Host 141.9.248.66
Germany
Verein zur Foerderung eines Deutschen Forschungsnetzes e.V.
  • CheckMK monitoring endpoint publicly available
    IP: 141.9.248.66
    Port: 6556
    First seen 2024-10-29 13:31
    Last seen 2024-12-22 00:58
    Open for 53 days

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a375b67f

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12584,00:01:36/39-14:36:19,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/39-14:36:19,2) [kthreadd]
(root,0,0,00:00:00/39-14:36:19,3) [rcu_gp]
(root,0,0,00:00:00/39-14:36:19,4) [rcu_par_gp]
(root,0,0,00:00:00/39-14:36:19,5) [slub_flushwq]
(root,0,0,00:00:00/39-14:36:19,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/39-14:36:19,9) [mm_percpu_wq]
(root,0,0,00:00:00/39-14:36:19,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/39-14:36:19,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/39-14:36:19,12) [rcu_tasks_trace]
(root,0,0,00:01:15/39-14:36:19,13) [ksoftirqd/0]
(root,0,0,01:45:18/39-14:36:19,14) [rcu_preempt]
(root,0,0,00:00:15/39-14:36:19,15) [migration/0]
(root,0,0,00:00:00/39-14:36:19,16) [idle_inject/0]
(root,0,0,00:00:00/39-14:36:19,18) [cpuhp/0]
(root,0,0,00:00:00/39-14:36:19,19) [cpuhp/1]
(root,0,0,00:00:00/39-14:36:19,20) [idle_inject/1]
(root,0,0,00:00:15/39-14:36:19,21) [migration/1]
(root,0,0,00:01:05/39-14:36:19,22) [ksoftirqd/1]
(root,0,0,00:00:00/39-14:36:19,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/39-14:36:19,25) [cpuhp/2]
(root,0,0,00:00:00/39-14:36:19,26) [idle_inject/2]
(root,0,0,00:00:12/39-14:36:19,27) [migration/2]
(root,0,0,01:14:06/39-14:36:19,28) [ksoftirqd/2]
(root,0,0,00:00:00/39-14:36:19,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/39-14:36:19,31) [cpuhp/3]
(root,0,0,00:00:00/39-14:36:19,32) [idle_inject/3]
(root,0,0,00:00:14/39-14:36:19,33) [migration/3]
(root,0,0,00:03:31/39-14:36:19,34) [ksoftirqd/3]
(root,0,0,00:00:00/39-14:36:19,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/39-14:36:19,39) [kdevtmpfs]
(root,0,0,00:00:00/39-14:36:19,40) [netns]
(root,0,0,00:00:00/39-14:36:19,41) [inet_frag_wq]
(root,0,0,00:00:09/39-14:36:19,42) [kauditd]
(root,0,0,00:00:00/39-14:36:19,43) [khungtaskd]
(root,0,0,00:00:00/39-14:36:19,44) [oom_reaper]
(root,0,0,00:00:00/39-14:36:19,45) [writeback]
(root,0,0,00:01:56/39-14:36:19,46) [kcompactd0]
(root,0,0,00:00:00/39-14:36:19,47) [ksmd]
(root,0,0,00:01:57/39-14:36:19,48) [khugepaged]
(root,0,0,00:00:00/39-14:36:19,74) [kintegrityd]
(root,0,0,00:00:00/39-14:36:19,75) [kblockd]
(root,0,0,00:00:00/39-14:36:19,76) [blkcg_punt_bio]
(root,0,0,00:00:00/39-14:36:19,78) [tpm_dev_wq]
(root,0,0,00:00:00/39-14:36:19,79) [edac-poller]
(root,0,0,00:00:00/39-14:36:19,80) [devfreq_wq]
(root,0,0,00:00:00/39-14:36:19,110) [watchdogd]
(root,0,0,00:00:08/39-14:36:19,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:02/39-14:36:19,112) [kswapd0]
(root,0,0,00:00:00/39-14:36:18,114) [kthrotld]
(root,0,0,00:00:00/39-14:36:18,115) [mld]
(root,0,0,00:00:00/39-14:36:18,116) [ipv6_addrconf]
(root,0,0,00:00:17/39-14:36:18,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/39-14:36:18,122) [kstrp]
(root,0,0,00:00:00/39-14:36:18,123) [zswap-shrink]
(root,0,0,00:00:00/39-14:36:18,124) [kworker/u9:0]
(root,0,0,00:00:00/39-14:36:18,129) [charger_manager]
(root,0,0,00:00:08/39-14:36:17,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:09/39-14:36:17,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/39-14:36:17,205) [kaluad]
(root,0,0,00:00:00/39-14:36:17,250) [kmpath_rdacd]
(root,0,0,00:00:00/39-14:36:17,293) [kmpathd]
(root,0,0,00:00:00/39-14:36:17,294) [kmpath_handlerd]
(root,0,0,00:00:00/39-14:36:17,342) [ata_sff]
(root,0,0,00:00:00/39-14:36:16,343) [scsi_eh_0]
(root,0,0,00:00:00/39-14:36:16,344) [scsi_tmf_0]
(root,0,0,00:00:00/39-14:36:16,345) [scsi_eh_1]
(root,0,0,00:00:00/39-14:36:16,346) [scsi_tmf_1]
(root,0,0,00:01:05/39-14:36:14,366) [jbd2/vda1-8]
(root,0,0,00:00:00/39-14:36:14,367) [ext4-rsv-conver]
(root,38604,7788,00:00:54/39-14:36:02,440) /usr/lib/systemd/systemd-journald
(root,53164,9480,00:00:04/39-14:36:01,456) /usr/lib/systemd/systemd-udevd
(root,8624,6716,00:00:59/39-14:35:59,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:19/39-14:35:25,512) /sbin/auditd
(messagebus,22936,5548,00:01:45/39-14:35:25,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8524,00:01:01/39-14:35:25,531) /usr/lib/systemd/systemd-logind
(root,20556,5000,00:00:00/39-14:35:25,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16108,00:00:03/39-14:35:24,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16848,00:00:00/39-14:35:24,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548616,32972,00:00:44/39-14:35:10,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26404,00:00:00/39-14:35:10,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4576,00:03:45/39-14:35:09,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/39-14:35:09,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10524,00:00:00/39-14:35:09,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/39-14:35:09,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/39-14:35:09,1201) /usr/lib/systemd/systemd --user
(root,448968,8396,00:00:50/39-14:35:09,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6052,00:05:23/39-14:35:09,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/39-14:35:09,1206) bpfilter_umh
(root,26204,8212,00:00:16/39-14:35:09,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/39-14:35:09,1215) ntpd: asynchronous dns resolver
(spot,299344,183060,2-02:58:39/39-14:35:09,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/39-14:35:08,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/39-14:35:08,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/39-14:35:08,1245) (sd-pam)
(root,24216,5344,00:00:13/39-14:35:07,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:02/39-14:35:07,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:05/39-14:35:06,1354) /usr/sbin/cron -n
(root,698484,82656,00:51:44/39-14:35:00,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,225728,66924,00:17:03/39-14:34:46,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:01/01:59:08,2674) [kworker/0:2-events]
(root,0,0,00:00:00/39:49,5528) [kworker/1:2-events]
(root,0,0,00:00:00/05:36,7221) [kworker/3:0-events]
(root,0,0,00:00:00/01:33:24,9266) [kworker/u8:0-flush-253:0]
(root,0,0,00:00:00/01:37,10883) [kworker/0:1]
(root,0,0,00:00:00/24:37,12385) [kworker/0:0-cgroup_destroy]
(postfix,24244,8292,00:00:00/03:38,13685) pickup -l -t fifo -u
(root,0,0,00:00:00/02:07:10,15256) [kworker/u8:2-ext4-rsv-conversion]
(root,35308,10012,00:00:00/33-12:26:02,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:51/33-12:26:01,15391) sshd: cm-ssh
(root,0,0,00:00:00/03:30,15706) [kworker/1:1-ata_sff]
(root,35308,10072,00:00:00/23-13:54:40,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:01:22/23-13:54:39,16977) sshd: syslogtunnel
(root,0,0,00:00:00/44:38,19043) [kworker/3:2-cgroup_destroy]
(root,0,0,00:00:00/12:00,24965) [kworker/2:0-events]
(root,0,0,00:00:00/20:31,29419) [kworker/2:2-cgroup_destroy]
(root,6656,3504,00:00:00/00:01,30453) /bin/bash /usr/bin/check_mk_agent
(postfix,44628,9272,00:00:01/33-19:11:47,30472) tlsmgr -l -t unix -u
(root,6656,3484,00:00:00/00:00,30546) /bin/bash /usr/bin/check_mk_agent
(root,13744,3532,00:00:00/00:00,30576) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,968,00:00:00/00:00,30577) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,13760,3348,00:00:00/00:00,30579) pgrep crmd
(root,0,0,00:00:00/08:43,31013) [kworker/1:0-ata_sff]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-22 00:58

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c19dac6e

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12576,00:01:26/37-14:08:06,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/37-14:08:06,2) [kthreadd]
(root,0,0,00:00:00/37-14:08:06,3) [rcu_gp]
(root,0,0,00:00:00/37-14:08:06,4) [rcu_par_gp]
(root,0,0,00:00:00/37-14:08:06,5) [slub_flushwq]
(root,0,0,00:00:00/37-14:08:06,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/37-14:08:06,9) [mm_percpu_wq]
(root,0,0,00:00:00/37-14:08:06,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/37-14:08:06,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/37-14:08:06,12) [rcu_tasks_trace]
(root,0,0,00:01:09/37-14:08:06,13) [ksoftirqd/0]
(root,0,0,01:39:43/37-14:08:06,14) [rcu_preempt]
(root,0,0,00:00:14/37-14:08:06,15) [migration/0]
(root,0,0,00:00:00/37-14:08:06,16) [idle_inject/0]
(root,0,0,00:00:00/37-14:08:06,18) [cpuhp/0]
(root,0,0,00:00:00/37-14:08:06,19) [cpuhp/1]
(root,0,0,00:00:00/37-14:08:06,20) [idle_inject/1]
(root,0,0,00:00:14/37-14:08:06,21) [migration/1]
(root,0,0,00:01:00/37-14:08:06,22) [ksoftirqd/1]
(root,0,0,00:00:00/37-14:08:06,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/37-14:08:06,25) [cpuhp/2]
(root,0,0,00:00:00/37-14:08:06,26) [idle_inject/2]
(root,0,0,00:00:11/37-14:08:06,27) [migration/2]
(root,0,0,01:10:40/37-14:08:06,28) [ksoftirqd/2]
(root,0,0,00:00:00/37-14:08:06,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/37-14:08:06,31) [cpuhp/3]
(root,0,0,00:00:00/37-14:08:06,32) [idle_inject/3]
(root,0,0,00:00:14/37-14:08:06,33) [migration/3]
(root,0,0,00:03:20/37-14:08:06,34) [ksoftirqd/3]
(root,0,0,00:00:00/37-14:08:06,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/37-14:08:06,39) [kdevtmpfs]
(root,0,0,00:00:00/37-14:08:06,40) [netns]
(root,0,0,00:00:00/37-14:08:06,41) [inet_frag_wq]
(root,0,0,00:00:08/37-14:08:06,42) [kauditd]
(root,0,0,00:00:00/37-14:08:06,43) [khungtaskd]
(root,0,0,00:00:00/37-14:08:06,44) [oom_reaper]
(root,0,0,00:00:00/37-14:08:06,45) [writeback]
(root,0,0,00:01:50/37-14:08:06,46) [kcompactd0]
(root,0,0,00:00:00/37-14:08:06,47) [ksmd]
(root,0,0,00:01:50/37-14:08:06,48) [khugepaged]
(root,0,0,00:00:00/37-14:08:06,74) [kintegrityd]
(root,0,0,00:00:00/37-14:08:06,75) [kblockd]
(root,0,0,00:00:00/37-14:08:06,76) [blkcg_punt_bio]
(root,0,0,00:00:00/37-14:08:06,78) [tpm_dev_wq]
(root,0,0,00:00:00/37-14:08:06,79) [edac-poller]
(root,0,0,00:00:00/37-14:08:06,80) [devfreq_wq]
(root,0,0,00:00:00/37-14:08:06,110) [watchdogd]
(root,0,0,00:00:07/37-14:08:06,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:02/37-14:08:06,112) [kswapd0]
(root,0,0,00:00:00/37-14:08:05,114) [kthrotld]
(root,0,0,00:00:00/37-14:08:05,115) [mld]
(root,0,0,00:00:00/37-14:08:05,116) [ipv6_addrconf]
(root,0,0,00:00:16/37-14:08:05,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/37-14:08:05,122) [kstrp]
(root,0,0,00:00:00/37-14:08:05,123) [zswap-shrink]
(root,0,0,00:00:00/37-14:08:05,124) [kworker/u9:0]
(root,0,0,00:00:00/37-14:08:05,129) [charger_manager]
(root,0,0,00:00:08/37-14:08:04,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:08/37-14:08:04,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/37-14:08:04,205) [kaluad]
(root,0,0,00:00:00/37-14:08:04,250) [kmpath_rdacd]
(root,0,0,00:00:00/37-14:08:04,293) [kmpathd]
(root,0,0,00:00:00/37-14:08:04,294) [kmpath_handlerd]
(root,0,0,00:00:00/37-14:08:04,342) [ata_sff]
(root,0,0,00:00:00/37-14:08:03,343) [scsi_eh_0]
(root,0,0,00:00:00/37-14:08:03,344) [scsi_tmf_0]
(root,0,0,00:00:00/37-14:08:03,345) [scsi_eh_1]
(root,0,0,00:00:00/37-14:08:03,346) [scsi_tmf_1]
(root,0,0,00:01:01/37-14:08:01,366) [jbd2/vda1-8]
(root,0,0,00:00:00/37-14:08:01,367) [ext4-rsv-conver]
(root,38604,7788,00:00:48/37-14:07:49,440) /usr/lib/systemd/systemd-journald
(root,53164,9480,00:00:04/37-14:07:48,456) /usr/lib/systemd/systemd-udevd
(root,8624,6716,00:00:56/37-14:07:46,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:17/37-14:07:12,512) /sbin/auditd
(messagebus,22936,5548,00:01:32/37-14:07:12,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8524,00:00:54/37-14:07:12,531) /usr/lib/systemd/systemd-logind
(root,20556,5000,00:00:00/37-14:07:12,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16108,00:00:03/37-14:07:11,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16848,00:00:00/37-14:07:11,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548616,32972,00:00:42/37-14:06:57,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26404,00:00:00/37-14:06:57,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4576,00:03:32/37-14:06:56,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/37-14:06:56,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10524,00:00:00/37-14:06:56,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/37-14:06:56,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/37-14:06:56,1201) /usr/lib/systemd/systemd --user
(root,448968,8396,00:00:46/37-14:06:56,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6052,00:05:06/37-14:06:56,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/37-14:06:56,1206) bpfilter_umh
(root,26204,8212,00:00:14/37-14:06:56,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/37-14:06:56,1215) ntpd: asynchronous dns resolver
(spot,296272,182112,1-23:14:10/37-14:06:56,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/37-14:06:55,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/37-14:06:55,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/37-14:06:55,1245) (sd-pam)
(root,24216,5344,00:00:12/37-14:06:54,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:02/37-14:06:54,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:05/37-14:06:53,1354) /usr/sbin/cron -n
(root,698484,82412,00:49:06/37-14:06:47,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,224704,66044,00:16:08/37-14:06:33,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/07:42,2838) [kworker/3:1-events]
(root,0,0,00:00:00/07:07,4583) [kworker/u8:1-ext4-rsv-conversion]
(root,0,0,00:00:00/06:45,6208) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/05:36,10180) [kworker/2:2-events]
(root,35308,10012,00:00:00/31-11:57:49,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:44/31-11:57:48,15391) sshd: cm-ssh
(root,0,0,00:00:00/14:48,16397) [kworker/u8:0-flush-253:0]
(root,35308,10072,00:00:00/21-13:26:27,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:01:14/21-13:26:26,16977) sshd: syslogtunnel
(root,0,0,00:00:00/01:50:08,17446) [kworker/0:2-events]
(root,0,0,00:00:00/13:49,18386) [kworker/3:2-events]
(root,0,0,00:00:00/58:38,21022) [kworker/1:1-events]
(root,0,0,00:00:00/01:33,21821) [kworker/1:0-ata_sff]
(postfix,24244,8204,00:00:00/01:37:28,22497) pickup -l -t fifo -u
(root,6656,3484,00:00:00/00:00,26407) /bin/bash /usr/bin/check_mk_agent
(root,13744,3376,00:00:00/00:00,26425) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,968,00:00:00/00:00,26426) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/24:02,26953) [kworker/0:1-cgroup_destroy]
(postfix,44628,9272,00:00:01/31-18:43:34,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:02/01:54:08,32596) [kworker/2:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-20 00:30

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363dc7b8aac

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12576,00:01:22/35-15:21:45,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/35-15:21:45,2) [kthreadd]
(root,0,0,00:00:00/35-15:21:45,3) [rcu_gp]
(root,0,0,00:00:00/35-15:21:45,4) [rcu_par_gp]
(root,0,0,00:00:00/35-15:21:45,5) [slub_flushwq]
(root,0,0,00:00:00/35-15:21:45,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/35-15:21:45,9) [mm_percpu_wq]
(root,0,0,00:00:00/35-15:21:45,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/35-15:21:45,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/35-15:21:45,12) [rcu_tasks_trace]
(root,0,0,00:01:05/35-15:21:45,13) [ksoftirqd/0]
(root,0,0,01:34:30/35-15:21:45,14) [rcu_preempt]
(root,0,0,00:00:13/35-15:21:45,15) [migration/0]
(root,0,0,00:00:00/35-15:21:45,16) [idle_inject/0]
(root,0,0,00:00:00/35-15:21:45,18) [cpuhp/0]
(root,0,0,00:00:00/35-15:21:45,19) [cpuhp/1]
(root,0,0,00:00:00/35-15:21:45,20) [idle_inject/1]
(root,0,0,00:00:14/35-15:21:45,21) [migration/1]
(root,0,0,00:00:57/35-15:21:45,22) [ksoftirqd/1]
(root,0,0,00:00:00/35-15:21:45,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/35-15:21:45,25) [cpuhp/2]
(root,0,0,00:00:00/35-15:21:45,26) [idle_inject/2]
(root,0,0,00:00:11/35-15:21:45,27) [migration/2]
(root,0,0,01:07:42/35-15:21:45,28) [ksoftirqd/2]
(root,0,0,00:00:00/35-15:21:45,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/35-15:21:45,31) [cpuhp/3]
(root,0,0,00:00:00/35-15:21:45,32) [idle_inject/3]
(root,0,0,00:00:13/35-15:21:45,33) [migration/3]
(root,0,0,00:03:11/35-15:21:45,34) [ksoftirqd/3]
(root,0,0,00:00:00/35-15:21:45,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/35-15:21:45,39) [kdevtmpfs]
(root,0,0,00:00:00/35-15:21:45,40) [netns]
(root,0,0,00:00:00/35-15:21:45,41) [inet_frag_wq]
(root,0,0,00:00:07/35-15:21:45,42) [kauditd]
(root,0,0,00:00:00/35-15:21:45,43) [khungtaskd]
(root,0,0,00:00:00/35-15:21:45,44) [oom_reaper]
(root,0,0,00:00:00/35-15:21:45,45) [writeback]
(root,0,0,00:01:45/35-15:21:45,46) [kcompactd0]
(root,0,0,00:00:00/35-15:21:45,47) [ksmd]
(root,0,0,00:01:43/35-15:21:45,48) [khugepaged]
(root,0,0,00:00:00/35-15:21:45,74) [kintegrityd]
(root,0,0,00:00:00/35-15:21:45,75) [kblockd]
(root,0,0,00:00:00/35-15:21:45,76) [blkcg_punt_bio]
(root,0,0,00:00:00/35-15:21:45,78) [tpm_dev_wq]
(root,0,0,00:00:00/35-15:21:45,79) [edac-poller]
(root,0,0,00:00:00/35-15:21:45,80) [devfreq_wq]
(root,0,0,00:00:00/35-15:21:45,110) [watchdogd]
(root,0,0,00:00:07/35-15:21:45,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:02/35-15:21:45,112) [kswapd0]
(root,0,0,00:00:00/35-15:21:44,114) [kthrotld]
(root,0,0,00:00:00/35-15:21:44,115) [mld]
(root,0,0,00:00:00/35-15:21:44,116) [ipv6_addrconf]
(root,0,0,00:00:15/35-15:21:44,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/35-15:21:44,122) [kstrp]
(root,0,0,00:00:00/35-15:21:44,123) [zswap-shrink]
(root,0,0,00:00:00/35-15:21:44,124) [kworker/u9:0]
(root,0,0,00:00:00/35-15:21:44,129) [charger_manager]
(root,0,0,00:00:07/35-15:21:43,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:08/35-15:21:43,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/35-15:21:43,205) [kaluad]
(root,0,0,00:00:00/35-15:21:43,250) [kmpath_rdacd]
(root,0,0,00:00:00/35-15:21:43,293) [kmpathd]
(root,0,0,00:00:00/35-15:21:43,294) [kmpath_handlerd]
(root,0,0,00:00:00/35-15:21:43,342) [ata_sff]
(root,0,0,00:00:00/35-15:21:42,343) [scsi_eh_0]
(root,0,0,00:00:00/35-15:21:42,344) [scsi_tmf_0]
(root,0,0,00:00:00/35-15:21:42,345) [scsi_eh_1]
(root,0,0,00:00:00/35-15:21:42,346) [scsi_tmf_1]
(root,0,0,00:00:58/35-15:21:40,366) [jbd2/vda1-8]
(root,0,0,00:00:00/35-15:21:40,367) [ext4-rsv-conver]
(root,38604,7788,00:00:46/35-15:21:28,440) /usr/lib/systemd/systemd-journald
(root,53164,9480,00:00:04/35-15:21:27,456) /usr/lib/systemd/systemd-udevd
(root,8624,6716,00:00:53/35-15:21:25,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:16/35-15:20:51,512) /sbin/auditd
(messagebus,22936,5548,00:01:28/35-15:20:51,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8524,00:00:51/35-15:20:51,531) /usr/lib/systemd/systemd-logind
(root,20556,5000,00:00:00/35-15:20:51,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16108,00:00:03/35-15:20:50,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16848,00:00:00/35-15:20:50,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548616,32960,00:00:40/35-15:20:36,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26404,00:00:00/35-15:20:36,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4576,00:03:21/35-15:20:35,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/35-15:20:35,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10524,00:00:00/35-15:20:35,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/35-15:20:35,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/35-15:20:35,1201) /usr/lib/systemd/systemd --user
(root,448968,8396,00:00:44/35-15:20:35,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6052,00:04:50/35-15:20:35,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/35-15:20:35,1206) bpfilter_umh
(root,26204,8212,00:00:13/35-15:20:35,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/35-15:20:35,1215) ntpd: asynchronous dns resolver
(spot,293704,180060,1-20:13:23/35-15:20:35,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/35-15:20:34,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/35-15:20:34,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/35-15:20:34,1245) (sd-pam)
(root,24216,5344,00:00:11/35-15:20:33,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:02/35-15:20:33,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:04/35-15:20:32,1354) /usr/sbin/cron -n
(root,698228,81996,00:46:35/35-15:20:26,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,223680,64164,00:15:16/35-15:20:12,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/07:14,4297) [kworker/1:2-events]
(root,0,0,00:00:00/01:04:19,7081) [kworker/1:1-ata_sff]
(root,0,0,00:00:00/01:13:27,10630) [kworker/u8:2-ext4-rsv-conversion]
(root,35308,10012,00:00:00/29-13:11:28,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:38/29-13:11:27,15391) sshd: cm-ssh
(root,0,0,00:00:00/04:57:01,15974) [kworker/u8:1-flush-253:0]
(postfix,24244,8228,00:00:00/01:32:53,16513) pickup -l -t fifo -u
(root,35308,10072,00:00:00/19-14:40:06,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:01:07/19-14:40:05,16977) sshd: syslogtunnel
(root,0,0,00:00:00/58:26,19051) [kworker/0:0-events]
(root,0,0,00:00:00/02:12,20339) [kworker/3:2-events]
(root,0,0,00:00:00/02:03,20978) [kworker/1:0-ata_sff]
(root,0,0,00:00:00/02:15:18,25943) [kworker/3:1-cgroup_destroy]
(root,6656,3484,00:00:00/00:00,26777) /bin/bash /usr/bin/check_mk_agent
(root,13744,3452,00:00:00/00:00,26795) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,26796) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/09:58,27958) [kworker/2:0-events]
(root,0,0,00:00:00/02:43:47,29889) [kworker/3:0-events]
(postfix,44628,9272,00:00:01/29-19:57:13,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/01:52:16,31877) [kworker/0:1-events]
(root,0,0,00:00:00/35:13,32365) [kworker/2:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-18 01:43

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b5f8eee9

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12576,00:01:18/33-13:27:41,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/33-13:27:41,2) [kthreadd]
(root,0,0,00:00:00/33-13:27:41,3) [rcu_gp]
(root,0,0,00:00:00/33-13:27:41,4) [rcu_par_gp]
(root,0,0,00:00:00/33-13:27:41,5) [slub_flushwq]
(root,0,0,00:00:00/33-13:27:41,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/33-13:27:41,9) [mm_percpu_wq]
(root,0,0,00:00:00/33-13:27:41,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/33-13:27:41,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/33-13:27:41,12) [rcu_tasks_trace]
(root,0,0,00:01:01/33-13:27:41,13) [ksoftirqd/0]
(root,0,0,01:29:08/33-13:27:41,14) [rcu_preempt]
(root,0,0,00:00:12/33-13:27:41,15) [migration/0]
(root,0,0,00:00:00/33-13:27:41,16) [idle_inject/0]
(root,0,0,00:00:00/33-13:27:41,18) [cpuhp/0]
(root,0,0,00:00:00/33-13:27:41,19) [cpuhp/1]
(root,0,0,00:00:00/33-13:27:41,20) [idle_inject/1]
(root,0,0,00:00:13/33-13:27:41,21) [migration/1]
(root,0,0,00:00:54/33-13:27:41,22) [ksoftirqd/1]
(root,0,0,00:00:00/33-13:27:41,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/33-13:27:41,25) [cpuhp/2]
(root,0,0,00:00:00/33-13:27:41,26) [idle_inject/2]
(root,0,0,00:00:10/33-13:27:41,27) [migration/2]
(root,0,0,01:04:51/33-13:27:41,28) [ksoftirqd/2]
(root,0,0,00:00:00/33-13:27:41,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/33-13:27:41,31) [cpuhp/3]
(root,0,0,00:00:00/33-13:27:41,32) [idle_inject/3]
(root,0,0,00:00:12/33-13:27:41,33) [migration/3]
(root,0,0,00:03:01/33-13:27:41,34) [ksoftirqd/3]
(root,0,0,00:00:00/33-13:27:41,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/33-13:27:41,39) [kdevtmpfs]
(root,0,0,00:00:00/33-13:27:41,40) [netns]
(root,0,0,00:00:00/33-13:27:41,41) [inet_frag_wq]
(root,0,0,00:00:07/33-13:27:41,42) [kauditd]
(root,0,0,00:00:00/33-13:27:41,43) [khungtaskd]
(root,0,0,00:00:00/33-13:27:41,44) [oom_reaper]
(root,0,0,00:00:00/33-13:27:41,45) [writeback]
(root,0,0,00:01:38/33-13:27:41,46) [kcompactd0]
(root,0,0,00:00:00/33-13:27:41,47) [ksmd]
(root,0,0,00:01:37/33-13:27:41,48) [khugepaged]
(root,0,0,00:00:00/33-13:27:41,74) [kintegrityd]
(root,0,0,00:00:00/33-13:27:41,75) [kblockd]
(root,0,0,00:00:00/33-13:27:41,76) [blkcg_punt_bio]
(root,0,0,00:00:00/33-13:27:41,78) [tpm_dev_wq]
(root,0,0,00:00:00/33-13:27:41,79) [edac-poller]
(root,0,0,00:00:00/33-13:27:41,80) [devfreq_wq]
(root,0,0,00:00:00/33-13:27:41,110) [watchdogd]
(root,0,0,00:00:07/33-13:27:41,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:02/33-13:27:41,112) [kswapd0]
(root,0,0,00:00:00/33-13:27:40,114) [kthrotld]
(root,0,0,00:00:00/33-13:27:40,115) [mld]
(root,0,0,00:00:00/33-13:27:40,116) [ipv6_addrconf]
(root,0,0,00:00:14/33-13:27:40,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/33-13:27:40,122) [kstrp]
(root,0,0,00:00:00/33-13:27:40,123) [zswap-shrink]
(root,0,0,00:00:00/33-13:27:40,124) [kworker/u9:0]
(root,0,0,00:00:00/33-13:27:40,129) [charger_manager]
(root,0,0,00:00:07/33-13:27:39,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:07/33-13:27:39,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/33-13:27:39,205) [kaluad]
(root,0,0,00:00:00/33-13:27:39,250) [kmpath_rdacd]
(root,0,0,00:00:00/33-13:27:39,293) [kmpathd]
(root,0,0,00:00:00/33-13:27:39,294) [kmpath_handlerd]
(root,0,0,00:00:00/33-13:27:39,342) [ata_sff]
(root,0,0,00:00:00/33-13:27:38,343) [scsi_eh_0]
(root,0,0,00:00:00/33-13:27:38,344) [scsi_tmf_0]
(root,0,0,00:00:00/33-13:27:38,345) [scsi_eh_1]
(root,0,0,00:00:00/33-13:27:38,346) [scsi_tmf_1]
(root,0,0,00:00:54/33-13:27:36,366) [jbd2/vda1-8]
(root,0,0,00:00:00/33-13:27:36,367) [ext4-rsv-conver]
(root,38604,7788,00:00:44/33-13:27:24,440) /usr/lib/systemd/systemd-journald
(root,53164,9480,00:00:03/33-13:27:23,456) /usr/lib/systemd/systemd-udevd
(root,8624,6716,00:00:50/33-13:27:21,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:16/33-13:26:47,512) /sbin/auditd
(messagebus,22936,5548,00:01:25/33-13:26:47,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8524,00:00:49/33-13:26:47,531) /usr/lib/systemd/systemd-logind
(root,20556,5000,00:00:00/33-13:26:47,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16108,00:00:03/33-13:26:46,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16848,00:00:00/33-13:26:46,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,0,0,00:00:00/02:19:20,727) [kworker/u8:2-ext4-rsv-conversion]
(root,548360,32524,00:00:38/33-13:26:32,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,6656,3484,00:00:00/00:00,1184) /bin/bash /usr/bin/check_mk_agent
(root,37016,26404,00:00:00/33-13:26:32,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4576,00:03:09/33-13:26:31,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/33-13:26:31,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10524,00:00:00/33-13:26:31,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/33-13:26:31,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/33-13:26:31,1201) /usr/lib/systemd/systemd --user
(root,448968,8444,00:00:42/33-13:26:31,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6052,00:04:34/33-13:26:31,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/33-13:26:31,1206) bpfilter_umh
(root,13744,3504,00:00:00/00:00,1211) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,960,00:00:00/00:00,1212) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,26204,8212,00:00:13/33-13:26:31,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/33-13:26:31,1215) ntpd: asynchronous dns resolver
(spot,293096,179952,1-17:45:21/33-13:26:31,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/33-13:26:30,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/33-13:26:30,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/33-13:26:30,1245) (sd-pam)
(root,24216,5344,00:00:11/33-13:26:29,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:02/33-13:26:29,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:04/33-13:26:28,1354) /usr/sbin/cron -n
(root,697972,81832,00:43:53/33-13:26:22,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,222656,63272,00:14:26/33-13:26:08,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/34:20,7073) [kworker/u8:1-flush-253:0]
(root,0,0,00:00:00/03:31,12958) [kworker/1:1-ata_sff]
(root,35308,10012,00:00:00/27-11:17:24,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:31/27-11:17:23,15391) sshd: cm-ssh
(root,35308,10072,00:00:00/17-12:46:02,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:01:00/17-12:46:01,16977) sshd: syslogtunnel
(root,0,0,00:00:00/01:57:58,18088) [kworker/3:2-cgroup_destroy]
(root,0,0,00:00:00/51:22,19428) [kworker/0:2-events]
(root,0,0,00:00:04/02:27:38,24863) [kworker/2:1-events]
(root,0,0,00:00:00/08:43,24872) [kworker/1:0-ata_sff]
(root,0,0,00:00:00/29:27,25067) [kworker/1:2-events]
(root,0,0,00:00:02/02:49:56,29457) [kworker/3:0-events]
(postfix,44628,9316,00:00:01/27-18:03:09,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/58:49,31017) [kworker/0:1-events]
(root,0,0,00:00:00/28:00,31459) [kworker/2:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-15 23:49

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f9045729

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12576,00:01:15/31-13:42:54,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/31-13:42:54,2) [kthreadd]
(root,0,0,00:00:00/31-13:42:54,3) [rcu_gp]
(root,0,0,00:00:00/31-13:42:54,4) [rcu_par_gp]
(root,0,0,00:00:00/31-13:42:54,5) [slub_flushwq]
(root,0,0,00:00:00/31-13:42:54,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/31-13:42:54,9) [mm_percpu_wq]
(root,0,0,00:00:00/31-13:42:54,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/31-13:42:54,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/31-13:42:54,12) [rcu_tasks_trace]
(root,0,0,00:00:57/31-13:42:54,13) [ksoftirqd/0]
(root,0,0,01:23:57/31-13:42:54,14) [rcu_preempt]
(root,0,0,00:00:12/31-13:42:54,15) [migration/0]
(root,0,0,00:00:00/31-13:42:54,16) [idle_inject/0]
(root,0,0,00:00:00/31-13:42:54,18) [cpuhp/0]
(root,0,0,00:00:00/31-13:42:54,19) [cpuhp/1]
(root,0,0,00:00:00/31-13:42:54,20) [idle_inject/1]
(root,0,0,00:00:12/31-13:42:54,21) [migration/1]
(root,0,0,00:00:50/31-13:42:54,22) [ksoftirqd/1]
(root,0,0,00:00:00/31-13:42:54,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/31-13:42:54,25) [cpuhp/2]
(root,0,0,00:00:00/31-13:42:54,26) [idle_inject/2]
(root,0,0,00:00:09/31-13:42:54,27) [migration/2]
(root,0,0,01:01:48/31-13:42:54,28) [ksoftirqd/2]
(root,0,0,00:00:00/31-13:42:54,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/31-13:42:54,31) [cpuhp/3]
(root,0,0,00:00:00/31-13:42:54,32) [idle_inject/3]
(root,0,0,00:00:11/31-13:42:54,33) [migration/3]
(root,0,0,00:02:51/31-13:42:54,34) [ksoftirqd/3]
(root,0,0,00:00:00/31-13:42:54,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/31-13:42:54,39) [kdevtmpfs]
(root,0,0,00:00:00/31-13:42:54,40) [netns]
(root,0,0,00:00:00/31-13:42:54,41) [inet_frag_wq]
(root,0,0,00:00:07/31-13:42:54,42) [kauditd]
(root,0,0,00:00:00/31-13:42:54,43) [khungtaskd]
(root,0,0,00:00:00/31-13:42:54,44) [oom_reaper]
(root,0,0,00:00:00/31-13:42:54,45) [writeback]
(root,0,0,00:01:32/31-13:42:54,46) [kcompactd0]
(root,0,0,00:00:00/31-13:42:54,47) [ksmd]
(root,0,0,00:01:31/31-13:42:54,48) [khugepaged]
(root,0,0,00:00:00/31-13:42:54,74) [kintegrityd]
(root,0,0,00:00:00/31-13:42:54,75) [kblockd]
(root,0,0,00:00:00/31-13:42:54,76) [blkcg_punt_bio]
(root,0,0,00:00:00/31-13:42:54,78) [tpm_dev_wq]
(root,0,0,00:00:00/31-13:42:54,79) [edac-poller]
(root,0,0,00:00:00/31-13:42:54,80) [devfreq_wq]
(root,0,0,00:00:00/31-13:42:54,110) [watchdogd]
(root,0,0,00:00:06/31-13:42:54,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:02/31-13:42:54,112) [kswapd0]
(root,0,0,00:00:00/31-13:42:53,114) [kthrotld]
(root,0,0,00:00:00/31-13:42:53,115) [mld]
(root,0,0,00:00:00/31-13:42:53,116) [ipv6_addrconf]
(root,0,0,00:00:13/31-13:42:53,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/31-13:42:53,122) [kstrp]
(root,0,0,00:00:00/31-13:42:53,123) [zswap-shrink]
(root,0,0,00:00:00/31-13:42:53,124) [kworker/u9:0]
(root,0,0,00:00:00/31-13:42:53,129) [charger_manager]
(root,0,0,00:00:07/31-13:42:52,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:07/31-13:42:52,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/31-13:42:52,205) [kaluad]
(root,0,0,00:00:00/31-13:42:52,250) [kmpath_rdacd]
(root,0,0,00:00:00/31-13:42:52,293) [kmpathd]
(root,0,0,00:00:00/31-13:42:52,294) [kmpath_handlerd]
(root,0,0,00:00:00/31-13:42:52,342) [ata_sff]
(root,0,0,00:00:00/31-13:42:51,343) [scsi_eh_0]
(root,0,0,00:00:00/31-13:42:51,344) [scsi_tmf_0]
(root,0,0,00:00:00/31-13:42:51,345) [scsi_eh_1]
(root,0,0,00:00:00/31-13:42:51,346) [scsi_tmf_1]
(root,0,0,00:00:51/31-13:42:49,366) [jbd2/vda1-8]
(root,0,0,00:00:00/31-13:42:49,367) [ext4-rsv-conver]
(root,38604,7788,00:00:42/31-13:42:37,440) /usr/lib/systemd/systemd-journald
(root,53164,9480,00:00:03/31-13:42:36,456) /usr/lib/systemd/systemd-udevd
(root,8624,6716,00:00:47/31-13:42:34,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:15/31-13:42:00,512) /sbin/auditd
(messagebus,22936,5548,00:01:22/31-13:42:00,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8524,00:00:47/31-13:42:00,531) /usr/lib/systemd/systemd-logind
(root,20556,5000,00:00:00/31-13:42:00,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16108,00:00:03/31-13:41:59,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16848,00:00:00/31-13:41:59,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548360,31484,00:00:35/31-13:41:45,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26404,00:00:00/31-13:41:45,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4576,00:02:57/31-13:41:44,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/31-13:41:44,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10524,00:00:00/31-13:41:44,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/31-13:41:44,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/31-13:41:44,1201) /usr/lib/systemd/systemd --user
(root,448968,8444,00:00:40/31-13:41:44,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6052,00:04:18/31-13:41:44,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/31-13:41:44,1206) bpfilter_umh
(root,26204,8212,00:00:12/31-13:41:44,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/31-13:41:44,1215) ntpd: asynchronous dns resolver
(spot,286536,173740,1-15:29:41/31-13:41:44,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/31-13:41:43,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/31-13:41:43,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/31-13:41:43,1245) (sd-pam)
(root,24216,5344,00:00:10/31-13:41:42,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:02/31-13:41:42,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:04/31-13:41:41,1354) /usr/sbin/cron -n
(root,697972,81512,00:41:18/31-13:41:35,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,221632,61380,00:13:37/31-13:41:21,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/02:39,9372) [kworker/1:0-ata_sff]
(root,0,0,00:00:03/01:58:40,11542) [kworker/2:0-events]
(root,35308,10012,00:00:00/25-11:32:37,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:24/25-11:32:36,15391) sshd: cm-ssh
(root,0,0,00:00:00/02:09:32,16327) [kworker/u8:0-ext4-rsv-conversion]
(root,35308,10072,00:00:00/15-13:01:15,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:53/15-13:01:14,16977) sshd: syslogtunnel
(root,0,0,00:00:00/07:51,20275) [kworker/1:2-events]
(root,0,0,00:00:00/01:04:56,22377) [kworker/0:1-events]
(root,0,0,00:00:00/59:07,24430) [kworker/3:0-events]
(root,0,0,00:00:00/29:25,25324) [kworker/3:1]
(root,0,0,00:00:00/07:21,28354) [kworker/0:0-events]
(postfix,24244,8252,00:00:00/36:49,28439) pickup -l -t fifo -u
(root,6656,3488,00:00:00/00:00,28878) /bin/bash /usr/bin/check_mk_agent
(root,6656,3492,00:00:00/00:00,28915) /bin/bash /usr/bin/check_mk_agent
(root,6656,1824,00:00:00/00:00,28922) /bin/bash /usr/bin/check_mk_agent
(root,6656,2016,00:00:00/00:00,28923) /bin/bash /usr/bin/check_mk_agent
(root,4480,1176,00:00:00/00:00,28924) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,820,00:00:00/00:00,28925) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2680,660,00:00:00/00:00,28929) cat /proc/net/tcp /proc/net/tcp6
(root,13744,3408,00:00:00/00:00,28942) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,952,00:00:00/00:00,28943) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/01:36:17,29649) [kworker/2:2-events]
(postfix,44628,9316,00:00:01/25-18:18:22,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/18:15,31624) [kworker/1:1-ata_sff]
(root,0,0,00:00:00/50:05,31712) [kworker/u8:1-writeback]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-14 00:05

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ad0a9103

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12576,00:01:12/29-14:42:30,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/29-14:42:30,2) [kthreadd]
(root,0,0,00:00:00/29-14:42:30,3) [rcu_gp]
(root,0,0,00:00:00/29-14:42:30,4) [rcu_par_gp]
(root,0,0,00:00:00/29-14:42:30,5) [slub_flushwq]
(root,0,0,00:00:00/29-14:42:30,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/29-14:42:30,9) [mm_percpu_wq]
(root,0,0,00:00:00/29-14:42:30,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/29-14:42:30,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/29-14:42:30,12) [rcu_tasks_trace]
(root,0,0,00:00:53/29-14:42:30,13) [ksoftirqd/0]
(root,0,0,01:18:54/29-14:42:30,14) [rcu_preempt]
(root,0,0,00:00:11/29-14:42:30,15) [migration/0]
(root,0,0,00:00:00/29-14:42:30,16) [idle_inject/0]
(root,0,0,00:00:00/29-14:42:30,18) [cpuhp/0]
(root,0,0,00:00:00/29-14:42:30,19) [cpuhp/1]
(root,0,0,00:00:00/29-14:42:30,20) [idle_inject/1]
(root,0,0,00:00:11/29-14:42:30,21) [migration/1]
(root,0,0,00:00:46/29-14:42:30,22) [ksoftirqd/1]
(root,0,0,00:00:00/29-14:42:30,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/29-14:42:30,25) [cpuhp/2]
(root,0,0,00:00:00/29-14:42:30,26) [idle_inject/2]
(root,0,0,00:00:09/29-14:42:30,27) [migration/2]
(root,0,0,00:58:16/29-14:42:30,28) [ksoftirqd/2]
(root,0,0,00:00:00/29-14:42:30,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/29-14:42:30,31) [cpuhp/3]
(root,0,0,00:00:00/29-14:42:30,32) [idle_inject/3]
(root,0,0,00:00:11/29-14:42:30,33) [migration/3]
(root,0,0,00:02:40/29-14:42:30,34) [ksoftirqd/3]
(root,0,0,00:00:00/29-14:42:30,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/29-14:42:30,39) [kdevtmpfs]
(root,0,0,00:00:00/29-14:42:30,40) [netns]
(root,0,0,00:00:00/29-14:42:30,41) [inet_frag_wq]
(root,0,0,00:00:06/29-14:42:30,42) [kauditd]
(root,0,0,00:00:00/29-14:42:30,43) [khungtaskd]
(root,0,0,00:00:00/29-14:42:30,44) [oom_reaper]
(root,0,0,00:00:00/29-14:42:30,45) [writeback]
(root,0,0,00:01:27/29-14:42:30,46) [kcompactd0]
(root,0,0,00:00:00/29-14:42:30,47) [ksmd]
(root,0,0,00:01:25/29-14:42:30,48) [khugepaged]
(root,0,0,00:00:00/29-14:42:30,74) [kintegrityd]
(root,0,0,00:00:00/29-14:42:30,75) [kblockd]
(root,0,0,00:00:00/29-14:42:30,76) [blkcg_punt_bio]
(root,0,0,00:00:00/29-14:42:30,78) [tpm_dev_wq]
(root,0,0,00:00:00/29-14:42:30,79) [edac-poller]
(root,0,0,00:00:00/29-14:42:30,80) [devfreq_wq]
(root,0,0,00:00:00/29-14:42:30,110) [watchdogd]
(root,0,0,00:00:06/29-14:42:30,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:02/29-14:42:30,112) [kswapd0]
(root,0,0,00:00:00/29-14:42:29,114) [kthrotld]
(root,0,0,00:00:00/29-14:42:29,115) [mld]
(root,0,0,00:00:00/29-14:42:29,116) [ipv6_addrconf]
(root,0,0,00:00:12/29-14:42:29,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/29-14:42:29,122) [kstrp]
(root,0,0,00:00:00/29-14:42:29,123) [zswap-shrink]
(root,0,0,00:00:00/29-14:42:29,124) [kworker/u9:0]
(root,0,0,00:00:00/29-14:42:29,129) [charger_manager]
(root,0,0,00:00:06/29-14:42:28,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:06/29-14:42:28,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/29-14:42:28,205) [kaluad]
(root,0,0,00:00:00/29-14:42:28,250) [kmpath_rdacd]
(root,0,0,00:00:00/29-14:42:28,293) [kmpathd]
(root,0,0,00:00:00/29-14:42:28,294) [kmpath_handlerd]
(root,0,0,00:00:00/29-14:42:28,342) [ata_sff]
(root,0,0,00:00:00/29-14:42:27,343) [scsi_eh_0]
(root,0,0,00:00:00/29-14:42:27,344) [scsi_tmf_0]
(root,0,0,00:00:00/29-14:42:27,345) [scsi_eh_1]
(root,0,0,00:00:00/29-14:42:27,346) [scsi_tmf_1]
(root,0,0,00:00:48/29-14:42:25,366) [jbd2/vda1-8]
(root,0,0,00:00:00/29-14:42:25,367) [ext4-rsv-conver]
(root,38604,7788,00:00:40/29-14:42:13,440) /usr/lib/systemd/systemd-journald
(root,53164,9480,00:00:03/29-14:42:12,456) /usr/lib/systemd/systemd-udevd
(root,8624,6716,00:00:44/29-14:42:10,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:14/29-14:41:36,512) /sbin/auditd
(messagebus,22936,5548,00:01:18/29-14:41:36,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8524,00:00:45/29-14:41:36,531) /usr/lib/systemd/systemd-logind
(root,20556,5000,00:00:00/29-14:41:36,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16108,00:00:03/29-14:41:35,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16848,00:00:00/29-14:41:35,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,0,0,00:00:00/39:55,931) [kworker/3:1-events]
(root,548360,31484,00:00:33/29-14:41:21,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26404,00:00:00/29-14:41:21,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:02:42/29-14:41:20,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/29-14:41:20,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10524,00:00:00/29-14:41:20,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/29-14:41:20,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/29-14:41:20,1201) /usr/lib/systemd/systemd --user
(root,448968,8444,00:00:38/29-14:41:20,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6052,00:04:02/29-14:41:20,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/29-14:41:20,1206) bpfilter_umh
(root,26204,8212,00:00:12/29-14:41:20,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/29-14:41:20,1215) ntpd: asynchronous dns resolver
(spot,291612,178816,1-13:01:08/29-14:41:20,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/29-14:41:19,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/29-14:41:19,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/29-14:41:19,1245) (sd-pam)
(root,24216,5344,00:00:09/29-14:41:18,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:02/29-14:41:18,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:04/29-14:41:17,1354) /usr/sbin/cron -n
(root,697576,81148,00:38:44/29-14:41:11,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,220608,60500,00:12:54/29-14:40:57,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/10:55,3903) [kworker/0:2-events]
(root,0,0,00:00:00/01:44:17,3949) [kworker/u8:1-writeback]
(root,0,0,00:00:00/01:15:07,4092) [kworker/3:0-events]
(root,0,0,00:00:00/09:53,6756) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/03:49:37,8802) [kworker/u8:0]
(root,6656,3488,00:00:00/00:00,8815) /bin/bash /usr/bin/check_mk_agent
(root,6656,3492,00:00:00/00:00,8816) /bin/bash /usr/bin/check_mk_agent
(root,6656,1824,00:00:00/00:00,8926) /bin/bash /usr/bin/check_mk_agent
(root,6656,2016,00:00:00/00:00,8927) /bin/bash /usr/bin/check_mk_agent
(root,4480,1048,00:00:00/00:00,8928) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,860,00:00:00/00:00,8933) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2680,680,00:00:00/00:00,8934) cat /proc/net/tcp /proc/net/tcp6
(root,6656,1828,00:00:00/00:00,8937) /bin/bash /usr/bin/check_mk_agent
(root,6656,2020,00:00:00/00:00,8938) /bin/bash /usr/bin/check_mk_agent
(root,4480,1116,00:00:00/00:00,8939) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,828,00:00:00/00:00,8940) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2680,704,00:00:00/00:00,8941) cat /proc/net/tcp /proc/net/tcp6
(root,6656,3480,00:00:00/00:00,8942) /bin/bash /usr/bin/check_mk_agent
(root,13744,3484,00:00:00/00:00,8960) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,968,00:00:00/00:00,8961) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/01:29:56,10360) [kworker/2:2-events]
(root,0,0,00:00:01/01:22:23,10395) [kworker/2:0-events]
(postfix,24244,8204,00:00:00/18:11,14984) pickup -l -t fifo -u
(root,35308,10012,00:00:00/23-12:32:13,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:18/23-12:32:12,15391) sshd: cm-ssh
(root,35308,10072,00:00:00/13-14:00:51,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:47/13-14:00:50,16977) sshd: syslogtunnel
(root,0,0,00:00:02/07:25:03,20264) [kworker/0:1-events]
(root,0,0,00:00:01/01:27:42,21615) [kworker/1:1-ata_sff]
(root,0,0,00:00:00/04:40,25239) [kworker/1:0-events]
(postfix,44628,9316,00:00:01/23-19:17:58,30472) tlsmgr -l -t unix -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-12 01:04

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f338d469

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12576,00:01:08/27-14:44:43,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/27-14:44:43,2) [kthreadd]
(root,0,0,00:00:00/27-14:44:43,3) [rcu_gp]
(root,0,0,00:00:00/27-14:44:43,4) [rcu_par_gp]
(root,0,0,00:00:00/27-14:44:43,5) [slub_flushwq]
(root,0,0,00:00:00/27-14:44:43,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/27-14:44:43,9) [mm_percpu_wq]
(root,0,0,00:00:00/27-14:44:43,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/27-14:44:43,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/27-14:44:43,12) [rcu_tasks_trace]
(root,0,0,00:00:50/27-14:44:43,13) [ksoftirqd/0]
(root,0,0,01:13:45/27-14:44:43,14) [rcu_preempt]
(root,0,0,00:00:10/27-14:44:43,15) [migration/0]
(root,0,0,00:00:00/27-14:44:43,16) [idle_inject/0]
(root,0,0,00:00:00/27-14:44:43,18) [cpuhp/0]
(root,0,0,00:00:00/27-14:44:43,19) [cpuhp/1]
(root,0,0,00:00:00/27-14:44:43,20) [idle_inject/1]
(root,0,0,00:00:10/27-14:44:43,21) [migration/1]
(root,0,0,00:00:44/27-14:44:43,22) [ksoftirqd/1]
(root,0,0,00:00:00/27-14:44:43,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/27-14:44:43,25) [cpuhp/2]
(root,0,0,00:00:00/27-14:44:43,26) [idle_inject/2]
(root,0,0,00:00:08/27-14:44:43,27) [migration/2]
(root,0,0,00:55:29/27-14:44:43,28) [ksoftirqd/2]
(root,0,0,00:00:00/27-14:44:43,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/27-14:44:43,31) [cpuhp/3]
(root,0,0,00:00:00/27-14:44:43,32) [idle_inject/3]
(root,0,0,00:00:10/27-14:44:43,33) [migration/3]
(root,0,0,00:02:32/27-14:44:43,34) [ksoftirqd/3]
(root,0,0,00:00:00/27-14:44:43,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/27-14:44:43,39) [kdevtmpfs]
(root,0,0,00:00:00/27-14:44:43,40) [netns]
(root,0,0,00:00:00/27-14:44:43,41) [inet_frag_wq]
(root,0,0,00:00:06/27-14:44:43,42) [kauditd]
(root,0,0,00:00:00/27-14:44:43,43) [khungtaskd]
(root,0,0,00:00:00/27-14:44:43,44) [oom_reaper]
(root,0,0,00:00:00/27-14:44:43,45) [writeback]
(root,0,0,00:01:21/27-14:44:43,46) [kcompactd0]
(root,0,0,00:00:00/27-14:44:43,47) [ksmd]
(root,0,0,00:01:19/27-14:44:43,48) [khugepaged]
(root,0,0,00:00:00/27-14:44:43,74) [kintegrityd]
(root,0,0,00:00:00/27-14:44:43,75) [kblockd]
(root,0,0,00:00:00/27-14:44:43,76) [blkcg_punt_bio]
(root,0,0,00:00:00/27-14:44:43,78) [tpm_dev_wq]
(root,0,0,00:00:00/27-14:44:43,79) [edac-poller]
(root,0,0,00:00:00/27-14:44:43,80) [devfreq_wq]
(root,0,0,00:00:00/27-14:44:43,110) [watchdogd]
(root,0,0,00:00:05/27-14:44:43,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:02/27-14:44:43,112) [kswapd0]
(root,0,0,00:00:00/27-14:44:42,114) [kthrotld]
(root,0,0,00:00:00/27-14:44:42,115) [mld]
(root,0,0,00:00:00/27-14:44:42,116) [ipv6_addrconf]
(root,0,0,00:00:11/27-14:44:42,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/27-14:44:42,122) [kstrp]
(root,0,0,00:00:00/27-14:44:42,123) [zswap-shrink]
(root,0,0,00:00:00/27-14:44:42,124) [kworker/u9:0]
(root,0,0,00:00:00/27-14:44:42,129) [charger_manager]
(root,0,0,00:00:06/27-14:44:41,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:06/27-14:44:41,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/27-14:44:41,205) [kaluad]
(root,0,0,00:00:00/27-14:44:41,250) [kmpath_rdacd]
(root,0,0,00:00:00/27-14:44:41,293) [kmpathd]
(root,0,0,00:00:00/27-14:44:41,294) [kmpath_handlerd]
(root,0,0,00:00:00/27-14:44:41,342) [ata_sff]
(root,0,0,00:00:00/27-14:44:40,343) [scsi_eh_0]
(root,0,0,00:00:00/27-14:44:40,344) [scsi_tmf_0]
(root,0,0,00:00:00/27-14:44:40,345) [scsi_eh_1]
(root,0,0,00:00:00/27-14:44:40,346) [scsi_tmf_1]
(root,0,0,00:00:45/27-14:44:38,366) [jbd2/vda1-8]
(root,0,0,00:00:00/27-14:44:38,367) [ext4-rsv-conver]
(root,38604,7788,00:00:38/27-14:44:26,440) /usr/lib/systemd/systemd-journald
(root,53164,9480,00:00:03/27-14:44:25,456) /usr/lib/systemd/systemd-udevd
(root,8624,6716,00:00:41/27-14:44:23,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:14/27-14:43:49,512) /sbin/auditd
(messagebus,22936,5548,00:01:14/27-14:43:49,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8520,00:00:43/27-14:43:49,531) /usr/lib/systemd/systemd-logind
(root,20556,5000,00:00:00/27-14:43:49,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,0,0,00:00:00/01:11,584) [kworker/1:0-ata_sff]
(root,31876,16108,00:00:03/27-14:43:48,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16848,00:00:00/27-14:43:48,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548360,31484,00:00:31/27-14:43:34,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26404,00:00:00/27-14:43:34,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:02:34/27-14:43:33,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/27-14:43:33,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10524,00:00:00/27-14:43:33,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/27-14:43:33,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/27-14:43:33,1201) /usr/lib/systemd/systemd --user
(root,448968,8444,00:00:36/27-14:43:33,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6052,00:03:46/27-14:43:33,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/27-14:43:33,1206) bpfilter_umh
(root,26204,8212,00:00:11/27-14:43:33,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/27-14:43:33,1215) ntpd: asynchronous dns resolver
(spot,289896,176628,1-10:40:58/27-14:43:33,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/27-14:43:32,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/27-14:43:32,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/27-14:43:32,1245) (sd-pam)
(root,24216,5344,00:00:09/27-14:43:31,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:01/27-14:43:31,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:03/27-14:43:30,1354) /usr/sbin/cron -n
(root,697064,80568,00:36:08/27-14:43:24,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,219584,58620,00:11:36/27-14:43:10,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:01/03:58:15,1639) [kworker/3:1-events]
(postfix,24244,8288,00:00:00/42:25,4237) pickup -l -t fifo -u
(root,0,0,00:00:00/10:00,5127) [kworker/0:2]
(root,6656,3492,00:00:00/00:00,7115) /bin/bash /usr/bin/check_mk_agent
(root,13744,3512,00:00:00/00:00,7133) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,7134) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/53:15,7755) [kworker/3:2-cgroup_destroy]
(root,0,0,00:00:00/01:31:50,8451) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:00/06:23,12518) [kworker/1:2-ata_sff]
(root,35308,10012,00:00:00/21-12:34:26,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:11/21-12:34:25,15391) sshd: cm-ssh
(root,0,0,00:00:00/37:30,15445) [kworker/1:1-events]
(root,0,0,00:00:00/17:28,16162) [kworker/0:1-events]
(root,35308,10072,00:00:00/11-14:03:04,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:40/11-14:03:03,16977) sshd: syslogtunnel
(root,0,0,00:00:00/26:21,19174) [kworker/u8:1-writeback]
(root,0,0,00:00:00/24:35,24768) [kworker/2:0-events]
(root,0,0,00:00:00/02:54,27446) [kworker/3:0]
(root,0,0,00:00:02/02:06:45,27932) [kworker/2:2-events]
(postfix,44628,9316,00:00:00/21-19:20:11,30472) tlsmgr -l -t unix -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-10 01:06

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683637a4ee386

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12816,00:01:04/25-14:30:41,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/25-14:30:41,2) [kthreadd]
(root,0,0,00:00:00/25-14:30:41,3) [rcu_gp]
(root,0,0,00:00:00/25-14:30:41,4) [rcu_par_gp]
(root,0,0,00:00:00/25-14:30:41,5) [slub_flushwq]
(root,0,0,00:00:00/25-14:30:41,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/25-14:30:41,9) [mm_percpu_wq]
(root,0,0,00:00:00/25-14:30:41,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/25-14:30:41,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/25-14:30:41,12) [rcu_tasks_trace]
(root,0,0,00:00:46/25-14:30:41,13) [ksoftirqd/0]
(root,0,0,01:08:27/25-14:30:41,14) [rcu_preempt]
(root,0,0,00:00:09/25-14:30:41,15) [migration/0]
(root,0,0,00:00:00/25-14:30:41,16) [idle_inject/0]
(root,0,0,00:00:00/25-14:30:41,18) [cpuhp/0]
(root,0,0,00:00:00/25-14:30:41,19) [cpuhp/1]
(root,0,0,00:00:00/25-14:30:41,20) [idle_inject/1]
(root,0,0,00:00:10/25-14:30:41,21) [migration/1]
(root,0,0,00:00:40/25-14:30:41,22) [ksoftirqd/1]
(root,0,0,00:00:00/25-14:30:41,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/25-14:30:41,25) [cpuhp/2]
(root,0,0,00:00:00/25-14:30:41,26) [idle_inject/2]
(root,0,0,00:00:08/25-14:30:41,27) [migration/2]
(root,0,0,00:52:18/25-14:30:41,28) [ksoftirqd/2]
(root,0,0,00:00:00/25-14:30:41,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/25-14:30:41,31) [cpuhp/3]
(root,0,0,00:00:00/25-14:30:41,32) [idle_inject/3]
(root,0,0,00:00:09/25-14:30:41,33) [migration/3]
(root,0,0,00:02:22/25-14:30:41,34) [ksoftirqd/3]
(root,0,0,00:00:00/25-14:30:41,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/25-14:30:41,39) [kdevtmpfs]
(root,0,0,00:00:00/25-14:30:41,40) [netns]
(root,0,0,00:00:00/25-14:30:41,41) [inet_frag_wq]
(root,0,0,00:00:06/25-14:30:41,42) [kauditd]
(root,0,0,00:00:00/25-14:30:41,43) [khungtaskd]
(root,0,0,00:00:00/25-14:30:41,44) [oom_reaper]
(root,0,0,00:00:00/25-14:30:41,45) [writeback]
(root,0,0,00:01:15/25-14:30:41,46) [kcompactd0]
(root,0,0,00:00:00/25-14:30:41,47) [ksmd]
(root,0,0,00:01:14/25-14:30:41,48) [khugepaged]
(root,0,0,00:00:00/25-14:30:41,74) [kintegrityd]
(root,0,0,00:00:00/25-14:30:41,75) [kblockd]
(root,0,0,00:00:00/25-14:30:41,76) [blkcg_punt_bio]
(root,0,0,00:00:00/25-14:30:41,78) [tpm_dev_wq]
(root,0,0,00:00:00/25-14:30:41,79) [edac-poller]
(root,0,0,00:00:00/25-14:30:41,80) [devfreq_wq]
(root,0,0,00:00:00/25-14:30:41,110) [watchdogd]
(root,0,0,00:00:05/25-14:30:41,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:01/25-14:30:41,112) [kswapd0]
(root,0,0,00:00:00/25-14:30:40,114) [kthrotld]
(root,0,0,00:00:00/25-14:30:40,115) [mld]
(root,0,0,00:00:00/25-14:30:40,116) [ipv6_addrconf]
(root,0,0,00:00:11/25-14:30:40,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/25-14:30:40,122) [kstrp]
(root,0,0,00:00:00/25-14:30:40,123) [zswap-shrink]
(root,0,0,00:00:00/25-14:30:40,124) [kworker/u9:0]
(root,0,0,00:00:00/25-14:30:40,129) [charger_manager]
(root,0,0,00:00:05/25-14:30:39,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:05/25-14:30:39,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/25-14:30:39,205) [kaluad]
(root,0,0,00:00:00/25-14:30:39,250) [kmpath_rdacd]
(root,0,0,00:00:00/25-14:30:39,293) [kmpathd]
(root,0,0,00:00:00/25-14:30:39,294) [kmpath_handlerd]
(root,0,0,00:00:00/25-14:30:39,342) [ata_sff]
(root,0,0,00:00:00/25-14:30:38,343) [scsi_eh_0]
(root,0,0,00:00:00/25-14:30:38,344) [scsi_tmf_0]
(root,0,0,00:00:00/25-14:30:38,345) [scsi_eh_1]
(root,0,0,00:00:00/25-14:30:38,346) [scsi_tmf_1]
(root,0,0,00:00:41/25-14:30:36,366) [jbd2/vda1-8]
(root,0,0,00:00:00/25-14:30:36,367) [ext4-rsv-conver]
(root,38604,7876,00:00:36/25-14:30:24,440) /usr/lib/systemd/systemd-journald
(root,53164,9544,00:00:03/25-14:30:23,456) /usr/lib/systemd/systemd-udevd
(root,8624,6756,00:00:38/25-14:30:21,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:13/25-14:29:47,512) /sbin/auditd
(messagebus,22936,5640,00:01:11/25-14:29:47,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8556,00:00:41/25-14:29:47,531) /usr/lib/systemd/systemd-logind
(root,20556,5076,00:00:00/25-14:29:47,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16156,00:00:03/25-14:29:46,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16912,00:00:00/25-14:29:46,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548104,30844,00:00:29/25-14:29:32,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/25-14:29:32,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:02:22/25-14:29:31,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/25-14:29:31,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/25-14:29:31,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/25-14:29:31,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/25-14:29:31,1201) /usr/lib/systemd/systemd --user
(root,448968,8552,00:00:34/25-14:29:31,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6064,00:03:29/25-14:29:31,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/25-14:29:31,1206) bpfilter_umh
(root,26204,8300,00:00:11/25-14:29:31,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/25-14:29:31,1215) ntpd: asynchronous dns resolver
(spot,301792,188344,1-08:06:31/25-14:29:31,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/25-14:29:30,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/25-14:29:30,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/25-14:29:30,1245) (sd-pam)
(root,24216,5348,00:00:08/25-14:29:29,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:01/25-14:29:29,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:03/25-14:29:28,1354) /usr/sbin/cron -n
(root,694116,77808,00:33:30/25-14:29:22,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,218560,57996,00:10:11/25-14:29:08,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/04:57,4602) [kworker/1:1-ata_sff]
(root,0,0,00:00:00/36:04,6090) [kworker/1:0-events]
(root,0,0,00:00:00/37:47,6321) [kworker/u8:0-writeback]
(root,0,0,00:00:00/04:33,6556) [kworker/0:0-events_power_efficient]
(root,0,0,00:00:00/01:25:54,14356) [kworker/2:0-events]
(root,35308,10012,00:00:00/19-12:20:24,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:05/19-12:20:23,15391) sshd: cm-ssh
(root,0,0,00:00:01/01:53:28,16404) [kworker/0:1-events]
(root,35308,10072,00:00:00/9-13:49:02,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:33/9-13:49:01,16977) sshd: syslogtunnel
(root,0,0,00:00:00/10:22:52,17512) [kworker/u8:2-writeback]
(postfix,24244,8240,00:00:00/49:17,17853) pickup -l -t fifo -u
(root,0,0,00:00:00/11:20,18061) [kworker/3:0]
(root,0,0,00:00:07/07:33:16,21123) [kworker/2:1-events]
(root,0,0,00:00:00/10:07,22721) [kworker/1:2-events]
(root,6656,3484,00:00:00/00:00,27782) /bin/bash /usr/bin/check_mk_agent
(root,6656,1820,00:00:00/00:00,27823) /bin/bash /usr/bin/check_mk_agent
(root,6656,2012,00:00:00/00:00,27824) /bin/bash /usr/bin/check_mk_agent
(root,4480,1036,00:00:00/00:00,27825) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,816,00:00:00/00:00,27826) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2680,676,00:00:00/00:00,27827) cat /proc/net/tcp /proc/net/tcp6
(root,6656,3488,00:00:00/00:00,27828) /bin/bash /usr/bin/check_mk_agent
(root,13744,3372,00:00:00/00:00,27846) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,972,00:00:00/00:00,27847) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(postfix,44628,9372,00:00:00/19-19:06:09,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/17:57,30755) [kworker/3:1-events]
(root,0,0,00:00:00/24:38,31934) [kworker/0:2-cgroup_destroy]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-08 00:52

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836309fd074b

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12812,00:01:01/23-14:38:12,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/23-14:38:12,2) [kthreadd]
(root,0,0,00:00:00/23-14:38:12,3) [rcu_gp]
(root,0,0,00:00:00/23-14:38:12,4) [rcu_par_gp]
(root,0,0,00:00:00/23-14:38:12,5) [slub_flushwq]
(root,0,0,00:00:00/23-14:38:12,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/23-14:38:12,9) [mm_percpu_wq]
(root,0,0,00:00:00/23-14:38:12,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/23-14:38:12,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/23-14:38:12,12) [rcu_tasks_trace]
(root,0,0,00:00:43/23-14:38:12,13) [ksoftirqd/0]
(root,0,0,01:02:53/23-14:38:12,14) [rcu_preempt]
(root,0,0,00:00:08/23-14:38:12,15) [migration/0]
(root,0,0,00:00:00/23-14:38:12,16) [idle_inject/0]
(root,0,0,00:00:00/23-14:38:12,18) [cpuhp/0]
(root,0,0,00:00:00/23-14:38:12,19) [cpuhp/1]
(root,0,0,00:00:00/23-14:38:12,20) [idle_inject/1]
(root,0,0,00:00:09/23-14:38:12,21) [migration/1]
(root,0,0,00:00:37/23-14:38:12,22) [ksoftirqd/1]
(root,0,0,00:00:00/23-14:38:12,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/23-14:38:12,25) [cpuhp/2]
(root,0,0,00:00:00/23-14:38:12,26) [idle_inject/2]
(root,0,0,00:00:07/23-14:38:12,27) [migration/2]
(root,0,0,00:47:39/23-14:38:12,28) [ksoftirqd/2]
(root,0,0,00:00:00/23-14:38:12,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/23-14:38:12,31) [cpuhp/3]
(root,0,0,00:00:00/23-14:38:12,32) [idle_inject/3]
(root,0,0,00:00:08/23-14:38:12,33) [migration/3]
(root,0,0,00:02:10/23-14:38:12,34) [ksoftirqd/3]
(root,0,0,00:00:00/23-14:38:12,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/23-14:38:12,39) [kdevtmpfs]
(root,0,0,00:00:00/23-14:38:12,40) [netns]
(root,0,0,00:00:00/23-14:38:12,41) [inet_frag_wq]
(root,0,0,00:00:05/23-14:38:12,42) [kauditd]
(root,0,0,00:00:00/23-14:38:12,43) [khungtaskd]
(root,0,0,00:00:00/23-14:38:12,44) [oom_reaper]
(root,0,0,00:00:00/23-14:38:12,45) [writeback]
(root,0,0,00:01:09/23-14:38:12,46) [kcompactd0]
(root,0,0,00:00:00/23-14:38:12,47) [ksmd]
(root,0,0,00:01:08/23-14:38:12,48) [khugepaged]
(root,0,0,00:00:00/23-14:38:12,74) [kintegrityd]
(root,0,0,00:00:00/23-14:38:12,75) [kblockd]
(root,0,0,00:00:00/23-14:38:12,76) [blkcg_punt_bio]
(root,0,0,00:00:00/23-14:38:12,78) [tpm_dev_wq]
(root,0,0,00:00:00/23-14:38:12,79) [edac-poller]
(root,0,0,00:00:00/23-14:38:12,80) [devfreq_wq]
(root,0,0,00:00:00/23-14:38:12,110) [watchdogd]
(root,0,0,00:00:04/23-14:38:12,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:01/23-14:38:12,112) [kswapd0]
(root,0,0,00:00:00/23-14:38:11,114) [kthrotld]
(root,0,0,00:00:00/23-14:38:11,115) [mld]
(root,0,0,00:00:00/23-14:38:11,116) [ipv6_addrconf]
(root,0,0,00:00:10/23-14:38:11,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/23-14:38:11,122) [kstrp]
(root,0,0,00:00:00/23-14:38:11,123) [zswap-shrink]
(root,0,0,00:00:00/23-14:38:11,124) [kworker/u9:0]
(root,0,0,00:00:00/23-14:38:11,129) [charger_manager]
(root,0,0,00:00:05/23-14:38:10,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:05/23-14:38:10,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/23-14:38:10,205) [kaluad]
(root,0,0,00:00:00/23-14:38:10,250) [kmpath_rdacd]
(root,0,0,00:00:00/23-14:38:10,293) [kmpathd]
(root,0,0,00:00:00/23-14:38:10,294) [kmpath_handlerd]
(root,0,0,00:00:00/23-14:38:10,342) [ata_sff]
(root,0,0,00:00:00/23-14:38:09,343) [scsi_eh_0]
(root,0,0,00:00:00/23-14:38:09,344) [scsi_tmf_0]
(root,0,0,00:00:00/23-14:38:09,345) [scsi_eh_1]
(root,0,0,00:00:00/23-14:38:09,346) [scsi_tmf_1]
(root,0,0,00:00:37/23-14:38:07,366) [jbd2/vda1-8]
(root,0,0,00:00:00/23-14:38:07,367) [ext4-rsv-conver]
(root,38604,7876,00:00:34/23-14:37:55,440) /usr/lib/systemd/systemd-journald
(root,53164,9544,00:00:02/23-14:37:54,456) /usr/lib/systemd/systemd-udevd
(root,8624,6756,00:00:35/23-14:37:52,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:12/23-14:37:18,512) /sbin/auditd
(messagebus,22936,5640,00:01:07/23-14:37:18,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8556,00:00:38/23-14:37:18,531) /usr/lib/systemd/systemd-logind
(root,20556,5076,00:00:00/23-14:37:18,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16156,00:00:03/23-14:37:17,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16912,00:00:00/23-14:37:17,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548104,30324,00:00:26/23-14:37:03,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/23-14:37:03,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:02:09/23-14:37:02,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/23-14:37:02,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/23-14:37:02,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/23-14:37:02,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/23-14:37:02,1201) /usr/lib/systemd/systemd --user
(root,448968,8552,00:00:32/23-14:37:02,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6064,00:03:12/23-14:37:02,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/23-14:37:02,1206) bpfilter_umh
(root,26204,8300,00:00:10/23-14:37:02,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/23-14:37:02,1215) ntpd: asynchronous dns resolver
(spot,285452,172720,1-05:41:15/23-14:37:02,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/23-14:37:01,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/23-14:37:01,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/23-14:37:01,1245) (sd-pam)
(root,24216,5348,00:00:07/23-14:37:00,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:01/23-14:37:00,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:03/23-14:36:59,1354) /usr/sbin/cron -n
(root,693860,77156,00:30:48/23-14:36:53,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,217536,55852,00:08:45/23-14:36:39,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/14:05,4265) [kworker/u8:2-flush-253:0]
(root,0,0,00:00:00/01:19:46,7327) [kworker/0:0-events]
(root,0,0,00:00:00/03:28:37,7973) [kworker/0:1-events]
(root,6764,3612,00:00:00/00:00,9468) /bin/bash /usr/bin/check_mk_agent
(root,6656,3488,00:00:00/00:00,9616) /bin/bash /usr/bin/check_mk_agent
(root,0,0,00:00:00/00:00,9714) [check_mk_agent]
(root,6292,3124,00:00:00/00:00,9723) /bin/bash ././mk_inventory.linux
(root,29464,9384,00:00:00/00:00,9727) rpm -qa --qf %{NAME}\t%{VERSION}\t%{ARCH}\trpm\t%{RELEASE}\t%{SUMMARY}\t-\n
(root,6656,3488,00:00:00/00:00,9728) /bin/bash /usr/bin/check_mk_agent
(root,13744,3504,00:00:00/00:00,9746) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,9747) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/12:24,11498) [kworker/3:1-events]
(root,0,0,00:00:00/19:50,13370) [kworker/u8:1-flush-253:0]
(root,35308,10012,00:00:00/17-12:27:55,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:58/17-12:27:54,15391) sshd: cm-ssh
(postfix,24244,8204,00:00:00/01:18:36,15690) pickup -l -t fifo -u
(root,0,0,00:00:00/05:41,15975) [kworker/2:0-events]
(root,0,0,00:00:01/05:22:15,16672) [kworker/3:2-events]
(root,35308,10072,00:00:00/7-13:56:33,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:26/7-13:56:32,16977) sshd: syslogtunnel
(root,0,0,00:00:01/01:26:31,19831) [kworker/2:1-events]
(root,0,0,00:00:00/04:52,24035) [kworker/1:0-ata_sff]
(root,0,0,00:00:00/15:15,26077) [kworker/1:1-events]
(root,0,0,00:00:00/10:02,26329) [kworker/1:2-ata_sff]
(postfix,44628,9372,00:00:00/17-19:13:40,30472) tlsmgr -l -t unix -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-06 01:00

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363da1c149d

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12808,00:00:57/21-14:32:32,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/21-14:32:32,2) [kthreadd]
(root,0,0,00:00:00/21-14:32:32,3) [rcu_gp]
(root,0,0,00:00:00/21-14:32:32,4) [rcu_par_gp]
(root,0,0,00:00:00/21-14:32:32,5) [slub_flushwq]
(root,0,0,00:00:00/21-14:32:32,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/21-14:32:32,9) [mm_percpu_wq]
(root,0,0,00:00:00/21-14:32:32,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/21-14:32:32,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/21-14:32:32,12) [rcu_tasks_trace]
(root,0,0,00:00:39/21-14:32:32,13) [ksoftirqd/0]
(root,0,0,00:57:31/21-14:32:32,14) [rcu_preempt]
(root,0,0,00:00:08/21-14:32:32,15) [migration/0]
(root,0,0,00:00:00/21-14:32:32,16) [idle_inject/0]
(root,0,0,00:00:00/21-14:32:32,18) [cpuhp/0]
(root,0,0,00:00:00/21-14:32:32,19) [cpuhp/1]
(root,0,0,00:00:00/21-14:32:32,20) [idle_inject/1]
(root,0,0,00:00:08/21-14:32:32,21) [migration/1]
(root,0,0,00:00:34/21-14:32:32,22) [ksoftirqd/1]
(root,0,0,00:00:00/21-14:32:32,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/21-14:32:32,25) [cpuhp/2]
(root,0,0,00:00:00/21-14:32:32,26) [idle_inject/2]
(root,0,0,00:00:06/21-14:32:32,27) [migration/2]
(root,0,0,00:43:41/21-14:32:32,28) [ksoftirqd/2]
(root,0,0,00:00:00/21-14:32:32,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/21-14:32:32,31) [cpuhp/3]
(root,0,0,00:00:00/21-14:32:32,32) [idle_inject/3]
(root,0,0,00:00:08/21-14:32:32,33) [migration/3]
(root,0,0,00:02:00/21-14:32:32,34) [ksoftirqd/3]
(root,0,0,00:00:00/21-14:32:32,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/21-14:32:32,39) [kdevtmpfs]
(root,0,0,00:00:00/21-14:32:32,40) [netns]
(root,0,0,00:00:00/21-14:32:32,41) [inet_frag_wq]
(root,0,0,00:00:05/21-14:32:32,42) [kauditd]
(root,0,0,00:00:00/21-14:32:32,43) [khungtaskd]
(root,0,0,00:00:00/21-14:32:32,44) [oom_reaper]
(root,0,0,00:00:00/21-14:32:32,45) [writeback]
(root,0,0,00:01:03/21-14:32:32,46) [kcompactd0]
(root,0,0,00:00:00/21-14:32:32,47) [ksmd]
(root,0,0,00:01:02/21-14:32:32,48) [khugepaged]
(root,0,0,00:00:00/21-14:32:32,74) [kintegrityd]
(root,0,0,00:00:00/21-14:32:32,75) [kblockd]
(root,0,0,00:00:00/21-14:32:32,76) [blkcg_punt_bio]
(root,0,0,00:00:00/21-14:32:32,78) [tpm_dev_wq]
(root,0,0,00:00:00/21-14:32:32,79) [edac-poller]
(root,0,0,00:00:00/21-14:32:32,80) [devfreq_wq]
(root,0,0,00:00:00/21-14:32:32,110) [watchdogd]
(root,0,0,00:00:04/21-14:32:32,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:01/21-14:32:32,112) [kswapd0]
(root,0,0,00:00:00/21-14:32:31,114) [kthrotld]
(root,0,0,00:00:00/21-14:32:31,115) [mld]
(root,0,0,00:00:00/21-14:32:31,116) [ipv6_addrconf]
(root,0,0,00:00:09/21-14:32:31,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/21-14:32:31,122) [kstrp]
(root,0,0,00:00:00/21-14:32:31,123) [zswap-shrink]
(root,0,0,00:00:00/21-14:32:31,124) [kworker/u9:0]
(root,0,0,00:00:00/21-14:32:31,129) [charger_manager]
(root,0,0,00:00:04/21-14:32:30,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:04/21-14:32:30,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/21-14:32:30,205) [kaluad]
(root,0,0,00:00:00/21-14:32:30,250) [kmpath_rdacd]
(root,0,0,00:00:00/21-14:32:30,293) [kmpathd]
(root,0,0,00:00:00/21-14:32:30,294) [kmpath_handlerd]
(root,0,0,00:00:00/21-14:32:30,342) [ata_sff]
(root,0,0,00:00:00/21-14:32:29,343) [scsi_eh_0]
(root,0,0,00:00:00/21-14:32:29,344) [scsi_tmf_0]
(root,0,0,00:00:00/21-14:32:29,345) [scsi_eh_1]
(root,0,0,00:00:00/21-14:32:29,346) [scsi_tmf_1]
(root,0,0,00:00:33/21-14:32:27,366) [jbd2/vda1-8]
(root,0,0,00:00:00/21-14:32:27,367) [ext4-rsv-conver]
(root,38604,7876,00:00:31/21-14:32:15,440) /usr/lib/systemd/systemd-journald
(root,53164,9544,00:00:02/21-14:32:14,456) /usr/lib/systemd/systemd-udevd
(root,8624,6756,00:00:32/21-14:32:12,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:11/21-14:31:38,512) /sbin/auditd
(messagebus,22936,5640,00:01:03/21-14:31:38,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8556,00:00:36/21-14:31:38,531) /usr/lib/systemd/systemd-logind
(root,20556,5076,00:00:00/21-14:31:38,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16156,00:00:03/21-14:31:37,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16912,00:00:00/21-14:31:37,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548104,29804,00:00:24/21-14:31:23,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/21-14:31:23,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:02:00/21-14:31:22,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/21-14:31:22,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/21-14:31:22,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/21-14:31:22,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/21-14:31:22,1201) /usr/lib/systemd/systemd --user
(root,448968,8552,00:00:30/21-14:31:22,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6064,00:02:56/21-14:31:22,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/21-14:31:22,1206) bpfilter_umh
(root,26204,8300,00:00:09/21-14:31:22,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/21-14:31:22,1215) ntpd: asynchronous dns resolver
(spot,285180,171872,1-03:19:47/21-14:31:22,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/21-14:31:21,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/21-14:31:21,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/21-14:31:21,1245) (sd-pam)
(root,24216,5348,00:00:07/21-14:31:20,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:01/21-14:31:20,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:02/21-14:31:19,1354) /usr/sbin/cron -n
(root,693604,76796,00:28:07/21-14:31:13,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,216512,54960,00:07:25/21-14:30:59,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:03/03:13:15,1511) [kworker/2:0-events]
(root,0,0,00:00:00/54:39,1699) [kworker/u8:1-ext4-rsv-conversion]
(root,0,0,00:00:01/01:45:58,3242) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/02:13,3890) [kworker/1:0-events]
(root,0,0,00:00:00/01:11:16,3967) [kworker/0:1-events]
(postfix,24244,8180,00:00:00/01:34:50,7480) pickup -l -t fifo -u
(root,0,0,00:00:00/45:46,8023) [kworker/3:0]
(root,0,0,00:00:00/20:17,10807) [kworker/u8:0-writeback]
(root,0,0,00:00:00/07:37,14577) [kworker/2:1-events]
(root,0,0,00:00:00/07:25,15330) [kworker/1:1-ata_sff]
(root,35308,10012,00:00:00/15-12:22:15,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:51/15-12:22:14,15391) sshd: cm-ssh
(root,6656,3488,00:00:00/00:00,15497) /bin/bash /usr/bin/check_mk_agent
(root,6656,1824,00:00:00/00:00,15549) /bin/bash /usr/bin/check_mk_agent
(root,6656,2016,00:00:00/00:00,15550) /bin/bash /usr/bin/check_mk_agent
(root,4480,1064,00:00:00/00:00,15551) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,860,00:00:00/00:00,15552) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2680,680,00:00:00/00:00,15553) cat /proc/net/tcp /proc/net/tcp6
(root,6656,3488,00:00:00/00:00,15554) /bin/bash /usr/bin/check_mk_agent
(root,13744,3416,00:00:00/00:00,15572) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,15573) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,35308,10072,00:00:00/5-13:50:53,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:19/5-13:50:52,16977) sshd: syslogtunnel
(root,0,0,00:00:00/26:43,20907) [kworker/0:2]
(root,0,0,00:00:02/09:03:49,30433) [kworker/3:1-events]
(postfix,44628,9372,00:00:00/15-19:08:00,30472) tlsmgr -l -t unix -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-04 00:54

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e9e102c0

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12828,00:00:53/19-15:15:58,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/19-15:15:58,2) [kthreadd]
(root,0,0,00:00:00/19-15:15:58,3) [rcu_gp]
(root,0,0,00:00:00/19-15:15:58,4) [rcu_par_gp]
(root,0,0,00:00:00/19-15:15:58,5) [slub_flushwq]
(root,0,0,00:00:00/19-15:15:58,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/19-15:15:58,9) [mm_percpu_wq]
(root,0,0,00:00:00/19-15:15:58,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/19-15:15:58,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/19-15:15:58,12) [rcu_tasks_trace]
(root,0,0,00:00:36/19-15:15:58,13) [ksoftirqd/0]
(root,0,0,00:52:21/19-15:15:58,14) [rcu_preempt]
(root,0,0,00:00:07/19-15:15:58,15) [migration/0]
(root,0,0,00:00:00/19-15:15:58,16) [idle_inject/0]
(root,0,0,00:00:00/19-15:15:58,18) [cpuhp/0]
(root,0,0,00:00:00/19-15:15:58,19) [cpuhp/1]
(root,0,0,00:00:00/19-15:15:58,20) [idle_inject/1]
(root,0,0,00:00:07/19-15:15:58,21) [migration/1]
(root,0,0,00:00:31/19-15:15:58,22) [ksoftirqd/1]
(root,0,0,00:00:00/19-15:15:58,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/19-15:15:58,25) [cpuhp/2]
(root,0,0,00:00:00/19-15:15:58,26) [idle_inject/2]
(root,0,0,00:00:06/19-15:15:58,27) [migration/2]
(root,0,0,00:39:11/19-15:15:58,28) [ksoftirqd/2]
(root,0,0,00:00:00/19-15:15:58,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/19-15:15:58,31) [cpuhp/3]
(root,0,0,00:00:00/19-15:15:58,32) [idle_inject/3]
(root,0,0,00:00:07/19-15:15:58,33) [migration/3]
(root,0,0,00:01:49/19-15:15:58,34) [ksoftirqd/3]
(root,0,0,00:00:00/19-15:15:58,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/19-15:15:58,39) [kdevtmpfs]
(root,0,0,00:00:00/19-15:15:58,40) [netns]
(root,0,0,00:00:00/19-15:15:58,41) [inet_frag_wq]
(root,0,0,00:00:05/19-15:15:58,42) [kauditd]
(root,0,0,00:00:00/19-15:15:58,43) [khungtaskd]
(root,0,0,00:00:00/19-15:15:58,44) [oom_reaper]
(root,0,0,00:00:00/19-15:15:58,45) [writeback]
(root,0,0,00:00:57/19-15:15:58,46) [kcompactd0]
(root,0,0,00:00:00/19-15:15:58,47) [ksmd]
(root,0,0,00:00:57/19-15:15:58,48) [khugepaged]
(root,0,0,00:00:00/19-15:15:58,74) [kintegrityd]
(root,0,0,00:00:00/19-15:15:58,75) [kblockd]
(root,0,0,00:00:00/19-15:15:58,76) [blkcg_punt_bio]
(root,0,0,00:00:00/19-15:15:58,78) [tpm_dev_wq]
(root,0,0,00:00:00/19-15:15:58,79) [edac-poller]
(root,0,0,00:00:00/19-15:15:58,80) [devfreq_wq]
(root,0,0,00:00:00/19-15:15:58,110) [watchdogd]
(root,0,0,00:00:03/19-15:15:58,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:01/19-15:15:58,112) [kswapd0]
(root,0,0,00:00:00/19-15:15:57,114) [kthrotld]
(root,0,0,00:00:00/19-15:15:57,115) [mld]
(root,0,0,00:00:00/19-15:15:57,116) [ipv6_addrconf]
(root,0,0,00:00:08/19-15:15:57,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/19-15:15:57,122) [kstrp]
(root,0,0,00:00:00/19-15:15:57,123) [zswap-shrink]
(root,0,0,00:00:00/19-15:15:57,124) [kworker/u9:0]
(root,0,0,00:00:00/19-15:15:57,129) [charger_manager]
(root,0,0,00:00:04/19-15:15:56,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:04/19-15:15:56,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/19-15:15:56,205) [kaluad]
(root,0,0,00:00:00/19-15:15:56,250) [kmpath_rdacd]
(root,0,0,00:00:00/19-15:15:56,293) [kmpathd]
(root,0,0,00:00:00/19-15:15:56,294) [kmpath_handlerd]
(root,0,0,00:00:00/19-15:15:56,342) [ata_sff]
(root,0,0,00:00:00/19-15:15:55,343) [scsi_eh_0]
(root,0,0,00:00:00/19-15:15:55,344) [scsi_tmf_0]
(root,0,0,00:00:00/19-15:15:55,345) [scsi_eh_1]
(root,0,0,00:00:00/19-15:15:55,346) [scsi_tmf_1]
(root,0,0,00:00:29/19-15:15:53,366) [jbd2/vda1-8]
(root,0,0,00:00:00/19-15:15:53,367) [ext4-rsv-conver]
(root,38604,7876,00:00:29/19-15:15:41,440) /usr/lib/systemd/systemd-journald
(root,53164,9648,00:00:02/19-15:15:40,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:29/19-15:15:38,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:11/19-15:15:04,512) /sbin/auditd
(messagebus,22936,5672,00:00:58/19-15:15:04,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8556,00:00:33/19-15:15:04,531) /usr/lib/systemd/systemd-logind
(root,20556,5140,00:00:00/19-15:15:04,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16220,00:00:03/19-15:15:03,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16976,00:00:00/19-15:15:03,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548104,29812,00:00:22/19-15:14:49,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/19-15:14:49,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:01:50/19-15:14:48,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/19-15:14:48,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/19-15:14:48,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/19-15:14:48,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/19-15:14:48,1201) /usr/lib/systemd/systemd --user
(root,448968,8552,00:00:28/19-15:14:48,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6112,00:02:40/19-15:14:48,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/19-15:14:48,1206) bpfilter_umh
(root,26204,8300,00:00:09/19-15:14:48,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4236,00:00:00/19-15:14:48,1215) ntpd: asynchronous dns resolver
(spot,284860,171792,1-01:06:41/19-15:14:48,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/19-15:14:47,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/19-15:14:47,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/19-15:14:47,1245) (sd-pam)
(root,24216,5348,00:00:06/19-15:14:46,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:01/19-15:14:46,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:02/19-15:14:45,1354) /usr/sbin/cron -n
(root,692836,75760,00:25:30/19-15:14:39,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,215488,53056,00:06:35/19-15:14:25,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:02/07:17:22,3898) [kworker/3:2-events]
(root,0,0,00:00:00/02:17:36,4121) [kworker/u8:0-flush-253:0]
(postfix,24244,8224,00:00:00/59:09,8017) pickup -l -t fifo -u
(root,0,0,00:00:00/04:27,12244) [kworker/1:1-ata_sff]
(root,0,0,00:00:00/36:43,12709) [kworker/2:1-events]
(root,0,0,00:00:00/25:13,14635) [kworker/1:0-events]
(root,35308,10012,00:00:00/13-13:05:41,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:45/13-13:05:40,15391) sshd: cm-ssh
(root,35308,10072,00:00:00/3-14:34:19,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:12/3-14:34:18,16977) sshd: syslogtunnel
(root,0,0,00:00:00/01:08:06,20923) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:00/01:32:34,22794) [kworker/0:1]
(root,0,0,00:00:02/01:44:51,23007) [kworker/2:2-events]
(root,0,0,00:00:01/03:42:00,26126) [kworker/0:2-events]
(root,0,0,00:00:00/09:44,26393) [kworker/3:1-events]
(root,0,0,00:00:00/09:38,27444) [kworker/1:2-ata_sff]
(root,6656,3484,00:00:00/00:00,28054) /bin/bash /usr/bin/check_mk_agent
(root,6656,1820,00:00:00/00:00,28095) /bin/bash /usr/bin/check_mk_agent
(root,6656,2012,00:00:00/00:00,28096) /bin/bash /usr/bin/check_mk_agent
(root,4480,1160,00:00:00/00:00,28097) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,816,00:00:00/00:00,28098) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2676,1208,00:00:00/00:00,28099) cat /proc/net/tcp /proc/net/tcp6
(root,6656,3484,00:00:00/00:00,28100) /bin/bash /usr/bin/check_mk_agent
(root,13744,3488,00:00:00/00:00,28118) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,952,00:00:00/00:00,28119) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(postfix,44628,9416,00:00:00/13-19:51:26,30472) tlsmgr -l -t unix -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-02 01:38

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683630bdbf86b

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12824,00:00:49/17-14:37:43,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/17-14:37:43,2) [kthreadd]
(root,0,0,00:00:00/17-14:37:43,3) [rcu_gp]
(root,0,0,00:00:00/17-14:37:43,4) [rcu_par_gp]
(root,0,0,00:00:00/17-14:37:43,5) [slub_flushwq]
(root,0,0,00:00:00/17-14:37:43,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/17-14:37:43,9) [mm_percpu_wq]
(root,0,0,00:00:00/17-14:37:43,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/17-14:37:43,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/17-14:37:43,12) [rcu_tasks_trace]
(root,0,0,00:00:33/17-14:37:43,13) [ksoftirqd/0]
(root,0,0,00:47:10/17-14:37:43,14) [rcu_preempt]
(root,0,0,00:00:06/17-14:37:43,15) [migration/0]
(root,0,0,00:00:00/17-14:37:43,16) [idle_inject/0]
(root,0,0,00:00:00/17-14:37:43,18) [cpuhp/0]
(root,0,0,00:00:00/17-14:37:43,19) [cpuhp/1]
(root,0,0,00:00:00/17-14:37:43,20) [idle_inject/1]
(root,0,0,00:00:07/17-14:37:43,21) [migration/1]
(root,0,0,00:00:28/17-14:37:43,22) [ksoftirqd/1]
(root,0,0,00:00:00/17-14:37:43,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/17-14:37:43,25) [cpuhp/2]
(root,0,0,00:00:00/17-14:37:43,26) [idle_inject/2]
(root,0,0,00:00:05/17-14:37:43,27) [migration/2]
(root,0,0,00:36:00/17-14:37:43,28) [ksoftirqd/2]
(root,0,0,00:00:00/17-14:37:43,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/17-14:37:43,31) [cpuhp/3]
(root,0,0,00:00:00/17-14:37:43,32) [idle_inject/3]
(root,0,0,00:00:06/17-14:37:43,33) [migration/3]
(root,0,0,00:01:40/17-14:37:43,34) [ksoftirqd/3]
(root,0,0,00:00:00/17-14:37:43,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/17-14:37:43,39) [kdevtmpfs]
(root,0,0,00:00:00/17-14:37:43,40) [netns]
(root,0,0,00:00:00/17-14:37:43,41) [inet_frag_wq]
(root,0,0,00:00:04/17-14:37:43,42) [kauditd]
(root,0,0,00:00:00/17-14:37:43,43) [khungtaskd]
(root,0,0,00:00:00/17-14:37:43,44) [oom_reaper]
(root,0,0,00:00:00/17-14:37:43,45) [writeback]
(root,0,0,00:00:51/17-14:37:43,46) [kcompactd0]
(root,0,0,00:00:00/17-14:37:43,47) [ksmd]
(root,0,0,00:00:51/17-14:37:43,48) [khugepaged]
(root,0,0,00:00:00/17-14:37:43,74) [kintegrityd]
(root,0,0,00:00:00/17-14:37:43,75) [kblockd]
(root,0,0,00:00:00/17-14:37:43,76) [blkcg_punt_bio]
(root,0,0,00:00:00/17-14:37:43,78) [tpm_dev_wq]
(root,0,0,00:00:00/17-14:37:43,79) [edac-poller]
(root,0,0,00:00:00/17-14:37:43,80) [devfreq_wq]
(root,0,0,00:00:00/17-14:37:43,110) [watchdogd]
(root,0,0,00:00:03/17-14:37:43,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:01/17-14:37:43,112) [kswapd0]
(root,0,0,00:00:00/17-14:37:42,114) [kthrotld]
(root,0,0,00:00:00/17-14:37:42,115) [mld]
(root,0,0,00:00:00/17-14:37:42,116) [ipv6_addrconf]
(root,0,0,00:00:07/17-14:37:42,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/17-14:37:42,122) [kstrp]
(root,0,0,00:00:00/17-14:37:42,123) [zswap-shrink]
(root,0,0,00:00:00/17-14:37:42,124) [kworker/u9:0]
(root,0,0,00:00:00/17-14:37:42,129) [charger_manager]
(root,0,0,00:00:03/17-14:37:41,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:03/17-14:37:41,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/17-14:37:41,205) [kaluad]
(root,0,0,00:00:00/17-14:37:41,250) [kmpath_rdacd]
(root,0,0,00:00:00/17-14:37:41,293) [kmpathd]
(root,0,0,00:00:00/17-14:37:41,294) [kmpath_handlerd]
(root,0,0,00:00:00/17-14:37:41,342) [ata_sff]
(root,0,0,00:00:00/17-14:37:40,343) [scsi_eh_0]
(root,0,0,00:00:00/17-14:37:40,344) [scsi_tmf_0]
(root,0,0,00:00:00/17-14:37:40,345) [scsi_eh_1]
(root,0,0,00:00:00/17-14:37:40,346) [scsi_tmf_1]
(root,0,0,00:00:26/17-14:37:38,366) [jbd2/vda1-8]
(root,0,0,00:00:00/17-14:37:38,367) [ext4-rsv-conver]
(root,38604,7876,00:00:27/17-14:37:26,440) /usr/lib/systemd/systemd-journald
(root,53164,9648,00:00:02/17-14:37:25,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:26/17-14:37:23,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:10/17-14:36:49,512) /sbin/auditd
(messagebus,22936,5672,00:00:54/17-14:36:49,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8556,00:00:31/17-14:36:49,531) /usr/lib/systemd/systemd-logind
(root,20556,5140,00:00:00/17-14:36:49,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16220,00:00:03/17-14:36:48,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16976,00:00:00/17-14:36:48,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547848,29016,00:00:19/17-14:36:34,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/17-14:36:34,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:01:38/17-14:36:33,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/17-14:36:33,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/17-14:36:33,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/17-14:36:33,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/17-14:36:33,1201) /usr/lib/systemd/systemd --user
(root,448968,8552,00:00:26/17-14:36:33,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6112,00:02:23/17-14:36:33,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/17-14:36:33,1206) bpfilter_umh
(root,26204,8300,00:00:08/17-14:36:33,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4236,00:00:00/17-14:36:33,1215) ntpd: asynchronous dns resolver
(spot,284764,171768,23:08:44/17-14:36:33,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/17-14:36:32,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/17-14:36:32,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/17-14:36:32,1245) (sd-pam)
(root,24216,5348,00:00:05/17-14:36:31,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:01/17-14:36:31,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:02/17-14:36:30,1354) /usr/sbin/cron -n
(root,692236,75412,00:22:52/17-14:36:24,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,214464,51284,00:05:53/17-14:36:10,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/02:03:55,6422) [kworker/0:2-events]
(root,0,0,00:00:00/07:45,7955) [kworker/1:1-events]
(root,0,0,00:00:00/02:35,12982) [kworker/1:2-ata_sff]
(root,0,0,00:00:01/56:16,14661) [kworker/2:2-events]
(root,35308,10012,00:00:00/11-12:27:26,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:38/11-12:27:25,15391) sshd: cm-ssh
(root,35308,10072,00:00:00/1-13:56:04,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:05/1-13:56:03,16977) sshd: syslogtunnel
(postfix,24244,8200,00:00:00/42:46,18919) pickup -l -t fifo -u
(root,0,0,00:00:00/01:14:47,22787) [kworker/3:0-events]
(root,0,0,00:00:02/05:39:02,24312) [kworker/0:0-mm_percpu_wq]
(root,6656,3492,00:00:00/00:00,25448) /bin/bash /usr/bin/check_mk_agent
(root,13744,3432,00:00:00/00:00,25466) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,25467) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/01:14:21,26541) [kworker/u8:2-writeback]
(root,0,0,00:00:01/01:04:48,28099) [kworker/1:0-ata_sff]
(root,0,0,00:00:00/08:42:49,28658) [kworker/u8:1-events_unbound]
(postfix,44628,9416,00:00:00/11-19:13:11,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/49:56,32239) [kworker/2:1]
(root,0,0,00:00:01/04:24:52,32305) [kworker/3:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-30 00:59

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683630c52c7fc

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12824,00:00:45/15-14:42:55,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/15-14:42:55,2) [kthreadd]
(root,0,0,00:00:00/15-14:42:55,3) [rcu_gp]
(root,0,0,00:00:00/15-14:42:55,4) [rcu_par_gp]
(root,0,0,00:00:00/15-14:42:55,5) [slub_flushwq]
(root,0,0,00:00:00/15-14:42:55,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/15-14:42:55,9) [mm_percpu_wq]
(root,0,0,00:00:00/15-14:42:55,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/15-14:42:55,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/15-14:42:55,12) [rcu_tasks_trace]
(root,0,0,00:00:29/15-14:42:55,13) [ksoftirqd/0]
(root,0,0,00:41:56/15-14:42:55,14) [rcu_preempt]
(root,0,0,00:00:05/15-14:42:55,15) [migration/0]
(root,0,0,00:00:00/15-14:42:55,16) [idle_inject/0]
(root,0,0,00:00:00/15-14:42:55,18) [cpuhp/0]
(root,0,0,00:00:00/15-14:42:55,19) [cpuhp/1]
(root,0,0,00:00:00/15-14:42:55,20) [idle_inject/1]
(root,0,0,00:00:06/15-14:42:55,21) [migration/1]
(root,0,0,00:00:25/15-14:42:55,22) [ksoftirqd/1]
(root,0,0,00:00:00/15-14:42:55,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/15-14:42:55,25) [cpuhp/2]
(root,0,0,00:00:00/15-14:42:55,26) [idle_inject/2]
(root,0,0,00:00:05/15-14:42:55,27) [migration/2]
(root,0,0,00:32:27/15-14:42:55,28) [ksoftirqd/2]
(root,0,0,00:00:00/15-14:42:55,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/15-14:42:55,31) [cpuhp/3]
(root,0,0,00:00:00/15-14:42:55,32) [idle_inject/3]
(root,0,0,00:00:06/15-14:42:55,33) [migration/3]
(root,0,0,00:01:30/15-14:42:55,34) [ksoftirqd/3]
(root,0,0,00:00:00/15-14:42:55,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/15-14:42:55,39) [kdevtmpfs]
(root,0,0,00:00:00/15-14:42:55,40) [netns]
(root,0,0,00:00:00/15-14:42:55,41) [inet_frag_wq]
(root,0,0,00:00:04/15-14:42:55,42) [kauditd]
(root,0,0,00:00:00/15-14:42:55,43) [khungtaskd]
(root,0,0,00:00:00/15-14:42:55,44) [oom_reaper]
(root,0,0,00:00:00/15-14:42:55,45) [writeback]
(root,0,0,00:00:46/15-14:42:55,46) [kcompactd0]
(root,0,0,00:00:00/15-14:42:55,47) [ksmd]
(root,0,0,00:00:46/15-14:42:55,48) [khugepaged]
(root,0,0,00:00:00/15-14:42:55,74) [kintegrityd]
(root,0,0,00:00:00/15-14:42:55,75) [kblockd]
(root,0,0,00:00:00/15-14:42:55,76) [blkcg_punt_bio]
(root,0,0,00:00:00/15-14:42:55,78) [tpm_dev_wq]
(root,0,0,00:00:00/15-14:42:55,79) [edac-poller]
(root,0,0,00:00:00/15-14:42:55,80) [devfreq_wq]
(root,0,0,00:00:00/15-14:42:55,110) [watchdogd]
(root,0,0,00:00:03/15-14:42:55,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:01/15-14:42:55,112) [kswapd0]
(root,0,0,00:00:00/15-14:42:54,114) [kthrotld]
(root,0,0,00:00:00/15-14:42:54,115) [mld]
(root,0,0,00:00:00/15-14:42:54,116) [ipv6_addrconf]
(root,0,0,00:00:06/15-14:42:54,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/15-14:42:54,122) [kstrp]
(root,0,0,00:00:00/15-14:42:54,123) [zswap-shrink]
(root,0,0,00:00:00/15-14:42:54,124) [kworker/u9:0]
(root,0,0,00:00:00/15-14:42:54,129) [charger_manager]
(root,0,0,00:00:03/15-14:42:53,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:03/15-14:42:53,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/15-14:42:53,205) [kaluad]
(root,0,0,00:00:00/15-14:42:53,250) [kmpath_rdacd]
(root,0,0,00:00:00/15-14:42:53,293) [kmpathd]
(root,0,0,00:00:00/15-14:42:53,294) [kmpath_handlerd]
(root,0,0,00:00:00/15-14:42:53,342) [ata_sff]
(root,0,0,00:00:00/15-14:42:52,343) [scsi_eh_0]
(root,0,0,00:00:00/15-14:42:52,344) [scsi_tmf_0]
(root,0,0,00:00:00/15-14:42:52,345) [scsi_eh_1]
(root,0,0,00:00:00/15-14:42:52,346) [scsi_tmf_1]
(root,0,0,00:00:23/15-14:42:50,366) [jbd2/vda1-8]
(root,0,0,00:00:00/15-14:42:50,367) [ext4-rsv-conver]
(root,38604,7876,00:00:24/15-14:42:38,440) /usr/lib/systemd/systemd-journald
(root,53164,9648,00:00:01/15-14:42:37,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:23/15-14:42:35,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:09/15-14:42:01,512) /sbin/auditd
(messagebus,22936,5672,00:00:50/15-14:42:01,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8544,00:00:28/15-14:42:01,531) /usr/lib/systemd/systemd-logind
(root,20556,5140,00:00:00/15-14:42:01,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16220,00:00:03/15-14:42:00,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16976,00:00:00/15-14:42:00,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547848,27976,00:00:17/15-14:41:46,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/15-14:41:46,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:01:26/15-14:41:45,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/15-14:41:45,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/15-14:41:45,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/15-14:41:45,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/15-14:41:45,1201) /usr/lib/systemd/systemd --user
(root,448968,8584,00:00:24/15-14:41:45,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6112,00:02:06/15-14:41:45,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/15-14:41:45,1206) bpfilter_umh
(root,26204,8300,00:00:07/15-14:41:45,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4236,00:00:00/15-14:41:45,1215) ntpd: asynchronous dns resolver
(spot,285108,171296,21:00:17/15-14:41:45,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/15-14:41:44,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/15-14:41:44,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/15-14:41:44,1245) (sd-pam)
(root,24216,5348,00:00:05/15-14:41:43,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:01/15-14:41:43,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:02/15-14:41:42,1354) /usr/sbin/cron -n
(root,691980,74872,00:20:13/15-14:41:36,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,213440,49188,00:05:11/15-14:41:22,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/22:08,3117) [kworker/2:1]
(postfix,24244,8144,00:00:00/01:10:03,7227) pickup -l -t fifo -u
(root,0,0,00:00:00/27:46,8654) [kworker/0:2]
(root,35308,10012,00:00:00/8-06:37:49,8747) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5532,00:00:29/8-06:37:49,8749) sshd: syslogtunnel
(root,0,0,00:00:00/15:04,9870) [kworker/u8:0-events_unbound]
(root,0,0,00:00:00/01:35:13,10498) [kworker/3:0-events]
(root,0,0,00:00:02/01:57:51,10640) [kworker/2:2-events]
(root,0,0,00:00:00/45:02,13513) [kworker/u8:1-writeback]
(root,0,0,00:00:00/00:41,13705) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/44:37,15321) [kworker/3:1-cgroup_destroy]
(root,35308,10012,00:00:00/9-12:32:38,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:31/9-12:32:37,15391) sshd: cm-ssh
(root,0,0,00:00:01/01:34:06,16028) [kworker/1:1-events]
(root,6656,3492,00:00:00/00:00,19726) /bin/bash /usr/bin/check_mk_agent
(root,13744,3412,00:00:00/00:00,19744) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,960,00:00:00/00:00,19745) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:01/02:09:01,26890) [kworker/0:1-events]
(root,0,0,00:00:00/05:54,29686) [kworker/1:0-ata_sff]
(postfix,44628,9416,00:00:00/9-19:18:23,30472) tlsmgr -l -t unix -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-28 01:05

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363fd7f08ec

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12812,00:00:40/13-14:45:13,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/13-14:45:13,2) [kthreadd]
(root,0,0,00:00:00/13-14:45:13,3) [rcu_gp]
(root,0,0,00:00:00/13-14:45:13,4) [rcu_par_gp]
(root,0,0,00:00:00/13-14:45:13,5) [slub_flushwq]
(root,0,0,00:00:00/13-14:45:13,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/13-14:45:13,9) [mm_percpu_wq]
(root,0,0,00:00:00/13-14:45:13,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/13-14:45:13,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/13-14:45:13,12) [rcu_tasks_trace]
(root,0,0,00:00:25/13-14:45:13,13) [ksoftirqd/0]
(root,0,0,00:36:41/13-14:45:13,14) [rcu_preempt]
(root,0,0,00:00:05/13-14:45:13,15) [migration/0]
(root,0,0,00:00:00/13-14:45:13,16) [idle_inject/0]
(root,0,0,00:00:00/13-14:45:13,18) [cpuhp/0]
(root,0,0,00:00:00/13-14:45:13,19) [cpuhp/1]
(root,0,0,00:00:00/13-14:45:13,20) [idle_inject/1]
(root,0,0,00:00:05/13-14:45:13,21) [migration/1]
(root,0,0,00:00:22/13-14:45:13,22) [ksoftirqd/1]
(root,0,0,00:00:00/13-14:45:13,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/13-14:45:13,25) [cpuhp/2]
(root,0,0,00:00:00/13-14:45:13,26) [idle_inject/2]
(root,0,0,00:00:04/13-14:45:13,27) [migration/2]
(root,0,0,00:28:55/13-14:45:13,28) [ksoftirqd/2]
(root,0,0,00:00:00/13-14:45:13,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/13-14:45:13,31) [cpuhp/3]
(root,0,0,00:00:00/13-14:45:13,32) [idle_inject/3]
(root,0,0,00:00:05/13-14:45:13,33) [migration/3]
(root,0,0,00:01:20/13-14:45:13,34) [ksoftirqd/3]
(root,0,0,00:00:00/13-14:45:13,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/13-14:45:13,39) [kdevtmpfs]
(root,0,0,00:00:00/13-14:45:13,40) [netns]
(root,0,0,00:00:00/13-14:45:13,41) [inet_frag_wq]
(root,0,0,00:00:04/13-14:45:13,42) [kauditd]
(root,0,0,00:00:00/13-14:45:13,43) [khungtaskd]
(root,0,0,00:00:00/13-14:45:13,44) [oom_reaper]
(root,0,0,00:00:00/13-14:45:13,45) [writeback]
(root,0,0,00:00:40/13-14:45:13,46) [kcompactd0]
(root,0,0,00:00:00/13-14:45:13,47) [ksmd]
(root,0,0,00:00:40/13-14:45:13,48) [khugepaged]
(root,0,0,00:00:00/13-14:45:13,74) [kintegrityd]
(root,0,0,00:00:00/13-14:45:13,75) [kblockd]
(root,0,0,00:00:00/13-14:45:13,76) [blkcg_punt_bio]
(root,0,0,00:00:00/13-14:45:13,78) [tpm_dev_wq]
(root,0,0,00:00:00/13-14:45:13,79) [edac-poller]
(root,0,0,00:00:00/13-14:45:13,80) [devfreq_wq]
(root,0,0,00:00:00/13-14:45:13,110) [watchdogd]
(root,0,0,00:00:02/13-14:45:13,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:01/13-14:45:13,112) [kswapd0]
(root,0,0,00:00:00/13-14:45:12,114) [kthrotld]
(root,0,0,00:00:00/13-14:45:12,115) [mld]
(root,0,0,00:00:00/13-14:45:12,116) [ipv6_addrconf]
(root,0,0,00:00:05/13-14:45:12,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/13-14:45:12,122) [kstrp]
(root,0,0,00:00:00/13-14:45:12,123) [zswap-shrink]
(root,0,0,00:00:00/13-14:45:12,124) [kworker/u9:0]
(root,0,0,00:00:00/13-14:45:12,129) [charger_manager]
(root,0,0,00:00:02/13-14:45:11,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:03/13-14:45:11,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/13-14:45:11,205) [kaluad]
(root,0,0,00:00:00/13-14:45:11,250) [kmpath_rdacd]
(root,0,0,00:00:00/13-14:45:11,293) [kmpathd]
(root,0,0,00:00:00/13-14:45:11,294) [kmpath_handlerd]
(root,0,0,00:00:00/13-14:45:11,342) [ata_sff]
(root,0,0,00:00:00/13-14:45:10,343) [scsi_eh_0]
(root,0,0,00:00:00/13-14:45:10,344) [scsi_tmf_0]
(root,0,0,00:00:00/13-14:45:10,345) [scsi_eh_1]
(root,0,0,00:00:00/13-14:45:10,346) [scsi_tmf_1]
(root,0,0,00:00:20/13-14:45:08,366) [jbd2/vda1-8]
(root,0,0,00:00:00/13-14:45:08,367) [ext4-rsv-conver]
(root,38604,7876,00:00:22/13-14:44:56,440) /usr/lib/systemd/systemd-journald
(root,53164,9648,00:00:01/13-14:44:55,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:20/13-14:44:53,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:08/13-14:44:19,512) /sbin/auditd
(messagebus,22936,5672,00:00:45/13-14:44:19,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8536,00:00:25/13-14:44:19,531) /usr/lib/systemd/systemd-logind
(root,20556,5140,00:00:00/13-14:44:19,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16220,00:00:03/13-14:44:18,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16976,00:00:00/13-14:44:18,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547848,27716,00:00:15/13-14:44:04,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/13-14:44:04,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:01:13/13-14:44:03,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/13-14:44:03,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/13-14:44:03,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/13-14:44:03,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/13-14:44:03,1201) /usr/lib/systemd/systemd --user
(root,448968,8584,00:00:21/13-14:44:03,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6112,00:01:50/13-14:44:03,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/13-14:44:03,1206) bpfilter_umh
(root,26204,8300,00:00:07/13-14:44:03,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4236,00:00:00/13-14:44:03,1215) ntpd: asynchronous dns resolver
(spot,286836,171656,18:17:43/13-14:44:03,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/13-14:44:02,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/13-14:44:02,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/13-14:44:02,1245) (sd-pam)
(root,24216,5348,00:00:04/13-14:44:01,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:00/13-14:44:01,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:01/13-14:44:00,1354) /usr/sbin/cron -n
(root,691980,74552,00:17:36/13-14:43:54,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,212416,47908,00:04:30/13-14:43:40,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/01:23:14,2659) [kworker/2:0-events]
(root,6656,3488,00:00:00/00:00,4116) /bin/bash /usr/bin/check_mk_agent
(root,13744,3416,00:00:00/00:00,4134) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,952,00:00:00/00:00,4135) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:05/04:41:51,4939) [kworker/2:2-events]
(root,35308,10012,00:00:00/6-06:40:07,8747) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5532,00:00:22/6-06:40:07,8749) sshd: syslogtunnel
(root,0,0,00:00:00/01:28:14,13988) [kworker/0:0-events]
(root,0,0,00:00:00/10:39,14012) [kworker/u8:2-writeback]
(root,0,0,00:00:00/17:46,15008) [kworker/1:1-events]
(root,35308,10012,00:00:00/7-12:34:56,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:25/7-12:34:55,15391) sshd: cm-ssh
(postfix,24244,8212,00:00:00/01:34:15,19097) pickup -l -t fifo -u
(root,0,0,00:00:00/02:12,22403) [kworker/1:0-ata_sff]
(root,0,0,00:00:00/01:48:41,23451) [kworker/3:1-events]
(root,0,0,00:00:00/02:19:01,24348) [kworker/u8:1-ext4-rsv-conversion]
(root,0,0,00:00:00/07:25,29035) [kworker/1:2-ata_sff]
(postfix,44628,9416,00:00:00/7-19:20:41,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/01:38:28,31001) [kworker/0:2-events]
(root,0,0,00:00:01/05:12:31,31777) [kworker/3:0-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-26 01:07

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633bac7936

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12812,00:00:35/11-14:29:16,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/11-14:29:16,2) [kthreadd]
(root,0,0,00:00:00/11-14:29:16,3) [rcu_gp]
(root,0,0,00:00:00/11-14:29:16,4) [rcu_par_gp]
(root,0,0,00:00:00/11-14:29:16,5) [slub_flushwq]
(root,0,0,00:00:00/11-14:29:16,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/11-14:29:16,9) [mm_percpu_wq]
(root,0,0,00:00:00/11-14:29:16,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/11-14:29:16,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/11-14:29:16,12) [rcu_tasks_trace]
(root,0,0,00:00:21/11-14:29:16,13) [ksoftirqd/0]
(root,0,0,00:30:54/11-14:29:16,14) [rcu_preempt]
(root,0,0,00:00:04/11-14:29:16,15) [migration/0]
(root,0,0,00:00:00/11-14:29:16,16) [idle_inject/0]
(root,0,0,00:00:00/11-14:29:16,18) [cpuhp/0]
(root,0,0,00:00:00/11-14:29:16,19) [cpuhp/1]
(root,0,0,00:00:00/11-14:29:16,20) [idle_inject/1]
(root,0,0,00:00:04/11-14:29:16,21) [migration/1]
(root,0,0,00:00:18/11-14:29:16,22) [ksoftirqd/1]
(root,0,0,00:00:00/11-14:29:16,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/11-14:29:16,25) [cpuhp/2]
(root,0,0,00:00:00/11-14:29:16,26) [idle_inject/2]
(root,0,0,00:00:03/11-14:29:16,27) [migration/2]
(root,0,0,00:24:21/11-14:29:16,28) [ksoftirqd/2]
(root,0,0,00:00:00/11-14:29:16,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/11-14:29:16,31) [cpuhp/3]
(root,0,0,00:00:00/11-14:29:16,32) [idle_inject/3]
(root,0,0,00:00:04/11-14:29:16,33) [migration/3]
(root,0,0,00:01:06/11-14:29:16,34) [ksoftirqd/3]
(root,0,0,00:00:00/11-14:29:16,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/11-14:29:16,39) [kdevtmpfs]
(root,0,0,00:00:00/11-14:29:16,40) [netns]
(root,0,0,00:00:00/11-14:29:16,41) [inet_frag_wq]
(root,0,0,00:00:03/11-14:29:16,42) [kauditd]
(root,0,0,00:00:00/11-14:29:16,43) [khungtaskd]
(root,0,0,00:00:00/11-14:29:16,44) [oom_reaper]
(root,0,0,00:00:00/11-14:29:16,45) [writeback]
(root,0,0,00:00:33/11-14:29:16,46) [kcompactd0]
(root,0,0,00:00:00/11-14:29:16,47) [ksmd]
(root,0,0,00:00:34/11-14:29:16,48) [khugepaged]
(root,0,0,00:00:00/11-14:29:16,74) [kintegrityd]
(root,0,0,00:00:00/11-14:29:16,75) [kblockd]
(root,0,0,00:00:00/11-14:29:16,76) [blkcg_punt_bio]
(root,0,0,00:00:00/11-14:29:16,78) [tpm_dev_wq]
(root,0,0,00:00:00/11-14:29:16,79) [edac-poller]
(root,0,0,00:00:00/11-14:29:16,80) [devfreq_wq]
(root,0,0,00:00:00/11-14:29:16,110) [watchdogd]
(root,0,0,00:00:02/11-14:29:16,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/11-14:29:16,112) [kswapd0]
(root,0,0,00:00:00/11-14:29:15,114) [kthrotld]
(root,0,0,00:00:00/11-14:29:15,115) [mld]
(root,0,0,00:00:00/11-14:29:15,116) [ipv6_addrconf]
(root,0,0,00:00:04/11-14:29:15,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/11-14:29:15,122) [kstrp]
(root,0,0,00:00:00/11-14:29:15,123) [zswap-shrink]
(root,0,0,00:00:00/11-14:29:15,124) [kworker/u9:0]
(root,0,0,00:00:00/11-14:29:15,129) [charger_manager]
(root,0,0,00:00:02/11-14:29:14,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:02/11-14:29:14,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/11-14:29:14,205) [kaluad]
(root,0,0,00:00:00/11-14:29:14,250) [kmpath_rdacd]
(root,0,0,00:00:00/11-14:29:14,293) [kmpathd]
(root,0,0,00:00:00/11-14:29:14,294) [kmpath_handlerd]
(root,0,0,00:00:00/02:07,309) [kworker/1:0-ata_sff]
(root,0,0,00:00:00/11-14:29:14,342) [ata_sff]
(root,0,0,00:00:00/11-14:29:13,343) [scsi_eh_0]
(root,0,0,00:00:00/11-14:29:13,344) [scsi_tmf_0]
(root,0,0,00:00:00/11-14:29:13,345) [scsi_eh_1]
(root,0,0,00:00:00/11-14:29:13,346) [scsi_tmf_1]
(root,0,0,00:00:17/11-14:29:11,366) [jbd2/vda1-8]
(root,0,0,00:00:00/11-14:29:11,367) [ext4-rsv-conver]
(root,38604,7900,00:00:19/11-14:28:59,440) /usr/lib/systemd/systemd-journald
(root,53164,9680,00:00:01/11-14:28:58,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:17/11-14:28:56,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1636,00:00:07/11-14:28:22,512) /sbin/auditd
(messagebus,22936,5672,00:00:39/11-14:28:22,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8548,00:00:22/11-14:28:22,531) /usr/lib/systemd/systemd-logind
(root,20556,5140,00:00:00/11-14:28:22,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16220,00:00:03/11-14:28:21,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16976,00:00:00/11-14:28:21,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547848,27724,00:00:13/11-14:28:07,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/11-14:28:07,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:01:02/11-14:28:06,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/11-14:28:06,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/11-14:28:06,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/11-14:28:06,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/11-14:28:06,1201) /usr/lib/systemd/systemd --user
(root,448968,9084,00:00:18/11-14:28:06,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6224,00:01:33/11-14:28:06,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/11-14:28:06,1206) bpfilter_umh
(root,26204,8300,00:00:06/11-14:28:06,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4236,00:00:00/11-14:28:06,1215) ntpd: asynchronous dns resolver
(spot,284900,171168,14:24:33/11-14:28:06,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/11-14:28:05,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/11-14:28:05,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/11-14:28:05,1245) (sd-pam)
(root,24216,5348,00:00:03/11-14:28:04,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:00/11-14:28:04,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:01/11-14:28:03,1354) /usr/sbin/cron -n
(root,691724,74152,00:14:56/11-14:27:57,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,211392,46620,00:03:47/11-14:27:43,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/11:51:25,4619) [kworker/u8:0-ext4-rsv-conversion]
(postfix,24244,8200,00:00:00/01:38:58,7853) pickup -l -t fifo -u
(root,0,0,00:00:00/07:20,8058) [kworker/1:2-ata_sff]
(root,35308,10012,00:00:00/4-06:24:10,8747) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5532,00:00:15/4-06:24:10,8749) sshd: syslogtunnel
(root,0,0,00:00:00/07:08,8823) [kworker/3:2-events]
(root,6656,3484,00:00:00/00:00,9679) /bin/bash /usr/bin/check_mk_agent
(root,6656,3488,00:00:00/00:00,9699) /bin/bash /usr/bin/check_mk_agent
(root,13744,3408,00:00:00/00:00,9729) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,9730) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,35308,10012,00:00:00/5-12:18:59,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:18/5-12:18:58,15391) sshd: cm-ssh
(root,0,0,00:00:03/04:37:06,21671) [kworker/1:1-events]
(root,0,0,00:00:00/35:49,23413) [kworker/0:1-events]
(root,0,0,00:00:00/50:20,23908) [kworker/3:0-events]
(root,0,0,00:00:01/01:32:52,27030) [kworker/2:0-events]
(root,0,0,00:00:00/15:18,28081) [kworker/0:0-events]
(root,0,0,00:00:00/27:33,28261) [kworker/2:2-events]
(postfix,44628,9464,00:00:00/5-19:04:44,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/04:10:22,31970) [kworker/u8:2-flush-253:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-24 00:51

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683635344505e

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12812,00:00:30/9-14:30:08,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/9-14:30:08,2) [kthreadd]
(root,0,0,00:00:00/9-14:30:08,3) [rcu_gp]
(root,0,0,00:00:00/9-14:30:08,4) [rcu_par_gp]
(root,0,0,00:00:00/9-14:30:08,5) [slub_flushwq]
(root,0,0,00:00:00/9-14:30:08,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/9-14:30:08,9) [mm_percpu_wq]
(root,0,0,00:00:00/9-14:30:08,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/9-14:30:08,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/9-14:30:08,12) [rcu_tasks_trace]
(root,0,0,00:00:17/9-14:30:08,13) [ksoftirqd/0]
(root,0,0,00:25:26/9-14:30:08,14) [rcu_preempt]
(root,0,0,00:00:03/9-14:30:08,15) [migration/0]
(root,0,0,00:00:00/9-14:30:08,16) [idle_inject/0]
(root,0,0,00:00:00/9-14:30:08,18) [cpuhp/0]
(root,0,0,00:00:00/9-14:30:08,19) [cpuhp/1]
(root,0,0,00:00:00/9-14:30:08,20) [idle_inject/1]
(root,0,0,00:00:03/9-14:30:08,21) [migration/1]
(root,0,0,00:00:14/9-14:30:08,22) [ksoftirqd/1]
(root,0,0,00:00:00/9-14:30:08,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/9-14:30:08,25) [cpuhp/2]
(root,0,0,00:00:00/9-14:30:08,26) [idle_inject/2]
(root,0,0,00:00:03/9-14:30:08,27) [migration/2]
(root,0,0,00:20:27/9-14:30:08,28) [ksoftirqd/2]
(root,0,0,00:00:00/9-14:30:08,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/9-14:30:08,31) [cpuhp/3]
(root,0,0,00:00:00/9-14:30:08,32) [idle_inject/3]
(root,0,0,00:00:03/9-14:30:08,33) [migration/3]
(root,0,0,00:00:54/9-14:30:08,34) [ksoftirqd/3]
(root,0,0,00:00:00/9-14:30:08,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/9-14:30:08,39) [kdevtmpfs]
(root,0,0,00:00:00/9-14:30:08,40) [netns]
(root,0,0,00:00:00/9-14:30:08,41) [inet_frag_wq]
(root,0,0,00:00:03/9-14:30:08,42) [kauditd]
(root,0,0,00:00:00/9-14:30:08,43) [khungtaskd]
(root,0,0,00:00:00/9-14:30:08,44) [oom_reaper]
(root,0,0,00:00:00/9-14:30:08,45) [writeback]
(root,0,0,00:00:27/9-14:30:08,46) [kcompactd0]
(root,0,0,00:00:00/9-14:30:08,47) [ksmd]
(root,0,0,00:00:29/9-14:30:08,48) [khugepaged]
(root,0,0,00:00:00/9-14:30:08,74) [kintegrityd]
(root,0,0,00:00:00/9-14:30:08,75) [kblockd]
(root,0,0,00:00:00/9-14:30:08,76) [blkcg_punt_bio]
(root,0,0,00:00:00/9-14:30:08,78) [tpm_dev_wq]
(root,0,0,00:00:00/9-14:30:08,79) [edac-poller]
(root,0,0,00:00:00/9-14:30:08,80) [devfreq_wq]
(root,0,0,00:00:00/9-14:30:08,110) [watchdogd]
(root,0,0,00:00:01/9-14:30:08,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/9-14:30:08,112) [kswapd0]
(root,0,0,00:00:00/9-14:30:07,114) [kthrotld]
(root,0,0,00:00:00/9-14:30:07,115) [mld]
(root,0,0,00:00:00/9-14:30:07,116) [ipv6_addrconf]
(root,0,0,00:00:04/9-14:30:07,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/9-14:30:07,122) [kstrp]
(root,0,0,00:00:00/9-14:30:07,123) [zswap-shrink]
(root,0,0,00:00:00/9-14:30:07,124) [kworker/u9:0]
(root,0,0,00:00:00/9-14:30:07,129) [charger_manager]
(root,0,0,00:00:02/9-14:30:06,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:02/9-14:30:06,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/9-14:30:06,205) [kaluad]
(root,0,0,00:00:00/9-14:30:06,250) [kmpath_rdacd]
(root,0,0,00:00:00/9-14:30:06,293) [kmpathd]
(root,0,0,00:00:00/9-14:30:06,294) [kmpath_handlerd]
(root,0,0,00:00:00/9-14:30:06,342) [ata_sff]
(root,0,0,00:00:00/9-14:30:05,343) [scsi_eh_0]
(root,0,0,00:00:00/9-14:30:05,344) [scsi_tmf_0]
(root,0,0,00:00:00/9-14:30:05,345) [scsi_eh_1]
(root,0,0,00:00:00/9-14:30:05,346) [scsi_tmf_1]
(root,0,0,00:00:14/9-14:30:03,366) [jbd2/vda1-8]
(root,0,0,00:00:00/9-14:30:03,367) [ext4-rsv-conver]
(root,38604,7900,00:00:16/9-14:29:51,440) /usr/lib/systemd/systemd-journald
(root,53164,9680,00:00:01/9-14:29:50,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:14/9-14:29:48,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1636,00:00:06/9-14:29:14,512) /sbin/auditd
(messagebus,22936,5672,00:00:33/9-14:29:14,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8544,00:00:19/9-14:29:14,531) /usr/lib/systemd/systemd-logind
(root,20556,5140,00:00:00/9-14:29:14,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16220,00:00:03/9-14:29:13,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16976,00:00:00/9-14:29:13,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,6656,3488,00:00:00/00:00,648) /bin/bash /usr/bin/check_mk_agent
(root,6656,3484,00:00:00/00:00,649) /bin/bash /usr/bin/check_mk_agent
(root,13744,3416,00:00:00/00:00,683) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13744,3384,00:00:00/00:00,686) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11580,720,00:00:00/00:00,687) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,547592,26656,00:00:11/9-14:28:59,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/9-14:28:59,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4568,00:00:51/9-14:28:58,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/9-14:28:58,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/9-14:28:58,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/9-14:28:58,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/9-14:28:58,1201) /usr/lib/systemd/systemd --user
(root,448968,8820,00:00:16/9-14:28:58,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6224,00:01:16/9-14:28:58,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/9-14:28:58,1206) bpfilter_umh
(root,26204,8300,00:00:05/9-14:28:58,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4236,00:00:00/9-14:28:58,1215) ntpd: asynchronous dns resolver
(spot,284836,169712,11:15:09/9-14:28:58,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/9-14:28:57,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/9-14:28:57,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/9-14:28:57,1245) (sd-pam)
(root,24216,5348,00:00:03/9-14:28:56,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:00/9-14:28:56,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:01/9-14:28:55,1354) /usr/sbin/cron -n
(root,691336,73836,00:12:21/9-14:28:49,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,210368,45336,00:03:07/9-14:28:35,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:06/05:57:15,2819) [kworker/2:2-events]
(root,0,0,00:00:00/41:50,5542) [kworker/u8:2-flush-253:0]
(postfix,24244,8256,00:00:00/21:40,5772) pickup -l -t fifo -u
(root,0,0,00:00:00/13:24,8672) [kworker/2:1-cgroup_destroy]
(root,35308,10012,00:00:00/2-06:25:02,8747) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5532,00:00:08/2-06:25:02,8749) sshd: syslogtunnel
(root,0,0,00:00:00/04:24,10686) [kworker/1:0-ata_sff]
(root,0,0,00:00:00/19:58,10958) [kworker/1:1-events]
(root,0,0,00:00:00/03:45,14414) [kworker/2:0]
(root,35308,10012,00:00:00/3-12:19:51,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:11/3-12:19:50,15391) sshd: cm-ssh
(root,0,0,00:00:00/37:48,16880) [kworker/3:1-events]
(root,0,0,00:00:00/18:16,17419) [kworker/3:0-events]
(root,0,0,00:00:00/01:40:06,22486) [kworker/u8:1]
(root,0,0,00:00:00/09:35,24364) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/52:31,24499) [kworker/0:0]
(root,0,0,00:00:00/01:07:18,26656) [kworker/0:2-events]
(postfix,44628,9464,00:00:00/3-19:05:36,30472) tlsmgr -l -t unix -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-22 00:52

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363bebc07fc

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12768,00:00:26/8-02:48:21,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/8-02:48:21,2) [kthreadd]
(root,0,0,00:00:00/8-02:48:21,3) [rcu_gp]
(root,0,0,00:00:00/8-02:48:21,4) [rcu_par_gp]
(root,0,0,00:00:00/8-02:48:21,5) [slub_flushwq]
(root,0,0,00:00:00/8-02:48:21,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/8-02:48:21,9) [mm_percpu_wq]
(root,0,0,00:00:00/8-02:48:21,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/8-02:48:21,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/8-02:48:21,12) [rcu_tasks_trace]
(root,0,0,00:00:14/8-02:48:21,13) [ksoftirqd/0]
(root,0,0,00:21:25/8-02:48:21,14) [rcu_preempt]
(root,0,0,00:00:03/8-02:48:21,15) [migration/0]
(root,0,0,00:00:00/8-02:48:21,16) [idle_inject/0]
(root,0,0,00:00:00/8-02:48:21,18) [cpuhp/0]
(root,0,0,00:00:00/8-02:48:21,19) [cpuhp/1]
(root,0,0,00:00:00/8-02:48:21,20) [idle_inject/1]
(root,0,0,00:00:03/8-02:48:21,21) [migration/1]
(root,0,0,00:00:12/8-02:48:21,22) [ksoftirqd/1]
(root,0,0,00:00:00/8-02:48:21,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/8-02:48:21,25) [cpuhp/2]
(root,0,0,00:00:00/8-02:48:21,26) [idle_inject/2]
(root,0,0,00:00:02/8-02:48:21,27) [migration/2]
(root,0,0,00:17:02/8-02:48:21,28) [ksoftirqd/2]
(root,0,0,00:00:00/8-02:48:21,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/8-02:48:21,31) [cpuhp/3]
(root,0,0,00:00:00/8-02:48:21,32) [idle_inject/3]
(root,0,0,00:00:03/8-02:48:21,33) [migration/3]
(root,0,0,00:00:46/8-02:48:21,34) [ksoftirqd/3]
(root,0,0,00:00:00/8-02:48:21,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/8-02:48:21,39) [kdevtmpfs]
(root,0,0,00:00:00/8-02:48:21,40) [netns]
(root,0,0,00:00:00/8-02:48:21,41) [inet_frag_wq]
(root,0,0,00:00:02/8-02:48:21,42) [kauditd]
(root,0,0,00:00:00/8-02:48:21,43) [khungtaskd]
(root,0,0,00:00:00/8-02:48:21,44) [oom_reaper]
(root,0,0,00:00:00/8-02:48:21,45) [writeback]
(root,0,0,00:00:23/8-02:48:21,46) [kcompactd0]
(root,0,0,00:00:00/8-02:48:21,47) [ksmd]
(root,0,0,00:00:24/8-02:48:21,48) [khugepaged]
(root,0,0,00:00:00/8-02:48:21,74) [kintegrityd]
(root,0,0,00:00:00/8-02:48:21,75) [kblockd]
(root,0,0,00:00:00/8-02:48:21,76) [blkcg_punt_bio]
(root,0,0,00:00:00/8-02:48:21,78) [tpm_dev_wq]
(root,0,0,00:00:00/8-02:48:21,79) [edac-poller]
(root,0,0,00:00:00/8-02:48:21,80) [devfreq_wq]
(root,0,0,00:00:00/8-02:48:21,110) [watchdogd]
(root,0,0,00:00:01/8-02:48:21,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/8-02:48:21,112) [kswapd0]
(root,0,0,00:00:00/8-02:48:20,114) [kthrotld]
(root,0,0,00:00:00/8-02:48:20,115) [mld]
(root,0,0,00:00:00/8-02:48:20,116) [ipv6_addrconf]
(root,0,0,00:00:03/8-02:48:20,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/8-02:48:20,122) [kstrp]
(root,0,0,00:00:00/8-02:48:20,123) [zswap-shrink]
(root,0,0,00:00:00/8-02:48:20,124) [kworker/u9:0]
(root,0,0,00:00:00/8-02:48:20,129) [charger_manager]
(root,0,0,00:00:01/8-02:48:19,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:01/8-02:48:19,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/8-02:48:19,205) [kaluad]
(root,0,0,00:00:00/8-02:48:19,250) [kmpath_rdacd]
(root,0,0,00:00:00/8-02:48:19,293) [kmpathd]
(root,0,0,00:00:00/8-02:48:19,294) [kmpath_handlerd]
(root,0,0,00:00:00/8-02:48:19,342) [ata_sff]
(root,0,0,00:00:00/8-02:48:18,343) [scsi_eh_0]
(root,0,0,00:00:00/8-02:48:18,344) [scsi_tmf_0]
(root,0,0,00:00:00/8-02:48:18,345) [scsi_eh_1]
(root,0,0,00:00:00/8-02:48:18,346) [scsi_tmf_1]
(root,0,0,00:00:12/8-02:48:16,366) [jbd2/vda1-8]
(root,0,0,00:00:00/8-02:48:16,367) [ext4-rsv-conver]
(root,38604,7900,00:00:14/8-02:48:04,440) /usr/lib/systemd/systemd-journald
(root,53164,9680,00:00:01/8-02:48:03,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:12/8-02:48:01,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1636,00:00:05/8-02:47:27,512) /sbin/auditd
(messagebus,22936,5672,00:00:28/8-02:47:27,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8544,00:00:16/8-02:47:27,531) /usr/lib/systemd/systemd-logind
(root,20556,5140,00:00:00/8-02:47:27,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16220,00:00:03/8-02:47:26,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16976,00:00:00/8-02:47:26,627) /usr/sbin/wickedd-nanny --systemd --foreground
(postfix,24244,8168,00:00:00/01:21:16,830) pickup -l -t fifo -u
(root,547592,26136,00:00:09/8-02:47:12,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/8-02:47:12,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4568,00:00:44/8-02:47:11,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/8-02:47:11,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/8-02:47:11,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/8-02:47:11,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/8-02:47:11,1201) /usr/lib/systemd/systemd --user
(root,448968,8820,00:00:14/8-02:47:11,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6224,00:01:04/8-02:47:11,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/8-02:47:11,1206) bpfilter_umh
(root,26204,8300,00:00:04/8-02:47:11,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4236,00:00:00/8-02:47:11,1215) ntpd: asynchronous dns resolver
(spot,283076,169272,09:23:06/8-02:47:11,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/8-02:47:10,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/8-02:47:10,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/8-02:47:10,1245) (sd-pam)
(root,24216,5348,00:00:02/8-02:47:09,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:00/8-02:47:09,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:01/8-02:47:08,1354) /usr/sbin/cron -n
(root,691080,73640,00:10:25/8-02:47:02,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,209344,44120,00:02:36/8-02:46:48,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:01/01:55:00,2291) [kworker/2:1-events]
(root,0,0,00:00:00/02:25:00,3267) [kworker/u8:0-ext4-rsv-conversion]
(root,35308,10012,00:00:00/18:43:15,8747) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5532,00:00:02/18:43:15,8749) sshd: syslogtunnel
(root,0,0,00:00:00/55:00,14490) [kworker/u8:2-writeback]
(root,0,0,00:00:00/53:04,14716) [kworker/0:2]
(root,35308,10012,00:00:00/2-00:38:04,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:06/2-00:38:03,15391) sshd: cm-ssh
(root,0,0,00:00:00/42:13,17331) [kworker/3:0-events]
(root,0,0,00:00:00/31:22,19210) [kworker/0:0-events]
(root,0,0,00:00:01/03:16:15,20611) [kworker/1:0-events]
(root,0,0,00:00:00/24:10,21305) [kworker/3:2]
(root,0,0,00:00:00/16:55,22517) [kworker/2:0]
(root,0,0,00:00:00/09:28,23824) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/04:17,25178) [kworker/1:1-ata_sff]
(root,0,0,00:00:00/02:30,25879) [kworker/2:2-events]
(root,6656,3476,00:00:00/00:00,26697) /bin/bash /usr/bin/check_mk_agent
(root,13744,3416,00:00:00/00:00,26715) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,26716) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(postfix,44628,9464,00:00:00/2-07:23:49,30472) tlsmgr -l -t unix -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-20 13:10

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ba648fa9

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12768,00:00:24/7-12:29:40,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/7-12:29:40,2) [kthreadd]
(root,0,0,00:00:00/7-12:29:40,3) [rcu_gp]
(root,0,0,00:00:00/7-12:29:40,4) [rcu_par_gp]
(root,0,0,00:00:00/7-12:29:40,5) [slub_flushwq]
(root,0,0,00:00:00/7-12:29:40,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/7-12:29:40,9) [mm_percpu_wq]
(root,0,0,00:00:00/7-12:29:40,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/7-12:29:40,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/7-12:29:40,12) [rcu_tasks_trace]
(root,0,0,00:00:13/7-12:29:40,13) [ksoftirqd/0]
(root,0,0,00:19:46/7-12:29:40,14) [rcu_preempt]
(root,0,0,00:00:02/7-12:29:40,15) [migration/0]
(root,0,0,00:00:00/7-12:29:40,16) [idle_inject/0]
(root,0,0,00:00:00/7-12:29:40,18) [cpuhp/0]
(root,0,0,00:00:00/7-12:29:40,19) [cpuhp/1]
(root,0,0,00:00:00/7-12:29:40,20) [idle_inject/1]
(root,0,0,00:00:03/7-12:29:40,21) [migration/1]
(root,0,0,00:00:11/7-12:29:40,22) [ksoftirqd/1]
(root,0,0,00:00:00/7-12:29:40,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/7-12:29:40,25) [cpuhp/2]
(root,0,0,00:00:00/7-12:29:40,26) [idle_inject/2]
(root,0,0,00:00:02/7-12:29:40,27) [migration/2]
(root,0,0,00:15:53/7-12:29:40,28) [ksoftirqd/2]
(root,0,0,00:00:00/7-12:29:40,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/7-12:29:40,31) [cpuhp/3]
(root,0,0,00:00:00/7-12:29:40,32) [idle_inject/3]
(root,0,0,00:00:03/7-12:29:40,33) [migration/3]
(root,0,0,00:00:42/7-12:29:40,34) [ksoftirqd/3]
(root,0,0,00:00:00/7-12:29:40,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/7-12:29:40,39) [kdevtmpfs]
(root,0,0,00:00:00/7-12:29:40,40) [netns]
(root,0,0,00:00:00/7-12:29:40,41) [inet_frag_wq]
(root,0,0,00:00:02/7-12:29:40,42) [kauditd]
(root,0,0,00:00:00/7-12:29:40,43) [khungtaskd]
(root,0,0,00:00:00/7-12:29:40,44) [oom_reaper]
(root,0,0,00:00:00/7-12:29:40,45) [writeback]
(root,0,0,00:00:22/7-12:29:40,46) [kcompactd0]
(root,0,0,00:00:00/7-12:29:40,47) [ksmd]
(root,0,0,00:00:22/7-12:29:40,48) [khugepaged]
(root,0,0,00:00:00/7-12:29:40,74) [kintegrityd]
(root,0,0,00:00:00/7-12:29:40,75) [kblockd]
(root,0,0,00:00:00/7-12:29:40,76) [blkcg_punt_bio]
(root,0,0,00:00:00/7-12:29:40,78) [tpm_dev_wq]
(root,0,0,00:00:00/7-12:29:40,79) [edac-poller]
(root,0,0,00:00:00/7-12:29:40,80) [devfreq_wq]
(root,0,0,00:00:00/7-12:29:40,110) [watchdogd]
(root,0,0,00:00:01/7-12:29:40,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/7-12:29:40,112) [kswapd0]
(root,0,0,00:00:00/7-12:29:39,114) [kthrotld]
(root,0,0,00:00:00/7-12:29:39,115) [mld]
(root,0,0,00:00:00/7-12:29:39,116) [ipv6_addrconf]
(root,0,0,00:00:03/7-12:29:39,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/7-12:29:39,122) [kstrp]
(root,0,0,00:00:00/7-12:29:39,123) [zswap-shrink]
(root,0,0,00:00:00/7-12:29:39,124) [kworker/u9:0]
(root,0,0,00:00:00/7-12:29:39,129) [charger_manager]
(root,0,0,00:00:01/7-12:29:38,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:01/7-12:29:38,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/7-12:29:38,205) [kaluad]
(root,0,0,00:00:00/7-12:29:38,250) [kmpath_rdacd]
(root,0,0,00:00:00/7-12:29:38,293) [kmpathd]
(root,0,0,00:00:00/7-12:29:38,294) [kmpath_handlerd]
(root,0,0,00:00:00/7-12:29:38,342) [ata_sff]
(root,0,0,00:00:00/7-12:29:37,343) [scsi_eh_0]
(root,0,0,00:00:00/7-12:29:37,344) [scsi_tmf_0]
(root,0,0,00:00:00/7-12:29:37,345) [scsi_eh_1]
(root,0,0,00:00:00/7-12:29:37,346) [scsi_tmf_1]
(root,0,0,00:00:11/7-12:29:35,366) [jbd2/vda1-8]
(root,0,0,00:00:00/7-12:29:35,367) [ext4-rsv-conver]
(root,38604,7900,00:00:13/7-12:29:23,440) /usr/lib/systemd/systemd-journald
(root,53164,9680,00:00:01/7-12:29:22,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:11/7-12:29:20,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1636,00:00:04/7-12:28:46,512) /sbin/auditd
(messagebus,22936,5672,00:00:26/7-12:28:46,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8540,00:00:15/7-12:28:46,531) /usr/lib/systemd/systemd-logind
(root,20556,5140,00:00:00/7-12:28:46,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,0,0,00:00:00/13:46,589) [kworker/u8:0-writeback]
(root,31876,16220,00:00:03/7-12:28:45,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16976,00:00:00/7-12:28:45,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547592,25356,00:00:08/7-12:28:31,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/7-12:28:31,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4568,00:00:39/7-12:28:30,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/7-12:28:30,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/7-12:28:30,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/7-12:28:30,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/7-12:28:30,1201) /usr/lib/systemd/systemd --user
(root,448968,8820,00:00:13/7-12:28:30,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6224,00:00:59/7-12:28:30,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/7-12:28:30,1206) bpfilter_umh
(root,26204,8300,00:00:04/7-12:28:30,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4236,00:00:00/7-12:28:30,1215) ntpd: asynchronous dns resolver
(spot,284180,169548,08:31:30/7-12:28:30,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/7-12:28:29,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/7-12:28:29,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/7-12:28:29,1245) (sd-pam)
(root,24216,5348,00:00:02/7-12:28:28,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:00/7-12:28:28,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:01/7-12:28:27,1354) /usr/sbin/cron -n
(root,691080,73620,00:09:38/7-12:28:21,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,209344,43784,00:02:24/7-12:28:07,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/39:19,1729) [kworker/0:2-events]
(root,0,0,00:00:00/32:06,3298) [kworker/2:1-events]
(root,0,0,00:00:00/06:51,6632) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/01:08:35,7055) [kworker/3:2-events]
(root,0,0,00:00:00/46:41,8300) [kworker/3:1-events]
(root,35308,10012,00:00:00/04:24:34,8747) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5532,00:00:00/04:24:34,8749) sshd: syslogtunnel
(root,6656,3488,00:00:00/00:00,10181) /bin/bash /usr/bin/check_mk_agent
(root,13744,3428,00:00:00/00:00,10199) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,952,00:00:00/00:00,10200) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,35308,10012,00:00:00/1-10:19:23,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:04/1-10:19:22,15391) sshd: cm-ssh
(root,0,0,00:00:00/10:41,17554) [kworker/0:1-events]
(postfix,24244,8324,00:00:00/23:04,18194) pickup -l -t fifo -u
(root,0,0,00:00:00/36:19,18809) [kworker/u8:1-ext4-rsv-conversion]
(root,0,0,00:00:00/43:10,21988) [kworker/1:0-events]
(postfix,44628,9464,00:00:00/1-17:05:08,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/14:16,30892) [kworker/2:2]
(root,0,0,00:00:00/01:40,32541) [kworker/1:1-ata_sff]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-19 22:51

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363bcf7c272

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12768,00:00:18/5-11:30:56,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/5-11:30:56,2) [kthreadd]
(root,0,0,00:00:00/5-11:30:56,3) [rcu_gp]
(root,0,0,00:00:00/5-11:30:56,4) [rcu_par_gp]
(root,0,0,00:00:00/5-11:30:56,5) [slub_flushwq]
(root,0,0,00:00:00/5-11:30:56,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/5-11:30:56,9) [mm_percpu_wq]
(root,0,0,00:00:00/5-11:30:56,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/5-11:30:56,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/5-11:30:56,12) [rcu_tasks_trace]
(root,0,0,00:00:08/5-11:30:56,13) [ksoftirqd/0]
(root,0,0,00:14:14/5-11:30:56,14) [rcu_preempt]
(root,0,0,00:00:02/5-11:30:56,15) [migration/0]
(root,0,0,00:00:00/5-11:30:56,16) [idle_inject/0]
(root,0,0,00:00:00/5-11:30:56,18) [cpuhp/0]
(root,0,0,00:00:00/5-11:30:56,19) [cpuhp/1]
(root,0,0,00:00:00/5-11:30:56,20) [idle_inject/1]
(root,0,0,00:00:02/5-11:30:56,21) [migration/1]
(root,0,0,00:00:07/5-11:30:56,22) [ksoftirqd/1]
(root,0,0,00:00:00/5-11:30:56,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/5-11:30:56,25) [cpuhp/2]
(root,0,0,00:00:00/5-11:30:56,26) [idle_inject/2]
(root,0,0,00:00:01/5-11:30:56,27) [migration/2]
(root,0,0,00:11:45/5-11:30:56,28) [ksoftirqd/2]
(root,0,0,00:00:00/5-11:30:56,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/5-11:30:56,31) [cpuhp/3]
(root,0,0,00:00:00/5-11:30:56,32) [idle_inject/3]
(root,0,0,00:00:02/5-11:30:56,33) [migration/3]
(root,0,0,00:00:29/5-11:30:56,34) [ksoftirqd/3]
(root,0,0,00:00:00/5-11:30:56,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/5-11:30:56,39) [kdevtmpfs]
(root,0,0,00:00:00/5-11:30:56,40) [netns]
(root,0,0,00:00:00/5-11:30:56,41) [inet_frag_wq]
(root,0,0,00:00:01/5-11:30:56,42) [kauditd]
(root,0,0,00:00:00/5-11:30:56,43) [khungtaskd]
(root,0,0,00:00:00/5-11:30:56,44) [oom_reaper]
(root,0,0,00:00:00/5-11:30:56,45) [writeback]
(root,0,0,00:00:14/5-11:30:56,46) [kcompactd0]
(root,0,0,00:00:00/5-11:30:56,47) [ksmd]
(root,0,0,00:00:15/5-11:30:56,48) [khugepaged]
(root,0,0,00:00:00/5-11:30:56,74) [kintegrityd]
(root,0,0,00:00:00/5-11:30:56,75) [kblockd]
(root,0,0,00:00:00/5-11:30:56,76) [blkcg_punt_bio]
(root,0,0,00:00:00/5-11:30:56,78) [tpm_dev_wq]
(root,0,0,00:00:00/5-11:30:56,79) [edac-poller]
(root,0,0,00:00:00/5-11:30:56,80) [devfreq_wq]
(root,0,0,00:00:00/5-11:30:56,110) [watchdogd]
(root,0,0,00:00:01/5-11:30:56,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/5-11:30:56,112) [kswapd0]
(root,0,0,00:00:00/5-11:30:55,114) [kthrotld]
(root,0,0,00:00:00/5-11:30:55,115) [mld]
(root,0,0,00:00:00/5-11:30:55,116) [ipv6_addrconf]
(root,0,0,00:00:02/5-11:30:55,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/5-11:30:55,122) [kstrp]
(root,0,0,00:00:00/5-11:30:55,123) [zswap-shrink]
(root,0,0,00:00:00/5-11:30:55,124) [kworker/u9:0]
(root,0,0,00:00:00/5-11:30:55,129) [charger_manager]
(root,0,0,00:00:01/5-11:30:54,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:01/5-11:30:54,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/5-11:30:54,205) [kaluad]
(root,0,0,00:00:00/5-11:30:54,250) [kmpath_rdacd]
(root,0,0,00:00:00/5-11:30:54,293) [kmpathd]
(root,0,0,00:00:00/5-11:30:54,294) [kmpath_handlerd]
(root,0,0,00:00:00/5-11:30:54,342) [ata_sff]
(root,0,0,00:00:00/5-11:30:53,343) [scsi_eh_0]
(root,0,0,00:00:00/5-11:30:53,344) [scsi_tmf_0]
(root,0,0,00:00:00/5-11:30:53,345) [scsi_eh_1]
(root,0,0,00:00:00/5-11:30:53,346) [scsi_tmf_1]
(root,0,0,00:00:08/5-11:30:51,366) [jbd2/vda1-8]
(root,0,0,00:00:00/5-11:30:51,367) [ext4-rsv-conver]
(root,38604,7544,00:00:09/5-11:30:39,440) /usr/lib/systemd/systemd-journald
(root,53164,9776,00:00:00/5-11:30:38,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:08/5-11:30:36,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:03/5-11:30:02,512) /sbin/auditd
(messagebus,22936,5824,00:00:19/5-11:30:02,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8540,00:00:11/5-11:30:02,531) /usr/lib/systemd/systemd-logind
(root,20556,6104,00:00:00/5-11:30:02,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,17312,00:00:03/5-11:30:01,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,17960,00:00:00/5-11:30:01,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547592,25572,00:00:06/5-11:29:47,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26748,00:00:00/5-11:29:47,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4568,00:00:27/5-11:29:46,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1756,00:00:00/5-11:29:46,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/5-11:29:46,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/5-11:29:46,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/5-11:29:46,1201) /usr/lib/systemd/systemd --user
(root,448968,8640,00:00:10/5-11:29:46,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6484,00:00:42/5-11:29:46,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/5-11:29:46,1206) bpfilter_umh
(root,26204,8340,00:00:03/5-11:29:46,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4384,00:00:00/5-11:29:46,1215) ntpd: asynchronous dns resolver
(spot,276008,163700,05:59:55/5-11:29:46,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/5-11:29:45,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/5-11:29:45,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/5-11:29:45,1245) (sd-pam)
(root,24216,5348,00:00:01/5-11:29:44,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:00/5-11:29:44,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:00/5-11:29:43,1354) /usr/sbin/cron -n
(root,691080,73440,00:06:57/5-11:29:37,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,208320,42484,00:01:44/5-11:29:23,1380) /usr/bin/python3.11 /usr/bin/spot
(root,6656,3496,00:00:00/00:00,3835) /bin/bash /usr/bin/check_mk_agent
(root,13744,3408,00:00:00/00:00,3853) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,968,00:00:00/00:00,3854) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/21:49,4430) [kworker/0:0-events]
(root,35308,10024,00:00:00/3-13:22:32,4679) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5592,00:00:12/3-13:22:32,4681) sshd: syslogtunnel
(root,35308,10044,00:00:00/3-13:22:17,4686) sshd: cm-ssh [priv]
(cm-ssh,35308,5396,00:00:10/3-13:22:17,4688) sshd: cm-ssh
(root,0,0,00:00:00/07:07,7039) [kworker/1:1-ata_sff]
(root,0,0,00:00:05/12:00:39,13342) [kworker/1:0-events]
(root,0,0,00:00:01/01:51:22,22417) [kworker/2:2-events]
(root,0,0,00:00:00/01:51:18,22418) [kworker/u8:2-flush-253:0]
(root,0,0,00:00:00/03:22:35,26136) [kworker/u8:1-ext4-rsv-conversion]
(postfix,24244,8272,00:00:00/01:25:15,27452) pickup -l -t fifo -u
(root,0,0,00:00:00/05:02:31,27907) [kworker/3:1-cgroup_destroy]
(root,0,0,00:00:00/01:57,28062) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/01:08:48,28891) [kworker/3:2-events]
(root,0,0,00:00:00/56:02,29918) [kworker/2:0]
(root,0,0,00:00:00/38:55,31879) [kworker/0:2-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-17 21:53

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683630ea01592

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12768,00:00:13/3-15:12:23,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/3-15:12:23,2) [kthreadd]
(root,0,0,00:00:00/3-15:12:23,3) [rcu_gp]
(root,0,0,00:00:00/3-15:12:23,4) [rcu_par_gp]
(root,0,0,00:00:00/3-15:12:23,5) [slub_flushwq]
(root,0,0,00:00:00/3-15:12:23,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/3-15:12:23,9) [mm_percpu_wq]
(root,0,0,00:00:00/3-15:12:23,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/3-15:12:23,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/3-15:12:23,12) [rcu_tasks_trace]
(root,0,0,00:00:05/3-15:12:23,13) [ksoftirqd/0]
(root,0,0,00:09:30/3-15:12:23,14) [rcu_preempt]
(root,0,0,00:00:01/3-15:12:23,15) [migration/0]
(root,0,0,00:00:00/3-15:12:23,16) [idle_inject/0]
(root,0,0,00:00:00/3-15:12:23,18) [cpuhp/0]
(root,0,0,00:00:00/3-15:12:23,19) [cpuhp/1]
(root,0,0,00:00:00/3-15:12:23,20) [idle_inject/1]
(root,0,0,00:00:01/3-15:12:23,21) [migration/1]
(root,0,0,00:00:05/3-15:12:23,22) [ksoftirqd/1]
(root,0,0,00:00:00/3-15:12:23,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/3-15:12:23,25) [cpuhp/2]
(root,0,0,00:00:00/3-15:12:23,26) [idle_inject/2]
(root,0,0,00:00:01/3-15:12:23,27) [migration/2]
(root,0,0,00:08:01/3-15:12:23,28) [ksoftirqd/2]
(root,0,0,00:00:00/3-15:12:23,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/3-15:12:23,31) [cpuhp/3]
(root,0,0,00:00:00/3-15:12:23,32) [idle_inject/3]
(root,0,0,00:00:01/3-15:12:23,33) [migration/3]
(root,0,0,00:00:20/3-15:12:23,34) [ksoftirqd/3]
(root,0,0,00:00:00/3-15:12:23,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/3-15:12:23,39) [kdevtmpfs]
(root,0,0,00:00:00/3-15:12:23,40) [netns]
(root,0,0,00:00:00/3-15:12:23,41) [inet_frag_wq]
(root,0,0,00:00:01/3-15:12:23,42) [kauditd]
(root,0,0,00:00:00/3-15:12:23,43) [khungtaskd]
(root,0,0,00:00:00/3-15:12:23,44) [oom_reaper]
(root,0,0,00:00:00/3-15:12:23,45) [writeback]
(root,0,0,00:00:09/3-15:12:23,46) [kcompactd0]
(root,0,0,00:00:00/3-15:12:23,47) [ksmd]
(root,0,0,00:00:10/3-15:12:23,48) [khugepaged]
(root,0,0,00:00:00/3-15:12:23,74) [kintegrityd]
(root,0,0,00:00:00/3-15:12:23,75) [kblockd]
(root,0,0,00:00:00/3-15:12:23,76) [blkcg_punt_bio]
(root,0,0,00:00:00/3-15:12:23,78) [tpm_dev_wq]
(root,0,0,00:00:00/3-15:12:23,79) [edac-poller]
(root,0,0,00:00:00/3-15:12:23,80) [devfreq_wq]
(root,0,0,00:00:00/3-15:12:23,110) [watchdogd]
(root,0,0,00:00:00/3-15:12:23,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/3-15:12:23,112) [kswapd0]
(root,0,0,00:00:00/3-15:12:22,114) [kthrotld]
(root,0,0,00:00:00/3-15:12:22,115) [mld]
(root,0,0,00:00:00/3-15:12:22,116) [ipv6_addrconf]
(root,0,0,00:00:01/3-15:12:22,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/3-15:12:22,122) [kstrp]
(root,0,0,00:00:00/3-15:12:22,123) [zswap-shrink]
(root,0,0,00:00:00/3-15:12:22,124) [kworker/u9:0]
(root,0,0,00:00:00/3-15:12:22,129) [charger_manager]
(root,0,0,00:00:00/3-15:12:21,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/3-15:12:21,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/3-15:12:21,205) [kaluad]
(root,0,0,00:00:00/3-15:12:21,250) [kmpath_rdacd]
(root,0,0,00:00:00/3-15:12:21,293) [kmpathd]
(root,0,0,00:00:00/3-15:12:21,294) [kmpath_handlerd]
(root,0,0,00:00:00/3-15:12:21,342) [ata_sff]
(root,0,0,00:00:00/3-15:12:20,343) [scsi_eh_0]
(root,0,0,00:00:00/3-15:12:20,344) [scsi_tmf_0]
(root,0,0,00:00:00/3-15:12:20,345) [scsi_eh_1]
(root,0,0,00:00:00/3-15:12:20,346) [scsi_tmf_1]
(root,0,0,00:00:05/3-15:12:18,366) [jbd2/vda1-8]
(root,0,0,00:00:00/3-15:12:18,367) [ext4-rsv-conver]
(root,38604,7544,00:00:07/3-15:12:06,440) /usr/lib/systemd/systemd-journald
(root,53164,9776,00:00:00/3-15:12:05,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:05/3-15:12:03,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:02/3-15:11:29,512) /sbin/auditd
(messagebus,22936,5824,00:00:14/3-15:11:29,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8540,00:00:08/3-15:11:29,531) /usr/lib/systemd/systemd-logind
(root,20556,6104,00:00:00/3-15:11:29,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,17312,00:00:03/3-15:11:28,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,17960,00:00:00/3-15:11:28,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547336,24748,00:00:04/3-15:11:14,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26748,00:00:00/3-15:11:14,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4568,00:00:18/3-15:11:13,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1756,00:00:00/3-15:11:13,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/3-15:11:13,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/3-15:11:13,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/3-15:11:13,1201) /usr/lib/systemd/systemd --user
(root,448968,8640,00:00:07/3-15:11:13,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6484,00:00:28/3-15:11:13,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/3-15:11:13,1206) bpfilter_umh
(root,26204,8340,00:00:02/3-15:11:13,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4384,00:00:00/3-15:11:13,1215) ntpd: asynchronous dns resolver
(spot,273852,162296,04:12:18/3-15:11:13,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/3-15:11:12,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/3-15:11:12,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/3-15:11:12,1245) (sd-pam)
(root,0,0,00:00:00/19:08,1284) [kworker/2:1]
(root,24216,5348,00:00:01/3-15:11:11,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:00/3-15:11:11,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:00/3-15:11:10,1354) /usr/sbin/cron -n
(root,689544,71904,00:04:39/3-15:11:04,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,207296,41156,00:01:10/3-15:10:50,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/01:08:25,1655) [kworker/0:1-events]
(root,0,0,00:00:04/03:43:45,3235) [kworker/2:0-events]
(root,35308,10024,00:00:00/1-17:03:59,4679) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5592,00:00:05/1-17:03:59,4681) sshd: syslogtunnel
(root,35308,10044,00:00:00/1-17:03:44,4686) sshd: cm-ssh [priv]
(cm-ssh,35308,5396,00:00:05/1-17:03:44,4688) sshd: cm-ssh
(root,0,0,00:00:00/02:21:33,4707) [kworker/0:2-events]
(root,6656,3492,00:00:00/00:00,10183) /bin/bash /usr/bin/check_mk_agent
(root,13744,3448,00:00:00/00:00,10201) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,956,00:00:00/00:00,10202) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(postfix,24244,8164,00:00:00/28:33,13818) pickup -l -t fifo -u
(root,0,0,00:00:01/01:30:42,19322) [kworker/1:1-events]
(root,0,0,00:00:00/01:29:02,25346) [kworker/u8:0-flush-253:0]
(root,0,0,00:00:00/07:42,25518) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/07:21,26463) [kworker/3:0-events]
(root,0,0,00:00:00/02:32,28129) [kworker/1:0-ata_sff]
(root,0,0,00:00:00/05:19:00,30146) [kworker/u8:2]
(root,0,0,00:00:00/42:35,30663) [kworker/3:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-16 01:34

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633fcdf672

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12692,00:00:13/3-12:11:52,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/3-12:11:52,2) [kthreadd]
(root,0,0,00:00:00/3-12:11:52,3) [rcu_gp]
(root,0,0,00:00:00/3-12:11:52,4) [rcu_par_gp]
(root,0,0,00:00:00/3-12:11:52,5) [slub_flushwq]
(root,0,0,00:00:00/3-12:11:52,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/3-12:11:52,9) [mm_percpu_wq]
(root,0,0,00:00:00/3-12:11:52,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/3-12:11:52,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/3-12:11:52,12) [rcu_tasks_trace]
(root,0,0,00:00:05/3-12:11:52,13) [ksoftirqd/0]
(root,0,0,00:09:09/3-12:11:52,14) [rcu_preempt]
(root,0,0,00:00:01/3-12:11:52,15) [migration/0]
(root,0,0,00:00:00/3-12:11:52,16) [idle_inject/0]
(root,0,0,00:00:00/3-12:11:52,18) [cpuhp/0]
(root,0,0,00:00:00/3-12:11:52,19) [cpuhp/1]
(root,0,0,00:00:00/3-12:11:52,20) [idle_inject/1]
(root,0,0,00:00:01/3-12:11:52,21) [migration/1]
(root,0,0,00:00:04/3-12:11:52,22) [ksoftirqd/1]
(root,0,0,00:00:00/3-12:11:52,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/3-12:11:52,25) [cpuhp/2]
(root,0,0,00:00:00/3-12:11:52,26) [idle_inject/2]
(root,0,0,00:00:01/3-12:11:52,27) [migration/2]
(root,0,0,00:07:39/3-12:11:52,28) [ksoftirqd/2]
(root,0,0,00:00:00/3-12:11:52,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/3-12:11:52,31) [cpuhp/3]
(root,0,0,00:00:00/3-12:11:52,32) [idle_inject/3]
(root,0,0,00:00:01/3-12:11:52,33) [migration/3]
(root,0,0,00:00:19/3-12:11:52,34) [ksoftirqd/3]
(root,0,0,00:00:00/3-12:11:52,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/3-12:11:52,39) [kdevtmpfs]
(root,0,0,00:00:00/3-12:11:52,40) [netns]
(root,0,0,00:00:00/3-12:11:52,41) [inet_frag_wq]
(root,0,0,00:00:01/3-12:11:52,42) [kauditd]
(root,0,0,00:00:00/3-12:11:52,43) [khungtaskd]
(root,0,0,00:00:00/3-12:11:52,44) [oom_reaper]
(root,0,0,00:00:00/3-12:11:52,45) [writeback]
(root,0,0,00:00:09/3-12:11:52,46) [kcompactd0]
(root,0,0,00:00:00/3-12:11:52,47) [ksmd]
(root,0,0,00:00:10/3-12:11:52,48) [khugepaged]
(root,0,0,00:00:00/3-12:11:52,74) [kintegrityd]
(root,0,0,00:00:00/3-12:11:52,75) [kblockd]
(root,0,0,00:00:00/3-12:11:52,76) [blkcg_punt_bio]
(root,0,0,00:00:00/3-12:11:52,78) [tpm_dev_wq]
(root,0,0,00:00:00/3-12:11:52,79) [edac-poller]
(root,0,0,00:00:00/3-12:11:52,80) [devfreq_wq]
(root,0,0,00:00:00/3-12:11:52,110) [watchdogd]
(root,0,0,00:00:00/3-12:11:52,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/3-12:11:52,112) [kswapd0]
(root,0,0,00:00:00/3-12:11:51,114) [kthrotld]
(root,0,0,00:00:00/3-12:11:51,115) [mld]
(root,0,0,00:00:00/3-12:11:51,116) [ipv6_addrconf]
(root,0,0,00:00:01/3-12:11:51,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/3-12:11:51,122) [kstrp]
(root,0,0,00:00:00/3-12:11:51,123) [zswap-shrink]
(root,0,0,00:00:00/3-12:11:51,124) [kworker/u9:0]
(root,0,0,00:00:00/3-12:11:51,129) [charger_manager]
(root,0,0,00:00:00/3-12:11:50,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/3-12:11:50,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/3-12:11:50,205) [kaluad]
(root,0,0,00:00:00/3-12:11:50,250) [kmpath_rdacd]
(root,0,0,00:00:00/3-12:11:50,293) [kmpathd]
(root,0,0,00:00:00/3-12:11:50,294) [kmpath_handlerd]
(root,0,0,00:00:00/3-12:11:50,342) [ata_sff]
(root,0,0,00:00:00/3-12:11:49,343) [scsi_eh_0]
(root,0,0,00:00:00/3-12:11:49,344) [scsi_tmf_0]
(root,0,0,00:00:00/3-12:11:49,345) [scsi_eh_1]
(root,0,0,00:00:00/3-12:11:49,346) [scsi_tmf_1]
(root,0,0,00:00:05/3-12:11:47,366) [jbd2/vda1-8]
(root,0,0,00:00:00/3-12:11:47,367) [ext4-rsv-conver]
(root,38604,7544,00:00:06/3-12:11:35,440) /usr/lib/systemd/systemd-journald
(root,53164,9776,00:00:00/3-12:11:34,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:05/3-12:11:32,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:02/3-12:10:58,512) /sbin/auditd
(messagebus,22936,5824,00:00:14/3-12:10:58,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8536,00:00:07/3-12:10:58,531) /usr/lib/systemd/systemd-logind
(root,20556,6104,00:00:00/3-12:10:58,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,17312,00:00:03/3-12:10:57,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,17960,00:00:00/3-12:10:57,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547336,24748,00:00:04/3-12:10:43,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26748,00:00:00/3-12:10:43,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4568,00:00:14/3-12:10:42,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1756,00:00:00/3-12:10:42,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/3-12:10:42,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/3-12:10:42,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/3-12:10:42,1201) /usr/lib/systemd/systemd --user
(root,448724,8116,00:00:07/3-12:10:42,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6484,00:00:27/3-12:10:42,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/3-12:10:42,1206) bpfilter_umh
(root,26204,8340,00:00:02/3-12:10:42,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4384,00:00:00/3-12:10:42,1215) ntpd: asynchronous dns resolver
(spot,274700,163272,04:04:46/3-12:10:42,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/3-12:10:41,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/3-12:10:41,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/3-12:10:41,1245) (sd-pam)
(root,24216,5348,00:00:01/3-12:10:40,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:00/3-12:10:40,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:00/3-12:10:39,1354) /usr/sbin/cron -n
(root,689544,71904,00:04:29/3-12:10:33,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,207296,41140,00:01:08/3-12:10:19,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/43:14,3235) [kworker/2:0-events]
(root,0,0,00:00:00/53:17,4422) [kworker/1:2-events]
(root,35308,10024,00:00:00/1-14:03:28,4679) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5592,00:00:05/1-14:03:28,4681) sshd: syslogtunnel
(root,35308,10044,00:00:00/1-14:03:13,4686) sshd: cm-ssh [priv]
(cm-ssh,35308,5396,00:00:04/1-14:03:13,4688) sshd: cm-ssh
(root,0,0,00:00:00/17:21,7443) [kworker/3:1-events]
(root,0,0,00:00:00/08:53,13813) [kworker/3:2-events]
(root,0,0,00:00:00/08:30,16604) [kworker/u8:0-writeback]
(root,0,0,00:00:00/00:02,18508) [kworker/1:0]
(root,6656,3488,00:00:00/00:00,18587) /bin/bash /usr/bin/check_mk_agent
(root,6656,1824,00:00:00/00:00,18628) /bin/bash /usr/bin/check_mk_agent
(root,6656,2016,00:00:00/00:00,18629) /bin/bash /usr/bin/check_mk_agent
(root,4480,1188,00:00:00/00:00,18630) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,784,00:00:00/00:00,18631) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2680,708,00:00:00/00:00,18632) cat /proc/net/tcp /proc/net/tcp6
(root,6656,3488,00:00:00/00:00,18633) /bin/bash /usr/bin/check_mk_agent
(root,13744,3500,00:00:00/00:00,18651) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,18652) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/21:35,25690) [kworker/2:2-cgroup_destroy]
(root,0,0,00:00:00/56:02,26476) [kworker/0:2-events]
(postfix,24244,8288,00:00:00/48:11,29806) pickup -l -t fifo -u
(root,0,0,00:00:00/05:14,30011) [kworker/1:1-ata_sff]
(root,0,0,00:00:00/02:18:29,30146) [kworker/u8:2]
(root,0,0,00:00:00/47:32,30247) [kworker/0:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-15 22:34

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363feb6a087

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12668,00:00:07/1-11:42:27,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/1-11:42:27,2) [kthreadd]
(root,0,0,00:00:00/1-11:42:27,3) [rcu_gp]
(root,0,0,00:00:00/1-11:42:27,4) [rcu_par_gp]
(root,0,0,00:00:00/1-11:42:27,5) [slub_flushwq]
(root,0,0,00:00:00/1-11:42:27,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/1-11:42:27,9) [mm_percpu_wq]
(root,0,0,00:00:00/1-11:42:27,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/1-11:42:27,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/1-11:42:27,12) [rcu_tasks_trace]
(root,0,0,00:00:02/1-11:42:27,13) [ksoftirqd/0]
(root,0,0,00:03:49/1-11:42:27,14) [rcu_preempt]
(root,0,0,00:00:00/1-11:42:27,15) [migration/0]
(root,0,0,00:00:00/1-11:42:27,16) [idle_inject/0]
(root,0,0,00:00:00/1-11:42:27,18) [cpuhp/0]
(root,0,0,00:00:00/1-11:42:27,19) [cpuhp/1]
(root,0,0,00:00:00/1-11:42:27,20) [idle_inject/1]
(root,0,0,00:00:00/1-11:42:27,21) [migration/1]
(root,0,0,00:00:01/1-11:42:27,22) [ksoftirqd/1]
(root,0,0,00:00:00/1-11:42:27,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/1-11:42:27,25) [cpuhp/2]
(root,0,0,00:00:00/1-11:42:27,26) [idle_inject/2]
(root,0,0,00:00:00/1-11:42:27,27) [migration/2]
(root,0,0,00:03:04/1-11:42:27,28) [ksoftirqd/2]
(root,0,0,00:00:00/1-11:42:27,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/1-11:42:27,31) [cpuhp/3]
(root,0,0,00:00:00/1-11:42:27,32) [idle_inject/3]
(root,0,0,00:00:00/1-11:42:27,33) [migration/3]
(root,0,0,00:00:07/1-11:42:27,34) [ksoftirqd/3]
(root,0,0,00:00:00/1-11:42:27,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/1-11:42:27,39) [kdevtmpfs]
(root,0,0,00:00:00/1-11:42:27,40) [netns]
(root,0,0,00:00:00/1-11:42:27,41) [inet_frag_wq]
(root,0,0,00:00:00/1-11:42:27,42) [kauditd]
(root,0,0,00:00:00/1-11:42:27,43) [khungtaskd]
(root,0,0,00:00:00/1-11:42:27,44) [oom_reaper]
(root,0,0,00:00:00/1-11:42:27,45) [writeback]
(root,0,0,00:00:03/1-11:42:27,46) [kcompactd0]
(root,0,0,00:00:00/1-11:42:27,47) [ksmd]
(root,0,0,00:00:04/1-11:42:27,48) [khugepaged]
(root,0,0,00:00:00/1-11:42:27,74) [kintegrityd]
(root,0,0,00:00:00/1-11:42:27,75) [kblockd]
(root,0,0,00:00:00/1-11:42:27,76) [blkcg_punt_bio]
(root,0,0,00:00:00/1-11:42:27,78) [tpm_dev_wq]
(root,0,0,00:00:00/1-11:42:27,79) [edac-poller]
(root,0,0,00:00:00/1-11:42:27,80) [devfreq_wq]
(root,0,0,00:00:00/1-11:42:27,110) [watchdogd]
(root,0,0,00:00:00/1-11:42:27,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/1-11:42:27,112) [kswapd0]
(root,0,0,00:00:00/1-11:42:26,114) [kthrotld]
(root,0,0,00:00:00/1-11:42:26,115) [mld]
(root,0,0,00:00:00/1-11:42:26,116) [ipv6_addrconf]
(root,0,0,00:00:00/1-11:42:26,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/1-11:42:26,122) [kstrp]
(root,0,0,00:00:00/1-11:42:26,123) [zswap-shrink]
(root,0,0,00:00:00/1-11:42:26,124) [kworker/u9:0]
(root,0,0,00:00:00/1-11:42:26,129) [charger_manager]
(root,0,0,00:00:00/1-11:42:25,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/1-11:42:25,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/1-11:42:25,205) [kaluad]
(root,0,0,00:00:00/1-11:42:25,250) [kmpath_rdacd]
(root,0,0,00:00:00/1-11:42:25,293) [kmpathd]
(root,0,0,00:00:00/1-11:42:25,294) [kmpath_handlerd]
(root,0,0,00:00:00/1-11:42:25,342) [ata_sff]
(root,0,0,00:00:00/1-11:42:24,343) [scsi_eh_0]
(root,0,0,00:00:00/1-11:42:24,344) [scsi_tmf_0]
(root,0,0,00:00:00/1-11:42:24,345) [scsi_eh_1]
(root,0,0,00:00:00/1-11:42:24,346) [scsi_tmf_1]
(root,0,0,00:00:02/1-11:42:22,366) [jbd2/vda1-8]
(root,0,0,00:00:00/1-11:42:22,367) [ext4-rsv-conver]
(root,38604,7544,00:00:03/1-11:42:10,440) /usr/lib/systemd/systemd-journald
(root,53164,9776,00:00:00/1-11:42:09,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:02/1-11:42:07,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:01/1-11:41:33,512) /sbin/auditd
(messagebus,22936,5824,00:00:06/1-11:41:33,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8504,00:00:03/1-11:41:33,531) /usr/lib/systemd/systemd-logind
(root,20556,6104,00:00:00/1-11:41:33,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,17312,00:00:03/1-11:41:32,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,17960,00:00:00/1-11:41:32,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547336,24220,00:00:01/1-11:41:18,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26748,00:00:00/1-11:41:18,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4568,00:00:05/1-11:41:17,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1756,00:00:00/1-11:41:17,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/1-11:41:17,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/1-11:41:17,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/1-11:41:17,1201) /usr/lib/systemd/systemd --user
(root,448724,7840,00:00:03/1-11:41:17,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6484,00:00:11/1-11:41:17,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/1-11:41:17,1206) bpfilter_umh
(root,26204,8340,00:00:01/1-11:41:17,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4384,00:00:00/1-11:41:17,1215) ntpd: asynchronous dns resolver
(spot,198852,161648,01:40:35/1-11:41:17,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/1-11:41:16,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/1-11:41:16,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/1-11:41:16,1245) (sd-pam)
(root,24216,5348,00:00:00/1-11:41:15,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:00/1-11:41:15,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:00/1-11:41:14,1354) /usr/sbin/cron -n
(root,35308,9992,00:00:00/1-11:41:10,1368) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5400,00:00:05/1-11:41:10,1371) sshd: syslogtunnel
(root,689288,71280,00:01:55/1-11:41:08,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,206272,40780,00:00:30/1-11:40:54,1380) /usr/bin/python3.11 /usr/bin/spot
(root,35308,9976,00:00:00/1-11:40:35,1434) sshd: cm-ssh [priv]
(cm-ssh,35308,5468,00:00:04/1-11:40:35,1436) sshd: cm-ssh
(root,0,0,00:00:00/21:34,1742) [kworker/0:0-events]
(root,0,0,00:00:03/06:06:52,3139) [kworker/1:0-events]
(root,0,0,00:00:01/03:30:46,3220) [kworker/3:2-events]
(postfix,24244,8272,00:00:00/40:43,11816) pickup -l -t fifo -u
(root,0,0,00:00:01/01:20:02,13438) [kworker/2:0-events]
(root,6656,3484,00:00:00/00:00,14145) /bin/bash /usr/bin/check_mk_agent
(root,13744,3448,00:00:00/00:00,14163) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,968,00:00:00/00:00,14164) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/09:42,21617) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/28:09,22827) [kworker/0:2-events]
(root,0,0,00:00:00/07:56,22974) [kworker/2:2-events]
(root,0,0,00:00:00/02:34:09,23925) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:00/28:04,24085) [kworker/u8:1-writeback]
(root,0,0,00:00:00/03:37:34,24173) [kworker/3:0-events]
(root,0,0,00:00:00/04:31,32104) [kworker/1:1-ata_sff]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-13 22:04

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683635a51aa56

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12368,00:03:06/62-12:20:44,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/62-12:20:44,2) [kthreadd]
(root,0,0,00:00:00/62-12:20:44,3) [rcu_gp]
(root,0,0,00:00:00/62-12:20:44,4) [rcu_par_gp]
(root,0,0,00:00:00/62-12:20:44,5) [slub_flushwq]
(root,0,0,00:00:00/62-12:20:44,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/62-12:20:44,9) [mm_percpu_wq]
(root,0,0,00:00:00/62-12:20:44,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/62-12:20:44,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/62-12:20:44,12) [rcu_tasks_trace]
(root,0,0,00:01:52/62-12:20:44,13) [ksoftirqd/0]
(root,0,0,02:54:00/62-12:20:44,14) [rcu_preempt]
(root,0,0,00:00:23/62-12:20:44,15) [migration/0]
(root,0,0,00:00:00/62-12:20:44,16) [idle_inject/0]
(root,0,0,00:00:00/62-12:20:44,18) [cpuhp/0]
(root,0,0,00:00:00/62-12:20:44,19) [cpuhp/1]
(root,0,0,00:00:00/62-12:20:44,20) [idle_inject/1]
(root,0,0,00:00:23/62-12:20:44,21) [migration/1]
(root,0,0,00:01:32/62-12:20:44,22) [ksoftirqd/1]
(root,0,0,00:00:00/62-12:20:44,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/62-12:20:44,25) [cpuhp/2]
(root,0,0,00:00:00/62-12:20:44,26) [idle_inject/2]
(root,0,0,00:00:17/62-12:20:44,27) [migration/2]
(root,0,0,01:53:21/62-12:20:44,28) [ksoftirqd/2]
(root,0,0,00:00:00/62-12:20:44,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/62-12:20:44,31) [cpuhp/3]
(root,0,0,00:00:00/62-12:20:44,32) [idle_inject/3]
(root,0,0,00:00:22/62-12:20:44,33) [migration/3]
(root,0,0,00:05:42/62-12:20:44,34) [ksoftirqd/3]
(root,0,0,00:00:00/62-12:20:44,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/62-12:20:44,40) [kdevtmpfs]
(root,0,0,00:00:00/62-12:20:44,41) [netns]
(root,0,0,00:00:00/62-12:20:44,42) [inet_frag_wq]
(root,0,0,00:00:22/62-12:20:44,43) [kauditd]
(root,0,0,00:00:00/62-12:20:44,44) [khungtaskd]
(root,0,0,00:00:00/62-12:20:44,45) [oom_reaper]
(root,0,0,00:00:00/62-12:20:44,46) [writeback]
(root,0,0,00:03:10/62-12:20:44,47) [kcompactd0]
(root,0,0,00:00:00/62-12:20:44,48) [ksmd]
(root,0,0,00:03:27/62-12:20:44,49) [khugepaged]
(root,0,0,00:00:00/62-12:20:44,75) [kintegrityd]
(root,0,0,00:00:00/62-12:20:44,76) [kblockd]
(root,0,0,00:00:00/62-12:20:44,77) [blkcg_punt_bio]
(root,0,0,00:00:00/62-12:20:44,79) [tpm_dev_wq]
(root,0,0,00:00:00/62-12:20:44,80) [edac-poller]
(root,0,0,00:00:00/62-12:20:44,81) [devfreq_wq]
(root,0,0,00:00:00/62-12:20:44,110) [watchdogd]
(root,0,0,00:00:05/62-12:20:44,111) [kswapd0]
(root,0,0,00:00:15/62-12:20:44,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/62-12:20:42,115) [kthrotld]
(root,0,0,00:00:00/62-12:20:42,116) [mld]
(root,0,0,00:00:00/62-12:20:42,117) [ipv6_addrconf]
(root,0,0,00:00:16/62-12:20:42,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/62-12:20:42,123) [kstrp]
(root,0,0,00:00:00/62-12:20:42,124) [zswap-shrink]
(root,0,0,00:00:00/62-12:20:42,125) [kworker/u9:0]
(root,0,0,00:00:00/62-12:20:42,130) [charger_manager]
(root,0,0,00:00:18/62-12:20:42,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:27/62-12:20:42,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/62-12:20:41,239) [kaluad]
(root,0,0,00:00:00/62-12:20:41,258) [kmpath_rdacd]
(root,0,0,00:00:00/62-12:20:41,304) [kmpathd]
(root,0,0,00:00:00/62-12:20:41,305) [kmpath_handlerd]
(root,0,0,00:00:00/62-12:20:40,342) [ata_sff]
(root,0,0,00:00:00/62-12:20:40,343) [scsi_eh_0]
(root,0,0,00:00:00/62-12:20:40,344) [scsi_tmf_0]
(root,0,0,00:00:00/62-12:20:40,345) [scsi_eh_1]
(root,0,0,00:00:00/62-12:20:40,346) [scsi_tmf_1]
(root,0,0,00:01:59/62-12:20:37,366) [jbd2/vda1-8]
(root,0,0,00:00:00/62-12:20:37,367) [ext4-rsv-conver]
(root,38604,7852,00:01:47/62-12:20:25,440) /usr/lib/systemd/systemd-journald
(root,53296,9324,00:00:07/62-12:20:24,454) /usr/lib/systemd/systemd-udevd
(root,8624,6128,00:01:36/62-12:20:22,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1584,00:00:39/62-12:19:51,511) /sbin/auditd
(messagebus,22932,5400,00:03:34/62-12:19:50,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38880,8288,00:02:01/62-12:19:50,530) /usr/lib/systemd/systemd-logind
(root,20556,4152,00:00:00/62-12:19:50,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15472,00:00:03/62-12:19:48,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,15904,00:00:00/62-12:19:48,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,0,0,00:00:00/58:53,1067) [kworker/u8:0-writeback]
(root,549384,31628,00:01:13/62-12:19:34,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25404,00:00:00/62-12:19:34,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:06:03/62-12:19:34,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/62-12:19:34,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/62-12:19:34,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/62-12:19:34,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/62-12:19:34,1343) /usr/lib/systemd/systemd --user
(root,449060,7988,00:01:55/62-12:19:34,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5712,00:08:52/62-12:19:34,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/62-12:19:34,1352) bpfilter_umh
(root,26204,8096,00:00:33/62-12:19:34,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3940,00:00:00/62-12:19:34,1359) ntpd: asynchronous dns resolver
(spot,362592,213540,3-11:01:06/62-12:19:33,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/62-12:19:33,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/62-12:19:33,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/62-12:19:33,1373) (sd-pam)
(root,24216,5256,00:00:22/62-12:19:31,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:04/62-12:19:31,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:08/62-12:19:31,1485) /usr/sbin/cron -n
(root,699464,80276,01:26:21/62-12:19:25,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,236992,82960,00:31:53/62-12:19:13,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9104,00:00:02/56-17:54:48,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/17:59,3845) [kworker/2:0-cgroup_destroy]
(root,0,0,00:00:00/02:39,5552) [kworker/2:1]
(root,35304,10040,00:00:00/24-12:47:43,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:01:32/24-12:47:42,10514) sshd: syslogtunnel
(postfix,24244,8240,00:00:00/01:10:20,10568) pickup -l -t fifo -u
(root,0,0,00:00:00/08:46,12427) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:00/00:40,13254) [kworker/3:1-ata_sff]
(root,6656,3488,00:00:00/00:00,15258) /bin/bash /usr/bin/check_mk_agent
(root,13744,3460,00:00:00/00:00,15276) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,956,00:00:00/00:00,15277) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/15:34,15942) [kworker/0:2-cgroup_destroy]
(root,0,0,00:00:00/01:16:33,17828) [kworker/0:0-events]
(root,0,0,00:00:00/30:19,17955) [kworker/1:1-events]
(root,0,0,00:00:01/01:21:22,19079) [kworker/2:2-events]
(root,0,0,00:00:00/05:51,23548) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/52:33,30091) [kworker/3:0-events_freezable_power_]
(root,35308,10028,00:00:00/24-13:33:56,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:01:21/24-13:33:55,30947) sshd: cm-ssh
(root,0,0,00:00:00/52:17,32761) [kworker/1:2-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-11 23:09

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363bdb2bdb7

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12392,00:02:58/60-11:59:14,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/60-11:59:14,2) [kthreadd]
(root,0,0,00:00:00/60-11:59:14,3) [rcu_gp]
(root,0,0,00:00:00/60-11:59:14,4) [rcu_par_gp]
(root,0,0,00:00:00/60-11:59:14,5) [slub_flushwq]
(root,0,0,00:00:00/60-11:59:14,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/60-11:59:14,9) [mm_percpu_wq]
(root,0,0,00:00:00/60-11:59:14,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/60-11:59:14,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/60-11:59:14,12) [rcu_tasks_trace]
(root,0,0,00:01:48/60-11:59:14,13) [ksoftirqd/0]
(root,0,0,02:48:52/60-11:59:14,14) [rcu_preempt]
(root,0,0,00:00:23/60-11:59:14,15) [migration/0]
(root,0,0,00:00:00/60-11:59:14,16) [idle_inject/0]
(root,0,0,00:00:00/60-11:59:14,18) [cpuhp/0]
(root,0,0,00:00:00/60-11:59:14,19) [cpuhp/1]
(root,0,0,00:00:00/60-11:59:14,20) [idle_inject/1]
(root,0,0,00:00:23/60-11:59:14,21) [migration/1]
(root,0,0,00:01:29/60-11:59:14,22) [ksoftirqd/1]
(root,0,0,00:00:00/60-11:59:14,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/60-11:59:14,25) [cpuhp/2]
(root,0,0,00:00:00/60-11:59:14,26) [idle_inject/2]
(root,0,0,00:00:17/60-11:59:14,27) [migration/2]
(root,0,0,01:49:24/60-11:59:14,28) [ksoftirqd/2]
(root,0,0,00:00:00/60-11:59:14,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/60-11:59:14,31) [cpuhp/3]
(root,0,0,00:00:00/60-11:59:14,32) [idle_inject/3]
(root,0,0,00:00:21/60-11:59:14,33) [migration/3]
(root,0,0,00:05:32/60-11:59:14,34) [ksoftirqd/3]
(root,0,0,00:00:00/60-11:59:14,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/60-11:59:14,40) [kdevtmpfs]
(root,0,0,00:00:00/60-11:59:14,41) [netns]
(root,0,0,00:00:00/60-11:59:14,42) [inet_frag_wq]
(root,0,0,00:00:21/60-11:59:14,43) [kauditd]
(root,0,0,00:00:00/60-11:59:14,44) [khungtaskd]
(root,0,0,00:00:00/60-11:59:14,45) [oom_reaper]
(root,0,0,00:00:00/60-11:59:14,46) [writeback]
(root,0,0,00:03:04/60-11:59:14,47) [kcompactd0]
(root,0,0,00:00:00/60-11:59:14,48) [ksmd]
(root,0,0,00:03:20/60-11:59:14,49) [khugepaged]
(root,0,0,00:00:00/60-11:59:14,75) [kintegrityd]
(root,0,0,00:00:00/60-11:59:14,76) [kblockd]
(root,0,0,00:00:00/60-11:59:14,77) [blkcg_punt_bio]
(root,0,0,00:00:00/60-11:59:14,79) [tpm_dev_wq]
(root,0,0,00:00:00/60-11:59:14,80) [edac-poller]
(root,0,0,00:00:00/60-11:59:14,81) [devfreq_wq]
(root,0,0,00:00:00/60-11:59:14,110) [watchdogd]
(root,0,0,00:00:04/60-11:59:14,111) [kswapd0]
(root,0,0,00:00:15/60-11:59:14,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/60-11:59:12,115) [kthrotld]
(root,0,0,00:00:00/60-11:59:12,116) [mld]
(root,0,0,00:00:00/60-11:59:12,117) [ipv6_addrconf]
(root,0,0,00:00:16/60-11:59:12,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/60-11:59:12,123) [kstrp]
(root,0,0,00:00:00/60-11:59:12,124) [zswap-shrink]
(root,0,0,00:00:00/60-11:59:12,125) [kworker/u9:0]
(root,0,0,00:00:00/60-11:59:12,130) [charger_manager]
(root,0,0,00:00:18/60-11:59:12,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:26/60-11:59:12,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/60-11:59:11,239) [kaluad]
(root,0,0,00:00:00/60-11:59:11,258) [kmpath_rdacd]
(root,0,0,00:00:00/60-11:59:11,304) [kmpathd]
(root,0,0,00:00:00/60-11:59:11,305) [kmpath_handlerd]
(root,0,0,00:00:00/60-11:59:10,342) [ata_sff]
(root,0,0,00:00:00/60-11:59:10,343) [scsi_eh_0]
(root,0,0,00:00:00/60-11:59:10,344) [scsi_tmf_0]
(root,0,0,00:00:00/60-11:59:10,345) [scsi_eh_1]
(root,0,0,00:00:00/60-11:59:10,346) [scsi_tmf_1]
(root,0,0,00:01:56/60-11:59:07,366) [jbd2/vda1-8]
(root,0,0,00:00:00/60-11:59:07,367) [ext4-rsv-conver]
(root,38604,7852,00:01:43/60-11:58:55,440) /usr/lib/systemd/systemd-journald
(root,53296,9420,00:00:06/60-11:58:54,454) /usr/lib/systemd/systemd-udevd
(root,8624,6128,00:01:33/60-11:58:52,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:37/60-11:58:21,511) /sbin/auditd
(messagebus,22932,5400,00:03:23/60-11:58:20,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8256,00:01:55/60-11:58:20,530) /usr/lib/systemd/systemd-logind
(root,20556,4468,00:00:00/60-11:58:20,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15800,00:00:03/60-11:58:18,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16232,00:00:00/60-11:58:18,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,549384,31636,00:01:11/60-11:58:04,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25404,00:00:00/60-11:58:04,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:05:52/60-11:58:04,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/60-11:58:04,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/60-11:58:04,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/60-11:58:04,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/60-11:58:04,1343) /usr/lib/systemd/systemd --user
(root,449060,8208,00:01:51/60-11:58:04,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5712,00:08:36/60-11:58:04,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/60-11:58:04,1352) bpfilter_umh
(root,26204,8096,00:00:31/60-11:58:04,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3940,00:00:00/60-11:58:04,1359) ntpd: asynchronous dns resolver
(spot,362128,213440,3-08:22:32/60-11:58:03,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/60-11:58:03,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/60-11:58:03,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/60-11:58:03,1373) (sd-pam)
(root,24216,5260,00:00:21/60-11:58:01,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:04/60-11:58:01,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:08/60-11:58:01,1485) /usr/sbin/cron -n
(root,699208,80092,01:23:38/60-11:57:55,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,235968,82036,00:31:03/60-11:57:43,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9136,00:00:02/54-17:33:18,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/02:23:51,4301) [kworker/u8:0-ext4-rsv-conversion]
(root,0,0,00:00:00/11:40,7246) [kworker/1:0-events]
(root,35304,10040,00:00:00/22-12:26:13,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:01:24/22-12:26:12,10514) sshd: syslogtunnel
(root,0,0,00:00:00/17:54,12806) [kworker/u8:1-writeback]
(root,0,0,00:00:00/35:25,16122) [kworker/0:0-cgroup_destroy]
(postfix,24244,8276,00:00:00/01:09:51,18926) pickup -l -t fifo -u
(root,0,0,00:00:00/00:29,19277) [kworker/3:0-events]
(root,6656,3476,00:00:00/00:00,21371) /bin/bash /usr/bin/check_mk_agent
(root,13744,3488,00:00:00/00:00,21389) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,952,00:00:00/00:00,21390) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/33:03,25987) [kworker/1:1-events]
(root,0,0,00:00:00/01:07:57,28209) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/47:18,29474) [kworker/0:2-events]
(root,35308,10028,00:00:00/22-13:12:26,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:01:15/22-13:12:25,30947) sshd: cm-ssh
(root,0,0,00:00:00/21:12,32105) [kworker/2:1-events]
(root,0,0,00:00:00/05:41,32261) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/01:13:19,32443) [kworker/2:0-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-09 22:47

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ef2c59be

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,14416,00:02:49/58-12:29:27,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/58-12:29:27,2) [kthreadd]
(root,0,0,00:00:00/58-12:29:27,3) [rcu_gp]
(root,0,0,00:00:00/58-12:29:27,4) [rcu_par_gp]
(root,0,0,00:00:00/58-12:29:27,5) [slub_flushwq]
(root,0,0,00:00:00/58-12:29:27,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/58-12:29:27,9) [mm_percpu_wq]
(root,0,0,00:00:00/58-12:29:27,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/58-12:29:27,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/58-12:29:27,12) [rcu_tasks_trace]
(root,0,0,00:01:44/58-12:29:27,13) [ksoftirqd/0]
(root,0,0,02:43:43/58-12:29:27,14) [rcu_preempt]
(root,0,0,00:00:22/58-12:29:27,15) [migration/0]
(root,0,0,00:00:00/58-12:29:27,16) [idle_inject/0]
(root,0,0,00:00:00/58-12:29:27,18) [cpuhp/0]
(root,0,0,00:00:00/58-12:29:27,19) [cpuhp/1]
(root,0,0,00:00:00/58-12:29:27,20) [idle_inject/1]
(root,0,0,00:00:22/58-12:29:27,21) [migration/1]
(root,0,0,00:01:26/58-12:29:27,22) [ksoftirqd/1]
(root,0,0,00:00:00/58-12:29:27,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/58-12:29:27,25) [cpuhp/2]
(root,0,0,00:00:00/58-12:29:27,26) [idle_inject/2]
(root,0,0,00:00:16/58-12:29:27,27) [migration/2]
(root,0,0,01:44:32/58-12:29:27,28) [ksoftirqd/2]
(root,0,0,00:00:00/58-12:29:27,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/58-12:29:27,31) [cpuhp/3]
(root,0,0,00:00:00/58-12:29:27,32) [idle_inject/3]
(root,0,0,00:00:20/58-12:29:27,33) [migration/3]
(root,0,0,00:05:20/58-12:29:27,34) [ksoftirqd/3]
(root,0,0,00:00:00/58-12:29:27,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/58-12:29:27,40) [kdevtmpfs]
(root,0,0,00:00:00/58-12:29:27,41) [netns]
(root,0,0,00:00:00/58-12:29:27,42) [inet_frag_wq]
(root,0,0,00:00:20/58-12:29:27,43) [kauditd]
(root,0,0,00:00:00/58-12:29:27,44) [khungtaskd]
(root,0,0,00:00:00/58-12:29:27,45) [oom_reaper]
(root,0,0,00:00:00/58-12:29:27,46) [writeback]
(root,0,0,00:02:59/58-12:29:27,47) [kcompactd0]
(root,0,0,00:00:00/58-12:29:27,48) [ksmd]
(root,0,0,00:03:14/58-12:29:27,49) [khugepaged]
(root,0,0,00:00:00/58-12:29:27,75) [kintegrityd]
(root,0,0,00:00:00/58-12:29:27,76) [kblockd]
(root,0,0,00:00:00/58-12:29:27,77) [blkcg_punt_bio]
(root,0,0,00:00:00/58-12:29:27,79) [tpm_dev_wq]
(root,0,0,00:00:00/58-12:29:27,80) [edac-poller]
(root,0,0,00:00:00/58-12:29:27,81) [devfreq_wq]
(root,0,0,00:00:00/58-12:29:27,110) [watchdogd]
(root,0,0,00:00:04/58-12:29:27,111) [kswapd0]
(root,0,0,00:00:15/58-12:29:27,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/58-12:29:25,115) [kthrotld]
(root,0,0,00:00:00/58-12:29:25,116) [mld]
(root,0,0,00:00:00/58-12:29:25,117) [ipv6_addrconf]
(root,0,0,00:00:16/58-12:29:25,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/58-12:29:25,123) [kstrp]
(root,0,0,00:00:00/58-12:29:25,124) [zswap-shrink]
(root,0,0,00:00:00/58-12:29:25,125) [kworker/u9:0]
(root,0,0,00:00:00/58-12:29:25,130) [charger_manager]
(root,0,0,00:00:17/58-12:29:25,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:25/58-12:29:25,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/58-12:29:24,239) [kaluad]
(root,0,0,00:00:00/58-12:29:24,258) [kmpath_rdacd]
(root,0,0,00:00:00/58-12:29:24,304) [kmpathd]
(root,0,0,00:00:00/58-12:29:24,305) [kmpath_handlerd]
(root,0,0,00:00:00/58-12:29:23,342) [ata_sff]
(root,0,0,00:00:00/58-12:29:23,343) [scsi_eh_0]
(root,0,0,00:00:00/58-12:29:23,344) [scsi_tmf_0]
(root,0,0,00:00:00/58-12:29:23,345) [scsi_eh_1]
(root,0,0,00:00:00/58-12:29:23,346) [scsi_tmf_1]
(root,0,0,00:01:52/58-12:29:20,366) [jbd2/vda1-8]
(root,0,0,00:00:00/58-12:29:20,367) [ext4-rsv-conver]
(root,38604,7852,00:01:38/58-12:29:08,440) /usr/lib/systemd/systemd-journald
(root,53296,9420,00:00:06/58-12:29:07,454) /usr/lib/systemd/systemd-udevd
(root,8624,6128,00:01:30/58-12:29:05,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:35/58-12:28:34,511) /sbin/auditd
(messagebus,22932,5400,00:03:12/58-12:28:33,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8256,00:01:48/58-12:28:33,530) /usr/lib/systemd/systemd-logind
(root,20556,4468,00:00:00/58-12:28:33,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15800,00:00:03/58-12:28:31,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16232,00:00:00/58-12:28:31,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,0,0,00:00:00/10:48,788) [kworker/3:0-events]
(root,549128,31272,00:01:09/58-12:28:17,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25404,00:00:00/58-12:28:17,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:05:42/58-12:28:17,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/58-12:28:17,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/58-12:28:17,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/58-12:28:17,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/58-12:28:17,1343) /usr/lib/systemd/systemd --user
(root,449060,8312,00:01:47/58-12:28:17,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5712,00:08:20/58-12:28:17,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/58-12:28:17,1352) bpfilter_umh
(root,26204,8096,00:00:30/58-12:28:17,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3940,00:00:00/58-12:28:17,1359) ntpd: asynchronous dns resolver
(spot,363200,214448,3-05:19:09/58-12:28:16,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/58-12:28:16,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/58-12:28:16,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/58-12:28:16,1373) (sd-pam)
(root,24216,5260,00:00:20/58-12:28:14,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:04/58-12:28:14,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:08/58-12:28:14,1485) /usr/sbin/cron -n
(root,698952,79684,01:20:57/58-12:28:08,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,234944,80360,00:30:16/58-12:27:56,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9136,00:00:02/52-18:03:31,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/17:26,5373) [kworker/1:2-events]
(root,0,0,00:00:00/00:27,6218) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/17:02,6651) [kworker/u8:2-writeback]
(root,6656,3488,00:00:00/00:00,7450) /bin/bash /usr/bin/check_mk_agent
(root,13744,3520,00:00:00/00:00,7468) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,7469) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,35304,10040,00:00:00/20-12:56:26,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:01:16/20-12:56:25,10514) sshd: syslogtunnel
(root,0,0,00:00:00/31:27,14847) [kworker/2:0-events]
(root,0,0,00:00:00/01:52:03,16568) [kworker/2:2-events]
(root,0,0,00:00:00/05:37,17198) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/01:15:17,18323) [kworker/1:0-events]
(root,0,0,00:00:00/05:15,19316) [kworker/0:0-cgroup_destroy]
(postfix,24244,8272,00:00:00/21:50,20776) pickup -l -t fifo -u
(root,0,0,00:00:00/01:40:01,22600) [kworker/u8:0-writeback]
(root,0,0,00:00:00/01:31:25,26097) [kworker/0:2-events]
(root,35308,10028,00:00:00/20-13:42:39,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:01:09/20-13:42:38,30947) sshd: cm-ssh

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-07 23:18

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b691a602

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12392,00:02:39/56-11:04:57,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/56-11:04:57,2) [kthreadd]
(root,0,0,00:00:00/56-11:04:57,3) [rcu_gp]
(root,0,0,00:00:00/56-11:04:57,4) [rcu_par_gp]
(root,0,0,00:00:00/56-11:04:57,5) [slub_flushwq]
(root,0,0,00:00:00/56-11:04:57,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/56-11:04:57,9) [mm_percpu_wq]
(root,0,0,00:00:00/56-11:04:57,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/56-11:04:57,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/56-11:04:57,12) [rcu_tasks_trace]
(root,0,0,00:01:40/56-11:04:57,13) [ksoftirqd/0]
(root,0,0,02:38:14/56-11:04:57,14) [rcu_preempt]
(root,0,0,00:00:21/56-11:04:57,15) [migration/0]
(root,0,0,00:00:00/56-11:04:57,16) [idle_inject/0]
(root,0,0,00:00:00/56-11:04:57,18) [cpuhp/0]
(root,0,0,00:00:00/56-11:04:57,19) [cpuhp/1]
(root,0,0,00:00:00/56-11:04:57,20) [idle_inject/1]
(root,0,0,00:00:21/56-11:04:57,21) [migration/1]
(root,0,0,00:01:23/56-11:04:57,22) [ksoftirqd/1]
(root,0,0,00:00:00/56-11:04:57,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/56-11:04:57,25) [cpuhp/2]
(root,0,0,00:00:00/56-11:04:57,26) [idle_inject/2]
(root,0,0,00:00:16/56-11:04:57,27) [migration/2]
(root,0,0,01:40:02/56-11:04:57,28) [ksoftirqd/2]
(root,0,0,00:00:00/56-11:04:57,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/56-11:04:57,31) [cpuhp/3]
(root,0,0,00:00:00/56-11:04:57,32) [idle_inject/3]
(root,0,0,00:00:20/56-11:04:57,33) [migration/3]
(root,0,0,00:05:08/56-11:04:57,34) [ksoftirqd/3]
(root,0,0,00:00:00/56-11:04:57,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/56-11:04:57,40) [kdevtmpfs]
(root,0,0,00:00:00/56-11:04:57,41) [netns]
(root,0,0,00:00:00/56-11:04:57,42) [inet_frag_wq]
(root,0,0,00:00:19/56-11:04:57,43) [kauditd]
(root,0,0,00:00:00/56-11:04:57,44) [khungtaskd]
(root,0,0,00:00:00/56-11:04:57,45) [oom_reaper]
(root,0,0,00:00:00/56-11:04:57,46) [writeback]
(root,0,0,00:02:53/56-11:04:57,47) [kcompactd0]
(root,0,0,00:00:00/56-11:04:57,48) [ksmd]
(root,0,0,00:03:07/56-11:04:57,49) [khugepaged]
(root,0,0,00:00:00/56-11:04:57,75) [kintegrityd]
(root,0,0,00:00:00/56-11:04:57,76) [kblockd]
(root,0,0,00:00:00/56-11:04:57,77) [blkcg_punt_bio]
(root,0,0,00:00:00/56-11:04:57,79) [tpm_dev_wq]
(root,0,0,00:00:00/56-11:04:57,80) [edac-poller]
(root,0,0,00:00:00/56-11:04:57,81) [devfreq_wq]
(root,0,0,00:00:00/56-11:04:57,110) [watchdogd]
(root,0,0,00:00:04/56-11:04:57,111) [kswapd0]
(root,0,0,00:00:14/56-11:04:57,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/56-11:04:55,115) [kthrotld]
(root,0,0,00:00:00/56-11:04:55,116) [mld]
(root,0,0,00:00:00/56-11:04:55,117) [ipv6_addrconf]
(root,0,0,00:00:15/56-11:04:55,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/56-11:04:55,123) [kstrp]
(root,0,0,00:00:00/56-11:04:55,124) [zswap-shrink]
(root,0,0,00:00:00/56-11:04:55,125) [kworker/u9:0]
(root,0,0,00:00:00/56-11:04:55,130) [charger_manager]
(root,0,0,00:00:17/56-11:04:55,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:25/56-11:04:55,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/56-11:04:54,239) [kaluad]
(root,0,0,00:00:00/56-11:04:54,258) [kmpath_rdacd]
(root,0,0,00:00:00/56-11:04:54,304) [kmpathd]
(root,0,0,00:00:00/56-11:04:54,305) [kmpath_handlerd]
(root,0,0,00:00:00/56-11:04:53,342) [ata_sff]
(root,0,0,00:00:00/56-11:04:53,343) [scsi_eh_0]
(root,0,0,00:00:00/56-11:04:53,344) [scsi_tmf_0]
(root,0,0,00:00:00/56-11:04:53,345) [scsi_eh_1]
(root,0,0,00:00:00/56-11:04:53,346) [scsi_tmf_1]
(root,0,0,00:01:49/56-11:04:50,366) [jbd2/vda1-8]
(root,0,0,00:00:00/56-11:04:50,367) [ext4-rsv-conver]
(root,38604,7852,00:01:33/56-11:04:38,440) /usr/lib/systemd/systemd-journald
(root,53296,9420,00:00:06/56-11:04:37,454) /usr/lib/systemd/systemd-udevd
(root,8624,6128,00:01:27/56-11:04:35,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:32/56-11:04:04,511) /sbin/auditd
(messagebus,22932,5400,00:02:59/56-11:04:03,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8256,00:01:41/56-11:04:03,530) /usr/lib/systemd/systemd-logind
(root,20556,4468,00:00:00/56-11:04:03,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15800,00:00:03/56-11:04:01,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16232,00:00:00/56-11:04:01,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,549128,31272,00:01:06/56-11:03:47,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25404,00:00:00/56-11:03:47,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:05:32/56-11:03:47,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/56-11:03:47,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/56-11:03:47,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/56-11:03:47,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/56-11:03:47,1343) /usr/lib/systemd/systemd --user
(root,449060,8312,00:01:42/56-11:03:47,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5712,00:08:03/56-11:03:47,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/56-11:03:47,1352) bpfilter_umh
(root,26204,8096,00:00:28/56-11:03:47,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3940,00:00:00/56-11:03:47,1359) ntpd: asynchronous dns resolver
(spot,364928,215672,3-02:17:59/56-11:03:46,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/56-11:03:46,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/56-11:03:46,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/56-11:03:46,1373) (sd-pam)
(root,24216,5260,00:00:19/56-11:03:44,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:03/56-11:03:44,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:07/56-11:03:44,1485) /usr/sbin/cron -n
(root,698412,77180,01:18:05/56-11:03:38,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,6656,3484,00:00:00/00:00,1982) /bin/bash /usr/bin/check_mk_agent
(spot,233920,79172,00:29:27/56-11:03:26,1995) /usr/bin/python3.11 /usr/bin/spot
(root,13744,3512,00:00:00/00:00,2002) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,952,00:00:00/00:00,2003) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(postfix,44628,9136,00:00:02/50-16:39:01,2557) tlsmgr -l -t unix -u
(postfix,24244,8248,00:00:00/59:16,4682) pickup -l -t fifo -u
(root,0,0,00:00:00/57:25,4870) [kworker/2:0-cgroup_destroy]
(root,0,0,00:00:00/14:49,5175) [kworker/1:0-cgroup_destroy]
(root,0,0,00:00:00/53:23,5436) [kworker/1:1-events]
(root,0,0,00:00:00/08:48,9074) [kworker/0:2-events]
(root,35304,10040,00:00:00/18-11:31:56,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:01:08/18-11:31:55,10514) sshd: syslogtunnel
(root,0,0,00:00:00/07:10,12652) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/33:06,22652) [kworker/u8:2-writeback]
(root,0,0,00:00:00/02:00,25333) [kworker/3:0-ata_sff]
(root,0,0,00:00:01/02:22:04,26766) [kworker/3:2-events]
(root,0,0,00:00:00/01:58:16,29783) [kworker/2:1-events]
(root,0,0,00:00:00/01:51:57,30582) [kworker/u8:1-ext4-rsv-conversion]
(root,35308,10028,00:00:00/18-12:18:09,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:01:02/18-12:18:08,30947) sshd: cm-ssh
(root,0,0,00:00:00/01:43:39,31588) [kworker/0:1-events]
(root,0,0,00:00:00/00:29,32010) [kworker/2:2-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-05 21:53

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d67632f4

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12392,00:02:34/54-14:40:24,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/54-14:40:24,2) [kthreadd]
(root,0,0,00:00:00/54-14:40:24,3) [rcu_gp]
(root,0,0,00:00:00/54-14:40:24,4) [rcu_par_gp]
(root,0,0,00:00:00/54-14:40:24,5) [slub_flushwq]
(root,0,0,00:00:00/54-14:40:24,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/54-14:40:24,9) [mm_percpu_wq]
(root,0,0,00:00:00/54-14:40:24,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/54-14:40:24,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/54-14:40:24,12) [rcu_tasks_trace]
(root,0,0,00:01:37/54-14:40:24,13) [ksoftirqd/0]
(root,0,0,02:33:29/54-14:40:24,14) [rcu_preempt]
(root,0,0,00:00:21/54-14:40:24,15) [migration/0]
(root,0,0,00:00:00/54-14:40:24,16) [idle_inject/0]
(root,0,0,00:00:00/54-14:40:24,18) [cpuhp/0]
(root,0,0,00:00:00/54-14:40:24,19) [cpuhp/1]
(root,0,0,00:00:00/54-14:40:24,20) [idle_inject/1]
(root,0,0,00:00:21/54-14:40:24,21) [migration/1]
(root,0,0,00:01:20/54-14:40:24,22) [ksoftirqd/1]
(root,0,0,00:00:00/54-14:40:24,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/54-14:40:24,25) [cpuhp/2]
(root,0,0,00:00:00/54-14:40:24,26) [idle_inject/2]
(root,0,0,00:00:15/54-14:40:24,27) [migration/2]
(root,0,0,01:36:47/54-14:40:24,28) [ksoftirqd/2]
(root,0,0,00:00:00/54-14:40:24,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/54-14:40:24,31) [cpuhp/3]
(root,0,0,00:00:00/54-14:40:24,32) [idle_inject/3]
(root,0,0,00:00:19/54-14:40:24,33) [migration/3]
(root,0,0,00:05:00/54-14:40:24,34) [ksoftirqd/3]
(root,0,0,00:00:00/54-14:40:24,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/54-14:40:24,40) [kdevtmpfs]
(root,0,0,00:00:00/54-14:40:24,41) [netns]
(root,0,0,00:00:00/54-14:40:24,42) [inet_frag_wq]
(root,0,0,00:00:18/54-14:40:24,43) [kauditd]
(root,0,0,00:00:00/54-14:40:24,44) [khungtaskd]
(root,0,0,00:00:00/54-14:40:24,45) [oom_reaper]
(root,0,0,00:00:00/54-14:40:24,46) [writeback]
(root,0,0,00:02:47/54-14:40:24,47) [kcompactd0]
(root,0,0,00:00:00/54-14:40:24,48) [ksmd]
(root,0,0,00:03:02/54-14:40:24,49) [khugepaged]
(root,0,0,00:00:00/54-14:40:24,75) [kintegrityd]
(root,0,0,00:00:00/54-14:40:24,76) [kblockd]
(root,0,0,00:00:00/54-14:40:24,77) [blkcg_punt_bio]
(root,0,0,00:00:00/54-14:40:24,79) [tpm_dev_wq]
(root,0,0,00:00:00/54-14:40:24,80) [edac-poller]
(root,0,0,00:00:00/54-14:40:24,81) [devfreq_wq]
(root,0,0,00:00:00/54-14:40:24,110) [watchdogd]
(root,0,0,00:00:04/54-14:40:24,111) [kswapd0]
(root,0,0,00:00:14/54-14:40:24,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/54-14:40:22,115) [kthrotld]
(root,0,0,00:00:00/54-14:40:22,116) [mld]
(root,0,0,00:00:00/54-14:40:22,117) [ipv6_addrconf]
(root,0,0,00:00:15/54-14:40:22,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/54-14:40:22,123) [kstrp]
(root,0,0,00:00:00/54-14:40:22,124) [zswap-shrink]
(root,0,0,00:00:00/54-14:40:22,125) [kworker/u9:0]
(root,0,0,00:00:00/54-14:40:22,130) [charger_manager]
(root,0,0,00:00:16/54-14:40:22,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:24/54-14:40:22,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/54-14:40:21,239) [kaluad]
(root,0,0,00:00:00/54-14:40:21,258) [kmpath_rdacd]
(root,0,0,00:00:00/54-14:40:21,304) [kmpathd]
(root,0,0,00:00:00/54-14:40:21,305) [kmpath_handlerd]
(root,0,0,00:00:00/54-14:40:20,342) [ata_sff]
(root,0,0,00:00:00/54-14:40:20,343) [scsi_eh_0]
(root,0,0,00:00:00/54-14:40:20,344) [scsi_tmf_0]
(root,0,0,00:00:00/54-14:40:20,345) [scsi_eh_1]
(root,0,0,00:00:00/54-14:40:20,346) [scsi_tmf_1]
(root,0,0,00:01:46/54-14:40:17,366) [jbd2/vda1-8]
(root,0,0,00:00:00/54-14:40:17,367) [ext4-rsv-conver]
(root,38604,7852,00:01:30/54-14:40:05,440) /usr/lib/systemd/systemd-journald
(root,53296,9420,00:00:06/54-14:40:04,454) /usr/lib/systemd/systemd-udevd
(root,8624,6128,00:01:24/54-14:40:02,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:31/54-14:39:31,511) /sbin/auditd
(messagebus,22932,5400,00:02:54/54-14:39:30,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8256,00:01:38/54-14:39:30,530) /usr/lib/systemd/systemd-logind
(root,20556,4468,00:00:00/54-14:39:30,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15800,00:00:03/54-14:39:28,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16232,00:00:00/54-14:39:28,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,0,0,00:00:00/21:08,729) [kworker/3:1-events]
(root,549128,31272,00:01:04/54-14:39:14,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25404,00:00:00/54-14:39:14,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:05:24/54-14:39:14,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/54-14:39:14,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/54-14:39:14,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/54-14:39:14,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/54-14:39:14,1343) /usr/lib/systemd/systemd --user
(root,449060,8312,00:01:39/54-14:39:14,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5712,00:07:48/54-14:39:14,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/54-14:39:14,1352) bpfilter_umh
(root,26204,8096,00:00:27/54-14:39:14,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3940,00:00:00/54-14:39:14,1359) ntpd: asynchronous dns resolver
(spot,364848,215704,2-23:41:24/54-14:39:13,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/54-14:39:13,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/54-14:39:13,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/54-14:39:13,1373) (sd-pam)
(root,24216,5260,00:00:19/54-14:39:11,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:03/54-14:39:11,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:07/54-14:39:11,1485) /usr/sbin/cron -n
(root,698412,79084,01:15:35/54-14:39:05,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,232896,77764,00:28:45/54-14:38:53,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9160,00:00:02/48-20:14:28,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/19:16,6889) [kworker/0:1]
(root,0,0,00:00:00/02:59:04,7540) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:00/18:30,9879) [kworker/u8:1-flush-253:0]
(root,0,0,00:00:00/46:05,10451) [kworker/0:2-events]
(root,35304,10040,00:00:00/16-15:07:23,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:01:02/16-15:07:22,10514) sshd: syslogtunnel
(root,0,0,00:00:00/05:35,12778) [kworker/3:0-ata_sff]
(postfix,24244,8220,00:00:00/01:35:35,18539) pickup -l -t fifo -u
(root,0,0,00:00:00/13:46,23551) [kworker/2:2]
(root,0,0,00:00:00/40:50,24374) [kworker/1:1]
(root,0,0,00:00:01/03:56:52,25166) [kworker/2:1-events]
(root,0,0,00:00:00/02:04:10,27550) [kworker/1:0-events]
(root,0,0,00:00:00/00:22,30180) [kworker/3:2-ata_sff]
(root,35308,10028,00:00:00/16-15:53:36,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:00:56/16-15:53:35,30947) sshd: cm-ssh
(root,6656,3472,00:00:00/00:00,32197) /bin/bash /usr/bin/check_mk_agent
(root,13744,3524,00:00:00/00:00,32215) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,952,00:00:00/00:00,32216) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-04 01:29

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683634058f30e

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12392,00:02:30/52-16:01:15,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/52-16:01:15,2) [kthreadd]
(root,0,0,00:00:00/52-16:01:15,3) [rcu_gp]
(root,0,0,00:00:00/52-16:01:15,4) [rcu_par_gp]
(root,0,0,00:00:00/52-16:01:15,5) [slub_flushwq]
(root,0,0,00:00:00/52-16:01:15,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/52-16:01:15,9) [mm_percpu_wq]
(root,0,0,00:00:00/52-16:01:15,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/52-16:01:15,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/52-16:01:15,12) [rcu_tasks_trace]
(root,0,0,00:01:34/52-16:01:15,13) [ksoftirqd/0]
(root,0,0,02:28:35/52-16:01:15,14) [rcu_preempt]
(root,0,0,00:00:20/52-16:01:15,15) [migration/0]
(root,0,0,00:00:00/52-16:01:15,16) [idle_inject/0]
(root,0,0,00:00:00/52-16:01:15,18) [cpuhp/0]
(root,0,0,00:00:00/52-16:01:15,19) [cpuhp/1]
(root,0,0,00:00:00/52-16:01:15,20) [idle_inject/1]
(root,0,0,00:00:20/52-16:01:15,21) [migration/1]
(root,0,0,00:01:17/52-16:01:15,22) [ksoftirqd/1]
(root,0,0,00:00:00/52-16:01:15,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/52-16:01:15,25) [cpuhp/2]
(root,0,0,00:00:00/52-16:01:15,26) [idle_inject/2]
(root,0,0,00:00:15/52-16:01:15,27) [migration/2]
(root,0,0,01:33:48/52-16:01:15,28) [ksoftirqd/2]
(root,0,0,00:00:00/52-16:01:15,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/52-16:01:15,31) [cpuhp/3]
(root,0,0,00:00:00/52-16:01:15,32) [idle_inject/3]
(root,0,0,00:00:18/52-16:01:15,33) [migration/3]
(root,0,0,00:04:51/52-16:01:15,34) [ksoftirqd/3]
(root,0,0,00:00:00/52-16:01:15,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/52-16:01:15,40) [kdevtmpfs]
(root,0,0,00:00:00/52-16:01:15,41) [netns]
(root,0,0,00:00:00/52-16:01:15,42) [inet_frag_wq]
(root,0,0,00:00:18/52-16:01:15,43) [kauditd]
(root,0,0,00:00:00/52-16:01:15,44) [khungtaskd]
(root,0,0,00:00:00/52-16:01:15,45) [oom_reaper]
(root,0,0,00:00:00/52-16:01:15,46) [writeback]
(root,0,0,00:02:42/52-16:01:15,47) [kcompactd0]
(root,0,0,00:00:00/52-16:01:15,48) [ksmd]
(root,0,0,00:02:55/52-16:01:15,49) [khugepaged]
(root,0,0,00:00:00/52-16:01:15,75) [kintegrityd]
(root,0,0,00:00:00/52-16:01:15,76) [kblockd]
(root,0,0,00:00:00/52-16:01:15,77) [blkcg_punt_bio]
(root,0,0,00:00:00/52-16:01:15,79) [tpm_dev_wq]
(root,0,0,00:00:00/52-16:01:15,80) [edac-poller]
(root,0,0,00:00:00/52-16:01:15,81) [devfreq_wq]
(root,0,0,00:00:00/52-16:01:15,110) [watchdogd]
(root,0,0,00:00:04/52-16:01:15,111) [kswapd0]
(root,0,0,00:00:13/52-16:01:15,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/52-16:01:13,115) [kthrotld]
(root,0,0,00:00:00/52-16:01:13,116) [mld]
(root,0,0,00:00:00/52-16:01:13,117) [ipv6_addrconf]
(root,0,0,00:00:14/52-16:01:13,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/52-16:01:13,123) [kstrp]
(root,0,0,00:00:00/52-16:01:13,124) [zswap-shrink]
(root,0,0,00:00:00/52-16:01:13,125) [kworker/u9:0]
(root,0,0,00:00:00/52-16:01:13,130) [charger_manager]
(root,0,0,00:00:16/52-16:01:13,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:23/52-16:01:13,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/52-16:01:12,239) [kaluad]
(root,0,0,00:00:00/52-16:01:12,258) [kmpath_rdacd]
(root,0,0,00:00:00/52-16:01:12,304) [kmpathd]
(root,0,0,00:00:00/52-16:01:12,305) [kmpath_handlerd]
(root,0,0,00:00:00/52-16:01:11,342) [ata_sff]
(root,0,0,00:00:00/52-16:01:11,343) [scsi_eh_0]
(root,0,0,00:00:00/52-16:01:11,344) [scsi_tmf_0]
(root,0,0,00:00:00/52-16:01:11,345) [scsi_eh_1]
(root,0,0,00:00:00/52-16:01:11,346) [scsi_tmf_1]
(root,0,0,00:01:43/52-16:01:08,366) [jbd2/vda1-8]
(root,0,0,00:00:00/52-16:01:08,367) [ext4-rsv-conver]
(root,38604,7852,00:01:27/52-16:00:56,440) /usr/lib/systemd/systemd-journald
(root,53296,9420,00:00:06/52-16:00:55,454) /usr/lib/systemd/systemd-udevd
(root,8624,6128,00:01:22/52-16:00:53,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:30/52-16:00:22,511) /sbin/auditd
(messagebus,22932,5400,00:02:49/52-16:00:21,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8256,00:01:36/52-16:00:21,530) /usr/lib/systemd/systemd-logind
(root,20556,4468,00:00:00/52-16:00:21,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15800,00:00:03/52-16:00:19,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16232,00:00:00/52-16:00:19,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,549128,31272,00:01:02/52-16:00:05,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25404,00:00:00/52-16:00:05,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:05:13/52-16:00:05,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/52-16:00:05,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/52-16:00:05,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/52-16:00:05,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/52-16:00:05,1343) /usr/lib/systemd/systemd --user
(root,449060,8312,00:01:37/52-16:00:05,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5712,00:07:33/52-16:00:05,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/52-16:00:05,1352) bpfilter_umh
(root,26204,8096,00:00:26/52-16:00:05,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3940,00:00:00/52-16:00:05,1359) ntpd: asynchronous dns resolver
(spot,364736,215172,2-21:23:14/52-16:00:04,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/52-16:00:04,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/52-16:00:04,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/52-16:00:04,1373) (sd-pam)
(root,24216,5260,00:00:18/52-16:00:02,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:03/52-16:00:02,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:07/52-16:00:02,1485) /usr/sbin/cron -n
(root,698412,78580,01:13:00/52-15:59:56,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,0,0,00:00:00/00:10,1796) [kworker/3:1-ata_sff]
(spot,231872,76564,00:28:02/52-15:59:44,1995) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/18:21,2522) [kworker/2:0]
(postfix,44628,9160,00:00:01/46-21:35:19,2557) tlsmgr -l -t unix -u
(root,6656,3488,00:00:00/00:00,2880) /bin/bash /usr/bin/check_mk_agent
(root,6656,3488,00:00:00/00:00,2885) /bin/bash /usr/bin/check_mk_agent
(root,13744,3432,00:00:00/00:00,2919) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,2920) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/05:21,3133) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/45:12,4023) [kworker/1:1-events]
(root,0,0,00:00:00/11:37,5804) [kworker/u8:0]
(root,35304,10040,00:00:00/14-16:28:14,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:00:55/14-16:28:13,10514) sshd: syslogtunnel
(root,0,0,00:00:00/01:01:45,19117) [kworker/0:2-cgroup_destroy]
(postfix,24244,8240,00:00:00/01:38:18,20593) pickup -l -t fifo -u
(root,0,0,00:00:00/42:31,21080) [kworker/u8:2-writeback]
(root,0,0,00:00:00/07:26,21317) [kworker/1:0]
(root,0,0,00:00:04/02:30:37,22310) [kworker/3:2-events]
(root,0,0,00:00:00/01:27:18,28950) [kworker/0:0-events]
(root,35308,10028,00:00:00/14-17:14:27,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:00:50/14-17:14:26,30947) sshd: cm-ssh
(root,0,0,00:00:01/02:16:22,31163) [kworker/2:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-02 02:49

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d9224af7

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12388,00:02:27/51-14:03:11,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/51-14:03:11,2) [kthreadd]
(root,0,0,00:00:00/51-14:03:11,3) [rcu_gp]
(root,0,0,00:00:00/51-14:03:11,4) [rcu_par_gp]
(root,0,0,00:00:00/51-14:03:11,5) [slub_flushwq]
(root,0,0,00:00:00/51-14:03:11,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/51-14:03:11,9) [mm_percpu_wq]
(root,0,0,00:00:00/51-14:03:11,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/51-14:03:11,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/51-14:03:11,12) [rcu_tasks_trace]
(root,0,0,00:01:32/51-14:03:11,13) [ksoftirqd/0]
(root,0,0,02:25:54/51-14:03:11,14) [rcu_preempt]
(root,0,0,00:00:19/51-14:03:11,15) [migration/0]
(root,0,0,00:00:00/51-14:03:11,16) [idle_inject/0]
(root,0,0,00:00:00/51-14:03:11,18) [cpuhp/0]
(root,0,0,00:00:00/51-14:03:11,19) [cpuhp/1]
(root,0,0,00:00:00/51-14:03:11,20) [idle_inject/1]
(root,0,0,00:00:19/51-14:03:11,21) [migration/1]
(root,0,0,00:01:16/51-14:03:11,22) [ksoftirqd/1]
(root,0,0,00:00:00/51-14:03:11,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/51-14:03:11,25) [cpuhp/2]
(root,0,0,00:00:00/51-14:03:11,26) [idle_inject/2]
(root,0,0,00:00:14/51-14:03:11,27) [migration/2]
(root,0,0,01:32:31/51-14:03:11,28) [ksoftirqd/2]
(root,0,0,00:00:00/51-14:03:11,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/51-14:03:11,31) [cpuhp/3]
(root,0,0,00:00:00/51-14:03:11,32) [idle_inject/3]
(root,0,0,00:00:18/51-14:03:11,33) [migration/3]
(root,0,0,00:04:47/51-14:03:11,34) [ksoftirqd/3]
(root,0,0,00:00:00/51-14:03:11,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/51-14:03:11,40) [kdevtmpfs]
(root,0,0,00:00:00/51-14:03:11,41) [netns]
(root,0,0,00:00:00/51-14:03:11,42) [inet_frag_wq]
(root,0,0,00:00:17/51-14:03:11,43) [kauditd]
(root,0,0,00:00:00/51-14:03:11,44) [khungtaskd]
(root,0,0,00:00:00/51-14:03:11,45) [oom_reaper]
(root,0,0,00:00:00/51-14:03:11,46) [writeback]
(root,0,0,00:02:40/51-14:03:11,47) [kcompactd0]
(root,0,0,00:00:00/51-14:03:11,48) [ksmd]
(root,0,0,00:02:51/51-14:03:11,49) [khugepaged]
(root,0,0,00:00:00/51-14:03:11,75) [kintegrityd]
(root,0,0,00:00:00/51-14:03:11,76) [kblockd]
(root,0,0,00:00:00/51-14:03:11,77) [blkcg_punt_bio]
(root,0,0,00:00:00/51-14:03:11,79) [tpm_dev_wq]
(root,0,0,00:00:00/51-14:03:11,80) [edac-poller]
(root,0,0,00:00:00/51-14:03:11,81) [devfreq_wq]
(root,0,0,00:00:00/51-14:03:11,110) [watchdogd]
(root,0,0,00:00:04/51-14:03:11,111) [kswapd0]
(root,0,0,00:00:13/51-14:03:11,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/51-14:03:09,115) [kthrotld]
(root,0,0,00:00:00/51-14:03:09,116) [mld]
(root,0,0,00:00:00/51-14:03:09,117) [ipv6_addrconf]
(root,0,0,00:00:14/51-14:03:09,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/51-14:03:09,123) [kstrp]
(root,0,0,00:00:00/51-14:03:09,124) [zswap-shrink]
(root,0,0,00:00:00/51-14:03:09,125) [kworker/u9:0]
(root,0,0,00:00:00/51-14:03:09,130) [charger_manager]
(root,0,0,00:00:15/51-14:03:09,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:23/51-14:03:09,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/51-14:03:08,239) [kaluad]
(root,0,0,00:00:00/51-14:03:08,258) [kmpath_rdacd]
(root,0,0,00:00:00/51-14:03:08,304) [kmpathd]
(root,0,0,00:00:00/51-14:03:08,305) [kmpath_handlerd]
(root,0,0,00:00:00/51-14:03:07,342) [ata_sff]
(root,0,0,00:00:00/51-14:03:07,343) [scsi_eh_0]
(root,0,0,00:00:00/51-14:03:07,344) [scsi_tmf_0]
(root,0,0,00:00:00/51-14:03:07,345) [scsi_eh_1]
(root,0,0,00:00:00/51-14:03:07,346) [scsi_tmf_1]
(root,0,0,00:01:41/51-14:03:04,366) [jbd2/vda1-8]
(root,0,0,00:00:00/51-14:03:04,367) [ext4-rsv-conver]
(root,38604,7852,00:01:26/51-14:02:52,440) /usr/lib/systemd/systemd-journald
(root,53296,9420,00:00:05/51-14:02:51,454) /usr/lib/systemd/systemd-udevd
(root,8624,6128,00:01:20/51-14:02:49,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:30/51-14:02:18,511) /sbin/auditd
(messagebus,22932,5400,00:02:46/51-14:02:17,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8256,00:01:34/51-14:02:17,530) /usr/lib/systemd/systemd-logind
(root,20556,4468,00:00:00/51-14:02:17,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15800,00:00:03/51-14:02:15,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16232,00:00:00/51-14:02:15,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548872,30872,00:01:01/51-14:02:01,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25404,00:00:00/51-14:02:01,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:05:08/51-14:02:01,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/51-14:02:01,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/51-14:02:01,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/51-14:02:01,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/51-14:02:01,1343) /usr/lib/systemd/systemd --user
(root,449060,8312,00:01:35/51-14:02:01,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5712,00:07:25/51-14:02:01,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/51-14:02:01,1352) bpfilter_umh
(root,26204,8096,00:00:25/51-14:02:01,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3940,00:00:00/51-14:02:01,1359) ntpd: asynchronous dns resolver
(spot,364400,215104,2-20:15:55/51-14:02:00,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/51-14:02:00,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/51-14:02:00,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/51-14:02:00,1373) (sd-pam)
(root,24216,5260,00:00:18/51-14:01:58,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:03/51-14:01:58,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:07/51-14:01:58,1485) /usr/sbin/cron -n
(root,698156,76408,01:11:34/51-14:01:52,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,231872,76284,00:27:31/51-14:01:40,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9160,00:00:01/45-19:37:15,2557) tlsmgr -l -t unix -u
(root,6656,3488,00:00:00/00:00,7272) /bin/bash /usr/bin/check_mk_agent
(root,0,0,00:00:00/01:32:19,7344) [kworker/2:2-events]
(root,6656,1824,00:00:00/00:00,7348) /bin/bash /usr/bin/check_mk_agent
(root,6656,2016,00:00:00/00:00,7349) /bin/bash /usr/bin/check_mk_agent
(root,4480,1116,00:00:00/00:00,7350) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,860,00:00:00/00:00,7351) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2680,732,00:00:00/00:00,7352) cat /proc/net/tcp /proc/net/tcp6
(root,6656,3488,00:00:00/00:00,7353) /bin/bash /usr/bin/check_mk_agent
(root,13744,3508,00:00:00/00:00,7371) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,968,00:00:00/00:00,7372) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/04:05:10,7623) [kworker/u8:1-ext4-rsv-conversion]
(root,0,0,00:00:00/18:09,8644) [kworker/2:1-cgroup_destroy]
(root,35304,10040,00:00:00/13-14:30:10,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:00:51/13-14:30:09,10514) sshd: syslogtunnel
(root,0,0,00:00:00/03:45,11078) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/34:02,12769) [kworker/1:2]
(root,0,0,00:00:00/08:58,17121) [kworker/3:0-ata_sff]
(postfix,24244,8204,00:00:00/41:14,17956) pickup -l -t fifo -u
(root,0,0,00:00:01/03:13:25,18376) [kworker/0:0-events]
(root,0,0,00:00:00/23:32,20648) [kworker/0:2]
(root,0,0,00:00:00/06:50,24429) [kworker/u8:2-writeback]
(root,0,0,00:00:00/39:16,25224) [kworker/1:0-events]
(root,35308,10028,00:00:00/13-15:16:23,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:00:47/13-15:16:22,30947) sshd: cm-ssh
(root,0,0,00:00:00/29:42,31113) [kworker/3:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-01 00:51

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363076a8fb9

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12388,00:02:23/49-14:52:24,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/49-14:52:24,2) [kthreadd]
(root,0,0,00:00:00/49-14:52:24,3) [rcu_gp]
(root,0,0,00:00:00/49-14:52:24,4) [rcu_par_gp]
(root,0,0,00:00:00/49-14:52:24,5) [slub_flushwq]
(root,0,0,00:00:00/49-14:52:24,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/49-14:52:24,9) [mm_percpu_wq]
(root,0,0,00:00:00/49-14:52:24,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/49-14:52:24,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/49-14:52:24,12) [rcu_tasks_trace]
(root,0,0,00:01:30/49-14:52:24,13) [ksoftirqd/0]
(root,0,0,02:21:10/49-14:52:24,14) [rcu_preempt]
(root,0,0,00:00:19/49-14:52:24,15) [migration/0]
(root,0,0,00:00:00/49-14:52:24,16) [idle_inject/0]
(root,0,0,00:00:00/49-14:52:24,18) [cpuhp/0]
(root,0,0,00:00:00/49-14:52:24,19) [cpuhp/1]
(root,0,0,00:00:00/49-14:52:24,20) [idle_inject/1]
(root,0,0,00:00:19/49-14:52:24,21) [migration/1]
(root,0,0,00:01:13/49-14:52:24,22) [ksoftirqd/1]
(root,0,0,00:00:00/49-14:52:24,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/49-14:52:24,25) [cpuhp/2]
(root,0,0,00:00:00/49-14:52:24,26) [idle_inject/2]
(root,0,0,00:00:14/49-14:52:24,27) [migration/2]
(root,0,0,01:30:13/49-14:52:24,28) [ksoftirqd/2]
(root,0,0,00:00:00/49-14:52:24,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/49-14:52:24,31) [cpuhp/3]
(root,0,0,00:00:00/49-14:52:24,32) [idle_inject/3]
(root,0,0,00:00:17/49-14:52:24,33) [migration/3]
(root,0,0,00:04:40/49-14:52:24,34) [ksoftirqd/3]
(root,0,0,00:00:00/49-14:52:24,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/49-14:52:24,40) [kdevtmpfs]
(root,0,0,00:00:00/49-14:52:24,41) [netns]
(root,0,0,00:00:00/49-14:52:24,42) [inet_frag_wq]
(root,0,0,00:00:17/49-14:52:24,43) [kauditd]
(root,0,0,00:00:00/49-14:52:24,44) [khungtaskd]
(root,0,0,00:00:00/49-14:52:24,45) [oom_reaper]
(root,0,0,00:00:00/49-14:52:24,46) [writeback]
(root,0,0,00:02:35/49-14:52:24,47) [kcompactd0]
(root,0,0,00:00:00/49-14:52:24,48) [ksmd]
(root,0,0,00:02:44/49-14:52:24,49) [khugepaged]
(root,0,0,00:00:00/49-14:52:24,75) [kintegrityd]
(root,0,0,00:00:00/49-14:52:24,76) [kblockd]
(root,0,0,00:00:00/49-14:52:24,77) [blkcg_punt_bio]
(root,0,0,00:00:00/49-14:52:24,79) [tpm_dev_wq]
(root,0,0,00:00:00/49-14:52:24,80) [edac-poller]
(root,0,0,00:00:00/49-14:52:24,81) [devfreq_wq]
(root,0,0,00:00:00/49-14:52:24,110) [watchdogd]
(root,0,0,00:00:04/49-14:52:24,111) [kswapd0]
(root,0,0,00:00:13/49-14:52:24,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/49-14:52:22,115) [kthrotld]
(root,0,0,00:00:00/49-14:52:22,116) [mld]
(root,0,0,00:00:00/49-14:52:22,117) [ipv6_addrconf]
(root,0,0,00:00:13/49-14:52:22,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/49-14:52:22,123) [kstrp]
(root,0,0,00:00:00/49-14:52:22,124) [zswap-shrink]
(root,0,0,00:00:00/49-14:52:22,125) [kworker/u9:0]
(root,0,0,00:00:00/49-14:52:22,130) [charger_manager]
(root,0,0,00:00:15/49-14:52:22,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:22/49-14:52:22,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/49-14:52:21,239) [kaluad]
(root,0,0,00:00:00/49-14:52:21,258) [kmpath_rdacd]
(root,0,0,00:00:00/49-14:52:21,304) [kmpathd]
(root,0,0,00:00:00/49-14:52:21,305) [kmpath_handlerd]
(root,0,0,00:00:00/49-14:52:20,342) [ata_sff]
(root,0,0,00:00:00/49-14:52:20,343) [scsi_eh_0]
(root,0,0,00:00:00/49-14:52:20,344) [scsi_tmf_0]
(root,0,0,00:00:00/49-14:52:20,345) [scsi_eh_1]
(root,0,0,00:00:00/49-14:52:20,346) [scsi_tmf_1]
(root,0,0,00:01:38/49-14:52:17,366) [jbd2/vda1-8]
(root,0,0,00:00:00/49-14:52:17,367) [ext4-rsv-conver]
(postfix,24244,8228,00:00:00/12:13,390) pickup -l -t fifo -u
(root,38604,7852,00:01:23/49-14:52:05,440) /usr/lib/systemd/systemd-journald
(root,53296,9420,00:00:05/49-14:52:04,454) /usr/lib/systemd/systemd-udevd
(root,8624,6128,00:01:17/49-14:52:02,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:29/49-14:51:31,511) /sbin/auditd
(messagebus,22932,5400,00:02:41/49-14:51:30,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8252,00:01:31/49-14:51:30,530) /usr/lib/systemd/systemd-logind
(root,20556,4468,00:00:00/49-14:51:30,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15800,00:00:03/49-14:51:28,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16232,00:00:00/49-14:51:28,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548872,30612,00:00:59/49-14:51:14,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25404,00:00:00/49-14:51:14,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:04:58/49-14:51:14,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/49-14:51:14,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/49-14:51:14,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/49-14:51:14,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/49-14:51:14,1343) /usr/lib/systemd/systemd --user
(root,449060,8312,00:01:33/49-14:51:14,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5712,00:07:10/49-14:51:14,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/49-14:51:14,1352) bpfilter_umh
(root,26204,8096,00:00:25/49-14:51:14,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3940,00:00:00/49-14:51:14,1359) ntpd: asynchronous dns resolver
(spot,361312,212060,2-18:42:58/49-14:51:13,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/49-14:51:13,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/49-14:51:13,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/49-14:51:13,1373) (sd-pam)
(root,24216,5260,00:00:17/49-14:51:11,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:03/49-14:51:11,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:06/49-14:51:11,1485) /usr/sbin/cron -n
(root,697764,76136,01:08:58/49-14:51:05,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,230848,74276,00:26:44/49-14:50:53,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9160,00:00:01/43-20:26:28,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/01:09:16,7744) [kworker/2:1]
(root,35304,10040,00:00:00/11-15:19:23,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:00:45/11-15:19:22,10514) sshd: syslogtunnel
(root,0,0,00:00:00/27:37,11017) [kworker/0:0-events]
(root,0,0,00:00:00/36:54,13457) [kworker/3:0-events]
(root,0,0,00:00:00/08:03,19483) [kworker/0:2]
(root,0,0,00:00:01/07:40:26,21090) [kworker/1:0-events]
(root,0,0,00:00:00/00:35,22391) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/01:04:18,25756) [kworker/1:2]
(root,0,0,00:00:00/01:44:54,26139) [kworker/2:0-events]
(root,6656,3488,00:00:00/00:00,26222) /bin/bash /usr/bin/check_mk_agent
(root,6656,1824,00:00:00/00:00,26263) /bin/bash /usr/bin/check_mk_agent
(root,6656,2016,00:00:00/00:00,26264) /bin/bash /usr/bin/check_mk_agent
(root,4480,1060,00:00:00/00:00,26265) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,756,00:00:00/00:00,26266) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2680,752,00:00:00/00:00,26267) cat /proc/net/tcp /proc/net/tcp6
(root,6656,3480,00:00:00/00:00,26268) /bin/bash /usr/bin/check_mk_agent
(root,13744,3448,00:00:00/00:00,26286) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,26287) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/02:10:07,26705) [kworker/u8:2-flush-253:0]
(root,0,0,00:00:00/05:47,29936) [kworker/3:1-ata_sff]
(root,35308,10028,00:00:00/11-16:05:36,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:00:41/11-16:05:35,30947) sshd: cm-ssh
(root,0,0,00:00:00/42:10,32288) [kworker/u8:0-flush-253:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-30 01:41

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683631b3041f8

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12388,00:02:22/49-02:43:11,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/49-02:43:11,2) [kthreadd]
(root,0,0,00:00:00/49-02:43:11,3) [rcu_gp]
(root,0,0,00:00:00/49-02:43:11,4) [rcu_par_gp]
(root,0,0,00:00:00/49-02:43:11,5) [slub_flushwq]
(root,0,0,00:00:00/49-02:43:11,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/49-02:43:11,9) [mm_percpu_wq]
(root,0,0,00:00:00/49-02:43:11,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/49-02:43:11,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/49-02:43:11,12) [rcu_tasks_trace]
(root,0,0,00:01:29/49-02:43:11,13) [ksoftirqd/0]
(root,0,0,02:19:57/49-02:43:11,14) [rcu_preempt]
(root,0,0,00:00:18/49-02:43:11,15) [migration/0]
(root,0,0,00:00:00/49-02:43:11,16) [idle_inject/0]
(root,0,0,00:00:00/49-02:43:11,18) [cpuhp/0]
(root,0,0,00:00:00/49-02:43:11,19) [cpuhp/1]
(root,0,0,00:00:00/49-02:43:11,20) [idle_inject/1]
(root,0,0,00:00:19/49-02:43:11,21) [migration/1]
(root,0,0,00:01:13/49-02:43:11,22) [ksoftirqd/1]
(root,0,0,00:00:00/49-02:43:11,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/49-02:43:11,25) [cpuhp/2]
(root,0,0,00:00:00/49-02:43:11,26) [idle_inject/2]
(root,0,0,00:00:14/49-02:43:11,27) [migration/2]
(root,0,0,01:29:42/49-02:43:11,28) [ksoftirqd/2]
(root,0,0,00:00:00/49-02:43:11,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/49-02:43:11,31) [cpuhp/3]
(root,0,0,00:00:00/49-02:43:11,32) [idle_inject/3]
(root,0,0,00:00:17/49-02:43:11,33) [migration/3]
(root,0,0,00:04:38/49-02:43:11,34) [ksoftirqd/3]
(root,0,0,00:00:00/49-02:43:11,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/49-02:43:11,40) [kdevtmpfs]
(root,0,0,00:00:00/49-02:43:11,41) [netns]
(root,0,0,00:00:00/49-02:43:11,42) [inet_frag_wq]
(root,0,0,00:00:17/49-02:43:11,43) [kauditd]
(root,0,0,00:00:00/49-02:43:11,44) [khungtaskd]
(root,0,0,00:00:00/49-02:43:11,45) [oom_reaper]
(root,0,0,00:00:00/49-02:43:11,46) [writeback]
(root,0,0,00:02:33/49-02:43:11,47) [kcompactd0]
(root,0,0,00:00:00/49-02:43:11,48) [ksmd]
(root,0,0,00:02:43/49-02:43:11,49) [khugepaged]
(root,0,0,00:00:00/49-02:43:11,75) [kintegrityd]
(root,0,0,00:00:00/49-02:43:11,76) [kblockd]
(root,0,0,00:00:00/49-02:43:11,77) [blkcg_punt_bio]
(root,0,0,00:00:00/49-02:43:11,79) [tpm_dev_wq]
(root,0,0,00:00:00/49-02:43:11,80) [edac-poller]
(root,0,0,00:00:00/49-02:43:11,81) [devfreq_wq]
(root,0,0,00:00:00/49-02:43:11,110) [watchdogd]
(root,0,0,00:00:04/49-02:43:11,111) [kswapd0]
(root,0,0,00:00:13/49-02:43:11,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/49-02:43:09,115) [kthrotld]
(root,0,0,00:00:00/49-02:43:09,116) [mld]
(root,0,0,00:00:00/49-02:43:09,117) [ipv6_addrconf]
(root,0,0,00:00:13/49-02:43:09,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/49-02:43:09,123) [kstrp]
(root,0,0,00:00:00/49-02:43:09,124) [zswap-shrink]
(root,0,0,00:00:00/49-02:43:09,125) [kworker/u9:0]
(root,0,0,00:00:00/49-02:43:09,130) [charger_manager]
(root,0,0,00:00:15/49-02:43:09,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:22/49-02:43:09,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/49-02:43:08,239) [kaluad]
(root,0,0,00:00:00/49-02:43:08,258) [kmpath_rdacd]
(root,0,0,00:00:00/49-02:43:08,304) [kmpathd]
(root,0,0,00:00:00/49-02:43:08,305) [kmpath_handlerd]
(root,0,0,00:00:00/49-02:43:07,342) [ata_sff]
(root,0,0,00:00:00/49-02:43:07,343) [scsi_eh_0]
(root,0,0,00:00:00/49-02:43:07,344) [scsi_tmf_0]
(root,0,0,00:00:00/49-02:43:07,345) [scsi_eh_1]
(root,0,0,00:00:00/49-02:43:07,346) [scsi_tmf_1]
(root,0,0,00:01:37/49-02:43:04,366) [jbd2/vda1-8]
(root,0,0,00:00:00/49-02:43:04,367) [ext4-rsv-conver]
(root,38604,7852,00:01:23/49-02:42:52,440) /usr/lib/systemd/systemd-journald
(root,53296,9420,00:00:05/49-02:42:51,454) /usr/lib/systemd/systemd-udevd
(root,8624,6128,00:01:17/49-02:42:49,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:29/49-02:42:18,511) /sbin/auditd
(messagebus,22932,5400,00:02:40/49-02:42:17,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8252,00:01:31/49-02:42:17,530) /usr/lib/systemd/systemd-logind
(root,20556,4468,00:00:00/49-02:42:17,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15800,00:00:03/49-02:42:15,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16232,00:00:00/49-02:42:15,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548872,30612,00:00:58/49-02:42:01,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25404,00:00:00/49-02:42:01,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:04:53/49-02:42:01,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/49-02:42:01,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/49-02:42:01,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/49-02:42:01,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/49-02:42:01,1343) /usr/lib/systemd/systemd --user
(root,449060,8312,00:01:32/49-02:42:01,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5712,00:07:06/49-02:42:01,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/49-02:42:01,1352) bpfilter_umh
(root,26204,8096,00:00:25/49-02:42:01,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3940,00:00:00/49-02:42:01,1359) ntpd: asynchronous dns resolver
(spot,361296,212056,2-18:14:58/49-02:42:00,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/49-02:42:00,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/49-02:42:00,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/49-02:42:00,1373) (sd-pam)
(root,24216,5260,00:00:17/49-02:41:58,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:03/49-02:41:58,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:06/49-02:41:58,1485) /usr/sbin/cron -n
(root,697764,78092,01:08:17/49-02:41:52,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,230848,73960,00:26:30/49-02:41:40,1995) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/01:05:34,2170) [kworker/2:2-cgroup_destroy]
(postfix,44628,9160,00:00:01/43-08:17:15,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/45:33,8614) [kworker/1:0]
(root,35304,10040,00:00:00/11-03:10:10,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:00:43/11-03:10:09,10514) sshd: syslogtunnel
(root,0,0,00:00:00/02:19:55,10864) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:00/30:36,14327) [kworker/0:1-cgroup_destroy]
(root,0,0,00:00:00/08:07,15505) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/02:55,18119) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/00:27,19010) [kworker/0:0-events]
(root,6656,3488,00:00:00/00:00,19377) /bin/bash /usr/bin/check_mk_agent
(root,13744,3420,00:00:00/00:00,19395) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,968,00:00:00/00:00,19396) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/18:28,20293) [kworker/3:2-events]
(root,0,0,00:00:00/05:09:26,22403) [kworker/0:2-cgroup_destroy]
(root,0,0,00:00:00/15:17,27485) [kworker/2:1-events]
(root,0,0,00:00:00/03:01:24,29413) [kworker/u8:1-flush-253:0]
(postfix,24244,8204,00:00:00/01:23:37,29621) pickup -l -t fifo -u
(root,35308,10028,00:00:00/11-03:56:23,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:00:39/11-03:56:22,30947) sshd: cm-ssh
(root,0,0,00:00:00/02:55:01,31158) [kworker/1:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-29 13:31
    Create report
Domain summary
No record

© 2024 LeakIX
About LeakIX - Credits - Take-down and blacklist requests - Security issues - Terms and conditions - Cookie policy - Legal notice