Host 141.9.254.33
Germany
Verein zur Foerderung eines Deutschen Forschungsnetzes e.V.
-
CheckMK monitoring endpoint publicly available
An open CheckMK agent is publicly available.
This could leak sensitive information such as :
- Process list ( maybe credentials )
- Network interfaces
- Running services
- Firewall rules
- Internal OS configuration
https://docs.checkmk.com/latest/en/wato_monitoringagents.html
First seen 2024-09-11 19:27
Last seen 2024-12-22 00:58
Open for 101 days-
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683637e84e8d8Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12584,00:01:36/39-14:36:12,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-14:36:12,2) [kthreadd] (root,0,0,00:00:00/39-14:36:12,3) [rcu_gp] (root,0,0,00:00:00/39-14:36:12,4) [rcu_par_gp] (root,0,0,00:00:00/39-14:36:12,5) [slub_flushwq] (root,0,0,00:00:00/39-14:36:12,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-14:36:12,9) [mm_percpu_wq] (root,0,0,00:00:00/39-14:36:12,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-14:36:12,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-14:36:12,12) [rcu_tasks_trace] (root,0,0,00:01:15/39-14:36:12,13) [ksoftirqd/0] (root,0,0,01:45:18/39-14:36:12,14) [rcu_preempt] (root,0,0,00:00:15/39-14:36:12,15) [migration/0] (root,0,0,00:00:00/39-14:36:12,16) [idle_inject/0] (root,0,0,00:00:00/39-14:36:12,18) [cpuhp/0] (root,0,0,00:00:00/39-14:36:12,19) [cpuhp/1] (root,0,0,00:00:00/39-14:36:12,20) [idle_inject/1] (root,0,0,00:00:15/39-14:36:12,21) [migration/1] (root,0,0,00:01:05/39-14:36:12,22) [ksoftirqd/1] (root,0,0,00:00:00/39-14:36:12,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-14:36:12,25) [cpuhp/2] (root,0,0,00:00:00/39-14:36:12,26) [idle_inject/2] (root,0,0,00:00:12/39-14:36:12,27) [migration/2] (root,0,0,01:14:06/39-14:36:12,28) [ksoftirqd/2] (root,0,0,00:00:00/39-14:36:12,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-14:36:12,31) [cpuhp/3] (root,0,0,00:00:00/39-14:36:12,32) [idle_inject/3] (root,0,0,00:00:14/39-14:36:12,33) [migration/3] (root,0,0,00:03:31/39-14:36:12,34) [ksoftirqd/3] (root,0,0,00:00:00/39-14:36:12,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-14:36:12,39) [kdevtmpfs] (root,0,0,00:00:00/39-14:36:12,40) [netns] (root,0,0,00:00:00/39-14:36:12,41) [inet_frag_wq] (root,0,0,00:00:09/39-14:36:12,42) [kauditd] (root,0,0,00:00:00/39-14:36:12,43) [khungtaskd] (root,0,0,00:00:00/39-14:36:12,44) [oom_reaper] (root,0,0,00:00:00/39-14:36:12,45) [writeback] (root,0,0,00:01:56/39-14:36:12,46) [kcompactd0] (root,0,0,00:00:00/39-14:36:12,47) [ksmd] (root,0,0,00:01:57/39-14:36:12,48) [khugepaged] (root,0,0,00:00:00/39-14:36:12,74) [kintegrityd] (root,0,0,00:00:00/39-14:36:12,75) [kblockd] (root,0,0,00:00:00/39-14:36:12,76) [blkcg_punt_bio] (root,0,0,00:00:00/39-14:36:12,78) [tpm_dev_wq] (root,0,0,00:00:00/39-14:36:12,79) [edac-poller] (root,0,0,00:00:00/39-14:36:12,80) [devfreq_wq] (root,0,0,00:00:00/39-14:36:12,110) [watchdogd] (root,0,0,00:00:08/39-14:36:12,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/39-14:36:12,112) [kswapd0] (root,0,0,00:00:00/39-14:36:11,114) [kthrotld] (root,0,0,00:00:00/39-14:36:11,115) [mld] (root,0,0,00:00:00/39-14:36:11,116) [ipv6_addrconf] (root,0,0,00:00:17/39-14:36:11,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/39-14:36:11,122) [kstrp] (root,0,0,00:00:00/39-14:36:11,123) [zswap-shrink] (root,0,0,00:00:00/39-14:36:11,124) [kworker/u9:0] (root,0,0,00:00:00/39-14:36:11,129) [charger_manager] (root,0,0,00:00:08/39-14:36:10,172) [kworker/3:1H-kblockd] (root,0,0,00:00:09/39-14:36:10,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-14:36:10,205) [kaluad] (root,0,0,00:00:00/39-14:36:10,250) [kmpath_rdacd] (root,0,0,00:00:00/39-14:36:10,293) [kmpathd] (root,0,0,00:00:00/39-14:36:10,294) [kmpath_handlerd] (root,0,0,00:00:00/39-14:36:10,342) [ata_sff] (root,0,0,00:00:00/39-14:36:09,343) [scsi_eh_0] (root,0,0,00:00:00/39-14:36:09,344) [scsi_tmf_0] (root,0,0,00:00:00/39-14:36:09,345) [scsi_eh_1] (root,0,0,00:00:00/39-14:36:09,346) [scsi_tmf_1] (root,0,0,00:01:05/39-14:36:07,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-14:36:07,367) [ext4-rsv-conver] (root,38604,7788,00:00:54/39-14:35:55,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/39-14:35:54,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:59/39-14:35:52,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:19/39-14:35:18,512) /sbin/auditd (messagebus,22936,5548,00:01:45/39-14:35:18,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:01:01/39-14:35:18,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/39-14:35:18,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/39-14:35:17,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/39-14:35:17,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:44/39-14:35:03,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/39-14:35:03,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:45/39-14:35:02,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/39-14:35:02,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/39-14:35:02,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/39-14:35:02,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/39-14:35:02,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:50/39-14:35:02,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:23/39-14:35:02,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/39-14:35:02,1206) bpfilter_umh (root,26204,8212,00:00:16/39-14:35:02,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/39-14:35:02,1215) ntpd: asynchronous dns resolver (spot,299360,183064,2-02:58:38/39-14:35:02,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/39-14:35:01,1228) (sd-pam) (checkmk,48532,3192,00:00:00/39-14:35:01,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/39-14:35:01,1245) (sd-pam) (root,24216,5344,00:00:13/39-14:35:00,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/39-14:35:00,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/39-14:34:59,1354) /usr/sbin/cron -n (root,698484,82656,00:51:44/39-14:34:53,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,66924,00:17:03/39-14:34:39,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/01:59:01,2674) [kworker/0:2-events] (root,0,0,00:00:00/39:42,5528) [kworker/1:2-events] (root,0,0,00:00:00/05:29,7221) [kworker/3:0-events] (root,0,0,00:00:00/01:33:17,9266) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/01:30,10883) [kworker/0:1] (root,0,0,00:00:00/24:30,12385) [kworker/0:0-cgroup_destroy] (postfix,24244,8292,00:00:00/03:31,13685) pickup -l -t fifo -u (root,0,0,00:00:00/02:07:03,15256) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/33-12:25:55,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:51/33-12:25:54,15391) sshd: cm-ssh (root,0,0,00:00:00/03:23,15706) [kworker/1:1-ata_sff] (root,35308,10072,00:00:00/23-13:54:33,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:22/23-13:54:32,16977) sshd: syslogtunnel (root,0,0,00:00:00/44:31,19043) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/11:53,24965) [kworker/2:0-events] (root,6656,3508,00:00:00/00:00,29363) /bin/bash /usr/bin/check_mk_agent (root,0,0,00:00:00/20:24,29419) [kworker/2:2-cgroup_destroy] (root,6656,3488,00:00:00/00:00,29430) /bin/bash /usr/bin/check_mk_agent (root,6656,1840,00:00:00/00:00,29452) /bin/bash /usr/bin/check_mk_agent (root,25832,9244,00:00:00/00:00,29453) postconf -c /etc/postfix (root,5280,796,00:00:00/00:00,29454) grep ^multi_instance_directories (root,11644,964,00:00:00/00:00,29455) sed s/.*=[[:space:]]*//g (root,13744,3452,00:00:00/00:00,29457) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,29458) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,44628,9272,00:00:01/33-19:11:40,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/08:36,31013) [kworker/1:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-22 00:58 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363479c7145Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:26/37-14:08:39,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-14:08:39,2) [kthreadd] (root,0,0,00:00:00/37-14:08:39,3) [rcu_gp] (root,0,0,00:00:00/37-14:08:39,4) [rcu_par_gp] (root,0,0,00:00:00/37-14:08:39,5) [slub_flushwq] (root,0,0,00:00:00/37-14:08:39,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-14:08:39,9) [mm_percpu_wq] (root,0,0,00:00:00/37-14:08:39,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-14:08:39,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-14:08:39,12) [rcu_tasks_trace] (root,0,0,00:01:09/37-14:08:39,13) [ksoftirqd/0] (root,0,0,01:39:43/37-14:08:39,14) [rcu_preempt] (root,0,0,00:00:14/37-14:08:39,15) [migration/0] (root,0,0,00:00:00/37-14:08:39,16) [idle_inject/0] (root,0,0,00:00:00/37-14:08:39,18) [cpuhp/0] (root,0,0,00:00:00/37-14:08:39,19) [cpuhp/1] (root,0,0,00:00:00/37-14:08:39,20) [idle_inject/1] (root,0,0,00:00:14/37-14:08:39,21) [migration/1] (root,0,0,00:01:00/37-14:08:39,22) [ksoftirqd/1] (root,0,0,00:00:00/37-14:08:39,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-14:08:39,25) [cpuhp/2] (root,0,0,00:00:00/37-14:08:39,26) [idle_inject/2] (root,0,0,00:00:11/37-14:08:39,27) [migration/2] (root,0,0,01:10:40/37-14:08:39,28) [ksoftirqd/2] (root,0,0,00:00:00/37-14:08:39,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-14:08:39,31) [cpuhp/3] (root,0,0,00:00:00/37-14:08:39,32) [idle_inject/3] (root,0,0,00:00:14/37-14:08:39,33) [migration/3] (root,0,0,00:03:20/37-14:08:39,34) [ksoftirqd/3] (root,0,0,00:00:00/37-14:08:39,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-14:08:39,39) [kdevtmpfs] (root,0,0,00:00:00/37-14:08:39,40) [netns] (root,0,0,00:00:00/37-14:08:39,41) [inet_frag_wq] (root,0,0,00:00:08/37-14:08:39,42) [kauditd] (root,0,0,00:00:00/37-14:08:39,43) [khungtaskd] (root,0,0,00:00:00/37-14:08:39,44) [oom_reaper] (root,0,0,00:00:00/37-14:08:39,45) [writeback] (root,0,0,00:01:50/37-14:08:39,46) [kcompactd0] (root,0,0,00:00:00/37-14:08:39,47) [ksmd] (root,0,0,00:01:50/37-14:08:39,48) [khugepaged] (root,0,0,00:00:00/37-14:08:39,74) [kintegrityd] (root,0,0,00:00:00/37-14:08:39,75) [kblockd] (root,0,0,00:00:00/37-14:08:39,76) [blkcg_punt_bio] (root,0,0,00:00:00/37-14:08:39,78) [tpm_dev_wq] (root,0,0,00:00:00/37-14:08:39,79) [edac-poller] (root,0,0,00:00:00/37-14:08:39,80) [devfreq_wq] (root,0,0,00:00:00/37-14:08:39,110) [watchdogd] (root,0,0,00:00:07/37-14:08:39,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/37-14:08:39,112) [kswapd0] (root,0,0,00:00:00/37-14:08:38,114) [kthrotld] (root,0,0,00:00:00/37-14:08:38,115) [mld] (root,0,0,00:00:00/37-14:08:38,116) [ipv6_addrconf] (root,0,0,00:00:16/37-14:08:38,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/37-14:08:38,122) [kstrp] (root,0,0,00:00:00/37-14:08:38,123) [zswap-shrink] (root,0,0,00:00:00/37-14:08:38,124) [kworker/u9:0] (root,0,0,00:00:00/37-14:08:38,129) [charger_manager] (root,0,0,00:00:08/37-14:08:37,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/37-14:08:37,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-14:08:37,205) [kaluad] (root,0,0,00:00:00/37-14:08:37,250) [kmpath_rdacd] (root,0,0,00:00:00/37-14:08:37,293) [kmpathd] (root,0,0,00:00:00/37-14:08:37,294) [kmpath_handlerd] (root,0,0,00:00:00/37-14:08:37,342) [ata_sff] (root,0,0,00:00:00/37-14:08:36,343) [scsi_eh_0] (root,0,0,00:00:00/37-14:08:36,344) [scsi_tmf_0] (root,0,0,00:00:00/37-14:08:36,345) [scsi_eh_1] (root,0,0,00:00:00/37-14:08:36,346) [scsi_tmf_1] (root,0,0,00:01:01/37-14:08:34,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-14:08:34,367) [ext4-rsv-conver] (root,38604,7788,00:00:48/37-14:08:22,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/37-14:08:21,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:56/37-14:08:19,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:17/37-14:07:45,512) /sbin/auditd (messagebus,22936,5548,00:01:32/37-14:07:45,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:54/37-14:07:45,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/37-14:07:45,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/37-14:07:44,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/37-14:07:44,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:42/37-14:07:30,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/37-14:07:30,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:32/37-14:07:29,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/37-14:07:29,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/37-14:07:29,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/37-14:07:29,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/37-14:07:29,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:46/37-14:07:29,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:06/37-14:07:29,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/37-14:07:29,1206) bpfilter_umh (root,26204,8212,00:00:14/37-14:07:29,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/37-14:07:29,1215) ntpd: asynchronous dns resolver (spot,296480,182160,1-23:14:12/37-14:07:29,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/37-14:07:28,1228) (sd-pam) (checkmk,48532,3192,00:00:00/37-14:07:28,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/37-14:07:28,1245) (sd-pam) (root,24216,5344,00:00:12/37-14:07:27,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/37-14:07:27,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/37-14:07:26,1354) /usr/sbin/cron -n (root,698484,82412,00:49:06/37-14:07:20,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66044,00:16:08/37-14:07:06,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/08:15,2838) [kworker/3:1-events] (root,0,0,00:00:00/07:40,4583) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/07:18,6208) [kworker/1:2-ata_sff] (root,0,0,00:00:00/06:09,10180) [kworker/2:2-events] (root,35308,10012,00:00:00/31-11:58:22,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:44/31-11:58:21,15391) sshd: cm-ssh (root,0,0,00:00:00/15:21,16397) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10072,00:00:00/21-13:27:00,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:14/21-13:26:59,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:50:41,17446) [kworker/0:2-events] (root,0,0,00:00:00/14:22,18386) [kworker/3:2-events] (root,0,0,00:00:00/59:11,21022) [kworker/1:1-events] (root,0,0,00:00:00/02:06,21821) [kworker/1:0-ata_sff] (postfix,24244,8204,00:00:00/01:38:01,22497) pickup -l -t fifo -u (root,0,0,00:00:00/24:35,26953) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/00:20,27235) [kworker/u8:2-events_unbound] (root,6656,3488,00:00:00/00:00,28072) /bin/bash /usr/bin/check_mk_agent (root,13744,3380,00:00:00/00:00,28090) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,28091) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,44628,9272,00:00:01/31-18:44:07,30472) tlsmgr -l -t unix -u (root,0,0,00:00:02/01:54:41,32596) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-20 00:30 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363637361caFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:22/35-15:20:59,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/35-15:20:59,2) [kthreadd] (root,0,0,00:00:00/35-15:20:59,3) [rcu_gp] (root,0,0,00:00:00/35-15:20:59,4) [rcu_par_gp] (root,0,0,00:00:00/35-15:20:59,5) [slub_flushwq] (root,0,0,00:00:00/35-15:20:59,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-15:20:59,9) [mm_percpu_wq] (root,0,0,00:00:00/35-15:20:59,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-15:20:59,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-15:20:59,12) [rcu_tasks_trace] (root,0,0,00:01:05/35-15:20:59,13) [ksoftirqd/0] (root,0,0,01:34:30/35-15:20:59,14) [rcu_preempt] (root,0,0,00:00:13/35-15:20:59,15) [migration/0] (root,0,0,00:00:00/35-15:20:59,16) [idle_inject/0] (root,0,0,00:00:00/35-15:20:59,18) [cpuhp/0] (root,0,0,00:00:00/35-15:20:59,19) [cpuhp/1] (root,0,0,00:00:00/35-15:20:59,20) [idle_inject/1] (root,0,0,00:00:14/35-15:20:59,21) [migration/1] (root,0,0,00:00:57/35-15:20:59,22) [ksoftirqd/1] (root,0,0,00:00:00/35-15:20:59,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-15:20:59,25) [cpuhp/2] (root,0,0,00:00:00/35-15:20:59,26) [idle_inject/2] (root,0,0,00:00:11/35-15:20:59,27) [migration/2] (root,0,0,01:07:42/35-15:20:59,28) [ksoftirqd/2] (root,0,0,00:00:00/35-15:20:59,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-15:20:59,31) [cpuhp/3] (root,0,0,00:00:00/35-15:20:59,32) [idle_inject/3] (root,0,0,00:00:13/35-15:20:59,33) [migration/3] (root,0,0,00:03:11/35-15:20:59,34) [ksoftirqd/3] (root,0,0,00:00:00/35-15:20:59,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-15:20:59,39) [kdevtmpfs] (root,0,0,00:00:00/35-15:20:59,40) [netns] (root,0,0,00:00:00/35-15:20:59,41) [inet_frag_wq] (root,0,0,00:00:07/35-15:20:59,42) [kauditd] (root,0,0,00:00:00/35-15:20:59,43) [khungtaskd] (root,0,0,00:00:00/35-15:20:59,44) [oom_reaper] (root,0,0,00:00:00/35-15:20:59,45) [writeback] (root,0,0,00:01:45/35-15:20:59,46) [kcompactd0] (root,0,0,00:00:00/35-15:20:59,47) [ksmd] (root,0,0,00:01:43/35-15:20:59,48) [khugepaged] (root,0,0,00:00:00/35-15:20:59,74) [kintegrityd] (root,0,0,00:00:00/35-15:20:59,75) [kblockd] (root,0,0,00:00:00/35-15:20:59,76) [blkcg_punt_bio] (root,0,0,00:00:00/35-15:20:59,78) [tpm_dev_wq] (root,0,0,00:00:00/35-15:20:59,79) [edac-poller] (root,0,0,00:00:00/35-15:20:59,80) [devfreq_wq] (root,0,0,00:00:00/35-15:20:59,110) [watchdogd] (root,0,0,00:00:07/35-15:20:59,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/35-15:20:59,112) [kswapd0] (root,0,0,00:00:00/35-15:20:58,114) [kthrotld] (root,0,0,00:00:00/35-15:20:58,115) [mld] (root,0,0,00:00:00/35-15:20:58,116) [ipv6_addrconf] (root,0,0,00:00:15/35-15:20:58,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/35-15:20:58,122) [kstrp] (root,0,0,00:00:00/35-15:20:58,123) [zswap-shrink] (root,0,0,00:00:00/35-15:20:58,124) [kworker/u9:0] (root,0,0,00:00:00/35-15:20:58,129) [charger_manager] (root,0,0,00:00:07/35-15:20:57,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/35-15:20:57,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-15:20:57,205) [kaluad] (root,0,0,00:00:00/35-15:20:57,250) [kmpath_rdacd] (root,0,0,00:00:00/35-15:20:57,293) [kmpathd] (root,0,0,00:00:00/35-15:20:57,294) [kmpath_handlerd] (root,0,0,00:00:00/35-15:20:57,342) [ata_sff] (root,0,0,00:00:00/35-15:20:56,343) [scsi_eh_0] (root,0,0,00:00:00/35-15:20:56,344) [scsi_tmf_0] (root,0,0,00:00:00/35-15:20:56,345) [scsi_eh_1] (root,0,0,00:00:00/35-15:20:56,346) [scsi_tmf_1] (root,0,0,00:00:58/35-15:20:54,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-15:20:54,367) [ext4-rsv-conver] (root,38604,7788,00:00:46/35-15:20:42,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/35-15:20:41,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:53/35-15:20:39,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/35-15:20:05,512) /sbin/auditd (messagebus,22936,5548,00:01:28/35-15:20:05,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:51/35-15:20:05,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/35-15:20:05,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/35-15:20:04,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/35-15:20:04,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32960,00:00:40/35-15:19:50,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/35-15:19:50,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:21/35-15:19:49,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/35-15:19:49,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/35-15:19:49,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/35-15:19:49,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/35-15:19:49,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:44/35-15:19:49,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:50/35-15:19:49,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/35-15:19:49,1206) bpfilter_umh (root,26204,8212,00:00:13/35-15:19:49,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/35-15:19:49,1215) ntpd: asynchronous dns resolver (spot,294040,180144,1-20:13:21/35-15:19:49,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/35-15:19:48,1228) (sd-pam) (checkmk,48532,3192,00:00:00/35-15:19:48,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/35-15:19:48,1245) (sd-pam) (root,24216,5344,00:00:11/35-15:19:47,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/35-15:19:47,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/35-15:19:46,1354) /usr/sbin/cron -n (root,698228,81996,00:46:34/35-15:19:40,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,223680,64164,00:15:16/35-15:19:26,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/06:28,4297) [kworker/1:2-events] (root,0,0,00:00:00/01:03:33,7081) [kworker/1:1-ata_sff] (root,0,0,00:00:00/01:12:41,10630) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/29-13:10:42,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:38/29-13:10:41,15391) sshd: cm-ssh (root,0,0,00:00:00/04:56:15,15974) [kworker/u8:1-writeback] (postfix,24244,8228,00:00:00/01:32:07,16513) pickup -l -t fifo -u (root,35308,10072,00:00:00/19-14:39:20,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:07/19-14:39:19,16977) sshd: syslogtunnel (root,0,0,00:00:00/57:40,19051) [kworker/0:0-events] (root,0,0,00:00:00/01:26,20339) [kworker/3:2-events] (root,0,0,00:00:00/01:17,20978) [kworker/1:0-ata_sff] (root,6656,3488,00:00:00/00:00,23761) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,23771) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,23786) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,23787) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:14:32,25943) [kworker/3:1-cgroup_destroy] (root,0,0,00:00:00/09:12,27958) [kworker/2:0-events] (root,0,0,00:00:00/02:43:01,29889) [kworker/3:0-events] (postfix,44628,9272,00:00:01/29-19:56:27,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:51:30,31877) [kworker/0:1-events] (root,0,0,00:00:00/34:27,32365) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-18 01:43 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b9ef97beFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:18/33-13:29:59,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/33-13:29:59,2) [kthreadd] (root,0,0,00:00:00/33-13:29:59,3) [rcu_gp] (root,0,0,00:00:00/33-13:29:59,4) [rcu_par_gp] (root,0,0,00:00:00/33-13:29:59,5) [slub_flushwq] (root,0,0,00:00:00/33-13:29:59,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-13:29:59,9) [mm_percpu_wq] (root,0,0,00:00:00/33-13:29:59,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-13:29:59,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-13:29:59,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-13:29:59,13) [ksoftirqd/0] (root,0,0,01:29:08/33-13:29:59,14) [rcu_preempt] (root,0,0,00:00:12/33-13:29:59,15) [migration/0] (root,0,0,00:00:00/33-13:29:59,16) [idle_inject/0] (root,0,0,00:00:00/33-13:29:59,18) [cpuhp/0] (root,0,0,00:00:00/33-13:29:59,19) [cpuhp/1] (root,0,0,00:00:00/33-13:29:59,20) [idle_inject/1] (root,0,0,00:00:13/33-13:29:59,21) [migration/1] (root,0,0,00:00:54/33-13:29:59,22) [ksoftirqd/1] (root,0,0,00:00:00/33-13:29:59,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-13:29:59,25) [cpuhp/2] (root,0,0,00:00:00/33-13:29:59,26) [idle_inject/2] (root,0,0,00:00:10/33-13:29:59,27) [migration/2] (root,0,0,01:04:51/33-13:29:59,28) [ksoftirqd/2] (root,0,0,00:00:00/33-13:29:59,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-13:29:59,31) [cpuhp/3] (root,0,0,00:00:00/33-13:29:59,32) [idle_inject/3] (root,0,0,00:00:12/33-13:29:59,33) [migration/3] (root,0,0,00:03:01/33-13:29:59,34) [ksoftirqd/3] (root,0,0,00:00:00/33-13:29:59,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-13:29:59,39) [kdevtmpfs] (root,0,0,00:00:00/33-13:29:59,40) [netns] (root,0,0,00:00:00/33-13:29:59,41) [inet_frag_wq] (root,0,0,00:00:07/33-13:29:59,42) [kauditd] (root,0,0,00:00:00/33-13:29:59,43) [khungtaskd] (root,0,0,00:00:00/33-13:29:59,44) [oom_reaper] (root,0,0,00:00:00/33-13:29:59,45) [writeback] (root,0,0,00:01:38/33-13:29:59,46) [kcompactd0] (root,0,0,00:00:00/33-13:29:59,47) [ksmd] (root,0,0,00:01:37/33-13:29:59,48) [khugepaged] (root,0,0,00:00:00/33-13:29:59,74) [kintegrityd] (root,0,0,00:00:00/33-13:29:59,75) [kblockd] (root,0,0,00:00:00/33-13:29:59,76) [blkcg_punt_bio] (root,0,0,00:00:00/33-13:29:59,78) [tpm_dev_wq] (root,0,0,00:00:00/33-13:29:59,79) [edac-poller] (root,0,0,00:00:00/33-13:29:59,80) [devfreq_wq] (root,0,0,00:00:00/33-13:29:59,110) [watchdogd] (root,0,0,00:00:07/33-13:29:59,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/33-13:29:59,112) [kswapd0] (root,0,0,00:00:00/33-13:29:58,114) [kthrotld] (root,0,0,00:00:00/33-13:29:58,115) [mld] (root,0,0,00:00:00/33-13:29:58,116) [ipv6_addrconf] (root,0,0,00:00:14/33-13:29:58,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/33-13:29:58,122) [kstrp] (root,0,0,00:00:00/33-13:29:58,123) [zswap-shrink] (root,0,0,00:00:00/33-13:29:58,124) [kworker/u9:0] (root,0,0,00:00:00/33-13:29:58,129) [charger_manager] (root,0,0,00:00:07/33-13:29:57,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/33-13:29:57,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-13:29:57,205) [kaluad] (root,0,0,00:00:00/33-13:29:57,250) [kmpath_rdacd] (root,0,0,00:00:00/33-13:29:57,293) [kmpathd] (root,0,0,00:00:00/33-13:29:57,294) [kmpath_handlerd] (root,0,0,00:00:00/33-13:29:57,342) [ata_sff] (root,0,0,00:00:00/33-13:29:56,343) [scsi_eh_0] (root,0,0,00:00:00/33-13:29:56,344) [scsi_tmf_0] (root,0,0,00:00:00/33-13:29:56,345) [scsi_eh_1] (root,0,0,00:00:00/33-13:29:56,346) [scsi_tmf_1] (root,0,0,00:00:54/33-13:29:54,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-13:29:54,367) [ext4-rsv-conver] (root,38604,7788,00:00:44/33-13:29:42,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/33-13:29:41,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:50/33-13:29:39,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/33-13:29:05,512) /sbin/auditd (messagebus,22936,5548,00:01:25/33-13:29:05,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:49/33-13:29:05,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/33-13:29:05,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/33-13:29:04,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/33-13:29:04,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/02:21:38,727) [kworker/u8:2-events_unbound] (root,548360,32524,00:00:38/33-13:28:50,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/33-13:28:50,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:09/33-13:28:49,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/33-13:28:49,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/33-13:28:49,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/33-13:28:49,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/33-13:28:49,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:42/33-13:28:49,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:34/33-13:28:49,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/33-13:28:49,1206) bpfilter_umh (root,26204,8212,00:00:13/33-13:28:49,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/33-13:28:49,1215) ntpd: asynchronous dns resolver (spot,293064,179944,1-17:45:28/33-13:28:49,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/33-13:28:48,1228) (sd-pam) (checkmk,48532,3192,00:00:00/33-13:28:48,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/33-13:28:48,1245) (sd-pam) (root,24216,5344,00:00:11/33-13:28:47,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/33-13:28:47,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/33-13:28:46,1354) /usr/sbin/cron -n (root,697972,81832,00:43:53/33-13:28:40,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,222656,63536,00:14:26/33-13:28:26,1380) /usr/bin/python3.11 /usr/bin/spot (postfix,24244,8284,00:00:00/01:59,2257) pickup -l -t fifo -u (root,0,0,00:00:00/01:44,3835) [kworker/u8:0] (root,0,0,00:00:00/01:44,3836) [kworker/3:1-cgroup_destroy] (root,0,0,00:00:00/36:38,7073) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/00:38,10122) [kworker/1:0-ata_sff] (root,0,0,00:00:00/05:49,12958) [kworker/1:1-events] (root,6656,3484,00:00:00/00:00,13972) /bin/bash /usr/bin/check_mk_agent (root,13744,3412,00:00:00/00:00,13990) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,13991) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10012,00:00:00/27-11:19:42,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:31/27-11:19:41,15391) sshd: cm-ssh (root,35308,10072,00:00:00/17-12:48:20,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:00/17-12:48:19,16977) sshd: syslogtunnel (root,0,0,00:00:00/02:00:16,18088) [kworker/3:2-inet_frag_wq] (root,0,0,00:00:00/53:40,19428) [kworker/0:2-events] (root,0,0,00:00:04/02:29:56,24863) [kworker/2:1-events] (root,0,0,00:00:00/31:45,25067) [kworker/1:2-ata_sff] (root,0,0,00:00:02/02:52:14,29457) [kworker/3:0-events] (postfix,44628,9316,00:00:01/27-18:05:27,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:01:07,31017) [kworker/0:1-events] (root,0,0,00:00:00/30:18,31459) [kworker/2:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-15 23:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836394c78e34Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:15/31-13:42:52,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-13:42:52,2) [kthreadd] (root,0,0,00:00:00/31-13:42:52,3) [rcu_gp] (root,0,0,00:00:00/31-13:42:52,4) [rcu_par_gp] (root,0,0,00:00:00/31-13:42:52,5) [slub_flushwq] (root,0,0,00:00:00/31-13:42:52,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-13:42:52,9) [mm_percpu_wq] (root,0,0,00:00:00/31-13:42:52,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-13:42:52,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-13:42:52,12) [rcu_tasks_trace] (root,0,0,00:00:57/31-13:42:52,13) [ksoftirqd/0] (root,0,0,01:23:57/31-13:42:52,14) [rcu_preempt] (root,0,0,00:00:12/31-13:42:52,15) [migration/0] (root,0,0,00:00:00/31-13:42:52,16) [idle_inject/0] (root,0,0,00:00:00/31-13:42:52,18) [cpuhp/0] (root,0,0,00:00:00/31-13:42:52,19) [cpuhp/1] (root,0,0,00:00:00/31-13:42:52,20) [idle_inject/1] (root,0,0,00:00:12/31-13:42:52,21) [migration/1] (root,0,0,00:00:50/31-13:42:52,22) [ksoftirqd/1] (root,0,0,00:00:00/31-13:42:52,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-13:42:52,25) [cpuhp/2] (root,0,0,00:00:00/31-13:42:52,26) [idle_inject/2] (root,0,0,00:00:09/31-13:42:52,27) [migration/2] (root,0,0,01:01:48/31-13:42:52,28) [ksoftirqd/2] (root,0,0,00:00:00/31-13:42:52,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-13:42:52,31) [cpuhp/3] (root,0,0,00:00:00/31-13:42:52,32) [idle_inject/3] (root,0,0,00:00:11/31-13:42:52,33) [migration/3] (root,0,0,00:02:51/31-13:42:52,34) [ksoftirqd/3] (root,0,0,00:00:00/31-13:42:52,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-13:42:52,39) [kdevtmpfs] (root,0,0,00:00:00/31-13:42:52,40) [netns] (root,0,0,00:00:00/31-13:42:52,41) [inet_frag_wq] (root,0,0,00:00:07/31-13:42:52,42) [kauditd] (root,0,0,00:00:00/31-13:42:52,43) [khungtaskd] (root,0,0,00:00:00/31-13:42:52,44) [oom_reaper] (root,0,0,00:00:00/31-13:42:52,45) [writeback] (root,0,0,00:01:32/31-13:42:52,46) [kcompactd0] (root,0,0,00:00:00/31-13:42:52,47) [ksmd] (root,0,0,00:01:31/31-13:42:52,48) [khugepaged] (root,0,0,00:00:00/31-13:42:52,74) [kintegrityd] (root,0,0,00:00:00/31-13:42:52,75) [kblockd] (root,0,0,00:00:00/31-13:42:52,76) [blkcg_punt_bio] (root,0,0,00:00:00/31-13:42:52,78) [tpm_dev_wq] (root,0,0,00:00:00/31-13:42:52,79) [edac-poller] (root,0,0,00:00:00/31-13:42:52,80) [devfreq_wq] (root,0,0,00:00:00/31-13:42:52,110) [watchdogd] (root,0,0,00:00:06/31-13:42:52,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/31-13:42:52,112) [kswapd0] (root,0,0,00:00:00/31-13:42:51,114) [kthrotld] (root,0,0,00:00:00/31-13:42:51,115) [mld] (root,0,0,00:00:00/31-13:42:51,116) [ipv6_addrconf] (root,0,0,00:00:13/31-13:42:51,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/31-13:42:51,122) [kstrp] (root,0,0,00:00:00/31-13:42:51,123) [zswap-shrink] (root,0,0,00:00:00/31-13:42:51,124) [kworker/u9:0] (root,0,0,00:00:00/31-13:42:51,129) [charger_manager] (root,0,0,00:00:07/31-13:42:50,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/31-13:42:50,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-13:42:50,205) [kaluad] (root,0,0,00:00:00/31-13:42:50,250) [kmpath_rdacd] (root,0,0,00:00:00/31-13:42:50,293) [kmpathd] (root,0,0,00:00:00/31-13:42:50,294) [kmpath_handlerd] (root,0,0,00:00:00/31-13:42:50,342) [ata_sff] (root,0,0,00:00:00/31-13:42:49,343) [scsi_eh_0] (root,0,0,00:00:00/31-13:42:49,344) [scsi_tmf_0] (root,0,0,00:00:00/31-13:42:49,345) [scsi_eh_1] (root,0,0,00:00:00/31-13:42:49,346) [scsi_tmf_1] (root,0,0,00:00:51/31-13:42:47,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-13:42:47,367) [ext4-rsv-conver] (root,38604,7788,00:00:42/31-13:42:35,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/31-13:42:34,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:47/31-13:42:32,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:15/31-13:41:58,512) /sbin/auditd (messagebus,22936,5548,00:01:22/31-13:41:58,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:47/31-13:41:58,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/31-13:41:58,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/31-13:41:57,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/31-13:41:57,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:35/31-13:41:43,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/31-13:41:43,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:02:57/31-13:41:42,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/31-13:41:42,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/31-13:41:42,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/31-13:41:42,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/31-13:41:42,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:40/31-13:41:42,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:18/31-13:41:42,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/31-13:41:42,1206) bpfilter_umh (root,26204,8212,00:00:12/31-13:41:42,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/31-13:41:42,1215) ntpd: asynchronous dns resolver (spot,286488,173728,1-15:29:41/31-13:41:42,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/31-13:41:41,1228) (sd-pam) (checkmk,48532,3192,00:00:00/31-13:41:41,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/31-13:41:41,1245) (sd-pam) (root,24216,5344,00:00:10/31-13:41:40,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/31-13:41:40,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/31-13:41:39,1354) /usr/sbin/cron -n (root,697972,81512,00:41:18/31-13:41:33,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,221632,61380,00:13:37/31-13:41:19,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/02:37,9372) [kworker/1:0-ata_sff] (root,0,0,00:00:03/01:58:38,11542) [kworker/2:0-events] (root,35308,10012,00:00:00/25-11:32:35,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:24/25-11:32:34,15391) sshd: cm-ssh (root,0,0,00:00:00/02:09:30,16327) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10072,00:00:00/15-13:01:13,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:53/15-13:01:12,16977) sshd: syslogtunnel (root,0,0,00:00:00/07:49,20275) [kworker/1:2-events_freezable_power_] (root,0,0,00:00:00/01:04:54,22377) [kworker/0:1-events] (root,0,0,00:00:00/59:05,24430) [kworker/3:0-events] (root,0,0,00:00:00/29:23,25324) [kworker/3:1] (root,6656,3488,00:00:00/00:00,28046) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,28066) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,28094) /bin/bash /usr/bin/check_mk_agent (root,13744,3512,00:00:00/00:00,28101) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,28102) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:19,28354) [kworker/0:0-events] (postfix,24244,8252,00:00:00/36:47,28439) pickup -l -t fifo -u (root,0,0,00:00:00/01:36:15,29649) [kworker/2:2-events] (postfix,44628,9316,00:00:01/25-18:18:20,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/18:13,31624) [kworker/1:1-ata_sff] (root,0,0,00:00:00/50:03,31712) [kworker/u8:1-writeback] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-14 00:05 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b4d4586bFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:12/29-14:42:30,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-14:42:30,2) [kthreadd] (root,0,0,00:00:00/29-14:42:30,3) [rcu_gp] (root,0,0,00:00:00/29-14:42:30,4) [rcu_par_gp] (root,0,0,00:00:00/29-14:42:30,5) [slub_flushwq] (root,0,0,00:00:00/29-14:42:30,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-14:42:30,9) [mm_percpu_wq] (root,0,0,00:00:00/29-14:42:30,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-14:42:30,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-14:42:30,12) [rcu_tasks_trace] (root,0,0,00:00:53/29-14:42:30,13) [ksoftirqd/0] (root,0,0,01:18:54/29-14:42:30,14) [rcu_preempt] (root,0,0,00:00:11/29-14:42:30,15) [migration/0] (root,0,0,00:00:00/29-14:42:30,16) [idle_inject/0] (root,0,0,00:00:00/29-14:42:30,18) [cpuhp/0] (root,0,0,00:00:00/29-14:42:30,19) [cpuhp/1] (root,0,0,00:00:00/29-14:42:30,20) [idle_inject/1] (root,0,0,00:00:11/29-14:42:30,21) [migration/1] (root,0,0,00:00:46/29-14:42:30,22) [ksoftirqd/1] (root,0,0,00:00:00/29-14:42:30,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-14:42:30,25) [cpuhp/2] (root,0,0,00:00:00/29-14:42:30,26) [idle_inject/2] (root,0,0,00:00:09/29-14:42:30,27) [migration/2] (root,0,0,00:58:16/29-14:42:30,28) [ksoftirqd/2] (root,0,0,00:00:00/29-14:42:30,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-14:42:30,31) [cpuhp/3] (root,0,0,00:00:00/29-14:42:30,32) [idle_inject/3] (root,0,0,00:00:11/29-14:42:30,33) [migration/3] (root,0,0,00:02:40/29-14:42:30,34) [ksoftirqd/3] (root,0,0,00:00:00/29-14:42:30,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-14:42:30,39) [kdevtmpfs] (root,0,0,00:00:00/29-14:42:30,40) [netns] (root,0,0,00:00:00/29-14:42:30,41) [inet_frag_wq] (root,0,0,00:00:06/29-14:42:30,42) [kauditd] (root,0,0,00:00:00/29-14:42:30,43) [khungtaskd] (root,0,0,00:00:00/29-14:42:30,44) [oom_reaper] (root,0,0,00:00:00/29-14:42:30,45) [writeback] (root,0,0,00:01:27/29-14:42:30,46) [kcompactd0] (root,0,0,00:00:00/29-14:42:30,47) [ksmd] (root,0,0,00:01:25/29-14:42:30,48) [khugepaged] (root,0,0,00:00:00/29-14:42:30,74) [kintegrityd] (root,0,0,00:00:00/29-14:42:30,75) [kblockd] (root,0,0,00:00:00/29-14:42:30,76) [blkcg_punt_bio] (root,0,0,00:00:00/29-14:42:30,78) [tpm_dev_wq] (root,0,0,00:00:00/29-14:42:30,79) [edac-poller] (root,0,0,00:00:00/29-14:42:30,80) [devfreq_wq] (root,0,0,00:00:00/29-14:42:30,110) [watchdogd] (root,0,0,00:00:06/29-14:42:30,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/29-14:42:30,112) [kswapd0] (root,0,0,00:00:00/29-14:42:29,114) [kthrotld] (root,0,0,00:00:00/29-14:42:29,115) [mld] (root,0,0,00:00:00/29-14:42:29,116) [ipv6_addrconf] (root,0,0,00:00:12/29-14:42:29,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/29-14:42:29,122) [kstrp] (root,0,0,00:00:00/29-14:42:29,123) [zswap-shrink] (root,0,0,00:00:00/29-14:42:29,124) [kworker/u9:0] (root,0,0,00:00:00/29-14:42:29,129) [charger_manager] (root,0,0,00:00:06/29-14:42:28,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/29-14:42:28,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-14:42:28,205) [kaluad] (root,0,0,00:00:00/29-14:42:28,250) [kmpath_rdacd] (root,0,0,00:00:00/29-14:42:28,293) [kmpathd] (root,0,0,00:00:00/29-14:42:28,294) [kmpath_handlerd] (root,0,0,00:00:00/29-14:42:28,342) [ata_sff] (root,0,0,00:00:00/29-14:42:27,343) [scsi_eh_0] (root,0,0,00:00:00/29-14:42:27,344) [scsi_tmf_0] (root,0,0,00:00:00/29-14:42:27,345) [scsi_eh_1] (root,0,0,00:00:00/29-14:42:27,346) [scsi_tmf_1] (root,0,0,00:00:48/29-14:42:25,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-14:42:25,367) [ext4-rsv-conver] (root,38604,7788,00:00:40/29-14:42:13,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/29-14:42:12,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:44/29-14:42:10,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/29-14:41:36,512) /sbin/auditd (messagebus,22936,5548,00:01:18/29-14:41:36,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:45/29-14:41:36,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/29-14:41:36,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/29-14:41:35,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/29-14:41:35,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/39:55,931) [kworker/3:1-events] (root,548360,31484,00:00:33/29-14:41:21,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/29-14:41:21,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:42/29-14:41:20,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/29-14:41:20,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/29-14:41:20,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/29-14:41:20,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/29-14:41:20,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:38/29-14:41:20,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:02/29-14:41:20,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/29-14:41:20,1206) bpfilter_umh (root,26204,8212,00:00:12/29-14:41:20,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/29-14:41:20,1215) ntpd: asynchronous dns resolver (spot,291612,178816,1-13:01:08/29-14:41:20,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/29-14:41:19,1228) (sd-pam) (checkmk,48532,3192,00:00:00/29-14:41:19,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/29-14:41:19,1245) (sd-pam) (root,24216,5344,00:00:09/29-14:41:18,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/29-14:41:18,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/29-14:41:17,1354) /usr/sbin/cron -n (root,697576,81148,00:38:44/29-14:41:11,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,220608,60500,00:12:54/29-14:40:57,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/10:55,3903) [kworker/0:2-events] (root,0,0,00:00:00/01:44:17,3949) [kworker/u8:1-writeback] (root,0,0,00:00:00/01:15:07,4092) [kworker/3:0-events] (root,0,0,00:00:00/09:53,6756) [kworker/1:2-ata_sff] (root,0,0,00:00:00/03:49:37,8802) [kworker/u8:0] (root,6656,3488,00:00:00/00:00,8815) /bin/bash /usr/bin/check_mk_agent (root,6656,3492,00:00:00/00:00,8816) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,8836) /bin/bash /usr/bin/check_mk_agent (root,13744,3456,00:00:00/00:00,8860) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,8861) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:29:56,10360) [kworker/2:2-events] (root,0,0,00:00:01/01:22:23,10395) [kworker/2:0-events] (postfix,24244,8204,00:00:00/18:11,14984) pickup -l -t fifo -u (root,35308,10012,00:00:00/23-12:32:13,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:18/23-12:32:12,15391) sshd: cm-ssh (root,35308,10072,00:00:00/13-14:00:51,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:47/13-14:00:50,16977) sshd: syslogtunnel (root,0,0,00:00:02/07:25:03,20264) [kworker/0:1-events] (root,0,0,00:00:01/01:27:42,21615) [kworker/1:1-ata_sff] (root,0,0,00:00:00/04:40,25239) [kworker/1:0-events] (postfix,44628,9316,00:00:01/23-19:17:58,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-12 01:04 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836343d9479cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:08/27-14:44:49,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-14:44:49,2) [kthreadd] (root,0,0,00:00:00/27-14:44:49,3) [rcu_gp] (root,0,0,00:00:00/27-14:44:49,4) [rcu_par_gp] (root,0,0,00:00:00/27-14:44:49,5) [slub_flushwq] (root,0,0,00:00:00/27-14:44:49,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-14:44:49,9) [mm_percpu_wq] (root,0,0,00:00:00/27-14:44:49,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-14:44:49,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-14:44:49,12) [rcu_tasks_trace] (root,0,0,00:00:50/27-14:44:49,13) [ksoftirqd/0] (root,0,0,01:13:45/27-14:44:49,14) [rcu_preempt] (root,0,0,00:00:10/27-14:44:49,15) [migration/0] (root,0,0,00:00:00/27-14:44:49,16) [idle_inject/0] (root,0,0,00:00:00/27-14:44:49,18) [cpuhp/0] (root,0,0,00:00:00/27-14:44:49,19) [cpuhp/1] (root,0,0,00:00:00/27-14:44:49,20) [idle_inject/1] (root,0,0,00:00:10/27-14:44:49,21) [migration/1] (root,0,0,00:00:44/27-14:44:49,22) [ksoftirqd/1] (root,0,0,00:00:00/27-14:44:49,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-14:44:49,25) [cpuhp/2] (root,0,0,00:00:00/27-14:44:49,26) [idle_inject/2] (root,0,0,00:00:08/27-14:44:49,27) [migration/2] (root,0,0,00:55:29/27-14:44:49,28) [ksoftirqd/2] (root,0,0,00:00:00/27-14:44:49,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-14:44:49,31) [cpuhp/3] (root,0,0,00:00:00/27-14:44:49,32) [idle_inject/3] (root,0,0,00:00:10/27-14:44:49,33) [migration/3] (root,0,0,00:02:32/27-14:44:49,34) [ksoftirqd/3] (root,0,0,00:00:00/27-14:44:49,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-14:44:49,39) [kdevtmpfs] (root,0,0,00:00:00/27-14:44:49,40) [netns] (root,0,0,00:00:00/27-14:44:49,41) [inet_frag_wq] (root,0,0,00:00:06/27-14:44:49,42) [kauditd] (root,0,0,00:00:00/27-14:44:49,43) [khungtaskd] (root,0,0,00:00:00/27-14:44:49,44) [oom_reaper] (root,0,0,00:00:00/27-14:44:49,45) [writeback] (root,0,0,00:01:21/27-14:44:49,46) [kcompactd0] (root,0,0,00:00:00/27-14:44:49,47) [ksmd] (root,0,0,00:01:19/27-14:44:49,48) [khugepaged] (root,0,0,00:00:00/27-14:44:49,74) [kintegrityd] (root,0,0,00:00:00/27-14:44:49,75) [kblockd] (root,0,0,00:00:00/27-14:44:49,76) [blkcg_punt_bio] (root,0,0,00:00:00/27-14:44:49,78) [tpm_dev_wq] (root,0,0,00:00:00/27-14:44:49,79) [edac-poller] (root,0,0,00:00:00/27-14:44:49,80) [devfreq_wq] (root,0,0,00:00:00/27-14:44:49,110) [watchdogd] (root,0,0,00:00:05/27-14:44:49,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/27-14:44:49,112) [kswapd0] (root,0,0,00:00:00/27-14:44:48,114) [kthrotld] (root,0,0,00:00:00/27-14:44:48,115) [mld] (root,0,0,00:00:00/27-14:44:48,116) [ipv6_addrconf] (root,0,0,00:00:11/27-14:44:48,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/27-14:44:48,122) [kstrp] (root,0,0,00:00:00/27-14:44:48,123) [zswap-shrink] (root,0,0,00:00:00/27-14:44:48,124) [kworker/u9:0] (root,0,0,00:00:00/27-14:44:48,129) [charger_manager] (root,0,0,00:00:06/27-14:44:47,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/27-14:44:47,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-14:44:47,205) [kaluad] (root,0,0,00:00:00/27-14:44:47,250) [kmpath_rdacd] (root,0,0,00:00:00/27-14:44:47,293) [kmpathd] (root,0,0,00:00:00/27-14:44:47,294) [kmpath_handlerd] (root,0,0,00:00:00/27-14:44:47,342) [ata_sff] (root,0,0,00:00:00/27-14:44:46,343) [scsi_eh_0] (root,0,0,00:00:00/27-14:44:46,344) [scsi_tmf_0] (root,0,0,00:00:00/27-14:44:46,345) [scsi_eh_1] (root,0,0,00:00:00/27-14:44:46,346) [scsi_tmf_1] (root,0,0,00:00:45/27-14:44:44,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-14:44:44,367) [ext4-rsv-conver] (root,38604,7788,00:00:38/27-14:44:32,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/27-14:44:31,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:41/27-14:44:29,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/27-14:43:55,512) /sbin/auditd (messagebus,22936,5548,00:01:14/27-14:43:55,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8520,00:00:43/27-14:43:55,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/27-14:43:55,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,0,0,00:00:00/01:17,584) [kworker/1:0-ata_sff] (root,31876,16108,00:00:03/27-14:43:54,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/27-14:43:54,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:31/27-14:43:40,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/27-14:43:40,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:34/27-14:43:39,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/27-14:43:39,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/27-14:43:39,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/27-14:43:39,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/27-14:43:39,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:36/27-14:43:39,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:03:46/27-14:43:39,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/27-14:43:39,1206) bpfilter_umh (root,26204,8212,00:00:11/27-14:43:39,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/27-14:43:39,1215) ntpd: asynchronous dns resolver (spot,289752,176592,1-10:40:58/27-14:43:39,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/27-14:43:38,1228) (sd-pam) (checkmk,48532,3192,00:00:00/27-14:43:38,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/27-14:43:38,1245) (sd-pam) (root,24216,5344,00:00:09/27-14:43:37,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/27-14:43:37,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/27-14:43:36,1354) /usr/sbin/cron -n (root,697064,80568,00:36:08/27-14:43:30,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,219584,58620,00:11:36/27-14:43:16,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/03:58:21,1639) [kworker/3:1-events] (postfix,24244,8288,00:00:00/42:31,4237) pickup -l -t fifo -u (root,0,0,00:00:00/10:06,5127) [kworker/0:2] (root,6656,3484,00:00:00/00:00,7297) /bin/bash /usr/bin/check_mk_agent (root,13744,3380,00:00:00/00:00,7315) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,7316) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/53:21,7755) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/01:31:56,8451) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/06:29,12518) [kworker/1:2-ata_sff] (root,35308,10012,00:00:00/21-12:34:32,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:11/21-12:34:31,15391) sshd: cm-ssh (root,0,0,00:00:00/37:36,15445) [kworker/1:1-events] (root,0,0,00:00:00/17:34,16162) [kworker/0:1-events] (root,35308,10072,00:00:00/11-14:03:10,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:40/11-14:03:09,16977) sshd: syslogtunnel (root,0,0,00:00:00/26:27,19174) [kworker/u8:1-writeback] (root,0,0,00:00:00/24:41,24768) [kworker/2:0-events] (root,0,0,00:00:00/03:00,27446) [kworker/3:0] (root,0,0,00:00:02/02:06:51,27932) [kworker/2:2-events] (postfix,44628,9316,00:00:00/21-19:20:17,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-10 01:07 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363966769ebFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12816,00:01:04/25-14:31:04,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-14:31:04,2) [kthreadd] (root,0,0,00:00:00/25-14:31:04,3) [rcu_gp] (root,0,0,00:00:00/25-14:31:04,4) [rcu_par_gp] (root,0,0,00:00:00/25-14:31:04,5) [slub_flushwq] (root,0,0,00:00:00/25-14:31:04,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-14:31:04,9) [mm_percpu_wq] (root,0,0,00:00:00/25-14:31:04,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-14:31:04,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-14:31:04,12) [rcu_tasks_trace] (root,0,0,00:00:46/25-14:31:04,13) [ksoftirqd/0] (root,0,0,01:08:27/25-14:31:04,14) [rcu_preempt] (root,0,0,00:00:09/25-14:31:04,15) [migration/0] (root,0,0,00:00:00/25-14:31:04,16) [idle_inject/0] (root,0,0,00:00:00/25-14:31:04,18) [cpuhp/0] (root,0,0,00:00:00/25-14:31:04,19) [cpuhp/1] (root,0,0,00:00:00/25-14:31:04,20) [idle_inject/1] (root,0,0,00:00:10/25-14:31:04,21) [migration/1] (root,0,0,00:00:40/25-14:31:04,22) [ksoftirqd/1] (root,0,0,00:00:00/25-14:31:04,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-14:31:04,25) [cpuhp/2] (root,0,0,00:00:00/25-14:31:04,26) [idle_inject/2] (root,0,0,00:00:08/25-14:31:04,27) [migration/2] (root,0,0,00:52:18/25-14:31:04,28) [ksoftirqd/2] (root,0,0,00:00:00/25-14:31:04,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-14:31:04,31) [cpuhp/3] (root,0,0,00:00:00/25-14:31:04,32) [idle_inject/3] (root,0,0,00:00:09/25-14:31:04,33) [migration/3] (root,0,0,00:02:22/25-14:31:04,34) [ksoftirqd/3] (root,0,0,00:00:00/25-14:31:04,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-14:31:04,39) [kdevtmpfs] (root,0,0,00:00:00/25-14:31:04,40) [netns] (root,0,0,00:00:00/25-14:31:04,41) [inet_frag_wq] (root,0,0,00:00:06/25-14:31:04,42) [kauditd] (root,0,0,00:00:00/25-14:31:04,43) [khungtaskd] (root,0,0,00:00:00/25-14:31:04,44) [oom_reaper] (root,0,0,00:00:00/25-14:31:04,45) [writeback] (root,0,0,00:01:15/25-14:31:04,46) [kcompactd0] (root,0,0,00:00:00/25-14:31:04,47) [ksmd] (root,0,0,00:01:14/25-14:31:04,48) [khugepaged] (root,0,0,00:00:00/25-14:31:04,74) [kintegrityd] (root,0,0,00:00:00/25-14:31:04,75) [kblockd] (root,0,0,00:00:00/25-14:31:04,76) [blkcg_punt_bio] (root,0,0,00:00:00/25-14:31:04,78) [tpm_dev_wq] (root,0,0,00:00:00/25-14:31:04,79) [edac-poller] (root,0,0,00:00:00/25-14:31:04,80) [devfreq_wq] (root,0,0,00:00:00/25-14:31:04,110) [watchdogd] (root,0,0,00:00:05/25-14:31:04,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/25-14:31:04,112) [kswapd0] (root,0,0,00:00:00/25-14:31:03,114) [kthrotld] (root,0,0,00:00:00/25-14:31:03,115) [mld] (root,0,0,00:00:00/25-14:31:03,116) [ipv6_addrconf] (root,0,0,00:00:11/25-14:31:03,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/25-14:31:03,122) [kstrp] (root,0,0,00:00:00/25-14:31:03,123) [zswap-shrink] (root,0,0,00:00:00/25-14:31:03,124) [kworker/u9:0] (root,0,0,00:00:00/25-14:31:03,129) [charger_manager] (root,0,0,00:00:05/25-14:31:02,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/25-14:31:02,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-14:31:02,205) [kaluad] (root,0,0,00:00:00/25-14:31:02,250) [kmpath_rdacd] (root,0,0,00:00:00/25-14:31:02,293) [kmpathd] (root,0,0,00:00:00/25-14:31:02,294) [kmpath_handlerd] (root,0,0,00:00:00/25-14:31:02,342) [ata_sff] (root,0,0,00:00:00/25-14:31:01,343) [scsi_eh_0] (root,0,0,00:00:00/25-14:31:01,344) [scsi_tmf_0] (root,0,0,00:00:00/25-14:31:01,345) [scsi_eh_1] (root,0,0,00:00:00/25-14:31:01,346) [scsi_tmf_1] (root,0,0,00:00:41/25-14:30:59,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-14:30:59,367) [ext4-rsv-conver] (root,38604,7876,00:00:36/25-14:30:47,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:03/25-14:30:46,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:38/25-14:30:44,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:13/25-14:30:10,512) /sbin/auditd (messagebus,22936,5640,00:01:11/25-14:30:10,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:41/25-14:30:10,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/25-14:30:10,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/25-14:30:09,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/25-14:30:09,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,30844,00:00:29/25-14:29:55,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/25-14:29:55,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:22/25-14:29:54,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/25-14:29:54,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/25-14:29:54,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/25-14:29:54,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/25-14:29:54,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:34/25-14:29:54,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:29/25-14:29:54,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/25-14:29:54,1206) bpfilter_umh (root,26204,8300,00:00:11/25-14:29:54,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/25-14:29:54,1215) ntpd: asynchronous dns resolver (spot,301888,188376,1-08:06:33/25-14:29:54,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/25-14:29:53,1228) (sd-pam) (checkmk,48532,3192,00:00:00/25-14:29:53,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/25-14:29:53,1245) (sd-pam) (root,24216,5348,00:00:08/25-14:29:52,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/25-14:29:52,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/25-14:29:51,1354) /usr/sbin/cron -n (root,694116,77808,00:33:30/25-14:29:45,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,218560,57996,00:10:11/25-14:29:31,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/05:20,4602) [kworker/1:1-ata_sff] (root,0,0,00:00:00/36:27,6090) [kworker/1:0-events] (root,0,0,00:00:00/38:10,6321) [kworker/u8:0-writeback] (root,0,0,00:00:00/04:56,6556) [kworker/0:0-events_power_efficient] (root,0,0,00:00:00/01:26:17,14356) [kworker/2:0-events] (root,35308,10012,00:00:00/19-12:20:47,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:05/19-12:20:46,15391) sshd: cm-ssh (root,0,0,00:00:01/01:53:51,16404) [kworker/0:1-events] (root,35308,10072,00:00:00/9-13:49:25,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:33/9-13:49:24,16977) sshd: syslogtunnel (root,0,0,00:00:00/10:23:15,17512) [kworker/u8:2-writeback] (postfix,24244,8240,00:00:00/49:40,17853) pickup -l -t fifo -u (root,0,0,00:00:00/11:43,18061) [kworker/3:0] (root,0,0,00:00:07/07:33:39,21123) [kworker/2:1-events] (root,0,0,00:00:00/00:09,29707) [kworker/1:2-ata_sff] (postfix,44628,9372,00:00:00/19-19:06:32,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/18:20,30755) [kworker/3:1-events] (root,6656,3484,00:00:00/00:00,31026) /bin/bash /usr/bin/check_mk_agent (root,13744,3440,00:00:00/00:00,31044) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,31045) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/25:01,31934) [kworker/0:2-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-08 00:53 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363998ee817Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:01:01/23-14:36:18,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-14:36:18,2) [kthreadd] (root,0,0,00:00:00/23-14:36:18,3) [rcu_gp] (root,0,0,00:00:00/23-14:36:18,4) [rcu_par_gp] (root,0,0,00:00:00/23-14:36:18,5) [slub_flushwq] (root,0,0,00:00:00/23-14:36:18,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-14:36:18,9) [mm_percpu_wq] (root,0,0,00:00:00/23-14:36:18,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-14:36:18,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-14:36:18,12) [rcu_tasks_trace] (root,0,0,00:00:43/23-14:36:18,13) [ksoftirqd/0] (root,0,0,01:02:52/23-14:36:18,14) [rcu_preempt] (root,0,0,00:00:08/23-14:36:18,15) [migration/0] (root,0,0,00:00:00/23-14:36:18,16) [idle_inject/0] (root,0,0,00:00:00/23-14:36:18,18) [cpuhp/0] (root,0,0,00:00:00/23-14:36:18,19) [cpuhp/1] (root,0,0,00:00:00/23-14:36:18,20) [idle_inject/1] (root,0,0,00:00:09/23-14:36:18,21) [migration/1] (root,0,0,00:00:37/23-14:36:18,22) [ksoftirqd/1] (root,0,0,00:00:00/23-14:36:18,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-14:36:18,25) [cpuhp/2] (root,0,0,00:00:00/23-14:36:18,26) [idle_inject/2] (root,0,0,00:00:07/23-14:36:18,27) [migration/2] (root,0,0,00:47:38/23-14:36:18,28) [ksoftirqd/2] (root,0,0,00:00:00/23-14:36:18,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-14:36:18,31) [cpuhp/3] (root,0,0,00:00:00/23-14:36:18,32) [idle_inject/3] (root,0,0,00:00:08/23-14:36:18,33) [migration/3] (root,0,0,00:02:10/23-14:36:18,34) [ksoftirqd/3] (root,0,0,00:00:00/23-14:36:18,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-14:36:18,39) [kdevtmpfs] (root,0,0,00:00:00/23-14:36:18,40) [netns] (root,0,0,00:00:00/23-14:36:18,41) [inet_frag_wq] (root,0,0,00:00:05/23-14:36:18,42) [kauditd] (root,0,0,00:00:00/23-14:36:18,43) [khungtaskd] (root,0,0,00:00:00/23-14:36:18,44) [oom_reaper] (root,0,0,00:00:00/23-14:36:18,45) [writeback] (root,0,0,00:01:09/23-14:36:18,46) [kcompactd0] (root,0,0,00:00:00/23-14:36:18,47) [ksmd] (root,0,0,00:01:08/23-14:36:18,48) [khugepaged] (root,0,0,00:00:00/23-14:36:18,74) [kintegrityd] (root,0,0,00:00:00/23-14:36:18,75) [kblockd] (root,0,0,00:00:00/23-14:36:18,76) [blkcg_punt_bio] (root,0,0,00:00:00/23-14:36:18,78) [tpm_dev_wq] (root,0,0,00:00:00/23-14:36:18,79) [edac-poller] (root,0,0,00:00:00/23-14:36:18,80) [devfreq_wq] (root,0,0,00:00:00/23-14:36:18,110) [watchdogd] (root,0,0,00:00:04/23-14:36:18,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/23-14:36:18,112) [kswapd0] (root,0,0,00:00:00/23-14:36:17,114) [kthrotld] (root,0,0,00:00:00/23-14:36:17,115) [mld] (root,0,0,00:00:00/23-14:36:17,116) [ipv6_addrconf] (root,0,0,00:00:10/23-14:36:17,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/23-14:36:17,122) [kstrp] (root,0,0,00:00:00/23-14:36:17,123) [zswap-shrink] (root,0,0,00:00:00/23-14:36:17,124) [kworker/u9:0] (root,0,0,00:00:00/23-14:36:17,129) [charger_manager] (root,0,0,00:00:05/23-14:36:16,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/23-14:36:16,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-14:36:16,205) [kaluad] (root,0,0,00:00:00/23-14:36:16,250) [kmpath_rdacd] (root,0,0,00:00:00/23-14:36:16,293) [kmpathd] (root,0,0,00:00:00/23-14:36:16,294) [kmpath_handlerd] (root,0,0,00:00:00/23-14:36:16,342) [ata_sff] (root,0,0,00:00:00/23-14:36:15,343) [scsi_eh_0] (root,0,0,00:00:00/23-14:36:15,344) [scsi_tmf_0] (root,0,0,00:00:00/23-14:36:15,345) [scsi_eh_1] (root,0,0,00:00:00/23-14:36:15,346) [scsi_tmf_1] (root,0,0,00:00:37/23-14:36:13,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-14:36:13,367) [ext4-rsv-conver] (root,38604,7876,00:00:34/23-14:36:01,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/23-14:36:00,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:35/23-14:35:58,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:12/23-14:35:24,512) /sbin/auditd (messagebus,22936,5640,00:01:07/23-14:35:24,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:38/23-14:35:24,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/23-14:35:24,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/23-14:35:23,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/23-14:35:23,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,30324,00:00:26/23-14:35:09,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/23-14:35:09,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:09/23-14:35:08,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/23-14:35:08,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/23-14:35:08,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/23-14:35:08,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/23-14:35:08,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:32/23-14:35:08,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:12/23-14:35:08,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/23-14:35:08,1206) bpfilter_umh (root,26204,8300,00:00:10/23-14:35:08,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/23-14:35:08,1215) ntpd: asynchronous dns resolver (spot,285628,172764,1-05:41:08/23-14:35:08,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/23-14:35:07,1228) (sd-pam) (checkmk,48532,3192,00:00:00/23-14:35:07,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/23-14:35:07,1245) (sd-pam) (root,24216,5348,00:00:07/23-14:35:06,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/23-14:35:06,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/23-14:35:05,1354) /usr/sbin/cron -n (root,693860,77156,00:30:48/23-14:34:59,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,55852,00:08:45/23-14:34:45,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/12:11,4265) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/01:17:52,7327) [kworker/0:0-events] (root,0,0,00:00:00/03:26:43,7973) [kworker/0:1-events] (root,0,0,00:00:00/10:30,11498) [kworker/3:1-events] (root,0,0,00:00:00/17:56,13370) [kworker/u8:1-writeback] (root,35308,10012,00:00:00/17-12:26:01,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:58/17-12:26:00,15391) sshd: cm-ssh (postfix,24244,8204,00:00:00/01:16:42,15690) pickup -l -t fifo -u (root,0,0,00:00:00/03:47,15975) [kworker/2:0-events] (root,0,0,00:00:01/05:20:21,16672) [kworker/3:2-events] (root,35308,10072,00:00:00/7-13:54:39,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:26/7-13:54:38,16977) sshd: syslogtunnel (root,0,0,00:00:01/01:24:37,19831) [kworker/2:1-events] (root,0,0,00:00:00/17:06,21438) [kworker/2:2-cgroup_destroy] (root,6656,3492,00:00:00/00:00,23548) /bin/bash /usr/bin/check_mk_agent (root,6656,3480,00:00:00/00:00,23603) /bin/bash /usr/bin/check_mk_agent (root,6656,1828,00:00:00/00:00,23605) /bin/bash /usr/bin/check_mk_agent (root,6656,2020,00:00:00/00:00,23606) /bin/bash /usr/bin/check_mk_agent (root,4480,1036,00:00:00/00:00,23607) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,816,00:00:00/00:00,23608) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,712,00:00:00/00:00,23609) cat /proc/net/tcp /proc/net/tcp6 (root,13744,3504,00:00:00/00:00,23627) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,23628) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:58,24035) [kworker/1:0-ata_sff] (root,0,0,00:00:00/13:21,26077) [kworker/1:1-events] (root,0,0,00:00:00/08:08,26329) [kworker/1:2-ata_sff] (postfix,44628,9372,00:00:00/17-19:11:46,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-06 00:58 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836320eceb1aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12808,00:00:57/21-14:28:23,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-14:28:23,2) [kthreadd] (root,0,0,00:00:00/21-14:28:23,3) [rcu_gp] (root,0,0,00:00:00/21-14:28:23,4) [rcu_par_gp] (root,0,0,00:00:00/21-14:28:23,5) [slub_flushwq] (root,0,0,00:00:00/21-14:28:23,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-14:28:23,9) [mm_percpu_wq] (root,0,0,00:00:00/21-14:28:23,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-14:28:23,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-14:28:23,12) [rcu_tasks_trace] (root,0,0,00:00:39/21-14:28:23,13) [ksoftirqd/0] (root,0,0,00:57:30/21-14:28:23,14) [rcu_preempt] (root,0,0,00:00:08/21-14:28:23,15) [migration/0] (root,0,0,00:00:00/21-14:28:23,16) [idle_inject/0] (root,0,0,00:00:00/21-14:28:23,18) [cpuhp/0] (root,0,0,00:00:00/21-14:28:23,19) [cpuhp/1] (root,0,0,00:00:00/21-14:28:23,20) [idle_inject/1] (root,0,0,00:00:08/21-14:28:23,21) [migration/1] (root,0,0,00:00:34/21-14:28:23,22) [ksoftirqd/1] (root,0,0,00:00:00/21-14:28:23,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-14:28:23,25) [cpuhp/2] (root,0,0,00:00:00/21-14:28:23,26) [idle_inject/2] (root,0,0,00:00:06/21-14:28:23,27) [migration/2] (root,0,0,00:43:41/21-14:28:23,28) [ksoftirqd/2] (root,0,0,00:00:00/21-14:28:23,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-14:28:23,31) [cpuhp/3] (root,0,0,00:00:00/21-14:28:23,32) [idle_inject/3] (root,0,0,00:00:08/21-14:28:23,33) [migration/3] (root,0,0,00:02:00/21-14:28:23,34) [ksoftirqd/3] (root,0,0,00:00:00/21-14:28:23,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-14:28:23,39) [kdevtmpfs] (root,0,0,00:00:00/21-14:28:23,40) [netns] (root,0,0,00:00:00/21-14:28:23,41) [inet_frag_wq] (root,0,0,00:00:05/21-14:28:23,42) [kauditd] (root,0,0,00:00:00/21-14:28:23,43) [khungtaskd] (root,0,0,00:00:00/21-14:28:23,44) [oom_reaper] (root,0,0,00:00:00/21-14:28:23,45) [writeback] (root,0,0,00:01:03/21-14:28:23,46) [kcompactd0] (root,0,0,00:00:00/21-14:28:23,47) [ksmd] (root,0,0,00:01:02/21-14:28:23,48) [khugepaged] (root,0,0,00:00:00/21-14:28:23,74) [kintegrityd] (root,0,0,00:00:00/21-14:28:23,75) [kblockd] (root,0,0,00:00:00/21-14:28:23,76) [blkcg_punt_bio] (root,0,0,00:00:00/21-14:28:23,78) [tpm_dev_wq] (root,0,0,00:00:00/21-14:28:23,79) [edac-poller] (root,0,0,00:00:00/21-14:28:23,80) [devfreq_wq] (root,0,0,00:00:00/21-14:28:23,110) [watchdogd] (root,0,0,00:00:04/21-14:28:23,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/21-14:28:23,112) [kswapd0] (root,0,0,00:00:00/21-14:28:22,114) [kthrotld] (root,0,0,00:00:00/21-14:28:22,115) [mld] (root,0,0,00:00:00/21-14:28:22,116) [ipv6_addrconf] (root,0,0,00:00:09/21-14:28:22,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/21-14:28:22,122) [kstrp] (root,0,0,00:00:00/21-14:28:22,123) [zswap-shrink] (root,0,0,00:00:00/21-14:28:22,124) [kworker/u9:0] (root,0,0,00:00:00/21-14:28:22,129) [charger_manager] (root,0,0,00:00:04/21-14:28:21,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/21-14:28:21,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-14:28:21,205) [kaluad] (root,0,0,00:00:00/21-14:28:21,250) [kmpath_rdacd] (root,0,0,00:00:00/21-14:28:21,293) [kmpathd] (root,0,0,00:00:00/21-14:28:21,294) [kmpath_handlerd] (root,0,0,00:00:00/21-14:28:21,342) [ata_sff] (root,0,0,00:00:00/21-14:28:20,343) [scsi_eh_0] (root,0,0,00:00:00/21-14:28:20,344) [scsi_tmf_0] (root,0,0,00:00:00/21-14:28:20,345) [scsi_eh_1] (root,0,0,00:00:00/21-14:28:20,346) [scsi_tmf_1] (root,0,0,00:00:33/21-14:28:18,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-14:28:18,367) [ext4-rsv-conver] (root,38604,7876,00:00:31/21-14:28:06,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/21-14:28:05,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:32/21-14:28:03,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:11/21-14:27:29,512) /sbin/auditd (messagebus,22936,5640,00:01:03/21-14:27:29,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:36/21-14:27:29,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/21-14:27:29,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/21-14:27:28,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/21-14:27:28,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29804,00:00:24/21-14:27:14,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/21-14:27:14,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:00/21-14:27:13,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/21-14:27:13,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/21-14:27:13,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/21-14:27:13,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/21-14:27:13,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:30/21-14:27:13,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:02:56/21-14:27:13,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/21-14:27:13,1206) bpfilter_umh (root,26204,8300,00:00:09/21-14:27:13,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/21-14:27:13,1215) ntpd: asynchronous dns resolver (spot,285292,171900,1-03:19:33/21-14:27:13,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/21-14:27:12,1228) (sd-pam) (checkmk,48532,3192,00:00:00/21-14:27:12,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/21-14:27:12,1245) (sd-pam) (root,24216,5348,00:00:07/21-14:27:11,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/21-14:27:11,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/21-14:27:10,1354) /usr/sbin/cron -n (root,693604,76796,00:28:07/21-14:27:04,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,216512,54960,00:07:24/21-14:26:50,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:03/03:09:06,1511) [kworker/2:0-events] (root,0,0,00:00:00/50:30,1699) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:01/01:41:49,3242) [kworker/1:2-events] (root,0,0,00:00:00/01:07:07,3967) [kworker/0:1-events] (postfix,24244,8180,00:00:00/01:30:41,7480) pickup -l -t fifo -u (root,0,0,00:00:00/41:37,8023) [kworker/3:0] (root,0,0,00:00:00/16:08,10807) [kworker/u8:0-writeback] (root,0,0,00:00:00/03:28,14577) [kworker/2:1-events] (root,0,0,00:00:00/03:16,15330) [kworker/1:1-ata_sff] (root,35308,10012,00:00:00/15-12:18:06,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:51/15-12:18:05,15391) sshd: cm-ssh (root,0,0,00:00:00/47:59,15465) [kworker/2:2-cgroup_destroy] (root,35308,10072,00:00:00/5-13:46:44,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:19/5-13:46:43,16977) sshd: syslogtunnel (root,0,0,00:00:00/02:56,17643) [kworker/u8:2] (root,0,0,00:00:00/22:34,20907) [kworker/0:2] (root,6656,3488,00:00:00/00:00,28886) /bin/bash /usr/bin/check_mk_agent (root,13744,3464,00:00:00/00:00,28904) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,28905) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:02/08:59:40,30433) [kworker/3:1-events] (postfix,44628,9372,00:00:00/15-19:03:51,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/08:27,30889) [kworker/1:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-04 00:50 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a8363fd1Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12828,00:00:53/19-15:16:32,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-15:16:32,2) [kthreadd] (root,0,0,00:00:00/19-15:16:32,3) [rcu_gp] (root,0,0,00:00:00/19-15:16:32,4) [rcu_par_gp] (root,0,0,00:00:00/19-15:16:32,5) [slub_flushwq] (root,0,0,00:00:00/19-15:16:32,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-15:16:32,9) [mm_percpu_wq] (root,0,0,00:00:00/19-15:16:32,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-15:16:32,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-15:16:32,12) [rcu_tasks_trace] (root,0,0,00:00:36/19-15:16:32,13) [ksoftirqd/0] (root,0,0,00:52:21/19-15:16:32,14) [rcu_preempt] (root,0,0,00:00:07/19-15:16:32,15) [migration/0] (root,0,0,00:00:00/19-15:16:32,16) [idle_inject/0] (root,0,0,00:00:00/19-15:16:32,18) [cpuhp/0] (root,0,0,00:00:00/19-15:16:32,19) [cpuhp/1] (root,0,0,00:00:00/19-15:16:32,20) [idle_inject/1] (root,0,0,00:00:07/19-15:16:32,21) [migration/1] (root,0,0,00:00:31/19-15:16:32,22) [ksoftirqd/1] (root,0,0,00:00:00/19-15:16:32,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-15:16:32,25) [cpuhp/2] (root,0,0,00:00:00/19-15:16:32,26) [idle_inject/2] (root,0,0,00:00:06/19-15:16:32,27) [migration/2] (root,0,0,00:39:11/19-15:16:32,28) [ksoftirqd/2] (root,0,0,00:00:00/19-15:16:32,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-15:16:32,31) [cpuhp/3] (root,0,0,00:00:00/19-15:16:32,32) [idle_inject/3] (root,0,0,00:00:07/19-15:16:32,33) [migration/3] (root,0,0,00:01:49/19-15:16:32,34) [ksoftirqd/3] (root,0,0,00:00:00/19-15:16:32,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-15:16:32,39) [kdevtmpfs] (root,0,0,00:00:00/19-15:16:32,40) [netns] (root,0,0,00:00:00/19-15:16:32,41) [inet_frag_wq] (root,0,0,00:00:05/19-15:16:32,42) [kauditd] (root,0,0,00:00:00/19-15:16:32,43) [khungtaskd] (root,0,0,00:00:00/19-15:16:32,44) [oom_reaper] (root,0,0,00:00:00/19-15:16:32,45) [writeback] (root,0,0,00:00:57/19-15:16:32,46) [kcompactd0] (root,0,0,00:00:00/19-15:16:32,47) [ksmd] (root,0,0,00:00:57/19-15:16:32,48) [khugepaged] (root,0,0,00:00:00/19-15:16:32,74) [kintegrityd] (root,0,0,00:00:00/19-15:16:32,75) [kblockd] (root,0,0,00:00:00/19-15:16:32,76) [blkcg_punt_bio] (root,0,0,00:00:00/19-15:16:32,78) [tpm_dev_wq] (root,0,0,00:00:00/19-15:16:32,79) [edac-poller] (root,0,0,00:00:00/19-15:16:32,80) [devfreq_wq] (root,0,0,00:00:00/19-15:16:32,110) [watchdogd] (root,0,0,00:00:03/19-15:16:32,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/19-15:16:32,112) [kswapd0] (root,0,0,00:00:00/19-15:16:31,114) [kthrotld] (root,0,0,00:00:00/19-15:16:31,115) [mld] (root,0,0,00:00:00/19-15:16:31,116) [ipv6_addrconf] (root,0,0,00:00:08/19-15:16:31,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/19-15:16:31,122) [kstrp] (root,0,0,00:00:00/19-15:16:31,123) [zswap-shrink] (root,0,0,00:00:00/19-15:16:31,124) [kworker/u9:0] (root,0,0,00:00:00/19-15:16:31,129) [charger_manager] (root,0,0,00:00:04/19-15:16:30,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/19-15:16:30,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-15:16:30,205) [kaluad] (root,0,0,00:00:00/19-15:16:30,250) [kmpath_rdacd] (root,0,0,00:00:00/19-15:16:30,293) [kmpathd] (root,0,0,00:00:00/19-15:16:30,294) [kmpath_handlerd] (root,0,0,00:00:00/19-15:16:30,342) [ata_sff] (root,0,0,00:00:00/19-15:16:29,343) [scsi_eh_0] (root,0,0,00:00:00/19-15:16:29,344) [scsi_tmf_0] (root,0,0,00:00:00/19-15:16:29,345) [scsi_eh_1] (root,0,0,00:00:00/19-15:16:29,346) [scsi_tmf_1] (root,0,0,00:00:29/19-15:16:27,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-15:16:27,367) [ext4-rsv-conver] (root,38604,7876,00:00:29/19-15:16:15,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/19-15:16:14,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:29/19-15:16:12,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:11/19-15:15:38,512) /sbin/auditd (messagebus,22936,5672,00:00:58/19-15:15:38,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:33/19-15:15:38,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/19-15:15:38,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/19-15:15:37,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/19-15:15:37,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29812,00:00:22/19-15:15:23,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/19-15:15:23,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:50/19-15:15:22,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/19-15:15:22,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/19-15:15:22,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/19-15:15:22,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/19-15:15:22,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:28/19-15:15:22,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:40/19-15:15:22,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/19-15:15:22,1206) bpfilter_umh (root,26204,8300,00:00:09/19-15:15:22,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/19-15:15:22,1215) ntpd: asynchronous dns resolver (spot,284844,171788,1-01:06:42/19-15:15:22,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/19-15:15:21,1228) (sd-pam) (checkmk,48532,3192,00:00:00/19-15:15:21,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/19-15:15:21,1245) (sd-pam) (root,24216,5348,00:00:06/19-15:15:20,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/19-15:15:20,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/19-15:15:19,1354) /usr/sbin/cron -n (root,692836,75760,00:25:30/19-15:15:13,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,215488,53056,00:06:35/19-15:14:59,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:02/07:17:56,3898) [kworker/3:2-events] (root,0,0,00:00:00/02:18:10,4121) [kworker/u8:0-writeback] (postfix,24244,8224,00:00:00/59:43,8017) pickup -l -t fifo -u (root,0,0,00:00:00/05:01,12244) [kworker/1:1-ata_sff] (root,0,0,00:00:00/37:17,12709) [kworker/2:1-events] (root,0,0,00:00:00/25:47,14635) [kworker/1:0-events] (root,35308,10012,00:00:00/13-13:06:15,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:45/13-13:06:14,15391) sshd: cm-ssh (root,35308,10072,00:00:00/3-14:34:53,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:12/3-14:34:52,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:08:40,20923) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:33:08,22794) [kworker/0:1] (root,0,0,00:00:02/01:45:25,23007) [kworker/2:2-events] (root,0,0,00:00:01/03:42:34,26126) [kworker/0:2-events] (root,0,0,00:00:00/10:18,26393) [kworker/3:1-events] (root,0,0,00:00:00/10:12,27444) [kworker/1:2-ata_sff] (postfix,44628,9416,00:00:00/13-19:52:00,30472) tlsmgr -l -t unix -u (root,6656,3492,00:00:00/00:00,30586) /bin/bash /usr/bin/check_mk_agent (root,6656,1828,00:00:00/00:00,30627) /bin/bash /usr/bin/check_mk_agent (root,6656,2020,00:00:00/00:00,30628) /bin/bash /usr/bin/check_mk_agent (root,4480,1172,00:00:00/00:00,30629) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,0,0,00:00:00/00:00,30630) [timeout] (root,6656,3492,00:00:00/00:00,30632) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,30650) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,30651) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-02 01:38 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363097ad779Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:49/17-14:37:07,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-14:37:07,2) [kthreadd] (root,0,0,00:00:00/17-14:37:07,3) [rcu_gp] (root,0,0,00:00:00/17-14:37:07,4) [rcu_par_gp] (root,0,0,00:00:00/17-14:37:07,5) [slub_flushwq] (root,0,0,00:00:00/17-14:37:07,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-14:37:07,9) [mm_percpu_wq] (root,0,0,00:00:00/17-14:37:07,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-14:37:07,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-14:37:07,12) [rcu_tasks_trace] (root,0,0,00:00:33/17-14:37:07,13) [ksoftirqd/0] (root,0,0,00:47:10/17-14:37:07,14) [rcu_preempt] (root,0,0,00:00:06/17-14:37:07,15) [migration/0] (root,0,0,00:00:00/17-14:37:07,16) [idle_inject/0] (root,0,0,00:00:00/17-14:37:07,18) [cpuhp/0] (root,0,0,00:00:00/17-14:37:07,19) [cpuhp/1] (root,0,0,00:00:00/17-14:37:07,20) [idle_inject/1] (root,0,0,00:00:07/17-14:37:07,21) [migration/1] (root,0,0,00:00:28/17-14:37:07,22) [ksoftirqd/1] (root,0,0,00:00:00/17-14:37:07,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-14:37:07,25) [cpuhp/2] (root,0,0,00:00:00/17-14:37:07,26) [idle_inject/2] (root,0,0,00:00:05/17-14:37:07,27) [migration/2] (root,0,0,00:36:00/17-14:37:07,28) [ksoftirqd/2] (root,0,0,00:00:00/17-14:37:07,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-14:37:07,31) [cpuhp/3] (root,0,0,00:00:00/17-14:37:07,32) [idle_inject/3] (root,0,0,00:00:06/17-14:37:07,33) [migration/3] (root,0,0,00:01:40/17-14:37:07,34) [ksoftirqd/3] (root,0,0,00:00:00/17-14:37:07,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-14:37:07,39) [kdevtmpfs] (root,0,0,00:00:00/17-14:37:07,40) [netns] (root,0,0,00:00:00/17-14:37:07,41) [inet_frag_wq] (root,0,0,00:00:04/17-14:37:07,42) [kauditd] (root,0,0,00:00:00/17-14:37:07,43) [khungtaskd] (root,0,0,00:00:00/17-14:37:07,44) [oom_reaper] (root,0,0,00:00:00/17-14:37:07,45) [writeback] (root,0,0,00:00:51/17-14:37:07,46) [kcompactd0] (root,0,0,00:00:00/17-14:37:07,47) [ksmd] (root,0,0,00:00:51/17-14:37:07,48) [khugepaged] (root,0,0,00:00:00/17-14:37:07,74) [kintegrityd] (root,0,0,00:00:00/17-14:37:07,75) [kblockd] (root,0,0,00:00:00/17-14:37:07,76) [blkcg_punt_bio] (root,0,0,00:00:00/17-14:37:07,78) [tpm_dev_wq] (root,0,0,00:00:00/17-14:37:07,79) [edac-poller] (root,0,0,00:00:00/17-14:37:07,80) [devfreq_wq] (root,0,0,00:00:00/17-14:37:07,110) [watchdogd] (root,0,0,00:00:03/17-14:37:07,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/17-14:37:07,112) [kswapd0] (root,0,0,00:00:00/17-14:37:06,114) [kthrotld] (root,0,0,00:00:00/17-14:37:06,115) [mld] (root,0,0,00:00:00/17-14:37:06,116) [ipv6_addrconf] (root,0,0,00:00:07/17-14:37:06,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/17-14:37:06,122) [kstrp] (root,0,0,00:00:00/17-14:37:06,123) [zswap-shrink] (root,0,0,00:00:00/17-14:37:06,124) [kworker/u9:0] (root,0,0,00:00:00/17-14:37:06,129) [charger_manager] (root,0,0,00:00:03/17-14:37:05,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/17-14:37:05,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-14:37:05,205) [kaluad] (root,0,0,00:00:00/17-14:37:05,250) [kmpath_rdacd] (root,0,0,00:00:00/17-14:37:05,293) [kmpathd] (root,0,0,00:00:00/17-14:37:05,294) [kmpath_handlerd] (root,0,0,00:00:00/17-14:37:05,342) [ata_sff] (root,0,0,00:00:00/17-14:37:04,343) [scsi_eh_0] (root,0,0,00:00:00/17-14:37:04,344) [scsi_tmf_0] (root,0,0,00:00:00/17-14:37:04,345) [scsi_eh_1] (root,0,0,00:00:00/17-14:37:04,346) [scsi_tmf_1] (root,0,0,00:00:26/17-14:37:02,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-14:37:02,367) [ext4-rsv-conver] (root,38604,7876,00:00:27/17-14:36:50,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/17-14:36:49,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:26/17-14:36:47,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:10/17-14:36:13,512) /sbin/auditd (messagebus,22936,5672,00:00:54/17-14:36:13,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:31/17-14:36:13,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/17-14:36:13,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/17-14:36:12,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/17-14:36:12,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,29016,00:00:19/17-14:35:58,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/17-14:35:58,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:38/17-14:35:57,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/17-14:35:57,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/17-14:35:57,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/17-14:35:57,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/17-14:35:57,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:26/17-14:35:57,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:23/17-14:35:57,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/17-14:35:57,1206) bpfilter_umh (root,26204,8300,00:00:08/17-14:35:57,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/17-14:35:57,1215) ntpd: asynchronous dns resolver (spot,284780,171772,23:08:43/17-14:35:57,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/17-14:35:56,1228) (sd-pam) (checkmk,48532,3192,00:00:00/17-14:35:56,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/17-14:35:56,1245) (sd-pam) (root,24216,5348,00:00:05/17-14:35:55,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/17-14:35:55,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/17-14:35:54,1354) /usr/sbin/cron -n (root,692236,75412,00:22:52/17-14:35:48,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,214464,51284,00:05:53/17-14:35:34,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/02:03:19,6422) [kworker/0:2-events] (root,0,0,00:00:00/07:09,7955) [kworker/1:1-events] (root,0,0,00:00:00/01:59,12982) [kworker/1:2-ata_sff] (root,0,0,00:00:01/55:40,14661) [kworker/2:2-events] (root,35308,10012,00:00:00/11-12:26:50,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:38/11-12:26:49,15391) sshd: cm-ssh (root,35308,10072,00:00:00/1-13:55:28,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:05/1-13:55:27,16977) sshd: syslogtunnel (postfix,24244,8200,00:00:00/42:10,18919) pickup -l -t fifo -u (root,6764,3600,00:00:00/00:00,21231) /bin/bash /usr/bin/check_mk_agent (root,6656,3480,00:00:00/00:00,21317) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,21353) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,21354) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:14:11,22787) [kworker/3:0-events] (root,0,0,00:00:02/05:38:26,24312) [kworker/0:0-events] (root,0,0,00:00:00/01:13:45,26541) [kworker/u8:2-flush-253:0] (root,0,0,00:00:01/01:04:12,28099) [kworker/1:0-ata_sff] (root,0,0,00:00:00/08:42:13,28658) [kworker/u8:1-events_unbound] (postfix,44628,9416,00:00:00/11-19:12:35,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/49:20,32239) [kworker/2:1] (root,0,0,00:00:01/04:24:16,32305) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-30 00:59 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363bddf50faFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:45/15-14:41:24,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-14:41:24,2) [kthreadd] (root,0,0,00:00:00/15-14:41:24,3) [rcu_gp] (root,0,0,00:00:00/15-14:41:24,4) [rcu_par_gp] (root,0,0,00:00:00/15-14:41:24,5) [slub_flushwq] (root,0,0,00:00:00/15-14:41:24,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-14:41:24,9) [mm_percpu_wq] (root,0,0,00:00:00/15-14:41:24,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-14:41:24,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-14:41:24,12) [rcu_tasks_trace] (root,0,0,00:00:29/15-14:41:24,13) [ksoftirqd/0] (root,0,0,00:41:55/15-14:41:24,14) [rcu_preempt] (root,0,0,00:00:05/15-14:41:24,15) [migration/0] (root,0,0,00:00:00/15-14:41:24,16) [idle_inject/0] (root,0,0,00:00:00/15-14:41:24,18) [cpuhp/0] (root,0,0,00:00:00/15-14:41:24,19) [cpuhp/1] (root,0,0,00:00:00/15-14:41:24,20) [idle_inject/1] (root,0,0,00:00:06/15-14:41:24,21) [migration/1] (root,0,0,00:00:25/15-14:41:24,22) [ksoftirqd/1] (root,0,0,00:00:00/15-14:41:24,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-14:41:24,25) [cpuhp/2] (root,0,0,00:00:00/15-14:41:24,26) [idle_inject/2] (root,0,0,00:00:05/15-14:41:24,27) [migration/2] (root,0,0,00:32:27/15-14:41:24,28) [ksoftirqd/2] (root,0,0,00:00:00/15-14:41:24,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-14:41:24,31) [cpuhp/3] (root,0,0,00:00:00/15-14:41:24,32) [idle_inject/3] (root,0,0,00:00:06/15-14:41:24,33) [migration/3] (root,0,0,00:01:30/15-14:41:24,34) [ksoftirqd/3] (root,0,0,00:00:00/15-14:41:24,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-14:41:24,39) [kdevtmpfs] (root,0,0,00:00:00/15-14:41:24,40) [netns] (root,0,0,00:00:00/15-14:41:24,41) [inet_frag_wq] (root,0,0,00:00:04/15-14:41:24,42) [kauditd] (root,0,0,00:00:00/15-14:41:24,43) [khungtaskd] (root,0,0,00:00:00/15-14:41:24,44) [oom_reaper] (root,0,0,00:00:00/15-14:41:24,45) [writeback] (root,0,0,00:00:46/15-14:41:24,46) [kcompactd0] (root,0,0,00:00:00/15-14:41:24,47) [ksmd] (root,0,0,00:00:46/15-14:41:24,48) [khugepaged] (root,0,0,00:00:00/15-14:41:24,74) [kintegrityd] (root,0,0,00:00:00/15-14:41:24,75) [kblockd] (root,0,0,00:00:00/15-14:41:24,76) [blkcg_punt_bio] (root,0,0,00:00:00/15-14:41:24,78) [tpm_dev_wq] (root,0,0,00:00:00/15-14:41:24,79) [edac-poller] (root,0,0,00:00:00/15-14:41:24,80) [devfreq_wq] (root,0,0,00:00:00/15-14:41:24,110) [watchdogd] (root,0,0,00:00:03/15-14:41:24,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/15-14:41:24,112) [kswapd0] (root,0,0,00:00:00/15-14:41:23,114) [kthrotld] (root,0,0,00:00:00/15-14:41:23,115) [mld] (root,0,0,00:00:00/15-14:41:23,116) [ipv6_addrconf] (root,0,0,00:00:06/15-14:41:23,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/15-14:41:23,122) [kstrp] (root,0,0,00:00:00/15-14:41:23,123) [zswap-shrink] (root,0,0,00:00:00/15-14:41:23,124) [kworker/u9:0] (root,0,0,00:00:00/15-14:41:23,129) [charger_manager] (root,0,0,00:00:03/15-14:41:22,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/15-14:41:22,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-14:41:22,205) [kaluad] (root,0,0,00:00:00/15-14:41:22,250) [kmpath_rdacd] (root,0,0,00:00:00/15-14:41:22,293) [kmpathd] (root,0,0,00:00:00/15-14:41:22,294) [kmpath_handlerd] (root,0,0,00:00:00/15-14:41:22,342) [ata_sff] (root,0,0,00:00:00/15-14:41:21,343) [scsi_eh_0] (root,0,0,00:00:00/15-14:41:21,344) [scsi_tmf_0] (root,0,0,00:00:00/15-14:41:21,345) [scsi_eh_1] (root,0,0,00:00:00/15-14:41:21,346) [scsi_tmf_1] (root,0,0,00:00:23/15-14:41:19,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-14:41:19,367) [ext4-rsv-conver] (root,38604,7876,00:00:24/15-14:41:07,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/15-14:41:06,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:23/15-14:41:04,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:09/15-14:40:30,512) /sbin/auditd (messagebus,22936,5672,00:00:50/15-14:40:30,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:28/15-14:40:30,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/15-14:40:30,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/15-14:40:29,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/15-14:40:29,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27976,00:00:17/15-14:40:15,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/15-14:40:15,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:26/15-14:40:14,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/15-14:40:14,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/15-14:40:14,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/15-14:40:14,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/15-14:40:14,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:24/15-14:40:14,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:06/15-14:40:14,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/15-14:40:14,1206) bpfilter_umh (root,26204,8300,00:00:07/15-14:40:14,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/15-14:40:14,1215) ntpd: asynchronous dns resolver (spot,285316,171348,21:00:11/15-14:40:14,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/15-14:40:13,1228) (sd-pam) (checkmk,48532,3192,00:00:00/15-14:40:13,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/15-14:40:13,1245) (sd-pam) (root,24216,5348,00:00:05/15-14:40:12,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/15-14:40:12,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/15-14:40:11,1354) /usr/sbin/cron -n (root,691980,74872,00:20:13/15-14:40:05,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,213440,49188,00:05:11/15-14:39:51,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/20:37,3117) [kworker/2:1] (root,6764,3588,00:00:00/00:00,6311) /bin/bash /usr/bin/check_mk_agent (root,6656,3508,00:00:00/00:00,6360) /bin/bash /usr/bin/check_mk_agent (root,6292,3264,00:00:00/00:00,6446) /bin/bash ././spot.bash (root,6656,3484,00:00:00/00:00,6461) /bin/bash /usr/bin/check_mk_agent (root,6656,3480,00:00:00/00:00,6498) /bin/bash /usr/bin/check_mk_agent (root,13744,3420,00:00:00/00:00,6515) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,6517) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,6656,1840,00:00:00/00:00,6520) /bin/bash /usr/bin/check_mk_agent (root,6656,500,00:00:00/00:00,6521) /bin/bash /usr/bin/check_mk_agent (root,5280,804,00:00:00/00:00,6522) grep ^multi_instance_directories (root,6656,500,00:00:00/00:00,6523) /bin/bash /usr/bin/check_mk_agent (postfix,24244,8144,00:00:00/01:08:32,7227) pickup -l -t fifo -u (root,0,0,00:00:00/26:15,8654) [kworker/0:2] (root,35308,10012,00:00:00/8-06:36:18,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:29/8-06:36:18,8749) sshd: syslogtunnel (root,0,0,00:00:00/13:33,9870) [kworker/u8:0-events_unbound] (root,0,0,00:00:00/01:33:42,10498) [kworker/3:0-events] (root,0,0,00:00:02/01:56:20,10640) [kworker/2:2-events] (root,0,0,00:00:00/43:31,13513) [kworker/u8:1-writeback] (root,0,0,00:00:00/43:06,15321) [kworker/3:1-cgroup_destroy] (root,35308,10012,00:00:00/9-12:31:07,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:31/9-12:31:06,15391) sshd: cm-ssh (root,0,0,00:00:01/01:32:35,16028) [kworker/1:1-events] (root,0,0,00:00:00/09:33,26720) [kworker/1:2-ata_sff] (root,0,0,00:00:01/02:07:30,26890) [kworker/0:1-events] (root,0,0,00:00:00/04:23,29686) [kworker/1:0-ata_sff] (postfix,44628,9416,00:00:00/9-19:16:52,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-28 01:03 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ea80f0a4Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:40/13-14:43:13,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-14:43:13,2) [kthreadd] (root,0,0,00:00:00/13-14:43:13,3) [rcu_gp] (root,0,0,00:00:00/13-14:43:13,4) [rcu_par_gp] (root,0,0,00:00:00/13-14:43:13,5) [slub_flushwq] (root,0,0,00:00:00/13-14:43:13,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-14:43:13,9) [mm_percpu_wq] (root,0,0,00:00:00/13-14:43:13,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-14:43:13,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-14:43:13,12) [rcu_tasks_trace] (root,0,0,00:00:25/13-14:43:13,13) [ksoftirqd/0] (root,0,0,00:36:40/13-14:43:13,14) [rcu_preempt] (root,0,0,00:00:05/13-14:43:13,15) [migration/0] (root,0,0,00:00:00/13-14:43:13,16) [idle_inject/0] (root,0,0,00:00:00/13-14:43:13,18) [cpuhp/0] (root,0,0,00:00:00/13-14:43:13,19) [cpuhp/1] (root,0,0,00:00:00/13-14:43:13,20) [idle_inject/1] (root,0,0,00:00:05/13-14:43:13,21) [migration/1] (root,0,0,00:00:22/13-14:43:13,22) [ksoftirqd/1] (root,0,0,00:00:00/13-14:43:13,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-14:43:13,25) [cpuhp/2] (root,0,0,00:00:00/13-14:43:13,26) [idle_inject/2] (root,0,0,00:00:04/13-14:43:13,27) [migration/2] (root,0,0,00:28:55/13-14:43:13,28) [ksoftirqd/2] (root,0,0,00:00:00/13-14:43:13,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-14:43:13,31) [cpuhp/3] (root,0,0,00:00:00/13-14:43:13,32) [idle_inject/3] (root,0,0,00:00:05/13-14:43:13,33) [migration/3] (root,0,0,00:01:19/13-14:43:13,34) [ksoftirqd/3] (root,0,0,00:00:00/13-14:43:13,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-14:43:13,39) [kdevtmpfs] (root,0,0,00:00:00/13-14:43:13,40) [netns] (root,0,0,00:00:00/13-14:43:13,41) [inet_frag_wq] (root,0,0,00:00:04/13-14:43:13,42) [kauditd] (root,0,0,00:00:00/13-14:43:13,43) [khungtaskd] (root,0,0,00:00:00/13-14:43:13,44) [oom_reaper] (root,0,0,00:00:00/13-14:43:13,45) [writeback] (root,0,0,00:00:40/13-14:43:13,46) [kcompactd0] (root,0,0,00:00:00/13-14:43:13,47) [ksmd] (root,0,0,00:00:40/13-14:43:13,48) [khugepaged] (root,0,0,00:00:00/13-14:43:13,74) [kintegrityd] (root,0,0,00:00:00/13-14:43:13,75) [kblockd] (root,0,0,00:00:00/13-14:43:13,76) [blkcg_punt_bio] (root,0,0,00:00:00/13-14:43:13,78) [tpm_dev_wq] (root,0,0,00:00:00/13-14:43:13,79) [edac-poller] (root,0,0,00:00:00/13-14:43:13,80) [devfreq_wq] (root,0,0,00:00:00/13-14:43:13,110) [watchdogd] (root,0,0,00:00:02/13-14:43:13,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/13-14:43:13,112) [kswapd0] (root,0,0,00:00:00/13-14:43:12,114) [kthrotld] (root,0,0,00:00:00/13-14:43:12,115) [mld] (root,0,0,00:00:00/13-14:43:12,116) [ipv6_addrconf] (root,0,0,00:00:05/13-14:43:12,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/13-14:43:12,122) [kstrp] (root,0,0,00:00:00/13-14:43:12,123) [zswap-shrink] (root,0,0,00:00:00/13-14:43:12,124) [kworker/u9:0] (root,0,0,00:00:00/13-14:43:12,129) [charger_manager] (root,0,0,00:00:02/13-14:43:11,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/13-14:43:11,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-14:43:11,205) [kaluad] (root,0,0,00:00:00/13-14:43:11,250) [kmpath_rdacd] (root,0,0,00:00:00/13-14:43:11,293) [kmpathd] (root,0,0,00:00:00/13-14:43:11,294) [kmpath_handlerd] (root,0,0,00:00:00/13-14:43:11,342) [ata_sff] (root,0,0,00:00:00/13-14:43:10,343) [scsi_eh_0] (root,0,0,00:00:00/13-14:43:10,344) [scsi_tmf_0] (root,0,0,00:00:00/13-14:43:10,345) [scsi_eh_1] (root,0,0,00:00:00/13-14:43:10,346) [scsi_tmf_1] (root,0,0,00:00:20/13-14:43:08,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-14:43:08,367) [ext4-rsv-conver] (root,38604,7876,00:00:22/13-14:42:56,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/13-14:42:55,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:20/13-14:42:53,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:08/13-14:42:19,512) /sbin/auditd (messagebus,22936,5672,00:00:45/13-14:42:19,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8536,00:00:25/13-14:42:19,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/13-14:42:19,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/13-14:42:18,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/13-14:42:18,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27716,00:00:15/13-14:42:04,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/13-14:42:04,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:13/13-14:42:03,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/13-14:42:03,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/13-14:42:03,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/13-14:42:03,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/13-14:42:03,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:21/13-14:42:03,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:01:50/13-14:42:03,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/13-14:42:03,1206) bpfilter_umh (root,26204,8300,00:00:07/13-14:42:03,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/13-14:42:03,1215) ntpd: asynchronous dns resolver (spot,286708,171624,18:17:34/13-14:42:03,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/13-14:42:02,1228) (sd-pam) (checkmk,48532,3192,00:00:00/13-14:42:02,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/13-14:42:02,1245) (sd-pam) (root,24216,5348,00:00:04/13-14:42:01,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/13-14:42:01,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/13-14:42:00,1354) /usr/sbin/cron -n (root,691980,74552,00:17:36/13-14:41:54,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,47908,00:04:30/13-14:41:40,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:21:14,2659) [kworker/2:0-events] (root,0,0,00:00:05/04:39:51,4939) [kworker/2:2-events] (root,35308,10012,00:00:00/6-06:38:07,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:22/6-06:38:07,8749) sshd: syslogtunnel (root,0,0,00:00:00/01:26:14,13988) [kworker/0:0-events] (root,0,0,00:00:00/08:39,14012) [kworker/u8:2-writeback] (root,0,0,00:00:00/15:46,15008) [kworker/1:1-events] (root,35308,10012,00:00:00/7-12:32:56,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:25/7-12:32:55,15391) sshd: cm-ssh (postfix,24244,8212,00:00:00/01:32:15,19097) pickup -l -t fifo -u (root,0,0,00:00:00/00:12,22403) [kworker/1:0-ata_sff] (root,6764,3612,00:00:00/00:00,23442) /bin/bash /usr/bin/check_mk_agent (root,0,0,00:00:00/01:46:41,23451) [kworker/3:1-events] (root,16140,10556,00:00:00/00:00,23638) python ././remotecheck (root,6656,3492,00:00:00/00:00,23639) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,23666) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,23667) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:17:01,24348) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/05:25,29035) [kworker/1:2-ata_sff] (postfix,44628,9416,00:00:00/7-19:18:41,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:36:28,31001) [kworker/0:2-events] (root,0,0,00:00:01/05:10:31,31777) [kworker/3:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-26 01:05 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683631ad80081Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:35/11-14:27:52,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-14:27:52,2) [kthreadd] (root,0,0,00:00:00/11-14:27:52,3) [rcu_gp] (root,0,0,00:00:00/11-14:27:52,4) [rcu_par_gp] (root,0,0,00:00:00/11-14:27:52,5) [slub_flushwq] (root,0,0,00:00:00/11-14:27:52,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-14:27:52,9) [mm_percpu_wq] (root,0,0,00:00:00/11-14:27:52,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-14:27:52,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-14:27:52,12) [rcu_tasks_trace] (root,0,0,00:00:21/11-14:27:52,13) [ksoftirqd/0] (root,0,0,00:30:53/11-14:27:52,14) [rcu_preempt] (root,0,0,00:00:04/11-14:27:52,15) [migration/0] (root,0,0,00:00:00/11-14:27:52,16) [idle_inject/0] (root,0,0,00:00:00/11-14:27:52,18) [cpuhp/0] (root,0,0,00:00:00/11-14:27:52,19) [cpuhp/1] (root,0,0,00:00:00/11-14:27:52,20) [idle_inject/1] (root,0,0,00:00:04/11-14:27:52,21) [migration/1] (root,0,0,00:00:18/11-14:27:52,22) [ksoftirqd/1] (root,0,0,00:00:00/11-14:27:52,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-14:27:52,25) [cpuhp/2] (root,0,0,00:00:00/11-14:27:52,26) [idle_inject/2] (root,0,0,00:00:03/11-14:27:52,27) [migration/2] (root,0,0,00:24:21/11-14:27:52,28) [ksoftirqd/2] (root,0,0,00:00:00/11-14:27:52,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-14:27:52,31) [cpuhp/3] (root,0,0,00:00:00/11-14:27:52,32) [idle_inject/3] (root,0,0,00:00:04/11-14:27:52,33) [migration/3] (root,0,0,00:01:06/11-14:27:52,34) [ksoftirqd/3] (root,0,0,00:00:00/11-14:27:52,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-14:27:52,39) [kdevtmpfs] (root,0,0,00:00:00/11-14:27:52,40) [netns] (root,0,0,00:00:00/11-14:27:52,41) [inet_frag_wq] (root,0,0,00:00:03/11-14:27:52,42) [kauditd] (root,0,0,00:00:00/11-14:27:52,43) [khungtaskd] (root,0,0,00:00:00/11-14:27:52,44) [oom_reaper] (root,0,0,00:00:00/11-14:27:52,45) [writeback] (root,0,0,00:00:33/11-14:27:52,46) [kcompactd0] (root,0,0,00:00:00/11-14:27:52,47) [ksmd] (root,0,0,00:00:34/11-14:27:52,48) [khugepaged] (root,0,0,00:00:00/11-14:27:52,74) [kintegrityd] (root,0,0,00:00:00/11-14:27:52,75) [kblockd] (root,0,0,00:00:00/11-14:27:52,76) [blkcg_punt_bio] (root,0,0,00:00:00/11-14:27:52,78) [tpm_dev_wq] (root,0,0,00:00:00/11-14:27:52,79) [edac-poller] (root,0,0,00:00:00/11-14:27:52,80) [devfreq_wq] (root,0,0,00:00:00/11-14:27:52,110) [watchdogd] (root,0,0,00:00:02/11-14:27:52,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-14:27:52,112) [kswapd0] (root,0,0,00:00:00/11-14:27:51,114) [kthrotld] (root,0,0,00:00:00/11-14:27:51,115) [mld] (root,0,0,00:00:00/11-14:27:51,116) [ipv6_addrconf] (root,0,0,00:00:04/11-14:27:51,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/11-14:27:51,122) [kstrp] (root,0,0,00:00:00/11-14:27:51,123) [zswap-shrink] (root,0,0,00:00:00/11-14:27:51,124) [kworker/u9:0] (root,0,0,00:00:00/11-14:27:51,129) [charger_manager] (root,0,0,00:00:02/11-14:27:50,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/11-14:27:50,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-14:27:50,205) [kaluad] (root,0,0,00:00:00/11-14:27:50,250) [kmpath_rdacd] (root,0,0,00:00:00/11-14:27:50,293) [kmpathd] (root,0,0,00:00:00/11-14:27:50,294) [kmpath_handlerd] (root,0,0,00:00:00/00:43,309) [kworker/1:0-ata_sff] (root,0,0,00:00:00/11-14:27:50,342) [ata_sff] (root,0,0,00:00:00/11-14:27:49,343) [scsi_eh_0] (root,0,0,00:00:00/11-14:27:49,344) [scsi_tmf_0] (root,0,0,00:00:00/11-14:27:49,345) [scsi_eh_1] (root,0,0,00:00:00/11-14:27:49,346) [scsi_tmf_1] (root,0,0,00:00:17/11-14:27:47,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-14:27:47,367) [ext4-rsv-conver] (root,38604,7900,00:00:19/11-14:27:35,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/11-14:27:34,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:17/11-14:27:32,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:07/11-14:26:58,512) /sbin/auditd (messagebus,22936,5672,00:00:39/11-14:26:58,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8548,00:00:22/11-14:26:58,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/11-14:26:58,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/11-14:26:57,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/11-14:26:57,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27724,00:00:13/11-14:26:43,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/11-14:26:43,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:02/11-14:26:42,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/11-14:26:42,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/11-14:26:42,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/11-14:26:42,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/11-14:26:42,1201) /usr/lib/systemd/systemd --user (root,448968,9084,00:00:18/11-14:26:42,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:33/11-14:26:42,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/11-14:26:42,1206) bpfilter_umh (root,26204,8300,00:00:06/11-14:26:42,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/11-14:26:42,1215) ntpd: asynchronous dns resolver (spot,285060,171208,14:24:28/11-14:26:42,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/11-14:26:41,1228) (sd-pam) (checkmk,48532,3192,00:00:00/11-14:26:41,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/11-14:26:41,1245) (sd-pam) (root,24216,5348,00:00:03/11-14:26:40,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/11-14:26:40,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/11-14:26:39,1354) /usr/sbin/cron -n (root,691724,74152,00:14:56/11-14:26:33,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,211392,46620,00:03:47/11-14:26:19,1380) /usr/bin/python3.11 /usr/bin/spot (root,6656,3492,00:00:00/00:00,3150) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,3164) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,3173) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,3174) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/11:50:01,4619) [kworker/u8:0-ext4-rsv-conversion] (postfix,24244,8200,00:00:00/01:37:34,7853) pickup -l -t fifo -u (root,0,0,00:00:00/05:56,8058) [kworker/1:2-ata_sff] (root,35308,10012,00:00:00/4-06:22:46,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:15/4-06:22:46,8749) sshd: syslogtunnel (root,0,0,00:00:00/05:44,8823) [kworker/3:2-events] (root,35308,10012,00:00:00/5-12:17:35,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:18/5-12:17:34,15391) sshd: cm-ssh (root,0,0,00:00:03/04:35:42,21671) [kworker/1:1-events] (root,0,0,00:00:00/34:25,23413) [kworker/0:1-events] (root,0,0,00:00:00/48:56,23908) [kworker/3:0-events] (root,0,0,00:00:01/01:31:28,27030) [kworker/2:0-events] (root,0,0,00:00:00/13:54,28081) [kworker/0:0-events] (root,0,0,00:00:00/26:09,28261) [kworker/2:2-events] (postfix,44628,9464,00:00:00/5-19:03:20,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/04:08:58,31970) [kworker/u8:2-writeback] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-24 00:50 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363615fe757Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:30/9-14:28:44,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-14:28:44,2) [kthreadd] (root,0,0,00:00:00/9-14:28:44,3) [rcu_gp] (root,0,0,00:00:00/9-14:28:44,4) [rcu_par_gp] (root,0,0,00:00:00/9-14:28:44,5) [slub_flushwq] (root,0,0,00:00:00/9-14:28:44,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-14:28:44,9) [mm_percpu_wq] (root,0,0,00:00:00/9-14:28:44,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-14:28:44,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-14:28:44,12) [rcu_tasks_trace] (root,0,0,00:00:17/9-14:28:44,13) [ksoftirqd/0] (root,0,0,00:25:25/9-14:28:44,14) [rcu_preempt] (root,0,0,00:00:03/9-14:28:44,15) [migration/0] (root,0,0,00:00:00/9-14:28:44,16) [idle_inject/0] (root,0,0,00:00:00/9-14:28:44,18) [cpuhp/0] (root,0,0,00:00:00/9-14:28:44,19) [cpuhp/1] (root,0,0,00:00:00/9-14:28:44,20) [idle_inject/1] (root,0,0,00:00:03/9-14:28:44,21) [migration/1] (root,0,0,00:00:14/9-14:28:44,22) [ksoftirqd/1] (root,0,0,00:00:00/9-14:28:44,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-14:28:44,25) [cpuhp/2] (root,0,0,00:00:00/9-14:28:44,26) [idle_inject/2] (root,0,0,00:00:03/9-14:28:44,27) [migration/2] (root,0,0,00:20:26/9-14:28:44,28) [ksoftirqd/2] (root,0,0,00:00:00/9-14:28:44,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-14:28:44,31) [cpuhp/3] (root,0,0,00:00:00/9-14:28:44,32) [idle_inject/3] (root,0,0,00:00:03/9-14:28:44,33) [migration/3] (root,0,0,00:00:54/9-14:28:44,34) [ksoftirqd/3] (root,0,0,00:00:00/9-14:28:44,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-14:28:44,39) [kdevtmpfs] (root,0,0,00:00:00/9-14:28:44,40) [netns] (root,0,0,00:00:00/9-14:28:44,41) [inet_frag_wq] (root,0,0,00:00:03/9-14:28:44,42) [kauditd] (root,0,0,00:00:00/9-14:28:44,43) [khungtaskd] (root,0,0,00:00:00/9-14:28:44,44) [oom_reaper] (root,0,0,00:00:00/9-14:28:44,45) [writeback] (root,0,0,00:00:27/9-14:28:44,46) [kcompactd0] (root,0,0,00:00:00/9-14:28:44,47) [ksmd] (root,0,0,00:00:29/9-14:28:44,48) [khugepaged] (root,0,0,00:00:00/9-14:28:44,74) [kintegrityd] (root,0,0,00:00:00/9-14:28:44,75) [kblockd] (root,0,0,00:00:00/9-14:28:44,76) [blkcg_punt_bio] (root,0,0,00:00:00/9-14:28:44,78) [tpm_dev_wq] (root,0,0,00:00:00/9-14:28:44,79) [edac-poller] (root,0,0,00:00:00/9-14:28:44,80) [devfreq_wq] (root,0,0,00:00:00/9-14:28:44,110) [watchdogd] (root,0,0,00:00:01/9-14:28:44,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-14:28:44,112) [kswapd0] (root,0,0,00:00:00/9-14:28:43,114) [kthrotld] (root,0,0,00:00:00/9-14:28:43,115) [mld] (root,0,0,00:00:00/9-14:28:43,116) [ipv6_addrconf] (root,0,0,00:00:04/9-14:28:43,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/9-14:28:43,122) [kstrp] (root,0,0,00:00:00/9-14:28:43,123) [zswap-shrink] (root,0,0,00:00:00/9-14:28:43,124) [kworker/u9:0] (root,0,0,00:00:00/9-14:28:43,129) [charger_manager] (root,0,0,00:00:02/9-14:28:42,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/9-14:28:42,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-14:28:42,205) [kaluad] (root,0,0,00:00:00/9-14:28:42,250) [kmpath_rdacd] (root,0,0,00:00:00/9-14:28:42,293) [kmpathd] (root,0,0,00:00:00/9-14:28:42,294) [kmpath_handlerd] (root,0,0,00:00:00/9-14:28:42,342) [ata_sff] (root,0,0,00:00:00/9-14:28:41,343) [scsi_eh_0] (root,0,0,00:00:00/9-14:28:41,344) [scsi_tmf_0] (root,0,0,00:00:00/9-14:28:41,345) [scsi_eh_1] (root,0,0,00:00:00/9-14:28:41,346) [scsi_tmf_1] (root,0,0,00:00:14/9-14:28:39,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-14:28:39,367) [ext4-rsv-conver] (root,38604,7900,00:00:16/9-14:28:27,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/9-14:28:26,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:14/9-14:28:24,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:06/9-14:27:50,512) /sbin/auditd (messagebus,22936,5672,00:00:33/9-14:27:50,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:19/9-14:27:50,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/9-14:27:50,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/9-14:27:49,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/9-14:27:49,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,26656,00:00:11/9-14:27:35,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/9-14:27:35,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:51/9-14:27:34,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/9-14:27:34,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/9-14:27:34,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/9-14:27:34,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/9-14:27:34,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:16/9-14:27:34,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:16/9-14:27:34,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/9-14:27:34,1206) bpfilter_umh (root,26204,8300,00:00:05/9-14:27:34,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/9-14:27:34,1215) ntpd: asynchronous dns resolver (spot,284644,169664,11:15:02/9-14:27:34,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/9-14:27:33,1228) (sd-pam) (checkmk,48532,3192,00:00:00/9-14:27:33,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/9-14:27:33,1245) (sd-pam) (root,24216,5348,00:00:03/9-14:27:32,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/9-14:27:32,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/9-14:27:31,1354) /usr/sbin/cron -n (root,691336,73836,00:12:21/9-14:27:25,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,210368,45336,00:03:07/9-14:27:11,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:06/05:55:51,2819) [kworker/2:2-events] (root,0,0,00:00:00/40:26,5542) [kworker/u8:2-flush-253:0] (postfix,24244,8256,00:00:00/20:16,5772) pickup -l -t fifo -u (root,0,0,00:00:00/12:00,8672) [kworker/2:1-cgroup_destroy] (root,35308,10012,00:00:00/2-06:23:38,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:08/2-06:23:38,8749) sshd: syslogtunnel (root,0,0,00:00:00/03:00,10686) [kworker/1:0-ata_sff] (root,0,0,00:00:00/18:34,10958) [kworker/1:1-events] (root,0,0,00:00:00/02:21,14414) [kworker/2:0] (root,35308,10012,00:00:00/3-12:18:27,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:11/3-12:18:26,15391) sshd: cm-ssh (root,0,0,00:00:00/36:24,16880) [kworker/3:1-events] (root,0,0,00:00:00/16:52,17419) [kworker/3:0-events] (root,0,0,00:00:00/01:38:42,22486) [kworker/u8:1] (root,6656,3476,00:00:00/00:00,23586) /bin/bash /usr/bin/check_mk_agent (root,13744,3380,00:00:00/00:00,23604) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,23605) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/08:11,24364) [kworker/1:2-ata_sff] (root,0,0,00:00:00/51:07,24499) [kworker/0:0] (root,0,0,00:00:00/01:05:54,26656) [kworker/0:2-events] (postfix,44628,9464,00:00:00/3-19:04:12,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-22 00:50 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f1e98b47Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:25/7-20:48:36,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-20:48:36,2) [kthreadd] (root,0,0,00:00:00/7-20:48:36,3) [rcu_gp] (root,0,0,00:00:00/7-20:48:36,4) [rcu_par_gp] (root,0,0,00:00:00/7-20:48:36,5) [slub_flushwq] (root,0,0,00:00:00/7-20:48:36,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-20:48:36,9) [mm_percpu_wq] (root,0,0,00:00:00/7-20:48:36,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-20:48:36,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-20:48:36,12) [rcu_tasks_trace] (root,0,0,00:00:14/7-20:48:36,13) [ksoftirqd/0] (root,0,0,00:20:47/7-20:48:36,14) [rcu_preempt] (root,0,0,00:00:02/7-20:48:36,15) [migration/0] (root,0,0,00:00:00/7-20:48:36,16) [idle_inject/0] (root,0,0,00:00:00/7-20:48:36,18) [cpuhp/0] (root,0,0,00:00:00/7-20:48:36,19) [cpuhp/1] (root,0,0,00:00:00/7-20:48:36,20) [idle_inject/1] (root,0,0,00:00:03/7-20:48:36,21) [migration/1] (root,0,0,00:00:12/7-20:48:36,22) [ksoftirqd/1] (root,0,0,00:00:00/7-20:48:36,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-20:48:36,25) [cpuhp/2] (root,0,0,00:00:00/7-20:48:36,26) [idle_inject/2] (root,0,0,00:00:02/7-20:48:36,27) [migration/2] (root,0,0,00:16:42/7-20:48:36,28) [ksoftirqd/2] (root,0,0,00:00:00/7-20:48:36,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-20:48:36,31) [cpuhp/3] (root,0,0,00:00:00/7-20:48:36,32) [idle_inject/3] (root,0,0,00:00:03/7-20:48:36,33) [migration/3] (root,0,0,00:00:45/7-20:48:36,34) [ksoftirqd/3] (root,0,0,00:00:00/7-20:48:36,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-20:48:36,39) [kdevtmpfs] (root,0,0,00:00:00/7-20:48:36,40) [netns] (root,0,0,00:00:00/7-20:48:36,41) [inet_frag_wq] (root,0,0,00:00:02/7-20:48:36,42) [kauditd] (root,0,0,00:00:00/7-20:48:36,43) [khungtaskd] (root,0,0,00:00:00/7-20:48:36,44) [oom_reaper] (root,0,0,00:00:00/7-20:48:36,45) [writeback] (root,0,0,00:00:23/7-20:48:36,46) [kcompactd0] (root,0,0,00:00:00/7-20:48:36,47) [ksmd] (root,0,0,00:00:24/7-20:48:36,48) [khugepaged] (root,0,0,00:00:00/7-20:48:36,74) [kintegrityd] (root,0,0,00:00:00/7-20:48:36,75) [kblockd] (root,0,0,00:00:00/7-20:48:36,76) [blkcg_punt_bio] (root,0,0,00:00:00/7-20:48:36,78) [tpm_dev_wq] (root,0,0,00:00:00/7-20:48:36,79) [edac-poller] (root,0,0,00:00:00/7-20:48:36,80) [devfreq_wq] (root,0,0,00:00:00/7-20:48:36,110) [watchdogd] (root,0,0,00:00:01/7-20:48:36,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-20:48:36,112) [kswapd0] (root,0,0,00:00:00/7-20:48:35,114) [kthrotld] (root,0,0,00:00:00/7-20:48:35,115) [mld] (root,0,0,00:00:00/7-20:48:35,116) [ipv6_addrconf] (root,0,0,00:00:03/7-20:48:35,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/7-20:48:35,122) [kstrp] (root,0,0,00:00:00/7-20:48:35,123) [zswap-shrink] (root,0,0,00:00:00/7-20:48:35,124) [kworker/u9:0] (root,0,0,00:00:00/7-20:48:35,129) [charger_manager] (root,0,0,00:00:01/7-20:48:34,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/7-20:48:34,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-20:48:34,205) [kaluad] (root,0,0,00:00:00/7-20:48:34,250) [kmpath_rdacd] (root,0,0,00:00:00/7-20:48:34,293) [kmpathd] (root,0,0,00:00:00/7-20:48:34,294) [kmpath_handlerd] (root,0,0,00:00:00/7-20:48:34,342) [ata_sff] (root,0,0,00:00:00/7-20:48:33,343) [scsi_eh_0] (root,0,0,00:00:00/7-20:48:33,344) [scsi_tmf_0] (root,0,0,00:00:00/7-20:48:33,345) [scsi_eh_1] (root,0,0,00:00:00/7-20:48:33,346) [scsi_tmf_1] (root,0,0,00:00:11/7-20:48:31,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-20:48:31,367) [ext4-rsv-conver] (root,38604,7900,00:00:13/7-20:48:19,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/7-20:48:18,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:11/7-20:48:16,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:05/7-20:47:42,512) /sbin/auditd (messagebus,22936,5672,00:00:28/7-20:47:42,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:15/7-20:47:42,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/7-20:47:42,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/7-20:47:41,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/7-20:47:41,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25616,00:00:09/7-20:47:27,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/7-20:47:27,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:43/7-20:47:26,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/7-20:47:26,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/7-20:47:26,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/7-20:47:26,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/7-20:47:26,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:13/7-20:47:26,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:02/7-20:47:26,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/7-20:47:26,1206) bpfilter_umh (root,26204,8300,00:00:04/7-20:47:26,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/7-20:47:26,1215) ntpd: asynchronous dns resolver (spot,282916,169232,09:06:53/7-20:47:26,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/7-20:47:25,1228) (sd-pam) (checkmk,48532,3192,00:00:00/7-20:47:25,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/7-20:47:25,1245) (sd-pam) (root,24216,5348,00:00:02/7-20:47:24,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/7-20:47:24,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/7-20:47:23,1354) /usr/sbin/cron -n (root,691080,73640,00:10:06/7-20:47:17,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,43820,00:02:31/7-20:47:03,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/40:17,3340) [kworker/u8:0-writeback] (root,0,0,00:00:01/02:27:48,4727) [kworker/1:0-events] (root,0,0,00:00:00/02:16:54,7262) [kworker/0:2-events] (postfix,24244,8288,00:00:00/21:38,7297) pickup -l -t fifo -u (root,0,0,00:00:00/21:24,7481) [kworker/2:1-events] (root,35308,10012,00:00:00/12:43:30,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:02/12:43:30,8749) sshd: syslogtunnel (root,0,0,00:00:00/03:42:16,8921) [kworker/3:2-events] (root,0,0,00:00:01/02:09:46,9864) [kworker/2:2-events] (root,0,0,00:00:00/10:41,11849) [kworker/3:0-events] (root,0,0,00:00:00/07:41,12753) [kworker/1:2-ata_sff] (root,0,0,00:00:00/02:31,14315) [kworker/1:1-ata_sff] (root,6656,3492,00:00:00/00:00,14923) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,14941) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,14942) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10012,00:00:00/1-18:38:19,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:06/1-18:38:18,15391) sshd: cm-ssh (root,0,0,00:00:00/01:43:29,17178) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/01:15:08,22987) [kworker/0:0-events] (postfix,44628,9464,00:00:00/2-01:24:04,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-20 07:10 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363705fae53Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:24/7-13:52:01,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-13:52:01,2) [kthreadd] (root,0,0,00:00:00/7-13:52:01,3) [rcu_gp] (root,0,0,00:00:00/7-13:52:01,4) [rcu_par_gp] (root,0,0,00:00:00/7-13:52:01,5) [slub_flushwq] (root,0,0,00:00:00/7-13:52:01,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-13:52:01,9) [mm_percpu_wq] (root,0,0,00:00:00/7-13:52:01,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-13:52:01,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-13:52:01,12) [rcu_tasks_trace] (root,0,0,00:00:13/7-13:52:01,13) [ksoftirqd/0] (root,0,0,00:19:57/7-13:52:01,14) [rcu_preempt] (root,0,0,00:00:02/7-13:52:01,15) [migration/0] (root,0,0,00:00:00/7-13:52:01,16) [idle_inject/0] (root,0,0,00:00:00/7-13:52:01,18) [cpuhp/0] (root,0,0,00:00:00/7-13:52:01,19) [cpuhp/1] (root,0,0,00:00:00/7-13:52:01,20) [idle_inject/1] (root,0,0,00:00:03/7-13:52:01,21) [migration/1] (root,0,0,00:00:11/7-13:52:01,22) [ksoftirqd/1] (root,0,0,00:00:00/7-13:52:01,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-13:52:01,25) [cpuhp/2] (root,0,0,00:00:00/7-13:52:01,26) [idle_inject/2] (root,0,0,00:00:02/7-13:52:01,27) [migration/2] (root,0,0,00:16:04/7-13:52:01,28) [ksoftirqd/2] (root,0,0,00:00:00/7-13:52:01,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-13:52:01,31) [cpuhp/3] (root,0,0,00:00:00/7-13:52:01,32) [idle_inject/3] (root,0,0,00:00:03/7-13:52:01,33) [migration/3] (root,0,0,00:00:43/7-13:52:01,34) [ksoftirqd/3] (root,0,0,00:00:00/7-13:52:01,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-13:52:01,39) [kdevtmpfs] (root,0,0,00:00:00/7-13:52:01,40) [netns] (root,0,0,00:00:00/7-13:52:01,41) [inet_frag_wq] (root,0,0,00:00:02/7-13:52:01,42) [kauditd] (root,0,0,00:00:00/7-13:52:01,43) [khungtaskd] (root,0,0,00:00:00/7-13:52:01,44) [oom_reaper] (root,0,0,00:00:00/7-13:52:01,45) [writeback] (root,0,0,00:00:22/7-13:52:01,46) [kcompactd0] (root,0,0,00:00:00/7-13:52:01,47) [ksmd] (root,0,0,00:00:23/7-13:52:01,48) [khugepaged] (root,0,0,00:00:00/7-13:52:01,74) [kintegrityd] (root,0,0,00:00:00/7-13:52:01,75) [kblockd] (root,0,0,00:00:00/7-13:52:01,76) [blkcg_punt_bio] (root,0,0,00:00:00/7-13:52:01,78) [tpm_dev_wq] (root,0,0,00:00:00/7-13:52:01,79) [edac-poller] (root,0,0,00:00:00/7-13:52:01,80) [devfreq_wq] (root,0,0,00:00:00/7-13:52:01,110) [watchdogd] (root,0,0,00:00:01/7-13:52:01,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-13:52:01,112) [kswapd0] (root,0,0,00:00:00/7-13:52:00,114) [kthrotld] (root,0,0,00:00:00/7-13:52:00,115) [mld] (root,0,0,00:00:00/7-13:52:00,116) [ipv6_addrconf] (root,0,0,00:00:03/7-13:52:00,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/7-13:52:00,122) [kstrp] (root,0,0,00:00:00/7-13:52:00,123) [zswap-shrink] (root,0,0,00:00:00/7-13:52:00,124) [kworker/u9:0] (root,0,0,00:00:00/7-13:52:00,129) [charger_manager] (root,0,0,00:00:01/7-13:51:59,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/7-13:51:59,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-13:51:59,205) [kaluad] (root,0,0,00:00:00/7-13:51:59,250) [kmpath_rdacd] (root,0,0,00:00:00/7-13:51:59,293) [kmpathd] (root,0,0,00:00:00/7-13:51:59,294) [kmpath_handlerd] (root,0,0,00:00:00/7-13:51:59,342) [ata_sff] (root,0,0,00:00:00/7-13:51:58,343) [scsi_eh_0] (root,0,0,00:00:00/7-13:51:58,344) [scsi_tmf_0] (root,0,0,00:00:00/7-13:51:58,345) [scsi_eh_1] (root,0,0,00:00:00/7-13:51:58,346) [scsi_tmf_1] (root,0,0,00:00:11/7-13:51:56,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-13:51:56,367) [ext4-rsv-conver] (root,38604,7900,00:00:13/7-13:51:44,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/7-13:51:43,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:11/7-13:51:41,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:04/7-13:51:07,512) /sbin/auditd (messagebus,22936,5672,00:00:27/7-13:51:07,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:15/7-13:51:07,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/7-13:51:07,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,0,0,00:00:00/01:36:07,589) [kworker/u8:0-flush-253:0] (root,31876,16220,00:00:03/7-13:51:06,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/7-13:51:06,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/05:52,776) [kworker/3:0-events] (root,547592,25356,00:00:08/7-13:50:52,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/7-13:50:52,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:40/7-13:50:51,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/7-13:50:51,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/7-13:50:51,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/7-13:50:51,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/7-13:50:51,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:13/7-13:50:51,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:00/7-13:50:51,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/7-13:50:51,1206) bpfilter_umh (root,26204,8300,00:00:04/7-13:50:51,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/7-13:50:51,1215) ntpd: asynchronous dns resolver (spot,284628,169660,08:38:09/7-13:50:51,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/7-13:50:50,1228) (sd-pam) (checkmk,48532,3192,00:00:00/7-13:50:50,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/7-13:50:50,1245) (sd-pam) (root,24216,5348,00:00:02/7-13:50:49,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/7-13:50:49,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/7-13:50:48,1354) /usr/sbin/cron -n (root,691080,73620,00:09:43/7-13:50:42,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,43784,00:02:25/7-13:50:28,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/02:01:40,1729) [kworker/0:2-events] (postfix,24244,8216,00:00:00/05:21,3178) pickup -l -t fifo -u (root,0,0,00:00:00/13:10,3478) [kworker/2:2-events] (root,0,0,00:00:00/35:01,4855) [kworker/2:0-events] (root,0,0,00:00:01/02:30:56,7055) [kworker/3:2-events] (root,35308,10012,00:00:00/05:46:55,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:00/05:46:55,8749) sshd: syslogtunnel (root,0,0,00:00:00/20:18,11487) [kworker/0:1-events] (root,35308,10012,00:00:00/1-11:41:44,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:05/1-11:41:43,15391) sshd: cm-ssh (root,0,0,00:00:00/01:00,22703) [kworker/1:0-ata_sff] (root,6656,3484,00:00:00/00:00,24681) /bin/bash /usr/bin/check_mk_agent (root,13744,3504,00:00:00/00:00,24699) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,24700) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:14:03,28289) [kworker/u8:2-ext4-rsv-conversion] (postfix,44628,9464,00:00:00/1-18:27:29,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/06:10,32156) [kworker/1:1-ata_sff] (root,0,0,00:00:00/26:56,32522) [kworker/1:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-20 00:14 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363017ead0cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:18/5-13:20:03,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-13:20:03,2) [kthreadd] (root,0,0,00:00:00/5-13:20:03,3) [rcu_gp] (root,0,0,00:00:00/5-13:20:03,4) [rcu_par_gp] (root,0,0,00:00:00/5-13:20:03,5) [slub_flushwq] (root,0,0,00:00:00/5-13:20:03,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-13:20:03,9) [mm_percpu_wq] (root,0,0,00:00:00/5-13:20:03,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-13:20:03,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-13:20:03,12) [rcu_tasks_trace] (root,0,0,00:00:09/5-13:20:03,13) [ksoftirqd/0] (root,0,0,00:14:27/5-13:20:03,14) [rcu_preempt] (root,0,0,00:00:02/5-13:20:03,15) [migration/0] (root,0,0,00:00:00/5-13:20:03,16) [idle_inject/0] (root,0,0,00:00:00/5-13:20:03,18) [cpuhp/0] (root,0,0,00:00:00/5-13:20:03,19) [cpuhp/1] (root,0,0,00:00:00/5-13:20:03,20) [idle_inject/1] (root,0,0,00:00:02/5-13:20:03,21) [migration/1] (root,0,0,00:00:07/5-13:20:03,22) [ksoftirqd/1] (root,0,0,00:00:00/5-13:20:03,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-13:20:03,25) [cpuhp/2] (root,0,0,00:00:00/5-13:20:03,26) [idle_inject/2] (root,0,0,00:00:01/5-13:20:03,27) [migration/2] (root,0,0,00:11:57/5-13:20:03,28) [ksoftirqd/2] (root,0,0,00:00:00/5-13:20:03,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-13:20:03,31) [cpuhp/3] (root,0,0,00:00:00/5-13:20:03,32) [idle_inject/3] (root,0,0,00:00:02/5-13:20:03,33) [migration/3] (root,0,0,00:00:30/5-13:20:03,34) [ksoftirqd/3] (root,0,0,00:00:00/5-13:20:03,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-13:20:03,39) [kdevtmpfs] (root,0,0,00:00:00/5-13:20:03,40) [netns] (root,0,0,00:00:00/5-13:20:03,41) [inet_frag_wq] (root,0,0,00:00:01/5-13:20:03,42) [kauditd] (root,0,0,00:00:00/5-13:20:03,43) [khungtaskd] (root,0,0,00:00:00/5-13:20:03,44) [oom_reaper] (root,0,0,00:00:00/5-13:20:03,45) [writeback] (root,0,0,00:00:14/5-13:20:03,46) [kcompactd0] (root,0,0,00:00:00/5-13:20:03,47) [ksmd] (root,0,0,00:00:15/5-13:20:03,48) [khugepaged] (root,0,0,00:00:00/5-13:20:03,74) [kintegrityd] (root,0,0,00:00:00/5-13:20:03,75) [kblockd] (root,0,0,00:00:00/5-13:20:03,76) [blkcg_punt_bio] (root,0,0,00:00:00/5-13:20:03,78) [tpm_dev_wq] (root,0,0,00:00:00/5-13:20:03,79) [edac-poller] (root,0,0,00:00:00/5-13:20:03,80) [devfreq_wq] (root,0,0,00:00:00/5-13:20:03,110) [watchdogd] (root,0,0,00:00:01/5-13:20:03,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-13:20:03,112) [kswapd0] (root,0,0,00:00:00/5-13:20:02,114) [kthrotld] (root,0,0,00:00:00/5-13:20:02,115) [mld] (root,0,0,00:00:00/5-13:20:02,116) [ipv6_addrconf] (root,0,0,00:00:02/5-13:20:02,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/5-13:20:02,122) [kstrp] (root,0,0,00:00:00/5-13:20:02,123) [zswap-shrink] (root,0,0,00:00:00/5-13:20:02,124) [kworker/u9:0] (root,0,0,00:00:00/5-13:20:02,129) [charger_manager] (root,0,0,00:00:01/5-13:20:01,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/5-13:20:01,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-13:20:01,205) [kaluad] (root,0,0,00:00:00/5-13:20:01,250) [kmpath_rdacd] (root,0,0,00:00:00/5-13:20:01,293) [kmpathd] (root,0,0,00:00:00/5-13:20:01,294) [kmpath_handlerd] (root,0,0,00:00:00/5-13:20:01,342) [ata_sff] (root,0,0,00:00:00/5-13:20:00,343) [scsi_eh_0] (root,0,0,00:00:00/5-13:20:00,344) [scsi_tmf_0] (root,0,0,00:00:00/5-13:20:00,345) [scsi_eh_1] (root,0,0,00:00:00/5-13:20:00,346) [scsi_tmf_1] (root,0,0,00:00:08/5-13:19:58,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-13:19:58,367) [ext4-rsv-conver] (root,38604,7544,00:00:09/5-13:19:46,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/5-13:19:45,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:08/5-13:19:43,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/5-13:19:09,512) /sbin/auditd (messagebus,22936,5824,00:00:20/5-13:19:09,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:11/5-13:19:09,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/5-13:19:09,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/5-13:19:08,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/5-13:19:08,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25572,00:00:06/5-13:18:54,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/5-13:18:54,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:28/5-13:18:53,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/5-13:18:53,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/5-13:18:53,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/5-13:18:53,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/5-13:18:53,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:10/5-13:18:53,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:43/5-13:18:53,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/5-13:18:53,1206) bpfilter_umh (root,26204,8340,00:00:03/5-13:18:53,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/5-13:18:53,1215) ntpd: asynchronous dns resolver (spot,276104,163724,06:05:19/5-13:18:53,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/5-13:18:52,1228) (sd-pam) (checkmk,48532,3192,00:00:00/5-13:18:52,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/5-13:18:52,1245) (sd-pam) (root,24216,5348,00:00:01/5-13:18:51,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/5-13:18:51,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/5-13:18:50,1354) /usr/sbin/cron -n (root,691080,73464,00:07:03/5-13:18:44,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,42496,00:01:45/5-13:18:30,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/02:06,2640) [kworker/1:1-ata_sff] (root,0,0,00:00:00/16:46,4571) [kworker/2:0-cgroup_destroy] (root,35308,10024,00:00:00/3-15:11:39,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:12/3-15:11:39,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/3-15:11:24,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:10/3-15:11:24,4688) sshd: cm-ssh (root,0,0,00:00:00/16:03,9134) [kworker/3:0] (root,0,0,00:00:00/07:18,10552) [kworker/1:0-ata_sff] (postfix,24244,8244,00:00:00/01:34:18,12637) pickup -l -t fifo -u (root,6656,3488,00:00:00/00:00,12794) /bin/bash /usr/bin/check_mk_agent (root,13744,3520,00:00:00/00:00,12812) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,12813) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/46:08,17810) [kworker/3:1-events] (root,0,0,00:00:00/20:15,22337) [kworker/0:1] (root,0,0,00:00:00/05:11:42,26136) [kworker/u8:1-writeback] (root,0,0,00:00:01/01:51:04,28062) [kworker/1:2-events] (root,0,0,00:00:00/01:21:42,30976) [kworker/u8:0-writeback] (root,0,0,00:00:00/02:28:02,31879) [kworker/0:2-events] (root,0,0,00:00:00/28:47,32749) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-17 23:42 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683630a7cf5d2Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:13/3-13:59:17,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-13:59:17,2) [kthreadd] (root,0,0,00:00:00/3-13:59:17,3) [rcu_gp] (root,0,0,00:00:00/3-13:59:17,4) [rcu_par_gp] (root,0,0,00:00:00/3-13:59:17,5) [slub_flushwq] (root,0,0,00:00:00/3-13:59:17,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-13:59:17,9) [mm_percpu_wq] (root,0,0,00:00:00/3-13:59:17,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-13:59:17,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-13:59:17,12) [rcu_tasks_trace] (root,0,0,00:00:05/3-13:59:17,13) [ksoftirqd/0] (root,0,0,00:09:21/3-13:59:17,14) [rcu_preempt] (root,0,0,00:00:01/3-13:59:17,15) [migration/0] (root,0,0,00:00:00/3-13:59:17,16) [idle_inject/0] (root,0,0,00:00:00/3-13:59:17,18) [cpuhp/0] (root,0,0,00:00:00/3-13:59:17,19) [cpuhp/1] (root,0,0,00:00:00/3-13:59:17,20) [idle_inject/1] (root,0,0,00:00:01/3-13:59:17,21) [migration/1] (root,0,0,00:00:04/3-13:59:17,22) [ksoftirqd/1] (root,0,0,00:00:00/3-13:59:17,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-13:59:17,25) [cpuhp/2] (root,0,0,00:00:00/3-13:59:17,26) [idle_inject/2] (root,0,0,00:00:01/3-13:59:17,27) [migration/2] (root,0,0,00:07:51/3-13:59:17,28) [ksoftirqd/2] (root,0,0,00:00:00/3-13:59:17,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-13:59:17,31) [cpuhp/3] (root,0,0,00:00:00/3-13:59:17,32) [idle_inject/3] (root,0,0,00:00:01/3-13:59:17,33) [migration/3] (root,0,0,00:00:20/3-13:59:17,34) [ksoftirqd/3] (root,0,0,00:00:00/3-13:59:17,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-13:59:17,39) [kdevtmpfs] (root,0,0,00:00:00/3-13:59:17,40) [netns] (root,0,0,00:00:00/3-13:59:17,41) [inet_frag_wq] (root,0,0,00:00:01/3-13:59:17,42) [kauditd] (root,0,0,00:00:00/3-13:59:17,43) [khungtaskd] (root,0,0,00:00:00/3-13:59:17,44) [oom_reaper] (root,0,0,00:00:00/3-13:59:17,45) [writeback] (root,0,0,00:00:09/3-13:59:17,46) [kcompactd0] (root,0,0,00:00:00/3-13:59:17,47) [ksmd] (root,0,0,00:00:10/3-13:59:17,48) [khugepaged] (root,0,0,00:00:00/3-13:59:17,74) [kintegrityd] (root,0,0,00:00:00/3-13:59:17,75) [kblockd] (root,0,0,00:00:00/3-13:59:17,76) [blkcg_punt_bio] (root,0,0,00:00:00/3-13:59:17,78) [tpm_dev_wq] (root,0,0,00:00:00/3-13:59:17,79) [edac-poller] (root,0,0,00:00:00/3-13:59:17,80) [devfreq_wq] (root,0,0,00:00:00/3-13:59:17,110) [watchdogd] (root,0,0,00:00:00/3-13:59:17,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-13:59:17,112) [kswapd0] (root,0,0,00:00:00/3-13:59:16,114) [kthrotld] (root,0,0,00:00:00/3-13:59:16,115) [mld] (root,0,0,00:00:00/3-13:59:16,116) [ipv6_addrconf] (root,0,0,00:00:01/3-13:59:16,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-13:59:16,122) [kstrp] (root,0,0,00:00:00/3-13:59:16,123) [zswap-shrink] (root,0,0,00:00:00/3-13:59:16,124) [kworker/u9:0] (root,0,0,00:00:00/3-13:59:16,129) [charger_manager] (root,0,0,00:00:00/3-13:59:15,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-13:59:15,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-13:59:15,205) [kaluad] (root,0,0,00:00:00/3-13:59:15,250) [kmpath_rdacd] (root,0,0,00:00:00/3-13:59:15,293) [kmpathd] (root,0,0,00:00:00/3-13:59:15,294) [kmpath_handlerd] (root,0,0,00:00:00/3-13:59:15,342) [ata_sff] (root,0,0,00:00:00/3-13:59:14,343) [scsi_eh_0] (root,0,0,00:00:00/3-13:59:14,344) [scsi_tmf_0] (root,0,0,00:00:00/3-13:59:14,345) [scsi_eh_1] (root,0,0,00:00:00/3-13:59:14,346) [scsi_tmf_1] (root,0,0,00:00:05/3-13:59:12,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-13:59:12,367) [ext4-rsv-conver] (root,38604,7544,00:00:07/3-13:59:00,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/3-13:58:59,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:05/3-13:58:57,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/3-13:58:23,512) /sbin/auditd (messagebus,22936,5824,00:00:14/3-13:58:23,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:07/3-13:58:23,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/3-13:58:23,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/3-13:58:22,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/3-13:58:22,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24748,00:00:04/3-13:58:08,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/3-13:58:08,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:16/3-13:58:07,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/3-13:58:07,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/3-13:58:07,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/3-13:58:07,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/3-13:58:07,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:07/3-13:58:07,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:28/3-13:58:07,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/3-13:58:07,1206) bpfilter_umh (root,26204,8340,00:00:02/3-13:58:07,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/3-13:58:07,1215) ntpd: asynchronous dns resolver (spot,274636,163260,04:09:21/3-13:58:07,1221) /usr/bin/python3.11 /usr/bin/spot (root,6656,3488,00:00:00/00:00,1226) /bin/bash /usr/bin/check_mk_agent (cm-ssh,48532,3192,00:00:00/3-13:58:06,1228) (sd-pam) (checkmk,48532,3192,00:00:00/3-13:58:06,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/3-13:58:06,1245) (sd-pam) (root,6656,1824,00:00:00/00:00,1270) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,1271) /bin/bash /usr/bin/check_mk_agent (root,4480,1060,00:00:00/00:00,1272) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,828,00:00:00/00:00,1273) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,680,00:00:00/00:00,1274) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3488,00:00:00/00:00,1275) /bin/bash /usr/bin/check_mk_agent (root,13744,3460,00:00:00/00:00,1293) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,1294) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,24216,5348,00:00:01/3-13:58:05,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-13:58:05,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/3-13:58:04,1354) /usr/sbin/cron -n (root,689544,71904,00:04:35/3-13:57:58,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,207296,41148,00:01:09/3-13:57:44,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:02/02:30:39,3235) [kworker/2:0-events] (root,35308,10024,00:00:00/1-15:50:53,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:05/1-15:50:53,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/1-15:50:38,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:05/1-15:50:38,4688) sshd: cm-ssh (root,0,0,00:00:00/01:08:27,4707) [kworker/0:2-events] (postfix,24244,8236,00:00:00/55:32,11348) pickup -l -t fifo -u (root,0,0,00:00:00/33:53,11457) [kworker/3:1-cgroup_destroy] (root,0,0,00:00:00/25:27,13597) [kworker/2:2] (root,0,0,00:00:00/01:56:18,13813) [kworker/3:2-events] (root,0,0,00:00:00/03:51,14038) [kworker/3:0-events] (root,0,0,00:00:00/02:02,19286) [kworker/1:0-ata_sff] (root,0,0,00:00:00/17:36,19322) [kworker/1:1-events] (root,0,0,00:00:00/15:56,25346) [kworker/u8:0-writeback] (root,0,0,00:00:00/07:15,28879) [kworker/1:2-ata_sff] (root,0,0,00:00:00/04:05:54,30146) [kworker/u8:2] (root,0,0,00:00:00/01:34:52,32518) [kworker/0:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-16 00:21 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836302e5e608Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12672,00:00:07/1-13:49:46,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-13:49:46,2) [kthreadd] (root,0,0,00:00:00/1-13:49:46,3) [rcu_gp] (root,0,0,00:00:00/1-13:49:46,4) [rcu_par_gp] (root,0,0,00:00:00/1-13:49:46,5) [slub_flushwq] (root,0,0,00:00:00/1-13:49:46,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-13:49:46,9) [mm_percpu_wq] (root,0,0,00:00:00/1-13:49:46,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-13:49:46,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-13:49:46,12) [rcu_tasks_trace] (root,0,0,00:00:02/1-13:49:46,13) [ksoftirqd/0] (root,0,0,00:04:04/1-13:49:46,14) [rcu_preempt] (root,0,0,00:00:00/1-13:49:46,15) [migration/0] (root,0,0,00:00:00/1-13:49:46,16) [idle_inject/0] (root,0,0,00:00:00/1-13:49:46,18) [cpuhp/0] (root,0,0,00:00:00/1-13:49:46,19) [cpuhp/1] (root,0,0,00:00:00/1-13:49:46,20) [idle_inject/1] (root,0,0,00:00:00/1-13:49:46,21) [migration/1] (root,0,0,00:00:02/1-13:49:46,22) [ksoftirqd/1] (root,0,0,00:00:00/1-13:49:46,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-13:49:46,25) [cpuhp/2] (root,0,0,00:00:00/1-13:49:46,26) [idle_inject/2] (root,0,0,00:00:00/1-13:49:46,27) [migration/2] (root,0,0,00:03:21/1-13:49:46,28) [ksoftirqd/2] (root,0,0,00:00:00/1-13:49:46,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-13:49:46,31) [cpuhp/3] (root,0,0,00:00:00/1-13:49:46,32) [idle_inject/3] (root,0,0,00:00:00/1-13:49:46,33) [migration/3] (root,0,0,00:00:08/1-13:49:46,34) [ksoftirqd/3] (root,0,0,00:00:00/1-13:49:46,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-13:49:46,39) [kdevtmpfs] (root,0,0,00:00:00/1-13:49:46,40) [netns] (root,0,0,00:00:00/1-13:49:46,41) [inet_frag_wq] (root,0,0,00:00:00/1-13:49:46,42) [kauditd] (root,0,0,00:00:00/1-13:49:46,43) [khungtaskd] (root,0,0,00:00:00/1-13:49:46,44) [oom_reaper] (root,0,0,00:00:00/1-13:49:46,45) [writeback] (root,0,0,00:00:04/1-13:49:46,46) [kcompactd0] (root,0,0,00:00:00/1-13:49:46,47) [ksmd] (root,0,0,00:00:04/1-13:49:46,48) [khugepaged] (root,0,0,00:00:00/1-13:49:46,74) [kintegrityd] (root,0,0,00:00:00/1-13:49:46,75) [kblockd] (root,0,0,00:00:00/1-13:49:46,76) [blkcg_punt_bio] (root,0,0,00:00:00/1-13:49:46,78) [tpm_dev_wq] (root,0,0,00:00:00/1-13:49:46,79) [edac-poller] (root,0,0,00:00:00/1-13:49:46,80) [devfreq_wq] (root,0,0,00:00:00/1-13:49:46,110) [watchdogd] (root,0,0,00:00:00/1-13:49:46,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-13:49:46,112) [kswapd0] (root,0,0,00:00:00/1-13:49:45,114) [kthrotld] (root,0,0,00:00:00/1-13:49:45,115) [mld] (root,0,0,00:00:00/1-13:49:45,116) [ipv6_addrconf] (root,0,0,00:00:00/1-13:49:45,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-13:49:45,122) [kstrp] (root,0,0,00:00:00/1-13:49:45,123) [zswap-shrink] (root,0,0,00:00:00/1-13:49:45,124) [kworker/u9:0] (root,0,0,00:00:00/1-13:49:45,129) [charger_manager] (root,0,0,00:00:00/1-13:49:44,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-13:49:44,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-13:49:44,205) [kaluad] (root,0,0,00:00:00/1-13:49:44,250) [kmpath_rdacd] (root,0,0,00:00:00/1-13:49:44,293) [kmpathd] (root,0,0,00:00:00/1-13:49:44,294) [kmpath_handlerd] (root,0,0,00:00:00/1-13:49:44,342) [ata_sff] (root,0,0,00:00:00/1-13:49:43,343) [scsi_eh_0] (root,0,0,00:00:00/1-13:49:43,344) [scsi_tmf_0] (root,0,0,00:00:00/1-13:49:43,345) [scsi_eh_1] (root,0,0,00:00:00/1-13:49:43,346) [scsi_tmf_1] (root,0,0,00:00:02/1-13:49:41,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-13:49:41,367) [ext4-rsv-conver] (root,38604,7544,00:00:03/1-13:49:29,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/1-13:49:28,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:02/1-13:49:26,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/1-13:48:52,512) /sbin/auditd (messagebus,22936,5824,00:00:06/1-13:48:52,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8508,00:00:03/1-13:48:52,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/1-13:48:52,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/1-13:48:51,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/1-13:48:51,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24220,00:00:02/1-13:48:37,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/1-13:48:37,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:07/1-13:48:36,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/1-13:48:36,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/1-13:48:36,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/1-13:48:36,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/1-13:48:36,1201) /usr/lib/systemd/systemd --user (root,448724,7840,00:00:03/1-13:48:36,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:12/1-13:48:36,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/1-13:48:36,1206) bpfilter_umh (root,26204,8340,00:00:01/1-13:48:36,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/1-13:48:36,1215) ntpd: asynchronous dns resolver (spot,198884,161656,01:45:57/1-13:48:36,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/1-13:48:35,1228) (sd-pam) (checkmk,48532,3192,00:00:00/1-13:48:35,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/1-13:48:35,1245) (sd-pam) (root,24216,5348,00:00:00/1-13:48:34,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/1-13:48:34,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/1-13:48:33,1354) /usr/sbin/cron -n (root,35308,9992,00:00:00/1-13:48:29,1368) sshd: syslogtunnel [priv] (syslogtunnel,35308,5400,00:00:05/1-13:48:29,1371) sshd: syslogtunnel (root,689288,71280,00:02:02/1-13:48:27,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,40784,00:00:32/1-13:48:13,1380) /usr/bin/python3.11 /usr/bin/spot (root,35308,9976,00:00:00/1-13:47:54,1434) sshd: cm-ssh [priv] (cm-ssh,35308,5468,00:00:04/1-13:47:54,1436) sshd: cm-ssh (root,0,0,00:00:05/08:14:11,3139) [kworker/1:0-events] (root,0,0,00:00:01/05:38:05,3220) [kworker/3:2-events] (root,0,0,00:00:00/03:38,5103) [kworker/2:1-events] (root,0,0,00:00:00/41:24,6236) [kworker/u8:2-writeback] (root,0,0,00:00:00/14:32,6942) [kworker/2:2-events] (postfix,24244,8168,00:00:00/01:07:59,8239) pickup -l -t fifo -u (root,0,0,00:00:00/24:48,9251) [kworker/0:2-events] (root,0,0,00:00:00/02:08,11518) [kworker/1:2-ata_sff] (root,6656,3488,00:00:00/00:00,21463) /bin/bash /usr/bin/check_mk_agent (root,13744,3396,00:00:00/00:00,21481) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,21482) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:19,24011) [kworker/1:1-ata_sff] (root,0,0,00:00:00/47:20,27345) [kworker/3:0-events] (root,0,0,00:00:00/01:11:48,28896) [kworker/0:0-events] (root,0,0,00:00:00/01:11:28,29594) [kworker/u8:1] (root,0,0,00:00:00/28:25,32356) [kworker/2:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-14 00:11 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836303e8cf9bFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12368,00:03:07/62-13:53:30,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/62-13:53:30,2) [kthreadd] (root,0,0,00:00:00/62-13:53:30,3) [rcu_gp] (root,0,0,00:00:00/62-13:53:30,4) [rcu_par_gp] (root,0,0,00:00:00/62-13:53:30,5) [slub_flushwq] (root,0,0,00:00:00/62-13:53:30,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/62-13:53:30,9) [mm_percpu_wq] (root,0,0,00:00:00/62-13:53:30,10) [rcu_tasks_kthre] (root,0,0,00:00:00/62-13:53:30,11) [rcu_tasks_rude_] (root,0,0,00:00:00/62-13:53:30,12) [rcu_tasks_trace] (root,0,0,00:01:52/62-13:53:30,13) [ksoftirqd/0] (root,0,0,02:54:10/62-13:53:30,14) [rcu_preempt] (root,0,0,00:00:23/62-13:53:30,15) [migration/0] (root,0,0,00:00:00/62-13:53:30,16) [idle_inject/0] (root,0,0,00:00:00/62-13:53:30,18) [cpuhp/0] (root,0,0,00:00:00/62-13:53:30,19) [cpuhp/1] (root,0,0,00:00:00/62-13:53:30,20) [idle_inject/1] (root,0,0,00:00:23/62-13:53:30,21) [migration/1] (root,0,0,00:01:33/62-13:53:30,22) [ksoftirqd/1] (root,0,0,00:00:00/62-13:53:30,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/62-13:53:30,25) [cpuhp/2] (root,0,0,00:00:00/62-13:53:30,26) [idle_inject/2] (root,0,0,00:00:17/62-13:53:30,27) [migration/2] (root,0,0,01:53:31/62-13:53:30,28) [ksoftirqd/2] (root,0,0,00:00:00/62-13:53:30,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/62-13:53:30,31) [cpuhp/3] (root,0,0,00:00:00/62-13:53:30,32) [idle_inject/3] (root,0,0,00:00:22/62-13:53:30,33) [migration/3] (root,0,0,00:05:43/62-13:53:30,34) [ksoftirqd/3] (root,0,0,00:00:00/62-13:53:30,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/62-13:53:30,40) [kdevtmpfs] (root,0,0,00:00:00/62-13:53:30,41) [netns] (root,0,0,00:00:00/62-13:53:30,42) [inet_frag_wq] (root,0,0,00:00:22/62-13:53:30,43) [kauditd] (root,0,0,00:00:00/62-13:53:30,44) [khungtaskd] (root,0,0,00:00:00/62-13:53:30,45) [oom_reaper] (root,0,0,00:00:00/62-13:53:30,46) [writeback] (root,0,0,00:03:11/62-13:53:30,47) [kcompactd0] (root,0,0,00:00:00/62-13:53:30,48) [ksmd] (root,0,0,00:03:27/62-13:53:30,49) [khugepaged] (root,0,0,00:00:00/62-13:53:30,75) [kintegrityd] (root,0,0,00:00:00/62-13:53:30,76) [kblockd] (root,0,0,00:00:00/62-13:53:30,77) [blkcg_punt_bio] (root,0,0,00:00:00/62-13:53:30,79) [tpm_dev_wq] (root,0,0,00:00:00/62-13:53:30,80) [edac-poller] (root,0,0,00:00:00/62-13:53:30,81) [devfreq_wq] (root,0,0,00:00:00/62-13:53:30,110) [watchdogd] (root,0,0,00:00:05/62-13:53:30,111) [kswapd0] (root,0,0,00:00:16/62-13:53:30,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/62-13:53:28,115) [kthrotld] (root,0,0,00:00:00/62-13:53:28,116) [mld] (root,0,0,00:00:00/62-13:53:28,117) [ipv6_addrconf] (root,0,0,00:00:16/62-13:53:28,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/62-13:53:28,123) [kstrp] (root,0,0,00:00:00/62-13:53:28,124) [zswap-shrink] (root,0,0,00:00:00/62-13:53:28,125) [kworker/u9:0] (root,0,0,00:00:00/62-13:53:28,130) [charger_manager] (root,0,0,00:00:18/62-13:53:28,172) [kworker/1:1H-kblockd] (root,0,0,00:00:27/62-13:53:28,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/62-13:53:27,239) [kaluad] (root,0,0,00:00:00/62-13:53:27,258) [kmpath_rdacd] (root,0,0,00:00:00/62-13:53:27,304) [kmpathd] (root,0,0,00:00:00/62-13:53:27,305) [kmpath_handlerd] (root,0,0,00:00:00/62-13:53:26,342) [ata_sff] (root,0,0,00:00:00/62-13:53:26,343) [scsi_eh_0] (root,0,0,00:00:00/62-13:53:26,344) [scsi_tmf_0] (root,0,0,00:00:00/62-13:53:26,345) [scsi_eh_1] (root,0,0,00:00:00/62-13:53:26,346) [scsi_tmf_1] (root,0,0,00:01:59/62-13:53:23,366) [jbd2/vda1-8] (root,0,0,00:00:00/62-13:53:23,367) [ext4-rsv-conver] (root,38604,7852,00:01:47/62-13:53:11,440) /usr/lib/systemd/systemd-journald (root,53296,9324,00:00:07/62-13:53:10,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:36/62-13:53:08,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1584,00:00:39/62-13:52:37,511) /sbin/auditd (messagebus,22932,5400,00:03:34/62-13:52:36,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38880,8288,00:02:01/62-13:52:36,530) /usr/lib/systemd/systemd-logind (root,20556,4152,00:00:00/62-13:52:36,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15472,00:00:03/62-13:52:34,611) /usr/sbin/wickedd --systemd --foreground (root,31900,15904,00:00:00/62-13:52:34,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549384,31628,00:01:13/62-13:52:20,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/62-13:52:20,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:06:04/62-13:52:20,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/62-13:52:20,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/62-13:52:20,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/62-13:52:20,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/62-13:52:20,1343) /usr/lib/systemd/systemd --user (root,449060,7988,00:01:56/62-13:52:20,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:52/62-13:52:20,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/62-13:52:20,1352) bpfilter_umh (root,26204,8096,00:00:33/62-13:52:20,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/62-13:52:20,1359) ntpd: asynchronous dns resolver (spot,362672,213560,3-11:07:55/62-13:52:19,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/62-13:52:19,1371) (sd-pam) (checkmk,48528,3180,00:00:00/62-13:52:19,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/62-13:52:19,1373) (sd-pam) (root,24216,5256,00:00:22/62-13:52:17,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/62-13:52:17,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/62-13:52:17,1485) /usr/sbin/cron -n (root,699464,78300,01:26:27/62-13:52:11,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/01:28:05,1818) [kworker/1:0-events] (spot,236992,82964,00:31:55/62-13:51:59,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/43:25,2406) [kworker/u8:0-ext4-rsv-conversion] (postfix,44628,9104,00:00:02/56-19:27:34,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/03:56,3650) [kworker/u8:1-writeback] (root,0,0,00:00:00/38:57,9738) [kworker/0:2-events] (root,35304,10040,00:00:00/24-14:20:29,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:32/24-14:20:28,10514) sshd: syslogtunnel (root,0,0,00:00:00/02:01,11889) [kworker/0:0-events] (root,0,0,00:00:00/01:41:32,12427) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/51:15,14894) [kworker/1:1] (root,0,0,00:00:01/02:54:08,19079) [kworker/2:2-events] (postfix,24244,8252,00:00:00/01:03:01,21014) pickup -l -t fifo -u (root,0,0,00:00:00/00:01,24140) [kworker/3:2] (root,6656,3488,00:00:00/00:00,24504) /bin/bash /usr/bin/check_mk_agent (root,13744,3392,00:00:00/00:00,24522) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,24523) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/06:59,25190) [kworker/2:1-events] (root,0,0,00:00:00/01:12:40,25290) [kworker/3:1-events] (root,0,0,00:00:00/01:10:54,30822) [kworker/0:1-events] (root,35308,10028,00:00:00/24-15:06:42,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:22/24-15:06:41,30947) sshd: cm-ssh (root,0,0,00:00:00/05:14,31573) [kworker/3:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-12 00:42 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c125de77Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:58/60-11:49:10,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/60-11:49:10,2) [kthreadd] (root,0,0,00:00:00/60-11:49:10,3) [rcu_gp] (root,0,0,00:00:00/60-11:49:10,4) [rcu_par_gp] (root,0,0,00:00:00/60-11:49:10,5) [slub_flushwq] (root,0,0,00:00:00/60-11:49:10,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/60-11:49:10,9) [mm_percpu_wq] (root,0,0,00:00:00/60-11:49:10,10) [rcu_tasks_kthre] (root,0,0,00:00:00/60-11:49:10,11) [rcu_tasks_rude_] (root,0,0,00:00:00/60-11:49:10,12) [rcu_tasks_trace] (root,0,0,00:01:48/60-11:49:10,13) [ksoftirqd/0] (root,0,0,02:48:51/60-11:49:10,14) [rcu_preempt] (root,0,0,00:00:23/60-11:49:10,15) [migration/0] (root,0,0,00:00:00/60-11:49:10,16) [idle_inject/0] (root,0,0,00:00:00/60-11:49:10,18) [cpuhp/0] (root,0,0,00:00:00/60-11:49:10,19) [cpuhp/1] (root,0,0,00:00:00/60-11:49:10,20) [idle_inject/1] (root,0,0,00:00:23/60-11:49:10,21) [migration/1] (root,0,0,00:01:29/60-11:49:10,22) [ksoftirqd/1] (root,0,0,00:00:00/60-11:49:10,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/60-11:49:10,25) [cpuhp/2] (root,0,0,00:00:00/60-11:49:10,26) [idle_inject/2] (root,0,0,00:00:17/60-11:49:10,27) [migration/2] (root,0,0,01:49:23/60-11:49:10,28) [ksoftirqd/2] (root,0,0,00:00:00/60-11:49:10,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/60-11:49:10,31) [cpuhp/3] (root,0,0,00:00:00/60-11:49:10,32) [idle_inject/3] (root,0,0,00:00:21/60-11:49:10,33) [migration/3] (root,0,0,00:05:32/60-11:49:10,34) [ksoftirqd/3] (root,0,0,00:00:00/60-11:49:10,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/60-11:49:10,40) [kdevtmpfs] (root,0,0,00:00:00/60-11:49:10,41) [netns] (root,0,0,00:00:00/60-11:49:10,42) [inet_frag_wq] (root,0,0,00:00:21/60-11:49:10,43) [kauditd] (root,0,0,00:00:00/60-11:49:10,44) [khungtaskd] (root,0,0,00:00:00/60-11:49:10,45) [oom_reaper] (root,0,0,00:00:00/60-11:49:10,46) [writeback] (root,0,0,00:03:04/60-11:49:10,47) [kcompactd0] (root,0,0,00:00:00/60-11:49:10,48) [ksmd] (root,0,0,00:03:20/60-11:49:10,49) [khugepaged] (root,0,0,00:00:00/60-11:49:10,75) [kintegrityd] (root,0,0,00:00:00/60-11:49:10,76) [kblockd] (root,0,0,00:00:00/60-11:49:10,77) [blkcg_punt_bio] (root,0,0,00:00:00/60-11:49:10,79) [tpm_dev_wq] (root,0,0,00:00:00/60-11:49:10,80) [edac-poller] (root,0,0,00:00:00/60-11:49:10,81) [devfreq_wq] (root,0,0,00:00:00/60-11:49:10,110) [watchdogd] (root,0,0,00:00:04/60-11:49:10,111) [kswapd0] (root,0,0,00:00:15/60-11:49:10,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/60-11:49:08,115) [kthrotld] (root,0,0,00:00:00/60-11:49:08,116) [mld] (root,0,0,00:00:00/60-11:49:08,117) [ipv6_addrconf] (root,0,0,00:00:16/60-11:49:08,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/60-11:49:08,123) [kstrp] (root,0,0,00:00:00/60-11:49:08,124) [zswap-shrink] (root,0,0,00:00:00/60-11:49:08,125) [kworker/u9:0] (root,0,0,00:00:00/60-11:49:08,130) [charger_manager] (root,0,0,00:00:18/60-11:49:08,172) [kworker/1:1H-kblockd] (root,0,0,00:00:26/60-11:49:08,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/60-11:49:07,239) [kaluad] (root,0,0,00:00:00/60-11:49:07,258) [kmpath_rdacd] (root,0,0,00:00:00/60-11:49:07,304) [kmpathd] (root,0,0,00:00:00/60-11:49:07,305) [kmpath_handlerd] (root,0,0,00:00:00/60-11:49:06,342) [ata_sff] (root,0,0,00:00:00/60-11:49:06,343) [scsi_eh_0] (root,0,0,00:00:00/60-11:49:06,344) [scsi_tmf_0] (root,0,0,00:00:00/60-11:49:06,345) [scsi_eh_1] (root,0,0,00:00:00/60-11:49:06,346) [scsi_tmf_1] (root,0,0,00:01:56/60-11:49:03,366) [jbd2/vda1-8] (root,0,0,00:00:00/60-11:49:03,367) [ext4-rsv-conver] (root,38604,7852,00:01:43/60-11:48:51,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/60-11:48:50,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:33/60-11:48:48,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:37/60-11:48:17,511) /sbin/auditd (messagebus,22932,5400,00:03:23/60-11:48:16,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:55/60-11:48:16,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/60-11:48:16,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/60-11:48:14,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/60-11:48:14,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549384,31636,00:01:11/60-11:48:00,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/60-11:48:00,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:52/60-11:48:00,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/60-11:48:00,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/60-11:48:00,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/60-11:48:00,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/60-11:48:00,1343) /usr/lib/systemd/systemd --user (root,449060,8208,00:01:51/60-11:48:00,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:36/60-11:48:00,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/60-11:48:00,1352) bpfilter_umh (root,26204,8096,00:00:31/60-11:48:00,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/60-11:48:00,1359) ntpd: asynchronous dns resolver (spot,362528,213540,3-08:21:56/60-11:47:59,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/60-11:47:59,1371) (sd-pam) (checkmk,48528,3180,00:00:00/60-11:47:59,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/60-11:47:59,1373) (sd-pam) (root,24216,5260,00:00:21/60-11:47:57,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/60-11:47:57,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/60-11:47:57,1485) /usr/sbin/cron -n (root,699208,78092,01:23:38/60-11:47:51,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,235968,82036,00:31:03/60-11:47:39,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/54-17:23:14,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:13:47,4301) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/42:01,5269) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/01:36,7246) [kworker/1:0-events] (root,0,0,00:00:00/00:48,9857) [kworker/3:0-ata_sff] (root,35304,10040,00:00:00/22-12:16:09,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:24/22-12:16:08,10514) sshd: syslogtunnel (root,6656,3484,00:00:00/00:00,12561) /bin/bash /usr/bin/check_mk_agent (root,13744,3484,00:00:00/00:00,12579) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,12580) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:50,12806) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/25:21,16122) [kworker/0:0-cgroup_destroy] (postfix,24244,8276,00:00:00/59:47,18926) pickup -l -t fifo -u (root,0,0,00:00:00/06:00,19641) [kworker/3:2-ata_sff] (root,0,0,00:00:00/22:59,25987) [kworker/1:1-events] (root,0,0,00:00:00/57:53,28209) [kworker/3:1-mm_percpu_wq] (root,0,0,00:00:00/37:14,29474) [kworker/0:2-events] (root,35308,10028,00:00:00/22-13:02:22,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:15/22-13:02:21,30947) sshd: cm-ssh (root,0,0,00:00:00/11:08,32105) [kworker/2:1-events] (root,0,0,00:00:00/01:03:15,32443) [kworker/2:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-09 22:37 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a7a90fbfFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,14416,00:02:49/58-13:17:57,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/58-13:17:57,2) [kthreadd] (root,0,0,00:00:00/58-13:17:57,3) [rcu_gp] (root,0,0,00:00:00/58-13:17:57,4) [rcu_par_gp] (root,0,0,00:00:00/58-13:17:57,5) [slub_flushwq] (root,0,0,00:00:00/58-13:17:57,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/58-13:17:57,9) [mm_percpu_wq] (root,0,0,00:00:00/58-13:17:57,10) [rcu_tasks_kthre] (root,0,0,00:00:00/58-13:17:57,11) [rcu_tasks_rude_] (root,0,0,00:00:00/58-13:17:57,12) [rcu_tasks_trace] (root,0,0,00:01:44/58-13:17:57,13) [ksoftirqd/0] (root,0,0,02:43:48/58-13:17:57,14) [rcu_preempt] (root,0,0,00:00:22/58-13:17:57,15) [migration/0] (root,0,0,00:00:00/58-13:17:57,16) [idle_inject/0] (root,0,0,00:00:00/58-13:17:57,18) [cpuhp/0] (root,0,0,00:00:00/58-13:17:57,19) [cpuhp/1] (root,0,0,00:00:00/58-13:17:57,20) [idle_inject/1] (root,0,0,00:00:22/58-13:17:57,21) [migration/1] (root,0,0,00:01:26/58-13:17:57,22) [ksoftirqd/1] (root,0,0,00:00:00/58-13:17:57,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/58-13:17:57,25) [cpuhp/2] (root,0,0,00:00:00/58-13:17:57,26) [idle_inject/2] (root,0,0,00:00:16/58-13:17:57,27) [migration/2] (root,0,0,01:44:38/58-13:17:57,28) [ksoftirqd/2] (root,0,0,00:00:00/58-13:17:57,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/58-13:17:57,31) [cpuhp/3] (root,0,0,00:00:00/58-13:17:57,32) [idle_inject/3] (root,0,0,00:00:20/58-13:17:57,33) [migration/3] (root,0,0,00:05:20/58-13:17:57,34) [ksoftirqd/3] (root,0,0,00:00:00/58-13:17:57,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/58-13:17:57,40) [kdevtmpfs] (root,0,0,00:00:00/58-13:17:57,41) [netns] (root,0,0,00:00:00/58-13:17:57,42) [inet_frag_wq] (root,0,0,00:00:20/58-13:17:57,43) [kauditd] (root,0,0,00:00:00/58-13:17:57,44) [khungtaskd] (root,0,0,00:00:00/58-13:17:57,45) [oom_reaper] (root,0,0,00:00:00/58-13:17:57,46) [writeback] (root,0,0,00:02:59/58-13:17:57,47) [kcompactd0] (root,0,0,00:00:00/58-13:17:57,48) [ksmd] (root,0,0,00:03:14/58-13:17:57,49) [khugepaged] (root,0,0,00:00:00/58-13:17:57,75) [kintegrityd] (root,0,0,00:00:00/58-13:17:57,76) [kblockd] (root,0,0,00:00:00/58-13:17:57,77) [blkcg_punt_bio] (root,0,0,00:00:00/58-13:17:57,79) [tpm_dev_wq] (root,0,0,00:00:00/58-13:17:57,80) [edac-poller] (root,0,0,00:00:00/58-13:17:57,81) [devfreq_wq] (root,0,0,00:00:00/58-13:17:57,110) [watchdogd] (root,0,0,00:00:04/58-13:17:57,111) [kswapd0] (root,0,0,00:00:15/58-13:17:57,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/58-13:17:55,115) [kthrotld] (root,0,0,00:00:00/58-13:17:55,116) [mld] (root,0,0,00:00:00/58-13:17:55,117) [ipv6_addrconf] (root,0,0,00:00:16/58-13:17:55,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/58-13:17:55,123) [kstrp] (root,0,0,00:00:00/58-13:17:55,124) [zswap-shrink] (root,0,0,00:00:00/58-13:17:55,125) [kworker/u9:0] (root,0,0,00:00:00/58-13:17:55,130) [charger_manager] (root,0,0,00:00:17/58-13:17:55,172) [kworker/1:1H-kblockd] (root,0,0,00:00:25/58-13:17:55,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/58-13:17:54,239) [kaluad] (root,0,0,00:00:00/58-13:17:54,258) [kmpath_rdacd] (root,0,0,00:00:00/58-13:17:54,304) [kmpathd] (root,0,0,00:00:00/58-13:17:54,305) [kmpath_handlerd] (root,0,0,00:00:00/58-13:17:53,342) [ata_sff] (root,0,0,00:00:00/58-13:17:53,343) [scsi_eh_0] (root,0,0,00:00:00/58-13:17:53,344) [scsi_tmf_0] (root,0,0,00:00:00/58-13:17:53,345) [scsi_eh_1] (root,0,0,00:00:00/58-13:17:53,346) [scsi_tmf_1] (root,0,0,00:01:52/58-13:17:50,366) [jbd2/vda1-8] (root,0,0,00:00:00/58-13:17:50,367) [ext4-rsv-conver] (root,38604,7852,00:01:38/58-13:17:38,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/58-13:17:37,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:30/58-13:17:35,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:35/58-13:17:04,511) /sbin/auditd (messagebus,22932,5400,00:03:12/58-13:17:03,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:49/58-13:17:03,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/58-13:17:03,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/58-13:17:01,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/58-13:17:01,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/59:18,788) [kworker/3:0-events] (root,549128,31272,00:01:09/58-13:16:47,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/58-13:16:47,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:43/58-13:16:47,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/58-13:16:47,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/58-13:16:47,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/58-13:16:47,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/58-13:16:47,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:47/58-13:16:47,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:20/58-13:16:47,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/58-13:16:47,1352) bpfilter_umh (root,26204,8096,00:00:30/58-13:16:47,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/58-13:16:47,1359) ntpd: asynchronous dns resolver (spot,363056,214412,3-05:21:47/58-13:16:46,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/58-13:16:46,1371) (sd-pam) (checkmk,48528,3180,00:00:00/58-13:16:46,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/58-13:16:46,1373) (sd-pam) (root,24216,5260,00:00:20/58-13:16:44,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/58-13:16:44,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/58-13:16:44,1485) /usr/sbin/cron -n (root,698952,77684,01:20:59/58-13:16:38,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,234944,80360,00:30:16/58-13:16:26,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/52-18:52:01,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:05:32,6651) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/02:15,9990) [kworker/3:2-ata_sff] (root,35304,10040,00:00:00/20-13:44:56,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:17/20-13:44:55,10514) sshd: syslogtunnel (root,0,0,00:00:00/25:59,14316) [kworker/2:1-cgroup_destroy] (root,6656,3488,00:00:00/00:00,14424) /bin/bash /usr/bin/check_mk_agent (root,13744,3460,00:00:00/00:00,14442) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,14443) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/02:40:33,16568) [kworker/2:2-events] (root,0,0,00:00:00/53:45,19316) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/14:34,19469) [kworker/1:0] (root,0,0,00:00:00/35:22,19788) [kworker/1:1-events] (postfix,24244,8272,00:00:00/01:10:20,20776) pickup -l -t fifo -u (root,0,0,00:00:00/02:28:31,22600) [kworker/u8:0-writeback] (root,0,0,00:00:00/02:19:55,26097) [kworker/0:2-events] (root,0,0,00:00:00/07:25,29576) [kworker/3:1-ata_sff] (root,35308,10028,00:00:00/20-14:31:09,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:09/20-14:31:08,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-08 00:06 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633323b239Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:39/56-13:37:31,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/56-13:37:31,2) [kthreadd] (root,0,0,00:00:00/56-13:37:31,3) [rcu_gp] (root,0,0,00:00:00/56-13:37:31,4) [rcu_par_gp] (root,0,0,00:00:00/56-13:37:31,5) [slub_flushwq] (root,0,0,00:00:00/56-13:37:31,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/56-13:37:31,9) [mm_percpu_wq] (root,0,0,00:00:00/56-13:37:31,10) [rcu_tasks_kthre] (root,0,0,00:00:00/56-13:37:31,11) [rcu_tasks_rude_] (root,0,0,00:00:00/56-13:37:31,12) [rcu_tasks_trace] (root,0,0,00:01:41/56-13:37:31,13) [ksoftirqd/0] (root,0,0,02:38:32/56-13:37:31,14) [rcu_preempt] (root,0,0,00:00:21/56-13:37:31,15) [migration/0] (root,0,0,00:00:00/56-13:37:31,16) [idle_inject/0] (root,0,0,00:00:00/56-13:37:31,18) [cpuhp/0] (root,0,0,00:00:00/56-13:37:31,19) [cpuhp/1] (root,0,0,00:00:00/56-13:37:31,20) [idle_inject/1] (root,0,0,00:00:21/56-13:37:31,21) [migration/1] (root,0,0,00:01:23/56-13:37:31,22) [ksoftirqd/1] (root,0,0,00:00:00/56-13:37:31,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/56-13:37:31,25) [cpuhp/2] (root,0,0,00:00:00/56-13:37:31,26) [idle_inject/2] (root,0,0,00:00:16/56-13:37:31,27) [migration/2] (root,0,0,01:40:20/56-13:37:31,28) [ksoftirqd/2] (root,0,0,00:00:00/56-13:37:31,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/56-13:37:31,31) [cpuhp/3] (root,0,0,00:00:00/56-13:37:31,32) [idle_inject/3] (root,0,0,00:00:20/56-13:37:31,33) [migration/3] (root,0,0,00:05:09/56-13:37:31,34) [ksoftirqd/3] (root,0,0,00:00:00/56-13:37:31,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/56-13:37:31,40) [kdevtmpfs] (root,0,0,00:00:00/56-13:37:31,41) [netns] (root,0,0,00:00:00/56-13:37:31,42) [inet_frag_wq] (root,0,0,00:00:19/56-13:37:31,43) [kauditd] (root,0,0,00:00:00/56-13:37:31,44) [khungtaskd] (root,0,0,00:00:00/56-13:37:31,45) [oom_reaper] (root,0,0,00:00:00/56-13:37:31,46) [writeback] (root,0,0,00:02:53/56-13:37:31,47) [kcompactd0] (root,0,0,00:00:00/56-13:37:31,48) [ksmd] (root,0,0,00:03:07/56-13:37:31,49) [khugepaged] (root,0,0,00:00:00/56-13:37:31,75) [kintegrityd] (root,0,0,00:00:00/56-13:37:31,76) [kblockd] (root,0,0,00:00:00/56-13:37:31,77) [blkcg_punt_bio] (root,0,0,00:00:00/56-13:37:31,79) [tpm_dev_wq] (root,0,0,00:00:00/56-13:37:31,80) [edac-poller] (root,0,0,00:00:00/56-13:37:31,81) [devfreq_wq] (root,0,0,00:00:00/56-13:37:31,110) [watchdogd] (root,0,0,00:00:04/56-13:37:31,111) [kswapd0] (root,0,0,00:00:14/56-13:37:31,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/56-13:37:29,115) [kthrotld] (root,0,0,00:00:00/56-13:37:29,116) [mld] (root,0,0,00:00:00/56-13:37:29,117) [ipv6_addrconf] (root,0,0,00:00:15/56-13:37:29,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/56-13:37:29,123) [kstrp] (root,0,0,00:00:00/56-13:37:29,124) [zswap-shrink] (root,0,0,00:00:00/56-13:37:29,125) [kworker/u9:0] (root,0,0,00:00:00/56-13:37:29,130) [charger_manager] (root,0,0,00:00:17/56-13:37:29,172) [kworker/1:1H-kblockd] (root,0,0,00:00:25/56-13:37:29,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/56-13:37:28,239) [kaluad] (root,0,0,00:00:00/56-13:37:28,258) [kmpath_rdacd] (root,0,0,00:00:00/56-13:37:28,304) [kmpathd] (root,0,0,00:00:00/56-13:37:28,305) [kmpath_handlerd] (root,0,0,00:00:00/56-13:37:27,342) [ata_sff] (root,0,0,00:00:00/56-13:37:27,343) [scsi_eh_0] (root,0,0,00:00:00/56-13:37:27,344) [scsi_tmf_0] (root,0,0,00:00:00/56-13:37:27,345) [scsi_eh_1] (root,0,0,00:00:00/56-13:37:27,346) [scsi_tmf_1] (root,0,0,00:01:49/56-13:37:24,366) [jbd2/vda1-8] (root,0,0,00:00:00/56-13:37:24,367) [ext4-rsv-conver] (root,38604,7852,00:01:33/56-13:37:12,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/56-13:37:11,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:27/56-13:37:09,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:32/56-13:36:38,511) /sbin/auditd (messagebus,22932,5400,00:03:00/56-13:36:37,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:42/56-13:36:37,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/56-13:36:37,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/56-13:36:35,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/56-13:36:35,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549128,31272,00:01:07/56-13:36:21,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/56-13:36:21,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:35/56-13:36:21,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/56-13:36:21,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/56-13:36:21,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/56-13:36:21,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/56-13:36:21,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:42/56-13:36:21,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:04/56-13:36:21,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/56-13:36:21,1352) bpfilter_umh (root,26204,8096,00:00:28/56-13:36:21,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/56-13:36:21,1359) ntpd: asynchronous dns resolver (spot,365088,215716,3-02:28:27/56-13:36:20,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/56-13:36:20,1371) (sd-pam) (checkmk,48528,3180,00:00:00/56-13:36:20,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/56-13:36:20,1373) (sd-pam) (root,24216,5260,00:00:20/56-13:36:18,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/56-13:36:18,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:07/56-13:36:18,1485) /usr/sbin/cron -n (root,698412,77180,01:18:14/56-13:36:12,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,233920,79172,00:29:30/56-13:36:00,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/50-19:11:35,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/15:12,3798) [kworker/0:0] (root,0,0,00:00:00/24:51,5803) [kworker/3:2-ata_sff] (root,0,0,00:00:00/24:42,6586) [kworker/1:2-mm_percpu_wq] (root,0,0,00:00:00/01:27:53,8106) [kworker/2:2-events] (root,0,0,00:00:00/00:17,9914) [kworker/2:0-events] (root,35304,10040,00:00:00/18-14:04:30,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:09/18-14:04:29,10514) sshd: syslogtunnel (root,0,0,00:00:00/06:42,11111) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/22:30,11848) [kworker/0:2-events] (root,6656,3488,00:00:00/00:01,12044) /bin/bash /usr/bin/check_mk_agent (root,13744,3464,00:00:00/00:00,12062) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,12063) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8236,00:00:00/11:41,15810) pickup -l -t fifo -u (root,0,0,00:00:00/10:44,20853) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/10:43,21031) [kworker/2:1] (root,0,0,00:00:00/01:05:55,22117) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/04:05,25078) [kworker/3:1-ata_sff] (root,0,0,00:00:00/09:16,29448) [kworker/3:0-events] (root,35308,10028,00:00:00/18-14:50:43,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:03/18-14:50:42,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-06 00:26 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836306ab7ad0Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12464,00:02:18/47-13:35:29,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/47-13:35:29,2) [kthreadd] (root,0,0,00:00:00/47-13:35:29,3) [rcu_gp] (root,0,0,00:00:00/47-13:35:29,4) [rcu_par_gp] (root,0,0,00:00:00/47-13:35:29,5) [slub_flushwq] (root,0,0,00:00:00/47-13:35:29,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/47-13:35:29,9) [mm_percpu_wq] (root,0,0,00:00:00/47-13:35:29,10) [rcu_tasks_kthre] (root,0,0,00:00:00/47-13:35:29,11) [rcu_tasks_rude_] (root,0,0,00:00:00/47-13:35:29,12) [rcu_tasks_trace] (root,0,0,00:01:26/47-13:35:29,13) [ksoftirqd/0] (root,0,0,02:15:51/47-13:35:29,14) [rcu_preempt] (root,0,0,00:00:18/47-13:35:29,15) [migration/0] (root,0,0,00:00:00/47-13:35:29,16) [idle_inject/0] (root,0,0,00:00:00/47-13:35:29,18) [cpuhp/0] (root,0,0,00:00:00/47-13:35:29,19) [cpuhp/1] (root,0,0,00:00:00/47-13:35:29,20) [idle_inject/1] (root,0,0,00:00:18/47-13:35:29,21) [migration/1] (root,0,0,00:01:11/47-13:35:29,22) [ksoftirqd/1] (root,0,0,00:00:00/47-13:35:29,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/47-13:35:29,25) [cpuhp/2] (root,0,0,00:00:00/47-13:35:29,26) [idle_inject/2] (root,0,0,00:00:13/47-13:35:29,27) [migration/2] (root,0,0,01:27:41/47-13:35:29,28) [ksoftirqd/2] (root,0,0,00:00:00/47-13:35:29,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/47-13:35:29,31) [cpuhp/3] (root,0,0,00:00:00/47-13:35:29,32) [idle_inject/3] (root,0,0,00:00:17/47-13:35:29,33) [migration/3] (root,0,0,00:04:30/47-13:35:29,34) [ksoftirqd/3] (root,0,0,00:00:00/47-13:35:29,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/47-13:35:29,40) [kdevtmpfs] (root,0,0,00:00:00/47-13:35:29,41) [netns] (root,0,0,00:00:00/47-13:35:29,42) [inet_frag_wq] (root,0,0,00:00:16/47-13:35:29,43) [kauditd] (root,0,0,00:00:00/47-13:35:29,44) [khungtaskd] (root,0,0,00:00:00/47-13:35:29,45) [oom_reaper] (root,0,0,00:00:00/47-13:35:29,46) [writeback] (root,0,0,00:02:28/47-13:35:29,47) [kcompactd0] (root,0,0,00:00:00/47-13:35:29,48) [ksmd] (root,0,0,00:02:37/47-13:35:29,49) [khugepaged] (root,0,0,00:00:00/47-13:35:29,75) [kintegrityd] (root,0,0,00:00:00/47-13:35:29,76) [kblockd] (root,0,0,00:00:00/47-13:35:29,77) [blkcg_punt_bio] (root,0,0,00:00:00/47-13:35:29,79) [tpm_dev_wq] (root,0,0,00:00:00/47-13:35:29,80) [edac-poller] (root,0,0,00:00:00/47-13:35:29,81) [devfreq_wq] (root,0,0,00:00:00/47-13:35:29,110) [watchdogd] (root,0,0,00:00:03/47-13:35:29,111) [kswapd0] (root,0,0,00:00:12/47-13:35:29,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/47-13:35:27,115) [kthrotld] (root,0,0,00:00:00/47-13:35:27,116) [mld] (root,0,0,00:00:00/47-13:35:27,117) [ipv6_addrconf] (root,0,0,00:00:13/47-13:35:27,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/47-13:35:27,123) [kstrp] (root,0,0,00:00:00/47-13:35:27,124) [zswap-shrink] (root,0,0,00:00:00/47-13:35:27,125) [kworker/u9:0] (root,0,0,00:00:00/47-13:35:27,130) [charger_manager] (root,0,0,00:00:14/47-13:35:27,172) [kworker/1:1H-kblockd] (root,0,0,00:00:21/47-13:35:27,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/47-13:35:26,239) [kaluad] (root,0,0,00:00:00/47-13:35:26,258) [kmpath_rdacd] (root,0,0,00:00:00/47-13:35:26,304) [kmpathd] (root,0,0,00:00:00/47-13:35:26,305) [kmpath_handlerd] (root,0,0,00:00:00/47-13:35:25,342) [ata_sff] (root,0,0,00:00:00/47-13:35:25,343) [scsi_eh_0] (root,0,0,00:00:00/47-13:35:25,344) [scsi_tmf_0] (root,0,0,00:00:00/47-13:35:25,345) [scsi_eh_1] (root,0,0,00:00:00/47-13:35:25,346) [scsi_tmf_1] (root,0,0,00:01:34/47-13:35:22,366) [jbd2/vda1-8] (root,0,0,00:00:00/47-13:35:22,367) [ext4-rsv-conver] (root,38604,7856,00:01:20/47-13:35:10,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/47-13:35:09,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:14/47-13:35:07,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:28/47-13:34:36,511) /sbin/auditd (messagebus,22932,5408,00:02:36/47-13:34:35,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:28/47-13:34:35,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/47-13:34:35,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/47-13:34:33,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/47-13:34:33,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:56/47-13:34:19,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/47-13:34:19,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:44/47-13:34:19,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/47-13:34:19,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/47-13:34:19,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/47-13:34:19,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/47-13:34:19,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:30/47-13:34:19,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:52/47-13:34:19,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/47-13:34:19,1352) bpfilter_umh (root,26204,8096,00:00:24/47-13:34:19,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/47-13:34:19,1359) ntpd: asynchronous dns resolver (spot,361104,212012,2-16:41:22/47-13:34:18,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/47-13:34:18,1371) (sd-pam) (checkmk,48528,3180,00:00:00/47-13:34:18,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/47-13:34:18,1373) (sd-pam) (root,24216,5260,00:00:16/47-13:34:16,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/47-13:34:16,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/47-13:34:16,1485) /usr/sbin/cron -n (root,697508,79208,01:06:08/47-13:34:10,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,229824,73032,00:25:46/47-13:33:58,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/41-19:09:33,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/28:52,2570) [kworker/2:1-events] (root,35304,10040,00:00:00/9-14:02:28,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:37/9-14:02:27,10514) sshd: syslogtunnel (postfix,24244,8256,00:00:00/56:21,10898) pickup -l -t fifo -u (root,0,0,00:00:00/11:22,11263) [kworker/3:1-events] (root,0,0,00:00:00/00:59,15406) [kworker/3:2-ata_sff] (root,0,0,00:00:01/04:03:20,15451) [kworker/1:1-events] (root,0,0,00:00:00/23:39,15704) [kworker/2:0-events] (root,0,0,00:00:00/23:37,15769) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/08:22,17795) [kworker/1:0-events] (root,6656,3480,00:00:00/00:00,20835) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,20853) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,20854) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:22:29,21827) [kworker/u8:0-events_unbound] (root,0,0,00:00:00/34:22,25528) [kworker/0:2-events] (root,0,0,00:00:00/06:09,26690) [kworker/3:0-ata_sff] (root,0,0,00:00:01/07:45:48,29068) [kworker/0:0-events] (root,35308,10028,00:00:00/9-14:48:41,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:34/9-14:48:40,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-28 00:24 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683635cbfbc80Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12460,00:02:13/45-12:16:07,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/45-12:16:07,2) [kthreadd] (root,0,0,00:00:00/45-12:16:07,3) [rcu_gp] (root,0,0,00:00:00/45-12:16:07,4) [rcu_par_gp] (root,0,0,00:00:00/45-12:16:07,5) [slub_flushwq] (root,0,0,00:00:00/45-12:16:07,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/45-12:16:07,9) [mm_percpu_wq] (root,0,0,00:00:00/45-12:16:07,10) [rcu_tasks_kthre] (root,0,0,00:00:00/45-12:16:07,11) [rcu_tasks_rude_] (root,0,0,00:00:00/45-12:16:07,12) [rcu_tasks_trace] (root,0,0,00:01:23/45-12:16:07,13) [ksoftirqd/0] (root,0,0,02:10:31/45-12:16:07,14) [rcu_preempt] (root,0,0,00:00:17/45-12:16:07,15) [migration/0] (root,0,0,00:00:00/45-12:16:07,16) [idle_inject/0] (root,0,0,00:00:00/45-12:16:07,18) [cpuhp/0] (root,0,0,00:00:00/45-12:16:07,19) [cpuhp/1] (root,0,0,00:00:00/45-12:16:07,20) [idle_inject/1] (root,0,0,00:00:17/45-12:16:07,21) [migration/1] (root,0,0,00:01:08/45-12:16:07,22) [ksoftirqd/1] (root,0,0,00:00:00/45-12:16:07,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/45-12:16:07,25) [cpuhp/2] (root,0,0,00:00:00/45-12:16:07,26) [idle_inject/2] (root,0,0,00:00:13/45-12:16:07,27) [migration/2] (root,0,0,01:25:11/45-12:16:07,28) [ksoftirqd/2] (root,0,0,00:00:00/45-12:16:07,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/45-12:16:07,31) [cpuhp/3] (root,0,0,00:00:00/45-12:16:07,32) [idle_inject/3] (root,0,0,00:00:16/45-12:16:07,33) [migration/3] (root,0,0,00:04:21/45-12:16:07,34) [ksoftirqd/3] (root,0,0,00:00:00/45-12:16:07,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/45-12:16:07,40) [kdevtmpfs] (root,0,0,00:00:00/45-12:16:07,41) [netns] (root,0,0,00:00:00/45-12:16:07,42) [inet_frag_wq] (root,0,0,00:00:16/45-12:16:07,43) [kauditd] (root,0,0,00:00:00/45-12:16:07,44) [khungtaskd] (root,0,0,00:00:00/45-12:16:07,45) [oom_reaper] (root,0,0,00:00:00/45-12:16:07,46) [writeback] (root,0,0,00:02:23/45-12:16:07,47) [kcompactd0] (root,0,0,00:00:00/45-12:16:07,48) [ksmd] (root,0,0,00:02:30/45-12:16:07,49) [khugepaged] (root,0,0,00:00:00/45-12:16:07,75) [kintegrityd] (root,0,0,00:00:00/45-12:16:07,76) [kblockd] (root,0,0,00:00:00/45-12:16:07,77) [blkcg_punt_bio] (root,0,0,00:00:00/45-12:16:07,79) [tpm_dev_wq] (root,0,0,00:00:00/45-12:16:07,80) [edac-poller] (root,0,0,00:00:00/45-12:16:07,81) [devfreq_wq] (root,0,0,00:00:00/45-12:16:07,110) [watchdogd] (root,0,0,00:00:03/45-12:16:07,111) [kswapd0] (root,0,0,00:00:12/45-12:16:07,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/45-12:16:05,115) [kthrotld] (root,0,0,00:00:00/45-12:16:05,116) [mld] (root,0,0,00:00:00/45-12:16:05,117) [ipv6_addrconf] (root,0,0,00:00:12/45-12:16:05,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/45-12:16:05,123) [kstrp] (root,0,0,00:00:00/45-12:16:05,124) [zswap-shrink] (root,0,0,00:00:00/45-12:16:05,125) [kworker/u9:0] (root,0,0,00:00:00/45-12:16:05,130) [charger_manager] (root,0,0,00:00:14/45-12:16:05,172) [kworker/1:1H-kblockd] (root,0,0,00:00:20/45-12:16:05,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/45-12:16:04,239) [kaluad] (root,0,0,00:00:00/45-12:16:04,258) [kmpath_rdacd] (root,0,0,00:00:00/45-12:16:04,304) [kmpathd] (root,0,0,00:00:00/45-12:16:04,305) [kmpath_handlerd] (root,0,0,00:00:00/45-12:16:03,342) [ata_sff] (root,0,0,00:00:00/45-12:16:03,343) [scsi_eh_0] (root,0,0,00:00:00/45-12:16:03,344) [scsi_tmf_0] (root,0,0,00:00:00/45-12:16:03,345) [scsi_eh_1] (root,0,0,00:00:00/45-12:16:03,346) [scsi_tmf_1] (root,0,0,00:01:30/45-12:16:00,366) [jbd2/vda1-8] (root,0,0,00:00:00/45-12:16:00,367) [ext4-rsv-conver] (root,38604,7856,00:01:17/45-12:15:48,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/45-12:15:47,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:11/45-12:15:45,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:27/45-12:15:14,511) /sbin/auditd (messagebus,22932,5408,00:02:30/45-12:15:13,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:25/45-12:15:13,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/45-12:15:13,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/45-12:15:11,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/45-12:15:11,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:54/45-12:14:57,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/45-12:14:57,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:33/45-12:14:57,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/45-12:14:57,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/45-12:14:57,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/45-12:14:57,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/45-12:14:57,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:28/45-12:14:57,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:36/45-12:14:57,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/45-12:14:57,1352) bpfilter_umh (root,26204,8096,00:00:23/45-12:14:57,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/45-12:14:57,1359) ntpd: asynchronous dns resolver (spot,362112,206192,2-14:31:04/45-12:14:56,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/45-12:14:56,1371) (sd-pam) (checkmk,48528,3180,00:00:00/45-12:14:56,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/45-12:14:56,1373) (sd-pam) (root,24216,5260,00:00:16/45-12:14:54,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/45-12:14:54,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/45-12:14:54,1485) /usr/sbin/cron -n (root,697508,78836,01:03:19/45-12:14:48,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,228800,71508,00:24:47/45-12:14:36,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/14:18,2530) [kworker/u8:2-ext4-rsv-conversion] (postfix,44628,9184,00:00:01/39-17:50:11,2557) tlsmgr -l -t unix -u (postfix,24244,8236,00:00:00/01:39:00,3857) pickup -l -t fifo -u (root,0,0,00:00:00/14:07,3883) [kworker/2:0-events] (root,0,0,00:00:00/00:01,3893) [kworker/3:2] (root,6764,3604,00:00:00/00:00,3972) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,4159) /bin/bash /usr/bin/check_mk_agent (root,15108,10420,00:00:00/00:00,4169) python ././remotecheck (root,13744,3360,00:00:00/00:00,4183) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,4184) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,6160,3020,00:00:00/00:00,4185) /bin/bash /services/monitoring/checks/enabled/check_gateway_sensornet (root,0,0,00:00:00/01:29:43,7467) [kworker/1:1-events] (root,0,0,00:00:00/29:15,9975) [kworker/2:2-events] (root,35304,10040,00:00:00/7-12:43:06,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:30/7-12:43:05,10514) sshd: syslogtunnel (root,0,0,00:00:00/44:18,13466) [kworker/1:2] (root,0,0,00:00:00/05:12,14103) [kworker/3:1-mm_percpu_wq] (root,0,0,00:00:00/19:12,16113) [kworker/0:1] (root,0,0,00:00:01/03:05:23,23049) [kworker/0:2-events] (root,35308,10028,00:00:00/7-13:29:19,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:27/7-13:29:18,30947) sshd: cm-ssh (root,0,0,00:00:00/01:02:17,31141) [kworker/3:0-events] (root,0,0,00:00:00/02:14:53,32405) [kworker/u8:1-flush-253:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-25 23:04 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363cf56b0f0Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:08/43-13:00:03,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/43-13:00:03,2) [kthreadd] (root,0,0,00:00:00/43-13:00:03,3) [rcu_gp] (root,0,0,00:00:00/43-13:00:03,4) [rcu_par_gp] (root,0,0,00:00:00/43-13:00:03,5) [slub_flushwq] (root,0,0,00:00:00/43-13:00:03,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/43-13:00:03,9) [mm_percpu_wq] (root,0,0,00:00:00/43-13:00:03,10) [rcu_tasks_kthre] (root,0,0,00:00:00/43-13:00:03,11) [rcu_tasks_rude_] (root,0,0,00:00:00/43-13:00:03,12) [rcu_tasks_trace] (root,0,0,00:01:20/43-13:00:03,13) [ksoftirqd/0] (root,0,0,02:05:08/43-13:00:03,14) [rcu_preempt] (root,0,0,00:00:16/43-13:00:03,15) [migration/0] (root,0,0,00:00:00/43-13:00:03,16) [idle_inject/0] (root,0,0,00:00:00/43-13:00:03,18) [cpuhp/0] (root,0,0,00:00:00/43-13:00:03,19) [cpuhp/1] (root,0,0,00:00:00/43-13:00:03,20) [idle_inject/1] (root,0,0,00:00:16/43-13:00:03,21) [migration/1] (root,0,0,00:01:05/43-13:00:03,22) [ksoftirqd/1] (root,0,0,00:00:00/43-13:00:03,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/43-13:00:03,25) [cpuhp/2] (root,0,0,00:00:00/43-13:00:03,26) [idle_inject/2] (root,0,0,00:00:12/43-13:00:03,27) [migration/2] (root,0,0,01:22:27/43-13:00:03,28) [ksoftirqd/2] (root,0,0,00:00:00/43-13:00:03,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/43-13:00:03,31) [cpuhp/3] (root,0,0,00:00:00/43-13:00:03,32) [idle_inject/3] (root,0,0,00:00:15/43-13:00:03,33) [migration/3] (root,0,0,00:04:12/43-13:00:03,34) [ksoftirqd/3] (root,0,0,00:00:00/43-13:00:03,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/43-13:00:03,40) [kdevtmpfs] (root,0,0,00:00:00/43-13:00:03,41) [netns] (root,0,0,00:00:00/43-13:00:03,42) [inet_frag_wq] (root,0,0,00:00:15/43-13:00:03,43) [kauditd] (root,0,0,00:00:00/43-13:00:03,44) [khungtaskd] (root,0,0,00:00:00/43-13:00:03,45) [oom_reaper] (root,0,0,00:00:00/43-13:00:03,46) [writeback] (root,0,0,00:02:17/43-13:00:03,47) [kcompactd0] (root,0,0,00:00:00/43-13:00:03,48) [ksmd] (root,0,0,00:02:24/43-13:00:03,49) [khugepaged] (root,0,0,00:00:00/43-13:00:03,75) [kintegrityd] (root,0,0,00:00:00/43-13:00:03,76) [kblockd] (root,0,0,00:00:00/43-13:00:03,77) [blkcg_punt_bio] (root,0,0,00:00:00/43-13:00:03,79) [tpm_dev_wq] (root,0,0,00:00:00/43-13:00:03,80) [edac-poller] (root,0,0,00:00:00/43-13:00:03,81) [devfreq_wq] (root,0,0,00:00:00/43-13:00:03,110) [watchdogd] (root,0,0,00:00:03/43-13:00:03,111) [kswapd0] (root,0,0,00:00:11/43-13:00:03,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/43-13:00:01,115) [kthrotld] (root,0,0,00:00:00/43-13:00:01,116) [mld] (root,0,0,00:00:00/43-13:00:01,117) [ipv6_addrconf] (root,0,0,00:00:12/43-13:00:01,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/43-13:00:01,123) [kstrp] (root,0,0,00:00:00/43-13:00:01,124) [zswap-shrink] (root,0,0,00:00:00/43-13:00:01,125) [kworker/u9:0] (root,0,0,00:00:00/43-13:00:01,130) [charger_manager] (root,0,0,00:00:13/43-13:00:01,172) [kworker/1:1H-kblockd] (root,0,0,00:00:19/43-13:00:01,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/43-13:00:00,239) [kaluad] (root,0,0,00:00:00/43-13:00:00,258) [kmpath_rdacd] (root,0,0,00:00:00/43-13:00:00,304) [kmpathd] (root,0,0,00:00:00/43-13:00:00,305) [kmpath_handlerd] (root,0,0,00:00:00/43-12:59:59,342) [ata_sff] (root,0,0,00:00:00/43-12:59:59,343) [scsi_eh_0] (root,0,0,00:00:00/43-12:59:59,344) [scsi_tmf_0] (root,0,0,00:00:00/43-12:59:59,345) [scsi_eh_1] (root,0,0,00:00:00/43-12:59:59,346) [scsi_tmf_1] (root,0,0,00:01:27/43-12:59:56,366) [jbd2/vda1-8] (root,0,0,00:00:00/43-12:59:56,367) [ext4-rsv-conver] (root,38604,7856,00:01:15/43-12:59:44,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/43-12:59:43,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:08/43-12:59:41,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:26/43-12:59:10,511) /sbin/auditd (messagebus,22932,5408,00:02:24/43-12:59:09,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:22/43-12:59:09,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/43-12:59:09,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/43-12:59:07,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/43-12:59:07,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/32:29,883) [kworker/2:0-events] (root,548872,30852,00:00:52/43-12:58:53,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/43-12:58:53,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:21/43-12:58:53,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/43-12:58:53,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/43-12:58:53,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/43-12:58:53,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/43-12:58:53,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:25/43-12:58:53,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:19/43-12:58:53,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/43-12:58:53,1352) bpfilter_umh (root,26204,8096,00:00:22/43-12:58:53,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/43-12:58:53,1359) ntpd: asynchronous dns resolver (spot,361952,206168,2-12:17:52/43-12:58:52,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/43-12:58:52,1371) (sd-pam) (checkmk,48528,3180,00:00:00/43-12:58:52,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/43-12:58:52,1373) (sd-pam) (root,24216,5260,00:00:15/43-12:58:50,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/43-12:58:50,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/43-12:58:50,1485) /usr/sbin/cron -n (root,697508,78764,01:00:34/43-12:58:44,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,227776,70172,00:23:49/43-12:58:32,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/37-18:34:07,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/12:56,3115) [kworker/0:0-events] (root,0,0,00:00:00/12:18,5878) [kworker/3:1-events] (root,0,0,00:00:00/01:55,8104) [kworker/3:0-ata_sff] (root,35304,10040,00:00:00/5-13:27:02,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:23/5-13:27:01,10514) sshd: syslogtunnel (root,0,0,00:00:00/02:50:50,12041) [kworker/1:0-events] (root,6656,3484,00:00:00/00:00,12892) /bin/bash /usr/bin/check_mk_agent (root,13744,3480,00:00:00/00:00,12910) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,12911) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/03:54:16,13819) [kworker/0:2-events] (root,0,0,00:00:00/17:48,14385) [kworker/2:2-events] (root,0,0,00:00:00/08:07,16743) [kworker/1:2-events] (root,0,0,00:00:00/48:15,19317) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/07:08,20288) [kworker/3:2-ata_sff] (postfix,24244,8252,00:00:00/01:04:35,22335) pickup -l -t fifo -u (root,0,0,00:00:00/01:03:42,23914) [kworker/u8:0-flush-253:0] (root,35308,10028,00:00:00/5-14:13:15,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:21/5-14:13:14,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-23 23:48 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363123ff872Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:03/41-12:26:26,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/41-12:26:26,2) [kthreadd] (root,0,0,00:00:00/41-12:26:26,3) [rcu_gp] (root,0,0,00:00:00/41-12:26:26,4) [rcu_par_gp] (root,0,0,00:00:00/41-12:26:26,5) [slub_flushwq] (root,0,0,00:00:00/41-12:26:26,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/41-12:26:26,9) [mm_percpu_wq] (root,0,0,00:00:00/41-12:26:26,10) [rcu_tasks_kthre] (root,0,0,00:00:00/41-12:26:26,11) [rcu_tasks_rude_] (root,0,0,00:00:00/41-12:26:26,12) [rcu_tasks_trace] (root,0,0,00:01:16/41-12:26:26,13) [ksoftirqd/0] (root,0,0,01:59:10/41-12:26:26,14) [rcu_preempt] (root,0,0,00:00:15/41-12:26:26,15) [migration/0] (root,0,0,00:00:00/41-12:26:26,16) [idle_inject/0] (root,0,0,00:00:00/41-12:26:26,18) [cpuhp/0] (root,0,0,00:00:00/41-12:26:26,19) [cpuhp/1] (root,0,0,00:00:00/41-12:26:26,20) [idle_inject/1] (root,0,0,00:00:16/41-12:26:26,21) [migration/1] (root,0,0,00:01:02/41-12:26:26,22) [ksoftirqd/1] (root,0,0,00:00:00/41-12:26:26,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/41-12:26:26,25) [cpuhp/2] (root,0,0,00:00:00/41-12:26:26,26) [idle_inject/2] (root,0,0,00:00:12/41-12:26:26,27) [migration/2] (root,0,0,01:18:25/41-12:26:26,28) [ksoftirqd/2] (root,0,0,00:00:00/41-12:26:26,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/41-12:26:26,31) [cpuhp/3] (root,0,0,00:00:00/41-12:26:26,32) [idle_inject/3] (root,0,0,00:00:15/41-12:26:26,33) [migration/3] (root,0,0,00:03:59/41-12:26:26,34) [ksoftirqd/3] (root,0,0,00:00:00/41-12:26:26,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/41-12:26:26,40) [kdevtmpfs] (root,0,0,00:00:00/41-12:26:26,41) [netns] (root,0,0,00:00:00/41-12:26:26,42) [inet_frag_wq] (root,0,0,00:00:14/41-12:26:26,43) [kauditd] (root,0,0,00:00:00/41-12:26:26,44) [khungtaskd] (root,0,0,00:00:00/41-12:26:26,45) [oom_reaper] (root,0,0,00:00:00/41-12:26:26,46) [writeback] (root,0,0,00:02:11/41-12:26:26,47) [kcompactd0] (root,0,0,00:00:00/41-12:26:26,48) [ksmd] (root,0,0,00:02:16/41-12:26:26,49) [khugepaged] (root,0,0,00:00:00/41-12:26:26,75) [kintegrityd] (root,0,0,00:00:00/41-12:26:26,76) [kblockd] (root,0,0,00:00:00/41-12:26:26,77) [blkcg_punt_bio] (root,0,0,00:00:00/41-12:26:26,79) [tpm_dev_wq] (root,0,0,00:00:00/41-12:26:26,80) [edac-poller] (root,0,0,00:00:00/41-12:26:26,81) [devfreq_wq] (root,0,0,00:00:00/41-12:26:26,110) [watchdogd] (root,0,0,00:00:03/41-12:26:26,111) [kswapd0] (root,0,0,00:00:11/41-12:26:26,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/41-12:26:24,115) [kthrotld] (root,0,0,00:00:00/41-12:26:24,116) [mld] (root,0,0,00:00:00/41-12:26:24,117) [ipv6_addrconf] (root,0,0,00:00:11/41-12:26:24,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/41-12:26:24,123) [kstrp] (root,0,0,00:00:00/41-12:26:24,124) [zswap-shrink] (root,0,0,00:00:00/41-12:26:24,125) [kworker/u9:0] (root,0,0,00:00:00/41-12:26:24,130) [charger_manager] (root,0,0,00:00:12/41-12:26:24,172) [kworker/1:1H-kblockd] (root,0,0,00:00:18/41-12:26:24,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/41-12:26:23,239) [kaluad] (root,0,0,00:00:00/41-12:26:23,258) [kmpath_rdacd] (root,0,0,00:00:00/41-12:26:23,304) [kmpathd] (root,0,0,00:00:00/41-12:26:23,305) [kmpath_handlerd] (root,0,0,00:00:00/41-12:26:22,342) [ata_sff] (root,0,0,00:00:00/41-12:26:22,343) [scsi_eh_0] (root,0,0,00:00:00/41-12:26:22,344) [scsi_tmf_0] (root,0,0,00:00:00/41-12:26:22,345) [scsi_eh_1] (root,0,0,00:00:00/41-12:26:22,346) [scsi_tmf_1] (root,0,0,00:01:23/41-12:26:19,366) [jbd2/vda1-8] (root,0,0,00:00:00/41-12:26:19,367) [ext4-rsv-conver] (root,38604,7856,00:01:12/41-12:26:07,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:04/41-12:26:06,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:05/41-12:26:04,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:25/41-12:25:33,511) /sbin/auditd (messagebus,22932,5408,00:02:18/41-12:25:32,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:18/41-12:25:32,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/41-12:25:32,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/41-12:25:30,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/41-12:25:30,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30208,00:00:49/41-12:25:16,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/41-12:25:16,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:09/41-12:25:16,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/41-12:25:16,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/41-12:25:16,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/41-12:25:16,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/41-12:25:16,1343) /usr/lib/systemd/systemd --user (root,449060,8448,00:01:22/41-12:25:16,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:01/41-12:25:16,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/41-12:25:16,1352) bpfilter_umh (root,26204,8096,00:00:21/41-12:25:16,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/41-12:25:16,1359) ntpd: asynchronous dns resolver (spot,361824,206136,2-09:29:07/41-12:25:15,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/41-12:25:15,1371) (sd-pam) (checkmk,48528,3180,00:00:00/41-12:25:15,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/41-12:25:15,1373) (sd-pam) (root,24216,5260,00:00:14/41-12:25:13,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/41-12:25:13,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/41-12:25:13,1485) /usr/sbin/cron -n (root,697108,78384,00:57:41/41-12:25:07,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,226752,68932,00:22:48/41-12:24:55,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:07,2017) [kworker/0:1] (postfix,44628,9184,00:00:01/35-18:00:30,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:14:02,3309) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/00:33,3462) [kworker/u8:0-flush-253:0] (root,6656,3484,00:00:00/00:00,5615) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,5633) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,5634) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/19:41,8034) [kworker/3:1-events] (root,0,0,00:00:00/10:49,8459) [kworker/1:0] (root,0,0,00:00:00/10:25,8460) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/09:18,10296) [kworker/3:0-ata_sff] (root,35304,10040,00:00:00/3-12:53:25,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:14/3-12:53:24,10514) sshd: syslogtunnel (postfix,24244,8308,00:00:00/52:55,11997) pickup -l -t fifo -u (root,0,0,00:00:00/34:47,15424) [kworker/0:2-events] (root,0,0,00:00:01/09:51:06,16954) [kworker/2:1-events] (root,0,0,00:00:01/02:30:08,18031) [kworker/1:2-events] (root,0,0,00:00:00/02:25:25,20231) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/04:08,23469) [kworker/3:2-ata_sff] (root,0,0,00:00:00/29:58,25066) [kworker/2:0-events] (root,35308,10028,00:00:00/3-13:39:38,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:14/3-13:39:37,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-21 23:15 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683635cb18681Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:57/39-11:14:18,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-11:14:18,2) [kthreadd] (root,0,0,00:00:00/39-11:14:18,3) [rcu_gp] (root,0,0,00:00:00/39-11:14:18,4) [rcu_par_gp] (root,0,0,00:00:00/39-11:14:18,5) [slub_flushwq] (root,0,0,00:00:00/39-11:14:18,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-11:14:18,9) [mm_percpu_wq] (root,0,0,00:00:00/39-11:14:18,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-11:14:18,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-11:14:18,12) [rcu_tasks_trace] (root,0,0,00:01:12/39-11:14:18,13) [ksoftirqd/0] (root,0,0,01:53:13/39-11:14:18,14) [rcu_preempt] (root,0,0,00:00:15/39-11:14:18,15) [migration/0] (root,0,0,00:00:00/39-11:14:18,16) [idle_inject/0] (root,0,0,00:00:00/39-11:14:18,18) [cpuhp/0] (root,0,0,00:00:00/39-11:14:18,19) [cpuhp/1] (root,0,0,00:00:00/39-11:14:18,20) [idle_inject/1] (root,0,0,00:00:15/39-11:14:18,21) [migration/1] (root,0,0,00:00:58/39-11:14:18,22) [ksoftirqd/1] (root,0,0,00:00:00/39-11:14:18,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-11:14:18,25) [cpuhp/2] (root,0,0,00:00:00/39-11:14:18,26) [idle_inject/2] (root,0,0,00:00:11/39-11:14:18,27) [migration/2] (root,0,0,01:13:26/39-11:14:18,28) [ksoftirqd/2] (root,0,0,00:00:00/39-11:14:18,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-11:14:18,31) [cpuhp/3] (root,0,0,00:00:00/39-11:14:18,32) [idle_inject/3] (root,0,0,00:00:14/39-11:14:18,33) [migration/3] (root,0,0,00:03:45/39-11:14:18,34) [ksoftirqd/3] (root,0,0,00:00:00/39-11:14:18,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-11:14:18,40) [kdevtmpfs] (root,0,0,00:00:00/39-11:14:18,41) [netns] (root,0,0,00:00:00/39-11:14:18,42) [inet_frag_wq] (root,0,0,00:00:14/39-11:14:18,43) [kauditd] (root,0,0,00:00:00/39-11:14:18,44) [khungtaskd] (root,0,0,00:00:00/39-11:14:18,45) [oom_reaper] (root,0,0,00:00:00/39-11:14:18,46) [writeback] (root,0,0,00:02:04/39-11:14:18,47) [kcompactd0] (root,0,0,00:00:00/39-11:14:18,48) [ksmd] (root,0,0,00:02:09/39-11:14:18,49) [khugepaged] (root,0,0,00:00:00/39-11:14:18,75) [kintegrityd] (root,0,0,00:00:00/39-11:14:18,76) [kblockd] (root,0,0,00:00:00/39-11:14:18,77) [blkcg_punt_bio] (root,0,0,00:00:00/39-11:14:18,79) [tpm_dev_wq] (root,0,0,00:00:00/39-11:14:18,80) [edac-poller] (root,0,0,00:00:00/39-11:14:18,81) [devfreq_wq] (root,0,0,00:00:00/39-11:14:18,110) [watchdogd] (root,0,0,00:00:02/39-11:14:18,111) [kswapd0] (root,0,0,00:00:10/39-11:14:18,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/39-11:14:16,115) [kthrotld] (root,0,0,00:00:00/39-11:14:16,116) [mld] (root,0,0,00:00:00/39-11:14:16,117) [ipv6_addrconf] (root,0,0,00:00:11/39-11:14:16,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-11:14:16,123) [kstrp] (root,0,0,00:00:00/39-11:14:16,124) [zswap-shrink] (root,0,0,00:00:00/39-11:14:16,125) [kworker/u9:0] (root,0,0,00:00:00/39-11:14:16,130) [charger_manager] (root,0,0,00:00:12/39-11:14:16,172) [kworker/1:1H-kblockd] (root,0,0,00:00:17/39-11:14:16,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/39-11:14:15,239) [kaluad] (root,0,0,00:00:00/39-11:14:15,258) [kmpath_rdacd] (root,0,0,00:00:00/39-11:14:15,304) [kmpathd] (root,0,0,00:00:00/39-11:14:15,305) [kmpath_handlerd] (root,0,0,00:00:00/39-11:14:14,342) [ata_sff] (root,0,0,00:00:00/39-11:14:14,343) [scsi_eh_0] (root,0,0,00:00:00/39-11:14:14,344) [scsi_tmf_0] (root,0,0,00:00:00/39-11:14:14,345) [scsi_eh_1] (root,0,0,00:00:00/39-11:14:14,346) [scsi_tmf_1] (root,0,0,00:01:18/39-11:14:11,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-11:14:11,367) [ext4-rsv-conver] (root,38604,7924,00:01:08/39-11:13:59,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/39-11:13:58,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:01:02/39-11:13:56,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:24/39-11:13:25,511) /sbin/auditd (messagebus,22932,5436,00:02:12/39-11:13:24,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:15/39-11:13:24,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/39-11:13:24,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/39-11:13:22,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/39-11:13:22,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:13:15,1266) [kworker/2:0-cgroup_destroy] (root,548616,30300,00:00:46/39-11:13:08,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/39-11:13:08,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:55/39-11:13:08,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/39-11:13:08,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/39-11:13:08,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/39-11:13:08,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/39-11:13:08,1343) /usr/lib/systemd/systemd --user (root,449060,8596,00:01:19/39-11:13:08,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:43/39-11:13:08,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/39-11:13:08,1352) bpfilter_umh (root,26204,8116,00:00:20/39-11:13:08,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/39-11:13:08,1359) ntpd: asynchronous dns resolver (spot,361360,198300,2-07:16:11/39-11:13:07,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/39-11:13:07,1371) (sd-pam) (checkmk,48528,3192,00:00:00/39-11:13:07,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/39-11:13:07,1373) (sd-pam) (root,24216,5260,00:00:14/39-11:13:05,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/39-11:13:05,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/39-11:13:05,1485) /usr/sbin/cron -n (root,697108,78496,00:54:45/39-11:12:59,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,67424,00:21:43/39-11:12:47,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/00:50,2150) [kworker/3:0-ata_sff] (postfix,44628,9244,00:00:01/33-16:48:22,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/17:15,3019) [kworker/1:2] (root,6656,3488,00:00:00/00:00,4534) /bin/bash /usr/bin/check_mk_agent (root,13744,3420,00:00:00/00:00,4552) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,4553) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35304,10040,00:00:00/1-11:41:17,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:07/1-11:41:16,10514) sshd: syslogtunnel (root,0,0,00:00:00/31:57,11867) [kworker/3:2-events] (root,0,0,00:00:00/01:02:31,12444) [kworker/u8:2-writeback] (root,0,0,00:00:00/01:22:30,15042) [kworker/1:1-rcu_gp] (root,0,0,00:00:00/31:14,15181) [kworker/0:1-events] (root,0,0,00:00:00/02:45,15955) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/02:45,15966) [kworker/1:0-events] (root,0,0,00:00:00/02:45,15998) [kworker/2:1-events] (root,0,0,00:00:01/02:04:36,16553) [kworker/0:0-events] (root,0,0,00:00:00/12:21,24554) [kworker/u8:1-events_unbound] (root,0,0,00:00:00/06:01,24677) [kworker/3:1-ata_sff] (root,35308,10028,00:00:00/1-12:27:30,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:06/1-12:27:29,30947) sshd: cm-ssh (postfix,24244,8232,00:00:00/01:39,31794) pickup -l -t fifo -u (root,0,0,00:00:00/01:27:07,32470) [kworker/2:2-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-19 22:03 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836318ff49c9Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:51/37-10:59:01,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-10:59:01,2) [kthreadd] (root,0,0,00:00:00/37-10:59:01,3) [rcu_gp] (root,0,0,00:00:00/37-10:59:01,4) [rcu_par_gp] (root,0,0,00:00:00/37-10:59:01,5) [slub_flushwq] (root,0,0,00:00:00/37-10:59:01,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-10:59:01,9) [mm_percpu_wq] (root,0,0,00:00:00/37-10:59:01,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-10:59:01,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-10:59:01,12) [rcu_tasks_trace] (root,0,0,00:01:07/37-10:59:01,13) [ksoftirqd/0] (root,0,0,01:47:09/37-10:59:01,14) [rcu_preempt] (root,0,0,00:00:14/37-10:59:01,15) [migration/0] (root,0,0,00:00:00/37-10:59:01,16) [idle_inject/0] (root,0,0,00:00:00/37-10:59:01,18) [cpuhp/0] (root,0,0,00:00:00/37-10:59:01,19) [cpuhp/1] (root,0,0,00:00:00/37-10:59:01,20) [idle_inject/1] (root,0,0,00:00:14/37-10:59:01,21) [migration/1] (root,0,0,00:00:55/37-10:59:01,22) [ksoftirqd/1] (root,0,0,00:00:00/37-10:59:01,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-10:59:01,25) [cpuhp/2] (root,0,0,00:00:00/37-10:59:01,26) [idle_inject/2] (root,0,0,00:00:10/37-10:59:01,27) [migration/2] (root,0,0,01:07:44/37-10:59:01,28) [ksoftirqd/2] (root,0,0,00:00:00/37-10:59:01,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-10:59:01,31) [cpuhp/3] (root,0,0,00:00:00/37-10:59:01,32) [idle_inject/3] (root,0,0,00:00:13/37-10:59:01,33) [migration/3] (root,0,0,00:03:29/37-10:59:01,34) [ksoftirqd/3] (root,0,0,00:00:00/37-10:59:01,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-10:59:01,40) [kdevtmpfs] (root,0,0,00:00:00/37-10:59:01,41) [netns] (root,0,0,00:00:00/37-10:59:01,42) [inet_frag_wq] (root,0,0,00:00:13/37-10:59:01,43) [kauditd] (root,0,0,00:00:00/37-10:59:01,44) [khungtaskd] (root,0,0,00:00:00/37-10:59:01,45) [oom_reaper] (root,0,0,00:00:00/37-10:59:01,46) [writeback] (root,0,0,00:01:57/37-10:59:01,47) [kcompactd0] (root,0,0,00:00:00/37-10:59:01,48) [ksmd] (root,0,0,00:02:02/37-10:59:01,49) [khugepaged] (root,0,0,00:00:00/37-10:59:01,75) [kintegrityd] (root,0,0,00:00:00/37-10:59:01,76) [kblockd] (root,0,0,00:00:00/37-10:59:01,77) [blkcg_punt_bio] (root,0,0,00:00:00/37-10:59:01,79) [tpm_dev_wq] (root,0,0,00:00:00/37-10:59:01,80) [edac-poller] (root,0,0,00:00:00/37-10:59:01,81) [devfreq_wq] (root,0,0,00:00:00/37-10:59:01,110) [watchdogd] (root,0,0,00:00:02/37-10:59:01,111) [kswapd0] (root,0,0,00:00:10/37-10:59:01,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/37-10:58:59,115) [kthrotld] (root,0,0,00:00:00/37-10:58:59,116) [mld] (root,0,0,00:00:00/37-10:58:59,117) [ipv6_addrconf] (root,0,0,00:00:10/37-10:58:59,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-10:58:59,123) [kstrp] (root,0,0,00:00:00/37-10:58:59,124) [zswap-shrink] (root,0,0,00:00:00/37-10:58:59,125) [kworker/u9:0] (root,0,0,00:00:00/37-10:58:59,130) [charger_manager] (root,0,0,00:00:11/37-10:58:59,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/37-10:58:59,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/37-10:58:58,239) [kaluad] (root,0,0,00:00:00/37-10:58:58,258) [kmpath_rdacd] (root,0,0,00:00:00/37-10:58:58,304) [kmpathd] (root,0,0,00:00:00/37-10:58:58,305) [kmpath_handlerd] (root,0,0,00:00:00/37-10:58:57,342) [ata_sff] (root,0,0,00:00:00/37-10:58:57,343) [scsi_eh_0] (root,0,0,00:00:00/37-10:58:57,344) [scsi_tmf_0] (root,0,0,00:00:00/37-10:58:57,345) [scsi_eh_1] (root,0,0,00:00:00/37-10:58:57,346) [scsi_tmf_1] (root,0,0,00:01:14/37-10:58:54,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-10:58:54,367) [ext4-rsv-conver] (root,38604,7924,00:01:01/37-10:58:42,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/37-10:58:41,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:00:58/37-10:58:39,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:22/37-10:58:08,511) /sbin/auditd (messagebus,22932,5436,00:02:06/37-10:58:07,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:11/37-10:58:07,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/37-10:58:07,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/37-10:58:05,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/37-10:58:05,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/02:36:01,669) [kworker/2:0-events] (root,548616,30292,00:00:44/37-10:57:51,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/37-10:57:51,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:42/37-10:57:51,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/37-10:57:51,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/37-10:57:51,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/37-10:57:51,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/37-10:57:51,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:58/37-10:57:51,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:24/37-10:57:51,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/37-10:57:51,1352) bpfilter_umh (root,26204,8116,00:00:19/37-10:57:51,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/37-10:57:51,1359) ntpd: asynchronous dns resolver (spot,362208,198552,2-04:17:03/37-10:57:50,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/37-10:57:50,1371) (sd-pam) (checkmk,48528,3192,00:00:00/37-10:57:50,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/37-10:57:50,1373) (sd-pam) (root,24216,5260,00:00:13/37-10:57:48,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/37-10:57:48,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/37-10:57:48,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/37-10:57:45,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:19/37-10:57:44,1527) sshd: syslogtunnel (root,0,0,00:00:00/52:11,1530) [kworker/u8:2-flush-253:0] (root,696596,77960,00:51:50/37-10:57:42,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66204,00:20:39/37-10:57:30,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/31-16:33:05,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/37-10:57:05,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:02:04/37-10:57:05,3218) sshd: cm-ssh (root,0,0,00:00:00/02:04:20,4224) [kworker/0:0-events] (root,6656,3488,00:00:00/00:00,4687) /bin/bash /usr/bin/check_mk_agent (postfix,24244,8256,00:00:00/08:15,4691) pickup -l -t fifo -u (root,13744,3440,00:00:00/00:00,4706) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,4707) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/06:53,11741) [kworker/3:0-ata_sff] (root,0,0,00:00:00/22:40,18233) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/56:23,19177) [kworker/0:2-events] (root,0,0,00:00:00/01:10:00,24929) [kworker/2:1-events] (root,0,0,00:00:00/02:01,26865) [kworker/1:0-events] (root,0,0,00:00:00/11:00,26910) [kworker/1:1-cgroup_destroy] (root,0,0,00:00:00/01:43,28376) [kworker/3:1-ata_sff] (root,0,0,00:00:00/01:19:04,31156) [kworker/1:2-events] (root,0,0,00:00:01/02:37:21,32737) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-17 21:47 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d7f3d81dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12620,00:01:46/35-13:51:47,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/35-13:51:47,2) [kthreadd] (root,0,0,00:00:00/35-13:51:47,3) [rcu_gp] (root,0,0,00:00:00/35-13:51:47,4) [rcu_par_gp] (root,0,0,00:00:00/35-13:51:47,5) [slub_flushwq] (root,0,0,00:00:00/35-13:51:47,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-13:51:47,9) [mm_percpu_wq] (root,0,0,00:00:00/35-13:51:47,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-13:51:47,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-13:51:47,12) [rcu_tasks_trace] (root,0,0,00:01:04/35-13:51:47,13) [ksoftirqd/0] (root,0,0,01:42:11/35-13:51:47,14) [rcu_preempt] (root,0,0,00:00:13/35-13:51:47,15) [migration/0] (root,0,0,00:00:00/35-13:51:47,16) [idle_inject/0] (root,0,0,00:00:00/35-13:51:47,18) [cpuhp/0] (root,0,0,00:00:00/35-13:51:47,19) [cpuhp/1] (root,0,0,00:00:00/35-13:51:47,20) [idle_inject/1] (root,0,0,00:00:13/35-13:51:47,21) [migration/1] (root,0,0,00:00:52/35-13:51:47,22) [ksoftirqd/1] (root,0,0,00:00:00/35-13:51:47,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-13:51:47,25) [cpuhp/2] (root,0,0,00:00:00/35-13:51:47,26) [idle_inject/2] (root,0,0,00:00:10/35-13:51:47,27) [migration/2] (root,0,0,01:05:02/35-13:51:47,28) [ksoftirqd/2] (root,0,0,00:00:00/35-13:51:47,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-13:51:47,31) [cpuhp/3] (root,0,0,00:00:00/35-13:51:47,32) [idle_inject/3] (root,0,0,00:00:12/35-13:51:47,33) [migration/3] (root,0,0,00:03:21/35-13:51:47,34) [ksoftirqd/3] (root,0,0,00:00:00/35-13:51:47,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-13:51:47,40) [kdevtmpfs] (root,0,0,00:00:00/35-13:51:47,41) [netns] (root,0,0,00:00:00/35-13:51:47,42) [inet_frag_wq] (root,0,0,00:00:12/35-13:51:47,43) [kauditd] (root,0,0,00:00:00/35-13:51:47,44) [khungtaskd] (root,0,0,00:00:00/35-13:51:47,45) [oom_reaper] (root,0,0,00:00:00/35-13:51:47,46) [writeback] (root,0,0,00:01:52/35-13:51:47,47) [kcompactd0] (root,0,0,00:00:00/35-13:51:47,48) [ksmd] (root,0,0,00:01:56/35-13:51:47,49) [khugepaged] (root,0,0,00:00:00/35-13:51:47,75) [kintegrityd] (root,0,0,00:00:00/35-13:51:47,76) [kblockd] (root,0,0,00:00:00/35-13:51:47,77) [blkcg_punt_bio] (root,0,0,00:00:00/35-13:51:47,79) [tpm_dev_wq] (root,0,0,00:00:00/35-13:51:47,80) [edac-poller] (root,0,0,00:00:00/35-13:51:47,81) [devfreq_wq] (root,0,0,00:00:00/35-13:51:47,110) [watchdogd] (root,0,0,00:00:02/35-13:51:47,111) [kswapd0] (root,0,0,00:00:09/35-13:51:47,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/35-13:51:45,115) [kthrotld] (root,0,0,00:00:00/35-13:51:45,116) [mld] (root,0,0,00:00:00/35-13:51:45,117) [ipv6_addrconf] (root,0,0,00:00:10/35-13:51:45,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-13:51:45,123) [kstrp] (root,0,0,00:00:00/35-13:51:45,124) [zswap-shrink] (root,0,0,00:00:00/35-13:51:45,125) [kworker/u9:0] (root,0,0,00:00:00/35-13:51:45,130) [charger_manager] (root,0,0,00:00:10/35-13:51:45,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/35-13:51:45,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/35-13:51:44,239) [kaluad] (root,0,0,00:00:00/35-13:51:44,258) [kmpath_rdacd] (root,0,0,00:00:00/35-13:51:44,304) [kmpathd] (root,0,0,00:00:00/35-13:51:44,305) [kmpath_handlerd] (root,0,0,00:00:00/35-13:51:43,342) [ata_sff] (root,0,0,00:00:00/35-13:51:43,343) [scsi_eh_0] (root,0,0,00:00:00/35-13:51:43,344) [scsi_tmf_0] (root,0,0,00:00:00/35-13:51:43,345) [scsi_eh_1] (root,0,0,00:00:00/35-13:51:43,346) [scsi_tmf_1] (root,0,0,00:01:11/35-13:51:40,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-13:51:40,367) [ext4-rsv-conver] (root,38604,7924,00:00:58/35-13:51:28,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/35-13:51:27,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:00:56/35-13:51:25,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:21/35-13:50:54,511) /sbin/auditd (messagebus,22932,5436,00:01:59/35-13:50:53,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:07/35-13:50:53,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/35-13:50:53,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/35-13:50:51,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/35-13:50:51,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/24:59,633) [kworker/u8:1-writeback] (root,548616,30252,00:00:42/35-13:50:37,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/35-13:50:37,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:34/35-13:50:37,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/35-13:50:37,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/35-13:50:37,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/35-13:50:37,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/35-13:50:37,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:55/35-13:50:37,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:08/35-13:50:37,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/35-13:50:37,1352) bpfilter_umh (root,26204,8116,00:00:18/35-13:50:37,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/35-13:50:37,1359) ntpd: asynchronous dns resolver (spot,361120,198276,2-02:17:58/35-13:50:36,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/35-13:50:36,1371) (sd-pam) (checkmk,48528,3192,00:00:00/35-13:50:36,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/35-13:50:36,1373) (sd-pam) (root,24216,5260,00:00:12/35-13:50:34,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/35-13:50:34,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/35-13:50:34,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/35-13:50:31,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:12/35-13:50:30,1527) sshd: syslogtunnel (root,696596,77900,00:49:15/35-13:50:28,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/01:59:59,1719) [kworker/2:2-events] (spot,223680,64860,00:19:42/35-13:50:16,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/29-19:25:51,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/35-13:49:51,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:58/35-13:49:51,3218) sshd: cm-ssh (root,0,0,00:00:00/03:28:28,3274) [kworker/0:2-events] (root,0,0,00:00:00/57:10,11281) [kworker/0:1-events] (root,0,0,00:00:00/03:01,17601) [kworker/3:2-ata_sff] (postfix,24244,8160,00:00:00/02:43,18195) pickup -l -t fifo -u (root,0,0,00:00:00/03:07:41,19269) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:09:46,20934) [kworker/1:1-events] (root,0,0,00:00:00/39:20,21127) [kworker/3:0-events] (root,0,0,00:00:00/09:30,25651) [kworker/2:0] (root,0,0,00:00:00/00:14,29321) [kworker/0:0-events] (root,0,0,00:00:00/08:13,29656) [kworker/3:1-ata_sff] (root,6656,3488,00:00:00/00:00,30185) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,30203) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,30204) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/35:27,31979) [kworker/1:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-16 00:40 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836346954f41Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:39/33-12:32:40,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/33-12:32:40,2) [kthreadd] (root,0,0,00:00:00/33-12:32:40,3) [rcu_gp] (root,0,0,00:00:00/33-12:32:40,4) [rcu_par_gp] (root,0,0,00:00:00/33-12:32:40,5) [slub_flushwq] (root,0,0,00:00:00/33-12:32:40,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-12:32:40,9) [mm_percpu_wq] (root,0,0,00:00:00/33-12:32:40,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-12:32:40,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-12:32:40,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-12:32:40,13) [ksoftirqd/0] (root,0,0,01:36:43/33-12:32:40,14) [rcu_preempt] (root,0,0,00:00:12/33-12:32:40,15) [migration/0] (root,0,0,00:00:00/33-12:32:40,16) [idle_inject/0] (root,0,0,00:00:00/33-12:32:40,18) [cpuhp/0] (root,0,0,00:00:00/33-12:32:40,19) [cpuhp/1] (root,0,0,00:00:00/33-12:32:40,20) [idle_inject/1] (root,0,0,00:00:12/33-12:32:40,21) [migration/1] (root,0,0,00:00:50/33-12:32:40,22) [ksoftirqd/1] (root,0,0,00:00:00/33-12:32:40,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-12:32:40,25) [cpuhp/2] (root,0,0,00:00:00/33-12:32:40,26) [idle_inject/2] (root,0,0,00:00:09/33-12:32:40,27) [migration/2] (root,0,0,01:01:50/33-12:32:40,28) [ksoftirqd/2] (root,0,0,00:00:00/33-12:32:40,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-12:32:40,31) [cpuhp/3] (root,0,0,00:00:00/33-12:32:40,32) [idle_inject/3] (root,0,0,00:00:12/33-12:32:40,33) [migration/3] (root,0,0,00:03:11/33-12:32:40,34) [ksoftirqd/3] (root,0,0,00:00:00/33-12:32:40,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-12:32:40,40) [kdevtmpfs] (root,0,0,00:00:00/33-12:32:40,41) [netns] (root,0,0,00:00:00/33-12:32:40,42) [inet_frag_wq] (root,0,0,00:00:12/33-12:32:40,43) [kauditd] (root,0,0,00:00:00/33-12:32:40,44) [khungtaskd] (root,0,0,00:00:00/33-12:32:40,45) [oom_reaper] (root,0,0,00:00:00/33-12:32:40,46) [writeback] (root,0,0,00:01:46/33-12:32:40,47) [kcompactd0] (root,0,0,00:00:00/33-12:32:40,48) [ksmd] (root,0,0,00:01:49/33-12:32:40,49) [khugepaged] (root,0,0,00:00:00/33-12:32:40,75) [kintegrityd] (root,0,0,00:00:00/33-12:32:40,76) [kblockd] (root,0,0,00:00:00/33-12:32:40,77) [blkcg_punt_bio] (root,0,0,00:00:00/33-12:32:40,79) [tpm_dev_wq] (root,0,0,00:00:00/33-12:32:40,80) [edac-poller] (root,0,0,00:00:00/33-12:32:40,81) [devfreq_wq] (root,0,0,00:00:00/33-12:32:40,110) [watchdogd] (root,0,0,00:00:02/33-12:32:40,111) [kswapd0] (root,0,0,00:00:09/33-12:32:40,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/33-12:32:38,115) [kthrotld] (root,0,0,00:00:00/33-12:32:38,116) [mld] (root,0,0,00:00:00/33-12:32:38,117) [ipv6_addrconf] (root,0,0,00:00:09/33-12:32:38,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-12:32:38,123) [kstrp] (root,0,0,00:00:00/33-12:32:38,124) [zswap-shrink] (root,0,0,00:00:00/33-12:32:38,125) [kworker/u9:0] (root,0,0,00:00:00/33-12:32:38,130) [charger_manager] (root,0,0,00:00:10/33-12:32:38,172) [kworker/1:1H-kblockd] (root,0,0,00:00:15/33-12:32:38,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/33-12:32:37,239) [kaluad] (root,0,0,00:00:00/33-12:32:37,258) [kmpath_rdacd] (root,0,0,00:00:00/33-12:32:37,304) [kmpathd] (root,0,0,00:00:00/33-12:32:37,305) [kmpath_handlerd] (root,0,0,00:00:00/33-12:32:36,342) [ata_sff] (root,0,0,00:00:00/33-12:32:36,343) [scsi_eh_0] (root,0,0,00:00:00/33-12:32:36,344) [scsi_tmf_0] (root,0,0,00:00:00/33-12:32:36,345) [scsi_eh_1] (root,0,0,00:00:00/33-12:32:36,346) [scsi_tmf_1] (root,0,0,00:01:07/33-12:32:33,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-12:32:33,367) [ext4-rsv-conver] (root,38604,7944,00:00:54/33-12:32:21,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/33-12:32:20,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:52/33-12:32:18,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:20/33-12:31:47,511) /sbin/auditd (messagebus,22932,5632,00:01:52/33-12:31:46,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:01:03/33-12:31:46,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/33-12:31:46,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/33-12:31:44,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/33-12:31:44,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:39/33-12:31:30,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/33-12:31:30,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:23/33-12:31:30,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/33-12:31:30,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/33-12:31:30,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/33-12:31:30,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/33-12:31:30,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:51/33-12:31:30,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:51/33-12:31:30,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/33-12:31:30,1352) bpfilter_umh (root,26204,8128,00:00:17/33-12:31:30,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/33-12:31:30,1359) ntpd: asynchronous dns resolver (spot,361120,199996,2-00:17:26/33-12:31:29,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/33-12:31:29,1371) (sd-pam) (checkmk,48528,3192,00:00:00/33-12:31:29,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/33-12:31:29,1373) (sd-pam) (root,24216,5260,00:00:11/33-12:31:27,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/33-12:31:27,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/33-12:31:27,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/33-12:31:24,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:05/33-12:31:23,1527) sshd: syslogtunnel (root,694036,73228,00:46:24/33-12:31:21,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,222656,63352,00:18:42/33-12:31:09,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/04:46,2466) [kworker/3:1-events] (postfix,44628,9244,00:00:01/27-18:06:44,2557) tlsmgr -l -t unix -u (root,0,0,00:00:01/01:48:32,2925) [kworker/3:2-ata_sff] (root,0,0,00:00:00/09:56,3078) [kworker/3:0-ata_sff] (root,35308,10108,00:00:00/33-12:30:44,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:51/33-12:30:44,3218) sshd: cm-ssh (root,0,0,00:00:00/04:15,4794) [kworker/1:1] (root,0,0,00:00:00/20:53,7410) [kworker/u8:1-writeback] (root,0,0,00:00:01/04:18:03,15620) [kworker/2:2-events] (root,0,0,00:00:00/37:36,17463) [kworker/0:0] (root,0,0,00:00:00/57:44,21273) [kworker/0:1-mm_percpu_wq] (root,0,0,00:00:00/00:58,21360) [kworker/3:3] (root,0,0,00:00:00/01:31:19,22539) [kworker/u8:2-ext4-rsv-conversion] (root,6656,3512,00:00:00/00:01,24202) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:01,24361) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,24388) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,24389) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8228,00:00:00/44:35,25034) pickup -l -t fifo -u (root,0,0,00:00:00/44:23,25667) [kworker/1:0-mm_percpu_wq] (root,0,0,00:00:00/01:04:35,29580) [kworker/2:1] (root,0,0,00:00:00/11:03,30034) [kworker/1:2-mm_percpu_wq] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-13 23:21 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683637cf5845cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:32/31-10:57:08,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-10:57:08,2) [kthreadd] (root,0,0,00:00:00/31-10:57:08,3) [rcu_gp] (root,0,0,00:00:00/31-10:57:08,4) [rcu_par_gp] (root,0,0,00:00:00/31-10:57:08,5) [slub_flushwq] (root,0,0,00:00:00/31-10:57:08,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-10:57:08,9) [mm_percpu_wq] (root,0,0,00:00:00/31-10:57:08,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-10:57:08,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-10:57:08,12) [rcu_tasks_trace] (root,0,0,00:00:58/31-10:57:08,13) [ksoftirqd/0] (root,0,0,01:31:09/31-10:57:08,14) [rcu_preempt] (root,0,0,00:00:12/31-10:57:08,15) [migration/0] (root,0,0,00:00:00/31-10:57:08,16) [idle_inject/0] (root,0,0,00:00:00/31-10:57:08,18) [cpuhp/0] (root,0,0,00:00:00/31-10:57:08,19) [cpuhp/1] (root,0,0,00:00:00/31-10:57:08,20) [idle_inject/1] (root,0,0,00:00:12/31-10:57:08,21) [migration/1] (root,0,0,00:00:47/31-10:57:08,22) [ksoftirqd/1] (root,0,0,00:00:00/31-10:57:08,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-10:57:08,25) [cpuhp/2] (root,0,0,00:00:00/31-10:57:08,26) [idle_inject/2] (root,0,0,00:00:09/31-10:57:08,27) [migration/2] (root,0,0,00:58:29/31-10:57:08,28) [ksoftirqd/2] (root,0,0,00:00:00/31-10:57:08,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-10:57:08,31) [cpuhp/3] (root,0,0,00:00:00/31-10:57:08,32) [idle_inject/3] (root,0,0,00:00:11/31-10:57:08,33) [migration/3] (root,0,0,00:03:01/31-10:57:08,34) [ksoftirqd/3] (root,0,0,00:00:00/31-10:57:08,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-10:57:08,40) [kdevtmpfs] (root,0,0,00:00:00/31-10:57:08,41) [netns] (root,0,0,00:00:00/31-10:57:08,42) [inet_frag_wq] (root,0,0,00:00:11/31-10:57:08,43) [kauditd] (root,0,0,00:00:00/31-10:57:08,44) [khungtaskd] (root,0,0,00:00:00/31-10:57:08,45) [oom_reaper] (root,0,0,00:00:00/31-10:57:08,46) [writeback] (root,0,0,00:01:40/31-10:57:08,47) [kcompactd0] (root,0,0,00:00:00/31-10:57:08,48) [ksmd] (root,0,0,00:01:43/31-10:57:08,49) [khugepaged] (root,0,0,00:00:00/31-10:57:08,75) [kintegrityd] (root,0,0,00:00:00/31-10:57:08,76) [kblockd] (root,0,0,00:00:00/31-10:57:08,77) [blkcg_punt_bio] (root,0,0,00:00:00/31-10:57:08,79) [tpm_dev_wq] (root,0,0,00:00:00/31-10:57:08,80) [edac-poller] (root,0,0,00:00:00/31-10:57:08,81) [devfreq_wq] (root,0,0,00:00:00/31-10:57:08,110) [watchdogd] (root,0,0,00:00:02/31-10:57:08,111) [kswapd0] (root,0,0,00:00:08/31-10:57:08,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/31-10:57:06,115) [kthrotld] (root,0,0,00:00:00/31-10:57:06,116) [mld] (root,0,0,00:00:00/31-10:57:06,117) [ipv6_addrconf] (root,0,0,00:00:09/31-10:57:06,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-10:57:06,123) [kstrp] (root,0,0,00:00:00/31-10:57:06,124) [zswap-shrink] (root,0,0,00:00:00/31-10:57:06,125) [kworker/u9:0] (root,0,0,00:00:00/31-10:57:06,130) [charger_manager] (root,0,0,00:00:09/31-10:57:06,172) [kworker/1:1H-kblockd] (root,0,0,00:00:14/31-10:57:06,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/31-10:57:05,239) [kaluad] (root,0,0,00:00:00/31-10:57:05,258) [kmpath_rdacd] (root,0,0,00:00:00/31-10:57:05,304) [kmpathd] (root,0,0,00:00:00/31-10:57:05,305) [kmpath_handlerd] (root,0,0,00:00:00/31-10:57:04,342) [ata_sff] (root,0,0,00:00:00/31-10:57:04,343) [scsi_eh_0] (root,0,0,00:00:00/31-10:57:04,344) [scsi_tmf_0] (root,0,0,00:00:00/31-10:57:04,345) [scsi_eh_1] (root,0,0,00:00:00/31-10:57:04,346) [scsi_tmf_1] (root,0,0,00:01:03/31-10:57:01,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-10:57:01,367) [ext4-rsv-conver] (root,38604,7944,00:00:51/31-10:56:49,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/31-10:56:48,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:49/31-10:56:46,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:18/31-10:56:15,511) /sbin/auditd (messagebus,22932,5632,00:01:44/31-10:56:14,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:59/31-10:56:14,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/31-10:56:14,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/31-10:56:12,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/31-10:56:12,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:37/31-10:55:58,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/31-10:55:58,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:10/31-10:55:58,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/31-10:55:58,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/31-10:55:58,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/31-10:55:58,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/31-10:55:58,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:48/31-10:55:58,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:34/31-10:55:58,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/31-10:55:58,1352) bpfilter_umh (root,26204,8128,00:00:16/31-10:55:58,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/31-10:55:58,1359) ntpd: asynchronous dns resolver (spot,361888,200216,1-22:02:20/31-10:55:57,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/31-10:55:57,1371) (sd-pam) (checkmk,48528,3192,00:00:00/31-10:55:57,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/31-10:55:57,1373) (sd-pam) (root,24216,5260,00:00:11/31-10:55:55,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/31-10:55:55,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/31-10:55:55,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/31-10:55:52,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:57/31-10:55:51,1527) sshd: syslogtunnel (root,693780,74896,00:43:34/31-10:55:49,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,221632,61976,00:17:37/31-10:55:37,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/25-16:31:12,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/31-10:55:12,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:44/31-10:55:12,3218) sshd: cm-ssh (root,0,0,00:00:00/06:58,5388) [kworker/2:2] (root,0,0,00:00:00/54:12,5424) [kworker/0:2-events] (root,0,0,00:00:00/35:09,8236) [kworker/3:1-events] (root,0,0,00:00:00/02:34:20,8637) [kworker/1:1-events] (root,0,0,00:00:00/05:06,9918) [kworker/3:0-ata_sff] (root,0,0,00:00:00/14:23,10090) [kworker/3:2-ata_sff] (root,0,0,00:00:00/16:05:44,11736) [kworker/u8:1-ext4-rsv-conversion] (postfix,24244,8172,00:00:00/01:11:05,12724) pickup -l -t fifo -u (root,0,0,00:00:00/01:17:40,22602) [kworker/2:1-events] (root,0,0,00:00:00/01:07:39,23131) [kworker/1:0-events] (root,0,0,00:00:00/10:21,23935) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/20:17,28641) [kworker/0:1-events] (root,6656,3488,00:00:00/00:00,31901) /bin/bash /usr/bin/check_mk_agent (root,13744,3436,00:00:00/00:00,31919) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,31920) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-11 21:45 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683635d6ab642Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:25/29-10:55:24,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-10:55:24,2) [kthreadd] (root,0,0,00:00:00/29-10:55:24,3) [rcu_gp] (root,0,0,00:00:00/29-10:55:24,4) [rcu_par_gp] (root,0,0,00:00:00/29-10:55:24,5) [slub_flushwq] (root,0,0,00:00:00/29-10:55:24,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-10:55:24,9) [mm_percpu_wq] (root,0,0,00:00:00/29-10:55:24,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-10:55:24,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-10:55:24,12) [rcu_tasks_trace] (root,0,0,00:00:54/29-10:55:24,13) [ksoftirqd/0] (root,0,0,01:25:22/29-10:55:24,14) [rcu_preempt] (root,0,0,00:00:11/29-10:55:24,15) [migration/0] (root,0,0,00:00:00/29-10:55:24,16) [idle_inject/0] (root,0,0,00:00:00/29-10:55:24,18) [cpuhp/0] (root,0,0,00:00:00/29-10:55:24,19) [cpuhp/1] (root,0,0,00:00:00/29-10:55:24,20) [idle_inject/1] (root,0,0,00:00:11/29-10:55:24,21) [migration/1] (root,0,0,00:00:44/29-10:55:24,22) [ksoftirqd/1] (root,0,0,00:00:00/29-10:55:24,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-10:55:24,25) [cpuhp/2] (root,0,0,00:00:00/29-10:55:24,26) [idle_inject/2] (root,0,0,00:00:08/29-10:55:24,27) [migration/2] (root,0,0,00:54:25/29-10:55:24,28) [ksoftirqd/2] (root,0,0,00:00:00/29-10:55:24,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-10:55:24,31) [cpuhp/3] (root,0,0,00:00:00/29-10:55:24,32) [idle_inject/3] (root,0,0,00:00:10/29-10:55:24,33) [migration/3] (root,0,0,00:02:49/29-10:55:24,34) [ksoftirqd/3] (root,0,0,00:00:00/29-10:55:24,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-10:55:24,40) [kdevtmpfs] (root,0,0,00:00:00/29-10:55:24,41) [netns] (root,0,0,00:00:00/29-10:55:24,42) [inet_frag_wq] (root,0,0,00:00:10/29-10:55:24,43) [kauditd] (root,0,0,00:00:00/29-10:55:24,44) [khungtaskd] (root,0,0,00:00:00/29-10:55:24,45) [oom_reaper] (root,0,0,00:00:00/29-10:55:24,46) [writeback] (root,0,0,00:01:34/29-10:55:24,47) [kcompactd0] (root,0,0,00:00:00/29-10:55:24,48) [ksmd] (root,0,0,00:01:35/29-10:55:24,49) [khugepaged] (root,0,0,00:00:00/29-10:55:24,75) [kintegrityd] (root,0,0,00:00:00/29-10:55:24,76) [kblockd] (root,0,0,00:00:00/29-10:55:24,77) [blkcg_punt_bio] (root,0,0,00:00:00/29-10:55:24,79) [tpm_dev_wq] (root,0,0,00:00:00/29-10:55:24,80) [edac-poller] (root,0,0,00:00:00/29-10:55:24,81) [devfreq_wq] (root,0,0,00:00:00/29-10:55:24,110) [watchdogd] (root,0,0,00:00:02/29-10:55:24,111) [kswapd0] (root,0,0,00:00:08/29-10:55:24,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/29-10:55:22,115) [kthrotld] (root,0,0,00:00:00/29-10:55:22,116) [mld] (root,0,0,00:00:00/29-10:55:22,117) [ipv6_addrconf] (root,0,0,00:00:08/29-10:55:22,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-10:55:22,123) [kstrp] (root,0,0,00:00:00/29-10:55:22,124) [zswap-shrink] (root,0,0,00:00:00/29-10:55:22,125) [kworker/u9:0] (root,0,0,00:00:00/29-10:55:22,130) [charger_manager] (root,0,0,00:00:09/29-10:55:22,172) [kworker/1:1H-kblockd] (root,0,0,00:00:13/29-10:55:22,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/29-10:55:21,239) [kaluad] (root,0,0,00:00:00/29-10:55:21,258) [kmpath_rdacd] (root,0,0,00:00:00/29-10:55:21,304) [kmpathd] (root,0,0,00:00:00/29-10:55:21,305) [kmpath_handlerd] (root,0,0,00:00:00/29-10:55:20,342) [ata_sff] (root,0,0,00:00:00/29-10:55:20,343) [scsi_eh_0] (root,0,0,00:00:00/29-10:55:20,344) [scsi_tmf_0] (root,0,0,00:00:00/29-10:55:20,345) [scsi_eh_1] (root,0,0,00:00:00/29-10:55:20,346) [scsi_tmf_1] (root,0,0,00:00:59/29-10:55:17,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-10:55:17,367) [ext4-rsv-conver] (root,38604,7944,00:00:47/29-10:55:05,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/29-10:55:04,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:46/29-10:55:02,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:17/29-10:54:31,511) /sbin/auditd (messagebus,22932,5632,00:01:35/29-10:54:30,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:54/29-10:54:30,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/29-10:54:30,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/29-10:54:28,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/29-10:54:28,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:34/29-10:54:14,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/29-10:54:14,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:58/29-10:54:14,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/29-10:54:14,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/29-10:54:14,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/29-10:54:14,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/29-10:54:14,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:45/29-10:54:14,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:16/29-10:54:14,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/29-10:54:14,1352) bpfilter_umh (root,26204,8128,00:00:14/29-10:54:14,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/29-10:54:14,1359) ntpd: asynchronous dns resolver (spot,361744,200192,1-19:41:46/29-10:54:13,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/29-10:54:13,1371) (sd-pam) (checkmk,48528,3192,00:00:00/29-10:54:13,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/29-10:54:13,1373) (sd-pam) (root,24216,5260,00:00:10/29-10:54:11,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/29-10:54:11,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/29-10:54:11,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/29-10:54:08,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:50/29-10:54:07,1527) sshd: syslogtunnel (root,693524,72428,00:40:43/29-10:54:05,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/09:51,1780) [kworker/2:2] (spot,220608,60744,00:16:34/29-10:53:53,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/23-16:29:28,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/29-10:53:28,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:37/29-10:53:28,3218) sshd: cm-ssh (root,0,0,00:00:00/02:25:04,5369) [kworker/1:2-events] (postfix,24244,8272,00:00:00/01:31:21,7332) pickup -l -t fifo -u (root,0,0,00:00:00/22:41,7616) [kworker/1:0-mm_percpu_wq] (root,0,0,00:00:00/01:14,8947) [kworker/3:0-ata_sff] (root,0,0,00:00:00/02:02:37,9463) [kworker/0:2-cgroup_destroy] (root,0,0,00:00:00/33:36,9946) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/06:25,13926) [kworker/3:1-ata_sff] (root,6656,3488,00:00:00/00:00,15497) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,15515) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,15516) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:02:40,16583) [kworker/3:2-events] (root,0,0,00:00:00/01:01:33,20379) [kworker/2:1-events] (root,0,0,00:00:00/19:27,22291) [kworker/0:1-events] (root,0,0,00:00:00/03:00:16,31631) [kworker/u8:0-ext4-rsv-conversion] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-09 21:44 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363190362c5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:18/27-11:49:36,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-11:49:36,2) [kthreadd] (root,0,0,00:00:00/27-11:49:36,3) [rcu_gp] (root,0,0,00:00:00/27-11:49:36,4) [rcu_par_gp] (root,0,0,00:00:00/27-11:49:36,5) [slub_flushwq] (root,0,0,00:00:00/27-11:49:36,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-11:49:36,9) [mm_percpu_wq] (root,0,0,00:00:00/27-11:49:36,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-11:49:36,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-11:49:36,12) [rcu_tasks_trace] (root,0,0,00:00:51/27-11:49:36,13) [ksoftirqd/0] (root,0,0,01:20:01/27-11:49:36,14) [rcu_preempt] (root,0,0,00:00:10/27-11:49:36,15) [migration/0] (root,0,0,00:00:00/27-11:49:36,16) [idle_inject/0] (root,0,0,00:00:00/27-11:49:36,18) [cpuhp/0] (root,0,0,00:00:00/27-11:49:36,19) [cpuhp/1] (root,0,0,00:00:00/27-11:49:36,20) [idle_inject/1] (root,0,0,00:00:10/27-11:49:36,21) [migration/1] (root,0,0,00:00:42/27-11:49:36,22) [ksoftirqd/1] (root,0,0,00:00:00/27-11:49:36,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-11:49:36,25) [cpuhp/2] (root,0,0,00:00:00/27-11:49:36,26) [idle_inject/2] (root,0,0,00:00:08/27-11:49:36,27) [migration/2] (root,0,0,00:51:27/27-11:49:36,28) [ksoftirqd/2] (root,0,0,00:00:00/27-11:49:36,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-11:49:36,31) [cpuhp/3] (root,0,0,00:00:00/27-11:49:36,32) [idle_inject/3] (root,0,0,00:00:10/27-11:49:36,33) [migration/3] (root,0,0,00:02:40/27-11:49:36,34) [ksoftirqd/3] (root,0,0,00:00:00/27-11:49:36,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-11:49:36,40) [kdevtmpfs] (root,0,0,00:00:00/27-11:49:36,41) [netns] (root,0,0,00:00:00/27-11:49:36,42) [inet_frag_wq] (root,0,0,00:00:09/27-11:49:36,43) [kauditd] (root,0,0,00:00:00/27-11:49:36,44) [khungtaskd] (root,0,0,00:00:00/27-11:49:36,45) [oom_reaper] (root,0,0,00:00:00/27-11:49:36,46) [writeback] (root,0,0,00:01:28/27-11:49:36,47) [kcompactd0] (root,0,0,00:00:00/27-11:49:36,48) [ksmd] (root,0,0,00:01:29/27-11:49:36,49) [khugepaged] (root,0,0,00:00:00/27-11:49:36,75) [kintegrityd] (root,0,0,00:00:00/27-11:49:36,76) [kblockd] (root,0,0,00:00:00/27-11:49:36,77) [blkcg_punt_bio] (root,0,0,00:00:00/27-11:49:36,79) [tpm_dev_wq] (root,0,0,00:00:00/27-11:49:36,80) [edac-poller] (root,0,0,00:00:00/27-11:49:36,81) [devfreq_wq] (root,0,0,00:00:00/27-11:49:36,110) [watchdogd] (root,0,0,00:00:02/27-11:49:36,111) [kswapd0] (root,0,0,00:00:07/27-11:49:36,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/27-11:49:34,115) [kthrotld] (root,0,0,00:00:00/27-11:49:34,116) [mld] (root,0,0,00:00:00/27-11:49:34,117) [ipv6_addrconf] (root,0,0,00:00:07/27-11:49:34,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-11:49:34,123) [kstrp] (root,0,0,00:00:00/27-11:49:34,124) [zswap-shrink] (root,0,0,00:00:00/27-11:49:34,125) [kworker/u9:0] (root,0,0,00:00:00/27-11:49:34,130) [charger_manager] (root,0,0,00:00:08/27-11:49:34,172) [kworker/1:1H-kblockd] (root,0,0,00:00:12/27-11:49:34,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/27-11:49:33,239) [kaluad] (root,0,0,00:00:00/27-11:49:33,258) [kmpath_rdacd] (root,0,0,00:00:00/27-11:49:33,304) [kmpathd] (root,0,0,00:00:00/27-11:49:33,305) [kmpath_handlerd] (root,0,0,00:00:00/27-11:49:32,342) [ata_sff] (root,0,0,00:00:00/27-11:49:32,343) [scsi_eh_0] (root,0,0,00:00:00/27-11:49:32,344) [scsi_tmf_0] (root,0,0,00:00:00/27-11:49:32,345) [scsi_eh_1] (root,0,0,00:00:00/27-11:49:32,346) [scsi_tmf_1] (root,0,0,00:00:55/27-11:49:29,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-11:49:29,367) [ext4-rsv-conver] (root,38604,7944,00:00:43/27-11:49:17,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/27-11:49:16,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:43/27-11:49:14,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:15/27-11:48:43,511) /sbin/auditd (messagebus,22932,5632,00:01:26/27-11:48:42,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8328,00:00:49/27-11:48:42,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/27-11:48:42,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/27-11:48:40,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/27-11:48:40,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28512,00:00:32/27-11:48:26,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/27-11:48:26,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:47/27-11:48:26,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/27-11:48:26,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/27-11:48:26,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/27-11:48:26,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/27-11:48:26,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:41/27-11:48:26,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:03:59/27-11:48:26,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/27-11:48:26,1352) bpfilter_umh (root,26204,8128,00:00:13/27-11:48:26,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/27-11:48:26,1359) ntpd: asynchronous dns resolver (spot,296112,195040,1-17:08:40/27-11:48:25,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/27-11:48:25,1371) (sd-pam) (checkmk,48528,3192,00:00:00/27-11:48:25,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/27-11:48:25,1373) (sd-pam) (root,6656,3524,00:00:00/00:01,1409) /bin/bash /usr/bin/check_mk_agent (root,13744,3532,00:00:00/00:00,1441) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,1442) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,24216,5260,00:00:09/27-11:48:23,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:01/27-11:48:23,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/27-11:48:23,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/27-11:48:20,1516) sshd: syslogtunnel [priv] (root,0,0,00:00:00/09:09,1520) [kworker/2:1-events] (syslogtunnel,35304,5504,00:01:42/27-11:48:19,1527) sshd: syslogtunnel (root,693268,72056,00:38:01/27-11:48:17,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/55:26,1861) [kworker/0:2-events] (spot,219584,59116,00:15:33/27-11:48:05,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:00/21-17:23:40,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/27-11:47:40,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:31/27-11:47:40,3218) sshd: cm-ssh (root,0,0,00:00:00/17:45,4690) [kworker/u8:1] (root,0,0,00:00:00/01:16:52,6602) [kworker/2:0-events] (root,0,0,00:00:00/52:25,7994) [kworker/1:0-events] (root,0,0,00:00:00/05:30,13920) [kworker/3:2-ata_sff] (root,0,0,00:00:00/37:21,21505) [kworker/u8:2-writeback] (root,0,0,00:00:00/12:12,22103) [kworker/0:1] (root,0,0,00:00:00/10:41,28201) [kworker/3:0-events] (postfix,24244,8264,00:00:00/01:07:15,28642) pickup -l -t fifo -u (root,0,0,00:00:00/43:13,32123) [kworker/1:1-events] (root,0,0,00:00:00/00:18,32305) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-07 22:38 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e0d3daf9Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:10/25-11:16:09,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-11:16:09,2) [kthreadd] (root,0,0,00:00:00/25-11:16:09,3) [rcu_gp] (root,0,0,00:00:00/25-11:16:09,4) [rcu_par_gp] (root,0,0,00:00:00/25-11:16:09,5) [slub_flushwq] (root,0,0,00:00:00/25-11:16:09,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-11:16:09,9) [mm_percpu_wq] (root,0,0,00:00:00/25-11:16:09,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-11:16:09,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-11:16:09,12) [rcu_tasks_trace] (root,0,0,00:00:48/25-11:16:09,13) [ksoftirqd/0] (root,0,0,01:14:30/25-11:16:09,14) [rcu_preempt] (root,0,0,00:00:09/25-11:16:09,15) [migration/0] (root,0,0,00:00:00/25-11:16:09,16) [idle_inject/0] (root,0,0,00:00:00/25-11:16:09,18) [cpuhp/0] (root,0,0,00:00:00/25-11:16:09,19) [cpuhp/1] (root,0,0,00:00:00/25-11:16:09,20) [idle_inject/1] (root,0,0,00:00:09/25-11:16:09,21) [migration/1] (root,0,0,00:00:39/25-11:16:09,22) [ksoftirqd/1] (root,0,0,00:00:00/25-11:16:09,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-11:16:09,25) [cpuhp/2] (root,0,0,00:00:00/25-11:16:09,26) [idle_inject/2] (root,0,0,00:00:07/25-11:16:09,27) [migration/2] (root,0,0,00:48:36/25-11:16:09,28) [ksoftirqd/2] (root,0,0,00:00:00/25-11:16:09,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-11:16:09,31) [cpuhp/3] (root,0,0,00:00:00/25-11:16:09,32) [idle_inject/3] (root,0,0,00:00:09/25-11:16:09,33) [migration/3] (root,0,0,00:02:30/25-11:16:09,34) [ksoftirqd/3] (root,0,0,00:00:00/25-11:16:09,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-11:16:09,40) [kdevtmpfs] (root,0,0,00:00:00/25-11:16:09,41) [netns] (root,0,0,00:00:00/25-11:16:09,42) [inet_frag_wq] (root,0,0,00:00:08/25-11:16:09,43) [kauditd] (root,0,0,00:00:00/25-11:16:09,44) [khungtaskd] (root,0,0,00:00:00/25-11:16:09,45) [oom_reaper] (root,0,0,00:00:00/25-11:16:09,46) [writeback] (root,0,0,00:01:21/25-11:16:09,47) [kcompactd0] (root,0,0,00:00:00/25-11:16:09,48) [ksmd] (root,0,0,00:01:23/25-11:16:09,49) [khugepaged] (root,0,0,00:00:00/25-11:16:09,75) [kintegrityd] (root,0,0,00:00:00/25-11:16:09,76) [kblockd] (root,0,0,00:00:00/25-11:16:09,77) [blkcg_punt_bio] (root,0,0,00:00:00/25-11:16:09,79) [tpm_dev_wq] (root,0,0,00:00:00/25-11:16:09,80) [edac-poller] (root,0,0,00:00:00/25-11:16:09,81) [devfreq_wq] (root,0,0,00:00:00/25-11:16:09,110) [watchdogd] (root,0,0,00:00:01/25-11:16:09,111) [kswapd0] (root,0,0,00:00:07/25-11:16:09,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/25-11:16:07,115) [kthrotld] (root,0,0,00:00:00/25-11:16:07,116) [mld] (root,0,0,00:00:00/25-11:16:07,117) [ipv6_addrconf] (root,0,0,00:00:07/25-11:16:07,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-11:16:07,123) [kstrp] (root,0,0,00:00:00/25-11:16:07,124) [zswap-shrink] (root,0,0,00:00:00/25-11:16:07,125) [kworker/u9:0] (root,0,0,00:00:00/25-11:16:07,130) [charger_manager] (root,0,0,00:00:07/25-11:16:07,172) [kworker/1:1H-kblockd] (root,0,0,00:00:11/25-11:16:07,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/25-11:16:06,239) [kaluad] (root,0,0,00:00:00/25-11:16:06,258) [kmpath_rdacd] (root,0,0,00:00:00/25-11:16:06,304) [kmpathd] (root,0,0,00:00:00/25-11:16:06,305) [kmpath_handlerd] (root,0,0,00:00:00/25-11:16:05,342) [ata_sff] (root,0,0,00:00:00/25-11:16:05,343) [scsi_eh_0] (root,0,0,00:00:00/25-11:16:05,344) [scsi_tmf_0] (root,0,0,00:00:00/25-11:16:05,345) [scsi_eh_1] (root,0,0,00:00:00/25-11:16:05,346) [scsi_tmf_1] (root,0,0,00:00:51/25-11:16:02,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-11:16:02,367) [ext4-rsv-conver] (root,38604,7992,00:00:39/25-11:15:50,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:03/25-11:15:49,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:40/25-11:15:47,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:14/25-11:15:16,511) /sbin/auditd (messagebus,22932,5912,00:01:17/25-11:15:15,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:44/25-11:15:15,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/25-11:15:15,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/25-11:15:13,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/25-11:15:13,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29508,00:00:30/25-11:14:59,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/25-11:14:59,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:35/25-11:14:59,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/25-11:14:59,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/25-11:14:59,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/25-11:14:59,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/25-11:14:59,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:37/25-11:14:59,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:41/25-11:14:59,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/25-11:14:59,1352) bpfilter_umh (root,26204,8212,00:00:12/25-11:14:59,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/25-11:14:59,1359) ntpd: asynchronous dns resolver (spot,296256,191520,1-14:53:04/25-11:14:58,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/25-11:14:58,1371) (sd-pam) (checkmk,48528,3192,00:00:00/25-11:14:58,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/25-11:14:58,1373) (sd-pam) (root,24216,5268,00:00:08/25-11:14:56,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/25-11:14:56,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/25-11:14:56,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/25-11:14:53,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:34/25-11:14:52,1527) sshd: syslogtunnel (root,693268,75792,00:35:14/25-11:14:50,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,218560,57868,00:14:33/25-11:14:38,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/19-16:50:13,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/25-11:14:13,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:25/25-11:14:13,3218) sshd: cm-ssh (root,0,0,00:00:00/02:23,5633) [kworker/3:0-ata_sff] (root,0,0,00:00:00/59:28,5871) [kworker/3:1-mm_percpu_wq] (root,0,0,00:00:00/19:18,6647) [kworker/u8:0] (root,0,0,00:00:00/07:33,13825) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:27:19,14592) [kworker/0:2-events] (root,0,0,00:00:00/02:04:22,16766) [kworker/u8:2-writeback] (postfix,24244,8260,00:00:00/54:53,17284) pickup -l -t fifo -u (root,6656,3488,00:00:00/00:00,18040) /bin/bash /usr/bin/check_mk_agent (root,13744,3372,00:00:00/00:00,18058) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,18059) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/26:51,18946) [kworker/1:1-events] (root,0,0,00:00:00/05:49,20406) [kworker/2:2-events] (root,0,0,00:00:00/14:49,21873) [kworker/1:0-events] (root,0,0,00:00:00/01:36:17,23197) [kworker/2:0-events] (root,0,0,00:00:00/11:50,31404) [kworker/0:1-events] (root,0,0,00:00:00/03:45,31830) [kworker/1:2] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-05 22:04 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363946d7e3dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:02/23-11:36:11,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-11:36:11,2) [kthreadd] (root,0,0,00:00:00/23-11:36:11,3) [rcu_gp] (root,0,0,00:00:00/23-11:36:11,4) [rcu_par_gp] (root,0,0,00:00:00/23-11:36:11,5) [slub_flushwq] (root,0,0,00:00:00/23-11:36:11,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-11:36:11,9) [mm_percpu_wq] (root,0,0,00:00:00/23-11:36:11,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-11:36:11,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-11:36:11,12) [rcu_tasks_trace] (root,0,0,00:00:45/23-11:36:11,13) [ksoftirqd/0] (root,0,0,01:08:56/23-11:36:11,14) [rcu_preempt] (root,0,0,00:00:09/23-11:36:11,15) [migration/0] (root,0,0,00:00:00/23-11:36:11,16) [idle_inject/0] (root,0,0,00:00:00/23-11:36:11,18) [cpuhp/0] (root,0,0,00:00:00/23-11:36:11,19) [cpuhp/1] (root,0,0,00:00:00/23-11:36:11,20) [idle_inject/1] (root,0,0,00:00:09/23-11:36:11,21) [migration/1] (root,0,0,00:00:36/23-11:36:11,22) [ksoftirqd/1] (root,0,0,00:00:00/23-11:36:11,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-11:36:11,25) [cpuhp/2] (root,0,0,00:00:00/23-11:36:11,26) [idle_inject/2] (root,0,0,00:00:07/23-11:36:11,27) [migration/2] (root,0,0,00:45:23/23-11:36:11,28) [ksoftirqd/2] (root,0,0,00:00:00/23-11:36:11,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-11:36:11,31) [cpuhp/3] (root,0,0,00:00:00/23-11:36:11,32) [idle_inject/3] (root,0,0,00:00:08/23-11:36:11,33) [migration/3] (root,0,0,00:02:21/23-11:36:11,34) [ksoftirqd/3] (root,0,0,00:00:00/23-11:36:11,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-11:36:11,40) [kdevtmpfs] (root,0,0,00:00:00/23-11:36:11,41) [netns] (root,0,0,00:00:00/23-11:36:11,42) [inet_frag_wq] (root,0,0,00:00:07/23-11:36:11,43) [kauditd] (root,0,0,00:00:00/23-11:36:11,44) [khungtaskd] (root,0,0,00:00:00/23-11:36:11,45) [oom_reaper] (root,0,0,00:00:00/23-11:36:11,46) [writeback] (root,0,0,00:01:15/23-11:36:11,47) [kcompactd0] (root,0,0,00:00:00/23-11:36:11,48) [ksmd] (root,0,0,00:01:16/23-11:36:11,49) [khugepaged] (root,0,0,00:00:00/23-11:36:11,75) [kintegrityd] (root,0,0,00:00:00/23-11:36:11,76) [kblockd] (root,0,0,00:00:00/23-11:36:11,77) [blkcg_punt_bio] (root,0,0,00:00:00/23-11:36:11,79) [tpm_dev_wq] (root,0,0,00:00:00/23-11:36:11,80) [edac-poller] (root,0,0,00:00:00/23-11:36:11,81) [devfreq_wq] (root,0,0,00:00:00/23-11:36:11,110) [watchdogd] (root,0,0,00:00:01/23-11:36:11,111) [kswapd0] (root,0,0,00:00:06/23-11:36:11,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/23-11:36:09,115) [kthrotld] (root,0,0,00:00:00/23-11:36:09,116) [mld] (root,0,0,00:00:00/23-11:36:09,117) [ipv6_addrconf] (root,0,0,00:00:06/23-11:36:09,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-11:36:09,123) [kstrp] (root,0,0,00:00:00/23-11:36:09,124) [zswap-shrink] (root,0,0,00:00:00/23-11:36:09,125) [kworker/u9:0] (root,0,0,00:00:00/23-11:36:09,130) [charger_manager] (root,0,0,00:00:07/23-11:36:09,172) [kworker/1:1H-kblockd] (root,0,0,00:00:10/23-11:36:09,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/23-11:36:08,239) [kaluad] (root,0,0,00:00:00/23-11:36:08,258) [kmpath_rdacd] (root,0,0,00:00:00/23-11:36:08,304) [kmpathd] (root,0,0,00:00:00/23-11:36:08,305) [kmpath_handlerd] (root,0,0,00:00:00/23-11:36:07,342) [ata_sff] (root,0,0,00:00:00/23-11:36:07,343) [scsi_eh_0] (root,0,0,00:00:00/23-11:36:07,344) [scsi_tmf_0] (root,0,0,00:00:00/23-11:36:07,345) [scsi_eh_1] (root,0,0,00:00:00/23-11:36:07,346) [scsi_tmf_1] (root,0,0,00:00:47/23-11:36:04,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-11:36:04,367) [ext4-rsv-conver] (root,38604,7992,00:00:35/23-11:35:52,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/23-11:35:51,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:37/23-11:35:49,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:12/23-11:35:18,511) /sbin/auditd (messagebus,22932,5912,00:01:08/23-11:35:17,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:39/23-11:35:17,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/23-11:35:17,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/23-11:35:15,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/23-11:35:15,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28468,00:00:27/23-11:35:01,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/23-11:35:01,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:25/23-11:35:01,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/23-11:35:01,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/23-11:35:01,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/23-11:35:01,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/23-11:35:01,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:33/23-11:35:01,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:24/23-11:35:01,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/23-11:35:01,1352) bpfilter_umh (root,26204,8212,00:00:10/23-11:35:01,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/23-11:35:01,1359) ntpd: asynchronous dns resolver (spot,291520,177964,1-12:27:44/23-11:35:00,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/23-11:35:00,1371) (sd-pam) (checkmk,48528,3192,00:00:00/23-11:35:00,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/23-11:35:00,1373) (sd-pam) (root,24216,5268,00:00:08/23-11:34:58,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/23-11:34:58,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/23-11:34:58,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/23-11:34:55,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:27/23-11:34:54,1527) sshd: syslogtunnel (root,692644,75232,00:32:29/23-11:34:52,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,56544,00:13:34/23-11:34:40,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/17-17:10:15,2557) tlsmgr -l -t unix -u (root,6656,3488,00:00:00/00:00,3049) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,3067) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,3068) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10108,00:00:00/23-11:34:15,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:18/23-11:34:15,3218) sshd: cm-ssh (root,0,0,00:00:00/01:40:34,3775) [kworker/1:2-events] (root,0,0,00:00:00/04:17:46,4562) [kworker/u8:0-writeback] (root,0,0,00:00:00/31:44,6461) [kworker/2:0] (root,0,0,00:00:00/23:50,8177) [kworker/3:2-events] (root,0,0,00:00:00/08:14,11797) [kworker/3:1-ata_sff] (root,0,0,00:00:00/40:28,12151) [kworker/0:1-cgroup_destroy] (postfix,24244,8228,00:00:00/01:36:45,13008) pickup -l -t fifo -u (root,0,0,00:00:00/15:49,16332) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/06:06,18134) [kworker/2:2-events] (root,0,0,00:00:00/37:32,20947) [kworker/1:1-events] (root,0,0,00:00:00/25:26,24948) [kworker/0:0-events] (root,0,0,00:00:00/03:04,26051) [kworker/3:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-03 22:24 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639277c436Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:54/21-11:30:36,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-11:30:36,2) [kthreadd] (root,0,0,00:00:00/21-11:30:36,3) [rcu_gp] (root,0,0,00:00:00/21-11:30:36,4) [rcu_par_gp] (root,0,0,00:00:00/21-11:30:36,5) [slub_flushwq] (root,0,0,00:00:00/21-11:30:36,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-11:30:36,9) [mm_percpu_wq] (root,0,0,00:00:00/21-11:30:36,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-11:30:36,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-11:30:36,12) [rcu_tasks_trace] (root,0,0,00:00:41/21-11:30:36,13) [ksoftirqd/0] (root,0,0,01:03:14/21-11:30:36,14) [rcu_preempt] (root,0,0,00:00:08/21-11:30:36,15) [migration/0] (root,0,0,00:00:00/21-11:30:36,16) [idle_inject/0] (root,0,0,00:00:00/21-11:30:36,18) [cpuhp/0] (root,0,0,00:00:00/21-11:30:36,19) [cpuhp/1] (root,0,0,00:00:00/21-11:30:36,20) [idle_inject/1] (root,0,0,00:00:08/21-11:30:36,21) [migration/1] (root,0,0,00:00:34/21-11:30:36,22) [ksoftirqd/1] (root,0,0,00:00:00/21-11:30:36,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-11:30:36,25) [cpuhp/2] (root,0,0,00:00:00/21-11:30:36,26) [idle_inject/2] (root,0,0,00:00:06/21-11:30:36,27) [migration/2] (root,0,0,00:42:33/21-11:30:36,28) [ksoftirqd/2] (root,0,0,00:00:00/21-11:30:36,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-11:30:36,31) [cpuhp/3] (root,0,0,00:00:00/21-11:30:36,32) [idle_inject/3] (root,0,0,00:00:08/21-11:30:36,33) [migration/3] (root,0,0,00:02:11/21-11:30:36,34) [ksoftirqd/3] (root,0,0,00:00:00/21-11:30:36,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-11:30:36,40) [kdevtmpfs] (root,0,0,00:00:00/21-11:30:36,41) [netns] (root,0,0,00:00:00/21-11:30:36,42) [inet_frag_wq] (root,0,0,00:00:06/21-11:30:36,43) [kauditd] (root,0,0,00:00:00/21-11:30:36,44) [khungtaskd] (root,0,0,00:00:00/21-11:30:36,45) [oom_reaper] (root,0,0,00:00:00/21-11:30:36,46) [writeback] (root,0,0,00:01:09/21-11:30:36,47) [kcompactd0] (root,0,0,00:00:00/21-11:30:36,48) [ksmd] (root,0,0,00:01:10/21-11:30:36,49) [khugepaged] (root,0,0,00:00:00/21-11:30:36,75) [kintegrityd] (root,0,0,00:00:00/21-11:30:36,76) [kblockd] (root,0,0,00:00:00/21-11:30:36,77) [blkcg_punt_bio] (root,0,0,00:00:00/21-11:30:36,79) [tpm_dev_wq] (root,0,0,00:00:00/21-11:30:36,80) [edac-poller] (root,0,0,00:00:00/21-11:30:36,81) [devfreq_wq] (root,0,0,00:00:00/21-11:30:36,110) [watchdogd] (root,0,0,00:00:01/21-11:30:36,111) [kswapd0] (root,0,0,00:00:05/21-11:30:36,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/21-11:30:34,115) [kthrotld] (root,0,0,00:00:00/21-11:30:34,116) [mld] (root,0,0,00:00:00/21-11:30:34,117) [ipv6_addrconf] (root,0,0,00:00:06/21-11:30:34,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-11:30:34,123) [kstrp] (root,0,0,00:00:00/21-11:30:34,124) [zswap-shrink] (root,0,0,00:00:00/21-11:30:34,125) [kworker/u9:0] (root,0,0,00:00:00/21-11:30:34,130) [charger_manager] (root,0,0,00:00:06/21-11:30:34,172) [kworker/1:1H-kblockd] (root,0,0,00:00:09/21-11:30:34,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/21-11:30:33,239) [kaluad] (root,0,0,00:00:00/21-11:30:33,258) [kmpath_rdacd] (root,0,0,00:00:00/21-11:30:33,304) [kmpathd] (root,0,0,00:00:00/21-11:30:33,305) [kmpath_handlerd] (root,0,0,00:00:00/21-11:30:32,342) [ata_sff] (root,0,0,00:00:00/21-11:30:32,343) [scsi_eh_0] (root,0,0,00:00:00/21-11:30:32,344) [scsi_tmf_0] (root,0,0,00:00:00/21-11:30:32,345) [scsi_eh_1] (root,0,0,00:00:00/21-11:30:32,346) [scsi_tmf_1] (root,0,0,00:00:43/21-11:30:29,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-11:30:29,367) [ext4-rsv-conver] (root,38604,7992,00:00:30/21-11:30:17,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/21-11:30:16,454) /usr/lib/systemd/systemd-udevd (root,0,0,00:00:00/33:17,461) [kworker/3:0-events] (root,8624,6244,00:00:34/21-11:30:14,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:10/21-11:29:43,511) /sbin/auditd (messagebus,22932,5912,00:00:57/21-11:29:42,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:33/21-11:29:42,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/21-11:29:42,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/21-11:29:40,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/21-11:29:40,616) /usr/sbin/wickedd-nanny --systemd --foreground (postfix,24244,8220,00:00:00/12:57,1289) pickup -l -t fifo -u (root,548104,28468,00:00:25/21-11:29:26,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/21-11:29:26,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:14/21-11:29:26,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/21-11:29:26,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/21-11:29:26,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/21-11:29:26,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/21-11:29:26,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:29/21-11:29:26,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:07/21-11:29:26,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/21-11:29:26,1352) bpfilter_umh (root,26204,8212,00:00:08/21-11:29:26,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/21-11:29:26,1359) ntpd: asynchronous dns resolver (spot,312764,199240,1-09:49:57/21-11:29:25,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/21-11:29:25,1371) (sd-pam) (checkmk,48528,3192,00:00:00/21-11:29:25,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/21-11:29:25,1373) (sd-pam) (root,24216,5268,00:00:07/21-11:29:23,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/21-11:29:23,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/21-11:29:23,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/21-11:29:20,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:19/21-11:29:19,1527) sshd: syslogtunnel (root,692388,74908,00:29:42/21-11:29:17,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,215488,54944,00:12:30/21-11:29:05,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/15-17:04:40,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/21-11:28:40,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:11/21-11:28:40,3218) sshd: cm-ssh (root,0,0,00:00:00/01:55:29,5153) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/12:25,5347) [kworker/1:2-events] (root,0,0,00:00:00/49:55,6565) [kworker/0:0] (root,0,0,00:00:00/49:13,9313) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/23:49,13755) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/02:09,14126) [kworker/3:2-ata_sff] (root,0,0,00:00:00/02:01:06,17228) [kworker/0:1-events] (root,0,0,00:00:00/01:02,17661) [kworker/1:1-events] (root,0,0,00:00:00/44:17,22368) [kworker/2:0-cgroup_destroy] (root,6656,3488,00:00:00/00:00,23580) /bin/bash /usr/bin/check_mk_agent (root,13744,3496,00:00:00/00:00,23598) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,23599) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:20,27741) [kworker/3:1-ata_sff] (root,0,0,00:00:01/03:09:11,29790) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-01 22:19 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683634e3ce2b3Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:44/19-11:33:17,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-11:33:17,2) [kthreadd] (root,0,0,00:00:00/19-11:33:17,3) [rcu_gp] (root,0,0,00:00:00/19-11:33:17,4) [rcu_par_gp] (root,0,0,00:00:00/19-11:33:17,5) [slub_flushwq] (root,0,0,00:00:00/19-11:33:17,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-11:33:17,9) [mm_percpu_wq] (root,0,0,00:00:00/19-11:33:17,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-11:33:17,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-11:33:17,12) [rcu_tasks_trace] (root,0,0,00:00:37/19-11:33:17,13) [ksoftirqd/0] (root,0,0,00:57:06/19-11:33:17,14) [rcu_preempt] (root,0,0,00:00:07/19-11:33:17,15) [migration/0] (root,0,0,00:00:00/19-11:33:17,16) [idle_inject/0] (root,0,0,00:00:00/19-11:33:17,18) [cpuhp/0] (root,0,0,00:00:00/19-11:33:17,19) [cpuhp/1] (root,0,0,00:00:00/19-11:33:17,20) [idle_inject/1] (root,0,0,00:00:07/19-11:33:17,21) [migration/1] (root,0,0,00:00:31/19-11:33:17,22) [ksoftirqd/1] (root,0,0,00:00:00/19-11:33:17,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-11:33:17,25) [cpuhp/2] (root,0,0,00:00:00/19-11:33:17,26) [idle_inject/2] (root,0,0,00:00:05/19-11:33:17,27) [migration/2] (root,0,0,00:39:01/19-11:33:17,28) [ksoftirqd/2] (root,0,0,00:00:00/19-11:33:17,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-11:33:17,31) [cpuhp/3] (root,0,0,00:00:00/19-11:33:17,32) [idle_inject/3] (root,0,0,00:00:07/19-11:33:17,33) [migration/3] (root,0,0,00:01:58/19-11:33:17,34) [ksoftirqd/3] (root,0,0,00:00:00/19-11:33:17,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-11:33:17,40) [kdevtmpfs] (root,0,0,00:00:00/19-11:33:17,41) [netns] (root,0,0,00:00:00/19-11:33:17,42) [inet_frag_wq] (root,0,0,00:00:05/19-11:33:17,43) [kauditd] (root,0,0,00:00:00/19-11:33:17,44) [khungtaskd] (root,0,0,00:00:00/19-11:33:17,45) [oom_reaper] (root,0,0,00:00:00/19-11:33:17,46) [writeback] (root,0,0,00:01:02/19-11:33:17,47) [kcompactd0] (root,0,0,00:00:00/19-11:33:17,48) [ksmd] (root,0,0,00:01:03/19-11:33:17,49) [khugepaged] (root,0,0,00:00:00/19-11:33:17,75) [kintegrityd] (root,0,0,00:00:00/19-11:33:17,76) [kblockd] (root,0,0,00:00:00/19-11:33:17,77) [blkcg_punt_bio] (root,0,0,00:00:00/19-11:33:17,79) [tpm_dev_wq] (root,0,0,00:00:00/19-11:33:17,80) [edac-poller] (root,0,0,00:00:00/19-11:33:17,81) [devfreq_wq] (root,0,0,00:00:00/19-11:33:17,110) [watchdogd] (root,0,0,00:00:01/19-11:33:17,111) [kswapd0] (root,0,0,00:00:05/19-11:33:17,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/19-11:33:15,115) [kthrotld] (root,0,0,00:00:00/19-11:33:15,116) [mld] (root,0,0,00:00:00/19-11:33:15,117) [ipv6_addrconf] (root,0,0,00:00:05/19-11:33:15,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-11:33:15,123) [kstrp] (root,0,0,00:00:00/19-11:33:15,124) [zswap-shrink] (root,0,0,00:00:00/19-11:33:15,125) [kworker/u9:0] (root,0,0,00:00:00/19-11:33:15,130) [charger_manager] (root,0,0,00:00:05/19-11:33:15,172) [kworker/1:1H-kblockd] (root,0,0,00:00:08/19-11:33:15,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/19-11:33:14,239) [kaluad] (root,0,0,00:00:00/19-11:33:14,258) [kmpath_rdacd] (root,0,0,00:00:00/19-11:33:14,304) [kmpathd] (root,0,0,00:00:00/19-11:33:14,305) [kmpath_handlerd] (root,0,0,00:00:00/19-11:33:13,342) [ata_sff] (root,0,0,00:00:00/19-11:33:13,343) [scsi_eh_0] (root,0,0,00:00:00/19-11:33:13,344) [scsi_tmf_0] (root,0,0,00:00:00/19-11:33:13,345) [scsi_eh_1] (root,0,0,00:00:00/19-11:33:13,346) [scsi_tmf_1] (root,0,0,00:00:38/19-11:33:10,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-11:33:10,367) [ext4-rsv-conver] (root,38604,7616,00:00:25/19-11:32:58,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/19-11:32:57,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:31/19-11:32:55,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:08/19-11:32:24,511) /sbin/auditd (messagebus,22932,5912,00:00:45/19-11:32:23,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:26/19-11:32:23,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/19-11:32:23,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/19-11:32:21,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/19-11:32:21,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/04:20,772) [kworker/3:1-ata_sff] (root,547848,27472,00:00:23/19-11:32:07,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/19-11:32:07,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:03/19-11:32:07,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/19-11:32:07,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/19-11:32:07,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/19-11:32:07,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/19-11:32:07,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:24/19-11:32:07,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:49/19-11:32:07,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/19-11:32:07,1352) bpfilter_umh (root,26204,8212,00:00:07/19-11:32:07,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/19-11:32:07,1359) ntpd: asynchronous dns resolver (spot,314812,199752,1-06:58:44/19-11:32:06,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/19-11:32:06,1371) (sd-pam) (checkmk,48528,3192,00:00:00/19-11:32:06,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/19-11:32:06,1373) (sd-pam) (root,24216,5268,00:00:06/19-11:32:04,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/19-11:32:04,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/19-11:32:04,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/19-11:32:01,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:10/19-11:32:00,1527) sshd: syslogtunnel (root,618656,71492,00:26:50/19-11:31:58,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,214464,53708,00:11:18/19-11:31:46,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/13-17:07:21,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/19-11:31:21,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:04/19-11:31:21,3218) sshd: cm-ssh (root,0,0,00:00:01/01:48:05,3324) [kworker/3:0-mm_percpu_wq] (root,0,0,00:00:00/06:21:56,5852) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/14:22,6566) [kworker/2:1] (root,0,0,00:00:00/01:44:01,12961) [kworker/2:0-events] (root,6656,3488,00:00:00/00:00,16165) /bin/bash /usr/bin/check_mk_agent (root,13744,3460,00:00:00/00:00,16183) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,16184) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/21:28,17258) [kworker/1:0-events] (root,0,0,00:00:00/09:31,17701) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:39:45,23780) [kworker/0:1-events] (root,0,0,00:00:00/37:58,25296) [kworker/u8:0-writeback] (root,0,0,00:00:00/01:07:52,29630) [kworker/1:2-events] (root,0,0,00:00:00/57:32,29670) [kworker/0:2-events] (postfix,24244,8268,00:00:00/36:33,29784) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-29 22:21 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836378051337Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:33/17-12:12:37,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-12:12:37,2) [kthreadd] (root,0,0,00:00:00/17-12:12:37,3) [rcu_gp] (root,0,0,00:00:00/17-12:12:37,4) [rcu_par_gp] (root,0,0,00:00:00/17-12:12:37,5) [slub_flushwq] (root,0,0,00:00:00/17-12:12:37,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-12:12:37,9) [mm_percpu_wq] (root,0,0,00:00:00/17-12:12:37,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-12:12:37,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-12:12:37,12) [rcu_tasks_trace] (root,0,0,00:00:33/17-12:12:37,13) [ksoftirqd/0] (root,0,0,00:50:17/17-12:12:37,14) [rcu_preempt] (root,0,0,00:00:06/17-12:12:37,15) [migration/0] (root,0,0,00:00:00/17-12:12:37,16) [idle_inject/0] (root,0,0,00:00:00/17-12:12:37,18) [cpuhp/0] (root,0,0,00:00:00/17-12:12:37,19) [cpuhp/1] (root,0,0,00:00:00/17-12:12:37,20) [idle_inject/1] (root,0,0,00:00:06/17-12:12:37,21) [migration/1] (root,0,0,00:00:27/17-12:12:37,22) [ksoftirqd/1] (root,0,0,00:00:00/17-12:12:37,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-12:12:37,25) [cpuhp/2] (root,0,0,00:00:00/17-12:12:37,26) [idle_inject/2] (root,0,0,00:00:05/17-12:12:37,27) [migration/2] (root,0,0,00:33:39/17-12:12:37,28) [ksoftirqd/2] (root,0,0,00:00:00/17-12:12:37,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-12:12:37,31) [cpuhp/3] (root,0,0,00:00:00/17-12:12:37,32) [idle_inject/3] (root,0,0,00:00:06/17-12:12:37,33) [migration/3] (root,0,0,00:01:40/17-12:12:37,34) [ksoftirqd/3] (root,0,0,00:00:00/17-12:12:37,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-12:12:37,40) [kdevtmpfs] (root,0,0,00:00:00/17-12:12:37,41) [netns] (root,0,0,00:00:00/17-12:12:37,42) [inet_frag_wq] (root,0,0,00:00:03/17-12:12:37,43) [kauditd] (root,0,0,00:00:00/17-12:12:37,44) [khungtaskd] (root,0,0,00:00:00/17-12:12:37,45) [oom_reaper] (root,0,0,00:00:00/17-12:12:37,46) [writeback] (root,0,0,00:00:55/17-12:12:37,47) [kcompactd0] (root,0,0,00:00:00/17-12:12:37,48) [ksmd] (root,0,0,00:00:56/17-12:12:37,49) [khugepaged] (root,0,0,00:00:00/17-12:12:37,75) [kintegrityd] (root,0,0,00:00:00/17-12:12:37,76) [kblockd] (root,0,0,00:00:00/17-12:12:37,77) [blkcg_punt_bio] (root,0,0,00:00:00/17-12:12:37,79) [tpm_dev_wq] (root,0,0,00:00:00/17-12:12:37,80) [edac-poller] (root,0,0,00:00:00/17-12:12:37,81) [devfreq_wq] (root,0,0,00:00:00/17-12:12:37,110) [watchdogd] (root,0,0,00:00:01/17-12:12:37,111) [kswapd0] (root,0,0,00:00:04/17-12:12:37,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/17-12:12:35,115) [kthrotld] (root,0,0,00:00:00/17-12:12:35,116) [mld] (root,0,0,00:00:00/17-12:12:35,117) [ipv6_addrconf] (root,0,0,00:00:04/17-12:12:35,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-12:12:35,123) [kstrp] (root,0,0,00:00:00/17-12:12:35,124) [zswap-shrink] (root,0,0,00:00:00/17-12:12:35,125) [kworker/u9:0] (root,0,0,00:00:00/17-12:12:35,130) [charger_manager] (root,0,0,00:00:05/17-12:12:35,172) [kworker/1:1H-kblockd] (root,0,0,00:00:07/17-12:12:35,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/17-12:12:34,239) [kaluad] (root,0,0,00:00:00/17-12:12:34,258) [kmpath_rdacd] (root,0,0,00:00:00/17-12:12:34,304) [kmpathd] (root,0,0,00:00:00/17-12:12:34,305) [kmpath_handlerd] (root,0,0,00:00:00/17-12:12:33,342) [ata_sff] (root,0,0,00:00:00/17-12:12:33,343) [scsi_eh_0] (root,0,0,00:00:00/17-12:12:33,344) [scsi_tmf_0] (root,0,0,00:00:00/17-12:12:33,345) [scsi_eh_1] (root,0,0,00:00:00/17-12:12:33,346) [scsi_tmf_1] (root,0,0,00:00:34/17-12:12:30,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-12:12:30,367) [ext4-rsv-conver] (root,38604,7616,00:00:19/17-12:12:18,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/17-12:12:17,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:27/17-12:12:15,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:06/17-12:11:44,511) /sbin/auditd (messagebus,22932,5912,00:00:31/17-12:11:43,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:18/17-12:11:43,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/17-12:11:43,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/17-12:11:41,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/17-12:11:41,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:20/17-12:11:27,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/17-12:11:27,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:50/17-12:11:27,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/17-12:11:27,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/17-12:11:27,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/17-12:11:27,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/17-12:11:27,1343) /usr/lib/systemd/systemd --user (root,448964,9120,00:00:19/17-12:11:27,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:30/17-12:11:27,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/17-12:11:27,1352) bpfilter_umh (root,26204,8212,00:00:04/17-12:11:27,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/17-12:11:27,1359) ntpd: asynchronous dns resolver (spot,315276,199868,1-03:00:32/17-12:11:26,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/17-12:11:26,1371) (sd-pam) (checkmk,48528,3192,00:00:00/17-12:11:26,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/17-12:11:26,1373) (sd-pam) (root,24216,5268,00:00:06/17-12:11:24,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/17-12:11:24,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/17-12:11:24,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/17-12:11:21,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:01/17-12:11:20,1527) sshd: syslogtunnel (root,618256,73116,00:23:55/17-12:11:18,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,214464,51672,00:10:01/17-12:11:06,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/11-17:46:41,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/58:09,2865) [kworker/0:0-events] (root,35308,10108,00:00:00/17-12:10:41,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:57/17-12:10:41,3218) sshd: cm-ssh (root,0,0,00:00:00/52:19,7010) [kworker/1:1-events] (root,0,0,00:00:00/21:33,9027) [kworker/2:1-events] (root,0,0,00:00:00/13:23,10786) [kworker/3:2-events] (root,0,0,00:00:00/04:35,12481) [kworker/0:1] (root,0,0,00:00:00/01:22:17,14908) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/03:00,17092) [kworker/3:1-ata_sff] (root,0,0,00:00:00/10:59,17782) [kworker/1:2-events] (postfix,24244,8324,00:00:00/01:37:50,18468) pickup -l -t fifo -u (root,0,0,00:00:01/02:33:11,19474) [kworker/2:0-events] (root,0,0,00:00:00/19:24,21348) [kworker/0:2-cgroup_destroy] (root,0,0,00:00:00/19:21,21562) [kworker/u8:0-flush-253:0] (root,6656,3488,00:00:00/00:00,25838) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,25879) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,25880) /bin/bash /usr/bin/check_mk_agent (root,4480,1036,00:00:00/00:00,25881) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,784,00:00:00/00:00,25882) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,696,00:00:00/00:00,25883) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3488,00:00:00/00:00,25884) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,25902) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,25903) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/08:12,31666) [kworker/3:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-27 23:01 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683636da25c8cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:23/15-09:22:33,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-09:22:33,2) [kthreadd] (root,0,0,00:00:00/15-09:22:33,3) [rcu_gp] (root,0,0,00:00:00/15-09:22:33,4) [rcu_par_gp] (root,0,0,00:00:00/15-09:22:33,5) [slub_flushwq] (root,0,0,00:00:00/15-09:22:33,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-09:22:33,9) [mm_percpu_wq] (root,0,0,00:00:00/15-09:22:33,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-09:22:33,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-09:22:33,12) [rcu_tasks_trace] (root,0,0,00:00:27/15-09:22:33,13) [ksoftirqd/0] (root,0,0,00:43:03/15-09:22:33,14) [rcu_preempt] (root,0,0,00:00:05/15-09:22:33,15) [migration/0] (root,0,0,00:00:00/15-09:22:33,16) [idle_inject/0] (root,0,0,00:00:00/15-09:22:33,18) [cpuhp/0] (root,0,0,00:00:00/15-09:22:33,19) [cpuhp/1] (root,0,0,00:00:00/15-09:22:33,20) [idle_inject/1] (root,0,0,00:00:05/15-09:22:33,21) [migration/1] (root,0,0,00:00:23/15-09:22:33,22) [ksoftirqd/1] (root,0,0,00:00:00/15-09:22:33,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-09:22:33,25) [cpuhp/2] (root,0,0,00:00:00/15-09:22:33,26) [idle_inject/2] (root,0,0,00:00:04/15-09:22:33,27) [migration/2] (root,0,0,00:27:57/15-09:22:33,28) [ksoftirqd/2] (root,0,0,00:00:00/15-09:22:33,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-09:22:33,31) [cpuhp/3] (root,0,0,00:00:00/15-09:22:33,32) [idle_inject/3] (root,0,0,00:00:05/15-09:22:33,33) [migration/3] (root,0,0,00:01:22/15-09:22:33,34) [ksoftirqd/3] (root,0,0,00:00:00/15-09:22:33,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-09:22:33,40) [kdevtmpfs] (root,0,0,00:00:00/15-09:22:33,41) [netns] (root,0,0,00:00:00/15-09:22:33,42) [inet_frag_wq] (root,0,0,00:00:01/15-09:22:33,43) [kauditd] (root,0,0,00:00:00/15-09:22:33,44) [khungtaskd] (root,0,0,00:00:00/15-09:22:33,45) [oom_reaper] (root,0,0,00:00:00/15-09:22:33,46) [writeback] (root,0,0,00:00:47/15-09:22:33,47) [kcompactd0] (root,0,0,00:00:00/15-09:22:33,48) [ksmd] (root,0,0,00:00:49/15-09:22:33,49) [khugepaged] (root,0,0,00:00:00/15-09:22:33,75) [kintegrityd] (root,0,0,00:00:00/15-09:22:33,76) [kblockd] (root,0,0,00:00:00/15-09:22:33,77) [blkcg_punt_bio] (root,0,0,00:00:00/15-09:22:33,79) [tpm_dev_wq] (root,0,0,00:00:00/15-09:22:33,80) [edac-poller] (root,0,0,00:00:00/15-09:22:33,81) [devfreq_wq] (root,0,0,00:00:00/15-09:22:33,110) [watchdogd] (root,0,0,00:00:01/15-09:22:33,111) [kswapd0] (root,0,0,00:00:04/15-09:22:33,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/15-09:22:31,115) [kthrotld] (root,0,0,00:00:00/15-09:22:31,116) [mld] (root,0,0,00:00:00/15-09:22:31,117) [ipv6_addrconf] (root,0,0,00:00:04/15-09:22:31,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-09:22:31,123) [kstrp] (root,0,0,00:00:00/15-09:22:31,124) [zswap-shrink] (root,0,0,00:00:00/15-09:22:31,125) [kworker/u9:0] (root,0,0,00:00:00/15-09:22:31,130) [charger_manager] (root,0,0,00:00:04/15-09:22:31,172) [kworker/1:1H-kblockd] (root,0,0,00:00:06/15-09:22:31,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/15-09:22:30,239) [kaluad] (root,0,0,00:00:00/15-09:22:30,258) [kmpath_rdacd] (root,0,0,00:00:00/15-09:22:30,304) [kmpathd] (root,0,0,00:00:00/15-09:22:30,305) [kmpath_handlerd] (root,0,0,00:00:00/15-09:22:29,342) [ata_sff] (root,0,0,00:00:00/15-09:22:29,343) [scsi_eh_0] (root,0,0,00:00:00/15-09:22:29,344) [scsi_tmf_0] (root,0,0,00:00:00/15-09:22:29,345) [scsi_eh_1] (root,0,0,00:00:00/15-09:22:29,346) [scsi_tmf_1] (root,0,0,00:00:29/15-09:22:26,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-09:22:26,367) [ext4-rsv-conver] (root,38604,7616,00:00:13/15-09:22:14,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/15-09:22:13,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:23/15-09:22:11,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:04/15-09:21:40,511) /sbin/auditd (messagebus,22932,5912,00:00:18/15-09:21:39,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:11/15-09:21:39,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/15-09:21:39,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/15-09:21:37,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/15-09:21:37,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,6764,3644,00:00:00/00:01,707) /bin/bash /usr/bin/check_mk_agent (root,6656,3492,00:00:00/00:00,875) /bin/bash /usr/bin/check_mk_agent (root,6292,3124,00:00:00/00:00,883) /bin/bash ././mk_inventory.linux (root,28304,8008,00:00:00/00:00,894) rpm -qa --qf %{NAME}\t%{VERSION}\t%{ARCH}\trpm\t%{RELEASE}\t%{SUMMARY}\t-\n (root,13744,3432,00:00:00/00:00,902) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,903) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,547848,26432,00:00:18/15-09:21:23,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/15-09:21:23,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:35/15-09:21:23,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/15-09:21:23,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/15-09:21:23,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/15-09:21:23,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/15-09:21:23,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:14/15-09:21:23,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:10/15-09:21:23,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/15-09:21:23,1352) bpfilter_umh (root,26204,8212,00:00:03/15-09:21:23,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/15-09:21:23,1359) ntpd: asynchronous dns resolver (spot,315052,199812,22:06:28/15-09:21:22,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/15-09:21:22,1371) (sd-pam) (checkmk,48528,3192,00:00:00/15-09:21:22,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/15-09:21:22,1373) (sd-pam) (root,24216,5268,00:00:05/15-09:21:20,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/15-09:21:20,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/15-09:21:20,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/15-09:21:17,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:52/15-09:21:16,1527) sshd: syslogtunnel (root,617868,72916,00:20:51/15-09:21:14,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,49856,00:08:39/15-09:21:02,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/9-14:56:37,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:46:10,2845) [kworker/0:2-events] (root,35308,10108,00:00:00/15-09:20:37,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:49/15-09:20:37,3218) sshd: cm-ssh (root,0,0,00:00:00/30:40,4560) [kworker/3:0-events] (root,0,0,00:00:00/01:21:16,6932) [kworker/2:2-events] (root,0,0,00:00:00/19:02,9389) [kworker/1:1] (root,0,0,00:00:00/10:43,13705) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/09:54,15511) [kworker/3:1-ata_sff] (postfix,24244,8280,00:00:00/49:39,20164) pickup -l -t fifo -u (root,0,0,00:00:00/05:29:40,21313) [kworker/0:0-events] (root,0,0,00:00:01/05:04:50,24128) [kworker/1:2-events] (root,0,0,00:00:00/04:44,26523) [kworker/3:2-mm_percpu_wq] (root,0,0,00:00:00/02:10:59,29013) [kworker/2:0-events] (root,0,0,00:00:00/04:13:52,31205) [kworker/u8:0-writeback] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-25 20:11 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ea430939Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:20/13-12:05:26,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-12:05:26,2) [kthreadd] (root,0,0,00:00:00/13-12:05:26,3) [rcu_gp] (root,0,0,00:00:00/13-12:05:26,4) [rcu_par_gp] (root,0,0,00:00:00/13-12:05:26,5) [slub_flushwq] (root,0,0,00:00:00/13-12:05:26,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-12:05:26,9) [mm_percpu_wq] (root,0,0,00:00:00/13-12:05:26,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-12:05:26,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-12:05:26,12) [rcu_tasks_trace] (root,0,0,00:00:23/13-12:05:26,13) [ksoftirqd/0] (root,0,0,00:37:10/13-12:05:26,14) [rcu_preempt] (root,0,0,00:00:05/13-12:05:26,15) [migration/0] (root,0,0,00:00:00/13-12:05:26,16) [idle_inject/0] (root,0,0,00:00:00/13-12:05:26,18) [cpuhp/0] (root,0,0,00:00:00/13-12:05:26,19) [cpuhp/1] (root,0,0,00:00:00/13-12:05:26,20) [idle_inject/1] (root,0,0,00:00:05/13-12:05:26,21) [migration/1] (root,0,0,00:00:20/13-12:05:26,22) [ksoftirqd/1] (root,0,0,00:00:00/13-12:05:26,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-12:05:26,25) [cpuhp/2] (root,0,0,00:00:00/13-12:05:26,26) [idle_inject/2] (root,0,0,00:00:03/13-12:05:26,27) [migration/2] (root,0,0,00:24:30/13-12:05:26,28) [ksoftirqd/2] (root,0,0,00:00:00/13-12:05:26,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-12:05:26,31) [cpuhp/3] (root,0,0,00:00:00/13-12:05:26,32) [idle_inject/3] (root,0,0,00:00:04/13-12:05:26,33) [migration/3] (root,0,0,00:01:10/13-12:05:26,34) [ksoftirqd/3] (root,0,0,00:00:00/13-12:05:26,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-12:05:26,40) [kdevtmpfs] (root,0,0,00:00:00/13-12:05:26,41) [netns] (root,0,0,00:00:00/13-12:05:26,42) [inet_frag_wq] (root,0,0,00:00:01/13-12:05:26,43) [kauditd] (root,0,0,00:00:00/13-12:05:26,44) [khungtaskd] (root,0,0,00:00:00/13-12:05:26,45) [oom_reaper] (root,0,0,00:00:00/13-12:05:26,46) [writeback] (root,0,0,00:00:41/13-12:05:26,47) [kcompactd0] (root,0,0,00:00:00/13-12:05:26,48) [ksmd] (root,0,0,00:00:43/13-12:05:26,49) [khugepaged] (root,0,0,00:00:00/13-12:05:26,75) [kintegrityd] (root,0,0,00:00:00/13-12:05:26,76) [kblockd] (root,0,0,00:00:00/13-12:05:26,77) [blkcg_punt_bio] (root,0,0,00:00:00/13-12:05:26,79) [tpm_dev_wq] (root,0,0,00:00:00/13-12:05:26,80) [edac-poller] (root,0,0,00:00:00/13-12:05:26,81) [devfreq_wq] (root,0,0,00:00:00/13-12:05:26,110) [watchdogd] (root,0,0,00:00:01/13-12:05:26,111) [kswapd0] (root,0,0,00:00:03/13-12:05:26,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/13-12:05:24,115) [kthrotld] (root,0,0,00:00:00/13-12:05:24,116) [mld] (root,0,0,00:00:00/13-12:05:24,117) [ipv6_addrconf] (root,0,0,00:00:03/13-12:05:24,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-12:05:24,123) [kstrp] (root,0,0,00:00:00/13-12:05:24,124) [zswap-shrink] (root,0,0,00:00:00/13-12:05:24,125) [kworker/u9:0] (root,0,0,00:00:00/13-12:05:24,130) [charger_manager] (root,0,0,00:00:03/13-12:05:24,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/13-12:05:24,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/13-12:05:23,239) [kaluad] (root,0,0,00:00:00/13-12:05:23,258) [kmpath_rdacd] (root,0,0,00:00:00/13-12:05:23,304) [kmpathd] (root,0,0,00:00:00/13-12:05:23,305) [kmpath_handlerd] (root,0,0,00:00:00/13-12:05:22,342) [ata_sff] (root,0,0,00:00:00/13-12:05:22,343) [scsi_eh_0] (root,0,0,00:00:00/13-12:05:22,344) [scsi_tmf_0] (root,0,0,00:00:00/13-12:05:22,345) [scsi_eh_1] (root,0,0,00:00:00/13-12:05:22,346) [scsi_tmf_1] (root,0,0,00:00:25/13-12:05:19,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-12:05:19,367) [ext4-rsv-conver] (root,38604,7616,00:00:12/13-12:05:07,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/13-12:05:06,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:20/13-12:05:04,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/13-12:04:33,511) /sbin/auditd (messagebus,22932,5912,00:00:16/13-12:04:32,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:10/13-12:04:32,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/13-12:04:32,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/13-12:04:30,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/13-12:04:30,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26172,00:00:15/13-12:04:16,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/13-12:04:16,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:24/13-12:04:16,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/13-12:04:16,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/13-12:04:16,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/13-12:04:16,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/13-12:04:16,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:13/13-12:04:16,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:54/13-12:04:16,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/13-12:04:16,1352) bpfilter_umh (root,26204,8212,00:00:02/13-12:04:16,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/13-12:04:16,1359) ntpd: asynchronous dns resolver (spot,306076,189888,18:38:06/13-12:04:15,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/13-12:04:15,1371) (sd-pam) (checkmk,48528,3192,00:00:00/13-12:04:15,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/13-12:04:15,1373) (sd-pam) (root,24216,5268,00:00:04/13-12:04:13,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/13-12:04:13,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/13-12:04:13,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/13-12:04:10,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:45/13-12:04:09,1527) sshd: syslogtunnel (root,617868,72668,00:18:11/13-12:04:07,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,48312,00:07:28/13-12:03:55,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/7-17:39:30,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/13-12:03:30,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:43/13-12:03:30,3218) sshd: cm-ssh (root,0,0,00:00:00/47:08,5639) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/01:11:41,14919) [kworker/1:0-events] (root,0,0,00:00:00/02:00:19,16390) [kworker/u8:1-writeback] (root,0,0,00:00:00/01:05,16651) [kworker/3:0-ata_sff] (root,0,0,00:00:00/43:36,21144) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/06:15,21798) [kworker/3:2-ata_sff] (root,0,0,00:00:00/59:32,21914) [kworker/1:1-cgroup_destroy] (root,6764,3600,00:00:00/00:00,21970) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,22116) /bin/bash /usr/bin/check_mk_agent (root,6292,3116,00:00:00/00:00,22129) /bin/bash ././mk_inventory.linux (root,27524,6584,00:00:00/00:00,22144) rpm -qa --qf %{NAME}\t%{VERSION}\t%{ARCH}\trpm\t%{RELEASE}\t%{SUMMARY}\t-\n (root,13744,3384,00:00:00/00:00,22145) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,22146) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8228,00:00:00/34:22,24772) pickup -l -t fifo -u (root,0,0,00:00:00/01:48:40,25621) [kworker/2:0-events] (root,0,0,00:00:00/42:36,25940) [kworker/3:1-events] (root,0,0,00:00:00/22:52,29874) [kworker/0:2-events] (root,0,0,00:00:00/01:36:21,31978) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-23 22:54 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363184c5acdFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:17/11-09:19:19,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-09:19:19,2) [kthreadd] (root,0,0,00:00:00/11-09:19:19,3) [rcu_gp] (root,0,0,00:00:00/11-09:19:19,4) [rcu_par_gp] (root,0,0,00:00:00/11-09:19:19,5) [slub_flushwq] (root,0,0,00:00:00/11-09:19:19,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-09:19:19,9) [mm_percpu_wq] (root,0,0,00:00:00/11-09:19:19,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-09:19:19,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-09:19:19,12) [rcu_tasks_trace] (root,0,0,00:00:19/11-09:19:19,13) [ksoftirqd/0] (root,0,0,00:31:15/11-09:19:19,14) [rcu_preempt] (root,0,0,00:00:04/11-09:19:19,15) [migration/0] (root,0,0,00:00:00/11-09:19:19,16) [idle_inject/0] (root,0,0,00:00:00/11-09:19:19,18) [cpuhp/0] (root,0,0,00:00:00/11-09:19:19,19) [cpuhp/1] (root,0,0,00:00:00/11-09:19:19,20) [idle_inject/1] (root,0,0,00:00:04/11-09:19:19,21) [migration/1] (root,0,0,00:00:16/11-09:19:19,22) [ksoftirqd/1] (root,0,0,00:00:00/11-09:19:19,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-09:19:19,25) [cpuhp/2] (root,0,0,00:00:00/11-09:19:19,26) [idle_inject/2] (root,0,0,00:00:03/11-09:19:19,27) [migration/2] (root,0,0,00:20:45/11-09:19:19,28) [ksoftirqd/2] (root,0,0,00:00:00/11-09:19:19,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-09:19:19,31) [cpuhp/3] (root,0,0,00:00:00/11-09:19:19,32) [idle_inject/3] (root,0,0,00:00:04/11-09:19:19,33) [migration/3] (root,0,0,00:00:59/11-09:19:19,34) [ksoftirqd/3] (root,0,0,00:00:00/11-09:19:19,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-09:19:19,40) [kdevtmpfs] (root,0,0,00:00:00/11-09:19:19,41) [netns] (root,0,0,00:00:00/11-09:19:19,42) [inet_frag_wq] (root,0,0,00:00:01/11-09:19:19,43) [kauditd] (root,0,0,00:00:00/11-09:19:19,44) [khungtaskd] (root,0,0,00:00:00/11-09:19:19,45) [oom_reaper] (root,0,0,00:00:00/11-09:19:19,46) [writeback] (root,0,0,00:00:34/11-09:19:19,47) [kcompactd0] (root,0,0,00:00:00/11-09:19:19,48) [ksmd] (root,0,0,00:00:37/11-09:19:19,49) [khugepaged] (root,0,0,00:00:00/11-09:19:19,75) [kintegrityd] (root,0,0,00:00:00/11-09:19:19,76) [kblockd] (root,0,0,00:00:00/11-09:19:19,77) [blkcg_punt_bio] (root,0,0,00:00:00/11-09:19:19,79) [tpm_dev_wq] (root,0,0,00:00:00/11-09:19:19,80) [edac-poller] (root,0,0,00:00:00/11-09:19:19,81) [devfreq_wq] (root,0,0,00:00:00/11-09:19:19,110) [watchdogd] (root,0,0,00:00:00/11-09:19:19,111) [kswapd0] (root,0,0,00:00:02/11-09:19:19,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-09:19:17,115) [kthrotld] (root,0,0,00:00:00/11-09:19:17,116) [mld] (root,0,0,00:00:00/11-09:19:17,117) [ipv6_addrconf] (root,0,0,00:00:03/11-09:19:17,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-09:19:17,123) [kstrp] (root,0,0,00:00:00/11-09:19:17,124) [zswap-shrink] (root,0,0,00:00:00/11-09:19:17,125) [kworker/u9:0] (root,0,0,00:00:00/11-09:19:17,130) [charger_manager] (root,0,0,00:00:03/11-09:19:17,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/11-09:19:17,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/11-09:19:16,239) [kaluad] (root,0,0,00:00:00/11-09:19:16,258) [kmpath_rdacd] (root,0,0,00:00:00/11-09:19:16,304) [kmpathd] (root,0,0,00:00:00/11-09:19:16,305) [kmpath_handlerd] (root,0,0,00:00:00/11-09:19:15,342) [ata_sff] (root,0,0,00:00:00/11-09:19:15,343) [scsi_eh_0] (root,0,0,00:00:00/11-09:19:15,344) [scsi_tmf_0] (root,0,0,00:00:00/11-09:19:15,345) [scsi_eh_1] (root,0,0,00:00:00/11-09:19:15,346) [scsi_tmf_1] (root,0,0,00:00:21/11-09:19:12,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-09:19:12,367) [ext4-rsv-conver] (root,38604,7616,00:00:10/11-09:19:00,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/11-09:18:59,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:17/11-09:18:57,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/11-09:18:26,511) /sbin/auditd (messagebus,22932,5912,00:00:14/11-09:18:25,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8380,00:00:08/11-09:18:25,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/11-09:18:25,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/11-09:18:23,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/11-09:18:23,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25104,00:00:13/11-09:18:09,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/11-09:18:09,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:09/11-09:18:09,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/11-09:18:09,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/11-09:18:09,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/11-09:18:09,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/11-09:18:09,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:11/11-09:18:09,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:36/11-09:18:09,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/11-09:18:09,1352) bpfilter_umh (root,26204,8212,00:00:02/11-09:18:09,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/11-09:18:09,1359) ntpd: asynchronous dns resolver (spot,293884,179332,15:16:58/11-09:18:08,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/11-09:18:08,1371) (sd-pam) (checkmk,48528,3192,00:00:00/11-09:18:08,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/11-09:18:08,1373) (sd-pam) (root,24216,5268,00:00:03/11-09:18:06,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/11-09:18:06,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/11-09:18:06,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/11-09:18:03,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:38/11-09:18:02,1527) sshd: syslogtunnel (root,617612,70244,00:15:19/11-09:18:00,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,210368,47012,00:06:14/11-09:17:48,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/5-14:53:23,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/06:13,3054) [kworker/3:0-ata_sff] (root,35308,10108,00:00:00/11-09:17:23,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:36/11-09:17:23,3218) sshd: cm-ssh (root,0,0,00:00:02/19:27:52,7785) [kworker/2:1-events] (root,0,0,00:00:00/04:17:29,14868) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/01:01,18786) [kworker/3:1-ata_sff] (root,0,0,00:00:00/02:16:26,19628) [kworker/0:1-events] (root,0,0,00:00:00/01:51:59,20763) [kworker/1:0-events] (root,0,0,00:00:00/01:39:36,21401) [kworker/3:2-events] (postfix,24244,8132,00:00:00/01:29:19,21716) pickup -l -t fifo -u (root,6656,3476,00:00:00/00:00,23306) /bin/bash /usr/bin/check_mk_agent (root,13744,3372,00:00:00/00:00,23324) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,23325) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:16:02,24825) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/51:42,28099) [kworker/1:2-events] (root,0,0,00:00:00/27:33,29792) [kworker/0:0-events] (root,0,0,00:00:00/03:40:58,30150) [kworker/u8:1-ext4-rsv-conversion] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-21 20:07 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683637b7b3bb8Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:15/9-09:38:26,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-09:38:26,2) [kthreadd] (root,0,0,00:00:00/9-09:38:26,3) [rcu_gp] (root,0,0,00:00:00/9-09:38:26,4) [rcu_par_gp] (root,0,0,00:00:00/9-09:38:26,5) [slub_flushwq] (root,0,0,00:00:00/9-09:38:26,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-09:38:26,9) [mm_percpu_wq] (root,0,0,00:00:00/9-09:38:26,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-09:38:26,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-09:38:26,12) [rcu_tasks_trace] (root,0,0,00:00:16/9-09:38:26,13) [ksoftirqd/0] (root,0,0,00:25:29/9-09:38:26,14) [rcu_preempt] (root,0,0,00:00:03/9-09:38:26,15) [migration/0] (root,0,0,00:00:00/9-09:38:26,16) [idle_inject/0] (root,0,0,00:00:00/9-09:38:26,18) [cpuhp/0] (root,0,0,00:00:00/9-09:38:26,19) [cpuhp/1] (root,0,0,00:00:00/9-09:38:26,20) [idle_inject/1] (root,0,0,00:00:03/9-09:38:26,21) [migration/1] (root,0,0,00:00:13/9-09:38:26,22) [ksoftirqd/1] (root,0,0,00:00:00/9-09:38:26,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-09:38:26,25) [cpuhp/2] (root,0,0,00:00:00/9-09:38:26,26) [idle_inject/2] (root,0,0,00:00:02/9-09:38:26,27) [migration/2] (root,0,0,00:17:05/9-09:38:26,28) [ksoftirqd/2] (root,0,0,00:00:00/9-09:38:26,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-09:38:26,31) [cpuhp/3] (root,0,0,00:00:00/9-09:38:26,32) [idle_inject/3] (root,0,0,00:00:03/9-09:38:26,33) [migration/3] (root,0,0,00:00:48/9-09:38:26,34) [ksoftirqd/3] (root,0,0,00:00:00/9-09:38:26,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-09:38:26,40) [kdevtmpfs] (root,0,0,00:00:00/9-09:38:26,41) [netns] (root,0,0,00:00:00/9-09:38:26,42) [inet_frag_wq] (root,0,0,00:00:01/9-09:38:26,43) [kauditd] (root,0,0,00:00:00/9-09:38:26,44) [khungtaskd] (root,0,0,00:00:00/9-09:38:26,45) [oom_reaper] (root,0,0,00:00:00/9-09:38:26,46) [writeback] (root,0,0,00:00:28/9-09:38:26,47) [kcompactd0] (root,0,0,00:00:00/9-09:38:26,48) [ksmd] (root,0,0,00:00:31/9-09:38:26,49) [khugepaged] (root,0,0,00:00:00/9-09:38:26,75) [kintegrityd] (root,0,0,00:00:00/9-09:38:26,76) [kblockd] (root,0,0,00:00:00/9-09:38:26,77) [blkcg_punt_bio] (root,0,0,00:00:00/9-09:38:26,79) [tpm_dev_wq] (root,0,0,00:00:00/9-09:38:26,80) [edac-poller] (root,0,0,00:00:00/9-09:38:26,81) [devfreq_wq] (root,0,0,00:00:00/9-09:38:26,110) [watchdogd] (root,0,0,00:00:00/9-09:38:26,111) [kswapd0] (root,0,0,00:00:02/9-09:38:26,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-09:38:24,115) [kthrotld] (root,0,0,00:00:00/9-09:38:24,116) [mld] (root,0,0,00:00:00/9-09:38:24,117) [ipv6_addrconf] (root,0,0,00:00:02/9-09:38:24,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-09:38:24,123) [kstrp] (root,0,0,00:00:00/9-09:38:24,124) [zswap-shrink] (root,0,0,00:00:00/9-09:38:24,125) [kworker/u9:0] (root,0,0,00:00:00/9-09:38:24,130) [charger_manager] (root,0,0,00:00:02/9-09:38:24,172) [kworker/1:1H-kblockd] (root,0,0,00:00:04/9-09:38:24,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/9-09:38:23,239) [kaluad] (root,0,0,00:00:00/9-09:38:23,258) [kmpath_rdacd] (root,0,0,00:00:00/9-09:38:23,304) [kmpathd] (root,0,0,00:00:00/9-09:38:23,305) [kmpath_handlerd] (root,0,0,00:00:00/9-09:38:22,342) [ata_sff] (root,0,0,00:00:00/9-09:38:22,343) [scsi_eh_0] (root,0,0,00:00:00/9-09:38:22,344) [scsi_tmf_0] (root,0,0,00:00:00/9-09:38:22,345) [scsi_eh_1] (root,0,0,00:00:00/9-09:38:22,346) [scsi_tmf_1] (root,0,0,00:00:17/9-09:38:19,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-09:38:19,367) [ext4-rsv-conver] (root,38604,7616,00:00:08/9-09:38:07,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/9-09:38:06,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:14/9-09:38:04,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/9-09:37:33,511) /sbin/auditd (messagebus,22932,5912,00:00:11/9-09:37:32,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8368,00:00:07/9-09:37:32,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/9-09:37:32,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/9-09:37:30,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/9-09:37:30,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,24840,00:00:10/9-09:37:16,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/9-09:37:16,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:59/9-09:37:16,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/9-09:37:16,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/9-09:37:16,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/9-09:37:16,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/9-09:37:16,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:09/9-09:37:16,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:19/9-09:37:16,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/9-09:37:16,1352) bpfilter_umh (root,26204,8212,00:00:01/9-09:37:16,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/9-09:37:16,1359) ntpd: asynchronous dns resolver (spot,293904,180184,12:09:50/9-09:37:15,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/9-09:37:15,1371) (sd-pam) (checkmk,48528,3192,00:00:00/9-09:37:15,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/9-09:37:15,1373) (sd-pam) (root,24216,5268,00:00:03/9-09:37:13,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/9-09:37:13,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/9-09:37:13,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/9-09:37:10,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:31/9-09:37:09,1527) sshd: syslogtunnel (root,617356,69948,00:12:35/9-09:37:07,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,45712,00:05:04/9-09:36:55,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/3-15:12:30,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/9-09:36:30,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:30/9-09:36:30,3218) sshd: cm-ssh (root,6656,3508,00:00:00/00:00,5471) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,5578) /bin/bash /usr/bin/check_mk_agent (root,13744,3372,00:00:00/00:00,5598) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,5599) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/04:32:16,8172) [kworker/2:2-events] (root,0,0,00:00:00/09:14,10860) [kworker/3:1-events] (root,0,0,00:00:00/31:00,11212) [kworker/2:0-events] (root,0,0,00:00:00/02:56:39,14431) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/01:56:36,14915) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/06:42,15432) [kworker/0:2-events] (root,0,0,00:00:00/01:43:03,15893) [kworker/0:0-events] (postfix,24244,8200,00:00:00/30:08,19776) pickup -l -t fifo -u (root,0,0,00:00:00/30:00,21062) [kworker/3:0-ata_sff] (root,0,0,00:00:00/42:57,22079) [kworker/1:1] (root,0,0,00:00:00/04:03,22203) [kworker/3:2-ata_sff] (root,0,0,00:00:01/04:56:30,26887) [kworker/1:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-19 20:27 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836304db6084Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:12/7-11:24:01,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-11:24:01,2) [kthreadd] (root,0,0,00:00:00/7-11:24:01,3) [rcu_gp] (root,0,0,00:00:00/7-11:24:01,4) [rcu_par_gp] (root,0,0,00:00:00/7-11:24:01,5) [slub_flushwq] (root,0,0,00:00:00/7-11:24:01,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-11:24:01,9) [mm_percpu_wq] (root,0,0,00:00:00/7-11:24:01,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-11:24:01,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-11:24:01,12) [rcu_tasks_trace] (root,0,0,00:00:12/7-11:24:01,13) [ksoftirqd/0] (root,0,0,00:19:52/7-11:24:01,14) [rcu_preempt] (root,0,0,00:00:02/7-11:24:01,15) [migration/0] (root,0,0,00:00:00/7-11:24:01,16) [idle_inject/0] (root,0,0,00:00:00/7-11:24:01,18) [cpuhp/0] (root,0,0,00:00:00/7-11:24:01,19) [cpuhp/1] (root,0,0,00:00:00/7-11:24:01,20) [idle_inject/1] (root,0,0,00:00:03/7-11:24:01,21) [migration/1] (root,0,0,00:00:10/7-11:24:01,22) [ksoftirqd/1] (root,0,0,00:00:00/7-11:24:01,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-11:24:01,25) [cpuhp/2] (root,0,0,00:00:00/7-11:24:01,26) [idle_inject/2] (root,0,0,00:00:02/7-11:24:01,27) [migration/2] (root,0,0,00:13:04/7-11:24:01,28) [ksoftirqd/2] (root,0,0,00:00:00/7-11:24:01,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-11:24:01,31) [cpuhp/3] (root,0,0,00:00:00/7-11:24:01,32) [idle_inject/3] (root,0,0,00:00:02/7-11:24:01,33) [migration/3] (root,0,0,00:00:36/7-11:24:01,34) [ksoftirqd/3] (root,0,0,00:00:00/7-11:24:01,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-11:24:01,40) [kdevtmpfs] (root,0,0,00:00:00/7-11:24:01,41) [netns] (root,0,0,00:00:00/7-11:24:01,42) [inet_frag_wq] (root,0,0,00:00:00/7-11:24:01,43) [kauditd] (root,0,0,00:00:00/7-11:24:01,44) [khungtaskd] (root,0,0,00:00:00/7-11:24:01,45) [oom_reaper] (root,0,0,00:00:00/7-11:24:01,46) [writeback] (root,0,0,00:00:22/7-11:24:01,47) [kcompactd0] (root,0,0,00:00:00/7-11:24:01,48) [ksmd] (root,0,0,00:00:24/7-11:24:01,49) [khugepaged] (root,0,0,00:00:00/7-11:24:01,75) [kintegrityd] (root,0,0,00:00:00/7-11:24:01,76) [kblockd] (root,0,0,00:00:00/7-11:24:01,77) [blkcg_punt_bio] (root,0,0,00:00:00/7-11:24:01,79) [tpm_dev_wq] (root,0,0,00:00:00/7-11:24:01,80) [edac-poller] (root,0,0,00:00:00/7-11:24:01,81) [devfreq_wq] (root,0,0,00:00:00/7-11:24:01,110) [watchdogd] (root,0,0,00:00:00/7-11:24:01,111) [kswapd0] (root,0,0,00:00:01/7-11:24:01,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-11:23:59,115) [kthrotld] (root,0,0,00:00:00/7-11:23:59,116) [mld] (root,0,0,00:00:00/7-11:23:59,117) [ipv6_addrconf] (root,0,0,00:00:01/7-11:23:59,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-11:23:59,123) [kstrp] (root,0,0,00:00:00/7-11:23:59,124) [zswap-shrink] (root,0,0,00:00:00/7-11:23:59,125) [kworker/u9:0] (root,0,0,00:00:00/7-11:23:59,130) [charger_manager] (root,0,0,00:00:02/7-11:23:59,172) [kworker/1:1H-kblockd] (root,0,0,00:00:03/7-11:23:59,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/7-11:23:58,239) [kaluad] (root,0,0,00:00:00/7-11:23:58,258) [kmpath_rdacd] (root,0,0,00:00:00/7-11:23:58,304) [kmpathd] (root,0,0,00:00:00/7-11:23:58,305) [kmpath_handlerd] (root,0,0,00:00:00/7-11:23:57,342) [ata_sff] (root,0,0,00:00:00/7-11:23:57,343) [scsi_eh_0] (root,0,0,00:00:00/7-11:23:57,344) [scsi_tmf_0] (root,0,0,00:00:00/7-11:23:57,345) [scsi_eh_1] (root,0,0,00:00:00/7-11:23:57,346) [scsi_tmf_1] (root,0,0,00:00:13/7-11:23:54,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-11:23:54,367) [ext4-rsv-conver] (root,38604,7616,00:00:07/7-11:23:42,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/7-11:23:41,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:11/7-11:23:39,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/7-11:23:08,511) /sbin/auditd (messagebus,22932,5912,00:00:09/7-11:23:07,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:05/7-11:23:07,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/7-11:23:07,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/7-11:23:05,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/7-11:23:05,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,23800,00:00:08/7-11:22:51,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/7-11:22:51,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:46/7-11:22:51,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/7-11:22:51,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/7-11:22:51,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/7-11:22:51,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/7-11:22:51,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:07/7-11:22:51,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:02/7-11:22:51,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/7-11:22:51,1352) bpfilter_umh (root,26204,8212,00:00:01/7-11:22:51,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/7-11:22:51,1359) ntpd: asynchronous dns resolver (spot,290828,176908,09:08:38/7-11:22:50,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/7-11:22:50,1371) (sd-pam) (checkmk,48528,3192,00:00:00/7-11:22:50,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/7-11:22:50,1373) (sd-pam) (root,24216,5268,00:00:02/7-11:22:48,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/7-11:22:48,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/7-11:22:48,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/7-11:22:45,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:25/7-11:22:44,1527) sshd: syslogtunnel (root,617356,71808,00:09:55/7-11:22:42,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,44428,00:03:53/7-11:22:30,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/1-16:58:05,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/7-11:22:05,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:23/7-11:22:05,3218) sshd: cm-ssh (root,0,0,00:00:01/08:09:14,6969) [kworker/0:2-events] (root,0,0,00:00:00/00:10,8388) [kworker/3:0-ata_sff] (root,0,0,00:00:00/03:12:10,8452) [kworker/1:2-events] (root,6656,3488,00:00:00/00:00,9285) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,9303) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,9304) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/53:49,12808) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/06:29:52,14219) [kworker/0:1] (root,0,0,00:00:00/01:00:53,17990) [kworker/2:0-events] (root,0,0,00:00:01/05:34:12,18376) [kworker/2:2-events] (root,0,0,00:00:00/12:11,20009) [kworker/u8:2-writeback] (root,0,0,00:00:00/26:07,22475) [kworker/3:2-events] (root,0,0,00:00:00/06:08,27803) [kworker/1:1-events] (postfix,24244,8296,00:00:00/57:43,29149) pickup -l -t fifo -u (root,0,0,00:00:00/05:23,30114) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-17 22:12 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d63b3a50Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:09/5-12:20:56,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-12:20:56,2) [kthreadd] (root,0,0,00:00:00/5-12:20:56,3) [rcu_gp] (root,0,0,00:00:00/5-12:20:56,4) [rcu_par_gp] (root,0,0,00:00:00/5-12:20:56,5) [slub_flushwq] (root,0,0,00:00:00/5-12:20:56,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-12:20:56,9) [mm_percpu_wq] (root,0,0,00:00:00/5-12:20:56,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-12:20:56,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-12:20:56,12) [rcu_tasks_trace] (root,0,0,00:00:09/5-12:20:56,13) [ksoftirqd/0] (root,0,0,00:14:13/5-12:20:56,14) [rcu_preempt] (root,0,0,00:00:02/5-12:20:56,15) [migration/0] (root,0,0,00:00:00/5-12:20:56,16) [idle_inject/0] (root,0,0,00:00:00/5-12:20:56,18) [cpuhp/0] (root,0,0,00:00:00/5-12:20:56,19) [cpuhp/1] (root,0,0,00:00:00/5-12:20:56,20) [idle_inject/1] (root,0,0,00:00:02/5-12:20:56,21) [migration/1] (root,0,0,00:00:07/5-12:20:56,22) [ksoftirqd/1] (root,0,0,00:00:00/5-12:20:56,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-12:20:56,25) [cpuhp/2] (root,0,0,00:00:00/5-12:20:56,26) [idle_inject/2] (root,0,0,00:00:01/5-12:20:56,27) [migration/2] (root,0,0,00:09:19/5-12:20:56,28) [ksoftirqd/2] (root,0,0,00:00:00/5-12:20:56,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-12:20:56,31) [cpuhp/3] (root,0,0,00:00:00/5-12:20:56,32) [idle_inject/3] (root,0,0,00:00:02/5-12:20:56,33) [migration/3] (root,0,0,00:00:25/5-12:20:56,34) [ksoftirqd/3] (root,0,0,00:00:00/5-12:20:56,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-12:20:56,40) [kdevtmpfs] (root,0,0,00:00:00/5-12:20:56,41) [netns] (root,0,0,00:00:00/5-12:20:56,42) [inet_frag_wq] (root,0,0,00:00:00/5-12:20:56,43) [kauditd] (root,0,0,00:00:00/5-12:20:56,44) [khungtaskd] (root,0,0,00:00:00/5-12:20:56,45) [oom_reaper] (root,0,0,00:00:00/5-12:20:56,46) [writeback] (root,0,0,00:00:15/5-12:20:56,47) [kcompactd0] (root,0,0,00:00:00/5-12:20:56,48) [ksmd] (root,0,0,00:00:16/5-12:20:56,49) [khugepaged] (root,0,0,00:00:00/5-12:20:56,75) [kintegrityd] (root,0,0,00:00:00/5-12:20:56,76) [kblockd] (root,0,0,00:00:00/5-12:20:56,77) [blkcg_punt_bio] (root,0,0,00:00:00/5-12:20:56,79) [tpm_dev_wq] (root,0,0,00:00:00/5-12:20:56,80) [edac-poller] (root,0,0,00:00:00/5-12:20:56,81) [devfreq_wq] (root,0,0,00:00:00/5-12:20:56,110) [watchdogd] (root,0,0,00:00:00/5-12:20:56,111) [kswapd0] (root,0,0,00:00:01/5-12:20:56,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-12:20:54,115) [kthrotld] (root,0,0,00:00:00/5-12:20:54,116) [mld] (root,0,0,00:00:00/5-12:20:54,117) [ipv6_addrconf] (root,0,0,00:00:01/5-12:20:54,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-12:20:54,123) [kstrp] (root,0,0,00:00:00/5-12:20:54,124) [zswap-shrink] (root,0,0,00:00:00/5-12:20:54,125) [kworker/u9:0] (root,0,0,00:00:00/5-12:20:54,130) [charger_manager] (root,0,0,00:00:01/5-12:20:54,172) [kworker/1:1H-kblockd] (root,0,0,00:00:02/5-12:20:54,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/5-12:20:53,239) [kaluad] (root,0,0,00:00:00/5-12:20:53,258) [kmpath_rdacd] (root,0,0,00:00:00/5-12:20:53,304) [kmpathd] (root,0,0,00:00:00/5-12:20:53,305) [kmpath_handlerd] (root,0,0,00:00:00/5-12:20:52,342) [ata_sff] (root,0,0,00:00:00/5-12:20:52,343) [scsi_eh_0] (root,0,0,00:00:00/5-12:20:52,344) [scsi_tmf_0] (root,0,0,00:00:00/5-12:20:52,345) [scsi_eh_1] (root,0,0,00:00:00/5-12:20:52,346) [scsi_tmf_1] (root,0,0,00:00:09/5-12:20:49,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-12:20:49,367) [ext4-rsv-conver] (root,38604,7616,00:00:05/5-12:20:37,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/5-12:20:36,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:08/5-12:20:34,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/5-12:20:03,511) /sbin/auditd (messagebus,22932,5912,00:00:07/5-12:20:02,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:04/5-12:20:02,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/5-12:20:02,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/5-12:20:00,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/5-12:20:00,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,23628,00:00:06/5-12:19:46,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/5-12:19:46,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:34/5-12:19:46,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/5-12:19:46,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/5-12:19:46,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/5-12:19:46,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/5-12:19:46,1343) /usr/lib/systemd/systemd --user (root,448964,8616,00:00:06/5-12:19:46,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:44/5-12:19:46,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/5-12:19:46,1352) bpfilter_umh (root,26204,8212,00:00:01/5-12:19:46,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/5-12:19:46,1359) ntpd: asynchronous dns resolver (spot,212140,174620,06:17:23/5-12:19:45,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/5-12:19:45,1371) (sd-pam) (checkmk,48528,3192,00:00:00/5-12:19:45,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/5-12:19:45,1373) (sd-pam) (root,24216,5268,00:00:01/5-12:19:43,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/5-12:19:43,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/5-12:19:43,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/5-12:19:40,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:18/5-12:19:39,1527) sshd: syslogtunnel (root,617100,71504,00:07:10/5-12:19:37,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,43148,00:02:46/5-12:19:25,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/5-12:19:00,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:17/5-12:19:00,3218) sshd: cm-ssh (root,0,0,00:00:00/09:36,3337) [kworker/3:1-ata_sff] (root,0,0,00:00:00/09:09,4816) [kworker/u8:0-flush-253:0] (root,6656,3484,00:00:00/00:00,8206) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,8271) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,8272) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,8283) /bin/bash /usr/bin/check_mk_agent (root,6656,1820,00:00:00/00:00,8324) /bin/bash /usr/bin/check_mk_agent (root,6656,2012,00:00:00/00:00,8325) /bin/bash /usr/bin/check_mk_agent (root,4480,1172,00:00:00/00:00,8326) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,864,00:00:00/00:00,8327) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,700,00:00:00/00:00,8331) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3472,00:00:00/00:00,8347) /bin/bash /usr/bin/check_mk_agent (root,6656,476,00:00:00/00:00,8354) /bin/bash /usr/bin/check_mk_agent (root,6656,3476,00:00:00/00:00,8355) /bin/bash /usr/bin/check_mk_agent (root,13744,3504,00:00:00/00:00,8356) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,8357) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,6656,476,00:00:00/00:00,8361) /bin/bash /usr/bin/check_mk_agent (root,6656,468,00:00:00/00:00,8363) /bin/bash /usr/bin/check_mk_agent (root,2548,760,00:00:00/00:00,8364) head -n1 (root,6656,468,00:00:00/00:00,8365) /bin/bash /usr/bin/check_mk_agent (root,11644,964,00:00:00/00:00,8366) sed 1d (root,0,0,00:00:00/25:39,12853) [kworker/1:0-events] (postfix,24244,8228,00:00:00/35:29,15243) pickup -l -t fifo -u (root,0,0,00:00:00/01:54:23,18842) [kworker/0:0-events] (root,0,0,00:00:00/56:18,19687) [kworker/3:0-events] (root,0,0,00:00:01/04:39:32,20908) [kworker/2:1-events] (root,0,0,00:00:00/04:26,23268) [kworker/3:2-ata_sff] (root,0,0,00:00:00/14:36,24590) [kworker/0:2-events] (root,0,0,00:00:01/03:22:21,25521) [kworker/1:2-events] (root,0,0,00:00:00/09:14:09,28908) [kworker/u8:2-writeback] (root,0,0,00:00:00/01:21:31,31575) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-15 23:09 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c01d2e82Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:07/3-10:47:10,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-10:47:10,2) [kthreadd] (root,0,0,00:00:00/3-10:47:10,3) [rcu_gp] (root,0,0,00:00:00/3-10:47:10,4) [rcu_par_gp] (root,0,0,00:00:00/3-10:47:10,5) [slub_flushwq] (root,0,0,00:00:00/3-10:47:10,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-10:47:10,9) [mm_percpu_wq] (root,0,0,00:00:00/3-10:47:10,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-10:47:10,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-10:47:10,12) [rcu_tasks_trace] (root,0,0,00:00:05/3-10:47:10,13) [ksoftirqd/0] (root,0,0,00:08:49/3-10:47:10,14) [rcu_preempt] (root,0,0,00:00:01/3-10:47:10,15) [migration/0] (root,0,0,00:00:00/3-10:47:10,16) [idle_inject/0] (root,0,0,00:00:00/3-10:47:10,18) [cpuhp/0] (root,0,0,00:00:00/3-10:47:10,19) [cpuhp/1] (root,0,0,00:00:00/3-10:47:10,20) [idle_inject/1] (root,0,0,00:00:01/3-10:47:10,21) [migration/1] (root,0,0,00:00:04/3-10:47:10,22) [ksoftirqd/1] (root,0,0,00:00:00/3-10:47:10,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-10:47:10,25) [cpuhp/2] (root,0,0,00:00:00/3-10:47:10,26) [idle_inject/2] (root,0,0,00:00:01/3-10:47:10,27) [migration/2] (root,0,0,00:05:58/3-10:47:10,28) [ksoftirqd/2] (root,0,0,00:00:00/3-10:47:10,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-10:47:10,31) [cpuhp/3] (root,0,0,00:00:00/3-10:47:10,32) [idle_inject/3] (root,0,0,00:00:01/3-10:47:10,33) [migration/3] (root,0,0,00:00:16/3-10:47:10,34) [ksoftirqd/3] (root,0,0,00:00:00/3-10:47:10,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-10:47:10,40) [kdevtmpfs] (root,0,0,00:00:00/3-10:47:10,41) [netns] (root,0,0,00:00:00/3-10:47:10,42) [inet_frag_wq] (root,0,0,00:00:00/3-10:47:10,43) [kauditd] (root,0,0,00:00:00/3-10:47:10,44) [khungtaskd] (root,0,0,00:00:00/3-10:47:10,45) [oom_reaper] (root,0,0,00:00:00/3-10:47:10,46) [writeback] (root,0,0,00:00:09/3-10:47:10,47) [kcompactd0] (root,0,0,00:00:00/3-10:47:10,48) [ksmd] (root,0,0,00:00:10/3-10:47:10,49) [khugepaged] (root,0,0,00:00:00/3-10:47:10,75) [kintegrityd] (root,0,0,00:00:00/3-10:47:10,76) [kblockd] (root,0,0,00:00:00/3-10:47:10,77) [blkcg_punt_bio] (root,0,0,00:00:00/3-10:47:10,79) [tpm_dev_wq] (root,0,0,00:00:00/3-10:47:10,80) [edac-poller] (root,0,0,00:00:00/3-10:47:10,81) [devfreq_wq] (root,0,0,00:00:00/3-10:47:10,110) [watchdogd] (root,0,0,00:00:00/3-10:47:10,111) [kswapd0] (root,0,0,00:00:00/3-10:47:10,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-10:47:08,115) [kthrotld] (root,0,0,00:00:00/3-10:47:08,116) [mld] (root,0,0,00:00:00/3-10:47:08,117) [ipv6_addrconf] (root,0,0,00:00:00/3-10:47:08,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-10:47:08,123) [kstrp] (root,0,0,00:00:00/3-10:47:08,124) [zswap-shrink] (root,0,0,00:00:00/3-10:47:08,125) [kworker/u9:0] (root,0,0,00:00:00/3-10:47:08,130) [charger_manager] (root,0,0,00:00:00/3-10:47:08,172) [kworker/1:1H-kblockd] (root,0,0,00:00:01/3-10:47:08,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-10:47:07,239) [kaluad] (root,0,0,00:00:00/3-10:47:07,258) [kmpath_rdacd] (root,0,0,00:00:00/3-10:47:07,304) [kmpathd] (root,0,0,00:00:00/3-10:47:07,305) [kmpath_handlerd] (root,0,0,00:00:00/3-10:47:06,342) [ata_sff] (root,0,0,00:00:00/3-10:47:06,343) [scsi_eh_0] (root,0,0,00:00:00/3-10:47:06,344) [scsi_tmf_0] (root,0,0,00:00:00/3-10:47:06,345) [scsi_eh_1] (root,0,0,00:00:00/3-10:47:06,346) [scsi_tmf_1] (root,0,0,00:00:05/3-10:47:03,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-10:47:03,367) [ext4-rsv-conver] (root,38604,7616,00:00:03/3-10:46:51,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/3-10:46:50,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:05/3-10:46:48,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/3-10:46:17,511) /sbin/auditd (messagebus,22932,5912,00:00:04/3-10:46:16,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8356,00:00:02/3-10:46:16,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/3-10:46:16,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/3-10:46:14,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/3-10:46:14,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22784,00:00:04/3-10:46:00,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/3-10:46:00,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:21/3-10:46:00,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/3-10:46:00,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/3-10:46:00,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/3-10:46:00,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/3-10:46:00,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:04/3-10:46:00,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:27/3-10:46:00,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/3-10:46:00,1352) bpfilter_umh (root,26204,8212,00:00:00/3-10:46:00,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/3-10:46:00,1359) ntpd: asynchronous dns resolver (spot,206016,169208,04:00:00/3-10:45:59,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/3-10:45:59,1371) (sd-pam) (checkmk,48528,3192,00:00:00/3-10:45:59,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/3-10:45:59,1373) (sd-pam) (root,24216,5268,00:00:01/3-10:45:57,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/3-10:45:57,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/3-10:45:57,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/3-10:45:54,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:11/3-10:45:53,1527) sshd: syslogtunnel (root,615564,69916,00:04:30/3-10:45:51,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41868,00:01:47/3-10:45:39,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/06:13:51,2276) [kworker/1:2-events] (root,35308,10108,00:00:00/3-10:45:14,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:10/3-10:45:14,3218) sshd: cm-ssh (root,0,0,00:00:01/05:57:48,5266) [kworker/2:1-events] (root,0,0,00:00:00/01:05,7755) [kworker/3:1-ata_sff] (postfix,24244,8264,00:00:00/01:03:43,8312) pickup -l -t fifo -u (root,6656,3492,00:00:00/00:00,10621) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,10635) /bin/bash /usr/bin/check_mk_agent (root,13744,3372,00:00:00/00:00,10660) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,10661) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:11:30,11441) [kworker/0:2-events] (root,0,0,00:00:00/02:06:29,13615) [kworker/2:2] (root,0,0,00:00:00/06:16,15073) [kworker/3:0-events] (root,0,0,00:00:00/05:48,16927) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/12:44,22015) [kworker/u8:1-flush-253:0] (root,0,0,00:00:02/15:51:04,28478) [kworker/0:0-events] (root,0,0,00:00:00/02:39:39,29026) [kworker/1:0] (root,0,0,00:00:00/58:08,31162) [kworker/3:2-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-13 21:35 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683630014da3aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:04/1-14:20:16,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-14:20:16,2) [kthreadd] (root,0,0,00:00:00/1-14:20:16,3) [rcu_gp] (root,0,0,00:00:00/1-14:20:16,4) [rcu_par_gp] (root,0,0,00:00:00/1-14:20:16,5) [slub_flushwq] (root,0,0,00:00:00/1-14:20:16,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-14:20:16,9) [mm_percpu_wq] (root,0,0,00:00:00/1-14:20:16,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-14:20:16,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-14:20:16,12) [rcu_tasks_trace] (root,0,0,00:00:03/1-14:20:16,13) [ksoftirqd/0] (root,0,0,00:04:14/1-14:20:16,14) [rcu_preempt] (root,0,0,00:00:00/1-14:20:16,15) [migration/0] (root,0,0,00:00:00/1-14:20:16,16) [idle_inject/0] (root,0,0,00:00:00/1-14:20:16,18) [cpuhp/0] (root,0,0,00:00:00/1-14:20:16,19) [cpuhp/1] (root,0,0,00:00:00/1-14:20:16,20) [idle_inject/1] (root,0,0,00:00:00/1-14:20:16,21) [migration/1] (root,0,0,00:00:02/1-14:20:16,22) [ksoftirqd/1] (root,0,0,00:00:00/1-14:20:16,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-14:20:16,25) [cpuhp/2] (root,0,0,00:00:00/1-14:20:16,26) [idle_inject/2] (root,0,0,00:00:00/1-14:20:16,27) [migration/2] (root,0,0,00:02:47/1-14:20:16,28) [ksoftirqd/2] (root,0,0,00:00:00/1-14:20:16,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-14:20:16,31) [cpuhp/3] (root,0,0,00:00:00/1-14:20:16,32) [idle_inject/3] (root,0,0,00:00:00/1-14:20:16,33) [migration/3] (root,0,0,00:00:09/1-14:20:16,34) [ksoftirqd/3] (root,0,0,00:00:00/1-14:20:16,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-14:20:16,40) [kdevtmpfs] (root,0,0,00:00:00/1-14:20:16,41) [netns] (root,0,0,00:00:00/1-14:20:16,42) [inet_frag_wq] (root,0,0,00:00:00/1-14:20:16,43) [kauditd] (root,0,0,00:00:00/1-14:20:16,44) [khungtaskd] (root,0,0,00:00:00/1-14:20:16,45) [oom_reaper] (root,0,0,00:00:00/1-14:20:16,46) [writeback] (root,0,0,00:00:04/1-14:20:16,47) [kcompactd0] (root,0,0,00:00:00/1-14:20:16,48) [ksmd] (root,0,0,00:00:05/1-14:20:16,49) [khugepaged] (root,0,0,00:00:00/1-14:20:16,75) [kintegrityd] (root,0,0,00:00:00/1-14:20:16,76) [kblockd] (root,0,0,00:00:00/1-14:20:16,77) [blkcg_punt_bio] (root,0,0,00:00:00/1-14:20:16,79) [tpm_dev_wq] (root,0,0,00:00:00/1-14:20:16,80) [edac-poller] (root,0,0,00:00:00/1-14:20:16,81) [devfreq_wq] (root,0,0,00:00:00/1-14:20:16,110) [watchdogd] (root,0,0,00:00:00/1-14:20:16,111) [kswapd0] (root,0,0,00:00:00/1-14:20:16,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-14:20:14,115) [kthrotld] (root,0,0,00:00:00/1-14:20:14,116) [mld] (root,0,0,00:00:00/1-14:20:14,117) [ipv6_addrconf] (root,0,0,00:00:00/1-14:20:14,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-14:20:14,123) [kstrp] (root,0,0,00:00:00/1-14:20:14,124) [zswap-shrink] (root,0,0,00:00:00/1-14:20:14,125) [kworker/u9:0] (root,0,0,00:00:00/1-14:20:14,130) [charger_manager] (root,0,0,00:00:00/1-14:20:14,172) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-14:20:14,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-14:20:13,239) [kaluad] (root,0,0,00:00:00/1-14:20:13,258) [kmpath_rdacd] (root,0,0,00:00:00/1-14:20:13,304) [kmpathd] (root,0,0,00:00:00/1-14:20:13,305) [kmpath_handlerd] (root,0,0,00:00:00/1-14:20:12,342) [ata_sff] (root,0,0,00:00:00/1-14:20:12,343) [scsi_eh_0] (root,0,0,00:00:00/1-14:20:12,344) [scsi_tmf_0] (root,0,0,00:00:00/1-14:20:12,345) [scsi_eh_1] (root,0,0,00:00:00/1-14:20:12,346) [scsi_tmf_1] (root,0,0,00:00:02/1-14:20:09,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-14:20:09,367) [ext4-rsv-conver] (root,38604,7616,00:00:01/1-14:19:57,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/1-14:19:56,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:02/1-14:19:54,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/1-14:19:23,511) /sbin/auditd (messagebus,22932,5912,00:00:02/1-14:19:22,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:01/1-14:19:22,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/1-14:19:22,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/1-14:19:20,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/1-14:19:20,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22256,00:00:02/1-14:19:06,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/1-14:19:06,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:10/1-14:19:06,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/1-14:19:06,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/1-14:19:06,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/1-14:19:06,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/1-14:19:06,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:02/1-14:19:06,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:13/1-14:19:06,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/1-14:19:06,1352) bpfilter_umh (root,26204,8212,00:00:00/1-14:19:06,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/1-14:19:06,1359) ntpd: asynchronous dns resolver (spot,205180,168012,02:03:40/1-14:19:05,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/1-14:19:05,1371) (sd-pam) (checkmk,48528,3192,00:00:00/1-14:19:05,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/1-14:19:05,1373) (sd-pam) (root,24216,5268,00:00:00/1-14:19:03,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/1-14:19:03,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/1-14:19:03,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/1-14:19:00,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:05/1-14:18:59,1527) sshd: syslogtunnel (root,615564,69636,00:02:10/1-14:18:57,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/02:13:26,1585) [kworker/u8:0-writeback] (root,0,0,00:00:00/21:42,1941) [kworker/3:0-events_freezable_power_] (spot,206272,41356,00:00:51/1-14:18:45,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/1-14:18:20,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:05/1-14:18:20,3218) sshd: cm-ssh (root,0,0,00:00:00/06:09,5220) [kworker/3:2-ata_sff] (postfix,24244,8204,00:00:00/01:38:38,5964) pickup -l -t fifo -u (root,0,0,00:00:00/01:56:19,11820) [kworker/2:2-events] (root,0,0,00:00:00/02:29:38,17596) [kworker/0:0-events] (root,0,0,00:00:00/00:56,21096) [kworker/3:1-ata_sff] (root,6656,3476,00:00:00/00:00,22652) /bin/bash /usr/bin/check_mk_agent (root,13744,3524,00:00:00/00:00,22670) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,22671) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/03:28:55,22963) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:09/08:19:38,25188) [kworker/1:2-events] (root,0,0,00:00:00/01:12:22,27435) [kworker/2:0-events] (root,0,0,00:00:00/48:53,27675) [kworker/1:1] (root,0,0,00:00:01/05:36:07,31079) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-12 01:09 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b70c2007Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12528,00:00:04/1-08:38:54,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-08:38:54,2) [kthreadd] (root,0,0,00:00:00/1-08:38:54,3) [rcu_gp] (root,0,0,00:00:00/1-08:38:54,4) [rcu_par_gp] (root,0,0,00:00:00/1-08:38:54,5) [slub_flushwq] (root,0,0,00:00:00/1-08:38:54,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-08:38:54,9) [mm_percpu_wq] (root,0,0,00:00:00/1-08:38:54,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-08:38:54,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-08:38:54,12) [rcu_tasks_trace] (root,0,0,00:00:02/1-08:38:54,13) [ksoftirqd/0] (root,0,0,00:03:37/1-08:38:54,14) [rcu_preempt] (root,0,0,00:00:00/1-08:38:54,15) [migration/0] (root,0,0,00:00:00/1-08:38:54,16) [idle_inject/0] (root,0,0,00:00:00/1-08:38:54,18) [cpuhp/0] (root,0,0,00:00:00/1-08:38:54,19) [cpuhp/1] (root,0,0,00:00:00/1-08:38:54,20) [idle_inject/1] (root,0,0,00:00:00/1-08:38:54,21) [migration/1] (root,0,0,00:00:01/1-08:38:54,22) [ksoftirqd/1] (root,0,0,00:00:00/1-08:38:54,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-08:38:54,25) [cpuhp/2] (root,0,0,00:00:00/1-08:38:54,26) [idle_inject/2] (root,0,0,00:00:00/1-08:38:54,27) [migration/2] (root,0,0,00:02:20/1-08:38:54,28) [ksoftirqd/2] (root,0,0,00:00:00/1-08:38:54,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-08:38:54,31) [cpuhp/3] (root,0,0,00:00:00/1-08:38:54,32) [idle_inject/3] (root,0,0,00:00:00/1-08:38:54,33) [migration/3] (root,0,0,00:00:07/1-08:38:54,34) [ksoftirqd/3] (root,0,0,00:00:00/1-08:38:54,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-08:38:54,40) [kdevtmpfs] (root,0,0,00:00:00/1-08:38:54,41) [netns] (root,0,0,00:00:00/1-08:38:54,42) [inet_frag_wq] (root,0,0,00:00:00/1-08:38:54,43) [kauditd] (root,0,0,00:00:00/1-08:38:54,44) [khungtaskd] (root,0,0,00:00:00/1-08:38:54,45) [oom_reaper] (root,0,0,00:00:00/1-08:38:54,46) [writeback] (root,0,0,00:00:04/1-08:38:54,47) [kcompactd0] (root,0,0,00:00:00/1-08:38:54,48) [ksmd] (root,0,0,00:00:04/1-08:38:54,49) [khugepaged] (root,0,0,00:00:00/1-08:38:54,75) [kintegrityd] (root,0,0,00:00:00/1-08:38:54,76) [kblockd] (root,0,0,00:00:00/1-08:38:54,77) [blkcg_punt_bio] (root,0,0,00:00:00/1-08:38:54,79) [tpm_dev_wq] (root,0,0,00:00:00/1-08:38:54,80) [edac-poller] (root,0,0,00:00:00/1-08:38:54,81) [devfreq_wq] (root,0,0,00:00:00/1-08:38:54,110) [watchdogd] (root,0,0,00:00:00/1-08:38:54,111) [kswapd0] (root,0,0,00:00:00/1-08:38:54,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-08:38:52,115) [kthrotld] (root,0,0,00:00:00/1-08:38:52,116) [mld] (root,0,0,00:00:00/1-08:38:52,117) [ipv6_addrconf] (root,0,0,00:00:00/1-08:38:52,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-08:38:52,123) [kstrp] (root,0,0,00:00:00/1-08:38:52,124) [zswap-shrink] (root,0,0,00:00:00/1-08:38:52,125) [kworker/u9:0] (root,0,0,00:00:00/1-08:38:52,130) [charger_manager] (root,0,0,00:00:00/1-08:38:52,172) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-08:38:52,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-08:38:51,239) [kaluad] (root,0,0,00:00:00/1-08:38:51,258) [kmpath_rdacd] (root,0,0,00:00:00/1-08:38:51,304) [kmpathd] (root,0,0,00:00:00/1-08:38:51,305) [kmpath_handlerd] (root,0,0,00:00:00/1-08:38:50,342) [ata_sff] (root,0,0,00:00:00/1-08:38:50,343) [scsi_eh_0] (root,0,0,00:00:00/1-08:38:50,344) [scsi_tmf_0] (root,0,0,00:00:00/1-08:38:50,345) [scsi_eh_1] (root,0,0,00:00:00/1-08:38:50,346) [scsi_tmf_1] (root,0,0,00:00:02/1-08:38:47,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-08:38:47,367) [ext4-rsv-conver] (root,38604,7616,00:00:01/1-08:38:35,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/1-08:38:34,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:02/1-08:38:32,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/1-08:38:01,511) /sbin/auditd (messagebus,22932,5912,00:00:02/1-08:38:00,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8328,00:00:01/1-08:38:00,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/1-08:38:00,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/1-08:37:58,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/1-08:37:58,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22256,00:00:01/1-08:37:44,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/1-08:37:44,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:07/1-08:37:44,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/1-08:37:44,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/1-08:37:44,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/1-08:37:44,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/1-08:37:44,1343) /usr/lib/systemd/systemd --user (root,448724,7512,00:00:01/1-08:37:44,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:11/1-08:37:44,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/1-08:37:44,1352) bpfilter_umh (root,26204,8212,00:00:00/1-08:37:44,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/1-08:37:44,1359) ntpd: asynchronous dns resolver (spot,204684,167852,01:54:06/1-08:37:43,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/1-08:37:43,1371) (sd-pam) (checkmk,48528,3192,00:00:00/1-08:37:43,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/1-08:37:43,1373) (sd-pam) (root,24216,5268,00:00:00/1-08:37:41,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/1-08:37:41,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/1-08:37:41,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/1-08:37:38,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:04/1-08:37:37,1527) sshd: syslogtunnel (root,615564,69612,00:01:51/1-08:37:35,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41328,00:00:47/1-08:37:23,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/1-08:36:58,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:04/1-08:36:58,3218) sshd: cm-ssh (root,0,0,00:00:00/02:04:41,9637) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/16:16,13315) [kworker/2:0-events] (root,0,0,00:00:00/02:59:51,14644) [kworker/2:1-events] (root,0,0,00:00:01/08:49:07,16015) [kworker/0:0-events] (root,0,0,00:00:00/07:12,17858) [kworker/3:0-ata_sff] (postfix,24244,8176,00:00:00/57:24,20950) pickup -l -t fifo -u (root,0,0,00:00:00/02:00,23298) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:45:47,23424) [kworker/3:1-events] (root,0,0,00:00:02/02:38:16,25188) [kworker/1:2-events] (root,0,0,00:00:00/49:05,25538) [kworker/1:1] (root,6656,3488,00:00:00/00:00,25810) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,25828) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,25829) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/04:43:15,31401) [kworker/0:2-events] (root,0,0,00:00:00/01:32:03,32755) [kworker/u8:1-writeback] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-11 19:27
Domain summary
No record