Host 141.9.201.220
Germany
Verein zur Foerderung eines Deutschen Forschungsnetzes e.V.
  • CheckMK monitoring endpoint publicly available
    IP: 141.9.201.220
    Port: 6556
    First seen 2024-09-11 14:59
    Last seen 2024-12-22 00:59
    Open for 101 days

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363924262de

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12584,00:01:36/39-14:37:00,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/39-14:37:00,2) [kthreadd]
(root,0,0,00:00:00/39-14:37:00,3) [rcu_gp]
(root,0,0,00:00:00/39-14:37:00,4) [rcu_par_gp]
(root,0,0,00:00:00/39-14:37:00,5) [slub_flushwq]
(root,0,0,00:00:00/39-14:37:00,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/39-14:37:00,9) [mm_percpu_wq]
(root,0,0,00:00:00/39-14:37:00,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/39-14:37:00,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/39-14:37:00,12) [rcu_tasks_trace]
(root,0,0,00:01:15/39-14:37:00,13) [ksoftirqd/0]
(root,0,0,01:45:18/39-14:37:00,14) [rcu_preempt]
(root,0,0,00:00:15/39-14:37:00,15) [migration/0]
(root,0,0,00:00:00/39-14:37:00,16) [idle_inject/0]
(root,0,0,00:00:00/39-14:37:00,18) [cpuhp/0]
(root,0,0,00:00:00/39-14:37:00,19) [cpuhp/1]
(root,0,0,00:00:00/39-14:37:00,20) [idle_inject/1]
(root,0,0,00:00:15/39-14:37:00,21) [migration/1]
(root,0,0,00:01:05/39-14:37:00,22) [ksoftirqd/1]
(root,0,0,00:00:00/39-14:37:00,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/39-14:37:00,25) [cpuhp/2]
(root,0,0,00:00:00/39-14:37:00,26) [idle_inject/2]
(root,0,0,00:00:12/39-14:37:00,27) [migration/2]
(root,0,0,01:14:06/39-14:37:00,28) [ksoftirqd/2]
(root,0,0,00:00:00/39-14:37:00,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/39-14:37:00,31) [cpuhp/3]
(root,0,0,00:00:00/39-14:37:00,32) [idle_inject/3]
(root,0,0,00:00:14/39-14:37:00,33) [migration/3]
(root,0,0,00:03:31/39-14:37:00,34) [ksoftirqd/3]
(root,0,0,00:00:00/39-14:37:00,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/39-14:37:00,39) [kdevtmpfs]
(root,0,0,00:00:00/39-14:37:00,40) [netns]
(root,0,0,00:00:00/39-14:37:00,41) [inet_frag_wq]
(root,0,0,00:00:09/39-14:37:00,42) [kauditd]
(root,0,0,00:00:00/39-14:37:00,43) [khungtaskd]
(root,0,0,00:00:00/39-14:37:00,44) [oom_reaper]
(root,0,0,00:00:00/39-14:37:00,45) [writeback]
(root,0,0,00:01:56/39-14:37:00,46) [kcompactd0]
(root,0,0,00:00:00/39-14:37:00,47) [ksmd]
(root,0,0,00:01:57/39-14:37:00,48) [khugepaged]
(root,0,0,00:00:00/39-14:37:00,74) [kintegrityd]
(root,0,0,00:00:00/39-14:37:00,75) [kblockd]
(root,0,0,00:00:00/39-14:37:00,76) [blkcg_punt_bio]
(root,0,0,00:00:00/39-14:37:00,78) [tpm_dev_wq]
(root,0,0,00:00:00/39-14:37:00,79) [edac-poller]
(root,0,0,00:00:00/39-14:37:00,80) [devfreq_wq]
(root,0,0,00:00:00/39-14:37:00,110) [watchdogd]
(root,0,0,00:00:08/39-14:37:00,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:02/39-14:37:00,112) [kswapd0]
(root,0,0,00:00:00/39-14:36:59,114) [kthrotld]
(root,0,0,00:00:00/39-14:36:59,115) [mld]
(root,0,0,00:00:00/39-14:36:59,116) [ipv6_addrconf]
(root,0,0,00:00:17/39-14:36:59,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/39-14:36:59,122) [kstrp]
(root,0,0,00:00:00/39-14:36:59,123) [zswap-shrink]
(root,0,0,00:00:00/39-14:36:59,124) [kworker/u9:0]
(root,0,0,00:00:00/39-14:36:59,129) [charger_manager]
(root,0,0,00:00:08/39-14:36:58,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:09/39-14:36:58,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/39-14:36:58,205) [kaluad]
(root,0,0,00:00:00/39-14:36:58,250) [kmpath_rdacd]
(root,0,0,00:00:00/39-14:36:58,293) [kmpathd]
(root,0,0,00:00:00/39-14:36:58,294) [kmpath_handlerd]
(root,0,0,00:00:00/39-14:36:58,342) [ata_sff]
(root,0,0,00:00:00/39-14:36:57,343) [scsi_eh_0]
(root,0,0,00:00:00/39-14:36:57,344) [scsi_tmf_0]
(root,0,0,00:00:00/39-14:36:57,345) [scsi_eh_1]
(root,0,0,00:00:00/39-14:36:57,346) [scsi_tmf_1]
(root,0,0,00:01:05/39-14:36:55,366) [jbd2/vda1-8]
(root,0,0,00:00:00/39-14:36:55,367) [ext4-rsv-conver]
(root,38604,7788,00:00:54/39-14:36:43,440) /usr/lib/systemd/systemd-journald
(root,53164,9480,00:00:04/39-14:36:42,456) /usr/lib/systemd/systemd-udevd
(root,8624,6716,00:00:59/39-14:36:40,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:19/39-14:36:06,512) /sbin/auditd
(messagebus,22936,5548,00:01:45/39-14:36:06,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8524,00:01:01/39-14:36:06,531) /usr/lib/systemd/systemd-logind
(root,20556,5000,00:00:00/39-14:36:06,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16108,00:00:03/39-14:36:05,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16848,00:00:00/39-14:36:05,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548616,32972,00:00:44/39-14:35:51,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26404,00:00:00/39-14:35:51,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4576,00:03:45/39-14:35:50,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/39-14:35:50,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10524,00:00:00/39-14:35:50,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/39-14:35:50,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/39-14:35:50,1201) /usr/lib/systemd/systemd --user
(root,448968,8396,00:00:50/39-14:35:50,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6052,00:05:23/39-14:35:50,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/39-14:35:50,1206) bpfilter_umh
(root,26204,8212,00:00:16/39-14:35:50,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/39-14:35:50,1215) ntpd: asynchronous dns resolver
(spot,299488,183096,2-02:58:43/39-14:35:50,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/39-14:35:49,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/39-14:35:49,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/39-14:35:49,1245) (sd-pam)
(root,24216,5344,00:00:13/39-14:35:48,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:02/39-14:35:48,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:05/39-14:35:47,1354) /usr/sbin/cron -n
(root,698484,82656,00:51:44/39-14:35:41,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,225728,66924,00:17:03/39-14:35:27,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:01/01:59:49,2674) [kworker/0:2-events]
(root,6656,3488,00:00:00/00:00,5225) /bin/bash /usr/bin/check_mk_agent
(root,13744,3408,00:00:00/00:00,5243) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,968,00:00:00/00:00,5244) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/40:30,5528) [kworker/1:2-events]
(root,0,0,00:00:00/06:17,7221) [kworker/3:0-events]
(root,0,0,00:00:00/01:34:05,9266) [kworker/u8:0-flush-253:0]
(root,0,0,00:00:00/02:18,10883) [kworker/0:1]
(root,0,0,00:00:00/25:18,12385) [kworker/0:0-cgroup_destroy]
(postfix,24244,8292,00:00:00/04:19,13685) pickup -l -t fifo -u
(root,0,0,00:00:00/02:07:51,15256) [kworker/u8:2-ext4-rsv-conversion]
(root,35308,10012,00:00:00/33-12:26:43,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:51/33-12:26:42,15391) sshd: cm-ssh
(root,0,0,00:00:00/04:11,15706) [kworker/1:1-ata_sff]
(root,35308,10072,00:00:00/23-13:55:21,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:01:22/23-13:55:20,16977) sshd: syslogtunnel
(root,0,0,00:00:00/45:19,19043) [kworker/3:2-cgroup_destroy]
(root,0,0,00:00:00/12:41,24965) [kworker/2:0-events]
(root,0,0,00:00:00/21:12,29419) [kworker/2:2-cgroup_destroy]
(postfix,44628,9272,00:00:01/33-19:12:28,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/09:24,31013) [kworker/1:0-ata_sff]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-22 00:59

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633b6f4f72

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12576,00:01:26/37-14:09:56,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/37-14:09:56,2) [kthreadd]
(root,0,0,00:00:00/37-14:09:56,3) [rcu_gp]
(root,0,0,00:00:00/37-14:09:56,4) [rcu_par_gp]
(root,0,0,00:00:00/37-14:09:56,5) [slub_flushwq]
(root,0,0,00:00:00/37-14:09:56,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/37-14:09:56,9) [mm_percpu_wq]
(root,0,0,00:00:00/37-14:09:56,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/37-14:09:56,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/37-14:09:56,12) [rcu_tasks_trace]
(root,0,0,00:01:09/37-14:09:56,13) [ksoftirqd/0]
(root,0,0,01:39:43/37-14:09:56,14) [rcu_preempt]
(root,0,0,00:00:14/37-14:09:56,15) [migration/0]
(root,0,0,00:00:00/37-14:09:56,16) [idle_inject/0]
(root,0,0,00:00:00/37-14:09:56,18) [cpuhp/0]
(root,0,0,00:00:00/37-14:09:56,19) [cpuhp/1]
(root,0,0,00:00:00/37-14:09:56,20) [idle_inject/1]
(root,0,0,00:00:14/37-14:09:56,21) [migration/1]
(root,0,0,00:01:00/37-14:09:56,22) [ksoftirqd/1]
(root,0,0,00:00:00/37-14:09:56,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/37-14:09:56,25) [cpuhp/2]
(root,0,0,00:00:00/37-14:09:56,26) [idle_inject/2]
(root,0,0,00:00:11/37-14:09:56,27) [migration/2]
(root,0,0,01:10:41/37-14:09:56,28) [ksoftirqd/2]
(root,0,0,00:00:00/37-14:09:56,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/37-14:09:56,31) [cpuhp/3]
(root,0,0,00:00:00/37-14:09:56,32) [idle_inject/3]
(root,0,0,00:00:14/37-14:09:56,33) [migration/3]
(root,0,0,00:03:20/37-14:09:56,34) [ksoftirqd/3]
(root,0,0,00:00:00/37-14:09:56,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/37-14:09:56,39) [kdevtmpfs]
(root,0,0,00:00:00/37-14:09:56,40) [netns]
(root,0,0,00:00:00/37-14:09:56,41) [inet_frag_wq]
(root,0,0,00:00:08/37-14:09:56,42) [kauditd]
(root,0,0,00:00:00/37-14:09:56,43) [khungtaskd]
(root,0,0,00:00:00/37-14:09:56,44) [oom_reaper]
(root,0,0,00:00:00/37-14:09:56,45) [writeback]
(root,0,0,00:01:50/37-14:09:56,46) [kcompactd0]
(root,0,0,00:00:00/37-14:09:56,47) [ksmd]
(root,0,0,00:01:50/37-14:09:56,48) [khugepaged]
(root,0,0,00:00:00/37-14:09:56,74) [kintegrityd]
(root,0,0,00:00:00/37-14:09:56,75) [kblockd]
(root,0,0,00:00:00/37-14:09:56,76) [blkcg_punt_bio]
(root,0,0,00:00:00/37-14:09:56,78) [tpm_dev_wq]
(root,0,0,00:00:00/37-14:09:56,79) [edac-poller]
(root,0,0,00:00:00/37-14:09:56,80) [devfreq_wq]
(root,0,0,00:00:00/37-14:09:56,110) [watchdogd]
(root,0,0,00:00:07/37-14:09:56,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:02/37-14:09:56,112) [kswapd0]
(root,0,0,00:00:00/37-14:09:55,114) [kthrotld]
(root,0,0,00:00:00/37-14:09:55,115) [mld]
(root,0,0,00:00:00/37-14:09:55,116) [ipv6_addrconf]
(root,0,0,00:00:16/37-14:09:55,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/37-14:09:55,122) [kstrp]
(root,0,0,00:00:00/37-14:09:55,123) [zswap-shrink]
(root,0,0,00:00:00/37-14:09:55,124) [kworker/u9:0]
(root,0,0,00:00:00/37-14:09:55,129) [charger_manager]
(root,0,0,00:00:08/37-14:09:54,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:08/37-14:09:54,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/37-14:09:54,205) [kaluad]
(root,0,0,00:00:00/37-14:09:54,250) [kmpath_rdacd]
(root,0,0,00:00:00/37-14:09:54,293) [kmpathd]
(root,0,0,00:00:00/37-14:09:54,294) [kmpath_handlerd]
(root,0,0,00:00:00/37-14:09:54,342) [ata_sff]
(root,0,0,00:00:00/37-14:09:53,343) [scsi_eh_0]
(root,0,0,00:00:00/37-14:09:53,344) [scsi_tmf_0]
(root,0,0,00:00:00/37-14:09:53,345) [scsi_eh_1]
(root,0,0,00:00:00/37-14:09:53,346) [scsi_tmf_1]
(root,0,0,00:01:01/37-14:09:51,366) [jbd2/vda1-8]
(root,0,0,00:00:00/37-14:09:51,367) [ext4-rsv-conver]
(root,38604,7788,00:00:48/37-14:09:39,440) /usr/lib/systemd/systemd-journald
(root,53164,9480,00:00:04/37-14:09:38,456) /usr/lib/systemd/systemd-udevd
(root,8624,6716,00:00:56/37-14:09:36,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:17/37-14:09:02,512) /sbin/auditd
(messagebus,22936,5548,00:01:32/37-14:09:02,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8524,00:00:54/37-14:09:02,531) /usr/lib/systemd/systemd-logind
(root,20556,5000,00:00:00/37-14:09:02,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16108,00:00:03/37-14:09:01,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16848,00:00:00/37-14:09:01,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548616,32972,00:00:42/37-14:08:47,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26404,00:00:00/37-14:08:47,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4576,00:03:32/37-14:08:46,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/37-14:08:46,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10524,00:00:00/37-14:08:46,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/37-14:08:46,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/37-14:08:46,1201) /usr/lib/systemd/systemd --user
(root,448968,8396,00:00:46/37-14:08:46,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6052,00:05:06/37-14:08:46,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/37-14:08:46,1206) bpfilter_umh
(root,26204,8212,00:00:14/37-14:08:46,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/37-14:08:46,1215) ntpd: asynchronous dns resolver
(spot,296464,182160,1-23:14:17/37-14:08:46,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/37-14:08:45,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/37-14:08:45,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/37-14:08:45,1245) (sd-pam)
(root,24216,5344,00:00:12/37-14:08:44,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:02/37-14:08:44,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:05/37-14:08:43,1354) /usr/sbin/cron -n
(root,698484,82412,00:49:06/37-14:08:37,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,224704,66044,00:16:08/37-14:08:23,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/09:32,2838) [kworker/3:1-events]
(root,0,0,00:00:00/08:57,4583) [kworker/u8:1-ext4-rsv-conversion]
(root,0,0,00:00:00/08:35,6208) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/07:26,10180) [kworker/2:2-events]
(root,35308,10012,00:00:00/31-11:59:39,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:44/31-11:59:38,15391) sshd: cm-ssh
(root,0,0,00:00:00/16:38,16397) [kworker/u8:0-ext4-rsv-conversion]
(root,35308,10072,00:00:00/21-13:28:17,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:01:14/21-13:28:16,16977) sshd: syslogtunnel
(root,0,0,00:00:00/01:51:58,17446) [kworker/0:2-events]
(root,0,0,00:00:00/15:39,18386) [kworker/3:2-events]
(root,0,0,00:00:00/01:00:28,21022) [kworker/1:1-events]
(root,0,0,00:00:00/03:23,21821) [kworker/1:0-ata_sff]
(root,0,0,00:00:00/25:52,26953) [kworker/0:1-cgroup_destroy]
(root,0,0,00:00:00/01:37,27235) [kworker/u8:2-writeback]
(postfix,44628,9272,00:00:01/31-18:45:24,30472) tlsmgr -l -t unix -u
(root,6656,3488,00:00:00/00:00,32419) /bin/bash /usr/bin/check_mk_agent
(root,13744,3384,00:00:00/00:00,32437) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,32438) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:02/01:55:58,32596) [kworker/2:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-20 00:32

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a14684e8

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12576,00:01:22/35-15:17:04,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/35-15:17:04,2) [kthreadd]
(root,0,0,00:00:00/35-15:17:04,3) [rcu_gp]
(root,0,0,00:00:00/35-15:17:04,4) [rcu_par_gp]
(root,0,0,00:00:00/35-15:17:04,5) [slub_flushwq]
(root,0,0,00:00:00/35-15:17:04,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/35-15:17:04,9) [mm_percpu_wq]
(root,0,0,00:00:00/35-15:17:04,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/35-15:17:04,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/35-15:17:04,12) [rcu_tasks_trace]
(root,0,0,00:01:05/35-15:17:04,13) [ksoftirqd/0]
(root,0,0,01:34:30/35-15:17:04,14) [rcu_preempt]
(root,0,0,00:00:13/35-15:17:04,15) [migration/0]
(root,0,0,00:00:00/35-15:17:04,16) [idle_inject/0]
(root,0,0,00:00:00/35-15:17:04,18) [cpuhp/0]
(root,0,0,00:00:00/35-15:17:04,19) [cpuhp/1]
(root,0,0,00:00:00/35-15:17:04,20) [idle_inject/1]
(root,0,0,00:00:14/35-15:17:04,21) [migration/1]
(root,0,0,00:00:57/35-15:17:04,22) [ksoftirqd/1]
(root,0,0,00:00:00/35-15:17:04,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/35-15:17:04,25) [cpuhp/2]
(root,0,0,00:00:00/35-15:17:04,26) [idle_inject/2]
(root,0,0,00:00:11/35-15:17:04,27) [migration/2]
(root,0,0,01:07:42/35-15:17:04,28) [ksoftirqd/2]
(root,0,0,00:00:00/35-15:17:04,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/35-15:17:04,31) [cpuhp/3]
(root,0,0,00:00:00/35-15:17:04,32) [idle_inject/3]
(root,0,0,00:00:13/35-15:17:04,33) [migration/3]
(root,0,0,00:03:11/35-15:17:04,34) [ksoftirqd/3]
(root,0,0,00:00:00/35-15:17:04,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/35-15:17:04,39) [kdevtmpfs]
(root,0,0,00:00:00/35-15:17:04,40) [netns]
(root,0,0,00:00:00/35-15:17:04,41) [inet_frag_wq]
(root,0,0,00:00:07/35-15:17:04,42) [kauditd]
(root,0,0,00:00:00/35-15:17:04,43) [khungtaskd]
(root,0,0,00:00:00/35-15:17:04,44) [oom_reaper]
(root,0,0,00:00:00/35-15:17:04,45) [writeback]
(root,0,0,00:01:45/35-15:17:04,46) [kcompactd0]
(root,0,0,00:00:00/35-15:17:04,47) [ksmd]
(root,0,0,00:01:43/35-15:17:04,48) [khugepaged]
(root,0,0,00:00:00/35-15:17:04,74) [kintegrityd]
(root,0,0,00:00:00/35-15:17:04,75) [kblockd]
(root,0,0,00:00:00/35-15:17:04,76) [blkcg_punt_bio]
(root,0,0,00:00:00/35-15:17:04,78) [tpm_dev_wq]
(root,0,0,00:00:00/35-15:17:04,79) [edac-poller]
(root,0,0,00:00:00/35-15:17:04,80) [devfreq_wq]
(root,0,0,00:00:00/35-15:17:04,110) [watchdogd]
(root,0,0,00:00:07/35-15:17:04,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:02/35-15:17:04,112) [kswapd0]
(root,0,0,00:00:00/35-15:17:03,114) [kthrotld]
(root,0,0,00:00:00/35-15:17:03,115) [mld]
(root,0,0,00:00:00/35-15:17:03,116) [ipv6_addrconf]
(root,0,0,00:00:15/35-15:17:03,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/35-15:17:03,122) [kstrp]
(root,0,0,00:00:00/35-15:17:03,123) [zswap-shrink]
(root,0,0,00:00:00/35-15:17:03,124) [kworker/u9:0]
(root,0,0,00:00:00/35-15:17:03,129) [charger_manager]
(root,0,0,00:00:07/35-15:17:02,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:08/35-15:17:02,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/35-15:17:02,205) [kaluad]
(root,0,0,00:00:00/35-15:17:02,250) [kmpath_rdacd]
(root,0,0,00:00:00/35-15:17:02,293) [kmpathd]
(root,0,0,00:00:00/35-15:17:02,294) [kmpath_handlerd]
(root,0,0,00:00:00/35-15:17:02,342) [ata_sff]
(root,0,0,00:00:00/35-15:17:01,343) [scsi_eh_0]
(root,0,0,00:00:00/35-15:17:01,344) [scsi_tmf_0]
(root,0,0,00:00:00/35-15:17:01,345) [scsi_eh_1]
(root,0,0,00:00:00/35-15:17:01,346) [scsi_tmf_1]
(root,0,0,00:00:58/35-15:16:59,366) [jbd2/vda1-8]
(root,0,0,00:00:00/35-15:16:59,367) [ext4-rsv-conver]
(root,38604,7788,00:00:46/35-15:16:47,440) /usr/lib/systemd/systemd-journald
(root,53164,9480,00:00:04/35-15:16:46,456) /usr/lib/systemd/systemd-udevd
(root,8624,6716,00:00:53/35-15:16:44,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:16/35-15:16:10,512) /sbin/auditd
(messagebus,22936,5548,00:01:28/35-15:16:10,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8524,00:00:51/35-15:16:10,531) /usr/lib/systemd/systemd-logind
(root,20556,5000,00:00:00/35-15:16:10,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16108,00:00:03/35-15:16:09,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16848,00:00:00/35-15:16:09,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548616,32960,00:00:40/35-15:15:55,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26404,00:00:00/35-15:15:55,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4576,00:03:21/35-15:15:54,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/35-15:15:54,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10524,00:00:00/35-15:15:54,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/35-15:15:54,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/35-15:15:54,1201) /usr/lib/systemd/systemd --user
(root,448968,8396,00:00:44/35-15:15:54,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6052,00:04:50/35-15:15:54,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/35-15:15:54,1206) bpfilter_umh
(root,26204,8212,00:00:13/35-15:15:54,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/35-15:15:54,1215) ntpd: asynchronous dns resolver
(spot,293896,180108,1-20:13:09/35-15:15:54,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/35-15:15:53,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/35-15:15:53,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/35-15:15:53,1245) (sd-pam)
(root,24216,5344,00:00:11/35-15:15:52,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:02/35-15:15:52,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:04/35-15:15:51,1354) /usr/sbin/cron -n
(root,698228,81996,00:46:34/35-15:15:45,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,223680,64164,00:15:16/35-15:15:31,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/02:33,4297) [kworker/1:2-events]
(root,0,0,00:00:00/59:38,7081) [kworker/1:1-ata_sff]
(root,0,0,00:00:00/01:08:46,10630) [kworker/u8:2-ext4-rsv-conversion]
(root,6656,3484,00:00:00/00:00,11477) /bin/bash /usr/bin/check_mk_agent
(root,13744,3416,00:00:00/00:00,11495) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,968,00:00:00/00:00,11496) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,35308,10012,00:00:00/29-13:06:47,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:38/29-13:06:46,15391) sshd: cm-ssh
(root,0,0,00:00:00/04:52:20,15974) [kworker/u8:1-writeback]
(postfix,24244,8228,00:00:00/01:28:12,16513) pickup -l -t fifo -u
(root,35308,10072,00:00:00/19-14:35:25,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:01:07/19-14:35:24,16977) sshd: syslogtunnel
(root,0,0,00:00:00/07:45,17230) [kworker/1:0-ata_sff]
(root,0,0,00:00:00/53:45,19051) [kworker/0:0-events]
(root,0,0,00:00:00/02:10:37,25943) [kworker/3:1]
(root,0,0,00:00:00/05:17,27958) [kworker/2:0-events]
(root,0,0,00:00:00/02:39:06,29889) [kworker/3:0-events]
(postfix,44628,9272,00:00:01/29-19:52:32,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/01:47:35,31877) [kworker/0:1-events]
(root,0,0,00:00:00/30:32,32365) [kworker/2:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-18 01:39

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683637392189d

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12576,00:01:18/33-12:58:57,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/33-12:58:57,2) [kthreadd]
(root,0,0,00:00:00/33-12:58:57,3) [rcu_gp]
(root,0,0,00:00:00/33-12:58:57,4) [rcu_par_gp]
(root,0,0,00:00:00/33-12:58:57,5) [slub_flushwq]
(root,0,0,00:00:00/33-12:58:57,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/33-12:58:57,9) [mm_percpu_wq]
(root,0,0,00:00:00/33-12:58:57,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/33-12:58:57,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/33-12:58:57,12) [rcu_tasks_trace]
(root,0,0,00:01:01/33-12:58:57,13) [ksoftirqd/0]
(root,0,0,01:29:04/33-12:58:57,14) [rcu_preempt]
(root,0,0,00:00:12/33-12:58:57,15) [migration/0]
(root,0,0,00:00:00/33-12:58:57,16) [idle_inject/0]
(root,0,0,00:00:00/33-12:58:57,18) [cpuhp/0]
(root,0,0,00:00:00/33-12:58:57,19) [cpuhp/1]
(root,0,0,00:00:00/33-12:58:57,20) [idle_inject/1]
(root,0,0,00:00:13/33-12:58:57,21) [migration/1]
(root,0,0,00:00:53/33-12:58:57,22) [ksoftirqd/1]
(root,0,0,00:00:00/33-12:58:57,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/33-12:58:57,25) [cpuhp/2]
(root,0,0,00:00:00/33-12:58:57,26) [idle_inject/2]
(root,0,0,00:00:10/33-12:58:57,27) [migration/2]
(root,0,0,01:04:48/33-12:58:57,28) [ksoftirqd/2]
(root,0,0,00:00:00/33-12:58:57,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/33-12:58:57,31) [cpuhp/3]
(root,0,0,00:00:00/33-12:58:57,32) [idle_inject/3]
(root,0,0,00:00:12/33-12:58:57,33) [migration/3]
(root,0,0,00:03:01/33-12:58:57,34) [ksoftirqd/3]
(root,0,0,00:00:00/33-12:58:57,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/33-12:58:57,39) [kdevtmpfs]
(root,0,0,00:00:00/33-12:58:57,40) [netns]
(root,0,0,00:00:00/33-12:58:57,41) [inet_frag_wq]
(root,0,0,00:00:07/33-12:58:57,42) [kauditd]
(root,0,0,00:00:00/33-12:58:57,43) [khungtaskd]
(root,0,0,00:00:00/33-12:58:57,44) [oom_reaper]
(root,0,0,00:00:00/33-12:58:57,45) [writeback]
(root,0,0,00:01:38/33-12:58:57,46) [kcompactd0]
(root,0,0,00:00:00/33-12:58:57,47) [ksmd]
(root,0,0,00:01:37/33-12:58:57,48) [khugepaged]
(root,0,0,00:00:00/33-12:58:57,74) [kintegrityd]
(root,0,0,00:00:00/33-12:58:57,75) [kblockd]
(root,0,0,00:00:00/33-12:58:57,76) [blkcg_punt_bio]
(root,0,0,00:00:00/33-12:58:57,78) [tpm_dev_wq]
(root,0,0,00:00:00/33-12:58:57,79) [edac-poller]
(root,0,0,00:00:00/33-12:58:57,80) [devfreq_wq]
(root,0,0,00:00:00/33-12:58:57,110) [watchdogd]
(root,0,0,00:00:07/33-12:58:57,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:02/33-12:58:57,112) [kswapd0]
(root,0,0,00:00:00/33-12:58:56,114) [kthrotld]
(root,0,0,00:00:00/33-12:58:56,115) [mld]
(root,0,0,00:00:00/33-12:58:56,116) [ipv6_addrconf]
(root,0,0,00:00:14/33-12:58:56,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/33-12:58:56,122) [kstrp]
(root,0,0,00:00:00/33-12:58:56,123) [zswap-shrink]
(root,0,0,00:00:00/33-12:58:56,124) [kworker/u9:0]
(root,0,0,00:00:00/33-12:58:56,129) [charger_manager]
(root,0,0,00:00:07/33-12:58:55,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:07/33-12:58:55,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/33-12:58:55,205) [kaluad]
(root,0,0,00:00:00/33-12:58:55,250) [kmpath_rdacd]
(root,0,0,00:00:00/33-12:58:55,293) [kmpathd]
(root,0,0,00:00:00/33-12:58:55,294) [kmpath_handlerd]
(root,0,0,00:00:00/33-12:58:55,342) [ata_sff]
(root,0,0,00:00:00/33-12:58:54,343) [scsi_eh_0]
(root,0,0,00:00:00/33-12:58:54,344) [scsi_tmf_0]
(root,0,0,00:00:00/33-12:58:54,345) [scsi_eh_1]
(root,0,0,00:00:00/33-12:58:54,346) [scsi_tmf_1]
(root,0,0,00:00:54/33-12:58:52,366) [jbd2/vda1-8]
(root,0,0,00:00:00/33-12:58:52,367) [ext4-rsv-conver]
(root,38604,7788,00:00:44/33-12:58:40,440) /usr/lib/systemd/systemd-journald
(root,53164,9480,00:00:03/33-12:58:39,456) /usr/lib/systemd/systemd-udevd
(root,8624,6716,00:00:50/33-12:58:37,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:16/33-12:58:03,512) /sbin/auditd
(messagebus,22936,5548,00:01:25/33-12:58:03,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8524,00:00:49/33-12:58:03,531) /usr/lib/systemd/systemd-logind
(root,20556,5000,00:00:00/33-12:58:03,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16108,00:00:03/33-12:58:02,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16848,00:00:00/33-12:58:02,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,0,0,00:00:00/01:50:36,727) [kworker/u8:2-ext4-rsv-conversion]
(root,548360,32524,00:00:38/33-12:57:48,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26404,00:00:00/33-12:57:48,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4576,00:03:08/33-12:57:47,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/33-12:57:47,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10524,00:00:00/33-12:57:47,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/33-12:57:47,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/33-12:57:47,1201) /usr/lib/systemd/systemd --user
(root,448968,8444,00:00:42/33-12:57:47,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6052,00:04:34/33-12:57:47,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/33-12:57:47,1206) bpfilter_umh
(root,26204,8212,00:00:13/33-12:57:47,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/33-12:57:47,1215) ntpd: asynchronous dns resolver
(spot,293368,180020,1-17:43:49/33-12:57:47,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/33-12:57:46,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/33-12:57:46,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/33-12:57:46,1245) (sd-pam)
(root,24216,5344,00:00:11/33-12:57:45,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:02/33-12:57:45,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:04/33-12:57:44,1354) /usr/sbin/cron -n
(root,697972,81828,00:43:52/33-12:57:38,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,222656,63272,00:14:26/33-12:57:24,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/52:19,3524) [kworker/2:2-events]
(root,0,0,00:00:00/05:56,3850) [kworker/1:1-ata_sff]
(root,0,0,00:00:00/05:36,7073) [kworker/u8:1-flush-253:0]
(root,0,0,00:00:00/31:52,7957) [kworker/1:0-ata_sff]
(postfix,24244,8272,00:00:00/01:11:00,13877) pickup -l -t fifo -u
(root,35308,10012,00:00:00/27-10:48:40,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:31/27-10:48:39,15391) sshd: cm-ssh
(root,35308,10072,00:00:00/17-12:17:18,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:01:00/17-12:17:17,16977) sshd: syslogtunnel
(root,0,0,00:00:00/01:29:14,18088) [kworker/3:2-cgroup_destroy]
(root,0,0,00:00:00/22:38,19428) [kworker/0:2-events]
(root,0,0,00:00:03/01:58:54,24863) [kworker/2:1-events]
(root,0,0,00:00:00/00:43,25067) [kworker/1:2-events]
(root,6656,3488,00:00:00/00:00,29072) /bin/bash /usr/bin/check_mk_agent
(root,13744,3360,00:00:00/00:00,29090) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,968,00:00:00/00:00,29091) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:02/02:21:12,29457) [kworker/3:0-events]
(postfix,44628,9316,00:00:01/27-17:34:25,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/30:05,31017) [kworker/0:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-15 23:21

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e94c2dc7

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12576,00:01:15/31-12:35:59,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/31-12:35:59,2) [kthreadd]
(root,0,0,00:00:00/31-12:35:59,3) [rcu_gp]
(root,0,0,00:00:00/31-12:35:59,4) [rcu_par_gp]
(root,0,0,00:00:00/31-12:35:59,5) [slub_flushwq]
(root,0,0,00:00:00/31-12:35:59,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/31-12:35:59,9) [mm_percpu_wq]
(root,0,0,00:00:00/31-12:35:59,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/31-12:35:59,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/31-12:35:59,12) [rcu_tasks_trace]
(root,0,0,00:00:57/31-12:35:59,13) [ksoftirqd/0]
(root,0,0,01:23:49/31-12:35:59,14) [rcu_preempt]
(root,0,0,00:00:11/31-12:35:59,15) [migration/0]
(root,0,0,00:00:00/31-12:35:59,16) [idle_inject/0]
(root,0,0,00:00:00/31-12:35:59,18) [cpuhp/0]
(root,0,0,00:00:00/31-12:35:59,19) [cpuhp/1]
(root,0,0,00:00:00/31-12:35:59,20) [idle_inject/1]
(root,0,0,00:00:12/31-12:35:59,21) [migration/1]
(root,0,0,00:00:50/31-12:35:59,22) [ksoftirqd/1]
(root,0,0,00:00:00/31-12:35:59,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/31-12:35:59,25) [cpuhp/2]
(root,0,0,00:00:00/31-12:35:59,26) [idle_inject/2]
(root,0,0,00:00:09/31-12:35:59,27) [migration/2]
(root,0,0,01:01:42/31-12:35:59,28) [ksoftirqd/2]
(root,0,0,00:00:00/31-12:35:59,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/31-12:35:59,31) [cpuhp/3]
(root,0,0,00:00:00/31-12:35:59,32) [idle_inject/3]
(root,0,0,00:00:11/31-12:35:59,33) [migration/3]
(root,0,0,00:02:50/31-12:35:59,34) [ksoftirqd/3]
(root,0,0,00:00:00/31-12:35:59,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/31-12:35:59,39) [kdevtmpfs]
(root,0,0,00:00:00/31-12:35:59,40) [netns]
(root,0,0,00:00:00/31-12:35:59,41) [inet_frag_wq]
(root,0,0,00:00:07/31-12:35:59,42) [kauditd]
(root,0,0,00:00:00/31-12:35:59,43) [khungtaskd]
(root,0,0,00:00:00/31-12:35:59,44) [oom_reaper]
(root,0,0,00:00:00/31-12:35:59,45) [writeback]
(root,0,0,00:01:32/31-12:35:59,46) [kcompactd0]
(root,0,0,00:00:00/31-12:35:59,47) [ksmd]
(root,0,0,00:01:31/31-12:35:59,48) [khugepaged]
(root,0,0,00:00:00/31-12:35:59,74) [kintegrityd]
(root,0,0,00:00:00/31-12:35:59,75) [kblockd]
(root,0,0,00:00:00/31-12:35:59,76) [blkcg_punt_bio]
(root,0,0,00:00:00/31-12:35:59,78) [tpm_dev_wq]
(root,0,0,00:00:00/31-12:35:59,79) [edac-poller]
(root,0,0,00:00:00/31-12:35:59,80) [devfreq_wq]
(root,0,0,00:00:00/31-12:35:59,110) [watchdogd]
(root,0,0,00:00:06/31-12:35:59,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:02/31-12:35:59,112) [kswapd0]
(root,0,0,00:00:00/31-12:35:58,114) [kthrotld]
(root,0,0,00:00:00/31-12:35:58,115) [mld]
(root,0,0,00:00:00/31-12:35:58,116) [ipv6_addrconf]
(root,0,0,00:00:13/31-12:35:58,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/31-12:35:58,122) [kstrp]
(root,0,0,00:00:00/31-12:35:58,123) [zswap-shrink]
(root,0,0,00:00:00/31-12:35:58,124) [kworker/u9:0]
(root,0,0,00:00:00/31-12:35:58,129) [charger_manager]
(root,0,0,00:00:07/31-12:35:57,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:07/31-12:35:57,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/31-12:35:57,205) [kaluad]
(root,0,0,00:00:00/31-12:35:57,250) [kmpath_rdacd]
(root,0,0,00:00:00/31-12:35:57,293) [kmpathd]
(root,0,0,00:00:00/31-12:35:57,294) [kmpath_handlerd]
(root,0,0,00:00:00/31-12:35:57,342) [ata_sff]
(root,0,0,00:00:00/31-12:35:56,343) [scsi_eh_0]
(root,0,0,00:00:00/31-12:35:56,344) [scsi_tmf_0]
(root,0,0,00:00:00/31-12:35:56,345) [scsi_eh_1]
(root,0,0,00:00:00/31-12:35:56,346) [scsi_tmf_1]
(root,0,0,00:00:51/31-12:35:54,366) [jbd2/vda1-8]
(root,0,0,00:00:00/31-12:35:54,367) [ext4-rsv-conver]
(root,38604,7788,00:00:42/31-12:35:42,440) /usr/lib/systemd/systemd-journald
(root,53164,9480,00:00:03/31-12:35:41,456) /usr/lib/systemd/systemd-udevd
(root,8624,6716,00:00:47/31-12:35:39,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:15/31-12:35:05,512) /sbin/auditd
(messagebus,22936,5548,00:01:21/31-12:35:05,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8524,00:00:47/31-12:35:05,531) /usr/lib/systemd/systemd-logind
(root,20556,5000,00:00:00/31-12:35:05,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16108,00:00:03/31-12:35:04,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16848,00:00:00/31-12:35:04,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,0,0,00:00:00/52:39,843) [kworker/u8:2-ext4-rsv-conversion]
(root,548360,31484,00:00:35/31-12:34:50,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26404,00:00:00/31-12:34:50,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4576,00:02:55/31-12:34:49,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/31-12:34:49,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10524,00:00:00/31-12:34:49,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/31-12:34:49,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/31-12:34:49,1201) /usr/lib/systemd/systemd --user
(root,448968,8444,00:00:40/31-12:34:49,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6052,00:04:17/31-12:34:49,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/31-12:34:49,1206) bpfilter_umh
(root,26204,8212,00:00:12/31-12:34:49,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/31-12:34:49,1215) ntpd: asynchronous dns resolver
(spot,286552,173744,1-15:26:25/31-12:34:49,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/31-12:34:48,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/31-12:34:48,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/31-12:34:48,1245) (sd-pam)
(root,24216,5344,00:00:10/31-12:34:47,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:02/31-12:34:47,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:04/31-12:34:46,1354) /usr/sbin/cron -n
(root,697972,81512,00:41:14/31-12:34:40,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,221632,61380,00:13:36/31-12:34:26,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:02/03:49:21,5886) [kworker/3:1-events]
(root,0,0,00:00:02/03:26:50,8787) [kworker/0:2-events]
(root,0,0,00:00:00/07:18,9978) [kworker/3:0-events]
(root,0,0,00:00:01/51:45,11542) [kworker/2:0-events]
(root,35308,10012,00:00:00/25-10:25:42,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:24/25-10:25:41,15391) sshd: cm-ssh
(root,0,0,00:00:00/01:02:37,16327) [kworker/u8:0-writeback]
(root,35308,10072,00:00:00/15-11:54:20,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:53/15-11:54:19,16977) sshd: syslogtunnel
(root,0,0,00:00:00/08:23,24941) [kworker/1:2-ata_sff]
(postfix,24244,8232,00:00:00/01:09:59,25164) pickup -l -t fifo -u
(root,6656,3492,00:00:00/00:00,26411) /bin/bash /usr/bin/check_mk_agent
(root,13744,3512,00:00:00/00:00,26429) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,26430) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/29:22,29649) [kworker/2:2-events]
(root,0,0,00:00:00/03:13,29982) [kworker/1:1-ata_sff]
(postfix,44628,9316,00:00:01/25-17:11:27,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/29:09,31543) [kworker/1:0-events]
(root,0,0,00:00:00/04:41:18,31966) [kworker/0:0-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-13 22:58

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836397ac20f0

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12576,00:01:12/29-13:05:05,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/29-13:05:05,2) [kthreadd]
(root,0,0,00:00:00/29-13:05:05,3) [rcu_gp]
(root,0,0,00:00:00/29-13:05:05,4) [rcu_par_gp]
(root,0,0,00:00:00/29-13:05:05,5) [slub_flushwq]
(root,0,0,00:00:00/29-13:05:05,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/29-13:05:05,9) [mm_percpu_wq]
(root,0,0,00:00:00/29-13:05:05,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/29-13:05:05,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/29-13:05:05,12) [rcu_tasks_trace]
(root,0,0,00:00:53/29-13:05:05,13) [ksoftirqd/0]
(root,0,0,01:18:42/29-13:05:05,14) [rcu_preempt]
(root,0,0,00:00:11/29-13:05:05,15) [migration/0]
(root,0,0,00:00:00/29-13:05:05,16) [idle_inject/0]
(root,0,0,00:00:00/29-13:05:05,18) [cpuhp/0]
(root,0,0,00:00:00/29-13:05:05,19) [cpuhp/1]
(root,0,0,00:00:00/29-13:05:05,20) [idle_inject/1]
(root,0,0,00:00:11/29-13:05:05,21) [migration/1]
(root,0,0,00:00:46/29-13:05:05,22) [ksoftirqd/1]
(root,0,0,00:00:00/29-13:05:05,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/29-13:05:05,25) [cpuhp/2]
(root,0,0,00:00:00/29-13:05:05,26) [idle_inject/2]
(root,0,0,00:00:09/29-13:05:05,27) [migration/2]
(root,0,0,00:58:02/29-13:05:05,28) [ksoftirqd/2]
(root,0,0,00:00:00/29-13:05:05,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/29-13:05:05,31) [cpuhp/3]
(root,0,0,00:00:00/29-13:05:05,32) [idle_inject/3]
(root,0,0,00:00:11/29-13:05:05,33) [migration/3]
(root,0,0,00:02:40/29-13:05:05,34) [ksoftirqd/3]
(root,0,0,00:00:00/29-13:05:05,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/29-13:05:05,39) [kdevtmpfs]
(root,0,0,00:00:00/29-13:05:05,40) [netns]
(root,0,0,00:00:00/29-13:05:05,41) [inet_frag_wq]
(root,0,0,00:00:06/29-13:05:05,42) [kauditd]
(root,0,0,00:00:00/29-13:05:05,43) [khungtaskd]
(root,0,0,00:00:00/29-13:05:05,44) [oom_reaper]
(root,0,0,00:00:00/29-13:05:05,45) [writeback]
(root,0,0,00:01:26/29-13:05:05,46) [kcompactd0]
(root,0,0,00:00:00/29-13:05:05,47) [ksmd]
(root,0,0,00:01:25/29-13:05:05,48) [khugepaged]
(root,0,0,00:00:00/29-13:05:05,74) [kintegrityd]
(root,0,0,00:00:00/29-13:05:05,75) [kblockd]
(root,0,0,00:00:00/29-13:05:05,76) [blkcg_punt_bio]
(root,0,0,00:00:00/29-13:05:05,78) [tpm_dev_wq]
(root,0,0,00:00:00/29-13:05:05,79) [edac-poller]
(root,0,0,00:00:00/29-13:05:05,80) [devfreq_wq]
(root,0,0,00:00:00/29-13:05:05,110) [watchdogd]
(root,0,0,00:00:06/29-13:05:05,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:02/29-13:05:05,112) [kswapd0]
(root,0,0,00:00:00/29-13:05:04,114) [kthrotld]
(root,0,0,00:00:00/29-13:05:04,115) [mld]
(root,0,0,00:00:00/29-13:05:04,116) [ipv6_addrconf]
(root,0,0,00:00:12/29-13:05:04,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/29-13:05:04,122) [kstrp]
(root,0,0,00:00:00/29-13:05:04,123) [zswap-shrink]
(root,0,0,00:00:00/29-13:05:04,124) [kworker/u9:0]
(root,0,0,00:00:00/29-13:05:04,129) [charger_manager]
(root,0,0,00:00:06/29-13:05:03,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:06/29-13:05:03,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/29-13:05:03,205) [kaluad]
(root,0,0,00:00:00/29-13:05:03,250) [kmpath_rdacd]
(root,0,0,00:00:00/29-13:05:03,293) [kmpathd]
(root,0,0,00:00:00/29-13:05:03,294) [kmpath_handlerd]
(root,0,0,00:00:00/29-13:05:03,342) [ata_sff]
(root,0,0,00:00:00/29-13:05:02,343) [scsi_eh_0]
(root,0,0,00:00:00/29-13:05:02,344) [scsi_tmf_0]
(root,0,0,00:00:00/29-13:05:02,345) [scsi_eh_1]
(root,0,0,00:00:00/29-13:05:02,346) [scsi_tmf_1]
(root,0,0,00:00:48/29-13:05:00,366) [jbd2/vda1-8]
(root,0,0,00:00:00/29-13:05:00,367) [ext4-rsv-conver]
(root,38604,7788,00:00:40/29-13:04:48,440) /usr/lib/systemd/systemd-journald
(root,53164,9480,00:00:03/29-13:04:47,456) /usr/lib/systemd/systemd-udevd
(root,8624,6716,00:00:44/29-13:04:45,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:14/29-13:04:11,512) /sbin/auditd
(messagebus,22936,5548,00:01:18/29-13:04:11,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8524,00:00:45/29-13:04:11,531) /usr/lib/systemd/systemd-logind
(root,20556,5000,00:00:00/29-13:04:11,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16108,00:00:03/29-13:04:10,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16848,00:00:00/29-13:04:10,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548360,31484,00:00:33/29-13:03:56,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26404,00:00:00/29-13:03:56,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:02:41/29-13:03:55,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/29-13:03:55,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10524,00:00:00/29-13:03:55,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/29-13:03:55,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/29-13:03:55,1201) /usr/lib/systemd/systemd --user
(root,448968,8444,00:00:38/29-13:03:55,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6052,00:04:01/29-13:03:55,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/29-13:03:55,1206) bpfilter_umh
(root,26204,8212,00:00:12/29-13:03:55,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/29-13:03:55,1215) ntpd: asynchronous dns resolver
(spot,291548,178800,1-12:56:30/29-13:03:55,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/29-13:03:54,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/29-13:03:54,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/29-13:03:54,1245) (sd-pam)
(root,24216,5344,00:00:09/29-13:03:53,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:02/29-13:03:53,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:04/29-13:03:52,1354) /usr/sbin/cron -n
(root,697576,81132,00:38:38/29-13:03:46,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,220608,60496,00:12:52/29-13:03:32,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/06:56,3727) [kworker/2:1]
(root,0,0,00:00:00/06:52,3949) [kworker/u8:1-writeback]
(root,0,0,00:00:00/10:19:19,6101) [kworker/0:2-events]
(root,0,0,00:00:00/05:51,7065) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/02:12:12,8802) [kworker/u8:0]
(root,0,0,00:00:00/28:53,12543) [kworker/3:2-events]
(root,0,0,00:00:00/27:17,13387) [kworker/2:0-events]
(root,0,0,00:00:00/01:32:06,14764) [kworker/3:0-events]
(root,35308,10012,00:00:00/23-10:54:48,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:18/23-10:54:47,15391) sshd: cm-ssh
(root,35308,10072,00:00:00/13-12:23:26,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:46/13-12:23:25,16977) sshd: syslogtunnel
(root,0,0,00:00:00/00:40,20153) [kworker/1:1-ata_sff]
(root,0,0,00:00:01/05:47:38,20264) [kworker/0:1-events]
(root,6656,3488,00:00:00/00:00,21813) /bin/bash /usr/bin/check_mk_agent
(root,13744,3388,00:00:00/00:00,21831) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,21832) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(postfix,24244,8172,00:00:00/20:51,28504) pickup -l -t fifo -u
(root,0,0,00:00:07/15:24:11,29407) [kworker/1:0-events]
(postfix,44628,9316,00:00:01/23-17:40:33,30472) tlsmgr -l -t unix -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-11 23:27

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c5db9a80

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12576,00:01:08/27-13:18:02,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/27-13:18:02,2) [kthreadd]
(root,0,0,00:00:00/27-13:18:02,3) [rcu_gp]
(root,0,0,00:00:00/27-13:18:02,4) [rcu_par_gp]
(root,0,0,00:00:00/27-13:18:02,5) [slub_flushwq]
(root,0,0,00:00:00/27-13:18:02,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/27-13:18:02,9) [mm_percpu_wq]
(root,0,0,00:00:00/27-13:18:02,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/27-13:18:02,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/27-13:18:02,12) [rcu_tasks_trace]
(root,0,0,00:00:50/27-13:18:02,13) [ksoftirqd/0]
(root,0,0,01:13:35/27-13:18:02,14) [rcu_preempt]
(root,0,0,00:00:10/27-13:18:02,15) [migration/0]
(root,0,0,00:00:00/27-13:18:02,16) [idle_inject/0]
(root,0,0,00:00:00/27-13:18:02,18) [cpuhp/0]
(root,0,0,00:00:00/27-13:18:02,19) [cpuhp/1]
(root,0,0,00:00:00/27-13:18:02,20) [idle_inject/1]
(root,0,0,00:00:10/27-13:18:02,21) [migration/1]
(root,0,0,00:00:43/27-13:18:02,22) [ksoftirqd/1]
(root,0,0,00:00:00/27-13:18:02,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/27-13:18:02,25) [cpuhp/2]
(root,0,0,00:00:00/27-13:18:02,26) [idle_inject/2]
(root,0,0,00:00:08/27-13:18:02,27) [migration/2]
(root,0,0,00:55:22/27-13:18:02,28) [ksoftirqd/2]
(root,0,0,00:00:00/27-13:18:02,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/27-13:18:02,31) [cpuhp/3]
(root,0,0,00:00:00/27-13:18:02,32) [idle_inject/3]
(root,0,0,00:00:10/27-13:18:02,33) [migration/3]
(root,0,0,00:02:31/27-13:18:02,34) [ksoftirqd/3]
(root,0,0,00:00:00/27-13:18:02,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/27-13:18:02,39) [kdevtmpfs]
(root,0,0,00:00:00/27-13:18:02,40) [netns]
(root,0,0,00:00:00/27-13:18:02,41) [inet_frag_wq]
(root,0,0,00:00:06/27-13:18:02,42) [kauditd]
(root,0,0,00:00:00/27-13:18:02,43) [khungtaskd]
(root,0,0,00:00:00/27-13:18:02,44) [oom_reaper]
(root,0,0,00:00:00/27-13:18:02,45) [writeback]
(root,0,0,00:01:21/27-13:18:02,46) [kcompactd0]
(root,0,0,00:00:00/27-13:18:02,47) [ksmd]
(root,0,0,00:01:19/27-13:18:02,48) [khugepaged]
(root,0,0,00:00:00/27-13:18:02,74) [kintegrityd]
(root,0,0,00:00:00/27-13:18:02,75) [kblockd]
(root,0,0,00:00:00/27-13:18:02,76) [blkcg_punt_bio]
(root,0,0,00:00:00/27-13:18:02,78) [tpm_dev_wq]
(root,0,0,00:00:00/27-13:18:02,79) [edac-poller]
(root,0,0,00:00:00/27-13:18:02,80) [devfreq_wq]
(root,0,0,00:00:00/27-13:18:02,110) [watchdogd]
(root,0,0,00:00:05/27-13:18:02,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:02/27-13:18:02,112) [kswapd0]
(root,0,0,00:00:00/27-13:18:01,114) [kthrotld]
(root,0,0,00:00:00/27-13:18:01,115) [mld]
(root,0,0,00:00:00/27-13:18:01,116) [ipv6_addrconf]
(root,0,0,00:00:11/27-13:18:01,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/27-13:18:01,122) [kstrp]
(root,0,0,00:00:00/27-13:18:01,123) [zswap-shrink]
(root,0,0,00:00:00/27-13:18:01,124) [kworker/u9:0]
(root,0,0,00:00:00/27-13:18:01,129) [charger_manager]
(root,0,0,00:00:06/27-13:18:00,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:06/27-13:18:00,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/27-13:18:00,205) [kaluad]
(root,0,0,00:00:00/27-13:18:00,250) [kmpath_rdacd]
(root,0,0,00:00:00/27-13:18:00,293) [kmpathd]
(root,0,0,00:00:00/27-13:18:00,294) [kmpath_handlerd]
(root,0,0,00:00:00/27-13:18:00,342) [ata_sff]
(root,0,0,00:00:00/27-13:17:59,343) [scsi_eh_0]
(root,0,0,00:00:00/27-13:17:59,344) [scsi_tmf_0]
(root,0,0,00:00:00/27-13:17:59,345) [scsi_eh_1]
(root,0,0,00:00:00/27-13:17:59,346) [scsi_tmf_1]
(root,0,0,00:00:44/27-13:17:57,366) [jbd2/vda1-8]
(root,0,0,00:00:00/27-13:17:57,367) [ext4-rsv-conver]
(root,38604,7788,00:00:38/27-13:17:45,440) /usr/lib/systemd/systemd-journald
(root,53164,9480,00:00:03/27-13:17:44,456) /usr/lib/systemd/systemd-udevd
(root,8624,6716,00:00:41/27-13:17:42,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:14/27-13:17:08,512) /sbin/auditd
(messagebus,22936,5548,00:01:14/27-13:17:08,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8520,00:00:43/27-13:17:08,531) /usr/lib/systemd/systemd-logind
(root,20556,5000,00:00:00/27-13:17:08,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16108,00:00:03/27-13:17:07,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16848,00:00:00/27-13:17:07,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548360,31484,00:00:31/27-13:16:53,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26404,00:00:00/27-13:16:53,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:02:33/27-13:16:52,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/27-13:16:52,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10524,00:00:00/27-13:16:52,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/27-13:16:52,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/27-13:16:52,1201) /usr/lib/systemd/systemd --user
(root,448968,8444,00:00:36/27-13:16:52,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6052,00:03:45/27-13:16:52,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/27-13:16:52,1206) bpfilter_umh
(root,26204,8212,00:00:11/27-13:16:52,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/27-13:16:52,1215) ntpd: asynchronous dns resolver
(spot,289928,176636,1-10:36:38/27-13:16:52,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/27-13:16:51,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/27-13:16:51,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/27-13:16:51,1245) (sd-pam)
(root,24216,5344,00:00:09/27-13:16:50,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:01/27-13:16:50,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:03/27-13:16:49,1354) /usr/sbin/cron -n
(root,697064,80568,00:36:03/27-13:16:43,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,219584,58616,00:11:34/27-13:16:29,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/02:31:34,1639) [kworker/3:1-events]
(root,0,0,00:00:00/05:09,8451) [kworker/u8:2-writeback]
(root,0,0,00:00:00/20:11,9624) [kworker/1:0-events]
(root,0,0,00:00:00/04:37,9934) [kworker/1:2-events_freezable_power_]
(root,0,0,00:00:00/02:28,13512) [kworker/1:3-events]
(postfix,24244,8148,00:00:00/55:48,14566) pickup -l -t fifo -u
(root,35308,10012,00:00:00/21-11:07:45,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:11/21-11:07:44,15391) sshd: cm-ssh
(root,0,0,00:00:00/54:44,16439) [kworker/u8:1-ext4-rsv-conversion]
(root,35308,10072,00:00:00/11-12:36:23,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:40/11-12:36:22,16977) sshd: syslogtunnel
(root,0,0,00:00:01/05:28:09,18730) [kworker/0:0-events]
(root,6656,3484,00:00:00/00:00,19931) /bin/bash /usr/bin/check_mk_agent
(root,13744,3524,00:00:00/00:00,19952) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,19953) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/31:12,20552) [kworker/2:1]
(root,0,0,00:00:00/52:35,23802) [kworker/0:1]
(root,0,0,00:00:00/09:50,26286) [kworker/1:1-ata_sff]
(root,0,0,00:00:00/40:04,27932) [kworker/2:2-events]
(postfix,44628,9316,00:00:00/21-17:53:30,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/02:24:29,32261) [kworker/3:0-cgroup_destroy]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-09 23:40

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683631242c5f1

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12816,00:01:04/25-13:07:00,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/25-13:07:00,2) [kthreadd]
(root,0,0,00:00:00/25-13:07:00,3) [rcu_gp]
(root,0,0,00:00:00/25-13:07:00,4) [rcu_par_gp]
(root,0,0,00:00:00/25-13:07:00,5) [slub_flushwq]
(root,0,0,00:00:00/25-13:07:00,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/25-13:07:00,9) [mm_percpu_wq]
(root,0,0,00:00:00/25-13:07:00,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/25-13:07:00,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/25-13:07:00,12) [rcu_tasks_trace]
(root,0,0,00:00:46/25-13:07:00,13) [ksoftirqd/0]
(root,0,0,01:08:16/25-13:07:00,14) [rcu_preempt]
(root,0,0,00:00:09/25-13:07:00,15) [migration/0]
(root,0,0,00:00:00/25-13:07:00,16) [idle_inject/0]
(root,0,0,00:00:00/25-13:07:00,18) [cpuhp/0]
(root,0,0,00:00:00/25-13:07:00,19) [cpuhp/1]
(root,0,0,00:00:00/25-13:07:00,20) [idle_inject/1]
(root,0,0,00:00:10/25-13:07:00,21) [migration/1]
(root,0,0,00:00:40/25-13:07:00,22) [ksoftirqd/1]
(root,0,0,00:00:00/25-13:07:00,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/25-13:07:00,25) [cpuhp/2]
(root,0,0,00:00:00/25-13:07:00,26) [idle_inject/2]
(root,0,0,00:00:08/25-13:07:00,27) [migration/2]
(root,0,0,00:52:04/25-13:07:00,28) [ksoftirqd/2]
(root,0,0,00:00:00/25-13:07:00,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/25-13:07:00,31) [cpuhp/3]
(root,0,0,00:00:00/25-13:07:00,32) [idle_inject/3]
(root,0,0,00:00:09/25-13:07:00,33) [migration/3]
(root,0,0,00:02:21/25-13:07:00,34) [ksoftirqd/3]
(root,0,0,00:00:00/25-13:07:00,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/25-13:07:00,39) [kdevtmpfs]
(root,0,0,00:00:00/25-13:07:00,40) [netns]
(root,0,0,00:00:00/25-13:07:00,41) [inet_frag_wq]
(root,0,0,00:00:06/25-13:07:00,42) [kauditd]
(root,0,0,00:00:00/25-13:07:00,43) [khungtaskd]
(root,0,0,00:00:00/25-13:07:00,44) [oom_reaper]
(root,0,0,00:00:00/25-13:07:00,45) [writeback]
(root,0,0,00:01:14/25-13:07:00,46) [kcompactd0]
(root,0,0,00:00:00/25-13:07:00,47) [ksmd]
(root,0,0,00:01:14/25-13:07:00,48) [khugepaged]
(root,0,0,00:00:00/25-13:07:00,74) [kintegrityd]
(root,0,0,00:00:00/25-13:07:00,75) [kblockd]
(root,0,0,00:00:00/25-13:07:00,76) [blkcg_punt_bio]
(root,0,0,00:00:00/25-13:07:00,78) [tpm_dev_wq]
(root,0,0,00:00:00/25-13:07:00,79) [edac-poller]
(root,0,0,00:00:00/25-13:07:00,80) [devfreq_wq]
(root,0,0,00:00:00/25-13:07:00,110) [watchdogd]
(root,0,0,00:00:05/25-13:07:00,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:01/25-13:07:00,112) [kswapd0]
(root,0,0,00:00:00/25-13:06:59,114) [kthrotld]
(root,0,0,00:00:00/25-13:06:59,115) [mld]
(root,0,0,00:00:00/25-13:06:59,116) [ipv6_addrconf]
(root,0,0,00:00:11/25-13:06:59,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/25-13:06:59,122) [kstrp]
(root,0,0,00:00:00/25-13:06:59,123) [zswap-shrink]
(root,0,0,00:00:00/25-13:06:59,124) [kworker/u9:0]
(root,0,0,00:00:00/25-13:06:59,129) [charger_manager]
(root,0,0,00:00:05/25-13:06:58,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:05/25-13:06:58,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/25-13:06:58,205) [kaluad]
(root,0,0,00:00:00/25-13:06:58,250) [kmpath_rdacd]
(root,0,0,00:00:00/25-13:06:58,293) [kmpathd]
(root,0,0,00:00:00/25-13:06:58,294) [kmpath_handlerd]
(root,0,0,00:00:00/25-13:06:58,342) [ata_sff]
(root,0,0,00:00:00/25-13:06:57,343) [scsi_eh_0]
(root,0,0,00:00:00/25-13:06:57,344) [scsi_tmf_0]
(root,0,0,00:00:00/25-13:06:57,345) [scsi_eh_1]
(root,0,0,00:00:00/25-13:06:57,346) [scsi_tmf_1]
(root,0,0,00:00:40/25-13:06:55,366) [jbd2/vda1-8]
(root,0,0,00:00:00/25-13:06:55,367) [ext4-rsv-conver]
(root,38604,7876,00:00:36/25-13:06:43,440) /usr/lib/systemd/systemd-journald
(root,53164,9544,00:00:03/25-13:06:42,456) /usr/lib/systemd/systemd-udevd
(root,8624,6756,00:00:38/25-13:06:40,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:13/25-13:06:06,512) /sbin/auditd
(messagebus,22936,5640,00:01:10/25-13:06:06,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8556,00:00:40/25-13:06:06,531) /usr/lib/systemd/systemd-logind
(root,20556,5076,00:00:00/25-13:06:06,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16156,00:00:03/25-13:06:05,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16912,00:00:00/25-13:06:05,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548104,30844,00:00:29/25-13:05:51,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/25-13:05:51,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:02:19/25-13:05:50,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/25-13:05:50,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/25-13:05:50,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/25-13:05:50,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/25-13:05:50,1201) /usr/lib/systemd/systemd --user
(root,448968,8552,00:00:34/25-13:05:50,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6064,00:03:28/25-13:05:50,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/25-13:05:50,1206) bpfilter_umh
(root,26204,8300,00:00:11/25-13:05:50,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/25-13:05:50,1215) ntpd: asynchronous dns resolver
(spot,301696,188328,1-08:02:11/25-13:05:50,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/25-13:05:49,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/25-13:05:49,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/25-13:05:49,1245) (sd-pam)
(root,24216,5348,00:00:08/25-13:05:48,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:01/25-13:05:48,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:03/25-13:05:47,1354) /usr/sbin/cron -n
(root,694116,77808,00:33:25/25-13:05:41,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,218560,57992,00:10:09/25-13:05:27,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/04:16,3014) [kworker/1:0-events]
(root,0,0,00:00:00/36:35,7950) [kworker/2:2-cgroup_destroy]
(root,0,0,00:00:00/02:13,14356) [kworker/2:0-events]
(root,0,0,00:00:00/02:25:15,15018) [kworker/0:2-events]
(root,35308,10012,00:00:00/19-10:56:43,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:05/19-10:56:42,15391) sshd: cm-ssh
(root,0,0,00:00:00/29:47,16404) [kworker/0:1-events]
(root,35308,10072,00:00:00/9-12:25:21,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:33/9-12:25:20,16977) sshd: syslogtunnel
(root,0,0,00:00:00/09:28,17007) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/08:59:11,17512) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:01/07:24:01,18263) [kworker/3:2-events]
(root,0,0,00:00:05/06:09:35,21123) [kworker/2:1-events]
(root,6656,3484,00:00:00/00:00,21781) /bin/bash /usr/bin/check_mk_agent
(root,13744,3408,00:00:00/00:00,21799) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,21800) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/59:03,25316) [kworker/u8:0-flush-253:0]
(postfix,44628,9372,00:00:00/19-17:42:28,30472) tlsmgr -l -t unix -u
(postfix,24244,8260,00:00:00/01:05:40,30743) pickup -l -t fifo -u
(root,0,0,00:00:00/22:56,31436) [kworker/3:1]
(root,0,0,00:00:02/03:26:37,31732) [kworker/1:1-ata_sff]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-07 23:29

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363cac9a0e2

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12812,00:01:01/23-13:17:37,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/23-13:17:37,2) [kthreadd]
(root,0,0,00:00:00/23-13:17:37,3) [rcu_gp]
(root,0,0,00:00:00/23-13:17:37,4) [rcu_par_gp]
(root,0,0,00:00:00/23-13:17:37,5) [slub_flushwq]
(root,0,0,00:00:00/23-13:17:37,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/23-13:17:37,9) [mm_percpu_wq]
(root,0,0,00:00:00/23-13:17:37,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/23-13:17:37,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/23-13:17:37,12) [rcu_tasks_trace]
(root,0,0,00:00:42/23-13:17:37,13) [ksoftirqd/0]
(root,0,0,01:02:43/23-13:17:37,14) [rcu_preempt]
(root,0,0,00:00:08/23-13:17:37,15) [migration/0]
(root,0,0,00:00:00/23-13:17:37,16) [idle_inject/0]
(root,0,0,00:00:00/23-13:17:37,18) [cpuhp/0]
(root,0,0,00:00:00/23-13:17:37,19) [cpuhp/1]
(root,0,0,00:00:00/23-13:17:37,20) [idle_inject/1]
(root,0,0,00:00:09/23-13:17:37,21) [migration/1]
(root,0,0,00:00:37/23-13:17:37,22) [ksoftirqd/1]
(root,0,0,00:00:00/23-13:17:37,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/23-13:17:37,25) [cpuhp/2]
(root,0,0,00:00:00/23-13:17:37,26) [idle_inject/2]
(root,0,0,00:00:07/23-13:17:37,27) [migration/2]
(root,0,0,00:47:27/23-13:17:37,28) [ksoftirqd/2]
(root,0,0,00:00:00/23-13:17:37,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/23-13:17:37,31) [cpuhp/3]
(root,0,0,00:00:00/23-13:17:37,32) [idle_inject/3]
(root,0,0,00:00:08/23-13:17:37,33) [migration/3]
(root,0,0,00:02:10/23-13:17:37,34) [ksoftirqd/3]
(root,0,0,00:00:00/23-13:17:37,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/23-13:17:37,39) [kdevtmpfs]
(root,0,0,00:00:00/23-13:17:37,40) [netns]
(root,0,0,00:00:00/23-13:17:37,41) [inet_frag_wq]
(root,0,0,00:00:05/23-13:17:37,42) [kauditd]
(root,0,0,00:00:00/23-13:17:37,43) [khungtaskd]
(root,0,0,00:00:00/23-13:17:37,44) [oom_reaper]
(root,0,0,00:00:00/23-13:17:37,45) [writeback]
(root,0,0,00:01:09/23-13:17:37,46) [kcompactd0]
(root,0,0,00:00:00/23-13:17:37,47) [ksmd]
(root,0,0,00:01:08/23-13:17:37,48) [khugepaged]
(root,0,0,00:00:00/23-13:17:37,74) [kintegrityd]
(root,0,0,00:00:00/23-13:17:37,75) [kblockd]
(root,0,0,00:00:00/23-13:17:37,76) [blkcg_punt_bio]
(root,0,0,00:00:00/23-13:17:37,78) [tpm_dev_wq]
(root,0,0,00:00:00/23-13:17:37,79) [edac-poller]
(root,0,0,00:00:00/23-13:17:37,80) [devfreq_wq]
(root,0,0,00:00:00/23-13:17:37,110) [watchdogd]
(root,0,0,00:00:04/23-13:17:37,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:01/23-13:17:37,112) [kswapd0]
(root,0,0,00:00:00/23-13:17:36,114) [kthrotld]
(root,0,0,00:00:00/23-13:17:36,115) [mld]
(root,0,0,00:00:00/23-13:17:36,116) [ipv6_addrconf]
(root,0,0,00:00:10/23-13:17:36,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/23-13:17:36,122) [kstrp]
(root,0,0,00:00:00/23-13:17:36,123) [zswap-shrink]
(root,0,0,00:00:00/23-13:17:36,124) [kworker/u9:0]
(root,0,0,00:00:00/23-13:17:36,129) [charger_manager]
(root,0,0,00:00:05/23-13:17:35,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:05/23-13:17:35,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/23-13:17:35,205) [kaluad]
(root,0,0,00:00:00/23-13:17:35,250) [kmpath_rdacd]
(root,0,0,00:00:00/23-13:17:35,293) [kmpathd]
(root,0,0,00:00:00/23-13:17:35,294) [kmpath_handlerd]
(root,0,0,00:00:00/23-13:17:35,342) [ata_sff]
(root,0,0,00:00:00/23-13:17:34,343) [scsi_eh_0]
(root,0,0,00:00:00/23-13:17:34,344) [scsi_tmf_0]
(root,0,0,00:00:00/23-13:17:34,345) [scsi_eh_1]
(root,0,0,00:00:00/23-13:17:34,346) [scsi_tmf_1]
(root,0,0,00:00:37/23-13:17:32,366) [jbd2/vda1-8]
(root,0,0,00:00:00/23-13:17:32,367) [ext4-rsv-conver]
(root,38604,7876,00:00:34/23-13:17:20,440) /usr/lib/systemd/systemd-journald
(root,53164,9544,00:00:02/23-13:17:19,456) /usr/lib/systemd/systemd-udevd
(root,8624,6756,00:00:35/23-13:17:17,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:12/23-13:16:43,512) /sbin/auditd
(messagebus,22936,5640,00:01:07/23-13:16:43,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8556,00:00:38/23-13:16:43,531) /usr/lib/systemd/systemd-logind
(root,20556,5076,00:00:00/23-13:16:43,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16156,00:00:03/23-13:16:42,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16912,00:00:00/23-13:16:42,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548104,30324,00:00:26/23-13:16:28,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/23-13:16:28,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:02:08/23-13:16:27,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/23-13:16:27,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/23-13:16:27,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/23-13:16:27,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/23-13:16:27,1201) /usr/lib/systemd/systemd --user
(root,448968,8552,00:00:32/23-13:16:27,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6064,00:03:12/23-13:16:27,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/23-13:16:27,1206) bpfilter_umh
(root,26204,8300,00:00:10/23-13:16:27,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/23-13:16:27,1215) ntpd: asynchronous dns resolver
(spot,285692,172780,1-05:36:58/23-13:16:27,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/23-13:16:26,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/23-13:16:26,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/23-13:16:26,1245) (sd-pam)
(root,24216,5348,00:00:07/23-13:16:25,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:01/23-13:16:25,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:03/23-13:16:24,1354) /usr/sbin/cron -n
(root,693860,77156,00:30:43/23-13:16:18,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,217536,55852,00:08:42/23-13:16:04,1380) /usr/bin/python3.11 /usr/bin/spot
(root,6656,3488,00:00:00/00:00,3206) /bin/bash /usr/bin/check_mk_agent
(root,13744,3392,00:00:00/00:00,3224) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,960,00:00:00/00:00,3225) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/47:13,3891) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:00/39:07,7143) [kworker/u8:1-writeback]
(root,0,0,00:00:00/02:08:02,7973) [kworker/0:1-events]
(root,35308,10012,00:00:00/17-11:07:20,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:58/17-11:07:19,15391) sshd: cm-ssh
(root,0,0,00:00:00/07:16,16533) [kworker/1:1-ata_sff]
(root,0,0,00:00:01/04:01:40,16672) [kworker/3:2-events]
(root,35308,10072,00:00:00/7-12:35:58,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:26/7-12:35:57,16977) sshd: syslogtunnel
(root,0,0,00:00:00/05:56,19831) [kworker/2:1-events]
(root,0,0,00:00:00/12:48,26295) [kworker/0:2-events]
(root,0,0,00:00:00/26:30,27140) [kworker/2:2-events]
(postfix,24244,8160,00:00:00/01:38:05,28146) pickup -l -t fifo -u
(root,0,0,00:00:01/02:22:11,30106) [kworker/1:2-events]
(root,0,0,00:00:00/02:06,30408) [kworker/1:0-ata_sff]
(postfix,44628,9372,00:00:00/17-17:53:05,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/01:07:17,31932) [kworker/3:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-05 23:39

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836379b71c6b

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12808,00:00:57/21-13:34:24,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/21-13:34:24,2) [kthreadd]
(root,0,0,00:00:00/21-13:34:24,3) [rcu_gp]
(root,0,0,00:00:00/21-13:34:24,4) [rcu_par_gp]
(root,0,0,00:00:00/21-13:34:24,5) [slub_flushwq]
(root,0,0,00:00:00/21-13:34:24,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/21-13:34:24,9) [mm_percpu_wq]
(root,0,0,00:00:00/21-13:34:24,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/21-13:34:24,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/21-13:34:24,12) [rcu_tasks_trace]
(root,0,0,00:00:39/21-13:34:24,13) [ksoftirqd/0]
(root,0,0,00:57:24/21-13:34:24,14) [rcu_preempt]
(root,0,0,00:00:08/21-13:34:24,15) [migration/0]
(root,0,0,00:00:00/21-13:34:24,16) [idle_inject/0]
(root,0,0,00:00:00/21-13:34:24,18) [cpuhp/0]
(root,0,0,00:00:00/21-13:34:24,19) [cpuhp/1]
(root,0,0,00:00:00/21-13:34:24,20) [idle_inject/1]
(root,0,0,00:00:08/21-13:34:24,21) [migration/1]
(root,0,0,00:00:34/21-13:34:24,22) [ksoftirqd/1]
(root,0,0,00:00:00/21-13:34:24,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/21-13:34:24,25) [cpuhp/2]
(root,0,0,00:00:00/21-13:34:24,26) [idle_inject/2]
(root,0,0,00:00:06/21-13:34:24,27) [migration/2]
(root,0,0,00:43:34/21-13:34:24,28) [ksoftirqd/2]
(root,0,0,00:00:00/21-13:34:24,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/21-13:34:24,31) [cpuhp/3]
(root,0,0,00:00:00/21-13:34:24,32) [idle_inject/3]
(root,0,0,00:00:08/21-13:34:24,33) [migration/3]
(root,0,0,00:02:00/21-13:34:24,34) [ksoftirqd/3]
(root,0,0,00:00:00/21-13:34:24,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/21-13:34:24,39) [kdevtmpfs]
(root,0,0,00:00:00/21-13:34:24,40) [netns]
(root,0,0,00:00:00/21-13:34:24,41) [inet_frag_wq]
(root,0,0,00:00:05/21-13:34:24,42) [kauditd]
(root,0,0,00:00:00/21-13:34:24,43) [khungtaskd]
(root,0,0,00:00:00/21-13:34:24,44) [oom_reaper]
(root,0,0,00:00:00/21-13:34:24,45) [writeback]
(root,0,0,00:01:03/21-13:34:24,46) [kcompactd0]
(root,0,0,00:00:00/21-13:34:24,47) [ksmd]
(root,0,0,00:01:02/21-13:34:24,48) [khugepaged]
(root,0,0,00:00:00/21-13:34:24,74) [kintegrityd]
(root,0,0,00:00:00/21-13:34:24,75) [kblockd]
(root,0,0,00:00:00/21-13:34:24,76) [blkcg_punt_bio]
(root,0,0,00:00:00/21-13:34:24,78) [tpm_dev_wq]
(root,0,0,00:00:00/21-13:34:24,79) [edac-poller]
(root,0,0,00:00:00/21-13:34:24,80) [devfreq_wq]
(root,0,0,00:00:00/21-13:34:24,110) [watchdogd]
(root,0,0,00:00:04/21-13:34:24,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:01/21-13:34:24,112) [kswapd0]
(root,0,0,00:00:00/21-13:34:23,114) [kthrotld]
(root,0,0,00:00:00/21-13:34:23,115) [mld]
(root,0,0,00:00:00/21-13:34:23,116) [ipv6_addrconf]
(root,0,0,00:00:09/21-13:34:23,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/21-13:34:23,122) [kstrp]
(root,0,0,00:00:00/21-13:34:23,123) [zswap-shrink]
(root,0,0,00:00:00/21-13:34:23,124) [kworker/u9:0]
(root,0,0,00:00:00/21-13:34:23,129) [charger_manager]
(root,0,0,00:00:04/21-13:34:22,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:04/21-13:34:22,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/21-13:34:22,205) [kaluad]
(root,0,0,00:00:00/21-13:34:22,250) [kmpath_rdacd]
(root,0,0,00:00:00/21-13:34:22,293) [kmpathd]
(root,0,0,00:00:00/21-13:34:22,294) [kmpath_handlerd]
(root,0,0,00:00:00/21-13:34:22,342) [ata_sff]
(root,0,0,00:00:00/21-13:34:21,343) [scsi_eh_0]
(root,0,0,00:00:00/21-13:34:21,344) [scsi_tmf_0]
(root,0,0,00:00:00/21-13:34:21,345) [scsi_eh_1]
(root,0,0,00:00:00/21-13:34:21,346) [scsi_tmf_1]
(root,0,0,00:00:33/21-13:34:19,366) [jbd2/vda1-8]
(root,0,0,00:00:00/21-13:34:19,367) [ext4-rsv-conver]
(root,38604,7876,00:00:31/21-13:34:07,440) /usr/lib/systemd/systemd-journald
(root,53164,9544,00:00:02/21-13:34:06,456) /usr/lib/systemd/systemd-udevd
(root,8624,6756,00:00:32/21-13:34:04,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:11/21-13:33:30,512) /sbin/auditd
(messagebus,22936,5640,00:01:03/21-13:33:30,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8556,00:00:36/21-13:33:30,531) /usr/lib/systemd/systemd-logind
(root,20556,5076,00:00:00/21-13:33:30,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16156,00:00:03/21-13:33:29,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16912,00:00:00/21-13:33:29,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548104,29804,00:00:24/21-13:33:15,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/21-13:33:15,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:01:59/21-13:33:14,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/21-13:33:14,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/21-13:33:14,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/21-13:33:14,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/21-13:33:14,1201) /usr/lib/systemd/systemd --user
(root,448968,8552,00:00:30/21-13:33:14,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6064,00:02:55/21-13:33:14,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/21-13:33:14,1206) bpfilter_umh
(root,26204,8300,00:00:09/21-13:33:14,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/21-13:33:14,1215) ntpd: asynchronous dns resolver
(spot,285532,171960,1-03:16:35/21-13:33:14,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/21-13:33:13,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/21-13:33:13,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/21-13:33:13,1245) (sd-pam)
(root,24216,5348,00:00:07/21-13:33:12,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:01/21-13:33:12,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:02/21-13:33:11,1354) /usr/sbin/cron -n
(root,693604,76796,00:28:04/21-13:33:05,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,216512,54956,00:07:23/21-13:32:51,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:02/02:15:07,1511) [kworker/2:0-events]
(root,0,0,00:00:00/47:50,3242) [kworker/1:2-events]
(root,0,0,00:00:00/13:08,3967) [kworker/0:1-events]
(postfix,24244,8180,00:00:00/36:42,7480) pickup -l -t fifo -u
(root,0,0,00:00:00/19:26,9645) [kworker/2:1]
(root,0,0,00:00:00/01:10,11851) [kworker/1:1-ata_sff]
(root,35308,10012,00:00:00/15-11:24:07,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:51/15-11:24:06,15391) sshd: cm-ssh
(root,0,0,00:00:00/25:46,15943) [kworker/3:2-events]
(root,35308,10072,00:00:00/5-12:52:45,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:19/5-12:52:44,16977) sshd: syslogtunnel
(root,6656,3492,00:00:00/00:00,17354) /bin/bash /usr/bin/check_mk_agent
(root,6656,3480,00:00:00/00:00,17371) /bin/bash /usr/bin/check_mk_agent
(root,6656,2016,00:00:00/00:00,17403) /bin/bash /usr/bin/check_mk_agent
(root,13744,3528,00:00:00/00:00,17404) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,17405) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/01:04:47,20180) [kworker/0:0-events]
(root,0,0,00:00:00/01:11:33,27154) [kworker/u8:0-writeback]
(root,0,0,00:00:00/04:09:24,28374) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:00/06:21,28466) [kworker/1:0-ata_sff]
(root,0,0,00:00:01/08:05:41,30433) [kworker/3:1-events]
(postfix,44628,9372,00:00:00/15-18:09:52,30472) tlsmgr -l -t unix -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-03 23:56

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e3ca67d3

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12828,00:00:53/19-12:52:32,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/19-12:52:32,2) [kthreadd]
(root,0,0,00:00:00/19-12:52:32,3) [rcu_gp]
(root,0,0,00:00:00/19-12:52:32,4) [rcu_par_gp]
(root,0,0,00:00:00/19-12:52:32,5) [slub_flushwq]
(root,0,0,00:00:00/19-12:52:32,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/19-12:52:32,9) [mm_percpu_wq]
(root,0,0,00:00:00/19-12:52:32,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/19-12:52:32,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/19-12:52:32,12) [rcu_tasks_trace]
(root,0,0,00:00:35/19-12:52:32,13) [ksoftirqd/0]
(root,0,0,00:52:03/19-12:52:32,14) [rcu_preempt]
(root,0,0,00:00:07/19-12:52:32,15) [migration/0]
(root,0,0,00:00:00/19-12:52:32,16) [idle_inject/0]
(root,0,0,00:00:00/19-12:52:32,18) [cpuhp/0]
(root,0,0,00:00:00/19-12:52:32,19) [cpuhp/1]
(root,0,0,00:00:00/19-12:52:32,20) [idle_inject/1]
(root,0,0,00:00:07/19-12:52:32,21) [migration/1]
(root,0,0,00:00:31/19-12:52:32,22) [ksoftirqd/1]
(root,0,0,00:00:00/19-12:52:32,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/19-12:52:32,25) [cpuhp/2]
(root,0,0,00:00:00/19-12:52:32,26) [idle_inject/2]
(root,0,0,00:00:06/19-12:52:32,27) [migration/2]
(root,0,0,00:38:53/19-12:52:32,28) [ksoftirqd/2]
(root,0,0,00:00:00/19-12:52:32,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/19-12:52:32,31) [cpuhp/3]
(root,0,0,00:00:00/19-12:52:32,32) [idle_inject/3]
(root,0,0,00:00:07/19-12:52:32,33) [migration/3]
(root,0,0,00:01:48/19-12:52:32,34) [ksoftirqd/3]
(root,0,0,00:00:00/19-12:52:32,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/19-12:52:32,39) [kdevtmpfs]
(root,0,0,00:00:00/19-12:52:32,40) [netns]
(root,0,0,00:00:00/19-12:52:32,41) [inet_frag_wq]
(root,0,0,00:00:05/19-12:52:32,42) [kauditd]
(root,0,0,00:00:00/19-12:52:32,43) [khungtaskd]
(root,0,0,00:00:00/19-12:52:32,44) [oom_reaper]
(root,0,0,00:00:00/19-12:52:32,45) [writeback]
(root,0,0,00:00:56/19-12:52:32,46) [kcompactd0]
(root,0,0,00:00:00/19-12:52:32,47) [ksmd]
(root,0,0,00:00:57/19-12:52:32,48) [khugepaged]
(root,0,0,00:00:00/19-12:52:32,74) [kintegrityd]
(root,0,0,00:00:00/19-12:52:32,75) [kblockd]
(root,0,0,00:00:00/19-12:52:32,76) [blkcg_punt_bio]
(root,0,0,00:00:00/19-12:52:32,78) [tpm_dev_wq]
(root,0,0,00:00:00/19-12:52:32,79) [edac-poller]
(root,0,0,00:00:00/19-12:52:32,80) [devfreq_wq]
(root,0,0,00:00:00/19-12:52:32,110) [watchdogd]
(root,0,0,00:00:03/19-12:52:32,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:01/19-12:52:32,112) [kswapd0]
(root,0,0,00:00:00/19-12:52:31,114) [kthrotld]
(root,0,0,00:00:00/19-12:52:31,115) [mld]
(root,0,0,00:00:00/19-12:52:31,116) [ipv6_addrconf]
(root,0,0,00:00:08/19-12:52:31,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/19-12:52:31,122) [kstrp]
(root,0,0,00:00:00/19-12:52:31,123) [zswap-shrink]
(root,0,0,00:00:00/19-12:52:31,124) [kworker/u9:0]
(root,0,0,00:00:00/19-12:52:31,129) [charger_manager]
(root,0,0,00:00:04/19-12:52:30,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:04/19-12:52:30,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/19-12:52:30,205) [kaluad]
(root,0,0,00:00:00/19-12:52:30,250) [kmpath_rdacd]
(root,0,0,00:00:00/19-12:52:30,293) [kmpathd]
(root,0,0,00:00:00/19-12:52:30,294) [kmpath_handlerd]
(root,0,0,00:00:00/19-12:52:30,342) [ata_sff]
(root,0,0,00:00:00/19-12:52:29,343) [scsi_eh_0]
(root,0,0,00:00:00/19-12:52:29,344) [scsi_tmf_0]
(root,0,0,00:00:00/19-12:52:29,345) [scsi_eh_1]
(root,0,0,00:00:00/19-12:52:29,346) [scsi_tmf_1]
(root,0,0,00:00:29/19-12:52:27,366) [jbd2/vda1-8]
(root,0,0,00:00:00/19-12:52:27,367) [ext4-rsv-conver]
(root,38604,7876,00:00:29/19-12:52:15,440) /usr/lib/systemd/systemd-journald
(root,53164,9648,00:00:02/19-12:52:14,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:29/19-12:52:12,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:10/19-12:51:38,512) /sbin/auditd
(messagebus,22936,5672,00:00:58/19-12:51:38,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8556,00:00:33/19-12:51:38,531) /usr/lib/systemd/systemd-logind
(root,20556,5140,00:00:00/19-12:51:38,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16220,00:00:03/19-12:51:37,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16976,00:00:00/19-12:51:37,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548104,29812,00:00:22/19-12:51:23,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/19-12:51:23,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:01:48/19-12:51:22,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/19-12:51:22,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/19-12:51:22,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/19-12:51:22,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/19-12:51:22,1201) /usr/lib/systemd/systemd --user
(root,448968,8552,00:00:28/19-12:51:22,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6112,00:02:39/19-12:51:22,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/19-12:51:22,1206) bpfilter_umh
(root,26204,8300,00:00:09/19-12:51:22,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4236,00:00:00/19-12:51:22,1215) ntpd: asynchronous dns resolver
(spot,284780,171772,1-01:00:42/19-12:51:22,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/19-12:51:21,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/19-12:51:21,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/19-12:51:21,1245) (sd-pam)
(root,24216,5348,00:00:06/19-12:51:20,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:01/19-12:51:20,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:02/19-12:51:19,1354) /usr/sbin/cron -n
(root,692836,75756,00:25:22/19-12:51:13,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,215488,53048,00:06:33/19-12:50:59,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/06:17,1389) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/01:06:19,3881) [kworker/0:0]
(root,0,0,00:00:01/04:53:56,3898) [kworker/3:2-events]
(root,0,0,00:00:00/01:25:10,5253) [kworker/u8:2-writeback]
(root,0,0,00:00:00/48:12,5674) [kworker/3:1]
(root,0,0,00:00:00/47:49,7240) [kworker/1:1-events]
(root,0,0,00:00:00/01:07,14977) [kworker/1:0-ata_sff]
(root,35308,10012,00:00:00/13-10:42:15,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:44/13-10:42:14,15391) sshd: cm-ssh
(root,35308,10072,00:00:00/3-12:10:53,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:12/3-12:10:52,16977) sshd: syslogtunnel
(root,0,0,00:00:00/04:04:11,17740) [kworker/u8:1-writeback]
(root,0,0,00:00:02/02:38:24,19370) [kworker/2:0-events]
(root,6656,3484,00:00:00/00:00,19861) /bin/bash /usr/bin/check_mk_agent
(root,13744,3384,00:00:00/00:00,19879) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,19880) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/10:42,21913) [kworker/2:2-events]
(postfix,24244,8204,00:00:00/15:48,22577) pickup -l -t fifo -u
(root,0,0,00:00:00/01:18:34,26126) [kworker/0:2-events]
(postfix,44628,9416,00:00:00/13-17:28:00,30472) tlsmgr -l -t unix -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-01 23:14

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633bc875b9

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12824,00:00:49/17-13:10:04,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/17-13:10:04,2) [kthreadd]
(root,0,0,00:00:00/17-13:10:04,3) [rcu_gp]
(root,0,0,00:00:00/17-13:10:04,4) [rcu_par_gp]
(root,0,0,00:00:00/17-13:10:04,5) [slub_flushwq]
(root,0,0,00:00:00/17-13:10:04,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/17-13:10:04,9) [mm_percpu_wq]
(root,0,0,00:00:00/17-13:10:04,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/17-13:10:04,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/17-13:10:04,12) [rcu_tasks_trace]
(root,0,0,00:00:32/17-13:10:04,13) [ksoftirqd/0]
(root,0,0,00:46:58/17-13:10:04,14) [rcu_preempt]
(root,0,0,00:00:06/17-13:10:04,15) [migration/0]
(root,0,0,00:00:00/17-13:10:04,16) [idle_inject/0]
(root,0,0,00:00:00/17-13:10:04,18) [cpuhp/0]
(root,0,0,00:00:00/17-13:10:04,19) [cpuhp/1]
(root,0,0,00:00:00/17-13:10:04,20) [idle_inject/1]
(root,0,0,00:00:07/17-13:10:04,21) [migration/1]
(root,0,0,00:00:28/17-13:10:04,22) [ksoftirqd/1]
(root,0,0,00:00:00/17-13:10:04,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/17-13:10:04,25) [cpuhp/2]
(root,0,0,00:00:00/17-13:10:04,26) [idle_inject/2]
(root,0,0,00:00:05/17-13:10:04,27) [migration/2]
(root,0,0,00:35:45/17-13:10:04,28) [ksoftirqd/2]
(root,0,0,00:00:00/17-13:10:04,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/17-13:10:04,31) [cpuhp/3]
(root,0,0,00:00:00/17-13:10:04,32) [idle_inject/3]
(root,0,0,00:00:06/17-13:10:04,33) [migration/3]
(root,0,0,00:01:39/17-13:10:04,34) [ksoftirqd/3]
(root,0,0,00:00:00/17-13:10:04,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/17-13:10:04,39) [kdevtmpfs]
(root,0,0,00:00:00/17-13:10:04,40) [netns]
(root,0,0,00:00:00/17-13:10:04,41) [inet_frag_wq]
(root,0,0,00:00:04/17-13:10:04,42) [kauditd]
(root,0,0,00:00:00/17-13:10:04,43) [khungtaskd]
(root,0,0,00:00:00/17-13:10:04,44) [oom_reaper]
(root,0,0,00:00:00/17-13:10:04,45) [writeback]
(root,0,0,00:00:51/17-13:10:04,46) [kcompactd0]
(root,0,0,00:00:00/17-13:10:04,47) [ksmd]
(root,0,0,00:00:51/17-13:10:04,48) [khugepaged]
(root,0,0,00:00:00/17-13:10:04,74) [kintegrityd]
(root,0,0,00:00:00/17-13:10:04,75) [kblockd]
(root,0,0,00:00:00/17-13:10:04,76) [blkcg_punt_bio]
(root,0,0,00:00:00/17-13:10:04,78) [tpm_dev_wq]
(root,0,0,00:00:00/17-13:10:04,79) [edac-poller]
(root,0,0,00:00:00/17-13:10:04,80) [devfreq_wq]
(root,0,0,00:00:00/17-13:10:04,110) [watchdogd]
(root,0,0,00:00:03/17-13:10:04,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:01/17-13:10:04,112) [kswapd0]
(root,0,0,00:00:00/17-13:10:03,114) [kthrotld]
(root,0,0,00:00:00/17-13:10:03,115) [mld]
(root,0,0,00:00:00/17-13:10:03,116) [ipv6_addrconf]
(root,0,0,00:00:07/17-13:10:03,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/17-13:10:03,122) [kstrp]
(root,0,0,00:00:00/17-13:10:03,123) [zswap-shrink]
(root,0,0,00:00:00/17-13:10:03,124) [kworker/u9:0]
(root,0,0,00:00:00/17-13:10:03,129) [charger_manager]
(root,0,0,00:00:03/17-13:10:02,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:03/17-13:10:02,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/17-13:10:02,205) [kaluad]
(root,0,0,00:00:00/17-13:10:02,250) [kmpath_rdacd]
(root,0,0,00:00:00/17-13:10:02,293) [kmpathd]
(root,0,0,00:00:00/17-13:10:02,294) [kmpath_handlerd]
(root,0,0,00:00:00/17-13:10:02,342) [ata_sff]
(root,0,0,00:00:00/17-13:10:01,343) [scsi_eh_0]
(root,0,0,00:00:00/17-13:10:01,344) [scsi_tmf_0]
(root,0,0,00:00:00/17-13:10:01,345) [scsi_eh_1]
(root,0,0,00:00:00/17-13:10:01,346) [scsi_tmf_1]
(root,0,0,00:00:26/17-13:09:59,366) [jbd2/vda1-8]
(root,0,0,00:00:00/17-13:09:59,367) [ext4-rsv-conver]
(root,38604,7876,00:00:27/17-13:09:47,440) /usr/lib/systemd/systemd-journald
(root,53164,9648,00:00:02/17-13:09:46,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:26/17-13:09:44,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:10/17-13:09:10,512) /sbin/auditd
(messagebus,22936,5672,00:00:54/17-13:09:10,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8556,00:00:31/17-13:09:10,531) /usr/lib/systemd/systemd-logind
(root,20556,5140,00:00:00/17-13:09:10,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16220,00:00:03/17-13:09:09,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16976,00:00:00/17-13:09:09,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547848,29016,00:00:19/17-13:08:55,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/17-13:08:55,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:01:36/17-13:08:54,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/17-13:08:54,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/17-13:08:54,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/17-13:08:54,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/17-13:08:54,1201) /usr/lib/systemd/systemd --user
(root,448968,8552,00:00:26/17-13:08:54,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6112,00:02:22/17-13:08:54,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/17-13:08:54,1206) bpfilter_umh
(root,26204,8300,00:00:08/17-13:08:54,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4236,00:00:00/17-13:08:54,1215) ntpd: asynchronous dns resolver
(spot,285628,171968,23:04:48/17-13:08:54,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/17-13:08:53,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/17-13:08:53,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/17-13:08:53,1245) (sd-pam)
(root,24216,5348,00:00:05/17-13:08:52,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:01/17-13:08:52,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:02/17-13:08:51,1354) /usr/sbin/cron -n
(root,692236,75412,00:22:47/17-13:08:45,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,214464,51012,00:05:52/17-13:08:31,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:03/02:26:49,3299) [kworker/2:0-events]
(root,0,0,00:00:00/36:16,6422) [kworker/0:2-events]
(root,0,0,00:00:00/08:18,9703) [kworker/1:0-ata_sff]
(postfix,24244,8240,00:00:00/55:12,9878) pickup -l -t fifo -u
(root,0,0,00:00:00/03:06,12034) [kworker/1:1-ata_sff]
(root,35308,10012,00:00:00/11-10:59:47,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:38/11-10:59:46,15391) sshd: cm-ssh
(root,35308,10072,00:00:00/1-12:28:25,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:05/1-12:28:24,16977) sshd: syslogtunnel
(root,0,0,00:00:00/23:50,19748) [kworker/2:2-events]
(root,0,0,00:00:02/04:53:39,19752) [kworker/1:2-events]
(root,0,0,00:00:00/01:27:11,19953) [kworker/u8:0-ext4-rsv-conversion]
(root,0,0,00:00:01/04:11:23,24312) [kworker/0:0-events]
(root,0,0,00:00:00/07:15:10,28658) [kworker/u8:1-flush-253:0]
(root,0,0,00:00:00/05:33,29069) [kworker/3:2]
(root,6656,3484,00:00:00/00:00,30229) /bin/bash /usr/bin/check_mk_agent
(root,13744,3492,00:00:00/00:00,30247) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,30248) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(postfix,44628,9416,00:00:00/11-17:45:32,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:01/02:57:13,32305) [kworker/3:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-29 23:32

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836397de2065

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12824,00:00:45/15-13:30:02,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/15-13:30:02,2) [kthreadd]
(root,0,0,00:00:00/15-13:30:02,3) [rcu_gp]
(root,0,0,00:00:00/15-13:30:02,4) [rcu_par_gp]
(root,0,0,00:00:00/15-13:30:02,5) [slub_flushwq]
(root,0,0,00:00:00/15-13:30:02,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/15-13:30:02,9) [mm_percpu_wq]
(root,0,0,00:00:00/15-13:30:02,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/15-13:30:02,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/15-13:30:02,12) [rcu_tasks_trace]
(root,0,0,00:00:29/15-13:30:02,13) [ksoftirqd/0]
(root,0,0,00:41:46/15-13:30:02,14) [rcu_preempt]
(root,0,0,00:00:05/15-13:30:02,15) [migration/0]
(root,0,0,00:00:00/15-13:30:02,16) [idle_inject/0]
(root,0,0,00:00:00/15-13:30:02,18) [cpuhp/0]
(root,0,0,00:00:00/15-13:30:02,19) [cpuhp/1]
(root,0,0,00:00:00/15-13:30:02,20) [idle_inject/1]
(root,0,0,00:00:06/15-13:30:02,21) [migration/1]
(root,0,0,00:00:25/15-13:30:02,22) [ksoftirqd/1]
(root,0,0,00:00:00/15-13:30:02,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/15-13:30:02,25) [cpuhp/2]
(root,0,0,00:00:00/15-13:30:02,26) [idle_inject/2]
(root,0,0,00:00:05/15-13:30:02,27) [migration/2]
(root,0,0,00:32:18/15-13:30:02,28) [ksoftirqd/2]
(root,0,0,00:00:00/15-13:30:02,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/15-13:30:02,31) [cpuhp/3]
(root,0,0,00:00:00/15-13:30:02,32) [idle_inject/3]
(root,0,0,00:00:05/15-13:30:02,33) [migration/3]
(root,0,0,00:01:29/15-13:30:02,34) [ksoftirqd/3]
(root,0,0,00:00:00/15-13:30:02,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/15-13:30:02,39) [kdevtmpfs]
(root,0,0,00:00:00/15-13:30:02,40) [netns]
(root,0,0,00:00:00/15-13:30:02,41) [inet_frag_wq]
(root,0,0,00:00:04/15-13:30:02,42) [kauditd]
(root,0,0,00:00:00/15-13:30:02,43) [khungtaskd]
(root,0,0,00:00:00/15-13:30:02,44) [oom_reaper]
(root,0,0,00:00:00/15-13:30:02,45) [writeback]
(root,0,0,00:00:46/15-13:30:02,46) [kcompactd0]
(root,0,0,00:00:00/15-13:30:02,47) [ksmd]
(root,0,0,00:00:46/15-13:30:02,48) [khugepaged]
(root,0,0,00:00:00/15-13:30:02,74) [kintegrityd]
(root,0,0,00:00:00/15-13:30:02,75) [kblockd]
(root,0,0,00:00:00/15-13:30:02,76) [blkcg_punt_bio]
(root,0,0,00:00:00/15-13:30:02,78) [tpm_dev_wq]
(root,0,0,00:00:00/15-13:30:02,79) [edac-poller]
(root,0,0,00:00:00/15-13:30:02,80) [devfreq_wq]
(root,0,0,00:00:00/15-13:30:02,110) [watchdogd]
(root,0,0,00:00:03/15-13:30:02,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:01/15-13:30:02,112) [kswapd0]
(root,0,0,00:00:00/15-13:30:01,114) [kthrotld]
(root,0,0,00:00:00/15-13:30:01,115) [mld]
(root,0,0,00:00:00/15-13:30:01,116) [ipv6_addrconf]
(root,0,0,00:00:06/15-13:30:01,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/15-13:30:01,122) [kstrp]
(root,0,0,00:00:00/15-13:30:01,123) [zswap-shrink]
(root,0,0,00:00:00/15-13:30:01,124) [kworker/u9:0]
(root,0,0,00:00:00/15-13:30:01,129) [charger_manager]
(root,0,0,00:00:03/15-13:30:00,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:03/15-13:30:00,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/15-13:30:00,205) [kaluad]
(root,0,0,00:00:00/15-13:30:00,250) [kmpath_rdacd]
(root,0,0,00:00:00/15-13:30:00,293) [kmpathd]
(root,0,0,00:00:00/15-13:30:00,294) [kmpath_handlerd]
(root,0,0,00:00:00/15-13:30:00,342) [ata_sff]
(root,0,0,00:00:00/15-13:29:59,343) [scsi_eh_0]
(root,0,0,00:00:00/15-13:29:59,344) [scsi_tmf_0]
(root,0,0,00:00:00/15-13:29:59,345) [scsi_eh_1]
(root,0,0,00:00:00/15-13:29:59,346) [scsi_tmf_1]
(root,0,0,00:00:23/15-13:29:57,366) [jbd2/vda1-8]
(root,0,0,00:00:00/15-13:29:57,367) [ext4-rsv-conver]
(root,38604,7876,00:00:24/15-13:29:45,440) /usr/lib/systemd/systemd-journald
(root,53164,9648,00:00:01/15-13:29:44,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:23/15-13:29:42,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:09/15-13:29:08,512) /sbin/auditd
(messagebus,22936,5672,00:00:49/15-13:29:08,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8540,00:00:28/15-13:29:08,531) /usr/lib/systemd/systemd-logind
(root,0,0,00:00:00/33:39,539) [kworker/0:2]
(root,20556,5140,00:00:00/15-13:29:08,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16220,00:00:03/15-13:29:07,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16976,00:00:00/15-13:29:07,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547848,27976,00:00:17/15-13:28:53,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/15-13:28:53,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:01:24/15-13:28:52,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/15-13:28:52,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/15-13:28:52,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/15-13:28:52,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/15-13:28:52,1201) /usr/lib/systemd/systemd --user
(root,448968,8584,00:00:24/15-13:28:52,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6112,00:02:06/15-13:28:52,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/15-13:28:52,1206) bpfilter_umh
(root,26204,8300,00:00:07/15-13:28:52,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4236,00:00:00/15-13:28:52,1215) ntpd: asynchronous dns resolver
(spot,285076,171288,20:55:48/15-13:28:52,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/15-13:28:51,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/15-13:28:51,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/15-13:28:51,1245) (sd-pam)
(root,24216,5348,00:00:05/15-13:28:50,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:01/15-13:28:50,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:02/15-13:28:49,1354) /usr/sbin/cron -n
(root,691980,74872,00:20:09/15-13:28:43,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,213440,49184,00:05:10/15-13:28:29,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/05:37,3353) [kworker/1:0-ata_sff]
(postfix,24244,8220,00:00:00/01:37:15,7356) pickup -l -t fifo -u
(root,35308,10012,00:00:00/8-05:24:56,8747) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5532,00:00:29/8-05:24:56,8749) sshd: syslogtunnel
(root,0,0,00:00:00/22:20,10498) [kworker/3:0-events]
(root,0,0,00:00:00/44:58,10640) [kworker/2:2-events]
(root,0,0,00:00:00/16:43,12886) [kworker/2:0]
(root,35308,10012,00:00:00/9-11:19:45,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:31/9-11:19:44,15391) sshd: cm-ssh
(root,0,0,00:00:00/21:13,16028) [kworker/1:1-events]
(root,0,0,00:00:00/00:27,23211) [kworker/1:2-ata_sff]
(root,6656,3480,00:00:00/00:00,24964) /bin/bash /usr/bin/check_mk_agent
(root,13744,3488,00:00:00/00:00,24982) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,24983) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/26:42,26061) [kworker/u8:1-flush-253:0]
(root,0,0,00:00:00/56:08,26890) [kworker/0:1-events]
(postfix,44628,9416,00:00:00/9-18:05:30,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/51:19,30764) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:01/05:19:20,31041) [kworker/3:2-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-27 23:52

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836343ff646f

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12812,00:00:40/13-13:52:53,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/13-13:52:53,2) [kthreadd]
(root,0,0,00:00:00/13-13:52:53,3) [rcu_gp]
(root,0,0,00:00:00/13-13:52:53,4) [rcu_par_gp]
(root,0,0,00:00:00/13-13:52:53,5) [slub_flushwq]
(root,0,0,00:00:00/13-13:52:53,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/13-13:52:53,9) [mm_percpu_wq]
(root,0,0,00:00:00/13-13:52:53,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/13-13:52:53,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/13-13:52:53,12) [rcu_tasks_trace]
(root,0,0,00:00:25/13-13:52:53,13) [ksoftirqd/0]
(root,0,0,00:36:35/13-13:52:53,14) [rcu_preempt]
(root,0,0,00:00:05/13-13:52:53,15) [migration/0]
(root,0,0,00:00:00/13-13:52:53,16) [idle_inject/0]
(root,0,0,00:00:00/13-13:52:53,18) [cpuhp/0]
(root,0,0,00:00:00/13-13:52:53,19) [cpuhp/1]
(root,0,0,00:00:00/13-13:52:53,20) [idle_inject/1]
(root,0,0,00:00:05/13-13:52:53,21) [migration/1]
(root,0,0,00:00:22/13-13:52:53,22) [ksoftirqd/1]
(root,0,0,00:00:00/13-13:52:53,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/13-13:52:53,25) [cpuhp/2]
(root,0,0,00:00:00/13-13:52:53,26) [idle_inject/2]
(root,0,0,00:00:04/13-13:52:53,27) [migration/2]
(root,0,0,00:28:51/13-13:52:53,28) [ksoftirqd/2]
(root,0,0,00:00:00/13-13:52:53,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/13-13:52:53,31) [cpuhp/3]
(root,0,0,00:00:00/13-13:52:53,32) [idle_inject/3]
(root,0,0,00:00:05/13-13:52:53,33) [migration/3]
(root,0,0,00:01:19/13-13:52:53,34) [ksoftirqd/3]
(root,0,0,00:00:00/13-13:52:53,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/13-13:52:53,39) [kdevtmpfs]
(root,0,0,00:00:00/13-13:52:53,40) [netns]
(root,0,0,00:00:00/13-13:52:53,41) [inet_frag_wq]
(root,0,0,00:00:04/13-13:52:53,42) [kauditd]
(root,0,0,00:00:00/13-13:52:53,43) [khungtaskd]
(root,0,0,00:00:00/13-13:52:53,44) [oom_reaper]
(root,0,0,00:00:00/13-13:52:53,45) [writeback]
(root,0,0,00:00:40/13-13:52:53,46) [kcompactd0]
(root,0,0,00:00:00/13-13:52:53,47) [ksmd]
(root,0,0,00:00:40/13-13:52:53,48) [khugepaged]
(root,0,0,00:00:00/13-13:52:53,74) [kintegrityd]
(root,0,0,00:00:00/13-13:52:53,75) [kblockd]
(root,0,0,00:00:00/13-13:52:53,76) [blkcg_punt_bio]
(root,0,0,00:00:00/13-13:52:53,78) [tpm_dev_wq]
(root,0,0,00:00:00/13-13:52:53,79) [edac-poller]
(root,0,0,00:00:00/13-13:52:53,80) [devfreq_wq]
(root,0,0,00:00:00/13-13:52:53,110) [watchdogd]
(root,0,0,00:00:02/13-13:52:53,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:01/13-13:52:53,112) [kswapd0]
(root,0,0,00:00:00/13-13:52:52,114) [kthrotld]
(root,0,0,00:00:00/13-13:52:52,115) [mld]
(root,0,0,00:00:00/13-13:52:52,116) [ipv6_addrconf]
(root,0,0,00:00:05/13-13:52:52,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/13-13:52:52,122) [kstrp]
(root,0,0,00:00:00/13-13:52:52,123) [zswap-shrink]
(root,0,0,00:00:00/13-13:52:52,124) [kworker/u9:0]
(root,0,0,00:00:00/13-13:52:52,129) [charger_manager]
(root,0,0,00:00:02/13-13:52:51,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:03/13-13:52:51,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/13-13:52:51,205) [kaluad]
(root,0,0,00:00:00/13-13:52:51,250) [kmpath_rdacd]
(root,0,0,00:00:00/13-13:52:51,293) [kmpathd]
(root,0,0,00:00:00/13-13:52:51,294) [kmpath_handlerd]
(root,0,0,00:00:00/13-13:52:51,342) [ata_sff]
(root,0,0,00:00:00/13-13:52:50,343) [scsi_eh_0]
(root,0,0,00:00:00/13-13:52:50,344) [scsi_tmf_0]
(root,0,0,00:00:00/13-13:52:50,345) [scsi_eh_1]
(root,0,0,00:00:00/13-13:52:50,346) [scsi_tmf_1]
(root,0,0,00:00:20/13-13:52:48,366) [jbd2/vda1-8]
(root,0,0,00:00:00/13-13:52:48,367) [ext4-rsv-conver]
(root,38604,7876,00:00:22/13-13:52:36,440) /usr/lib/systemd/systemd-journald
(root,53164,9648,00:00:01/13-13:52:35,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:20/13-13:52:33,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:08/13-13:51:59,512) /sbin/auditd
(messagebus,22936,5672,00:00:45/13-13:51:59,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8536,00:00:25/13-13:51:59,531) /usr/lib/systemd/systemd-logind
(root,20556,5140,00:00:00/13-13:51:59,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16220,00:00:03/13-13:51:58,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16976,00:00:00/13-13:51:58,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547848,27716,00:00:15/13-13:51:44,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/13-13:51:44,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:01:12/13-13:51:43,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/13-13:51:43,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/13-13:51:43,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/13-13:51:43,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/13-13:51:43,1201) /usr/lib/systemd/systemd --user
(root,448968,8584,00:00:21/13-13:51:43,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6112,00:01:50/13-13:51:43,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/13-13:51:43,1206) bpfilter_umh
(root,26204,8300,00:00:07/13-13:51:43,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4236,00:00:00/13-13:51:43,1215) ntpd: asynchronous dns resolver
(spot,286612,171596,18:13:52/13-13:51:43,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/13-13:51:42,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/13-13:51:42,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/13-13:51:42,1245) (sd-pam)
(root,24216,5348,00:00:04/13-13:51:41,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:00/13-13:51:41,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:01/13-13:51:40,1354) /usr/sbin/cron -n
(root,691980,74552,00:17:33/13-13:51:34,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,212416,47904,00:04:29/13-13:51:20,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/30:54,2659) [kworker/2:0-events]
(root,0,0,00:00:00/12:08,3454) [kworker/1:1-events]
(root,0,0,00:00:04/03:49:31,4939) [kworker/2:2-events]
(root,35308,10012,00:00:00/6-05:47:47,8747) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5532,00:00:22/6-05:47:47,8749) sshd: syslogtunnel
(root,0,0,00:00:00/01:45,10657) [kworker/1:0-ata_sff]
(root,0,0,00:00:00/35:54,13988) [kworker/0:0-events]
(root,35308,10012,00:00:00/7-11:42:36,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:25/7-11:42:35,15391) sshd: cm-ssh
(root,6764,3592,00:00:00/00:00,17143) /bin/bash /usr/bin/check_mk_agent
(root,6656,3484,00:00:00/00:00,17224) /bin/bash /usr/bin/check_mk_agent
(root,6292,3184,00:00:00/00:00,17243) /bin/bash ././spot.bash
(root,13744,3492,00:00:00/00:00,17256) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,17257) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(postfix,24244,8212,00:00:00/41:55,19097) pickup -l -t fifo -u
(root,0,0,00:00:00/56:21,23451) [kworker/3:1-events]
(root,0,0,00:00:00/06:58,24026) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/01:26:41,24348) [kworker/u8:1-ext4-rsv-conversion]
(postfix,44628,9416,00:00:00/7-18:28:21,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/46:08,31001) [kworker/0:2-events]
(root,0,0,00:00:00/14:31,31497) [kworker/u8:2-flush-253:0]
(root,0,0,00:00:01/04:20:11,31777) [kworker/3:0-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-26 00:15

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836391ee4876

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12812,00:00:35/11-12:57:33,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/11-12:57:33,2) [kthreadd]
(root,0,0,00:00:00/11-12:57:33,3) [rcu_gp]
(root,0,0,00:00:00/11-12:57:33,4) [rcu_par_gp]
(root,0,0,00:00:00/11-12:57:33,5) [slub_flushwq]
(root,0,0,00:00:00/11-12:57:33,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/11-12:57:33,9) [mm_percpu_wq]
(root,0,0,00:00:00/11-12:57:33,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/11-12:57:33,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/11-12:57:33,12) [rcu_tasks_trace]
(root,0,0,00:00:20/11-12:57:33,13) [ksoftirqd/0]
(root,0,0,00:30:43/11-12:57:33,14) [rcu_preempt]
(root,0,0,00:00:04/11-12:57:33,15) [migration/0]
(root,0,0,00:00:00/11-12:57:33,16) [idle_inject/0]
(root,0,0,00:00:00/11-12:57:33,18) [cpuhp/0]
(root,0,0,00:00:00/11-12:57:33,19) [cpuhp/1]
(root,0,0,00:00:00/11-12:57:33,20) [idle_inject/1]
(root,0,0,00:00:04/11-12:57:33,21) [migration/1]
(root,0,0,00:00:17/11-12:57:33,22) [ksoftirqd/1]
(root,0,0,00:00:00/11-12:57:33,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/11-12:57:33,25) [cpuhp/2]
(root,0,0,00:00:00/11-12:57:33,26) [idle_inject/2]
(root,0,0,00:00:03/11-12:57:33,27) [migration/2]
(root,0,0,00:24:11/11-12:57:33,28) [ksoftirqd/2]
(root,0,0,00:00:00/11-12:57:33,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/11-12:57:33,31) [cpuhp/3]
(root,0,0,00:00:00/11-12:57:33,32) [idle_inject/3]
(root,0,0,00:00:04/11-12:57:33,33) [migration/3]
(root,0,0,00:01:05/11-12:57:33,34) [ksoftirqd/3]
(root,0,0,00:00:00/11-12:57:33,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/11-12:57:33,39) [kdevtmpfs]
(root,0,0,00:00:00/11-12:57:33,40) [netns]
(root,0,0,00:00:00/11-12:57:33,41) [inet_frag_wq]
(root,0,0,00:00:03/11-12:57:33,42) [kauditd]
(root,0,0,00:00:00/11-12:57:33,43) [khungtaskd]
(root,0,0,00:00:00/11-12:57:33,44) [oom_reaper]
(root,0,0,00:00:00/11-12:57:33,45) [writeback]
(root,0,0,00:00:33/11-12:57:33,46) [kcompactd0]
(root,0,0,00:00:00/11-12:57:33,47) [ksmd]
(root,0,0,00:00:34/11-12:57:33,48) [khugepaged]
(root,0,0,00:00:00/11-12:57:33,74) [kintegrityd]
(root,0,0,00:00:00/11-12:57:33,75) [kblockd]
(root,0,0,00:00:00/11-12:57:33,76) [blkcg_punt_bio]
(root,0,0,00:00:00/11-12:57:33,78) [tpm_dev_wq]
(root,0,0,00:00:00/11-12:57:33,79) [edac-poller]
(root,0,0,00:00:00/11-12:57:33,80) [devfreq_wq]
(root,0,0,00:00:00/11-12:57:33,110) [watchdogd]
(root,0,0,00:00:02/11-12:57:33,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/11-12:57:33,112) [kswapd0]
(root,0,0,00:00:00/11-12:57:32,114) [kthrotld]
(root,0,0,00:00:00/11-12:57:32,115) [mld]
(root,0,0,00:00:00/11-12:57:32,116) [ipv6_addrconf]
(root,0,0,00:00:04/11-12:57:32,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/11-12:57:32,122) [kstrp]
(root,0,0,00:00:00/11-12:57:32,123) [zswap-shrink]
(root,0,0,00:00:00/11-12:57:32,124) [kworker/u9:0]
(root,0,0,00:00:00/11-12:57:32,129) [charger_manager]
(root,0,0,00:00:02/11-12:57:31,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:02/11-12:57:31,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/11-12:57:31,205) [kaluad]
(root,0,0,00:00:00/11-12:57:31,250) [kmpath_rdacd]
(root,0,0,00:00:00/11-12:57:31,293) [kmpathd]
(root,0,0,00:00:00/11-12:57:31,294) [kmpath_handlerd]
(root,0,0,00:00:00/11-12:57:31,342) [ata_sff]
(root,0,0,00:00:00/11-12:57:30,343) [scsi_eh_0]
(root,0,0,00:00:00/11-12:57:30,344) [scsi_tmf_0]
(root,0,0,00:00:00/11-12:57:30,345) [scsi_eh_1]
(root,0,0,00:00:00/11-12:57:30,346) [scsi_tmf_1]
(root,0,0,00:00:17/11-12:57:28,366) [jbd2/vda1-8]
(root,0,0,00:00:00/11-12:57:28,367) [ext4-rsv-conver]
(root,38604,7900,00:00:19/11-12:57:16,440) /usr/lib/systemd/systemd-journald
(root,53164,9680,00:00:01/11-12:57:15,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:17/11-12:57:13,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1636,00:00:07/11-12:56:39,512) /sbin/auditd
(messagebus,22936,5672,00:00:39/11-12:56:39,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8548,00:00:22/11-12:56:39,531) /usr/lib/systemd/systemd-logind
(root,20556,5140,00:00:00/11-12:56:39,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16220,00:00:03/11-12:56:38,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16976,00:00:00/11-12:56:38,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547848,27724,00:00:13/11-12:56:24,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/11-12:56:24,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:01:00/11-12:56:23,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/11-12:56:23,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/11-12:56:23,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/11-12:56:23,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/11-12:56:23,1201) /usr/lib/systemd/systemd --user
(root,448968,9084,00:00:18/11-12:56:23,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6224,00:01:32/11-12:56:23,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/11-12:56:23,1206) bpfilter_umh
(root,26204,8300,00:00:06/11-12:56:23,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4236,00:00:00/11-12:56:23,1215) ntpd: asynchronous dns resolver
(spot,285300,171268,14:18:36/11-12:56:23,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/11-12:56:22,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/11-12:56:22,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/11-12:56:22,1245) (sd-pam)
(root,24216,5348,00:00:03/11-12:56:21,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:00/11-12:56:21,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:01/11-12:56:20,1354) /usr/sbin/cron -n
(root,691724,74148,00:14:51/11-12:56:14,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,211392,46608,00:03:46/11-12:56:00,1380) /usr/bin/python3.11 /usr/bin/spot
(root,6656,3512,00:00:00/00:01,1394) /bin/bash /usr/bin/check_mk_agent
(root,6656,3484,00:00:00/00:00,1459) /bin/bash /usr/bin/check_mk_agent
(root,6656,1828,00:00:00/00:00,1504) /bin/bash /usr/bin/check_mk_agent
(root,6656,2020,00:00:00/00:00,1506) /bin/bash /usr/bin/check_mk_agent
(root,4480,1152,00:00:00/00:00,1507) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,776,00:00:00/00:00,1508) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2680,696,00:00:00/00:00,1510) cat /proc/net/tcp /proc/net/tcp6
(root,6656,3488,00:00:00/00:00,1519) /bin/bash /usr/bin/check_mk_agent
(root,6656,1908,00:00:00/00:00,1534) /bin/bash /usr/bin/check_mk_agent
(root,25444,8880,00:00:00/00:00,1535) postconf -h queue_directory
(root,13744,3368,00:00:00/00:00,1543) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,1544) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/08:59,3737) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/10:19:42,4619) [kworker/u8:0-ext4-rsv-conversion]
(root,0,0,00:00:00/01:00:49,6242) [kworker/3:1]
(postfix,24244,8200,00:00:00/07:15,7853) pickup -l -t fifo -u
(root,35308,10012,00:00:00/4-04:52:27,8747) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5532,00:00:15/4-04:52:27,8749) sshd: syslogtunnel
(root,0,0,00:00:00/01:29:28,9247) [kworker/0:1-events]
(root,0,0,00:00:00/28:02,11036) [kworker/2:1-events]
(root,35308,10012,00:00:00/5-10:47:16,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:18/5-10:47:15,15391) sshd: cm-ssh
(root,0,0,00:00:00/02:22:46,16718) [kworker/2:2-events]
(root,0,0,00:00:00/03:49,18508) [kworker/1:0-ata_sff]
(root,0,0,00:00:00/02:01:52,18633) [kworker/3:2-events]
(root,0,0,00:00:02/03:05:23,21671) [kworker/1:1-events]
(root,0,0,00:00:00/01:09,27030) [kworker/2:0-events]
(root,0,0,00:00:00/32:10,30297) [kworker/0:2-events]
(postfix,44628,9464,00:00:00/5-17:33:01,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/02:38:39,31970) [kworker/u8:2-writeback]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-23 23:19

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683632f86dc9c

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12812,00:00:30/9-13:30:47,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/9-13:30:47,2) [kthreadd]
(root,0,0,00:00:00/9-13:30:47,3) [rcu_gp]
(root,0,0,00:00:00/9-13:30:47,4) [rcu_par_gp]
(root,0,0,00:00:00/9-13:30:47,5) [slub_flushwq]
(root,0,0,00:00:00/9-13:30:47,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/9-13:30:47,9) [mm_percpu_wq]
(root,0,0,00:00:00/9-13:30:47,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/9-13:30:47,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/9-13:30:47,12) [rcu_tasks_trace]
(root,0,0,00:00:16/9-13:30:47,13) [ksoftirqd/0]
(root,0,0,00:25:19/9-13:30:47,14) [rcu_preempt]
(root,0,0,00:00:03/9-13:30:47,15) [migration/0]
(root,0,0,00:00:00/9-13:30:47,16) [idle_inject/0]
(root,0,0,00:00:00/9-13:30:47,18) [cpuhp/0]
(root,0,0,00:00:00/9-13:30:47,19) [cpuhp/1]
(root,0,0,00:00:00/9-13:30:47,20) [idle_inject/1]
(root,0,0,00:00:03/9-13:30:47,21) [migration/1]
(root,0,0,00:00:14/9-13:30:47,22) [ksoftirqd/1]
(root,0,0,00:00:00/9-13:30:47,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/9-13:30:47,25) [cpuhp/2]
(root,0,0,00:00:00/9-13:30:47,26) [idle_inject/2]
(root,0,0,00:00:03/9-13:30:47,27) [migration/2]
(root,0,0,00:20:19/9-13:30:47,28) [ksoftirqd/2]
(root,0,0,00:00:00/9-13:30:47,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/9-13:30:47,31) [cpuhp/3]
(root,0,0,00:00:00/9-13:30:47,32) [idle_inject/3]
(root,0,0,00:00:03/9-13:30:47,33) [migration/3]
(root,0,0,00:00:54/9-13:30:47,34) [ksoftirqd/3]
(root,0,0,00:00:00/9-13:30:47,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/9-13:30:47,39) [kdevtmpfs]
(root,0,0,00:00:00/9-13:30:47,40) [netns]
(root,0,0,00:00:00/9-13:30:47,41) [inet_frag_wq]
(root,0,0,00:00:03/9-13:30:47,42) [kauditd]
(root,0,0,00:00:00/9-13:30:47,43) [khungtaskd]
(root,0,0,00:00:00/9-13:30:47,44) [oom_reaper]
(root,0,0,00:00:00/9-13:30:47,45) [writeback]
(root,0,0,00:00:27/9-13:30:47,46) [kcompactd0]
(root,0,0,00:00:00/9-13:30:47,47) [ksmd]
(root,0,0,00:00:29/9-13:30:47,48) [khugepaged]
(root,0,0,00:00:00/9-13:30:47,74) [kintegrityd]
(root,0,0,00:00:00/9-13:30:47,75) [kblockd]
(root,0,0,00:00:00/9-13:30:47,76) [blkcg_punt_bio]
(root,0,0,00:00:00/9-13:30:47,78) [tpm_dev_wq]
(root,0,0,00:00:00/9-13:30:47,79) [edac-poller]
(root,0,0,00:00:00/9-13:30:47,80) [devfreq_wq]
(root,0,0,00:00:00/9-13:30:47,110) [watchdogd]
(root,0,0,00:00:01/9-13:30:47,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/9-13:30:47,112) [kswapd0]
(root,0,0,00:00:00/9-13:30:46,114) [kthrotld]
(root,0,0,00:00:00/9-13:30:46,115) [mld]
(root,0,0,00:00:00/9-13:30:46,116) [ipv6_addrconf]
(root,0,0,00:00:04/9-13:30:46,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/9-13:30:46,122) [kstrp]
(root,0,0,00:00:00/9-13:30:46,123) [zswap-shrink]
(root,0,0,00:00:00/9-13:30:46,124) [kworker/u9:0]
(root,0,0,00:00:00/9-13:30:46,129) [charger_manager]
(root,0,0,00:00:02/9-13:30:45,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:02/9-13:30:45,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/9-13:30:45,205) [kaluad]
(root,0,0,00:00:00/9-13:30:45,250) [kmpath_rdacd]
(root,0,0,00:00:00/9-13:30:45,293) [kmpathd]
(root,0,0,00:00:00/9-13:30:45,294) [kmpath_handlerd]
(root,0,0,00:00:00/9-13:30:45,342) [ata_sff]
(root,0,0,00:00:00/9-13:30:44,343) [scsi_eh_0]
(root,0,0,00:00:00/9-13:30:44,344) [scsi_tmf_0]
(root,0,0,00:00:00/9-13:30:44,345) [scsi_eh_1]
(root,0,0,00:00:00/9-13:30:44,346) [scsi_tmf_1]
(root,0,0,00:00:14/9-13:30:42,366) [jbd2/vda1-8]
(root,0,0,00:00:00/9-13:30:42,367) [ext4-rsv-conver]
(root,38604,7900,00:00:16/9-13:30:30,440) /usr/lib/systemd/systemd-journald
(root,53164,9680,00:00:01/9-13:30:29,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:14/9-13:30:27,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1636,00:00:06/9-13:29:53,512) /sbin/auditd
(messagebus,22936,5672,00:00:33/9-13:29:53,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8544,00:00:19/9-13:29:53,531) /usr/lib/systemd/systemd-logind
(root,20556,5140,00:00:00/9-13:29:53,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16220,00:00:03/9-13:29:52,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16976,00:00:00/9-13:29:52,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547592,26656,00:00:11/9-13:29:38,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/9-13:29:38,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4568,00:00:50/9-13:29:37,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/9-13:29:37,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/9-13:29:37,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/9-13:29:37,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/9-13:29:37,1201) /usr/lib/systemd/systemd --user
(root,448968,8820,00:00:16/9-13:29:37,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6224,00:01:16/9-13:29:37,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/9-13:29:37,1206) bpfilter_umh
(root,26204,8300,00:00:05/9-13:29:37,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4236,00:00:00/9-13:29:37,1215) ntpd: asynchronous dns resolver
(spot,283188,169300,11:11:27/9-13:29:37,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/9-13:29:36,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/9-13:29:36,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/9-13:29:36,1245) (sd-pam)
(root,24216,5348,00:00:02/9-13:29:35,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:00/9-13:29:35,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:01/9-13:29:34,1354) /usr/sbin/cron -n
(root,691336,73820,00:12:18/9-13:29:28,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,210368,45328,00:03:06/9-13:29:14,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:04/04:57:54,2819) [kworker/2:2-events]
(root,0,0,00:00:00/59:12,6061) [kworker/1:0-events]
(root,0,0,00:00:00/03:00,8026) [kworker/2:0]
(root,35308,10012,00:00:00/2-05:25:41,8747) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5532,00:00:08/2-05:25:41,8749) sshd: syslogtunnel
(root,0,0,00:00:00/02:07,11619) [kworker/1:1-ata_sff]
(root,0,0,00:00:00/32:14,12858) [kworker/3:2]
(root,35308,10012,00:00:00/3-11:20:30,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:11/3-11:20:29,15391) sshd: cm-ssh
(root,0,0,00:00:00/52:49,15939) [kworker/2:1-events]
(root,0,0,00:00:00/52:16,16117) [kworker/u8:0-writeback]
(root,6656,3480,00:00:00/00:00,21234) /bin/bash /usr/bin/check_mk_agent
(root,13744,3504,00:00:00/00:00,21252) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,21253) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/02:45:52,22141) [kworker/3:0-events]
(root,0,0,00:00:00/40:45,22486) [kworker/u8:1]
(root,0,0,00:00:00/01:41:48,25498) [kworker/0:1-events]
(root,0,0,00:00:00/07:57,26656) [kworker/0:2-events]
(postfix,24244,8308,00:00:00/01:02:22,28263) pickup -l -t fifo -u
(root,0,0,00:00:00/07:19,28459) [kworker/1:2-ata_sff]
(postfix,44628,9464,00:00:00/3-18:06:15,30472) tlsmgr -l -t unix -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-21 23:52

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683632d24f1e7

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12768,00:00:24/7-12:29:15,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/7-12:29:15,2) [kthreadd]
(root,0,0,00:00:00/7-12:29:15,3) [rcu_gp]
(root,0,0,00:00:00/7-12:29:15,4) [rcu_par_gp]
(root,0,0,00:00:00/7-12:29:15,5) [slub_flushwq]
(root,0,0,00:00:00/7-12:29:15,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/7-12:29:15,9) [mm_percpu_wq]
(root,0,0,00:00:00/7-12:29:15,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/7-12:29:15,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/7-12:29:15,12) [rcu_tasks_trace]
(root,0,0,00:00:13/7-12:29:15,13) [ksoftirqd/0]
(root,0,0,00:19:46/7-12:29:15,14) [rcu_preempt]
(root,0,0,00:00:02/7-12:29:15,15) [migration/0]
(root,0,0,00:00:00/7-12:29:15,16) [idle_inject/0]
(root,0,0,00:00:00/7-12:29:15,18) [cpuhp/0]
(root,0,0,00:00:00/7-12:29:15,19) [cpuhp/1]
(root,0,0,00:00:00/7-12:29:15,20) [idle_inject/1]
(root,0,0,00:00:03/7-12:29:15,21) [migration/1]
(root,0,0,00:00:11/7-12:29:15,22) [ksoftirqd/1]
(root,0,0,00:00:00/7-12:29:15,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/7-12:29:15,25) [cpuhp/2]
(root,0,0,00:00:00/7-12:29:15,26) [idle_inject/2]
(root,0,0,00:00:02/7-12:29:15,27) [migration/2]
(root,0,0,00:15:53/7-12:29:15,28) [ksoftirqd/2]
(root,0,0,00:00:00/7-12:29:15,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/7-12:29:15,31) [cpuhp/3]
(root,0,0,00:00:00/7-12:29:15,32) [idle_inject/3]
(root,0,0,00:00:03/7-12:29:15,33) [migration/3]
(root,0,0,00:00:42/7-12:29:15,34) [ksoftirqd/3]
(root,0,0,00:00:00/7-12:29:15,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/7-12:29:15,39) [kdevtmpfs]
(root,0,0,00:00:00/7-12:29:15,40) [netns]
(root,0,0,00:00:00/7-12:29:15,41) [inet_frag_wq]
(root,0,0,00:00:02/7-12:29:15,42) [kauditd]
(root,0,0,00:00:00/7-12:29:15,43) [khungtaskd]
(root,0,0,00:00:00/7-12:29:15,44) [oom_reaper]
(root,0,0,00:00:00/7-12:29:15,45) [writeback]
(root,0,0,00:00:22/7-12:29:15,46) [kcompactd0]
(root,0,0,00:00:00/7-12:29:15,47) [ksmd]
(root,0,0,00:00:22/7-12:29:15,48) [khugepaged]
(root,0,0,00:00:00/7-12:29:15,74) [kintegrityd]
(root,0,0,00:00:00/7-12:29:15,75) [kblockd]
(root,0,0,00:00:00/7-12:29:15,76) [blkcg_punt_bio]
(root,0,0,00:00:00/7-12:29:15,78) [tpm_dev_wq]
(root,0,0,00:00:00/7-12:29:15,79) [edac-poller]
(root,0,0,00:00:00/7-12:29:15,80) [devfreq_wq]
(root,0,0,00:00:00/7-12:29:15,110) [watchdogd]
(root,0,0,00:00:01/7-12:29:15,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/7-12:29:15,112) [kswapd0]
(root,0,0,00:00:00/7-12:29:14,114) [kthrotld]
(root,0,0,00:00:00/7-12:29:14,115) [mld]
(root,0,0,00:00:00/7-12:29:14,116) [ipv6_addrconf]
(root,0,0,00:00:03/7-12:29:14,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/7-12:29:14,122) [kstrp]
(root,0,0,00:00:00/7-12:29:14,123) [zswap-shrink]
(root,0,0,00:00:00/7-12:29:14,124) [kworker/u9:0]
(root,0,0,00:00:00/7-12:29:14,129) [charger_manager]
(root,0,0,00:00:01/7-12:29:13,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:01/7-12:29:13,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/7-12:29:13,205) [kaluad]
(root,0,0,00:00:00/7-12:29:13,250) [kmpath_rdacd]
(root,0,0,00:00:00/7-12:29:13,293) [kmpathd]
(root,0,0,00:00:00/7-12:29:13,294) [kmpath_handlerd]
(root,0,0,00:00:00/7-12:29:13,342) [ata_sff]
(root,0,0,00:00:00/7-12:29:12,343) [scsi_eh_0]
(root,0,0,00:00:00/7-12:29:12,344) [scsi_tmf_0]
(root,0,0,00:00:00/7-12:29:12,345) [scsi_eh_1]
(root,0,0,00:00:00/7-12:29:12,346) [scsi_tmf_1]
(root,0,0,00:00:11/7-12:29:10,366) [jbd2/vda1-8]
(root,0,0,00:00:00/7-12:29:10,367) [ext4-rsv-conver]
(root,38604,7900,00:00:13/7-12:28:58,440) /usr/lib/systemd/systemd-journald
(root,53164,9680,00:00:01/7-12:28:57,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:11/7-12:28:55,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1636,00:00:04/7-12:28:21,512) /sbin/auditd
(messagebus,22936,5672,00:00:26/7-12:28:21,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8540,00:00:15/7-12:28:21,531) /usr/lib/systemd/systemd-logind
(root,20556,5140,00:00:00/7-12:28:21,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,0,0,00:00:00/13:21,589) [kworker/u8:0-writeback]
(root,31876,16220,00:00:03/7-12:28:20,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16976,00:00:00/7-12:28:20,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547592,25356,00:00:08/7-12:28:06,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/7-12:28:06,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4568,00:00:39/7-12:28:05,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/7-12:28:05,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/7-12:28:05,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/7-12:28:05,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/7-12:28:05,1201) /usr/lib/systemd/systemd --user
(root,448968,8820,00:00:13/7-12:28:05,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6224,00:00:59/7-12:28:05,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/7-12:28:05,1206) bpfilter_umh
(root,26204,8300,00:00:04/7-12:28:05,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4236,00:00:00/7-12:28:05,1215) ntpd: asynchronous dns resolver
(spot,284116,169532,08:31:29/7-12:28:05,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/7-12:28:04,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/7-12:28:04,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/7-12:28:04,1245) (sd-pam)
(root,24216,5348,00:00:02/7-12:28:03,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:00/7-12:28:03,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:01/7-12:28:02,1354) /usr/sbin/cron -n
(root,691080,73620,00:09:38/7-12:27:56,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,209344,43784,00:02:24/7-12:27:42,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/38:54,1729) [kworker/0:2-events]
(root,0,0,00:00:00/31:41,3298) [kworker/2:1-events]
(root,0,0,00:00:00/06:26,6632) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/01:08:10,7055) [kworker/3:2-events]
(root,6656,3484,00:00:00/00:00,7900) /bin/bash /usr/bin/check_mk_agent
(root,13744,3408,00:00:00/00:00,7918) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,952,00:00:00/00:00,7919) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/46:16,8300) [kworker/3:1-events]
(root,35308,10012,00:00:00/04:24:09,8747) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5532,00:00:00/04:24:09,8749) sshd: syslogtunnel
(root,35308,10012,00:00:00/1-10:18:58,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:04/1-10:18:57,15391) sshd: cm-ssh
(root,0,0,00:00:00/10:16,17554) [kworker/0:1-events]
(postfix,24244,8324,00:00:00/22:39,18194) pickup -l -t fifo -u
(root,0,0,00:00:00/35:54,18809) [kworker/u8:1-ext4-rsv-conversion]
(root,0,0,00:00:00/42:45,21988) [kworker/1:0-events]
(postfix,44628,9464,00:00:00/1-17:04:43,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/13:51,30892) [kworker/2:2]
(root,0,0,00:00:00/01:15,32541) [kworker/1:1-ata_sff]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-19 22:51

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683632bbf151f

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12768,00:00:18/5-11:31:11,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/5-11:31:11,2) [kthreadd]
(root,0,0,00:00:00/5-11:31:11,3) [rcu_gp]
(root,0,0,00:00:00/5-11:31:11,4) [rcu_par_gp]
(root,0,0,00:00:00/5-11:31:11,5) [slub_flushwq]
(root,0,0,00:00:00/5-11:31:11,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/5-11:31:11,9) [mm_percpu_wq]
(root,0,0,00:00:00/5-11:31:11,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/5-11:31:11,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/5-11:31:11,12) [rcu_tasks_trace]
(root,0,0,00:00:08/5-11:31:11,13) [ksoftirqd/0]
(root,0,0,00:14:15/5-11:31:11,14) [rcu_preempt]
(root,0,0,00:00:02/5-11:31:11,15) [migration/0]
(root,0,0,00:00:00/5-11:31:11,16) [idle_inject/0]
(root,0,0,00:00:00/5-11:31:11,18) [cpuhp/0]
(root,0,0,00:00:00/5-11:31:11,19) [cpuhp/1]
(root,0,0,00:00:00/5-11:31:11,20) [idle_inject/1]
(root,0,0,00:00:02/5-11:31:11,21) [migration/1]
(root,0,0,00:00:07/5-11:31:11,22) [ksoftirqd/1]
(root,0,0,00:00:00/5-11:31:11,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/5-11:31:11,25) [cpuhp/2]
(root,0,0,00:00:00/5-11:31:11,26) [idle_inject/2]
(root,0,0,00:00:01/5-11:31:11,27) [migration/2]
(root,0,0,00:11:45/5-11:31:11,28) [ksoftirqd/2]
(root,0,0,00:00:00/5-11:31:11,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/5-11:31:11,31) [cpuhp/3]
(root,0,0,00:00:00/5-11:31:11,32) [idle_inject/3]
(root,0,0,00:00:02/5-11:31:11,33) [migration/3]
(root,0,0,00:00:29/5-11:31:11,34) [ksoftirqd/3]
(root,0,0,00:00:00/5-11:31:11,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/5-11:31:11,39) [kdevtmpfs]
(root,0,0,00:00:00/5-11:31:11,40) [netns]
(root,0,0,00:00:00/5-11:31:11,41) [inet_frag_wq]
(root,0,0,00:00:01/5-11:31:11,42) [kauditd]
(root,0,0,00:00:00/5-11:31:11,43) [khungtaskd]
(root,0,0,00:00:00/5-11:31:11,44) [oom_reaper]
(root,0,0,00:00:00/5-11:31:11,45) [writeback]
(root,0,0,00:00:14/5-11:31:11,46) [kcompactd0]
(root,0,0,00:00:00/5-11:31:11,47) [ksmd]
(root,0,0,00:00:15/5-11:31:11,48) [khugepaged]
(root,0,0,00:00:00/5-11:31:11,74) [kintegrityd]
(root,0,0,00:00:00/5-11:31:11,75) [kblockd]
(root,0,0,00:00:00/5-11:31:11,76) [blkcg_punt_bio]
(root,0,0,00:00:00/5-11:31:11,78) [tpm_dev_wq]
(root,0,0,00:00:00/5-11:31:11,79) [edac-poller]
(root,0,0,00:00:00/5-11:31:11,80) [devfreq_wq]
(root,0,0,00:00:00/5-11:31:11,110) [watchdogd]
(root,0,0,00:00:01/5-11:31:11,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/5-11:31:11,112) [kswapd0]
(root,0,0,00:00:00/5-11:31:10,114) [kthrotld]
(root,0,0,00:00:00/5-11:31:10,115) [mld]
(root,0,0,00:00:00/5-11:31:10,116) [ipv6_addrconf]
(root,0,0,00:00:02/5-11:31:10,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/5-11:31:10,122) [kstrp]
(root,0,0,00:00:00/5-11:31:10,123) [zswap-shrink]
(root,0,0,00:00:00/5-11:31:10,124) [kworker/u9:0]
(root,0,0,00:00:00/5-11:31:10,129) [charger_manager]
(root,0,0,00:00:01/5-11:31:09,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:01/5-11:31:09,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/5-11:31:09,205) [kaluad]
(root,0,0,00:00:00/5-11:31:09,250) [kmpath_rdacd]
(root,0,0,00:00:00/5-11:31:09,293) [kmpathd]
(root,0,0,00:00:00/5-11:31:09,294) [kmpath_handlerd]
(root,0,0,00:00:00/5-11:31:09,342) [ata_sff]
(root,0,0,00:00:00/5-11:31:08,343) [scsi_eh_0]
(root,0,0,00:00:00/5-11:31:08,344) [scsi_tmf_0]
(root,0,0,00:00:00/5-11:31:08,345) [scsi_eh_1]
(root,0,0,00:00:00/5-11:31:08,346) [scsi_tmf_1]
(root,0,0,00:00:08/5-11:31:06,366) [jbd2/vda1-8]
(root,0,0,00:00:00/5-11:31:06,367) [ext4-rsv-conver]
(root,38604,7544,00:00:09/5-11:30:54,440) /usr/lib/systemd/systemd-journald
(root,53164,9776,00:00:00/5-11:30:53,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:08/5-11:30:51,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:03/5-11:30:17,512) /sbin/auditd
(messagebus,22936,5824,00:00:19/5-11:30:17,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8540,00:00:11/5-11:30:17,531) /usr/lib/systemd/systemd-logind
(root,20556,6104,00:00:00/5-11:30:17,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,17312,00:00:03/5-11:30:16,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,17960,00:00:00/5-11:30:16,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547592,25572,00:00:06/5-11:30:02,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26748,00:00:00/5-11:30:02,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4568,00:00:27/5-11:30:01,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1756,00:00:00/5-11:30:01,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/5-11:30:01,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/5-11:30:01,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/5-11:30:01,1201) /usr/lib/systemd/systemd --user
(root,448968,8640,00:00:10/5-11:30:01,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6484,00:00:42/5-11:30:01,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/5-11:30:01,1206) bpfilter_umh
(root,26204,8340,00:00:03/5-11:30:01,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4384,00:00:00/5-11:30:01,1215) ntpd: asynchronous dns resolver
(spot,276088,163720,05:59:56/5-11:30:01,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/5-11:30:00,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/5-11:30:00,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/5-11:30:00,1245) (sd-pam)
(root,24216,5348,00:00:01/5-11:29:59,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:00/5-11:29:59,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:00/5-11:29:58,1354) /usr/sbin/cron -n
(root,691080,73440,00:06:57/5-11:29:52,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,208320,42484,00:01:44/5-11:29:38,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/22:04,4430) [kworker/0:0-events]
(root,35308,10024,00:00:00/3-13:22:47,4679) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5592,00:00:12/3-13:22:47,4681) sshd: syslogtunnel
(root,35308,10044,00:00:00/3-13:22:32,4686) sshd: cm-ssh [priv]
(cm-ssh,35308,5396,00:00:10/3-13:22:32,4688) sshd: cm-ssh
(root,6656,3484,00:00:00/00:01,6238) /bin/bash /usr/bin/check_mk_agent
(root,6656,3488,00:00:00/00:00,6297) /bin/bash /usr/bin/check_mk_agent
(root,6656,1828,00:00:00/00:00,6329) /bin/bash /usr/bin/check_mk_agent
(root,6656,2020,00:00:00/00:00,6330) /bin/bash /usr/bin/check_mk_agent
(root,4480,1196,00:00:00/00:00,6331) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,816,00:00:00/00:00,6332) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2680,700,00:00:00/00:00,6333) cat /proc/net/tcp /proc/net/tcp6
(root,13744,3500,00:00:00/00:00,6338) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,6339) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/07:22,7039) [kworker/1:1-ata_sff]
(root,0,0,00:00:05/12:00:54,13342) [kworker/1:0-mm_percpu_wq]
(root,0,0,00:00:01/01:51:37,22417) [kworker/2:2-events]
(root,0,0,00:00:00/01:51:33,22418) [kworker/u8:2-flush-253:0]
(root,0,0,00:00:00/03:22:50,26136) [kworker/u8:1-ext4-rsv-conversion]
(postfix,24244,8272,00:00:00/01:25:30,27452) pickup -l -t fifo -u
(root,0,0,00:00:00/05:02:46,27907) [kworker/3:1-cgroup_destroy]
(root,0,0,00:00:00/02:12,28062) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/01:09:03,28891) [kworker/3:2-events]
(root,0,0,00:00:00/56:17,29918) [kworker/2:0]
(root,0,0,00:00:00/39:10,31879) [kworker/0:2-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-17 21:53

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363cd18920c

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12768,00:00:13/3-15:12:10,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/3-15:12:10,2) [kthreadd]
(root,0,0,00:00:00/3-15:12:10,3) [rcu_gp]
(root,0,0,00:00:00/3-15:12:10,4) [rcu_par_gp]
(root,0,0,00:00:00/3-15:12:10,5) [slub_flushwq]
(root,0,0,00:00:00/3-15:12:10,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/3-15:12:10,9) [mm_percpu_wq]
(root,0,0,00:00:00/3-15:12:10,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/3-15:12:10,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/3-15:12:10,12) [rcu_tasks_trace]
(root,0,0,00:00:05/3-15:12:10,13) [ksoftirqd/0]
(root,0,0,00:09:30/3-15:12:10,14) [rcu_preempt]
(root,0,0,00:00:01/3-15:12:10,15) [migration/0]
(root,0,0,00:00:00/3-15:12:10,16) [idle_inject/0]
(root,0,0,00:00:00/3-15:12:10,18) [cpuhp/0]
(root,0,0,00:00:00/3-15:12:10,19) [cpuhp/1]
(root,0,0,00:00:00/3-15:12:10,20) [idle_inject/1]
(root,0,0,00:00:01/3-15:12:10,21) [migration/1]
(root,0,0,00:00:05/3-15:12:10,22) [ksoftirqd/1]
(root,0,0,00:00:00/3-15:12:10,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/3-15:12:10,25) [cpuhp/2]
(root,0,0,00:00:00/3-15:12:10,26) [idle_inject/2]
(root,0,0,00:00:01/3-15:12:10,27) [migration/2]
(root,0,0,00:08:01/3-15:12:10,28) [ksoftirqd/2]
(root,0,0,00:00:00/3-15:12:10,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/3-15:12:10,31) [cpuhp/3]
(root,0,0,00:00:00/3-15:12:10,32) [idle_inject/3]
(root,0,0,00:00:01/3-15:12:10,33) [migration/3]
(root,0,0,00:00:20/3-15:12:10,34) [ksoftirqd/3]
(root,0,0,00:00:00/3-15:12:10,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/3-15:12:10,39) [kdevtmpfs]
(root,0,0,00:00:00/3-15:12:10,40) [netns]
(root,0,0,00:00:00/3-15:12:10,41) [inet_frag_wq]
(root,0,0,00:00:01/3-15:12:10,42) [kauditd]
(root,0,0,00:00:00/3-15:12:10,43) [khungtaskd]
(root,0,0,00:00:00/3-15:12:10,44) [oom_reaper]
(root,0,0,00:00:00/3-15:12:10,45) [writeback]
(root,0,0,00:00:09/3-15:12:10,46) [kcompactd0]
(root,0,0,00:00:00/3-15:12:10,47) [ksmd]
(root,0,0,00:00:10/3-15:12:10,48) [khugepaged]
(root,0,0,00:00:00/3-15:12:10,74) [kintegrityd]
(root,0,0,00:00:00/3-15:12:10,75) [kblockd]
(root,0,0,00:00:00/3-15:12:10,76) [blkcg_punt_bio]
(root,0,0,00:00:00/3-15:12:10,78) [tpm_dev_wq]
(root,0,0,00:00:00/3-15:12:10,79) [edac-poller]
(root,0,0,00:00:00/3-15:12:10,80) [devfreq_wq]
(root,0,0,00:00:00/3-15:12:10,110) [watchdogd]
(root,0,0,00:00:00/3-15:12:10,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/3-15:12:10,112) [kswapd0]
(root,0,0,00:00:00/3-15:12:09,114) [kthrotld]
(root,0,0,00:00:00/3-15:12:09,115) [mld]
(root,0,0,00:00:00/3-15:12:09,116) [ipv6_addrconf]
(root,0,0,00:00:01/3-15:12:09,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/3-15:12:09,122) [kstrp]
(root,0,0,00:00:00/3-15:12:09,123) [zswap-shrink]
(root,0,0,00:00:00/3-15:12:09,124) [kworker/u9:0]
(root,0,0,00:00:00/3-15:12:09,129) [charger_manager]
(root,0,0,00:00:00/3-15:12:08,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/3-15:12:08,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/3-15:12:08,205) [kaluad]
(root,0,0,00:00:00/3-15:12:08,250) [kmpath_rdacd]
(root,0,0,00:00:00/3-15:12:08,293) [kmpathd]
(root,0,0,00:00:00/3-15:12:08,294) [kmpath_handlerd]
(root,0,0,00:00:00/3-15:12:08,342) [ata_sff]
(root,0,0,00:00:00/3-15:12:07,343) [scsi_eh_0]
(root,0,0,00:00:00/3-15:12:07,344) [scsi_tmf_0]
(root,0,0,00:00:00/3-15:12:07,345) [scsi_eh_1]
(root,0,0,00:00:00/3-15:12:07,346) [scsi_tmf_1]
(root,0,0,00:00:05/3-15:12:05,366) [jbd2/vda1-8]
(root,0,0,00:00:00/3-15:12:05,367) [ext4-rsv-conver]
(root,38604,7544,00:00:07/3-15:11:53,440) /usr/lib/systemd/systemd-journald
(root,53164,9776,00:00:00/3-15:11:52,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:05/3-15:11:50,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:02/3-15:11:16,512) /sbin/auditd
(messagebus,22936,5824,00:00:14/3-15:11:16,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8540,00:00:08/3-15:11:16,531) /usr/lib/systemd/systemd-logind
(root,20556,6104,00:00:00/3-15:11:16,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,17312,00:00:03/3-15:11:15,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,17960,00:00:00/3-15:11:15,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547336,24748,00:00:04/3-15:11:01,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26748,00:00:00/3-15:11:01,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4568,00:00:18/3-15:11:00,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1756,00:00:00/3-15:11:00,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/3-15:11:00,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/3-15:11:00,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/3-15:11:00,1201) /usr/lib/systemd/systemd --user
(root,448968,8640,00:00:07/3-15:11:00,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6484,00:00:28/3-15:11:00,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/3-15:11:00,1206) bpfilter_umh
(root,26204,8340,00:00:02/3-15:11:00,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4384,00:00:00/3-15:11:00,1215) ntpd: asynchronous dns resolver
(spot,273884,162304,04:12:18/3-15:11:00,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/3-15:10:59,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/3-15:10:59,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/3-15:10:59,1245) (sd-pam)
(root,0,0,00:00:00/18:55,1284) [kworker/2:1]
(root,24216,5348,00:00:01/3-15:10:58,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:00/3-15:10:58,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:00/3-15:10:57,1354) /usr/sbin/cron -n
(root,689544,71904,00:04:39/3-15:10:51,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,207296,41156,00:01:10/3-15:10:37,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/01:08:12,1655) [kworker/0:1-events]
(root,0,0,00:00:04/03:43:32,3235) [kworker/2:0-events]
(root,35308,10024,00:00:00/1-17:03:46,4679) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5592,00:00:05/1-17:03:46,4681) sshd: syslogtunnel
(root,35308,10044,00:00:00/1-17:03:31,4686) sshd: cm-ssh [priv]
(cm-ssh,35308,5396,00:00:05/1-17:03:31,4688) sshd: cm-ssh
(root,0,0,00:00:00/02:21:20,4707) [kworker/0:2-events]
(root,6656,3444,00:00:00/00:00,8366) /bin/bash /usr/bin/check_mk_agent
(root,13744,3524,00:00:00/00:00,8384) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,8385) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(postfix,24244,8164,00:00:00/28:20,13818) pickup -l -t fifo -u
(root,0,0,00:00:01/01:30:29,19322) [kworker/1:1-events]
(root,0,0,00:00:00/01:28:49,25346) [kworker/u8:0-writeback]
(root,0,0,00:00:00/07:29,25518) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/07:08,26463) [kworker/3:0-events]
(root,0,0,00:00:00/02:19,28129) [kworker/1:0-ata_sff]
(root,0,0,00:00:00/05:18:47,30146) [kworker/u8:2]
(root,0,0,00:00:00/42:22,30663) [kworker/3:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-16 01:34

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c95b517d

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12672,00:00:07/1-14:13:09,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/1-14:13:09,2) [kthreadd]
(root,0,0,00:00:00/1-14:13:09,3) [rcu_gp]
(root,0,0,00:00:00/1-14:13:09,4) [rcu_par_gp]
(root,0,0,00:00:00/1-14:13:09,5) [slub_flushwq]
(root,0,0,00:00:00/1-14:13:09,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/1-14:13:09,9) [mm_percpu_wq]
(root,0,0,00:00:00/1-14:13:09,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/1-14:13:09,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/1-14:13:09,12) [rcu_tasks_trace]
(root,0,0,00:00:02/1-14:13:09,13) [ksoftirqd/0]
(root,0,0,00:04:07/1-14:13:09,14) [rcu_preempt]
(root,0,0,00:00:00/1-14:13:09,15) [migration/0]
(root,0,0,00:00:00/1-14:13:09,16) [idle_inject/0]
(root,0,0,00:00:00/1-14:13:09,18) [cpuhp/0]
(root,0,0,00:00:00/1-14:13:09,19) [cpuhp/1]
(root,0,0,00:00:00/1-14:13:09,20) [idle_inject/1]
(root,0,0,00:00:00/1-14:13:09,21) [migration/1]
(root,0,0,00:00:02/1-14:13:09,22) [ksoftirqd/1]
(root,0,0,00:00:00/1-14:13:09,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/1-14:13:09,25) [cpuhp/2]
(root,0,0,00:00:00/1-14:13:09,26) [idle_inject/2]
(root,0,0,00:00:00/1-14:13:09,27) [migration/2]
(root,0,0,00:03:24/1-14:13:09,28) [ksoftirqd/2]
(root,0,0,00:00:00/1-14:13:09,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/1-14:13:09,31) [cpuhp/3]
(root,0,0,00:00:00/1-14:13:09,32) [idle_inject/3]
(root,0,0,00:00:00/1-14:13:09,33) [migration/3]
(root,0,0,00:00:08/1-14:13:09,34) [ksoftirqd/3]
(root,0,0,00:00:00/1-14:13:09,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/1-14:13:09,39) [kdevtmpfs]
(root,0,0,00:00:00/1-14:13:09,40) [netns]
(root,0,0,00:00:00/1-14:13:09,41) [inet_frag_wq]
(root,0,0,00:00:00/1-14:13:09,42) [kauditd]
(root,0,0,00:00:00/1-14:13:09,43) [khungtaskd]
(root,0,0,00:00:00/1-14:13:09,44) [oom_reaper]
(root,0,0,00:00:00/1-14:13:09,45) [writeback]
(root,0,0,00:00:04/1-14:13:09,46) [kcompactd0]
(root,0,0,00:00:00/1-14:13:09,47) [ksmd]
(root,0,0,00:00:04/1-14:13:09,48) [khugepaged]
(root,0,0,00:00:00/1-14:13:09,74) [kintegrityd]
(root,0,0,00:00:00/1-14:13:09,75) [kblockd]
(root,0,0,00:00:00/1-14:13:09,76) [blkcg_punt_bio]
(root,0,0,00:00:00/1-14:13:09,78) [tpm_dev_wq]
(root,0,0,00:00:00/1-14:13:09,79) [edac-poller]
(root,0,0,00:00:00/1-14:13:09,80) [devfreq_wq]
(root,0,0,00:00:00/1-14:13:09,110) [watchdogd]
(root,0,0,00:00:00/1-14:13:09,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/1-14:13:09,112) [kswapd0]
(root,0,0,00:00:00/1-14:13:08,114) [kthrotld]
(root,0,0,00:00:00/1-14:13:08,115) [mld]
(root,0,0,00:00:00/1-14:13:08,116) [ipv6_addrconf]
(root,0,0,00:00:00/1-14:13:08,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/1-14:13:08,122) [kstrp]
(root,0,0,00:00:00/1-14:13:08,123) [zswap-shrink]
(root,0,0,00:00:00/1-14:13:08,124) [kworker/u9:0]
(root,0,0,00:00:00/1-14:13:08,129) [charger_manager]
(root,0,0,00:00:00/1-14:13:07,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/1-14:13:07,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/1-14:13:07,205) [kaluad]
(root,0,0,00:00:00/1-14:13:07,250) [kmpath_rdacd]
(root,0,0,00:00:00/1-14:13:07,293) [kmpathd]
(root,0,0,00:00:00/1-14:13:07,294) [kmpath_handlerd]
(root,0,0,00:00:00/1-14:13:07,342) [ata_sff]
(root,0,0,00:00:00/1-14:13:06,343) [scsi_eh_0]
(root,0,0,00:00:00/1-14:13:06,344) [scsi_tmf_0]
(root,0,0,00:00:00/1-14:13:06,345) [scsi_eh_1]
(root,0,0,00:00:00/1-14:13:06,346) [scsi_tmf_1]
(root,0,0,00:00:02/1-14:13:04,366) [jbd2/vda1-8]
(root,0,0,00:00:00/1-14:13:04,367) [ext4-rsv-conver]
(root,38604,7544,00:00:03/1-14:12:52,440) /usr/lib/systemd/systemd-journald
(root,53164,9776,00:00:00/1-14:12:51,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:02/1-14:12:49,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:01/1-14:12:15,512) /sbin/auditd
(messagebus,22936,5824,00:00:07/1-14:12:15,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8508,00:00:03/1-14:12:15,531) /usr/lib/systemd/systemd-logind
(root,20556,6104,00:00:00/1-14:12:15,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,17312,00:00:03/1-14:12:14,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,17960,00:00:00/1-14:12:14,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547336,24220,00:00:02/1-14:12:00,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26748,00:00:00/1-14:12:00,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4568,00:00:07/1-14:11:59,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1756,00:00:00/1-14:11:59,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/1-14:11:59,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/1-14:11:59,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/1-14:11:59,1201) /usr/lib/systemd/systemd --user
(root,448724,7840,00:00:03/1-14:11:59,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6484,00:00:12/1-14:11:59,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/1-14:11:59,1206) bpfilter_umh
(root,26204,8340,00:00:01/1-14:11:59,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4384,00:00:00/1-14:11:59,1215) ntpd: asynchronous dns resolver
(spot,199012,161688,01:46:52/1-14:11:59,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/1-14:11:58,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/1-14:11:58,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/1-14:11:58,1245) (sd-pam)
(root,24216,5348,00:00:00/1-14:11:57,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:00/1-14:11:57,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:00/1-14:11:56,1354) /usr/sbin/cron -n
(root,35308,9992,00:00:00/1-14:11:52,1368) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5400,00:00:05/1-14:11:52,1371) sshd: syslogtunnel
(root,689288,71288,00:02:04/1-14:11:50,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,206272,40784,00:00:32/1-14:11:36,1380) /usr/bin/python3.11 /usr/bin/spot
(root,35308,9976,00:00:00/1-14:11:17,1434) sshd: cm-ssh [priv]
(cm-ssh,35308,5468,00:00:04/1-14:11:17,1436) sshd: cm-ssh
(root,0,0,00:00:05/08:37:34,3139) [kworker/1:0-ata_sff]
(root,0,0,00:00:00/20:02,4324) [kworker/3:1-events]
(root,0,0,00:00:00/03:10,4802) [kworker/3:2]
(postfix,24244,8168,00:00:00/01:31:22,8239) pickup -l -t fifo -u
(root,0,0,00:00:00/48:11,9251) [kworker/0:2-events]
(root,0,0,00:00:00/09:56,10983) [kworker/1:1-events]
(root,0,0,00:00:00/09:50,11248) [kworker/u8:0-writeback]
(root,0,0,00:00:00/16:41,17764) [kworker/2:2]
(root,6656,3484,00:00:00/00:00,20074) /bin/bash /usr/bin/check_mk_agent
(root,13744,3372,00:00:00/00:00,20092) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,20093) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/01:10:43,27345) [kworker/3:0-cgroup_destroy]
(root,0,0,00:00:00/01:35:11,28896) [kworker/0:0-events]
(root,0,0,00:00:00/01:34:51,29594) [kworker/u8:1]
(root,0,0,00:00:00/04:45,29799) [kworker/1:2-ata_sff]
(root,0,0,00:00:01/51:48,32356) [kworker/2:0-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-14 00:35

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363279c0a9c

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12368,00:03:07/62-13:22:01,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/62-13:22:01,2) [kthreadd]
(root,0,0,00:00:00/62-13:22:01,3) [rcu_gp]
(root,0,0,00:00:00/62-13:22:01,4) [rcu_par_gp]
(root,0,0,00:00:00/62-13:22:01,5) [slub_flushwq]
(root,0,0,00:00:00/62-13:22:01,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/62-13:22:01,9) [mm_percpu_wq]
(root,0,0,00:00:00/62-13:22:01,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/62-13:22:01,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/62-13:22:01,12) [rcu_tasks_trace]
(root,0,0,00:01:52/62-13:22:01,13) [ksoftirqd/0]
(root,0,0,02:54:07/62-13:22:01,14) [rcu_preempt]
(root,0,0,00:00:23/62-13:22:01,15) [migration/0]
(root,0,0,00:00:00/62-13:22:01,16) [idle_inject/0]
(root,0,0,00:00:00/62-13:22:01,18) [cpuhp/0]
(root,0,0,00:00:00/62-13:22:01,19) [cpuhp/1]
(root,0,0,00:00:00/62-13:22:01,20) [idle_inject/1]
(root,0,0,00:00:23/62-13:22:01,21) [migration/1]
(root,0,0,00:01:33/62-13:22:01,22) [ksoftirqd/1]
(root,0,0,00:00:00/62-13:22:01,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/62-13:22:01,25) [cpuhp/2]
(root,0,0,00:00:00/62-13:22:01,26) [idle_inject/2]
(root,0,0,00:00:17/62-13:22:01,27) [migration/2]
(root,0,0,01:53:28/62-13:22:01,28) [ksoftirqd/2]
(root,0,0,00:00:00/62-13:22:01,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/62-13:22:01,31) [cpuhp/3]
(root,0,0,00:00:00/62-13:22:01,32) [idle_inject/3]
(root,0,0,00:00:22/62-13:22:01,33) [migration/3]
(root,0,0,00:05:43/62-13:22:01,34) [ksoftirqd/3]
(root,0,0,00:00:00/62-13:22:01,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/62-13:22:01,40) [kdevtmpfs]
(root,0,0,00:00:00/62-13:22:01,41) [netns]
(root,0,0,00:00:00/62-13:22:01,42) [inet_frag_wq]
(root,0,0,00:00:22/62-13:22:01,43) [kauditd]
(root,0,0,00:00:00/62-13:22:01,44) [khungtaskd]
(root,0,0,00:00:00/62-13:22:01,45) [oom_reaper]
(root,0,0,00:00:00/62-13:22:01,46) [writeback]
(root,0,0,00:03:11/62-13:22:01,47) [kcompactd0]
(root,0,0,00:00:00/62-13:22:01,48) [ksmd]
(root,0,0,00:03:27/62-13:22:01,49) [khugepaged]
(root,0,0,00:00:00/62-13:22:01,75) [kintegrityd]
(root,0,0,00:00:00/62-13:22:01,76) [kblockd]
(root,0,0,00:00:00/62-13:22:01,77) [blkcg_punt_bio]
(root,0,0,00:00:00/62-13:22:01,79) [tpm_dev_wq]
(root,0,0,00:00:00/62-13:22:01,80) [edac-poller]
(root,0,0,00:00:00/62-13:22:01,81) [devfreq_wq]
(root,0,0,00:00:00/62-13:22:01,110) [watchdogd]
(root,0,0,00:00:05/62-13:22:01,111) [kswapd0]
(root,0,0,00:00:15/62-13:22:01,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/62-13:21:59,115) [kthrotld]
(root,0,0,00:00:00/62-13:21:59,116) [mld]
(root,0,0,00:00:00/62-13:21:59,117) [ipv6_addrconf]
(root,0,0,00:00:16/62-13:21:59,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/62-13:21:59,123) [kstrp]
(root,0,0,00:00:00/62-13:21:59,124) [zswap-shrink]
(root,0,0,00:00:00/62-13:21:59,125) [kworker/u9:0]
(root,0,0,00:00:00/62-13:21:59,130) [charger_manager]
(root,0,0,00:00:18/62-13:21:59,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:27/62-13:21:59,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/62-13:21:58,239) [kaluad]
(root,0,0,00:00:00/62-13:21:58,258) [kmpath_rdacd]
(root,0,0,00:00:00/62-13:21:58,304) [kmpathd]
(root,0,0,00:00:00/62-13:21:58,305) [kmpath_handlerd]
(root,0,0,00:00:00/62-13:21:57,342) [ata_sff]
(root,0,0,00:00:00/62-13:21:57,343) [scsi_eh_0]
(root,0,0,00:00:00/62-13:21:57,344) [scsi_tmf_0]
(root,0,0,00:00:00/62-13:21:57,345) [scsi_eh_1]
(root,0,0,00:00:00/62-13:21:57,346) [scsi_tmf_1]
(root,0,0,00:01:59/62-13:21:54,366) [jbd2/vda1-8]
(root,0,0,00:00:00/62-13:21:54,367) [ext4-rsv-conver]
(root,38604,7852,00:01:47/62-13:21:42,440) /usr/lib/systemd/systemd-journald
(root,53296,9324,00:00:07/62-13:21:41,454) /usr/lib/systemd/systemd-udevd
(root,8624,6128,00:01:36/62-13:21:39,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1584,00:00:39/62-13:21:08,511) /sbin/auditd
(messagebus,22932,5400,00:03:34/62-13:21:07,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38880,8288,00:02:01/62-13:21:07,530) /usr/lib/systemd/systemd-logind
(root,20556,4152,00:00:00/62-13:21:07,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15472,00:00:03/62-13:21:05,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,15904,00:00:00/62-13:21:05,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,549384,31628,00:01:13/62-13:20:51,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25404,00:00:00/62-13:20:51,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:06:04/62-13:20:51,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/62-13:20:51,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/62-13:20:51,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/62-13:20:51,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/62-13:20:51,1343) /usr/lib/systemd/systemd --user
(root,449060,7988,00:01:56/62-13:20:51,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5712,00:08:52/62-13:20:51,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/62-13:20:51,1352) bpfilter_umh
(root,26204,8096,00:00:33/62-13:20:51,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3940,00:00:00/62-13:20:51,1359) ntpd: asynchronous dns resolver
(spot,362688,213560,3-11:05:41/62-13:20:50,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/62-13:20:50,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/62-13:20:50,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/62-13:20:50,1373) (sd-pam)
(root,24216,5256,00:00:22/62-13:20:48,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:04/62-13:20:48,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:08/62-13:20:48,1485) /usr/sbin/cron -n
(root,699464,80288,01:26:25/62-13:20:42,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,0,0,00:00:00/56:36,1818) [kworker/1:0-events]
(spot,236992,82964,00:31:54/62-13:20:30,1995) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/11:56,2406) [kworker/u8:0-flush-253:0]
(postfix,44628,9104,00:00:02/56-18:56:05,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/10:04,5187) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/09:57,5538) [kworker/2:1-mm_percpu_wq]
(root,6656,3488,00:00:00/00:00,7844) /bin/bash /usr/bin/check_mk_agent
(root,13744,3376,00:00:00/00:00,7862) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,7863) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/07:28,9738) [kworker/0:2-cgroup_destroy]
(root,35304,10040,00:00:00/24-13:49:00,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:01:32/24-13:48:59,10514) sshd: syslogtunnel
(root,0,0,00:00:00/01:10:03,12427) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:00/19:46,14894) [kworker/1:1]
(root,0,0,00:00:00/04:52,16788) [kworker/3:0-ata_sff]
(root,0,0,00:00:01/02:22:39,19079) [kworker/2:2-events]
(postfix,24244,8252,00:00:00/31:32,21014) pickup -l -t fifo -u
(root,0,0,00:00:00/41:11,25290) [kworker/3:1-events]
(root,0,0,00:00:00/39:25,30822) [kworker/0:1-events]
(root,35308,10028,00:00:00/24-14:35:13,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:01:22/24-14:35:12,30947) sshd: cm-ssh

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-12 00:10

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836326db8c36

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12392,00:02:58/60-14:15:44,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/60-14:15:44,2) [kthreadd]
(root,0,0,00:00:00/60-14:15:44,3) [rcu_gp]
(root,0,0,00:00:00/60-14:15:44,4) [rcu_par_gp]
(root,0,0,00:00:00/60-14:15:44,5) [slub_flushwq]
(root,0,0,00:00:00/60-14:15:44,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/60-14:15:44,9) [mm_percpu_wq]
(root,0,0,00:00:00/60-14:15:44,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/60-14:15:44,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/60-14:15:44,12) [rcu_tasks_trace]
(root,0,0,00:01:48/60-14:15:44,13) [ksoftirqd/0]
(root,0,0,02:49:07/60-14:15:44,14) [rcu_preempt]
(root,0,0,00:00:23/60-14:15:44,15) [migration/0]
(root,0,0,00:00:00/60-14:15:44,16) [idle_inject/0]
(root,0,0,00:00:00/60-14:15:44,18) [cpuhp/0]
(root,0,0,00:00:00/60-14:15:44,19) [cpuhp/1]
(root,0,0,00:00:00/60-14:15:44,20) [idle_inject/1]
(root,0,0,00:00:23/60-14:15:44,21) [migration/1]
(root,0,0,00:01:30/60-14:15:44,22) [ksoftirqd/1]
(root,0,0,00:00:00/60-14:15:44,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/60-14:15:44,25) [cpuhp/2]
(root,0,0,00:00:00/60-14:15:44,26) [idle_inject/2]
(root,0,0,00:00:17/60-14:15:44,27) [migration/2]
(root,0,0,01:49:37/60-14:15:44,28) [ksoftirqd/2]
(root,0,0,00:00:00/60-14:15:44,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/60-14:15:44,31) [cpuhp/3]
(root,0,0,00:00:00/60-14:15:44,32) [idle_inject/3]
(root,0,0,00:00:21/60-14:15:44,33) [migration/3]
(root,0,0,00:05:33/60-14:15:44,34) [ksoftirqd/3]
(root,0,0,00:00:00/60-14:15:44,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/60-14:15:44,40) [kdevtmpfs]
(root,0,0,00:00:00/60-14:15:44,41) [netns]
(root,0,0,00:00:00/60-14:15:44,42) [inet_frag_wq]
(root,0,0,00:00:21/60-14:15:44,43) [kauditd]
(root,0,0,00:00:00/60-14:15:44,44) [khungtaskd]
(root,0,0,00:00:00/60-14:15:44,45) [oom_reaper]
(root,0,0,00:00:00/60-14:15:44,46) [writeback]
(root,0,0,00:03:05/60-14:15:44,47) [kcompactd0]
(root,0,0,00:00:00/60-14:15:44,48) [ksmd]
(root,0,0,00:03:21/60-14:15:44,49) [khugepaged]
(root,0,0,00:00:00/60-14:15:44,75) [kintegrityd]
(root,0,0,00:00:00/60-14:15:44,76) [kblockd]
(root,0,0,00:00:00/60-14:15:44,77) [blkcg_punt_bio]
(root,0,0,00:00:00/60-14:15:44,79) [tpm_dev_wq]
(root,0,0,00:00:00/60-14:15:44,80) [edac-poller]
(root,0,0,00:00:00/60-14:15:44,81) [devfreq_wq]
(root,0,0,00:00:00/60-14:15:44,110) [watchdogd]
(root,0,0,00:00:04/60-14:15:44,111) [kswapd0]
(root,0,0,00:00:15/60-14:15:44,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/60-14:15:42,115) [kthrotld]
(root,0,0,00:00:00/60-14:15:42,116) [mld]
(root,0,0,00:00:00/60-14:15:42,117) [ipv6_addrconf]
(root,0,0,00:00:16/60-14:15:42,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/60-14:15:42,123) [kstrp]
(root,0,0,00:00:00/60-14:15:42,124) [zswap-shrink]
(root,0,0,00:00:00/60-14:15:42,125) [kworker/u9:0]
(root,0,0,00:00:00/60-14:15:42,130) [charger_manager]
(root,0,0,00:00:18/60-14:15:42,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:26/60-14:15:42,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/60-14:15:41,239) [kaluad]
(root,0,0,00:00:00/60-14:15:41,258) [kmpath_rdacd]
(root,0,0,00:00:00/60-14:15:41,304) [kmpathd]
(root,0,0,00:00:00/60-14:15:41,305) [kmpath_handlerd]
(root,0,0,00:00:00/60-14:15:40,342) [ata_sff]
(root,0,0,00:00:00/60-14:15:40,343) [scsi_eh_0]
(root,0,0,00:00:00/60-14:15:40,344) [scsi_tmf_0]
(root,0,0,00:00:00/60-14:15:40,345) [scsi_eh_1]
(root,0,0,00:00:00/60-14:15:40,346) [scsi_tmf_1]
(root,0,0,00:01:56/60-14:15:37,366) [jbd2/vda1-8]
(root,0,0,00:00:00/60-14:15:37,367) [ext4-rsv-conver]
(root,38604,7852,00:01:43/60-14:15:25,440) /usr/lib/systemd/systemd-journald
(root,53296,9420,00:00:06/60-14:15:24,454) /usr/lib/systemd/systemd-udevd
(root,8624,6128,00:01:33/60-14:15:22,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:37/60-14:14:51,511) /sbin/auditd
(messagebus,22932,5400,00:03:24/60-14:14:50,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8272,00:01:55/60-14:14:50,530) /usr/lib/systemd/systemd-logind
(root,20556,4468,00:00:00/60-14:14:50,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15800,00:00:03/60-14:14:48,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16232,00:00:00/60-14:14:48,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,549384,31636,00:01:11/60-14:14:34,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25404,00:00:00/60-14:14:34,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:05:54/60-14:14:34,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/60-14:14:34,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/60-14:14:34,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/60-14:14:34,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/60-14:14:34,1343) /usr/lib/systemd/systemd --user
(root,449060,8208,00:01:51/60-14:14:34,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5712,00:08:36/60-14:14:34,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/60-14:14:34,1352) bpfilter_umh
(root,26204,8096,00:00:31/60-14:14:34,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3940,00:00:00/60-14:14:34,1359) ntpd: asynchronous dns resolver
(spot,362480,213524,3-08:29:47/60-14:14:33,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/60-14:14:33,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/60-14:14:33,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/60-14:14:33,1373) (sd-pam)
(root,24216,5260,00:00:21/60-14:14:31,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:04/60-14:14:31,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:08/60-14:14:31,1485) /usr/sbin/cron -n
(root,699208,80092,01:23:46/60-14:14:25,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,235968,82040,00:31:05/60-14:14:13,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9136,00:00:02/54-19:49:48,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/00:09,6343) [kworker/2:2-events]
(root,6656,3484,00:00:00/00:00,6968) /bin/bash /usr/bin/check_mk_agent
(root,6656,3484,00:00:00/00:00,6969) /bin/bash /usr/bin/check_mk_agent
(root,6656,3512,00:00:00/00:00,6974) /bin/bash /usr/bin/check_mk_agent
(root,13744,3432,00:00:00/00:00,7021) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,7022) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,13744,3520,00:00:00/00:00,7023) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,7024) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/10:13,7686) [kworker/0:0]
(root,35304,10040,00:00:00/22-14:42:43,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:01:24/22-14:42:42,10514) sshd: syslogtunnel
(root,0,0,00:00:00/02:34:24,12806) [kworker/u8:1-ext4-rsv-conversion]
(root,0,0,00:00:01/02:11:48,13124) [kworker/3:2-events]
(root,0,0,00:00:00/06:45,14712) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/01:54:48,15347) [kworker/2:0-events]
(postfix,24244,8244,00:00:00/06:12,16450) pickup -l -t fifo -u
(root,0,0,00:00:00/38:19,17961) [kworker/u8:0-flush-253:0]
(root,0,0,00:00:00/05:26,18947) [kworker/2:1-cgroup_destroy]
(root,0,0,00:00:00/45:43,20158) [kworker/1:1-events]
(root,0,0,00:00:00/01:11:53,24113) [kworker/0:2-events]
(root,0,0,00:00:00/21:59,25821) [kworker/1:0-events]
(root,0,0,00:00:00/01:34,30543) [kworker/3:1-ata_sff]
(root,35308,10028,00:00:00/22-15:28:56,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:01:15/22-15:28:55,30947) sshd: cm-ssh

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-10 01:04

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363548ccd50

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,14416,00:02:49/58-14:24:06,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/58-14:24:06,2) [kthreadd]
(root,0,0,00:00:00/58-14:24:06,3) [rcu_gp]
(root,0,0,00:00:00/58-14:24:06,4) [rcu_par_gp]
(root,0,0,00:00:00/58-14:24:06,5) [slub_flushwq]
(root,0,0,00:00:00/58-14:24:06,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/58-14:24:06,9) [mm_percpu_wq]
(root,0,0,00:00:00/58-14:24:06,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/58-14:24:06,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/58-14:24:06,12) [rcu_tasks_trace]
(root,0,0,00:01:44/58-14:24:06,13) [ksoftirqd/0]
(root,0,0,02:43:57/58-14:24:06,14) [rcu_preempt]
(root,0,0,00:00:22/58-14:24:06,15) [migration/0]
(root,0,0,00:00:00/58-14:24:06,16) [idle_inject/0]
(root,0,0,00:00:00/58-14:24:06,18) [cpuhp/0]
(root,0,0,00:00:00/58-14:24:06,19) [cpuhp/1]
(root,0,0,00:00:00/58-14:24:06,20) [idle_inject/1]
(root,0,0,00:00:22/58-14:24:06,21) [migration/1]
(root,0,0,00:01:26/58-14:24:06,22) [ksoftirqd/1]
(root,0,0,00:00:00/58-14:24:06,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/58-14:24:06,25) [cpuhp/2]
(root,0,0,00:00:00/58-14:24:06,26) [idle_inject/2]
(root,0,0,00:00:16/58-14:24:06,27) [migration/2]
(root,0,0,01:44:50/58-14:24:06,28) [ksoftirqd/2]
(root,0,0,00:00:00/58-14:24:06,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/58-14:24:06,31) [cpuhp/3]
(root,0,0,00:00:00/58-14:24:06,32) [idle_inject/3]
(root,0,0,00:00:20/58-14:24:06,33) [migration/3]
(root,0,0,00:05:21/58-14:24:06,34) [ksoftirqd/3]
(root,0,0,00:00:00/58-14:24:06,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/58-14:24:06,40) [kdevtmpfs]
(root,0,0,00:00:00/58-14:24:06,41) [netns]
(root,0,0,00:00:00/58-14:24:06,42) [inet_frag_wq]
(root,0,0,00:00:20/58-14:24:06,43) [kauditd]
(root,0,0,00:00:00/58-14:24:06,44) [khungtaskd]
(root,0,0,00:00:00/58-14:24:06,45) [oom_reaper]
(root,0,0,00:00:00/58-14:24:06,46) [writeback]
(root,0,0,00:02:59/58-14:24:06,47) [kcompactd0]
(root,0,0,00:00:00/58-14:24:06,48) [ksmd]
(root,0,0,00:03:14/58-14:24:06,49) [khugepaged]
(root,0,0,00:00:00/58-14:24:06,75) [kintegrityd]
(root,0,0,00:00:00/58-14:24:06,76) [kblockd]
(root,0,0,00:00:00/58-14:24:06,77) [blkcg_punt_bio]
(root,0,0,00:00:00/58-14:24:06,79) [tpm_dev_wq]
(root,0,0,00:00:00/58-14:24:06,80) [edac-poller]
(root,0,0,00:00:00/58-14:24:06,81) [devfreq_wq]
(root,0,0,00:00:00/58-14:24:06,110) [watchdogd]
(root,0,0,00:00:04/58-14:24:06,111) [kswapd0]
(root,0,0,00:00:15/58-14:24:06,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/58-14:24:04,115) [kthrotld]
(root,0,0,00:00:00/58-14:24:04,116) [mld]
(root,0,0,00:00:00/58-14:24:04,117) [ipv6_addrconf]
(root,0,0,00:00:16/58-14:24:04,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/58-14:24:04,123) [kstrp]
(root,0,0,00:00:00/58-14:24:04,124) [zswap-shrink]
(root,0,0,00:00:00/58-14:24:04,125) [kworker/u9:0]
(root,0,0,00:00:00/58-14:24:04,130) [charger_manager]
(root,0,0,00:00:17/58-14:24:04,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:25/58-14:24:04,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/58-14:24:03,239) [kaluad]
(root,0,0,00:00:00/58-14:24:03,258) [kmpath_rdacd]
(root,0,0,00:00:00/58-14:24:03,304) [kmpathd]
(root,0,0,00:00:00/58-14:24:03,305) [kmpath_handlerd]
(root,0,0,00:00:00/58-14:24:02,342) [ata_sff]
(root,0,0,00:00:00/58-14:24:02,343) [scsi_eh_0]
(root,0,0,00:00:00/58-14:24:02,344) [scsi_tmf_0]
(root,0,0,00:00:00/58-14:24:02,345) [scsi_eh_1]
(root,0,0,00:00:00/58-14:24:02,346) [scsi_tmf_1]
(root,0,0,00:01:52/58-14:23:59,366) [jbd2/vda1-8]
(root,0,0,00:00:00/58-14:23:59,367) [ext4-rsv-conver]
(root,38604,7852,00:01:38/58-14:23:47,440) /usr/lib/systemd/systemd-journald
(root,53296,9420,00:00:06/58-14:23:46,454) /usr/lib/systemd/systemd-udevd
(root,8624,6128,00:01:30/58-14:23:44,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:35/58-14:23:13,511) /sbin/auditd
(messagebus,22932,5400,00:03:13/58-14:23:12,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8256,00:01:49/58-14:23:12,530) /usr/lib/systemd/systemd-logind
(root,20556,4468,00:00:00/58-14:23:12,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15800,00:00:03/58-14:23:10,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16232,00:00:00/58-14:23:10,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,549128,31272,00:01:09/58-14:22:56,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25404,00:00:00/58-14:22:56,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:05:44/58-14:22:56,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/58-14:22:56,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/58-14:22:56,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/58-14:22:56,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/58-14:22:56,1343) /usr/lib/systemd/systemd --user
(root,449060,8312,00:01:47/58-14:22:56,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5712,00:08:21/58-14:22:56,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/58-14:22:56,1352) bpfilter_umh
(root,26204,8096,00:00:30/58-14:22:56,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3940,00:00:00/58-14:22:56,1359) ntpd: asynchronous dns resolver
(spot,363904,214652,3-05:26:50/58-14:22:55,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/58-14:22:55,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/58-14:22:55,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/58-14:22:55,1373) (sd-pam)
(root,24216,5260,00:00:20/58-14:22:53,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:04/58-14:22:53,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:08/58-14:22:53,1485) /usr/sbin/cron -n
(root,698952,79684,01:21:03/58-14:22:47,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,234944,80364,00:30:17/58-14:22:35,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9136,00:00:02/52-19:58:10,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/05:16,3048) [kworker/2:2-events]
(root,35304,10040,00:00:00/20-14:51:05,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:01:17/20-14:51:04,10514) sshd: syslogtunnel
(postfix,24244,8144,00:00:00/36:24,12925) pickup -l -t fifo -u
(root,0,0,00:00:00/41:36,18745) [kworker/0:1-events]
(root,0,0,00:00:00/34:43,19023) [kworker/1:0-events]
(root,0,0,00:00:00/21:41,19227) [kworker/3:1-mm_percpu_wq]
(root,0,0,00:00:00/00:57,20983) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/55:27,21124) [kworker/2:1-events]
(root,0,0,00:00:00/07:45,25238) [kworker/u8:2-flush-253:0]
(root,0,0,00:00:01/03:26:04,26097) [kworker/0:2-events]
(root,6656,3484,00:00:00/00:00,26489) /bin/bash /usr/bin/check_mk_agent
(root,13744,3460,00:00:00/00:00,26507) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,26508) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/16:15,28268) [kworker/1:1-events]
(root,0,0,00:00:00/16:07,28459) [kworker/u8:1-flush-253:0]
(root,35308,10028,00:00:00/20-15:37:18,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:01:09/20-15:37:17,30947) sshd: cm-ssh
(root,0,0,00:00:00/06:08,31754) [kworker/3:2-ata_sff]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-08 01:12

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363569ea01c

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12392,00:02:40/56-14:09:08,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/56-14:09:08,2) [kthreadd]
(root,0,0,00:00:00/56-14:09:08,3) [rcu_gp]
(root,0,0,00:00:00/56-14:09:08,4) [rcu_par_gp]
(root,0,0,00:00:00/56-14:09:08,5) [slub_flushwq]
(root,0,0,00:00:00/56-14:09:08,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/56-14:09:08,9) [mm_percpu_wq]
(root,0,0,00:00:00/56-14:09:08,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/56-14:09:08,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/56-14:09:08,12) [rcu_tasks_trace]
(root,0,0,00:01:41/56-14:09:08,13) [ksoftirqd/0]
(root,0,0,02:38:36/56-14:09:08,14) [rcu_preempt]
(root,0,0,00:00:21/56-14:09:08,15) [migration/0]
(root,0,0,00:00:00/56-14:09:08,16) [idle_inject/0]
(root,0,0,00:00:00/56-14:09:08,18) [cpuhp/0]
(root,0,0,00:00:00/56-14:09:08,19) [cpuhp/1]
(root,0,0,00:00:00/56-14:09:08,20) [idle_inject/1]
(root,0,0,00:00:21/56-14:09:08,21) [migration/1]
(root,0,0,00:01:23/56-14:09:08,22) [ksoftirqd/1]
(root,0,0,00:00:00/56-14:09:08,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/56-14:09:08,25) [cpuhp/2]
(root,0,0,00:00:00/56-14:09:08,26) [idle_inject/2]
(root,0,0,00:00:16/56-14:09:08,27) [migration/2]
(root,0,0,01:40:24/56-14:09:08,28) [ksoftirqd/2]
(root,0,0,00:00:00/56-14:09:08,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/56-14:09:08,31) [cpuhp/3]
(root,0,0,00:00:00/56-14:09:08,32) [idle_inject/3]
(root,0,0,00:00:20/56-14:09:08,33) [migration/3]
(root,0,0,00:05:10/56-14:09:08,34) [ksoftirqd/3]
(root,0,0,00:00:00/56-14:09:08,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/56-14:09:08,40) [kdevtmpfs]
(root,0,0,00:00:00/56-14:09:08,41) [netns]
(root,0,0,00:00:00/56-14:09:08,42) [inet_frag_wq]
(root,0,0,00:00:19/56-14:09:08,43) [kauditd]
(root,0,0,00:00:00/56-14:09:08,44) [khungtaskd]
(root,0,0,00:00:00/56-14:09:08,45) [oom_reaper]
(root,0,0,00:00:00/56-14:09:08,46) [writeback]
(root,0,0,00:02:53/56-14:09:08,47) [kcompactd0]
(root,0,0,00:00:00/56-14:09:08,48) [ksmd]
(root,0,0,00:03:08/56-14:09:08,49) [khugepaged]
(root,0,0,00:00:00/56-14:09:08,75) [kintegrityd]
(root,0,0,00:00:00/56-14:09:08,76) [kblockd]
(root,0,0,00:00:00/56-14:09:08,77) [blkcg_punt_bio]
(root,0,0,00:00:00/56-14:09:08,79) [tpm_dev_wq]
(root,0,0,00:00:00/56-14:09:08,80) [edac-poller]
(root,0,0,00:00:00/56-14:09:08,81) [devfreq_wq]
(root,0,0,00:00:00/56-14:09:08,110) [watchdogd]
(root,0,0,00:00:04/56-14:09:08,111) [kswapd0]
(root,0,0,00:00:14/56-14:09:08,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/56-14:09:06,115) [kthrotld]
(root,0,0,00:00:00/56-14:09:06,116) [mld]
(root,0,0,00:00:00/56-14:09:06,117) [ipv6_addrconf]
(root,0,0,00:00:15/56-14:09:06,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/56-14:09:06,123) [kstrp]
(root,0,0,00:00:00/56-14:09:06,124) [zswap-shrink]
(root,0,0,00:00:00/56-14:09:06,125) [kworker/u9:0]
(root,0,0,00:00:00/56-14:09:06,130) [charger_manager]
(root,0,0,00:00:17/56-14:09:06,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:25/56-14:09:06,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/56-14:09:05,239) [kaluad]
(root,0,0,00:00:00/56-14:09:05,258) [kmpath_rdacd]
(root,0,0,00:00:00/56-14:09:05,304) [kmpathd]
(root,0,0,00:00:00/56-14:09:05,305) [kmpath_handlerd]
(root,0,0,00:00:00/56-14:09:04,342) [ata_sff]
(root,0,0,00:00:00/56-14:09:04,343) [scsi_eh_0]
(root,0,0,00:00:00/56-14:09:04,344) [scsi_tmf_0]
(root,0,0,00:00:00/56-14:09:04,345) [scsi_eh_1]
(root,0,0,00:00:00/56-14:09:04,346) [scsi_tmf_1]
(root,0,0,00:01:49/56-14:09:01,366) [jbd2/vda1-8]
(root,0,0,00:00:00/56-14:09:01,367) [ext4-rsv-conver]
(root,38604,7852,00:01:33/56-14:08:49,440) /usr/lib/systemd/systemd-journald
(root,53296,9420,00:00:06/56-14:08:48,454) /usr/lib/systemd/systemd-udevd
(root,8624,6128,00:01:27/56-14:08:46,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:32/56-14:08:15,511) /sbin/auditd
(messagebus,22932,5400,00:03:00/56-14:08:14,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8256,00:01:42/56-14:08:14,530) /usr/lib/systemd/systemd-logind
(root,20556,4468,00:00:00/56-14:08:14,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15800,00:00:03/56-14:08:12,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16232,00:00:00/56-14:08:12,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,549128,31272,00:01:07/56-14:07:58,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25404,00:00:00/56-14:07:58,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:05:35/56-14:07:58,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/56-14:07:58,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/56-14:07:58,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/56-14:07:58,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/56-14:07:58,1343) /usr/lib/systemd/systemd --user
(root,449060,8312,00:01:42/56-14:07:58,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5712,00:08:04/56-14:07:58,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/56-14:07:58,1352) bpfilter_umh
(root,26204,8096,00:00:28/56-14:07:58,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3940,00:00:00/56-14:07:58,1359) ntpd: asynchronous dns resolver
(spot,365264,215760,3-02:30:52/56-14:07:57,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/56-14:07:57,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/56-14:07:57,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/56-14:07:57,1373) (sd-pam)
(root,24216,5260,00:00:20/56-14:07:55,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:03/56-14:07:55,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:07/56-14:07:55,1485) /usr/sbin/cron -n
(root,698412,77180,01:18:16/56-14:07:49,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,233920,79172,00:29:30/56-14:07:37,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9136,00:00:02/50-19:43:12,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/17:05,4585) [kworker/1:1-events]
(root,0,0,00:00:00/56:19,6586) [kworker/1:2-events]
(root,0,0,00:00:00/09:46,8863) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/31:54,9914) [kworker/2:0-events]
(root,35304,10040,00:00:00/18-14:36:07,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:01:09/18-14:36:06,10514) sshd: syslogtunnel
(root,0,0,00:00:00/54:07,11848) [kworker/0:2-events]
(postfix,24244,8236,00:00:00/43:18,15810) pickup -l -t fifo -u
(root,0,0,00:00:00/00:38,19557) [kworker/2:2-events]
(root,0,0,00:00:00/42:21,20853) [kworker/u8:0-writeback]
(root,0,0,00:00:00/42:20,21031) [kworker/2:1-cgroup_destroy]
(root,0,0,00:00:00/22:46,21048) [kworker/u8:1-ext4-rsv-conversion]
(root,6656,3488,00:00:00/00:00,22559) /bin/bash /usr/bin/check_mk_agent
(root,13744,3416,00:00:00/00:00,22577) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,22578) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/19:09,29432) [kworker/0:1-cgroup_destroy]
(root,0,0,00:00:00/40:53,29448) [kworker/3:0-events]
(root,0,0,00:00:00/04:36,29471) [kworker/3:1-ata_sff]
(root,35308,10028,00:00:00/18-15:22:20,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:01:03/18-15:22:19,30947) sshd: cm-ssh

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-06 00:57

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a27d85de

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12392,00:02:34/54-14:38:47,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/54-14:38:47,2) [kthreadd]
(root,0,0,00:00:00/54-14:38:47,3) [rcu_gp]
(root,0,0,00:00:00/54-14:38:47,4) [rcu_par_gp]
(root,0,0,00:00:00/54-14:38:47,5) [slub_flushwq]
(root,0,0,00:00:00/54-14:38:47,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/54-14:38:47,9) [mm_percpu_wq]
(root,0,0,00:00:00/54-14:38:47,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/54-14:38:47,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/54-14:38:47,12) [rcu_tasks_trace]
(root,0,0,00:01:37/54-14:38:47,13) [ksoftirqd/0]
(root,0,0,02:33:29/54-14:38:47,14) [rcu_preempt]
(root,0,0,00:00:21/54-14:38:47,15) [migration/0]
(root,0,0,00:00:00/54-14:38:47,16) [idle_inject/0]
(root,0,0,00:00:00/54-14:38:47,18) [cpuhp/0]
(root,0,0,00:00:00/54-14:38:47,19) [cpuhp/1]
(root,0,0,00:00:00/54-14:38:47,20) [idle_inject/1]
(root,0,0,00:00:21/54-14:38:47,21) [migration/1]
(root,0,0,00:01:20/54-14:38:47,22) [ksoftirqd/1]
(root,0,0,00:00:00/54-14:38:47,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/54-14:38:47,25) [cpuhp/2]
(root,0,0,00:00:00/54-14:38:47,26) [idle_inject/2]
(root,0,0,00:00:15/54-14:38:47,27) [migration/2]
(root,0,0,01:36:46/54-14:38:47,28) [ksoftirqd/2]
(root,0,0,00:00:00/54-14:38:47,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/54-14:38:47,31) [cpuhp/3]
(root,0,0,00:00:00/54-14:38:47,32) [idle_inject/3]
(root,0,0,00:00:19/54-14:38:47,33) [migration/3]
(root,0,0,00:05:00/54-14:38:47,34) [ksoftirqd/3]
(root,0,0,00:00:00/54-14:38:47,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/54-14:38:47,40) [kdevtmpfs]
(root,0,0,00:00:00/54-14:38:47,41) [netns]
(root,0,0,00:00:00/54-14:38:47,42) [inet_frag_wq]
(root,0,0,00:00:18/54-14:38:47,43) [kauditd]
(root,0,0,00:00:00/54-14:38:47,44) [khungtaskd]
(root,0,0,00:00:00/54-14:38:47,45) [oom_reaper]
(root,0,0,00:00:00/54-14:38:47,46) [writeback]
(root,0,0,00:02:47/54-14:38:47,47) [kcompactd0]
(root,0,0,00:00:00/54-14:38:47,48) [ksmd]
(root,0,0,00:03:02/54-14:38:47,49) [khugepaged]
(root,0,0,00:00:00/54-14:38:47,75) [kintegrityd]
(root,0,0,00:00:00/54-14:38:47,76) [kblockd]
(root,0,0,00:00:00/54-14:38:47,77) [blkcg_punt_bio]
(root,0,0,00:00:00/54-14:38:47,79) [tpm_dev_wq]
(root,0,0,00:00:00/54-14:38:47,80) [edac-poller]
(root,0,0,00:00:00/54-14:38:47,81) [devfreq_wq]
(root,0,0,00:00:00/54-14:38:47,110) [watchdogd]
(root,0,0,00:00:04/54-14:38:47,111) [kswapd0]
(root,0,0,00:00:14/54-14:38:47,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/54-14:38:45,115) [kthrotld]
(root,0,0,00:00:00/54-14:38:45,116) [mld]
(root,0,0,00:00:00/54-14:38:45,117) [ipv6_addrconf]
(root,0,0,00:00:15/54-14:38:45,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/54-14:38:45,123) [kstrp]
(root,0,0,00:00:00/54-14:38:45,124) [zswap-shrink]
(root,0,0,00:00:00/54-14:38:45,125) [kworker/u9:0]
(root,0,0,00:00:00/54-14:38:45,130) [charger_manager]
(root,0,0,00:00:16/54-14:38:45,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:24/54-14:38:45,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/54-14:38:44,239) [kaluad]
(root,0,0,00:00:00/54-14:38:44,258) [kmpath_rdacd]
(root,0,0,00:00:00/54-14:38:44,304) [kmpathd]
(root,0,0,00:00:00/54-14:38:44,305) [kmpath_handlerd]
(root,0,0,00:00:00/54-14:38:43,342) [ata_sff]
(root,0,0,00:00:00/54-14:38:43,343) [scsi_eh_0]
(root,0,0,00:00:00/54-14:38:43,344) [scsi_tmf_0]
(root,0,0,00:00:00/54-14:38:43,345) [scsi_eh_1]
(root,0,0,00:00:00/54-14:38:43,346) [scsi_tmf_1]
(root,0,0,00:01:46/54-14:38:40,366) [jbd2/vda1-8]
(root,0,0,00:00:00/54-14:38:40,367) [ext4-rsv-conver]
(root,38604,7852,00:01:30/54-14:38:28,440) /usr/lib/systemd/systemd-journald
(root,53296,9420,00:00:06/54-14:38:27,454) /usr/lib/systemd/systemd-udevd
(root,8624,6128,00:01:24/54-14:38:25,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:31/54-14:37:54,511) /sbin/auditd
(messagebus,22932,5400,00:02:54/54-14:37:53,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8256,00:01:38/54-14:37:53,530) /usr/lib/systemd/systemd-logind
(root,20556,4468,00:00:00/54-14:37:53,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15800,00:00:03/54-14:37:51,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16232,00:00:00/54-14:37:51,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,0,0,00:00:00/19:31,729) [kworker/3:1-events]
(root,549128,31272,00:01:04/54-14:37:37,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25404,00:00:00/54-14:37:37,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:05:24/54-14:37:37,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/54-14:37:37,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/54-14:37:37,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/54-14:37:37,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/54-14:37:37,1343) /usr/lib/systemd/systemd --user
(root,449060,8312,00:01:39/54-14:37:37,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5712,00:07:48/54-14:37:37,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/54-14:37:37,1352) bpfilter_umh
(root,26204,8096,00:00:27/54-14:37:37,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3940,00:00:00/54-14:37:37,1359) ntpd: asynchronous dns resolver
(spot,364976,215736,2-23:41:19/54-14:37:36,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/54-14:37:36,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/54-14:37:36,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/54-14:37:36,1373) (sd-pam)
(root,24216,5260,00:00:19/54-14:37:34,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:03/54-14:37:34,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:07/54-14:37:34,1485) /usr/sbin/cron -n
(root,698412,79084,01:15:35/54-14:37:28,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,232896,77764,00:28:45/54-14:37:16,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9160,00:00:02/48-20:12:51,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/17:39,6889) [kworker/0:1]
(root,0,0,00:00:00/02:57:27,7540) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:00/16:53,9879) [kworker/u8:1-writeback]
(root,0,0,00:00:00/44:28,10451) [kworker/0:2-events]
(root,35304,10040,00:00:00/16-15:05:46,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:01:02/16-15:05:45,10514) sshd: syslogtunnel
(root,0,0,00:00:00/03:58,12778) [kworker/3:0-ata_sff]
(postfix,24244,8220,00:00:00/01:33:58,18539) pickup -l -t fifo -u
(root,0,0,00:00:00/12:09,23551) [kworker/2:2]
(root,0,0,00:00:00/39:13,24374) [kworker/1:1]
(root,0,0,00:00:01/03:55:15,25166) [kworker/2:1-events]
(root,6656,3484,00:00:00/00:00,25664) /bin/bash /usr/bin/check_mk_agent
(root,13744,3412,00:00:00/00:00,25682) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,956,00:00:00/00:00,25683) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/02:02:33,27550) [kworker/1:0-events]
(root,0,0,00:00:00/09:08,29248) [kworker/3:2-ata_sff]
(root,35308,10028,00:00:00/16-15:51:59,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:00:56/16-15:51:58,30947) sshd: cm-ssh

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-04 01:27

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363dd681d50

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12464,00:02:18/47-13:34:22,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/47-13:34:22,2) [kthreadd]
(root,0,0,00:00:00/47-13:34:22,3) [rcu_gp]
(root,0,0,00:00:00/47-13:34:22,4) [rcu_par_gp]
(root,0,0,00:00:00/47-13:34:22,5) [slub_flushwq]
(root,0,0,00:00:00/47-13:34:22,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/47-13:34:22,9) [mm_percpu_wq]
(root,0,0,00:00:00/47-13:34:22,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/47-13:34:22,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/47-13:34:22,12) [rcu_tasks_trace]
(root,0,0,00:01:26/47-13:34:22,13) [ksoftirqd/0]
(root,0,0,02:15:51/47-13:34:22,14) [rcu_preempt]
(root,0,0,00:00:18/47-13:34:22,15) [migration/0]
(root,0,0,00:00:00/47-13:34:22,16) [idle_inject/0]
(root,0,0,00:00:00/47-13:34:22,18) [cpuhp/0]
(root,0,0,00:00:00/47-13:34:22,19) [cpuhp/1]
(root,0,0,00:00:00/47-13:34:22,20) [idle_inject/1]
(root,0,0,00:00:18/47-13:34:22,21) [migration/1]
(root,0,0,00:01:11/47-13:34:22,22) [ksoftirqd/1]
(root,0,0,00:00:00/47-13:34:22,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/47-13:34:22,25) [cpuhp/2]
(root,0,0,00:00:00/47-13:34:22,26) [idle_inject/2]
(root,0,0,00:00:13/47-13:34:22,27) [migration/2]
(root,0,0,01:27:41/47-13:34:22,28) [ksoftirqd/2]
(root,0,0,00:00:00/47-13:34:22,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/47-13:34:22,31) [cpuhp/3]
(root,0,0,00:00:00/47-13:34:22,32) [idle_inject/3]
(root,0,0,00:00:17/47-13:34:22,33) [migration/3]
(root,0,0,00:04:30/47-13:34:22,34) [ksoftirqd/3]
(root,0,0,00:00:00/47-13:34:22,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/47-13:34:22,40) [kdevtmpfs]
(root,0,0,00:00:00/47-13:34:22,41) [netns]
(root,0,0,00:00:00/47-13:34:22,42) [inet_frag_wq]
(root,0,0,00:00:16/47-13:34:22,43) [kauditd]
(root,0,0,00:00:00/47-13:34:22,44) [khungtaskd]
(root,0,0,00:00:00/47-13:34:22,45) [oom_reaper]
(root,0,0,00:00:00/47-13:34:22,46) [writeback]
(root,0,0,00:02:28/47-13:34:22,47) [kcompactd0]
(root,0,0,00:00:00/47-13:34:22,48) [ksmd]
(root,0,0,00:02:37/47-13:34:22,49) [khugepaged]
(root,0,0,00:00:00/47-13:34:22,75) [kintegrityd]
(root,0,0,00:00:00/47-13:34:22,76) [kblockd]
(root,0,0,00:00:00/47-13:34:22,77) [blkcg_punt_bio]
(root,0,0,00:00:00/47-13:34:22,79) [tpm_dev_wq]
(root,0,0,00:00:00/47-13:34:22,80) [edac-poller]
(root,0,0,00:00:00/47-13:34:22,81) [devfreq_wq]
(root,0,0,00:00:00/47-13:34:22,110) [watchdogd]
(root,0,0,00:00:03/47-13:34:22,111) [kswapd0]
(root,0,0,00:00:12/47-13:34:22,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/47-13:34:20,115) [kthrotld]
(root,0,0,00:00:00/47-13:34:20,116) [mld]
(root,0,0,00:00:00/47-13:34:20,117) [ipv6_addrconf]
(root,0,0,00:00:13/47-13:34:20,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/47-13:34:20,123) [kstrp]
(root,0,0,00:00:00/47-13:34:20,124) [zswap-shrink]
(root,0,0,00:00:00/47-13:34:20,125) [kworker/u9:0]
(root,0,0,00:00:00/47-13:34:20,130) [charger_manager]
(root,0,0,00:00:14/47-13:34:20,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:21/47-13:34:20,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/47-13:34:19,239) [kaluad]
(root,0,0,00:00:00/47-13:34:19,258) [kmpath_rdacd]
(root,0,0,00:00:00/47-13:34:19,304) [kmpathd]
(root,0,0,00:00:00/47-13:34:19,305) [kmpath_handlerd]
(root,0,0,00:00:00/47-13:34:18,342) [ata_sff]
(root,0,0,00:00:00/47-13:34:18,343) [scsi_eh_0]
(root,0,0,00:00:00/47-13:34:18,344) [scsi_tmf_0]
(root,0,0,00:00:00/47-13:34:18,345) [scsi_eh_1]
(root,0,0,00:00:00/47-13:34:18,346) [scsi_tmf_1]
(root,0,0,00:01:34/47-13:34:15,366) [jbd2/vda1-8]
(root,0,0,00:00:00/47-13:34:15,367) [ext4-rsv-conver]
(root,38604,7856,00:01:20/47-13:34:03,440) /usr/lib/systemd/systemd-journald
(root,53296,9444,00:00:05/47-13:34:02,454) /usr/lib/systemd/systemd-udevd
(root,8624,6132,00:01:14/47-13:34:00,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:28/47-13:33:29,511) /sbin/auditd
(messagebus,22932,5408,00:02:36/47-13:33:28,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8252,00:01:28/47-13:33:28,530) /usr/lib/systemd/systemd-logind
(root,20556,4508,00:00:00/47-13:33:28,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15832,00:00:03/47-13:33:26,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16268,00:00:00/47-13:33:26,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548872,30852,00:00:56/47-13:33:12,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25672,00:00:00/47-13:33:12,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:04:44/47-13:33:12,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/47-13:33:12,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/47-13:33:12,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/47-13:33:12,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/47-13:33:12,1343) /usr/lib/systemd/systemd --user
(root,449060,8312,00:01:30/47-13:33:12,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5716,00:06:52/47-13:33:12,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/47-13:33:12,1352) bpfilter_umh
(root,26204,8096,00:00:24/47-13:33:12,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3944,00:00:00/47-13:33:12,1359) ntpd: asynchronous dns resolver
(spot,361456,212100,2-16:41:19/47-13:33:11,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/47-13:33:11,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/47-13:33:11,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/47-13:33:11,1373) (sd-pam)
(root,24216,5260,00:00:16/47-13:33:09,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:03/47-13:33:09,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:06/47-13:33:09,1485) /usr/sbin/cron -n
(root,697508,77208,01:06:08/47-13:33:03,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,229824,73032,00:25:46/47-13:32:51,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9184,00:00:01/41-19:08:26,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/27:45,2570) [kworker/2:1-events]
(root,0,0,00:00:00/25:48,7364) [kworker/3:2-ata_sff]
(root,35304,10040,00:00:00/9-14:01:21,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:00:37/9-14:01:20,10514) sshd: syslogtunnel
(postfix,24244,8256,00:00:00/55:14,10898) pickup -l -t fifo -u
(root,0,0,00:00:00/10:15,11263) [kworker/3:1-events]
(root,6656,3488,00:00:00/00:00,14365) /bin/bash /usr/bin/check_mk_agent
(root,13744,3500,00:00:00/00:00,14383) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,14384) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:01/04:02:13,15451) [kworker/1:1-events]
(root,0,0,00:00:00/22:32,15704) [kworker/2:0-events]
(root,0,0,00:00:00/22:30,15769) [kworker/u8:1-flush-253:0]
(root,0,0,00:00:00/07:15,17795) [kworker/1:0-events]
(root,0,0,00:00:00/01:21:22,21827) [kworker/u8:0-events_unbound]
(root,0,0,00:00:00/33:15,25528) [kworker/0:2-events]
(root,0,0,00:00:00/05:02,26690) [kworker/3:0-ata_sff]
(root,0,0,00:00:01/07:44:41,29068) [kworker/0:0-events]
(root,35308,10028,00:00:00/9-14:47:34,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:00:34/9-14:47:33,30947) sshd: cm-ssh

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-28 00:23

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f006e180

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12432,00:02:13/45-10:35:58,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/45-10:35:58,2) [kthreadd]
(root,0,0,00:00:00/45-10:35:58,3) [rcu_gp]
(root,0,0,00:00:00/45-10:35:58,4) [rcu_par_gp]
(root,0,0,00:00:00/45-10:35:58,5) [slub_flushwq]
(root,0,0,00:00:00/45-10:35:58,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/45-10:35:58,9) [mm_percpu_wq]
(root,0,0,00:00:00/45-10:35:58,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/45-10:35:58,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/45-10:35:58,12) [rcu_tasks_trace]
(root,0,0,00:01:23/45-10:35:58,13) [ksoftirqd/0]
(root,0,0,02:10:19/45-10:35:58,14) [rcu_preempt]
(root,0,0,00:00:17/45-10:35:58,15) [migration/0]
(root,0,0,00:00:00/45-10:35:58,16) [idle_inject/0]
(root,0,0,00:00:00/45-10:35:58,18) [cpuhp/0]
(root,0,0,00:00:00/45-10:35:58,19) [cpuhp/1]
(root,0,0,00:00:00/45-10:35:58,20) [idle_inject/1]
(root,0,0,00:00:17/45-10:35:58,21) [migration/1]
(root,0,0,00:01:08/45-10:35:58,22) [ksoftirqd/1]
(root,0,0,00:00:00/45-10:35:58,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/45-10:35:58,25) [cpuhp/2]
(root,0,0,00:00:00/45-10:35:58,26) [idle_inject/2]
(root,0,0,00:00:13/45-10:35:58,27) [migration/2]
(root,0,0,01:25:03/45-10:35:58,28) [ksoftirqd/2]
(root,0,0,00:00:00/45-10:35:58,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/45-10:35:58,31) [cpuhp/3]
(root,0,0,00:00:00/45-10:35:58,32) [idle_inject/3]
(root,0,0,00:00:16/45-10:35:58,33) [migration/3]
(root,0,0,00:04:21/45-10:35:58,34) [ksoftirqd/3]
(root,0,0,00:00:00/45-10:35:58,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/45-10:35:58,40) [kdevtmpfs]
(root,0,0,00:00:00/45-10:35:58,41) [netns]
(root,0,0,00:00:00/45-10:35:58,42) [inet_frag_wq]
(root,0,0,00:00:16/45-10:35:58,43) [kauditd]
(root,0,0,00:00:00/45-10:35:58,44) [khungtaskd]
(root,0,0,00:00:00/45-10:35:58,45) [oom_reaper]
(root,0,0,00:00:00/45-10:35:58,46) [writeback]
(root,0,0,00:02:23/45-10:35:58,47) [kcompactd0]
(root,0,0,00:00:00/45-10:35:58,48) [ksmd]
(root,0,0,00:02:30/45-10:35:58,49) [khugepaged]
(root,0,0,00:00:00/45-10:35:58,75) [kintegrityd]
(root,0,0,00:00:00/45-10:35:58,76) [kblockd]
(root,0,0,00:00:00/45-10:35:58,77) [blkcg_punt_bio]
(root,0,0,00:00:00/45-10:35:58,79) [tpm_dev_wq]
(root,0,0,00:00:00/45-10:35:58,80) [edac-poller]
(root,0,0,00:00:00/45-10:35:58,81) [devfreq_wq]
(root,0,0,00:00:00/45-10:35:58,110) [watchdogd]
(root,0,0,00:00:03/45-10:35:58,111) [kswapd0]
(root,0,0,00:00:12/45-10:35:58,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/45-10:35:56,115) [kthrotld]
(root,0,0,00:00:00/45-10:35:56,116) [mld]
(root,0,0,00:00:00/45-10:35:56,117) [ipv6_addrconf]
(root,0,0,00:00:12/45-10:35:56,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/45-10:35:56,123) [kstrp]
(root,0,0,00:00:00/45-10:35:56,124) [zswap-shrink]
(root,0,0,00:00:00/45-10:35:56,125) [kworker/u9:0]
(root,0,0,00:00:00/45-10:35:56,130) [charger_manager]
(root,0,0,00:00:14/45-10:35:56,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:20/45-10:35:56,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/45-10:35:55,239) [kaluad]
(root,0,0,00:00:00/45-10:35:55,258) [kmpath_rdacd]
(root,0,0,00:00:00/45-10:35:55,304) [kmpathd]
(root,0,0,00:00:00/45-10:35:55,305) [kmpath_handlerd]
(root,0,0,00:00:00/45-10:35:54,342) [ata_sff]
(root,0,0,00:00:00/45-10:35:54,343) [scsi_eh_0]
(root,0,0,00:00:00/45-10:35:54,344) [scsi_tmf_0]
(root,0,0,00:00:00/45-10:35:54,345) [scsi_eh_1]
(root,0,0,00:00:00/45-10:35:54,346) [scsi_tmf_1]
(root,0,0,00:01:30/45-10:35:51,366) [jbd2/vda1-8]
(root,0,0,00:00:00/45-10:35:51,367) [ext4-rsv-conver]
(root,38604,7856,00:01:17/45-10:35:39,440) /usr/lib/systemd/systemd-journald
(root,53296,9444,00:00:05/45-10:35:38,454) /usr/lib/systemd/systemd-udevd
(root,8624,6132,00:01:11/45-10:35:36,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:27/45-10:35:05,511) /sbin/auditd
(messagebus,22932,5408,00:02:30/45-10:35:04,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8252,00:01:25/45-10:35:04,530) /usr/lib/systemd/systemd-logind
(root,20556,4508,00:00:00/45-10:35:04,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15832,00:00:03/45-10:35:02,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16268,00:00:00/45-10:35:02,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548872,30852,00:00:54/45-10:34:48,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25672,00:00:00/45-10:34:48,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:04:32/45-10:34:48,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/45-10:34:48,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/45-10:34:48,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/45-10:34:48,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/45-10:34:48,1343) /usr/lib/systemd/systemd --user
(root,449060,8452,00:01:28/45-10:34:48,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5716,00:06:35/45-10:34:48,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/45-10:34:48,1352) bpfilter_umh
(root,26204,8096,00:00:23/45-10:34:48,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3944,00:00:00/45-10:34:48,1359) ntpd: asynchronous dns resolver
(spot,362112,206208,2-14:25:41/45-10:34:47,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/45-10:34:47,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/45-10:34:47,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/45-10:34:47,1373) (sd-pam)
(root,24216,5260,00:00:16/45-10:34:45,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:03/45-10:34:45,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:06/45-10:34:45,1485) /usr/sbin/cron -n
(root,697508,78832,01:03:13/45-10:34:39,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,228800,71508,00:24:45/45-10:34:27,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9184,00:00:01/39-16:10:02,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/08:49,2883) [kworker/3:1-ata_sff]
(root,0,0,00:00:02/03:51:56,7922) [kworker/3:0-events]
(root,0,0,00:00:01/03:59:27,9329) [kworker/2:2-events]
(root,35304,10040,00:00:00/7-11:02:57,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:00:30/7-11:02:56,10514) sshd: syslogtunnel
(root,0,0,00:00:00/54:47,12120) [kworker/1:2-events]
(root,0,0,00:00:00/44:48,13999) [kworker/1:0]
(root,0,0,00:00:00/03:38,18676) [kworker/3:2-ata_sff]
(postfix,24244,8140,00:00:00/01:38:54,20864) pickup -l -t fifo -u
(root,0,0,00:00:00/01:25:14,23049) [kworker/0:2-events]
(root,0,0,00:00:00/24:07,27540) [kworker/u8:0-writeback]
(root,0,0,00:00:00/39:53,27729) [kworker/0:0-events]
(root,0,0,00:00:00/59:46,30490) [kworker/2:0]
(root,35308,10028,00:00:00/7-11:49:10,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:00:27/7-11:49:09,30947) sshd: cm-ssh
(root,6656,3488,00:00:00/00:00,31703) /bin/bash /usr/bin/check_mk_agent
(root,13744,3396,00:00:00/00:00,31721) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,31722) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/34:44,32405) [kworker/u8:1-ext4-rsv-conversion]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-25 21:24

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683634cacc3ce

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12432,00:02:08/43-10:51:13,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/43-10:51:13,2) [kthreadd]
(root,0,0,00:00:00/43-10:51:13,3) [rcu_gp]
(root,0,0,00:00:00/43-10:51:13,4) [rcu_par_gp]
(root,0,0,00:00:00/43-10:51:13,5) [slub_flushwq]
(root,0,0,00:00:00/43-10:51:13,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/43-10:51:13,9) [mm_percpu_wq]
(root,0,0,00:00:00/43-10:51:13,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/43-10:51:13,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/43-10:51:13,12) [rcu_tasks_trace]
(root,0,0,00:01:19/43-10:51:13,13) [ksoftirqd/0]
(root,0,0,02:04:51/43-10:51:13,14) [rcu_preempt]
(root,0,0,00:00:16/43-10:51:13,15) [migration/0]
(root,0,0,00:00:00/43-10:51:13,16) [idle_inject/0]
(root,0,0,00:00:00/43-10:51:13,18) [cpuhp/0]
(root,0,0,00:00:00/43-10:51:13,19) [cpuhp/1]
(root,0,0,00:00:00/43-10:51:13,20) [idle_inject/1]
(root,0,0,00:00:16/43-10:51:13,21) [migration/1]
(root,0,0,00:01:05/43-10:51:13,22) [ksoftirqd/1]
(root,0,0,00:00:00/43-10:51:13,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/43-10:51:13,25) [cpuhp/2]
(root,0,0,00:00:00/43-10:51:13,26) [idle_inject/2]
(root,0,0,00:00:12/43-10:51:13,27) [migration/2]
(root,0,0,01:22:12/43-10:51:13,28) [ksoftirqd/2]
(root,0,0,00:00:00/43-10:51:13,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/43-10:51:13,31) [cpuhp/3]
(root,0,0,00:00:00/43-10:51:13,32) [idle_inject/3]
(root,0,0,00:00:15/43-10:51:13,33) [migration/3]
(root,0,0,00:04:11/43-10:51:13,34) [ksoftirqd/3]
(root,0,0,00:00:00/43-10:51:13,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/43-10:51:13,40) [kdevtmpfs]
(root,0,0,00:00:00/43-10:51:13,41) [netns]
(root,0,0,00:00:00/43-10:51:13,42) [inet_frag_wq]
(root,0,0,00:00:15/43-10:51:13,43) [kauditd]
(root,0,0,00:00:00/43-10:51:13,44) [khungtaskd]
(root,0,0,00:00:00/43-10:51:13,45) [oom_reaper]
(root,0,0,00:00:00/43-10:51:13,46) [writeback]
(root,0,0,00:02:17/43-10:51:13,47) [kcompactd0]
(root,0,0,00:00:00/43-10:51:13,48) [ksmd]
(root,0,0,00:02:23/43-10:51:13,49) [khugepaged]
(root,0,0,00:00:00/43-10:51:13,75) [kintegrityd]
(root,0,0,00:00:00/43-10:51:13,76) [kblockd]
(root,0,0,00:00:00/43-10:51:13,77) [blkcg_punt_bio]
(root,0,0,00:00:00/43-10:51:13,79) [tpm_dev_wq]
(root,0,0,00:00:00/43-10:51:13,80) [edac-poller]
(root,0,0,00:00:00/43-10:51:13,81) [devfreq_wq]
(root,0,0,00:00:00/43-10:51:13,110) [watchdogd]
(root,0,0,00:00:03/43-10:51:13,111) [kswapd0]
(root,0,0,00:00:11/43-10:51:13,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/43-10:51:11,115) [kthrotld]
(root,0,0,00:00:00/43-10:51:11,116) [mld]
(root,0,0,00:00:00/43-10:51:11,117) [ipv6_addrconf]
(root,0,0,00:00:12/43-10:51:11,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/43-10:51:11,123) [kstrp]
(root,0,0,00:00:00/43-10:51:11,124) [zswap-shrink]
(root,0,0,00:00:00/43-10:51:11,125) [kworker/u9:0]
(root,0,0,00:00:00/43-10:51:11,130) [charger_manager]
(root,0,0,00:00:13/43-10:51:11,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:19/43-10:51:11,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/43-10:51:10,239) [kaluad]
(root,0,0,00:00:00/43-10:51:10,258) [kmpath_rdacd]
(root,0,0,00:00:00/43-10:51:10,304) [kmpathd]
(root,0,0,00:00:00/43-10:51:10,305) [kmpath_handlerd]
(root,0,0,00:00:00/43-10:51:09,342) [ata_sff]
(root,0,0,00:00:00/43-10:51:09,343) [scsi_eh_0]
(root,0,0,00:00:00/43-10:51:09,344) [scsi_tmf_0]
(root,0,0,00:00:00/43-10:51:09,345) [scsi_eh_1]
(root,0,0,00:00:00/43-10:51:09,346) [scsi_tmf_1]
(root,0,0,00:01:27/43-10:51:06,366) [jbd2/vda1-8]
(root,0,0,00:00:00/43-10:51:06,367) [ext4-rsv-conver]
(root,38604,7856,00:01:14/43-10:50:54,440) /usr/lib/systemd/systemd-journald
(root,53296,9444,00:00:05/43-10:50:53,454) /usr/lib/systemd/systemd-udevd
(root,8624,6132,00:01:08/43-10:50:51,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:26/43-10:50:20,511) /sbin/auditd
(messagebus,22932,5408,00:02:24/43-10:50:19,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8252,00:01:21/43-10:50:19,530) /usr/lib/systemd/systemd-logind
(root,20556,4508,00:00:00/43-10:50:19,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15832,00:00:03/43-10:50:17,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16268,00:00:00/43-10:50:17,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548616,30208,00:00:51/43-10:50:03,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25672,00:00:00/43-10:50:03,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:04:19/43-10:50:03,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/43-10:50:03,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/43-10:50:03,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/43-10:50:03,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/43-10:50:03,1343) /usr/lib/systemd/systemd --user
(root,449060,8452,00:01:25/43-10:50:03,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5716,00:06:18/43-10:50:03,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/43-10:50:03,1352) bpfilter_umh
(root,26204,8096,00:00:22/43-10:50:03,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3944,00:00:00/43-10:50:03,1359) ntpd: asynchronous dns resolver
(spot,361632,206088,2-12:11:36/43-10:50:02,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/43-10:50:02,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/43-10:50:02,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/43-10:50:02,1373) (sd-pam)
(root,24216,5260,00:00:15/43-10:50:00,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:03/43-10:50:00,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:06/43-10:50:00,1485) /usr/sbin/cron -n
(root,697508,78760,01:00:27/43-10:49:54,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,227776,70160,00:23:47/43-10:49:42,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9184,00:00:01/37-16:25:17,2557) tlsmgr -l -t unix -u
(root,6656,3488,00:00:00/00:00,4227) /bin/bash /usr/bin/check_mk_agent
(root,13744,3500,00:00:00/00:00,4245) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,952,00:00:00/00:00,4246) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/22:31,8260) [kworker/0:1]
(root,35304,10040,00:00:00/5-11:18:12,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:00:22/5-11:18:11,10514) sshd: syslogtunnel
(root,0,0,00:00:00/42:00,12041) [kworker/1:0-events]
(root,0,0,00:00:00/01:45:26,13819) [kworker/0:2-events]
(postfix,24244,8304,00:00:00/35:50,13890) pickup -l -t fifo -u
(root,0,0,00:00:00/01:20:24,16939) [kworker/u8:0-ext4-rsv-conversion]
(root,0,0,00:00:00/49:53,17327) [kworker/u8:2-writeback]
(root,0,0,00:00:00/08:00,19997) [kworker/3:1-ata_sff]
(root,0,0,00:00:01/01:41:23,21017) [kworker/3:2-events]
(root,0,0,00:00:00/32:13,21552) [kworker/1:1]
(root,0,0,00:00:00/01:25:49,30419) [kworker/2:2]
(root,35308,10028,00:00:00/5-12:04:25,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:00:20/5-12:04:24,30947) sshd: cm-ssh
(root,0,0,00:00:00/02:14:44,31069) [kworker/2:1-events_power_efficient]
(root,0,0,00:00:00/02:48,31261) [kworker/3:0-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-23 21:39

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836312cd0c97

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12432,00:02:03/41-10:57:05,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/41-10:57:05,2) [kthreadd]
(root,0,0,00:00:00/41-10:57:05,3) [rcu_gp]
(root,0,0,00:00:00/41-10:57:05,4) [rcu_par_gp]
(root,0,0,00:00:00/41-10:57:05,5) [slub_flushwq]
(root,0,0,00:00:00/41-10:57:05,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/41-10:57:05,9) [mm_percpu_wq]
(root,0,0,00:00:00/41-10:57:05,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/41-10:57:05,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/41-10:57:05,12) [rcu_tasks_trace]
(root,0,0,00:01:15/41-10:57:05,13) [ksoftirqd/0]
(root,0,0,01:58:59/41-10:57:05,14) [rcu_preempt]
(root,0,0,00:00:15/41-10:57:05,15) [migration/0]
(root,0,0,00:00:00/41-10:57:05,16) [idle_inject/0]
(root,0,0,00:00:00/41-10:57:05,18) [cpuhp/0]
(root,0,0,00:00:00/41-10:57:05,19) [cpuhp/1]
(root,0,0,00:00:00/41-10:57:05,20) [idle_inject/1]
(root,0,0,00:00:15/41-10:57:05,21) [migration/1]
(root,0,0,00:01:01/41-10:57:05,22) [ksoftirqd/1]
(root,0,0,00:00:00/41-10:57:05,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/41-10:57:05,25) [cpuhp/2]
(root,0,0,00:00:00/41-10:57:05,26) [idle_inject/2]
(root,0,0,00:00:12/41-10:57:05,27) [migration/2]
(root,0,0,01:18:15/41-10:57:05,28) [ksoftirqd/2]
(root,0,0,00:00:00/41-10:57:05,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/41-10:57:05,31) [cpuhp/3]
(root,0,0,00:00:00/41-10:57:05,32) [idle_inject/3]
(root,0,0,00:00:15/41-10:57:05,33) [migration/3]
(root,0,0,00:03:58/41-10:57:05,34) [ksoftirqd/3]
(root,0,0,00:00:00/41-10:57:05,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/41-10:57:05,40) [kdevtmpfs]
(root,0,0,00:00:00/41-10:57:05,41) [netns]
(root,0,0,00:00:00/41-10:57:05,42) [inet_frag_wq]
(root,0,0,00:00:14/41-10:57:05,43) [kauditd]
(root,0,0,00:00:00/41-10:57:05,44) [khungtaskd]
(root,0,0,00:00:00/41-10:57:05,45) [oom_reaper]
(root,0,0,00:00:00/41-10:57:05,46) [writeback]
(root,0,0,00:02:11/41-10:57:05,47) [kcompactd0]
(root,0,0,00:00:00/41-10:57:05,48) [ksmd]
(root,0,0,00:02:16/41-10:57:05,49) [khugepaged]
(root,0,0,00:00:00/41-10:57:05,75) [kintegrityd]
(root,0,0,00:00:00/41-10:57:05,76) [kblockd]
(root,0,0,00:00:00/41-10:57:05,77) [blkcg_punt_bio]
(root,0,0,00:00:00/41-10:57:05,79) [tpm_dev_wq]
(root,0,0,00:00:00/41-10:57:05,80) [edac-poller]
(root,0,0,00:00:00/41-10:57:05,81) [devfreq_wq]
(root,0,0,00:00:00/41-10:57:05,110) [watchdogd]
(root,0,0,00:00:03/41-10:57:05,111) [kswapd0]
(root,0,0,00:00:11/41-10:57:05,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/41-10:57:03,115) [kthrotld]
(root,0,0,00:00:00/41-10:57:03,116) [mld]
(root,0,0,00:00:00/41-10:57:03,117) [ipv6_addrconf]
(root,0,0,00:00:11/41-10:57:03,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/41-10:57:03,123) [kstrp]
(root,0,0,00:00:00/41-10:57:03,124) [zswap-shrink]
(root,0,0,00:00:00/41-10:57:03,125) [kworker/u9:0]
(root,0,0,00:00:00/41-10:57:03,130) [charger_manager]
(root,0,0,00:00:12/41-10:57:03,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:18/41-10:57:03,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/41-10:57:02,239) [kaluad]
(root,0,0,00:00:00/41-10:57:02,258) [kmpath_rdacd]
(root,0,0,00:00:00/41-10:57:02,304) [kmpathd]
(root,0,0,00:00:00/41-10:57:02,305) [kmpath_handlerd]
(root,0,0,00:00:00/41-10:57:01,342) [ata_sff]
(root,0,0,00:00:00/41-10:57:01,343) [scsi_eh_0]
(root,0,0,00:00:00/41-10:57:01,344) [scsi_tmf_0]
(root,0,0,00:00:00/41-10:57:01,345) [scsi_eh_1]
(root,0,0,00:00:00/41-10:57:01,346) [scsi_tmf_1]
(root,0,0,00:01:23/41-10:56:58,366) [jbd2/vda1-8]
(root,0,0,00:00:00/41-10:56:58,367) [ext4-rsv-conver]
(root,38604,7856,00:01:11/41-10:56:46,440) /usr/lib/systemd/systemd-journald
(root,53296,9444,00:00:04/41-10:56:45,454) /usr/lib/systemd/systemd-udevd
(root,8624,6132,00:01:05/41-10:56:43,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:25/41-10:56:12,511) /sbin/auditd
(messagebus,22932,5408,00:02:18/41-10:56:11,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8252,00:01:18/41-10:56:11,530) /usr/lib/systemd/systemd-logind
(root,20556,4508,00:00:00/41-10:56:11,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15832,00:00:03/41-10:56:09,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16268,00:00:00/41-10:56:09,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548616,30208,00:00:49/41-10:55:55,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25672,00:00:00/41-10:55:55,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:04:07/41-10:55:55,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/41-10:55:55,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/41-10:55:55,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/41-10:55:55,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/41-10:55:55,1343) /usr/lib/systemd/systemd --user
(root,449060,8448,00:01:22/41-10:55:55,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5716,00:06:01/41-10:55:55,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/41-10:55:55,1352) bpfilter_umh
(root,26204,8096,00:00:21/41-10:55:55,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3944,00:00:00/41-10:55:55,1359) ntpd: asynchronous dns resolver
(spot,361872,206148,2-09:24:36/41-10:55:54,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/41-10:55:54,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/41-10:55:54,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/41-10:55:54,1373) (sd-pam)
(root,0,0,00:00:00/01:38:44,1398) [kworker/1:0-events]
(root,24216,5260,00:00:14/41-10:55:52,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:02/41-10:55:52,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:05/41-10:55:52,1485) /usr/sbin/cron -n
(root,697108,78360,00:57:36/41-10:55:46,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,226752,68932,00:22:46/41-10:55:34,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9184,00:00:01/35-16:31:09,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/08:09,2589) [kworker/3:0-events]
(root,6656,3492,00:00:00/00:00,5007) /bin/bash /usr/bin/check_mk_agent
(root,6656,3504,00:00:00/00:00,5027) /bin/bash /usr/bin/check_mk_agent
(root,13744,3464,00:00:00/00:00,5062) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,948,00:00:00/00:00,5063) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(postfix,24244,8272,00:00:00/01:03:38,8568) pickup -l -t fifo -u
(root,35304,10040,00:00:00/3-11:24:04,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:00:14/3-11:24:03,10514) sshd: syslogtunnel
(root,0,0,00:00:00/13:05,11751) [kworker/0:1-events]
(root,0,0,00:00:00/01:10:17,15370) [kworker/u8:1-writeback]
(root,0,0,00:00:01/08:21:45,16954) [kworker/2:1-events]
(root,0,0,00:00:00/01:00:47,18031) [kworker/1:2-events]
(root,0,0,00:00:00/56:04,20231) [kworker/0:0-events]
(root,0,0,00:00:00/17:45,21149) [kworker/u8:0]
(root,0,0,00:00:00/02:59,22790) [kworker/3:1-ata_sff]
(root,0,0,00:00:02/03:56:27,27369) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/37:01,29732) [kworker/2:0-events]
(root,35308,10028,00:00:00/3-12:10:17,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:00:13/3-12:10:16,30947) sshd: cm-ssh

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-21 21:45

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683634ef2635a

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12624,00:01:57/39-10:55:53,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/39-10:55:53,2) [kthreadd]
(root,0,0,00:00:00/39-10:55:53,3) [rcu_gp]
(root,0,0,00:00:00/39-10:55:53,4) [rcu_par_gp]
(root,0,0,00:00:00/39-10:55:53,5) [slub_flushwq]
(root,0,0,00:00:00/39-10:55:53,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/39-10:55:53,9) [mm_percpu_wq]
(root,0,0,00:00:00/39-10:55:53,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/39-10:55:53,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/39-10:55:53,12) [rcu_tasks_trace]
(root,0,0,00:01:12/39-10:55:53,13) [ksoftirqd/0]
(root,0,0,01:53:11/39-10:55:53,14) [rcu_preempt]
(root,0,0,00:00:15/39-10:55:53,15) [migration/0]
(root,0,0,00:00:00/39-10:55:53,16) [idle_inject/0]
(root,0,0,00:00:00/39-10:55:53,18) [cpuhp/0]
(root,0,0,00:00:00/39-10:55:53,19) [cpuhp/1]
(root,0,0,00:00:00/39-10:55:53,20) [idle_inject/1]
(root,0,0,00:00:15/39-10:55:53,21) [migration/1]
(root,0,0,00:00:58/39-10:55:53,22) [ksoftirqd/1]
(root,0,0,00:00:00/39-10:55:53,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/39-10:55:53,25) [cpuhp/2]
(root,0,0,00:00:00/39-10:55:53,26) [idle_inject/2]
(root,0,0,00:00:11/39-10:55:53,27) [migration/2]
(root,0,0,01:13:23/39-10:55:53,28) [ksoftirqd/2]
(root,0,0,00:00:00/39-10:55:53,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/39-10:55:53,31) [cpuhp/3]
(root,0,0,00:00:00/39-10:55:53,32) [idle_inject/3]
(root,0,0,00:00:14/39-10:55:53,33) [migration/3]
(root,0,0,00:03:45/39-10:55:53,34) [ksoftirqd/3]
(root,0,0,00:00:00/39-10:55:53,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/39-10:55:53,40) [kdevtmpfs]
(root,0,0,00:00:00/39-10:55:53,41) [netns]
(root,0,0,00:00:00/39-10:55:53,42) [inet_frag_wq]
(root,0,0,00:00:14/39-10:55:53,43) [kauditd]
(root,0,0,00:00:00/39-10:55:53,44) [khungtaskd]
(root,0,0,00:00:00/39-10:55:53,45) [oom_reaper]
(root,0,0,00:00:00/39-10:55:53,46) [writeback]
(root,0,0,00:02:04/39-10:55:53,47) [kcompactd0]
(root,0,0,00:00:00/39-10:55:53,48) [ksmd]
(root,0,0,00:02:09/39-10:55:53,49) [khugepaged]
(root,0,0,00:00:00/39-10:55:53,75) [kintegrityd]
(root,0,0,00:00:00/39-10:55:53,76) [kblockd]
(root,0,0,00:00:00/39-10:55:53,77) [blkcg_punt_bio]
(root,0,0,00:00:00/39-10:55:53,79) [tpm_dev_wq]
(root,0,0,00:00:00/39-10:55:53,80) [edac-poller]
(root,0,0,00:00:00/39-10:55:53,81) [devfreq_wq]
(root,0,0,00:00:00/39-10:55:53,110) [watchdogd]
(root,0,0,00:00:02/39-10:55:53,111) [kswapd0]
(root,0,0,00:00:10/39-10:55:53,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/39-10:55:51,115) [kthrotld]
(root,0,0,00:00:00/39-10:55:51,116) [mld]
(root,0,0,00:00:00/39-10:55:51,117) [ipv6_addrconf]
(root,0,0,00:00:11/39-10:55:51,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/39-10:55:51,123) [kstrp]
(root,0,0,00:00:00/39-10:55:51,124) [zswap-shrink]
(root,0,0,00:00:00/39-10:55:51,125) [kworker/u9:0]
(root,0,0,00:00:00/39-10:55:51,130) [charger_manager]
(root,0,0,00:00:12/39-10:55:51,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:17/39-10:55:51,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/39-10:55:50,239) [kaluad]
(root,0,0,00:00:00/39-10:55:50,258) [kmpath_rdacd]
(root,0,0,00:00:00/39-10:55:50,304) [kmpathd]
(root,0,0,00:00:00/39-10:55:50,305) [kmpath_handlerd]
(root,0,0,00:00:00/39-10:55:49,342) [ata_sff]
(root,0,0,00:00:00/39-10:55:49,343) [scsi_eh_0]
(root,0,0,00:00:00/39-10:55:49,344) [scsi_tmf_0]
(root,0,0,00:00:00/39-10:55:49,345) [scsi_eh_1]
(root,0,0,00:00:00/39-10:55:49,346) [scsi_tmf_1]
(root,0,0,00:01:18/39-10:55:46,366) [jbd2/vda1-8]
(root,0,0,00:00:00/39-10:55:46,367) [ext4-rsv-conver]
(root,38604,7924,00:01:08/39-10:55:34,440) /usr/lib/systemd/systemd-journald
(root,53296,9640,00:00:04/39-10:55:33,454) /usr/lib/systemd/systemd-udevd
(root,8624,6172,00:01:02/39-10:55:31,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1600,00:00:24/39-10:55:00,511) /sbin/auditd
(messagebus,22932,5436,00:02:12/39-10:54:59,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8316,00:01:15/39-10:54:59,530) /usr/lib/systemd/systemd-logind
(root,20556,4536,00:00:00/39-10:54:59,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15860,00:00:03/39-10:54:57,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16308,00:00:00/39-10:54:57,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,0,0,00:00:00/54:50,1266) [kworker/2:0-events]
(root,548616,30300,00:00:46/39-10:54:43,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25876,00:00:00/39-10:54:43,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:03:54/39-10:54:43,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1812,00:00:00/39-10:54:43,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/39-10:54:43,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/39-10:54:43,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/39-10:54:43,1343) /usr/lib/systemd/systemd --user
(root,449060,8596,00:01:19/39-10:54:43,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5840,00:05:43/39-10:54:43,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/39-10:54:43,1352) bpfilter_umh
(root,26204,8116,00:00:20/39-10:54:43,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4016,00:00:00/39-10:54:43,1359) ntpd: asynchronous dns resolver
(spot,361312,198300,2-07:15:19/39-10:54:42,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/39-10:54:42,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/39-10:54:42,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/39-10:54:42,1373) (sd-pam)
(root,24216,5260,00:00:14/39-10:54:40,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:02/39-10:54:40,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:05/39-10:54:40,1485) /usr/sbin/cron -n
(root,697108,78496,00:54:43/39-10:54:34,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,225728,67424,00:21:42/39-10:54:22,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9244,00:00:01/33-16:29:57,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/08:22,3024) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/14:29,6871) [kworker/u8:0-flush-253:0]
(root,35304,10040,00:00:00/1-11:22:52,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:00:06/1-11:22:51,10514) sshd: syslogtunnel
(root,0,0,00:00:00/13:32,11867) [kworker/3:2-events]
(root,0,0,00:00:00/44:06,12444) [kworker/u8:2-flush-253:0]
(root,0,0,00:00:00/01:04:05,15042) [kworker/1:1-events]
(root,0,0,00:00:00/12:49,15181) [kworker/0:1-events]
(root,0,0,00:00:00/01:46:11,16553) [kworker/0:0-events]
(postfix,24244,8244,00:00:00/01:23:18,20658) pickup -l -t fifo -u
(root,0,0,00:00:00/03:11,22370) [kworker/3:0-ata_sff]
(root,6656,3488,00:00:00/00:00,30739) /bin/bash /usr/bin/check_mk_agent
(root,13744,3432,00:00:00/00:00,30757) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,30758) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,35308,10028,00:00:00/1-12:09:05,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:00:06/1-12:09:04,30947) sshd: cm-ssh
(root,0,0,00:00:00/01:18:03,31742) [kworker/1:0-cgroup_destroy]
(root,0,0,00:00:00/01:08:42,32470) [kworker/2:2-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-19 21:44

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ec90fd42

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12624,00:01:51/37-11:24:38,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/37-11:24:38,2) [kthreadd]
(root,0,0,00:00:00/37-11:24:38,3) [rcu_gp]
(root,0,0,00:00:00/37-11:24:38,4) [rcu_par_gp]
(root,0,0,00:00:00/37-11:24:38,5) [slub_flushwq]
(root,0,0,00:00:00/37-11:24:38,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/37-11:24:38,9) [mm_percpu_wq]
(root,0,0,00:00:00/37-11:24:38,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/37-11:24:38,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/37-11:24:38,12) [rcu_tasks_trace]
(root,0,0,00:01:07/37-11:24:38,13) [ksoftirqd/0]
(root,0,0,01:47:13/37-11:24:38,14) [rcu_preempt]
(root,0,0,00:00:14/37-11:24:38,15) [migration/0]
(root,0,0,00:00:00/37-11:24:38,16) [idle_inject/0]
(root,0,0,00:00:00/37-11:24:38,18) [cpuhp/0]
(root,0,0,00:00:00/37-11:24:38,19) [cpuhp/1]
(root,0,0,00:00:00/37-11:24:38,20) [idle_inject/1]
(root,0,0,00:00:14/37-11:24:38,21) [migration/1]
(root,0,0,00:00:55/37-11:24:38,22) [ksoftirqd/1]
(root,0,0,00:00:00/37-11:24:38,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/37-11:24:38,25) [cpuhp/2]
(root,0,0,00:00:00/37-11:24:38,26) [idle_inject/2]
(root,0,0,00:00:10/37-11:24:38,27) [migration/2]
(root,0,0,01:07:47/37-11:24:38,28) [ksoftirqd/2]
(root,0,0,00:00:00/37-11:24:38,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/37-11:24:38,31) [cpuhp/3]
(root,0,0,00:00:00/37-11:24:38,32) [idle_inject/3]
(root,0,0,00:00:13/37-11:24:38,33) [migration/3]
(root,0,0,00:03:29/37-11:24:38,34) [ksoftirqd/3]
(root,0,0,00:00:00/37-11:24:38,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/37-11:24:38,40) [kdevtmpfs]
(root,0,0,00:00:00/37-11:24:38,41) [netns]
(root,0,0,00:00:00/37-11:24:38,42) [inet_frag_wq]
(root,0,0,00:00:13/37-11:24:38,43) [kauditd]
(root,0,0,00:00:00/37-11:24:38,44) [khungtaskd]
(root,0,0,00:00:00/37-11:24:38,45) [oom_reaper]
(root,0,0,00:00:00/37-11:24:38,46) [writeback]
(root,0,0,00:01:58/37-11:24:38,47) [kcompactd0]
(root,0,0,00:00:00/37-11:24:38,48) [ksmd]
(root,0,0,00:02:02/37-11:24:38,49) [khugepaged]
(root,0,0,00:00:00/37-11:24:38,75) [kintegrityd]
(root,0,0,00:00:00/37-11:24:38,76) [kblockd]
(root,0,0,00:00:00/37-11:24:38,77) [blkcg_punt_bio]
(root,0,0,00:00:00/37-11:24:38,79) [tpm_dev_wq]
(root,0,0,00:00:00/37-11:24:38,80) [edac-poller]
(root,0,0,00:00:00/37-11:24:38,81) [devfreq_wq]
(root,0,0,00:00:00/37-11:24:38,110) [watchdogd]
(root,0,0,00:00:02/37-11:24:38,111) [kswapd0]
(root,0,0,00:00:10/37-11:24:38,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/37-11:24:36,115) [kthrotld]
(root,0,0,00:00:00/37-11:24:36,116) [mld]
(root,0,0,00:00:00/37-11:24:36,117) [ipv6_addrconf]
(root,0,0,00:00:10/37-11:24:36,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/37-11:24:36,123) [kstrp]
(root,0,0,00:00:00/37-11:24:36,124) [zswap-shrink]
(root,0,0,00:00:00/37-11:24:36,125) [kworker/u9:0]
(root,0,0,00:00:00/37-11:24:36,130) [charger_manager]
(root,0,0,00:00:11/37-11:24:36,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:16/37-11:24:36,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/37-11:24:35,239) [kaluad]
(root,0,0,00:00:00/37-11:24:35,258) [kmpath_rdacd]
(root,0,0,00:00:00/37-11:24:35,304) [kmpathd]
(root,0,0,00:00:00/37-11:24:35,305) [kmpath_handlerd]
(root,0,0,00:00:00/37-11:24:34,342) [ata_sff]
(root,0,0,00:00:00/37-11:24:34,343) [scsi_eh_0]
(root,0,0,00:00:00/37-11:24:34,344) [scsi_tmf_0]
(root,0,0,00:00:00/37-11:24:34,345) [scsi_eh_1]
(root,0,0,00:00:00/37-11:24:34,346) [scsi_tmf_1]
(root,0,0,00:01:14/37-11:24:31,366) [jbd2/vda1-8]
(root,0,0,00:00:00/37-11:24:31,367) [ext4-rsv-conver]
(root,38604,7924,00:01:01/37-11:24:19,440) /usr/lib/systemd/systemd-journald
(root,53296,9640,00:00:04/37-11:24:18,454) /usr/lib/systemd/systemd-udevd
(root,8624,6172,00:00:58/37-11:24:16,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1600,00:00:22/37-11:23:45,511) /sbin/auditd
(messagebus,22932,5436,00:02:06/37-11:23:44,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8316,00:01:11/37-11:23:44,530) /usr/lib/systemd/systemd-logind
(root,20556,4536,00:00:00/37-11:23:44,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15860,00:00:03/37-11:23:42,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16308,00:00:00/37-11:23:42,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,0,0,00:00:01/03:01:38,669) [kworker/2:0-events]
(root,548616,30292,00:00:44/37-11:23:28,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25876,00:00:00/37-11:23:28,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:03:43/37-11:23:28,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1812,00:00:00/37-11:23:28,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/37-11:23:28,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/37-11:23:28,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/37-11:23:28,1343) /usr/lib/systemd/systemd --user
(root,449060,8372,00:00:58/37-11:23:28,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5840,00:05:24/37-11:23:28,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/37-11:23:28,1352) bpfilter_umh
(root,26204,8116,00:00:19/37-11:23:28,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4016,00:00:00/37-11:23:28,1359) ntpd: asynchronous dns resolver
(spot,362480,198620,2-04:18:24/37-11:23:27,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/37-11:23:27,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/37-11:23:27,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/37-11:23:27,1373) (sd-pam)
(root,24216,5260,00:00:13/37-11:23:25,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:02/37-11:23:25,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:05/37-11:23:25,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/37-11:23:22,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:02:19/37-11:23:21,1527) sshd: syslogtunnel
(root,0,0,00:00:00/01:17:48,1530) [kworker/u8:2-ext4-rsv-conversion]
(root,696596,77960,00:51:52/37-11:23:19,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,224704,66204,00:20:39/37-11:23:07,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9244,00:00:01/31-16:58:42,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/37-11:22:42,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:02:04/37-11:22:42,3218) sshd: cm-ssh
(root,0,0,00:00:00/01:23,3774) [kworker/3:0-ata_sff]
(postfix,24244,8256,00:00:00/33:52,4691) pickup -l -t fifo -u
(root,6656,3488,00:00:00/00:00,6062) /bin/bash /usr/bin/check_mk_agent
(root,13744,3464,00:00:00/00:00,6080) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,928,00:00:00/00:00,6081) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/06:34,15962) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/48:17,18233) [kworker/u8:0-flush-253:0]
(root,0,0,00:00:00/01:22:00,19177) [kworker/0:2-events]
(root,0,0,00:00:00/14:02,19789) [kworker/0:1-cgroup_destroy]
(root,0,0,00:00:00/04:23,24321) [kworker/2:1-events]
(root,0,0,00:00:00/12:14,26327) [kworker/1:1-events]
(root,0,0,00:00:00/27:38,26865) [kworker/1:0-events]
(root,0,0,00:00:00/18:36,32400) [kworker/2:2]
(root,0,0,00:00:02/03:02:58,32737) [kworker/3:2-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-17 22:13

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d6ee74a7

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12620,00:01:46/35-13:24:04,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/35-13:24:04,2) [kthreadd]
(root,0,0,00:00:00/35-13:24:04,3) [rcu_gp]
(root,0,0,00:00:00/35-13:24:04,4) [rcu_par_gp]
(root,0,0,00:00:00/35-13:24:04,5) [slub_flushwq]
(root,0,0,00:00:00/35-13:24:04,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/35-13:24:04,9) [mm_percpu_wq]
(root,0,0,00:00:00/35-13:24:04,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/35-13:24:04,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/35-13:24:04,12) [rcu_tasks_trace]
(root,0,0,00:01:04/35-13:24:04,13) [ksoftirqd/0]
(root,0,0,01:42:08/35-13:24:04,14) [rcu_preempt]
(root,0,0,00:00:13/35-13:24:04,15) [migration/0]
(root,0,0,00:00:00/35-13:24:04,16) [idle_inject/0]
(root,0,0,00:00:00/35-13:24:04,18) [cpuhp/0]
(root,0,0,00:00:00/35-13:24:04,19) [cpuhp/1]
(root,0,0,00:00:00/35-13:24:04,20) [idle_inject/1]
(root,0,0,00:00:13/35-13:24:04,21) [migration/1]
(root,0,0,00:00:52/35-13:24:04,22) [ksoftirqd/1]
(root,0,0,00:00:00/35-13:24:04,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/35-13:24:04,25) [cpuhp/2]
(root,0,0,00:00:00/35-13:24:04,26) [idle_inject/2]
(root,0,0,00:00:10/35-13:24:04,27) [migration/2]
(root,0,0,01:04:59/35-13:24:04,28) [ksoftirqd/2]
(root,0,0,00:00:00/35-13:24:04,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/35-13:24:04,31) [cpuhp/3]
(root,0,0,00:00:00/35-13:24:04,32) [idle_inject/3]
(root,0,0,00:00:12/35-13:24:04,33) [migration/3]
(root,0,0,00:03:20/35-13:24:04,34) [ksoftirqd/3]
(root,0,0,00:00:00/35-13:24:04,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/35-13:24:04,40) [kdevtmpfs]
(root,0,0,00:00:00/35-13:24:04,41) [netns]
(root,0,0,00:00:00/35-13:24:04,42) [inet_frag_wq]
(root,0,0,00:00:12/35-13:24:04,43) [kauditd]
(root,0,0,00:00:00/35-13:24:04,44) [khungtaskd]
(root,0,0,00:00:00/35-13:24:04,45) [oom_reaper]
(root,0,0,00:00:00/35-13:24:04,46) [writeback]
(root,0,0,00:01:52/35-13:24:04,47) [kcompactd0]
(root,0,0,00:00:00/35-13:24:04,48) [ksmd]
(root,0,0,00:01:56/35-13:24:04,49) [khugepaged]
(root,0,0,00:00:00/35-13:24:04,75) [kintegrityd]
(root,0,0,00:00:00/35-13:24:04,76) [kblockd]
(root,0,0,00:00:00/35-13:24:04,77) [blkcg_punt_bio]
(root,0,0,00:00:00/35-13:24:04,79) [tpm_dev_wq]
(root,0,0,00:00:00/35-13:24:04,80) [edac-poller]
(root,0,0,00:00:00/35-13:24:04,81) [devfreq_wq]
(root,0,0,00:00:00/35-13:24:04,110) [watchdogd]
(root,0,0,00:00:02/35-13:24:04,111) [kswapd0]
(root,0,0,00:00:09/35-13:24:04,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/35-13:24:02,115) [kthrotld]
(root,0,0,00:00:00/35-13:24:02,116) [mld]
(root,0,0,00:00:00/35-13:24:02,117) [ipv6_addrconf]
(root,0,0,00:00:10/35-13:24:02,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/35-13:24:02,123) [kstrp]
(root,0,0,00:00:00/35-13:24:02,124) [zswap-shrink]
(root,0,0,00:00:00/35-13:24:02,125) [kworker/u9:0]
(root,0,0,00:00:00/35-13:24:02,130) [charger_manager]
(root,0,0,00:00:10/35-13:24:02,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:16/35-13:24:02,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/35-13:24:01,239) [kaluad]
(root,0,0,00:00:00/35-13:24:01,258) [kmpath_rdacd]
(root,0,0,00:00:00/35-13:24:01,304) [kmpathd]
(root,0,0,00:00:00/35-13:24:01,305) [kmpath_handlerd]
(root,0,0,00:00:00/35-13:24:00,342) [ata_sff]
(root,0,0,00:00:00/35-13:24:00,343) [scsi_eh_0]
(root,0,0,00:00:00/35-13:24:00,344) [scsi_tmf_0]
(root,0,0,00:00:00/35-13:24:00,345) [scsi_eh_1]
(root,0,0,00:00:00/35-13:24:00,346) [scsi_tmf_1]
(root,0,0,00:01:11/35-13:23:57,366) [jbd2/vda1-8]
(root,0,0,00:00:00/35-13:23:57,367) [ext4-rsv-conver]
(root,38604,7924,00:00:58/35-13:23:45,440) /usr/lib/systemd/systemd-journald
(root,53296,9640,00:00:04/35-13:23:44,454) /usr/lib/systemd/systemd-udevd
(root,8624,6172,00:00:56/35-13:23:42,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1600,00:00:21/35-13:23:11,511) /sbin/auditd
(messagebus,22932,5436,00:01:59/35-13:23:10,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8316,00:01:07/35-13:23:10,530) /usr/lib/systemd/systemd-logind
(root,20556,4536,00:00:00/35-13:23:10,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15860,00:00:03/35-13:23:08,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16308,00:00:00/35-13:23:08,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548616,30252,00:00:42/35-13:22:54,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25876,00:00:00/35-13:22:54,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:03:33/35-13:22:54,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1812,00:00:00/35-13:22:54,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/35-13:22:54,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/35-13:22:54,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/35-13:22:54,1343) /usr/lib/systemd/systemd --user
(root,449060,8372,00:00:55/35-13:22:54,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5840,00:05:08/35-13:22:54,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/35-13:22:54,1352) bpfilter_umh
(root,26204,8116,00:00:18/35-13:22:54,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4016,00:00:00/35-13:22:54,1359) ntpd: asynchronous dns resolver
(spot,361616,198404,2-02:16:50/35-13:22:53,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/35-13:22:53,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/35-13:22:53,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/35-13:22:53,1373) (sd-pam)
(root,24216,5260,00:00:12/35-13:22:51,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:02/35-13:22:51,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:04/35-13:22:51,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/35-13:22:48,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:02:12/35-13:22:47,1527) sshd: syslogtunnel
(root,696596,77900,00:49:13/35-13:22:45,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,0,0,00:00:00/01:32:16,1719) [kworker/2:2-events]
(spot,223680,64860,00:19:41/35-13:22:33,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,24244,8268,00:00:00/01:15:04,2275) pickup -l -t fifo -u
(postfix,44628,9244,00:00:01/29-18:58:08,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/35-13:22:08,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:01:58/35-13:22:08,3218) sshd: cm-ssh
(root,0,0,00:00:00/03:00:45,3274) [kworker/0:2-events]
(root,0,0,00:00:00/06:27,5136) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/33:36,8586) [kworker/2:0]
(root,0,0,00:00:00/29:27,11281) [kworker/0:1-events]
(root,0,0,00:00:00/02:39:58,19269) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:00/42:03,20934) [kworker/1:1-events]
(root,0,0,00:00:00/11:37,21127) [kworker/3:0-events]
(root,0,0,00:00:00/01:14,25899) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/20:58,26671) [kworker/u8:0-flush-253:0]
(root,6656,3488,00:00:00/00:00,28321) /bin/bash /usr/bin/check_mk_agent
(root,13744,3448,00:00:00/00:00,28339) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,28340) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/07:44,31979) [kworker/1:0-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-16 00:12

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836324e7c1e5

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12724,00:01:39/33-12:56:15,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/33-12:56:15,2) [kthreadd]
(root,0,0,00:00:00/33-12:56:15,3) [rcu_gp]
(root,0,0,00:00:00/33-12:56:15,4) [rcu_par_gp]
(root,0,0,00:00:00/33-12:56:15,5) [slub_flushwq]
(root,0,0,00:00:00/33-12:56:15,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/33-12:56:15,9) [mm_percpu_wq]
(root,0,0,00:00:00/33-12:56:15,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/33-12:56:15,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/33-12:56:15,12) [rcu_tasks_trace]
(root,0,0,00:01:01/33-12:56:15,13) [ksoftirqd/0]
(root,0,0,01:36:46/33-12:56:15,14) [rcu_preempt]
(root,0,0,00:00:12/33-12:56:15,15) [migration/0]
(root,0,0,00:00:00/33-12:56:15,16) [idle_inject/0]
(root,0,0,00:00:00/33-12:56:15,18) [cpuhp/0]
(root,0,0,00:00:00/33-12:56:15,19) [cpuhp/1]
(root,0,0,00:00:00/33-12:56:15,20) [idle_inject/1]
(root,0,0,00:00:12/33-12:56:15,21) [migration/1]
(root,0,0,00:00:50/33-12:56:15,22) [ksoftirqd/1]
(root,0,0,00:00:00/33-12:56:15,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/33-12:56:15,25) [cpuhp/2]
(root,0,0,00:00:00/33-12:56:15,26) [idle_inject/2]
(root,0,0,00:00:09/33-12:56:15,27) [migration/2]
(root,0,0,01:01:55/33-12:56:15,28) [ksoftirqd/2]
(root,0,0,00:00:00/33-12:56:15,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/33-12:56:15,31) [cpuhp/3]
(root,0,0,00:00:00/33-12:56:15,32) [idle_inject/3]
(root,0,0,00:00:12/33-12:56:15,33) [migration/3]
(root,0,0,00:03:11/33-12:56:15,34) [ksoftirqd/3]
(root,0,0,00:00:00/33-12:56:15,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/33-12:56:15,40) [kdevtmpfs]
(root,0,0,00:00:00/33-12:56:15,41) [netns]
(root,0,0,00:00:00/33-12:56:15,42) [inet_frag_wq]
(root,0,0,00:00:12/33-12:56:15,43) [kauditd]
(root,0,0,00:00:00/33-12:56:15,44) [khungtaskd]
(root,0,0,00:00:00/33-12:56:15,45) [oom_reaper]
(root,0,0,00:00:00/33-12:56:15,46) [writeback]
(root,0,0,00:01:46/33-12:56:15,47) [kcompactd0]
(root,0,0,00:00:00/33-12:56:15,48) [ksmd]
(root,0,0,00:01:49/33-12:56:15,49) [khugepaged]
(root,0,0,00:00:00/33-12:56:15,75) [kintegrityd]
(root,0,0,00:00:00/33-12:56:15,76) [kblockd]
(root,0,0,00:00:00/33-12:56:15,77) [blkcg_punt_bio]
(root,0,0,00:00:00/33-12:56:15,79) [tpm_dev_wq]
(root,0,0,00:00:00/33-12:56:15,80) [edac-poller]
(root,0,0,00:00:00/33-12:56:15,81) [devfreq_wq]
(root,0,0,00:00:00/33-12:56:15,110) [watchdogd]
(root,0,0,00:00:02/33-12:56:15,111) [kswapd0]
(root,0,0,00:00:09/33-12:56:15,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/33-12:56:13,115) [kthrotld]
(root,0,0,00:00:00/33-12:56:13,116) [mld]
(root,0,0,00:00:00/33-12:56:13,117) [ipv6_addrconf]
(root,0,0,00:00:09/33-12:56:13,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/33-12:56:13,123) [kstrp]
(root,0,0,00:00:00/33-12:56:13,124) [zswap-shrink]
(root,0,0,00:00:00/33-12:56:13,125) [kworker/u9:0]
(root,0,0,00:00:00/33-12:56:13,130) [charger_manager]
(root,0,0,00:00:10/33-12:56:13,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:15/33-12:56:13,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/33-12:56:12,239) [kaluad]
(root,0,0,00:00:00/33-12:56:12,258) [kmpath_rdacd]
(root,0,0,00:00:00/33-12:56:12,304) [kmpathd]
(root,0,0,00:00:00/33-12:56:12,305) [kmpath_handlerd]
(root,0,0,00:00:00/33-12:56:11,342) [ata_sff]
(root,0,0,00:00:00/33-12:56:11,343) [scsi_eh_0]
(root,0,0,00:00:00/33-12:56:11,344) [scsi_tmf_0]
(root,0,0,00:00:00/33-12:56:11,345) [scsi_eh_1]
(root,0,0,00:00:00/33-12:56:11,346) [scsi_tmf_1]
(root,0,0,00:01:07/33-12:56:08,366) [jbd2/vda1-8]
(root,0,0,00:00:00/33-12:56:08,367) [ext4-rsv-conver]
(root,38604,7944,00:00:54/33-12:55:56,440) /usr/lib/systemd/systemd-journald
(root,53296,9712,00:00:03/33-12:55:55,454) /usr/lib/systemd/systemd-udevd
(root,8624,6212,00:00:52/33-12:55:53,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1616,00:00:20/33-12:55:22,511) /sbin/auditd
(messagebus,22932,5632,00:01:52/33-12:55:21,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8332,00:01:03/33-12:55:21,530) /usr/lib/systemd/systemd-logind
(root,20556,4624,00:00:00/33-12:55:21,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15948,00:00:03/33-12:55:19,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16404,00:00:00/33-12:55:19,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548360,29300,00:00:39/33-12:55:05,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25908,00:00:00/33-12:55:05,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:03:23/33-12:55:05,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1812,00:00:00/33-12:55:05,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/33-12:55:05,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/33-12:55:05,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/33-12:55:05,1343) /usr/lib/systemd/systemd --user
(root,449060,8496,00:00:52/33-12:55:05,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5856,00:04:51/33-12:55:05,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/33-12:55:05,1352) bpfilter_umh
(root,26204,8128,00:00:17/33-12:55:05,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4032,00:00:00/33-12:55:05,1359) ntpd: asynchronous dns resolver
(spot,361072,200000,2-00:18:30/33-12:55:04,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/33-12:55:04,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/33-12:55:04,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/33-12:55:04,1373) (sd-pam)
(root,24216,5260,00:00:11/33-12:55:02,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:02/33-12:55:02,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:04/33-12:55:02,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/33-12:54:59,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:02:05/33-12:54:58,1527) sshd: syslogtunnel
(root,694036,75228,00:46:26/33-12:54:56,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,0,0,00:00:00/08:57,1600) [kworker/3:0-events]
(spot,222656,63352,00:18:42/33-12:54:44,1995) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/28:21,2466) [kworker/3:1-ata_sff]
(postfix,44628,9244,00:00:01/27-18:30:19,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/33-12:54:19,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:01:51/33-12:54:19,3218) sshd: cm-ssh
(root,0,0,00:00:00/21:14,4095) [kworker/2:0]
(root,0,0,00:00:00/14:54,7631) [kworker/u8:0-flush-253:0]
(root,6656,3484,00:00:00/00:00,10721) /bin/bash /usr/bin/check_mk_agent
(root,13744,3384,00:00:00/00:00,10739) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,10740) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:01/04:41:38,15620) [kworker/2:2-events]
(root,0,0,00:00:00/05:42,16920) [kworker/u8:2]
(root,0,0,00:00:00/01:01:11,17463) [kworker/0:0]
(root,0,0,00:00:00/01:21:19,21273) [kworker/0:1-events]
(root,0,0,00:00:00/11:18,22988) [kworker/1:2-cgroup_destroy]
(root,0,0,00:00:00/03:47,24504) [kworker/3:2-ata_sff]
(postfix,24244,8228,00:00:00/01:08:10,25034) pickup -l -t fifo -u
(root,0,0,00:00:00/01:07:58,25667) [kworker/1:0-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-13 23:44

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c1a5a870

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12724,00:01:33/31-12:43:36,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/31-12:43:36,2) [kthreadd]
(root,0,0,00:00:00/31-12:43:36,3) [rcu_gp]
(root,0,0,00:00:00/31-12:43:36,4) [rcu_par_gp]
(root,0,0,00:00:00/31-12:43:36,5) [slub_flushwq]
(root,0,0,00:00:00/31-12:43:36,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/31-12:43:36,9) [mm_percpu_wq]
(root,0,0,00:00:00/31-12:43:36,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/31-12:43:36,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/31-12:43:36,12) [rcu_tasks_trace]
(root,0,0,00:00:58/31-12:43:36,13) [ksoftirqd/0]
(root,0,0,01:31:24/31-12:43:36,14) [rcu_preempt]
(root,0,0,00:00:12/31-12:43:36,15) [migration/0]
(root,0,0,00:00:00/31-12:43:36,16) [idle_inject/0]
(root,0,0,00:00:00/31-12:43:36,18) [cpuhp/0]
(root,0,0,00:00:00/31-12:43:36,19) [cpuhp/1]
(root,0,0,00:00:00/31-12:43:36,20) [idle_inject/1]
(root,0,0,00:00:12/31-12:43:36,21) [migration/1]
(root,0,0,00:00:47/31-12:43:36,22) [ksoftirqd/1]
(root,0,0,00:00:00/31-12:43:36,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/31-12:43:36,25) [cpuhp/2]
(root,0,0,00:00:00/31-12:43:36,26) [idle_inject/2]
(root,0,0,00:00:09/31-12:43:36,27) [migration/2]
(root,0,0,00:58:50/31-12:43:36,28) [ksoftirqd/2]
(root,0,0,00:00:00/31-12:43:36,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/31-12:43:36,31) [cpuhp/3]
(root,0,0,00:00:00/31-12:43:36,32) [idle_inject/3]
(root,0,0,00:00:11/31-12:43:36,33) [migration/3]
(root,0,0,00:03:02/31-12:43:36,34) [ksoftirqd/3]
(root,0,0,00:00:00/31-12:43:36,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/31-12:43:36,40) [kdevtmpfs]
(root,0,0,00:00:00/31-12:43:36,41) [netns]
(root,0,0,00:00:00/31-12:43:36,42) [inet_frag_wq]
(root,0,0,00:00:11/31-12:43:36,43) [kauditd]
(root,0,0,00:00:00/31-12:43:36,44) [khungtaskd]
(root,0,0,00:00:00/31-12:43:36,45) [oom_reaper]
(root,0,0,00:00:00/31-12:43:36,46) [writeback]
(root,0,0,00:01:40/31-12:43:36,47) [kcompactd0]
(root,0,0,00:00:00/31-12:43:36,48) [ksmd]
(root,0,0,00:01:43/31-12:43:36,49) [khugepaged]
(root,0,0,00:00:00/31-12:43:36,75) [kintegrityd]
(root,0,0,00:00:00/31-12:43:36,76) [kblockd]
(root,0,0,00:00:00/31-12:43:36,77) [blkcg_punt_bio]
(root,0,0,00:00:00/31-12:43:36,79) [tpm_dev_wq]
(root,0,0,00:00:00/31-12:43:36,80) [edac-poller]
(root,0,0,00:00:00/31-12:43:36,81) [devfreq_wq]
(root,0,0,00:00:00/31-12:43:36,110) [watchdogd]
(root,0,0,00:00:02/31-12:43:36,111) [kswapd0]
(root,0,0,00:00:08/31-12:43:36,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/31-12:43:34,115) [kthrotld]
(root,0,0,00:00:00/31-12:43:34,116) [mld]
(root,0,0,00:00:00/31-12:43:34,117) [ipv6_addrconf]
(root,0,0,00:00:09/31-12:43:34,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/31-12:43:34,123) [kstrp]
(root,0,0,00:00:00/31-12:43:34,124) [zswap-shrink]
(root,0,0,00:00:00/31-12:43:34,125) [kworker/u9:0]
(root,0,0,00:00:00/31-12:43:34,130) [charger_manager]
(root,0,0,00:00:09/31-12:43:34,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:14/31-12:43:34,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/31-12:43:33,239) [kaluad]
(root,0,0,00:00:00/31-12:43:33,258) [kmpath_rdacd]
(root,0,0,00:00:00/31-12:43:33,304) [kmpathd]
(root,0,0,00:00:00/31-12:43:33,305) [kmpath_handlerd]
(root,0,0,00:00:00/31-12:43:32,342) [ata_sff]
(root,0,0,00:00:00/31-12:43:32,343) [scsi_eh_0]
(root,0,0,00:00:00/31-12:43:32,344) [scsi_tmf_0]
(root,0,0,00:00:00/31-12:43:32,345) [scsi_eh_1]
(root,0,0,00:00:00/31-12:43:32,346) [scsi_tmf_1]
(root,0,0,00:01:03/31-12:43:29,366) [jbd2/vda1-8]
(root,0,0,00:00:00/31-12:43:29,367) [ext4-rsv-conver]
(root,38604,7944,00:00:51/31-12:43:17,440) /usr/lib/systemd/systemd-journald
(root,53296,9712,00:00:03/31-12:43:16,454) /usr/lib/systemd/systemd-udevd
(root,8624,6212,00:00:49/31-12:43:14,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1616,00:00:18/31-12:42:43,511) /sbin/auditd
(messagebus,22932,5632,00:01:44/31-12:42:42,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8332,00:00:59/31-12:42:42,530) /usr/lib/systemd/systemd-logind
(root,20556,4624,00:00:00/31-12:42:42,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15948,00:00:03/31-12:42:40,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16404,00:00:00/31-12:42:40,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548360,29300,00:00:37/31-12:42:26,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25908,00:00:00/31-12:42:26,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:03:12/31-12:42:26,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1812,00:00:00/31-12:42:26,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/31-12:42:26,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/31-12:42:26,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/31-12:42:26,1343) /usr/lib/systemd/systemd --user
(root,449060,8496,00:00:48/31-12:42:26,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5856,00:04:34/31-12:42:26,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/31-12:42:26,1352) bpfilter_umh
(root,26204,8128,00:00:16/31-12:42:26,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4032,00:00:00/31-12:42:26,1359) ntpd: asynchronous dns resolver
(spot,362208,200308,1-22:09:07/31-12:42:25,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/31-12:42:25,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/31-12:42:25,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/31-12:42:25,1373) (sd-pam)
(root,24216,5260,00:00:11/31-12:42:23,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:02/31-12:42:23,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:04/31-12:42:23,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/31-12:42:20,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:01:58/31-12:42:19,1527) sshd: syslogtunnel
(root,693780,72896,00:43:41/31-12:42:17,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,221632,61988,00:17:40/31-12:42:05,1995) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/01:31:25,2437) [kworker/u8:2-flush-253:0]
(postfix,44628,9244,00:00:01/25-18:17:40,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/31-12:41:40,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:01:45/31-12:41:40,3218) sshd: cm-ssh
(root,0,0,00:00:00/18:11,6656) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/07:48,10597) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/17:52:12,11736) [kworker/u8:1-ext4-rsv-conversion]
(root,6656,3488,00:00:00/00:00,13247) /bin/bash /usr/bin/check_mk_agent
(root,13744,3396,00:00:00/00:00,13265) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,13266) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/05:36,16322) [kworker/1:0-cgroup_destroy]
(root,0,0,00:00:01/03:04:08,22602) [kworker/2:1-events]
(root,0,0,00:00:00/01:31:37,23881) [kworker/1:2-events]
(postfix,24244,8268,00:00:00/01:17:28,25794) pickup -l -t fifo -u
(root,0,0,00:00:00/12:20,27419) [kworker/2:2-events]
(root,0,0,00:00:00/01:25:55,27771) [kworker/0:0]
(root,0,0,00:00:01/02:06:45,28641) [kworker/0:1-events]
(root,0,0,00:00:00/02:37,31518) [kworker/3:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-11 23:32

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836301c5bd60

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12724,00:01:25/29-12:42:13,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/29-12:42:13,2) [kthreadd]
(root,0,0,00:00:00/29-12:42:13,3) [rcu_gp]
(root,0,0,00:00:00/29-12:42:13,4) [rcu_par_gp]
(root,0,0,00:00:00/29-12:42:13,5) [slub_flushwq]
(root,0,0,00:00:00/29-12:42:13,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/29-12:42:13,9) [mm_percpu_wq]
(root,0,0,00:00:00/29-12:42:13,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/29-12:42:13,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/29-12:42:13,12) [rcu_tasks_trace]
(root,0,0,00:00:55/29-12:42:13,13) [ksoftirqd/0]
(root,0,0,01:25:35/29-12:42:13,14) [rcu_preempt]
(root,0,0,00:00:11/29-12:42:13,15) [migration/0]
(root,0,0,00:00:00/29-12:42:13,16) [idle_inject/0]
(root,0,0,00:00:00/29-12:42:13,18) [cpuhp/0]
(root,0,0,00:00:00/29-12:42:13,19) [cpuhp/1]
(root,0,0,00:00:00/29-12:42:13,20) [idle_inject/1]
(root,0,0,00:00:11/29-12:42:13,21) [migration/1]
(root,0,0,00:00:45/29-12:42:13,22) [ksoftirqd/1]
(root,0,0,00:00:00/29-12:42:13,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/29-12:42:13,25) [cpuhp/2]
(root,0,0,00:00:00/29-12:42:13,26) [idle_inject/2]
(root,0,0,00:00:08/29-12:42:13,27) [migration/2]
(root,0,0,00:54:40/29-12:42:13,28) [ksoftirqd/2]
(root,0,0,00:00:00/29-12:42:13,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/29-12:42:13,31) [cpuhp/3]
(root,0,0,00:00:00/29-12:42:13,32) [idle_inject/3]
(root,0,0,00:00:10/29-12:42:13,33) [migration/3]
(root,0,0,00:02:50/29-12:42:13,34) [ksoftirqd/3]
(root,0,0,00:00:00/29-12:42:13,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/29-12:42:13,40) [kdevtmpfs]
(root,0,0,00:00:00/29-12:42:13,41) [netns]
(root,0,0,00:00:00/29-12:42:13,42) [inet_frag_wq]
(root,0,0,00:00:10/29-12:42:13,43) [kauditd]
(root,0,0,00:00:00/29-12:42:13,44) [khungtaskd]
(root,0,0,00:00:00/29-12:42:13,45) [oom_reaper]
(root,0,0,00:00:00/29-12:42:13,46) [writeback]
(root,0,0,00:01:34/29-12:42:13,47) [kcompactd0]
(root,0,0,00:00:00/29-12:42:13,48) [ksmd]
(root,0,0,00:01:36/29-12:42:13,49) [khugepaged]
(root,0,0,00:00:00/29-12:42:13,75) [kintegrityd]
(root,0,0,00:00:00/29-12:42:13,76) [kblockd]
(root,0,0,00:00:00/29-12:42:13,77) [blkcg_punt_bio]
(root,0,0,00:00:00/29-12:42:13,79) [tpm_dev_wq]
(root,0,0,00:00:00/29-12:42:13,80) [edac-poller]
(root,0,0,00:00:00/29-12:42:13,81) [devfreq_wq]
(root,0,0,00:00:00/29-12:42:13,110) [watchdogd]
(root,0,0,00:00:02/29-12:42:13,111) [kswapd0]
(root,0,0,00:00:08/29-12:42:13,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/29-12:42:11,115) [kthrotld]
(root,0,0,00:00:00/29-12:42:11,116) [mld]
(root,0,0,00:00:00/29-12:42:11,117) [ipv6_addrconf]
(root,0,0,00:00:08/29-12:42:11,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/29-12:42:11,123) [kstrp]
(root,0,0,00:00:00/29-12:42:11,124) [zswap-shrink]
(root,0,0,00:00:00/29-12:42:11,125) [kworker/u9:0]
(root,0,0,00:00:00/29-12:42:11,130) [charger_manager]
(root,0,0,00:00:09/29-12:42:11,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:13/29-12:42:11,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/29-12:42:10,239) [kaluad]
(root,0,0,00:00:00/29-12:42:10,258) [kmpath_rdacd]
(root,0,0,00:00:00/29-12:42:10,304) [kmpathd]
(root,0,0,00:00:00/29-12:42:10,305) [kmpath_handlerd]
(root,0,0,00:00:00/29-12:42:09,342) [ata_sff]
(root,0,0,00:00:00/29-12:42:09,343) [scsi_eh_0]
(root,0,0,00:00:00/29-12:42:09,344) [scsi_tmf_0]
(root,0,0,00:00:00/29-12:42:09,345) [scsi_eh_1]
(root,0,0,00:00:00/29-12:42:09,346) [scsi_tmf_1]
(root,0,0,00:00:59/29-12:42:06,366) [jbd2/vda1-8]
(root,0,0,00:00:00/29-12:42:06,367) [ext4-rsv-conver]
(root,38604,7944,00:00:47/29-12:41:54,440) /usr/lib/systemd/systemd-journald
(root,53296,9712,00:00:03/29-12:41:53,454) /usr/lib/systemd/systemd-udevd
(root,8624,6212,00:00:46/29-12:41:51,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1616,00:00:17/29-12:41:20,511) /sbin/auditd
(messagebus,22932,5632,00:01:35/29-12:41:19,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8332,00:00:54/29-12:41:19,530) /usr/lib/systemd/systemd-logind
(root,20556,4624,00:00:00/29-12:41:19,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15948,00:00:03/29-12:41:17,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16404,00:00:00/29-12:41:17,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548360,29300,00:00:34/29-12:41:03,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25908,00:00:00/29-12:41:03,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:03:01/29-12:41:03,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1812,00:00:00/29-12:41:03,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/29-12:41:03,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/29-12:41:03,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/29-12:41:03,1343) /usr/lib/systemd/systemd --user
(root,449060,8644,00:00:45/29-12:41:03,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5856,00:04:17/29-12:41:03,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/29-12:41:03,1352) bpfilter_umh
(root,26204,8128,00:00:14/29-12:41:03,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4032,00:00:00/29-12:41:03,1359) ntpd: asynchronous dns resolver
(spot,361488,200112,1-19:47:13/29-12:41:02,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/29-12:41:02,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/29-12:41:02,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/29-12:41:02,1373) (sd-pam)
(root,24216,5260,00:00:10/29-12:41:00,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:02/29-12:41:00,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:04/29-12:41:00,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/29-12:40:57,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:01:50/29-12:40:56,1527) sshd: syslogtunnel
(root,693524,72428,00:40:49/29-12:40:54,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,220608,60744,00:16:37/29-12:40:42,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9244,00:00:01/23-18:16:17,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/05:21,2706) [kworker/u8:0-writeback]
(root,35308,10108,00:00:00/29-12:40:17,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:01:38/29-12:40:17,3218) sshd: cm-ssh
(root,0,0,00:00:00/04:17,7190) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/01:23:54,9799) [kworker/1:0-cgroup_destroy]
(root,0,0,00:00:00/01:06:31,11915) [kworker/3:2-events]
(root,0,0,00:00:00/09:28,16375) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/01:34:06,18169) [kworker/0:2-events]
(root,0,0,00:00:01/02:06:16,22291) [kworker/0:1-events]
(postfix,24244,8236,00:00:00/01:38:05,24925) pickup -l -t fifo -u
(root,0,0,00:00:00/57:11,25049) [kworker/u8:1-ext4-rsv-conversion]
(root,0,0,00:00:00/15:34,25890) [kworker/2:0]
(root,0,0,00:00:00/00:00,27891) [python] <defunct>
(root,6764,3608,00:00:00/00:00,28222) /bin/bash /usr/bin/check_mk_agent
(root,6656,3484,00:00:00/00:00,28360) /bin/bash /usr/bin/check_mk_agent
(root,14100,9696,00:00:00/00:00,28366) python ././remotecheck
(root,13744,3524,00:00:00/00:00,28382) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,956,00:00:00/00:00,28383) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/38:32,28994) [kworker/1:2-events]
(root,0,0,00:00:00/54:42,29505) [kworker/2:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-09 23:30

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836333883cd3

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12724,00:01:18/27-12:46:07,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/27-12:46:07,2) [kthreadd]
(root,0,0,00:00:00/27-12:46:07,3) [rcu_gp]
(root,0,0,00:00:00/27-12:46:07,4) [rcu_par_gp]
(root,0,0,00:00:00/27-12:46:07,5) [slub_flushwq]
(root,0,0,00:00:00/27-12:46:07,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/27-12:46:07,9) [mm_percpu_wq]
(root,0,0,00:00:00/27-12:46:07,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/27-12:46:07,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/27-12:46:07,12) [rcu_tasks_trace]
(root,0,0,00:00:51/27-12:46:07,13) [ksoftirqd/0]
(root,0,0,01:20:07/27-12:46:07,14) [rcu_preempt]
(root,0,0,00:00:10/27-12:46:07,15) [migration/0]
(root,0,0,00:00:00/27-12:46:07,16) [idle_inject/0]
(root,0,0,00:00:00/27-12:46:07,18) [cpuhp/0]
(root,0,0,00:00:00/27-12:46:07,19) [cpuhp/1]
(root,0,0,00:00:00/27-12:46:07,20) [idle_inject/1]
(root,0,0,00:00:10/27-12:46:07,21) [migration/1]
(root,0,0,00:00:42/27-12:46:07,22) [ksoftirqd/1]
(root,0,0,00:00:00/27-12:46:07,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/27-12:46:07,25) [cpuhp/2]
(root,0,0,00:00:00/27-12:46:07,26) [idle_inject/2]
(root,0,0,00:00:08/27-12:46:07,27) [migration/2]
(root,0,0,00:51:33/27-12:46:07,28) [ksoftirqd/2]
(root,0,0,00:00:00/27-12:46:07,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/27-12:46:07,31) [cpuhp/3]
(root,0,0,00:00:00/27-12:46:07,32) [idle_inject/3]
(root,0,0,00:00:10/27-12:46:07,33) [migration/3]
(root,0,0,00:02:41/27-12:46:07,34) [ksoftirqd/3]
(root,0,0,00:00:00/27-12:46:07,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/27-12:46:07,40) [kdevtmpfs]
(root,0,0,00:00:00/27-12:46:07,41) [netns]
(root,0,0,00:00:00/27-12:46:07,42) [inet_frag_wq]
(root,0,0,00:00:09/27-12:46:07,43) [kauditd]
(root,0,0,00:00:00/27-12:46:07,44) [khungtaskd]
(root,0,0,00:00:00/27-12:46:07,45) [oom_reaper]
(root,0,0,00:00:00/27-12:46:07,46) [writeback]
(root,0,0,00:01:28/27-12:46:07,47) [kcompactd0]
(root,0,0,00:00:00/27-12:46:07,48) [ksmd]
(root,0,0,00:01:29/27-12:46:07,49) [khugepaged]
(root,0,0,00:00:00/27-12:46:07,75) [kintegrityd]
(root,0,0,00:00:00/27-12:46:07,76) [kblockd]
(root,0,0,00:00:00/27-12:46:07,77) [blkcg_punt_bio]
(root,0,0,00:00:00/27-12:46:07,79) [tpm_dev_wq]
(root,0,0,00:00:00/27-12:46:07,80) [edac-poller]
(root,0,0,00:00:00/27-12:46:07,81) [devfreq_wq]
(root,0,0,00:00:00/27-12:46:07,110) [watchdogd]
(root,0,0,00:00:02/27-12:46:07,111) [kswapd0]
(root,0,0,00:00:07/27-12:46:07,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/27-12:46:05,115) [kthrotld]
(root,0,0,00:00:00/27-12:46:05,116) [mld]
(root,0,0,00:00:00/27-12:46:05,117) [ipv6_addrconf]
(root,0,0,00:00:07/27-12:46:05,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/27-12:46:05,123) [kstrp]
(root,0,0,00:00:00/27-12:46:05,124) [zswap-shrink]
(root,0,0,00:00:00/27-12:46:05,125) [kworker/u9:0]
(root,0,0,00:00:00/27-12:46:05,130) [charger_manager]
(root,0,0,00:00:08/27-12:46:05,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:12/27-12:46:05,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/27-12:46:04,239) [kaluad]
(root,0,0,00:00:00/27-12:46:04,258) [kmpath_rdacd]
(root,0,0,00:00:00/27-12:46:04,304) [kmpathd]
(root,0,0,00:00:00/27-12:46:04,305) [kmpath_handlerd]
(root,0,0,00:00:00/27-12:46:03,342) [ata_sff]
(root,0,0,00:00:00/27-12:46:03,343) [scsi_eh_0]
(root,0,0,00:00:00/27-12:46:03,344) [scsi_tmf_0]
(root,0,0,00:00:00/27-12:46:03,345) [scsi_eh_1]
(root,0,0,00:00:00/27-12:46:03,346) [scsi_tmf_1]
(root,0,0,00:00:55/27-12:46:00,366) [jbd2/vda1-8]
(root,0,0,00:00:00/27-12:46:00,367) [ext4-rsv-conver]
(root,38604,7944,00:00:43/27-12:45:48,440) /usr/lib/systemd/systemd-journald
(root,53296,9712,00:00:03/27-12:45:47,454) /usr/lib/systemd/systemd-udevd
(root,8624,6212,00:00:43/27-12:45:45,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1616,00:00:15/27-12:45:14,511) /sbin/auditd
(messagebus,22932,5632,00:01:26/27-12:45:13,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8328,00:00:49/27-12:45:13,530) /usr/lib/systemd/systemd-logind
(root,20556,4624,00:00:00/27-12:45:13,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15948,00:00:03/27-12:45:11,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16404,00:00:00/27-12:45:11,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548104,28776,00:00:32/27-12:44:57,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25908,00:00:00/27-12:44:57,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:02:48/27-12:44:57,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1812,00:00:00/27-12:44:57,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/27-12:44:57,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/27-12:44:57,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/27-12:44:57,1343) /usr/lib/systemd/systemd --user
(root,449060,8644,00:00:41/27-12:44:57,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5856,00:03:59/27-12:44:57,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/27-12:44:57,1352) bpfilter_umh
(root,26204,8128,00:00:13/27-12:44:57,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4032,00:00:00/27-12:44:57,1359) ntpd: asynchronous dns resolver
(spot,296400,195116,1-17:11:31/27-12:44:56,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/27-12:44:56,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/27-12:44:56,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/27-12:44:56,1373) (sd-pam)
(root,24216,5260,00:00:09/27-12:44:54,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:01/27-12:44:54,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:03/27-12:44:54,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/27-12:44:51,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:01:42/27-12:44:50,1527) sshd: syslogtunnel
(root,693268,74056,00:38:04/27-12:44:48,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,219584,59124,00:15:34/27-12:44:36,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9244,00:00:00/21-18:20:11,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/27-12:44:11,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:01:31/27-12:44:11,3218) sshd: cm-ssh
(root,0,0,00:00:00/01:14:16,4690) [kworker/u8:1-ext4-rsv-conversion]
(postfix,24244,8176,00:00:00/23:41,10198) pickup -l -t fifo -u
(root,0,0,00:00:00/12:56,10553) [kworker/0:2-events]
(root,0,0,00:00:00/40:59,13876) [kworker/2:2]
(root,0,0,00:00:00/10:08,15394) [kworker/3:2-ata_sff]
(root,6656,3528,00:00:00/00:00,16301) /bin/bash /usr/bin/check_mk_agent
(root,13744,3448,00:00:00/00:00,16319) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,956,00:00:00/00:00,16320) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/01:33:52,21505) [kworker/u8:2-writeback]
(root,0,0,00:00:00/01:08:43,22103) [kworker/0:1-events]
(root,0,0,00:00:00/06:44,23590) [kworker/1:2]
(root,0,0,00:00:00/50:14,24824) [kworker/2:1-events]
(root,0,0,00:00:00/01:07:12,28201) [kworker/3:0-events]
(root,0,0,00:00:00/04:55,28509) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/19:12,28567) [kworker/1:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-07 23:34

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683636bb1e37e

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12712,00:01:11/25-12:37:58,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/25-12:37:58,2) [kthreadd]
(root,0,0,00:00:00/25-12:37:58,3) [rcu_gp]
(root,0,0,00:00:00/25-12:37:58,4) [rcu_par_gp]
(root,0,0,00:00:00/25-12:37:58,5) [slub_flushwq]
(root,0,0,00:00:00/25-12:37:58,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/25-12:37:58,9) [mm_percpu_wq]
(root,0,0,00:00:00/25-12:37:58,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/25-12:37:58,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/25-12:37:58,12) [rcu_tasks_trace]
(root,0,0,00:00:48/25-12:37:58,13) [ksoftirqd/0]
(root,0,0,01:14:42/25-12:37:58,14) [rcu_preempt]
(root,0,0,00:00:09/25-12:37:58,15) [migration/0]
(root,0,0,00:00:00/25-12:37:58,16) [idle_inject/0]
(root,0,0,00:00:00/25-12:37:58,18) [cpuhp/0]
(root,0,0,00:00:00/25-12:37:58,19) [cpuhp/1]
(root,0,0,00:00:00/25-12:37:58,20) [idle_inject/1]
(root,0,0,00:00:09/25-12:37:58,21) [migration/1]
(root,0,0,00:00:39/25-12:37:58,22) [ksoftirqd/1]
(root,0,0,00:00:00/25-12:37:58,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/25-12:37:58,25) [cpuhp/2]
(root,0,0,00:00:00/25-12:37:58,26) [idle_inject/2]
(root,0,0,00:00:07/25-12:37:58,27) [migration/2]
(root,0,0,00:48:49/25-12:37:58,28) [ksoftirqd/2]
(root,0,0,00:00:00/25-12:37:58,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/25-12:37:58,31) [cpuhp/3]
(root,0,0,00:00:00/25-12:37:58,32) [idle_inject/3]
(root,0,0,00:00:09/25-12:37:58,33) [migration/3]
(root,0,0,00:02:31/25-12:37:58,34) [ksoftirqd/3]
(root,0,0,00:00:00/25-12:37:58,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/25-12:37:58,40) [kdevtmpfs]
(root,0,0,00:00:00/25-12:37:58,41) [netns]
(root,0,0,00:00:00/25-12:37:58,42) [inet_frag_wq]
(root,0,0,00:00:08/25-12:37:58,43) [kauditd]
(root,0,0,00:00:00/25-12:37:58,44) [khungtaskd]
(root,0,0,00:00:00/25-12:37:58,45) [oom_reaper]
(root,0,0,00:00:00/25-12:37:58,46) [writeback]
(root,0,0,00:01:21/25-12:37:58,47) [kcompactd0]
(root,0,0,00:00:00/25-12:37:58,48) [ksmd]
(root,0,0,00:01:23/25-12:37:58,49) [khugepaged]
(root,0,0,00:00:00/25-12:37:58,75) [kintegrityd]
(root,0,0,00:00:00/25-12:37:58,76) [kblockd]
(root,0,0,00:00:00/25-12:37:58,77) [blkcg_punt_bio]
(root,0,0,00:00:00/25-12:37:58,79) [tpm_dev_wq]
(root,0,0,00:00:00/25-12:37:58,80) [edac-poller]
(root,0,0,00:00:00/25-12:37:58,81) [devfreq_wq]
(root,0,0,00:00:00/25-12:37:58,110) [watchdogd]
(root,0,0,00:00:01/25-12:37:58,111) [kswapd0]
(root,0,0,00:00:07/25-12:37:58,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/25-12:37:56,115) [kthrotld]
(root,0,0,00:00:00/25-12:37:56,116) [mld]
(root,0,0,00:00:00/25-12:37:56,117) [ipv6_addrconf]
(root,0,0,00:00:07/25-12:37:56,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/25-12:37:56,123) [kstrp]
(root,0,0,00:00:00/25-12:37:56,124) [zswap-shrink]
(root,0,0,00:00:00/25-12:37:56,125) [kworker/u9:0]
(root,0,0,00:00:00/25-12:37:56,130) [charger_manager]
(root,0,0,00:00:07/25-12:37:56,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:11/25-12:37:56,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/25-12:37:55,239) [kaluad]
(root,0,0,00:00:00/25-12:37:55,258) [kmpath_rdacd]
(root,0,0,00:00:00/25-12:37:55,304) [kmpathd]
(root,0,0,00:00:00/25-12:37:55,305) [kmpath_handlerd]
(root,0,0,00:00:00/25-12:37:54,342) [ata_sff]
(root,0,0,00:00:00/25-12:37:54,343) [scsi_eh_0]
(root,0,0,00:00:00/25-12:37:54,344) [scsi_tmf_0]
(root,0,0,00:00:00/25-12:37:54,345) [scsi_eh_1]
(root,0,0,00:00:00/25-12:37:54,346) [scsi_tmf_1]
(root,0,0,00:00:51/25-12:37:51,366) [jbd2/vda1-8]
(root,0,0,00:00:00/25-12:37:51,367) [ext4-rsv-conver]
(root,38604,7992,00:00:39/25-12:37:39,440) /usr/lib/systemd/systemd-journald
(root,53296,9748,00:00:03/25-12:37:38,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:40/25-12:37:36,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:14/25-12:37:05,511) /sbin/auditd
(messagebus,22932,5912,00:01:17/25-12:37:04,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8392,00:00:44/25-12:37:04,530) /usr/lib/systemd/systemd-logind
(root,20556,5900,00:00:00/25-12:37:04,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17292,00:00:03/25-12:37:02,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,17856,00:00:00/25-12:37:02,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548104,29508,00:00:30/25-12:36:48,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26660,00:00:00/25-12:36:48,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:02:37/25-12:36:48,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/25-12:36:48,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/25-12:36:48,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/25-12:36:48,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/25-12:36:48,1343) /usr/lib/systemd/systemd --user
(root,449060,9120,00:00:37/25-12:36:48,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6340,00:03:42/25-12:36:48,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/25-12:36:48,1352) bpfilter_umh
(root,26204,8212,00:00:12/25-12:36:48,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4368,00:00:00/25-12:36:48,1359) ntpd: asynchronous dns resolver
(spot,295872,191452,1-14:57:22/25-12:36:47,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/25-12:36:47,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/25-12:36:47,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/25-12:36:47,1373) (sd-pam)
(root,24216,5268,00:00:09/25-12:36:45,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:01/25-12:36:45,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:03/25-12:36:45,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/25-12:36:42,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:01:35/25-12:36:41,1527) sshd: syslogtunnel
(root,693268,73792,00:35:20/25-12:36:39,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,218560,57872,00:14:35/25-12:36:27,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9292,00:00:00/19-18:12:02,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/25-12:36:02,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:01:25/25-12:36:02,3218) sshd: cm-ssh
(root,0,0,00:00:00/01:11,6944) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/59:30,11861) [kworker/u8:0-flush-253:0]
(root,0,0,00:00:00/06:22,14175) [kworker/3:1-ata_sff]
(root,6656,3488,00:00:00/00:00,15377) /bin/bash /usr/bin/check_mk_agent
(root,13744,3508,00:00:00/00:00,15395) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,15396) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/32:50,16699) [kworker/2:2-events]
(root,0,0,00:00:00/23:51,17398) [kworker/2:1-events]
(root,0,0,00:00:00/01:36:38,21873) [kworker/1:0-events]
(root,0,0,00:00:00/01:06:02,22480) [kworker/1:2-events]
(root,0,0,00:00:00/46:11,22713) [kworker/u8:1-ext4-rsv-conversion]
(root,0,0,00:00:00/04:39,23862) [kworker/1:1-events]
(root,0,0,00:00:01/01:19:01,27643) [kworker/3:2-events]
(root,0,0,00:00:00/44:53,28674) [kworker/0:2-events]
(postfix,24244,8204,00:00:00/36:37,32576) pickup -l -t fifo -u
(root,0,0,00:00:00/13:54,32582) [kworker/0:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-05 23:26

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d006f05e

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12712,00:01:03/23-11:53:46,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/23-11:53:46,2) [kthreadd]
(root,0,0,00:00:00/23-11:53:46,3) [rcu_gp]
(root,0,0,00:00:00/23-11:53:46,4) [rcu_par_gp]
(root,0,0,00:00:00/23-11:53:46,5) [slub_flushwq]
(root,0,0,00:00:00/23-11:53:46,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/23-11:53:46,9) [mm_percpu_wq]
(root,0,0,00:00:00/23-11:53:46,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/23-11:53:46,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/23-11:53:46,12) [rcu_tasks_trace]
(root,0,0,00:00:45/23-11:53:46,13) [ksoftirqd/0]
(root,0,0,01:08:58/23-11:53:46,14) [rcu_preempt]
(root,0,0,00:00:09/23-11:53:46,15) [migration/0]
(root,0,0,00:00:00/23-11:53:46,16) [idle_inject/0]
(root,0,0,00:00:00/23-11:53:46,18) [cpuhp/0]
(root,0,0,00:00:00/23-11:53:46,19) [cpuhp/1]
(root,0,0,00:00:00/23-11:53:46,20) [idle_inject/1]
(root,0,0,00:00:09/23-11:53:46,21) [migration/1]
(root,0,0,00:00:37/23-11:53:46,22) [ksoftirqd/1]
(root,0,0,00:00:00/23-11:53:46,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/23-11:53:46,25) [cpuhp/2]
(root,0,0,00:00:00/23-11:53:46,26) [idle_inject/2]
(root,0,0,00:00:07/23-11:53:46,27) [migration/2]
(root,0,0,00:45:25/23-11:53:46,28) [ksoftirqd/2]
(root,0,0,00:00:00/23-11:53:46,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/23-11:53:46,31) [cpuhp/3]
(root,0,0,00:00:00/23-11:53:46,32) [idle_inject/3]
(root,0,0,00:00:08/23-11:53:46,33) [migration/3]
(root,0,0,00:02:21/23-11:53:46,34) [ksoftirqd/3]
(root,0,0,00:00:00/23-11:53:46,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/23-11:53:46,40) [kdevtmpfs]
(root,0,0,00:00:00/23-11:53:46,41) [netns]
(root,0,0,00:00:00/23-11:53:46,42) [inet_frag_wq]
(root,0,0,00:00:07/23-11:53:46,43) [kauditd]
(root,0,0,00:00:00/23-11:53:46,44) [khungtaskd]
(root,0,0,00:00:00/23-11:53:46,45) [oom_reaper]
(root,0,0,00:00:00/23-11:53:46,46) [writeback]
(root,0,0,00:01:15/23-11:53:46,47) [kcompactd0]
(root,0,0,00:00:00/23-11:53:46,48) [ksmd]
(root,0,0,00:01:16/23-11:53:46,49) [khugepaged]
(root,0,0,00:00:00/23-11:53:46,75) [kintegrityd]
(root,0,0,00:00:00/23-11:53:46,76) [kblockd]
(root,0,0,00:00:00/23-11:53:46,77) [blkcg_punt_bio]
(root,0,0,00:00:00/23-11:53:46,79) [tpm_dev_wq]
(root,0,0,00:00:00/23-11:53:46,80) [edac-poller]
(root,0,0,00:00:00/23-11:53:46,81) [devfreq_wq]
(root,0,0,00:00:00/23-11:53:46,110) [watchdogd]
(root,0,0,00:00:01/23-11:53:46,111) [kswapd0]
(root,0,0,00:00:06/23-11:53:46,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/23-11:53:44,115) [kthrotld]
(root,0,0,00:00:00/23-11:53:44,116) [mld]
(root,0,0,00:00:00/23-11:53:44,117) [ipv6_addrconf]
(root,0,0,00:00:06/23-11:53:44,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/23-11:53:44,123) [kstrp]
(root,0,0,00:00:00/23-11:53:44,124) [zswap-shrink]
(root,0,0,00:00:00/23-11:53:44,125) [kworker/u9:0]
(root,0,0,00:00:00/23-11:53:44,130) [charger_manager]
(root,0,0,00:00:07/23-11:53:44,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:10/23-11:53:44,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/23-11:53:43,239) [kaluad]
(root,0,0,00:00:00/23-11:53:43,258) [kmpath_rdacd]
(root,0,0,00:00:00/23-11:53:43,304) [kmpathd]
(root,0,0,00:00:00/23-11:53:43,305) [kmpath_handlerd]
(root,0,0,00:00:00/23-11:53:42,342) [ata_sff]
(root,0,0,00:00:00/23-11:53:42,343) [scsi_eh_0]
(root,0,0,00:00:00/23-11:53:42,344) [scsi_tmf_0]
(root,0,0,00:00:00/23-11:53:42,345) [scsi_eh_1]
(root,0,0,00:00:00/23-11:53:42,346) [scsi_tmf_1]
(root,0,0,00:00:47/23-11:53:39,366) [jbd2/vda1-8]
(root,0,0,00:00:00/23-11:53:39,367) [ext4-rsv-conver]
(root,38604,7992,00:00:35/23-11:53:27,440) /usr/lib/systemd/systemd-journald
(root,53296,9748,00:00:02/23-11:53:26,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:37/23-11:53:24,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:12/23-11:52:53,511) /sbin/auditd
(messagebus,22932,5912,00:01:08/23-11:52:52,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,0,0,00:00:00/10:41,527) [kworker/0:1-cgroup_destroy]
(root,38748,8392,00:00:39/23-11:52:52,530) /usr/lib/systemd/systemd-logind
(root,20556,5900,00:00:00/23-11:52:52,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17292,00:00:03/23-11:52:50,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,17856,00:00:00/23-11:52:50,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548104,28468,00:00:27/23-11:52:36,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26660,00:00:00/23-11:52:36,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:02:26/23-11:52:36,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/23-11:52:36,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/23-11:52:36,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/23-11:52:36,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/23-11:52:36,1343) /usr/lib/systemd/systemd --user
(root,449060,9120,00:00:33/23-11:52:36,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6340,00:03:24/23-11:52:36,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/23-11:52:36,1352) bpfilter_umh
(root,26204,8212,00:00:10/23-11:52:36,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4368,00:00:00/23-11:52:36,1359) ntpd: asynchronous dns resolver
(spot,292032,178120,1-12:28:42/23-11:52:35,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/23-11:52:35,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/23-11:52:35,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/23-11:52:35,1373) (sd-pam)
(root,24216,5268,00:00:08/23-11:52:33,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:01/23-11:52:33,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:03/23-11:52:33,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/23-11:52:30,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:01:27/23-11:52:29,1527) sshd: syslogtunnel
(root,692644,73236,00:32:30/23-11:52:27,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,217536,56548,00:13:34/23-11:52:15,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9292,00:00:00/17-17:27:50,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/23-11:51:50,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:01:18/23-11:51:50,3218) sshd: cm-ssh
(root,0,0,00:00:00/01:58:09,3775) [kworker/1:2-events]
(root,0,0,00:00:00/01:44,3867) [kworker/0:0-events]
(root,0,0,00:00:00/10:16,4056) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/10:10,4103) [kworker/u8:1-ext4-rsv-conversion]
(root,0,0,00:00:00/04:35:21,4562) [kworker/u8:0-writeback]
(root,0,0,00:00:00/17:03,4623) [kworker/0:2-events]
(root,0,0,00:00:00/49:19,6461) [kworker/2:0]
(root,0,0,00:00:00/41:25,8177) [kworker/3:2-events]
(root,6656,3488,00:00:00/00:00,10477) /bin/bash /usr/bin/check_mk_agent
(root,6656,3492,00:00:00/00:00,10524) /bin/bash /usr/bin/check_mk_agent
(root,6656,1824,00:00:00/00:00,10586) /bin/bash /usr/bin/check_mk_agent
(root,6656,2016,00:00:00/00:00,10587) /bin/bash /usr/bin/check_mk_agent
(root,4480,1088,00:00:00/00:00,10588) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,828,00:00:00/00:00,10589) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2680,684,00:00:00/00:00,10590) cat /proc/net/tcp /proc/net/tcp6
(root,6656,3488,00:00:00/00:00,10609) /bin/bash /usr/bin/check_mk_agent
(root,6656,1828,00:00:00/00:00,10617) /bin/bash /usr/bin/check_mk_agent
(root,6656,2020,00:00:00/00:00,10620) /bin/bash /usr/bin/check_mk_agent
(root,4480,1184,00:00:00/00:00,10621) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,852,00:00:00/00:00,10622) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2680,704,00:00:00/00:00,10626) cat /proc/net/tcp /proc/net/tcp6
(root,13744,3488,00:00:00/00:00,10635) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,10636) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/23:41,18134) [kworker/2:2-events]
(postfix,24244,8168,00:00:00/14:15,18770) pickup -l -t fifo -u
(root,0,0,00:00:00/55:07,20947) [kworker/1:1-events]
(root,0,0,00:00:00/05:05,28482) [kworker/3:1-ata_sff]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-03 22:42

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639d501faa

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12688,00:00:54/21-10:58:31,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/21-10:58:31,2) [kthreadd]
(root,0,0,00:00:00/21-10:58:31,3) [rcu_gp]
(root,0,0,00:00:00/21-10:58:31,4) [rcu_par_gp]
(root,0,0,00:00:00/21-10:58:31,5) [slub_flushwq]
(root,0,0,00:00:00/21-10:58:31,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/21-10:58:31,9) [mm_percpu_wq]
(root,0,0,00:00:00/21-10:58:31,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/21-10:58:31,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/21-10:58:31,12) [rcu_tasks_trace]
(root,0,0,00:00:41/21-10:58:31,13) [ksoftirqd/0]
(root,0,0,01:03:10/21-10:58:31,14) [rcu_preempt]
(root,0,0,00:00:08/21-10:58:31,15) [migration/0]
(root,0,0,00:00:00/21-10:58:31,16) [idle_inject/0]
(root,0,0,00:00:00/21-10:58:31,18) [cpuhp/0]
(root,0,0,00:00:00/21-10:58:31,19) [cpuhp/1]
(root,0,0,00:00:00/21-10:58:31,20) [idle_inject/1]
(root,0,0,00:00:08/21-10:58:31,21) [migration/1]
(root,0,0,00:00:34/21-10:58:31,22) [ksoftirqd/1]
(root,0,0,00:00:00/21-10:58:31,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/21-10:58:31,25) [cpuhp/2]
(root,0,0,00:00:00/21-10:58:31,26) [idle_inject/2]
(root,0,0,00:00:06/21-10:58:31,27) [migration/2]
(root,0,0,00:42:28/21-10:58:31,28) [ksoftirqd/2]
(root,0,0,00:00:00/21-10:58:31,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/21-10:58:31,31) [cpuhp/3]
(root,0,0,00:00:00/21-10:58:31,32) [idle_inject/3]
(root,0,0,00:00:07/21-10:58:31,33) [migration/3]
(root,0,0,00:02:10/21-10:58:31,34) [ksoftirqd/3]
(root,0,0,00:00:00/21-10:58:31,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/21-10:58:31,40) [kdevtmpfs]
(root,0,0,00:00:00/21-10:58:31,41) [netns]
(root,0,0,00:00:00/21-10:58:31,42) [inet_frag_wq]
(root,0,0,00:00:06/21-10:58:31,43) [kauditd]
(root,0,0,00:00:00/21-10:58:31,44) [khungtaskd]
(root,0,0,00:00:00/21-10:58:31,45) [oom_reaper]
(root,0,0,00:00:00/21-10:58:31,46) [writeback]
(root,0,0,00:01:09/21-10:58:31,47) [kcompactd0]
(root,0,0,00:00:00/21-10:58:31,48) [ksmd]
(root,0,0,00:01:10/21-10:58:31,49) [khugepaged]
(root,0,0,00:00:00/21-10:58:31,75) [kintegrityd]
(root,0,0,00:00:00/21-10:58:31,76) [kblockd]
(root,0,0,00:00:00/21-10:58:31,77) [blkcg_punt_bio]
(root,0,0,00:00:00/21-10:58:31,79) [tpm_dev_wq]
(root,0,0,00:00:00/21-10:58:31,80) [edac-poller]
(root,0,0,00:00:00/21-10:58:31,81) [devfreq_wq]
(root,0,0,00:00:00/21-10:58:31,110) [watchdogd]
(root,0,0,00:00:01/21-10:58:31,111) [kswapd0]
(root,0,0,00:00:05/21-10:58:31,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/21-10:58:29,115) [kthrotld]
(root,0,0,00:00:00/21-10:58:29,116) [mld]
(root,0,0,00:00:00/21-10:58:29,117) [ipv6_addrconf]
(root,0,0,00:00:06/21-10:58:29,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/21-10:58:29,123) [kstrp]
(root,0,0,00:00:00/21-10:58:29,124) [zswap-shrink]
(root,0,0,00:00:00/21-10:58:29,125) [kworker/u9:0]
(root,0,0,00:00:00/21-10:58:29,130) [charger_manager]
(root,0,0,00:00:06/21-10:58:29,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:09/21-10:58:29,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/21-10:58:28,239) [kaluad]
(root,0,0,00:00:00/21-10:58:28,258) [kmpath_rdacd]
(root,0,0,00:00:00/21-10:58:28,304) [kmpathd]
(root,0,0,00:00:00/21-10:58:28,305) [kmpath_handlerd]
(root,0,0,00:00:00/21-10:58:27,342) [ata_sff]
(root,0,0,00:00:00/21-10:58:27,343) [scsi_eh_0]
(root,0,0,00:00:00/21-10:58:27,344) [scsi_tmf_0]
(root,0,0,00:00:00/21-10:58:27,345) [scsi_eh_1]
(root,0,0,00:00:00/21-10:58:27,346) [scsi_tmf_1]
(root,0,0,00:00:43/21-10:58:24,366) [jbd2/vda1-8]
(root,0,0,00:00:00/21-10:58:24,367) [ext4-rsv-conver]
(root,38604,7992,00:00:30/21-10:58:12,440) /usr/lib/systemd/systemd-journald
(root,53296,9748,00:00:02/21-10:58:11,454) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/01:12,461) [kworker/3:0-events]
(root,8624,6244,00:00:34/21-10:58:09,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:10/21-10:57:38,511) /sbin/auditd
(messagebus,22932,5912,00:00:57/21-10:57:37,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8392,00:00:33/21-10:57:37,530) /usr/lib/systemd/systemd-logind
(root,20556,5900,00:00:00/21-10:57:37,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17292,00:00:03/21-10:57:35,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,17856,00:00:00/21-10:57:35,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548104,28468,00:00:25/21-10:57:21,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26660,00:00:00/21-10:57:21,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:02:14/21-10:57:21,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/21-10:57:21,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/21-10:57:21,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/21-10:57:21,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/21-10:57:21,1343) /usr/lib/systemd/systemd --user
(root,449156,8812,00:00:29/21-10:57:21,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6340,00:03:07/21-10:57:21,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/21-10:57:21,1352) bpfilter_umh
(root,26204,8212,00:00:08/21-10:57:21,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4368,00:00:00/21-10:57:21,1359) ntpd: asynchronous dns resolver
(spot,312508,199164,1-09:48:05/21-10:57:20,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/21-10:57:20,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/21-10:57:20,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/21-10:57:20,1373) (sd-pam)
(root,24216,5268,00:00:07/21-10:57:18,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:01/21-10:57:18,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:03/21-10:57:18,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/21-10:57:15,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:01:19/21-10:57:14,1527) sshd: syslogtunnel
(root,692388,72908,00:29:40/21-10:57:12,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,215488,54944,00:12:29/21-10:57:00,1995) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:01/02:26:28,2406) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/00:52,2459) [kworker/1:1]
(postfix,44628,9292,00:00:00/15-16:32:35,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/21-10:56:35,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:01:11/21-10:56:35,3218) sshd: cm-ssh
(root,0,0,00:00:00/01:14:50,3830) [kworker/u8:1-flush-253:0]
(root,0,0,00:00:00/01:23:24,5153) [kworker/1:0-events]
(root,0,0,00:00:00/01:03:32,6042) [kworker/1:2-cgroup_destroy]
(root,0,0,00:00:00/17:50,6565) [kworker/0:0]
(root,6656,3484,00:00:00/00:00,7627) /bin/bash /usr/bin/check_mk_agent
(root,13744,3508,00:00:00/00:00,7645) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,7646) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/17:08,9313) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:00/06:24,10973) [kworker/3:1-ata_sff]
(postfix,24244,8172,00:00:00/01:20:57,11110) pickup -l -t fifo -u
(root,0,0,00:00:00/01:29:01,17228) [kworker/0:1-events]
(root,0,0,00:00:00/12:12,22368) [kworker/2:0-cgroup_destroy]
(root,0,0,00:00:00/02:37:06,29790) [kworker/2:2-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-01 21:47

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836310ebe8a5

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12688,00:00:44/19-12:03:42,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/19-12:03:42,2) [kthreadd]
(root,0,0,00:00:00/19-12:03:42,3) [rcu_gp]
(root,0,0,00:00:00/19-12:03:42,4) [rcu_par_gp]
(root,0,0,00:00:00/19-12:03:42,5) [slub_flushwq]
(root,0,0,00:00:00/19-12:03:42,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/19-12:03:42,9) [mm_percpu_wq]
(root,0,0,00:00:00/19-12:03:42,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/19-12:03:42,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/19-12:03:42,12) [rcu_tasks_trace]
(root,0,0,00:00:37/19-12:03:42,13) [ksoftirqd/0]
(root,0,0,00:57:12/19-12:03:42,14) [rcu_preempt]
(root,0,0,00:00:07/19-12:03:42,15) [migration/0]
(root,0,0,00:00:00/19-12:03:42,16) [idle_inject/0]
(root,0,0,00:00:00/19-12:03:42,18) [cpuhp/0]
(root,0,0,00:00:00/19-12:03:42,19) [cpuhp/1]
(root,0,0,00:00:00/19-12:03:42,20) [idle_inject/1]
(root,0,0,00:00:07/19-12:03:42,21) [migration/1]
(root,0,0,00:00:31/19-12:03:42,22) [ksoftirqd/1]
(root,0,0,00:00:00/19-12:03:42,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/19-12:03:42,25) [cpuhp/2]
(root,0,0,00:00:00/19-12:03:42,26) [idle_inject/2]
(root,0,0,00:00:05/19-12:03:42,27) [migration/2]
(root,0,0,00:39:09/19-12:03:42,28) [ksoftirqd/2]
(root,0,0,00:00:00/19-12:03:42,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/19-12:03:42,31) [cpuhp/3]
(root,0,0,00:00:00/19-12:03:42,32) [idle_inject/3]
(root,0,0,00:00:07/19-12:03:42,33) [migration/3]
(root,0,0,00:01:58/19-12:03:42,34) [ksoftirqd/3]
(root,0,0,00:00:00/19-12:03:42,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/19-12:03:42,40) [kdevtmpfs]
(root,0,0,00:00:00/19-12:03:42,41) [netns]
(root,0,0,00:00:00/19-12:03:42,42) [inet_frag_wq]
(root,0,0,00:00:05/19-12:03:42,43) [kauditd]
(root,0,0,00:00:00/19-12:03:42,44) [khungtaskd]
(root,0,0,00:00:00/19-12:03:42,45) [oom_reaper]
(root,0,0,00:00:00/19-12:03:42,46) [writeback]
(root,0,0,00:01:02/19-12:03:42,47) [kcompactd0]
(root,0,0,00:00:00/19-12:03:42,48) [ksmd]
(root,0,0,00:01:03/19-12:03:42,49) [khugepaged]
(root,0,0,00:00:00/19-12:03:42,75) [kintegrityd]
(root,0,0,00:00:00/19-12:03:42,76) [kblockd]
(root,0,0,00:00:00/19-12:03:42,77) [blkcg_punt_bio]
(root,0,0,00:00:00/19-12:03:42,79) [tpm_dev_wq]
(root,0,0,00:00:00/19-12:03:42,80) [edac-poller]
(root,0,0,00:00:00/19-12:03:42,81) [devfreq_wq]
(root,0,0,00:00:00/19-12:03:42,110) [watchdogd]
(root,0,0,00:00:01/19-12:03:42,111) [kswapd0]
(root,0,0,00:00:05/19-12:03:42,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/19-12:03:40,115) [kthrotld]
(root,0,0,00:00:00/19-12:03:40,116) [mld]
(root,0,0,00:00:00/19-12:03:40,117) [ipv6_addrconf]
(root,0,0,00:00:05/19-12:03:40,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/19-12:03:40,123) [kstrp]
(root,0,0,00:00:00/19-12:03:40,124) [zswap-shrink]
(root,0,0,00:00:00/19-12:03:40,125) [kworker/u9:0]
(root,0,0,00:00:00/19-12:03:40,130) [charger_manager]
(root,0,0,00:00:05/19-12:03:40,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:08/19-12:03:40,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/19-12:03:39,239) [kaluad]
(root,0,0,00:00:00/19-12:03:39,258) [kmpath_rdacd]
(root,0,0,00:00:00/19-12:03:39,304) [kmpathd]
(root,0,0,00:00:00/19-12:03:39,305) [kmpath_handlerd]
(root,0,0,00:00:00/19-12:03:38,342) [ata_sff]
(root,0,0,00:00:00/19-12:03:38,343) [scsi_eh_0]
(root,0,0,00:00:00/19-12:03:38,344) [scsi_tmf_0]
(root,0,0,00:00:00/19-12:03:38,345) [scsi_eh_1]
(root,0,0,00:00:00/19-12:03:38,346) [scsi_tmf_1]
(root,0,0,00:00:38/19-12:03:35,366) [jbd2/vda1-8]
(root,0,0,00:00:00/19-12:03:35,367) [ext4-rsv-conver]
(root,38604,7616,00:00:25/19-12:03:23,440) /usr/lib/systemd/systemd-journald
(root,53296,9748,00:00:02/19-12:03:22,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:31/19-12:03:20,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:08/19-12:02:49,511) /sbin/auditd
(messagebus,22932,5912,00:00:45/19-12:02:48,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8392,00:00:26/19-12:02:48,530) /usr/lib/systemd/systemd-logind
(root,20556,6040,00:00:00/19-12:02:48,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17436,00:00:03/19-12:02:46,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,18000,00:00:00/19-12:02:46,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547848,27472,00:00:23/19-12:02:32,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26660,00:00:00/19-12:02:32,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:02:04/19-12:02:32,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/19-12:02:32,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/19-12:02:32,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/19-12:02:32,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/19-12:02:32,1343) /usr/lib/systemd/systemd --user
(root,449156,8812,00:00:24/19-12:02:32,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6340,00:02:49/19-12:02:32,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/19-12:02:32,1352) bpfilter_umh
(root,26204,8212,00:00:07/19-12:02:32,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4368,00:00:00/19-12:02:32,1359) ntpd: asynchronous dns resolver
(spot,314316,199628,1-07:01:54/19-12:02:31,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/19-12:02:31,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/19-12:02:31,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/19-12:02:31,1373) (sd-pam)
(root,24216,5268,00:00:06/19-12:02:29,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:01/19-12:02:29,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:02/19-12:02:29,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/19-12:02:26,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:01:10/19-12:02:25,1527) sshd: syslogtunnel
(root,618656,73492,00:26:52/19-12:02:23,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,0,0,00:00:00/13:59,1678) [kworker/3:1-events]
(spot,215488,53708,00:11:19/19-12:02:11,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9336,00:00:00/13-17:37:46,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/19-12:01:46,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:01:04/19-12:01:46,3218) sshd: cm-ssh
(root,0,0,00:00:00/06:52:21,5852) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:00/03:38,10718) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/02:42,11634) [kworker/2:1-cgroup_destroy]
(root,0,0,00:00:00/02:14:26,12961) [kworker/2:0-events]
(root,0,0,00:00:00/51:53,17258) [kworker/1:0-events]
(root,0,0,00:00:00/09:13,21404) [kworker/2:2-events]
(root,0,0,00:00:00/08:48,22212) [kworker/3:2-ata_sff]
(root,6656,3472,00:00:00/00:00,22219) /bin/bash /usr/bin/check_mk_agent
(root,13744,3504,00:00:00/00:00,22237) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,22238) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/02:10:10,23780) [kworker/0:1-events]
(root,0,0,00:00:00/01:08:23,25296) [kworker/u8:0-writeback]
(root,0,0,00:00:00/01:38:17,29630) [kworker/1:2-events]
(root,0,0,00:00:00/01:27:57,29670) [kworker/0:2-events]
(postfix,24244,8268,00:00:00/01:06:58,29784) pickup -l -t fifo -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-09-29 22:52

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f75834b8

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12680,00:00:33/17-11:34:44,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/17-11:34:44,2) [kthreadd]
(root,0,0,00:00:00/17-11:34:44,3) [rcu_gp]
(root,0,0,00:00:00/17-11:34:44,4) [rcu_par_gp]
(root,0,0,00:00:00/17-11:34:44,5) [slub_flushwq]
(root,0,0,00:00:00/17-11:34:44,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/17-11:34:44,9) [mm_percpu_wq]
(root,0,0,00:00:00/17-11:34:44,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/17-11:34:44,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/17-11:34:44,12) [rcu_tasks_trace]
(root,0,0,00:00:32/17-11:34:44,13) [ksoftirqd/0]
(root,0,0,00:50:11/17-11:34:44,14) [rcu_preempt]
(root,0,0,00:00:06/17-11:34:44,15) [migration/0]
(root,0,0,00:00:00/17-11:34:44,16) [idle_inject/0]
(root,0,0,00:00:00/17-11:34:44,18) [cpuhp/0]
(root,0,0,00:00:00/17-11:34:44,19) [cpuhp/1]
(root,0,0,00:00:00/17-11:34:44,20) [idle_inject/1]
(root,0,0,00:00:06/17-11:34:44,21) [migration/1]
(root,0,0,00:00:27/17-11:34:44,22) [ksoftirqd/1]
(root,0,0,00:00:00/17-11:34:44,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/17-11:34:44,25) [cpuhp/2]
(root,0,0,00:00:00/17-11:34:44,26) [idle_inject/2]
(root,0,0,00:00:05/17-11:34:44,27) [migration/2]
(root,0,0,00:33:33/17-11:34:44,28) [ksoftirqd/2]
(root,0,0,00:00:00/17-11:34:44,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/17-11:34:44,31) [cpuhp/3]
(root,0,0,00:00:00/17-11:34:44,32) [idle_inject/3]
(root,0,0,00:00:06/17-11:34:44,33) [migration/3]
(root,0,0,00:01:40/17-11:34:44,34) [ksoftirqd/3]
(root,0,0,00:00:00/17-11:34:44,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/17-11:34:44,40) [kdevtmpfs]
(root,0,0,00:00:00/17-11:34:44,41) [netns]
(root,0,0,00:00:00/17-11:34:44,42) [inet_frag_wq]
(root,0,0,00:00:03/17-11:34:44,43) [kauditd]
(root,0,0,00:00:00/17-11:34:44,44) [khungtaskd]
(root,0,0,00:00:00/17-11:34:44,45) [oom_reaper]
(root,0,0,00:00:00/17-11:34:44,46) [writeback]
(root,0,0,00:00:54/17-11:34:44,47) [kcompactd0]
(root,0,0,00:00:00/17-11:34:44,48) [ksmd]
(root,0,0,00:00:56/17-11:34:44,49) [khugepaged]
(root,0,0,00:00:00/17-11:34:44,75) [kintegrityd]
(root,0,0,00:00:00/17-11:34:44,76) [kblockd]
(root,0,0,00:00:00/17-11:34:44,77) [blkcg_punt_bio]
(root,0,0,00:00:00/17-11:34:44,79) [tpm_dev_wq]
(root,0,0,00:00:00/17-11:34:44,80) [edac-poller]
(root,0,0,00:00:00/17-11:34:44,81) [devfreq_wq]
(root,0,0,00:00:00/17-11:34:44,110) [watchdogd]
(root,0,0,00:00:01/17-11:34:44,111) [kswapd0]
(root,0,0,00:00:04/17-11:34:44,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/17-11:34:42,115) [kthrotld]
(root,0,0,00:00:00/17-11:34:42,116) [mld]
(root,0,0,00:00:00/17-11:34:42,117) [ipv6_addrconf]
(root,0,0,00:00:04/17-11:34:42,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/17-11:34:42,123) [kstrp]
(root,0,0,00:00:00/17-11:34:42,124) [zswap-shrink]
(root,0,0,00:00:00/17-11:34:42,125) [kworker/u9:0]
(root,0,0,00:00:00/17-11:34:42,130) [charger_manager]
(root,0,0,00:00:05/17-11:34:42,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:07/17-11:34:42,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/17-11:34:41,239) [kaluad]
(root,0,0,00:00:00/17-11:34:41,258) [kmpath_rdacd]
(root,0,0,00:00:00/17-11:34:41,304) [kmpathd]
(root,0,0,00:00:00/17-11:34:41,305) [kmpath_handlerd]
(root,0,0,00:00:00/17-11:34:40,342) [ata_sff]
(root,0,0,00:00:00/17-11:34:40,343) [scsi_eh_0]
(root,0,0,00:00:00/17-11:34:40,344) [scsi_tmf_0]
(root,0,0,00:00:00/17-11:34:40,345) [scsi_eh_1]
(root,0,0,00:00:00/17-11:34:40,346) [scsi_tmf_1]
(root,0,0,00:00:34/17-11:34:37,366) [jbd2/vda1-8]
(root,0,0,00:00:00/17-11:34:37,367) [ext4-rsv-conver]
(root,38604,7616,00:00:19/17-11:34:25,440) /usr/lib/systemd/systemd-journald
(root,53296,9748,00:00:02/17-11:34:24,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:27/17-11:34:22,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:06/17-11:33:51,511) /sbin/auditd
(messagebus,22932,5912,00:00:31/17-11:33:50,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8388,00:00:18/17-11:33:50,530) /usr/lib/systemd/systemd-logind
(root,20556,6040,00:00:00/17-11:33:50,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17436,00:00:03/17-11:33:48,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,18000,00:00:00/17-11:33:48,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,0,0,00:00:00/08:04,674) [kworker/1:2-cgroup_destroy]
(root,547848,27472,00:00:20/17-11:33:34,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26660,00:00:00/17-11:33:34,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:01:49/17-11:33:34,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/17-11:33:34,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/17-11:33:34,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/17-11:33:34,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/17-11:33:34,1343) /usr/lib/systemd/systemd --user
(root,448964,9120,00:00:19/17-11:33:34,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6340,00:02:29/17-11:33:34,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/17-11:33:34,1352) bpfilter_umh
(root,26204,8212,00:00:04/17-11:33:34,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4368,00:00:00/17-11:33:34,1359) ntpd: asynchronous dns resolver
(spot,315676,199968,1-02:56:20/17-11:33:33,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/17-11:33:33,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/17-11:33:33,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/17-11:33:33,1373) (sd-pam)
(root,24216,5268,00:00:06/17-11:33:31,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:01/17-11:33:31,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:02/17-11:33:31,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/17-11:33:28,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:01:01/17-11:33:27,1527) sshd: syslogtunnel
(root,618256,73108,00:23:53/17-11:33:25,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,214464,51668,00:10:00/17-11:33:13,1995) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/00:42,1998) [kworker/1:0]
(postfix,44628,9336,00:00:00/11-17:08:48,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/20:16,2865) [kworker/0:0-events]
(root,35308,10108,00:00:00/17-11:32:48,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:00:57/17-11:32:48,3218) sshd: cm-ssh
(root,6656,3484,00:00:00/00:00,4443) /bin/bash /usr/bin/check_mk_agent
(root,6656,3484,00:00:00/00:00,4475) /bin/bash /usr/bin/check_mk_agent
(root,13744,3508,00:00:00/00:00,4510) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,968,00:00:00/00:00,4511) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/14:26,7010) [kworker/1:1-events]
(root,0,0,00:00:00/05:37,12959) [kworker/2:2]
(root,0,0,00:00:00/44:24,14908) [kworker/u8:1-flush-253:0]
(root,0,0,00:00:00/01:57:27,15458) [kworker/0:1-events]
(root,0,0,00:00:00/04:26,16611) [kworker/3:1-ata_sff]
(postfix,24244,8324,00:00:00/59:57,18468) pickup -l -t fifo -u
(root,0,0,00:00:00/01:55:18,19474) [kworker/2:0-events]
(root,0,0,00:00:00/22:56,23140) [kworker/u8:0-ext4-rsv-conversion]
(root,0,0,00:00:00/30:23,25591) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/09:39,25716) [kworker/3:0-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-09-27 22:23

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363408484dd

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12680,00:00:23/15-09:47:12,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/15-09:47:12,2) [kthreadd]
(root,0,0,00:00:00/15-09:47:12,3) [rcu_gp]
(root,0,0,00:00:00/15-09:47:12,4) [rcu_par_gp]
(root,0,0,00:00:00/15-09:47:12,5) [slub_flushwq]
(root,0,0,00:00:00/15-09:47:12,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/15-09:47:12,9) [mm_percpu_wq]
(root,0,0,00:00:00/15-09:47:12,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/15-09:47:12,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/15-09:47:12,12) [rcu_tasks_trace]
(root,0,0,00:00:27/15-09:47:12,13) [ksoftirqd/0]
(root,0,0,00:43:06/15-09:47:12,14) [rcu_preempt]
(root,0,0,00:00:05/15-09:47:12,15) [migration/0]
(root,0,0,00:00:00/15-09:47:12,16) [idle_inject/0]
(root,0,0,00:00:00/15-09:47:12,18) [cpuhp/0]
(root,0,0,00:00:00/15-09:47:12,19) [cpuhp/1]
(root,0,0,00:00:00/15-09:47:12,20) [idle_inject/1]
(root,0,0,00:00:05/15-09:47:12,21) [migration/1]
(root,0,0,00:00:23/15-09:47:12,22) [ksoftirqd/1]
(root,0,0,00:00:00/15-09:47:12,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/15-09:47:12,25) [cpuhp/2]
(root,0,0,00:00:00/15-09:47:12,26) [idle_inject/2]
(root,0,0,00:00:04/15-09:47:12,27) [migration/2]
(root,0,0,00:28:00/15-09:47:12,28) [ksoftirqd/2]
(root,0,0,00:00:00/15-09:47:12,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/15-09:47:12,31) [cpuhp/3]
(root,0,0,00:00:00/15-09:47:12,32) [idle_inject/3]
(root,0,0,00:00:05/15-09:47:12,33) [migration/3]
(root,0,0,00:01:23/15-09:47:12,34) [ksoftirqd/3]
(root,0,0,00:00:00/15-09:47:12,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/15-09:47:12,40) [kdevtmpfs]
(root,0,0,00:00:00/15-09:47:12,41) [netns]
(root,0,0,00:00:00/15-09:47:12,42) [inet_frag_wq]
(root,0,0,00:00:01/15-09:47:12,43) [kauditd]
(root,0,0,00:00:00/15-09:47:12,44) [khungtaskd]
(root,0,0,00:00:00/15-09:47:12,45) [oom_reaper]
(root,0,0,00:00:00/15-09:47:12,46) [writeback]
(root,0,0,00:00:47/15-09:47:12,47) [kcompactd0]
(root,0,0,00:00:00/15-09:47:12,48) [ksmd]
(root,0,0,00:00:49/15-09:47:12,49) [khugepaged]
(root,0,0,00:00:00/15-09:47:12,75) [kintegrityd]
(root,0,0,00:00:00/15-09:47:12,76) [kblockd]
(root,0,0,00:00:00/15-09:47:12,77) [blkcg_punt_bio]
(root,0,0,00:00:00/15-09:47:12,79) [tpm_dev_wq]
(root,0,0,00:00:00/15-09:47:12,80) [edac-poller]
(root,0,0,00:00:00/15-09:47:12,81) [devfreq_wq]
(root,0,0,00:00:00/15-09:47:12,110) [watchdogd]
(root,0,0,00:00:01/15-09:47:12,111) [kswapd0]
(root,0,0,00:00:04/15-09:47:12,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/15-09:47:10,115) [kthrotld]
(root,0,0,00:00:00/15-09:47:10,116) [mld]
(root,0,0,00:00:00/15-09:47:10,117) [ipv6_addrconf]
(root,0,0,00:00:04/15-09:47:10,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/15-09:47:10,123) [kstrp]
(root,0,0,00:00:00/15-09:47:10,124) [zswap-shrink]
(root,0,0,00:00:00/15-09:47:10,125) [kworker/u9:0]
(root,0,0,00:00:00/15-09:47:10,130) [charger_manager]
(root,0,0,00:00:04/15-09:47:10,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:06/15-09:47:10,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/15-09:47:09,239) [kaluad]
(root,0,0,00:00:00/15-09:47:09,258) [kmpath_rdacd]
(root,0,0,00:00:00/15-09:47:09,304) [kmpathd]
(root,0,0,00:00:00/15-09:47:09,305) [kmpath_handlerd]
(root,0,0,00:00:00/15-09:47:08,342) [ata_sff]
(root,0,0,00:00:00/15-09:47:08,343) [scsi_eh_0]
(root,0,0,00:00:00/15-09:47:08,344) [scsi_tmf_0]
(root,0,0,00:00:00/15-09:47:08,345) [scsi_eh_1]
(root,0,0,00:00:00/15-09:47:08,346) [scsi_tmf_1]
(root,0,0,00:00:29/15-09:47:05,366) [jbd2/vda1-8]
(root,0,0,00:00:00/15-09:47:05,367) [ext4-rsv-conver]
(root,38604,7616,00:00:13/15-09:46:53,440) /usr/lib/systemd/systemd-journald
(root,53296,9748,00:00:01/15-09:46:52,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:23/15-09:46:50,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:04/15-09:46:19,511) /sbin/auditd
(messagebus,22932,5912,00:00:18/15-09:46:18,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8388,00:00:11/15-09:46:18,530) /usr/lib/systemd/systemd-logind
(root,20556,6040,00:00:00/15-09:46:18,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17436,00:00:03/15-09:46:16,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,18000,00:00:00/15-09:46:16,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547848,26432,00:00:18/15-09:46:02,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26660,00:00:00/15-09:46:02,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:01:35/15-09:46:02,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/15-09:46:02,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/15-09:46:02,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/15-09:46:02,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/15-09:46:02,1343) /usr/lib/systemd/systemd --user
(root,448964,8856,00:00:14/15-09:46:02,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6340,00:02:10/15-09:46:02,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/15-09:46:02,1352) bpfilter_umh
(root,26204,8212,00:00:03/15-09:46:02,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4368,00:00:00/15-09:46:02,1359) ntpd: asynchronous dns resolver
(spot,314300,199612,22:08:33/15-09:46:01,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/15-09:46:01,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/15-09:46:01,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/15-09:46:01,1373) (sd-pam)
(root,24216,5268,00:00:05/15-09:45:59,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:01/15-09:45:59,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:02/15-09:45:59,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/15-09:45:56,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:00:52/15-09:45:55,1527) sshd: syslogtunnel
(root,617868,72916,00:20:52/15-09:45:53,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,212416,49856,00:08:40/15-09:45:41,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9336,00:00:00/9-15:21:16,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/03:26,2634) [kworker/3:0-events]
(root,0,0,00:00:00/02:10:49,2845) [kworker/0:2-events]
(root,35308,10108,00:00:00/15-09:45:16,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:00:49/15-09:45:16,3218) sshd: cm-ssh
(root,0,0,00:00:00/24:12,3282) [kworker/3:1-events]
(root,0,0,00:00:00/01:45:55,6932) [kworker/2:2-events]
(root,0,0,00:00:00/43:41,9389) [kworker/1:1]
(root,0,0,00:00:00/35:22,13705) [kworker/u8:2-writeback]
(root,6656,3488,00:00:00/00:00,18127) /bin/bash /usr/bin/check_mk_agent
(root,13744,3432,00:00:00/00:00,18145) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,968,00:00:00/00:00,18146) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/08:37,19187) [kworker/3:2-ata_sff]
(postfix,24244,8280,00:00:00/01:14:18,20164) pickup -l -t fifo -u
(root,0,0,00:00:00/05:54:19,21313) [kworker/0:0-events]
(root,0,0,00:00:00/07:06,22233) [kworker/u8:1-ext4-rsv-conversion]
(root,0,0,00:00:01/05:29:29,24128) [kworker/1:2-events]
(root,0,0,00:00:00/02:35:38,29013) [kworker/2:0-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-09-25 20:35

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ab8b4856

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12680,00:00:20/13-11:07:37,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/13-11:07:37,2) [kthreadd]
(root,0,0,00:00:00/13-11:07:37,3) [rcu_gp]
(root,0,0,00:00:00/13-11:07:37,4) [rcu_par_gp]
(root,0,0,00:00:00/13-11:07:37,5) [slub_flushwq]
(root,0,0,00:00:00/13-11:07:37,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/13-11:07:37,9) [mm_percpu_wq]
(root,0,0,00:00:00/13-11:07:37,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/13-11:07:37,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/13-11:07:37,12) [rcu_tasks_trace]
(root,0,0,00:00:23/13-11:07:37,13) [ksoftirqd/0]
(root,0,0,00:37:00/13-11:07:37,14) [rcu_preempt]
(root,0,0,00:00:05/13-11:07:37,15) [migration/0]
(root,0,0,00:00:00/13-11:07:37,16) [idle_inject/0]
(root,0,0,00:00:00/13-11:07:37,18) [cpuhp/0]
(root,0,0,00:00:00/13-11:07:37,19) [cpuhp/1]
(root,0,0,00:00:00/13-11:07:37,20) [idle_inject/1]
(root,0,0,00:00:05/13-11:07:37,21) [migration/1]
(root,0,0,00:00:19/13-11:07:37,22) [ksoftirqd/1]
(root,0,0,00:00:00/13-11:07:37,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/13-11:07:37,25) [cpuhp/2]
(root,0,0,00:00:00/13-11:07:37,26) [idle_inject/2]
(root,0,0,00:00:03/13-11:07:37,27) [migration/2]
(root,0,0,00:24:18/13-11:07:37,28) [ksoftirqd/2]
(root,0,0,00:00:00/13-11:07:37,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/13-11:07:37,31) [cpuhp/3]
(root,0,0,00:00:00/13-11:07:37,32) [idle_inject/3]
(root,0,0,00:00:04/13-11:07:37,33) [migration/3]
(root,0,0,00:01:10/13-11:07:37,34) [ksoftirqd/3]
(root,0,0,00:00:00/13-11:07:37,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/13-11:07:37,40) [kdevtmpfs]
(root,0,0,00:00:00/13-11:07:37,41) [netns]
(root,0,0,00:00:00/13-11:07:37,42) [inet_frag_wq]
(root,0,0,00:00:01/13-11:07:37,43) [kauditd]
(root,0,0,00:00:00/13-11:07:37,44) [khungtaskd]
(root,0,0,00:00:00/13-11:07:37,45) [oom_reaper]
(root,0,0,00:00:00/13-11:07:37,46) [writeback]
(root,0,0,00:00:41/13-11:07:37,47) [kcompactd0]
(root,0,0,00:00:00/13-11:07:37,48) [ksmd]
(root,0,0,00:00:43/13-11:07:37,49) [khugepaged]
(root,0,0,00:00:00/13-11:07:37,75) [kintegrityd]
(root,0,0,00:00:00/13-11:07:37,76) [kblockd]
(root,0,0,00:00:00/13-11:07:37,77) [blkcg_punt_bio]
(root,0,0,00:00:00/13-11:07:37,79) [tpm_dev_wq]
(root,0,0,00:00:00/13-11:07:37,80) [edac-poller]
(root,0,0,00:00:00/13-11:07:37,81) [devfreq_wq]
(root,0,0,00:00:00/13-11:07:37,110) [watchdogd]
(root,0,0,00:00:01/13-11:07:37,111) [kswapd0]
(root,0,0,00:00:03/13-11:07:37,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/13-11:07:35,115) [kthrotld]
(root,0,0,00:00:00/13-11:07:35,116) [mld]
(root,0,0,00:00:00/13-11:07:35,117) [ipv6_addrconf]
(root,0,0,00:00:03/13-11:07:35,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/13-11:07:35,123) [kstrp]
(root,0,0,00:00:00/13-11:07:35,124) [zswap-shrink]
(root,0,0,00:00:00/13-11:07:35,125) [kworker/u9:0]
(root,0,0,00:00:00/13-11:07:35,130) [charger_manager]
(root,0,0,00:00:03/13-11:07:35,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:05/13-11:07:35,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/13-11:07:34,239) [kaluad]
(root,0,0,00:00:00/13-11:07:34,258) [kmpath_rdacd]
(root,0,0,00:00:00/13-11:07:34,304) [kmpathd]
(root,0,0,00:00:00/13-11:07:34,305) [kmpath_handlerd]
(root,0,0,00:00:00/13-11:07:33,342) [ata_sff]
(root,0,0,00:00:00/13-11:07:33,343) [scsi_eh_0]
(root,0,0,00:00:00/13-11:07:33,344) [scsi_tmf_0]
(root,0,0,00:00:00/13-11:07:33,345) [scsi_eh_1]
(root,0,0,00:00:00/13-11:07:33,346) [scsi_tmf_1]
(root,0,0,00:00:25/13-11:07:30,366) [jbd2/vda1-8]
(root,0,0,00:00:00/13-11:07:30,367) [ext4-rsv-conver]
(root,38604,7616,00:00:12/13-11:07:18,440) /usr/lib/systemd/systemd-journald
(root,53296,9748,00:00:01/13-11:07:17,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:20/13-11:07:15,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:03/13-11:06:44,511) /sbin/auditd
(messagebus,22932,5912,00:00:16/13-11:06:43,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8388,00:00:10/13-11:06:43,530) /usr/lib/systemd/systemd-logind
(root,20556,6040,00:00:00/13-11:06:43,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17436,00:00:03/13-11:06:41,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,18000,00:00:00/13-11:06:41,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547848,26172,00:00:15/13-11:06:27,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26660,00:00:00/13-11:06:27,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:01:22/13-11:06:27,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/13-11:06:27,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/13-11:06:27,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/13-11:06:27,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/13-11:06:27,1343) /usr/lib/systemd/systemd --user
(root,448964,8856,00:00:13/13-11:06:27,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6340,00:01:53/13-11:06:27,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/13-11:06:27,1352) bpfilter_umh
(root,26204,8212,00:00:02/13-11:06:27,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4368,00:00:00/13-11:06:27,1359) ntpd: asynchronous dns resolver
(spot,306028,189860,18:31:00/13-11:06:26,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/13-11:06:26,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/13-11:06:26,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/13-11:06:26,1373) (sd-pam)
(root,24216,5268,00:00:04/13-11:06:24,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:00/13-11:06:24,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:01/13-11:06:24,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/13-11:06:21,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:00:45/13-11:06:20,1527) sshd: syslogtunnel
(root,617868,70668,00:18:07/13-11:06:18,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,212416,48308,00:07:26/13-11:06:06,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9336,00:00:00/7-16:41:41,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/13-11:05:41,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:00:43/13-11:05:41,3218) sshd: cm-ssh
(root,0,0,00:00:00/05:31,9092) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/03:17:29,9135) [kworker/1:2-cgroup_destroy]
(postfix,24244,8192,00:00:00/01:16:37,11458) pickup -l -t fifo -u
(root,0,0,00:00:00/13:52,14919) [kworker/1:0-events]
(root,0,0,00:00:00/01:02:30,16390) [kworker/u8:1-ext4-rsv-conversion]
(root,0,0,00:00:00/01:43,21914) [kworker/1:1-cgroup_destroy]
(root,0,0,00:00:00/50:51,25621) [kworker/2:0-events]
(root,0,0,00:00:00/06:34:50,26936) [kworker/2:1-events]
(root,0,0,00:00:00/00:20,27887) [kworker/3:0-events]
(root,0,0,00:00:00/10:43,28929) [kworker/3:2-ata_sff]
(root,0,0,00:00:01/06:10:24,29222) [kworker/0:0-events]
(root,0,0,00:00:00/05:44:16,30927) [kworker/u8:0-flush-253:0]
(root,6656,3476,00:00:00/00:00,31095) /bin/bash /usr/bin/check_mk_agent
(root,13744,3432,00:00:00/00:00,31113) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,31114) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/38:32,31978) [kworker/0:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-09-23 21:56

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683636366c207

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12680,00:00:18/11-12:13:17,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/11-12:13:17,2) [kthreadd]
(root,0,0,00:00:00/11-12:13:17,3) [rcu_gp]
(root,0,0,00:00:00/11-12:13:17,4) [rcu_par_gp]
(root,0,0,00:00:00/11-12:13:17,5) [slub_flushwq]
(root,0,0,00:00:00/11-12:13:17,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/11-12:13:17,9) [mm_percpu_wq]
(root,0,0,00:00:00/11-12:13:17,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/11-12:13:17,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/11-12:13:17,12) [rcu_tasks_trace]
(root,0,0,00:00:20/11-12:13:17,13) [ksoftirqd/0]
(root,0,0,00:31:38/11-12:13:17,14) [rcu_preempt]
(root,0,0,00:00:04/11-12:13:17,15) [migration/0]
(root,0,0,00:00:00/11-12:13:17,16) [idle_inject/0]
(root,0,0,00:00:00/11-12:13:17,18) [cpuhp/0]
(root,0,0,00:00:00/11-12:13:17,19) [cpuhp/1]
(root,0,0,00:00:00/11-12:13:17,20) [idle_inject/1]
(root,0,0,00:00:04/11-12:13:17,21) [migration/1]
(root,0,0,00:00:16/11-12:13:17,22) [ksoftirqd/1]
(root,0,0,00:00:00/11-12:13:17,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/11-12:13:17,25) [cpuhp/2]
(root,0,0,00:00:00/11-12:13:17,26) [idle_inject/2]
(root,0,0,00:00:03/11-12:13:17,27) [migration/2]
(root,0,0,00:21:04/11-12:13:17,28) [ksoftirqd/2]
(root,0,0,00:00:00/11-12:13:17,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/11-12:13:17,31) [cpuhp/3]
(root,0,0,00:00:00/11-12:13:17,32) [idle_inject/3]
(root,0,0,00:00:04/11-12:13:17,33) [migration/3]
(root,0,0,00:01:00/11-12:13:17,34) [ksoftirqd/3]
(root,0,0,00:00:00/11-12:13:17,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/11-12:13:17,40) [kdevtmpfs]
(root,0,0,00:00:00/11-12:13:17,41) [netns]
(root,0,0,00:00:00/11-12:13:17,42) [inet_frag_wq]
(root,0,0,00:00:01/11-12:13:17,43) [kauditd]
(root,0,0,00:00:00/11-12:13:17,44) [khungtaskd]
(root,0,0,00:00:00/11-12:13:17,45) [oom_reaper]
(root,0,0,00:00:00/11-12:13:17,46) [writeback]
(root,0,0,00:00:34/11-12:13:17,47) [kcompactd0]
(root,0,0,00:00:00/11-12:13:17,48) [ksmd]
(root,0,0,00:00:37/11-12:13:17,49) [khugepaged]
(root,0,0,00:00:00/11-12:13:17,75) [kintegrityd]
(root,0,0,00:00:00/11-12:13:17,76) [kblockd]
(root,0,0,00:00:00/11-12:13:17,77) [blkcg_punt_bio]
(root,0,0,00:00:00/11-12:13:17,79) [tpm_dev_wq]
(root,0,0,00:00:00/11-12:13:17,80) [edac-poller]
(root,0,0,00:00:00/11-12:13:17,81) [devfreq_wq]
(root,0,0,00:00:00/11-12:13:17,110) [watchdogd]
(root,0,0,00:00:00/11-12:13:17,111) [kswapd0]
(root,0,0,00:00:02/11-12:13:17,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/11-12:13:15,115) [kthrotld]
(root,0,0,00:00:00/11-12:13:15,116) [mld]
(root,0,0,00:00:00/11-12:13:15,117) [ipv6_addrconf]
(root,0,0,00:00:03/11-12:13:15,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/11-12:13:15,123) [kstrp]
(root,0,0,00:00:00/11-12:13:15,124) [zswap-shrink]
(root,0,0,00:00:00/11-12:13:15,125) [kworker/u9:0]
(root,0,0,00:00:00/11-12:13:15,130) [charger_manager]
(root,0,0,00:00:03/11-12:13:15,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:05/11-12:13:15,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/11-12:13:14,239) [kaluad]
(root,0,0,00:00:00/11-12:13:14,258) [kmpath_rdacd]
(root,0,0,00:00:00/11-12:13:14,304) [kmpathd]
(root,0,0,00:00:00/11-12:13:14,305) [kmpath_handlerd]
(root,0,0,00:00:00/11-12:13:13,342) [ata_sff]
(root,0,0,00:00:00/11-12:13:13,343) [scsi_eh_0]
(root,0,0,00:00:00/11-12:13:13,344) [scsi_tmf_0]
(root,0,0,00:00:00/11-12:13:13,345) [scsi_eh_1]
(root,0,0,00:00:00/11-12:13:13,346) [scsi_tmf_1]
(root,0,0,00:00:21/11-12:13:10,366) [jbd2/vda1-8]
(root,0,0,00:00:00/11-12:13:10,367) [ext4-rsv-conver]
(root,38604,7616,00:00:10/11-12:12:58,440) /usr/lib/systemd/systemd-journald
(root,53296,9772,00:00:01/11-12:12:57,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:17/11-12:12:55,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:03/11-12:12:24,511) /sbin/auditd
(messagebus,22932,5912,00:00:14/11-12:12:23,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8380,00:00:08/11-12:12:23,530) /usr/lib/systemd/systemd-logind
(root,20556,6040,00:00:00/11-12:12:23,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17436,00:00:03/11-12:12:21,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,18000,00:00:00/11-12:12:21,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547592,25104,00:00:13/11-12:12:07,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26660,00:00:00/11-12:12:07,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:01:12/11-12:12:07,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/11-12:12:07,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/11-12:12:07,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/11-12:12:07,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/11-12:12:07,1343) /usr/lib/systemd/systemd --user
(root,448964,8880,00:00:11/11-12:12:07,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6340,00:01:37/11-12:12:07,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/11-12:12:07,1352) bpfilter_umh
(root,26204,8212,00:00:02/11-12:12:07,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4368,00:00:00/11-12:12:07,1359) ntpd: asynchronous dns resolver
(spot,293004,179100,15:29:16/11-12:12:06,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/11-12:12:06,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/11-12:12:06,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/11-12:12:06,1373) (sd-pam)
(root,24216,5268,00:00:03/11-12:12:04,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:00/11-12:12:04,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:01/11-12:12:04,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/11-12:12:01,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:00:39/11-12:12:00,1527) sshd: syslogtunnel
(root,617612,70248,00:15:29/11-12:11:58,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,210368,47284,00:06:18/11-12:11:46,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9380,00:00:00/5-17:47:21,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/11-12:11:21,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:00:36/11-12:11:21,3218) sshd: cm-ssh
(root,0,0,00:00:00/06:29,5235) [kworker/2:2-events]
(root,0,0,00:00:03/22:21:50,7785) [kworker/2:1-events]
(root,0,0,00:00:00/02:34:39,12699) [kworker/u8:0-writeback]
(postfix,24244,8224,00:00:00/01:03:08,13066) pickup -l -t fifo -u
(root,0,0,00:00:00/03:46,16073) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/05:10:24,19628) [kworker/0:1-events]
(root,0,0,00:00:00/04:45:57,20763) [kworker/1:0-events]
(root,0,0,00:00:00/31:28,24598) [kworker/u8:1-ext4-rsv-conversion]
(root,0,0,00:00:01/03:45:40,28099) [kworker/1:2-events]
(root,0,0,00:00:00/19:20,28318) [kworker/3:1-events]
(root,0,0,00:00:00/08:59,29761) [kworker/3:0-ata_sff]
(root,0,0,00:00:01/03:21:31,29792) [kworker/0:0-events]
(root,6656,3484,00:00:00/00:00,30566) /bin/bash /usr/bin/check_mk_agent
(root,13744,3420,00:00:00/00:00,30584) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,30585) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-09-21 23:02

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639390e692

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12636,00:00:15/9-11:46:33,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/9-11:46:33,2) [kthreadd]
(root,0,0,00:00:00/9-11:46:33,3) [rcu_gp]
(root,0,0,00:00:00/9-11:46:33,4) [rcu_par_gp]
(root,0,0,00:00:00/9-11:46:33,5) [slub_flushwq]
(root,0,0,00:00:00/9-11:46:33,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/9-11:46:33,9) [mm_percpu_wq]
(root,0,0,00:00:00/9-11:46:33,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/9-11:46:33,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/9-11:46:33,12) [rcu_tasks_trace]
(root,0,0,00:00:17/9-11:46:33,13) [ksoftirqd/0]
(root,0,0,00:25:47/9-11:46:33,14) [rcu_preempt]
(root,0,0,00:00:03/9-11:46:33,15) [migration/0]
(root,0,0,00:00:00/9-11:46:33,16) [idle_inject/0]
(root,0,0,00:00:00/9-11:46:33,18) [cpuhp/0]
(root,0,0,00:00:00/9-11:46:33,19) [cpuhp/1]
(root,0,0,00:00:00/9-11:46:33,20) [idle_inject/1]
(root,0,0,00:00:03/9-11:46:33,21) [migration/1]
(root,0,0,00:00:14/9-11:46:33,22) [ksoftirqd/1]
(root,0,0,00:00:00/9-11:46:33,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/9-11:46:33,25) [cpuhp/2]
(root,0,0,00:00:00/9-11:46:33,26) [idle_inject/2]
(root,0,0,00:00:02/9-11:46:33,27) [migration/2]
(root,0,0,00:17:25/9-11:46:33,28) [ksoftirqd/2]
(root,0,0,00:00:00/9-11:46:33,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/9-11:46:33,31) [cpuhp/3]
(root,0,0,00:00:00/9-11:46:33,32) [idle_inject/3]
(root,0,0,00:00:03/9-11:46:33,33) [migration/3]
(root,0,0,00:00:49/9-11:46:33,34) [ksoftirqd/3]
(root,0,0,00:00:00/9-11:46:33,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/9-11:46:33,40) [kdevtmpfs]
(root,0,0,00:00:00/9-11:46:33,41) [netns]
(root,0,0,00:00:00/9-11:46:33,42) [inet_frag_wq]
(root,0,0,00:00:01/9-11:46:33,43) [kauditd]
(root,0,0,00:00:00/9-11:46:33,44) [khungtaskd]
(root,0,0,00:00:00/9-11:46:33,45) [oom_reaper]
(root,0,0,00:00:00/9-11:46:33,46) [writeback]
(root,0,0,00:00:28/9-11:46:33,47) [kcompactd0]
(root,0,0,00:00:00/9-11:46:33,48) [ksmd]
(root,0,0,00:00:31/9-11:46:33,49) [khugepaged]
(root,0,0,00:00:00/9-11:46:33,75) [kintegrityd]
(root,0,0,00:00:00/9-11:46:33,76) [kblockd]
(root,0,0,00:00:00/9-11:46:33,77) [blkcg_punt_bio]
(root,0,0,00:00:00/9-11:46:33,79) [tpm_dev_wq]
(root,0,0,00:00:00/9-11:46:33,80) [edac-poller]
(root,0,0,00:00:00/9-11:46:33,81) [devfreq_wq]
(root,0,0,00:00:00/9-11:46:33,110) [watchdogd]
(root,0,0,00:00:00/9-11:46:33,111) [kswapd0]
(root,0,0,00:00:02/9-11:46:33,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/9-11:46:31,115) [kthrotld]
(root,0,0,00:00:00/9-11:46:31,116) [mld]
(root,0,0,00:00:00/9-11:46:31,117) [ipv6_addrconf]
(root,0,0,00:00:02/9-11:46:31,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/9-11:46:31,123) [kstrp]
(root,0,0,00:00:00/9-11:46:31,124) [zswap-shrink]
(root,0,0,00:00:00/9-11:46:31,125) [kworker/u9:0]
(root,0,0,00:00:00/9-11:46:31,130) [charger_manager]
(root,0,0,00:00:02/9-11:46:31,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:04/9-11:46:31,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/9-11:46:30,239) [kaluad]
(root,0,0,00:00:00/9-11:46:30,258) [kmpath_rdacd]
(root,0,0,00:00:00/9-11:46:30,304) [kmpathd]
(root,0,0,00:00:00/9-11:46:30,305) [kmpath_handlerd]
(root,0,0,00:00:00/9-11:46:29,342) [ata_sff]
(root,0,0,00:00:00/9-11:46:29,343) [scsi_eh_0]
(root,0,0,00:00:00/9-11:46:29,344) [scsi_tmf_0]
(root,0,0,00:00:00/9-11:46:29,345) [scsi_eh_1]
(root,0,0,00:00:00/9-11:46:29,346) [scsi_tmf_1]
(root,0,0,00:00:17/9-11:46:26,366) [jbd2/vda1-8]
(root,0,0,00:00:00/9-11:46:26,367) [ext4-rsv-conver]
(root,38604,7616,00:00:08/9-11:46:14,440) /usr/lib/systemd/systemd-journald
(root,53296,9772,00:00:01/9-11:46:13,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:14/9-11:46:11,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:02/9-11:45:40,511) /sbin/auditd
(messagebus,22932,5912,00:00:12/9-11:45:39,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8368,00:00:07/9-11:45:39,530) /usr/lib/systemd/systemd-logind
(root,20556,6040,00:00:00/9-11:45:39,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17436,00:00:03/9-11:45:37,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,18000,00:00:00/9-11:45:37,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547592,24840,00:00:10/9-11:45:23,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26660,00:00:00/9-11:45:23,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:01:01/9-11:45:23,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/9-11:45:23,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/9-11:45:23,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/9-11:45:23,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/9-11:45:23,1343) /usr/lib/systemd/systemd --user
(root,448964,8880,00:00:09/9-11:45:23,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6340,00:01:20/9-11:45:23,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/9-11:45:23,1352) bpfilter_umh
(root,26204,8212,00:00:01/9-11:45:23,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4368,00:00:00/9-11:45:23,1359) ntpd: asynchronous dns resolver
(spot,293648,180124,12:19:12/9-11:45:22,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/9-11:45:22,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/9-11:45:22,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/9-11:45:22,1373) (sd-pam)
(root,24216,5268,00:00:03/9-11:45:20,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:00/9-11:45:20,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:01/9-11:45:20,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/9-11:45:17,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:00:32/9-11:45:16,1527) sshd: syslogtunnel
(root,617356,71960,00:12:42/9-11:45:14,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,209344,45732,00:05:07/9-11:45:02,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9380,00:00:00/3-17:20:37,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/9-11:44:37,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:00:30/9-11:44:37,3218) sshd: cm-ssh
(root,0,0,00:00:00/35:46,4425) [kworker/2:2-events]
(root,0,0,00:00:00/01:37:52,9613) [kworker/1:0-events]
(root,0,0,00:00:00/02:39:07,11212) [kworker/2:0-cgroup_destroy]
(root,0,0,00:00:00/43:58,12819) [kworker/3:1-events]
(root,0,0,00:00:00/05:04:46,14431) [kworker/u8:0-flush-253:0]
(root,0,0,00:00:00/04:04:43,14915) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:01/03:51:10,15893) [kworker/0:0-events]
(postfix,24244,8268,00:00:00/58:12,17707) pickup -l -t fifo -u
(root,0,0,00:00:00/07:40,18354) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/01:25:41,20227) [kworker/0:1]
(root,0,0,00:00:01/07:04:37,26887) [kworker/1:2-events]
(root,0,0,00:00:00/02:28,28207) [kworker/3:2-ata_sff]
(root,6656,3480,00:00:00/00:00,32327) /bin/bash /usr/bin/check_mk_agent
(root,13744,3408,00:00:00/00:00,32345) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,32346) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-09-19 22:35

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639bd4fc94

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12636,00:00:12/7-11:31:33,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/7-11:31:33,2) [kthreadd]
(root,0,0,00:00:00/7-11:31:33,3) [rcu_gp]
(root,0,0,00:00:00/7-11:31:33,4) [rcu_par_gp]
(root,0,0,00:00:00/7-11:31:33,5) [slub_flushwq]
(root,0,0,00:00:00/7-11:31:33,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/7-11:31:33,9) [mm_percpu_wq]
(root,0,0,00:00:00/7-11:31:33,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/7-11:31:33,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/7-11:31:33,12) [rcu_tasks_trace]
(root,0,0,00:00:12/7-11:31:33,13) [ksoftirqd/0]
(root,0,0,00:19:53/7-11:31:33,14) [rcu_preempt]
(root,0,0,00:00:02/7-11:31:33,15) [migration/0]
(root,0,0,00:00:00/7-11:31:33,16) [idle_inject/0]
(root,0,0,00:00:00/7-11:31:33,18) [cpuhp/0]
(root,0,0,00:00:00/7-11:31:33,19) [cpuhp/1]
(root,0,0,00:00:00/7-11:31:33,20) [idle_inject/1]
(root,0,0,00:00:03/7-11:31:33,21) [migration/1]
(root,0,0,00:00:10/7-11:31:33,22) [ksoftirqd/1]
(root,0,0,00:00:00/7-11:31:33,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/7-11:31:33,25) [cpuhp/2]
(root,0,0,00:00:00/7-11:31:33,26) [idle_inject/2]
(root,0,0,00:00:02/7-11:31:33,27) [migration/2]
(root,0,0,00:13:06/7-11:31:33,28) [ksoftirqd/2]
(root,0,0,00:00:00/7-11:31:33,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/7-11:31:33,31) [cpuhp/3]
(root,0,0,00:00:00/7-11:31:33,32) [idle_inject/3]
(root,0,0,00:00:02/7-11:31:33,33) [migration/3]
(root,0,0,00:00:36/7-11:31:33,34) [ksoftirqd/3]
(root,0,0,00:00:00/7-11:31:33,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/7-11:31:33,40) [kdevtmpfs]
(root,0,0,00:00:00/7-11:31:33,41) [netns]
(root,0,0,00:00:00/7-11:31:33,42) [inet_frag_wq]
(root,0,0,00:00:00/7-11:31:33,43) [kauditd]
(root,0,0,00:00:00/7-11:31:33,44) [khungtaskd]
(root,0,0,00:00:00/7-11:31:33,45) [oom_reaper]
(root,0,0,00:00:00/7-11:31:33,46) [writeback]
(root,0,0,00:00:22/7-11:31:33,47) [kcompactd0]
(root,0,0,00:00:00/7-11:31:33,48) [ksmd]
(root,0,0,00:00:24/7-11:31:33,49) [khugepaged]
(root,0,0,00:00:00/7-11:31:33,75) [kintegrityd]
(root,0,0,00:00:00/7-11:31:33,76) [kblockd]
(root,0,0,00:00:00/7-11:31:33,77) [blkcg_punt_bio]
(root,0,0,00:00:00/7-11:31:33,79) [tpm_dev_wq]
(root,0,0,00:00:00/7-11:31:33,80) [edac-poller]
(root,0,0,00:00:00/7-11:31:33,81) [devfreq_wq]
(root,0,0,00:00:00/7-11:31:33,110) [watchdogd]
(root,0,0,00:00:00/7-11:31:33,111) [kswapd0]
(root,0,0,00:00:01/7-11:31:33,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/7-11:31:31,115) [kthrotld]
(root,0,0,00:00:00/7-11:31:31,116) [mld]
(root,0,0,00:00:00/7-11:31:31,117) [ipv6_addrconf]
(root,0,0,00:00:01/7-11:31:31,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/7-11:31:31,123) [kstrp]
(root,0,0,00:00:00/7-11:31:31,124) [zswap-shrink]
(root,0,0,00:00:00/7-11:31:31,125) [kworker/u9:0]
(root,0,0,00:00:00/7-11:31:31,130) [charger_manager]
(root,0,0,00:00:02/7-11:31:31,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:03/7-11:31:31,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/7-11:31:30,239) [kaluad]
(root,0,0,00:00:00/7-11:31:30,258) [kmpath_rdacd]
(root,0,0,00:00:00/7-11:31:30,304) [kmpathd]
(root,0,0,00:00:00/7-11:31:30,305) [kmpath_handlerd]
(root,0,0,00:00:00/7-11:31:29,342) [ata_sff]
(root,0,0,00:00:00/7-11:31:29,343) [scsi_eh_0]
(root,0,0,00:00:00/7-11:31:29,344) [scsi_tmf_0]
(root,0,0,00:00:00/7-11:31:29,345) [scsi_eh_1]
(root,0,0,00:00:00/7-11:31:29,346) [scsi_tmf_1]
(root,0,0,00:00:13/7-11:31:26,366) [jbd2/vda1-8]
(root,0,0,00:00:00/7-11:31:26,367) [ext4-rsv-conver]
(root,38604,7616,00:00:07/7-11:31:14,440) /usr/lib/systemd/systemd-journald
(root,53296,9772,00:00:01/7-11:31:13,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:11/7-11:31:11,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:02/7-11:30:40,511) /sbin/auditd
(messagebus,22932,5912,00:00:09/7-11:30:39,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8360,00:00:05/7-11:30:39,530) /usr/lib/systemd/systemd-logind
(root,20556,6040,00:00:00/7-11:30:39,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17436,00:00:03/7-11:30:37,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,18000,00:00:00/7-11:30:37,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547592,23800,00:00:08/7-11:30:23,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26660,00:00:00/7-11:30:23,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:00:46/7-11:30:23,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/7-11:30:23,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/7-11:30:23,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/7-11:30:23,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/7-11:30:23,1343) /usr/lib/systemd/systemd --user
(root,448964,8880,00:00:07/7-11:30:23,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6340,00:01:02/7-11:30:23,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/7-11:30:23,1352) bpfilter_umh
(root,26204,8212,00:00:01/7-11:30:23,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4368,00:00:00/7-11:30:23,1359) ntpd: asynchronous dns resolver
(spot,291052,176964,09:09:10/7-11:30:22,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/7-11:30:22,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/7-11:30:22,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/7-11:30:22,1373) (sd-pam)
(root,24216,5268,00:00:02/7-11:30:20,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:00/7-11:30:20,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:00/7-11:30:20,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/7-11:30:17,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:00:25/7-11:30:16,1527) sshd: syslogtunnel
(root,617356,71808,00:09:55/7-11:30:14,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,209344,44432,00:03:53/7-11:30:02,1995) /usr/bin/python3.11 /usr/bin/spot
(root,6656,3492,00:00:00/00:00,2220) /bin/bash /usr/bin/check_mk_agent
(root,6656,1828,00:00:00/00:00,2261) /bin/bash /usr/bin/check_mk_agent
(root,6656,2020,00:00:00/00:00,2262) /bin/bash /usr/bin/check_mk_agent
(root,4480,1060,00:00:00/00:00,2263) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,860,00:00:00/00:00,2264) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2680,660,00:00:00/00:00,2265) cat /proc/net/tcp /proc/net/tcp6
(root,6656,3484,00:00:00/00:00,2266) /bin/bash /usr/bin/check_mk_agent
(root,13744,3500,00:00:00/00:00,2284) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,968,00:00:00/00:00,2285) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(postfix,44628,9380,00:00:00/1-17:05:37,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/7-11:29:37,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:00:23/7-11:29:37,3218) sshd: cm-ssh
(root,0,0,00:00:01/08:16:46,6969) [kworker/0:2-events]
(root,0,0,00:00:00/07:42,8388) [kworker/3:0-ata_sff]
(root,0,0,00:00:01/03:19:42,8452) [kworker/1:2-cgroup_destroy]
(root,0,0,00:00:00/01:01:21,12808) [kworker/u8:0-ext4-rsv-conversion]
(root,0,0,00:00:00/06:37:24,14219) [kworker/0:1]
(root,0,0,00:00:00/01:08:25,17990) [kworker/2:0-events]
(root,0,0,00:00:01/05:41:44,18376) [kworker/2:2-events]
(root,0,0,00:00:00/19:43,20009) [kworker/u8:2-writeback]
(root,0,0,00:00:00/33:39,22475) [kworker/3:2-events]
(root,0,0,00:00:00/02:32,27452) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/02:30,27655) [kworker/1:0]
(root,0,0,00:00:00/13:40,27803) [kworker/1:1-events]
(postfix,24244,8296,00:00:00/01:05:15,29149) pickup -l -t fifo -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-09-17 22:20

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d18a3d9b

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12636,00:00:09/5-12:13:16,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/5-12:13:16,2) [kthreadd]
(root,0,0,00:00:00/5-12:13:16,3) [rcu_gp]
(root,0,0,00:00:00/5-12:13:16,4) [rcu_par_gp]
(root,0,0,00:00:00/5-12:13:16,5) [slub_flushwq]
(root,0,0,00:00:00/5-12:13:16,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/5-12:13:16,9) [mm_percpu_wq]
(root,0,0,00:00:00/5-12:13:16,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/5-12:13:16,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/5-12:13:16,12) [rcu_tasks_trace]
(root,0,0,00:00:09/5-12:13:16,13) [ksoftirqd/0]
(root,0,0,00:14:12/5-12:13:16,14) [rcu_preempt]
(root,0,0,00:00:02/5-12:13:16,15) [migration/0]
(root,0,0,00:00:00/5-12:13:16,16) [idle_inject/0]
(root,0,0,00:00:00/5-12:13:16,18) [cpuhp/0]
(root,0,0,00:00:00/5-12:13:16,19) [cpuhp/1]
(root,0,0,00:00:00/5-12:13:16,20) [idle_inject/1]
(root,0,0,00:00:02/5-12:13:16,21) [migration/1]
(root,0,0,00:00:07/5-12:13:16,22) [ksoftirqd/1]
(root,0,0,00:00:00/5-12:13:16,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/5-12:13:16,25) [cpuhp/2]
(root,0,0,00:00:00/5-12:13:16,26) [idle_inject/2]
(root,0,0,00:00:01/5-12:13:16,27) [migration/2]
(root,0,0,00:09:17/5-12:13:16,28) [ksoftirqd/2]
(root,0,0,00:00:00/5-12:13:16,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/5-12:13:16,31) [cpuhp/3]
(root,0,0,00:00:00/5-12:13:16,32) [idle_inject/3]
(root,0,0,00:00:02/5-12:13:16,33) [migration/3]
(root,0,0,00:00:25/5-12:13:16,34) [ksoftirqd/3]
(root,0,0,00:00:00/5-12:13:16,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/5-12:13:16,40) [kdevtmpfs]
(root,0,0,00:00:00/5-12:13:16,41) [netns]
(root,0,0,00:00:00/5-12:13:16,42) [inet_frag_wq]
(root,0,0,00:00:00/5-12:13:16,43) [kauditd]
(root,0,0,00:00:00/5-12:13:16,44) [khungtaskd]
(root,0,0,00:00:00/5-12:13:16,45) [oom_reaper]
(root,0,0,00:00:00/5-12:13:16,46) [writeback]
(root,0,0,00:00:15/5-12:13:16,47) [kcompactd0]
(root,0,0,00:00:00/5-12:13:16,48) [ksmd]
(root,0,0,00:00:16/5-12:13:16,49) [khugepaged]
(root,0,0,00:00:00/5-12:13:16,75) [kintegrityd]
(root,0,0,00:00:00/5-12:13:16,76) [kblockd]
(root,0,0,00:00:00/5-12:13:16,77) [blkcg_punt_bio]
(root,0,0,00:00:00/5-12:13:16,79) [tpm_dev_wq]
(root,0,0,00:00:00/5-12:13:16,80) [edac-poller]
(root,0,0,00:00:00/5-12:13:16,81) [devfreq_wq]
(root,0,0,00:00:00/5-12:13:16,110) [watchdogd]
(root,0,0,00:00:00/5-12:13:16,111) [kswapd0]
(root,0,0,00:00:01/5-12:13:16,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/5-12:13:14,115) [kthrotld]
(root,0,0,00:00:00/5-12:13:14,116) [mld]
(root,0,0,00:00:00/5-12:13:14,117) [ipv6_addrconf]
(root,0,0,00:00:01/5-12:13:14,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/5-12:13:14,123) [kstrp]
(root,0,0,00:00:00/5-12:13:14,124) [zswap-shrink]
(root,0,0,00:00:00/5-12:13:14,125) [kworker/u9:0]
(root,0,0,00:00:00/5-12:13:14,130) [charger_manager]
(root,0,0,00:00:01/5-12:13:14,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:02/5-12:13:14,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/5-12:13:13,239) [kaluad]
(root,0,0,00:00:00/5-12:13:13,258) [kmpath_rdacd]
(root,0,0,00:00:00/5-12:13:13,304) [kmpathd]
(root,0,0,00:00:00/5-12:13:13,305) [kmpath_handlerd]
(root,0,0,00:00:00/5-12:13:12,342) [ata_sff]
(root,0,0,00:00:00/5-12:13:12,343) [scsi_eh_0]
(root,0,0,00:00:00/5-12:13:12,344) [scsi_tmf_0]
(root,0,0,00:00:00/5-12:13:12,345) [scsi_eh_1]
(root,0,0,00:00:00/5-12:13:12,346) [scsi_tmf_1]
(root,0,0,00:00:09/5-12:13:09,366) [jbd2/vda1-8]
(root,0,0,00:00:00/5-12:13:09,367) [ext4-rsv-conver]
(root,38604,7616,00:00:05/5-12:12:57,440) /usr/lib/systemd/systemd-journald
(root,53296,9868,00:00:00/5-12:12:56,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:08/5-12:12:54,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:01/5-12:12:23,511) /sbin/auditd
(messagebus,22932,5912,00:00:07/5-12:12:22,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8360,00:00:04/5-12:12:22,530) /usr/lib/systemd/systemd-logind
(root,20556,6064,00:00:00/5-12:12:22,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17460,00:00:03/5-12:12:20,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,18024,00:00:00/5-12:12:20,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547592,23628,00:00:06/5-12:12:06,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26736,00:00:00/5-12:12:06,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:00:34/5-12:12:06,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/5-12:12:06,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/5-12:12:06,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/5-12:12:06,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/5-12:12:06,1343) /usr/lib/systemd/systemd --user
(root,448964,8616,00:00:06/5-12:12:06,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6344,00:00:44/5-12:12:06,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/5-12:12:06,1352) bpfilter_umh
(root,26204,8212,00:00:01/5-12:12:06,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4372,00:00:00/5-12:12:06,1359) ntpd: asynchronous dns resolver
(spot,211916,174564,06:17:01/5-12:12:05,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/5-12:12:05,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/5-12:12:05,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/5-12:12:05,1373) (sd-pam)
(root,24216,5268,00:00:01/5-12:12:03,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:00/5-12:12:03,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:00/5-12:12:03,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/5-12:12:00,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:00:18/5-12:11:59,1527) sshd: syslogtunnel
(root,617100,69472,00:07:10/5-12:11:57,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,208320,43148,00:02:46/5-12:11:45,1995) /usr/bin/python3.11 /usr/bin/spot
(root,35308,10108,00:00:00/5-12:11:20,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:00:17/5-12:11:20,3218) sshd: cm-ssh
(root,0,0,00:00:00/01:56,3337) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/01:29,4816) [kworker/u8:0-writeback]
(root,0,0,00:00:00/41:57,8519) [kworker/u8:1-ext4-rsv-conversion]
(root,6656,3488,00:00:00/00:00,12158) /bin/bash /usr/bin/check_mk_agent
(root,13744,3520,00:00:00/00:00,12176) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,952,00:00:00/00:00,12177) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/17:59,12853) [kworker/1:0-events]
(postfix,24244,8228,00:00:00/27:49,15243) pickup -l -t fifo -u
(root,0,0,00:00:00/01:46:43,18842) [kworker/0:0-events]
(root,0,0,00:00:00/48:38,19687) [kworker/3:0-events]
(root,0,0,00:00:01/04:31:52,20908) [kworker/2:1-events]
(root,0,0,00:00:00/07:09,24226) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/06:56,24590) [kworker/0:2-events]
(root,0,0,00:00:01/03:14:41,25521) [kworker/1:2-events]
(root,0,0,00:00:00/09:06:29,28908) [kworker/u8:2-writeback]
(root,0,0,00:00:00/01:13:51,31575) [kworker/2:2-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-09-15 23:01

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639b5a8d31

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12636,00:00:07/3-10:58:26,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/3-10:58:26,2) [kthreadd]
(root,0,0,00:00:00/3-10:58:26,3) [rcu_gp]
(root,0,0,00:00:00/3-10:58:26,4) [rcu_par_gp]
(root,0,0,00:00:00/3-10:58:26,5) [slub_flushwq]
(root,0,0,00:00:00/3-10:58:26,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/3-10:58:26,9) [mm_percpu_wq]
(root,0,0,00:00:00/3-10:58:26,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/3-10:58:26,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/3-10:58:26,12) [rcu_tasks_trace]
(root,0,0,00:00:05/3-10:58:26,13) [ksoftirqd/0]
(root,0,0,00:08:50/3-10:58:26,14) [rcu_preempt]
(root,0,0,00:00:01/3-10:58:26,15) [migration/0]
(root,0,0,00:00:00/3-10:58:26,16) [idle_inject/0]
(root,0,0,00:00:00/3-10:58:26,18) [cpuhp/0]
(root,0,0,00:00:00/3-10:58:26,19) [cpuhp/1]
(root,0,0,00:00:00/3-10:58:26,20) [idle_inject/1]
(root,0,0,00:00:01/3-10:58:26,21) [migration/1]
(root,0,0,00:00:04/3-10:58:26,22) [ksoftirqd/1]
(root,0,0,00:00:00/3-10:58:26,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/3-10:58:26,25) [cpuhp/2]
(root,0,0,00:00:00/3-10:58:26,26) [idle_inject/2]
(root,0,0,00:00:01/3-10:58:26,27) [migration/2]
(root,0,0,00:05:59/3-10:58:26,28) [ksoftirqd/2]
(root,0,0,00:00:00/3-10:58:26,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/3-10:58:26,31) [cpuhp/3]
(root,0,0,00:00:00/3-10:58:26,32) [idle_inject/3]
(root,0,0,00:00:01/3-10:58:26,33) [migration/3]
(root,0,0,00:00:16/3-10:58:26,34) [ksoftirqd/3]
(root,0,0,00:00:00/3-10:58:26,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/3-10:58:26,40) [kdevtmpfs]
(root,0,0,00:00:00/3-10:58:26,41) [netns]
(root,0,0,00:00:00/3-10:58:26,42) [inet_frag_wq]
(root,0,0,00:00:00/3-10:58:26,43) [kauditd]
(root,0,0,00:00:00/3-10:58:26,44) [khungtaskd]
(root,0,0,00:00:00/3-10:58:26,45) [oom_reaper]
(root,0,0,00:00:00/3-10:58:26,46) [writeback]
(root,0,0,00:00:09/3-10:58:26,47) [kcompactd0]
(root,0,0,00:00:00/3-10:58:26,48) [ksmd]
(root,0,0,00:00:10/3-10:58:26,49) [khugepaged]
(root,0,0,00:00:00/3-10:58:26,75) [kintegrityd]
(root,0,0,00:00:00/3-10:58:26,76) [kblockd]
(root,0,0,00:00:00/3-10:58:26,77) [blkcg_punt_bio]
(root,0,0,00:00:00/3-10:58:26,79) [tpm_dev_wq]
(root,0,0,00:00:00/3-10:58:26,80) [edac-poller]
(root,0,0,00:00:00/3-10:58:26,81) [devfreq_wq]
(root,0,0,00:00:00/3-10:58:26,110) [watchdogd]
(root,0,0,00:00:00/3-10:58:26,111) [kswapd0]
(root,0,0,00:00:00/3-10:58:26,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/3-10:58:24,115) [kthrotld]
(root,0,0,00:00:00/3-10:58:24,116) [mld]
(root,0,0,00:00:00/3-10:58:24,117) [ipv6_addrconf]
(root,0,0,00:00:00/3-10:58:24,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/3-10:58:24,123) [kstrp]
(root,0,0,00:00:00/3-10:58:24,124) [zswap-shrink]
(root,0,0,00:00:00/3-10:58:24,125) [kworker/u9:0]
(root,0,0,00:00:00/3-10:58:24,130) [charger_manager]
(root,0,0,00:00:00/3-10:58:24,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:01/3-10:58:24,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/3-10:58:23,239) [kaluad]
(root,0,0,00:00:00/3-10:58:23,258) [kmpath_rdacd]
(root,0,0,00:00:00/3-10:58:23,304) [kmpathd]
(root,0,0,00:00:00/3-10:58:23,305) [kmpath_handlerd]
(root,0,0,00:00:00/3-10:58:22,342) [ata_sff]
(root,0,0,00:00:00/3-10:58:22,343) [scsi_eh_0]
(root,0,0,00:00:00/3-10:58:22,344) [scsi_tmf_0]
(root,0,0,00:00:00/3-10:58:22,345) [scsi_eh_1]
(root,0,0,00:00:00/3-10:58:22,346) [scsi_tmf_1]
(root,0,0,00:00:05/3-10:58:19,366) [jbd2/vda1-8]
(root,0,0,00:00:00/3-10:58:19,367) [ext4-rsv-conver]
(root,38604,7616,00:00:03/3-10:58:07,440) /usr/lib/systemd/systemd-journald
(root,53296,9868,00:00:00/3-10:58:06,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:05/3-10:58:04,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:00/3-10:57:33,511) /sbin/auditd
(messagebus,22932,5912,00:00:04/3-10:57:32,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8356,00:00:02/3-10:57:32,530) /usr/lib/systemd/systemd-logind
(root,20556,6064,00:00:00/3-10:57:32,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17460,00:00:03/3-10:57:30,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,18024,00:00:00/3-10:57:30,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547336,22784,00:00:04/3-10:57:16,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26736,00:00:00/3-10:57:16,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:00:21/3-10:57:16,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/3-10:57:16,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/3-10:57:16,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/3-10:57:16,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/3-10:57:16,1343) /usr/lib/systemd/systemd --user
(root,448964,8096,00:00:04/3-10:57:16,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6344,00:00:27/3-10:57:16,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/3-10:57:16,1352) bpfilter_umh
(root,26204,8212,00:00:00/3-10:57:16,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4372,00:00:00/3-10:57:16,1359) ntpd: asynchronous dns resolver
(spot,205964,169192,04:00:18/3-10:57:15,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/3-10:57:15,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/3-10:57:15,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/3-10:57:15,1373) (sd-pam)
(root,24216,5268,00:00:01/3-10:57:13,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:00/3-10:57:13,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:00/3-10:57:13,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/3-10:57:10,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:00:11/3-10:57:09,1527) sshd: syslogtunnel
(root,615564,67928,00:04:31/3-10:57:07,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,206272,41868,00:01:47/3-10:56:55,1995) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:01/06:25:07,2276) [kworker/1:2-events]
(root,35308,10108,00:00:00/3-10:56:30,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:00:10/3-10:56:30,3218) sshd: cm-ssh
(root,0,0,00:00:00/05:22,4067) [kworker/1:1]
(root,0,0,00:00:01/06:09:04,5266) [kworker/2:1-events]
(postfix,24244,8264,00:00:00/01:14:59,8312) pickup -l -t fifo -u
(root,0,0,00:00:00/01:22:46,11441) [kworker/0:2-events]
(root,0,0,00:00:00/02:17:45,13615) [kworker/2:2]
(root,0,0,00:00:00/17:32,15073) [kworker/3:0-events]
(root,0,0,00:00:00/17:04,16927) [kworker/u8:2-writeback]
(root,0,0,00:00:00/01:58,18524) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/24:00,22015) [kworker/u8:1-flush-253:0]
(root,6656,3488,00:00:00/00:00,25208) /bin/bash /usr/bin/check_mk_agent
(root,6656,1824,00:00:00/00:00,25261) /bin/bash /usr/bin/check_mk_agent
(root,6656,2016,00:00:00/00:00,25262) /bin/bash /usr/bin/check_mk_agent
(root,4480,1168,00:00:00/00:00,25264) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,772,00:00:00/00:00,25265) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2680,756,00:00:00/00:00,25267) cat /proc/net/tcp /proc/net/tcp6
(root,6656,3488,00:00:00/00:00,25274) /bin/bash /usr/bin/check_mk_agent
(root,13744,3484,00:00:00/00:00,25292) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,25293) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:02/16:02:20,28478) [kworker/0:0-events]
(root,0,0,00:00:00/07:09,30974) [kworker/3:2-ata_sff]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-09-13 21:47

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836364a16760

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12636,00:00:04/1-14:02:33,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/1-14:02:33,2) [kthreadd]
(root,0,0,00:00:00/1-14:02:33,3) [rcu_gp]
(root,0,0,00:00:00/1-14:02:33,4) [rcu_par_gp]
(root,0,0,00:00:00/1-14:02:33,5) [slub_flushwq]
(root,0,0,00:00:00/1-14:02:33,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/1-14:02:33,9) [mm_percpu_wq]
(root,0,0,00:00:00/1-14:02:33,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/1-14:02:33,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/1-14:02:33,12) [rcu_tasks_trace]
(root,0,0,00:00:03/1-14:02:33,13) [ksoftirqd/0]
(root,0,0,00:04:11/1-14:02:33,14) [rcu_preempt]
(root,0,0,00:00:00/1-14:02:33,15) [migration/0]
(root,0,0,00:00:00/1-14:02:33,16) [idle_inject/0]
(root,0,0,00:00:00/1-14:02:33,18) [cpuhp/0]
(root,0,0,00:00:00/1-14:02:33,19) [cpuhp/1]
(root,0,0,00:00:00/1-14:02:33,20) [idle_inject/1]
(root,0,0,00:00:00/1-14:02:33,21) [migration/1]
(root,0,0,00:00:02/1-14:02:33,22) [ksoftirqd/1]
(root,0,0,00:00:00/1-14:02:33,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/1-14:02:33,25) [cpuhp/2]
(root,0,0,00:00:00/1-14:02:33,26) [idle_inject/2]
(root,0,0,00:00:00/1-14:02:33,27) [migration/2]
(root,0,0,00:02:43/1-14:02:33,28) [ksoftirqd/2]
(root,0,0,00:00:00/1-14:02:33,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/1-14:02:33,31) [cpuhp/3]
(root,0,0,00:00:00/1-14:02:33,32) [idle_inject/3]
(root,0,0,00:00:00/1-14:02:33,33) [migration/3]
(root,0,0,00:00:08/1-14:02:33,34) [ksoftirqd/3]
(root,0,0,00:00:00/1-14:02:33,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/1-14:02:33,40) [kdevtmpfs]
(root,0,0,00:00:00/1-14:02:33,41) [netns]
(root,0,0,00:00:00/1-14:02:33,42) [inet_frag_wq]
(root,0,0,00:00:00/1-14:02:33,43) [kauditd]
(root,0,0,00:00:00/1-14:02:33,44) [khungtaskd]
(root,0,0,00:00:00/1-14:02:33,45) [oom_reaper]
(root,0,0,00:00:00/1-14:02:33,46) [writeback]
(root,0,0,00:00:04/1-14:02:33,47) [kcompactd0]
(root,0,0,00:00:00/1-14:02:33,48) [ksmd]
(root,0,0,00:00:05/1-14:02:33,49) [khugepaged]
(root,0,0,00:00:00/1-14:02:33,75) [kintegrityd]
(root,0,0,00:00:00/1-14:02:33,76) [kblockd]
(root,0,0,00:00:00/1-14:02:33,77) [blkcg_punt_bio]
(root,0,0,00:00:00/1-14:02:33,79) [tpm_dev_wq]
(root,0,0,00:00:00/1-14:02:33,80) [edac-poller]
(root,0,0,00:00:00/1-14:02:33,81) [devfreq_wq]
(root,0,0,00:00:00/1-14:02:33,110) [watchdogd]
(root,0,0,00:00:00/1-14:02:33,111) [kswapd0]
(root,0,0,00:00:00/1-14:02:33,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/1-14:02:31,115) [kthrotld]
(root,0,0,00:00:00/1-14:02:31,116) [mld]
(root,0,0,00:00:00/1-14:02:31,117) [ipv6_addrconf]
(root,0,0,00:00:00/1-14:02:31,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/1-14:02:31,123) [kstrp]
(root,0,0,00:00:00/1-14:02:31,124) [zswap-shrink]
(root,0,0,00:00:00/1-14:02:31,125) [kworker/u9:0]
(root,0,0,00:00:00/1-14:02:31,130) [charger_manager]
(root,0,0,00:00:00/1-14:02:31,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/1-14:02:31,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/1-14:02:30,239) [kaluad]
(root,0,0,00:00:00/1-14:02:30,258) [kmpath_rdacd]
(root,0,0,00:00:00/1-14:02:30,304) [kmpathd]
(root,0,0,00:00:00/1-14:02:30,305) [kmpath_handlerd]
(root,0,0,00:00:00/1-14:02:29,342) [ata_sff]
(root,0,0,00:00:00/1-14:02:29,343) [scsi_eh_0]
(root,0,0,00:00:00/1-14:02:29,344) [scsi_tmf_0]
(root,0,0,00:00:00/1-14:02:29,345) [scsi_eh_1]
(root,0,0,00:00:00/1-14:02:29,346) [scsi_tmf_1]
(root,0,0,00:00:02/1-14:02:26,366) [jbd2/vda1-8]
(root,0,0,00:00:00/1-14:02:26,367) [ext4-rsv-conver]
(root,38604,7616,00:00:01/1-14:02:14,440) /usr/lib/systemd/systemd-journald
(root,53296,9868,00:00:00/1-14:02:13,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:02/1-14:02:11,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:00/1-14:01:40,511) /sbin/auditd
(messagebus,22932,5912,00:00:02/1-14:01:39,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8332,00:00:01/1-14:01:39,530) /usr/lib/systemd/systemd-logind
(root,20556,6064,00:00:00/1-14:01:39,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17460,00:00:03/1-14:01:37,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,18024,00:00:00/1-14:01:37,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547336,22256,00:00:02/1-14:01:23,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26736,00:00:00/1-14:01:23,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:00:10/1-14:01:23,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/1-14:01:23,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/1-14:01:23,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/1-14:01:23,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/1-14:01:23,1343) /usr/lib/systemd/systemd --user
(root,448964,8096,00:00:02/1-14:01:23,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6344,00:00:12/1-14:01:23,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/1-14:01:23,1352) bpfilter_umh
(root,26204,8212,00:00:00/1-14:01:23,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4372,00:00:00/1-14:01:23,1359) ntpd: asynchronous dns resolver
(spot,204908,167908,02:02:43/1-14:01:22,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/1-14:01:22,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/1-14:01:22,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/1-14:01:22,1373) (sd-pam)
(root,24216,5268,00:00:00/1-14:01:20,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:00/1-14:01:20,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:00/1-14:01:20,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/1-14:01:17,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:00:05/1-14:01:16,1527) sshd: syslogtunnel
(root,615564,69636,00:02:09/1-14:01:14,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,0,0,00:00:00/01:55:43,1585) [kworker/u8:0-flush-253:0]
(root,0,0,00:00:00/03:59,1941) [kworker/3:0-events]
(spot,206272,41356,00:00:51/1-14:01:02,1995) /usr/bin/python3.11 /usr/bin/spot
(root,35308,10108,00:00:00/1-14:00:37,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:00:04/1-14:00:37,3218) sshd: cm-ssh
(postfix,24244,8204,00:00:00/01:20:55,5964) pickup -l -t fifo -u
(root,0,0,00:00:00/19:32,9104) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/01:38:36,11820) [kworker/2:2-events]
(root,6656,3484,00:00:00/00:00,13355) /bin/bash /usr/bin/check_mk_agent
(root,13744,3528,00:00:00/00:00,13373) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,968,00:00:00/00:00,13374) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/02:11:55,17596) [kworker/0:0-events]
(root,0,0,00:00:00/03:11:12,22963) [kworker/u8:1-ext4-rsv-conversion]
(root,0,0,00:00:00/09:10,24302) [kworker/3:2-ata_sff]
(root,0,0,00:00:08/08:01:55,25188) [kworker/1:2-events]
(root,0,0,00:00:00/54:39,27435) [kworker/2:0-events]
(root,0,0,00:00:00/31:10,27675) [kworker/1:1]
(root,0,0,00:00:01/05:18:24,31079) [kworker/0:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-09-12 00:51

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363cc4f70f7

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12528,00:00:04/1-04:10:45,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/1-04:10:45,2) [kthreadd]
(root,0,0,00:00:00/1-04:10:45,3) [rcu_gp]
(root,0,0,00:00:00/1-04:10:45,4) [rcu_par_gp]
(root,0,0,00:00:00/1-04:10:45,5) [slub_flushwq]
(root,0,0,00:00:00/1-04:10:45,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/1-04:10:45,9) [mm_percpu_wq]
(root,0,0,00:00:00/1-04:10:45,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/1-04:10:45,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/1-04:10:45,12) [rcu_tasks_trace]
(root,0,0,00:00:02/1-04:10:45,13) [ksoftirqd/0]
(root,0,0,00:03:11/1-04:10:45,14) [rcu_preempt]
(root,0,0,00:00:00/1-04:10:45,15) [migration/0]
(root,0,0,00:00:00/1-04:10:45,16) [idle_inject/0]
(root,0,0,00:00:00/1-04:10:45,18) [cpuhp/0]
(root,0,0,00:00:00/1-04:10:45,19) [cpuhp/1]
(root,0,0,00:00:00/1-04:10:45,20) [idle_inject/1]
(root,0,0,00:00:00/1-04:10:45,21) [migration/1]
(root,0,0,00:00:01/1-04:10:45,22) [ksoftirqd/1]
(root,0,0,00:00:00/1-04:10:45,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/1-04:10:45,25) [cpuhp/2]
(root,0,0,00:00:00/1-04:10:45,26) [idle_inject/2]
(root,0,0,00:00:00/1-04:10:45,27) [migration/2]
(root,0,0,00:02:08/1-04:10:45,28) [ksoftirqd/2]
(root,0,0,00:00:00/1-04:10:45,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/1-04:10:45,31) [cpuhp/3]
(root,0,0,00:00:00/1-04:10:45,32) [idle_inject/3]
(root,0,0,00:00:00/1-04:10:45,33) [migration/3]
(root,0,0,00:00:06/1-04:10:45,34) [ksoftirqd/3]
(root,0,0,00:00:00/1-04:10:45,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/1-04:10:45,40) [kdevtmpfs]
(root,0,0,00:00:00/1-04:10:45,41) [netns]
(root,0,0,00:00:00/1-04:10:45,42) [inet_frag_wq]
(root,0,0,00:00:00/1-04:10:45,43) [kauditd]
(root,0,0,00:00:00/1-04:10:45,44) [khungtaskd]
(root,0,0,00:00:00/1-04:10:45,45) [oom_reaper]
(root,0,0,00:00:00/1-04:10:45,46) [writeback]
(root,0,0,00:00:03/1-04:10:45,47) [kcompactd0]
(root,0,0,00:00:00/1-04:10:45,48) [ksmd]
(root,0,0,00:00:03/1-04:10:45,49) [khugepaged]
(root,0,0,00:00:00/1-04:10:45,75) [kintegrityd]
(root,0,0,00:00:00/1-04:10:45,76) [kblockd]
(root,0,0,00:00:00/1-04:10:45,77) [blkcg_punt_bio]
(root,0,0,00:00:00/1-04:10:45,79) [tpm_dev_wq]
(root,0,0,00:00:00/1-04:10:45,80) [edac-poller]
(root,0,0,00:00:00/1-04:10:45,81) [devfreq_wq]
(root,0,0,00:00:00/1-04:10:45,110) [watchdogd]
(root,0,0,00:00:00/1-04:10:45,111) [kswapd0]
(root,0,0,00:00:00/1-04:10:45,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/1-04:10:43,115) [kthrotld]
(root,0,0,00:00:00/1-04:10:43,116) [mld]
(root,0,0,00:00:00/1-04:10:43,117) [ipv6_addrconf]
(root,0,0,00:00:00/1-04:10:43,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/1-04:10:43,123) [kstrp]
(root,0,0,00:00:00/1-04:10:43,124) [zswap-shrink]
(root,0,0,00:00:00/1-04:10:43,125) [kworker/u9:0]
(root,0,0,00:00:00/1-04:10:43,130) [charger_manager]
(root,0,0,00:00:00/1-04:10:43,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/1-04:10:43,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/1-04:10:42,239) [kaluad]
(root,0,0,00:00:00/1-04:10:42,258) [kmpath_rdacd]
(root,0,0,00:00:00/1-04:10:42,304) [kmpathd]
(root,0,0,00:00:00/1-04:10:42,305) [kmpath_handlerd]
(root,0,0,00:00:00/1-04:10:41,342) [ata_sff]
(root,0,0,00:00:00/1-04:10:41,343) [scsi_eh_0]
(root,0,0,00:00:00/1-04:10:41,344) [scsi_tmf_0]
(root,0,0,00:00:00/1-04:10:41,345) [scsi_eh_1]
(root,0,0,00:00:00/1-04:10:41,346) [scsi_tmf_1]
(root,0,0,00:00:02/1-04:10:38,366) [jbd2/vda1-8]
(root,0,0,00:00:00/1-04:10:38,367) [ext4-rsv-conver]
(root,38604,7616,00:00:01/1-04:10:26,440) /usr/lib/systemd/systemd-journald
(root,53296,9868,00:00:00/1-04:10:25,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:02/1-04:10:23,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:00/1-04:09:52,511) /sbin/auditd
(messagebus,22932,5912,00:00:01/1-04:09:51,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8328,00:00:01/1-04:09:51,530) /usr/lib/systemd/systemd-logind
(root,20556,6064,00:00:00/1-04:09:51,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17460,00:00:03/1-04:09:49,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,18024,00:00:00/1-04:09:49,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547336,22256,00:00:01/1-04:09:35,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26736,00:00:00/1-04:09:35,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:00:05/1-04:09:35,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/1-04:09:35,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/1-04:09:35,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/1-04:09:35,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/1-04:09:35,1343) /usr/lib/systemd/systemd --user
(root,448724,7512,00:00:01/1-04:09:35,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6344,00:00:09/1-04:09:35,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/1-04:09:35,1352) bpfilter_umh
(root,26204,8212,00:00:00/1-04:09:35,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4372,00:00:00/1-04:09:35,1359) ntpd: asynchronous dns resolver
(spot,207612,168600,01:43:35/1-04:09:34,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/1-04:09:34,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/1-04:09:34,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/1-04:09:34,1373) (sd-pam)
(root,24216,5268,00:00:00/1-04:09:32,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:00/1-04:09:32,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:00/1-04:09:32,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/1-04:09:29,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:00:04/1-04:09:28,1527) sshd: syslogtunnel
(root,615564,69588,00:01:37/1-04:09:26,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,206272,41236,00:00:43/1-04:09:14,1995) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:01/02:49:41,2566) [kworker/3:1-events]
(root,0,0,00:00:00/01:50:30,2600) [kworker/u8:2-writeback]
(root,35308,10108,00:00:00/1-04:08:49,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:00:03/1-04:08:49,3218) sshd: cm-ssh
(root,0,0,00:00:01/01:39:53,3538) [kworker/1:0-events]
(root,6656,3484,00:00:00/00:00,4486) /bin/bash /usr/bin/check_mk_agent
(root,13744,3500,00:00:00/00:00,4504) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,4505) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/03:59:31,4560) [kworker/2:2]
(root,0,0,00:00:04/05:56:16,5621) [kworker/1:2-events]
(postfix,24244,8204,00:00:00/01:29:25,6227) pickup -l -t fifo -u
(root,0,0,00:00:00/03:39,8047) [kworker/3:2-ata_sff]
(root,0,0,00:00:01/04:20:58,16015) [kworker/0:0-events]
(root,0,0,00:00:00/08:50,19944) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/02:24:17,21729) [kworker/u8:1-ext4-rsv-conversion]
(root,0,0,00:00:03/14:15:09,26524) [kworker/2:0-events]
(root,0,0,00:00:00/15:06,31401) [kworker/0:2-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-09-11 14:59
    Create report
Domain summary
No record

© 2024 LeakIX
About LeakIX - Credits - Take-down and blacklist requests - Security issues - Terms and conditions - Cookie policy - Legal notice