Host 141.9.2.184
Germany
Verein zur Foerderung eines Deutschen Forschungsnetzes e.V.
Software information
squid 2.5.STABLE12
tcp/8080
-
CheckMK monitoring endpoint publicly available
An open CheckMK agent is publicly available.
This could leak sensitive information such as :
- Process list ( maybe credentials )
- Network interfaces
- Running services
- Firewall rules
- Internal OS configuration
https://docs.checkmk.com/latest/en/wato_monitoringagents.html
First seen 2024-09-12 07:16
Last seen 2024-12-22 00:58
Open for 100 days-
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b374a382Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12584,00:01:36/39-14:35:55,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-14:35:55,2) [kthreadd] (root,0,0,00:00:00/39-14:35:55,3) [rcu_gp] (root,0,0,00:00:00/39-14:35:55,4) [rcu_par_gp] (root,0,0,00:00:00/39-14:35:55,5) [slub_flushwq] (root,0,0,00:00:00/39-14:35:55,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-14:35:55,9) [mm_percpu_wq] (root,0,0,00:00:00/39-14:35:55,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-14:35:55,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-14:35:55,12) [rcu_tasks_trace] (root,0,0,00:01:15/39-14:35:55,13) [ksoftirqd/0] (root,0,0,01:45:18/39-14:35:55,14) [rcu_preempt] (root,0,0,00:00:15/39-14:35:55,15) [migration/0] (root,0,0,00:00:00/39-14:35:55,16) [idle_inject/0] (root,0,0,00:00:00/39-14:35:55,18) [cpuhp/0] (root,0,0,00:00:00/39-14:35:55,19) [cpuhp/1] (root,0,0,00:00:00/39-14:35:55,20) [idle_inject/1] (root,0,0,00:00:15/39-14:35:55,21) [migration/1] (root,0,0,00:01:05/39-14:35:55,22) [ksoftirqd/1] (root,0,0,00:00:00/39-14:35:55,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-14:35:55,25) [cpuhp/2] (root,0,0,00:00:00/39-14:35:55,26) [idle_inject/2] (root,0,0,00:00:12/39-14:35:55,27) [migration/2] (root,0,0,01:14:06/39-14:35:55,28) [ksoftirqd/2] (root,0,0,00:00:00/39-14:35:55,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-14:35:55,31) [cpuhp/3] (root,0,0,00:00:00/39-14:35:55,32) [idle_inject/3] (root,0,0,00:00:14/39-14:35:55,33) [migration/3] (root,0,0,00:03:31/39-14:35:55,34) [ksoftirqd/3] (root,0,0,00:00:00/39-14:35:55,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-14:35:55,39) [kdevtmpfs] (root,0,0,00:00:00/39-14:35:55,40) [netns] (root,0,0,00:00:00/39-14:35:55,41) [inet_frag_wq] (root,0,0,00:00:09/39-14:35:55,42) [kauditd] (root,0,0,00:00:00/39-14:35:55,43) [khungtaskd] (root,0,0,00:00:00/39-14:35:55,44) [oom_reaper] (root,0,0,00:00:00/39-14:35:55,45) [writeback] (root,0,0,00:01:56/39-14:35:55,46) [kcompactd0] (root,0,0,00:00:00/39-14:35:55,47) [ksmd] (root,0,0,00:01:57/39-14:35:55,48) [khugepaged] (root,0,0,00:00:00/39-14:35:55,74) [kintegrityd] (root,0,0,00:00:00/39-14:35:55,75) [kblockd] (root,0,0,00:00:00/39-14:35:55,76) [blkcg_punt_bio] (root,0,0,00:00:00/39-14:35:55,78) [tpm_dev_wq] (root,0,0,00:00:00/39-14:35:55,79) [edac-poller] (root,0,0,00:00:00/39-14:35:55,80) [devfreq_wq] (root,0,0,00:00:00/39-14:35:55,110) [watchdogd] (root,0,0,00:00:08/39-14:35:55,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/39-14:35:55,112) [kswapd0] (root,0,0,00:00:00/39-14:35:54,114) [kthrotld] (root,0,0,00:00:00/39-14:35:54,115) [mld] (root,0,0,00:00:00/39-14:35:54,116) [ipv6_addrconf] (root,0,0,00:00:17/39-14:35:54,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/39-14:35:54,122) [kstrp] (root,0,0,00:00:00/39-14:35:54,123) [zswap-shrink] (root,0,0,00:00:00/39-14:35:54,124) [kworker/u9:0] (root,0,0,00:00:00/39-14:35:54,129) [charger_manager] (root,0,0,00:00:08/39-14:35:53,172) [kworker/3:1H-kblockd] (root,0,0,00:00:09/39-14:35:53,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-14:35:53,205) [kaluad] (root,0,0,00:00:00/39-14:35:53,250) [kmpath_rdacd] (root,0,0,00:00:00/39-14:35:53,293) [kmpathd] (root,0,0,00:00:00/39-14:35:53,294) [kmpath_handlerd] (root,0,0,00:00:00/39-14:35:53,342) [ata_sff] (root,0,0,00:00:00/39-14:35:52,343) [scsi_eh_0] (root,0,0,00:00:00/39-14:35:52,344) [scsi_tmf_0] (root,0,0,00:00:00/39-14:35:52,345) [scsi_eh_1] (root,0,0,00:00:00/39-14:35:52,346) [scsi_tmf_1] (root,0,0,00:01:05/39-14:35:50,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-14:35:50,367) [ext4-rsv-conver] (root,38604,7788,00:00:54/39-14:35:38,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/39-14:35:37,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:59/39-14:35:35,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:19/39-14:35:01,512) /sbin/auditd (messagebus,22936,5548,00:01:45/39-14:35:01,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:01:01/39-14:35:01,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/39-14:35:01,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/39-14:35:00,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/39-14:35:00,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:44/39-14:34:46,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/39-14:34:46,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:45/39-14:34:45,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/39-14:34:45,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/39-14:34:45,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/39-14:34:45,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/39-14:34:45,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:50/39-14:34:45,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:23/39-14:34:45,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/39-14:34:45,1206) bpfilter_umh (root,26204,8212,00:00:16/39-14:34:45,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/39-14:34:45,1215) ntpd: asynchronous dns resolver (spot,299376,183068,2-02:58:36/39-14:34:45,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/39-14:34:44,1228) (sd-pam) (checkmk,48532,3192,00:00:00/39-14:34:44,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/39-14:34:44,1245) (sd-pam) (root,24216,5344,00:00:13/39-14:34:43,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/39-14:34:43,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/39-14:34:42,1354) /usr/sbin/cron -n (root,698484,82656,00:51:44/39-14:34:36,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,66924,00:17:03/39-14:34:22,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/01:58:44,2674) [kworker/0:2-mm_percpu_wq] (root,0,0,00:00:00/39:25,5528) [kworker/1:2-events] (root,0,0,00:00:00/05:12,7221) [kworker/3:0-events] (root,0,0,00:00:00/01:33:00,9266) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/01:13,10883) [kworker/0:1] (root,0,0,00:00:00/24:13,12385) [kworker/0:0-cgroup_destroy] (postfix,24244,8292,00:00:00/03:14,13685) pickup -l -t fifo -u (root,0,0,00:00:00/02:06:46,15256) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/33-12:25:38,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:51/33-12:25:37,15391) sshd: cm-ssh (root,0,0,00:00:00/03:06,15706) [kworker/1:1-ata_sff] (root,35308,10072,00:00:00/23-13:54:16,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:22/23-13:54:15,16977) sshd: syslogtunnel (root,0,0,00:00:00/44:14,19043) [kworker/3:2-cgroup_destroy] (root,6764,3612,00:00:00/00:01,23246) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:01,23636) /bin/bash /usr/bin/check_mk_agent (root,16140,10528,00:00:00/00:01,23661) python ././remotecheck (root,6656,3488,00:00:00/00:00,23672) /bin/bash /usr/bin/check_mk_agent (root,0,0,00:00:00/00:00,23716) [check_spot_data] <defunct> (root,13744,3488,00:00:00/00:00,23728) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,23729) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,6656,1824,00:00:00/00:00,23730) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,23731) /bin/bash /usr/bin/check_mk_agent (root,4480,1184,00:00:00/00:00,23732) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,824,00:00:00/00:00,23733) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,664,00:00:00/00:00,23735) cat /proc/net/tcp /proc/net/tcp6 (root,0,0,00:00:00/11:36,24965) [kworker/2:0-events] (root,0,0,00:00:00/20:07,29419) [kworker/2:2-cgroup_destroy] (postfix,44628,9272,00:00:01/33-19:11:23,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/08:19,31013) [kworker/1:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-22 00:58 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a3d4c98aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:26/37-14:10:41,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-14:10:41,2) [kthreadd] (root,0,0,00:00:00/37-14:10:41,3) [rcu_gp] (root,0,0,00:00:00/37-14:10:41,4) [rcu_par_gp] (root,0,0,00:00:00/37-14:10:41,5) [slub_flushwq] (root,0,0,00:00:00/37-14:10:41,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-14:10:41,9) [mm_percpu_wq] (root,0,0,00:00:00/37-14:10:41,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-14:10:41,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-14:10:41,12) [rcu_tasks_trace] (root,0,0,00:01:09/37-14:10:41,13) [ksoftirqd/0] (root,0,0,01:39:43/37-14:10:41,14) [rcu_preempt] (root,0,0,00:00:14/37-14:10:41,15) [migration/0] (root,0,0,00:00:00/37-14:10:41,16) [idle_inject/0] (root,0,0,00:00:00/37-14:10:41,18) [cpuhp/0] (root,0,0,00:00:00/37-14:10:41,19) [cpuhp/1] (root,0,0,00:00:00/37-14:10:41,20) [idle_inject/1] (root,0,0,00:00:14/37-14:10:41,21) [migration/1] (root,0,0,00:01:00/37-14:10:41,22) [ksoftirqd/1] (root,0,0,00:00:00/37-14:10:41,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-14:10:41,25) [cpuhp/2] (root,0,0,00:00:00/37-14:10:41,26) [idle_inject/2] (root,0,0,00:00:11/37-14:10:41,27) [migration/2] (root,0,0,01:10:41/37-14:10:41,28) [ksoftirqd/2] (root,0,0,00:00:00/37-14:10:41,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-14:10:41,31) [cpuhp/3] (root,0,0,00:00:00/37-14:10:41,32) [idle_inject/3] (root,0,0,00:00:14/37-14:10:41,33) [migration/3] (root,0,0,00:03:20/37-14:10:41,34) [ksoftirqd/3] (root,0,0,00:00:00/37-14:10:41,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-14:10:41,39) [kdevtmpfs] (root,0,0,00:00:00/37-14:10:41,40) [netns] (root,0,0,00:00:00/37-14:10:41,41) [inet_frag_wq] (root,0,0,00:00:08/37-14:10:41,42) [kauditd] (root,0,0,00:00:00/37-14:10:41,43) [khungtaskd] (root,0,0,00:00:00/37-14:10:41,44) [oom_reaper] (root,0,0,00:00:00/37-14:10:41,45) [writeback] (root,0,0,00:01:50/37-14:10:41,46) [kcompactd0] (root,0,0,00:00:00/37-14:10:41,47) [ksmd] (root,0,0,00:01:50/37-14:10:41,48) [khugepaged] (root,0,0,00:00:00/37-14:10:41,74) [kintegrityd] (root,0,0,00:00:00/37-14:10:41,75) [kblockd] (root,0,0,00:00:00/37-14:10:41,76) [blkcg_punt_bio] (root,0,0,00:00:00/37-14:10:41,78) [tpm_dev_wq] (root,0,0,00:00:00/37-14:10:41,79) [edac-poller] (root,0,0,00:00:00/37-14:10:41,80) [devfreq_wq] (root,0,0,00:00:00/37-14:10:41,110) [watchdogd] (root,0,0,00:00:07/37-14:10:41,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/37-14:10:41,112) [kswapd0] (root,0,0,00:00:00/37-14:10:40,114) [kthrotld] (root,0,0,00:00:00/37-14:10:40,115) [mld] (root,0,0,00:00:00/37-14:10:40,116) [ipv6_addrconf] (root,0,0,00:00:16/37-14:10:40,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/37-14:10:40,122) [kstrp] (root,0,0,00:00:00/37-14:10:40,123) [zswap-shrink] (root,0,0,00:00:00/37-14:10:40,124) [kworker/u9:0] (root,0,0,00:00:00/37-14:10:40,129) [charger_manager] (root,0,0,00:00:08/37-14:10:39,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/37-14:10:39,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-14:10:39,205) [kaluad] (root,0,0,00:00:00/37-14:10:39,250) [kmpath_rdacd] (root,0,0,00:00:00/37-14:10:39,293) [kmpathd] (root,0,0,00:00:00/37-14:10:39,294) [kmpath_handlerd] (root,0,0,00:00:00/37-14:10:39,342) [ata_sff] (root,0,0,00:00:00/37-14:10:38,343) [scsi_eh_0] (root,0,0,00:00:00/37-14:10:38,344) [scsi_tmf_0] (root,0,0,00:00:00/37-14:10:38,345) [scsi_eh_1] (root,0,0,00:00:00/37-14:10:38,346) [scsi_tmf_1] (root,0,0,00:01:01/37-14:10:36,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-14:10:36,367) [ext4-rsv-conver] (root,38604,7788,00:00:48/37-14:10:24,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/37-14:10:23,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:56/37-14:10:21,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:17/37-14:09:47,512) /sbin/auditd (messagebus,22936,5548,00:01:32/37-14:09:47,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:54/37-14:09:47,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/37-14:09:47,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/37-14:09:46,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/37-14:09:46,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:42/37-14:09:32,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/37-14:09:32,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:32/37-14:09:31,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/37-14:09:31,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/37-14:09:31,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/37-14:09:31,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/37-14:09:31,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:46/37-14:09:31,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:06/37-14:09:31,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/37-14:09:31,1206) bpfilter_umh (root,26204,8212,00:00:14/37-14:09:31,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/37-14:09:31,1215) ntpd: asynchronous dns resolver (spot,296384,182140,1-23:14:20/37-14:09:31,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/37-14:09:30,1228) (sd-pam) (checkmk,48532,3192,00:00:00/37-14:09:30,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/37-14:09:30,1245) (sd-pam) (root,24216,5344,00:00:12/37-14:09:29,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/37-14:09:29,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/37-14:09:28,1354) /usr/sbin/cron -n (root,698484,82412,00:49:06/37-14:09:22,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66044,00:16:08/37-14:09:08,1380) /usr/bin/python3.11 /usr/bin/spot (root,6656,3480,00:00:00/00:00,2046) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,2064) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,2065) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/10:17,2838) [kworker/3:1-events] (root,0,0,00:00:00/09:42,4583) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/09:20,6208) [kworker/1:2-ata_sff] (root,0,0,00:00:00/08:11,10180) [kworker/2:2-events] (root,35308,10012,00:00:00/31-12:00:24,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:44/31-12:00:23,15391) sshd: cm-ssh (root,0,0,00:00:00/17:23,16397) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10072,00:00:00/21-13:29:02,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:14/21-13:29:01,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:52:43,17446) [kworker/0:2-events] (root,0,0,00:00:00/16:24,18386) [kworker/3:2-events] (root,0,0,00:00:00/01:01:13,21022) [kworker/1:1-events] (root,0,0,00:00:00/04:08,21821) [kworker/1:0-ata_sff] (root,0,0,00:00:00/26:37,26953) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/02:22,27235) [kworker/u8:2-flush-253:0] (postfix,44628,9272,00:00:01/31-18:46:09,30472) tlsmgr -l -t unix -u (root,0,0,00:00:02/01:56:43,32596) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-20 00:32 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ed5503d2Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:22/35-15:26:36,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/35-15:26:36,2) [kthreadd] (root,0,0,00:00:00/35-15:26:36,3) [rcu_gp] (root,0,0,00:00:00/35-15:26:36,4) [rcu_par_gp] (root,0,0,00:00:00/35-15:26:36,5) [slub_flushwq] (root,0,0,00:00:00/35-15:26:36,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-15:26:36,9) [mm_percpu_wq] (root,0,0,00:00:00/35-15:26:36,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-15:26:36,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-15:26:36,12) [rcu_tasks_trace] (root,0,0,00:01:05/35-15:26:36,13) [ksoftirqd/0] (root,0,0,01:34:31/35-15:26:36,14) [rcu_preempt] (root,0,0,00:00:13/35-15:26:36,15) [migration/0] (root,0,0,00:00:00/35-15:26:36,16) [idle_inject/0] (root,0,0,00:00:00/35-15:26:36,18) [cpuhp/0] (root,0,0,00:00:00/35-15:26:36,19) [cpuhp/1] (root,0,0,00:00:00/35-15:26:36,20) [idle_inject/1] (root,0,0,00:00:14/35-15:26:36,21) [migration/1] (root,0,0,00:00:57/35-15:26:36,22) [ksoftirqd/1] (root,0,0,00:00:00/35-15:26:36,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-15:26:36,25) [cpuhp/2] (root,0,0,00:00:00/35-15:26:36,26) [idle_inject/2] (root,0,0,00:00:11/35-15:26:36,27) [migration/2] (root,0,0,01:07:42/35-15:26:36,28) [ksoftirqd/2] (root,0,0,00:00:00/35-15:26:36,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-15:26:36,31) [cpuhp/3] (root,0,0,00:00:00/35-15:26:36,32) [idle_inject/3] (root,0,0,00:00:13/35-15:26:36,33) [migration/3] (root,0,0,00:03:11/35-15:26:36,34) [ksoftirqd/3] (root,0,0,00:00:00/35-15:26:36,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-15:26:36,39) [kdevtmpfs] (root,0,0,00:00:00/35-15:26:36,40) [netns] (root,0,0,00:00:00/35-15:26:36,41) [inet_frag_wq] (root,0,0,00:00:07/35-15:26:36,42) [kauditd] (root,0,0,00:00:00/35-15:26:36,43) [khungtaskd] (root,0,0,00:00:00/35-15:26:36,44) [oom_reaper] (root,0,0,00:00:00/35-15:26:36,45) [writeback] (root,0,0,00:01:45/35-15:26:36,46) [kcompactd0] (root,0,0,00:00:00/35-15:26:36,47) [ksmd] (root,0,0,00:01:43/35-15:26:36,48) [khugepaged] (root,0,0,00:00:00/35-15:26:36,74) [kintegrityd] (root,0,0,00:00:00/35-15:26:36,75) [kblockd] (root,0,0,00:00:00/35-15:26:36,76) [blkcg_punt_bio] (root,0,0,00:00:00/35-15:26:36,78) [tpm_dev_wq] (root,0,0,00:00:00/35-15:26:36,79) [edac-poller] (root,0,0,00:00:00/35-15:26:36,80) [devfreq_wq] (root,0,0,00:00:00/35-15:26:36,110) [watchdogd] (root,0,0,00:00:07/35-15:26:36,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/35-15:26:36,112) [kswapd0] (root,0,0,00:00:00/35-15:26:35,114) [kthrotld] (root,0,0,00:00:00/35-15:26:35,115) [mld] (root,0,0,00:00:00/35-15:26:35,116) [ipv6_addrconf] (root,0,0,00:00:15/35-15:26:35,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/35-15:26:35,122) [kstrp] (root,0,0,00:00:00/35-15:26:35,123) [zswap-shrink] (root,0,0,00:00:00/35-15:26:35,124) [kworker/u9:0] (root,0,0,00:00:00/35-15:26:35,129) [charger_manager] (root,0,0,00:00:07/35-15:26:34,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/35-15:26:34,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-15:26:34,205) [kaluad] (root,0,0,00:00:00/35-15:26:34,250) [kmpath_rdacd] (root,0,0,00:00:00/35-15:26:34,293) [kmpathd] (root,0,0,00:00:00/35-15:26:34,294) [kmpath_handlerd] (root,0,0,00:00:00/35-15:26:34,342) [ata_sff] (root,0,0,00:00:00/35-15:26:33,343) [scsi_eh_0] (root,0,0,00:00:00/35-15:26:33,344) [scsi_tmf_0] (root,0,0,00:00:00/35-15:26:33,345) [scsi_eh_1] (root,0,0,00:00:00/35-15:26:33,346) [scsi_tmf_1] (root,0,0,00:00:58/35-15:26:31,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-15:26:31,367) [ext4-rsv-conver] (root,38604,7788,00:00:46/35-15:26:19,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/35-15:26:18,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:53/35-15:26:16,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/35-15:25:42,512) /sbin/auditd (messagebus,22936,5548,00:01:28/35-15:25:42,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:51/35-15:25:42,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/35-15:25:42,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/35-15:25:41,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/35-15:25:41,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32960,00:00:40/35-15:25:27,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/35-15:25:27,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:21/35-15:25:26,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/35-15:25:26,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/35-15:25:26,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/35-15:25:26,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/35-15:25:26,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:44/35-15:25:26,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:50/35-15:25:26,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/35-15:25:26,1206) bpfilter_umh (root,26204,8212,00:00:13/35-15:25:26,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/35-15:25:26,1215) ntpd: asynchronous dns resolver (spot,293928,180116,1-20:13:38/35-15:25:26,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/35-15:25:25,1228) (sd-pam) (checkmk,48532,3192,00:00:00/35-15:25:25,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/35-15:25:25,1245) (sd-pam) (root,24216,5344,00:00:11/35-15:25:24,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/35-15:25:24,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/35-15:25:23,1354) /usr/sbin/cron -n (root,698228,81996,00:46:35/35-15:25:17,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,223680,64168,00:15:16/35-15:25:03,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:44,4119) [kworker/1:1-ata_sff] (root,0,0,00:00:00/12:05,4297) [kworker/1:2-events] (root,6656,3484,00:00:00/00:00,8118) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,8136) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,8137) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:18:18,10630) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/29-13:16:19,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:38/29-13:16:18,15391) sshd: cm-ssh (root,0,0,00:00:00/05:01:52,15974) [kworker/u8:1-writeback] (postfix,24244,8228,00:00:00/01:37:44,16513) pickup -l -t fifo -u (root,35308,10072,00:00:00/19-14:44:57,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:07/19-14:44:56,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:03:17,19051) [kworker/0:0-events] (root,0,0,00:00:00/07:03,20339) [kworker/3:2-events] (root,0,0,00:00:00/06:54,20978) [kworker/1:0-ata_sff] (root,0,0,00:00:00/14:49,27958) [kworker/2:0-events] (root,0,0,00:00:00/02:48:38,29889) [kworker/3:0-events] (postfix,44628,9272,00:00:01/29-20:02:04,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:57:07,31877) [kworker/0:1-events] (root,0,0,00:00:00/40:04,32365) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-18 01:48 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f7dbe9daFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:18/33-13:32:02,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/33-13:32:02,2) [kthreadd] (root,0,0,00:00:00/33-13:32:02,3) [rcu_gp] (root,0,0,00:00:00/33-13:32:02,4) [rcu_par_gp] (root,0,0,00:00:00/33-13:32:02,5) [slub_flushwq] (root,0,0,00:00:00/33-13:32:02,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-13:32:02,9) [mm_percpu_wq] (root,0,0,00:00:00/33-13:32:02,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-13:32:02,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-13:32:02,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-13:32:02,13) [ksoftirqd/0] (root,0,0,01:29:08/33-13:32:02,14) [rcu_preempt] (root,0,0,00:00:12/33-13:32:02,15) [migration/0] (root,0,0,00:00:00/33-13:32:02,16) [idle_inject/0] (root,0,0,00:00:00/33-13:32:02,18) [cpuhp/0] (root,0,0,00:00:00/33-13:32:02,19) [cpuhp/1] (root,0,0,00:00:00/33-13:32:02,20) [idle_inject/1] (root,0,0,00:00:13/33-13:32:02,21) [migration/1] (root,0,0,00:00:54/33-13:32:02,22) [ksoftirqd/1] (root,0,0,00:00:00/33-13:32:02,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-13:32:02,25) [cpuhp/2] (root,0,0,00:00:00/33-13:32:02,26) [idle_inject/2] (root,0,0,00:00:10/33-13:32:02,27) [migration/2] (root,0,0,01:04:52/33-13:32:02,28) [ksoftirqd/2] (root,0,0,00:00:00/33-13:32:02,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-13:32:02,31) [cpuhp/3] (root,0,0,00:00:00/33-13:32:02,32) [idle_inject/3] (root,0,0,00:00:12/33-13:32:02,33) [migration/3] (root,0,0,00:03:01/33-13:32:02,34) [ksoftirqd/3] (root,0,0,00:00:00/33-13:32:02,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-13:32:02,39) [kdevtmpfs] (root,0,0,00:00:00/33-13:32:02,40) [netns] (root,0,0,00:00:00/33-13:32:02,41) [inet_frag_wq] (root,0,0,00:00:07/33-13:32:02,42) [kauditd] (root,0,0,00:00:00/33-13:32:02,43) [khungtaskd] (root,0,0,00:00:00/33-13:32:02,44) [oom_reaper] (root,0,0,00:00:00/33-13:32:02,45) [writeback] (root,0,0,00:01:38/33-13:32:02,46) [kcompactd0] (root,0,0,00:00:00/33-13:32:02,47) [ksmd] (root,0,0,00:01:37/33-13:32:02,48) [khugepaged] (root,0,0,00:00:00/33-13:32:02,74) [kintegrityd] (root,0,0,00:00:00/33-13:32:02,75) [kblockd] (root,0,0,00:00:00/33-13:32:02,76) [blkcg_punt_bio] (root,0,0,00:00:00/33-13:32:02,78) [tpm_dev_wq] (root,0,0,00:00:00/33-13:32:02,79) [edac-poller] (root,0,0,00:00:00/33-13:32:02,80) [devfreq_wq] (root,0,0,00:00:00/33-13:32:02,110) [watchdogd] (root,0,0,00:00:07/33-13:32:02,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/33-13:32:02,112) [kswapd0] (root,0,0,00:00:00/33-13:32:01,114) [kthrotld] (root,0,0,00:00:00/33-13:32:01,115) [mld] (root,0,0,00:00:00/33-13:32:01,116) [ipv6_addrconf] (root,0,0,00:00:14/33-13:32:01,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/33-13:32:01,122) [kstrp] (root,0,0,00:00:00/33-13:32:01,123) [zswap-shrink] (root,0,0,00:00:00/33-13:32:01,124) [kworker/u9:0] (root,0,0,00:00:00/33-13:32:01,129) [charger_manager] (root,0,0,00:00:07/33-13:32:00,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/33-13:32:00,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-13:32:00,205) [kaluad] (root,0,0,00:00:00/33-13:32:00,250) [kmpath_rdacd] (root,0,0,00:00:00/33-13:32:00,293) [kmpathd] (root,0,0,00:00:00/33-13:32:00,294) [kmpath_handlerd] (root,0,0,00:00:00/33-13:32:00,342) [ata_sff] (root,0,0,00:00:00/33-13:31:59,343) [scsi_eh_0] (root,0,0,00:00:00/33-13:31:59,344) [scsi_tmf_0] (root,0,0,00:00:00/33-13:31:59,345) [scsi_eh_1] (root,0,0,00:00:00/33-13:31:59,346) [scsi_tmf_1] (root,0,0,00:00:54/33-13:31:57,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-13:31:57,367) [ext4-rsv-conver] (root,38604,7788,00:00:44/33-13:31:45,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/33-13:31:44,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:50/33-13:31:42,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/33-13:31:08,512) /sbin/auditd (messagebus,22936,5548,00:01:25/33-13:31:08,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:49/33-13:31:08,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/33-13:31:08,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/33-13:31:07,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/33-13:31:07,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/02:23:41,727) [kworker/u8:2-events_unbound] (root,548360,32524,00:00:38/33-13:30:53,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/33-13:30:53,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:09/33-13:30:52,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/33-13:30:52,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/33-13:30:52,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/33-13:30:52,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/33-13:30:52,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:42/33-13:30:52,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:34/33-13:30:52,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/33-13:30:52,1206) bpfilter_umh (root,26204,8212,00:00:13/33-13:30:52,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/33-13:30:52,1215) ntpd: asynchronous dns resolver (spot,292696,179852,1-17:45:34/33-13:30:52,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/33-13:30:51,1228) (sd-pam) (checkmk,48532,3192,00:00:00/33-13:30:51,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/33-13:30:51,1245) (sd-pam) (root,24216,5344,00:00:11/33-13:30:50,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/33-13:30:50,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/33-13:30:49,1354) /usr/sbin/cron -n (root,697972,81832,00:43:53/33-13:30:43,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,222656,63536,00:14:26/33-13:30:29,1380) /usr/bin/python3.11 /usr/bin/spot (postfix,24244,8284,00:00:00/04:02,2257) pickup -l -t fifo -u (root,0,0,00:00:00/03:47,3835) [kworker/u8:0] (root,0,0,00:00:00/03:47,3836) [kworker/3:1-cgroup_destroy] (root,0,0,00:00:00/38:41,7073) [kworker/u8:1-writeback] (root,0,0,00:00:00/02:41,10122) [kworker/1:0-ata_sff] (root,0,0,00:00:00/07:52,12958) [kworker/1:1-events] (root,35308,10012,00:00:00/27-11:21:45,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:31/27-11:21:44,15391) sshd: cm-ssh (root,35308,10072,00:00:00/17-12:50:23,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:00/17-12:50:22,16977) sshd: syslogtunnel (root,0,0,00:00:00/02:02:19,18088) [kworker/3:2-inet_frag_wq] (root,0,0,00:00:00/55:43,19428) [kworker/0:2-events] (root,6656,3480,00:00:00/00:00,23855) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,23874) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,23875) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:04/02:31:59,24863) [kworker/2:1-events] (root,0,0,00:00:00/33:48,25067) [kworker/1:2-ata_sff] (root,0,0,00:00:02/02:54:17,29457) [kworker/3:0-events] (postfix,44628,9316,00:00:01/27-18:07:30,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:03:10,31017) [kworker/0:1-events] (root,0,0,00:00:00/32:21,31459) [kworker/2:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-15 23:54 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363bc5df714Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:15/31-13:44:06,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-13:44:06,2) [kthreadd] (root,0,0,00:00:00/31-13:44:06,3) [rcu_gp] (root,0,0,00:00:00/31-13:44:06,4) [rcu_par_gp] (root,0,0,00:00:00/31-13:44:06,5) [slub_flushwq] (root,0,0,00:00:00/31-13:44:06,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-13:44:06,9) [mm_percpu_wq] (root,0,0,00:00:00/31-13:44:06,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-13:44:06,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-13:44:06,12) [rcu_tasks_trace] (root,0,0,00:00:58/31-13:44:06,13) [ksoftirqd/0] (root,0,0,01:23:57/31-13:44:06,14) [rcu_preempt] (root,0,0,00:00:12/31-13:44:06,15) [migration/0] (root,0,0,00:00:00/31-13:44:06,16) [idle_inject/0] (root,0,0,00:00:00/31-13:44:06,18) [cpuhp/0] (root,0,0,00:00:00/31-13:44:06,19) [cpuhp/1] (root,0,0,00:00:00/31-13:44:06,20) [idle_inject/1] (root,0,0,00:00:12/31-13:44:06,21) [migration/1] (root,0,0,00:00:50/31-13:44:06,22) [ksoftirqd/1] (root,0,0,00:00:00/31-13:44:06,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-13:44:06,25) [cpuhp/2] (root,0,0,00:00:00/31-13:44:06,26) [idle_inject/2] (root,0,0,00:00:09/31-13:44:06,27) [migration/2] (root,0,0,01:01:48/31-13:44:06,28) [ksoftirqd/2] (root,0,0,00:00:00/31-13:44:06,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-13:44:06,31) [cpuhp/3] (root,0,0,00:00:00/31-13:44:06,32) [idle_inject/3] (root,0,0,00:00:11/31-13:44:06,33) [migration/3] (root,0,0,00:02:51/31-13:44:06,34) [ksoftirqd/3] (root,0,0,00:00:00/31-13:44:06,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-13:44:06,39) [kdevtmpfs] (root,0,0,00:00:00/31-13:44:06,40) [netns] (root,0,0,00:00:00/31-13:44:06,41) [inet_frag_wq] (root,0,0,00:00:07/31-13:44:06,42) [kauditd] (root,0,0,00:00:00/31-13:44:06,43) [khungtaskd] (root,0,0,00:00:00/31-13:44:06,44) [oom_reaper] (root,0,0,00:00:00/31-13:44:06,45) [writeback] (root,0,0,00:01:32/31-13:44:06,46) [kcompactd0] (root,0,0,00:00:00/31-13:44:06,47) [ksmd] (root,0,0,00:01:31/31-13:44:06,48) [khugepaged] (root,0,0,00:00:00/31-13:44:06,74) [kintegrityd] (root,0,0,00:00:00/31-13:44:06,75) [kblockd] (root,0,0,00:00:00/31-13:44:06,76) [blkcg_punt_bio] (root,0,0,00:00:00/31-13:44:06,78) [tpm_dev_wq] (root,0,0,00:00:00/31-13:44:06,79) [edac-poller] (root,0,0,00:00:00/31-13:44:06,80) [devfreq_wq] (root,0,0,00:00:00/31-13:44:06,110) [watchdogd] (root,0,0,00:00:06/31-13:44:06,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/31-13:44:06,112) [kswapd0] (root,0,0,00:00:00/31-13:44:05,114) [kthrotld] (root,0,0,00:00:00/31-13:44:05,115) [mld] (root,0,0,00:00:00/31-13:44:05,116) [ipv6_addrconf] (root,0,0,00:00:13/31-13:44:05,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/31-13:44:05,122) [kstrp] (root,0,0,00:00:00/31-13:44:05,123) [zswap-shrink] (root,0,0,00:00:00/31-13:44:05,124) [kworker/u9:0] (root,0,0,00:00:00/31-13:44:05,129) [charger_manager] (root,0,0,00:00:07/31-13:44:04,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/31-13:44:04,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-13:44:04,205) [kaluad] (root,0,0,00:00:00/31-13:44:04,250) [kmpath_rdacd] (root,0,0,00:00:00/31-13:44:04,293) [kmpathd] (root,0,0,00:00:00/31-13:44:04,294) [kmpath_handlerd] (root,0,0,00:00:00/31-13:44:04,342) [ata_sff] (root,0,0,00:00:00/31-13:44:03,343) [scsi_eh_0] (root,0,0,00:00:00/31-13:44:03,344) [scsi_tmf_0] (root,0,0,00:00:00/31-13:44:03,345) [scsi_eh_1] (root,0,0,00:00:00/31-13:44:03,346) [scsi_tmf_1] (root,0,0,00:00:51/31-13:44:01,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-13:44:01,367) [ext4-rsv-conver] (root,38604,7788,00:00:42/31-13:43:49,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/31-13:43:48,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:47/31-13:43:46,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:15/31-13:43:12,512) /sbin/auditd (messagebus,22936,5548,00:01:22/31-13:43:12,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:47/31-13:43:12,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/31-13:43:12,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/31-13:43:11,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/31-13:43:11,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:35/31-13:42:57,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/31-13:42:57,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:02:57/31-13:42:56,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/31-13:42:56,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/31-13:42:56,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/31-13:42:56,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/31-13:42:56,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:40/31-13:42:56,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:18/31-13:42:56,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/31-13:42:56,1206) bpfilter_umh (root,26204,8212,00:00:12/31-13:42:56,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/31-13:42:56,1215) ntpd: asynchronous dns resolver (spot,286728,173788,1-15:29:44/31-13:42:56,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/31-13:42:55,1228) (sd-pam) (checkmk,48532,3192,00:00:00/31-13:42:55,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/31-13:42:55,1245) (sd-pam) (root,24216,5344,00:00:10/31-13:42:54,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/31-13:42:54,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/31-13:42:53,1354) /usr/sbin/cron -n (root,697972,81512,00:41:18/31-13:42:47,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,221632,61380,00:13:37/31-13:42:33,1380) /usr/bin/python3.11 /usr/bin/spot (root,6656,3488,00:00:00/00:00,2990) /bin/bash /usr/bin/check_mk_agent (root,13744,3372,00:00:00/00:00,3008) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,3009) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/03:51,9372) [kworker/1:0-ata_sff] (root,0,0,00:00:03/01:59:52,11542) [kworker/2:0-events] (root,35308,10012,00:00:00/25-11:33:49,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:24/25-11:33:48,15391) sshd: cm-ssh (root,0,0,00:00:00/02:10:44,16327) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10072,00:00:00/15-13:02:27,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:53/15-13:02:26,16977) sshd: syslogtunnel (root,0,0,00:00:00/09:03,20275) [kworker/1:2-events] (root,0,0,00:00:00/01:06:08,22377) [kworker/0:1-events] (root,0,0,00:00:00/01:00:19,24430) [kworker/3:0-events] (root,0,0,00:00:00/30:37,25324) [kworker/3:1] (root,0,0,00:00:00/08:33,28354) [kworker/0:0-events] (postfix,24244,8252,00:00:00/38:01,28439) pickup -l -t fifo -u (root,0,0,00:00:00/01:37:29,29649) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/01:04,29868) [kworker/2:1-mm_percpu_wq] (postfix,44628,9316,00:00:01/25-18:19:34,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/00:47,30973) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/19:27,31624) [kworker/1:1-ata_sff] (root,0,0,00:00:00/51:17,31712) [kworker/u8:1-ext4-rsv-conversion] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-14 00:06 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363904c8a1dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:12/29-14:40:55,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-14:40:55,2) [kthreadd] (root,0,0,00:00:00/29-14:40:55,3) [rcu_gp] (root,0,0,00:00:00/29-14:40:55,4) [rcu_par_gp] (root,0,0,00:00:00/29-14:40:55,5) [slub_flushwq] (root,0,0,00:00:00/29-14:40:55,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-14:40:55,9) [mm_percpu_wq] (root,0,0,00:00:00/29-14:40:55,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-14:40:55,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-14:40:55,12) [rcu_tasks_trace] (root,0,0,00:00:53/29-14:40:55,13) [ksoftirqd/0] (root,0,0,01:18:54/29-14:40:55,14) [rcu_preempt] (root,0,0,00:00:11/29-14:40:55,15) [migration/0] (root,0,0,00:00:00/29-14:40:55,16) [idle_inject/0] (root,0,0,00:00:00/29-14:40:55,18) [cpuhp/0] (root,0,0,00:00:00/29-14:40:55,19) [cpuhp/1] (root,0,0,00:00:00/29-14:40:55,20) [idle_inject/1] (root,0,0,00:00:11/29-14:40:55,21) [migration/1] (root,0,0,00:00:46/29-14:40:55,22) [ksoftirqd/1] (root,0,0,00:00:00/29-14:40:55,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-14:40:55,25) [cpuhp/2] (root,0,0,00:00:00/29-14:40:55,26) [idle_inject/2] (root,0,0,00:00:09/29-14:40:55,27) [migration/2] (root,0,0,00:58:16/29-14:40:55,28) [ksoftirqd/2] (root,0,0,00:00:00/29-14:40:55,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-14:40:55,31) [cpuhp/3] (root,0,0,00:00:00/29-14:40:55,32) [idle_inject/3] (root,0,0,00:00:11/29-14:40:55,33) [migration/3] (root,0,0,00:02:40/29-14:40:55,34) [ksoftirqd/3] (root,0,0,00:00:00/29-14:40:55,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-14:40:55,39) [kdevtmpfs] (root,0,0,00:00:00/29-14:40:55,40) [netns] (root,0,0,00:00:00/29-14:40:55,41) [inet_frag_wq] (root,0,0,00:00:06/29-14:40:55,42) [kauditd] (root,0,0,00:00:00/29-14:40:55,43) [khungtaskd] (root,0,0,00:00:00/29-14:40:55,44) [oom_reaper] (root,0,0,00:00:00/29-14:40:55,45) [writeback] (root,0,0,00:01:27/29-14:40:55,46) [kcompactd0] (root,0,0,00:00:00/29-14:40:55,47) [ksmd] (root,0,0,00:01:25/29-14:40:55,48) [khugepaged] (root,0,0,00:00:00/29-14:40:55,74) [kintegrityd] (root,0,0,00:00:00/29-14:40:55,75) [kblockd] (root,0,0,00:00:00/29-14:40:55,76) [blkcg_punt_bio] (root,0,0,00:00:00/29-14:40:55,78) [tpm_dev_wq] (root,0,0,00:00:00/29-14:40:55,79) [edac-poller] (root,0,0,00:00:00/29-14:40:55,80) [devfreq_wq] (root,0,0,00:00:00/29-14:40:55,110) [watchdogd] (root,0,0,00:00:06/29-14:40:55,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/29-14:40:55,112) [kswapd0] (root,0,0,00:00:00/29-14:40:54,114) [kthrotld] (root,0,0,00:00:00/29-14:40:54,115) [mld] (root,0,0,00:00:00/29-14:40:54,116) [ipv6_addrconf] (root,0,0,00:00:12/29-14:40:54,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/29-14:40:54,122) [kstrp] (root,0,0,00:00:00/29-14:40:54,123) [zswap-shrink] (root,0,0,00:00:00/29-14:40:54,124) [kworker/u9:0] (root,0,0,00:00:00/29-14:40:54,129) [charger_manager] (root,0,0,00:00:06/29-14:40:53,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/29-14:40:53,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-14:40:53,205) [kaluad] (root,0,0,00:00:00/29-14:40:53,250) [kmpath_rdacd] (root,0,0,00:00:00/29-14:40:53,293) [kmpathd] (root,0,0,00:00:00/29-14:40:53,294) [kmpath_handlerd] (root,0,0,00:00:00/29-14:40:53,342) [ata_sff] (root,0,0,00:00:00/29-14:40:52,343) [scsi_eh_0] (root,0,0,00:00:00/29-14:40:52,344) [scsi_tmf_0] (root,0,0,00:00:00/29-14:40:52,345) [scsi_eh_1] (root,0,0,00:00:00/29-14:40:52,346) [scsi_tmf_1] (root,0,0,00:00:48/29-14:40:50,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-14:40:50,367) [ext4-rsv-conver] (root,38604,7788,00:00:40/29-14:40:38,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/29-14:40:37,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:44/29-14:40:35,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/29-14:40:01,512) /sbin/auditd (messagebus,22936,5548,00:01:18/29-14:40:01,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:45/29-14:40:01,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/29-14:40:01,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/29-14:40:00,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/29-14:40:00,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/38:20,931) [kworker/3:1-events] (root,548360,31484,00:00:33/29-14:39:46,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/29-14:39:46,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:42/29-14:39:45,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/29-14:39:45,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/29-14:39:45,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/29-14:39:45,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/29-14:39:45,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:38/29-14:39:45,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:02/29-14:39:45,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/29-14:39:45,1206) bpfilter_umh (root,26204,8212,00:00:12/29-14:39:45,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/29-14:39:45,1215) ntpd: asynchronous dns resolver (spot,291676,178832,1-13:01:03/29-14:39:45,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/29-14:39:44,1228) (sd-pam) (checkmk,48532,3192,00:00:00/29-14:39:44,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/29-14:39:44,1245) (sd-pam) (root,24216,5344,00:00:09/29-14:39:43,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/29-14:39:43,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/29-14:39:42,1354) /usr/sbin/cron -n (root,697576,81148,00:38:44/29-14:39:36,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,220608,60500,00:12:54/29-14:39:22,1380) /usr/bin/python3.11 /usr/bin/spot (root,6656,3484,00:00:00/00:00,2461) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,2479) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,2480) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/09:20,3903) [kworker/0:2-events] (root,0,0,00:00:00/01:42:42,3949) [kworker/u8:1-writeback] (root,0,0,00:00:00/01:13:32,4092) [kworker/3:0-events] (root,0,0,00:00:00/08:18,6756) [kworker/1:2-ata_sff] (root,0,0,00:00:00/03:48:02,8802) [kworker/u8:0] (root,0,0,00:00:00/01:28:21,10360) [kworker/2:2-events] (root,0,0,00:00:01/01:20:48,10395) [kworker/2:0-events] (postfix,24244,8204,00:00:00/16:36,14984) pickup -l -t fifo -u (root,35308,10012,00:00:00/23-12:30:38,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:18/23-12:30:37,15391) sshd: cm-ssh (root,35308,10072,00:00:00/13-13:59:16,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:47/13-13:59:15,16977) sshd: syslogtunnel (root,0,0,00:00:02/07:23:28,20264) [kworker/0:1-events] (root,0,0,00:00:01/01:26:07,21615) [kworker/1:1-ata_sff] (root,0,0,00:00:00/03:05,25239) [kworker/1:0-events_freezable_power_] (postfix,44628,9316,00:00:01/23-19:16:23,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-12 01:03 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a32b278dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:08/27-14:42:04,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-14:42:04,2) [kthreadd] (root,0,0,00:00:00/27-14:42:04,3) [rcu_gp] (root,0,0,00:00:00/27-14:42:04,4) [rcu_par_gp] (root,0,0,00:00:00/27-14:42:04,5) [slub_flushwq] (root,0,0,00:00:00/27-14:42:04,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-14:42:04,9) [mm_percpu_wq] (root,0,0,00:00:00/27-14:42:04,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-14:42:04,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-14:42:04,12) [rcu_tasks_trace] (root,0,0,00:00:50/27-14:42:04,13) [ksoftirqd/0] (root,0,0,01:13:45/27-14:42:04,14) [rcu_preempt] (root,0,0,00:00:10/27-14:42:04,15) [migration/0] (root,0,0,00:00:00/27-14:42:04,16) [idle_inject/0] (root,0,0,00:00:00/27-14:42:04,18) [cpuhp/0] (root,0,0,00:00:00/27-14:42:04,19) [cpuhp/1] (root,0,0,00:00:00/27-14:42:04,20) [idle_inject/1] (root,0,0,00:00:10/27-14:42:04,21) [migration/1] (root,0,0,00:00:44/27-14:42:04,22) [ksoftirqd/1] (root,0,0,00:00:00/27-14:42:04,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-14:42:04,25) [cpuhp/2] (root,0,0,00:00:00/27-14:42:04,26) [idle_inject/2] (root,0,0,00:00:08/27-14:42:04,27) [migration/2] (root,0,0,00:55:29/27-14:42:04,28) [ksoftirqd/2] (root,0,0,00:00:00/27-14:42:04,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-14:42:04,31) [cpuhp/3] (root,0,0,00:00:00/27-14:42:04,32) [idle_inject/3] (root,0,0,00:00:10/27-14:42:04,33) [migration/3] (root,0,0,00:02:32/27-14:42:04,34) [ksoftirqd/3] (root,0,0,00:00:00/27-14:42:04,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-14:42:04,39) [kdevtmpfs] (root,0,0,00:00:00/27-14:42:04,40) [netns] (root,0,0,00:00:00/27-14:42:04,41) [inet_frag_wq] (root,0,0,00:00:06/27-14:42:04,42) [kauditd] (root,0,0,00:00:00/27-14:42:04,43) [khungtaskd] (root,0,0,00:00:00/27-14:42:04,44) [oom_reaper] (root,0,0,00:00:00/27-14:42:04,45) [writeback] (root,0,0,00:01:21/27-14:42:04,46) [kcompactd0] (root,0,0,00:00:00/27-14:42:04,47) [ksmd] (root,0,0,00:01:19/27-14:42:04,48) [khugepaged] (root,0,0,00:00:00/27-14:42:04,74) [kintegrityd] (root,0,0,00:00:00/27-14:42:04,75) [kblockd] (root,0,0,00:00:00/27-14:42:04,76) [blkcg_punt_bio] (root,0,0,00:00:00/27-14:42:04,78) [tpm_dev_wq] (root,0,0,00:00:00/27-14:42:04,79) [edac-poller] (root,0,0,00:00:00/27-14:42:04,80) [devfreq_wq] (root,0,0,00:00:00/27-14:42:04,110) [watchdogd] (root,0,0,00:00:05/27-14:42:04,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/27-14:42:04,112) [kswapd0] (root,0,0,00:00:00/27-14:42:03,114) [kthrotld] (root,0,0,00:00:00/27-14:42:03,115) [mld] (root,0,0,00:00:00/27-14:42:03,116) [ipv6_addrconf] (root,0,0,00:00:11/27-14:42:03,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/27-14:42:03,122) [kstrp] (root,0,0,00:00:00/27-14:42:03,123) [zswap-shrink] (root,0,0,00:00:00/27-14:42:03,124) [kworker/u9:0] (root,0,0,00:00:00/27-14:42:03,129) [charger_manager] (root,0,0,00:00:06/27-14:42:02,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/27-14:42:02,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-14:42:02,205) [kaluad] (root,0,0,00:00:00/27-14:42:02,250) [kmpath_rdacd] (root,0,0,00:00:00/27-14:42:02,293) [kmpathd] (root,0,0,00:00:00/27-14:42:02,294) [kmpath_handlerd] (root,0,0,00:00:00/27-14:42:02,342) [ata_sff] (root,0,0,00:00:00/27-14:42:01,343) [scsi_eh_0] (root,0,0,00:00:00/27-14:42:01,344) [scsi_tmf_0] (root,0,0,00:00:00/27-14:42:01,345) [scsi_eh_1] (root,0,0,00:00:00/27-14:42:01,346) [scsi_tmf_1] (root,0,0,00:00:45/27-14:41:59,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-14:41:59,367) [ext4-rsv-conver] (root,38604,7788,00:00:38/27-14:41:47,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/27-14:41:46,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:41/27-14:41:44,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/27-14:41:10,512) /sbin/auditd (messagebus,22936,5548,00:01:14/27-14:41:10,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8520,00:00:43/27-14:41:10,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/27-14:41:10,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/27-14:41:09,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/27-14:41:09,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:31/27-14:40:55,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/27-14:40:55,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:34/27-14:40:54,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/27-14:40:54,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/27-14:40:54,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/27-14:40:54,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/27-14:40:54,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:36/27-14:40:54,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:03:46/27-14:40:54,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/27-14:40:54,1206) bpfilter_umh (root,26204,8212,00:00:11/27-14:40:54,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/27-14:40:54,1215) ntpd: asynchronous dns resolver (spot,289848,176616,1-10:40:49/27-14:40:54,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/27-14:40:53,1228) (sd-pam) (checkmk,48532,3192,00:00:00/27-14:40:53,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/27-14:40:53,1245) (sd-pam) (root,24216,5344,00:00:09/27-14:40:52,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/27-14:40:52,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/27-14:40:51,1354) /usr/sbin/cron -n (root,697064,80568,00:36:08/27-14:40:45,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,219584,58620,00:11:36/27-14:40:31,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/03:55:36,1639) [kworker/3:1-events] (root,0,0,00:00:00/08:55,2230) [kworker/1:0-ata_sff] (postfix,24244,8288,00:00:00/39:46,4237) pickup -l -t fifo -u (root,0,0,00:00:00/07:21,5127) [kworker/0:2] (root,0,0,00:00:00/50:36,7755) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/01:29:11,8451) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/03:44,12518) [kworker/1:2-ata_sff] (root,35308,10012,00:00:00/21-12:31:47,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:11/21-12:31:46,15391) sshd: cm-ssh (root,0,0,00:00:00/34:51,15445) [kworker/1:1-events] (root,0,0,00:00:00/14:49,16162) [kworker/0:1-events] (root,35308,10072,00:00:00/11-14:00:25,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:40/11-14:00:24,16977) sshd: syslogtunnel (root,0,0,00:00:00/23:42,19174) [kworker/u8:1-writeback] (root,0,0,00:00:00/21:56,24768) [kworker/2:0-events] (root,0,0,00:00:00/00:15,27446) [kworker/3:0] (root,0,0,00:00:02/02:04:06,27932) [kworker/2:2-events] (root,6656,3480,00:00:00/00:00,28585) /bin/bash /usr/bin/check_mk_agent (root,13744,3412,00:00:00/00:00,28603) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,28604) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,44628,9316,00:00:00/21-19:17:32,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-10 01:04 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363536008e7Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12816,00:01:04/25-14:28:36,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-14:28:36,2) [kthreadd] (root,0,0,00:00:00/25-14:28:36,3) [rcu_gp] (root,0,0,00:00:00/25-14:28:36,4) [rcu_par_gp] (root,0,0,00:00:00/25-14:28:36,5) [slub_flushwq] (root,0,0,00:00:00/25-14:28:36,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-14:28:36,9) [mm_percpu_wq] (root,0,0,00:00:00/25-14:28:36,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-14:28:36,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-14:28:36,12) [rcu_tasks_trace] (root,0,0,00:00:46/25-14:28:36,13) [ksoftirqd/0] (root,0,0,01:08:26/25-14:28:36,14) [rcu_preempt] (root,0,0,00:00:09/25-14:28:36,15) [migration/0] (root,0,0,00:00:00/25-14:28:36,16) [idle_inject/0] (root,0,0,00:00:00/25-14:28:36,18) [cpuhp/0] (root,0,0,00:00:00/25-14:28:36,19) [cpuhp/1] (root,0,0,00:00:00/25-14:28:36,20) [idle_inject/1] (root,0,0,00:00:10/25-14:28:36,21) [migration/1] (root,0,0,00:00:40/25-14:28:36,22) [ksoftirqd/1] (root,0,0,00:00:00/25-14:28:36,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-14:28:36,25) [cpuhp/2] (root,0,0,00:00:00/25-14:28:36,26) [idle_inject/2] (root,0,0,00:00:08/25-14:28:36,27) [migration/2] (root,0,0,00:52:17/25-14:28:36,28) [ksoftirqd/2] (root,0,0,00:00:00/25-14:28:36,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-14:28:36,31) [cpuhp/3] (root,0,0,00:00:00/25-14:28:36,32) [idle_inject/3] (root,0,0,00:00:09/25-14:28:36,33) [migration/3] (root,0,0,00:02:22/25-14:28:36,34) [ksoftirqd/3] (root,0,0,00:00:00/25-14:28:36,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-14:28:36,39) [kdevtmpfs] (root,0,0,00:00:00/25-14:28:36,40) [netns] (root,0,0,00:00:00/25-14:28:36,41) [inet_frag_wq] (root,0,0,00:00:06/25-14:28:36,42) [kauditd] (root,0,0,00:00:00/25-14:28:36,43) [khungtaskd] (root,0,0,00:00:00/25-14:28:36,44) [oom_reaper] (root,0,0,00:00:00/25-14:28:36,45) [writeback] (root,0,0,00:01:15/25-14:28:36,46) [kcompactd0] (root,0,0,00:00:00/25-14:28:36,47) [ksmd] (root,0,0,00:01:14/25-14:28:36,48) [khugepaged] (root,0,0,00:00:00/25-14:28:36,74) [kintegrityd] (root,0,0,00:00:00/25-14:28:36,75) [kblockd] (root,0,0,00:00:00/25-14:28:36,76) [blkcg_punt_bio] (root,0,0,00:00:00/25-14:28:36,78) [tpm_dev_wq] (root,0,0,00:00:00/25-14:28:36,79) [edac-poller] (root,0,0,00:00:00/25-14:28:36,80) [devfreq_wq] (root,0,0,00:00:00/25-14:28:36,110) [watchdogd] (root,0,0,00:00:05/25-14:28:36,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/25-14:28:36,112) [kswapd0] (root,0,0,00:00:00/25-14:28:35,114) [kthrotld] (root,0,0,00:00:00/25-14:28:35,115) [mld] (root,0,0,00:00:00/25-14:28:35,116) [ipv6_addrconf] (root,0,0,00:00:11/25-14:28:35,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/25-14:28:35,122) [kstrp] (root,0,0,00:00:00/25-14:28:35,123) [zswap-shrink] (root,0,0,00:00:00/25-14:28:35,124) [kworker/u9:0] (root,0,0,00:00:00/25-14:28:35,129) [charger_manager] (root,0,0,00:00:05/25-14:28:34,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/25-14:28:34,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-14:28:34,205) [kaluad] (root,0,0,00:00:00/25-14:28:34,250) [kmpath_rdacd] (root,0,0,00:00:00/25-14:28:34,293) [kmpathd] (root,0,0,00:00:00/25-14:28:34,294) [kmpath_handlerd] (root,0,0,00:00:00/25-14:28:34,342) [ata_sff] (root,0,0,00:00:00/25-14:28:33,343) [scsi_eh_0] (root,0,0,00:00:00/25-14:28:33,344) [scsi_tmf_0] (root,0,0,00:00:00/25-14:28:33,345) [scsi_eh_1] (root,0,0,00:00:00/25-14:28:33,346) [scsi_tmf_1] (root,0,0,00:00:41/25-14:28:31,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-14:28:31,367) [ext4-rsv-conver] (root,38604,7876,00:00:36/25-14:28:19,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:03/25-14:28:18,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:38/25-14:28:16,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:13/25-14:27:42,512) /sbin/auditd (messagebus,22936,5640,00:01:11/25-14:27:42,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:41/25-14:27:42,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/25-14:27:42,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/25-14:27:41,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/25-14:27:41,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,30844,00:00:29/25-14:27:27,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/25-14:27:27,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:22/25-14:27:26,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/25-14:27:26,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/25-14:27:26,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/25-14:27:26,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/25-14:27:26,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:34/25-14:27:26,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:29/25-14:27:26,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/25-14:27:26,1206) bpfilter_umh (root,26204,8300,00:00:11/25-14:27:26,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/25-14:27:26,1215) ntpd: asynchronous dns resolver (spot,301888,188376,1-08:06:26/25-14:27:26,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/25-14:27:25,1228) (sd-pam) (checkmk,48532,3192,00:00:00/25-14:27:25,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/25-14:27:25,1245) (sd-pam) (root,24216,5348,00:00:08/25-14:27:24,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/25-14:27:24,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/25-14:27:23,1354) /usr/sbin/cron -n (root,694116,77808,00:33:30/25-14:27:17,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,218560,57996,00:10:11/25-14:27:03,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/02:52,4602) [kworker/1:1-ata_sff] (root,0,0,00:00:00/33:59,6090) [kworker/1:0-events] (root,0,0,00:00:00/35:42,6321) [kworker/u8:0-writeback] (root,0,0,00:00:00/02:28,6556) [kworker/0:0-events_power_efficient] (root,0,0,00:00:00/01:23:49,14356) [kworker/2:0-events] (root,35308,10012,00:00:00/19-12:18:19,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:05/19-12:18:18,15391) sshd: cm-ssh (root,0,0,00:00:01/01:51:23,16404) [kworker/0:1-events] (root,35308,10072,00:00:00/9-13:46:57,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:33/9-13:46:56,16977) sshd: syslogtunnel (root,0,0,00:00:00/10:20:47,17512) [kworker/u8:2-flush-253:0] (postfix,24244,8240,00:00:00/47:12,17853) pickup -l -t fifo -u (root,0,0,00:00:00/09:15,18061) [kworker/3:0] (root,6656,3488,00:00:00/00:00,18099) /bin/bash /usr/bin/check_mk_agent (root,13744,3372,00:00:00/00:00,18117) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,18118) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:07/07:31:11,21123) [kworker/2:1-events] (root,0,0,00:00:00/08:02,22721) [kworker/1:2-events] (postfix,44628,9372,00:00:00/19-19:04:04,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/15:52,30755) [kworker/3:1-events] (root,0,0,00:00:00/22:33,31934) [kworker/0:2-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-08 00:50 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836346cffb8bFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:01:01/23-14:33:42,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-14:33:42,2) [kthreadd] (root,0,0,00:00:00/23-14:33:42,3) [rcu_gp] (root,0,0,00:00:00/23-14:33:42,4) [rcu_par_gp] (root,0,0,00:00:00/23-14:33:42,5) [slub_flushwq] (root,0,0,00:00:00/23-14:33:42,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-14:33:42,9) [mm_percpu_wq] (root,0,0,00:00:00/23-14:33:42,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-14:33:42,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-14:33:42,12) [rcu_tasks_trace] (root,0,0,00:00:43/23-14:33:42,13) [ksoftirqd/0] (root,0,0,01:02:52/23-14:33:42,14) [rcu_preempt] (root,0,0,00:00:08/23-14:33:42,15) [migration/0] (root,0,0,00:00:00/23-14:33:42,16) [idle_inject/0] (root,0,0,00:00:00/23-14:33:42,18) [cpuhp/0] (root,0,0,00:00:00/23-14:33:42,19) [cpuhp/1] (root,0,0,00:00:00/23-14:33:42,20) [idle_inject/1] (root,0,0,00:00:09/23-14:33:42,21) [migration/1] (root,0,0,00:00:37/23-14:33:42,22) [ksoftirqd/1] (root,0,0,00:00:00/23-14:33:42,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-14:33:42,25) [cpuhp/2] (root,0,0,00:00:00/23-14:33:42,26) [idle_inject/2] (root,0,0,00:00:07/23-14:33:42,27) [migration/2] (root,0,0,00:47:38/23-14:33:42,28) [ksoftirqd/2] (root,0,0,00:00:00/23-14:33:42,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-14:33:42,31) [cpuhp/3] (root,0,0,00:00:00/23-14:33:42,32) [idle_inject/3] (root,0,0,00:00:08/23-14:33:42,33) [migration/3] (root,0,0,00:02:10/23-14:33:42,34) [ksoftirqd/3] (root,0,0,00:00:00/23-14:33:42,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-14:33:42,39) [kdevtmpfs] (root,0,0,00:00:00/23-14:33:42,40) [netns] (root,0,0,00:00:00/23-14:33:42,41) [inet_frag_wq] (root,0,0,00:00:05/23-14:33:42,42) [kauditd] (root,0,0,00:00:00/23-14:33:42,43) [khungtaskd] (root,0,0,00:00:00/23-14:33:42,44) [oom_reaper] (root,0,0,00:00:00/23-14:33:42,45) [writeback] (root,0,0,00:01:09/23-14:33:42,46) [kcompactd0] (root,0,0,00:00:00/23-14:33:42,47) [ksmd] (root,0,0,00:01:08/23-14:33:42,48) [khugepaged] (root,0,0,00:00:00/23-14:33:42,74) [kintegrityd] (root,0,0,00:00:00/23-14:33:42,75) [kblockd] (root,0,0,00:00:00/23-14:33:42,76) [blkcg_punt_bio] (root,0,0,00:00:00/23-14:33:42,78) [tpm_dev_wq] (root,0,0,00:00:00/23-14:33:42,79) [edac-poller] (root,0,0,00:00:00/23-14:33:42,80) [devfreq_wq] (root,0,0,00:00:00/23-14:33:42,110) [watchdogd] (root,0,0,00:00:04/23-14:33:42,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/23-14:33:42,112) [kswapd0] (root,0,0,00:00:00/23-14:33:41,114) [kthrotld] (root,0,0,00:00:00/23-14:33:41,115) [mld] (root,0,0,00:00:00/23-14:33:41,116) [ipv6_addrconf] (root,0,0,00:00:10/23-14:33:41,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/23-14:33:41,122) [kstrp] (root,0,0,00:00:00/23-14:33:41,123) [zswap-shrink] (root,0,0,00:00:00/23-14:33:41,124) [kworker/u9:0] (root,0,0,00:00:00/23-14:33:41,129) [charger_manager] (root,0,0,00:00:05/23-14:33:40,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/23-14:33:40,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-14:33:40,205) [kaluad] (root,0,0,00:00:00/23-14:33:40,250) [kmpath_rdacd] (root,0,0,00:00:00/23-14:33:40,293) [kmpathd] (root,0,0,00:00:00/23-14:33:40,294) [kmpath_handlerd] (root,0,0,00:00:00/23-14:33:40,342) [ata_sff] (root,0,0,00:00:00/23-14:33:39,343) [scsi_eh_0] (root,0,0,00:00:00/23-14:33:39,344) [scsi_tmf_0] (root,0,0,00:00:00/23-14:33:39,345) [scsi_eh_1] (root,0,0,00:00:00/23-14:33:39,346) [scsi_tmf_1] (root,0,0,00:00:37/23-14:33:37,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-14:33:37,367) [ext4-rsv-conver] (root,38604,7876,00:00:34/23-14:33:25,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/23-14:33:24,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:35/23-14:33:22,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:12/23-14:32:48,512) /sbin/auditd (messagebus,22936,5640,00:01:07/23-14:32:48,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:38/23-14:32:48,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/23-14:32:48,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/23-14:32:47,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/23-14:32:47,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,30324,00:00:26/23-14:32:33,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/23-14:32:33,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:09/23-14:32:32,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/23-14:32:32,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/23-14:32:32,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/23-14:32:32,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/23-14:32:32,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:32/23-14:32:32,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:12/23-14:32:32,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/23-14:32:32,1206) bpfilter_umh (root,26204,8300,00:00:10/23-14:32:32,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/23-14:32:32,1215) ntpd: asynchronous dns resolver (spot,285484,172728,1-05:41:00/23-14:32:32,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/23-14:32:31,1228) (sd-pam) (checkmk,48532,3192,00:00:00/23-14:32:31,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/23-14:32:31,1245) (sd-pam) (root,24216,5348,00:00:07/23-14:32:30,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/23-14:32:30,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/23-14:32:29,1354) /usr/sbin/cron -n (root,693860,77156,00:30:48/23-14:32:23,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,55852,00:08:45/23-14:32:09,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/09:35,4265) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/01:15:16,7327) [kworker/0:0-events] (root,0,0,00:00:00/03:24:07,7973) [kworker/0:1-events] (root,0,0,00:00:00/07:54,11498) [kworker/3:1-events] (root,0,0,00:00:00/15:20,13370) [kworker/u8:1-flush-253:0] (root,35308,10012,00:00:00/17-12:23:25,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:58/17-12:23:24,15391) sshd: cm-ssh (postfix,24244,8204,00:00:00/01:14:06,15690) pickup -l -t fifo -u (root,0,0,00:00:00/01:11,15975) [kworker/2:0-events] (root,0,0,00:00:01/05:17:45,16672) [kworker/3:2-events] (root,35308,10072,00:00:00/7-13:52:03,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:26/7-13:52:02,16977) sshd: syslogtunnel (root,0,0,00:00:01/01:22:01,19831) [kworker/2:1-events] (root,0,0,00:00:00/14:30,21438) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/00:22,24035) [kworker/1:0-ata_sff] (root,0,0,00:00:00/10:45,26077) [kworker/1:1-events] (root,0,0,00:00:00/05:32,26329) [kworker/1:2-ata_sff] (root,693860,67828,00:00:00/00:00,28739) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,6656,3484,00:00:00/00:00,28740) /bin/bash /usr/bin/check_mk_agent (root,13744,3524,00:00:00/00:00,28758) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,28759) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,44628,9372,00:00:00/17-19:09:10,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-06 00:55 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683631ff4aee3Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12808,00:00:57/21-14:15:50,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-14:15:50,2) [kthreadd] (root,0,0,00:00:00/21-14:15:50,3) [rcu_gp] (root,0,0,00:00:00/21-14:15:50,4) [rcu_par_gp] (root,0,0,00:00:00/21-14:15:50,5) [slub_flushwq] (root,0,0,00:00:00/21-14:15:50,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-14:15:50,9) [mm_percpu_wq] (root,0,0,00:00:00/21-14:15:50,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-14:15:50,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-14:15:50,12) [rcu_tasks_trace] (root,0,0,00:00:39/21-14:15:50,13) [ksoftirqd/0] (root,0,0,00:57:29/21-14:15:50,14) [rcu_preempt] (root,0,0,00:00:08/21-14:15:50,15) [migration/0] (root,0,0,00:00:00/21-14:15:50,16) [idle_inject/0] (root,0,0,00:00:00/21-14:15:50,18) [cpuhp/0] (root,0,0,00:00:00/21-14:15:50,19) [cpuhp/1] (root,0,0,00:00:00/21-14:15:50,20) [idle_inject/1] (root,0,0,00:00:08/21-14:15:50,21) [migration/1] (root,0,0,00:00:34/21-14:15:50,22) [ksoftirqd/1] (root,0,0,00:00:00/21-14:15:50,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-14:15:50,25) [cpuhp/2] (root,0,0,00:00:00/21-14:15:50,26) [idle_inject/2] (root,0,0,00:00:06/21-14:15:50,27) [migration/2] (root,0,0,00:43:39/21-14:15:50,28) [ksoftirqd/2] (root,0,0,00:00:00/21-14:15:50,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-14:15:50,31) [cpuhp/3] (root,0,0,00:00:00/21-14:15:50,32) [idle_inject/3] (root,0,0,00:00:08/21-14:15:50,33) [migration/3] (root,0,0,00:02:00/21-14:15:50,34) [ksoftirqd/3] (root,0,0,00:00:00/21-14:15:50,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-14:15:50,39) [kdevtmpfs] (root,0,0,00:00:00/21-14:15:50,40) [netns] (root,0,0,00:00:00/21-14:15:50,41) [inet_frag_wq] (root,0,0,00:00:05/21-14:15:50,42) [kauditd] (root,0,0,00:00:00/21-14:15:50,43) [khungtaskd] (root,0,0,00:00:00/21-14:15:50,44) [oom_reaper] (root,0,0,00:00:00/21-14:15:50,45) [writeback] (root,0,0,00:01:03/21-14:15:50,46) [kcompactd0] (root,0,0,00:00:00/21-14:15:50,47) [ksmd] (root,0,0,00:01:02/21-14:15:50,48) [khugepaged] (root,0,0,00:00:00/21-14:15:50,74) [kintegrityd] (root,0,0,00:00:00/21-14:15:50,75) [kblockd] (root,0,0,00:00:00/21-14:15:50,76) [blkcg_punt_bio] (root,0,0,00:00:00/21-14:15:50,78) [tpm_dev_wq] (root,0,0,00:00:00/21-14:15:50,79) [edac-poller] (root,0,0,00:00:00/21-14:15:50,80) [devfreq_wq] (root,0,0,00:00:00/21-14:15:50,110) [watchdogd] (root,0,0,00:00:04/21-14:15:50,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/21-14:15:50,112) [kswapd0] (root,0,0,00:00:00/21-14:15:49,114) [kthrotld] (root,0,0,00:00:00/21-14:15:49,115) [mld] (root,0,0,00:00:00/21-14:15:49,116) [ipv6_addrconf] (root,0,0,00:00:09/21-14:15:49,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/21-14:15:49,122) [kstrp] (root,0,0,00:00:00/21-14:15:49,123) [zswap-shrink] (root,0,0,00:00:00/21-14:15:49,124) [kworker/u9:0] (root,0,0,00:00:00/21-14:15:49,129) [charger_manager] (root,0,0,00:00:04/21-14:15:48,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/21-14:15:48,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-14:15:48,205) [kaluad] (root,0,0,00:00:00/21-14:15:48,250) [kmpath_rdacd] (root,0,0,00:00:00/21-14:15:48,293) [kmpathd] (root,0,0,00:00:00/21-14:15:48,294) [kmpath_handlerd] (root,0,0,00:00:00/21-14:15:48,342) [ata_sff] (root,0,0,00:00:00/21-14:15:47,343) [scsi_eh_0] (root,0,0,00:00:00/21-14:15:47,344) [scsi_tmf_0] (root,0,0,00:00:00/21-14:15:47,345) [scsi_eh_1] (root,0,0,00:00:00/21-14:15:47,346) [scsi_tmf_1] (root,0,0,00:00:33/21-14:15:45,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-14:15:45,367) [ext4-rsv-conver] (root,38604,7876,00:00:31/21-14:15:33,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/21-14:15:32,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:32/21-14:15:30,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:11/21-14:14:56,512) /sbin/auditd (messagebus,22936,5640,00:01:03/21-14:14:56,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:36/21-14:14:56,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/21-14:14:56,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/21-14:14:55,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/21-14:14:55,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29804,00:00:24/21-14:14:41,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/21-14:14:41,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:00/21-14:14:40,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/21-14:14:40,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/21-14:14:40,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/21-14:14:40,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/21-14:14:40,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:30/21-14:14:40,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:02:56/21-14:14:40,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/21-14:14:40,1206) bpfilter_umh (root,26204,8300,00:00:09/21-14:14:40,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/21-14:14:40,1215) ntpd: asynchronous dns resolver (spot,285260,171892,1-03:18:56/21-14:14:40,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/21-14:14:39,1228) (sd-pam) (checkmk,48532,3192,00:00:00/21-14:14:39,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/21-14:14:39,1245) (sd-pam) (root,24216,5348,00:00:07/21-14:14:38,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/21-14:14:38,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/21-14:14:37,1354) /usr/sbin/cron -n (root,693604,76796,00:28:06/21-14:14:31,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,216512,54956,00:07:24/21-14:14:17,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:03/02:56:33,1511) [kworker/2:0-events] (root,0,0,00:00:00/37:57,1699) [kworker/u8:1] (root,0,0,00:00:01/01:29:16,3242) [kworker/1:2-events] (root,0,0,00:00:00/06:17,3293) [kworker/1:0-ata_sff] (root,0,0,00:00:00/54:34,3967) [kworker/0:1-events] (postfix,24244,8180,00:00:00/01:18:08,7480) pickup -l -t fifo -u (root,0,0,00:00:00/29:04,8023) [kworker/3:0] (root,0,0,00:00:00/03:35,10807) [kworker/u8:0-writeback] (root,0,0,00:00:00/13:23,11474) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:06,11710) [kworker/1:1-ata_sff] (root,35308,10012,00:00:00/15-12:05:33,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:51/15-12:05:32,15391) sshd: cm-ssh (root,0,0,00:00:00/35:26,15465) [kworker/2:2-events] (root,6656,3480,00:00:00/00:00,16332) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,16350) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,16351) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10072,00:00:00/5-13:34:11,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:19/5-13:34:10,16977) sshd: syslogtunnel (root,0,0,00:00:00/10:01,20907) [kworker/0:2] (root,0,0,00:00:02/08:47:07,30433) [kworker/3:1-events] (postfix,44628,9372,00:00:00/15-18:51:18,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-04 00:38 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836396f2b76fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12828,00:00:53/19-14:51:47,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-14:51:47,2) [kthreadd] (root,0,0,00:00:00/19-14:51:47,3) [rcu_gp] (root,0,0,00:00:00/19-14:51:47,4) [rcu_par_gp] (root,0,0,00:00:00/19-14:51:47,5) [slub_flushwq] (root,0,0,00:00:00/19-14:51:47,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-14:51:47,9) [mm_percpu_wq] (root,0,0,00:00:00/19-14:51:47,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-14:51:47,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-14:51:47,12) [rcu_tasks_trace] (root,0,0,00:00:36/19-14:51:47,13) [ksoftirqd/0] (root,0,0,00:52:18/19-14:51:47,14) [rcu_preempt] (root,0,0,00:00:07/19-14:51:47,15) [migration/0] (root,0,0,00:00:00/19-14:51:47,16) [idle_inject/0] (root,0,0,00:00:00/19-14:51:47,18) [cpuhp/0] (root,0,0,00:00:00/19-14:51:47,19) [cpuhp/1] (root,0,0,00:00:00/19-14:51:47,20) [idle_inject/1] (root,0,0,00:00:07/19-14:51:47,21) [migration/1] (root,0,0,00:00:31/19-14:51:47,22) [ksoftirqd/1] (root,0,0,00:00:00/19-14:51:47,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-14:51:47,25) [cpuhp/2] (root,0,0,00:00:00/19-14:51:47,26) [idle_inject/2] (root,0,0,00:00:06/19-14:51:47,27) [migration/2] (root,0,0,00:39:08/19-14:51:47,28) [ksoftirqd/2] (root,0,0,00:00:00/19-14:51:47,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-14:51:47,31) [cpuhp/3] (root,0,0,00:00:00/19-14:51:47,32) [idle_inject/3] (root,0,0,00:00:07/19-14:51:47,33) [migration/3] (root,0,0,00:01:49/19-14:51:47,34) [ksoftirqd/3] (root,0,0,00:00:00/19-14:51:47,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-14:51:47,39) [kdevtmpfs] (root,0,0,00:00:00/19-14:51:47,40) [netns] (root,0,0,00:00:00/19-14:51:47,41) [inet_frag_wq] (root,0,0,00:00:05/19-14:51:47,42) [kauditd] (root,0,0,00:00:00/19-14:51:47,43) [khungtaskd] (root,0,0,00:00:00/19-14:51:47,44) [oom_reaper] (root,0,0,00:00:00/19-14:51:47,45) [writeback] (root,0,0,00:00:57/19-14:51:47,46) [kcompactd0] (root,0,0,00:00:00/19-14:51:47,47) [ksmd] (root,0,0,00:00:57/19-14:51:47,48) [khugepaged] (root,0,0,00:00:00/19-14:51:47,74) [kintegrityd] (root,0,0,00:00:00/19-14:51:47,75) [kblockd] (root,0,0,00:00:00/19-14:51:47,76) [blkcg_punt_bio] (root,0,0,00:00:00/19-14:51:47,78) [tpm_dev_wq] (root,0,0,00:00:00/19-14:51:47,79) [edac-poller] (root,0,0,00:00:00/19-14:51:47,80) [devfreq_wq] (root,0,0,00:00:00/19-14:51:47,110) [watchdogd] (root,0,0,00:00:03/19-14:51:47,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/19-14:51:47,112) [kswapd0] (root,0,0,00:00:00/19-14:51:46,114) [kthrotld] (root,0,0,00:00:00/19-14:51:46,115) [mld] (root,0,0,00:00:00/19-14:51:46,116) [ipv6_addrconf] (root,0,0,00:00:08/19-14:51:46,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/19-14:51:46,122) [kstrp] (root,0,0,00:00:00/19-14:51:46,123) [zswap-shrink] (root,0,0,00:00:00/19-14:51:46,124) [kworker/u9:0] (root,0,0,00:00:00/19-14:51:46,129) [charger_manager] (root,0,0,00:00:04/19-14:51:45,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/19-14:51:45,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-14:51:45,205) [kaluad] (root,0,0,00:00:00/19-14:51:45,250) [kmpath_rdacd] (root,0,0,00:00:00/19-14:51:45,293) [kmpathd] (root,0,0,00:00:00/19-14:51:45,294) [kmpath_handlerd] (root,0,0,00:00:00/19-14:51:45,342) [ata_sff] (root,0,0,00:00:00/19-14:51:44,343) [scsi_eh_0] (root,0,0,00:00:00/19-14:51:44,344) [scsi_tmf_0] (root,0,0,00:00:00/19-14:51:44,345) [scsi_eh_1] (root,0,0,00:00:00/19-14:51:44,346) [scsi_tmf_1] (root,0,0,00:00:29/19-14:51:42,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-14:51:42,367) [ext4-rsv-conver] (root,38604,7876,00:00:29/19-14:51:30,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/19-14:51:29,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:29/19-14:51:27,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:11/19-14:50:53,512) /sbin/auditd (messagebus,22936,5672,00:00:58/19-14:50:53,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:33/19-14:50:53,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/19-14:50:53,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/19-14:50:52,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/19-14:50:52,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29812,00:00:22/19-14:50:38,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/19-14:50:38,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:49/19-14:50:37,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/19-14:50:37,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/19-14:50:37,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/19-14:50:37,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/19-14:50:37,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:28/19-14:50:37,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:40/19-14:50:37,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/19-14:50:37,1206) bpfilter_umh (root,26204,8300,00:00:09/19-14:50:37,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/19-14:50:37,1215) ntpd: asynchronous dns resolver (spot,284604,171728,1-01:05:39/19-14:50:37,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/19-14:50:36,1228) (sd-pam) (checkmk,48532,3192,00:00:00/19-14:50:36,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/19-14:50:36,1245) (sd-pam) (root,24216,5348,00:00:06/19-14:50:35,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/19-14:50:35,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/19-14:50:34,1354) /usr/sbin/cron -n (root,692836,75756,00:25:29/19-14:50:28,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,215488,53056,00:06:35/19-14:50:14,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/06:53:11,3898) [kworker/3:2-events] (root,0,0,00:00:00/01:53:25,4121) [kworker/u8:0-ext4-rsv-conversion] (postfix,24244,8224,00:00:00/34:58,8017) pickup -l -t fifo -u (root,0,0,00:00:00/12:32,12709) [kworker/2:1-events] (root,0,0,00:00:00/01:02,14635) [kworker/1:0-ata_sff] (root,35308,10012,00:00:00/13-12:41:30,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:45/13-12:41:29,15391) sshd: cm-ssh (root,6656,3492,00:00:00/00:00,16612) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,16641) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,16669) /bin/bash /usr/bin/check_mk_agent (root,13744,3392,00:00:00/00:00,16676) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,16677) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10072,00:00:00/3-14:10:08,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:12/3-14:10:07,16977) sshd: syslogtunnel (root,0,0,00:00:00/43:55,20923) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/01:20:52,22032) [kworker/3:0-cgroup_destroy] (root,0,0,00:00:00/01:08:23,22794) [kworker/0:1] (root,0,0,00:00:01/01:20:40,23007) [kworker/2:2-events] (root,0,0,00:00:01/01:44:48,24029) [kworker/1:2-ata_sff] (root,0,0,00:00:01/03:17:49,26126) [kworker/0:2-events] (postfix,44628,9416,00:00:00/13-19:27:15,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/06:13,31451) [kworker/1:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-02 01:13 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633a5b8206Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:49/17-14:21:13,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-14:21:13,2) [kthreadd] (root,0,0,00:00:00/17-14:21:13,3) [rcu_gp] (root,0,0,00:00:00/17-14:21:13,4) [rcu_par_gp] (root,0,0,00:00:00/17-14:21:13,5) [slub_flushwq] (root,0,0,00:00:00/17-14:21:13,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-14:21:13,9) [mm_percpu_wq] (root,0,0,00:00:00/17-14:21:13,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-14:21:13,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-14:21:13,12) [rcu_tasks_trace] (root,0,0,00:00:33/17-14:21:13,13) [ksoftirqd/0] (root,0,0,00:47:08/17-14:21:13,14) [rcu_preempt] (root,0,0,00:00:06/17-14:21:13,15) [migration/0] (root,0,0,00:00:00/17-14:21:13,16) [idle_inject/0] (root,0,0,00:00:00/17-14:21:13,18) [cpuhp/0] (root,0,0,00:00:00/17-14:21:13,19) [cpuhp/1] (root,0,0,00:00:00/17-14:21:13,20) [idle_inject/1] (root,0,0,00:00:07/17-14:21:13,21) [migration/1] (root,0,0,00:00:28/17-14:21:13,22) [ksoftirqd/1] (root,0,0,00:00:00/17-14:21:13,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-14:21:13,25) [cpuhp/2] (root,0,0,00:00:00/17-14:21:13,26) [idle_inject/2] (root,0,0,00:00:05/17-14:21:13,27) [migration/2] (root,0,0,00:35:57/17-14:21:13,28) [ksoftirqd/2] (root,0,0,00:00:00/17-14:21:13,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-14:21:13,31) [cpuhp/3] (root,0,0,00:00:00/17-14:21:13,32) [idle_inject/3] (root,0,0,00:00:06/17-14:21:13,33) [migration/3] (root,0,0,00:01:40/17-14:21:13,34) [ksoftirqd/3] (root,0,0,00:00:00/17-14:21:13,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-14:21:13,39) [kdevtmpfs] (root,0,0,00:00:00/17-14:21:13,40) [netns] (root,0,0,00:00:00/17-14:21:13,41) [inet_frag_wq] (root,0,0,00:00:04/17-14:21:13,42) [kauditd] (root,0,0,00:00:00/17-14:21:13,43) [khungtaskd] (root,0,0,00:00:00/17-14:21:13,44) [oom_reaper] (root,0,0,00:00:00/17-14:21:13,45) [writeback] (root,0,0,00:00:51/17-14:21:13,46) [kcompactd0] (root,0,0,00:00:00/17-14:21:13,47) [ksmd] (root,0,0,00:00:51/17-14:21:13,48) [khugepaged] (root,0,0,00:00:00/17-14:21:13,74) [kintegrityd] (root,0,0,00:00:00/17-14:21:13,75) [kblockd] (root,0,0,00:00:00/17-14:21:13,76) [blkcg_punt_bio] (root,0,0,00:00:00/17-14:21:13,78) [tpm_dev_wq] (root,0,0,00:00:00/17-14:21:13,79) [edac-poller] (root,0,0,00:00:00/17-14:21:13,80) [devfreq_wq] (root,0,0,00:00:00/17-14:21:13,110) [watchdogd] (root,0,0,00:00:03/17-14:21:13,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/17-14:21:13,112) [kswapd0] (root,0,0,00:00:00/17-14:21:12,114) [kthrotld] (root,0,0,00:00:00/17-14:21:12,115) [mld] (root,0,0,00:00:00/17-14:21:12,116) [ipv6_addrconf] (root,0,0,00:00:07/17-14:21:12,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/17-14:21:12,122) [kstrp] (root,0,0,00:00:00/17-14:21:12,123) [zswap-shrink] (root,0,0,00:00:00/17-14:21:12,124) [kworker/u9:0] (root,0,0,00:00:00/17-14:21:12,129) [charger_manager] (root,0,0,00:00:03/17-14:21:11,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/17-14:21:11,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-14:21:11,205) [kaluad] (root,0,0,00:00:00/17-14:21:11,250) [kmpath_rdacd] (root,0,0,00:00:00/17-14:21:11,293) [kmpathd] (root,0,0,00:00:00/17-14:21:11,294) [kmpath_handlerd] (root,0,0,00:00:00/17-14:21:11,342) [ata_sff] (root,0,0,00:00:00/17-14:21:10,343) [scsi_eh_0] (root,0,0,00:00:00/17-14:21:10,344) [scsi_tmf_0] (root,0,0,00:00:00/17-14:21:10,345) [scsi_eh_1] (root,0,0,00:00:00/17-14:21:10,346) [scsi_tmf_1] (root,0,0,00:00:26/17-14:21:08,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-14:21:08,367) [ext4-rsv-conver] (root,38604,7876,00:00:27/17-14:20:56,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/17-14:20:55,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:26/17-14:20:53,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:10/17-14:20:19,512) /sbin/auditd (messagebus,22936,5672,00:00:54/17-14:20:19,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:31/17-14:20:19,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/17-14:20:19,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/17-14:20:18,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/17-14:20:18,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,29016,00:00:19/17-14:20:04,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/17-14:20:04,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:38/17-14:20:03,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/17-14:20:03,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/17-14:20:03,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/17-14:20:03,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/17-14:20:03,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:26/17-14:20:03,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:23/17-14:20:03,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/17-14:20:03,1206) bpfilter_umh (root,26204,8300,00:00:08/17-14:20:03,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/17-14:20:03,1215) ntpd: asynchronous dns resolver (spot,284636,171736,23:08:01/17-14:20:03,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/17-14:20:02,1228) (sd-pam) (checkmk,48532,3192,00:00:00/17-14:20:02,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/17-14:20:02,1245) (sd-pam) (root,24216,5348,00:00:05/17-14:20:01,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/17-14:20:01,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/17-14:20:00,1354) /usr/sbin/cron -n (root,692236,75412,00:22:51/17-14:19:54,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,214464,51284,00:05:53/17-14:19:40,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:38,1406) [kworker/1:1-ata_sff] (root,0,0,00:00:00/01:47:25,6422) [kworker/0:2-events] (root,6656,3480,00:00:00/00:00,11885) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,11903) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,11904) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/39:46,14661) [kworker/2:2-events] (root,35308,10012,00:00:00/11-12:10:56,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:38/11-12:10:55,15391) sshd: cm-ssh (root,35308,10072,00:00:00/1-13:39:34,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:05/1-13:39:33,16977) sshd: syslogtunnel (postfix,24244,8200,00:00:00/26:16,18919) pickup -l -t fifo -u (root,0,0,00:00:00/58:17,22787) [kworker/3:0-events] (root,0,0,00:00:02/05:22:32,24312) [kworker/0:0-events] (root,0,0,00:00:00/57:51,26541) [kworker/u8:2-writeback] (root,0,0,00:00:00/48:18,28099) [kworker/1:0-events] (root,0,0,00:00:00/08:26:19,28658) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/06:48,30079) [kworker/1:2-ata_sff] (postfix,44628,9416,00:00:00/11-18:56:41,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/33:26,32239) [kworker/2:1] (root,0,0,00:00:01/04:08:22,32305) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-30 00:43 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363dbc24185Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:45/15-14:21:07,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-14:21:07,2) [kthreadd] (root,0,0,00:00:00/15-14:21:07,3) [rcu_gp] (root,0,0,00:00:00/15-14:21:07,4) [rcu_par_gp] (root,0,0,00:00:00/15-14:21:07,5) [slub_flushwq] (root,0,0,00:00:00/15-14:21:07,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-14:21:07,9) [mm_percpu_wq] (root,0,0,00:00:00/15-14:21:07,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-14:21:07,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-14:21:07,12) [rcu_tasks_trace] (root,0,0,00:00:29/15-14:21:07,13) [ksoftirqd/0] (root,0,0,00:41:53/15-14:21:07,14) [rcu_preempt] (root,0,0,00:00:05/15-14:21:07,15) [migration/0] (root,0,0,00:00:00/15-14:21:07,16) [idle_inject/0] (root,0,0,00:00:00/15-14:21:07,18) [cpuhp/0] (root,0,0,00:00:00/15-14:21:07,19) [cpuhp/1] (root,0,0,00:00:00/15-14:21:07,20) [idle_inject/1] (root,0,0,00:00:06/15-14:21:07,21) [migration/1] (root,0,0,00:00:25/15-14:21:07,22) [ksoftirqd/1] (root,0,0,00:00:00/15-14:21:07,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-14:21:07,25) [cpuhp/2] (root,0,0,00:00:00/15-14:21:07,26) [idle_inject/2] (root,0,0,00:00:05/15-14:21:07,27) [migration/2] (root,0,0,00:32:24/15-14:21:07,28) [ksoftirqd/2] (root,0,0,00:00:00/15-14:21:07,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-14:21:07,31) [cpuhp/3] (root,0,0,00:00:00/15-14:21:07,32) [idle_inject/3] (root,0,0,00:00:05/15-14:21:07,33) [migration/3] (root,0,0,00:01:30/15-14:21:07,34) [ksoftirqd/3] (root,0,0,00:00:00/15-14:21:07,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-14:21:07,39) [kdevtmpfs] (root,0,0,00:00:00/15-14:21:07,40) [netns] (root,0,0,00:00:00/15-14:21:07,41) [inet_frag_wq] (root,0,0,00:00:04/15-14:21:07,42) [kauditd] (root,0,0,00:00:00/15-14:21:07,43) [khungtaskd] (root,0,0,00:00:00/15-14:21:07,44) [oom_reaper] (root,0,0,00:00:00/15-14:21:07,45) [writeback] (root,0,0,00:00:46/15-14:21:07,46) [kcompactd0] (root,0,0,00:00:00/15-14:21:07,47) [ksmd] (root,0,0,00:00:46/15-14:21:07,48) [khugepaged] (root,0,0,00:00:00/15-14:21:07,74) [kintegrityd] (root,0,0,00:00:00/15-14:21:07,75) [kblockd] (root,0,0,00:00:00/15-14:21:07,76) [blkcg_punt_bio] (root,0,0,00:00:00/15-14:21:07,78) [tpm_dev_wq] (root,0,0,00:00:00/15-14:21:07,79) [edac-poller] (root,0,0,00:00:00/15-14:21:07,80) [devfreq_wq] (root,0,0,00:00:00/15-14:21:07,110) [watchdogd] (root,0,0,00:00:03/15-14:21:07,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/15-14:21:07,112) [kswapd0] (root,0,0,00:00:00/15-14:21:06,114) [kthrotld] (root,0,0,00:00:00/15-14:21:06,115) [mld] (root,0,0,00:00:00/15-14:21:06,116) [ipv6_addrconf] (root,0,0,00:00:06/15-14:21:06,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/15-14:21:06,122) [kstrp] (root,0,0,00:00:00/15-14:21:06,123) [zswap-shrink] (root,0,0,00:00:00/15-14:21:06,124) [kworker/u9:0] (root,0,0,00:00:00/15-14:21:06,129) [charger_manager] (root,0,0,00:00:03/15-14:21:05,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/15-14:21:05,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-14:21:05,205) [kaluad] (root,0,0,00:00:00/15-14:21:05,250) [kmpath_rdacd] (root,0,0,00:00:00/15-14:21:05,293) [kmpathd] (root,0,0,00:00:00/15-14:21:05,294) [kmpath_handlerd] (root,0,0,00:00:00/15-14:21:05,342) [ata_sff] (root,0,0,00:00:00/15-14:21:04,343) [scsi_eh_0] (root,0,0,00:00:00/15-14:21:04,344) [scsi_tmf_0] (root,0,0,00:00:00/15-14:21:04,345) [scsi_eh_1] (root,0,0,00:00:00/15-14:21:04,346) [scsi_tmf_1] (root,0,0,00:00:23/15-14:21:02,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-14:21:02,367) [ext4-rsv-conver] (root,38604,7876,00:00:24/15-14:20:50,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/15-14:20:49,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:23/15-14:20:47,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:09/15-14:20:13,512) /sbin/auditd (messagebus,22936,5672,00:00:49/15-14:20:13,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:28/15-14:20:13,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/15-14:20:13,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/15-14:20:12,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/15-14:20:12,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27976,00:00:17/15-14:19:58,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/15-14:19:58,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:25/15-14:19:57,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/15-14:19:57,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/15-14:19:57,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/15-14:19:57,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/15-14:19:57,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:24/15-14:19:57,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:06/15-14:19:57,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/15-14:19:57,1206) bpfilter_umh (root,26204,8300,00:00:07/15-14:19:57,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/15-14:19:57,1215) ntpd: asynchronous dns resolver (spot,285204,171320,20:58:58/15-14:19:57,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/15-14:19:56,1228) (sd-pam) (checkmk,48532,3192,00:00:00/15-14:19:56,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/15-14:19:56,1245) (sd-pam) (root,24216,5348,00:00:05/15-14:19:55,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/15-14:19:55,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/15-14:19:54,1354) /usr/sbin/cron -n (root,691980,74872,00:20:12/15-14:19:48,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,213440,49188,00:05:10/15-14:19:34,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/00:20,3117) [kworker/2:1] (root,6656,3480,00:00:00/00:00,3761) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,3779) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,3780) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8144,00:00:00/48:15,7227) pickup -l -t fifo -u (root,0,0,00:00:00/05:58,8654) [kworker/0:2] (root,35308,10012,00:00:00/8-06:16:01,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:29/8-06:16:01,8749) sshd: syslogtunnel (root,0,0,00:00:00/01:13:25,10498) [kworker/3:0-events] (root,0,0,00:00:02/01:36:03,10640) [kworker/2:2-events] (root,0,0,00:00:00/23:14,13513) [kworker/u8:1-writeback] (root,0,0,00:00:00/10:02,14782) [kworker/1:2-ata_sff] (root,0,0,00:00:00/04:50,15040) [kworker/1:0-ata_sff] (root,0,0,00:00:00/22:49,15321) [kworker/3:1-cgroup_destroy] (root,35308,10012,00:00:00/9-12:10:50,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:31/9-12:10:49,15391) sshd: cm-ssh (root,0,0,00:00:01/01:12:18,16028) [kworker/1:1-events] (root,0,0,00:00:00/34:09,25460) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/01:47:13,26890) [kworker/0:1-events] (postfix,44628,9416,00:00:00/9-18:56:35,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:42:24,30764) [kworker/u8:2-ext4-rsv-conversion] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-28 00:43 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836386c26881Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:35/11-12:59:11,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-12:59:11,2) [kthreadd] (root,0,0,00:00:00/11-12:59:11,3) [rcu_gp] (root,0,0,00:00:00/11-12:59:11,4) [rcu_par_gp] (root,0,0,00:00:00/11-12:59:11,5) [slub_flushwq] (root,0,0,00:00:00/11-12:59:11,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-12:59:11,9) [mm_percpu_wq] (root,0,0,00:00:00/11-12:59:11,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-12:59:11,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-12:59:11,12) [rcu_tasks_trace] (root,0,0,00:00:20/11-12:59:11,13) [ksoftirqd/0] (root,0,0,00:30:43/11-12:59:11,14) [rcu_preempt] (root,0,0,00:00:04/11-12:59:11,15) [migration/0] (root,0,0,00:00:00/11-12:59:11,16) [idle_inject/0] (root,0,0,00:00:00/11-12:59:11,18) [cpuhp/0] (root,0,0,00:00:00/11-12:59:11,19) [cpuhp/1] (root,0,0,00:00:00/11-12:59:11,20) [idle_inject/1] (root,0,0,00:00:04/11-12:59:11,21) [migration/1] (root,0,0,00:00:17/11-12:59:11,22) [ksoftirqd/1] (root,0,0,00:00:00/11-12:59:11,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-12:59:11,25) [cpuhp/2] (root,0,0,00:00:00/11-12:59:11,26) [idle_inject/2] (root,0,0,00:00:03/11-12:59:11,27) [migration/2] (root,0,0,00:24:11/11-12:59:11,28) [ksoftirqd/2] (root,0,0,00:00:00/11-12:59:11,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-12:59:11,31) [cpuhp/3] (root,0,0,00:00:00/11-12:59:11,32) [idle_inject/3] (root,0,0,00:00:04/11-12:59:11,33) [migration/3] (root,0,0,00:01:05/11-12:59:11,34) [ksoftirqd/3] (root,0,0,00:00:00/11-12:59:11,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-12:59:11,39) [kdevtmpfs] (root,0,0,00:00:00/11-12:59:11,40) [netns] (root,0,0,00:00:00/11-12:59:11,41) [inet_frag_wq] (root,0,0,00:00:03/11-12:59:11,42) [kauditd] (root,0,0,00:00:00/11-12:59:11,43) [khungtaskd] (root,0,0,00:00:00/11-12:59:11,44) [oom_reaper] (root,0,0,00:00:00/11-12:59:11,45) [writeback] (root,0,0,00:00:33/11-12:59:11,46) [kcompactd0] (root,0,0,00:00:00/11-12:59:11,47) [ksmd] (root,0,0,00:00:34/11-12:59:11,48) [khugepaged] (root,0,0,00:00:00/11-12:59:11,74) [kintegrityd] (root,0,0,00:00:00/11-12:59:11,75) [kblockd] (root,0,0,00:00:00/11-12:59:11,76) [blkcg_punt_bio] (root,0,0,00:00:00/11-12:59:11,78) [tpm_dev_wq] (root,0,0,00:00:00/11-12:59:11,79) [edac-poller] (root,0,0,00:00:00/11-12:59:11,80) [devfreq_wq] (root,0,0,00:00:00/11-12:59:11,110) [watchdogd] (root,0,0,00:00:02/11-12:59:11,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-12:59:11,112) [kswapd0] (root,0,0,00:00:00/11-12:59:10,114) [kthrotld] (root,0,0,00:00:00/11-12:59:10,115) [mld] (root,0,0,00:00:00/11-12:59:10,116) [ipv6_addrconf] (root,0,0,00:00:04/11-12:59:10,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/11-12:59:10,122) [kstrp] (root,0,0,00:00:00/11-12:59:10,123) [zswap-shrink] (root,0,0,00:00:00/11-12:59:10,124) [kworker/u9:0] (root,0,0,00:00:00/11-12:59:10,129) [charger_manager] (root,0,0,00:00:02/11-12:59:09,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/11-12:59:09,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-12:59:09,205) [kaluad] (root,0,0,00:00:00/11-12:59:09,250) [kmpath_rdacd] (root,0,0,00:00:00/11-12:59:09,293) [kmpathd] (root,0,0,00:00:00/11-12:59:09,294) [kmpath_handlerd] (root,0,0,00:00:00/11-12:59:09,342) [ata_sff] (root,0,0,00:00:00/11-12:59:08,343) [scsi_eh_0] (root,0,0,00:00:00/11-12:59:08,344) [scsi_tmf_0] (root,0,0,00:00:00/11-12:59:08,345) [scsi_eh_1] (root,0,0,00:00:00/11-12:59:08,346) [scsi_tmf_1] (root,0,0,00:00:17/11-12:59:06,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-12:59:06,367) [ext4-rsv-conver] (root,38604,7900,00:00:19/11-12:58:54,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/11-12:58:53,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:17/11-12:58:51,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:07/11-12:58:17,512) /sbin/auditd (messagebus,22936,5672,00:00:39/11-12:58:17,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8548,00:00:22/11-12:58:17,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/11-12:58:17,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/11-12:58:16,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/11-12:58:16,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27724,00:00:13/11-12:58:02,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/11-12:58:02,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:00/11-12:58:01,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/11-12:58:01,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/11-12:58:01,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/11-12:58:01,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/11-12:58:01,1201) /usr/lib/systemd/systemd --user (root,448968,9084,00:00:18/11-12:58:01,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:32/11-12:58:01,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/11-12:58:01,1206) bpfilter_umh (root,26204,8300,00:00:06/11-12:58:01,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/11-12:58:01,1215) ntpd: asynchronous dns resolver (spot,285300,171268,14:18:41/11-12:58:01,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/11-12:58:00,1228) (sd-pam) (checkmk,48532,3192,00:00:00/11-12:58:00,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/11-12:58:00,1245) (sd-pam) (root,24216,5348,00:00:03/11-12:57:59,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/11-12:57:59,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/11-12:57:58,1354) /usr/sbin/cron -n (root,691724,74148,00:14:51/11-12:57:52,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,211392,46608,00:03:46/11-12:57:38,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/10:21:20,4619) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/01:02:27,6242) [kworker/3:1] (postfix,24244,8200,00:00:00/08:53,7853) pickup -l -t fifo -u (root,35308,10012,00:00:00/4-04:54:05,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:15/4-04:54:05,8749) sshd: syslogtunnel (root,0,0,00:00:00/01:31:06,9247) [kworker/0:1-events] (root,0,0,00:00:00/00:14,10561) [kworker/1:2-ata_sff] (root,0,0,00:00:00/29:40,11036) [kworker/2:1-events] (root,6656,3492,00:00:00/00:00,11438) /bin/bash /usr/bin/check_mk_agent (root,13744,3460,00:00:00/00:00,11456) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,11457) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10012,00:00:00/5-10:48:54,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:18/5-10:48:53,15391) sshd: cm-ssh (root,0,0,00:00:00/02:24:24,16718) [kworker/2:2-events] (root,0,0,00:00:00/05:27,18508) [kworker/1:0-ata_sff] (root,0,0,00:00:00/02:03:30,18633) [kworker/3:2-events] (root,0,0,00:00:02/03:07:01,21671) [kworker/1:1-events] (root,0,0,00:00:00/02:47,27030) [kworker/2:0-events] (root,0,0,00:00:00/33:48,30297) [kworker/0:2-events] (postfix,44628,9464,00:00:00/5-17:34:39,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:40:17,31970) [kworker/u8:2-writeback] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-23 23:21 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c96f77e6Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:30/9-13:28:54,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-13:28:54,2) [kthreadd] (root,0,0,00:00:00/9-13:28:54,3) [rcu_gp] (root,0,0,00:00:00/9-13:28:54,4) [rcu_par_gp] (root,0,0,00:00:00/9-13:28:54,5) [slub_flushwq] (root,0,0,00:00:00/9-13:28:54,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-13:28:54,9) [mm_percpu_wq] (root,0,0,00:00:00/9-13:28:54,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-13:28:54,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-13:28:54,12) [rcu_tasks_trace] (root,0,0,00:00:16/9-13:28:54,13) [ksoftirqd/0] (root,0,0,00:25:18/9-13:28:54,14) [rcu_preempt] (root,0,0,00:00:03/9-13:28:54,15) [migration/0] (root,0,0,00:00:00/9-13:28:54,16) [idle_inject/0] (root,0,0,00:00:00/9-13:28:54,18) [cpuhp/0] (root,0,0,00:00:00/9-13:28:54,19) [cpuhp/1] (root,0,0,00:00:00/9-13:28:54,20) [idle_inject/1] (root,0,0,00:00:03/9-13:28:54,21) [migration/1] (root,0,0,00:00:14/9-13:28:54,22) [ksoftirqd/1] (root,0,0,00:00:00/9-13:28:54,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-13:28:54,25) [cpuhp/2] (root,0,0,00:00:00/9-13:28:54,26) [idle_inject/2] (root,0,0,00:00:03/9-13:28:54,27) [migration/2] (root,0,0,00:20:19/9-13:28:54,28) [ksoftirqd/2] (root,0,0,00:00:00/9-13:28:54,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-13:28:54,31) [cpuhp/3] (root,0,0,00:00:00/9-13:28:54,32) [idle_inject/3] (root,0,0,00:00:03/9-13:28:54,33) [migration/3] (root,0,0,00:00:54/9-13:28:54,34) [ksoftirqd/3] (root,0,0,00:00:00/9-13:28:54,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-13:28:54,39) [kdevtmpfs] (root,0,0,00:00:00/9-13:28:54,40) [netns] (root,0,0,00:00:00/9-13:28:54,41) [inet_frag_wq] (root,0,0,00:00:03/9-13:28:54,42) [kauditd] (root,0,0,00:00:00/9-13:28:54,43) [khungtaskd] (root,0,0,00:00:00/9-13:28:54,44) [oom_reaper] (root,0,0,00:00:00/9-13:28:54,45) [writeback] (root,0,0,00:00:27/9-13:28:54,46) [kcompactd0] (root,0,0,00:00:00/9-13:28:54,47) [ksmd] (root,0,0,00:00:29/9-13:28:54,48) [khugepaged] (root,0,0,00:00:00/9-13:28:54,74) [kintegrityd] (root,0,0,00:00:00/9-13:28:54,75) [kblockd] (root,0,0,00:00:00/9-13:28:54,76) [blkcg_punt_bio] (root,0,0,00:00:00/9-13:28:54,78) [tpm_dev_wq] (root,0,0,00:00:00/9-13:28:54,79) [edac-poller] (root,0,0,00:00:00/9-13:28:54,80) [devfreq_wq] (root,0,0,00:00:00/9-13:28:54,110) [watchdogd] (root,0,0,00:00:01/9-13:28:54,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-13:28:54,112) [kswapd0] (root,0,0,00:00:00/9-13:28:53,114) [kthrotld] (root,0,0,00:00:00/9-13:28:53,115) [mld] (root,0,0,00:00:00/9-13:28:53,116) [ipv6_addrconf] (root,0,0,00:00:04/9-13:28:53,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/9-13:28:53,122) [kstrp] (root,0,0,00:00:00/9-13:28:53,123) [zswap-shrink] (root,0,0,00:00:00/9-13:28:53,124) [kworker/u9:0] (root,0,0,00:00:00/9-13:28:53,129) [charger_manager] (root,0,0,00:00:02/9-13:28:52,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/9-13:28:52,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-13:28:52,205) [kaluad] (root,0,0,00:00:00/9-13:28:52,250) [kmpath_rdacd] (root,0,0,00:00:00/9-13:28:52,293) [kmpathd] (root,0,0,00:00:00/9-13:28:52,294) [kmpath_handlerd] (root,0,0,00:00:00/9-13:28:52,342) [ata_sff] (root,0,0,00:00:00/9-13:28:51,343) [scsi_eh_0] (root,0,0,00:00:00/9-13:28:51,344) [scsi_tmf_0] (root,0,0,00:00:00/9-13:28:51,345) [scsi_eh_1] (root,0,0,00:00:00/9-13:28:51,346) [scsi_tmf_1] (root,0,0,00:00:14/9-13:28:49,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-13:28:49,367) [ext4-rsv-conver] (root,38604,7900,00:00:16/9-13:28:37,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/9-13:28:36,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:14/9-13:28:34,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:06/9-13:28:00,512) /sbin/auditd (messagebus,22936,5672,00:00:33/9-13:28:00,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:19/9-13:28:00,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/9-13:28:00,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/9-13:27:59,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/9-13:27:59,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,26656,00:00:11/9-13:27:45,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/9-13:27:45,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:50/9-13:27:44,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/9-13:27:44,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/9-13:27:44,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/9-13:27:44,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/9-13:27:44,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:16/9-13:27:44,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:16/9-13:27:44,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/9-13:27:44,1206) bpfilter_umh (root,26204,8300,00:00:05/9-13:27:44,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/9-13:27:44,1215) ntpd: asynchronous dns resolver (spot,282756,169192,11:11:20/9-13:27:44,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/9-13:27:43,1228) (sd-pam) (checkmk,48532,3192,00:00:00/9-13:27:43,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/9-13:27:43,1245) (sd-pam) (root,24216,5348,00:00:02/9-13:27:42,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/9-13:27:42,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/9-13:27:41,1354) /usr/sbin/cron -n (root,691336,73820,00:12:18/9-13:27:35,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,210368,45328,00:03:06/9-13:27:21,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:04/04:56:01,2819) [kworker/2:2-events] (root,0,0,00:00:00/57:19,6061) [kworker/1:0-events] (root,0,0,00:00:00/01:07,8026) [kworker/2:0] (root,35308,10012,00:00:00/2-05:23:48,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:08/2-05:23:48,8749) sshd: syslogtunnel (root,0,0,00:00:00/00:14,11619) [kworker/1:1-ata_sff] (root,0,0,00:00:00/30:21,12858) [kworker/3:2] (root,6656,3480,00:00:00/00:00,13979) /bin/bash /usr/bin/check_mk_agent (root,13744,3412,00:00:00/00:00,13997) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,13998) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10012,00:00:00/3-11:18:37,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:11/3-11:18:36,15391) sshd: cm-ssh (root,0,0,00:00:00/50:56,15939) [kworker/2:1-events] (root,0,0,00:00:00/50:23,16117) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/02:43:59,22141) [kworker/3:0-events] (root,0,0,00:00:00/38:52,22486) [kworker/u8:1] (root,0,0,00:00:00/01:39:55,25498) [kworker/0:1-events] (root,0,0,00:00:00/06:04,26656) [kworker/0:2-events] (postfix,24244,8308,00:00:00/01:00:29,28263) pickup -l -t fifo -u (root,0,0,00:00:00/05:26,28459) [kworker/1:2-ata_sff] (postfix,44628,9464,00:00:00/3-18:04:22,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-21 23:51 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d9e40025Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:24/7-12:32:34,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-12:32:34,2) [kthreadd] (root,0,0,00:00:00/7-12:32:34,3) [rcu_gp] (root,0,0,00:00:00/7-12:32:34,4) [rcu_par_gp] (root,0,0,00:00:00/7-12:32:34,5) [slub_flushwq] (root,0,0,00:00:00/7-12:32:34,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-12:32:34,9) [mm_percpu_wq] (root,0,0,00:00:00/7-12:32:34,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-12:32:34,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-12:32:34,12) [rcu_tasks_trace] (root,0,0,00:00:13/7-12:32:34,13) [ksoftirqd/0] (root,0,0,00:19:46/7-12:32:34,14) [rcu_preempt] (root,0,0,00:00:02/7-12:32:34,15) [migration/0] (root,0,0,00:00:00/7-12:32:34,16) [idle_inject/0] (root,0,0,00:00:00/7-12:32:34,18) [cpuhp/0] (root,0,0,00:00:00/7-12:32:34,19) [cpuhp/1] (root,0,0,00:00:00/7-12:32:34,20) [idle_inject/1] (root,0,0,00:00:03/7-12:32:34,21) [migration/1] (root,0,0,00:00:11/7-12:32:34,22) [ksoftirqd/1] (root,0,0,00:00:00/7-12:32:34,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-12:32:34,25) [cpuhp/2] (root,0,0,00:00:00/7-12:32:34,26) [idle_inject/2] (root,0,0,00:00:02/7-12:32:34,27) [migration/2] (root,0,0,00:15:53/7-12:32:34,28) [ksoftirqd/2] (root,0,0,00:00:00/7-12:32:34,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-12:32:34,31) [cpuhp/3] (root,0,0,00:00:00/7-12:32:34,32) [idle_inject/3] (root,0,0,00:00:03/7-12:32:34,33) [migration/3] (root,0,0,00:00:42/7-12:32:34,34) [ksoftirqd/3] (root,0,0,00:00:00/7-12:32:34,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-12:32:34,39) [kdevtmpfs] (root,0,0,00:00:00/7-12:32:34,40) [netns] (root,0,0,00:00:00/7-12:32:34,41) [inet_frag_wq] (root,0,0,00:00:02/7-12:32:34,42) [kauditd] (root,0,0,00:00:00/7-12:32:34,43) [khungtaskd] (root,0,0,00:00:00/7-12:32:34,44) [oom_reaper] (root,0,0,00:00:00/7-12:32:34,45) [writeback] (root,0,0,00:00:22/7-12:32:34,46) [kcompactd0] (root,0,0,00:00:00/7-12:32:34,47) [ksmd] (root,0,0,00:00:22/7-12:32:34,48) [khugepaged] (root,0,0,00:00:00/7-12:32:34,74) [kintegrityd] (root,0,0,00:00:00/7-12:32:34,75) [kblockd] (root,0,0,00:00:00/7-12:32:34,76) [blkcg_punt_bio] (root,0,0,00:00:00/7-12:32:34,78) [tpm_dev_wq] (root,0,0,00:00:00/7-12:32:34,79) [edac-poller] (root,0,0,00:00:00/7-12:32:34,80) [devfreq_wq] (root,0,0,00:00:00/7-12:32:34,110) [watchdogd] (root,0,0,00:00:01/7-12:32:34,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-12:32:34,112) [kswapd0] (root,0,0,00:00:00/7-12:32:33,114) [kthrotld] (root,0,0,00:00:00/7-12:32:33,115) [mld] (root,0,0,00:00:00/7-12:32:33,116) [ipv6_addrconf] (root,0,0,00:00:03/7-12:32:33,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/7-12:32:33,122) [kstrp] (root,0,0,00:00:00/7-12:32:33,123) [zswap-shrink] (root,0,0,00:00:00/7-12:32:33,124) [kworker/u9:0] (root,0,0,00:00:00/7-12:32:33,129) [charger_manager] (root,0,0,00:00:01/7-12:32:32,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/7-12:32:32,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-12:32:32,205) [kaluad] (root,0,0,00:00:00/7-12:32:32,250) [kmpath_rdacd] (root,0,0,00:00:00/7-12:32:32,293) [kmpathd] (root,0,0,00:00:00/7-12:32:32,294) [kmpath_handlerd] (root,0,0,00:00:00/7-12:32:32,342) [ata_sff] (root,0,0,00:00:00/7-12:32:31,343) [scsi_eh_0] (root,0,0,00:00:00/7-12:32:31,344) [scsi_tmf_0] (root,0,0,00:00:00/7-12:32:31,345) [scsi_eh_1] (root,0,0,00:00:00/7-12:32:31,346) [scsi_tmf_1] (root,0,0,00:00:11/7-12:32:29,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-12:32:29,367) [ext4-rsv-conver] (root,38604,7900,00:00:13/7-12:32:17,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/7-12:32:16,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:11/7-12:32:14,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:04/7-12:31:40,512) /sbin/auditd (messagebus,22936,5672,00:00:26/7-12:31:40,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:15/7-12:31:40,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/7-12:31:40,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,0,0,00:00:00/16:40,589) [kworker/u8:0-writeback] (root,31876,16220,00:00:03/7-12:31:39,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/7-12:31:39,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25356,00:00:08/7-12:31:25,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/7-12:31:25,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:39/7-12:31:24,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/7-12:31:24,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/7-12:31:24,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/7-12:31:24,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/7-12:31:24,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:13/7-12:31:24,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:00:59/7-12:31:24,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/7-12:31:24,1206) bpfilter_umh (root,26204,8300,00:00:04/7-12:31:24,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/7-12:31:24,1215) ntpd: asynchronous dns resolver (spot,284484,169624,08:31:44/7-12:31:24,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/7-12:31:23,1228) (sd-pam) (checkmk,48532,3192,00:00:00/7-12:31:23,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/7-12:31:23,1245) (sd-pam) (root,24216,5348,00:00:02/7-12:31:22,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/7-12:31:22,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/7-12:31:21,1354) /usr/sbin/cron -n (root,691080,73620,00:09:38/7-12:31:15,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,43784,00:02:24/7-12:31:01,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/42:13,1729) [kworker/0:2-events] (root,0,0,00:00:00/35:00,3298) [kworker/2:1-events] (root,0,0,00:00:00/09:45,6632) [kworker/1:2-ata_sff] (root,0,0,00:00:00/01:11:29,7055) [kworker/3:2-events] (root,0,0,00:00:00/49:35,8300) [kworker/3:1-events] (root,35308,10012,00:00:00/04:27:28,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:00/04:27:28,8749) sshd: syslogtunnel (root,0,0,00:00:00/02:42,11800) [kworker/2:0-cgroup_destroy] (root,35308,10012,00:00:00/1-10:22:17,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:04/1-10:22:16,15391) sshd: cm-ssh (root,0,0,00:00:00/13:35,17554) [kworker/0:1-events] (postfix,24244,8324,00:00:00/25:58,18194) pickup -l -t fifo -u (root,0,0,00:00:00/39:13,18809) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/46:04,21988) [kworker/1:0-events] (root,6656,3484,00:00:00/00:00,23801) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,23819) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,944,00:00:00/00:00,23820) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,44628,9464,00:00:00/1-17:08:02,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/17:10,30892) [kworker/2:2-events] (root,0,0,00:00:00/04:34,32541) [kworker/1:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-19 22:54 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683634376aae8Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:18/5-11:28:58,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-11:28:58,2) [kthreadd] (root,0,0,00:00:00/5-11:28:58,3) [rcu_gp] (root,0,0,00:00:00/5-11:28:58,4) [rcu_par_gp] (root,0,0,00:00:00/5-11:28:58,5) [slub_flushwq] (root,0,0,00:00:00/5-11:28:58,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-11:28:58,9) [mm_percpu_wq] (root,0,0,00:00:00/5-11:28:58,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-11:28:58,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-11:28:58,12) [rcu_tasks_trace] (root,0,0,00:00:08/5-11:28:58,13) [ksoftirqd/0] (root,0,0,00:14:14/5-11:28:58,14) [rcu_preempt] (root,0,0,00:00:02/5-11:28:58,15) [migration/0] (root,0,0,00:00:00/5-11:28:58,16) [idle_inject/0] (root,0,0,00:00:00/5-11:28:58,18) [cpuhp/0] (root,0,0,00:00:00/5-11:28:58,19) [cpuhp/1] (root,0,0,00:00:00/5-11:28:58,20) [idle_inject/1] (root,0,0,00:00:02/5-11:28:58,21) [migration/1] (root,0,0,00:00:07/5-11:28:58,22) [ksoftirqd/1] (root,0,0,00:00:00/5-11:28:58,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-11:28:58,25) [cpuhp/2] (root,0,0,00:00:00/5-11:28:58,26) [idle_inject/2] (root,0,0,00:00:01/5-11:28:58,27) [migration/2] (root,0,0,00:11:45/5-11:28:58,28) [ksoftirqd/2] (root,0,0,00:00:00/5-11:28:58,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-11:28:58,31) [cpuhp/3] (root,0,0,00:00:00/5-11:28:58,32) [idle_inject/3] (root,0,0,00:00:02/5-11:28:58,33) [migration/3] (root,0,0,00:00:29/5-11:28:58,34) [ksoftirqd/3] (root,0,0,00:00:00/5-11:28:58,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-11:28:58,39) [kdevtmpfs] (root,0,0,00:00:00/5-11:28:58,40) [netns] (root,0,0,00:00:00/5-11:28:58,41) [inet_frag_wq] (root,0,0,00:00:01/5-11:28:58,42) [kauditd] (root,0,0,00:00:00/5-11:28:58,43) [khungtaskd] (root,0,0,00:00:00/5-11:28:58,44) [oom_reaper] (root,0,0,00:00:00/5-11:28:58,45) [writeback] (root,0,0,00:00:14/5-11:28:58,46) [kcompactd0] (root,0,0,00:00:00/5-11:28:58,47) [ksmd] (root,0,0,00:00:15/5-11:28:58,48) [khugepaged] (root,0,0,00:00:00/5-11:28:58,74) [kintegrityd] (root,0,0,00:00:00/5-11:28:58,75) [kblockd] (root,0,0,00:00:00/5-11:28:58,76) [blkcg_punt_bio] (root,0,0,00:00:00/5-11:28:58,78) [tpm_dev_wq] (root,0,0,00:00:00/5-11:28:58,79) [edac-poller] (root,0,0,00:00:00/5-11:28:58,80) [devfreq_wq] (root,0,0,00:00:00/5-11:28:58,110) [watchdogd] (root,0,0,00:00:01/5-11:28:58,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-11:28:58,112) [kswapd0] (root,0,0,00:00:00/5-11:28:57,114) [kthrotld] (root,0,0,00:00:00/5-11:28:57,115) [mld] (root,0,0,00:00:00/5-11:28:57,116) [ipv6_addrconf] (root,0,0,00:00:02/5-11:28:57,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/5-11:28:57,122) [kstrp] (root,0,0,00:00:00/5-11:28:57,123) [zswap-shrink] (root,0,0,00:00:00/5-11:28:57,124) [kworker/u9:0] (root,0,0,00:00:00/5-11:28:57,129) [charger_manager] (root,0,0,00:00:01/5-11:28:56,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/5-11:28:56,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-11:28:56,205) [kaluad] (root,0,0,00:00:00/5-11:28:56,250) [kmpath_rdacd] (root,0,0,00:00:00/5-11:28:56,293) [kmpathd] (root,0,0,00:00:00/5-11:28:56,294) [kmpath_handlerd] (root,0,0,00:00:00/5-11:28:56,342) [ata_sff] (root,0,0,00:00:00/5-11:28:55,343) [scsi_eh_0] (root,0,0,00:00:00/5-11:28:55,344) [scsi_tmf_0] (root,0,0,00:00:00/5-11:28:55,345) [scsi_eh_1] (root,0,0,00:00:00/5-11:28:55,346) [scsi_tmf_1] (root,0,0,00:00:08/5-11:28:53,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-11:28:53,367) [ext4-rsv-conver] (root,38604,7544,00:00:09/5-11:28:41,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/5-11:28:40,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:08/5-11:28:38,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/5-11:28:04,512) /sbin/auditd (messagebus,22936,5824,00:00:19/5-11:28:04,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:11/5-11:28:04,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/5-11:28:04,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/5-11:28:03,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/5-11:28:03,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25572,00:00:06/5-11:27:49,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/5-11:27:49,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:27/5-11:27:48,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/5-11:27:48,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/5-11:27:48,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/5-11:27:48,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/5-11:27:48,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:10/5-11:27:48,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:42/5-11:27:48,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/5-11:27:48,1206) bpfilter_umh (root,26204,8340,00:00:03/5-11:27:48,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/5-11:27:48,1215) ntpd: asynchronous dns resolver (spot,276008,163700,05:59:50/5-11:27:48,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/5-11:27:47,1228) (sd-pam) (checkmk,48532,3192,00:00:00/5-11:27:47,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/5-11:27:47,1245) (sd-pam) (root,24216,5348,00:00:01/5-11:27:46,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/5-11:27:46,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/5-11:27:45,1354) /usr/sbin/cron -n (root,691080,73440,00:06:57/5-11:27:39,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,42484,00:01:44/5-11:27:25,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/19:51,4430) [kworker/0:0-events] (root,35308,10024,00:00:00/3-13:20:34,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:12/3-13:20:34,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/3-13:20:19,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:10/3-13:20:19,4688) sshd: cm-ssh (root,0,0,00:00:00/05:09,7039) [kworker/1:1-ata_sff] (root,0,0,00:00:05/11:58:41,13342) [kworker/1:0-events] (root,0,0,00:00:00/10:22,15267) [kworker/1:2-ata_sff] (root,0,0,00:00:01/01:49:24,22417) [kworker/2:2-events] (root,0,0,00:00:00/01:49:20,22418) [kworker/u8:2-writeback] (root,0,0,00:00:00/03:20:37,26136) [kworker/u8:1-ext4-rsv-conversion] (postfix,24244,8272,00:00:00/01:23:17,27452) pickup -l -t fifo -u (root,0,0,00:00:00/05:00:33,27907) [kworker/3:1-cgroup_destroy] (root,6656,3488,00:00:00/00:00,27920) /bin/bash /usr/bin/check_mk_agent (root,13744,3524,00:00:00/00:00,27938) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,27939) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:06:50,28891) [kworker/3:2-events] (root,0,0,00:00:00/54:04,29918) [kworker/2:0] (root,0,0,00:00:00/36:57,31879) [kworker/0:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-17 21:51 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363519f06a9Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:13/3-15:14:38,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-15:14:38,2) [kthreadd] (root,0,0,00:00:00/3-15:14:38,3) [rcu_gp] (root,0,0,00:00:00/3-15:14:38,4) [rcu_par_gp] (root,0,0,00:00:00/3-15:14:38,5) [slub_flushwq] (root,0,0,00:00:00/3-15:14:38,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-15:14:38,9) [mm_percpu_wq] (root,0,0,00:00:00/3-15:14:38,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-15:14:38,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-15:14:38,12) [rcu_tasks_trace] (root,0,0,00:00:06/3-15:14:38,13) [ksoftirqd/0] (root,0,0,00:09:30/3-15:14:38,14) [rcu_preempt] (root,0,0,00:00:01/3-15:14:38,15) [migration/0] (root,0,0,00:00:00/3-15:14:38,16) [idle_inject/0] (root,0,0,00:00:00/3-15:14:38,18) [cpuhp/0] (root,0,0,00:00:00/3-15:14:38,19) [cpuhp/1] (root,0,0,00:00:00/3-15:14:38,20) [idle_inject/1] (root,0,0,00:00:01/3-15:14:38,21) [migration/1] (root,0,0,00:00:05/3-15:14:38,22) [ksoftirqd/1] (root,0,0,00:00:00/3-15:14:38,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-15:14:38,25) [cpuhp/2] (root,0,0,00:00:00/3-15:14:38,26) [idle_inject/2] (root,0,0,00:00:01/3-15:14:38,27) [migration/2] (root,0,0,00:08:02/3-15:14:38,28) [ksoftirqd/2] (root,0,0,00:00:00/3-15:14:38,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-15:14:38,31) [cpuhp/3] (root,0,0,00:00:00/3-15:14:38,32) [idle_inject/3] (root,0,0,00:00:01/3-15:14:38,33) [migration/3] (root,0,0,00:00:20/3-15:14:38,34) [ksoftirqd/3] (root,0,0,00:00:00/3-15:14:38,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-15:14:38,39) [kdevtmpfs] (root,0,0,00:00:00/3-15:14:38,40) [netns] (root,0,0,00:00:00/3-15:14:38,41) [inet_frag_wq] (root,0,0,00:00:01/3-15:14:38,42) [kauditd] (root,0,0,00:00:00/3-15:14:38,43) [khungtaskd] (root,0,0,00:00:00/3-15:14:38,44) [oom_reaper] (root,0,0,00:00:00/3-15:14:38,45) [writeback] (root,0,0,00:00:09/3-15:14:38,46) [kcompactd0] (root,0,0,00:00:00/3-15:14:38,47) [ksmd] (root,0,0,00:00:10/3-15:14:38,48) [khugepaged] (root,0,0,00:00:00/3-15:14:38,74) [kintegrityd] (root,0,0,00:00:00/3-15:14:38,75) [kblockd] (root,0,0,00:00:00/3-15:14:38,76) [blkcg_punt_bio] (root,0,0,00:00:00/3-15:14:38,78) [tpm_dev_wq] (root,0,0,00:00:00/3-15:14:38,79) [edac-poller] (root,0,0,00:00:00/3-15:14:38,80) [devfreq_wq] (root,0,0,00:00:00/3-15:14:38,110) [watchdogd] (root,0,0,00:00:00/3-15:14:38,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-15:14:38,112) [kswapd0] (root,0,0,00:00:00/3-15:14:37,114) [kthrotld] (root,0,0,00:00:00/3-15:14:37,115) [mld] (root,0,0,00:00:00/3-15:14:37,116) [ipv6_addrconf] (root,0,0,00:00:01/3-15:14:37,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-15:14:37,122) [kstrp] (root,0,0,00:00:00/3-15:14:37,123) [zswap-shrink] (root,0,0,00:00:00/3-15:14:37,124) [kworker/u9:0] (root,0,0,00:00:00/3-15:14:37,129) [charger_manager] (root,0,0,00:00:00/3-15:14:36,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-15:14:36,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-15:14:36,205) [kaluad] (root,0,0,00:00:00/3-15:14:36,250) [kmpath_rdacd] (root,0,0,00:00:00/3-15:14:36,293) [kmpathd] (root,0,0,00:00:00/3-15:14:36,294) [kmpath_handlerd] (root,0,0,00:00:00/3-15:14:36,342) [ata_sff] (root,0,0,00:00:00/3-15:14:35,343) [scsi_eh_0] (root,0,0,00:00:00/3-15:14:35,344) [scsi_tmf_0] (root,0,0,00:00:00/3-15:14:35,345) [scsi_eh_1] (root,0,0,00:00:00/3-15:14:35,346) [scsi_tmf_1] (root,0,0,00:00:05/3-15:14:33,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-15:14:33,367) [ext4-rsv-conver] (root,38604,7544,00:00:07/3-15:14:21,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/3-15:14:20,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:05/3-15:14:18,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/3-15:13:44,512) /sbin/auditd (messagebus,22936,5824,00:00:14/3-15:13:44,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:08/3-15:13:44,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/3-15:13:44,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/3-15:13:43,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/3-15:13:43,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24748,00:00:04/3-15:13:29,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/3-15:13:29,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:18/3-15:13:28,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/3-15:13:28,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/3-15:13:28,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/3-15:13:28,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/3-15:13:28,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:07/3-15:13:28,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:28/3-15:13:28,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/3-15:13:28,1206) bpfilter_umh (root,26204,8340,00:00:02/3-15:13:28,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/3-15:13:28,1215) ntpd: asynchronous dns resolver (spot,273500,162208,04:12:23/3-15:13:28,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/3-15:13:27,1228) (sd-pam) (checkmk,48532,3192,00:00:00/3-15:13:27,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/3-15:13:27,1245) (sd-pam) (root,0,0,00:00:00/21:23,1284) [kworker/2:1] (root,24216,5348,00:00:01/3-15:13:26,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-15:13:26,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/3-15:13:25,1354) /usr/sbin/cron -n (root,689544,71904,00:04:39/3-15:13:19,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,207296,41156,00:01:10/3-15:13:05,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:10:40,1655) [kworker/0:1-events] (root,0,0,00:00:04/03:46:00,3235) [kworker/2:0-events] (root,35308,10024,00:00:00/1-17:06:14,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:05/1-17:06:14,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/1-17:05:59,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:05/1-17:05:59,4688) sshd: cm-ssh (root,0,0,00:00:00/02:23:48,4707) [kworker/0:2-events] (postfix,24244,8164,00:00:00/30:48,13818) pickup -l -t fifo -u (root,0,0,00:00:01/01:32:57,19322) [kworker/1:1-events] (root,6656,3488,00:00:00/00:00,22267) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,22285) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,22286) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:31:17,25346) [kworker/u8:0-writeback] (root,0,0,00:00:00/09:57,25518) [kworker/1:2-ata_sff] (root,0,0,00:00:00/09:36,26463) [kworker/3:0-events] (root,0,0,00:00:00/04:47,28129) [kworker/1:0-ata_sff] (root,0,0,00:00:00/05:21:15,30146) [kworker/u8:2] (root,0,0,00:00:00/44:50,30663) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-16 01:36 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363dd33fe56Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12672,00:00:07/1-14:27:57,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-14:27:57,2) [kthreadd] (root,0,0,00:00:00/1-14:27:57,3) [rcu_gp] (root,0,0,00:00:00/1-14:27:57,4) [rcu_par_gp] (root,0,0,00:00:00/1-14:27:57,5) [slub_flushwq] (root,0,0,00:00:00/1-14:27:57,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-14:27:57,9) [mm_percpu_wq] (root,0,0,00:00:00/1-14:27:57,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-14:27:57,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-14:27:57,12) [rcu_tasks_trace] (root,0,0,00:00:02/1-14:27:57,13) [ksoftirqd/0] (root,0,0,00:04:09/1-14:27:57,14) [rcu_preempt] (root,0,0,00:00:00/1-14:27:57,15) [migration/0] (root,0,0,00:00:00/1-14:27:57,16) [idle_inject/0] (root,0,0,00:00:00/1-14:27:57,18) [cpuhp/0] (root,0,0,00:00:00/1-14:27:57,19) [cpuhp/1] (root,0,0,00:00:00/1-14:27:57,20) [idle_inject/1] (root,0,0,00:00:00/1-14:27:57,21) [migration/1] (root,0,0,00:00:02/1-14:27:57,22) [ksoftirqd/1] (root,0,0,00:00:00/1-14:27:57,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-14:27:57,25) [cpuhp/2] (root,0,0,00:00:00/1-14:27:57,26) [idle_inject/2] (root,0,0,00:00:00/1-14:27:57,27) [migration/2] (root,0,0,00:03:25/1-14:27:57,28) [ksoftirqd/2] (root,0,0,00:00:00/1-14:27:57,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-14:27:57,31) [cpuhp/3] (root,0,0,00:00:00/1-14:27:57,32) [idle_inject/3] (root,0,0,00:00:00/1-14:27:57,33) [migration/3] (root,0,0,00:00:08/1-14:27:57,34) [ksoftirqd/3] (root,0,0,00:00:00/1-14:27:57,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-14:27:57,39) [kdevtmpfs] (root,0,0,00:00:00/1-14:27:57,40) [netns] (root,0,0,00:00:00/1-14:27:57,41) [inet_frag_wq] (root,0,0,00:00:00/1-14:27:57,42) [kauditd] (root,0,0,00:00:00/1-14:27:57,43) [khungtaskd] (root,0,0,00:00:00/1-14:27:57,44) [oom_reaper] (root,0,0,00:00:00/1-14:27:57,45) [writeback] (root,0,0,00:00:04/1-14:27:57,46) [kcompactd0] (root,0,0,00:00:00/1-14:27:57,47) [ksmd] (root,0,0,00:00:04/1-14:27:57,48) [khugepaged] (root,0,0,00:00:00/1-14:27:57,74) [kintegrityd] (root,0,0,00:00:00/1-14:27:57,75) [kblockd] (root,0,0,00:00:00/1-14:27:57,76) [blkcg_punt_bio] (root,0,0,00:00:00/1-14:27:57,78) [tpm_dev_wq] (root,0,0,00:00:00/1-14:27:57,79) [edac-poller] (root,0,0,00:00:00/1-14:27:57,80) [devfreq_wq] (root,0,0,00:00:00/1-14:27:57,110) [watchdogd] (root,0,0,00:00:00/1-14:27:57,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-14:27:57,112) [kswapd0] (root,0,0,00:00:00/1-14:27:56,114) [kthrotld] (root,0,0,00:00:00/1-14:27:56,115) [mld] (root,0,0,00:00:00/1-14:27:56,116) [ipv6_addrconf] (root,0,0,00:00:00/1-14:27:56,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-14:27:56,122) [kstrp] (root,0,0,00:00:00/1-14:27:56,123) [zswap-shrink] (root,0,0,00:00:00/1-14:27:56,124) [kworker/u9:0] (root,0,0,00:00:00/1-14:27:56,129) [charger_manager] (root,0,0,00:00:00/1-14:27:55,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-14:27:55,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-14:27:55,205) [kaluad] (root,0,0,00:00:00/1-14:27:55,250) [kmpath_rdacd] (root,0,0,00:00:00/1-14:27:55,293) [kmpathd] (root,0,0,00:00:00/1-14:27:55,294) [kmpath_handlerd] (root,0,0,00:00:00/1-14:27:55,342) [ata_sff] (root,0,0,00:00:00/1-14:27:54,343) [scsi_eh_0] (root,0,0,00:00:00/1-14:27:54,344) [scsi_tmf_0] (root,0,0,00:00:00/1-14:27:54,345) [scsi_eh_1] (root,0,0,00:00:00/1-14:27:54,346) [scsi_tmf_1] (root,0,0,00:00:02/1-14:27:52,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-14:27:52,367) [ext4-rsv-conver] (root,38604,7544,00:00:03/1-14:27:40,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/1-14:27:39,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:02/1-14:27:37,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/1-14:27:03,512) /sbin/auditd (messagebus,22936,5824,00:00:07/1-14:27:03,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8508,00:00:03/1-14:27:03,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/1-14:27:03,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/1-14:27:02,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/1-14:27:02,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24220,00:00:02/1-14:26:48,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/1-14:26:48,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:07/1-14:26:47,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/1-14:26:47,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/1-14:26:47,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/1-14:26:47,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/1-14:26:47,1201) /usr/lib/systemd/systemd --user (root,448724,7840,00:00:03/1-14:26:47,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:12/1-14:26:47,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/1-14:26:47,1206) bpfilter_umh (root,26204,8340,00:00:01/1-14:26:47,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/1-14:26:47,1215) ntpd: asynchronous dns resolver (spot,198804,161636,01:47:28/1-14:26:47,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/1-14:26:46,1228) (sd-pam) (checkmk,48532,3192,00:00:00/1-14:26:46,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/1-14:26:46,1245) (sd-pam) (root,24216,5348,00:00:00/1-14:26:45,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/1-14:26:45,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/1-14:26:44,1354) /usr/sbin/cron -n (root,35308,9992,00:00:00/1-14:26:40,1368) sshd: syslogtunnel [priv] (syslogtunnel,35308,5400,00:00:05/1-14:26:40,1371) sshd: syslogtunnel (root,689288,71288,00:02:04/1-14:26:38,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,40784,00:00:32/1-14:26:24,1380) /usr/bin/python3.11 /usr/bin/spot (root,35308,9976,00:00:00/1-14:26:05,1434) sshd: cm-ssh [priv] (cm-ssh,35308,5468,00:00:04/1-14:26:05,1436) sshd: cm-ssh (root,0,0,00:00:00/34:50,4324) [kworker/3:1-events] (root,0,0,00:00:00/00:04,9053) [kworker/0:1-mm_percpu_wq] (root,0,0,00:00:00/01:02:59,9251) [kworker/0:2-cgroup_destroy] (root,6656,3488,00:00:00/00:00,9303) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,9321) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,9322) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/09:10,9695) [kworker/1:2-ata_sff] (root,0,0,00:00:00/24:44,10983) [kworker/1:1-events] (root,0,0,00:00:00/24:38,11248) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/07:05,17050) [kworker/3:0-events] (postfix,24244,8184,00:00:00/06:05,18869) pickup -l -t fifo -u (root,0,0,00:00:00/04:00,21402) [kworker/1:0-ata_sff] (root,0,0,00:00:00/14:13,23650) [kworker/2:1] (root,0,0,00:00:00/01:49:59,28896) [kworker/0:0-events] (root,0,0,00:00:00/01:49:39,29594) [kworker/u8:1] (root,0,0,00:00:01/01:06:36,32356) [kworker/2:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-14 00:50 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363298b1226Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12368,00:03:07/62-14:00:56,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/62-14:00:56,2) [kthreadd] (root,0,0,00:00:00/62-14:00:56,3) [rcu_gp] (root,0,0,00:00:00/62-14:00:56,4) [rcu_par_gp] (root,0,0,00:00:00/62-14:00:56,5) [slub_flushwq] (root,0,0,00:00:00/62-14:00:56,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/62-14:00:56,9) [mm_percpu_wq] (root,0,0,00:00:00/62-14:00:56,10) [rcu_tasks_kthre] (root,0,0,00:00:00/62-14:00:56,11) [rcu_tasks_rude_] (root,0,0,00:00:00/62-14:00:56,12) [rcu_tasks_trace] (root,0,0,00:01:52/62-14:00:56,13) [ksoftirqd/0] (root,0,0,02:54:11/62-14:00:56,14) [rcu_preempt] (root,0,0,00:00:23/62-14:00:56,15) [migration/0] (root,0,0,00:00:00/62-14:00:56,16) [idle_inject/0] (root,0,0,00:00:00/62-14:00:56,18) [cpuhp/0] (root,0,0,00:00:00/62-14:00:56,19) [cpuhp/1] (root,0,0,00:00:00/62-14:00:56,20) [idle_inject/1] (root,0,0,00:00:23/62-14:00:56,21) [migration/1] (root,0,0,00:01:33/62-14:00:56,22) [ksoftirqd/1] (root,0,0,00:00:00/62-14:00:56,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/62-14:00:56,25) [cpuhp/2] (root,0,0,00:00:00/62-14:00:56,26) [idle_inject/2] (root,0,0,00:00:17/62-14:00:56,27) [migration/2] (root,0,0,01:53:33/62-14:00:56,28) [ksoftirqd/2] (root,0,0,00:00:00/62-14:00:56,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/62-14:00:56,31) [cpuhp/3] (root,0,0,00:00:00/62-14:00:56,32) [idle_inject/3] (root,0,0,00:00:22/62-14:00:56,33) [migration/3] (root,0,0,00:05:43/62-14:00:56,34) [ksoftirqd/3] (root,0,0,00:00:00/62-14:00:56,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/62-14:00:56,40) [kdevtmpfs] (root,0,0,00:00:00/62-14:00:56,41) [netns] (root,0,0,00:00:00/62-14:00:56,42) [inet_frag_wq] (root,0,0,00:00:22/62-14:00:56,43) [kauditd] (root,0,0,00:00:00/62-14:00:56,44) [khungtaskd] (root,0,0,00:00:00/62-14:00:56,45) [oom_reaper] (root,0,0,00:00:00/62-14:00:56,46) [writeback] (root,0,0,00:03:11/62-14:00:56,47) [kcompactd0] (root,0,0,00:00:00/62-14:00:56,48) [ksmd] (root,0,0,00:03:27/62-14:00:56,49) [khugepaged] (root,0,0,00:00:00/62-14:00:56,75) [kintegrityd] (root,0,0,00:00:00/62-14:00:56,76) [kblockd] (root,0,0,00:00:00/62-14:00:56,77) [blkcg_punt_bio] (root,0,0,00:00:00/62-14:00:56,79) [tpm_dev_wq] (root,0,0,00:00:00/62-14:00:56,80) [edac-poller] (root,0,0,00:00:00/62-14:00:56,81) [devfreq_wq] (root,0,0,00:00:00/62-14:00:56,110) [watchdogd] (root,0,0,00:00:05/62-14:00:56,111) [kswapd0] (root,0,0,00:00:16/62-14:00:56,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/62-14:00:54,115) [kthrotld] (root,0,0,00:00:00/62-14:00:54,116) [mld] (root,0,0,00:00:00/62-14:00:54,117) [ipv6_addrconf] (root,0,0,00:00:16/62-14:00:54,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/62-14:00:54,123) [kstrp] (root,0,0,00:00:00/62-14:00:54,124) [zswap-shrink] (root,0,0,00:00:00/62-14:00:54,125) [kworker/u9:0] (root,0,0,00:00:00/62-14:00:54,130) [charger_manager] (root,0,0,00:00:18/62-14:00:54,172) [kworker/1:1H-kblockd] (root,0,0,00:00:27/62-14:00:54,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/62-14:00:53,239) [kaluad] (root,0,0,00:00:00/62-14:00:53,258) [kmpath_rdacd] (root,0,0,00:00:00/62-14:00:53,304) [kmpathd] (root,0,0,00:00:00/62-14:00:53,305) [kmpath_handlerd] (root,0,0,00:00:00/62-14:00:52,342) [ata_sff] (root,0,0,00:00:00/62-14:00:52,343) [scsi_eh_0] (root,0,0,00:00:00/62-14:00:52,344) [scsi_tmf_0] (root,0,0,00:00:00/62-14:00:52,345) [scsi_eh_1] (root,0,0,00:00:00/62-14:00:52,346) [scsi_tmf_1] (root,0,0,00:01:59/62-14:00:49,366) [jbd2/vda1-8] (root,0,0,00:00:00/62-14:00:49,367) [ext4-rsv-conver] (root,38604,7852,00:01:47/62-14:00:37,440) /usr/lib/systemd/systemd-journald (root,53296,9324,00:00:07/62-14:00:36,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:36/62-14:00:34,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1584,00:00:39/62-14:00:03,511) /sbin/auditd (messagebus,22932,5400,00:03:34/62-14:00:02,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38880,8288,00:02:01/62-14:00:02,530) /usr/lib/systemd/systemd-logind (root,20556,4152,00:00:00/62-14:00:02,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15472,00:00:03/62-14:00:00,611) /usr/sbin/wickedd --systemd --foreground (root,31900,15904,00:00:00/62-14:00:00,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549384,31628,00:01:13/62-13:59:46,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/62-13:59:46,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:06:04/62-13:59:46,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/62-13:59:46,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/62-13:59:46,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/62-13:59:46,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/62-13:59:46,1343) /usr/lib/systemd/systemd --user (root,449060,7988,00:01:56/62-13:59:46,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:52/62-13:59:46,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/62-13:59:46,1352) bpfilter_umh (root,26204,8096,00:00:33/62-13:59:46,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/62-13:59:46,1359) ntpd: asynchronous dns resolver (spot,362752,213580,3-11:08:27/62-13:59:45,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/62-13:59:45,1371) (sd-pam) (checkmk,48528,3180,00:00:00/62-13:59:45,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/62-13:59:45,1373) (sd-pam) (root,24216,5256,00:00:22/62-13:59:43,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/62-13:59:43,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/62-13:59:43,1485) /usr/sbin/cron -n (root,699464,80300,01:26:27/62-13:59:37,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/01:35:31,1818) [kworker/1:0-events] (spot,236992,82964,00:31:55/62-13:59:25,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9104,00:00:02/56-19:35:00,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/11:22,3650) [kworker/u8:1-writeback] (root,0,0,00:00:00/04:30,6230) [kworker/2:0] (root,35304,10040,00:00:00/24-14:27:55,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:32/24-14:27:54,10514) sshd: syslogtunnel (root,0,0,00:00:00/09:27,11889) [kworker/0:0-events] (root,0,0,00:00:00/01:48:58,12427) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/02:17,14279) [kworker/3:0-ata_sff] (root,0,0,00:00:00/58:41,14894) [kworker/1:1] (root,0,0,00:00:01/03:01:34,19079) [kworker/2:2-events] (postfix,24244,8252,00:00:00/01:10:27,21014) pickup -l -t fifo -u (root,6656,3488,00:00:00/00:01,22489) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,22530) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,22531) /bin/bash /usr/bin/check_mk_agent (root,4480,1044,00:00:00/00:00,22532) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,812,00:00:00/00:00,22533) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2676,1388,00:00:00/00:00,22534) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3516,00:00:00/00:00,22535) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,22553) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,22554) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:27,24140) [kworker/3:2-ata_sff] (root,0,0,00:00:00/14:25,25190) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/01:20:06,25290) [kworker/3:1-mm_percpu_wq] (root,0,0,00:00:00/01:18:20,30822) [kworker/0:1-mm_percpu_wq] (root,35308,10028,00:00:00/24-15:14:08,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:22/24-15:14:07,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-12 00:49 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639e51a533Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:58/60-11:28:38,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/60-11:28:38,2) [kthreadd] (root,0,0,00:00:00/60-11:28:38,3) [rcu_gp] (root,0,0,00:00:00/60-11:28:38,4) [rcu_par_gp] (root,0,0,00:00:00/60-11:28:38,5) [slub_flushwq] (root,0,0,00:00:00/60-11:28:38,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/60-11:28:38,9) [mm_percpu_wq] (root,0,0,00:00:00/60-11:28:38,10) [rcu_tasks_kthre] (root,0,0,00:00:00/60-11:28:38,11) [rcu_tasks_rude_] (root,0,0,00:00:00/60-11:28:38,12) [rcu_tasks_trace] (root,0,0,00:01:48/60-11:28:38,13) [ksoftirqd/0] (root,0,0,02:48:48/60-11:28:38,14) [rcu_preempt] (root,0,0,00:00:23/60-11:28:38,15) [migration/0] (root,0,0,00:00:00/60-11:28:38,16) [idle_inject/0] (root,0,0,00:00:00/60-11:28:38,18) [cpuhp/0] (root,0,0,00:00:00/60-11:28:38,19) [cpuhp/1] (root,0,0,00:00:00/60-11:28:38,20) [idle_inject/1] (root,0,0,00:00:23/60-11:28:38,21) [migration/1] (root,0,0,00:01:29/60-11:28:38,22) [ksoftirqd/1] (root,0,0,00:00:00/60-11:28:38,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/60-11:28:38,25) [cpuhp/2] (root,0,0,00:00:00/60-11:28:38,26) [idle_inject/2] (root,0,0,00:00:17/60-11:28:38,27) [migration/2] (root,0,0,01:49:21/60-11:28:38,28) [ksoftirqd/2] (root,0,0,00:00:00/60-11:28:38,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/60-11:28:38,31) [cpuhp/3] (root,0,0,00:00:00/60-11:28:38,32) [idle_inject/3] (root,0,0,00:00:21/60-11:28:38,33) [migration/3] (root,0,0,00:05:32/60-11:28:38,34) [ksoftirqd/3] (root,0,0,00:00:00/60-11:28:38,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/60-11:28:38,40) [kdevtmpfs] (root,0,0,00:00:00/60-11:28:38,41) [netns] (root,0,0,00:00:00/60-11:28:38,42) [inet_frag_wq] (root,0,0,00:00:21/60-11:28:38,43) [kauditd] (root,0,0,00:00:00/60-11:28:38,44) [khungtaskd] (root,0,0,00:00:00/60-11:28:38,45) [oom_reaper] (root,0,0,00:00:00/60-11:28:38,46) [writeback] (root,0,0,00:03:04/60-11:28:38,47) [kcompactd0] (root,0,0,00:00:00/60-11:28:38,48) [ksmd] (root,0,0,00:03:20/60-11:28:38,49) [khugepaged] (root,0,0,00:00:00/60-11:28:38,75) [kintegrityd] (root,0,0,00:00:00/60-11:28:38,76) [kblockd] (root,0,0,00:00:00/60-11:28:38,77) [blkcg_punt_bio] (root,0,0,00:00:00/60-11:28:38,79) [tpm_dev_wq] (root,0,0,00:00:00/60-11:28:38,80) [edac-poller] (root,0,0,00:00:00/60-11:28:38,81) [devfreq_wq] (root,0,0,00:00:00/60-11:28:38,110) [watchdogd] (root,0,0,00:00:04/60-11:28:38,111) [kswapd0] (root,0,0,00:00:15/60-11:28:38,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/60-11:28:36,115) [kthrotld] (root,0,0,00:00:00/60-11:28:36,116) [mld] (root,0,0,00:00:00/60-11:28:36,117) [ipv6_addrconf] (root,0,0,00:00:16/60-11:28:36,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/60-11:28:36,123) [kstrp] (root,0,0,00:00:00/60-11:28:36,124) [zswap-shrink] (root,0,0,00:00:00/60-11:28:36,125) [kworker/u9:0] (root,0,0,00:00:00/60-11:28:36,130) [charger_manager] (root,0,0,00:00:18/60-11:28:36,172) [kworker/1:1H-kblockd] (root,0,0,00:00:26/60-11:28:36,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/60-11:28:35,239) [kaluad] (root,0,0,00:00:00/60-11:28:35,258) [kmpath_rdacd] (root,0,0,00:00:00/60-11:28:35,304) [kmpathd] (root,0,0,00:00:00/60-11:28:35,305) [kmpath_handlerd] (root,0,0,00:00:00/60-11:28:34,342) [ata_sff] (root,0,0,00:00:00/60-11:28:34,343) [scsi_eh_0] (root,0,0,00:00:00/60-11:28:34,344) [scsi_tmf_0] (root,0,0,00:00:00/60-11:28:34,345) [scsi_eh_1] (root,0,0,00:00:00/60-11:28:34,346) [scsi_tmf_1] (root,0,0,00:01:56/60-11:28:31,366) [jbd2/vda1-8] (root,0,0,00:00:00/60-11:28:31,367) [ext4-rsv-conver] (root,38604,7852,00:01:43/60-11:28:19,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/60-11:28:18,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:33/60-11:28:16,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:37/60-11:27:45,511) /sbin/auditd (messagebus,22932,5400,00:03:23/60-11:27:44,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:54/60-11:27:44,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/60-11:27:44,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/60-11:27:42,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/60-11:27:42,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,6656,3488,00:00:00/00:00,868) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,886) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,887) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,549384,31636,00:01:11/60-11:27:28,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/60-11:27:28,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:52/60-11:27:28,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/60-11:27:28,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/60-11:27:28,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/60-11:27:28,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/60-11:27:28,1343) /usr/lib/systemd/systemd --user (root,449060,8208,00:01:51/60-11:27:28,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:36/60-11:27:28,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/60-11:27:28,1352) bpfilter_umh (root,26204,8096,00:00:31/60-11:27:28,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/60-11:27:28,1359) ntpd: asynchronous dns resolver (spot,362208,213460,3-08:20:33/60-11:27:27,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/60-11:27:27,1371) (sd-pam) (checkmk,48528,3180,00:00:00/60-11:27:27,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/60-11:27:27,1373) (sd-pam) (root,24216,5260,00:00:21/60-11:27:25,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/60-11:27:25,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/60-11:27:25,1485) /usr/sbin/cron -n (root,699208,78092,01:23:37/60-11:27:19,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,235968,82036,00:31:02/60-11:27:07,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/54-17:02:42,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/14:21,3474) [kworker/2:2-events] (root,0,0,00:00:00/01:53:15,4301) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/21:29,5269) [kworker/1:2-events] (root,0,0,00:00:00/47:28,9858) [kworker/1:0-events] (root,35304,10040,00:00:00/22-11:55:37,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:24/22-11:55:36,10514) sshd: syslogtunnel (root,0,0,00:00:00/06:12,11321) [kworker/3:2-ata_sff] (root,0,0,00:00:00/04:49,16122) [kworker/0:0-cgroup_destroy] (postfix,24244,8276,00:00:00/39:15,18926) pickup -l -t fifo -u (root,0,0,00:00:00/03:43:16,23571) [kworker/u8:2-writeback] (root,0,0,00:00:00/02:27,25987) [kworker/1:1-events] (root,0,0,00:00:00/03:08:17,27555) [kworker/0:1-events] (root,0,0,00:00:00/37:21,28209) [kworker/3:1-events] (root,0,0,00:00:00/16:42,29474) [kworker/0:2-events] (root,35308,10028,00:00:00/22-12:41:50,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:15/22-12:41:49,30947) sshd: cm-ssh (root,0,0,00:00:00/01:02,31494) [kworker/3:0-ata_sff] (root,0,0,00:00:00/42:43,32443) [kworker/2:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-09 22:17 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836373600d82Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,14416,00:02:49/58-13:36:41,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/58-13:36:41,2) [kthreadd] (root,0,0,00:00:00/58-13:36:41,3) [rcu_gp] (root,0,0,00:00:00/58-13:36:41,4) [rcu_par_gp] (root,0,0,00:00:00/58-13:36:41,5) [slub_flushwq] (root,0,0,00:00:00/58-13:36:41,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/58-13:36:41,9) [mm_percpu_wq] (root,0,0,00:00:00/58-13:36:41,10) [rcu_tasks_kthre] (root,0,0,00:00:00/58-13:36:41,11) [rcu_tasks_rude_] (root,0,0,00:00:00/58-13:36:41,12) [rcu_tasks_trace] (root,0,0,00:01:44/58-13:36:41,13) [ksoftirqd/0] (root,0,0,02:43:51/58-13:36:41,14) [rcu_preempt] (root,0,0,00:00:22/58-13:36:41,15) [migration/0] (root,0,0,00:00:00/58-13:36:41,16) [idle_inject/0] (root,0,0,00:00:00/58-13:36:41,18) [cpuhp/0] (root,0,0,00:00:00/58-13:36:41,19) [cpuhp/1] (root,0,0,00:00:00/58-13:36:41,20) [idle_inject/1] (root,0,0,00:00:22/58-13:36:41,21) [migration/1] (root,0,0,00:01:26/58-13:36:41,22) [ksoftirqd/1] (root,0,0,00:00:00/58-13:36:41,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/58-13:36:41,25) [cpuhp/2] (root,0,0,00:00:00/58-13:36:41,26) [idle_inject/2] (root,0,0,00:00:16/58-13:36:41,27) [migration/2] (root,0,0,01:44:42/58-13:36:41,28) [ksoftirqd/2] (root,0,0,00:00:00/58-13:36:41,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/58-13:36:41,31) [cpuhp/3] (root,0,0,00:00:00/58-13:36:41,32) [idle_inject/3] (root,0,0,00:00:20/58-13:36:41,33) [migration/3] (root,0,0,00:05:20/58-13:36:41,34) [ksoftirqd/3] (root,0,0,00:00:00/58-13:36:41,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/58-13:36:41,40) [kdevtmpfs] (root,0,0,00:00:00/58-13:36:41,41) [netns] (root,0,0,00:00:00/58-13:36:41,42) [inet_frag_wq] (root,0,0,00:00:20/58-13:36:41,43) [kauditd] (root,0,0,00:00:00/58-13:36:41,44) [khungtaskd] (root,0,0,00:00:00/58-13:36:41,45) [oom_reaper] (root,0,0,00:00:00/58-13:36:41,46) [writeback] (root,0,0,00:02:59/58-13:36:41,47) [kcompactd0] (root,0,0,00:00:00/58-13:36:41,48) [ksmd] (root,0,0,00:03:14/58-13:36:41,49) [khugepaged] (root,0,0,00:00:00/58-13:36:41,75) [kintegrityd] (root,0,0,00:00:00/58-13:36:41,76) [kblockd] (root,0,0,00:00:00/58-13:36:41,77) [blkcg_punt_bio] (root,0,0,00:00:00/58-13:36:41,79) [tpm_dev_wq] (root,0,0,00:00:00/58-13:36:41,80) [edac-poller] (root,0,0,00:00:00/58-13:36:41,81) [devfreq_wq] (root,0,0,00:00:00/58-13:36:41,110) [watchdogd] (root,0,0,00:00:04/58-13:36:41,111) [kswapd0] (root,0,0,00:00:15/58-13:36:41,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/58-13:36:39,115) [kthrotld] (root,0,0,00:00:00/58-13:36:39,116) [mld] (root,0,0,00:00:00/58-13:36:39,117) [ipv6_addrconf] (root,0,0,00:00:16/58-13:36:39,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/58-13:36:39,123) [kstrp] (root,0,0,00:00:00/58-13:36:39,124) [zswap-shrink] (root,0,0,00:00:00/58-13:36:39,125) [kworker/u9:0] (root,0,0,00:00:00/58-13:36:39,130) [charger_manager] (root,0,0,00:00:17/58-13:36:39,172) [kworker/1:1H-kblockd] (root,0,0,00:00:25/58-13:36:39,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/58-13:36:38,239) [kaluad] (root,0,0,00:00:00/58-13:36:38,258) [kmpath_rdacd] (root,0,0,00:00:00/58-13:36:38,304) [kmpathd] (root,0,0,00:00:00/58-13:36:38,305) [kmpath_handlerd] (root,0,0,00:00:00/58-13:36:37,342) [ata_sff] (root,0,0,00:00:00/58-13:36:37,343) [scsi_eh_0] (root,0,0,00:00:00/58-13:36:37,344) [scsi_tmf_0] (root,0,0,00:00:00/58-13:36:37,345) [scsi_eh_1] (root,0,0,00:00:00/58-13:36:37,346) [scsi_tmf_1] (root,0,0,00:01:52/58-13:36:34,366) [jbd2/vda1-8] (root,0,0,00:00:00/58-13:36:34,367) [ext4-rsv-conver] (root,38604,7852,00:01:38/58-13:36:22,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/58-13:36:21,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:30/58-13:36:19,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:35/58-13:35:48,511) /sbin/auditd (messagebus,22932,5400,00:03:12/58-13:35:47,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:49/58-13:35:47,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/58-13:35:47,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/58-13:35:45,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/58-13:35:45,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:18:02,788) [kworker/3:0-events] (root,549128,31272,00:01:09/58-13:35:31,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/58-13:35:31,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:43/58-13:35:31,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/58-13:35:31,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/58-13:35:31,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/58-13:35:31,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/58-13:35:31,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:47/58-13:35:31,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:20/58-13:35:31,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/58-13:35:31,1352) bpfilter_umh (root,26204,8096,00:00:30/58-13:35:31,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/58-13:35:31,1359) ntpd: asynchronous dns resolver (spot,363312,214476,3-05:23:05/58-13:35:30,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/58-13:35:30,1371) (sd-pam) (checkmk,48528,3180,00:00:00/58-13:35:30,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/58-13:35:30,1373) (sd-pam) (root,24216,5260,00:00:20/58-13:35:28,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/58-13:35:28,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/58-13:35:28,1485) /usr/sbin/cron -n (root,698952,79684,01:21:01/58-13:35:22,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,234944,80364,00:30:17/58-13:35:10,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/52-19:10:45,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:24:16,6651) [kworker/u8:2-ext4-rsv-conversion] (root,35304,10040,00:00:00/20-14:03:40,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:17/20-14:03:39,10514) sshd: syslogtunnel (root,0,0,00:00:00/03:03,10521) [kworker/u8:0-writeback] (root,0,0,00:00:00/09:53,15884) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/01:12:29,19316) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/33:18,19469) [kworker/1:0] (root,0,0,00:00:00/54:06,19788) [kworker/1:1-events] (postfix,24244,8272,00:00:00/01:29:04,20776) pickup -l -t fifo -u (root,0,0,00:00:00/00:13,20907) [kworker/3:2-ata_sff] (root,0,0,00:00:00/08:02,21124) [kworker/2:1-events] (root,6656,3492,00:00:00/00:00,21899) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,21945) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,21966) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,21967) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/17:18,23059) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/02:38:39,26097) [kworker/0:2-events] (root,35308,10028,00:00:00/20-14:49:53,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:09/20-14:49:52,30947) sshd: cm-ssh (root,0,0,00:00:00/05:25,30952) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-08 00:25 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836373522c38Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:39/56-12:22:44,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/56-12:22:44,2) [kthreadd] (root,0,0,00:00:00/56-12:22:44,3) [rcu_gp] (root,0,0,00:00:00/56-12:22:44,4) [rcu_par_gp] (root,0,0,00:00:00/56-12:22:44,5) [slub_flushwq] (root,0,0,00:00:00/56-12:22:44,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/56-12:22:44,9) [mm_percpu_wq] (root,0,0,00:00:00/56-12:22:44,10) [rcu_tasks_kthre] (root,0,0,00:00:00/56-12:22:44,11) [rcu_tasks_rude_] (root,0,0,00:00:00/56-12:22:44,12) [rcu_tasks_trace] (root,0,0,00:01:40/56-12:22:44,13) [ksoftirqd/0] (root,0,0,02:38:23/56-12:22:44,14) [rcu_preempt] (root,0,0,00:00:21/56-12:22:44,15) [migration/0] (root,0,0,00:00:00/56-12:22:44,16) [idle_inject/0] (root,0,0,00:00:00/56-12:22:44,18) [cpuhp/0] (root,0,0,00:00:00/56-12:22:44,19) [cpuhp/1] (root,0,0,00:00:00/56-12:22:44,20) [idle_inject/1] (root,0,0,00:00:21/56-12:22:44,21) [migration/1] (root,0,0,00:01:23/56-12:22:44,22) [ksoftirqd/1] (root,0,0,00:00:00/56-12:22:44,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/56-12:22:44,25) [cpuhp/2] (root,0,0,00:00:00/56-12:22:44,26) [idle_inject/2] (root,0,0,00:00:16/56-12:22:44,27) [migration/2] (root,0,0,01:40:11/56-12:22:44,28) [ksoftirqd/2] (root,0,0,00:00:00/56-12:22:44,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/56-12:22:44,31) [cpuhp/3] (root,0,0,00:00:00/56-12:22:44,32) [idle_inject/3] (root,0,0,00:00:20/56-12:22:44,33) [migration/3] (root,0,0,00:05:09/56-12:22:44,34) [ksoftirqd/3] (root,0,0,00:00:00/56-12:22:44,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/56-12:22:44,40) [kdevtmpfs] (root,0,0,00:00:00/56-12:22:44,41) [netns] (root,0,0,00:00:00/56-12:22:44,42) [inet_frag_wq] (root,0,0,00:00:19/56-12:22:44,43) [kauditd] (root,0,0,00:00:00/56-12:22:44,44) [khungtaskd] (root,0,0,00:00:00/56-12:22:44,45) [oom_reaper] (root,0,0,00:00:00/56-12:22:44,46) [writeback] (root,0,0,00:02:53/56-12:22:44,47) [kcompactd0] (root,0,0,00:00:00/56-12:22:44,48) [ksmd] (root,0,0,00:03:07/56-12:22:44,49) [khugepaged] (root,0,0,00:00:00/56-12:22:44,75) [kintegrityd] (root,0,0,00:00:00/56-12:22:44,76) [kblockd] (root,0,0,00:00:00/56-12:22:44,77) [blkcg_punt_bio] (root,0,0,00:00:00/56-12:22:44,79) [tpm_dev_wq] (root,0,0,00:00:00/56-12:22:44,80) [edac-poller] (root,0,0,00:00:00/56-12:22:44,81) [devfreq_wq] (root,0,0,00:00:00/56-12:22:44,110) [watchdogd] (root,0,0,00:00:04/56-12:22:44,111) [kswapd0] (root,0,0,00:00:14/56-12:22:44,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/56-12:22:42,115) [kthrotld] (root,0,0,00:00:00/56-12:22:42,116) [mld] (root,0,0,00:00:00/56-12:22:42,117) [ipv6_addrconf] (root,0,0,00:00:15/56-12:22:42,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/56-12:22:42,123) [kstrp] (root,0,0,00:00:00/56-12:22:42,124) [zswap-shrink] (root,0,0,00:00:00/56-12:22:42,125) [kworker/u9:0] (root,0,0,00:00:00/56-12:22:42,130) [charger_manager] (root,0,0,00:00:17/56-12:22:42,172) [kworker/1:1H-kblockd] (root,0,0,00:00:25/56-12:22:42,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/56-12:22:41,239) [kaluad] (root,0,0,00:00:00/56-12:22:41,258) [kmpath_rdacd] (root,0,0,00:00:00/56-12:22:41,304) [kmpathd] (root,0,0,00:00:00/56-12:22:41,305) [kmpath_handlerd] (root,0,0,00:00:00/56-12:22:40,342) [ata_sff] (root,0,0,00:00:00/56-12:22:40,343) [scsi_eh_0] (root,0,0,00:00:00/56-12:22:40,344) [scsi_tmf_0] (root,0,0,00:00:00/56-12:22:40,345) [scsi_eh_1] (root,0,0,00:00:00/56-12:22:40,346) [scsi_tmf_1] (root,0,0,00:01:49/56-12:22:37,366) [jbd2/vda1-8] (root,0,0,00:00:00/56-12:22:37,367) [ext4-rsv-conver] (root,38604,7852,00:01:33/56-12:22:25,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/56-12:22:24,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:27/56-12:22:22,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:32/56-12:21:51,511) /sbin/auditd (messagebus,22932,5400,00:03:00/56-12:21:50,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:42/56-12:21:50,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/56-12:21:50,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/56-12:21:48,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/56-12:21:48,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/07:08,712) [kworker/3:0-events] (root,549128,31272,00:01:07/56-12:21:34,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/56-12:21:34,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:34/56-12:21:34,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/56-12:21:34,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/56-12:21:34,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/56-12:21:34,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/56-12:21:34,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:42/56-12:21:34,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:04/56-12:21:34,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/56-12:21:34,1352) bpfilter_umh (root,26204,8096,00:00:28/56-12:21:34,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/56-12:21:34,1359) ntpd: asynchronous dns resolver (spot,364992,215692,3-02:23:00/56-12:21:33,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/56-12:21:33,1371) (sd-pam) (checkmk,48528,3180,00:00:00/56-12:21:33,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/56-12:21:33,1373) (sd-pam) (root,24216,5260,00:00:19/56-12:21:31,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/56-12:21:31,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:07/56-12:21:31,1485) /usr/sbin/cron -n (root,698412,77180,01:18:10/56-12:21:25,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,233920,79172,00:29:28/56-12:21:13,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/50-17:56:48,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/59:51,3306) [kworker/1:0-events] (root,0,0,00:00:00/13:06,8106) [kworker/2:2-events] (root,0,0,00:00:00/01:26:35,9074) [kworker/0:2-cgroup_destroy] (root,35304,10040,00:00:00/18-12:49:43,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:09/18-12:49:42,10514) sshd: syslogtunnel (root,0,0,00:00:00/10:51,18531) [kworker/u8:0-writeback] (root,0,0,00:00:00/10:41,19417) [kworker/1:1] (root,0,0,00:00:00/01:57,21546) [kworker/3:1-ata_sff] (root,0,0,00:00:02/03:39:51,26766) [kworker/3:2-ata_sff] (root,0,0,00:00:00/08:20,26920) [kworker/0:1-events] (root,0,0,00:00:00/01:12:07,28961) [kworker/2:0-events] (root,6656,3488,00:00:00/00:00,29006) /bin/bash /usr/bin/check_mk_agent (root,13744,3360,00:00:00/00:00,29024) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,29025) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8200,00:00:00/36:58,30136) pickup -l -t fifo -u (root,0,0,00:00:00/03:09:44,30582) [kworker/u8:1-writeback] (root,35308,10028,00:00:00/18-13:35:56,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:02/18-13:35:55,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-05 23:11 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836375170fc8Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:29/52-12:17:35,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/52-12:17:35,2) [kthreadd] (root,0,0,00:00:00/52-12:17:35,3) [rcu_gp] (root,0,0,00:00:00/52-12:17:35,4) [rcu_par_gp] (root,0,0,00:00:00/52-12:17:35,5) [slub_flushwq] (root,0,0,00:00:00/52-12:17:35,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/52-12:17:35,9) [mm_percpu_wq] (root,0,0,00:00:00/52-12:17:35,10) [rcu_tasks_kthre] (root,0,0,00:00:00/52-12:17:35,11) [rcu_tasks_rude_] (root,0,0,00:00:00/52-12:17:35,12) [rcu_tasks_trace] (root,0,0,00:01:33/52-12:17:35,13) [ksoftirqd/0] (root,0,0,02:28:10/52-12:17:35,14) [rcu_preempt] (root,0,0,00:00:20/52-12:17:35,15) [migration/0] (root,0,0,00:00:00/52-12:17:35,16) [idle_inject/0] (root,0,0,00:00:00/52-12:17:35,18) [cpuhp/0] (root,0,0,00:00:00/52-12:17:35,19) [cpuhp/1] (root,0,0,00:00:00/52-12:17:35,20) [idle_inject/1] (root,0,0,00:00:20/52-12:17:35,21) [migration/1] (root,0,0,00:01:17/52-12:17:35,22) [ksoftirqd/1] (root,0,0,00:00:00/52-12:17:35,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/52-12:17:35,25) [cpuhp/2] (root,0,0,00:00:00/52-12:17:35,26) [idle_inject/2] (root,0,0,00:00:15/52-12:17:35,27) [migration/2] (root,0,0,01:33:30/52-12:17:35,28) [ksoftirqd/2] (root,0,0,00:00:00/52-12:17:35,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/52-12:17:35,31) [cpuhp/3] (root,0,0,00:00:00/52-12:17:35,32) [idle_inject/3] (root,0,0,00:00:18/52-12:17:35,33) [migration/3] (root,0,0,00:04:49/52-12:17:35,34) [ksoftirqd/3] (root,0,0,00:00:00/52-12:17:35,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/52-12:17:35,40) [kdevtmpfs] (root,0,0,00:00:00/52-12:17:35,41) [netns] (root,0,0,00:00:00/52-12:17:35,42) [inet_frag_wq] (root,0,0,00:00:17/52-12:17:35,43) [kauditd] (root,0,0,00:00:00/52-12:17:35,44) [khungtaskd] (root,0,0,00:00:00/52-12:17:35,45) [oom_reaper] (root,0,0,00:00:00/52-12:17:35,46) [writeback] (root,0,0,00:02:42/52-12:17:35,47) [kcompactd0] (root,0,0,00:00:00/52-12:17:35,48) [ksmd] (root,0,0,00:02:54/52-12:17:35,49) [khugepaged] (root,0,0,00:00:00/52-12:17:35,75) [kintegrityd] (root,0,0,00:00:00/52-12:17:35,76) [kblockd] (root,0,0,00:00:00/52-12:17:35,77) [blkcg_punt_bio] (root,0,0,00:00:00/52-12:17:35,79) [tpm_dev_wq] (root,0,0,00:00:00/52-12:17:35,80) [edac-poller] (root,0,0,00:00:00/52-12:17:35,81) [devfreq_wq] (root,0,0,00:00:00/52-12:17:35,110) [watchdogd] (root,0,0,00:00:04/52-12:17:35,111) [kswapd0] (root,0,0,00:00:13/52-12:17:35,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/52-12:17:33,115) [kthrotld] (root,0,0,00:00:00/52-12:17:33,116) [mld] (root,0,0,00:00:00/52-12:17:33,117) [ipv6_addrconf] (root,0,0,00:00:14/52-12:17:33,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/52-12:17:33,123) [kstrp] (root,0,0,00:00:00/52-12:17:33,124) [zswap-shrink] (root,0,0,00:00:00/52-12:17:33,125) [kworker/u9:0] (root,0,0,00:00:00/52-12:17:33,130) [charger_manager] (root,0,0,00:00:16/52-12:17:33,172) [kworker/1:1H-kblockd] (root,0,0,00:00:23/52-12:17:33,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/52-12:17:32,239) [kaluad] (root,0,0,00:00:00/52-12:17:32,258) [kmpath_rdacd] (root,0,0,00:00:00/52-12:17:32,304) [kmpathd] (root,0,0,00:00:00/52-12:17:32,305) [kmpath_handlerd] (root,0,0,00:00:00/52-12:17:31,342) [ata_sff] (root,0,0,00:00:00/52-12:17:31,343) [scsi_eh_0] (root,0,0,00:00:00/52-12:17:31,344) [scsi_tmf_0] (root,0,0,00:00:00/52-12:17:31,345) [scsi_eh_1] (root,0,0,00:00:00/52-12:17:31,346) [scsi_tmf_1] (root,0,0,00:01:43/52-12:17:28,366) [jbd2/vda1-8] (root,0,0,00:00:00/52-12:17:28,367) [ext4-rsv-conver] (root,38604,7852,00:01:27/52-12:17:16,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/52-12:17:15,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:21/52-12:17:13,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:30/52-12:16:42,511) /sbin/auditd (messagebus,22932,5400,00:02:48/52-12:16:41,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:35/52-12:16:41,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/52-12:16:41,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/52-12:16:39,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/52-12:16:39,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549128,31272,00:01:02/52-12:16:25,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/52-12:16:25,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:10/52-12:16:25,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/52-12:16:25,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/52-12:16:25,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/52-12:16:25,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/52-12:16:25,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:36/52-12:16:25,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:07:32/52-12:16:25,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/52-12:16:25,1352) bpfilter_umh (root,26204,8096,00:00:26/52-12:16:25,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/52-12:16:25,1359) ntpd: asynchronous dns resolver (spot,365616,215408,2-21:11:11/52-12:16:24,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/52-12:16:24,1371) (sd-pam) (checkmk,48528,3180,00:00:00/52-12:16:24,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/52-12:16:24,1373) (sd-pam) (root,24216,5260,00:00:18/52-12:16:22,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/52-12:16:22,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:07/52-12:16:22,1485) /usr/sbin/cron -n (root,698156,76544,01:12:47/52-12:16:16,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,231872,76560,00:27:58/52-12:16:04,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9160,00:00:01/46-17:51:39,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/04:09:17,4784) [kworker/u8:1-writeback] (root,6656,3492,00:00:00/00:00,8976) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,8994) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,8995) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35304,10040,00:00:00/14-12:44:34,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:55/14-12:44:33,10514) sshd: syslogtunnel (root,0,0,00:00:00/06:09:00,11002) [kworker/0:0-events] (root,0,0,00:00:00/51:29,12995) [kworker/0:1-events] (root,0,0,00:00:00/01:45:04,13514) [kworker/1:2-events] (root,0,0,00:00:00/46:18,13634) [kworker/1:1-events] (root,0,0,00:00:00/35:45,14197) [kworker/2:1-events] (root,0,0,00:00:00/25:32,18676) [kworker/3:0-mm_percpu_wq] (root,0,0,00:00:00/09:58,19812) [kworker/3:2-ata_sff] (root,0,0,00:00:00/09:36,21232) [kworker/2:0-cgroup_destroy] (postfix,24244,8232,00:00:00/01:14:46,30156) pickup -l -t fifo -u (root,0,0,00:00:00/05:11,30567) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10028,00:00:00/14-13:30:47,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:50/14-13:30:46,30947) sshd: cm-ssh (root,0,0,00:00:00/04:48,32593) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-01 23:06 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683634a160cb5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12388,00:02:27/51-11:16:26,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/51-11:16:26,2) [kthreadd] (root,0,0,00:00:00/51-11:16:26,3) [rcu_gp] (root,0,0,00:00:00/51-11:16:26,4) [rcu_par_gp] (root,0,0,00:00:00/51-11:16:26,5) [slub_flushwq] (root,0,0,00:00:00/51-11:16:26,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/51-11:16:26,9) [mm_percpu_wq] (root,0,0,00:00:00/51-11:16:26,10) [rcu_tasks_kthre] (root,0,0,00:00:00/51-11:16:26,11) [rcu_tasks_rude_] (root,0,0,00:00:00/51-11:16:26,12) [rcu_tasks_trace] (root,0,0,00:01:32/51-11:16:26,13) [ksoftirqd/0] (root,0,0,02:25:36/51-11:16:26,14) [rcu_preempt] (root,0,0,00:00:19/51-11:16:26,15) [migration/0] (root,0,0,00:00:00/51-11:16:26,16) [idle_inject/0] (root,0,0,00:00:00/51-11:16:26,18) [cpuhp/0] (root,0,0,00:00:00/51-11:16:26,19) [cpuhp/1] (root,0,0,00:00:00/51-11:16:26,20) [idle_inject/1] (root,0,0,00:00:19/51-11:16:26,21) [migration/1] (root,0,0,00:01:16/51-11:16:26,22) [ksoftirqd/1] (root,0,0,00:00:00/51-11:16:26,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/51-11:16:26,25) [cpuhp/2] (root,0,0,00:00:00/51-11:16:26,26) [idle_inject/2] (root,0,0,00:00:14/51-11:16:26,27) [migration/2] (root,0,0,01:32:18/51-11:16:26,28) [ksoftirqd/2] (root,0,0,00:00:00/51-11:16:26,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/51-11:16:26,31) [cpuhp/3] (root,0,0,00:00:00/51-11:16:26,32) [idle_inject/3] (root,0,0,00:00:18/51-11:16:26,33) [migration/3] (root,0,0,00:04:46/51-11:16:26,34) [ksoftirqd/3] (root,0,0,00:00:00/51-11:16:26,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/51-11:16:26,40) [kdevtmpfs] (root,0,0,00:00:00/51-11:16:26,41) [netns] (root,0,0,00:00:00/51-11:16:26,42) [inet_frag_wq] (root,0,0,00:00:17/51-11:16:26,43) [kauditd] (root,0,0,00:00:00/51-11:16:26,44) [khungtaskd] (root,0,0,00:00:00/51-11:16:26,45) [oom_reaper] (root,0,0,00:00:00/51-11:16:26,46) [writeback] (root,0,0,00:02:39/51-11:16:26,47) [kcompactd0] (root,0,0,00:00:00/51-11:16:26,48) [ksmd] (root,0,0,00:02:50/51-11:16:26,49) [khugepaged] (root,0,0,00:00:00/51-11:16:26,75) [kintegrityd] (root,0,0,00:00:00/51-11:16:26,76) [kblockd] (root,0,0,00:00:00/51-11:16:26,77) [blkcg_punt_bio] (root,0,0,00:00:00/51-11:16:26,79) [tpm_dev_wq] (root,0,0,00:00:00/51-11:16:26,80) [edac-poller] (root,0,0,00:00:00/51-11:16:26,81) [devfreq_wq] (root,0,0,00:00:00/51-11:16:26,110) [watchdogd] (root,0,0,00:00:04/51-11:16:26,111) [kswapd0] (root,0,0,00:00:13/51-11:16:26,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/51-11:16:24,115) [kthrotld] (root,0,0,00:00:00/51-11:16:24,116) [mld] (root,0,0,00:00:00/51-11:16:24,117) [ipv6_addrconf] (root,0,0,00:00:14/51-11:16:24,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/51-11:16:24,123) [kstrp] (root,0,0,00:00:00/51-11:16:24,124) [zswap-shrink] (root,0,0,00:00:00/51-11:16:24,125) [kworker/u9:0] (root,0,0,00:00:00/51-11:16:24,130) [charger_manager] (root,0,0,00:00:15/51-11:16:24,172) [kworker/1:1H-kblockd] (root,0,0,00:00:23/51-11:16:24,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/51-11:16:23,239) [kaluad] (root,0,0,00:00:00/51-11:16:23,258) [kmpath_rdacd] (root,0,0,00:00:00/51-11:16:23,304) [kmpathd] (root,0,0,00:00:00/51-11:16:23,305) [kmpath_handlerd] (root,0,0,00:00:00/51-11:16:22,342) [ata_sff] (root,0,0,00:00:00/51-11:16:22,343) [scsi_eh_0] (root,0,0,00:00:00/51-11:16:22,344) [scsi_tmf_0] (root,0,0,00:00:00/51-11:16:22,345) [scsi_eh_1] (root,0,0,00:00:00/51-11:16:22,346) [scsi_tmf_1] (root,0,0,00:01:41/51-11:16:19,366) [jbd2/vda1-8] (root,0,0,00:00:00/51-11:16:19,367) [ext4-rsv-conver] (root,38604,7852,00:01:26/51-11:16:07,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:05/51-11:16:06,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:20/51-11:16:04,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:30/51-11:15:33,511) /sbin/auditd (messagebus,22932,5400,00:02:46/51-11:15:32,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:34/51-11:15:32,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/51-11:15:32,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/51-11:15:30,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/51-11:15:30,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/02:58:44,1210) [kworker/1:0-events] (root,548872,30872,00:01:01/51-11:15:16,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/51-11:15:16,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:06/51-11:15:16,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/51-11:15:16,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/51-11:15:16,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/51-11:15:16,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/51-11:15:16,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:35/51-11:15:16,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:07:24/51-11:15:16,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/51-11:15:16,1352) bpfilter_umh (root,26204,8096,00:00:25/51-11:15:16,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/51-11:15:16,1359) ntpd: asynchronous dns resolver (spot,364112,215004,2-20:09:50/51-11:15:15,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/51-11:15:15,1371) (sd-pam) (checkmk,48528,3180,00:00:00/51-11:15:15,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/51-11:15:15,1373) (sd-pam) (root,24216,5260,00:00:18/51-11:15:13,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/51-11:15:13,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:07/51-11:15:13,1485) /usr/sbin/cron -n (root,698156,78388,01:11:24/51-11:15:07,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/37:08,1684) [kworker/1:2-events] (spot,231872,76284,00:27:28/51-11:14:55,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9160,00:00:01/45-16:50:30,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:54:36,3105) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:18:25,7623) [kworker/u8:1-writeback] (root,35304,10040,00:00:00/13-11:43:25,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:51/13-11:43:24,10514) sshd: syslogtunnel (root,0,0,00:00:00/08:14,11307) [kworker/3:2-ata_sff] (root,0,0,00:00:00/26:40,18376) [kworker/0:0-events] (root,0,0,00:00:00/03:51:02,19485) [kworker/2:2-events] (postfix,24244,8204,00:00:00/01:14:38,20710) pickup -l -t fifo -u (root,0,0,00:00:00/21:32,20717) [kworker/2:0-events] (root,0,0,00:00:00/03:02,22858) [kworker/3:0-ata_sff] (root,0,0,00:00:00/03:19:45,26480) [kworker/0:1-events] (root,6656,3480,00:00:00/00:00,29198) /bin/bash /usr/bin/check_mk_agent (root,13744,3492,00:00:00/00:00,29216) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,29217) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10028,00:00:00/13-12:29:38,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:47/13-12:29:37,30947) sshd: cm-ssh (root,0,0,00:00:00/13:25,32309) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-31 22:05 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f0591bafFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12388,00:02:23/49-11:27:37,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/49-11:27:37,2) [kthreadd] (root,0,0,00:00:00/49-11:27:37,3) [rcu_gp] (root,0,0,00:00:00/49-11:27:37,4) [rcu_par_gp] (root,0,0,00:00:00/49-11:27:37,5) [slub_flushwq] (root,0,0,00:00:00/49-11:27:37,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/49-11:27:37,9) [mm_percpu_wq] (root,0,0,00:00:00/49-11:27:37,10) [rcu_tasks_kthre] (root,0,0,00:00:00/49-11:27:37,11) [rcu_tasks_rude_] (root,0,0,00:00:00/49-11:27:37,12) [rcu_tasks_trace] (root,0,0,00:01:29/49-11:27:37,13) [ksoftirqd/0] (root,0,0,02:20:50/49-11:27:37,14) [rcu_preempt] (root,0,0,00:00:19/49-11:27:37,15) [migration/0] (root,0,0,00:00:00/49-11:27:37,16) [idle_inject/0] (root,0,0,00:00:00/49-11:27:37,18) [cpuhp/0] (root,0,0,00:00:00/49-11:27:37,19) [cpuhp/1] (root,0,0,00:00:00/49-11:27:37,20) [idle_inject/1] (root,0,0,00:00:19/49-11:27:37,21) [migration/1] (root,0,0,00:01:13/49-11:27:37,22) [ksoftirqd/1] (root,0,0,00:00:00/49-11:27:37,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/49-11:27:37,25) [cpuhp/2] (root,0,0,00:00:00/49-11:27:37,26) [idle_inject/2] (root,0,0,00:00:14/49-11:27:37,27) [migration/2] (root,0,0,01:30:02/49-11:27:37,28) [ksoftirqd/2] (root,0,0,00:00:00/49-11:27:37,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/49-11:27:37,31) [cpuhp/3] (root,0,0,00:00:00/49-11:27:37,32) [idle_inject/3] (root,0,0,00:00:17/49-11:27:37,33) [migration/3] (root,0,0,00:04:39/49-11:27:37,34) [ksoftirqd/3] (root,0,0,00:00:00/49-11:27:37,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/49-11:27:37,40) [kdevtmpfs] (root,0,0,00:00:00/49-11:27:37,41) [netns] (root,0,0,00:00:00/49-11:27:37,42) [inet_frag_wq] (root,0,0,00:00:17/49-11:27:37,43) [kauditd] (root,0,0,00:00:00/49-11:27:37,44) [khungtaskd] (root,0,0,00:00:00/49-11:27:37,45) [oom_reaper] (root,0,0,00:00:00/49-11:27:37,46) [writeback] (root,0,0,00:02:34/49-11:27:37,47) [kcompactd0] (root,0,0,00:00:00/49-11:27:37,48) [ksmd] (root,0,0,00:02:44/49-11:27:37,49) [khugepaged] (root,0,0,00:00:00/49-11:27:37,75) [kintegrityd] (root,0,0,00:00:00/49-11:27:37,76) [kblockd] (root,0,0,00:00:00/49-11:27:37,77) [blkcg_punt_bio] (root,0,0,00:00:00/49-11:27:37,79) [tpm_dev_wq] (root,0,0,00:00:00/49-11:27:37,80) [edac-poller] (root,0,0,00:00:00/49-11:27:37,81) [devfreq_wq] (root,0,0,00:00:00/49-11:27:37,110) [watchdogd] (root,0,0,00:00:04/49-11:27:37,111) [kswapd0] (root,0,0,00:00:13/49-11:27:37,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/49-11:27:35,115) [kthrotld] (root,0,0,00:00:00/49-11:27:35,116) [mld] (root,0,0,00:00:00/49-11:27:35,117) [ipv6_addrconf] (root,0,0,00:00:13/49-11:27:35,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/49-11:27:35,123) [kstrp] (root,0,0,00:00:00/49-11:27:35,124) [zswap-shrink] (root,0,0,00:00:00/49-11:27:35,125) [kworker/u9:0] (root,0,0,00:00:00/49-11:27:35,130) [charger_manager] (root,0,0,00:00:15/49-11:27:35,172) [kworker/1:1H-kblockd] (root,0,0,00:00:22/49-11:27:35,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/49-11:27:34,239) [kaluad] (root,0,0,00:00:00/49-11:27:34,258) [kmpath_rdacd] (root,0,0,00:00:00/49-11:27:34,304) [kmpathd] (root,0,0,00:00:00/49-11:27:34,305) [kmpath_handlerd] (root,0,0,00:00:00/49-11:27:33,342) [ata_sff] (root,0,0,00:00:00/49-11:27:33,343) [scsi_eh_0] (root,0,0,00:00:00/49-11:27:33,344) [scsi_tmf_0] (root,0,0,00:00:00/49-11:27:33,345) [scsi_eh_1] (root,0,0,00:00:00/49-11:27:33,346) [scsi_tmf_1] (root,0,0,00:01:38/49-11:27:30,366) [jbd2/vda1-8] (root,0,0,00:00:00/49-11:27:30,367) [ext4-rsv-conver] (root,38604,7852,00:01:23/49-11:27:18,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:05/49-11:27:17,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:17/49-11:27:15,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:29/49-11:26:44,511) /sbin/auditd (messagebus,22932,5400,00:02:41/49-11:26:43,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:31/49-11:26:43,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/49-11:26:43,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/49-11:26:41,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/49-11:26:41,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30612,00:00:58/49-11:26:27,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/49-11:26:27,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:55/49-11:26:27,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/49-11:26:27,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/49-11:26:27,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/49-11:26:27,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/49-11:26:27,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:33/49-11:26:27,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:07:08/49-11:26:27,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/49-11:26:27,1352) bpfilter_umh (root,26204,8096,00:00:25/49-11:26:27,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/49-11:26:27,1359) ntpd: asynchronous dns resolver (spot,361472,212076,2-18:35:31/49-11:26:26,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/49-11:26:26,1371) (sd-pam) (checkmk,48528,3180,00:00:00/49-11:26:26,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/49-11:26:26,1373) (sd-pam) (root,24216,5260,00:00:17/49-11:26:24,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/49-11:26:24,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/49-11:26:24,1485) /usr/sbin/cron -n (root,697764,78128,01:08:47/49-11:26:18,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,230848,74264,00:26:40/49-11:26:06,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9160,00:00:01/43-17:01:41,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/03:21,4393) [kworker/3:1-ata_sff] (root,0,0,00:00:00/02:16,5826) [kworker/2:2-events] (root,0,0,00:00:00/05:51:42,8056) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/00:46,8147) [kworker/u8:2] (root,0,0,00:00:00/01:44:04,9509) [kworker/1:1-events] (root,35304,10040,00:00:00/11-11:54:36,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:44/11-11:54:35,10514) sshd: syslogtunnel (root,6656,3488,00:00:00/00:00,11687) /bin/bash /usr/bin/check_mk_agent (root,13744,3364,00:00:00/00:00,11705) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,11706) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:34:09,17099) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/02:19:37,17386) [kworker/0:2-events] (root,0,0,00:00:00/04:15:39,21090) [kworker/1:0-events] (root,0,0,00:00:00/32:45,24304) [kworker/0:1-events] (root,0,0,00:00:00/08:31,25210) [kworker/3:0-ata_sff] (postfix,24244,8188,00:00:00/07:36,26113) pickup -l -t fifo -u (root,0,0,00:00:00/06:27:08,26520) [kworker/2:0-events] (root,0,0,00:00:00/24:05,30917) [kworker/3:2-events] (root,35308,10028,00:00:00/11-12:40:49,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:40/11-12:40:48,30947) sshd: cm-ssh (root,0,0,00:00:00/01:03:02,31504) [kworker/2:1-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-29 22:16 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836336c28eb9Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12464,00:02:18/47-13:28:04,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/47-13:28:04,2) [kthreadd] (root,0,0,00:00:00/47-13:28:04,3) [rcu_gp] (root,0,0,00:00:00/47-13:28:04,4) [rcu_par_gp] (root,0,0,00:00:00/47-13:28:04,5) [slub_flushwq] (root,0,0,00:00:00/47-13:28:04,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/47-13:28:04,9) [mm_percpu_wq] (root,0,0,00:00:00/47-13:28:04,10) [rcu_tasks_kthre] (root,0,0,00:00:00/47-13:28:04,11) [rcu_tasks_rude_] (root,0,0,00:00:00/47-13:28:04,12) [rcu_tasks_trace] (root,0,0,00:01:26/47-13:28:04,13) [ksoftirqd/0] (root,0,0,02:15:50/47-13:28:04,14) [rcu_preempt] (root,0,0,00:00:18/47-13:28:04,15) [migration/0] (root,0,0,00:00:00/47-13:28:04,16) [idle_inject/0] (root,0,0,00:00:00/47-13:28:04,18) [cpuhp/0] (root,0,0,00:00:00/47-13:28:04,19) [cpuhp/1] (root,0,0,00:00:00/47-13:28:04,20) [idle_inject/1] (root,0,0,00:00:18/47-13:28:04,21) [migration/1] (root,0,0,00:01:10/47-13:28:04,22) [ksoftirqd/1] (root,0,0,00:00:00/47-13:28:04,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/47-13:28:04,25) [cpuhp/2] (root,0,0,00:00:00/47-13:28:04,26) [idle_inject/2] (root,0,0,00:00:13/47-13:28:04,27) [migration/2] (root,0,0,01:27:40/47-13:28:04,28) [ksoftirqd/2] (root,0,0,00:00:00/47-13:28:04,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/47-13:28:04,31) [cpuhp/3] (root,0,0,00:00:00/47-13:28:04,32) [idle_inject/3] (root,0,0,00:00:17/47-13:28:04,33) [migration/3] (root,0,0,00:04:30/47-13:28:04,34) [ksoftirqd/3] (root,0,0,00:00:00/47-13:28:04,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/47-13:28:04,40) [kdevtmpfs] (root,0,0,00:00:00/47-13:28:04,41) [netns] (root,0,0,00:00:00/47-13:28:04,42) [inet_frag_wq] (root,0,0,00:00:16/47-13:28:04,43) [kauditd] (root,0,0,00:00:00/47-13:28:04,44) [khungtaskd] (root,0,0,00:00:00/47-13:28:04,45) [oom_reaper] (root,0,0,00:00:00/47-13:28:04,46) [writeback] (root,0,0,00:02:28/47-13:28:04,47) [kcompactd0] (root,0,0,00:00:00/47-13:28:04,48) [ksmd] (root,0,0,00:02:37/47-13:28:04,49) [khugepaged] (root,0,0,00:00:00/47-13:28:04,75) [kintegrityd] (root,0,0,00:00:00/47-13:28:04,76) [kblockd] (root,0,0,00:00:00/47-13:28:04,77) [blkcg_punt_bio] (root,0,0,00:00:00/47-13:28:04,79) [tpm_dev_wq] (root,0,0,00:00:00/47-13:28:04,80) [edac-poller] (root,0,0,00:00:00/47-13:28:04,81) [devfreq_wq] (root,0,0,00:00:00/47-13:28:04,110) [watchdogd] (root,0,0,00:00:03/47-13:28:04,111) [kswapd0] (root,0,0,00:00:12/47-13:28:04,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/47-13:28:02,115) [kthrotld] (root,0,0,00:00:00/47-13:28:02,116) [mld] (root,0,0,00:00:00/47-13:28:02,117) [ipv6_addrconf] (root,0,0,00:00:13/47-13:28:02,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/47-13:28:02,123) [kstrp] (root,0,0,00:00:00/47-13:28:02,124) [zswap-shrink] (root,0,0,00:00:00/47-13:28:02,125) [kworker/u9:0] (root,0,0,00:00:00/47-13:28:02,130) [charger_manager] (root,0,0,00:00:14/47-13:28:02,172) [kworker/1:1H-kblockd] (root,0,0,00:00:21/47-13:28:02,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/47-13:28:01,239) [kaluad] (root,0,0,00:00:00/47-13:28:01,258) [kmpath_rdacd] (root,0,0,00:00:00/47-13:28:01,304) [kmpathd] (root,0,0,00:00:00/47-13:28:01,305) [kmpath_handlerd] (root,0,0,00:00:00/47-13:28:00,342) [ata_sff] (root,0,0,00:00:00/47-13:28:00,343) [scsi_eh_0] (root,0,0,00:00:00/47-13:28:00,344) [scsi_tmf_0] (root,0,0,00:00:00/47-13:28:00,345) [scsi_eh_1] (root,0,0,00:00:00/47-13:28:00,346) [scsi_tmf_1] (root,0,0,00:01:34/47-13:27:57,366) [jbd2/vda1-8] (root,0,0,00:00:00/47-13:27:57,367) [ext4-rsv-conver] (root,38604,7856,00:01:20/47-13:27:45,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/47-13:27:44,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:14/47-13:27:42,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:28/47-13:27:11,511) /sbin/auditd (messagebus,22932,5408,00:02:36/47-13:27:10,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:28/47-13:27:10,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/47-13:27:10,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/47-13:27:08,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/47-13:27:08,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:56/47-13:26:54,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/47-13:26:54,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:44/47-13:26:54,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/47-13:26:54,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/47-13:26:54,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/47-13:26:54,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/47-13:26:54,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:30/47-13:26:54,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:52/47-13:26:54,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/47-13:26:54,1352) bpfilter_umh (root,26204,8096,00:00:24/47-13:26:54,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/47-13:26:54,1359) ntpd: asynchronous dns resolver (spot,361136,212020,2-16:41:04/47-13:26:53,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/47-13:26:53,1371) (sd-pam) (checkmk,48528,3180,00:00:00/47-13:26:53,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/47-13:26:53,1373) (sd-pam) (root,24216,5260,00:00:16/47-13:26:51,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/47-13:26:51,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/47-13:26:51,1485) /usr/sbin/cron -n (root,697508,77208,01:06:08/47-13:26:45,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,229824,73032,00:25:46/47-13:26:33,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/41-19:02:08,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/21:27,2570) [kworker/2:1-events] (root,0,0,00:00:00/09:07,4496) [kworker/3:0-ata_sff] (root,0,0,00:00:00/36:54,6226) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/19:30,7364) [kworker/3:2-events] (root,35304,10040,00:00:00/9-13:55:03,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:37/9-13:55:02,10514) sshd: syslogtunnel (postfix,24244,8256,00:00:00/48:56,10898) pickup -l -t fifo -u (root,0,0,00:00:00/03:57,11263) [kworker/3:1-ata_sff] (root,0,0,00:00:01/03:55:55,15451) [kworker/1:1-events] (root,0,0,00:00:00/16:14,15704) [kworker/2:0-events] (root,0,0,00:00:00/16:12,15769) [kworker/u8:1-writeback] (root,0,0,00:00:00/00:57,17795) [kworker/1:0-events] (root,6656,3484,00:00:00/00:00,21341) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,21411) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,21438) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,21440) /bin/bash /usr/bin/check_mk_agent (root,4480,1048,00:00:00/00:00,21442) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,780,00:00:00/00:00,21446) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,656,00:00:00/00:00,21450) cat /proc/net/tcp /proc/net/tcp6 (root,13744,3512,00:00:00/00:00,21460) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,21461) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:15:04,21827) [kworker/u8:0-events_unbound] (root,0,0,00:00:00/26:57,25528) [kworker/0:2-events] (root,0,0,00:00:01/07:38:23,29068) [kworker/0:0-events] (root,35308,10028,00:00:00/9-14:41:16,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:34/9-14:41:15,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-28 00:16 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c2687f46Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:13/45-10:45:36,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/45-10:45:36,2) [kthreadd] (root,0,0,00:00:00/45-10:45:36,3) [rcu_gp] (root,0,0,00:00:00/45-10:45:36,4) [rcu_par_gp] (root,0,0,00:00:00/45-10:45:36,5) [slub_flushwq] (root,0,0,00:00:00/45-10:45:36,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/45-10:45:36,9) [mm_percpu_wq] (root,0,0,00:00:00/45-10:45:36,10) [rcu_tasks_kthre] (root,0,0,00:00:00/45-10:45:36,11) [rcu_tasks_rude_] (root,0,0,00:00:00/45-10:45:36,12) [rcu_tasks_trace] (root,0,0,00:01:23/45-10:45:36,13) [ksoftirqd/0] (root,0,0,02:10:20/45-10:45:36,14) [rcu_preempt] (root,0,0,00:00:17/45-10:45:36,15) [migration/0] (root,0,0,00:00:00/45-10:45:36,16) [idle_inject/0] (root,0,0,00:00:00/45-10:45:36,18) [cpuhp/0] (root,0,0,00:00:00/45-10:45:36,19) [cpuhp/1] (root,0,0,00:00:00/45-10:45:36,20) [idle_inject/1] (root,0,0,00:00:17/45-10:45:36,21) [migration/1] (root,0,0,00:01:08/45-10:45:36,22) [ksoftirqd/1] (root,0,0,00:00:00/45-10:45:36,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/45-10:45:36,25) [cpuhp/2] (root,0,0,00:00:00/45-10:45:36,26) [idle_inject/2] (root,0,0,00:00:13/45-10:45:36,27) [migration/2] (root,0,0,01:25:03/45-10:45:36,28) [ksoftirqd/2] (root,0,0,00:00:00/45-10:45:36,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/45-10:45:36,31) [cpuhp/3] (root,0,0,00:00:00/45-10:45:36,32) [idle_inject/3] (root,0,0,00:00:16/45-10:45:36,33) [migration/3] (root,0,0,00:04:21/45-10:45:36,34) [ksoftirqd/3] (root,0,0,00:00:00/45-10:45:36,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/45-10:45:36,40) [kdevtmpfs] (root,0,0,00:00:00/45-10:45:36,41) [netns] (root,0,0,00:00:00/45-10:45:36,42) [inet_frag_wq] (root,0,0,00:00:16/45-10:45:36,43) [kauditd] (root,0,0,00:00:00/45-10:45:36,44) [khungtaskd] (root,0,0,00:00:00/45-10:45:36,45) [oom_reaper] (root,0,0,00:00:00/45-10:45:36,46) [writeback] (root,0,0,00:02:23/45-10:45:36,47) [kcompactd0] (root,0,0,00:00:00/45-10:45:36,48) [ksmd] (root,0,0,00:02:30/45-10:45:36,49) [khugepaged] (root,0,0,00:00:00/45-10:45:36,75) [kintegrityd] (root,0,0,00:00:00/45-10:45:36,76) [kblockd] (root,0,0,00:00:00/45-10:45:36,77) [blkcg_punt_bio] (root,0,0,00:00:00/45-10:45:36,79) [tpm_dev_wq] (root,0,0,00:00:00/45-10:45:36,80) [edac-poller] (root,0,0,00:00:00/45-10:45:36,81) [devfreq_wq] (root,0,0,00:00:00/45-10:45:36,110) [watchdogd] (root,0,0,00:00:03/45-10:45:36,111) [kswapd0] (root,0,0,00:00:12/45-10:45:36,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/45-10:45:34,115) [kthrotld] (root,0,0,00:00:00/45-10:45:34,116) [mld] (root,0,0,00:00:00/45-10:45:34,117) [ipv6_addrconf] (root,0,0,00:00:12/45-10:45:34,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/45-10:45:34,123) [kstrp] (root,0,0,00:00:00/45-10:45:34,124) [zswap-shrink] (root,0,0,00:00:00/45-10:45:34,125) [kworker/u9:0] (root,0,0,00:00:00/45-10:45:34,130) [charger_manager] (root,0,0,00:00:14/45-10:45:34,172) [kworker/1:1H-kblockd] (root,0,0,00:00:20/45-10:45:34,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/45-10:45:33,239) [kaluad] (root,0,0,00:00:00/45-10:45:33,258) [kmpath_rdacd] (root,0,0,00:00:00/45-10:45:33,304) [kmpathd] (root,0,0,00:00:00/45-10:45:33,305) [kmpath_handlerd] (root,0,0,00:00:00/45-10:45:32,342) [ata_sff] (root,0,0,00:00:00/45-10:45:32,343) [scsi_eh_0] (root,0,0,00:00:00/45-10:45:32,344) [scsi_tmf_0] (root,0,0,00:00:00/45-10:45:32,345) [scsi_eh_1] (root,0,0,00:00:00/45-10:45:32,346) [scsi_tmf_1] (root,0,0,00:01:30/45-10:45:29,366) [jbd2/vda1-8] (root,0,0,00:00:00/45-10:45:29,367) [ext4-rsv-conver] (root,38604,7856,00:01:17/45-10:45:17,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/45-10:45:16,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:11/45-10:45:14,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:27/45-10:44:43,511) /sbin/auditd (messagebus,22932,5408,00:02:30/45-10:44:42,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:25/45-10:44:42,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/45-10:44:42,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/45-10:44:40,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/45-10:44:40,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:54/45-10:44:26,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/45-10:44:26,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:32/45-10:44:26,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/45-10:44:26,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/45-10:44:26,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/45-10:44:26,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/45-10:44:26,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:28/45-10:44:26,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:35/45-10:44:26,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/45-10:44:26,1352) bpfilter_umh (root,26204,8096,00:00:23/45-10:44:26,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/45-10:44:26,1359) ntpd: asynchronous dns resolver (spot,362224,206236,2-14:26:12/45-10:44:25,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/45-10:44:25,1371) (sd-pam) (checkmk,48528,3180,00:00:00/45-10:44:25,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/45-10:44:25,1373) (sd-pam) (root,24216,5260,00:00:16/45-10:44:23,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/45-10:44:23,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/45-10:44:23,1485) /usr/sbin/cron -n (root,697508,78832,01:03:14/45-10:44:17,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,228800,71508,00:24:45/45-10:44:05,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/39-16:19:40,2557) tlsmgr -l -t unix -u (postfix,24244,8236,00:00:00/08:29,3857) pickup -l -t fifo -u (root,6656,3484,00:00:00/00:00,4041) /bin/bash /usr/bin/check_mk_agent (root,13744,3412,00:00:00/00:00,4059) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,4060) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/08:06,5125) [kworker/3:1-ata_sff] (root,0,0,00:00:02/04:01:34,7922) [kworker/3:0-events] (root,0,0,00:00:01/04:09:05,9329) [kworker/2:2-events] (root,35304,10040,00:00:00/7-11:12:35,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:30/7-11:12:34,10514) sshd: syslogtunnel (root,0,0,00:00:00/01:04:25,12120) [kworker/1:2-events] (root,0,0,00:00:00/54:26,13999) [kworker/1:0] (root,0,0,00:00:00/04:17,19992) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/01:34:52,23049) [kworker/0:2-events] (root,0,0,00:00:00/02:53,25872) [kworker/3:2-ata_sff] (root,0,0,00:00:00/33:45,27540) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/49:31,27729) [kworker/0:0-events] (root,35308,10028,00:00:00/7-11:58:48,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:27/7-11:58:47,30947) sshd: cm-ssh (root,0,0,00:00:00/09:11,32062) [kworker/2:1-events] (root,0,0,00:00:00/44:22,32405) [kworker/u8:1-ext4-rsv-conversion] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-25 21:34 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683636eda0222Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:08/43-10:42:05,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/43-10:42:05,2) [kthreadd] (root,0,0,00:00:00/43-10:42:05,3) [rcu_gp] (root,0,0,00:00:00/43-10:42:05,4) [rcu_par_gp] (root,0,0,00:00:00/43-10:42:05,5) [slub_flushwq] (root,0,0,00:00:00/43-10:42:05,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/43-10:42:05,9) [mm_percpu_wq] (root,0,0,00:00:00/43-10:42:05,10) [rcu_tasks_kthre] (root,0,0,00:00:00/43-10:42:05,11) [rcu_tasks_rude_] (root,0,0,00:00:00/43-10:42:05,12) [rcu_tasks_trace] (root,0,0,00:01:19/43-10:42:05,13) [ksoftirqd/0] (root,0,0,02:04:50/43-10:42:05,14) [rcu_preempt] (root,0,0,00:00:16/43-10:42:05,15) [migration/0] (root,0,0,00:00:00/43-10:42:05,16) [idle_inject/0] (root,0,0,00:00:00/43-10:42:05,18) [cpuhp/0] (root,0,0,00:00:00/43-10:42:05,19) [cpuhp/1] (root,0,0,00:00:00/43-10:42:05,20) [idle_inject/1] (root,0,0,00:00:16/43-10:42:05,21) [migration/1] (root,0,0,00:01:05/43-10:42:05,22) [ksoftirqd/1] (root,0,0,00:00:00/43-10:42:05,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/43-10:42:05,25) [cpuhp/2] (root,0,0,00:00:00/43-10:42:05,26) [idle_inject/2] (root,0,0,00:00:12/43-10:42:05,27) [migration/2] (root,0,0,01:22:11/43-10:42:05,28) [ksoftirqd/2] (root,0,0,00:00:00/43-10:42:05,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/43-10:42:05,31) [cpuhp/3] (root,0,0,00:00:00/43-10:42:05,32) [idle_inject/3] (root,0,0,00:00:15/43-10:42:05,33) [migration/3] (root,0,0,00:04:11/43-10:42:05,34) [ksoftirqd/3] (root,0,0,00:00:00/43-10:42:05,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/43-10:42:05,40) [kdevtmpfs] (root,0,0,00:00:00/43-10:42:05,41) [netns] (root,0,0,00:00:00/43-10:42:05,42) [inet_frag_wq] (root,0,0,00:00:15/43-10:42:05,43) [kauditd] (root,0,0,00:00:00/43-10:42:05,44) [khungtaskd] (root,0,0,00:00:00/43-10:42:05,45) [oom_reaper] (root,0,0,00:00:00/43-10:42:05,46) [writeback] (root,0,0,00:02:17/43-10:42:05,47) [kcompactd0] (root,0,0,00:00:00/43-10:42:05,48) [ksmd] (root,0,0,00:02:23/43-10:42:05,49) [khugepaged] (root,0,0,00:00:00/43-10:42:05,75) [kintegrityd] (root,0,0,00:00:00/43-10:42:05,76) [kblockd] (root,0,0,00:00:00/43-10:42:05,77) [blkcg_punt_bio] (root,0,0,00:00:00/43-10:42:05,79) [tpm_dev_wq] (root,0,0,00:00:00/43-10:42:05,80) [edac-poller] (root,0,0,00:00:00/43-10:42:05,81) [devfreq_wq] (root,0,0,00:00:00/43-10:42:05,110) [watchdogd] (root,0,0,00:00:03/43-10:42:05,111) [kswapd0] (root,0,0,00:00:11/43-10:42:05,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/43-10:42:03,115) [kthrotld] (root,0,0,00:00:00/43-10:42:03,116) [mld] (root,0,0,00:00:00/43-10:42:03,117) [ipv6_addrconf] (root,0,0,00:00:12/43-10:42:03,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/43-10:42:03,123) [kstrp] (root,0,0,00:00:00/43-10:42:03,124) [zswap-shrink] (root,0,0,00:00:00/43-10:42:03,125) [kworker/u9:0] (root,0,0,00:00:00/43-10:42:03,130) [charger_manager] (root,0,0,00:00:13/43-10:42:03,172) [kworker/1:1H-kblockd] (root,0,0,00:00:19/43-10:42:03,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/43-10:42:02,239) [kaluad] (root,0,0,00:00:00/43-10:42:02,258) [kmpath_rdacd] (root,0,0,00:00:00/43-10:42:02,304) [kmpathd] (root,0,0,00:00:00/43-10:42:02,305) [kmpath_handlerd] (root,0,0,00:00:00/43-10:42:01,342) [ata_sff] (root,0,0,00:00:00/43-10:42:01,343) [scsi_eh_0] (root,0,0,00:00:00/43-10:42:01,344) [scsi_tmf_0] (root,0,0,00:00:00/43-10:42:01,345) [scsi_eh_1] (root,0,0,00:00:00/43-10:42:01,346) [scsi_tmf_1] (root,0,0,00:01:27/43-10:41:58,366) [jbd2/vda1-8] (root,0,0,00:00:00/43-10:41:58,367) [ext4-rsv-conver] (root,38604,7856,00:01:14/43-10:41:46,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/43-10:41:45,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:08/43-10:41:43,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:26/43-10:41:12,511) /sbin/auditd (messagebus,22932,5408,00:02:24/43-10:41:11,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:21/43-10:41:11,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/43-10:41:11,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/43-10:41:09,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/43-10:41:09,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30208,00:00:51/43-10:40:55,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/43-10:40:55,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:19/43-10:40:55,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/43-10:40:55,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/43-10:40:55,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/43-10:40:55,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/43-10:40:55,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:25/43-10:40:55,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:18/43-10:40:55,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/43-10:40:55,1352) bpfilter_umh (root,26204,8096,00:00:22/43-10:40:55,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/43-10:40:55,1359) ntpd: asynchronous dns resolver (spot,361648,206092,2-12:11:09/43-10:40:54,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/43-10:40:54,1371) (sd-pam) (checkmk,48528,3180,00:00:00/43-10:40:54,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/43-10:40:54,1373) (sd-pam) (root,24216,5260,00:00:15/43-10:40:52,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/43-10:40:52,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/43-10:40:52,1485) /usr/sbin/cron -n (root,697508,78760,01:00:26/43-10:40:46,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,227776,70160,00:23:46/43-10:40:34,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/37-16:16:09,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/04:03,6955) [kworker/3:0-ata_sff] (root,0,0,00:00:00/13:23,8260) [kworker/0:1] (root,35304,10040,00:00:00/5-11:09:04,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:22/5-11:09:03,10514) sshd: syslogtunnel (root,0,0,00:00:00/32:52,12041) [kworker/1:0-events] (root,0,0,00:00:00/01:36:18,13819) [kworker/0:2-events] (postfix,24244,8304,00:00:00/26:42,13890) pickup -l -t fifo -u (root,6656,3484,00:00:00/00:00,15367) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,15385) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,15386) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:11:16,16939) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/40:45,17327) [kworker/u8:2-flush-253:0] (root,0,0,00:00:01/01:32:15,21017) [kworker/3:2-events] (root,0,0,00:00:00/23:05,21552) [kworker/1:1] (root,0,0,00:00:00/09:15,23245) [kworker/3:1-ata_sff] (root,0,0,00:00:00/01:16:41,30419) [kworker/2:2] (root,35308,10028,00:00:00/5-11:55:17,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:20/5-11:55:16,30947) sshd: cm-ssh (root,0,0,00:00:00/02:05:36,31069) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-23 21:30 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633112ef29Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:03/41-11:12:48,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/41-11:12:48,2) [kthreadd] (root,0,0,00:00:00/41-11:12:48,3) [rcu_gp] (root,0,0,00:00:00/41-11:12:48,4) [rcu_par_gp] (root,0,0,00:00:00/41-11:12:48,5) [slub_flushwq] (root,0,0,00:00:00/41-11:12:48,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/41-11:12:48,9) [mm_percpu_wq] (root,0,0,00:00:00/41-11:12:48,10) [rcu_tasks_kthre] (root,0,0,00:00:00/41-11:12:48,11) [rcu_tasks_rude_] (root,0,0,00:00:00/41-11:12:48,12) [rcu_tasks_trace] (root,0,0,00:01:15/41-11:12:48,13) [ksoftirqd/0] (root,0,0,01:59:01/41-11:12:48,14) [rcu_preempt] (root,0,0,00:00:15/41-11:12:48,15) [migration/0] (root,0,0,00:00:00/41-11:12:48,16) [idle_inject/0] (root,0,0,00:00:00/41-11:12:48,18) [cpuhp/0] (root,0,0,00:00:00/41-11:12:48,19) [cpuhp/1] (root,0,0,00:00:00/41-11:12:48,20) [idle_inject/1] (root,0,0,00:00:16/41-11:12:48,21) [migration/1] (root,0,0,00:01:01/41-11:12:48,22) [ksoftirqd/1] (root,0,0,00:00:00/41-11:12:48,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/41-11:12:48,25) [cpuhp/2] (root,0,0,00:00:00/41-11:12:48,26) [idle_inject/2] (root,0,0,00:00:12/41-11:12:48,27) [migration/2] (root,0,0,01:18:18/41-11:12:48,28) [ksoftirqd/2] (root,0,0,00:00:00/41-11:12:48,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/41-11:12:48,31) [cpuhp/3] (root,0,0,00:00:00/41-11:12:48,32) [idle_inject/3] (root,0,0,00:00:15/41-11:12:48,33) [migration/3] (root,0,0,00:03:58/41-11:12:48,34) [ksoftirqd/3] (root,0,0,00:00:00/41-11:12:48,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/41-11:12:48,40) [kdevtmpfs] (root,0,0,00:00:00/41-11:12:48,41) [netns] (root,0,0,00:00:00/41-11:12:48,42) [inet_frag_wq] (root,0,0,00:00:14/41-11:12:48,43) [kauditd] (root,0,0,00:00:00/41-11:12:48,44) [khungtaskd] (root,0,0,00:00:00/41-11:12:48,45) [oom_reaper] (root,0,0,00:00:00/41-11:12:48,46) [writeback] (root,0,0,00:02:11/41-11:12:48,47) [kcompactd0] (root,0,0,00:00:00/41-11:12:48,48) [ksmd] (root,0,0,00:02:16/41-11:12:48,49) [khugepaged] (root,0,0,00:00:00/41-11:12:48,75) [kintegrityd] (root,0,0,00:00:00/41-11:12:48,76) [kblockd] (root,0,0,00:00:00/41-11:12:48,77) [blkcg_punt_bio] (root,0,0,00:00:00/41-11:12:48,79) [tpm_dev_wq] (root,0,0,00:00:00/41-11:12:48,80) [edac-poller] (root,0,0,00:00:00/41-11:12:48,81) [devfreq_wq] (root,0,0,00:00:00/41-11:12:48,110) [watchdogd] (root,0,0,00:00:03/41-11:12:48,111) [kswapd0] (root,0,0,00:00:11/41-11:12:48,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/41-11:12:46,115) [kthrotld] (root,0,0,00:00:00/41-11:12:46,116) [mld] (root,0,0,00:00:00/41-11:12:46,117) [ipv6_addrconf] (root,0,0,00:00:11/41-11:12:46,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/41-11:12:46,123) [kstrp] (root,0,0,00:00:00/41-11:12:46,124) [zswap-shrink] (root,0,0,00:00:00/41-11:12:46,125) [kworker/u9:0] (root,0,0,00:00:00/41-11:12:46,130) [charger_manager] (root,0,0,00:00:12/41-11:12:46,172) [kworker/1:1H-kblockd] (root,0,0,00:00:18/41-11:12:46,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/41-11:12:45,239) [kaluad] (root,0,0,00:00:00/41-11:12:45,258) [kmpath_rdacd] (root,0,0,00:00:00/41-11:12:45,304) [kmpathd] (root,0,0,00:00:00/41-11:12:45,305) [kmpath_handlerd] (root,0,0,00:00:00/41-11:12:44,342) [ata_sff] (root,0,0,00:00:00/41-11:12:44,343) [scsi_eh_0] (root,0,0,00:00:00/41-11:12:44,344) [scsi_tmf_0] (root,0,0,00:00:00/41-11:12:44,345) [scsi_eh_1] (root,0,0,00:00:00/41-11:12:44,346) [scsi_tmf_1] (root,0,0,00:01:23/41-11:12:41,366) [jbd2/vda1-8] (root,0,0,00:00:00/41-11:12:41,367) [ext4-rsv-conver] (root,38604,7856,00:01:11/41-11:12:29,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:04/41-11:12:28,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:05/41-11:12:26,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:25/41-11:11:55,511) /sbin/auditd (messagebus,22932,5408,00:02:18/41-11:11:54,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:18/41-11:11:54,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/41-11:11:54,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/41-11:11:52,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/41-11:11:52,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30208,00:00:49/41-11:11:38,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/41-11:11:38,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:08/41-11:11:38,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/41-11:11:38,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/41-11:11:38,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/41-11:11:38,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/41-11:11:38,1343) /usr/lib/systemd/systemd --user (root,449060,8448,00:01:22/41-11:11:38,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:01/41-11:11:38,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/41-11:11:38,1352) bpfilter_umh (root,26204,8096,00:00:21/41-11:11:38,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/41-11:11:38,1359) ntpd: asynchronous dns resolver (spot,362000,206180,2-09:25:25/41-11:11:37,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/41-11:11:37,1371) (sd-pam) (checkmk,48528,3180,00:00:00/41-11:11:37,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/41-11:11:37,1373) (sd-pam) (root,0,0,00:00:00/01:54:27,1398) [kworker/1:0-cgroup_destroy] (root,24216,5260,00:00:14/41-11:11:35,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/41-11:11:35,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/41-11:11:35,1485) /usr/sbin/cron -n (root,697108,76364,00:57:37/41-11:11:29,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,226752,68932,00:22:47/41-11:11:17,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/35-16:46:52,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/23:52,2589) [kworker/3:0-events] (root,0,0,00:00:00/00:24,3309) [kworker/u8:2-writeback] (root,0,0,00:00:00/00:24,3311) [kworker/1:1] (root,6656,3488,00:00:00/00:00,6178) /bin/bash /usr/bin/check_mk_agent (root,13744,3464,00:00:00/00:00,6196) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,6197) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8272,00:00:00/01:19:21,8568) pickup -l -t fifo -u (root,35304,10040,00:00:00/3-11:39:47,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:14/3-11:39:46,10514) sshd: syslogtunnel (root,0,0,00:00:00/28:48,11751) [kworker/0:1-events] (root,0,0,00:00:00/01:26:00,15370) [kworker/u8:1-events_unbound] (root,0,0,00:00:01/08:37:28,16954) [kworker/2:1-events] (root,0,0,00:00:00/01:16:30,18031) [kworker/1:2-events] (root,0,0,00:00:00/01:11:47,20231) [kworker/0:0-events] (root,0,0,00:00:00/33:28,21149) [kworker/u8:0] (root,0,0,00:00:00/03:08,21964) [kworker/3:2-ata_sff] (root,0,0,00:00:00/52:44,29732) [kworker/2:0-events] (root,35308,10028,00:00:00/3-12:26:00,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:13/3-12:25:59,30947) sshd: cm-ssh (root,0,0,00:00:00/08:19,32022) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-21 22:01 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683638c0f1242Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:57/39-10:34:37,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-10:34:37,2) [kthreadd] (root,0,0,00:00:00/39-10:34:37,3) [rcu_gp] (root,0,0,00:00:00/39-10:34:37,4) [rcu_par_gp] (root,0,0,00:00:00/39-10:34:37,5) [slub_flushwq] (root,0,0,00:00:00/39-10:34:37,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-10:34:37,9) [mm_percpu_wq] (root,0,0,00:00:00/39-10:34:37,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-10:34:37,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-10:34:37,12) [rcu_tasks_trace] (root,0,0,00:01:12/39-10:34:37,13) [ksoftirqd/0] (root,0,0,01:53:07/39-10:34:37,14) [rcu_preempt] (root,0,0,00:00:15/39-10:34:37,15) [migration/0] (root,0,0,00:00:00/39-10:34:37,16) [idle_inject/0] (root,0,0,00:00:00/39-10:34:37,18) [cpuhp/0] (root,0,0,00:00:00/39-10:34:37,19) [cpuhp/1] (root,0,0,00:00:00/39-10:34:37,20) [idle_inject/1] (root,0,0,00:00:15/39-10:34:37,21) [migration/1] (root,0,0,00:00:58/39-10:34:37,22) [ksoftirqd/1] (root,0,0,00:00:00/39-10:34:37,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-10:34:37,25) [cpuhp/2] (root,0,0,00:00:00/39-10:34:37,26) [idle_inject/2] (root,0,0,00:00:11/39-10:34:37,27) [migration/2] (root,0,0,01:13:18/39-10:34:37,28) [ksoftirqd/2] (root,0,0,00:00:00/39-10:34:37,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-10:34:37,31) [cpuhp/3] (root,0,0,00:00:00/39-10:34:37,32) [idle_inject/3] (root,0,0,00:00:14/39-10:34:37,33) [migration/3] (root,0,0,00:03:45/39-10:34:37,34) [ksoftirqd/3] (root,0,0,00:00:00/39-10:34:37,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-10:34:37,40) [kdevtmpfs] (root,0,0,00:00:00/39-10:34:37,41) [netns] (root,0,0,00:00:00/39-10:34:37,42) [inet_frag_wq] (root,0,0,00:00:14/39-10:34:37,43) [kauditd] (root,0,0,00:00:00/39-10:34:37,44) [khungtaskd] (root,0,0,00:00:00/39-10:34:37,45) [oom_reaper] (root,0,0,00:00:00/39-10:34:37,46) [writeback] (root,0,0,00:02:04/39-10:34:37,47) [kcompactd0] (root,0,0,00:00:00/39-10:34:37,48) [ksmd] (root,0,0,00:02:09/39-10:34:37,49) [khugepaged] (root,0,0,00:00:00/39-10:34:37,75) [kintegrityd] (root,0,0,00:00:00/39-10:34:37,76) [kblockd] (root,0,0,00:00:00/39-10:34:37,77) [blkcg_punt_bio] (root,0,0,00:00:00/39-10:34:37,79) [tpm_dev_wq] (root,0,0,00:00:00/39-10:34:37,80) [edac-poller] (root,0,0,00:00:00/39-10:34:37,81) [devfreq_wq] (root,0,0,00:00:00/39-10:34:37,110) [watchdogd] (root,0,0,00:00:02/39-10:34:37,111) [kswapd0] (root,0,0,00:00:10/39-10:34:37,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/39-10:34:35,115) [kthrotld] (root,0,0,00:00:00/39-10:34:35,116) [mld] (root,0,0,00:00:00/39-10:34:35,117) [ipv6_addrconf] (root,0,0,00:00:11/39-10:34:35,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-10:34:35,123) [kstrp] (root,0,0,00:00:00/39-10:34:35,124) [zswap-shrink] (root,0,0,00:00:00/39-10:34:35,125) [kworker/u9:0] (root,0,0,00:00:00/39-10:34:35,130) [charger_manager] (root,0,0,00:00:12/39-10:34:35,172) [kworker/1:1H-kblockd] (root,0,0,00:00:17/39-10:34:35,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/39-10:34:34,239) [kaluad] (root,0,0,00:00:00/39-10:34:34,258) [kmpath_rdacd] (root,0,0,00:00:00/39-10:34:34,304) [kmpathd] (root,0,0,00:00:00/39-10:34:34,305) [kmpath_handlerd] (root,0,0,00:00:00/39-10:34:33,342) [ata_sff] (root,0,0,00:00:00/39-10:34:33,343) [scsi_eh_0] (root,0,0,00:00:00/39-10:34:33,344) [scsi_tmf_0] (root,0,0,00:00:00/39-10:34:33,345) [scsi_eh_1] (root,0,0,00:00:00/39-10:34:33,346) [scsi_tmf_1] (root,0,0,00:01:18/39-10:34:30,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-10:34:30,367) [ext4-rsv-conver] (root,38604,7924,00:01:08/39-10:34:18,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/39-10:34:17,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:01:02/39-10:34:15,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:24/39-10:33:44,511) /sbin/auditd (messagebus,22932,5436,00:02:12/39-10:33:43,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:15/39-10:33:43,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/39-10:33:43,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/39-10:33:41,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/39-10:33:41,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/33:34,1266) [kworker/2:0-events] (root,548616,30300,00:00:46/39-10:33:27,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/39-10:33:27,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:54/39-10:33:27,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/39-10:33:27,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/39-10:33:27,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/39-10:33:27,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/39-10:33:27,1343) /usr/lib/systemd/systemd --user (root,449060,8596,00:01:19/39-10:33:27,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:42/39-10:33:27,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/39-10:33:27,1352) bpfilter_umh (root,26204,8116,00:00:20/39-10:33:27,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/39-10:33:27,1359) ntpd: asynchronous dns resolver (spot,362048,198484,2-07:14:08/39-10:33:26,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/39-10:33:26,1371) (sd-pam) (checkmk,48528,3192,00:00:00/39-10:33:26,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/39-10:33:26,1373) (sd-pam) (root,24216,5260,00:00:14/39-10:33:24,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/39-10:33:24,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/39-10:33:24,1485) /usr/sbin/cron -n (root,697108,78496,00:54:42/39-10:33:18,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,67424,00:21:42/39-10:33:06,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/33-16:08:41,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:08:18,4221) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/00:00,4874) [check_mk_agent] (root,6656,3488,00:00:00/00:00,4920) /bin/bash /usr/bin/check_mk_agent (root,13744,3504,00:00:00/00:00,4938) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,4939) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/23:25,10453) [kworker/3:0-events] (root,35304,10040,00:00:00/1-11:01:36,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:06/1-11:01:35,10514) sshd: syslogtunnel (root,0,0,00:00:00/22:50,12444) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/19:35,14542) [kworker/0:2] (root,0,0,00:00:00/07:52,14996) [kworker/3:1-ata_sff] (root,0,0,00:00:00/42:49,15042) [kworker/1:1-events] (root,0,0,00:00:00/01:24:55,16553) [kworker/0:0-events] (postfix,24244,8244,00:00:00/01:02:02,20658) pickup -l -t fifo -u (root,0,0,00:00:00/02:39,29460) [kworker/3:2-ata_sff] (root,35308,10028,00:00:00/1-11:47:49,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:06/1-11:47:48,30947) sshd: cm-ssh (root,0,0,00:00:00/56:47,31742) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/47:26,32470) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-19 21:23 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836369cc2e81Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:51/37-11:46:39,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-11:46:39,2) [kthreadd] (root,0,0,00:00:00/37-11:46:39,3) [rcu_gp] (root,0,0,00:00:00/37-11:46:39,4) [rcu_par_gp] (root,0,0,00:00:00/37-11:46:39,5) [slub_flushwq] (root,0,0,00:00:00/37-11:46:39,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-11:46:39,9) [mm_percpu_wq] (root,0,0,00:00:00/37-11:46:39,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-11:46:39,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-11:46:39,12) [rcu_tasks_trace] (root,0,0,00:01:07/37-11:46:39,13) [ksoftirqd/0] (root,0,0,01:47:16/37-11:46:39,14) [rcu_preempt] (root,0,0,00:00:14/37-11:46:39,15) [migration/0] (root,0,0,00:00:00/37-11:46:39,16) [idle_inject/0] (root,0,0,00:00:00/37-11:46:39,18) [cpuhp/0] (root,0,0,00:00:00/37-11:46:39,19) [cpuhp/1] (root,0,0,00:00:00/37-11:46:39,20) [idle_inject/1] (root,0,0,00:00:14/37-11:46:39,21) [migration/1] (root,0,0,00:00:55/37-11:46:39,22) [ksoftirqd/1] (root,0,0,00:00:00/37-11:46:39,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-11:46:39,25) [cpuhp/2] (root,0,0,00:00:00/37-11:46:39,26) [idle_inject/2] (root,0,0,00:00:10/37-11:46:39,27) [migration/2] (root,0,0,01:07:48/37-11:46:39,28) [ksoftirqd/2] (root,0,0,00:00:00/37-11:46:39,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-11:46:39,31) [cpuhp/3] (root,0,0,00:00:00/37-11:46:39,32) [idle_inject/3] (root,0,0,00:00:13/37-11:46:39,33) [migration/3] (root,0,0,00:03:29/37-11:46:39,34) [ksoftirqd/3] (root,0,0,00:00:00/37-11:46:39,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-11:46:39,40) [kdevtmpfs] (root,0,0,00:00:00/37-11:46:39,41) [netns] (root,0,0,00:00:00/37-11:46:39,42) [inet_frag_wq] (root,0,0,00:00:13/37-11:46:39,43) [kauditd] (root,0,0,00:00:00/37-11:46:39,44) [khungtaskd] (root,0,0,00:00:00/37-11:46:39,45) [oom_reaper] (root,0,0,00:00:00/37-11:46:39,46) [writeback] (root,0,0,00:01:58/37-11:46:39,47) [kcompactd0] (root,0,0,00:00:00/37-11:46:39,48) [ksmd] (root,0,0,00:02:02/37-11:46:39,49) [khugepaged] (root,0,0,00:00:00/37-11:46:39,75) [kintegrityd] (root,0,0,00:00:00/37-11:46:39,76) [kblockd] (root,0,0,00:00:00/37-11:46:39,77) [blkcg_punt_bio] (root,0,0,00:00:00/37-11:46:39,79) [tpm_dev_wq] (root,0,0,00:00:00/37-11:46:39,80) [edac-poller] (root,0,0,00:00:00/37-11:46:39,81) [devfreq_wq] (root,0,0,00:00:00/37-11:46:39,110) [watchdogd] (root,0,0,00:00:02/37-11:46:39,111) [kswapd0] (root,0,0,00:00:10/37-11:46:39,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/37-11:46:37,115) [kthrotld] (root,0,0,00:00:00/37-11:46:37,116) [mld] (root,0,0,00:00:00/37-11:46:37,117) [ipv6_addrconf] (root,0,0,00:00:10/37-11:46:37,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-11:46:37,123) [kstrp] (root,0,0,00:00:00/37-11:46:37,124) [zswap-shrink] (root,0,0,00:00:00/37-11:46:37,125) [kworker/u9:0] (root,0,0,00:00:00/37-11:46:37,130) [charger_manager] (root,0,0,00:00:11/37-11:46:37,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/37-11:46:37,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/37-11:46:36,239) [kaluad] (root,0,0,00:00:00/37-11:46:36,258) [kmpath_rdacd] (root,0,0,00:00:00/37-11:46:36,304) [kmpathd] (root,0,0,00:00:00/37-11:46:36,305) [kmpath_handlerd] (root,0,0,00:00:00/37-11:46:35,342) [ata_sff] (root,0,0,00:00:00/37-11:46:35,343) [scsi_eh_0] (root,0,0,00:00:00/37-11:46:35,344) [scsi_tmf_0] (root,0,0,00:00:00/37-11:46:35,345) [scsi_eh_1] (root,0,0,00:00:00/37-11:46:35,346) [scsi_tmf_1] (root,0,0,00:01:14/37-11:46:32,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-11:46:32,367) [ext4-rsv-conver] (root,38604,7924,00:01:01/37-11:46:20,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/37-11:46:19,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:00:58/37-11:46:17,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:22/37-11:45:46,511) /sbin/auditd (messagebus,22932,5436,00:02:06/37-11:45:45,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:11/37-11:45:45,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/37-11:45:45,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/37-11:45:43,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/37-11:45:43,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30292,00:00:44/37-11:45:29,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/37-11:45:29,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:43/37-11:45:29,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/37-11:45:29,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/37-11:45:29,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/37-11:45:29,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/37-11:45:29,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:58/37-11:45:29,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:25/37-11:45:29,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/37-11:45:29,1352) bpfilter_umh (root,26204,8116,00:00:19/37-11:45:29,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/37-11:45:29,1359) ntpd: asynchronous dns resolver (spot,361936,198484,2-04:19:37/37-11:45:28,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/37-11:45:28,1371) (sd-pam) (checkmk,48528,3192,00:00:00/37-11:45:28,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/37-11:45:28,1373) (sd-pam) (root,24216,5260,00:00:13/37-11:45:26,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/37-11:45:26,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/37-11:45:26,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/37-11:45:23,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:19/37-11:45:22,1527) sshd: syslogtunnel (root,0,0,00:00:00/01:39:49,1530) [kworker/u8:2-ext4-rsv-conversion] (root,696596,77960,00:51:53/37-11:45:20,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66204,00:20:40/37-11:45:08,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/31-17:20:43,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/03:15,2691) [kworker/u8:1-writeback] (root,35308,10108,00:00:00/37-11:44:43,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:02:04/37-11:44:43,3218) sshd: cm-ssh (postfix,24244,8256,00:00:00/55:53,4691) pickup -l -t fifo -u (root,0,0,00:00:00/02:38,5154) [kworker/3:0-ata_sff] (root,0,0,00:00:00/07:49,15962) [kworker/3:1-ata_sff] (root,6656,3480,00:00:00/00:00,16979) /bin/bash /usr/bin/check_mk_agent (root,13744,3492,00:00:00/00:00,16997) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,16998) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:10:18,18233) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/01:44:01,19177) [kworker/0:2-events] (root,0,0,00:00:00/36:03,19789) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/26:24,24321) [kworker/2:1-events] (root,0,0,00:00:00/34:15,26327) [kworker/1:1-events] (root,0,0,00:00:00/49:39,26865) [kworker/1:0-events] (root,0,0,00:00:00/40:37,32400) [kworker/2:2] (root,0,0,00:00:02/03:24:59,32737) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-17 22:35 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d9cea834Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12620,00:01:45/35-11:27:52,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/35-11:27:52,2) [kthreadd] (root,0,0,00:00:00/35-11:27:52,3) [rcu_gp] (root,0,0,00:00:00/35-11:27:52,4) [rcu_par_gp] (root,0,0,00:00:00/35-11:27:52,5) [slub_flushwq] (root,0,0,00:00:00/35-11:27:52,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-11:27:52,9) [mm_percpu_wq] (root,0,0,00:00:00/35-11:27:52,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-11:27:52,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-11:27:52,12) [rcu_tasks_trace] (root,0,0,00:01:04/35-11:27:52,13) [ksoftirqd/0] (root,0,0,01:41:55/35-11:27:52,14) [rcu_preempt] (root,0,0,00:00:13/35-11:27:52,15) [migration/0] (root,0,0,00:00:00/35-11:27:52,16) [idle_inject/0] (root,0,0,00:00:00/35-11:27:52,18) [cpuhp/0] (root,0,0,00:00:00/35-11:27:52,19) [cpuhp/1] (root,0,0,00:00:00/35-11:27:52,20) [idle_inject/1] (root,0,0,00:00:13/35-11:27:52,21) [migration/1] (root,0,0,00:00:52/35-11:27:52,22) [ksoftirqd/1] (root,0,0,00:00:00/35-11:27:52,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-11:27:52,25) [cpuhp/2] (root,0,0,00:00:00/35-11:27:52,26) [idle_inject/2] (root,0,0,00:00:10/35-11:27:52,27) [migration/2] (root,0,0,01:04:51/35-11:27:52,28) [ksoftirqd/2] (root,0,0,00:00:00/35-11:27:52,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-11:27:52,31) [cpuhp/3] (root,0,0,00:00:00/35-11:27:52,32) [idle_inject/3] (root,0,0,00:00:12/35-11:27:52,33) [migration/3] (root,0,0,00:03:20/35-11:27:52,34) [ksoftirqd/3] (root,0,0,00:00:00/35-11:27:52,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-11:27:52,40) [kdevtmpfs] (root,0,0,00:00:00/35-11:27:52,41) [netns] (root,0,0,00:00:00/35-11:27:52,42) [inet_frag_wq] (root,0,0,00:00:12/35-11:27:52,43) [kauditd] (root,0,0,00:00:00/35-11:27:52,44) [khungtaskd] (root,0,0,00:00:00/35-11:27:52,45) [oom_reaper] (root,0,0,00:00:00/35-11:27:52,46) [writeback] (root,0,0,00:01:52/35-11:27:52,47) [kcompactd0] (root,0,0,00:00:00/35-11:27:52,48) [ksmd] (root,0,0,00:01:55/35-11:27:52,49) [khugepaged] (root,0,0,00:00:00/35-11:27:52,75) [kintegrityd] (root,0,0,00:00:00/35-11:27:52,76) [kblockd] (root,0,0,00:00:00/35-11:27:52,77) [blkcg_punt_bio] (root,0,0,00:00:00/35-11:27:52,79) [tpm_dev_wq] (root,0,0,00:00:00/35-11:27:52,80) [edac-poller] (root,0,0,00:00:00/35-11:27:52,81) [devfreq_wq] (root,0,0,00:00:00/35-11:27:52,110) [watchdogd] (root,0,0,00:00:02/35-11:27:52,111) [kswapd0] (root,0,0,00:00:09/35-11:27:52,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/35-11:27:50,115) [kthrotld] (root,0,0,00:00:00/35-11:27:50,116) [mld] (root,0,0,00:00:00/35-11:27:50,117) [ipv6_addrconf] (root,0,0,00:00:10/35-11:27:50,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-11:27:50,123) [kstrp] (root,0,0,00:00:00/35-11:27:50,124) [zswap-shrink] (root,0,0,00:00:00/35-11:27:50,125) [kworker/u9:0] (root,0,0,00:00:00/35-11:27:50,130) [charger_manager] (root,0,0,00:00:10/35-11:27:50,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/35-11:27:50,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/35-11:27:49,239) [kaluad] (root,0,0,00:00:00/35-11:27:49,258) [kmpath_rdacd] (root,0,0,00:00:00/35-11:27:49,304) [kmpathd] (root,0,0,00:00:00/35-11:27:49,305) [kmpath_handlerd] (root,0,0,00:00:00/35-11:27:48,342) [ata_sff] (root,0,0,00:00:00/35-11:27:48,343) [scsi_eh_0] (root,0,0,00:00:00/35-11:27:48,344) [scsi_tmf_0] (root,0,0,00:00:00/35-11:27:48,345) [scsi_eh_1] (root,0,0,00:00:00/35-11:27:48,346) [scsi_tmf_1] (root,0,0,00:01:11/35-11:27:45,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-11:27:45,367) [ext4-rsv-conver] (root,38604,7924,00:00:58/35-11:27:33,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/35-11:27:32,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:00:55/35-11:27:30,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:21/35-11:26:59,511) /sbin/auditd (messagebus,22932,5436,00:01:59/35-11:26:58,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:07/35-11:26:58,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/35-11:26:58,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/35-11:26:56,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/35-11:26:56,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29680,00:00:41/35-11:26:42,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/35-11:26:42,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:32/35-11:26:42,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/35-11:26:42,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/35-11:26:42,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/35-11:26:42,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/35-11:26:42,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:55/35-11:26:42,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:08/35-11:26:42,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/35-11:26:42,1352) bpfilter_umh (root,26204,8116,00:00:18/35-11:26:42,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/35-11:26:42,1359) ntpd: asynchronous dns resolver (spot,361744,198436,2-02:11:56/35-11:26:41,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/35-11:26:41,1371) (sd-pam) (checkmk,48528,3192,00:00:00/35-11:26:41,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/35-11:26:41,1373) (sd-pam) (root,24216,5260,00:00:12/35-11:26:39,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/35-11:26:39,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/35-11:26:39,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/35-11:26:36,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:12/35-11:26:35,1527) sshd: syslogtunnel (root,696596,75900,00:49:07/35-11:26:33,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/22:21,1640) [kworker/2:2-events] (spot,223680,64852,00:19:39/35-11:26:21,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/29-17:01:56,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/35-11:25:56,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:57/35-11:25:56,3218) sshd: cm-ssh (root,0,0,00:00:00/01:04:33,3274) [kworker/0:2-events] (postfix,24244,8256,00:00:00/58:56,11037) pickup -l -t fifo -u (root,0,0,00:00:00/04:23,13467) [kworker/3:2-ata_sff] (root,0,0,00:00:00/45:53,16573) [kworker/3:0-events] (root,0,0,00:00:00/15:28,16692) [kworker/u8:0-writeback] (root,0,0,00:00:00/43:46,19269) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/27:01,20362) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/01:34:22,23023) [kworker/1:1-events] (root,0,0,00:00:00/01:06,24362) [kworker/2:0-cgroup_destroy] (root,6656,3488,00:00:00/00:00,27945) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,27963) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,944,00:00:00/00:00,27964) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/39:34,28809) [kworker/0:1] (root,0,0,00:00:00/09:34,32420) [kworker/3:1-ata_sff] (root,0,0,00:00:00/09:24,32725) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-15 22:16 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363dfd24ba0Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:39/33-10:59:40,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/33-10:59:40,2) [kthreadd] (root,0,0,00:00:00/33-10:59:40,3) [rcu_gp] (root,0,0,00:00:00/33-10:59:40,4) [rcu_par_gp] (root,0,0,00:00:00/33-10:59:40,5) [slub_flushwq] (root,0,0,00:00:00/33-10:59:40,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-10:59:40,9) [mm_percpu_wq] (root,0,0,00:00:00/33-10:59:40,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-10:59:40,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-10:59:40,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-10:59:40,13) [ksoftirqd/0] (root,0,0,01:36:31/33-10:59:40,14) [rcu_preempt] (root,0,0,00:00:12/33-10:59:40,15) [migration/0] (root,0,0,00:00:00/33-10:59:40,16) [idle_inject/0] (root,0,0,00:00:00/33-10:59:40,18) [cpuhp/0] (root,0,0,00:00:00/33-10:59:40,19) [cpuhp/1] (root,0,0,00:00:00/33-10:59:40,20) [idle_inject/1] (root,0,0,00:00:12/33-10:59:40,21) [migration/1] (root,0,0,00:00:50/33-10:59:40,22) [ksoftirqd/1] (root,0,0,00:00:00/33-10:59:40,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-10:59:40,25) [cpuhp/2] (root,0,0,00:00:00/33-10:59:40,26) [idle_inject/2] (root,0,0,00:00:09/33-10:59:40,27) [migration/2] (root,0,0,01:01:36/33-10:59:40,28) [ksoftirqd/2] (root,0,0,00:00:00/33-10:59:40,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-10:59:40,31) [cpuhp/3] (root,0,0,00:00:00/33-10:59:40,32) [idle_inject/3] (root,0,0,00:00:12/33-10:59:40,33) [migration/3] (root,0,0,00:03:10/33-10:59:40,34) [ksoftirqd/3] (root,0,0,00:00:00/33-10:59:40,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-10:59:40,40) [kdevtmpfs] (root,0,0,00:00:00/33-10:59:40,41) [netns] (root,0,0,00:00:00/33-10:59:40,42) [inet_frag_wq] (root,0,0,00:00:12/33-10:59:40,43) [kauditd] (root,0,0,00:00:00/33-10:59:40,44) [khungtaskd] (root,0,0,00:00:00/33-10:59:40,45) [oom_reaper] (root,0,0,00:00:00/33-10:59:40,46) [writeback] (root,0,0,00:01:45/33-10:59:40,47) [kcompactd0] (root,0,0,00:00:00/33-10:59:40,48) [ksmd] (root,0,0,00:01:49/33-10:59:40,49) [khugepaged] (root,0,0,00:00:00/33-10:59:40,75) [kintegrityd] (root,0,0,00:00:00/33-10:59:40,76) [kblockd] (root,0,0,00:00:00/33-10:59:40,77) [blkcg_punt_bio] (root,0,0,00:00:00/33-10:59:40,79) [tpm_dev_wq] (root,0,0,00:00:00/33-10:59:40,80) [edac-poller] (root,0,0,00:00:00/33-10:59:40,81) [devfreq_wq] (root,0,0,00:00:00/33-10:59:40,110) [watchdogd] (root,0,0,00:00:02/33-10:59:40,111) [kswapd0] (root,0,0,00:00:09/33-10:59:40,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/33-10:59:38,115) [kthrotld] (root,0,0,00:00:00/33-10:59:38,116) [mld] (root,0,0,00:00:00/33-10:59:38,117) [ipv6_addrconf] (root,0,0,00:00:09/33-10:59:38,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-10:59:38,123) [kstrp] (root,0,0,00:00:00/33-10:59:38,124) [zswap-shrink] (root,0,0,00:00:00/33-10:59:38,125) [kworker/u9:0] (root,0,0,00:00:00/33-10:59:38,130) [charger_manager] (root,0,0,00:00:10/33-10:59:38,172) [kworker/1:1H-kblockd] (root,0,0,00:00:15/33-10:59:38,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/33-10:59:37,239) [kaluad] (root,0,0,00:00:00/33-10:59:37,258) [kmpath_rdacd] (root,0,0,00:00:00/33-10:59:37,304) [kmpathd] (root,0,0,00:00:00/33-10:59:37,305) [kmpath_handlerd] (root,0,0,00:00:00/33-10:59:36,342) [ata_sff] (root,0,0,00:00:00/33-10:59:36,343) [scsi_eh_0] (root,0,0,00:00:00/33-10:59:36,344) [scsi_tmf_0] (root,0,0,00:00:00/33-10:59:36,345) [scsi_eh_1] (root,0,0,00:00:00/33-10:59:36,346) [scsi_tmf_1] (root,0,0,00:01:07/33-10:59:33,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-10:59:33,367) [ext4-rsv-conver] (root,38604,7944,00:00:54/33-10:59:21,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/33-10:59:20,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:52/33-10:59:18,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:20/33-10:58:47,511) /sbin/auditd (messagebus,22932,5632,00:01:51/33-10:58:46,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:01:03/33-10:58:46,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/33-10:58:46,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/33-10:58:44,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/33-10:58:44,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:39/33-10:58:30,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/33-10:58:30,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:21/33-10:58:30,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/33-10:58:30,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/33-10:58:30,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/33-10:58:30,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/33-10:58:30,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:51/33-10:58:30,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:50/33-10:58:30,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/33-10:58:30,1352) bpfilter_umh (root,26204,8128,00:00:17/33-10:58:30,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/33-10:58:30,1359) ntpd: asynchronous dns resolver (spot,361520,200096,2-00:12:57/33-10:58:29,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/33-10:58:29,1371) (sd-pam) (checkmk,48528,3192,00:00:00/33-10:58:29,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/33-10:58:29,1373) (sd-pam) (root,24216,5260,00:00:11/33-10:58:27,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/33-10:58:27,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/33-10:58:27,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/33-10:58:24,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:05/33-10:58:23,1527) sshd: syslogtunnel (root,694036,75228,00:46:18/33-10:58:21,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,222656,63340,00:18:39/33-10:58:09,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/27-16:33:44,2557) tlsmgr -l -t unix -u (postfix,24244,8240,00:00:00/51:40,2889) pickup -l -t fifo -u (root,0,0,00:00:00/15:32,2925) [kworker/3:2-events] (root,35308,10108,00:00:00/33-10:57:44,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:51/33-10:57:44,3218) sshd: cm-ssh (root,0,0,00:00:00/38:32,3437) [kworker/0:2-events] (root,0,0,00:00:00/01:56,9144) [kworker/1:1] (root,0,0,00:00:00/02:48:23,15338) [kworker/1:0-events] (root,0,0,00:00:00/02:45:03,15620) [kworker/2:2-events] (root,0,0,00:00:00/10:19,15777) [kworker/3:1-ata_sff] (root,6656,3484,00:00:00/00:00,18338) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,18356) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,18357) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/55:10,19377) [kworker/1:2-mm_percpu_wq] (root,0,0,00:00:00/01:01:50,26016) [kworker/2:0] (root,0,0,00:00:00/01:01:49,26130) [kworker/u8:1-events_unbound] (root,0,0,00:00:00/21:49,26155) [kworker/0:0-events] (root,0,0,00:00:00/01:38:05,28574) [kworker/u8:0-writeback] (root,0,0,00:00:00/05:09,30088) [kworker/3:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-13 21:48 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836348275c1cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:32/31-10:58:36,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-10:58:36,2) [kthreadd] (root,0,0,00:00:00/31-10:58:36,3) [rcu_gp] (root,0,0,00:00:00/31-10:58:36,4) [rcu_par_gp] (root,0,0,00:00:00/31-10:58:36,5) [slub_flushwq] (root,0,0,00:00:00/31-10:58:36,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-10:58:36,9) [mm_percpu_wq] (root,0,0,00:00:00/31-10:58:36,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-10:58:36,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-10:58:36,12) [rcu_tasks_trace] (root,0,0,00:00:58/31-10:58:36,13) [ksoftirqd/0] (root,0,0,01:31:09/31-10:58:36,14) [rcu_preempt] (root,0,0,00:00:12/31-10:58:36,15) [migration/0] (root,0,0,00:00:00/31-10:58:36,16) [idle_inject/0] (root,0,0,00:00:00/31-10:58:36,18) [cpuhp/0] (root,0,0,00:00:00/31-10:58:36,19) [cpuhp/1] (root,0,0,00:00:00/31-10:58:36,20) [idle_inject/1] (root,0,0,00:00:12/31-10:58:36,21) [migration/1] (root,0,0,00:00:47/31-10:58:36,22) [ksoftirqd/1] (root,0,0,00:00:00/31-10:58:36,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-10:58:36,25) [cpuhp/2] (root,0,0,00:00:00/31-10:58:36,26) [idle_inject/2] (root,0,0,00:00:09/31-10:58:36,27) [migration/2] (root,0,0,00:58:29/31-10:58:36,28) [ksoftirqd/2] (root,0,0,00:00:00/31-10:58:36,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-10:58:36,31) [cpuhp/3] (root,0,0,00:00:00/31-10:58:36,32) [idle_inject/3] (root,0,0,00:00:11/31-10:58:36,33) [migration/3] (root,0,0,00:03:01/31-10:58:36,34) [ksoftirqd/3] (root,0,0,00:00:00/31-10:58:36,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-10:58:36,40) [kdevtmpfs] (root,0,0,00:00:00/31-10:58:36,41) [netns] (root,0,0,00:00:00/31-10:58:36,42) [inet_frag_wq] (root,0,0,00:00:11/31-10:58:36,43) [kauditd] (root,0,0,00:00:00/31-10:58:36,44) [khungtaskd] (root,0,0,00:00:00/31-10:58:36,45) [oom_reaper] (root,0,0,00:00:00/31-10:58:36,46) [writeback] (root,0,0,00:01:40/31-10:58:36,47) [kcompactd0] (root,0,0,00:00:00/31-10:58:36,48) [ksmd] (root,0,0,00:01:43/31-10:58:36,49) [khugepaged] (root,0,0,00:00:00/31-10:58:36,75) [kintegrityd] (root,0,0,00:00:00/31-10:58:36,76) [kblockd] (root,0,0,00:00:00/31-10:58:36,77) [blkcg_punt_bio] (root,0,0,00:00:00/31-10:58:36,79) [tpm_dev_wq] (root,0,0,00:00:00/31-10:58:36,80) [edac-poller] (root,0,0,00:00:00/31-10:58:36,81) [devfreq_wq] (root,0,0,00:00:00/31-10:58:36,110) [watchdogd] (root,0,0,00:00:02/31-10:58:36,111) [kswapd0] (root,0,0,00:00:08/31-10:58:36,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/31-10:58:34,115) [kthrotld] (root,0,0,00:00:00/31-10:58:34,116) [mld] (root,0,0,00:00:00/31-10:58:34,117) [ipv6_addrconf] (root,0,0,00:00:09/31-10:58:34,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-10:58:34,123) [kstrp] (root,0,0,00:00:00/31-10:58:34,124) [zswap-shrink] (root,0,0,00:00:00/31-10:58:34,125) [kworker/u9:0] (root,0,0,00:00:00/31-10:58:34,130) [charger_manager] (root,0,0,00:00:09/31-10:58:34,172) [kworker/1:1H-kblockd] (root,0,0,00:00:14/31-10:58:34,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/31-10:58:33,239) [kaluad] (root,0,0,00:00:00/31-10:58:33,258) [kmpath_rdacd] (root,0,0,00:00:00/31-10:58:33,304) [kmpathd] (root,0,0,00:00:00/31-10:58:33,305) [kmpath_handlerd] (root,0,0,00:00:00/31-10:58:32,342) [ata_sff] (root,0,0,00:00:00/31-10:58:32,343) [scsi_eh_0] (root,0,0,00:00:00/31-10:58:32,344) [scsi_tmf_0] (root,0,0,00:00:00/31-10:58:32,345) [scsi_eh_1] (root,0,0,00:00:00/31-10:58:32,346) [scsi_tmf_1] (root,0,0,00:01:03/31-10:58:29,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-10:58:29,367) [ext4-rsv-conver] (root,38604,7944,00:00:51/31-10:58:17,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/31-10:58:16,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:49/31-10:58:14,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:18/31-10:57:43,511) /sbin/auditd (messagebus,22932,5632,00:01:44/31-10:57:42,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:59/31-10:57:42,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/31-10:57:42,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/31-10:57:40,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/31-10:57:40,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:37/31-10:57:26,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/31-10:57:26,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:10/31-10:57:26,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/31-10:57:26,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/31-10:57:26,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/31-10:57:26,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/31-10:57:26,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:48/31-10:57:26,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:34/31-10:57:26,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/31-10:57:26,1352) bpfilter_umh (root,26204,8128,00:00:16/31-10:57:26,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/31-10:57:26,1359) ntpd: asynchronous dns resolver (spot,361744,200180,1-22:02:25/31-10:57:25,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/31-10:57:25,1371) (sd-pam) (checkmk,48528,3192,00:00:00/31-10:57:25,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/31-10:57:25,1373) (sd-pam) (root,24216,5260,00:00:11/31-10:57:23,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/31-10:57:23,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/31-10:57:23,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/31-10:57:20,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:57/31-10:57:19,1527) sshd: syslogtunnel (root,693780,74896,00:43:35/31-10:57:17,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,221632,61976,00:17:37/31-10:57:05,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/25-16:32:40,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/31-10:56:40,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:44/31-10:56:40,3218) sshd: cm-ssh (root,6656,3492,00:00:00/00:00,4456) /bin/bash /usr/bin/check_mk_agent (root,13744,3420,00:00:00/00:00,4475) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,4476) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/08:26,5388) [kworker/2:2] (root,0,0,00:00:00/55:40,5424) [kworker/0:2-events] (root,0,0,00:00:00/36:37,8236) [kworker/3:1-ata_sff] (root,0,0,00:00:00/02:35:48,8637) [kworker/1:1-events] (root,0,0,00:00:00/06:34,9918) [kworker/3:0-ata_sff] (root,0,0,00:00:00/16:07:12,11736) [kworker/u8:1-ext4-rsv-conversion] (postfix,24244,8172,00:00:00/01:12:33,12724) pickup -l -t fifo -u (root,0,0,00:00:00/01:19:08,22602) [kworker/2:1-events] (root,0,0,00:00:00/01:09:07,23131) [kworker/1:0-events] (root,0,0,00:00:00/11:49,23935) [kworker/u8:0-writeback] (root,0,0,00:00:00/21:45,28641) [kworker/0:1-events] (root,0,0,00:00:00/01:24,32427) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-11 21:47 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b09ecebdFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:25/29-10:53:39,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-10:53:39,2) [kthreadd] (root,0,0,00:00:00/29-10:53:39,3) [rcu_gp] (root,0,0,00:00:00/29-10:53:39,4) [rcu_par_gp] (root,0,0,00:00:00/29-10:53:39,5) [slub_flushwq] (root,0,0,00:00:00/29-10:53:39,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-10:53:39,9) [mm_percpu_wq] (root,0,0,00:00:00/29-10:53:39,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-10:53:39,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-10:53:39,12) [rcu_tasks_trace] (root,0,0,00:00:54/29-10:53:39,13) [ksoftirqd/0] (root,0,0,01:25:21/29-10:53:39,14) [rcu_preempt] (root,0,0,00:00:11/29-10:53:39,15) [migration/0] (root,0,0,00:00:00/29-10:53:39,16) [idle_inject/0] (root,0,0,00:00:00/29-10:53:39,18) [cpuhp/0] (root,0,0,00:00:00/29-10:53:39,19) [cpuhp/1] (root,0,0,00:00:00/29-10:53:39,20) [idle_inject/1] (root,0,0,00:00:11/29-10:53:39,21) [migration/1] (root,0,0,00:00:44/29-10:53:39,22) [ksoftirqd/1] (root,0,0,00:00:00/29-10:53:39,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-10:53:39,25) [cpuhp/2] (root,0,0,00:00:00/29-10:53:39,26) [idle_inject/2] (root,0,0,00:00:08/29-10:53:39,27) [migration/2] (root,0,0,00:54:24/29-10:53:39,28) [ksoftirqd/2] (root,0,0,00:00:00/29-10:53:39,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-10:53:39,31) [cpuhp/3] (root,0,0,00:00:00/29-10:53:39,32) [idle_inject/3] (root,0,0,00:00:10/29-10:53:39,33) [migration/3] (root,0,0,00:02:49/29-10:53:39,34) [ksoftirqd/3] (root,0,0,00:00:00/29-10:53:39,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-10:53:39,40) [kdevtmpfs] (root,0,0,00:00:00/29-10:53:39,41) [netns] (root,0,0,00:00:00/29-10:53:39,42) [inet_frag_wq] (root,0,0,00:00:10/29-10:53:39,43) [kauditd] (root,0,0,00:00:00/29-10:53:39,44) [khungtaskd] (root,0,0,00:00:00/29-10:53:39,45) [oom_reaper] (root,0,0,00:00:00/29-10:53:39,46) [writeback] (root,0,0,00:01:34/29-10:53:39,47) [kcompactd0] (root,0,0,00:00:00/29-10:53:39,48) [ksmd] (root,0,0,00:01:35/29-10:53:39,49) [khugepaged] (root,0,0,00:00:00/29-10:53:39,75) [kintegrityd] (root,0,0,00:00:00/29-10:53:39,76) [kblockd] (root,0,0,00:00:00/29-10:53:39,77) [blkcg_punt_bio] (root,0,0,00:00:00/29-10:53:39,79) [tpm_dev_wq] (root,0,0,00:00:00/29-10:53:39,80) [edac-poller] (root,0,0,00:00:00/29-10:53:39,81) [devfreq_wq] (root,0,0,00:00:00/29-10:53:39,110) [watchdogd] (root,0,0,00:00:02/29-10:53:39,111) [kswapd0] (root,0,0,00:00:08/29-10:53:39,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/29-10:53:37,115) [kthrotld] (root,0,0,00:00:00/29-10:53:37,116) [mld] (root,0,0,00:00:00/29-10:53:37,117) [ipv6_addrconf] (root,0,0,00:00:08/29-10:53:37,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-10:53:37,123) [kstrp] (root,0,0,00:00:00/29-10:53:37,124) [zswap-shrink] (root,0,0,00:00:00/29-10:53:37,125) [kworker/u9:0] (root,0,0,00:00:00/29-10:53:37,130) [charger_manager] (root,0,0,00:00:09/29-10:53:37,172) [kworker/1:1H-kblockd] (root,0,0,00:00:13/29-10:53:37,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/29-10:53:36,239) [kaluad] (root,0,0,00:00:00/29-10:53:36,258) [kmpath_rdacd] (root,0,0,00:00:00/29-10:53:36,304) [kmpathd] (root,0,0,00:00:00/29-10:53:36,305) [kmpath_handlerd] (root,0,0,00:00:00/29-10:53:35,342) [ata_sff] (root,0,0,00:00:00/29-10:53:35,343) [scsi_eh_0] (root,0,0,00:00:00/29-10:53:35,344) [scsi_tmf_0] (root,0,0,00:00:00/29-10:53:35,345) [scsi_eh_1] (root,0,0,00:00:00/29-10:53:35,346) [scsi_tmf_1] (root,0,0,00:00:59/29-10:53:32,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-10:53:32,367) [ext4-rsv-conver] (root,38604,7944,00:00:47/29-10:53:20,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/29-10:53:19,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:46/29-10:53:17,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:17/29-10:52:46,511) /sbin/auditd (messagebus,22932,5632,00:01:35/29-10:52:45,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:54/29-10:52:45,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/29-10:52:45,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/29-10:52:43,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/29-10:52:43,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:34/29-10:52:29,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/29-10:52:29,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:58/29-10:52:29,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/29-10:52:29,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/29-10:52:29,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/29-10:52:29,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/29-10:52:29,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:45/29-10:52:29,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:16/29-10:52:29,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/29-10:52:29,1352) bpfilter_umh (root,26204,8128,00:00:14/29-10:52:29,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/29-10:52:29,1359) ntpd: asynchronous dns resolver (spot,361792,200204,1-19:41:41/29-10:52:28,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/29-10:52:28,1371) (sd-pam) (checkmk,48528,3192,00:00:00/29-10:52:28,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/29-10:52:28,1373) (sd-pam) (root,24216,5260,00:00:10/29-10:52:26,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/29-10:52:26,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/29-10:52:26,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/29-10:52:23,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:50/29-10:52:22,1527) sshd: syslogtunnel (root,693524,72428,00:40:43/29-10:52:20,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/08:06,1780) [kworker/2:2] (spot,220608,60744,00:16:34/29-10:52:08,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/23-16:27:43,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/29-10:51:43,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:37/29-10:51:43,3218) sshd: cm-ssh (root,0,0,00:00:00/02:23:19,5369) [kworker/1:2-events] (root,6656,3488,00:00:00/00:00,7184) /bin/bash /usr/bin/check_mk_agent (root,13744,3372,00:00:00/00:00,7202) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,7203) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8272,00:00:00/01:29:36,7332) pickup -l -t fifo -u (root,0,0,00:00:00/20:56,7616) [kworker/1:0-mm_percpu_wq] (root,0,0,00:00:00/02:00:52,9463) [kworker/0:2-cgroup_destroy] (root,0,0,00:00:00/31:51,9946) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/04:40,13926) [kworker/3:1-ata_sff] (root,0,0,00:00:00/01:00:55,16583) [kworker/3:2-events] (root,0,0,00:00:00/59:48,20379) [kworker/2:1-events] (root,0,0,00:00:00/17:42,22291) [kworker/0:1-events] (root,0,0,00:00:00/09:50,27906) [kworker/3:0-ata_sff] (root,0,0,00:00:00/02:58:31,31631) [kworker/u8:0-ext4-rsv-conversion] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-09 21:42 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836378166572Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:18/27-11:51:13,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-11:51:13,2) [kthreadd] (root,0,0,00:00:00/27-11:51:13,3) [rcu_gp] (root,0,0,00:00:00/27-11:51:13,4) [rcu_par_gp] (root,0,0,00:00:00/27-11:51:13,5) [slub_flushwq] (root,0,0,00:00:00/27-11:51:13,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-11:51:13,9) [mm_percpu_wq] (root,0,0,00:00:00/27-11:51:13,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-11:51:13,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-11:51:13,12) [rcu_tasks_trace] (root,0,0,00:00:51/27-11:51:13,13) [ksoftirqd/0] (root,0,0,01:20:01/27-11:51:13,14) [rcu_preempt] (root,0,0,00:00:10/27-11:51:13,15) [migration/0] (root,0,0,00:00:00/27-11:51:13,16) [idle_inject/0] (root,0,0,00:00:00/27-11:51:13,18) [cpuhp/0] (root,0,0,00:00:00/27-11:51:13,19) [cpuhp/1] (root,0,0,00:00:00/27-11:51:13,20) [idle_inject/1] (root,0,0,00:00:10/27-11:51:13,21) [migration/1] (root,0,0,00:00:42/27-11:51:13,22) [ksoftirqd/1] (root,0,0,00:00:00/27-11:51:13,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-11:51:13,25) [cpuhp/2] (root,0,0,00:00:00/27-11:51:13,26) [idle_inject/2] (root,0,0,00:00:08/27-11:51:13,27) [migration/2] (root,0,0,00:51:28/27-11:51:13,28) [ksoftirqd/2] (root,0,0,00:00:00/27-11:51:13,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-11:51:13,31) [cpuhp/3] (root,0,0,00:00:00/27-11:51:13,32) [idle_inject/3] (root,0,0,00:00:10/27-11:51:13,33) [migration/3] (root,0,0,00:02:40/27-11:51:13,34) [ksoftirqd/3] (root,0,0,00:00:00/27-11:51:13,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-11:51:13,40) [kdevtmpfs] (root,0,0,00:00:00/27-11:51:13,41) [netns] (root,0,0,00:00:00/27-11:51:13,42) [inet_frag_wq] (root,0,0,00:00:09/27-11:51:13,43) [kauditd] (root,0,0,00:00:00/27-11:51:13,44) [khungtaskd] (root,0,0,00:00:00/27-11:51:13,45) [oom_reaper] (root,0,0,00:00:00/27-11:51:13,46) [writeback] (root,0,0,00:01:28/27-11:51:13,47) [kcompactd0] (root,0,0,00:00:00/27-11:51:13,48) [ksmd] (root,0,0,00:01:29/27-11:51:13,49) [khugepaged] (root,0,0,00:00:00/27-11:51:13,75) [kintegrityd] (root,0,0,00:00:00/27-11:51:13,76) [kblockd] (root,0,0,00:00:00/27-11:51:13,77) [blkcg_punt_bio] (root,0,0,00:00:00/27-11:51:13,79) [tpm_dev_wq] (root,0,0,00:00:00/27-11:51:13,80) [edac-poller] (root,0,0,00:00:00/27-11:51:13,81) [devfreq_wq] (root,0,0,00:00:00/27-11:51:13,110) [watchdogd] (root,0,0,00:00:02/27-11:51:13,111) [kswapd0] (root,0,0,00:00:07/27-11:51:13,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/27-11:51:11,115) [kthrotld] (root,0,0,00:00:00/27-11:51:11,116) [mld] (root,0,0,00:00:00/27-11:51:11,117) [ipv6_addrconf] (root,0,0,00:00:07/27-11:51:11,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-11:51:11,123) [kstrp] (root,0,0,00:00:00/27-11:51:11,124) [zswap-shrink] (root,0,0,00:00:00/27-11:51:11,125) [kworker/u9:0] (root,0,0,00:00:00/27-11:51:11,130) [charger_manager] (root,0,0,00:00:08/27-11:51:11,172) [kworker/1:1H-kblockd] (root,0,0,00:00:12/27-11:51:11,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/27-11:51:10,239) [kaluad] (root,0,0,00:00:00/27-11:51:10,258) [kmpath_rdacd] (root,0,0,00:00:00/27-11:51:10,304) [kmpathd] (root,0,0,00:00:00/27-11:51:10,305) [kmpath_handlerd] (root,0,0,00:00:00/27-11:51:09,342) [ata_sff] (root,0,0,00:00:00/27-11:51:09,343) [scsi_eh_0] (root,0,0,00:00:00/27-11:51:09,344) [scsi_tmf_0] (root,0,0,00:00:00/27-11:51:09,345) [scsi_eh_1] (root,0,0,00:00:00/27-11:51:09,346) [scsi_tmf_1] (root,0,0,00:00:55/27-11:51:06,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-11:51:06,367) [ext4-rsv-conver] (root,38604,7944,00:00:43/27-11:50:54,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/27-11:50:53,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:43/27-11:50:51,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:15/27-11:50:20,511) /sbin/auditd (messagebus,22932,5632,00:01:26/27-11:50:19,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8328,00:00:49/27-11:50:19,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/27-11:50:19,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/27-11:50:17,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/27-11:50:17,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28512,00:00:32/27-11:50:03,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/27-11:50:03,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:47/27-11:50:03,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/27-11:50:03,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/27-11:50:03,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/27-11:50:03,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/27-11:50:03,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:41/27-11:50:03,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:03:59/27-11:50:03,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/27-11:50:03,1352) bpfilter_umh (root,26204,8128,00:00:13/27-11:50:03,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/27-11:50:03,1359) ntpd: asynchronous dns resolver (spot,296048,195024,1-17:08:46/27-11:50:02,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/27-11:50:02,1371) (sd-pam) (checkmk,48528,3192,00:00:00/27-11:50:02,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/27-11:50:02,1373) (sd-pam) (root,24216,5260,00:00:09/27-11:50:00,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:01/27-11:50:00,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/27-11:50:00,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/27-11:49:57,1516) sshd: syslogtunnel [priv] (root,0,0,00:00:00/10:46,1520) [kworker/2:1-cgroup_destroy] (syslogtunnel,35304,5504,00:01:42/27-11:49:56,1527) sshd: syslogtunnel (root,693268,74056,00:38:01/27-11:49:54,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/57:03,1861) [kworker/0:2-events] (spot,219584,59116,00:15:33/27-11:49:42,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:28,2311) [kworker/2:2] (postfix,44628,9244,00:00:00/21-17:25:17,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/27-11:49:17,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:31/27-11:49:17,3218) sshd: cm-ssh (root,0,0,00:00:00/19:22,4690) [kworker/u8:1] (root,6656,3484,00:00:00/00:00,6408) /bin/bash /usr/bin/check_mk_agent (root,13744,3392,00:00:00/00:00,6426) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,6427) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:18:29,6602) [kworker/2:0-events] (root,0,0,00:00:00/54:02,7994) [kworker/1:0-events] (root,0,0,00:00:00/07:07,13920) [kworker/3:2-ata_sff] (root,0,0,00:00:00/38:58,21505) [kworker/u8:2-writeback] (root,0,0,00:00:00/13:49,22103) [kworker/0:1] (root,0,0,00:00:00/12:18,28201) [kworker/3:0-events] (postfix,24244,8264,00:00:00/01:08:52,28642) pickup -l -t fifo -u (root,0,0,00:00:00/44:50,32123) [kworker/1:1-events] (root,0,0,00:00:00/01:55,32305) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-07 22:39 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683635a559c34Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:10/25-11:10:39,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-11:10:39,2) [kthreadd] (root,0,0,00:00:00/25-11:10:39,3) [rcu_gp] (root,0,0,00:00:00/25-11:10:39,4) [rcu_par_gp] (root,0,0,00:00:00/25-11:10:39,5) [slub_flushwq] (root,0,0,00:00:00/25-11:10:39,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-11:10:39,9) [mm_percpu_wq] (root,0,0,00:00:00/25-11:10:39,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-11:10:39,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-11:10:39,12) [rcu_tasks_trace] (root,0,0,00:00:48/25-11:10:39,13) [ksoftirqd/0] (root,0,0,01:14:29/25-11:10:39,14) [rcu_preempt] (root,0,0,00:00:09/25-11:10:39,15) [migration/0] (root,0,0,00:00:00/25-11:10:39,16) [idle_inject/0] (root,0,0,00:00:00/25-11:10:39,18) [cpuhp/0] (root,0,0,00:00:00/25-11:10:39,19) [cpuhp/1] (root,0,0,00:00:00/25-11:10:39,20) [idle_inject/1] (root,0,0,00:00:09/25-11:10:39,21) [migration/1] (root,0,0,00:00:39/25-11:10:39,22) [ksoftirqd/1] (root,0,0,00:00:00/25-11:10:39,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-11:10:39,25) [cpuhp/2] (root,0,0,00:00:00/25-11:10:39,26) [idle_inject/2] (root,0,0,00:00:07/25-11:10:39,27) [migration/2] (root,0,0,00:48:35/25-11:10:39,28) [ksoftirqd/2] (root,0,0,00:00:00/25-11:10:39,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-11:10:39,31) [cpuhp/3] (root,0,0,00:00:00/25-11:10:39,32) [idle_inject/3] (root,0,0,00:00:09/25-11:10:39,33) [migration/3] (root,0,0,00:02:30/25-11:10:39,34) [ksoftirqd/3] (root,0,0,00:00:00/25-11:10:39,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-11:10:39,40) [kdevtmpfs] (root,0,0,00:00:00/25-11:10:39,41) [netns] (root,0,0,00:00:00/25-11:10:39,42) [inet_frag_wq] (root,0,0,00:00:08/25-11:10:39,43) [kauditd] (root,0,0,00:00:00/25-11:10:39,44) [khungtaskd] (root,0,0,00:00:00/25-11:10:39,45) [oom_reaper] (root,0,0,00:00:00/25-11:10:39,46) [writeback] (root,0,0,00:01:21/25-11:10:39,47) [kcompactd0] (root,0,0,00:00:00/25-11:10:39,48) [ksmd] (root,0,0,00:01:23/25-11:10:39,49) [khugepaged] (root,0,0,00:00:00/25-11:10:39,75) [kintegrityd] (root,0,0,00:00:00/25-11:10:39,76) [kblockd] (root,0,0,00:00:00/25-11:10:39,77) [blkcg_punt_bio] (root,0,0,00:00:00/25-11:10:39,79) [tpm_dev_wq] (root,0,0,00:00:00/25-11:10:39,80) [edac-poller] (root,0,0,00:00:00/25-11:10:39,81) [devfreq_wq] (root,0,0,00:00:00/25-11:10:39,110) [watchdogd] (root,0,0,00:00:01/25-11:10:39,111) [kswapd0] (root,0,0,00:00:07/25-11:10:39,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/25-11:10:37,115) [kthrotld] (root,0,0,00:00:00/25-11:10:37,116) [mld] (root,0,0,00:00:00/25-11:10:37,117) [ipv6_addrconf] (root,0,0,00:00:07/25-11:10:37,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-11:10:37,123) [kstrp] (root,0,0,00:00:00/25-11:10:37,124) [zswap-shrink] (root,0,0,00:00:00/25-11:10:37,125) [kworker/u9:0] (root,0,0,00:00:00/25-11:10:37,130) [charger_manager] (root,0,0,00:00:07/25-11:10:37,172) [kworker/1:1H-kblockd] (root,0,0,00:00:11/25-11:10:37,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/25-11:10:36,239) [kaluad] (root,0,0,00:00:00/25-11:10:36,258) [kmpath_rdacd] (root,0,0,00:00:00/25-11:10:36,304) [kmpathd] (root,0,0,00:00:00/25-11:10:36,305) [kmpath_handlerd] (root,0,0,00:00:00/25-11:10:35,342) [ata_sff] (root,0,0,00:00:00/25-11:10:35,343) [scsi_eh_0] (root,0,0,00:00:00/25-11:10:35,344) [scsi_tmf_0] (root,0,0,00:00:00/25-11:10:35,345) [scsi_eh_1] (root,0,0,00:00:00/25-11:10:35,346) [scsi_tmf_1] (root,0,0,00:00:51/25-11:10:32,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-11:10:32,367) [ext4-rsv-conver] (root,38604,7992,00:00:39/25-11:10:20,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:03/25-11:10:19,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:40/25-11:10:17,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:14/25-11:09:46,511) /sbin/auditd (messagebus,22932,5912,00:01:17/25-11:09:45,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:44/25-11:09:45,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/25-11:09:45,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/25-11:09:43,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/25-11:09:43,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29508,00:00:30/25-11:09:29,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/25-11:09:29,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:35/25-11:09:29,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/25-11:09:29,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/25-11:09:29,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/25-11:09:29,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/25-11:09:29,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:37/25-11:09:29,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:41/25-11:09:29,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/25-11:09:29,1352) bpfilter_umh (root,26204,8212,00:00:12/25-11:09:29,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/25-11:09:29,1359) ntpd: asynchronous dns resolver (spot,296288,191528,1-14:52:50/25-11:09:28,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/25-11:09:28,1371) (sd-pam) (checkmk,48528,3192,00:00:00/25-11:09:28,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/25-11:09:28,1373) (sd-pam) (root,24216,5268,00:00:08/25-11:09:26,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/25-11:09:26,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/25-11:09:26,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/25-11:09:23,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:34/25-11:09:22,1527) sshd: syslogtunnel (root,693268,75792,00:35:14/25-11:09:20,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,218560,57868,00:14:33/25-11:09:08,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/19-16:44:43,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/25-11:08:43,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:25/25-11:08:43,3218) sshd: cm-ssh (root,0,0,00:00:00/53:58,5871) [kworker/3:1-events] (root,0,0,00:00:00/13:48,6647) [kworker/u8:0] (root,0,0,00:00:00/02:03,13825) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:21:49,14592) [kworker/0:2-events] (root,0,0,00:00:00/01:58:52,16766) [kworker/u8:2-writeback] (postfix,24244,8260,00:00:00/49:23,17284) pickup -l -t fifo -u (root,0,0,00:00:00/21:21,18946) [kworker/1:1-events] (root,0,0,00:00:00/00:19,20406) [kworker/2:2-events] (root,0,0,00:00:00/09:19,21873) [kworker/1:0-events] (root,6656,3492,00:00:00/00:00,21993) /bin/bash /usr/bin/check_mk_agent (root,6656,3480,00:00:00/00:00,21996) /bin/bash /usr/bin/check_mk_agent (root,13744,3464,00:00:00/00:00,22025) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,22026) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:30:47,23197) [kworker/2:0-events] (root,0,0,00:00:00/07:16,29237) [kworker/3:0-ata_sff] (root,0,0,00:00:00/06:20,31404) [kworker/0:1-events] (root,0,0,00:00:00/45:17,31512) [kworker/2:1-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-05 21:59 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363dc7cf932Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:03/23-11:44:22,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-11:44:22,2) [kthreadd] (root,0,0,00:00:00/23-11:44:22,3) [rcu_gp] (root,0,0,00:00:00/23-11:44:22,4) [rcu_par_gp] (root,0,0,00:00:00/23-11:44:22,5) [slub_flushwq] (root,0,0,00:00:00/23-11:44:22,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-11:44:22,9) [mm_percpu_wq] (root,0,0,00:00:00/23-11:44:22,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-11:44:22,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-11:44:22,12) [rcu_tasks_trace] (root,0,0,00:00:45/23-11:44:22,13) [ksoftirqd/0] (root,0,0,01:08:57/23-11:44:22,14) [rcu_preempt] (root,0,0,00:00:09/23-11:44:22,15) [migration/0] (root,0,0,00:00:00/23-11:44:22,16) [idle_inject/0] (root,0,0,00:00:00/23-11:44:22,18) [cpuhp/0] (root,0,0,00:00:00/23-11:44:22,19) [cpuhp/1] (root,0,0,00:00:00/23-11:44:22,20) [idle_inject/1] (root,0,0,00:00:09/23-11:44:22,21) [migration/1] (root,0,0,00:00:37/23-11:44:22,22) [ksoftirqd/1] (root,0,0,00:00:00/23-11:44:22,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-11:44:22,25) [cpuhp/2] (root,0,0,00:00:00/23-11:44:22,26) [idle_inject/2] (root,0,0,00:00:07/23-11:44:22,27) [migration/2] (root,0,0,00:45:24/23-11:44:22,28) [ksoftirqd/2] (root,0,0,00:00:00/23-11:44:22,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-11:44:22,31) [cpuhp/3] (root,0,0,00:00:00/23-11:44:22,32) [idle_inject/3] (root,0,0,00:00:08/23-11:44:22,33) [migration/3] (root,0,0,00:02:21/23-11:44:22,34) [ksoftirqd/3] (root,0,0,00:00:00/23-11:44:22,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-11:44:22,40) [kdevtmpfs] (root,0,0,00:00:00/23-11:44:22,41) [netns] (root,0,0,00:00:00/23-11:44:22,42) [inet_frag_wq] (root,0,0,00:00:07/23-11:44:22,43) [kauditd] (root,0,0,00:00:00/23-11:44:22,44) [khungtaskd] (root,0,0,00:00:00/23-11:44:22,45) [oom_reaper] (root,0,0,00:00:00/23-11:44:22,46) [writeback] (root,0,0,00:01:15/23-11:44:22,47) [kcompactd0] (root,0,0,00:00:00/23-11:44:22,48) [ksmd] (root,0,0,00:01:16/23-11:44:22,49) [khugepaged] (root,0,0,00:00:00/23-11:44:22,75) [kintegrityd] (root,0,0,00:00:00/23-11:44:22,76) [kblockd] (root,0,0,00:00:00/23-11:44:22,77) [blkcg_punt_bio] (root,0,0,00:00:00/23-11:44:22,79) [tpm_dev_wq] (root,0,0,00:00:00/23-11:44:22,80) [edac-poller] (root,0,0,00:00:00/23-11:44:22,81) [devfreq_wq] (root,0,0,00:00:00/23-11:44:22,110) [watchdogd] (root,0,0,00:00:01/23-11:44:22,111) [kswapd0] (root,0,0,00:00:06/23-11:44:22,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/23-11:44:20,115) [kthrotld] (root,0,0,00:00:00/23-11:44:20,116) [mld] (root,0,0,00:00:00/23-11:44:20,117) [ipv6_addrconf] (root,0,0,00:00:06/23-11:44:20,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-11:44:20,123) [kstrp] (root,0,0,00:00:00/23-11:44:20,124) [zswap-shrink] (root,0,0,00:00:00/23-11:44:20,125) [kworker/u9:0] (root,0,0,00:00:00/23-11:44:20,130) [charger_manager] (root,0,0,00:00:07/23-11:44:20,172) [kworker/1:1H-kblockd] (root,0,0,00:00:10/23-11:44:20,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/23-11:44:19,239) [kaluad] (root,0,0,00:00:00/23-11:44:19,258) [kmpath_rdacd] (root,0,0,00:00:00/23-11:44:19,304) [kmpathd] (root,0,0,00:00:00/23-11:44:19,305) [kmpath_handlerd] (root,0,0,00:00:00/23-11:44:18,342) [ata_sff] (root,0,0,00:00:00/23-11:44:18,343) [scsi_eh_0] (root,0,0,00:00:00/23-11:44:18,344) [scsi_tmf_0] (root,0,0,00:00:00/23-11:44:18,345) [scsi_eh_1] (root,0,0,00:00:00/23-11:44:18,346) [scsi_tmf_1] (root,0,0,00:00:47/23-11:44:15,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-11:44:15,367) [ext4-rsv-conver] (root,38604,7992,00:00:35/23-11:44:03,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/23-11:44:02,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:37/23-11:44:00,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:12/23-11:43:29,511) /sbin/auditd (messagebus,22932,5912,00:01:08/23-11:43:28,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,0,0,00:00:00/01:17,527) [kworker/0:1] (root,38748,8392,00:00:39/23-11:43:28,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/23-11:43:28,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/23-11:43:26,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/23-11:43:26,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28468,00:00:27/23-11:43:12,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/23-11:43:12,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:25/23-11:43:12,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/23-11:43:12,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/23-11:43:12,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/23-11:43:12,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/23-11:43:12,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:33/23-11:43:12,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:24/23-11:43:12,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/23-11:43:12,1352) bpfilter_umh (root,26204,8212,00:00:10/23-11:43:12,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/23-11:43:12,1359) ntpd: asynchronous dns resolver (spot,292016,178088,1-12:28:11/23-11:43:11,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/23-11:43:11,1371) (sd-pam) (checkmk,48528,3192,00:00:00/23-11:43:11,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/23-11:43:11,1373) (sd-pam) (root,24216,5268,00:00:08/23-11:43:09,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/23-11:43:09,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/23-11:43:09,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/23-11:43:06,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:27/23-11:43:05,1527) sshd: syslogtunnel (root,692644,75232,00:32:30/23-11:43:03,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,56544,00:13:34/23-11:42:51,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/17-17:18:26,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/23-11:42:26,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:18/23-11:42:26,3218) sshd: cm-ssh (root,0,0,00:00:00/01:48:45,3775) [kworker/1:2-events] (root,0,0,00:00:00/00:52,4056) [kworker/3:0-ata_sff] (root,0,0,00:00:00/00:46,4103) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/04:25:57,4562) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/07:39,4623) [kworker/0:2-events] (root,0,0,00:00:00/39:55,6461) [kworker/2:0] (root,6656,3480,00:00:00/00:00,6698) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,6716) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,6717) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/32:01,8177) [kworker/3:2-events] (root,0,0,00:00:00/06:04,12868) [kworker/3:1-ata_sff] (root,0,0,00:00:00/24:00,16332) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/14:17,18134) [kworker/2:2-events] (postfix,24244,8168,00:00:00/04:51,18770) pickup -l -t fifo -u (root,0,0,00:00:00/45:43,20947) [kworker/1:1-events] (root,0,0,00:00:00/33:37,24948) [kworker/0:0-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-03 22:33 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836378e47ca5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:54/21-11:19:07,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-11:19:07,2) [kthreadd] (root,0,0,00:00:00/21-11:19:07,3) [rcu_gp] (root,0,0,00:00:00/21-11:19:07,4) [rcu_par_gp] (root,0,0,00:00:00/21-11:19:07,5) [slub_flushwq] (root,0,0,00:00:00/21-11:19:07,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-11:19:07,9) [mm_percpu_wq] (root,0,0,00:00:00/21-11:19:07,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-11:19:07,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-11:19:07,12) [rcu_tasks_trace] (root,0,0,00:00:41/21-11:19:07,13) [ksoftirqd/0] (root,0,0,01:03:13/21-11:19:07,14) [rcu_preempt] (root,0,0,00:00:08/21-11:19:07,15) [migration/0] (root,0,0,00:00:00/21-11:19:07,16) [idle_inject/0] (root,0,0,00:00:00/21-11:19:07,18) [cpuhp/0] (root,0,0,00:00:00/21-11:19:07,19) [cpuhp/1] (root,0,0,00:00:00/21-11:19:07,20) [idle_inject/1] (root,0,0,00:00:08/21-11:19:07,21) [migration/1] (root,0,0,00:00:34/21-11:19:07,22) [ksoftirqd/1] (root,0,0,00:00:00/21-11:19:07,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-11:19:07,25) [cpuhp/2] (root,0,0,00:00:00/21-11:19:07,26) [idle_inject/2] (root,0,0,00:00:06/21-11:19:07,27) [migration/2] (root,0,0,00:42:32/21-11:19:07,28) [ksoftirqd/2] (root,0,0,00:00:00/21-11:19:07,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-11:19:07,31) [cpuhp/3] (root,0,0,00:00:00/21-11:19:07,32) [idle_inject/3] (root,0,0,00:00:08/21-11:19:07,33) [migration/3] (root,0,0,00:02:10/21-11:19:07,34) [ksoftirqd/3] (root,0,0,00:00:00/21-11:19:07,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-11:19:07,40) [kdevtmpfs] (root,0,0,00:00:00/21-11:19:07,41) [netns] (root,0,0,00:00:00/21-11:19:07,42) [inet_frag_wq] (root,0,0,00:00:06/21-11:19:07,43) [kauditd] (root,0,0,00:00:00/21-11:19:07,44) [khungtaskd] (root,0,0,00:00:00/21-11:19:07,45) [oom_reaper] (root,0,0,00:00:00/21-11:19:07,46) [writeback] (root,0,0,00:01:09/21-11:19:07,47) [kcompactd0] (root,0,0,00:00:00/21-11:19:07,48) [ksmd] (root,0,0,00:01:10/21-11:19:07,49) [khugepaged] (root,0,0,00:00:00/21-11:19:07,75) [kintegrityd] (root,0,0,00:00:00/21-11:19:07,76) [kblockd] (root,0,0,00:00:00/21-11:19:07,77) [blkcg_punt_bio] (root,0,0,00:00:00/21-11:19:07,79) [tpm_dev_wq] (root,0,0,00:00:00/21-11:19:07,80) [edac-poller] (root,0,0,00:00:00/21-11:19:07,81) [devfreq_wq] (root,0,0,00:00:00/21-11:19:07,110) [watchdogd] (root,0,0,00:00:01/21-11:19:07,111) [kswapd0] (root,0,0,00:00:05/21-11:19:07,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/21-11:19:05,115) [kthrotld] (root,0,0,00:00:00/21-11:19:05,116) [mld] (root,0,0,00:00:00/21-11:19:05,117) [ipv6_addrconf] (root,0,0,00:00:06/21-11:19:05,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-11:19:05,123) [kstrp] (root,0,0,00:00:00/21-11:19:05,124) [zswap-shrink] (root,0,0,00:00:00/21-11:19:05,125) [kworker/u9:0] (root,0,0,00:00:00/21-11:19:05,130) [charger_manager] (root,0,0,00:00:06/21-11:19:05,172) [kworker/1:1H-kblockd] (root,0,0,00:00:09/21-11:19:05,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/21-11:19:04,239) [kaluad] (root,0,0,00:00:00/21-11:19:04,258) [kmpath_rdacd] (root,0,0,00:00:00/21-11:19:04,304) [kmpathd] (root,0,0,00:00:00/21-11:19:04,305) [kmpath_handlerd] (root,0,0,00:00:00/21-11:19:03,342) [ata_sff] (root,0,0,00:00:00/21-11:19:03,343) [scsi_eh_0] (root,0,0,00:00:00/21-11:19:03,344) [scsi_tmf_0] (root,0,0,00:00:00/21-11:19:03,345) [scsi_eh_1] (root,0,0,00:00:00/21-11:19:03,346) [scsi_tmf_1] (root,0,0,00:00:43/21-11:19:00,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-11:19:00,367) [ext4-rsv-conver] (root,38604,7992,00:00:30/21-11:18:48,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/21-11:18:47,454) /usr/lib/systemd/systemd-udevd (root,0,0,00:00:00/21:48,461) [kworker/3:0-events] (root,8624,6244,00:00:34/21-11:18:45,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:10/21-11:18:14,511) /sbin/auditd (messagebus,22932,5912,00:00:57/21-11:18:13,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:33/21-11:18:13,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/21-11:18:13,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/21-11:18:11,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/21-11:18:11,616) /usr/sbin/wickedd-nanny --systemd --foreground (postfix,24244,8220,00:00:00/01:28,1289) pickup -l -t fifo -u (root,548104,28468,00:00:25/21-11:17:57,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/21-11:17:57,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:14/21-11:17:57,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/21-11:17:57,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/21-11:17:57,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/21-11:17:57,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/21-11:17:57,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:29/21-11:17:57,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:07/21-11:17:57,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/21-11:17:57,1352) bpfilter_umh (root,26204,8212,00:00:08/21-11:17:57,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/21-11:17:57,1359) ntpd: asynchronous dns resolver (spot,312908,199276,1-09:49:15/21-11:17:56,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/21-11:17:56,1371) (sd-pam) (checkmk,48528,3192,00:00:00/21-11:17:56,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/21-11:17:56,1373) (sd-pam) (root,24216,5268,00:00:07/21-11:17:54,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/21-11:17:54,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/21-11:17:54,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/21-11:17:51,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:19/21-11:17:50,1527) sshd: syslogtunnel (root,692388,74908,00:29:41/21-11:17:48,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,215488,54944,00:12:30/21-11:17:36,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/21:28,2459) [kworker/1:1-cgroup_destroy] (postfix,44628,9292,00:00:00/15-16:53:11,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/21-11:17:11,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:11/21-11:17:11,3218) sshd: cm-ssh (root,0,0,00:00:00/01:03,4596) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:44:00,5153) [kworker/1:0-events] (root,0,0,00:00:00/00:56,5347) [kworker/1:2-events] (root,0,0,00:00:00/06:14,6299) [kworker/3:1-ata_sff] (root,0,0,00:00:00/38:26,6565) [kworker/0:0] (root,0,0,00:00:00/37:44,9313) [kworker/u8:2-flush-253:0] (root,6656,3484,00:00:00/00:01,10053) /bin/bash /usr/bin/check_mk_agent (root,6656,1820,00:00:00/00:00,10128) /bin/bash /usr/bin/check_mk_agent (root,6656,2012,00:00:00/00:00,10129) /bin/bash /usr/bin/check_mk_agent (root,4480,1196,00:00:00/00:00,10130) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,780,00:00:00/00:00,10131) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,680,00:00:00/00:00,10132) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3488,00:00:00/00:00,10133) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,10151) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,10152) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/12:20,13755) [kworker/u8:0-events_unbound] (root,0,0,00:00:00/01:49:37,17228) [kworker/0:1-events] (root,0,0,00:00:00/32:48,22368) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/02:57:42,29790) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-01 22:07 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683631011a987Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:44/19-11:41:23,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-11:41:23,2) [kthreadd] (root,0,0,00:00:00/19-11:41:23,3) [rcu_gp] (root,0,0,00:00:00/19-11:41:23,4) [rcu_par_gp] (root,0,0,00:00:00/19-11:41:23,5) [slub_flushwq] (root,0,0,00:00:00/19-11:41:23,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-11:41:23,9) [mm_percpu_wq] (root,0,0,00:00:00/19-11:41:23,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-11:41:23,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-11:41:23,12) [rcu_tasks_trace] (root,0,0,00:00:37/19-11:41:23,13) [ksoftirqd/0] (root,0,0,00:57:08/19-11:41:23,14) [rcu_preempt] (root,0,0,00:00:07/19-11:41:23,15) [migration/0] (root,0,0,00:00:00/19-11:41:23,16) [idle_inject/0] (root,0,0,00:00:00/19-11:41:23,18) [cpuhp/0] (root,0,0,00:00:00/19-11:41:23,19) [cpuhp/1] (root,0,0,00:00:00/19-11:41:23,20) [idle_inject/1] (root,0,0,00:00:07/19-11:41:23,21) [migration/1] (root,0,0,00:00:31/19-11:41:23,22) [ksoftirqd/1] (root,0,0,00:00:00/19-11:41:23,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-11:41:23,25) [cpuhp/2] (root,0,0,00:00:00/19-11:41:23,26) [idle_inject/2] (root,0,0,00:00:05/19-11:41:23,27) [migration/2] (root,0,0,00:39:02/19-11:41:23,28) [ksoftirqd/2] (root,0,0,00:00:00/19-11:41:23,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-11:41:23,31) [cpuhp/3] (root,0,0,00:00:00/19-11:41:23,32) [idle_inject/3] (root,0,0,00:00:07/19-11:41:23,33) [migration/3] (root,0,0,00:01:58/19-11:41:23,34) [ksoftirqd/3] (root,0,0,00:00:00/19-11:41:23,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-11:41:23,40) [kdevtmpfs] (root,0,0,00:00:00/19-11:41:23,41) [netns] (root,0,0,00:00:00/19-11:41:23,42) [inet_frag_wq] (root,0,0,00:00:05/19-11:41:23,43) [kauditd] (root,0,0,00:00:00/19-11:41:23,44) [khungtaskd] (root,0,0,00:00:00/19-11:41:23,45) [oom_reaper] (root,0,0,00:00:00/19-11:41:23,46) [writeback] (root,0,0,00:01:02/19-11:41:23,47) [kcompactd0] (root,0,0,00:00:00/19-11:41:23,48) [ksmd] (root,0,0,00:01:03/19-11:41:23,49) [khugepaged] (root,0,0,00:00:00/19-11:41:23,75) [kintegrityd] (root,0,0,00:00:00/19-11:41:23,76) [kblockd] (root,0,0,00:00:00/19-11:41:23,77) [blkcg_punt_bio] (root,0,0,00:00:00/19-11:41:23,79) [tpm_dev_wq] (root,0,0,00:00:00/19-11:41:23,80) [edac-poller] (root,0,0,00:00:00/19-11:41:23,81) [devfreq_wq] (root,0,0,00:00:00/19-11:41:23,110) [watchdogd] (root,0,0,00:00:01/19-11:41:23,111) [kswapd0] (root,0,0,00:00:05/19-11:41:23,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/19-11:41:21,115) [kthrotld] (root,0,0,00:00:00/19-11:41:21,116) [mld] (root,0,0,00:00:00/19-11:41:21,117) [ipv6_addrconf] (root,0,0,00:00:05/19-11:41:21,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-11:41:21,123) [kstrp] (root,0,0,00:00:00/19-11:41:21,124) [zswap-shrink] (root,0,0,00:00:00/19-11:41:21,125) [kworker/u9:0] (root,0,0,00:00:00/19-11:41:21,130) [charger_manager] (root,0,0,00:00:05/19-11:41:21,172) [kworker/1:1H-kblockd] (root,0,0,00:00:08/19-11:41:21,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/19-11:41:20,239) [kaluad] (root,0,0,00:00:00/19-11:41:20,258) [kmpath_rdacd] (root,0,0,00:00:00/19-11:41:20,304) [kmpathd] (root,0,0,00:00:00/19-11:41:20,305) [kmpath_handlerd] (root,0,0,00:00:00/19-11:41:19,342) [ata_sff] (root,0,0,00:00:00/19-11:41:19,343) [scsi_eh_0] (root,0,0,00:00:00/19-11:41:19,344) [scsi_tmf_0] (root,0,0,00:00:00/19-11:41:19,345) [scsi_eh_1] (root,0,0,00:00:00/19-11:41:19,346) [scsi_tmf_1] (root,0,0,00:00:38/19-11:41:16,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-11:41:16,367) [ext4-rsv-conver] (root,38604,7616,00:00:25/19-11:41:04,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/19-11:41:03,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:31/19-11:41:01,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:08/19-11:40:30,511) /sbin/auditd (messagebus,22932,5912,00:00:45/19-11:40:29,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:26/19-11:40:29,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/19-11:40:29,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/19-11:40:27,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/19-11:40:27,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:23/19-11:40:13,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/19-11:40:13,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:03/19-11:40:13,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/19-11:40:13,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/19-11:40:13,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/19-11:40:13,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/19-11:40:13,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:24/19-11:40:13,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:49/19-11:40:13,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/19-11:40:13,1352) bpfilter_umh (root,26204,8212,00:00:07/19-11:40:13,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/19-11:40:13,1359) ntpd: asynchronous dns resolver (spot,314604,199700,1-06:59:35/19-11:40:12,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/19-11:40:12,1371) (sd-pam) (checkmk,48528,3192,00:00:00/19-11:40:12,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/19-11:40:12,1373) (sd-pam) (root,24216,5268,00:00:06/19-11:40:10,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/19-11:40:10,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/19-11:40:10,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/19-11:40:07,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:10/19-11:40:06,1527) sshd: syslogtunnel (root,618656,73492,00:26:51/19-11:40:04,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/02:03,1837) [kworker/3:1-ata_sff] (spot,215488,53708,00:11:18/19-11:39:52,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/13-17:15:27,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/19-11:39:27,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:04/19-11:39:27,3218) sshd: cm-ssh (root,0,0,00:00:01/01:56:11,3324) [kworker/3:0-events] (root,0,0,00:00:00/06:30:02,5852) [kworker/u8:2-ext4-rsv-conversion] (root,6656,3488,00:00:00/00:00,8419) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,8437) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,8438) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:52:07,12961) [kworker/2:0-events] (root,0,0,00:00:00/29:34,17258) [kworker/1:0-events] (root,0,0,00:00:00/07:49,18109) [kworker/2:2] (root,0,0,00:00:00/07:14,19772) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:47:51,23780) [kworker/0:1-events] (root,0,0,00:00:00/46:04,25296) [kworker/u8:0-writeback] (root,0,0,00:00:00/01:15:58,29630) [kworker/1:2-events] (root,0,0,00:00:00/01:05:38,29670) [kworker/0:2-events] (postfix,24244,8268,00:00:00/44:39,29784) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-29 22:30 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836389bdf944Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:33/17-12:05:11,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-12:05:11,2) [kthreadd] (root,0,0,00:00:00/17-12:05:11,3) [rcu_gp] (root,0,0,00:00:00/17-12:05:11,4) [rcu_par_gp] (root,0,0,00:00:00/17-12:05:11,5) [slub_flushwq] (root,0,0,00:00:00/17-12:05:11,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-12:05:11,9) [mm_percpu_wq] (root,0,0,00:00:00/17-12:05:11,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-12:05:11,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-12:05:11,12) [rcu_tasks_trace] (root,0,0,00:00:33/17-12:05:11,13) [ksoftirqd/0] (root,0,0,00:50:16/17-12:05:11,14) [rcu_preempt] (root,0,0,00:00:06/17-12:05:11,15) [migration/0] (root,0,0,00:00:00/17-12:05:11,16) [idle_inject/0] (root,0,0,00:00:00/17-12:05:11,18) [cpuhp/0] (root,0,0,00:00:00/17-12:05:11,19) [cpuhp/1] (root,0,0,00:00:00/17-12:05:11,20) [idle_inject/1] (root,0,0,00:00:06/17-12:05:11,21) [migration/1] (root,0,0,00:00:27/17-12:05:11,22) [ksoftirqd/1] (root,0,0,00:00:00/17-12:05:11,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-12:05:11,25) [cpuhp/2] (root,0,0,00:00:00/17-12:05:11,26) [idle_inject/2] (root,0,0,00:00:05/17-12:05:11,27) [migration/2] (root,0,0,00:33:38/17-12:05:11,28) [ksoftirqd/2] (root,0,0,00:00:00/17-12:05:11,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-12:05:11,31) [cpuhp/3] (root,0,0,00:00:00/17-12:05:11,32) [idle_inject/3] (root,0,0,00:00:06/17-12:05:11,33) [migration/3] (root,0,0,00:01:40/17-12:05:11,34) [ksoftirqd/3] (root,0,0,00:00:00/17-12:05:11,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-12:05:11,40) [kdevtmpfs] (root,0,0,00:00:00/17-12:05:11,41) [netns] (root,0,0,00:00:00/17-12:05:11,42) [inet_frag_wq] (root,0,0,00:00:03/17-12:05:11,43) [kauditd] (root,0,0,00:00:00/17-12:05:11,44) [khungtaskd] (root,0,0,00:00:00/17-12:05:11,45) [oom_reaper] (root,0,0,00:00:00/17-12:05:11,46) [writeback] (root,0,0,00:00:55/17-12:05:11,47) [kcompactd0] (root,0,0,00:00:00/17-12:05:11,48) [ksmd] (root,0,0,00:00:56/17-12:05:11,49) [khugepaged] (root,0,0,00:00:00/17-12:05:11,75) [kintegrityd] (root,0,0,00:00:00/17-12:05:11,76) [kblockd] (root,0,0,00:00:00/17-12:05:11,77) [blkcg_punt_bio] (root,0,0,00:00:00/17-12:05:11,79) [tpm_dev_wq] (root,0,0,00:00:00/17-12:05:11,80) [edac-poller] (root,0,0,00:00:00/17-12:05:11,81) [devfreq_wq] (root,0,0,00:00:00/17-12:05:11,110) [watchdogd] (root,0,0,00:00:01/17-12:05:11,111) [kswapd0] (root,0,0,00:00:04/17-12:05:11,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/17-12:05:09,115) [kthrotld] (root,0,0,00:00:00/17-12:05:09,116) [mld] (root,0,0,00:00:00/17-12:05:09,117) [ipv6_addrconf] (root,0,0,00:00:04/17-12:05:09,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-12:05:09,123) [kstrp] (root,0,0,00:00:00/17-12:05:09,124) [zswap-shrink] (root,0,0,00:00:00/17-12:05:09,125) [kworker/u9:0] (root,0,0,00:00:00/17-12:05:09,130) [charger_manager] (root,0,0,00:00:05/17-12:05:09,172) [kworker/1:1H-kblockd] (root,0,0,00:00:07/17-12:05:09,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/17-12:05:08,239) [kaluad] (root,0,0,00:00:00/17-12:05:08,258) [kmpath_rdacd] (root,0,0,00:00:00/17-12:05:08,304) [kmpathd] (root,0,0,00:00:00/17-12:05:08,305) [kmpath_handlerd] (root,0,0,00:00:00/17-12:05:07,342) [ata_sff] (root,0,0,00:00:00/17-12:05:07,343) [scsi_eh_0] (root,0,0,00:00:00/17-12:05:07,344) [scsi_tmf_0] (root,0,0,00:00:00/17-12:05:07,345) [scsi_eh_1] (root,0,0,00:00:00/17-12:05:07,346) [scsi_tmf_1] (root,0,0,00:00:34/17-12:05:04,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-12:05:04,367) [ext4-rsv-conver] (root,38604,7616,00:00:19/17-12:04:52,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/17-12:04:51,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:27/17-12:04:49,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:06/17-12:04:18,511) /sbin/auditd (messagebus,22932,5912,00:00:31/17-12:04:17,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:18/17-12:04:17,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/17-12:04:17,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/17-12:04:15,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/17-12:04:15,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:20/17-12:04:01,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/17-12:04:01,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:50/17-12:04:01,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/17-12:04:01,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/17-12:04:01,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/17-12:04:01,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/17-12:04:01,1343) /usr/lib/systemd/systemd --user (root,448964,9120,00:00:19/17-12:04:01,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:30/17-12:04:01,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/17-12:04:01,1352) bpfilter_umh (root,26204,8212,00:00:04/17-12:04:01,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/17-12:04:01,1359) ntpd: asynchronous dns resolver (spot,315420,199904,1-02:59:46/17-12:04:00,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/17-12:04:00,1371) (sd-pam) (checkmk,48528,3192,00:00:00/17-12:04:00,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/17-12:04:00,1373) (sd-pam) (root,24216,5268,00:00:06/17-12:03:58,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/17-12:03:58,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/17-12:03:58,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/17-12:03:55,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:01/17-12:03:54,1527) sshd: syslogtunnel (root,618256,73116,00:23:55/17-12:03:52,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,214464,51672,00:10:01/17-12:03:40,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/11-17:39:15,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/50:43,2865) [kworker/0:0-events] (root,6656,3512,00:00:00/00:01,3196) /bin/bash /usr/bin/check_mk_agent (root,35308,10108,00:00:00/17-12:03:15,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:57/17-12:03:15,3218) sshd: cm-ssh (root,6656,3484,00:00:00/00:00,3289) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,3318) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,3319) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,6656,1844,00:00:00/00:00,3320) /bin/bash /usr/bin/check_mk_agent (root,24208,3460,00:00:00/00:00,3321) postconf -c /etc/postfix (root,5280,836,00:00:00/00:00,3322) grep ^multi_instance_directories (root,0,0,00:00:00/44:53,7010) [kworker/1:1-events] (root,0,0,00:00:00/14:07,9027) [kworker/2:1-events] (root,0,0,00:00:00/05:57,10786) [kworker/3:2-events] (root,0,0,00:00:00/01:14:51,14908) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/03:33,17782) [kworker/1:2-events] (postfix,24244,8324,00:00:00/01:30:24,18468) pickup -l -t fifo -u (root,0,0,00:00:01/02:25:45,19474) [kworker/2:0-events] (root,0,0,00:00:00/11:58,21348) [kworker/0:2] (root,0,0,00:00:00/11:55,21562) [kworker/u8:0-writeback] (root,0,0,00:00:00/24:30,27288) [kworker/3:1-ata_sff] (root,0,0,00:00:00/09:51,30515) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/00:46,31666) [kworker/3:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-27 22:53 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b77b9f93Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:23/15-09:30:50,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-09:30:50,2) [kthreadd] (root,0,0,00:00:00/15-09:30:50,3) [rcu_gp] (root,0,0,00:00:00/15-09:30:50,4) [rcu_par_gp] (root,0,0,00:00:00/15-09:30:50,5) [slub_flushwq] (root,0,0,00:00:00/15-09:30:50,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-09:30:50,9) [mm_percpu_wq] (root,0,0,00:00:00/15-09:30:50,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-09:30:50,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-09:30:50,12) [rcu_tasks_trace] (root,0,0,00:00:27/15-09:30:50,13) [ksoftirqd/0] (root,0,0,00:43:04/15-09:30:50,14) [rcu_preempt] (root,0,0,00:00:05/15-09:30:50,15) [migration/0] (root,0,0,00:00:00/15-09:30:50,16) [idle_inject/0] (root,0,0,00:00:00/15-09:30:50,18) [cpuhp/0] (root,0,0,00:00:00/15-09:30:50,19) [cpuhp/1] (root,0,0,00:00:00/15-09:30:50,20) [idle_inject/1] (root,0,0,00:00:05/15-09:30:50,21) [migration/1] (root,0,0,00:00:23/15-09:30:50,22) [ksoftirqd/1] (root,0,0,00:00:00/15-09:30:50,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-09:30:50,25) [cpuhp/2] (root,0,0,00:00:00/15-09:30:50,26) [idle_inject/2] (root,0,0,00:00:04/15-09:30:50,27) [migration/2] (root,0,0,00:27:58/15-09:30:50,28) [ksoftirqd/2] (root,0,0,00:00:00/15-09:30:50,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-09:30:50,31) [cpuhp/3] (root,0,0,00:00:00/15-09:30:50,32) [idle_inject/3] (root,0,0,00:00:05/15-09:30:50,33) [migration/3] (root,0,0,00:01:22/15-09:30:50,34) [ksoftirqd/3] (root,0,0,00:00:00/15-09:30:50,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-09:30:50,40) [kdevtmpfs] (root,0,0,00:00:00/15-09:30:50,41) [netns] (root,0,0,00:00:00/15-09:30:50,42) [inet_frag_wq] (root,0,0,00:00:01/15-09:30:50,43) [kauditd] (root,0,0,00:00:00/15-09:30:50,44) [khungtaskd] (root,0,0,00:00:00/15-09:30:50,45) [oom_reaper] (root,0,0,00:00:00/15-09:30:50,46) [writeback] (root,0,0,00:00:47/15-09:30:50,47) [kcompactd0] (root,0,0,00:00:00/15-09:30:50,48) [ksmd] (root,0,0,00:00:49/15-09:30:50,49) [khugepaged] (root,0,0,00:00:00/15-09:30:50,75) [kintegrityd] (root,0,0,00:00:00/15-09:30:50,76) [kblockd] (root,0,0,00:00:00/15-09:30:50,77) [blkcg_punt_bio] (root,0,0,00:00:00/15-09:30:50,79) [tpm_dev_wq] (root,0,0,00:00:00/15-09:30:50,80) [edac-poller] (root,0,0,00:00:00/15-09:30:50,81) [devfreq_wq] (root,0,0,00:00:00/15-09:30:50,110) [watchdogd] (root,0,0,00:00:01/15-09:30:50,111) [kswapd0] (root,0,0,00:00:04/15-09:30:50,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/15-09:30:48,115) [kthrotld] (root,0,0,00:00:00/15-09:30:48,116) [mld] (root,0,0,00:00:00/15-09:30:48,117) [ipv6_addrconf] (root,0,0,00:00:04/15-09:30:48,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-09:30:48,123) [kstrp] (root,0,0,00:00:00/15-09:30:48,124) [zswap-shrink] (root,0,0,00:00:00/15-09:30:48,125) [kworker/u9:0] (root,0,0,00:00:00/15-09:30:48,130) [charger_manager] (root,0,0,00:00:04/15-09:30:48,172) [kworker/1:1H-kblockd] (root,0,0,00:00:06/15-09:30:48,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/15-09:30:47,239) [kaluad] (root,0,0,00:00:00/15-09:30:47,258) [kmpath_rdacd] (root,0,0,00:00:00/15-09:30:47,304) [kmpathd] (root,0,0,00:00:00/15-09:30:47,305) [kmpath_handlerd] (root,0,0,00:00:00/15-09:30:46,342) [ata_sff] (root,0,0,00:00:00/15-09:30:46,343) [scsi_eh_0] (root,0,0,00:00:00/15-09:30:46,344) [scsi_tmf_0] (root,0,0,00:00:00/15-09:30:46,345) [scsi_eh_1] (root,0,0,00:00:00/15-09:30:46,346) [scsi_tmf_1] (root,0,0,00:00:29/15-09:30:43,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-09:30:43,367) [ext4-rsv-conver] (root,38604,7616,00:00:13/15-09:30:31,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/15-09:30:30,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:23/15-09:30:28,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:04/15-09:29:57,511) /sbin/auditd (messagebus,22932,5912,00:00:18/15-09:29:56,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:11/15-09:29:56,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/15-09:29:56,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/15-09:29:54,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/15-09:29:54,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26432,00:00:18/15-09:29:40,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/15-09:29:40,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:35/15-09:29:40,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/15-09:29:40,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/15-09:29:40,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/15-09:29:40,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/15-09:29:40,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:14/15-09:29:40,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:10/15-09:29:40,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/15-09:29:40,1352) bpfilter_umh (root,26204,8212,00:00:03/15-09:29:40,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/15-09:29:40,1359) ntpd: asynchronous dns resolver (spot,315308,199876,22:07:12/15-09:29:39,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/15-09:29:39,1371) (sd-pam) (checkmk,48528,3192,00:00:00/15-09:29:39,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/15-09:29:39,1373) (sd-pam) (root,24216,5268,00:00:05/15-09:29:37,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/15-09:29:37,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/15-09:29:37,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/15-09:29:34,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:52/15-09:29:33,1527) sshd: syslogtunnel (root,617868,72916,00:20:51/15-09:29:31,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,49856,00:08:39/15-09:29:19,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/9-15:04:54,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:54:27,2845) [kworker/0:2-events] (root,35308,10108,00:00:00/15-09:28:54,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:49/15-09:28:54,3218) sshd: cm-ssh (root,0,0,00:00:00/07:50,3282) [kworker/3:1-events] (root,0,0,00:00:00/38:57,4560) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:29:33,6932) [kworker/2:2-events] (root,0,0,00:00:00/27:19,9389) [kworker/1:1] (root,0,0,00:00:00/19:00,13705) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/02:38,16496) [kworker/3:2-ata_sff] (postfix,24244,8280,00:00:00/57:56,20164) pickup -l -t fifo -u (root,0,0,00:00:00/05:37:57,21313) [kworker/0:0-events] (root,0,0,00:00:01/05:13:07,24128) [kworker/1:2-events] (root,6656,3484,00:00:00/00:00,26749) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,26790) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,26791) /bin/bash /usr/bin/check_mk_agent (root,4480,1048,00:00:00/00:00,26792) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,872,00:00:00/00:00,26793) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2676,1356,00:00:00/00:00,26794) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3488,00:00:00/00:00,26795) /bin/bash /usr/bin/check_mk_agent (root,13744,3520,00:00:00/00:00,26813) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,26814) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:19:16,29013) [kworker/2:0-events] (root,0,0,00:00:00/04:22:09,31205) [kworker/u8:0-writeback] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-25 20:19 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836395d547a5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:20/13-11:53:11,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-11:53:11,2) [kthreadd] (root,0,0,00:00:00/13-11:53:11,3) [rcu_gp] (root,0,0,00:00:00/13-11:53:11,4) [rcu_par_gp] (root,0,0,00:00:00/13-11:53:11,5) [slub_flushwq] (root,0,0,00:00:00/13-11:53:11,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-11:53:11,9) [mm_percpu_wq] (root,0,0,00:00:00/13-11:53:11,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-11:53:11,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-11:53:11,12) [rcu_tasks_trace] (root,0,0,00:00:23/13-11:53:11,13) [ksoftirqd/0] (root,0,0,00:37:08/13-11:53:11,14) [rcu_preempt] (root,0,0,00:00:05/13-11:53:11,15) [migration/0] (root,0,0,00:00:00/13-11:53:11,16) [idle_inject/0] (root,0,0,00:00:00/13-11:53:11,18) [cpuhp/0] (root,0,0,00:00:00/13-11:53:11,19) [cpuhp/1] (root,0,0,00:00:00/13-11:53:11,20) [idle_inject/1] (root,0,0,00:00:05/13-11:53:11,21) [migration/1] (root,0,0,00:00:19/13-11:53:11,22) [ksoftirqd/1] (root,0,0,00:00:00/13-11:53:11,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-11:53:11,25) [cpuhp/2] (root,0,0,00:00:00/13-11:53:11,26) [idle_inject/2] (root,0,0,00:00:03/13-11:53:11,27) [migration/2] (root,0,0,00:24:27/13-11:53:11,28) [ksoftirqd/2] (root,0,0,00:00:00/13-11:53:11,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-11:53:11,31) [cpuhp/3] (root,0,0,00:00:00/13-11:53:11,32) [idle_inject/3] (root,0,0,00:00:04/13-11:53:11,33) [migration/3] (root,0,0,00:01:10/13-11:53:11,34) [ksoftirqd/3] (root,0,0,00:00:00/13-11:53:11,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-11:53:11,40) [kdevtmpfs] (root,0,0,00:00:00/13-11:53:11,41) [netns] (root,0,0,00:00:00/13-11:53:11,42) [inet_frag_wq] (root,0,0,00:00:01/13-11:53:11,43) [kauditd] (root,0,0,00:00:00/13-11:53:11,44) [khungtaskd] (root,0,0,00:00:00/13-11:53:11,45) [oom_reaper] (root,0,0,00:00:00/13-11:53:11,46) [writeback] (root,0,0,00:00:41/13-11:53:11,47) [kcompactd0] (root,0,0,00:00:00/13-11:53:11,48) [ksmd] (root,0,0,00:00:43/13-11:53:11,49) [khugepaged] (root,0,0,00:00:00/13-11:53:11,75) [kintegrityd] (root,0,0,00:00:00/13-11:53:11,76) [kblockd] (root,0,0,00:00:00/13-11:53:11,77) [blkcg_punt_bio] (root,0,0,00:00:00/13-11:53:11,79) [tpm_dev_wq] (root,0,0,00:00:00/13-11:53:11,80) [edac-poller] (root,0,0,00:00:00/13-11:53:11,81) [devfreq_wq] (root,0,0,00:00:00/13-11:53:11,110) [watchdogd] (root,0,0,00:00:01/13-11:53:11,111) [kswapd0] (root,0,0,00:00:03/13-11:53:11,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/13-11:53:09,115) [kthrotld] (root,0,0,00:00:00/13-11:53:09,116) [mld] (root,0,0,00:00:00/13-11:53:09,117) [ipv6_addrconf] (root,0,0,00:00:03/13-11:53:09,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-11:53:09,123) [kstrp] (root,0,0,00:00:00/13-11:53:09,124) [zswap-shrink] (root,0,0,00:00:00/13-11:53:09,125) [kworker/u9:0] (root,0,0,00:00:00/13-11:53:09,130) [charger_manager] (root,0,0,00:00:03/13-11:53:09,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/13-11:53:09,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/13-11:53:08,239) [kaluad] (root,0,0,00:00:00/13-11:53:08,258) [kmpath_rdacd] (root,0,0,00:00:00/13-11:53:08,304) [kmpathd] (root,0,0,00:00:00/13-11:53:08,305) [kmpath_handlerd] (root,0,0,00:00:00/13-11:53:07,342) [ata_sff] (root,0,0,00:00:00/13-11:53:07,343) [scsi_eh_0] (root,0,0,00:00:00/13-11:53:07,344) [scsi_tmf_0] (root,0,0,00:00:00/13-11:53:07,345) [scsi_eh_1] (root,0,0,00:00:00/13-11:53:07,346) [scsi_tmf_1] (root,0,0,00:00:25/13-11:53:04,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-11:53:04,367) [ext4-rsv-conver] (root,38604,7616,00:00:12/13-11:52:52,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/13-11:52:51,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:20/13-11:52:49,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/13-11:52:18,511) /sbin/auditd (messagebus,22932,5912,00:00:16/13-11:52:17,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:10/13-11:52:17,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/13-11:52:17,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/13-11:52:15,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/13-11:52:15,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26172,00:00:15/13-11:52:01,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/13-11:52:01,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:24/13-11:52:01,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/13-11:52:01,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/13-11:52:01,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/13-11:52:01,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/13-11:52:01,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:13/13-11:52:01,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:53/13-11:52:01,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/13-11:52:01,1352) bpfilter_umh (root,26204,8212,00:00:02/13-11:52:01,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/13-11:52:01,1359) ntpd: asynchronous dns resolver (spot,306028,189876,18:36:42/13-11:52:00,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/13-11:52:00,1371) (sd-pam) (checkmk,48528,3192,00:00:00/13-11:52:00,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/13-11:52:00,1373) (sd-pam) (root,24216,5268,00:00:04/13-11:51:58,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/13-11:51:58,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/13-11:51:58,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/13-11:51:55,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:45/13-11:51:54,1527) sshd: syslogtunnel (root,617868,70668,00:18:10/13-11:51:52,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,48308,00:07:28/13-11:51:40,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/7-17:27:15,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/13-11:51:15,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:43/13-11:51:15,3218) sshd: cm-ssh (root,0,0,00:00:00/34:53,5639) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/59:26,14919) [kworker/1:0-events] (root,0,0,00:00:00/01:48:04,16390) [kworker/u8:1-ext4-rsv-conversion] (root,6656,3492,00:00:00/00:00,19218) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,19219) /bin/bash /usr/bin/check_mk_agent (root,13744,3512,00:00:00/00:00,19254) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,19255) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,13744,3504,00:00:00/00:00,19256) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,19257) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/31:21,21144) [kworker/u8:2-writeback] (root,0,0,00:00:00/47:17,21914) [kworker/1:1-cgroup_destroy] (postfix,24244,8228,00:00:00/22:07,24772) pickup -l -t fifo -u (root,0,0,00:00:00/01:36:25,25621) [kworker/2:0-events] (root,0,0,00:00:00/30:21,25940) [kworker/3:1-events] (root,0,0,00:00:00/04:23,27836) [kworker/3:2-ata_sff] (root,0,0,00:00:00/10:37,29874) [kworker/0:2-events] (root,0,0,00:00:00/01:24:06,31978) [kworker/0:1-events] (root,0,0,00:00:00/09:36,32518) [kworker/3:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-23 22:41 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836319721c39Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12676,00:00:18/11-11:17:34,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-11:17:34,2) [kthreadd] (root,0,0,00:00:00/11-11:17:34,3) [rcu_gp] (root,0,0,00:00:00/11-11:17:34,4) [rcu_par_gp] (root,0,0,00:00:00/11-11:17:34,5) [slub_flushwq] (root,0,0,00:00:00/11-11:17:34,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-11:17:34,9) [mm_percpu_wq] (root,0,0,00:00:00/11-11:17:34,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-11:17:34,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-11:17:34,12) [rcu_tasks_trace] (root,0,0,00:00:20/11-11:17:34,13) [ksoftirqd/0] (root,0,0,00:31:31/11-11:17:34,14) [rcu_preempt] (root,0,0,00:00:04/11-11:17:34,15) [migration/0] (root,0,0,00:00:00/11-11:17:34,16) [idle_inject/0] (root,0,0,00:00:00/11-11:17:34,18) [cpuhp/0] (root,0,0,00:00:00/11-11:17:34,19) [cpuhp/1] (root,0,0,00:00:00/11-11:17:34,20) [idle_inject/1] (root,0,0,00:00:04/11-11:17:34,21) [migration/1] (root,0,0,00:00:16/11-11:17:34,22) [ksoftirqd/1] (root,0,0,00:00:00/11-11:17:34,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-11:17:34,25) [cpuhp/2] (root,0,0,00:00:00/11-11:17:34,26) [idle_inject/2] (root,0,0,00:00:03/11-11:17:34,27) [migration/2] (root,0,0,00:20:58/11-11:17:34,28) [ksoftirqd/2] (root,0,0,00:00:00/11-11:17:34,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-11:17:34,31) [cpuhp/3] (root,0,0,00:00:00/11-11:17:34,32) [idle_inject/3] (root,0,0,00:00:04/11-11:17:34,33) [migration/3] (root,0,0,00:01:00/11-11:17:34,34) [ksoftirqd/3] (root,0,0,00:00:00/11-11:17:34,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-11:17:34,40) [kdevtmpfs] (root,0,0,00:00:00/11-11:17:34,41) [netns] (root,0,0,00:00:00/11-11:17:34,42) [inet_frag_wq] (root,0,0,00:00:01/11-11:17:34,43) [kauditd] (root,0,0,00:00:00/11-11:17:34,44) [khungtaskd] (root,0,0,00:00:00/11-11:17:34,45) [oom_reaper] (root,0,0,00:00:00/11-11:17:34,46) [writeback] (root,0,0,00:00:34/11-11:17:34,47) [kcompactd0] (root,0,0,00:00:00/11-11:17:34,48) [ksmd] (root,0,0,00:00:37/11-11:17:34,49) [khugepaged] (root,0,0,00:00:00/11-11:17:34,75) [kintegrityd] (root,0,0,00:00:00/11-11:17:34,76) [kblockd] (root,0,0,00:00:00/11-11:17:34,77) [blkcg_punt_bio] (root,0,0,00:00:00/11-11:17:34,79) [tpm_dev_wq] (root,0,0,00:00:00/11-11:17:34,80) [edac-poller] (root,0,0,00:00:00/11-11:17:34,81) [devfreq_wq] (root,0,0,00:00:00/11-11:17:34,110) [watchdogd] (root,0,0,00:00:00/11-11:17:34,111) [kswapd0] (root,0,0,00:00:02/11-11:17:34,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-11:17:32,115) [kthrotld] (root,0,0,00:00:00/11-11:17:32,116) [mld] (root,0,0,00:00:00/11-11:17:32,117) [ipv6_addrconf] (root,0,0,00:00:03/11-11:17:32,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-11:17:32,123) [kstrp] (root,0,0,00:00:00/11-11:17:32,124) [zswap-shrink] (root,0,0,00:00:00/11-11:17:32,125) [kworker/u9:0] (root,0,0,00:00:00/11-11:17:32,130) [charger_manager] (root,0,0,00:00:03/11-11:17:32,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/11-11:17:32,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/11-11:17:31,239) [kaluad] (root,0,0,00:00:00/11-11:17:31,258) [kmpath_rdacd] (root,0,0,00:00:00/11-11:17:31,304) [kmpathd] (root,0,0,00:00:00/11-11:17:31,305) [kmpath_handlerd] (root,0,0,00:00:00/11-11:17:30,342) [ata_sff] (root,0,0,00:00:00/11-11:17:30,343) [scsi_eh_0] (root,0,0,00:00:00/11-11:17:30,344) [scsi_tmf_0] (root,0,0,00:00:00/11-11:17:30,345) [scsi_eh_1] (root,0,0,00:00:00/11-11:17:30,346) [scsi_tmf_1] (root,0,0,00:00:21/11-11:17:27,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-11:17:27,367) [ext4-rsv-conver] (root,38604,7616,00:00:10/11-11:17:15,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/11-11:17:14,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:17/11-11:17:12,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/11-11:16:41,511) /sbin/auditd (messagebus,22932,5912,00:00:14/11-11:16:40,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8380,00:00:08/11-11:16:40,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/11-11:16:40,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/11-11:16:38,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/11-11:16:38,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25104,00:00:13/11-11:16:24,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/11-11:16:24,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:11/11-11:16:24,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/11-11:16:24,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/11-11:16:24,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/11-11:16:24,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/11-11:16:24,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:11/11-11:16:24,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:37/11-11:16:24,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/11-11:16:24,1352) bpfilter_umh (root,26204,8212,00:00:02/11-11:16:24,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/11-11:16:24,1359) ntpd: asynchronous dns resolver (spot,293468,179228,15:25:26/11-11:16:23,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/11-11:16:23,1371) (sd-pam) (checkmk,48528,3192,00:00:00/11-11:16:23,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/11-11:16:23,1373) (sd-pam) (root,24216,5268,00:00:03/11-11:16:21,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/11-11:16:21,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/11-11:16:21,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/11-11:16:18,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:39/11-11:16:17,1527) sshd: syslogtunnel (root,617612,70248,00:15:25/11-11:16:15,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,210368,47020,00:06:17/11-11:16:03,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/5-16:51:38,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/11-11:15:38,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:36/11-11:15:38,3218) sshd: cm-ssh (root,6656,3488,00:00:00/00:00,5036) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,5054) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,5055) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:03/21:26:07,7785) [kworker/2:1-events] (root,0,0,00:00:00/10:19,8324) [kworker/3:0-events] (root,0,0,00:00:00/01:38:56,12699) [kworker/u8:0-writeback] (postfix,24244,8224,00:00:00/07:25,13066) pickup -l -t fifo -u (root,0,0,00:00:00/01:49:03,15461) [kworker/u8:2] (root,0,0,00:00:00/04:14:41,19628) [kworker/0:1-events] (root,0,0,00:00:00/05:09,19943) [kworker/3:1-ata_sff] (root,0,0,00:00:00/03:50:14,20763) [kworker/1:0-events] (root,0,0,00:00:02/03:37:51,21401) [kworker/3:2-ata_sff] (root,0,0,00:00:00/03:14:17,24825) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/02:49:57,28099) [kworker/1:2-events] (root,0,0,00:00:00/02:25:48,29792) [kworker/0:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-21 22:06 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639cc6cecaFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:15/9-12:47:21,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-12:47:21,2) [kthreadd] (root,0,0,00:00:00/9-12:47:21,3) [rcu_gp] (root,0,0,00:00:00/9-12:47:21,4) [rcu_par_gp] (root,0,0,00:00:00/9-12:47:21,5) [slub_flushwq] (root,0,0,00:00:00/9-12:47:21,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-12:47:21,9) [mm_percpu_wq] (root,0,0,00:00:00/9-12:47:21,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-12:47:21,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-12:47:21,12) [rcu_tasks_trace] (root,0,0,00:00:17/9-12:47:21,13) [ksoftirqd/0] (root,0,0,00:25:55/9-12:47:21,14) [rcu_preempt] (root,0,0,00:00:03/9-12:47:21,15) [migration/0] (root,0,0,00:00:00/9-12:47:21,16) [idle_inject/0] (root,0,0,00:00:00/9-12:47:21,18) [cpuhp/0] (root,0,0,00:00:00/9-12:47:21,19) [cpuhp/1] (root,0,0,00:00:00/9-12:47:21,20) [idle_inject/1] (root,0,0,00:00:03/9-12:47:21,21) [migration/1] (root,0,0,00:00:14/9-12:47:21,22) [ksoftirqd/1] (root,0,0,00:00:00/9-12:47:21,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-12:47:21,25) [cpuhp/2] (root,0,0,00:00:00/9-12:47:21,26) [idle_inject/2] (root,0,0,00:00:02/9-12:47:21,27) [migration/2] (root,0,0,00:17:33/9-12:47:21,28) [ksoftirqd/2] (root,0,0,00:00:00/9-12:47:21,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-12:47:21,31) [cpuhp/3] (root,0,0,00:00:00/9-12:47:21,32) [idle_inject/3] (root,0,0,00:00:03/9-12:47:21,33) [migration/3] (root,0,0,00:00:50/9-12:47:21,34) [ksoftirqd/3] (root,0,0,00:00:00/9-12:47:21,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-12:47:21,40) [kdevtmpfs] (root,0,0,00:00:00/9-12:47:21,41) [netns] (root,0,0,00:00:00/9-12:47:21,42) [inet_frag_wq] (root,0,0,00:00:01/9-12:47:21,43) [kauditd] (root,0,0,00:00:00/9-12:47:21,44) [khungtaskd] (root,0,0,00:00:00/9-12:47:21,45) [oom_reaper] (root,0,0,00:00:00/9-12:47:21,46) [writeback] (root,0,0,00:00:28/9-12:47:21,47) [kcompactd0] (root,0,0,00:00:00/9-12:47:21,48) [ksmd] (root,0,0,00:00:31/9-12:47:21,49) [khugepaged] (root,0,0,00:00:00/9-12:47:21,75) [kintegrityd] (root,0,0,00:00:00/9-12:47:21,76) [kblockd] (root,0,0,00:00:00/9-12:47:21,77) [blkcg_punt_bio] (root,0,0,00:00:00/9-12:47:21,79) [tpm_dev_wq] (root,0,0,00:00:00/9-12:47:21,80) [edac-poller] (root,0,0,00:00:00/9-12:47:21,81) [devfreq_wq] (root,0,0,00:00:00/9-12:47:21,110) [watchdogd] (root,0,0,00:00:00/9-12:47:21,111) [kswapd0] (root,0,0,00:00:02/9-12:47:21,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-12:47:19,115) [kthrotld] (root,0,0,00:00:00/9-12:47:19,116) [mld] (root,0,0,00:00:00/9-12:47:19,117) [ipv6_addrconf] (root,0,0,00:00:02/9-12:47:19,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-12:47:19,123) [kstrp] (root,0,0,00:00:00/9-12:47:19,124) [zswap-shrink] (root,0,0,00:00:00/9-12:47:19,125) [kworker/u9:0] (root,0,0,00:00:00/9-12:47:19,130) [charger_manager] (root,0,0,00:00:02/9-12:47:19,172) [kworker/1:1H-kblockd] (root,0,0,00:00:04/9-12:47:19,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/9-12:47:18,239) [kaluad] (root,0,0,00:00:00/9-12:47:18,258) [kmpath_rdacd] (root,0,0,00:00:00/9-12:47:18,304) [kmpathd] (root,0,0,00:00:00/9-12:47:18,305) [kmpath_handlerd] (root,0,0,00:00:00/9-12:47:17,342) [ata_sff] (root,0,0,00:00:00/9-12:47:17,343) [scsi_eh_0] (root,0,0,00:00:00/9-12:47:17,344) [scsi_tmf_0] (root,0,0,00:00:00/9-12:47:17,345) [scsi_eh_1] (root,0,0,00:00:00/9-12:47:17,346) [scsi_tmf_1] (root,0,0,00:00:17/9-12:47:14,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-12:47:14,367) [ext4-rsv-conver] (root,38604,7616,00:00:08/9-12:47:02,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/9-12:47:01,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:14/9-12:46:59,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/9-12:46:28,511) /sbin/auditd (messagebus,22932,5912,00:00:12/9-12:46:27,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8368,00:00:07/9-12:46:27,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/9-12:46:27,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/9-12:46:25,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/9-12:46:25,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,24840,00:00:11/9-12:46:11,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/9-12:46:11,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:02/9-12:46:11,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/9-12:46:11,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/9-12:46:11,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/9-12:46:11,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/9-12:46:11,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:09/9-12:46:11,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:20/9-12:46:11,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/9-12:46:11,1352) bpfilter_umh (root,26204,8212,00:00:01/9-12:46:11,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/9-12:46:11,1359) ntpd: asynchronous dns resolver (spot,294512,180352,12:22:54/9-12:46:10,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/9-12:46:10,1371) (sd-pam) (checkmk,48528,3192,00:00:00/9-12:46:10,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/9-12:46:10,1373) (sd-pam) (root,24216,5268,00:00:03/9-12:46:08,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/9-12:46:08,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/9-12:46:08,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/9-12:46:05,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:32/9-12:46:04,1527) sshd: syslogtunnel (root,617356,69960,00:12:46/9-12:46:02,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,210368,46000,00:05:08/9-12:45:50,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/3-18:21:25,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/06:12,2578) [kworker/3:0-ata_sff] (root,35308,10108,00:00:00/9-12:45:25,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:30/9-12:45:25,3218) sshd: cm-ssh (root,0,0,00:00:00/01:36:34,4425) [kworker/2:2-events] (root,0,0,00:00:00/02:38:40,9613) [kworker/1:0-events] (root,0,0,00:00:00/03:39:55,11212) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:01/01:44:46,12819) [kworker/3:1-events] (root,0,0,00:00:00/20:35,13984) [kworker/u8:0-writeback] (root,0,0,00:00:00/05:05:31,14915) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:01/04:51:58,15893) [kworker/0:0-events] (root,0,0,00:00:00/02:26:29,20227) [kworker/0:1] (postfix,24244,8200,00:00:00/18:55,21847) pickup -l -t fifo -u (root,0,0,00:00:00/01:02,21983) [kworker/3:2-ata_sff] (root,0,0,00:00:02/08:05:25,26887) [kworker/1:2-events] (root,6656,3492,00:00:00/00:00,27004) /bin/bash /usr/bin/check_mk_agent (root,6656,1828,00:00:00/00:00,27045) /bin/bash /usr/bin/check_mk_agent (root,6656,2020,00:00:00/00:00,27046) /bin/bash /usr/bin/check_mk_agent (root,4480,1044,00:00:00/00:00,27047) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,820,00:00:00/00:00,27048) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2676,1212,00:00:00/00:00,27049) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3484,00:00:00/00:00,27050) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,27068) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,936,00:00:00/00:00,27069) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-19 23:36 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683632a1ebe27Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:12/7-12:39:21,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-12:39:21,2) [kthreadd] (root,0,0,00:00:00/7-12:39:21,3) [rcu_gp] (root,0,0,00:00:00/7-12:39:21,4) [rcu_par_gp] (root,0,0,00:00:00/7-12:39:21,5) [slub_flushwq] (root,0,0,00:00:00/7-12:39:21,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-12:39:21,9) [mm_percpu_wq] (root,0,0,00:00:00/7-12:39:21,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-12:39:21,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-12:39:21,12) [rcu_tasks_trace] (root,0,0,00:00:13/7-12:39:21,13) [ksoftirqd/0] (root,0,0,00:20:02/7-12:39:21,14) [rcu_preempt] (root,0,0,00:00:02/7-12:39:21,15) [migration/0] (root,0,0,00:00:00/7-12:39:21,16) [idle_inject/0] (root,0,0,00:00:00/7-12:39:21,18) [cpuhp/0] (root,0,0,00:00:00/7-12:39:21,19) [cpuhp/1] (root,0,0,00:00:00/7-12:39:21,20) [idle_inject/1] (root,0,0,00:00:03/7-12:39:21,21) [migration/1] (root,0,0,00:00:11/7-12:39:21,22) [ksoftirqd/1] (root,0,0,00:00:00/7-12:39:21,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-12:39:21,25) [cpuhp/2] (root,0,0,00:00:00/7-12:39:21,26) [idle_inject/2] (root,0,0,00:00:02/7-12:39:21,27) [migration/2] (root,0,0,00:13:17/7-12:39:21,28) [ksoftirqd/2] (root,0,0,00:00:00/7-12:39:21,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-12:39:21,31) [cpuhp/3] (root,0,0,00:00:00/7-12:39:21,32) [idle_inject/3] (root,0,0,00:00:02/7-12:39:21,33) [migration/3] (root,0,0,00:00:37/7-12:39:21,34) [ksoftirqd/3] (root,0,0,00:00:00/7-12:39:21,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-12:39:21,40) [kdevtmpfs] (root,0,0,00:00:00/7-12:39:21,41) [netns] (root,0,0,00:00:00/7-12:39:21,42) [inet_frag_wq] (root,0,0,00:00:00/7-12:39:21,43) [kauditd] (root,0,0,00:00:00/7-12:39:21,44) [khungtaskd] (root,0,0,00:00:00/7-12:39:21,45) [oom_reaper] (root,0,0,00:00:00/7-12:39:21,46) [writeback] (root,0,0,00:00:22/7-12:39:21,47) [kcompactd0] (root,0,0,00:00:00/7-12:39:21,48) [ksmd] (root,0,0,00:00:25/7-12:39:21,49) [khugepaged] (root,0,0,00:00:00/7-12:39:21,75) [kintegrityd] (root,0,0,00:00:00/7-12:39:21,76) [kblockd] (root,0,0,00:00:00/7-12:39:21,77) [blkcg_punt_bio] (root,0,0,00:00:00/7-12:39:21,79) [tpm_dev_wq] (root,0,0,00:00:00/7-12:39:21,80) [edac-poller] (root,0,0,00:00:00/7-12:39:21,81) [devfreq_wq] (root,0,0,00:00:00/7-12:39:21,110) [watchdogd] (root,0,0,00:00:00/7-12:39:21,111) [kswapd0] (root,0,0,00:00:01/7-12:39:21,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-12:39:19,115) [kthrotld] (root,0,0,00:00:00/7-12:39:19,116) [mld] (root,0,0,00:00:00/7-12:39:19,117) [ipv6_addrconf] (root,0,0,00:00:01/7-12:39:19,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-12:39:19,123) [kstrp] (root,0,0,00:00:00/7-12:39:19,124) [zswap-shrink] (root,0,0,00:00:00/7-12:39:19,125) [kworker/u9:0] (root,0,0,00:00:00/7-12:39:19,130) [charger_manager] (root,0,0,00:00:02/7-12:39:19,172) [kworker/1:1H-kblockd] (root,0,0,00:00:03/7-12:39:19,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/7-12:39:18,239) [kaluad] (root,0,0,00:00:00/7-12:39:18,258) [kmpath_rdacd] (root,0,0,00:00:00/7-12:39:18,304) [kmpathd] (root,0,0,00:00:00/7-12:39:18,305) [kmpath_handlerd] (root,0,0,00:00:00/7-12:39:17,342) [ata_sff] (root,0,0,00:00:00/7-12:39:17,343) [scsi_eh_0] (root,0,0,00:00:00/7-12:39:17,344) [scsi_tmf_0] (root,0,0,00:00:00/7-12:39:17,345) [scsi_eh_1] (root,0,0,00:00:00/7-12:39:17,346) [scsi_tmf_1] (root,0,0,00:00:13/7-12:39:14,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-12:39:14,367) [ext4-rsv-conver] (root,38604,7616,00:00:07/7-12:39:02,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/7-12:39:01,454) /usr/lib/systemd/systemd-udevd (root,0,0,00:00:00/08:04,469) [kworker/3:2-ata_sff] (root,8624,6244,00:00:11/7-12:38:59,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/7-12:38:28,511) /sbin/auditd (messagebus,22932,5912,00:00:09/7-12:38:27,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:05/7-12:38:27,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/7-12:38:27,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/7-12:38:25,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/7-12:38:25,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,23800,00:00:08/7-12:38:11,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/7-12:38:11,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:47/7-12:38:11,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/7-12:38:11,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/7-12:38:11,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/7-12:38:11,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/7-12:38:11,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:08/7-12:38:11,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:02/7-12:38:11,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/7-12:38:11,1352) bpfilter_umh (root,26204,8212,00:00:01/7-12:38:11,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/7-12:38:11,1359) ntpd: asynchronous dns resolver (spot,289980,176684,09:14:11/7-12:38:10,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/7-12:38:10,1371) (sd-pam) (checkmk,48528,3192,00:00:00/7-12:38:10,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/7-12:38:10,1373) (sd-pam) (root,24216,5268,00:00:02/7-12:38:08,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/7-12:38:08,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/7-12:38:08,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/7-12:38:05,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:25/7-12:38:04,1527) sshd: syslogtunnel (root,617356,71816,00:09:59/7-12:38:02,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,44444,00:03:54/7-12:37:50,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/1-18:13:25,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/7-12:37:25,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:23/7-12:37:25,3218) sshd: cm-ssh (postfix,24244,8216,00:00:00/32:59,5947) pickup -l -t fifo -u (root,0,0,00:00:01/09:24:34,6969) [kworker/0:2-events] (root,0,0,00:00:00/02:09:09,12808) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/13:37,14333) [kworker/1:0-events] (root,0,0,00:00:00/02:53,17603) [kworker/3:0-ata_sff] (root,0,0,00:00:00/02:16:13,17990) [kworker/2:0-events] (root,0,0,00:00:01/06:49:32,18376) [kworker/2:2-events] (root,0,0,00:00:00/01:27:31,20009) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/39:11,22435) [kworker/3:1-events_freezable_power_] (root,0,0,00:00:00/58:47,26012) [kworker/0:0-events] (root,0,0,00:00:00/01:21:28,27803) [kworker/1:1-events] (root,6656,3476,00:00:00/00:00,29512) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,29530) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,29531) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-17 23:28 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363887a5ed6Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:09/5-13:02:58,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-13:02:58,2) [kthreadd] (root,0,0,00:00:00/5-13:02:58,3) [rcu_gp] (root,0,0,00:00:00/5-13:02:58,4) [rcu_par_gp] (root,0,0,00:00:00/5-13:02:58,5) [slub_flushwq] (root,0,0,00:00:00/5-13:02:58,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-13:02:58,9) [mm_percpu_wq] (root,0,0,00:00:00/5-13:02:58,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-13:02:58,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-13:02:58,12) [rcu_tasks_trace] (root,0,0,00:00:09/5-13:02:58,13) [ksoftirqd/0] (root,0,0,00:14:19/5-13:02:58,14) [rcu_preempt] (root,0,0,00:00:02/5-13:02:58,15) [migration/0] (root,0,0,00:00:00/5-13:02:58,16) [idle_inject/0] (root,0,0,00:00:00/5-13:02:58,18) [cpuhp/0] (root,0,0,00:00:00/5-13:02:58,19) [cpuhp/1] (root,0,0,00:00:00/5-13:02:58,20) [idle_inject/1] (root,0,0,00:00:02/5-13:02:58,21) [migration/1] (root,0,0,00:00:07/5-13:02:58,22) [ksoftirqd/1] (root,0,0,00:00:00/5-13:02:58,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-13:02:58,25) [cpuhp/2] (root,0,0,00:00:00/5-13:02:58,26) [idle_inject/2] (root,0,0,00:00:01/5-13:02:58,27) [migration/2] (root,0,0,00:09:23/5-13:02:58,28) [ksoftirqd/2] (root,0,0,00:00:00/5-13:02:58,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-13:02:58,31) [cpuhp/3] (root,0,0,00:00:00/5-13:02:58,32) [idle_inject/3] (root,0,0,00:00:02/5-13:02:58,33) [migration/3] (root,0,0,00:00:26/5-13:02:58,34) [ksoftirqd/3] (root,0,0,00:00:00/5-13:02:58,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-13:02:58,40) [kdevtmpfs] (root,0,0,00:00:00/5-13:02:58,41) [netns] (root,0,0,00:00:00/5-13:02:58,42) [inet_frag_wq] (root,0,0,00:00:00/5-13:02:58,43) [kauditd] (root,0,0,00:00:00/5-13:02:58,44) [khungtaskd] (root,0,0,00:00:00/5-13:02:58,45) [oom_reaper] (root,0,0,00:00:00/5-13:02:58,46) [writeback] (root,0,0,00:00:15/5-13:02:58,47) [kcompactd0] (root,0,0,00:00:00/5-13:02:58,48) [ksmd] (root,0,0,00:00:16/5-13:02:58,49) [khugepaged] (root,0,0,00:00:00/5-13:02:58,75) [kintegrityd] (root,0,0,00:00:00/5-13:02:58,76) [kblockd] (root,0,0,00:00:00/5-13:02:58,77) [blkcg_punt_bio] (root,0,0,00:00:00/5-13:02:58,79) [tpm_dev_wq] (root,0,0,00:00:00/5-13:02:58,80) [edac-poller] (root,0,0,00:00:00/5-13:02:58,81) [devfreq_wq] (root,0,0,00:00:00/5-13:02:58,110) [watchdogd] (root,0,0,00:00:00/5-13:02:58,111) [kswapd0] (root,0,0,00:00:01/5-13:02:58,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-13:02:56,115) [kthrotld] (root,0,0,00:00:00/5-13:02:56,116) [mld] (root,0,0,00:00:00/5-13:02:56,117) [ipv6_addrconf] (root,0,0,00:00:01/5-13:02:56,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-13:02:56,123) [kstrp] (root,0,0,00:00:00/5-13:02:56,124) [zswap-shrink] (root,0,0,00:00:00/5-13:02:56,125) [kworker/u9:0] (root,0,0,00:00:00/5-13:02:56,130) [charger_manager] (root,0,0,00:00:01/5-13:02:56,172) [kworker/1:1H-kblockd] (root,0,0,00:00:02/5-13:02:56,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/5-13:02:55,239) [kaluad] (root,0,0,00:00:00/5-13:02:55,258) [kmpath_rdacd] (root,0,0,00:00:00/5-13:02:55,304) [kmpathd] (root,0,0,00:00:00/5-13:02:55,305) [kmpath_handlerd] (root,0,0,00:00:00/5-13:02:54,342) [ata_sff] (root,0,0,00:00:00/5-13:02:54,343) [scsi_eh_0] (root,0,0,00:00:00/5-13:02:54,344) [scsi_tmf_0] (root,0,0,00:00:00/5-13:02:54,345) [scsi_eh_1] (root,0,0,00:00:00/5-13:02:54,346) [scsi_tmf_1] (root,0,0,00:00:09/5-13:02:51,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-13:02:51,367) [ext4-rsv-conver] (root,38604,7616,00:00:05/5-13:02:39,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/5-13:02:38,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:08/5-13:02:36,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/5-13:02:05,511) /sbin/auditd (messagebus,22932,5912,00:00:07/5-13:02:04,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:04/5-13:02:04,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/5-13:02:04,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/5-13:02:02,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/5-13:02:02,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/12:38,1225) [kworker/1:1] (root,547592,23628,00:00:06/5-13:01:48,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/5-13:01:48,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:34/5-13:01:48,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/5-13:01:48,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/5-13:01:48,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/5-13:01:48,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/5-13:01:48,1343) /usr/lib/systemd/systemd --user (root,448964,8616,00:00:06/5-13:01:48,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:44/5-13:01:48,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/5-13:01:48,1352) bpfilter_umh (root,26204,8212,00:00:01/5-13:01:48,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/5-13:01:48,1359) ntpd: asynchronous dns resolver (spot,212172,174628,06:19:09/5-13:01:47,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/5-13:01:47,1371) (sd-pam) (checkmk,48528,3192,00:00:00/5-13:01:47,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/5-13:01:47,1373) (sd-pam) (root,24216,5268,00:00:01/5-13:01:45,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/5-13:01:45,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/5-13:01:45,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/5-13:01:42,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:18/5-13:01:41,1527) sshd: syslogtunnel (root,617100,69516,00:07:13/5-13:01:39,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,43156,00:02:46/5-13:01:27,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/5-13:01:02,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:17/5-13:01:02,3218) sshd: cm-ssh (root,0,0,00:00:00/34:43,4408) [kworker/2:0-events] (root,0,0,00:00:00/01:41,10822) [kworker/2:1-events] (root,0,0,00:00:00/23:42,12469) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/10:08,12715) [kworker/3:1-ata_sff] (postfix,24244,8228,00:00:00/01:17:31,15243) pickup -l -t fifo -u (root,0,0,00:00:00/02:36:25,18842) [kworker/0:0-events] (root,6656,3492,00:00:00/00:00,19135) /bin/bash /usr/bin/check_mk_agent (root,6656,1828,00:00:00/00:00,19176) /bin/bash /usr/bin/check_mk_agent (root,6656,2020,00:00:00/00:00,19177) /bin/bash /usr/bin/check_mk_agent (root,4480,1160,00:00:00/00:00,19178) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,828,00:00:00/00:00,19179) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,680,00:00:00/00:00,19180) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3484,00:00:00/00:00,19181) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,19199) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,19200) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/01:38:20,19687) [kworker/3:0-events] (root,0,0,00:00:00/56:38,24590) [kworker/0:2-events] (root,0,0,00:00:00/28:57,24763) [kworker/u8:1-writeback] (root,0,0,00:00:01/04:04:23,25521) [kworker/1:2-events] (root,0,0,00:00:00/09:56:11,28908) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/04:57,31858) [kworker/3:2-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-15 23:51 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a6d43333Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:07/3-12:53:38,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-12:53:38,2) [kthreadd] (root,0,0,00:00:00/3-12:53:38,3) [rcu_gp] (root,0,0,00:00:00/3-12:53:38,4) [rcu_par_gp] (root,0,0,00:00:00/3-12:53:38,5) [slub_flushwq] (root,0,0,00:00:00/3-12:53:38,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-12:53:38,9) [mm_percpu_wq] (root,0,0,00:00:00/3-12:53:38,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-12:53:38,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-12:53:38,12) [rcu_tasks_trace] (root,0,0,00:00:06/3-12:53:38,13) [ksoftirqd/0] (root,0,0,00:09:02/3-12:53:38,14) [rcu_preempt] (root,0,0,00:00:01/3-12:53:38,15) [migration/0] (root,0,0,00:00:00/3-12:53:38,16) [idle_inject/0] (root,0,0,00:00:00/3-12:53:38,18) [cpuhp/0] (root,0,0,00:00:00/3-12:53:38,19) [cpuhp/1] (root,0,0,00:00:00/3-12:53:38,20) [idle_inject/1] (root,0,0,00:00:01/3-12:53:38,21) [migration/1] (root,0,0,00:00:05/3-12:53:38,22) [ksoftirqd/1] (root,0,0,00:00:00/3-12:53:38,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-12:53:38,25) [cpuhp/2] (root,0,0,00:00:00/3-12:53:38,26) [idle_inject/2] (root,0,0,00:00:01/3-12:53:38,27) [migration/2] (root,0,0,00:06:05/3-12:53:38,28) [ksoftirqd/2] (root,0,0,00:00:00/3-12:53:38,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-12:53:38,31) [cpuhp/3] (root,0,0,00:00:00/3-12:53:38,32) [idle_inject/3] (root,0,0,00:00:01/3-12:53:38,33) [migration/3] (root,0,0,00:00:17/3-12:53:38,34) [ksoftirqd/3] (root,0,0,00:00:00/3-12:53:38,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-12:53:38,40) [kdevtmpfs] (root,0,0,00:00:00/3-12:53:38,41) [netns] (root,0,0,00:00:00/3-12:53:38,42) [inet_frag_wq] (root,0,0,00:00:00/3-12:53:38,43) [kauditd] (root,0,0,00:00:00/3-12:53:38,44) [khungtaskd] (root,0,0,00:00:00/3-12:53:38,45) [oom_reaper] (root,0,0,00:00:00/3-12:53:38,46) [writeback] (root,0,0,00:00:09/3-12:53:38,47) [kcompactd0] (root,0,0,00:00:00/3-12:53:38,48) [ksmd] (root,0,0,00:00:10/3-12:53:38,49) [khugepaged] (root,0,0,00:00:00/3-12:53:38,75) [kintegrityd] (root,0,0,00:00:00/3-12:53:38,76) [kblockd] (root,0,0,00:00:00/3-12:53:38,77) [blkcg_punt_bio] (root,0,0,00:00:00/3-12:53:38,79) [tpm_dev_wq] (root,0,0,00:00:00/3-12:53:38,80) [edac-poller] (root,0,0,00:00:00/3-12:53:38,81) [devfreq_wq] (root,0,0,00:00:00/3-12:53:38,110) [watchdogd] (root,0,0,00:00:00/3-12:53:38,111) [kswapd0] (root,0,0,00:00:00/3-12:53:38,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-12:53:36,115) [kthrotld] (root,0,0,00:00:00/3-12:53:36,116) [mld] (root,0,0,00:00:00/3-12:53:36,117) [ipv6_addrconf] (root,0,0,00:00:00/3-12:53:36,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-12:53:36,123) [kstrp] (root,0,0,00:00:00/3-12:53:36,124) [zswap-shrink] (root,0,0,00:00:00/3-12:53:36,125) [kworker/u9:0] (root,0,0,00:00:00/3-12:53:36,130) [charger_manager] (root,0,0,00:00:00/3-12:53:36,172) [kworker/1:1H-kblockd] (root,0,0,00:00:01/3-12:53:36,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-12:53:35,239) [kaluad] (root,0,0,00:00:00/3-12:53:35,258) [kmpath_rdacd] (root,0,0,00:00:00/3-12:53:35,304) [kmpathd] (root,0,0,00:00:00/3-12:53:35,305) [kmpath_handlerd] (root,0,0,00:00:00/3-12:53:34,342) [ata_sff] (root,0,0,00:00:00/3-12:53:34,343) [scsi_eh_0] (root,0,0,00:00:00/3-12:53:34,344) [scsi_tmf_0] (root,0,0,00:00:00/3-12:53:34,345) [scsi_eh_1] (root,0,0,00:00:00/3-12:53:34,346) [scsi_tmf_1] (root,0,0,00:00:05/3-12:53:31,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-12:53:31,367) [ext4-rsv-conver] (root,38604,7616,00:00:03/3-12:53:19,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/3-12:53:18,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:05/3-12:53:16,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/3-12:52:45,511) /sbin/auditd (messagebus,22932,5912,00:00:04/3-12:52:44,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8356,00:00:02/3-12:52:44,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/3-12:52:44,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/3-12:52:42,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/3-12:52:42,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22784,00:00:04/3-12:52:28,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/3-12:52:28,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/01:41:14,1333) [kworker/0:1-events] (root,21172,4536,00:00:23/3-12:52:28,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/3-12:52:28,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/3-12:52:28,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/3-12:52:28,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/3-12:52:28,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:04/3-12:52:28,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:28/3-12:52:28,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/3-12:52:28,1352) bpfilter_umh (root,26204,8212,00:00:00/3-12:52:28,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/3-12:52:28,1359) ntpd: asynchronous dns resolver (spot,206256,169268,04:03:23/3-12:52:27,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/3-12:52:27,1371) (sd-pam) (checkmk,48528,3192,00:00:00/3-12:52:27,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/3-12:52:27,1373) (sd-pam) (root,24216,5268,00:00:01/3-12:52:25,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/3-12:52:25,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/3-12:52:25,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/3-12:52:22,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:11/3-12:52:21,1527) sshd: syslogtunnel (root,615820,67960,00:04:37/3-12:52:19,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41868,00:01:49/3-12:52:07,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/08:20:19,2276) [kworker/1:2-events] (root,0,0,00:00:00/09:37,3150) [kworker/1:0] (root,35308,10108,00:00:00/3-12:51:42,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:10/3-12:51:42,3218) sshd: cm-ssh (root,0,0,00:00:02/08:04:16,5266) [kworker/2:1-events] (postfix,24244,8260,00:00:00/01:30:07,6052) pickup -l -t fifo -u (root,0,0,00:00:00/08:12,8609) [kworker/3:2-ata_sff] (root,6656,3484,00:00:00/00:00,10846) /bin/bash /usr/bin/check_mk_agent (root,6656,3480,00:00:00/00:00,10847) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,10879) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,10881) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:27:13,13330) [kworker/u8:2-writeback] (root,0,0,00:00:00/31:54,18236) [kworker/2:2-events] (root,0,0,00:00:00/01:16:41,27113) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/01:16:30,28172) [kworker/0:2-events] (root,0,0,00:00:00/28:58,28530) [kworker/3:0-events] (root,0,0,00:00:00/03:02,31661) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-13 23:42 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836372b22a95Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:04/1-20:28:08,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-20:28:08,2) [kthreadd] (root,0,0,00:00:00/1-20:28:08,3) [rcu_gp] (root,0,0,00:00:00/1-20:28:08,4) [rcu_par_gp] (root,0,0,00:00:00/1-20:28:08,5) [slub_flushwq] (root,0,0,00:00:00/1-20:28:08,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-20:28:08,9) [mm_percpu_wq] (root,0,0,00:00:00/1-20:28:08,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-20:28:08,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-20:28:08,12) [rcu_tasks_trace] (root,0,0,00:00:03/1-20:28:08,13) [ksoftirqd/0] (root,0,0,00:04:52/1-20:28:08,14) [rcu_preempt] (root,0,0,00:00:00/1-20:28:08,15) [migration/0] (root,0,0,00:00:00/1-20:28:08,16) [idle_inject/0] (root,0,0,00:00:00/1-20:28:08,18) [cpuhp/0] (root,0,0,00:00:00/1-20:28:08,19) [cpuhp/1] (root,0,0,00:00:00/1-20:28:08,20) [idle_inject/1] (root,0,0,00:00:01/1-20:28:08,21) [migration/1] (root,0,0,00:00:02/1-20:28:08,22) [ksoftirqd/1] (root,0,0,00:00:00/1-20:28:08,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-20:28:08,25) [cpuhp/2] (root,0,0,00:00:00/1-20:28:08,26) [idle_inject/2] (root,0,0,00:00:00/1-20:28:08,27) [migration/2] (root,0,0,00:03:32/1-20:28:08,28) [ksoftirqd/2] (root,0,0,00:00:00/1-20:28:08,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-20:28:08,31) [cpuhp/3] (root,0,0,00:00:00/1-20:28:08,32) [idle_inject/3] (root,0,0,00:00:00/1-20:28:08,33) [migration/3] (root,0,0,00:00:10/1-20:28:08,34) [ksoftirqd/3] (root,0,0,00:00:00/1-20:28:08,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-20:28:08,40) [kdevtmpfs] (root,0,0,00:00:00/1-20:28:08,41) [netns] (root,0,0,00:00:00/1-20:28:08,42) [inet_frag_wq] (root,0,0,00:00:00/1-20:28:08,43) [kauditd] (root,0,0,00:00:00/1-20:28:08,44) [khungtaskd] (root,0,0,00:00:00/1-20:28:08,45) [oom_reaper] (root,0,0,00:00:00/1-20:28:08,46) [writeback] (root,0,0,00:00:05/1-20:28:08,47) [kcompactd0] (root,0,0,00:00:00/1-20:28:08,48) [ksmd] (root,0,0,00:00:05/1-20:28:08,49) [khugepaged] (root,0,0,00:00:00/1-20:28:08,75) [kintegrityd] (root,0,0,00:00:00/1-20:28:08,76) [kblockd] (root,0,0,00:00:00/1-20:28:08,77) [blkcg_punt_bio] (root,0,0,00:00:00/1-20:28:08,79) [tpm_dev_wq] (root,0,0,00:00:00/1-20:28:08,80) [edac-poller] (root,0,0,00:00:00/1-20:28:08,81) [devfreq_wq] (root,0,0,00:00:00/1-20:28:08,110) [watchdogd] (root,0,0,00:00:00/1-20:28:08,111) [kswapd0] (root,0,0,00:00:00/1-20:28:08,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-20:28:06,115) [kthrotld] (root,0,0,00:00:00/1-20:28:06,116) [mld] (root,0,0,00:00:00/1-20:28:06,117) [ipv6_addrconf] (root,0,0,00:00:00/1-20:28:06,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-20:28:06,123) [kstrp] (root,0,0,00:00:00/1-20:28:06,124) [zswap-shrink] (root,0,0,00:00:00/1-20:28:06,125) [kworker/u9:0] (root,0,0,00:00:00/1-20:28:06,130) [charger_manager] (root,0,0,00:00:00/1-20:28:06,172) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-20:28:06,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-20:28:05,239) [kaluad] (root,0,0,00:00:00/1-20:28:05,258) [kmpath_rdacd] (root,0,0,00:00:00/1-20:28:05,304) [kmpathd] (root,0,0,00:00:00/1-20:28:05,305) [kmpath_handlerd] (root,0,0,00:00:00/1-20:28:04,342) [ata_sff] (root,0,0,00:00:00/1-20:28:04,343) [scsi_eh_0] (root,0,0,00:00:00/1-20:28:04,344) [scsi_tmf_0] (root,0,0,00:00:00/1-20:28:04,345) [scsi_eh_1] (root,0,0,00:00:00/1-20:28:04,346) [scsi_tmf_1] (root,0,0,00:00:03/1-20:28:01,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-20:28:01,367) [ext4-rsv-conver] (root,0,0,00:00:00/01:13:05,418) [kworker/3:2-events] (root,38604,7616,00:00:01/1-20:27:49,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/1-20:27:48,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:02/1-20:27:46,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/1-20:27:15,511) /sbin/auditd (messagebus,22932,5912,00:00:02/1-20:27:14,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8344,00:00:01/1-20:27:14,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/1-20:27:14,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/1-20:27:12,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/1-20:27:12,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22256,00:00:02/1-20:26:58,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/1-20:26:58,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:11/1-20:26:58,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/1-20:26:58,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/1-20:26:58,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/1-20:26:58,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/1-20:26:58,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:02/1-20:26:58,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:15/1-20:26:58,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/1-20:26:58,1352) bpfilter_umh (root,26204,8212,00:00:00/1-20:26:58,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/1-20:26:58,1359) ntpd: asynchronous dns resolver (spot,204620,167836,02:13:24/1-20:26:57,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/1-20:26:57,1371) (sd-pam) (checkmk,48528,3192,00:00:00/1-20:26:57,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/1-20:26:57,1373) (sd-pam) (root,24216,5268,00:00:00/1-20:26:55,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/1-20:26:55,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/1-20:26:55,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/1-20:26:52,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:06/1-20:26:51,1527) sshd: syslogtunnel (root,615564,67668,00:02:30/1-20:26:49,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41360,00:00:56/1-20:26:37,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/1-20:26:12,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:05/1-20:26:12,3218) sshd: cm-ssh (postfix,24244,8248,00:00:00/01:06:15,3568) pickup -l -t fifo -u (root,0,0,00:00:00/41:22,11562) [kworker/2:0] (root,0,0,00:00:00/04:01:48,12493) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/02:18:56,13394) [kworker/1:1-events] (root,0,0,00:00:02/02:08:02,15857) [kworker/1:2-events] (root,0,0,00:00:00/08:34,22299) [kworker/2:1-events] (root,0,0,00:00:00/05:39,23848) [kworker/3:1-ata_sff] (root,0,0,00:00:00/05:10:55,23968) [kworker/0:2-events] (root,0,0,00:00:00/01:35:43,25309) [kworker/0:1-events] (root,0,0,00:00:00/01:26:48,27905) [kworker/u8:2-writeback] (root,0,0,00:00:00/00:26,28798) [kworker/3:0-ata_sff] (root,6656,3492,00:00:00/00:00,28833) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,28851) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,28852) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-12 07:16
-
Open service 141.9.2.184:8080
2024-12-17 18:29
HTTP/1.0 407 Proxy Authentication Required Server: squid/2.5.STABLE12 Date: Tue, 17 Dec 2024 19:29:04 GMT Proxy-Authenticate: Basic realm="Access" Proxy-Authenticate: Digest realm="Access", qop="auth,auth-int", nonce="b'MTczNDQ2MDE0NC45MTE0OTY0OirkOXUAoeB/b5jDjQ0LY28='", opaque="8f0f2af8c4d060c63b264b6a282362b1" X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 X-Cache: MISS from fwy.eozooi.aw X-Cache-Lookup: NONE from fwy.eozooi.aw:8080 Connection: close Content-Type: text/html Content-Length: 319 Page title: 407 Proxy Authentication Required <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html> <head> <title>407 Proxy Authentication Required</title> </head> <body> <h1>407 Proxy Authentication Required</h1> </body> </html>Found 2024-12-17 by HttpPluginCreate report
Domain summary
No record