,00:00:00/9-09:59:04,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-09:59:04,25) [cpuhp/2] (root,0,0,00:00:00/9-09:59:04,26) [idle_inject/2] (root,0,0,00:00:02/9-09:59:04,27) [migration/2] (root,0,0,00:17:08/9-09:59:04,28) [ksoftirqd/2] (root,0,0,00:00:00/9-09:59:04,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-09:59:04,31) [cpuhp/3] (root,0,0,00:00:00/9-09:59:04,32) [idle_inject/3] (root,0,0,00:00:03/9-09:59:04,33) [migration/3] (root,0,0,00:00:48/9-09:59:04,34) [ksoftirqd/3] (root,0,0,00:00:00/9-09:59:04,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-09:59:04,40) [kdevtmpfs] (root,0,0,00:00:00/9-09:59:04,41) [netns] (root,0,0,00:00:00/9-09:59:04,42) [inet_frag_wq] (root,0,0,00:00:01/9-09:59:04,43) [kauditd] (root,0,0,00:00:00/9-09:59:04,44) [khungtaskd] (root,0,0,00:00:00/9-09:59:04,45) [oom_reaper] (root,0,0,00:00:00/9-09:59:04,46) [writeback] (root,0,0,00:00:28/9-09:59:04,47) [kcompactd0] (root,0,0,00:00:00/9-09:59:04,48) [ksmd] (root,0,0,00:00:31/9-09:59:04,49) [khugepaged] (root,0,0,00:00:00/9-09:59:04,75) [kintegrityd] (root,0,0,00:00:00/9-09:59:04,76) [kblockd] (root,0,0,00:00:00/9-09:59:04,77) [blkcg_punt_bio] (root,0,0,00:00:00/9-09:59:04,79) [tpm_dev_wq] (root,0,0,00:00:00/9-09:59:04,80) [edac-poller] (root,0,0,00:00:00/9-09:59:04,81) [devfreq_wq] (root,0,0,00:00:00/9-09:59:04,110) [watchdogd] (root,0,0,00:00:00/9-09:59:04,111) [kswapd0] (root,0,0,00:00:02/9-09:59:04,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-09:59:02,115) [kthrotld] (root,0,0,00:00:00/9-09:59:02,116) [mld] (root,0,0,00:00:00/9-09:59:02,117) [ipv6_addrconf] (root,0,0,00:00:02/9-09:59:02,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-09:59:02,123) [kstrp] (root,0,0,00:00:00/9-09:59:02,124) [zswap-shrink] (root,0,0,00:00:00/9-09:59:02,125) [kworker/u9:0] (root,0,0,00:00:00/9-09:59:02,130) [charger_manager] (root,0,0,00:00:02/9-09:59:02,172) [kworker/1:1H-kblockd] (root,0,0,00:00:04/9-09:59:02,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/9-09:59:01,239) [kaluad] (root,0,0,00:00:00/9-09:59:01,258) [kmpath_rdacd] (root,0,0,00:00:00/9-09:59:01,304) [kmpathd] (root,0,0,00:00:00/9-09:59:01,305) [kmpath_handlerd] (root,0,0,00:00:00/9-09:59:00,342) [ata_sff] (root,0,0,00:00:00/9-09:59:00,343) [scsi_eh_0] (root,0,0,00:00:00/9-09:59:00,344) [scsi_tmf_0] (root,0,0,00:00:00/9-09:59:00,345) [scsi_eh_1] (root,0,0,00:00:00/9-09:59:00,346) [scsi_tmf_1] (root,0,0,00:00:17/9-09:58:57,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-09:58:57,367) [ext4-rsv-conver] (root,38604,7616,00:00:08/9-09:58:45,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/9-09:58:44,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:14/9-09:58:42,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/9-09:58:11,511) /sbin/auditd (messagebus,22932,5912,00:00:11/9-09:58:10,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8368,00:00:07/9-09:58:10,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/9-09:58:10,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/9-09:58:08,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/9-09:58:08,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/03:57,1291) [kworker/3:2-ata_sff] (root,547592,24840,00:00:10/9-09:57:54,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/9-09:57:54,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:00/9-09:57:54,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/9-09:57:54,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/9-09:57:54,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/9-09:57:54,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/9-09:57:54,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:09/9-09:57:54,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:19/9-09:57:54,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/9-09:57:54,1352) bpfilter_umh (root,26204,8212,00:00:01/9-09:57:54,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/9-09:57:54,1359) ntpd: asynchronous dns resolver (spot,293472,180060,12:11:24/9-09:57:53,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/9-09:57:53,1371) (sd-pam) (checkmk,48528,3192,00:00:00/9-09:57:53,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/9-09:57:53,1373) (sd-pam) (root,24216,5268,00:00:03/9-09:57:51,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/9-09:57:51,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/9-09:57:51,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/9-09:57:48,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:32/9-09:57:47,1527) sshd: syslogtunnel (root,617356,69948,00:12:36/9-09:57:45,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,45712,00:05:04/9-09:57:33,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/3-15:33:08,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/9-09:57:08,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:30/9-09:57:08,3218) sshd: cm-ssh (root,0,0,00:00:00/04:52:54,8172) [kworker/2:2-events] (root,0,0,00:00:00/29:52,10860) [kworker/3:1-events] (root,0,0,00:00:00/51:38,11212) [kworker/2:0-events] (root,0,0,00:00:00/03:17:17,14431) [kworker/u8:0-writeback] (root,0,0,00:00:00/02:17:14,14915) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/27:20,15432) [kworker/0:2-events] (root,0,0,00:00:00/02:03:41,15893) [kworker/0:0-events] (root,0,0,00:00:00/09:08,17032) [kworker/3:0-ata_sff] (root,6656,3492,00:00:00/00:00,17407) /bin/bash /usr/bin/check_mk_agent (root,13744,3420,00:00:00/00:00,17425) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,17426) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8200,00:00:00/50:46,19776) pickup -l -t fifo -u (root,0,0,00:00:00/01:03:35,22079) [kworker/1:1] (root,0,0,00:00:01/05:17:08,26887) [kworker/1:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-19 20:47 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d37883c4Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:12/7-10:44:43,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-10:44:43,2) [kthreadd] (root,0,0,00:00:00/7-10:44:43,3) [rcu_gp] (root,0,0,00:00:00/7-10:44:43,4) [rcu_par_gp] (root,0,0,00:00:00/7-10:44:43,5) [slub_flushwq] (root,0,0,00:00:00/7-10:44:43,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-10:44:43,9) [mm_percpu_wq] (root,0,0,00:00:00/7-10:44:43,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-10:44:43,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-10:44:43,12) [rcu_tasks_trace] (root,0,0,00:00:12/7-10:44:43,13) [ksoftirqd/0] (root,0,0,00:19:45/7-10:44:43,14) [rcu_preempt] (root,0,0,00:00:02/7-10:44:43,15) [migration/0] (root,0,0,00:00:00/7-10:44:43,16) [idle_inject/0] (root,0,0,00:00:00/7-10:44:43,18) [cpuhp/0] (root,0,0,00:00:00/7-10:44:43,19) [cpuhp/1] (root,0,0,00:00:00/7-10:44:43,20) [idle_inject/1] (root,0,0,00:00:03/7-10:44:43,21) [migration/1] (root,0,0,00:00:10/7-10:44:43,22) [ksoftirqd/1] (root,0,0,00:00:00/7-10:44:43,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-10:44:43,25) [cpuhp/2] (root,0,0,00:00:00/7-10:44:43,26) [idle_inject/2] (root,0,0,00:00:02/7-10:44:43,27) [migration/2] (root,0,0,00:12:56/7-10:44:43,28) [ksoftirqd/2] (root,0,0,00:00:00/7-10:44:43,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-10:44:43,31) [cpuhp/3] (root,0,0,00:00:00/7-10:44:43,32) [idle_inject/3] (root,0,0,00:00:02/7-10:44:43,33) [migration/3] (root,0,0,00:00:36/7-10:44:43,34) [ksoftirqd/3] (root,0,0,00:00:00/7-10:44:43,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-10:44:43,40) [kdevtmpfs] (root,0,0,00:00:00/7-10:44:43,41) [netns] (root,0,0,00:00:00/7-10:44:43,42) [inet_frag_wq] (root,0,0,00:00:00/7-10:44:43,43) [kauditd] (root,0,0,00:00:00/7-10:44:43,44) [khungtaskd] (root,0,0,00:00:00/7-10:44:43,45) [oom_reaper] (root,0,0,00:00:00/7-10:44:43,46) [writeback] (root,0,0,00:00:21/7-10:44:43,47) [kcompactd0] (root,0,0,00:00:00/7-10:44:43,48) [ksmd] (root,0,0,00:00:24/7-10:44:43,49) [khugepaged] (root,0,0,00:00:00/7-10:44:43,75) [kintegrityd] (root,0,0,00:00:00/7-10:44:43,76) [kblockd] (root,0,0,00:00:00/7-10:44:43,77) [blkcg_punt_bio] (root,0,0,00:00:00/7-10:44:43,79) [tpm_dev_wq] (root,0,0,00:00:00/7-10:44:43,80) [edac-poller] (root,0,0,00:00:00/7-10:44:43,81) [devfreq_wq] (root,0,0,00:00:00/7-10:44:43,110) [watchdogd] (root,0,0,00:00:00/7-10:44:43,111) [kswapd0] (root,0,0,00:00:01/7-10:44:43,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-10:44:41,115) [kthrotld] (root,0,0,00:00:00/7-10:44:41,116) [mld] (root,0,0,00:00:00/7-10:44:41,117) [ipv6_addrconf] (root,0,0,00:00:01/7-10:44:41,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-10:44:41,123) [kstrp] (root,0,0,00:00:00/7-10:44:41,124) [zswap-shrink] (root,0,0,00:00:00/7-10:44:41,125) [kworker/u9:0] (root,0,0,00:00:00/7-10:44:41,130) [charger_manager] (root,0,0,00:00:02/7-10:44:41,172) [kworker/1:1H-kblockd] (root,0,0,00:00:03/7-10:44:41,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/7-10:44:40,239) [kaluad] (root,0,0,00:00:00/7-10:44:40,258) [kmpath_rdacd] (root,0,0,00:00:00/7-10:44:40,304) [kmpathd] (root,0,0,00:00:00/7-10:44:40,305) [kmpath_handlerd] (root,0,0,00:00:00/7-10:44:39,342) [ata_sff] (root,0,0,00:00:00/7-10:44:39,343) [scsi_eh_0] (root,0,0,00:00:00/7-10:44:39,344) [scsi_tmf_0] (root,0,0,00:00:00/7-10:44:39,345) [scsi_eh_1] (root,0,0,00:00:00/7-10:44:39,346) [scsi_tmf_1] (root,0,0,00:00:13/7-10:44:36,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-10:44:36,367) [ext4-rsv-conver] (root,38604,7616,00:00:07/7-10:44:24,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/7-10:44:23,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:11/7-10:44:21,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/7-10:43:50,511) /sbin/auditd (messagebus,22932,5912,00:00:09/7-10:43:49,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:05/7-10:43:49,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/7-10:43:49,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/7-10:43:47,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/7-10:43:47,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,23800,00:00:08/7-10:43:33,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/7-10:43:33,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:45/7-10:43:33,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/7-10:43:33,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/7-10:43:33,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/7-10:43:33,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/7-10:43:33,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:07/7-10:43:33,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:01/7-10:43:33,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/7-10:43:33,1352) bpfilter_umh (root,26204,8212,00:00:01/7-10:43:33,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/7-10:43:33,1359) ntpd: asynchronous dns resolver (spot,290812,176892,09:05:44/7-10:43:32,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/7-10:43:32,1371) (sd-pam) (checkmk,48528,3192,00:00:00/7-10:43:32,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/7-10:43:32,1373) (sd-pam) (root,0,0,00:00:00/08:22,1464) [kworker/u8:2-ext4-rsv-conversion] (root,24216,5268,00:00:02/7-10:43:30,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/7-10:43:30,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/7-10:43:30,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/7-10:43:27,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:24/7-10:43:26,1527) sshd: syslogtunnel (root,617356,69808,00:09:52/7-10:43:24,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,44424,00:03:52/7-10:43:12,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/1-16:18:47,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/7-10:42:47,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:23/7-10:42:47,3218) sshd: cm-ssh (root,0,0,00:00:00/07:35,6026) [kworker/3:2-ata_sff] (root,6656,3484,00:00:00/00:00,6813) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,6831) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,6832) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/07:29:56,6969) [kworker/0:2-events] (root,0,0,00:00:00/02:32:52,8452) [kworker/1:2-events] (root,0,0,00:00:00/14:31,12808) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/05:50:34,14219) [kworker/0:1] (root,0,0,00:00:00/33:30,14666) [kworker/3:1-events] (root,0,0,00:00:00/21:35,17990) [kworker/2:0-events] (root,0,0,00:00:01/04:54:54,18376) [kworker/2:2-events] (root,0,0,00:00:00/02:53,25953) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/01:27:10,26083) [kworker/1:1] (root,0,0,00:00:00/02:23,28338) [kworker/3:0-ata_sff] (postfix,24244,8296,00:00:00/18:25,29149) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-17 21:33 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363329cfbe5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:09/5-12:53:23,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-12:53:23,2) [kthreadd] (root,0,0,00:00:00/5-12:53:23,3) [rcu_gp] (root,0,0,00:00:00/5-12:53:23,4) [rcu_par_gp] (root,0,0,00:00:00/5-12:53:23,5) [slub_flushwq] (root,0,0,00:00:00/5-12:53:23,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-12:53:23,9) [mm_percpu_wq] (root,0,0,00:00:00/5-12:53:23,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-12:53:23,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-12:53:23,12) [rcu_tasks_trace] (root,0,0,00:00:09/5-12:53:23,13) [ksoftirqd/0] (root,0,0,00:14:18/5-12:53:23,14) [rcu_preempt] (root,0,0,00:00:02/5-12:53:23,15) [migration/0] (root,0,0,00:00:00/5-12:53:23,16) [idle_inject/0] (root,0,0,00:00:00/5-12:53:23,18) [cpuhp/0] (root,0,0,00:00:00/5-12:53:23,19) [cpuhp/1] (root,0,0,00:00:00/5-12:53:23,20) [idle_inject/1] (root,0,0,00:00:02/5-12:53:23,21) [migration/1] (root,0,0,00:00:07/5-12:53:23,22) [ksoftirqd/1] (root,0,0,00:00:00/5-12:53:23,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-12:53:23,25) [cpuhp/2] (root,0,0,00:00:00/5-12:53:23,26) [idle_inject/2] (root,0,0,00:00:01/5-12:53:23,27) [migration/2] (root,0,0,00:09:23/5-12:53:23,28) [ksoftirqd/2] (root,0,0,00:00:00/5-12:53:23,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-12:53:23,31) [cpuhp/3] (root,0,0,00:00:00/5-12:53:23,32) [idle_inject/3] (root,0,0,00:00:02/5-12:53:23,33) [migration/3] (root,0,0,00:00:26/5-12:53:23,34) [ksoftirqd/3] (root,0,0,00:00:00/5-12:53:23,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-12:53:23,40) [kdevtmpfs] (root,0,0,00:00:00/5-12:53:23,41) [netns] (root,0,0,00:00:00/5-12:53:23,42) [inet_frag_wq] (root,0,0,00:00:00/5-12:53:23,43) [kauditd] (root,0,0,00:00:00/5-12:53:23,44) [khungtaskd] (root,0,0,00:00:00/5-12:53:23,45) [oom_reaper] (root,0,0,00:00:00/5-12:53:23,46) [writeback] (root,0,0,00:00:15/5-12:53:23,47) [kcompactd0] (root,0,0,00:00:00/5-12:53:23,48) [ksmd] (root,0,0,00:00:16/5-12:53:23,49) [khugepaged] (root,0,0,00:00:00/5-12:53:23,75) [kintegrityd] (root,0,0,00:00:00/5-12:53:23,76) [kblockd] (root,0,0,00:00:00/5-12:53:23,77) [blkcg_punt_bio] (root,0,0,00:00:00/5-12:53:23,79) [tpm_dev_wq] (root,0,0,00:00:00/5-12:53:23,80) [edac-poller] (root,0,0,00:00:00/5-12:53:23,81) [devfreq_wq] (root,0,0,00:00:00/5-12:53:23,110) [watchdogd] (root,0,0,00:00:00/5-12:53:23,111) [kswapd0] (root,0,0,00:00:01/5-12:53:23,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-12:53:21,115) [kthrotld] (root,0,0,00:00:00/5-12:53:21,116) [mld] (root,0,0,00:00:00/5-12:53:21,117) [ipv6_addrconf] (root,0,0,00:00:01/5-12:53:21,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-12:53:21,123) [kstrp] (root,0,0,00:00:00/5-12:53:21,124) [zswap-shrink] (root,0,0,00:00:00/5-12:53:21,125) [kworker/u9:0] (root,0,0,00:00:00/5-12:53:21,130) [charger_manager] (root,0,0,00:00:01/5-12:53:21,172) [kworker/1:1H-kblockd] (root,0,0,00:00:02/5-12:53:21,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/5-12:53:20,239) [kaluad] (root,0,0,00:00:00/5-12:53:20,258) [kmpath_rdacd] (root,0,0,00:00:00/5-12:53:20,304) [kmpathd] (root,0,0,00:00:00/5-12:53:20,305) [kmpath_handlerd] (root,0,0,00:00:00/5-12:53:19,342) [ata_sff] (root,0,0,00:00:00/5-12:53:19,343) [scsi_eh_0] (root,0,0,00:00:00/5-12:53:19,344) [scsi_tmf_0] (root,0,0,00:00:00/5-12:53:19,345) [scsi_eh_1] (root,0,0,00:00:00/5-12:53:19,346) [scsi_tmf_1] (root,0,0,00:00:09/5-12:53:16,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-12:53:16,367) [ext4-rsv-conver] (root,38604,7616,00:00:05/5-12:53:04,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/5-12:53:03,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:08/5-12:53:01,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/5-12:52:30,511) /sbin/auditd (messagebus,22932,5912,00:00:07/5-12:52:29,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:04/5-12:52:29,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/5-12:52:29,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/5-12:52:27,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/5-12:52:27,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/03:03,1225) [kworker/1:1] (root,547592,23628,00:00:06/5-12:52:13,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/5-12:52:13,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:34/5-12:52:13,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/5-12:52:13,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/5-12:52:13,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/5-12:52:13,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/5-12:52:13,1343) /usr/lib/systemd/systemd --user (root,448964,8616,00:00:06/5-12:52:13,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:44/5-12:52:13,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/5-12:52:13,1352) bpfilter_umh (root,26204,8212,00:00:01/5-12:52:13,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/5-12:52:13,1359) ntpd: asynchronous dns resolver (spot,212060,174600,06:18:45/5-12:52:12,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/5-12:52:12,1371) (sd-pam) (checkmk,48528,3192,00:00:00/5-12:52:12,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/5-12:52:12,1373) (sd-pam) (root,24216,5268,00:00:01/5-12:52:10,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/5-12:52:10,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/5-12:52:10,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/5-12:52:07,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:18/5-12:52:06,1527) sshd: syslogtunnel (root,617100,71516,00:07:12/5-12:52:04,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,43152,00:02:46/5-12:51:52,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/5-12:51:27,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:17/5-12:51:27,3218) sshd: cm-ssh (root,0,0,00:00:00/25:08,4408) [kworker/2:0-events] (root,0,0,00:00:00/14:07,12469) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/00:33,12715) [kworker/3:1-ata_sff] (root,0,0,00:00:00/58:06,12853) [kworker/1:0-cgroup_destroy] (root,6764,3600,00:00:00/00:00,14734) /bin/bash /usr/bin/check_mk_agent (root,6656,3492,00:00:00/00:00,14840) /bin/bash /usr/bin/check_mk_agent (root,6292,3188,00:00:00/00:00,14876) /bin/bash ././spot.bash (root,13744,3500,00:00:00/00:00,14877) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,996,00:00:00/00:00,14878) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8228,00:00:00/01:07:56,15243) pickup -l -t fifo -u (root,0,0,00:00:00/02:26:50,18842) [kworker/0:0-events] (root,0,0,00:00:01/01:28:45,19687) [kworker/3:0-events] (root,0,0,00:00:00/05:46,21941) [kworker/3:2-ata_sff] (root,0,0,00:00:00/47:03,24590) [kworker/0:2-events] (root,0,0,00:00:00/19:22,24763) [kworker/u8:1-writeback] (root,0,0,00:00:01/03:54:48,25521) [kworker/1:2-events] (root,0,0,00:00:00/09:46:36,28908) [kworker/u8:2-flush-253:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-15 23:42 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836358f28021Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:07/3-12:21:10,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-12:21:10,2) [kthreadd] (root,0,0,00:00:00/3-12:21:10,3) [rcu_gp] (root,0,0,00:00:00/3-12:21:10,4) [rcu_par_gp] (root,0,0,00:00:00/3-12:21:10,5) [slub_flushwq] (root,0,0,00:00:00/3-12:21:10,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-12:21:10,9) [mm_percpu_wq] (root,0,0,00:00:00/3-12:21:10,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-12:21:10,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-12:21:10,12) [rcu_tasks_trace] (root,0,0,00:00:05/3-12:21:10,13) [ksoftirqd/0] (root,0,0,00:08:59/3-12:21:10,14) [rcu_preempt] (root,0,0,00:00:01/3-12:21:10,15) [migration/0] (root,0,0,00:00:00/3-12:21:10,16) [idle_inject/0] (root,0,0,00:00:00/3-12:21:10,18) [cpuhp/0] (root,0,0,00:00:00/3-12:21:10,19) [cpuhp/1] (root,0,0,00:00:00/3-12:21:10,20) [idle_inject/1] (root,0,0,00:00:01/3-12:21:10,21) [migration/1] (root,0,0,00:00:05/3-12:21:10,22) [ksoftirqd/1] (root,0,0,00:00:00/3-12:21:10,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-12:21:10,25) [cpuhp/2] (root,0,0,00:00:00/3-12:21:10,26) [idle_inject/2] (root,0,0,00:00:01/3-12:21:10,27) [migration/2] (root,0,0,00:06:03/3-12:21:10,28) [ksoftirqd/2] (root,0,0,00:00:00/3-12:21:10,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-12:21:10,31) [cpuhp/3] (root,0,0,00:00:00/3-12:21:10,32) [idle_inject/3] (root,0,0,00:00:01/3-12:21:10,33) [migration/3] (root,0,0,00:00:16/3-12:21:10,34) [ksoftirqd/3] (root,0,0,00:00:00/3-12:21:10,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-12:21:10,40) [kdevtmpfs] (root,0,0,00:00:00/3-12:21:10,41) [netns] (root,0,0,00:00:00/3-12:21:10,42) [inet_frag_wq] (root,0,0,00:00:00/3-12:21:10,43) [kauditd] (root,0,0,00:00:00/3-12:21:10,44) [khungtaskd] (root,0,0,00:00:00/3-12:21:10,45) [oom_reaper] (root,0,0,00:00:00/3-12:21:10,46) [writeback] (root,0,0,00:00:09/3-12:21:10,47) [kcompactd0] (root,0,0,00:00:00/3-12:21:10,48) [ksmd] (root,0,0,00:00:10/3-12:21:10,49) [khugepaged] (root,0,0,00:00:00/3-12:21:10,75) [kintegrityd] (root,0,0,00:00:00/3-12:21:10,76) [kblockd] (root,0,0,00:00:00/3-12:21:10,77) [blkcg_punt_bio] (root,0,0,00:00:00/3-12:21:10,79) [tpm_dev_wq] (root,0,0,00:00:00/3-12:21:10,80) [edac-poller] (root,0,0,00:00:00/3-12:21:10,81) [devfreq_wq] (root,0,0,00:00:00/3-12:21:10,110) [watchdogd] (root,0,0,00:00:00/3-12:21:10,111) [kswapd0] (root,0,0,00:00:00/3-12:21:10,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-12:21:08,115) [kthrotld] (root,0,0,00:00:00/3-12:21:08,116) [mld] (root,0,0,00:00:00/3-12:21:08,117) [ipv6_addrconf] (root,0,0,00:00:00/3-12:21:08,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-12:21:08,123) [kstrp] (root,0,0,00:00:00/3-12:21:08,124) [zswap-shrink] (root,0,0,00:00:00/3-12:21:08,125) [kworker/u9:0] (root,0,0,00:00:00/3-12:21:08,130) [charger_manager] (root,0,0,00:00:00/3-12:21:08,172) [kworker/1:1H-kblockd] (root,0,0,00:00:01/3-12:21:08,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-12:21:07,239) [kaluad] (root,0,0,00:00:00/3-12:21:07,258) [kmpath_rdacd] (root,0,0,00:00:00/3-12:21:07,304) [kmpathd] (root,0,0,00:00:00/3-12:21:07,305) [kmpath_handlerd] (root,0,0,00:00:00/3-12:21:06,342) [ata_sff] (root,0,0,00:00:00/3-12:21:06,343) [scsi_eh_0] (root,0,0,00:00:00/3-12:21:06,344) [scsi_tmf_0] (root,0,0,00:00:00/3-12:21:06,345) [scsi_eh_1] (root,0,0,00:00:00/3-12:21:06,346) [scsi_tmf_1] (root,0,0,00:00:05/3-12:21:03,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-12:21:03,367) [ext4-rsv-conver] (root,38604,7616,00:00:03/3-12:20:51,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/3-12:20:50,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:05/3-12:20:48,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/3-12:20:17,511) /sbin/auditd (messagebus,22932,5912,00:00:04/3-12:20:16,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8356,00:00:02/3-12:20:16,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/3-12:20:16,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/3-12:20:14,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/3-12:20:14,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22784,00:00:04/3-12:20:00,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/3-12:20:00,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/01:08:46,1333) [kworker/0:1-events] (root,21172,4536,00:00:22/3-12:20:00,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/3-12:20:00,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/3-12:20:00,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/3-12:20:00,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/3-12:20:00,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:04/3-12:20:00,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:27/3-12:20:00,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/3-12:20:00,1352) bpfilter_umh (root,26204,8212,00:00:00/3-12:20:00,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/3-12:20:00,1359) ntpd: asynchronous dns resolver (spot,206076,169220,04:02:32/3-12:19:59,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/3-12:19:59,1371) (sd-pam) (checkmk,48528,3192,00:00:00/3-12:19:59,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/3-12:19:59,1373) (sd-pam) (root,24216,5268,00:00:01/3-12:19:57,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/3-12:19:57,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/3-12:19:57,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/3-12:19:54,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:11/3-12:19:53,1527) sshd: syslogtunnel (root,615564,69936,00:04:35/3-12:19:51,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41868,00:01:48/3-12:19:39,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/07:47:51,2276) [kworker/1:2-events] (root,0,0,00:00:00/58:46,2497) [kworker/3:2-events] (root,35308,10108,00:00:00/3-12:19:14,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:10/3-12:19:14,3218) sshd: cm-ssh (root,0,0,00:00:00/01:28:06,4067) [kworker/1:1] (root,0,0,00:00:01/07:31:48,5266) [kworker/2:1-events] (postfix,24244,8260,00:00:00/57:39,6052) pickup -l -t fifo -u (root,0,0,00:00:00/01:41,8813) [kworker/3:1-ata_sff] (root,0,0,00:00:00/10:26,11797) [kworker/2:0-events] (root,0,0,00:00:00/54:45,13330) [kworker/u8:2-ext4-rsv-conversion] (root,6656,3488,00:00:00/00:00,16861) /bin/bash /usr/bin/check_mk_agent (root,13744,3452,00:00:00/00:00,16879) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,16880) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/06:53,24391) [kworker/3:0-ata_sff] (root,0,0,00:00:00/44:13,27113) [kworker/u8:1-writeback] (root,0,0,00:00:00/44:02,28172) [kworker/0:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-13 23:09 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a87e8b44Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:04/1-12:56:31,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-12:56:31,2) [kthreadd] (root,0,0,00:00:00/1-12:56:31,3) [rcu_gp] (root,0,0,00:00:00/1-12:56:31,4) [rcu_par_gp] (root,0,0,00:00:00/1-12:56:31,5) [slub_flushwq] (root,0,0,00:00:00/1-12:56:31,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-12:56:31,9) [mm_percpu_wq] (root,0,0,00:00:00/1-12:56:31,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-12:56:31,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-12:56:31,12) [rcu_tasks_trace] (root,0,0,00:00:02/1-12:56:31,13) [ksoftirqd/0] (root,0,0,00:04:04/1-12:56:31,14) [rcu_preempt] (root,0,0,00:00:00/1-12:56:31,15) [migration/0] (root,0,0,00:00:00/1-12:56:31,16) [idle_inject/0] (root,0,0,00:00:00/1-12:56:31,18) [cpuhp/0] (root,0,0,00:00:00/1-12:56:31,19) [cpuhp/1] (root,0,0,00:00:00/1-12:56:31,20) [idle_inject/1] (root,0,0,00:00:00/1-12:56:31,21) [migration/1] (root,0,0,00:00:02/1-12:56:31,22) [ksoftirqd/1] (root,0,0,00:00:00/1-12:56:31,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-12:56:31,25) [cpuhp/2] (root,0,0,00:00:00/1-12:56:31,26) [idle_inject/2] (root,0,0,00:00:00/1-12:56:31,27) [migration/2] (root,0,0,00:02:37/1-12:56:31,28) [ksoftirqd/2] (root,0,0,00:00:00/1-12:56:31,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-12:56:31,31) [cpuhp/3] (root,0,0,00:00:00/1-12:56:31,32) [idle_inject/3] (root,0,0,00:00:00/1-12:56:31,33) [migration/3] (root,0,0,00:00:08/1-12:56:31,34) [ksoftirqd/3] (root,0,0,00:00:00/1-12:56:31,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-12:56:31,40) [kdevtmpfs] (root,0,0,00:00:00/1-12:56:31,41) [netns] (root,0,0,00:00:00/1-12:56:31,42) [inet_frag_wq] (root,0,0,00:00:00/1-12:56:31,43) [kauditd] (root,0,0,00:00:00/1-12:56:31,44) [khungtaskd] (root,0,0,00:00:00/1-12:56:31,45) [oom_reaper] (root,0,0,00:00:00/1-12:56:31,46) [writeback] (root,0,0,00:00:04/1-12:56:31,47) [kcompactd0] (root,0,0,00:00:00/1-12:56:31,48) [ksmd] (root,0,0,00:00:04/1-12:56:31,49) [khugepaged] (root,0,0,00:00:00/1-12:56:31,75) [kintegrityd] (root,0,0,00:00:00/1-12:56:31,76) [kblockd] (root,0,0,00:00:00/1-12:56:31,77) [blkcg_punt_bio] (root,0,0,00:00:00/1-12:56:31,79) [tpm_dev_wq] (root,0,0,00:00:00/1-12:56:31,80) [edac-poller] (root,0,0,00:00:00/1-12:56:31,81) [devfreq_wq] (root,0,0,00:00:00/1-12:56:31,110) [watchdogd] (root,0,0,00:00:00/1-12:56:31,111) [kswapd0] (root,0,0,00:00:00/1-12:56:31,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-12:56:29,115) [kthrotld] (root,0,0,00:00:00/1-12:56:29,116) [mld] (root,0,0,00:00:00/1-12:56:29,117) [ipv6_addrconf] (root,0,0,00:00:00/1-12:56:29,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-12:56:29,123) [kstrp] (root,0,0,00:00:00/1-12:56:29,124) [zswap-shrink] (root,0,0,00:00:00/1-12:56:29,125) [kworker/u9:0] (root,0,0,00:00:00/1-12:56:29,130) [charger_manager] (root,0,0,00:00:00/1-12:56:29,172) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-12:56:29,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-12:56:28,239) [kaluad] (root,0,0,00:00:00/1-12:56:28,258) [kmpath_rdacd] (root,0,0,00:00:00/1-12:56:28,304) [kmpathd] (root,0,0,00:00:00/1-12:56:28,305) [kmpath_handlerd] (root,0,0,00:00:00/1-12:56:27,342) [ata_sff] (root,0,0,00:00:00/1-12:56:27,343) [scsi_eh_0] (root,0,0,00:00:00/1-12:56:27,344) [scsi_tmf_0] (root,0,0,00:00:00/1-12:56:27,345) [scsi_eh_1] (root,0,0,00:00:00/1-12:56:27,346) [scsi_tmf_1] (root,0,0,00:00:02/1-12:56:24,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-12:56:24,367) [ext4-rsv-conver] (root,38604,7616,00:00:01/1-12:56:12,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/1-12:56:11,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:02/1-12:56:09,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/1-12:55:38,511) /sbin/auditd (messagebus,22932,5912,00:00:02/1-12:55:37,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:01/1-12:55:37,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/1-12:55:37,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/1-12:55:35,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/1-12:55:35,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22256,00:00:01/1-12:55:21,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/1-12:55:21,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:09/1-12:55:21,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/1-12:55:21,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/1-12:55:21,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/1-12:55:21,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/1-12:55:21,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:02/1-12:55:21,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:12/1-12:55:21,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/1-12:55:21,1352) bpfilter_umh (root,26204,8212,00:00:00/1-12:55:21,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/1-12:55:21,1359) ntpd: asynchronous dns resolver (spot,205052,167944,02:00:57/1-12:55:20,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/1-12:55:20,1371) (sd-pam) (checkmk,48528,3192,00:00:00/1-12:55:20,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/1-12:55:20,1373) (sd-pam) (root,24216,5268,00:00:00/1-12:55:18,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/1-12:55:18,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/1-12:55:18,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/1-12:55:15,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:05/1-12:55:14,1527) sshd: syslogtunnel (root,615564,69636,00:02:05/1-12:55:12,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/49:41,1585) [kworker/u8:0-writeback] (spot,206272,41348,00:00:50/1-12:55:00,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/05:23,2851) [kworker/3:1-ata_sff] (root,35308,10108,00:00:00/1-12:54:35,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:04/1-12:54:35,3218) sshd: cm-ssh (postfix,24244,8204,00:00:00/14:53,5964) pickup -l -t fifo -u (root,0,0,00:00:00/01:07:39,10989) [kworker/3:2-events] (root,0,0,00:00:00/32:34,11820) [kworker/2:2-events] (root,0,0,00:00:00/01:05:53,17596) [kworker/0:0-events] (root,0,0,00:00:00/10:31,20674) [kworker/2:1] (root,0,0,00:00:00/00:13,20880) [kworker/3:0-ata_sff] (root,6656,3488,00:00:00/00:00,21637) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,21655) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,21656) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:05:10,22963) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:07/06:55:53,25188) [kworker/1:2-events] (root,0,0,00:00:00/05:06:42,25538) [kworker/1:1] (root,0,0,00:00:01/04:12:22,31079) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-11 23:45 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836376862dc4Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12520,00:00:03/14:12:50,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/14:12:50,2) [kthreadd] (root,0,0,00:00:00/14:12:50,3) [rcu_gp] (root,0,0,00:00:00/14:12:50,4) [rcu_par_gp] (root,0,0,00:00:00/14:12:50,5) [slub_flushwq] (root,0,0,00:00:00/14:12:50,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/14:12:50,9) [mm_percpu_wq] (root,0,0,00:00:00/14:12:50,10) [rcu_tasks_kthre] (root,0,0,00:00:00/14:12:50,11) [rcu_tasks_rude_] (root,0,0,00:00:00/14:12:50,12) [rcu_tasks_trace] (root,0,0,00:00:00/14:12:50,13) [ksoftirqd/0] (root,0,0,00:01:32/14:12:50,14) [rcu_preempt] (root,0,0,00:00:00/14:12:50,15) [migration/0] (root,0,0,00:00:00/14:12:50,16) [idle_inject/0] (root,0,0,00:00:00/14:12:50,18) [cpuhp/0] (root,0,0,00:00:00/14:12:50,19) [cpuhp/1] (root,0,0,00:00:00/14:12:50,20) [idle_inject/1] (root,0,0,00:00:00/14:12:50,21) [migration/1] (root,0,0,00:00:00/14:12:50,22) [ksoftirqd/1] (root,0,0,00:00:00/14:12:50,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/14:12:50,25) [cpuhp/2] (root,0,0,00:00:00/14:12:50,26) [idle_inject/2] (root,0,0,00:00:00/14:12:50,27) [migration/2] (root,0,0,00:00:58/14:12:50,28) [ksoftirqd/2] (root,0,0,00:00:00/14:12:50,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/14:12:50,31) [cpuhp/3] (root,0,0,00:00:00/14:12:50,32) [idle_inject/3] (root,0,0,00:00:00/14:12:50,33) [migration/3] (root,0,0,00:00:02/14:12:50,34) [ksoftirqd/3] (root,0,0,00:00:00/14:12:50,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/14:12:50,40) [kdevtmpfs] (root,0,0,00:00:00/14:12:50,41) [netns] (root,0,0,00:00:00/14:12:50,42) [inet_frag_wq] (root,0,0,00:00:00/14:12:50,43) [kauditd] (root,0,0,00:00:00/14:12:50,44) [khungtaskd] (root,0,0,00:00:00/14:12:50,45) [oom_reaper] (root,0,0,00:00:00/14:12:50,46) [writeback] (root,0,0,00:00:01/14:12:50,47) [kcompactd0] (root,0,0,00:00:00/14:12:50,48) [ksmd] (root,0,0,00:00:01/14:12:50,49) [khugepaged] (root,0,0,00:00:00/14:12:50,75) [kintegrityd] (root,0,0,00:00:00/14:12:50,76) [kblockd] (root,0,0,00:00:00/14:12:50,77) [blkcg_punt_bio] (root,0,0,00:00:00/14:12:50,79) [tpm_dev_wq] (root,0,0,00:00:00/14:12:50,80) [edac-poller] (root,0,0,00:00:00/14:12:50,81) [devfreq_wq] (root,0,0,00:00:00/14:12:50,110) [watchdogd] (root,0,0,00:00:00/14:12:50,111) [kswapd0] (root,0,0,00:00:00/14:12:50,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/14:12:48,115) [kthrotld] (root,0,0,00:00:00/14:12:48,116) [mld] (root,0,0,00:00:00/14:12:48,117) [ipv6_addrconf] (root,0,0,00:00:00/14:12:48,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/14:12:48,123) [kstrp] (root,0,0,00:00:00/14:12:48,124) [zswap-shrink] (root,0,0,00:00:00/14:12:48,125) [kworker/u9:0] (root,0,0,00:00:00/14:12:48,130) [charger_manager] (root,0,0,00:00:00/14:12:48,172) [kworker/1:1H-kblockd] (root,0,0,00:00:00/14:12:48,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/14:12:47,239) [kaluad] (root,0,0,00:00:00/14:12:47,258) [kmpath_rdacd] (root,0,0,00:00:00/14:12:47,304) [kmpathd] (root,0,0,00:00:00/14:12:47,305) [kmpath_handlerd] (root,0,0,00:00:00/14:12:46,342) [ata_sff] (root,0,0,00:00:00/14:12:46,343) [scsi_eh_0] (root,0,0,00:00:00/14:12:46,344) [scsi_tmf_0] (root,0,0,00:00:00/14:12:46,345) [scsi_eh_1] (root,0,0,00:00:00/14:12:46,346) [scsi_tmf_1] (root,0,0,00:00:01/14:12:43,366) [jbd2/vda1-8] (root,0,0,00:00:00/14:12:43,367) [ext4-rsv-conver] (root,38604,7616,00:00:00/14:12:31,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/14:12:30,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:01/14:12:28,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/14:11:57,511) /sbin/auditd (messagebus,22932,5912,00:00:01/14:11:56,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8312,00:00:00/14:11:56,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/14:11:56,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/14:11:54,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/14:11:54,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22256,00:00:00/14:11:40,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/14:11:40,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:01/14:11:40,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/14:11:40,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/14:11:40,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/14:11:40,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/14:11:40,1343) /usr/lib/systemd/systemd --user (root,448724,7512,00:00:01/14:11:40,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:04/14:11:40,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/14:11:40,1352) bpfilter_umh (root,26204,8212,00:00:00/14:11:40,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/14:11:40,1359) ntpd: asynchronous dns resolver (spot,189596,151996,00:55:27/14:11:39,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/14:11:39,1371) (sd-pam) (checkmk,48528,3192,00:00:00/14:11:39,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/14:11:39,1373) (sd-pam) (root,24216,5268,00:00:00/14:11:37,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/14:11:37,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/14:11:37,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/14:11:34,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:02/14:11:33,1527) sshd: syslogtunnel (root,615564,67532,00:00:50/14:11:31,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41060,00:00:23/14:11:19,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:02,2827) [kworker/3:0-ata_sff] (root,35308,10108,00:00:00/14:10:54,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:01/14:10:54,3218) sshd: cm-ssh (root,6656,3484,00:00:00/00:00,3815) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,3833) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,3834) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8240,00:00:00/52:05,5166) pickup -l -t fifo -u (root,0,0,00:00:00/39:41,12661) [kworker/0:1-events] (root,0,0,00:00:00/02:46:29,16062) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/04:20:50,19016) [kworker/u8:2-flush-253:0] (root,0,0,00:00:03/04:20:50,19017) [kworker/1:1-events] (root,0,0,00:00:00/01:22:25,24102) [kworker/0:0-events] (root,0,0,00:00:00/08:11:36,24335) [kworker/2:2-events] (root,0,0,00:00:03/08:03:34,26151) [kworker/3:1-events] (root,0,0,00:00:00/17:14,26524) [kworker/2:0-mm_percpu_wq] (root,0,0,00:00:00/06:14,32295) [kworker/3:2-ata_sff] (root,0,0,00:00:00/06:10,32473) [kworker/1:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-11 01:01
Domain summary
No record