Host 141.9.40.245
Germany
Verein zur Foerderung eines Deutschen Forschungsnetzes e.V.
-
CheckMK monitoring endpoint publicly available
An open CheckMK agent is publicly available.
This could leak sensitive information such as :
- Process list ( maybe credentials )
- Network interfaces
- Running services
- Firewall rules
- Internal OS configuration
https://docs.checkmk.com/latest/en/wato_monitoringagents.html
First seen 2024-09-09 17:01
Last seen 2024-12-22 00:59
Open for 103 days-
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d1fbeb3cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12584,00:01:36/39-14:37:19,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-14:37:19,2) [kthreadd] (root,0,0,00:00:00/39-14:37:19,3) [rcu_gp] (root,0,0,00:00:00/39-14:37:19,4) [rcu_par_gp] (root,0,0,00:00:00/39-14:37:19,5) [slub_flushwq] (root,0,0,00:00:00/39-14:37:19,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-14:37:19,9) [mm_percpu_wq] (root,0,0,00:00:00/39-14:37:19,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-14:37:19,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-14:37:19,12) [rcu_tasks_trace] (root,0,0,00:01:15/39-14:37:19,13) [ksoftirqd/0] (root,0,0,01:45:18/39-14:37:19,14) [rcu_preempt] (root,0,0,00:00:15/39-14:37:19,15) [migration/0] (root,0,0,00:00:00/39-14:37:19,16) [idle_inject/0] (root,0,0,00:00:00/39-14:37:19,18) [cpuhp/0] (root,0,0,00:00:00/39-14:37:19,19) [cpuhp/1] (root,0,0,00:00:00/39-14:37:19,20) [idle_inject/1] (root,0,0,00:00:15/39-14:37:19,21) [migration/1] (root,0,0,00:01:05/39-14:37:19,22) [ksoftirqd/1] (root,0,0,00:00:00/39-14:37:19,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-14:37:19,25) [cpuhp/2] (root,0,0,00:00:00/39-14:37:19,26) [idle_inject/2] (root,0,0,00:00:12/39-14:37:19,27) [migration/2] (root,0,0,01:14:06/39-14:37:19,28) [ksoftirqd/2] (root,0,0,00:00:00/39-14:37:19,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-14:37:19,31) [cpuhp/3] (root,0,0,00:00:00/39-14:37:19,32) [idle_inject/3] (root,0,0,00:00:14/39-14:37:19,33) [migration/3] (root,0,0,00:03:31/39-14:37:19,34) [ksoftirqd/3] (root,0,0,00:00:00/39-14:37:19,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-14:37:19,39) [kdevtmpfs] (root,0,0,00:00:00/39-14:37:19,40) [netns] (root,0,0,00:00:00/39-14:37:19,41) [inet_frag_wq] (root,0,0,00:00:09/39-14:37:19,42) [kauditd] (root,0,0,00:00:00/39-14:37:19,43) [khungtaskd] (root,0,0,00:00:00/39-14:37:19,44) [oom_reaper] (root,0,0,00:00:00/39-14:37:19,45) [writeback] (root,0,0,00:01:56/39-14:37:19,46) [kcompactd0] (root,0,0,00:00:00/39-14:37:19,47) [ksmd] (root,0,0,00:01:57/39-14:37:19,48) [khugepaged] (root,0,0,00:00:00/39-14:37:19,74) [kintegrityd] (root,0,0,00:00:00/39-14:37:19,75) [kblockd] (root,0,0,00:00:00/39-14:37:19,76) [blkcg_punt_bio] (root,0,0,00:00:00/39-14:37:19,78) [tpm_dev_wq] (root,0,0,00:00:00/39-14:37:19,79) [edac-poller] (root,0,0,00:00:00/39-14:37:19,80) [devfreq_wq] (root,0,0,00:00:00/39-14:37:19,110) [watchdogd] (root,0,0,00:00:08/39-14:37:19,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/39-14:37:19,112) [kswapd0] (root,0,0,00:00:00/39-14:37:18,114) [kthrotld] (root,0,0,00:00:00/39-14:37:18,115) [mld] (root,0,0,00:00:00/39-14:37:18,116) [ipv6_addrconf] (root,0,0,00:00:17/39-14:37:18,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/39-14:37:18,122) [kstrp] (root,0,0,00:00:00/39-14:37:18,123) [zswap-shrink] (root,0,0,00:00:00/39-14:37:18,124) [kworker/u9:0] (root,0,0,00:00:00/39-14:37:18,129) [charger_manager] (root,0,0,00:00:08/39-14:37:17,172) [kworker/3:1H-kblockd] (root,0,0,00:00:09/39-14:37:17,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-14:37:17,205) [kaluad] (root,0,0,00:00:00/39-14:37:17,250) [kmpath_rdacd] (root,0,0,00:00:00/39-14:37:17,293) [kmpathd] (root,0,0,00:00:00/39-14:37:17,294) [kmpath_handlerd] (root,0,0,00:00:00/39-14:37:17,342) [ata_sff] (root,0,0,00:00:00/39-14:37:16,343) [scsi_eh_0] (root,0,0,00:00:00/39-14:37:16,344) [scsi_tmf_0] (root,0,0,00:00:00/39-14:37:16,345) [scsi_eh_1] (root,0,0,00:00:00/39-14:37:16,346) [scsi_tmf_1] (root,0,0,00:01:05/39-14:37:14,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-14:37:14,367) [ext4-rsv-conver] (root,38604,7788,00:00:54/39-14:37:02,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/39-14:37:01,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:59/39-14:36:59,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:19/39-14:36:25,512) /sbin/auditd (messagebus,22936,5548,00:01:45/39-14:36:25,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:01:01/39-14:36:25,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/39-14:36:25,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/39-14:36:24,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/39-14:36:24,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:44/39-14:36:10,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/39-14:36:10,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:45/39-14:36:09,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/39-14:36:09,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/39-14:36:09,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/39-14:36:09,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/39-14:36:09,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:50/39-14:36:09,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:23/39-14:36:09,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/39-14:36:09,1206) bpfilter_umh (root,26204,8212,00:00:16/39-14:36:09,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/39-14:36:09,1215) ntpd: asynchronous dns resolver (spot,299392,183072,2-02:58:45/39-14:36:09,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/39-14:36:08,1228) (sd-pam) (checkmk,48532,3192,00:00:00/39-14:36:08,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/39-14:36:08,1245) (sd-pam) (root,24216,5344,00:00:13/39-14:36:07,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/39-14:36:07,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/39-14:36:06,1354) /usr/sbin/cron -n (root,698484,82656,00:51:44/39-14:36:00,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,66924,00:17:03/39-14:35:46,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/02:00:08,2674) [kworker/0:2-events] (root,0,0,00:00:00/40:49,5528) [kworker/1:2-events] (root,0,0,00:00:00/06:36,7221) [kworker/3:0-events] (root,6764,3516,00:00:00/00:00,8236) /bin/bash /usr/bin/check_mk_agent (root,6656,3472,00:00:00/00:00,8456) /bin/bash /usr/bin/check_mk_agent (root,13744,3412,00:00:00/00:00,8495) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,8496) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:34:24,9266) [kworker/u8:0-writeback] (root,0,0,00:00:00/02:37,10883) [kworker/0:1] (root,0,0,00:00:00/25:37,12385) [kworker/0:0-cgroup_destroy] (postfix,24244,8292,00:00:00/04:38,13685) pickup -l -t fifo -u (root,0,0,00:00:00/02:08:10,15256) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/33-12:27:02,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:51/33-12:27:01,15391) sshd: cm-ssh (root,0,0,00:00:00/04:30,15706) [kworker/1:1-ata_sff] (root,35308,10072,00:00:00/23-13:55:40,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:22/23-13:55:39,16977) sshd: syslogtunnel (root,0,0,00:00:00/45:38,19043) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/13:00,24965) [kworker/2:0-events] (root,0,0,00:00:00/21:31,29419) [kworker/2:2-cgroup_destroy] (postfix,44628,9272,00:00:01/33-19:12:47,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/09:43,31013) [kworker/1:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-22 00:59 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836387dce4d7Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:26/37-14:13:31,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-14:13:31,2) [kthreadd] (root,0,0,00:00:00/37-14:13:31,3) [rcu_gp] (root,0,0,00:00:00/37-14:13:31,4) [rcu_par_gp] (root,0,0,00:00:00/37-14:13:31,5) [slub_flushwq] (root,0,0,00:00:00/37-14:13:31,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-14:13:31,9) [mm_percpu_wq] (root,0,0,00:00:00/37-14:13:31,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-14:13:31,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-14:13:31,12) [rcu_tasks_trace] (root,0,0,00:01:09/37-14:13:31,13) [ksoftirqd/0] (root,0,0,01:39:43/37-14:13:31,14) [rcu_preempt] (root,0,0,00:00:14/37-14:13:31,15) [migration/0] (root,0,0,00:00:00/37-14:13:31,16) [idle_inject/0] (root,0,0,00:00:00/37-14:13:31,18) [cpuhp/0] (root,0,0,00:00:00/37-14:13:31,19) [cpuhp/1] (root,0,0,00:00:00/37-14:13:31,20) [idle_inject/1] (root,0,0,00:00:14/37-14:13:31,21) [migration/1] (root,0,0,00:01:01/37-14:13:31,22) [ksoftirqd/1] (root,0,0,00:00:00/37-14:13:31,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-14:13:31,25) [cpuhp/2] (root,0,0,00:00:00/37-14:13:31,26) [idle_inject/2] (root,0,0,00:00:11/37-14:13:31,27) [migration/2] (root,0,0,01:10:41/37-14:13:31,28) [ksoftirqd/2] (root,0,0,00:00:00/37-14:13:31,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-14:13:31,31) [cpuhp/3] (root,0,0,00:00:00/37-14:13:31,32) [idle_inject/3] (root,0,0,00:00:14/37-14:13:31,33) [migration/3] (root,0,0,00:03:20/37-14:13:31,34) [ksoftirqd/3] (root,0,0,00:00:00/37-14:13:31,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-14:13:31,39) [kdevtmpfs] (root,0,0,00:00:00/37-14:13:31,40) [netns] (root,0,0,00:00:00/37-14:13:31,41) [inet_frag_wq] (root,0,0,00:00:08/37-14:13:31,42) [kauditd] (root,0,0,00:00:00/37-14:13:31,43) [khungtaskd] (root,0,0,00:00:00/37-14:13:31,44) [oom_reaper] (root,0,0,00:00:00/37-14:13:31,45) [writeback] (root,0,0,00:01:50/37-14:13:31,46) [kcompactd0] (root,0,0,00:00:00/37-14:13:31,47) [ksmd] (root,0,0,00:01:50/37-14:13:31,48) [khugepaged] (root,0,0,00:00:00/37-14:13:31,74) [kintegrityd] (root,0,0,00:00:00/37-14:13:31,75) [kblockd] (root,0,0,00:00:00/37-14:13:31,76) [blkcg_punt_bio] (root,0,0,00:00:00/37-14:13:31,78) [tpm_dev_wq] (root,0,0,00:00:00/37-14:13:31,79) [edac-poller] (root,0,0,00:00:00/37-14:13:31,80) [devfreq_wq] (root,0,0,00:00:00/37-14:13:31,110) [watchdogd] (root,0,0,00:00:07/37-14:13:31,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/37-14:13:31,112) [kswapd0] (root,0,0,00:00:00/37-14:13:30,114) [kthrotld] (root,0,0,00:00:00/37-14:13:30,115) [mld] (root,0,0,00:00:00/37-14:13:30,116) [ipv6_addrconf] (root,0,0,00:00:16/37-14:13:30,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/37-14:13:30,122) [kstrp] (root,0,0,00:00:00/37-14:13:30,123) [zswap-shrink] (root,0,0,00:00:00/37-14:13:30,124) [kworker/u9:0] (root,0,0,00:00:00/37-14:13:30,129) [charger_manager] (root,0,0,00:00:08/37-14:13:29,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/37-14:13:29,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-14:13:29,205) [kaluad] (root,0,0,00:00:00/37-14:13:29,250) [kmpath_rdacd] (root,0,0,00:00:00/37-14:13:29,293) [kmpathd] (root,0,0,00:00:00/37-14:13:29,294) [kmpath_handlerd] (root,0,0,00:00:00/37-14:13:29,342) [ata_sff] (root,0,0,00:00:00/37-14:13:28,343) [scsi_eh_0] (root,0,0,00:00:00/37-14:13:28,344) [scsi_tmf_0] (root,0,0,00:00:00/37-14:13:28,345) [scsi_eh_1] (root,0,0,00:00:00/37-14:13:28,346) [scsi_tmf_1] (root,0,0,00:01:01/37-14:13:26,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-14:13:26,367) [ext4-rsv-conver] (root,38604,7788,00:00:48/37-14:13:14,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/37-14:13:13,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:56/37-14:13:11,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:17/37-14:12:37,512) /sbin/auditd (messagebus,22936,5548,00:01:32/37-14:12:37,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:54/37-14:12:37,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/37-14:12:37,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/37-14:12:36,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/37-14:12:36,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:42/37-14:12:22,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/37-14:12:22,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:32/37-14:12:21,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/37-14:12:21,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/37-14:12:21,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/37-14:12:21,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/37-14:12:21,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:46/37-14:12:21,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:06/37-14:12:21,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/37-14:12:21,1206) bpfilter_umh (root,26204,8212,00:00:14/37-14:12:21,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/37-14:12:21,1215) ntpd: asynchronous dns resolver (spot,296464,182160,1-23:14:31/37-14:12:21,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/37-14:12:20,1228) (sd-pam) (checkmk,48532,3192,00:00:00/37-14:12:20,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/37-14:12:20,1245) (sd-pam) (root,24216,5344,00:00:12/37-14:12:19,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/37-14:12:19,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/37-14:12:18,1354) /usr/sbin/cron -n (root,698484,82412,00:49:06/37-14:12:12,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66044,00:16:09/37-14:11:58,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/13:07,2838) [kworker/3:1-events] (postfix,24244,8276,00:00:00/02:48,2990) pickup -l -t fifo -u (root,0,0,00:00:00/02:48,2994) [kworker/3:0-events] (root,0,0,00:00:00/01:47,4338) [kworker/1:2-ata_sff] (root,0,0,00:00:00/00:41,8515) [kworker/2:0] (root,0,0,00:00:00/11:01,10180) [kworker/2:2-cgroup_destroy] (root,6656,3492,00:00:00/00:00,10783) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,10801) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,10802) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10012,00:00:00/31-12:03:14,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:44/31-12:03:13,15391) sshd: cm-ssh (root,0,0,00:00:00/20:13,16397) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10072,00:00:00/21-13:31:52,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:14/21-13:31:51,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:55:33,17446) [kworker/0:2-events] (root,0,0,00:00:00/19:14,18386) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/01:04:03,21022) [kworker/1:1-events] (root,0,0,00:00:00/06:58,21821) [kworker/1:0-ata_sff] (root,0,0,00:00:00/29:27,26953) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/05:12,27235) [kworker/u8:2-writeback] (postfix,44628,9272,00:00:01/31-18:48:59,30472) tlsmgr -l -t unix -u (root,0,0,00:00:02/01:59:33,32596) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-20 00:35 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683631d89671bFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:22/35-15:26:42,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/35-15:26:42,2) [kthreadd] (root,0,0,00:00:00/35-15:26:42,3) [rcu_gp] (root,0,0,00:00:00/35-15:26:42,4) [rcu_par_gp] (root,0,0,00:00:00/35-15:26:42,5) [slub_flushwq] (root,0,0,00:00:00/35-15:26:42,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-15:26:42,9) [mm_percpu_wq] (root,0,0,00:00:00/35-15:26:42,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-15:26:42,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-15:26:42,12) [rcu_tasks_trace] (root,0,0,00:01:05/35-15:26:42,13) [ksoftirqd/0] (root,0,0,01:34:31/35-15:26:42,14) [rcu_preempt] (root,0,0,00:00:13/35-15:26:42,15) [migration/0] (root,0,0,00:00:00/35-15:26:42,16) [idle_inject/0] (root,0,0,00:00:00/35-15:26:42,18) [cpuhp/0] (root,0,0,00:00:00/35-15:26:42,19) [cpuhp/1] (root,0,0,00:00:00/35-15:26:42,20) [idle_inject/1] (root,0,0,00:00:14/35-15:26:42,21) [migration/1] (root,0,0,00:00:57/35-15:26:42,22) [ksoftirqd/1] (root,0,0,00:00:00/35-15:26:42,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-15:26:42,25) [cpuhp/2] (root,0,0,00:00:00/35-15:26:42,26) [idle_inject/2] (root,0,0,00:00:11/35-15:26:42,27) [migration/2] (root,0,0,01:07:42/35-15:26:42,28) [ksoftirqd/2] (root,0,0,00:00:00/35-15:26:42,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-15:26:42,31) [cpuhp/3] (root,0,0,00:00:00/35-15:26:42,32) [idle_inject/3] (root,0,0,00:00:13/35-15:26:42,33) [migration/3] (root,0,0,00:03:11/35-15:26:42,34) [ksoftirqd/3] (root,0,0,00:00:00/35-15:26:42,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-15:26:42,39) [kdevtmpfs] (root,0,0,00:00:00/35-15:26:42,40) [netns] (root,0,0,00:00:00/35-15:26:42,41) [inet_frag_wq] (root,0,0,00:00:07/35-15:26:42,42) [kauditd] (root,0,0,00:00:00/35-15:26:42,43) [khungtaskd] (root,0,0,00:00:00/35-15:26:42,44) [oom_reaper] (root,0,0,00:00:00/35-15:26:42,45) [writeback] (root,0,0,00:01:45/35-15:26:42,46) [kcompactd0] (root,0,0,00:00:00/35-15:26:42,47) [ksmd] (root,0,0,00:01:43/35-15:26:42,48) [khugepaged] (root,0,0,00:00:00/35-15:26:42,74) [kintegrityd] (root,0,0,00:00:00/35-15:26:42,75) [kblockd] (root,0,0,00:00:00/35-15:26:42,76) [blkcg_punt_bio] (root,0,0,00:00:00/35-15:26:42,78) [tpm_dev_wq] (root,0,0,00:00:00/35-15:26:42,79) [edac-poller] (root,0,0,00:00:00/35-15:26:42,80) [devfreq_wq] (root,0,0,00:00:00/35-15:26:42,110) [watchdogd] (root,0,0,00:00:07/35-15:26:42,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/35-15:26:42,112) [kswapd0] (root,0,0,00:00:00/35-15:26:41,114) [kthrotld] (root,0,0,00:00:00/35-15:26:41,115) [mld] (root,0,0,00:00:00/35-15:26:41,116) [ipv6_addrconf] (root,0,0,00:00:15/35-15:26:41,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/35-15:26:41,122) [kstrp] (root,0,0,00:00:00/35-15:26:41,123) [zswap-shrink] (root,0,0,00:00:00/35-15:26:41,124) [kworker/u9:0] (root,0,0,00:00:00/35-15:26:41,129) [charger_manager] (root,0,0,00:00:07/35-15:26:40,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/35-15:26:40,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-15:26:40,205) [kaluad] (root,0,0,00:00:00/35-15:26:40,250) [kmpath_rdacd] (root,0,0,00:00:00/35-15:26:40,293) [kmpathd] (root,0,0,00:00:00/35-15:26:40,294) [kmpath_handlerd] (root,0,0,00:00:00/35-15:26:40,342) [ata_sff] (root,0,0,00:00:00/35-15:26:39,343) [scsi_eh_0] (root,0,0,00:00:00/35-15:26:39,344) [scsi_tmf_0] (root,0,0,00:00:00/35-15:26:39,345) [scsi_eh_1] (root,0,0,00:00:00/35-15:26:39,346) [scsi_tmf_1] (root,0,0,00:00:58/35-15:26:37,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-15:26:37,367) [ext4-rsv-conver] (root,38604,7788,00:00:46/35-15:26:25,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/35-15:26:24,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:53/35-15:26:22,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/35-15:25:48,512) /sbin/auditd (messagebus,22936,5548,00:01:28/35-15:25:48,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:51/35-15:25:48,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/35-15:25:48,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/35-15:25:47,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/35-15:25:47,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32960,00:00:40/35-15:25:33,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/35-15:25:33,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:21/35-15:25:32,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/35-15:25:32,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/35-15:25:32,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/35-15:25:32,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/35-15:25:32,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:44/35-15:25:32,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:50/35-15:25:32,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/35-15:25:32,1206) bpfilter_umh (root,26204,8212,00:00:13/35-15:25:32,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/35-15:25:32,1215) ntpd: asynchronous dns resolver (spot,293848,180096,1-20:13:38/35-15:25:32,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/35-15:25:31,1228) (sd-pam) (checkmk,48532,3192,00:00:00/35-15:25:31,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/35-15:25:31,1245) (sd-pam) (root,24216,5344,00:00:11/35-15:25:30,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/35-15:25:30,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/35-15:25:29,1354) /usr/sbin/cron -n (root,698228,81996,00:46:35/35-15:25:23,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,223680,64168,00:15:16/35-15:25:09,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:50,4119) [kworker/1:1-ata_sff] (root,0,0,00:00:00/12:11,4297) [kworker/1:2-events] (root,6656,3488,00:00:00/00:00,8309) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,8327) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,8328) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:18:24,10630) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/29-13:16:25,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:38/29-13:16:24,15391) sshd: cm-ssh (root,0,0,00:00:00/05:01:58,15974) [kworker/u8:1-writeback] (postfix,24244,8228,00:00:00/01:37:50,16513) pickup -l -t fifo -u (root,35308,10072,00:00:00/19-14:45:03,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:07/19-14:45:02,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:03:23,19051) [kworker/0:0-events] (root,0,0,00:00:00/07:09,20339) [kworker/3:2-events] (root,0,0,00:00:00/07:00,20978) [kworker/1:0-ata_sff] (root,0,0,00:00:00/14:55,27958) [kworker/2:0-events] (root,0,0,00:00:00/02:48:44,29889) [kworker/3:0-events] (postfix,44628,9272,00:00:01/29-20:02:10,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:57:13,31877) [kworker/0:1-events] (root,0,0,00:00:00/40:10,32365) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-18 01:48 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836307df8e89Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:18/33-13:30:44,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/33-13:30:44,2) [kthreadd] (root,0,0,00:00:00/33-13:30:44,3) [rcu_gp] (root,0,0,00:00:00/33-13:30:44,4) [rcu_par_gp] (root,0,0,00:00:00/33-13:30:44,5) [slub_flushwq] (root,0,0,00:00:00/33-13:30:44,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-13:30:44,9) [mm_percpu_wq] (root,0,0,00:00:00/33-13:30:44,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-13:30:44,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-13:30:44,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-13:30:44,13) [ksoftirqd/0] (root,0,0,01:29:08/33-13:30:44,14) [rcu_preempt] (root,0,0,00:00:12/33-13:30:44,15) [migration/0] (root,0,0,00:00:00/33-13:30:44,16) [idle_inject/0] (root,0,0,00:00:00/33-13:30:44,18) [cpuhp/0] (root,0,0,00:00:00/33-13:30:44,19) [cpuhp/1] (root,0,0,00:00:00/33-13:30:44,20) [idle_inject/1] (root,0,0,00:00:13/33-13:30:44,21) [migration/1] (root,0,0,00:00:54/33-13:30:44,22) [ksoftirqd/1] (root,0,0,00:00:00/33-13:30:44,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-13:30:44,25) [cpuhp/2] (root,0,0,00:00:00/33-13:30:44,26) [idle_inject/2] (root,0,0,00:00:10/33-13:30:44,27) [migration/2] (root,0,0,01:04:51/33-13:30:44,28) [ksoftirqd/2] (root,0,0,00:00:00/33-13:30:44,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-13:30:44,31) [cpuhp/3] (root,0,0,00:00:00/33-13:30:44,32) [idle_inject/3] (root,0,0,00:00:12/33-13:30:44,33) [migration/3] (root,0,0,00:03:01/33-13:30:44,34) [ksoftirqd/3] (root,0,0,00:00:00/33-13:30:44,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-13:30:44,39) [kdevtmpfs] (root,0,0,00:00:00/33-13:30:44,40) [netns] (root,0,0,00:00:00/33-13:30:44,41) [inet_frag_wq] (root,0,0,00:00:07/33-13:30:44,42) [kauditd] (root,0,0,00:00:00/33-13:30:44,43) [khungtaskd] (root,0,0,00:00:00/33-13:30:44,44) [oom_reaper] (root,0,0,00:00:00/33-13:30:44,45) [writeback] (root,0,0,00:01:38/33-13:30:44,46) [kcompactd0] (root,0,0,00:00:00/33-13:30:44,47) [ksmd] (root,0,0,00:01:37/33-13:30:44,48) [khugepaged] (root,0,0,00:00:00/33-13:30:44,74) [kintegrityd] (root,0,0,00:00:00/33-13:30:44,75) [kblockd] (root,0,0,00:00:00/33-13:30:44,76) [blkcg_punt_bio] (root,0,0,00:00:00/33-13:30:44,78) [tpm_dev_wq] (root,0,0,00:00:00/33-13:30:44,79) [edac-poller] (root,0,0,00:00:00/33-13:30:44,80) [devfreq_wq] (root,0,0,00:00:00/33-13:30:44,110) [watchdogd] (root,0,0,00:00:07/33-13:30:44,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/33-13:30:44,112) [kswapd0] (root,0,0,00:00:00/33-13:30:43,114) [kthrotld] (root,0,0,00:00:00/33-13:30:43,115) [mld] (root,0,0,00:00:00/33-13:30:43,116) [ipv6_addrconf] (root,0,0,00:00:14/33-13:30:43,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/33-13:30:43,122) [kstrp] (root,0,0,00:00:00/33-13:30:43,123) [zswap-shrink] (root,0,0,00:00:00/33-13:30:43,124) [kworker/u9:0] (root,0,0,00:00:00/33-13:30:43,129) [charger_manager] (root,0,0,00:00:07/33-13:30:42,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/33-13:30:42,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-13:30:42,205) [kaluad] (root,0,0,00:00:00/33-13:30:42,250) [kmpath_rdacd] (root,0,0,00:00:00/33-13:30:42,293) [kmpathd] (root,0,0,00:00:00/33-13:30:42,294) [kmpath_handlerd] (root,0,0,00:00:00/33-13:30:42,342) [ata_sff] (root,0,0,00:00:00/33-13:30:41,343) [scsi_eh_0] (root,0,0,00:00:00/33-13:30:41,344) [scsi_tmf_0] (root,0,0,00:00:00/33-13:30:41,345) [scsi_eh_1] (root,0,0,00:00:00/33-13:30:41,346) [scsi_tmf_1] (root,0,0,00:00:54/33-13:30:39,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-13:30:39,367) [ext4-rsv-conver] (root,38604,7788,00:00:44/33-13:30:27,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/33-13:30:26,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:50/33-13:30:24,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/33-13:29:50,512) /sbin/auditd (messagebus,22936,5548,00:01:25/33-13:29:50,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:49/33-13:29:50,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/33-13:29:50,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/33-13:29:49,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/33-13:29:49,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/02:22:23,727) [kworker/u8:2-events_unbound] (root,548360,32524,00:00:38/33-13:29:35,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/33-13:29:35,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:09/33-13:29:34,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/33-13:29:34,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/33-13:29:34,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/33-13:29:34,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/33-13:29:34,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:42/33-13:29:34,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:34/33-13:29:34,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/33-13:29:34,1206) bpfilter_umh (root,26204,8212,00:00:13/33-13:29:34,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/33-13:29:34,1215) ntpd: asynchronous dns resolver (spot,293080,179948,1-17:45:30/33-13:29:34,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/33-13:29:33,1228) (sd-pam) (checkmk,48532,3192,00:00:00/33-13:29:33,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/33-13:29:33,1245) (sd-pam) (root,24216,5344,00:00:11/33-13:29:32,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/33-13:29:32,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/33-13:29:31,1354) /usr/sbin/cron -n (root,697972,81832,00:43:53/33-13:29:25,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,222656,63536,00:14:26/33-13:29:11,1380) /usr/bin/python3.11 /usr/bin/spot (postfix,24244,8284,00:00:00/02:44,2257) pickup -l -t fifo -u (root,0,0,00:00:00/02:29,3835) [kworker/u8:0] (root,0,0,00:00:00/02:29,3836) [kworker/3:1-cgroup_destroy] (root,0,0,00:00:00/37:23,7073) [kworker/u8:1-writeback] (root,0,0,00:00:00/01:23,10122) [kworker/1:0-ata_sff] (root,0,0,00:00:00/06:34,12958) [kworker/1:1-events] (root,35308,10012,00:00:00/27-11:20:27,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:31/27-11:20:26,15391) sshd: cm-ssh (root,35308,10072,00:00:00/17-12:49:05,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:00/17-12:49:04,16977) sshd: syslogtunnel (root,0,0,00:00:00/02:01:01,18088) [kworker/3:2-inet_frag_wq] (root,6656,3484,00:00:00/00:00,19402) /bin/bash /usr/bin/check_mk_agent (root,13744,3452,00:00:00/00:00,19420) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,19421) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/54:25,19428) [kworker/0:2-events] (root,0,0,00:00:04/02:30:41,24863) [kworker/2:1-events] (root,0,0,00:00:00/32:30,25067) [kworker/1:2-ata_sff] (root,0,0,00:00:02/02:52:59,29457) [kworker/3:0-events] (postfix,44628,9316,00:00:01/27-18:06:12,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:01:52,31017) [kworker/0:1-events] (root,0,0,00:00:00/31:03,31459) [kworker/2:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-15 23:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683632856e1bcFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:15/31-13:43:16,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-13:43:16,2) [kthreadd] (root,0,0,00:00:00/31-13:43:16,3) [rcu_gp] (root,0,0,00:00:00/31-13:43:16,4) [rcu_par_gp] (root,0,0,00:00:00/31-13:43:16,5) [slub_flushwq] (root,0,0,00:00:00/31-13:43:16,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-13:43:16,9) [mm_percpu_wq] (root,0,0,00:00:00/31-13:43:16,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-13:43:16,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-13:43:16,12) [rcu_tasks_trace] (root,0,0,00:00:58/31-13:43:16,13) [ksoftirqd/0] (root,0,0,01:23:57/31-13:43:16,14) [rcu_preempt] (root,0,0,00:00:12/31-13:43:16,15) [migration/0] (root,0,0,00:00:00/31-13:43:16,16) [idle_inject/0] (root,0,0,00:00:00/31-13:43:16,18) [cpuhp/0] (root,0,0,00:00:00/31-13:43:16,19) [cpuhp/1] (root,0,0,00:00:00/31-13:43:16,20) [idle_inject/1] (root,0,0,00:00:12/31-13:43:16,21) [migration/1] (root,0,0,00:00:50/31-13:43:16,22) [ksoftirqd/1] (root,0,0,00:00:00/31-13:43:16,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-13:43:16,25) [cpuhp/2] (root,0,0,00:00:00/31-13:43:16,26) [idle_inject/2] (root,0,0,00:00:09/31-13:43:16,27) [migration/2] (root,0,0,01:01:48/31-13:43:16,28) [ksoftirqd/2] (root,0,0,00:00:00/31-13:43:16,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-13:43:16,31) [cpuhp/3] (root,0,0,00:00:00/31-13:43:16,32) [idle_inject/3] (root,0,0,00:00:11/31-13:43:16,33) [migration/3] (root,0,0,00:02:51/31-13:43:16,34) [ksoftirqd/3] (root,0,0,00:00:00/31-13:43:16,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-13:43:16,39) [kdevtmpfs] (root,0,0,00:00:00/31-13:43:16,40) [netns] (root,0,0,00:00:00/31-13:43:16,41) [inet_frag_wq] (root,0,0,00:00:07/31-13:43:16,42) [kauditd] (root,0,0,00:00:00/31-13:43:16,43) [khungtaskd] (root,0,0,00:00:00/31-13:43:16,44) [oom_reaper] (root,0,0,00:00:00/31-13:43:16,45) [writeback] (root,0,0,00:01:32/31-13:43:16,46) [kcompactd0] (root,0,0,00:00:00/31-13:43:16,47) [ksmd] (root,0,0,00:01:31/31-13:43:16,48) [khugepaged] (root,0,0,00:00:00/31-13:43:16,74) [kintegrityd] (root,0,0,00:00:00/31-13:43:16,75) [kblockd] (root,0,0,00:00:00/31-13:43:16,76) [blkcg_punt_bio] (root,0,0,00:00:00/31-13:43:16,78) [tpm_dev_wq] (root,0,0,00:00:00/31-13:43:16,79) [edac-poller] (root,0,0,00:00:00/31-13:43:16,80) [devfreq_wq] (root,0,0,00:00:00/31-13:43:16,110) [watchdogd] (root,0,0,00:00:06/31-13:43:16,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/31-13:43:16,112) [kswapd0] (root,0,0,00:00:00/31-13:43:15,114) [kthrotld] (root,0,0,00:00:00/31-13:43:15,115) [mld] (root,0,0,00:00:00/31-13:43:15,116) [ipv6_addrconf] (root,0,0,00:00:13/31-13:43:15,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/31-13:43:15,122) [kstrp] (root,0,0,00:00:00/31-13:43:15,123) [zswap-shrink] (root,0,0,00:00:00/31-13:43:15,124) [kworker/u9:0] (root,0,0,00:00:00/31-13:43:15,129) [charger_manager] (root,0,0,00:00:07/31-13:43:14,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/31-13:43:14,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-13:43:14,205) [kaluad] (root,0,0,00:00:00/31-13:43:14,250) [kmpath_rdacd] (root,0,0,00:00:00/31-13:43:14,293) [kmpathd] (root,0,0,00:00:00/31-13:43:14,294) [kmpath_handlerd] (root,0,0,00:00:00/31-13:43:14,342) [ata_sff] (root,0,0,00:00:00/31-13:43:13,343) [scsi_eh_0] (root,0,0,00:00:00/31-13:43:13,344) [scsi_tmf_0] (root,0,0,00:00:00/31-13:43:13,345) [scsi_eh_1] (root,0,0,00:00:00/31-13:43:13,346) [scsi_tmf_1] (root,0,0,00:00:51/31-13:43:11,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-13:43:11,367) [ext4-rsv-conver] (root,38604,7788,00:00:42/31-13:42:59,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/31-13:42:58,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:47/31-13:42:56,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:15/31-13:42:22,512) /sbin/auditd (messagebus,22936,5548,00:01:22/31-13:42:22,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:47/31-13:42:22,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/31-13:42:22,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/31-13:42:21,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/31-13:42:21,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:35/31-13:42:07,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/31-13:42:07,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:02:57/31-13:42:06,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/31-13:42:06,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/31-13:42:06,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/31-13:42:06,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/31-13:42:06,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:40/31-13:42:06,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:18/31-13:42:06,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/31-13:42:06,1206) bpfilter_umh (root,26204,8212,00:00:12/31-13:42:06,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/31-13:42:06,1215) ntpd: asynchronous dns resolver (spot,286536,173736,1-15:29:41/31-13:42:06,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/31-13:42:05,1228) (sd-pam) (checkmk,48532,3192,00:00:00/31-13:42:05,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/31-13:42:05,1245) (sd-pam) (root,24216,5344,00:00:10/31-13:42:04,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/31-13:42:04,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/31-13:42:03,1354) /usr/sbin/cron -n (root,697972,81512,00:41:18/31-13:41:57,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,221632,61380,00:13:37/31-13:41:43,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/03:01,9372) [kworker/1:0-ata_sff] (root,0,0,00:00:03/01:59:02,11542) [kworker/2:0-events] (root,35308,10012,00:00:00/25-11:32:59,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:24/25-11:32:58,15391) sshd: cm-ssh (root,0,0,00:00:00/02:09:54,16327) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10072,00:00:00/15-13:01:37,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:53/15-13:01:36,16977) sshd: syslogtunnel (root,0,0,00:00:00/08:13,20275) [kworker/1:2-events] (root,0,0,00:00:00/01:05:18,22377) [kworker/0:1-events] (root,0,0,00:00:00/59:29,24430) [kworker/3:0-events] (root,0,0,00:00:00/29:47,25324) [kworker/3:1] (root,0,0,00:00:00/07:43,28354) [kworker/0:0-events] (postfix,24244,8252,00:00:00/37:11,28439) pickup -l -t fifo -u (root,0,0,00:00:00/01:36:39,29649) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/00:14,29868) [kworker/2:1-events] (postfix,44628,9316,00:00:01/25-18:18:44,30472) tlsmgr -l -t unix -u (root,6656,3476,00:00:00/00:00,30831) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,30849) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,30850) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/18:37,31624) [kworker/1:1-ata_sff] (root,0,0,00:00:00/50:27,31712) [kworker/u8:1-flush-253:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-14 00:05 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363407838b3Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:12/29-14:40:17,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-14:40:17,2) [kthreadd] (root,0,0,00:00:00/29-14:40:17,3) [rcu_gp] (root,0,0,00:00:00/29-14:40:17,4) [rcu_par_gp] (root,0,0,00:00:00/29-14:40:17,5) [slub_flushwq] (root,0,0,00:00:00/29-14:40:17,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-14:40:17,9) [mm_percpu_wq] (root,0,0,00:00:00/29-14:40:17,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-14:40:17,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-14:40:17,12) [rcu_tasks_trace] (root,0,0,00:00:53/29-14:40:17,13) [ksoftirqd/0] (root,0,0,01:18:54/29-14:40:17,14) [rcu_preempt] (root,0,0,00:00:11/29-14:40:17,15) [migration/0] (root,0,0,00:00:00/29-14:40:17,16) [idle_inject/0] (root,0,0,00:00:00/29-14:40:17,18) [cpuhp/0] (root,0,0,00:00:00/29-14:40:17,19) [cpuhp/1] (root,0,0,00:00:00/29-14:40:17,20) [idle_inject/1] (root,0,0,00:00:11/29-14:40:17,21) [migration/1] (root,0,0,00:00:46/29-14:40:17,22) [ksoftirqd/1] (root,0,0,00:00:00/29-14:40:17,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-14:40:17,25) [cpuhp/2] (root,0,0,00:00:00/29-14:40:17,26) [idle_inject/2] (root,0,0,00:00:09/29-14:40:17,27) [migration/2] (root,0,0,00:58:16/29-14:40:17,28) [ksoftirqd/2] (root,0,0,00:00:00/29-14:40:17,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-14:40:17,31) [cpuhp/3] (root,0,0,00:00:00/29-14:40:17,32) [idle_inject/3] (root,0,0,00:00:11/29-14:40:17,33) [migration/3] (root,0,0,00:02:40/29-14:40:17,34) [ksoftirqd/3] (root,0,0,00:00:00/29-14:40:17,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-14:40:17,39) [kdevtmpfs] (root,0,0,00:00:00/29-14:40:17,40) [netns] (root,0,0,00:00:00/29-14:40:17,41) [inet_frag_wq] (root,0,0,00:00:06/29-14:40:17,42) [kauditd] (root,0,0,00:00:00/29-14:40:17,43) [khungtaskd] (root,0,0,00:00:00/29-14:40:17,44) [oom_reaper] (root,0,0,00:00:00/29-14:40:17,45) [writeback] (root,0,0,00:01:27/29-14:40:17,46) [kcompactd0] (root,0,0,00:00:00/29-14:40:17,47) [ksmd] (root,0,0,00:01:25/29-14:40:17,48) [khugepaged] (root,0,0,00:00:00/29-14:40:17,74) [kintegrityd] (root,0,0,00:00:00/29-14:40:17,75) [kblockd] (root,0,0,00:00:00/29-14:40:17,76) [blkcg_punt_bio] (root,0,0,00:00:00/29-14:40:17,78) [tpm_dev_wq] (root,0,0,00:00:00/29-14:40:17,79) [edac-poller] (root,0,0,00:00:00/29-14:40:17,80) [devfreq_wq] (root,0,0,00:00:00/29-14:40:17,110) [watchdogd] (root,0,0,00:00:06/29-14:40:17,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/29-14:40:17,112) [kswapd0] (root,0,0,00:00:00/29-14:40:16,114) [kthrotld] (root,0,0,00:00:00/29-14:40:16,115) [mld] (root,0,0,00:00:00/29-14:40:16,116) [ipv6_addrconf] (root,0,0,00:00:12/29-14:40:16,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/29-14:40:16,122) [kstrp] (root,0,0,00:00:00/29-14:40:16,123) [zswap-shrink] (root,0,0,00:00:00/29-14:40:16,124) [kworker/u9:0] (root,0,0,00:00:00/29-14:40:16,129) [charger_manager] (root,0,0,00:00:06/29-14:40:15,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/29-14:40:15,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-14:40:15,205) [kaluad] (root,0,0,00:00:00/29-14:40:15,250) [kmpath_rdacd] (root,0,0,00:00:00/29-14:40:15,293) [kmpathd] (root,0,0,00:00:00/29-14:40:15,294) [kmpath_handlerd] (root,0,0,00:00:00/29-14:40:15,342) [ata_sff] (root,0,0,00:00:00/29-14:40:14,343) [scsi_eh_0] (root,0,0,00:00:00/29-14:40:14,344) [scsi_tmf_0] (root,0,0,00:00:00/29-14:40:14,345) [scsi_eh_1] (root,0,0,00:00:00/29-14:40:14,346) [scsi_tmf_1] (root,0,0,00:00:48/29-14:40:12,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-14:40:12,367) [ext4-rsv-conver] (root,38604,7788,00:00:40/29-14:40:00,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/29-14:39:59,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:44/29-14:39:57,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/29-14:39:23,512) /sbin/auditd (messagebus,22936,5548,00:01:18/29-14:39:23,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:45/29-14:39:23,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/29-14:39:23,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/29-14:39:22,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/29-14:39:22,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/37:42,931) [kworker/3:1-events] (root,548360,31484,00:00:33/29-14:39:08,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/29-14:39:08,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:42/29-14:39:07,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/29-14:39:07,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/29-14:39:07,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/29-14:39:07,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/29-14:39:07,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:38/29-14:39:07,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:02/29-14:39:07,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/29-14:39:07,1206) bpfilter_umh (root,26204,8212,00:00:12/29-14:39:07,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/29-14:39:07,1215) ntpd: asynchronous dns resolver (spot,291612,178816,1-13:01:01/29-14:39:07,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/29-14:39:06,1228) (sd-pam) (checkmk,48532,3192,00:00:00/29-14:39:06,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/29-14:39:06,1245) (sd-pam) (root,24216,5344,00:00:09/29-14:39:05,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/29-14:39:05,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/29-14:39:04,1354) /usr/sbin/cron -n (root,697576,81148,00:38:44/29-14:38:58,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,220608,60500,00:12:54/29-14:38:44,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/08:42,3903) [kworker/0:2-events] (root,0,0,00:00:00/01:42:04,3949) [kworker/u8:1-writeback] (root,0,0,00:00:00/01:12:54,4092) [kworker/3:0-events] (root,0,0,00:00:00/07:40,6756) [kworker/1:2-ata_sff] (root,0,0,00:00:00/03:47:24,8802) [kworker/u8:0] (root,0,0,00:00:00/01:27:43,10360) [kworker/2:2-events] (root,0,0,00:00:01/01:20:10,10395) [kworker/2:0-events] (postfix,24244,8204,00:00:00/15:58,14984) pickup -l -t fifo -u (root,35308,10012,00:00:00/23-12:30:00,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:18/23-12:29:59,15391) sshd: cm-ssh (root,35308,10072,00:00:00/13-13:58:38,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:47/13-13:58:37,16977) sshd: syslogtunnel (root,0,0,00:00:02/07:22:50,20264) [kworker/0:1-events] (root,0,0,00:00:01/01:25:29,21615) [kworker/1:1-ata_sff] (root,0,0,00:00:00/02:27,25239) [kworker/1:0-events] (postfix,44628,9316,00:00:01/23-19:15:45,30472) tlsmgr -l -t unix -u (root,6656,3476,00:00:00/00:00,32391) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,32409) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,32410) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-12 01:02 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836308348b51Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:08/27-14:38:47,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-14:38:47,2) [kthreadd] (root,0,0,00:00:00/27-14:38:47,3) [rcu_gp] (root,0,0,00:00:00/27-14:38:47,4) [rcu_par_gp] (root,0,0,00:00:00/27-14:38:47,5) [slub_flushwq] (root,0,0,00:00:00/27-14:38:47,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-14:38:47,9) [mm_percpu_wq] (root,0,0,00:00:00/27-14:38:47,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-14:38:47,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-14:38:47,12) [rcu_tasks_trace] (root,0,0,00:00:50/27-14:38:47,13) [ksoftirqd/0] (root,0,0,01:13:45/27-14:38:47,14) [rcu_preempt] (root,0,0,00:00:10/27-14:38:47,15) [migration/0] (root,0,0,00:00:00/27-14:38:47,16) [idle_inject/0] (root,0,0,00:00:00/27-14:38:47,18) [cpuhp/0] (root,0,0,00:00:00/27-14:38:47,19) [cpuhp/1] (root,0,0,00:00:00/27-14:38:47,20) [idle_inject/1] (root,0,0,00:00:10/27-14:38:47,21) [migration/1] (root,0,0,00:00:44/27-14:38:47,22) [ksoftirqd/1] (root,0,0,00:00:00/27-14:38:47,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-14:38:47,25) [cpuhp/2] (root,0,0,00:00:00/27-14:38:47,26) [idle_inject/2] (root,0,0,00:00:08/27-14:38:47,27) [migration/2] (root,0,0,00:55:29/27-14:38:47,28) [ksoftirqd/2] (root,0,0,00:00:00/27-14:38:47,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-14:38:47,31) [cpuhp/3] (root,0,0,00:00:00/27-14:38:47,32) [idle_inject/3] (root,0,0,00:00:10/27-14:38:47,33) [migration/3] (root,0,0,00:02:32/27-14:38:47,34) [ksoftirqd/3] (root,0,0,00:00:00/27-14:38:47,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-14:38:47,39) [kdevtmpfs] (root,0,0,00:00:00/27-14:38:47,40) [netns] (root,0,0,00:00:00/27-14:38:47,41) [inet_frag_wq] (root,0,0,00:00:06/27-14:38:47,42) [kauditd] (root,0,0,00:00:00/27-14:38:47,43) [khungtaskd] (root,0,0,00:00:00/27-14:38:47,44) [oom_reaper] (root,0,0,00:00:00/27-14:38:47,45) [writeback] (root,0,0,00:01:21/27-14:38:47,46) [kcompactd0] (root,0,0,00:00:00/27-14:38:47,47) [ksmd] (root,0,0,00:01:19/27-14:38:47,48) [khugepaged] (root,0,0,00:00:00/27-14:38:47,74) [kintegrityd] (root,0,0,00:00:00/27-14:38:47,75) [kblockd] (root,0,0,00:00:00/27-14:38:47,76) [blkcg_punt_bio] (root,0,0,00:00:00/27-14:38:47,78) [tpm_dev_wq] (root,0,0,00:00:00/27-14:38:47,79) [edac-poller] (root,0,0,00:00:00/27-14:38:47,80) [devfreq_wq] (root,0,0,00:00:00/27-14:38:47,110) [watchdogd] (root,0,0,00:00:05/27-14:38:47,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/27-14:38:47,112) [kswapd0] (root,0,0,00:00:00/27-14:38:46,114) [kthrotld] (root,0,0,00:00:00/27-14:38:46,115) [mld] (root,0,0,00:00:00/27-14:38:46,116) [ipv6_addrconf] (root,0,0,00:00:11/27-14:38:46,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/27-14:38:46,122) [kstrp] (root,0,0,00:00:00/27-14:38:46,123) [zswap-shrink] (root,0,0,00:00:00/27-14:38:46,124) [kworker/u9:0] (root,0,0,00:00:00/27-14:38:46,129) [charger_manager] (root,0,0,00:00:06/27-14:38:45,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/27-14:38:45,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-14:38:45,205) [kaluad] (root,0,0,00:00:00/27-14:38:45,250) [kmpath_rdacd] (root,0,0,00:00:00/27-14:38:45,293) [kmpathd] (root,0,0,00:00:00/27-14:38:45,294) [kmpath_handlerd] (root,0,0,00:00:00/27-14:38:45,342) [ata_sff] (root,0,0,00:00:00/27-14:38:44,343) [scsi_eh_0] (root,0,0,00:00:00/27-14:38:44,344) [scsi_tmf_0] (root,0,0,00:00:00/27-14:38:44,345) [scsi_eh_1] (root,0,0,00:00:00/27-14:38:44,346) [scsi_tmf_1] (root,0,0,00:00:45/27-14:38:42,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-14:38:42,367) [ext4-rsv-conver] (root,38604,7788,00:00:38/27-14:38:30,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/27-14:38:29,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:41/27-14:38:27,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/27-14:37:53,512) /sbin/auditd (messagebus,22936,5548,00:01:14/27-14:37:53,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8520,00:00:43/27-14:37:53,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/27-14:37:53,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/27-14:37:52,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/27-14:37:52,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:31/27-14:37:38,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/27-14:37:38,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:34/27-14:37:37,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/27-14:37:37,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/27-14:37:37,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/27-14:37:37,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/27-14:37:37,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:36/27-14:37:37,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:03:46/27-14:37:37,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/27-14:37:37,1206) bpfilter_umh (root,26204,8212,00:00:11/27-14:37:37,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/27-14:37:37,1215) ntpd: asynchronous dns resolver (spot,289992,176652,1-10:40:38/27-14:37:37,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/27-14:37:36,1228) (sd-pam) (checkmk,48532,3192,00:00:00/27-14:37:36,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/27-14:37:36,1245) (sd-pam) (root,24216,5344,00:00:09/27-14:37:35,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/27-14:37:35,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/27-14:37:34,1354) /usr/sbin/cron -n (root,697064,80568,00:36:08/27-14:37:28,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,219584,58620,00:11:36/27-14:37:14,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/03:52:19,1639) [kworker/3:1-events] (root,0,0,00:00:00/05:38,2230) [kworker/1:0-ata_sff] (postfix,24244,8288,00:00:00/36:29,4237) pickup -l -t fifo -u (root,0,0,00:00:00/04:04,5127) [kworker/0:2] (root,0,0,00:00:00/47:19,7755) [kworker/3:2] (root,0,0,00:00:00/01:25:54,8451) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/00:27,12518) [kworker/1:2-ata_sff] (root,6656,3488,00:00:00/00:00,15006) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,15024) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,15025) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10012,00:00:00/21-12:28:30,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:11/21-12:28:29,15391) sshd: cm-ssh (root,0,0,00:00:00/31:34,15445) [kworker/1:1-events] (root,0,0,00:00:00/11:32,16162) [kworker/0:1-events] (root,35308,10072,00:00:00/11-13:57:08,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:40/11-13:57:07,16977) sshd: syslogtunnel (root,0,0,00:00:01/06:48:54,18730) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/20:25,19174) [kworker/u8:1-writeback] (root,0,0,00:00:00/18:39,24768) [kworker/2:0-events] (root,0,0,00:00:02/02:00:49,27932) [kworker/2:2-events] (postfix,44628,9316,00:00:00/21-19:14:15,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-10 01:00 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633cfbfafcFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12816,00:01:04/25-14:27:14,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-14:27:14,2) [kthreadd] (root,0,0,00:00:00/25-14:27:14,3) [rcu_gp] (root,0,0,00:00:00/25-14:27:14,4) [rcu_par_gp] (root,0,0,00:00:00/25-14:27:14,5) [slub_flushwq] (root,0,0,00:00:00/25-14:27:14,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-14:27:14,9) [mm_percpu_wq] (root,0,0,00:00:00/25-14:27:14,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-14:27:14,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-14:27:14,12) [rcu_tasks_trace] (root,0,0,00:00:46/25-14:27:14,13) [ksoftirqd/0] (root,0,0,01:08:26/25-14:27:14,14) [rcu_preempt] (root,0,0,00:00:09/25-14:27:14,15) [migration/0] (root,0,0,00:00:00/25-14:27:14,16) [idle_inject/0] (root,0,0,00:00:00/25-14:27:14,18) [cpuhp/0] (root,0,0,00:00:00/25-14:27:14,19) [cpuhp/1] (root,0,0,00:00:00/25-14:27:14,20) [idle_inject/1] (root,0,0,00:00:10/25-14:27:14,21) [migration/1] (root,0,0,00:00:40/25-14:27:14,22) [ksoftirqd/1] (root,0,0,00:00:00/25-14:27:14,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-14:27:14,25) [cpuhp/2] (root,0,0,00:00:00/25-14:27:14,26) [idle_inject/2] (root,0,0,00:00:08/25-14:27:14,27) [migration/2] (root,0,0,00:52:17/25-14:27:14,28) [ksoftirqd/2] (root,0,0,00:00:00/25-14:27:14,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-14:27:14,31) [cpuhp/3] (root,0,0,00:00:00/25-14:27:14,32) [idle_inject/3] (root,0,0,00:00:09/25-14:27:14,33) [migration/3] (root,0,0,00:02:22/25-14:27:14,34) [ksoftirqd/3] (root,0,0,00:00:00/25-14:27:14,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-14:27:14,39) [kdevtmpfs] (root,0,0,00:00:00/25-14:27:14,40) [netns] (root,0,0,00:00:00/25-14:27:14,41) [inet_frag_wq] (root,0,0,00:00:06/25-14:27:14,42) [kauditd] (root,0,0,00:00:00/25-14:27:14,43) [khungtaskd] (root,0,0,00:00:00/25-14:27:14,44) [oom_reaper] (root,0,0,00:00:00/25-14:27:14,45) [writeback] (root,0,0,00:01:15/25-14:27:14,46) [kcompactd0] (root,0,0,00:00:00/25-14:27:14,47) [ksmd] (root,0,0,00:01:14/25-14:27:14,48) [khugepaged] (root,0,0,00:00:00/25-14:27:14,74) [kintegrityd] (root,0,0,00:00:00/25-14:27:14,75) [kblockd] (root,0,0,00:00:00/25-14:27:14,76) [blkcg_punt_bio] (root,0,0,00:00:00/25-14:27:14,78) [tpm_dev_wq] (root,0,0,00:00:00/25-14:27:14,79) [edac-poller] (root,0,0,00:00:00/25-14:27:14,80) [devfreq_wq] (root,0,0,00:00:00/25-14:27:14,110) [watchdogd] (root,0,0,00:00:05/25-14:27:14,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/25-14:27:14,112) [kswapd0] (root,0,0,00:00:00/25-14:27:13,114) [kthrotld] (root,0,0,00:00:00/25-14:27:13,115) [mld] (root,0,0,00:00:00/25-14:27:13,116) [ipv6_addrconf] (root,0,0,00:00:11/25-14:27:13,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/25-14:27:13,122) [kstrp] (root,0,0,00:00:00/25-14:27:13,123) [zswap-shrink] (root,0,0,00:00:00/25-14:27:13,124) [kworker/u9:0] (root,0,0,00:00:00/25-14:27:13,129) [charger_manager] (root,0,0,00:00:05/25-14:27:12,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/25-14:27:12,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-14:27:12,205) [kaluad] (root,0,0,00:00:00/25-14:27:12,250) [kmpath_rdacd] (root,0,0,00:00:00/25-14:27:12,293) [kmpathd] (root,0,0,00:00:00/25-14:27:12,294) [kmpath_handlerd] (root,0,0,00:00:00/25-14:27:12,342) [ata_sff] (root,0,0,00:00:00/25-14:27:11,343) [scsi_eh_0] (root,0,0,00:00:00/25-14:27:11,344) [scsi_tmf_0] (root,0,0,00:00:00/25-14:27:11,345) [scsi_eh_1] (root,0,0,00:00:00/25-14:27:11,346) [scsi_tmf_1] (root,0,0,00:00:41/25-14:27:09,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-14:27:09,367) [ext4-rsv-conver] (root,38604,7876,00:00:36/25-14:26:57,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:03/25-14:26:56,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:38/25-14:26:54,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:13/25-14:26:20,512) /sbin/auditd (messagebus,22936,5640,00:01:11/25-14:26:20,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:41/25-14:26:20,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/25-14:26:20,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/25-14:26:19,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/25-14:26:19,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,30844,00:00:29/25-14:26:05,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/25-14:26:05,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:22/25-14:26:04,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/25-14:26:04,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/25-14:26:04,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/25-14:26:04,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/25-14:26:04,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:34/25-14:26:04,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:29/25-14:26:04,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/25-14:26:04,1206) bpfilter_umh (root,26204,8300,00:00:11/25-14:26:04,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/25-14:26:04,1215) ntpd: asynchronous dns resolver (spot,301616,188308,1-08:06:22/25-14:26:04,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/25-14:26:03,1228) (sd-pam) (checkmk,48532,3192,00:00:00/25-14:26:03,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/25-14:26:03,1245) (sd-pam) (root,24216,5348,00:00:08/25-14:26:02,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/25-14:26:02,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/25-14:26:01,1354) /usr/sbin/cron -n (root,694116,77808,00:33:30/25-14:25:55,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,218560,57996,00:10:11/25-14:25:41,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:30,4602) [kworker/1:1-ata_sff] (root,0,0,00:00:00/32:37,6090) [kworker/1:0-events] (root,0,0,00:00:00/34:20,6321) [kworker/u8:0-writeback] (root,0,0,00:00:00/01:06,6556) [kworker/0:0-events_power_efficient] (root,6656,3488,00:00:00/00:00,11179) /bin/bash /usr/bin/check_mk_agent (root,13744,3448,00:00:00/00:00,11197) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,11198) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:22:27,14356) [kworker/2:0-events] (root,35308,10012,00:00:00/19-12:16:57,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:05/19-12:16:56,15391) sshd: cm-ssh (root,0,0,00:00:01/01:50:01,16404) [kworker/0:1-events] (root,35308,10072,00:00:00/9-13:45:35,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:33/9-13:45:34,16977) sshd: syslogtunnel (root,0,0,00:00:00/10:19:25,17512) [kworker/u8:2-writeback] (postfix,24244,8240,00:00:00/45:50,17853) pickup -l -t fifo -u (root,0,0,00:00:00/07:53,18061) [kworker/3:0] (root,0,0,00:00:07/07:29:49,21123) [kworker/2:1-events] (root,0,0,00:00:00/06:40,22721) [kworker/1:2-events] (postfix,44628,9372,00:00:00/19-19:02:42,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/14:30,30755) [kworker/3:1-events] (root,0,0,00:00:00/21:11,31934) [kworker/0:2-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-08 00:49 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363885d8bf3Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:01:01/23-14:32:34,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-14:32:34,2) [kthreadd] (root,0,0,00:00:00/23-14:32:34,3) [rcu_gp] (root,0,0,00:00:00/23-14:32:34,4) [rcu_par_gp] (root,0,0,00:00:00/23-14:32:34,5) [slub_flushwq] (root,0,0,00:00:00/23-14:32:34,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-14:32:34,9) [mm_percpu_wq] (root,0,0,00:00:00/23-14:32:34,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-14:32:34,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-14:32:34,12) [rcu_tasks_trace] (root,0,0,00:00:43/23-14:32:34,13) [ksoftirqd/0] (root,0,0,01:02:52/23-14:32:34,14) [rcu_preempt] (root,0,0,00:00:08/23-14:32:34,15) [migration/0] (root,0,0,00:00:00/23-14:32:34,16) [idle_inject/0] (root,0,0,00:00:00/23-14:32:34,18) [cpuhp/0] (root,0,0,00:00:00/23-14:32:34,19) [cpuhp/1] (root,0,0,00:00:00/23-14:32:34,20) [idle_inject/1] (root,0,0,00:00:09/23-14:32:34,21) [migration/1] (root,0,0,00:00:37/23-14:32:34,22) [ksoftirqd/1] (root,0,0,00:00:00/23-14:32:34,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-14:32:34,25) [cpuhp/2] (root,0,0,00:00:00/23-14:32:34,26) [idle_inject/2] (root,0,0,00:00:07/23-14:32:34,27) [migration/2] (root,0,0,00:47:38/23-14:32:34,28) [ksoftirqd/2] (root,0,0,00:00:00/23-14:32:34,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-14:32:34,31) [cpuhp/3] (root,0,0,00:00:00/23-14:32:34,32) [idle_inject/3] (root,0,0,00:00:08/23-14:32:34,33) [migration/3] (root,0,0,00:02:10/23-14:32:34,34) [ksoftirqd/3] (root,0,0,00:00:00/23-14:32:34,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-14:32:34,39) [kdevtmpfs] (root,0,0,00:00:00/23-14:32:34,40) [netns] (root,0,0,00:00:00/23-14:32:34,41) [inet_frag_wq] (root,0,0,00:00:05/23-14:32:34,42) [kauditd] (root,0,0,00:00:00/23-14:32:34,43) [khungtaskd] (root,0,0,00:00:00/23-14:32:34,44) [oom_reaper] (root,0,0,00:00:00/23-14:32:34,45) [writeback] (root,0,0,00:01:09/23-14:32:34,46) [kcompactd0] (root,0,0,00:00:00/23-14:32:34,47) [ksmd] (root,0,0,00:01:08/23-14:32:34,48) [khugepaged] (root,0,0,00:00:00/23-14:32:34,74) [kintegrityd] (root,0,0,00:00:00/23-14:32:34,75) [kblockd] (root,0,0,00:00:00/23-14:32:34,76) [blkcg_punt_bio] (root,0,0,00:00:00/23-14:32:34,78) [tpm_dev_wq] (root,0,0,00:00:00/23-14:32:34,79) [edac-poller] (root,0,0,00:00:00/23-14:32:34,80) [devfreq_wq] (root,0,0,00:00:00/23-14:32:34,110) [watchdogd] (root,0,0,00:00:04/23-14:32:34,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/23-14:32:34,112) [kswapd0] (root,0,0,00:00:00/23-14:32:33,114) [kthrotld] (root,0,0,00:00:00/23-14:32:33,115) [mld] (root,0,0,00:00:00/23-14:32:33,116) [ipv6_addrconf] (root,0,0,00:00:10/23-14:32:33,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/23-14:32:33,122) [kstrp] (root,0,0,00:00:00/23-14:32:33,123) [zswap-shrink] (root,0,0,00:00:00/23-14:32:33,124) [kworker/u9:0] (root,0,0,00:00:00/23-14:32:33,129) [charger_manager] (root,0,0,00:00:05/23-14:32:32,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/23-14:32:32,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-14:32:32,205) [kaluad] (root,0,0,00:00:00/23-14:32:32,250) [kmpath_rdacd] (root,0,0,00:00:00/23-14:32:32,293) [kmpathd] (root,0,0,00:00:00/23-14:32:32,294) [kmpath_handlerd] (root,0,0,00:00:00/23-14:32:32,342) [ata_sff] (root,0,0,00:00:00/23-14:32:31,343) [scsi_eh_0] (root,0,0,00:00:00/23-14:32:31,344) [scsi_tmf_0] (root,0,0,00:00:00/23-14:32:31,345) [scsi_eh_1] (root,0,0,00:00:00/23-14:32:31,346) [scsi_tmf_1] (root,0,0,00:00:37/23-14:32:29,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-14:32:29,367) [ext4-rsv-conver] (root,38604,7876,00:00:34/23-14:32:17,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/23-14:32:16,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:35/23-14:32:14,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:12/23-14:31:40,512) /sbin/auditd (messagebus,22936,5640,00:01:07/23-14:31:40,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:38/23-14:31:40,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/23-14:31:40,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/23-14:31:39,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/23-14:31:39,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,30324,00:00:26/23-14:31:25,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/23-14:31:25,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:09/23-14:31:24,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/23-14:31:24,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/23-14:31:24,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/23-14:31:24,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/23-14:31:24,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:32/23-14:31:24,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:12/23-14:31:24,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/23-14:31:24,1206) bpfilter_umh (root,26204,8300,00:00:10/23-14:31:24,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/23-14:31:24,1215) ntpd: asynchronous dns resolver (spot,285548,172744,1-05:40:57/23-14:31:24,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/23-14:31:23,1228) (sd-pam) (checkmk,48532,3192,00:00:00/23-14:31:23,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/23-14:31:23,1245) (sd-pam) (root,24216,5348,00:00:07/23-14:31:22,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/23-14:31:22,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/23-14:31:21,1354) /usr/sbin/cron -n (root,693860,77156,00:30:47/23-14:31:15,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,55852,00:08:45/23-14:31:01,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/08:27,4265) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/14:47,6589) [kworker/1:0-ata_sff] (root,0,0,00:00:00/01:14:08,7327) [kworker/0:0-events] (root,0,0,00:00:00/03:22:59,7973) [kworker/0:1-events] (root,0,0,00:00:00/06:46,11498) [kworker/3:1-events] (root,0,0,00:00:00/14:12,13370) [kworker/u8:1-events_unbound] (root,35308,10012,00:00:00/17-12:22:17,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:58/17-12:22:16,15391) sshd: cm-ssh (postfix,24244,8204,00:00:00/01:12:58,15690) pickup -l -t fifo -u (root,0,0,00:00:00/00:03,15975) [kworker/2:0-events] (root,6656,3508,00:00:00/00:00,16042) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,16150) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,16170) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,16171) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/05:16:37,16672) [kworker/3:2-events] (root,35308,10072,00:00:00/7-13:50:55,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:26/7-13:50:54,16977) sshd: syslogtunnel (root,0,0,00:00:01/01:20:53,19831) [kworker/2:1-events] (root,0,0,00:00:00/13:22,21438) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/09:37,26077) [kworker/1:1-events] (root,0,0,00:00:00/04:24,26329) [kworker/1:2-ata_sff] (postfix,44628,9372,00:00:00/17-19:08:02,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-06 00:54 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683637bbbcb60Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12808,00:00:57/21-14:19:50,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-14:19:50,2) [kthreadd] (root,0,0,00:00:00/21-14:19:50,3) [rcu_gp] (root,0,0,00:00:00/21-14:19:50,4) [rcu_par_gp] (root,0,0,00:00:00/21-14:19:50,5) [slub_flushwq] (root,0,0,00:00:00/21-14:19:50,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-14:19:50,9) [mm_percpu_wq] (root,0,0,00:00:00/21-14:19:50,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-14:19:50,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-14:19:50,12) [rcu_tasks_trace] (root,0,0,00:00:39/21-14:19:50,13) [ksoftirqd/0] (root,0,0,00:57:29/21-14:19:50,14) [rcu_preempt] (root,0,0,00:00:08/21-14:19:50,15) [migration/0] (root,0,0,00:00:00/21-14:19:50,16) [idle_inject/0] (root,0,0,00:00:00/21-14:19:50,18) [cpuhp/0] (root,0,0,00:00:00/21-14:19:50,19) [cpuhp/1] (root,0,0,00:00:00/21-14:19:50,20) [idle_inject/1] (root,0,0,00:00:08/21-14:19:50,21) [migration/1] (root,0,0,00:00:34/21-14:19:50,22) [ksoftirqd/1] (root,0,0,00:00:00/21-14:19:50,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-14:19:50,25) [cpuhp/2] (root,0,0,00:00:00/21-14:19:50,26) [idle_inject/2] (root,0,0,00:00:06/21-14:19:50,27) [migration/2] (root,0,0,00:43:40/21-14:19:50,28) [ksoftirqd/2] (root,0,0,00:00:00/21-14:19:50,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-14:19:50,31) [cpuhp/3] (root,0,0,00:00:00/21-14:19:50,32) [idle_inject/3] (root,0,0,00:00:08/21-14:19:50,33) [migration/3] (root,0,0,00:02:00/21-14:19:50,34) [ksoftirqd/3] (root,0,0,00:00:00/21-14:19:50,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-14:19:50,39) [kdevtmpfs] (root,0,0,00:00:00/21-14:19:50,40) [netns] (root,0,0,00:00:00/21-14:19:50,41) [inet_frag_wq] (root,0,0,00:00:05/21-14:19:50,42) [kauditd] (root,0,0,00:00:00/21-14:19:50,43) [khungtaskd] (root,0,0,00:00:00/21-14:19:50,44) [oom_reaper] (root,0,0,00:00:00/21-14:19:50,45) [writeback] (root,0,0,00:01:03/21-14:19:50,46) [kcompactd0] (root,0,0,00:00:00/21-14:19:50,47) [ksmd] (root,0,0,00:01:02/21-14:19:50,48) [khugepaged] (root,0,0,00:00:00/21-14:19:50,74) [kintegrityd] (root,0,0,00:00:00/21-14:19:50,75) [kblockd] (root,0,0,00:00:00/21-14:19:50,76) [blkcg_punt_bio] (root,0,0,00:00:00/21-14:19:50,78) [tpm_dev_wq] (root,0,0,00:00:00/21-14:19:50,79) [edac-poller] (root,0,0,00:00:00/21-14:19:50,80) [devfreq_wq] (root,0,0,00:00:00/21-14:19:50,110) [watchdogd] (root,0,0,00:00:04/21-14:19:50,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/21-14:19:50,112) [kswapd0] (root,0,0,00:00:00/21-14:19:49,114) [kthrotld] (root,0,0,00:00:00/21-14:19:49,115) [mld] (root,0,0,00:00:00/21-14:19:49,116) [ipv6_addrconf] (root,0,0,00:00:09/21-14:19:49,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/21-14:19:49,122) [kstrp] (root,0,0,00:00:00/21-14:19:49,123) [zswap-shrink] (root,0,0,00:00:00/21-14:19:49,124) [kworker/u9:0] (root,0,0,00:00:00/21-14:19:49,129) [charger_manager] (root,0,0,00:00:04/21-14:19:48,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/21-14:19:48,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-14:19:48,205) [kaluad] (root,0,0,00:00:00/21-14:19:48,250) [kmpath_rdacd] (root,0,0,00:00:00/21-14:19:48,293) [kmpathd] (root,0,0,00:00:00/21-14:19:48,294) [kmpath_handlerd] (root,0,0,00:00:00/21-14:19:48,342) [ata_sff] (root,0,0,00:00:00/21-14:19:47,343) [scsi_eh_0] (root,0,0,00:00:00/21-14:19:47,344) [scsi_tmf_0] (root,0,0,00:00:00/21-14:19:47,345) [scsi_eh_1] (root,0,0,00:00:00/21-14:19:47,346) [scsi_tmf_1] (root,0,0,00:00:33/21-14:19:45,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-14:19:45,367) [ext4-rsv-conver] (root,38604,7876,00:00:31/21-14:19:33,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/21-14:19:32,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:32/21-14:19:30,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:11/21-14:18:56,512) /sbin/auditd (messagebus,22936,5640,00:01:03/21-14:18:56,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:36/21-14:18:56,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/21-14:18:56,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/21-14:18:55,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/21-14:18:55,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29804,00:00:24/21-14:18:41,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/21-14:18:41,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:00/21-14:18:40,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/21-14:18:40,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/21-14:18:40,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/21-14:18:40,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/21-14:18:40,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:30/21-14:18:40,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:02:56/21-14:18:40,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/21-14:18:40,1206) bpfilter_umh (root,26204,8300,00:00:09/21-14:18:40,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/21-14:18:40,1215) ntpd: asynchronous dns resolver (spot,285116,171856,1-03:19:08/21-14:18:40,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/21-14:18:39,1228) (sd-pam) (checkmk,48532,3192,00:00:00/21-14:18:39,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/21-14:18:39,1245) (sd-pam) (root,24216,5348,00:00:07/21-14:18:38,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/21-14:18:38,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/21-14:18:37,1354) /usr/sbin/cron -n (root,693604,76796,00:28:06/21-14:18:31,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,216512,54956,00:07:24/21-14:18:17,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:03/03:00:33,1511) [kworker/2:0-events] (root,0,0,00:00:00/41:57,1699) [kworker/u8:1] (root,0,0,00:00:01/01:33:16,3242) [kworker/1:2-events] (root,0,0,00:00:00/10:17,3293) [kworker/1:0-ata_sff] (root,0,0,00:00:00/58:34,3967) [kworker/0:1-events] (postfix,24244,8180,00:00:00/01:22:08,7480) pickup -l -t fifo -u (root,0,0,00:00:00/33:04,8023) [kworker/3:0] (root,0,0,00:00:00/07:35,10807) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/05:06,11710) [kworker/1:1-ata_sff] (root,35308,10012,00:00:00/15-12:09:33,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:51/15-12:09:32,15391) sshd: cm-ssh (root,0,0,00:00:00/39:26,15465) [kworker/2:2-events] (root,35308,10072,00:00:00/5-13:38:11,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:19/5-13:38:10,16977) sshd: syslogtunnel (root,0,0,00:00:00/14:01,20907) [kworker/0:2] (root,6656,3488,00:00:00/00:00,30281) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,30299) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,30300) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:02/08:51:07,30433) [kworker/3:1-events] (postfix,44628,9372,00:00:00/15-18:55:18,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-04 00:42 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683632e331d5cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12828,00:00:53/19-15:06:07,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-15:06:07,2) [kthreadd] (root,0,0,00:00:00/19-15:06:07,3) [rcu_gp] (root,0,0,00:00:00/19-15:06:07,4) [rcu_par_gp] (root,0,0,00:00:00/19-15:06:07,5) [slub_flushwq] (root,0,0,00:00:00/19-15:06:07,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-15:06:07,9) [mm_percpu_wq] (root,0,0,00:00:00/19-15:06:07,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-15:06:07,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-15:06:07,12) [rcu_tasks_trace] (root,0,0,00:00:36/19-15:06:07,13) [ksoftirqd/0] (root,0,0,00:52:20/19-15:06:07,14) [rcu_preempt] (root,0,0,00:00:07/19-15:06:07,15) [migration/0] (root,0,0,00:00:00/19-15:06:07,16) [idle_inject/0] (root,0,0,00:00:00/19-15:06:07,18) [cpuhp/0] (root,0,0,00:00:00/19-15:06:07,19) [cpuhp/1] (root,0,0,00:00:00/19-15:06:07,20) [idle_inject/1] (root,0,0,00:00:07/19-15:06:07,21) [migration/1] (root,0,0,00:00:31/19-15:06:07,22) [ksoftirqd/1] (root,0,0,00:00:00/19-15:06:07,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-15:06:07,25) [cpuhp/2] (root,0,0,00:00:00/19-15:06:07,26) [idle_inject/2] (root,0,0,00:00:06/19-15:06:07,27) [migration/2] (root,0,0,00:39:11/19-15:06:07,28) [ksoftirqd/2] (root,0,0,00:00:00/19-15:06:07,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-15:06:07,31) [cpuhp/3] (root,0,0,00:00:00/19-15:06:07,32) [idle_inject/3] (root,0,0,00:00:07/19-15:06:07,33) [migration/3] (root,0,0,00:01:49/19-15:06:07,34) [ksoftirqd/3] (root,0,0,00:00:00/19-15:06:07,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-15:06:07,39) [kdevtmpfs] (root,0,0,00:00:00/19-15:06:07,40) [netns] (root,0,0,00:00:00/19-15:06:07,41) [inet_frag_wq] (root,0,0,00:00:05/19-15:06:07,42) [kauditd] (root,0,0,00:00:00/19-15:06:07,43) [khungtaskd] (root,0,0,00:00:00/19-15:06:07,44) [oom_reaper] (root,0,0,00:00:00/19-15:06:07,45) [writeback] (root,0,0,00:00:57/19-15:06:07,46) [kcompactd0] (root,0,0,00:00:00/19-15:06:07,47) [ksmd] (root,0,0,00:00:57/19-15:06:07,48) [khugepaged] (root,0,0,00:00:00/19-15:06:07,74) [kintegrityd] (root,0,0,00:00:00/19-15:06:07,75) [kblockd] (root,0,0,00:00:00/19-15:06:07,76) [blkcg_punt_bio] (root,0,0,00:00:00/19-15:06:07,78) [tpm_dev_wq] (root,0,0,00:00:00/19-15:06:07,79) [edac-poller] (root,0,0,00:00:00/19-15:06:07,80) [devfreq_wq] (root,0,0,00:00:00/19-15:06:07,110) [watchdogd] (root,0,0,00:00:03/19-15:06:07,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/19-15:06:07,112) [kswapd0] (root,0,0,00:00:00/19-15:06:06,114) [kthrotld] (root,0,0,00:00:00/19-15:06:06,115) [mld] (root,0,0,00:00:00/19-15:06:06,116) [ipv6_addrconf] (root,0,0,00:00:08/19-15:06:06,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/19-15:06:06,122) [kstrp] (root,0,0,00:00:00/19-15:06:06,123) [zswap-shrink] (root,0,0,00:00:00/19-15:06:06,124) [kworker/u9:0] (root,0,0,00:00:00/19-15:06:06,129) [charger_manager] (root,0,0,00:00:04/19-15:06:05,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/19-15:06:05,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-15:06:05,205) [kaluad] (root,0,0,00:00:00/19-15:06:05,250) [kmpath_rdacd] (root,0,0,00:00:00/19-15:06:05,293) [kmpathd] (root,0,0,00:00:00/19-15:06:05,294) [kmpath_handlerd] (root,0,0,00:00:00/19-15:06:05,342) [ata_sff] (root,0,0,00:00:00/19-15:06:04,343) [scsi_eh_0] (root,0,0,00:00:00/19-15:06:04,344) [scsi_tmf_0] (root,0,0,00:00:00/19-15:06:04,345) [scsi_eh_1] (root,0,0,00:00:00/19-15:06:04,346) [scsi_tmf_1] (root,0,0,00:00:29/19-15:06:02,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-15:06:02,367) [ext4-rsv-conver] (root,38604,7876,00:00:29/19-15:05:50,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/19-15:05:49,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:29/19-15:05:47,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:11/19-15:05:13,512) /sbin/auditd (messagebus,22936,5672,00:00:58/19-15:05:13,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:33/19-15:05:13,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/19-15:05:13,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/19-15:05:12,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/19-15:05:12,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29812,00:00:22/19-15:04:58,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/19-15:04:58,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:49/19-15:04:57,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/19-15:04:57,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/19-15:04:57,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/19-15:04:57,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/19-15:04:57,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:28/19-15:04:57,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:40/19-15:04:57,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/19-15:04:57,1206) bpfilter_umh (root,26204,8300,00:00:09/19-15:04:57,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/19-15:04:57,1215) ntpd: asynchronous dns resolver (spot,284828,171784,1-01:06:18/19-15:04:57,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/19-15:04:56,1228) (sd-pam) (checkmk,48532,3192,00:00:00/19-15:04:56,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/19-15:04:56,1245) (sd-pam) (root,24216,5348,00:00:06/19-15:04:55,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/19-15:04:55,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/19-15:04:54,1354) /usr/sbin/cron -n (root,692836,75760,00:25:30/19-15:04:48,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,215488,53056,00:06:35/19-15:04:34,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/07:07:31,3898) [kworker/3:2-events] (root,0,0,00:00:00/02:07:45,4121) [kworker/u8:0-writeback] (postfix,24244,8224,00:00:00/49:18,8017) pickup -l -t fifo -u (root,0,0,00:00:00/26:52,12709) [kworker/2:1-events] (root,0,0,00:00:00/15:22,14635) [kworker/1:0-events] (root,0,0,00:00:00/04:59,14902) [kworker/1:1-ata_sff] (root,35308,10012,00:00:00/13-12:55:50,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:45/13-12:55:49,15391) sshd: cm-ssh (root,35308,10072,00:00:00/3-14:24:28,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:12/3-14:24:27,16977) sshd: syslogtunnel (root,0,0,00:00:00/58:15,20923) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:35:12,22032) [kworker/3:0-cgroup_destroy] (root,0,0,00:00:00/01:22:43,22794) [kworker/0:1] (root,0,0,00:00:01/01:35:00,23007) [kworker/2:2-events] (root,6656,3484,00:00:00/00:00,25938) /bin/bash /usr/bin/check_mk_agent (root,6656,1820,00:00:00/00:00,25979) /bin/bash /usr/bin/check_mk_agent (root,6656,2012,00:00:00/00:00,25980) /bin/bash /usr/bin/check_mk_agent (root,4480,1016,00:00:00/00:00,25981) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,792,00:00:00/00:00,25982) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,696,00:00:00/00:00,25983) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3492,00:00:00/00:00,25984) /bin/bash /usr/bin/check_mk_agent (root,13744,3504,00:00:00/00:00,26002) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,26003) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/03:32:09,26126) [kworker/0:2-events] (root,0,0,00:00:00/10:10,30422) [kworker/1:2-ata_sff] (postfix,44628,9416,00:00:00/13-19:41:35,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-02 01:28 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d60a4be5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:49/17-14:40:17,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-14:40:17,2) [kthreadd] (root,0,0,00:00:00/17-14:40:17,3) [rcu_gp] (root,0,0,00:00:00/17-14:40:17,4) [rcu_par_gp] (root,0,0,00:00:00/17-14:40:17,5) [slub_flushwq] (root,0,0,00:00:00/17-14:40:17,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-14:40:17,9) [mm_percpu_wq] (root,0,0,00:00:00/17-14:40:17,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-14:40:17,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-14:40:17,12) [rcu_tasks_trace] (root,0,0,00:00:33/17-14:40:17,13) [ksoftirqd/0] (root,0,0,00:47:10/17-14:40:17,14) [rcu_preempt] (root,0,0,00:00:06/17-14:40:17,15) [migration/0] (root,0,0,00:00:00/17-14:40:17,16) [idle_inject/0] (root,0,0,00:00:00/17-14:40:17,18) [cpuhp/0] (root,0,0,00:00:00/17-14:40:17,19) [cpuhp/1] (root,0,0,00:00:00/17-14:40:17,20) [idle_inject/1] (root,0,0,00:00:07/17-14:40:17,21) [migration/1] (root,0,0,00:00:28/17-14:40:17,22) [ksoftirqd/1] (root,0,0,00:00:00/17-14:40:17,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-14:40:17,25) [cpuhp/2] (root,0,0,00:00:00/17-14:40:17,26) [idle_inject/2] (root,0,0,00:00:05/17-14:40:17,27) [migration/2] (root,0,0,00:36:00/17-14:40:17,28) [ksoftirqd/2] (root,0,0,00:00:00/17-14:40:17,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-14:40:17,31) [cpuhp/3] (root,0,0,00:00:00/17-14:40:17,32) [idle_inject/3] (root,0,0,00:00:06/17-14:40:17,33) [migration/3] (root,0,0,00:01:40/17-14:40:17,34) [ksoftirqd/3] (root,0,0,00:00:00/17-14:40:17,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-14:40:17,39) [kdevtmpfs] (root,0,0,00:00:00/17-14:40:17,40) [netns] (root,0,0,00:00:00/17-14:40:17,41) [inet_frag_wq] (root,0,0,00:00:04/17-14:40:17,42) [kauditd] (root,0,0,00:00:00/17-14:40:17,43) [khungtaskd] (root,0,0,00:00:00/17-14:40:17,44) [oom_reaper] (root,0,0,00:00:00/17-14:40:17,45) [writeback] (root,0,0,00:00:51/17-14:40:17,46) [kcompactd0] (root,0,0,00:00:00/17-14:40:17,47) [ksmd] (root,0,0,00:00:51/17-14:40:17,48) [khugepaged] (root,0,0,00:00:00/17-14:40:17,74) [kintegrityd] (root,0,0,00:00:00/17-14:40:17,75) [kblockd] (root,0,0,00:00:00/17-14:40:17,76) [blkcg_punt_bio] (root,0,0,00:00:00/17-14:40:17,78) [tpm_dev_wq] (root,0,0,00:00:00/17-14:40:17,79) [edac-poller] (root,0,0,00:00:00/17-14:40:17,80) [devfreq_wq] (root,0,0,00:00:00/17-14:40:17,110) [watchdogd] (root,0,0,00:00:03/17-14:40:17,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/17-14:40:17,112) [kswapd0] (root,0,0,00:00:00/17-14:40:16,114) [kthrotld] (root,0,0,00:00:00/17-14:40:16,115) [mld] (root,0,0,00:00:00/17-14:40:16,116) [ipv6_addrconf] (root,0,0,00:00:07/17-14:40:16,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/17-14:40:16,122) [kstrp] (root,0,0,00:00:00/17-14:40:16,123) [zswap-shrink] (root,0,0,00:00:00/17-14:40:16,124) [kworker/u9:0] (root,0,0,00:00:00/17-14:40:16,129) [charger_manager] (root,0,0,00:00:03/17-14:40:15,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/17-14:40:15,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-14:40:15,205) [kaluad] (root,0,0,00:00:00/17-14:40:15,250) [kmpath_rdacd] (root,0,0,00:00:00/17-14:40:15,293) [kmpathd] (root,0,0,00:00:00/17-14:40:15,294) [kmpath_handlerd] (root,0,0,00:00:00/17-14:40:15,342) [ata_sff] (root,0,0,00:00:00/17-14:40:14,343) [scsi_eh_0] (root,0,0,00:00:00/17-14:40:14,344) [scsi_tmf_0] (root,0,0,00:00:00/17-14:40:14,345) [scsi_eh_1] (root,0,0,00:00:00/17-14:40:14,346) [scsi_tmf_1] (root,0,0,00:00:26/17-14:40:12,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-14:40:12,367) [ext4-rsv-conver] (root,38604,7876,00:00:27/17-14:40:00,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/17-14:39:59,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:26/17-14:39:57,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:10/17-14:39:23,512) /sbin/auditd (messagebus,22936,5672,00:00:54/17-14:39:23,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:31/17-14:39:23,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/17-14:39:23,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/17-14:39:22,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/17-14:39:22,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,29016,00:00:19/17-14:39:08,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/17-14:39:08,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:38/17-14:39:07,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/17-14:39:07,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/17-14:39:07,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/17-14:39:07,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/17-14:39:07,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:26/17-14:39:07,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:23/17-14:39:07,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/17-14:39:07,1206) bpfilter_umh (root,26204,8300,00:00:08/17-14:39:07,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/17-14:39:07,1215) ntpd: asynchronous dns resolver (spot,284860,171792,23:08:51/17-14:39:07,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/17-14:39:06,1228) (sd-pam) (checkmk,48532,3192,00:00:00/17-14:39:06,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/17-14:39:06,1245) (sd-pam) (root,24216,5348,00:00:05/17-14:39:05,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/17-14:39:05,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/17-14:39:04,1354) /usr/sbin/cron -n (root,692236,75412,00:22:53/17-14:38:58,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,214464,51284,00:05:53/17-14:38:44,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/02:06:29,6422) [kworker/0:2-events] (root,6656,3484,00:00:00/00:00,6878) /bin/bash /usr/bin/check_mk_agent (root,6656,3492,00:00:00/00:00,6889) /bin/bash /usr/bin/check_mk_agent (root,13744,3428,00:00:00/00:00,6920) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,6921) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/10:19,7955) [kworker/1:1-events] (root,0,0,00:00:00/05:09,12982) [kworker/1:2-ata_sff] (root,0,0,00:00:01/58:50,14661) [kworker/2:2-events] (root,35308,10012,00:00:00/11-12:30:00,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:38/11-12:29:59,15391) sshd: cm-ssh (root,35308,10072,00:00:00/1-13:58:38,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:05/1-13:58:37,16977) sshd: syslogtunnel (postfix,24244,8200,00:00:00/45:20,18919) pickup -l -t fifo -u (root,0,0,00:00:00/01:17:21,22787) [kworker/3:0-events] (root,0,0,00:00:02/05:41:36,24312) [kworker/0:0-events] (root,0,0,00:00:00/01:16:55,26541) [kworker/u8:2-writeback] (root,0,0,00:00:01/01:07:22,28099) [kworker/1:0-ata_sff] (root,0,0,00:00:00/08:45:23,28658) [kworker/u8:1-events_unbound] (postfix,44628,9416,00:00:00/11-19:15:45,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/52:30,32239) [kworker/2:1] (root,0,0,00:00:01/04:27:26,32305) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-30 01:02 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633c79f432Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:45/15-14:43:46,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-14:43:46,2) [kthreadd] (root,0,0,00:00:00/15-14:43:46,3) [rcu_gp] (root,0,0,00:00:00/15-14:43:46,4) [rcu_par_gp] (root,0,0,00:00:00/15-14:43:46,5) [slub_flushwq] (root,0,0,00:00:00/15-14:43:46,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-14:43:46,9) [mm_percpu_wq] (root,0,0,00:00:00/15-14:43:46,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-14:43:46,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-14:43:46,12) [rcu_tasks_trace] (root,0,0,00:00:29/15-14:43:46,13) [ksoftirqd/0] (root,0,0,00:41:56/15-14:43:46,14) [rcu_preempt] (root,0,0,00:00:05/15-14:43:46,15) [migration/0] (root,0,0,00:00:00/15-14:43:46,16) [idle_inject/0] (root,0,0,00:00:00/15-14:43:46,18) [cpuhp/0] (root,0,0,00:00:00/15-14:43:46,19) [cpuhp/1] (root,0,0,00:00:00/15-14:43:46,20) [idle_inject/1] (root,0,0,00:00:06/15-14:43:46,21) [migration/1] (root,0,0,00:00:25/15-14:43:46,22) [ksoftirqd/1] (root,0,0,00:00:00/15-14:43:46,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-14:43:46,25) [cpuhp/2] (root,0,0,00:00:00/15-14:43:46,26) [idle_inject/2] (root,0,0,00:00:05/15-14:43:46,27) [migration/2] (root,0,0,00:32:28/15-14:43:46,28) [ksoftirqd/2] (root,0,0,00:00:00/15-14:43:46,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-14:43:46,31) [cpuhp/3] (root,0,0,00:00:00/15-14:43:46,32) [idle_inject/3] (root,0,0,00:00:06/15-14:43:46,33) [migration/3] (root,0,0,00:01:30/15-14:43:46,34) [ksoftirqd/3] (root,0,0,00:00:00/15-14:43:46,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-14:43:46,39) [kdevtmpfs] (root,0,0,00:00:00/15-14:43:46,40) [netns] (root,0,0,00:00:00/15-14:43:46,41) [inet_frag_wq] (root,0,0,00:00:04/15-14:43:46,42) [kauditd] (root,0,0,00:00:00/15-14:43:46,43) [khungtaskd] (root,0,0,00:00:00/15-14:43:46,44) [oom_reaper] (root,0,0,00:00:00/15-14:43:46,45) [writeback] (root,0,0,00:00:46/15-14:43:46,46) [kcompactd0] (root,0,0,00:00:00/15-14:43:46,47) [ksmd] (root,0,0,00:00:46/15-14:43:46,48) [khugepaged] (root,0,0,00:00:00/15-14:43:46,74) [kintegrityd] (root,0,0,00:00:00/15-14:43:46,75) [kblockd] (root,0,0,00:00:00/15-14:43:46,76) [blkcg_punt_bio] (root,0,0,00:00:00/15-14:43:46,78) [tpm_dev_wq] (root,0,0,00:00:00/15-14:43:46,79) [edac-poller] (root,0,0,00:00:00/15-14:43:46,80) [devfreq_wq] (root,0,0,00:00:00/15-14:43:46,110) [watchdogd] (root,0,0,00:00:03/15-14:43:46,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/15-14:43:46,112) [kswapd0] (root,0,0,00:00:00/15-14:43:45,114) [kthrotld] (root,0,0,00:00:00/15-14:43:45,115) [mld] (root,0,0,00:00:00/15-14:43:45,116) [ipv6_addrconf] (root,0,0,00:00:06/15-14:43:45,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/15-14:43:45,122) [kstrp] (root,0,0,00:00:00/15-14:43:45,123) [zswap-shrink] (root,0,0,00:00:00/15-14:43:45,124) [kworker/u9:0] (root,0,0,00:00:00/15-14:43:45,129) [charger_manager] (root,0,0,00:00:03/15-14:43:44,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/15-14:43:44,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-14:43:44,205) [kaluad] (root,0,0,00:00:00/15-14:43:44,250) [kmpath_rdacd] (root,0,0,00:00:00/15-14:43:44,293) [kmpathd] (root,0,0,00:00:00/15-14:43:44,294) [kmpath_handlerd] (root,0,0,00:00:00/15-14:43:44,342) [ata_sff] (root,0,0,00:00:00/15-14:43:43,343) [scsi_eh_0] (root,0,0,00:00:00/15-14:43:43,344) [scsi_tmf_0] (root,0,0,00:00:00/15-14:43:43,345) [scsi_eh_1] (root,0,0,00:00:00/15-14:43:43,346) [scsi_tmf_1] (root,0,0,00:00:23/15-14:43:41,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-14:43:41,367) [ext4-rsv-conver] (root,38604,7876,00:00:24/15-14:43:29,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/15-14:43:28,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:23/15-14:43:26,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:09/15-14:42:52,512) /sbin/auditd (messagebus,22936,5672,00:00:50/15-14:42:52,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:28/15-14:42:52,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/15-14:42:52,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/15-14:42:51,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/15-14:42:51,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27976,00:00:17/15-14:42:37,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/15-14:42:37,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:26/15-14:42:36,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/15-14:42:36,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/15-14:42:36,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/15-14:42:36,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/15-14:42:36,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:24/15-14:42:36,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:06/15-14:42:36,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/15-14:42:36,1206) bpfilter_umh (root,26204,8300,00:00:07/15-14:42:36,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/15-14:42:36,1215) ntpd: asynchronous dns resolver (spot,285092,171292,21:00:20/15-14:42:36,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/15-14:42:35,1228) (sd-pam) (checkmk,48532,3192,00:00:00/15-14:42:35,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/15-14:42:35,1245) (sd-pam) (root,24216,5348,00:00:05/15-14:42:34,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/15-14:42:34,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/15-14:42:33,1354) /usr/sbin/cron -n (root,691980,74872,00:20:13/15-14:42:27,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,213440,49188,00:05:11/15-14:42:13,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/22:59,3117) [kworker/2:1] (postfix,24244,8144,00:00:00/01:10:54,7227) pickup -l -t fifo -u (root,0,0,00:00:00/28:37,8654) [kworker/0:2] (root,35308,10012,00:00:00/8-06:38:40,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:29/8-06:38:40,8749) sshd: syslogtunnel (root,0,0,00:00:00/15:55,9870) [kworker/u8:0-events_unbound] (root,0,0,00:00:00/01:36:04,10498) [kworker/3:0-events] (root,0,0,00:00:02/01:58:42,10640) [kworker/2:2-events] (root,0,0,00:00:00/45:53,13513) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/01:32,13705) [kworker/1:2-ata_sff] (root,0,0,00:00:00/45:28,15321) [kworker/3:1-cgroup_destroy] (root,35308,10012,00:00:00/9-12:33:29,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:31/9-12:33:28,15391) sshd: cm-ssh (root,0,0,00:00:01/01:34:57,16028) [kworker/1:1-events] (root,0,0,00:00:00/00:22,24046) [kworker/3:2-events] (root,6656,3488,00:00:00/00:00,26263) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,26279) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,26304) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,26321) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,26349) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,26380) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,26386) /bin/bash /usr/bin/check_mk_agent (root,4480,1168,00:00:00/00:00,26387) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,860,00:00:00/00:00,26392) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,704,00:00:00/00:00,26395) cat /proc/net/tcp /proc/net/tcp6 (root,6656,2008,00:00:00/00:00,26425) /bin/bash /usr/bin/check_mk_agent (root,6656,1820,00:00:00/00:00,26428) /bin/bash /usr/bin/check_mk_agent (root,13744,3412,00:00:00/00:00,26433) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,26434) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/02:09:52,26890) [kworker/0:1-events] (root,0,0,00:00:00/06:45,29686) [kworker/1:0-ata_sff] (postfix,44628,9416,00:00:00/9-19:19:14,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-28 01:05 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e9c63c26Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:40/13-14:44:07,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-14:44:07,2) [kthreadd] (root,0,0,00:00:00/13-14:44:07,3) [rcu_gp] (root,0,0,00:00:00/13-14:44:07,4) [rcu_par_gp] (root,0,0,00:00:00/13-14:44:07,5) [slub_flushwq] (root,0,0,00:00:00/13-14:44:07,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-14:44:07,9) [mm_percpu_wq] (root,0,0,00:00:00/13-14:44:07,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-14:44:07,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-14:44:07,12) [rcu_tasks_trace] (root,0,0,00:00:25/13-14:44:07,13) [ksoftirqd/0] (root,0,0,00:36:40/13-14:44:07,14) [rcu_preempt] (root,0,0,00:00:05/13-14:44:07,15) [migration/0] (root,0,0,00:00:00/13-14:44:07,16) [idle_inject/0] (root,0,0,00:00:00/13-14:44:07,18) [cpuhp/0] (root,0,0,00:00:00/13-14:44:07,19) [cpuhp/1] (root,0,0,00:00:00/13-14:44:07,20) [idle_inject/1] (root,0,0,00:00:05/13-14:44:07,21) [migration/1] (root,0,0,00:00:22/13-14:44:07,22) [ksoftirqd/1] (root,0,0,00:00:00/13-14:44:07,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-14:44:07,25) [cpuhp/2] (root,0,0,00:00:00/13-14:44:07,26) [idle_inject/2] (root,0,0,00:00:04/13-14:44:07,27) [migration/2] (root,0,0,00:28:55/13-14:44:07,28) [ksoftirqd/2] (root,0,0,00:00:00/13-14:44:07,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-14:44:07,31) [cpuhp/3] (root,0,0,00:00:00/13-14:44:07,32) [idle_inject/3] (root,0,0,00:00:05/13-14:44:07,33) [migration/3] (root,0,0,00:01:19/13-14:44:07,34) [ksoftirqd/3] (root,0,0,00:00:00/13-14:44:07,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-14:44:07,39) [kdevtmpfs] (root,0,0,00:00:00/13-14:44:07,40) [netns] (root,0,0,00:00:00/13-14:44:07,41) [inet_frag_wq] (root,0,0,00:00:04/13-14:44:07,42) [kauditd] (root,0,0,00:00:00/13-14:44:07,43) [khungtaskd] (root,0,0,00:00:00/13-14:44:07,44) [oom_reaper] (root,0,0,00:00:00/13-14:44:07,45) [writeback] (root,0,0,00:00:40/13-14:44:07,46) [kcompactd0] (root,0,0,00:00:00/13-14:44:07,47) [ksmd] (root,0,0,00:00:40/13-14:44:07,48) [khugepaged] (root,0,0,00:00:00/13-14:44:07,74) [kintegrityd] (root,0,0,00:00:00/13-14:44:07,75) [kblockd] (root,0,0,00:00:00/13-14:44:07,76) [blkcg_punt_bio] (root,0,0,00:00:00/13-14:44:07,78) [tpm_dev_wq] (root,0,0,00:00:00/13-14:44:07,79) [edac-poller] (root,0,0,00:00:00/13-14:44:07,80) [devfreq_wq] (root,0,0,00:00:00/13-14:44:07,110) [watchdogd] (root,0,0,00:00:02/13-14:44:07,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/13-14:44:07,112) [kswapd0] (root,0,0,00:00:00/13-14:44:06,114) [kthrotld] (root,0,0,00:00:00/13-14:44:06,115) [mld] (root,0,0,00:00:00/13-14:44:06,116) [ipv6_addrconf] (root,0,0,00:00:05/13-14:44:06,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/13-14:44:06,122) [kstrp] (root,0,0,00:00:00/13-14:44:06,123) [zswap-shrink] (root,0,0,00:00:00/13-14:44:06,124) [kworker/u9:0] (root,0,0,00:00:00/13-14:44:06,129) [charger_manager] (root,0,0,00:00:02/13-14:44:05,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/13-14:44:05,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-14:44:05,205) [kaluad] (root,0,0,00:00:00/13-14:44:05,250) [kmpath_rdacd] (root,0,0,00:00:00/13-14:44:05,293) [kmpathd] (root,0,0,00:00:00/13-14:44:05,294) [kmpath_handlerd] (root,0,0,00:00:00/13-14:44:05,342) [ata_sff] (root,0,0,00:00:00/13-14:44:04,343) [scsi_eh_0] (root,0,0,00:00:00/13-14:44:04,344) [scsi_tmf_0] (root,0,0,00:00:00/13-14:44:04,345) [scsi_eh_1] (root,0,0,00:00:00/13-14:44:04,346) [scsi_tmf_1] (root,0,0,00:00:20/13-14:44:02,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-14:44:02,367) [ext4-rsv-conver] (root,38604,7876,00:00:22/13-14:43:50,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/13-14:43:49,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:20/13-14:43:47,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:08/13-14:43:13,512) /sbin/auditd (messagebus,22936,5672,00:00:45/13-14:43:13,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8536,00:00:25/13-14:43:13,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/13-14:43:13,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/13-14:43:12,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/13-14:43:12,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27716,00:00:15/13-14:42:58,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/13-14:42:58,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:13/13-14:42:57,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/13-14:42:57,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/13-14:42:57,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/13-14:42:57,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/13-14:42:57,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:21/13-14:42:57,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:01:50/13-14:42:57,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/13-14:42:57,1206) bpfilter_umh (root,26204,8300,00:00:07/13-14:42:57,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/13-14:42:57,1215) ntpd: asynchronous dns resolver (spot,286756,171636,18:17:37/13-14:42:57,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/13-14:42:56,1228) (sd-pam) (checkmk,48532,3192,00:00:00/13-14:42:56,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/13-14:42:56,1245) (sd-pam) (root,24216,5348,00:00:04/13-14:42:55,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/13-14:42:55,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/13-14:42:54,1354) /usr/sbin/cron -n (root,691980,74552,00:17:36/13-14:42:48,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,47908,00:04:30/13-14:42:34,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:22:08,2659) [kworker/2:0-events] (root,0,0,00:00:05/04:40:45,4939) [kworker/2:2-events] (root,35308,10012,00:00:00/6-06:39:01,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:22/6-06:39:01,8749) sshd: syslogtunnel (root,0,0,00:00:00/01:27:08,13988) [kworker/0:0-events] (root,0,0,00:00:00/09:33,14012) [kworker/u8:2-writeback] (root,0,0,00:00:00/16:40,15008) [kworker/1:1-events] (root,35308,10012,00:00:00/7-12:33:50,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:25/7-12:33:49,15391) sshd: cm-ssh (postfix,24244,8212,00:00:00/01:33:09,19097) pickup -l -t fifo -u (root,0,0,00:00:00/01:06,22403) [kworker/1:0-ata_sff] (root,0,0,00:00:00/01:47:35,23451) [kworker/3:1-events] (root,0,0,00:00:00/02:17:55,24348) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/06:19,29035) [kworker/1:2-ata_sff] (root,6656,3488,00:00:00/00:00,29724) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,29742) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,29743) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,44628,9416,00:00:00/7-19:19:35,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:37:22,31001) [kworker/0:2-events] (root,0,0,00:00:01/05:11:25,31777) [kworker/3:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-26 01:06 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363fff8dea0Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:35/11-14:31:19,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-14:31:19,2) [kthreadd] (root,0,0,00:00:00/11-14:31:19,3) [rcu_gp] (root,0,0,00:00:00/11-14:31:19,4) [rcu_par_gp] (root,0,0,00:00:00/11-14:31:19,5) [slub_flushwq] (root,0,0,00:00:00/11-14:31:19,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-14:31:19,9) [mm_percpu_wq] (root,0,0,00:00:00/11-14:31:19,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-14:31:19,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-14:31:19,12) [rcu_tasks_trace] (root,0,0,00:00:21/11-14:31:19,13) [ksoftirqd/0] (root,0,0,00:30:54/11-14:31:19,14) [rcu_preempt] (root,0,0,00:00:04/11-14:31:19,15) [migration/0] (root,0,0,00:00:00/11-14:31:19,16) [idle_inject/0] (root,0,0,00:00:00/11-14:31:19,18) [cpuhp/0] (root,0,0,00:00:00/11-14:31:19,19) [cpuhp/1] (root,0,0,00:00:00/11-14:31:19,20) [idle_inject/1] (root,0,0,00:00:04/11-14:31:19,21) [migration/1] (root,0,0,00:00:18/11-14:31:19,22) [ksoftirqd/1] (root,0,0,00:00:00/11-14:31:19,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-14:31:19,25) [cpuhp/2] (root,0,0,00:00:00/11-14:31:19,26) [idle_inject/2] (root,0,0,00:00:03/11-14:31:19,27) [migration/2] (root,0,0,00:24:22/11-14:31:19,28) [ksoftirqd/2] (root,0,0,00:00:00/11-14:31:19,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-14:31:19,31) [cpuhp/3] (root,0,0,00:00:00/11-14:31:19,32) [idle_inject/3] (root,0,0,00:00:04/11-14:31:19,33) [migration/3] (root,0,0,00:01:06/11-14:31:19,34) [ksoftirqd/3] (root,0,0,00:00:00/11-14:31:19,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-14:31:19,39) [kdevtmpfs] (root,0,0,00:00:00/11-14:31:19,40) [netns] (root,0,0,00:00:00/11-14:31:19,41) [inet_frag_wq] (root,0,0,00:00:03/11-14:31:19,42) [kauditd] (root,0,0,00:00:00/11-14:31:19,43) [khungtaskd] (root,0,0,00:00:00/11-14:31:19,44) [oom_reaper] (root,0,0,00:00:00/11-14:31:19,45) [writeback] (root,0,0,00:00:33/11-14:31:19,46) [kcompactd0] (root,0,0,00:00:00/11-14:31:19,47) [ksmd] (root,0,0,00:00:34/11-14:31:19,48) [khugepaged] (root,0,0,00:00:00/11-14:31:19,74) [kintegrityd] (root,0,0,00:00:00/11-14:31:19,75) [kblockd] (root,0,0,00:00:00/11-14:31:19,76) [blkcg_punt_bio] (root,0,0,00:00:00/11-14:31:19,78) [tpm_dev_wq] (root,0,0,00:00:00/11-14:31:19,79) [edac-poller] (root,0,0,00:00:00/11-14:31:19,80) [devfreq_wq] (root,0,0,00:00:00/11-14:31:19,110) [watchdogd] (root,0,0,00:00:02/11-14:31:19,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-14:31:19,112) [kswapd0] (root,0,0,00:00:00/11-14:31:18,114) [kthrotld] (root,0,0,00:00:00/11-14:31:18,115) [mld] (root,0,0,00:00:00/11-14:31:18,116) [ipv6_addrconf] (root,0,0,00:00:04/11-14:31:18,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/11-14:31:18,122) [kstrp] (root,0,0,00:00:00/11-14:31:18,123) [zswap-shrink] (root,0,0,00:00:00/11-14:31:18,124) [kworker/u9:0] (root,0,0,00:00:00/11-14:31:18,129) [charger_manager] (root,0,0,00:00:02/11-14:31:17,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/11-14:31:17,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-14:31:17,205) [kaluad] (root,0,0,00:00:00/11-14:31:17,250) [kmpath_rdacd] (root,0,0,00:00:00/11-14:31:17,293) [kmpathd] (root,0,0,00:00:00/11-14:31:17,294) [kmpath_handlerd] (root,0,0,00:00:00/04:10,309) [kworker/1:0-ata_sff] (root,0,0,00:00:00/11-14:31:17,342) [ata_sff] (root,0,0,00:00:00/11-14:31:16,343) [scsi_eh_0] (root,0,0,00:00:00/11-14:31:16,344) [scsi_tmf_0] (root,0,0,00:00:00/11-14:31:16,345) [scsi_eh_1] (root,0,0,00:00:00/11-14:31:16,346) [scsi_tmf_1] (root,0,0,00:00:17/11-14:31:14,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-14:31:14,367) [ext4-rsv-conver] (root,38604,7900,00:00:19/11-14:31:02,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/11-14:31:01,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:17/11-14:30:59,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:07/11-14:30:25,512) /sbin/auditd (messagebus,22936,5672,00:00:39/11-14:30:25,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8548,00:00:22/11-14:30:25,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/11-14:30:25,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/11-14:30:24,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/11-14:30:24,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27724,00:00:13/11-14:30:10,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/11-14:30:10,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:02/11-14:30:09,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/11-14:30:09,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/11-14:30:09,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/11-14:30:09,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/11-14:30:09,1201) /usr/lib/systemd/systemd --user (root,448968,9084,00:00:18/11-14:30:09,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:33/11-14:30:09,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/11-14:30:09,1206) bpfilter_umh (root,26204,8300,00:00:06/11-14:30:09,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/11-14:30:09,1215) ntpd: asynchronous dns resolver (spot,284868,171160,14:24:41/11-14:30:09,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/11-14:30:08,1228) (sd-pam) (checkmk,48532,3192,00:00:00/11-14:30:08,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/11-14:30:08,1245) (sd-pam) (root,24216,5348,00:00:03/11-14:30:07,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/11-14:30:07,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/11-14:30:06,1354) /usr/sbin/cron -n (root,691724,74152,00:14:56/11-14:30:00,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,211392,46620,00:03:47/11-14:29:46,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/11:53:28,4619) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/09:23,8058) [kworker/1:2-ata_sff] (root,35308,10012,00:00:00/4-06:26:13,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:15/4-06:26:13,8749) sshd: syslogtunnel (root,0,0,00:00:00/09:11,8823) [kworker/3:2-events] (root,35308,10012,00:00:00/5-12:21:02,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:18/5-12:21:01,15391) sshd: cm-ssh (postfix,24244,8256,00:00:00/00:56,17661) pickup -l -t fifo -u (root,0,0,00:00:00/00:55,18637) [kworker/3:1] (root,0,0,00:00:03/04:39:09,21671) [kworker/1:1-events] (root,6656,3488,00:00:00/00:00,22711) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,22729) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,22730) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/37:52,23413) [kworker/0:1-events] (root,0,0,00:00:00/52:23,23908) [kworker/3:0-events] (root,0,0,00:00:02/01:34:55,27030) [kworker/2:0-mm_percpu_wq] (root,0,0,00:00:00/17:21,28081) [kworker/0:0-events] (root,0,0,00:00:00/29:36,28261) [kworker/2:2-events] (postfix,44628,9464,00:00:00/5-19:06:47,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/04:12:25,31970) [kworker/u8:2-flush-253:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-24 00:53 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683631f179a9cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:30/9-14:32:10,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-14:32:10,2) [kthreadd] (root,0,0,00:00:00/9-14:32:10,3) [rcu_gp] (root,0,0,00:00:00/9-14:32:10,4) [rcu_par_gp] (root,0,0,00:00:00/9-14:32:10,5) [slub_flushwq] (root,0,0,00:00:00/9-14:32:10,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-14:32:10,9) [mm_percpu_wq] (root,0,0,00:00:00/9-14:32:10,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-14:32:10,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-14:32:10,12) [rcu_tasks_trace] (root,0,0,00:00:17/9-14:32:10,13) [ksoftirqd/0] (root,0,0,00:25:26/9-14:32:10,14) [rcu_preempt] (root,0,0,00:00:03/9-14:32:10,15) [migration/0] (root,0,0,00:00:00/9-14:32:10,16) [idle_inject/0] (root,0,0,00:00:00/9-14:32:10,18) [cpuhp/0] (root,0,0,00:00:00/9-14:32:10,19) [cpuhp/1] (root,0,0,00:00:00/9-14:32:10,20) [idle_inject/1] (root,0,0,00:00:03/9-14:32:10,21) [migration/1] (root,0,0,00:00:14/9-14:32:10,22) [ksoftirqd/1] (root,0,0,00:00:00/9-14:32:10,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-14:32:10,25) [cpuhp/2] (root,0,0,00:00:00/9-14:32:10,26) [idle_inject/2] (root,0,0,00:00:03/9-14:32:10,27) [migration/2] (root,0,0,00:20:27/9-14:32:10,28) [ksoftirqd/2] (root,0,0,00:00:00/9-14:32:10,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-14:32:10,31) [cpuhp/3] (root,0,0,00:00:00/9-14:32:10,32) [idle_inject/3] (root,0,0,00:00:03/9-14:32:10,33) [migration/3] (root,0,0,00:00:54/9-14:32:10,34) [ksoftirqd/3] (root,0,0,00:00:00/9-14:32:10,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-14:32:10,39) [kdevtmpfs] (root,0,0,00:00:00/9-14:32:10,40) [netns] (root,0,0,00:00:00/9-14:32:10,41) [inet_frag_wq] (root,0,0,00:00:03/9-14:32:10,42) [kauditd] (root,0,0,00:00:00/9-14:32:10,43) [khungtaskd] (root,0,0,00:00:00/9-14:32:10,44) [oom_reaper] (root,0,0,00:00:00/9-14:32:10,45) [writeback] (root,0,0,00:00:27/9-14:32:10,46) [kcompactd0] (root,0,0,00:00:00/9-14:32:10,47) [ksmd] (root,0,0,00:00:29/9-14:32:10,48) [khugepaged] (root,0,0,00:00:00/9-14:32:10,74) [kintegrityd] (root,0,0,00:00:00/9-14:32:10,75) [kblockd] (root,0,0,00:00:00/9-14:32:10,76) [blkcg_punt_bio] (root,0,0,00:00:00/9-14:32:10,78) [tpm_dev_wq] (root,0,0,00:00:00/9-14:32:10,79) [edac-poller] (root,0,0,00:00:00/9-14:32:10,80) [devfreq_wq] (root,0,0,00:00:00/9-14:32:10,110) [watchdogd] (root,0,0,00:00:01/9-14:32:10,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-14:32:10,112) [kswapd0] (root,0,0,00:00:00/9-14:32:09,114) [kthrotld] (root,0,0,00:00:00/9-14:32:09,115) [mld] (root,0,0,00:00:00/9-14:32:09,116) [ipv6_addrconf] (root,0,0,00:00:04/9-14:32:09,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/9-14:32:09,122) [kstrp] (root,0,0,00:00:00/9-14:32:09,123) [zswap-shrink] (root,0,0,00:00:00/9-14:32:09,124) [kworker/u9:0] (root,0,0,00:00:00/9-14:32:09,129) [charger_manager] (root,0,0,00:00:02/9-14:32:08,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/9-14:32:08,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-14:32:08,205) [kaluad] (root,0,0,00:00:00/9-14:32:08,250) [kmpath_rdacd] (root,0,0,00:00:00/9-14:32:08,293) [kmpathd] (root,0,0,00:00:00/9-14:32:08,294) [kmpath_handlerd] (root,0,0,00:00:00/9-14:32:08,342) [ata_sff] (root,0,0,00:00:00/9-14:32:07,343) [scsi_eh_0] (root,0,0,00:00:00/9-14:32:07,344) [scsi_tmf_0] (root,0,0,00:00:00/9-14:32:07,345) [scsi_eh_1] (root,0,0,00:00:00/9-14:32:07,346) [scsi_tmf_1] (root,0,0,00:00:14/9-14:32:05,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-14:32:05,367) [ext4-rsv-conver] (root,38604,7900,00:00:16/9-14:31:53,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/9-14:31:52,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:14/9-14:31:50,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:06/9-14:31:16,512) /sbin/auditd (messagebus,22936,5672,00:00:33/9-14:31:16,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:19/9-14:31:16,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/9-14:31:16,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/9-14:31:15,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/9-14:31:15,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,26656,00:00:11/9-14:31:01,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/9-14:31:01,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:52/9-14:31:00,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/9-14:31:00,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/9-14:31:00,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/9-14:31:00,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/9-14:31:00,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:16/9-14:31:00,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:17/9-14:31:00,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/9-14:31:00,1206) bpfilter_umh (root,26204,8300,00:00:05/9-14:31:00,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/9-14:31:00,1215) ntpd: asynchronous dns resolver (spot,285060,169768,11:15:18/9-14:31:00,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/9-14:30:59,1228) (sd-pam) (checkmk,48532,3192,00:00:00/9-14:30:59,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/9-14:30:59,1245) (sd-pam) (root,24216,5348,00:00:03/9-14:30:58,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/9-14:30:58,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/9-14:30:57,1354) /usr/sbin/cron -n (root,691336,73836,00:12:21/9-14:30:51,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,210368,45336,00:03:07/9-14:30:37,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:06/05:59:17,2819) [kworker/2:2-events] (root,0,0,00:00:00/43:52,5542) [kworker/u8:2-flush-253:0] (postfix,24244,8256,00:00:00/23:42,5772) pickup -l -t fifo -u (root,0,0,00:00:00/01:14,6350) [kworker/1:2-ata_sff] (root,0,0,00:00:00/00:59,7714) [kworker/0:1] (root,35308,10012,00:00:00/2-06:27:04,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:08/2-06:27:04,8749) sshd: syslogtunnel (root,0,0,00:00:00/06:26,10686) [kworker/1:0-ata_sff] (root,0,0,00:00:00/22:00,10958) [kworker/1:1-events] (root,6656,3488,00:00:00/00:00,13935) /bin/bash /usr/bin/check_mk_agent (root,13744,3424,00:00:00/00:00,13953) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,13954) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/05:47,14414) [kworker/2:0] (root,35308,10012,00:00:00/3-12:21:53,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:11/3-12:21:52,15391) sshd: cm-ssh (root,0,0,00:00:00/39:50,16880) [kworker/3:1-events] (root,0,0,00:00:00/20:18,17419) [kworker/3:0-events] (root,0,0,00:00:00/01:42:08,22486) [kworker/u8:1] (root,0,0,00:00:00/54:33,24499) [kworker/0:0-events] (root,0,0,00:00:00/01:09:20,26656) [kworker/0:2-events] (postfix,44628,9464,00:00:00/3-19:07:38,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-22 00:54 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c36d2a84Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:26/8-03:36:24,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/8-03:36:24,2) [kthreadd] (root,0,0,00:00:00/8-03:36:24,3) [rcu_gp] (root,0,0,00:00:00/8-03:36:24,4) [rcu_par_gp] (root,0,0,00:00:00/8-03:36:24,5) [slub_flushwq] (root,0,0,00:00:00/8-03:36:24,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/8-03:36:24,9) [mm_percpu_wq] (root,0,0,00:00:00/8-03:36:24,10) [rcu_tasks_kthre] (root,0,0,00:00:00/8-03:36:24,11) [rcu_tasks_rude_] (root,0,0,00:00:00/8-03:36:24,12) [rcu_tasks_trace] (root,0,0,00:00:14/8-03:36:24,13) [ksoftirqd/0] (root,0,0,00:21:30/8-03:36:24,14) [rcu_preempt] (root,0,0,00:00:03/8-03:36:24,15) [migration/0] (root,0,0,00:00:00/8-03:36:24,16) [idle_inject/0] (root,0,0,00:00:00/8-03:36:24,18) [cpuhp/0] (root,0,0,00:00:00/8-03:36:24,19) [cpuhp/1] (root,0,0,00:00:00/8-03:36:24,20) [idle_inject/1] (root,0,0,00:00:03/8-03:36:24,21) [migration/1] (root,0,0,00:00:12/8-03:36:24,22) [ksoftirqd/1] (root,0,0,00:00:00/8-03:36:24,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/8-03:36:24,25) [cpuhp/2] (root,0,0,00:00:00/8-03:36:24,26) [idle_inject/2] (root,0,0,00:00:02/8-03:36:24,27) [migration/2] (root,0,0,00:17:07/8-03:36:24,28) [ksoftirqd/2] (root,0,0,00:00:00/8-03:36:24,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/8-03:36:24,31) [cpuhp/3] (root,0,0,00:00:00/8-03:36:24,32) [idle_inject/3] (root,0,0,00:00:03/8-03:36:24,33) [migration/3] (root,0,0,00:00:46/8-03:36:24,34) [ksoftirqd/3] (root,0,0,00:00:00/8-03:36:24,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/8-03:36:24,39) [kdevtmpfs] (root,0,0,00:00:00/8-03:36:24,40) [netns] (root,0,0,00:00:00/8-03:36:24,41) [inet_frag_wq] (root,0,0,00:00:02/8-03:36:24,42) [kauditd] (root,0,0,00:00:00/8-03:36:24,43) [khungtaskd] (root,0,0,00:00:00/8-03:36:24,44) [oom_reaper] (root,0,0,00:00:00/8-03:36:24,45) [writeback] (root,0,0,00:00:23/8-03:36:24,46) [kcompactd0] (root,0,0,00:00:00/8-03:36:24,47) [ksmd] (root,0,0,00:00:24/8-03:36:24,48) [khugepaged] (root,0,0,00:00:00/8-03:36:24,74) [kintegrityd] (root,0,0,00:00:00/8-03:36:24,75) [kblockd] (root,0,0,00:00:00/8-03:36:24,76) [blkcg_punt_bio] (root,0,0,00:00:00/8-03:36:24,78) [tpm_dev_wq] (root,0,0,00:00:00/8-03:36:24,79) [edac-poller] (root,0,0,00:00:00/8-03:36:24,80) [devfreq_wq] (root,0,0,00:00:00/8-03:36:24,110) [watchdogd] (root,0,0,00:00:01/8-03:36:24,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/8-03:36:24,112) [kswapd0] (root,0,0,00:00:00/8-03:36:23,114) [kthrotld] (root,0,0,00:00:00/8-03:36:23,115) [mld] (root,0,0,00:00:00/8-03:36:23,116) [ipv6_addrconf] (root,0,0,00:00:03/8-03:36:23,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/8-03:36:23,122) [kstrp] (root,0,0,00:00:00/8-03:36:23,123) [zswap-shrink] (root,0,0,00:00:00/8-03:36:23,124) [kworker/u9:0] (root,0,0,00:00:00/8-03:36:23,129) [charger_manager] (root,0,0,00:00:01/8-03:36:22,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/8-03:36:22,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/8-03:36:22,205) [kaluad] (root,0,0,00:00:00/8-03:36:22,250) [kmpath_rdacd] (root,0,0,00:00:00/8-03:36:22,293) [kmpathd] (root,0,0,00:00:00/8-03:36:22,294) [kmpath_handlerd] (root,0,0,00:00:00/8-03:36:22,342) [ata_sff] (root,0,0,00:00:00/8-03:36:21,343) [scsi_eh_0] (root,0,0,00:00:00/8-03:36:21,344) [scsi_tmf_0] (root,0,0,00:00:00/8-03:36:21,345) [scsi_eh_1] (root,0,0,00:00:00/8-03:36:21,346) [scsi_tmf_1] (root,0,0,00:00:12/8-03:36:19,366) [jbd2/vda1-8] (root,0,0,00:00:00/8-03:36:19,367) [ext4-rsv-conver] (root,38604,7900,00:00:14/8-03:36:07,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/8-03:36:06,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:12/8-03:36:04,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:05/8-03:35:30,512) /sbin/auditd (messagebus,22936,5672,00:00:29/8-03:35:30,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:16/8-03:35:30,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/8-03:35:30,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/8-03:35:29,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/8-03:35:29,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,26136,00:00:09/8-03:35:15,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/8-03:35:15,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:44/8-03:35:14,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/8-03:35:14,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/8-03:35:14,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/8-03:35:14,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/8-03:35:14,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:14/8-03:35:14,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:04/8-03:35:14,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/8-03:35:14,1206) bpfilter_umh (root,26204,8300,00:00:04/8-03:35:14,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/8-03:35:14,1215) ntpd: asynchronous dns resolver (spot,282884,169224,09:25:34/8-03:35:14,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/8-03:35:13,1228) (sd-pam) (checkmk,48532,3192,00:00:00/8-03:35:13,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/8-03:35:13,1245) (sd-pam) (root,24216,5348,00:00:02/8-03:35:12,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/8-03:35:12,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/8-03:35:11,1354) /usr/sbin/cron -n (root,691080,73640,00:10:27/8-03:35:05,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,44120,00:02:37/8-03:34:51,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/18:34,2594) [kworker/u8:1-writeback] (root,0,0,00:00:00/03:13:03,3267) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/10:16,3872) [kworker/1:1-ata_sff] (root,0,0,00:00:00/07:05,5218) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/05:06,5500) [kworker/1:2-ata_sff] (root,0,0,00:00:00/03:25,6052) [kworker/0:1] (root,6656,3488,00:00:00/00:00,6794) /bin/bash /usr/bin/check_mk_agent (root,13744,3504,00:00:00/00:00,6812) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,6813) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10012,00:00:00/19:31:18,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:03/19:31:18,8749) sshd: syslogtunnel (root,0,0,00:00:00/01:41:07,14716) [kworker/0:2-cgroup_destroy] (root,35308,10012,00:00:00/2-01:26:07,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:07/2-01:26:06,15391) sshd: cm-ssh (root,0,0,00:00:00/01:30:16,17331) [kworker/3:0-events] (root,0,0,00:00:00/01:19:25,19210) [kworker/0:0-events] (root,0,0,00:00:01/04:04:18,20611) [kworker/1:0-events] (root,0,0,00:00:00/50:33,25879) [kworker/2:2-events] (postfix,44628,9464,00:00:00/2-08:11:52,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/32:21,30978) [kworker/3:1] (postfix,24244,8144,00:00:00/29:17,31489) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-20 13:58 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e41e0d8aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:24/7-15:12:55,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-15:12:55,2) [kthreadd] (root,0,0,00:00:00/7-15:12:55,3) [rcu_gp] (root,0,0,00:00:00/7-15:12:55,4) [rcu_par_gp] (root,0,0,00:00:00/7-15:12:55,5) [slub_flushwq] (root,0,0,00:00:00/7-15:12:55,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-15:12:55,9) [mm_percpu_wq] (root,0,0,00:00:00/7-15:12:55,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-15:12:55,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-15:12:55,12) [rcu_tasks_trace] (root,0,0,00:00:13/7-15:12:55,13) [ksoftirqd/0] (root,0,0,00:20:07/7-15:12:55,14) [rcu_preempt] (root,0,0,00:00:02/7-15:12:55,15) [migration/0] (root,0,0,00:00:00/7-15:12:55,16) [idle_inject/0] (root,0,0,00:00:00/7-15:12:55,18) [cpuhp/0] (root,0,0,00:00:00/7-15:12:55,19) [cpuhp/1] (root,0,0,00:00:00/7-15:12:55,20) [idle_inject/1] (root,0,0,00:00:03/7-15:12:55,21) [migration/1] (root,0,0,00:00:11/7-15:12:55,22) [ksoftirqd/1] (root,0,0,00:00:00/7-15:12:55,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-15:12:55,25) [cpuhp/2] (root,0,0,00:00:00/7-15:12:55,26) [idle_inject/2] (root,0,0,00:00:02/7-15:12:55,27) [migration/2] (root,0,0,00:16:15/7-15:12:55,28) [ksoftirqd/2] (root,0,0,00:00:00/7-15:12:55,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-15:12:55,31) [cpuhp/3] (root,0,0,00:00:00/7-15:12:55,32) [idle_inject/3] (root,0,0,00:00:03/7-15:12:55,33) [migration/3] (root,0,0,00:00:43/7-15:12:55,34) [ksoftirqd/3] (root,0,0,00:00:00/7-15:12:55,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-15:12:55,39) [kdevtmpfs] (root,0,0,00:00:00/7-15:12:55,40) [netns] (root,0,0,00:00:00/7-15:12:55,41) [inet_frag_wq] (root,0,0,00:00:02/7-15:12:55,42) [kauditd] (root,0,0,00:00:00/7-15:12:55,43) [khungtaskd] (root,0,0,00:00:00/7-15:12:55,44) [oom_reaper] (root,0,0,00:00:00/7-15:12:55,45) [writeback] (root,0,0,00:00:22/7-15:12:55,46) [kcompactd0] (root,0,0,00:00:00/7-15:12:55,47) [ksmd] (root,0,0,00:00:23/7-15:12:55,48) [khugepaged] (root,0,0,00:00:00/7-15:12:55,74) [kintegrityd] (root,0,0,00:00:00/7-15:12:55,75) [kblockd] (root,0,0,00:00:00/7-15:12:55,76) [blkcg_punt_bio] (root,0,0,00:00:00/7-15:12:55,78) [tpm_dev_wq] (root,0,0,00:00:00/7-15:12:55,79) [edac-poller] (root,0,0,00:00:00/7-15:12:55,80) [devfreq_wq] (root,0,0,00:00:00/7-15:12:55,110) [watchdogd] (root,0,0,00:00:01/7-15:12:55,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-15:12:55,112) [kswapd0] (root,0,0,00:00:00/7-15:12:54,114) [kthrotld] (root,0,0,00:00:00/7-15:12:54,115) [mld] (root,0,0,00:00:00/7-15:12:54,116) [ipv6_addrconf] (root,0,0,00:00:03/7-15:12:54,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/7-15:12:54,122) [kstrp] (root,0,0,00:00:00/7-15:12:54,123) [zswap-shrink] (root,0,0,00:00:00/7-15:12:54,124) [kworker/u9:0] (root,0,0,00:00:00/7-15:12:54,129) [charger_manager] (root,0,0,00:00:01/7-15:12:53,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/7-15:12:53,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-15:12:53,205) [kaluad] (root,0,0,00:00:00/7-15:12:53,250) [kmpath_rdacd] (root,0,0,00:00:00/7-15:12:53,293) [kmpathd] (root,0,0,00:00:00/7-15:12:53,294) [kmpath_handlerd] (root,0,0,00:00:00/7-15:12:53,342) [ata_sff] (root,0,0,00:00:00/7-15:12:52,343) [scsi_eh_0] (root,0,0,00:00:00/7-15:12:52,344) [scsi_tmf_0] (root,0,0,00:00:00/7-15:12:52,345) [scsi_eh_1] (root,0,0,00:00:00/7-15:12:52,346) [scsi_tmf_1] (root,0,0,00:00:11/7-15:12:50,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-15:12:50,367) [ext4-rsv-conver] (root,38604,7900,00:00:13/7-15:12:38,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/7-15:12:37,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:11/7-15:12:35,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:04/7-15:12:01,512) /sbin/auditd (messagebus,22936,5672,00:00:27/7-15:12:01,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:15/7-15:12:01,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/7-15:12:01,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/7-15:12:00,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/7-15:12:00,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:26:46,776) [kworker/3:0-events] (root,0,0,00:00:00/09:17,1151) [kworker/1:0-ata_sff] (root,547592,25356,00:00:08/7-15:11:46,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/7-15:11:46,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:42/7-15:11:45,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/7-15:11:45,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/7-15:11:45,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/7-15:11:45,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/7-15:11:45,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:13/7-15:11:45,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:00/7-15:11:45,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/7-15:11:45,1206) bpfilter_umh (root,26204,8300,00:00:04/7-15:11:45,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/7-15:11:45,1215) ntpd: asynchronous dns resolver (spot,284388,169600,08:44:10/7-15:11:45,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/7-15:11:44,1228) (sd-pam) (checkmk,48532,3192,00:00:00/7-15:11:44,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/7-15:11:44,1245) (sd-pam) (root,24216,5348,00:00:02/7-15:11:43,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/7-15:11:43,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/7-15:11:42,1354) /usr/sbin/cron -n (root,691080,73620,00:09:47/7-15:11:36,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,43792,00:02:27/7-15:11:22,1380) /usr/bin/python3.11 /usr/bin/spot (postfix,24244,8216,00:00:00/01:26:15,3178) pickup -l -t fifo -u (root,0,0,00:00:00/00:03,5380) [kworker/u8:2-writeback] (root,6656,3484,00:00:00/00:00,5812) /bin/bash /usr/bin/check_mk_agent (root,13744,3524,00:00:00/00:00,5830) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,5831) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/03:51:50,7055) [kworker/3:2-events] (root,0,0,00:00:00/59:34,7981) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10012,00:00:00/07:07:49,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:01/07:07:49,8749) sshd: syslogtunnel (root,0,0,00:00:00/15:58,10528) [kworker/2:1-events] (root,0,0,00:00:00/15:57,10529) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/57:42,13261) [kworker/0:2] (root,35308,10012,00:00:00/1-13:02:38,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:05/1-13:02:37,15391) sshd: cm-ssh (root,0,0,00:00:00/04:04,20353) [kworker/1:2-ata_sff] (root,0,0,00:00:00/01:12:00,23924) [kworker/0:0-events] (root,0,0,00:00:00/45:34,24194) [kworker/1:1-events] (postfix,44628,9464,00:00:00/1-19:48:23,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/35:11,31725) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-20 01:35 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ef2e1a88Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:18/5-14:18:21,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-14:18:21,2) [kthreadd] (root,0,0,00:00:00/5-14:18:21,3) [rcu_gp] (root,0,0,00:00:00/5-14:18:21,4) [rcu_par_gp] (root,0,0,00:00:00/5-14:18:21,5) [slub_flushwq] (root,0,0,00:00:00/5-14:18:21,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-14:18:21,9) [mm_percpu_wq] (root,0,0,00:00:00/5-14:18:21,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-14:18:21,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-14:18:21,12) [rcu_tasks_trace] (root,0,0,00:00:09/5-14:18:21,13) [ksoftirqd/0] (root,0,0,00:14:34/5-14:18:21,14) [rcu_preempt] (root,0,0,00:00:02/5-14:18:21,15) [migration/0] (root,0,0,00:00:00/5-14:18:21,16) [idle_inject/0] (root,0,0,00:00:00/5-14:18:21,18) [cpuhp/0] (root,0,0,00:00:00/5-14:18:21,19) [cpuhp/1] (root,0,0,00:00:00/5-14:18:21,20) [idle_inject/1] (root,0,0,00:00:02/5-14:18:21,21) [migration/1] (root,0,0,00:00:08/5-14:18:21,22) [ksoftirqd/1] (root,0,0,00:00:00/5-14:18:21,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-14:18:21,25) [cpuhp/2] (root,0,0,00:00:00/5-14:18:21,26) [idle_inject/2] (root,0,0,00:00:01/5-14:18:21,27) [migration/2] (root,0,0,00:12:05/5-14:18:21,28) [ksoftirqd/2] (root,0,0,00:00:00/5-14:18:21,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-14:18:21,31) [cpuhp/3] (root,0,0,00:00:00/5-14:18:21,32) [idle_inject/3] (root,0,0,00:00:02/5-14:18:21,33) [migration/3] (root,0,0,00:00:31/5-14:18:21,34) [ksoftirqd/3] (root,0,0,00:00:00/5-14:18:21,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-14:18:21,39) [kdevtmpfs] (root,0,0,00:00:00/5-14:18:21,40) [netns] (root,0,0,00:00:00/5-14:18:21,41) [inet_frag_wq] (root,0,0,00:00:01/5-14:18:21,42) [kauditd] (root,0,0,00:00:00/5-14:18:21,43) [khungtaskd] (root,0,0,00:00:00/5-14:18:21,44) [oom_reaper] (root,0,0,00:00:00/5-14:18:21,45) [writeback] (root,0,0,00:00:15/5-14:18:21,46) [kcompactd0] (root,0,0,00:00:00/5-14:18:21,47) [ksmd] (root,0,0,00:00:16/5-14:18:21,48) [khugepaged] (root,0,0,00:00:00/5-14:18:21,74) [kintegrityd] (root,0,0,00:00:00/5-14:18:21,75) [kblockd] (root,0,0,00:00:00/5-14:18:21,76) [blkcg_punt_bio] (root,0,0,00:00:00/5-14:18:21,78) [tpm_dev_wq] (root,0,0,00:00:00/5-14:18:21,79) [edac-poller] (root,0,0,00:00:00/5-14:18:21,80) [devfreq_wq] (root,0,0,00:00:00/5-14:18:21,110) [watchdogd] (root,0,0,00:00:01/5-14:18:21,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-14:18:21,112) [kswapd0] (root,0,0,00:00:00/5-14:18:20,114) [kthrotld] (root,0,0,00:00:00/5-14:18:20,115) [mld] (root,0,0,00:00:00/5-14:18:20,116) [ipv6_addrconf] (root,0,0,00:00:02/5-14:18:20,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/5-14:18:20,122) [kstrp] (root,0,0,00:00:00/5-14:18:20,123) [zswap-shrink] (root,0,0,00:00:00/5-14:18:20,124) [kworker/u9:0] (root,0,0,00:00:00/5-14:18:20,129) [charger_manager] (root,0,0,00:00:01/5-14:18:19,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/5-14:18:19,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-14:18:19,205) [kaluad] (root,0,0,00:00:00/5-14:18:19,250) [kmpath_rdacd] (root,0,0,00:00:00/5-14:18:19,293) [kmpathd] (root,0,0,00:00:00/5-14:18:19,294) [kmpath_handlerd] (root,0,0,00:00:00/5-14:18:19,342) [ata_sff] (root,0,0,00:00:00/5-14:18:18,343) [scsi_eh_0] (root,0,0,00:00:00/5-14:18:18,344) [scsi_tmf_0] (root,0,0,00:00:00/5-14:18:18,345) [scsi_eh_1] (root,0,0,00:00:00/5-14:18:18,346) [scsi_tmf_1] (root,0,0,00:00:08/5-14:18:16,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-14:18:16,367) [ext4-rsv-conver] (root,38604,7544,00:00:10/5-14:18:04,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/5-14:18:03,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:08/5-14:18:01,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/5-14:17:27,512) /sbin/auditd (messagebus,22936,5824,00:00:20/5-14:17:27,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:11/5-14:17:27,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/5-14:17:27,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/5-14:17:26,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/5-14:17:26,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25572,00:00:06/5-14:17:12,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/5-14:17:12,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:30/5-14:17:11,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/5-14:17:11,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/5-14:17:11,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/5-14:17:11,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/5-14:17:11,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:10/5-14:17:11,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:43/5-14:17:11,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/5-14:17:11,1206) bpfilter_umh (root,26204,8340,00:00:03/5-14:17:11,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/5-14:17:11,1215) ntpd: asynchronous dns resolver (spot,276040,163708,06:08:05/5-14:17:11,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/5-14:17:10,1228) (sd-pam) (checkmk,48532,3192,00:00:00/5-14:17:10,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/5-14:17:10,1245) (sd-pam) (root,24216,5348,00:00:01/5-14:17:09,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/5-14:17:09,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/5-14:17:08,1354) /usr/sbin/cron -n (root,691080,73464,00:07:06/5-14:17:02,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,42500,00:01:46/5-14:16:48,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/05:29,3243) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/20:24,4281) [kworker/u8:2] (root,35308,10024,00:00:00/3-16:09:57,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:12/3-16:09:57,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/3-16:09:42,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:11/3-16:09:42,4688) sshd: cm-ssh (root,0,0,00:00:00/01:26,7623) [kworker/3:2-events] (postfix,24244,8216,00:00:00/52:33,11162) pickup -l -t fifo -u (root,0,0,00:00:00/08:31,11660) [kworker/1:2-ata_sff] (root,0,0,00:00:00/22:39,16093) [kworker/2:0-events] (root,0,0,00:00:00/01:44:26,17810) [kworker/3:1-events] (root,0,0,00:00:00/18:54,18198) [kworker/1:1-events] (root,6656,3488,00:00:00/00:00,21479) /bin/bash /usr/bin/check_mk_agent (root,13744,3460,00:00:00/00:00,21497) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,21498) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/26:54,23223) [kworker/3:0-cgroup_destroy] (root,0,0,00:00:00/03:20,24345) [kworker/1:0-ata_sff] (root,0,0,00:00:00/48:27,29441) [kworker/0:0-events] (root,0,0,00:00:01/03:26:20,31879) [kworker/0:2-events] (root,0,0,00:00:02/01:27:05,32749) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-18 00:40 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363274b1673Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:13/3-15:34:56,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-15:34:56,2) [kthreadd] (root,0,0,00:00:00/3-15:34:56,3) [rcu_gp] (root,0,0,00:00:00/3-15:34:56,4) [rcu_par_gp] (root,0,0,00:00:00/3-15:34:56,5) [slub_flushwq] (root,0,0,00:00:00/3-15:34:56,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-15:34:56,9) [mm_percpu_wq] (root,0,0,00:00:00/3-15:34:56,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-15:34:56,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-15:34:56,12) [rcu_tasks_trace] (root,0,0,00:00:06/3-15:34:56,13) [ksoftirqd/0] (root,0,0,00:09:33/3-15:34:56,14) [rcu_preempt] (root,0,0,00:00:01/3-15:34:56,15) [migration/0] (root,0,0,00:00:00/3-15:34:56,16) [idle_inject/0] (root,0,0,00:00:00/3-15:34:56,18) [cpuhp/0] (root,0,0,00:00:00/3-15:34:56,19) [cpuhp/1] (root,0,0,00:00:00/3-15:34:56,20) [idle_inject/1] (root,0,0,00:00:01/3-15:34:56,21) [migration/1] (root,0,0,00:00:05/3-15:34:56,22) [ksoftirqd/1] (root,0,0,00:00:00/3-15:34:56,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-15:34:56,25) [cpuhp/2] (root,0,0,00:00:00/3-15:34:56,26) [idle_inject/2] (root,0,0,00:00:01/3-15:34:56,27) [migration/2] (root,0,0,00:08:04/3-15:34:56,28) [ksoftirqd/2] (root,0,0,00:00:00/3-15:34:56,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-15:34:56,31) [cpuhp/3] (root,0,0,00:00:00/3-15:34:56,32) [idle_inject/3] (root,0,0,00:00:01/3-15:34:56,33) [migration/3] (root,0,0,00:00:20/3-15:34:56,34) [ksoftirqd/3] (root,0,0,00:00:00/3-15:34:56,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-15:34:56,39) [kdevtmpfs] (root,0,0,00:00:00/3-15:34:56,40) [netns] (root,0,0,00:00:00/3-15:34:56,41) [inet_frag_wq] (root,0,0,00:00:01/3-15:34:56,42) [kauditd] (root,0,0,00:00:00/3-15:34:56,43) [khungtaskd] (root,0,0,00:00:00/3-15:34:56,44) [oom_reaper] (root,0,0,00:00:00/3-15:34:56,45) [writeback] (root,0,0,00:00:09/3-15:34:56,46) [kcompactd0] (root,0,0,00:00:00/3-15:34:56,47) [ksmd] (root,0,0,00:00:10/3-15:34:56,48) [khugepaged] (root,0,0,00:00:00/3-15:34:56,74) [kintegrityd] (root,0,0,00:00:00/3-15:34:56,75) [kblockd] (root,0,0,00:00:00/3-15:34:56,76) [blkcg_punt_bio] (root,0,0,00:00:00/3-15:34:56,78) [tpm_dev_wq] (root,0,0,00:00:00/3-15:34:56,79) [edac-poller] (root,0,0,00:00:00/3-15:34:56,80) [devfreq_wq] (root,0,0,00:00:00/3-15:34:56,110) [watchdogd] (root,0,0,00:00:00/3-15:34:56,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-15:34:56,112) [kswapd0] (root,0,0,00:00:00/3-15:34:55,114) [kthrotld] (root,0,0,00:00:00/3-15:34:55,115) [mld] (root,0,0,00:00:00/3-15:34:55,116) [ipv6_addrconf] (root,0,0,00:00:01/3-15:34:55,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-15:34:55,122) [kstrp] (root,0,0,00:00:00/3-15:34:55,123) [zswap-shrink] (root,0,0,00:00:00/3-15:34:55,124) [kworker/u9:0] (root,0,0,00:00:00/3-15:34:55,129) [charger_manager] (root,0,0,00:00:00/3-15:34:54,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-15:34:54,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-15:34:54,205) [kaluad] (root,0,0,00:00:00/3-15:34:54,250) [kmpath_rdacd] (root,0,0,00:00:00/3-15:34:54,293) [kmpathd] (root,0,0,00:00:00/3-15:34:54,294) [kmpath_handlerd] (root,0,0,00:00:00/3-15:34:54,342) [ata_sff] (root,0,0,00:00:00/3-15:34:53,343) [scsi_eh_0] (root,0,0,00:00:00/3-15:34:53,344) [scsi_tmf_0] (root,0,0,00:00:00/3-15:34:53,345) [scsi_eh_1] (root,0,0,00:00:00/3-15:34:53,346) [scsi_tmf_1] (root,0,0,00:00:05/3-15:34:51,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-15:34:51,367) [ext4-rsv-conver] (root,38604,7544,00:00:07/3-15:34:39,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/3-15:34:38,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:05/3-15:34:36,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/3-15:34:02,512) /sbin/auditd (messagebus,22936,5824,00:00:14/3-15:34:02,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:08/3-15:34:02,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/3-15:34:02,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/3-15:34:01,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/3-15:34:01,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24748,00:00:04/3-15:33:47,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/3-15:33:47,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:18/3-15:33:46,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/3-15:33:46,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/3-15:33:46,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/3-15:33:46,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/3-15:33:46,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:07/3-15:33:46,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:28/3-15:33:46,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/3-15:33:46,1206) bpfilter_umh (root,26204,8340,00:00:02/3-15:33:46,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/3-15:33:46,1215) ntpd: asynchronous dns resolver (spot,273500,162208,04:13:09/3-15:33:46,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/3-15:33:45,1228) (sd-pam) (checkmk,48532,3192,00:00:00/3-15:33:45,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/3-15:33:45,1245) (sd-pam) (root,24216,5348,00:00:01/3-15:33:44,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-15:33:44,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/3-15:33:43,1354) /usr/sbin/cron -n (root,689544,71904,00:04:40/3-15:33:37,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,207296,41160,00:01:10/3-15:33:23,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/01:30:58,1655) [kworker/0:1-events] (root,0,0,00:00:05/04:06:18,3235) [kworker/2:0-events] (root,35308,10024,00:00:00/1-17:26:32,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:06/1-17:26:32,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/1-17:26:17,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:05/1-17:26:17,4688) sshd: cm-ssh (root,0,0,00:00:00/02:44:06,4707) [kworker/0:2-events] (root,0,0,00:00:00/04:49,12334) [kworker/2:1] (postfix,24244,8164,00:00:00/51:06,13818) pickup -l -t fifo -u (root,0,0,00:00:00/04:19,14574) [kworker/1:0-events] (root,0,0,00:00:01/01:53:15,19322) [kworker/1:1-ata_sff] (root,0,0,00:00:00/09:29,24009) [kworker/1:2-ata_sff] (root,0,0,00:00:00/29:54,26463) [kworker/3:0-events] (root,0,0,00:00:00/09:04,26513) [kworker/u8:1-flush-253:0] (root,6656,3488,00:00:00/00:00,29612) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,29653) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,29654) /bin/bash /usr/bin/check_mk_agent (root,4480,1160,00:00:00/00:00,29655) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,6656,3484,00:00:00/00:00,29658) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,29676) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,29677) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/05:41:33,30146) [kworker/u8:2-writeback] (root,0,0,00:00:00/01:05:08,30663) [kworker/3:1-events] (root,0,0,00:00:00/18:53,31815) [kworker/2:2-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-16 01:57 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363244d942eFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12692,00:00:13/3-12:07:01,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-12:07:01,2) [kthreadd] (root,0,0,00:00:00/3-12:07:01,3) [rcu_gp] (root,0,0,00:00:00/3-12:07:01,4) [rcu_par_gp] (root,0,0,00:00:00/3-12:07:01,5) [slub_flushwq] (root,0,0,00:00:00/3-12:07:01,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-12:07:01,9) [mm_percpu_wq] (root,0,0,00:00:00/3-12:07:01,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-12:07:01,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-12:07:01,12) [rcu_tasks_trace] (root,0,0,00:00:05/3-12:07:01,13) [ksoftirqd/0] (root,0,0,00:09:08/3-12:07:01,14) [rcu_preempt] (root,0,0,00:00:01/3-12:07:01,15) [migration/0] (root,0,0,00:00:00/3-12:07:01,16) [idle_inject/0] (root,0,0,00:00:00/3-12:07:01,18) [cpuhp/0] (root,0,0,00:00:00/3-12:07:01,19) [cpuhp/1] (root,0,0,00:00:00/3-12:07:01,20) [idle_inject/1] (root,0,0,00:00:01/3-12:07:01,21) [migration/1] (root,0,0,00:00:04/3-12:07:01,22) [ksoftirqd/1] (root,0,0,00:00:00/3-12:07:01,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-12:07:01,25) [cpuhp/2] (root,0,0,00:00:00/3-12:07:01,26) [idle_inject/2] (root,0,0,00:00:01/3-12:07:01,27) [migration/2] (root,0,0,00:07:38/3-12:07:01,28) [ksoftirqd/2] (root,0,0,00:00:00/3-12:07:01,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-12:07:01,31) [cpuhp/3] (root,0,0,00:00:00/3-12:07:01,32) [idle_inject/3] (root,0,0,00:00:01/3-12:07:01,33) [migration/3] (root,0,0,00:00:19/3-12:07:01,34) [ksoftirqd/3] (root,0,0,00:00:00/3-12:07:01,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-12:07:01,39) [kdevtmpfs] (root,0,0,00:00:00/3-12:07:01,40) [netns] (root,0,0,00:00:00/3-12:07:01,41) [inet_frag_wq] (root,0,0,00:00:01/3-12:07:01,42) [kauditd] (root,0,0,00:00:00/3-12:07:01,43) [khungtaskd] (root,0,0,00:00:00/3-12:07:01,44) [oom_reaper] (root,0,0,00:00:00/3-12:07:01,45) [writeback] (root,0,0,00:00:09/3-12:07:01,46) [kcompactd0] (root,0,0,00:00:00/3-12:07:01,47) [ksmd] (root,0,0,00:00:10/3-12:07:01,48) [khugepaged] (root,0,0,00:00:00/3-12:07:01,74) [kintegrityd] (root,0,0,00:00:00/3-12:07:01,75) [kblockd] (root,0,0,00:00:00/3-12:07:01,76) [blkcg_punt_bio] (root,0,0,00:00:00/3-12:07:01,78) [tpm_dev_wq] (root,0,0,00:00:00/3-12:07:01,79) [edac-poller] (root,0,0,00:00:00/3-12:07:01,80) [devfreq_wq] (root,0,0,00:00:00/3-12:07:01,110) [watchdogd] (root,0,0,00:00:00/3-12:07:01,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-12:07:01,112) [kswapd0] (root,0,0,00:00:00/3-12:07:00,114) [kthrotld] (root,0,0,00:00:00/3-12:07:00,115) [mld] (root,0,0,00:00:00/3-12:07:00,116) [ipv6_addrconf] (root,0,0,00:00:01/3-12:07:00,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-12:07:00,122) [kstrp] (root,0,0,00:00:00/3-12:07:00,123) [zswap-shrink] (root,0,0,00:00:00/3-12:07:00,124) [kworker/u9:0] (root,0,0,00:00:00/3-12:07:00,129) [charger_manager] (root,0,0,00:00:00/3-12:06:59,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-12:06:59,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-12:06:59,205) [kaluad] (root,0,0,00:00:00/3-12:06:59,250) [kmpath_rdacd] (root,0,0,00:00:00/3-12:06:59,293) [kmpathd] (root,0,0,00:00:00/3-12:06:59,294) [kmpath_handlerd] (root,0,0,00:00:00/3-12:06:59,342) [ata_sff] (root,0,0,00:00:00/3-12:06:58,343) [scsi_eh_0] (root,0,0,00:00:00/3-12:06:58,344) [scsi_tmf_0] (root,0,0,00:00:00/3-12:06:58,345) [scsi_eh_1] (root,0,0,00:00:00/3-12:06:58,346) [scsi_tmf_1] (root,0,0,00:00:05/3-12:06:56,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-12:06:56,367) [ext4-rsv-conver] (root,38604,7544,00:00:06/3-12:06:44,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/3-12:06:43,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:05/3-12:06:41,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/3-12:06:07,512) /sbin/auditd (messagebus,22936,5824,00:00:14/3-12:06:07,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8536,00:00:07/3-12:06:07,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/3-12:06:07,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/3-12:06:06,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/3-12:06:06,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24748,00:00:04/3-12:05:52,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/3-12:05:52,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:14/3-12:05:51,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/3-12:05:51,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/3-12:05:51,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/3-12:05:51,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/3-12:05:51,1201) /usr/lib/systemd/systemd --user (root,448724,8116,00:00:07/3-12:05:51,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:27/3-12:05:51,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/3-12:05:51,1206) bpfilter_umh (root,26204,8340,00:00:02/3-12:05:51,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/3-12:05:51,1215) ntpd: asynchronous dns resolver (spot,274876,163316,04:04:32/3-12:05:51,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/3-12:05:50,1228) (sd-pam) (checkmk,48532,3192,00:00:00/3-12:05:50,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/3-12:05:50,1245) (sd-pam) (root,24216,5348,00:00:01/3-12:05:49,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-12:05:49,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/3-12:05:48,1354) /usr/sbin/cron -n (root,689544,71904,00:04:29/3-12:05:42,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,207296,41140,00:01:08/3-12:05:28,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/38:23,3235) [kworker/2:0-events] (root,0,0,00:00:00/48:26,4422) [kworker/1:2-events] (root,35308,10024,00:00:00/1-13:58:37,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:05/1-13:58:37,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/1-13:58:22,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:04/1-13:58:22,4688) sshd: cm-ssh (root,0,0,00:00:00/12:30,7443) [kworker/3:1-events] (root,0,0,00:00:00/05:34,8027) [kworker/1:0-ata_sff] (root,0,0,00:00:00/04:02,13813) [kworker/3:2-events] (root,0,0,00:00:00/02:47:02,14204) [kworker/3:0-cgroup_destroy] (root,0,0,00:00:00/03:39,16604) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/16:44,25690) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/51:11,26476) [kworker/0:2-events] (root,0,0,00:00:00/08:41,27767) [kworker/u8:1-ext4-rsv-conversion] (postfix,24244,8288,00:00:00/43:20,29806) pickup -l -t fifo -u (root,0,0,00:00:00/00:23,30011) [kworker/1:1-ata_sff] (root,0,0,00:00:00/02:13:38,30146) [kworker/u8:2] (root,0,0,00:00:00/42:41,30247) [kworker/0:1-events] (root,6656,3484,00:00:00/00:00,31944) /bin/bash /usr/bin/check_mk_agent (root,13744,3472,00:00:00/00:00,31962) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,31963) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-15 22:29 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836360682cb0Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12668,00:00:07/1-11:45:02,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-11:45:02,2) [kthreadd] (root,0,0,00:00:00/1-11:45:02,3) [rcu_gp] (root,0,0,00:00:00/1-11:45:02,4) [rcu_par_gp] (root,0,0,00:00:00/1-11:45:02,5) [slub_flushwq] (root,0,0,00:00:00/1-11:45:02,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-11:45:02,9) [mm_percpu_wq] (root,0,0,00:00:00/1-11:45:02,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-11:45:02,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-11:45:02,12) [rcu_tasks_trace] (root,0,0,00:00:02/1-11:45:02,13) [ksoftirqd/0] (root,0,0,00:03:49/1-11:45:02,14) [rcu_preempt] (root,0,0,00:00:00/1-11:45:02,15) [migration/0] (root,0,0,00:00:00/1-11:45:02,16) [idle_inject/0] (root,0,0,00:00:00/1-11:45:02,18) [cpuhp/0] (root,0,0,00:00:00/1-11:45:02,19) [cpuhp/1] (root,0,0,00:00:00/1-11:45:02,20) [idle_inject/1] (root,0,0,00:00:00/1-11:45:02,21) [migration/1] (root,0,0,00:00:01/1-11:45:02,22) [ksoftirqd/1] (root,0,0,00:00:00/1-11:45:02,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-11:45:02,25) [cpuhp/2] (root,0,0,00:00:00/1-11:45:02,26) [idle_inject/2] (root,0,0,00:00:00/1-11:45:02,27) [migration/2] (root,0,0,00:03:05/1-11:45:02,28) [ksoftirqd/2] (root,0,0,00:00:00/1-11:45:02,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-11:45:02,31) [cpuhp/3] (root,0,0,00:00:00/1-11:45:02,32) [idle_inject/3] (root,0,0,00:00:00/1-11:45:02,33) [migration/3] (root,0,0,00:00:07/1-11:45:02,34) [ksoftirqd/3] (root,0,0,00:00:00/1-11:45:02,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-11:45:02,39) [kdevtmpfs] (root,0,0,00:00:00/1-11:45:02,40) [netns] (root,0,0,00:00:00/1-11:45:02,41) [inet_frag_wq] (root,0,0,00:00:00/1-11:45:02,42) [kauditd] (root,0,0,00:00:00/1-11:45:02,43) [khungtaskd] (root,0,0,00:00:00/1-11:45:02,44) [oom_reaper] (root,0,0,00:00:00/1-11:45:02,45) [writeback] (root,0,0,00:00:04/1-11:45:02,46) [kcompactd0] (root,0,0,00:00:00/1-11:45:02,47) [ksmd] (root,0,0,00:00:04/1-11:45:02,48) [khugepaged] (root,0,0,00:00:00/1-11:45:02,74) [kintegrityd] (root,0,0,00:00:00/1-11:45:02,75) [kblockd] (root,0,0,00:00:00/1-11:45:02,76) [blkcg_punt_bio] (root,0,0,00:00:00/1-11:45:02,78) [tpm_dev_wq] (root,0,0,00:00:00/1-11:45:02,79) [edac-poller] (root,0,0,00:00:00/1-11:45:02,80) [devfreq_wq] (root,0,0,00:00:00/1-11:45:02,110) [watchdogd] (root,0,0,00:00:00/1-11:45:02,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-11:45:02,112) [kswapd0] (root,0,0,00:00:00/1-11:45:01,114) [kthrotld] (root,0,0,00:00:00/1-11:45:01,115) [mld] (root,0,0,00:00:00/1-11:45:01,116) [ipv6_addrconf] (root,0,0,00:00:00/1-11:45:01,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-11:45:01,122) [kstrp] (root,0,0,00:00:00/1-11:45:01,123) [zswap-shrink] (root,0,0,00:00:00/1-11:45:01,124) [kworker/u9:0] (root,0,0,00:00:00/1-11:45:01,129) [charger_manager] (root,0,0,00:00:00/1-11:45:00,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-11:45:00,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-11:45:00,205) [kaluad] (root,0,0,00:00:00/1-11:45:00,250) [kmpath_rdacd] (root,0,0,00:00:00/1-11:45:00,293) [kmpathd] (root,0,0,00:00:00/1-11:45:00,294) [kmpath_handlerd] (root,0,0,00:00:00/1-11:45:00,342) [ata_sff] (root,0,0,00:00:00/1-11:44:59,343) [scsi_eh_0] (root,0,0,00:00:00/1-11:44:59,344) [scsi_tmf_0] (root,0,0,00:00:00/1-11:44:59,345) [scsi_eh_1] (root,0,0,00:00:00/1-11:44:59,346) [scsi_tmf_1] (root,0,0,00:00:02/1-11:44:57,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-11:44:57,367) [ext4-rsv-conver] (root,38604,7544,00:00:03/1-11:44:45,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/1-11:44:44,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:02/1-11:44:42,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/1-11:44:08,512) /sbin/auditd (messagebus,22936,5824,00:00:06/1-11:44:08,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8504,00:00:03/1-11:44:08,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/1-11:44:08,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/1-11:44:07,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/1-11:44:07,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24220,00:00:01/1-11:43:53,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/1-11:43:53,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:05/1-11:43:52,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/1-11:43:52,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/1-11:43:52,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/1-11:43:52,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/1-11:43:52,1201) /usr/lib/systemd/systemd --user (root,448724,7840,00:00:03/1-11:43:52,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:11/1-11:43:52,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/1-11:43:52,1206) bpfilter_umh (root,26204,8340,00:00:01/1-11:43:52,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/1-11:43:52,1215) ntpd: asynchronous dns resolver (spot,198804,161636,01:40:42/1-11:43:52,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/1-11:43:51,1228) (sd-pam) (checkmk,48532,3192,00:00:00/1-11:43:51,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/1-11:43:51,1245) (sd-pam) (root,24216,5348,00:00:00/1-11:43:50,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/1-11:43:50,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/1-11:43:49,1354) /usr/sbin/cron -n (root,35308,9992,00:00:00/1-11:43:45,1368) sshd: syslogtunnel [priv] (syslogtunnel,35308,5400,00:00:05/1-11:43:45,1371) sshd: syslogtunnel (root,689288,71280,00:01:56/1-11:43:43,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,40780,00:00:30/1-11:43:29,1380) /usr/bin/python3.11 /usr/bin/spot (root,35308,9976,00:00:00/1-11:43:10,1434) sshd: cm-ssh [priv] (cm-ssh,35308,5468,00:00:04/1-11:43:10,1436) sshd: cm-ssh (root,0,0,00:00:00/24:09,1742) [kworker/0:0-events] (root,0,0,00:00:03/06:09:27,3139) [kworker/1:0-events] (root,0,0,00:00:01/03:33:21,3220) [kworker/3:2-events] (postfix,24244,8272,00:00:00/43:18,11816) pickup -l -t fifo -u (root,0,0,00:00:01/01:22:37,13438) [kworker/2:0-events] (root,0,0,00:00:00/01:56,17851) [kworker/1:2-ata_sff] (root,0,0,00:00:00/30:44,22827) [kworker/0:2-events] (root,0,0,00:00:00/10:31,22974) [kworker/2:2-events] (root,0,0,00:00:00/02:36:44,23925) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/30:39,24085) [kworker/u8:1-writeback] (root,0,0,00:00:00/03:40:09,24173) [kworker/3:0-events] (root,6656,3488,00:00:00/00:00,27293) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,27311) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,27312) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:06,32104) [kworker/1:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-13 22:07 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836373e7ca2eFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12368,00:03:06/62-12:16:11,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/62-12:16:11,2) [kthreadd] (root,0,0,00:00:00/62-12:16:11,3) [rcu_gp] (root,0,0,00:00:00/62-12:16:11,4) [rcu_par_gp] (root,0,0,00:00:00/62-12:16:11,5) [slub_flushwq] (root,0,0,00:00:00/62-12:16:11,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/62-12:16:11,9) [mm_percpu_wq] (root,0,0,00:00:00/62-12:16:11,10) [rcu_tasks_kthre] (root,0,0,00:00:00/62-12:16:11,11) [rcu_tasks_rude_] (root,0,0,00:00:00/62-12:16:11,12) [rcu_tasks_trace] (root,0,0,00:01:52/62-12:16:11,13) [ksoftirqd/0] (root,0,0,02:54:00/62-12:16:11,14) [rcu_preempt] (root,0,0,00:00:23/62-12:16:11,15) [migration/0] (root,0,0,00:00:00/62-12:16:11,16) [idle_inject/0] (root,0,0,00:00:00/62-12:16:11,18) [cpuhp/0] (root,0,0,00:00:00/62-12:16:11,19) [cpuhp/1] (root,0,0,00:00:00/62-12:16:11,20) [idle_inject/1] (root,0,0,00:00:23/62-12:16:11,21) [migration/1] (root,0,0,00:01:32/62-12:16:11,22) [ksoftirqd/1] (root,0,0,00:00:00/62-12:16:11,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/62-12:16:11,25) [cpuhp/2] (root,0,0,00:00:00/62-12:16:11,26) [idle_inject/2] (root,0,0,00:00:17/62-12:16:11,27) [migration/2] (root,0,0,01:53:20/62-12:16:11,28) [ksoftirqd/2] (root,0,0,00:00:00/62-12:16:11,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/62-12:16:11,31) [cpuhp/3] (root,0,0,00:00:00/62-12:16:11,32) [idle_inject/3] (root,0,0,00:00:22/62-12:16:11,33) [migration/3] (root,0,0,00:05:42/62-12:16:11,34) [ksoftirqd/3] (root,0,0,00:00:00/62-12:16:11,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/62-12:16:11,40) [kdevtmpfs] (root,0,0,00:00:00/62-12:16:11,41) [netns] (root,0,0,00:00:00/62-12:16:11,42) [inet_frag_wq] (root,0,0,00:00:22/62-12:16:11,43) [kauditd] (root,0,0,00:00:00/62-12:16:11,44) [khungtaskd] (root,0,0,00:00:00/62-12:16:11,45) [oom_reaper] (root,0,0,00:00:00/62-12:16:11,46) [writeback] (root,0,0,00:03:10/62-12:16:11,47) [kcompactd0] (root,0,0,00:00:00/62-12:16:11,48) [ksmd] (root,0,0,00:03:27/62-12:16:11,49) [khugepaged] (root,0,0,00:00:00/62-12:16:11,75) [kintegrityd] (root,0,0,00:00:00/62-12:16:11,76) [kblockd] (root,0,0,00:00:00/62-12:16:11,77) [blkcg_punt_bio] (root,0,0,00:00:00/62-12:16:11,79) [tpm_dev_wq] (root,0,0,00:00:00/62-12:16:11,80) [edac-poller] (root,0,0,00:00:00/62-12:16:11,81) [devfreq_wq] (root,0,0,00:00:00/62-12:16:11,110) [watchdogd] (root,0,0,00:00:05/62-12:16:11,111) [kswapd0] (root,0,0,00:00:15/62-12:16:11,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/62-12:16:09,115) [kthrotld] (root,0,0,00:00:00/62-12:16:09,116) [mld] (root,0,0,00:00:00/62-12:16:09,117) [ipv6_addrconf] (root,0,0,00:00:16/62-12:16:09,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/62-12:16:09,123) [kstrp] (root,0,0,00:00:00/62-12:16:09,124) [zswap-shrink] (root,0,0,00:00:00/62-12:16:09,125) [kworker/u9:0] (root,0,0,00:00:00/62-12:16:09,130) [charger_manager] (root,0,0,00:00:18/62-12:16:09,172) [kworker/1:1H-kblockd] (root,0,0,00:00:27/62-12:16:09,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/62-12:16:08,239) [kaluad] (root,0,0,00:00:00/62-12:16:08,258) [kmpath_rdacd] (root,0,0,00:00:00/62-12:16:08,304) [kmpathd] (root,0,0,00:00:00/62-12:16:08,305) [kmpath_handlerd] (root,0,0,00:00:00/62-12:16:07,342) [ata_sff] (root,0,0,00:00:00/62-12:16:07,343) [scsi_eh_0] (root,0,0,00:00:00/62-12:16:07,344) [scsi_tmf_0] (root,0,0,00:00:00/62-12:16:07,345) [scsi_eh_1] (root,0,0,00:00:00/62-12:16:07,346) [scsi_tmf_1] (root,0,0,00:01:59/62-12:16:04,366) [jbd2/vda1-8] (root,0,0,00:00:00/62-12:16:04,367) [ext4-rsv-conver] (root,38604,7852,00:01:47/62-12:15:52,440) /usr/lib/systemd/systemd-journald (root,53296,9324,00:00:07/62-12:15:51,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:36/62-12:15:49,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1584,00:00:39/62-12:15:18,511) /sbin/auditd (messagebus,22932,5400,00:03:34/62-12:15:17,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38880,8288,00:02:01/62-12:15:17,530) /usr/lib/systemd/systemd-logind (root,20556,4152,00:00:00/62-12:15:17,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15472,00:00:03/62-12:15:15,611) /usr/sbin/wickedd --systemd --foreground (root,31900,15904,00:00:00/62-12:15:15,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/54:20,1067) [kworker/u8:0-ext4-rsv-conversion] (root,549384,31628,00:01:13/62-12:15:01,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/62-12:15:01,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:06:03/62-12:15:01,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/62-12:15:01,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/62-12:15:01,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/62-12:15:01,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/62-12:15:01,1343) /usr/lib/systemd/systemd --user (root,449060,7988,00:01:55/62-12:15:01,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:52/62-12:15:01,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/62-12:15:01,1352) bpfilter_umh (root,26204,8096,00:00:33/62-12:15:01,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/62-12:15:01,1359) ntpd: asynchronous dns resolver (spot,362480,213512,3-11:00:42/62-12:15:00,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/62-12:15:00,1371) (sd-pam) (checkmk,48528,3180,00:00:00/62-12:15:00,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/62-12:15:00,1373) (sd-pam) (root,24216,5256,00:00:22/62-12:14:58,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/62-12:14:58,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/62-12:14:58,1485) /usr/sbin/cron -n (root,0,0,00:00:00/06:30,1490) [kworker/3:1-ata_sff] (root,699464,80276,01:26:21/62-12:14:52,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,236992,82956,00:31:53/62-12:14:40,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9104,00:00:02/56-17:50:15,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/13:26,3845) [kworker/2:0] (root,35304,10040,00:00:00/24-12:43:10,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:32/24-12:43:09,10514) sshd: syslogtunnel (postfix,24244,8240,00:00:00/01:05:47,10568) pickup -l -t fifo -u (root,0,0,00:00:00/19:50,11735) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/04:13,12427) [kworker/u8:2-writeback] (root,0,0,00:00:00/11:01,15942) [kworker/0:2-cgroup_destroy] (root,0,0,00:00:00/01:12:00,17828) [kworker/0:0-events] (root,0,0,00:00:00/25:46,17955) [kworker/1:1-events] (root,0,0,00:00:01/01:16:49,19079) [kworker/2:2-events] (root,0,0,00:00:00/01:18,23548) [kworker/3:2-ata_sff] (root,6656,3488,00:00:00/00:00,29093) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,29111) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,29112) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/48:00,30091) [kworker/3:0-events] (root,35308,10028,00:00:00/24-13:29:23,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:21/24-13:29:22,30947) sshd: cm-ssh (root,0,0,00:00:00/47:44,32761) [kworker/1:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-11 23:04 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f98be520Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:58/60-12:03:24,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/60-12:03:24,2) [kthreadd] (root,0,0,00:00:00/60-12:03:24,3) [rcu_gp] (root,0,0,00:00:00/60-12:03:24,4) [rcu_par_gp] (root,0,0,00:00:00/60-12:03:24,5) [slub_flushwq] (root,0,0,00:00:00/60-12:03:24,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/60-12:03:24,9) [mm_percpu_wq] (root,0,0,00:00:00/60-12:03:24,10) [rcu_tasks_kthre] (root,0,0,00:00:00/60-12:03:24,11) [rcu_tasks_rude_] (root,0,0,00:00:00/60-12:03:24,12) [rcu_tasks_trace] (root,0,0,00:01:48/60-12:03:24,13) [ksoftirqd/0] (root,0,0,02:48:52/60-12:03:24,14) [rcu_preempt] (root,0,0,00:00:23/60-12:03:24,15) [migration/0] (root,0,0,00:00:00/60-12:03:24,16) [idle_inject/0] (root,0,0,00:00:00/60-12:03:24,18) [cpuhp/0] (root,0,0,00:00:00/60-12:03:24,19) [cpuhp/1] (root,0,0,00:00:00/60-12:03:24,20) [idle_inject/1] (root,0,0,00:00:23/60-12:03:24,21) [migration/1] (root,0,0,00:01:29/60-12:03:24,22) [ksoftirqd/1] (root,0,0,00:00:00/60-12:03:24,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/60-12:03:24,25) [cpuhp/2] (root,0,0,00:00:00/60-12:03:24,26) [idle_inject/2] (root,0,0,00:00:17/60-12:03:24,27) [migration/2] (root,0,0,01:49:24/60-12:03:24,28) [ksoftirqd/2] (root,0,0,00:00:00/60-12:03:24,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/60-12:03:24,31) [cpuhp/3] (root,0,0,00:00:00/60-12:03:24,32) [idle_inject/3] (root,0,0,00:00:21/60-12:03:24,33) [migration/3] (root,0,0,00:05:32/60-12:03:24,34) [ksoftirqd/3] (root,0,0,00:00:00/60-12:03:24,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/60-12:03:24,40) [kdevtmpfs] (root,0,0,00:00:00/60-12:03:24,41) [netns] (root,0,0,00:00:00/60-12:03:24,42) [inet_frag_wq] (root,0,0,00:00:21/60-12:03:24,43) [kauditd] (root,0,0,00:00:00/60-12:03:24,44) [khungtaskd] (root,0,0,00:00:00/60-12:03:24,45) [oom_reaper] (root,0,0,00:00:00/60-12:03:24,46) [writeback] (root,0,0,00:03:04/60-12:03:24,47) [kcompactd0] (root,0,0,00:00:00/60-12:03:24,48) [ksmd] (root,0,0,00:03:20/60-12:03:24,49) [khugepaged] (root,0,0,00:00:00/60-12:03:24,75) [kintegrityd] (root,0,0,00:00:00/60-12:03:24,76) [kblockd] (root,0,0,00:00:00/60-12:03:24,77) [blkcg_punt_bio] (root,0,0,00:00:00/60-12:03:24,79) [tpm_dev_wq] (root,0,0,00:00:00/60-12:03:24,80) [edac-poller] (root,0,0,00:00:00/60-12:03:24,81) [devfreq_wq] (root,0,0,00:00:00/60-12:03:24,110) [watchdogd] (root,0,0,00:00:04/60-12:03:24,111) [kswapd0] (root,0,0,00:00:15/60-12:03:24,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/60-12:03:22,115) [kthrotld] (root,0,0,00:00:00/60-12:03:22,116) [mld] (root,0,0,00:00:00/60-12:03:22,117) [ipv6_addrconf] (root,0,0,00:00:16/60-12:03:22,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/60-12:03:22,123) [kstrp] (root,0,0,00:00:00/60-12:03:22,124) [zswap-shrink] (root,0,0,00:00:00/60-12:03:22,125) [kworker/u9:0] (root,0,0,00:00:00/60-12:03:22,130) [charger_manager] (root,0,0,00:00:18/60-12:03:22,172) [kworker/1:1H-kblockd] (root,0,0,00:00:26/60-12:03:22,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/60-12:03:21,239) [kaluad] (root,0,0,00:00:00/60-12:03:21,258) [kmpath_rdacd] (root,0,0,00:00:00/60-12:03:21,304) [kmpathd] (root,0,0,00:00:00/60-12:03:21,305) [kmpath_handlerd] (root,0,0,00:00:00/60-12:03:20,342) [ata_sff] (root,0,0,00:00:00/60-12:03:20,343) [scsi_eh_0] (root,0,0,00:00:00/60-12:03:20,344) [scsi_tmf_0] (root,0,0,00:00:00/60-12:03:20,345) [scsi_eh_1] (root,0,0,00:00:00/60-12:03:20,346) [scsi_tmf_1] (root,0,0,00:01:56/60-12:03:17,366) [jbd2/vda1-8] (root,0,0,00:00:00/60-12:03:17,367) [ext4-rsv-conver] (root,38604,7852,00:01:43/60-12:03:05,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/60-12:03:04,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:33/60-12:03:02,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:37/60-12:02:31,511) /sbin/auditd (messagebus,22932,5400,00:03:23/60-12:02:30,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:55/60-12:02:30,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/60-12:02:30,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/60-12:02:28,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/60-12:02:28,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549384,31636,00:01:11/60-12:02:14,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/60-12:02:14,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:53/60-12:02:14,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/60-12:02:14,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/60-12:02:14,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/60-12:02:14,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/60-12:02:14,1343) /usr/lib/systemd/systemd --user (root,449060,8208,00:01:51/60-12:02:14,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:36/60-12:02:14,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/60-12:02:14,1352) bpfilter_umh (root,26204,8096,00:00:31/60-12:02:14,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/60-12:02:14,1359) ntpd: asynchronous dns resolver (spot,362064,213424,3-08:22:47/60-12:02:13,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/60-12:02:13,1371) (sd-pam) (checkmk,48528,3180,00:00:00/60-12:02:13,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/60-12:02:13,1373) (sd-pam) (root,24216,5260,00:00:21/60-12:02:11,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/60-12:02:11,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/60-12:02:11,1485) /usr/sbin/cron -n (root,699208,80092,01:23:38/60-12:02:05,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,235968,82036,00:31:03/60-12:01:53,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/54-17:37:28,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:28:01,4301) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/15:50,7246) [kworker/1:0-events] (root,35304,10040,00:00:00/22-12:30:23,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:24/22-12:30:22,10514) sshd: syslogtunnel (root,6764,3608,00:00:00/00:00,11725) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,11889) /bin/bash /usr/bin/check_mk_agent (root,14168,9012,00:00:00/00:00,11897) python ././remotecheck (root,13744,3448,00:00:00/00:00,11911) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,11912) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/22:04,12806) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/39:35,16122) [kworker/0:0-cgroup_destroy] (postfix,24244,8276,00:00:00/01:14:01,18926) pickup -l -t fifo -u (root,0,0,00:00:00/04:39,19277) [kworker/3:0-events] (root,0,0,00:00:00/04:02,22406) [kworker/1:2-events] (root,0,0,00:00:00/37:13,25987) [kworker/1:1-events] (root,0,0,00:00:00/01:12:07,28209) [kworker/3:1-ata_sff] (root,0,0,00:00:00/51:28,29474) [kworker/0:2-events] (root,35308,10028,00:00:00/22-13:16:36,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:15/22-13:16:35,30947) sshd: cm-ssh (root,0,0,00:00:00/25:22,32105) [kworker/2:1-events] (root,0,0,00:00:00/09:51,32261) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:17:29,32443) [kworker/2:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-09 22:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363cbf8fa20Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,14416,00:02:49/58-12:25:06,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/58-12:25:06,2) [kthreadd] (root,0,0,00:00:00/58-12:25:06,3) [rcu_gp] (root,0,0,00:00:00/58-12:25:06,4) [rcu_par_gp] (root,0,0,00:00:00/58-12:25:06,5) [slub_flushwq] (root,0,0,00:00:00/58-12:25:06,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/58-12:25:06,9) [mm_percpu_wq] (root,0,0,00:00:00/58-12:25:06,10) [rcu_tasks_kthre] (root,0,0,00:00:00/58-12:25:06,11) [rcu_tasks_rude_] (root,0,0,00:00:00/58-12:25:06,12) [rcu_tasks_trace] (root,0,0,00:01:44/58-12:25:06,13) [ksoftirqd/0] (root,0,0,02:43:42/58-12:25:06,14) [rcu_preempt] (root,0,0,00:00:22/58-12:25:06,15) [migration/0] (root,0,0,00:00:00/58-12:25:06,16) [idle_inject/0] (root,0,0,00:00:00/58-12:25:06,18) [cpuhp/0] (root,0,0,00:00:00/58-12:25:06,19) [cpuhp/1] (root,0,0,00:00:00/58-12:25:06,20) [idle_inject/1] (root,0,0,00:00:22/58-12:25:06,21) [migration/1] (root,0,0,00:01:26/58-12:25:06,22) [ksoftirqd/1] (root,0,0,00:00:00/58-12:25:06,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/58-12:25:06,25) [cpuhp/2] (root,0,0,00:00:00/58-12:25:06,26) [idle_inject/2] (root,0,0,00:00:16/58-12:25:06,27) [migration/2] (root,0,0,01:44:31/58-12:25:06,28) [ksoftirqd/2] (root,0,0,00:00:00/58-12:25:06,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/58-12:25:06,31) [cpuhp/3] (root,0,0,00:00:00/58-12:25:06,32) [idle_inject/3] (root,0,0,00:00:20/58-12:25:06,33) [migration/3] (root,0,0,00:05:20/58-12:25:06,34) [ksoftirqd/3] (root,0,0,00:00:00/58-12:25:06,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/58-12:25:06,40) [kdevtmpfs] (root,0,0,00:00:00/58-12:25:06,41) [netns] (root,0,0,00:00:00/58-12:25:06,42) [inet_frag_wq] (root,0,0,00:00:20/58-12:25:06,43) [kauditd] (root,0,0,00:00:00/58-12:25:06,44) [khungtaskd] (root,0,0,00:00:00/58-12:25:06,45) [oom_reaper] (root,0,0,00:00:00/58-12:25:06,46) [writeback] (root,0,0,00:02:59/58-12:25:06,47) [kcompactd0] (root,0,0,00:00:00/58-12:25:06,48) [ksmd] (root,0,0,00:03:14/58-12:25:06,49) [khugepaged] (root,0,0,00:00:00/58-12:25:06,75) [kintegrityd] (root,0,0,00:00:00/58-12:25:06,76) [kblockd] (root,0,0,00:00:00/58-12:25:06,77) [blkcg_punt_bio] (root,0,0,00:00:00/58-12:25:06,79) [tpm_dev_wq] (root,0,0,00:00:00/58-12:25:06,80) [edac-poller] (root,0,0,00:00:00/58-12:25:06,81) [devfreq_wq] (root,0,0,00:00:00/58-12:25:06,110) [watchdogd] (root,0,0,00:00:04/58-12:25:06,111) [kswapd0] (root,0,0,00:00:15/58-12:25:06,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/58-12:25:04,115) [kthrotld] (root,0,0,00:00:00/58-12:25:04,116) [mld] (root,0,0,00:00:00/58-12:25:04,117) [ipv6_addrconf] (root,0,0,00:00:16/58-12:25:04,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/58-12:25:04,123) [kstrp] (root,0,0,00:00:00/58-12:25:04,124) [zswap-shrink] (root,0,0,00:00:00/58-12:25:04,125) [kworker/u9:0] (root,0,0,00:00:00/58-12:25:04,130) [charger_manager] (root,0,0,00:00:17/58-12:25:04,172) [kworker/1:1H-kblockd] (root,0,0,00:00:25/58-12:25:04,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/58-12:25:03,239) [kaluad] (root,0,0,00:00:00/58-12:25:03,258) [kmpath_rdacd] (root,0,0,00:00:00/58-12:25:03,304) [kmpathd] (root,0,0,00:00:00/58-12:25:03,305) [kmpath_handlerd] (root,0,0,00:00:00/58-12:25:02,342) [ata_sff] (root,0,0,00:00:00/58-12:25:02,343) [scsi_eh_0] (root,0,0,00:00:00/58-12:25:02,344) [scsi_tmf_0] (root,0,0,00:00:00/58-12:25:02,345) [scsi_eh_1] (root,0,0,00:00:00/58-12:25:02,346) [scsi_tmf_1] (root,0,0,00:01:52/58-12:24:59,366) [jbd2/vda1-8] (root,0,0,00:00:00/58-12:24:59,367) [ext4-rsv-conver] (root,38604,7852,00:01:38/58-12:24:47,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/58-12:24:46,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:30/58-12:24:44,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:35/58-12:24:13,511) /sbin/auditd (messagebus,22932,5400,00:03:12/58-12:24:12,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:48/58-12:24:12,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/58-12:24:12,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/58-12:24:10,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/58-12:24:10,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/06:27,788) [kworker/3:0-events] (root,549128,31272,00:01:09/58-12:23:56,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/58-12:23:56,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:42/58-12:23:56,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/58-12:23:56,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/58-12:23:56,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/58-12:23:56,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/58-12:23:56,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:47/58-12:23:56,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:20/58-12:23:56,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/58-12:23:56,1352) bpfilter_umh (root,26204,8096,00:00:30/58-12:23:56,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/58-12:23:56,1359) ntpd: asynchronous dns resolver (spot,363344,214484,3-05:18:53/58-12:23:55,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/58-12:23:55,1371) (sd-pam) (checkmk,48528,3180,00:00:00/58-12:23:55,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/58-12:23:55,1373) (sd-pam) (root,24216,5260,00:00:20/58-12:23:53,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/58-12:23:53,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/58-12:23:53,1485) /usr/sbin/cron -n (root,698952,79684,01:20:56/58-12:23:47,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,234944,80360,00:30:15/58-12:23:35,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/52-17:59:10,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/13:15,4789) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/13:05,5373) [kworker/1:2-events] (root,0,0,00:00:00/12:41,6651) [kworker/u8:2-writeback] (root,35304,10040,00:00:00/20-12:52:05,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:16/20-12:52:04,10514) sshd: syslogtunnel (root,0,0,00:00:00/27:06,14847) [kworker/2:0-events] (root,0,0,00:00:00/01:47:42,16568) [kworker/2:2-events] (root,0,0,00:00:00/01:16,17198) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:10:56,18323) [kworker/1:0-events] (root,0,0,00:00:00/00:54,19316) [kworker/0:0] (postfix,24244,8272,00:00:00/17:29,20776) pickup -l -t fifo -u (root,6656,3488,00:00:00/00:00,21655) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,21673) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,21674) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:35:40,22600) [kworker/u8:0-writeback] (root,0,0,00:00:00/01:27:04,26097) [kworker/0:2-events] (root,35308,10028,00:00:00/20-13:38:18,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:09/20-13:38:17,30947) sshd: cm-ssh (root,0,0,00:00:00/32:23,31562) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-07 23:13 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836305361799Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:13/45-10:27:02,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/45-10:27:02,2) [kthreadd] (root,0,0,00:00:00/45-10:27:02,3) [rcu_gp] (root,0,0,00:00:00/45-10:27:02,4) [rcu_par_gp] (root,0,0,00:00:00/45-10:27:02,5) [slub_flushwq] (root,0,0,00:00:00/45-10:27:02,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/45-10:27:02,9) [mm_percpu_wq] (root,0,0,00:00:00/45-10:27:02,10) [rcu_tasks_kthre] (root,0,0,00:00:00/45-10:27:02,11) [rcu_tasks_rude_] (root,0,0,00:00:00/45-10:27:02,12) [rcu_tasks_trace] (root,0,0,00:01:23/45-10:27:02,13) [ksoftirqd/0] (root,0,0,02:10:18/45-10:27:02,14) [rcu_preempt] (root,0,0,00:00:17/45-10:27:02,15) [migration/0] (root,0,0,00:00:00/45-10:27:02,16) [idle_inject/0] (root,0,0,00:00:00/45-10:27:02,18) [cpuhp/0] (root,0,0,00:00:00/45-10:27:02,19) [cpuhp/1] (root,0,0,00:00:00/45-10:27:02,20) [idle_inject/1] (root,0,0,00:00:17/45-10:27:02,21) [migration/1] (root,0,0,00:01:08/45-10:27:02,22) [ksoftirqd/1] (root,0,0,00:00:00/45-10:27:02,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/45-10:27:02,25) [cpuhp/2] (root,0,0,00:00:00/45-10:27:02,26) [idle_inject/2] (root,0,0,00:00:13/45-10:27:02,27) [migration/2] (root,0,0,01:25:02/45-10:27:02,28) [ksoftirqd/2] (root,0,0,00:00:00/45-10:27:02,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/45-10:27:02,31) [cpuhp/3] (root,0,0,00:00:00/45-10:27:02,32) [idle_inject/3] (root,0,0,00:00:16/45-10:27:02,33) [migration/3] (root,0,0,00:04:21/45-10:27:02,34) [ksoftirqd/3] (root,0,0,00:00:00/45-10:27:02,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/45-10:27:02,40) [kdevtmpfs] (root,0,0,00:00:00/45-10:27:02,41) [netns] (root,0,0,00:00:00/45-10:27:02,42) [inet_frag_wq] (root,0,0,00:00:16/45-10:27:02,43) [kauditd] (root,0,0,00:00:00/45-10:27:02,44) [khungtaskd] (root,0,0,00:00:00/45-10:27:02,45) [oom_reaper] (root,0,0,00:00:00/45-10:27:02,46) [writeback] (root,0,0,00:02:23/45-10:27:02,47) [kcompactd0] (root,0,0,00:00:00/45-10:27:02,48) [ksmd] (root,0,0,00:02:30/45-10:27:02,49) [khugepaged] (root,0,0,00:00:00/45-10:27:02,75) [kintegrityd] (root,0,0,00:00:00/45-10:27:02,76) [kblockd] (root,0,0,00:00:00/45-10:27:02,77) [blkcg_punt_bio] (root,0,0,00:00:00/45-10:27:02,79) [tpm_dev_wq] (root,0,0,00:00:00/45-10:27:02,80) [edac-poller] (root,0,0,00:00:00/45-10:27:02,81) [devfreq_wq] (root,0,0,00:00:00/45-10:27:02,110) [watchdogd] (root,0,0,00:00:03/45-10:27:02,111) [kswapd0] (root,0,0,00:00:12/45-10:27:02,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/45-10:27:00,115) [kthrotld] (root,0,0,00:00:00/45-10:27:00,116) [mld] (root,0,0,00:00:00/45-10:27:00,117) [ipv6_addrconf] (root,0,0,00:00:12/45-10:27:00,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/45-10:27:00,123) [kstrp] (root,0,0,00:00:00/45-10:27:00,124) [zswap-shrink] (root,0,0,00:00:00/45-10:27:00,125) [kworker/u9:0] (root,0,0,00:00:00/45-10:27:00,130) [charger_manager] (root,0,0,00:00:14/45-10:27:00,172) [kworker/1:1H-kblockd] (root,0,0,00:00:20/45-10:27:00,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/45-10:26:59,239) [kaluad] (root,0,0,00:00:00/45-10:26:59,258) [kmpath_rdacd] (root,0,0,00:00:00/45-10:26:59,304) [kmpathd] (root,0,0,00:00:00/45-10:26:59,305) [kmpath_handlerd] (root,0,0,00:00:00/45-10:26:58,342) [ata_sff] (root,0,0,00:00:00/45-10:26:58,343) [scsi_eh_0] (root,0,0,00:00:00/45-10:26:58,344) [scsi_tmf_0] (root,0,0,00:00:00/45-10:26:58,345) [scsi_eh_1] (root,0,0,00:00:00/45-10:26:58,346) [scsi_tmf_1] (root,0,0,00:01:30/45-10:26:55,366) [jbd2/vda1-8] (root,0,0,00:00:00/45-10:26:55,367) [ext4-rsv-conver] (root,38604,7856,00:01:17/45-10:26:43,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/45-10:26:42,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:11/45-10:26:40,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:27/45-10:26:09,511) /sbin/auditd (messagebus,22932,5408,00:02:30/45-10:26:08,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:25/45-10:26:08,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/45-10:26:08,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/45-10:26:06,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/45-10:26:06,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:54/45-10:25:52,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/45-10:25:52,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:31/45-10:25:52,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/45-10:25:52,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/45-10:25:52,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/45-10:25:52,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/45-10:25:52,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:28/45-10:25:52,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:35/45-10:25:52,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/45-10:25:52,1352) bpfilter_umh (root,26204,8096,00:00:23/45-10:25:52,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/45-10:25:52,1359) ntpd: asynchronous dns resolver (spot,362656,206344,2-14:25:15/45-10:25:51,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/45-10:25:51,1371) (sd-pam) (checkmk,48528,3180,00:00:00/45-10:25:51,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/45-10:25:51,1373) (sd-pam) (root,24216,5260,00:00:16/45-10:25:49,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/45-10:25:49,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/45-10:25:49,1485) /usr/sbin/cron -n (root,697508,78828,01:03:13/45-10:25:43,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,228800,71508,00:24:45/45-10:25:31,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/39-16:01:06,2557) tlsmgr -l -t unix -u (root,6656,3492,00:00:00/00:00,2739) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,2759) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,2760) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:02/03:43:00,7922) [kworker/3:0-events] (root,0,0,00:00:00/10:16,8555) [kworker/3:1-ata_sff] (root,0,0,00:00:01/03:50:31,9329) [kworker/2:2-events] (root,35304,10040,00:00:00/7-10:54:01,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:30/7-10:54:00,10514) sshd: syslogtunnel (root,0,0,00:00:00/45:51,12120) [kworker/1:2-events] (root,0,0,00:00:00/35:52,13999) [kworker/1:0] (postfix,24244,8140,00:00:00/01:29:58,20864) pickup -l -t fifo -u (root,0,0,00:00:00/05:05,22818) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:16:18,23049) [kworker/0:2-events] (root,0,0,00:00:00/15:11,27540) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/30:57,27729) [kworker/0:0-events] (root,0,0,00:00:00/50:50,30490) [kworker/2:0] (root,35308,10028,00:00:00/7-11:40:14,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:27/7-11:40:13,30947) sshd: cm-ssh (root,0,0,00:00:00/25:48,32405) [kworker/u8:1-ext4-rsv-conversion] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-25 21:15 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c787168cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:08/43-11:03:36,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/43-11:03:36,2) [kthreadd] (root,0,0,00:00:00/43-11:03:36,3) [rcu_gp] (root,0,0,00:00:00/43-11:03:36,4) [rcu_par_gp] (root,0,0,00:00:00/43-11:03:36,5) [slub_flushwq] (root,0,0,00:00:00/43-11:03:36,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/43-11:03:36,9) [mm_percpu_wq] (root,0,0,00:00:00/43-11:03:36,10) [rcu_tasks_kthre] (root,0,0,00:00:00/43-11:03:36,11) [rcu_tasks_rude_] (root,0,0,00:00:00/43-11:03:36,12) [rcu_tasks_trace] (root,0,0,00:01:19/43-11:03:36,13) [ksoftirqd/0] (root,0,0,02:04:53/43-11:03:36,14) [rcu_preempt] (root,0,0,00:00:16/43-11:03:36,15) [migration/0] (root,0,0,00:00:00/43-11:03:36,16) [idle_inject/0] (root,0,0,00:00:00/43-11:03:36,18) [cpuhp/0] (root,0,0,00:00:00/43-11:03:36,19) [cpuhp/1] (root,0,0,00:00:00/43-11:03:36,20) [idle_inject/1] (root,0,0,00:00:16/43-11:03:36,21) [migration/1] (root,0,0,00:01:05/43-11:03:36,22) [ksoftirqd/1] (root,0,0,00:00:00/43-11:03:36,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/43-11:03:36,25) [cpuhp/2] (root,0,0,00:00:00/43-11:03:36,26) [idle_inject/2] (root,0,0,00:00:12/43-11:03:36,27) [migration/2] (root,0,0,01:22:13/43-11:03:36,28) [ksoftirqd/2] (root,0,0,00:00:00/43-11:03:36,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/43-11:03:36,31) [cpuhp/3] (root,0,0,00:00:00/43-11:03:36,32) [idle_inject/3] (root,0,0,00:00:15/43-11:03:36,33) [migration/3] (root,0,0,00:04:11/43-11:03:36,34) [ksoftirqd/3] (root,0,0,00:00:00/43-11:03:36,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/43-11:03:36,40) [kdevtmpfs] (root,0,0,00:00:00/43-11:03:36,41) [netns] (root,0,0,00:00:00/43-11:03:36,42) [inet_frag_wq] (root,0,0,00:00:15/43-11:03:36,43) [kauditd] (root,0,0,00:00:00/43-11:03:36,44) [khungtaskd] (root,0,0,00:00:00/43-11:03:36,45) [oom_reaper] (root,0,0,00:00:00/43-11:03:36,46) [writeback] (root,0,0,00:02:17/43-11:03:36,47) [kcompactd0] (root,0,0,00:00:00/43-11:03:36,48) [ksmd] (root,0,0,00:02:23/43-11:03:36,49) [khugepaged] (root,0,0,00:00:00/43-11:03:36,75) [kintegrityd] (root,0,0,00:00:00/43-11:03:36,76) [kblockd] (root,0,0,00:00:00/43-11:03:36,77) [blkcg_punt_bio] (root,0,0,00:00:00/43-11:03:36,79) [tpm_dev_wq] (root,0,0,00:00:00/43-11:03:36,80) [edac-poller] (root,0,0,00:00:00/43-11:03:36,81) [devfreq_wq] (root,0,0,00:00:00/43-11:03:36,110) [watchdogd] (root,0,0,00:00:03/43-11:03:36,111) [kswapd0] (root,0,0,00:00:11/43-11:03:36,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/43-11:03:34,115) [kthrotld] (root,0,0,00:00:00/43-11:03:34,116) [mld] (root,0,0,00:00:00/43-11:03:34,117) [ipv6_addrconf] (root,0,0,00:00:12/43-11:03:34,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/43-11:03:34,123) [kstrp] (root,0,0,00:00:00/43-11:03:34,124) [zswap-shrink] (root,0,0,00:00:00/43-11:03:34,125) [kworker/u9:0] (root,0,0,00:00:00/43-11:03:34,130) [charger_manager] (root,0,0,00:00:13/43-11:03:34,172) [kworker/1:1H-kblockd] (root,0,0,00:00:19/43-11:03:34,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/43-11:03:33,239) [kaluad] (root,0,0,00:00:00/43-11:03:33,258) [kmpath_rdacd] (root,0,0,00:00:00/43-11:03:33,304) [kmpathd] (root,0,0,00:00:00/43-11:03:33,305) [kmpath_handlerd] (root,0,0,00:00:00/43-11:03:32,342) [ata_sff] (root,0,0,00:00:00/43-11:03:32,343) [scsi_eh_0] (root,0,0,00:00:00/43-11:03:32,344) [scsi_tmf_0] (root,0,0,00:00:00/43-11:03:32,345) [scsi_eh_1] (root,0,0,00:00:00/43-11:03:32,346) [scsi_tmf_1] (root,0,0,00:01:27/43-11:03:29,366) [jbd2/vda1-8] (root,0,0,00:00:00/43-11:03:29,367) [ext4-rsv-conver] (root,38604,7856,00:01:14/43-11:03:17,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/43-11:03:16,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:08/43-11:03:14,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:26/43-11:02:43,511) /sbin/auditd (messagebus,22932,5408,00:02:24/43-11:02:42,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:21/43-11:02:42,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/43-11:02:42,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/43-11:02:40,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/43-11:02:40,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30208,00:00:51/43-11:02:26,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/43-11:02:26,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:19/43-11:02:26,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/43-11:02:26,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/43-11:02:26,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/43-11:02:26,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/43-11:02:26,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:25/43-11:02:26,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:18/43-11:02:26,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/43-11:02:26,1352) bpfilter_umh (root,26204,8096,00:00:22/43-11:02:26,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/43-11:02:26,1359) ntpd: asynchronous dns resolver (spot,361392,206028,2-12:12:12/43-11:02:25,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/43-11:02:25,1371) (sd-pam) (checkmk,48528,3180,00:00:00/43-11:02:25,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/43-11:02:25,1373) (sd-pam) (root,24216,5260,00:00:15/43-11:02:23,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/43-11:02:23,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/43-11:02:23,1485) /usr/sbin/cron -n (root,697508,76760,01:00:27/43-11:02:17,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,227776,70164,00:23:47/43-11:02:05,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/37-16:37:40,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/34:54,8260) [kworker/0:1] (root,0,0,00:00:00/10:35,9062) [kworker/2:0] (root,35304,10040,00:00:00/5-11:30:35,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:22/5-11:30:34,10514) sshd: syslogtunnel (root,0,0,00:00:00/10:00,10732) [kworker/3:1-ata_sff] (root,0,0,00:00:00/54:23,12041) [kworker/1:0-events] (root,0,0,00:00:00/01:57:49,13819) [kworker/0:2-events] (postfix,24244,8304,00:00:00/48:13,13890) pickup -l -t fifo -u (root,6656,3488,00:00:00/00:00,16476) /bin/bash /usr/bin/check_mk_agent (root,13744,3464,00:00:00/00:00,16494) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,16495) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:32:47,16939) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/01:02:16,17327) [kworker/u8:2-writeback] (root,0,0,00:00:01/01:53:46,21017) [kworker/3:2-ata_sff] (root,0,0,00:00:00/44:36,21552) [kworker/1:1] (root,0,0,00:00:00/04:50,30519) [kworker/3:0-events] (root,35308,10028,00:00:00/5-12:16:48,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:20/5-12:16:47,30947) sshd: cm-ssh (root,0,0,00:00:00/02:27:07,31069) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-23 21:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836331f80724Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:02/41-10:39:31,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/41-10:39:31,2) [kthreadd] (root,0,0,00:00:00/41-10:39:31,3) [rcu_gp] (root,0,0,00:00:00/41-10:39:31,4) [rcu_par_gp] (root,0,0,00:00:00/41-10:39:31,5) [slub_flushwq] (root,0,0,00:00:00/41-10:39:31,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/41-10:39:31,9) [mm_percpu_wq] (root,0,0,00:00:00/41-10:39:31,10) [rcu_tasks_kthre] (root,0,0,00:00:00/41-10:39:31,11) [rcu_tasks_rude_] (root,0,0,00:00:00/41-10:39:31,12) [rcu_tasks_trace] (root,0,0,00:01:15/41-10:39:31,13) [ksoftirqd/0] (root,0,0,01:58:57/41-10:39:31,14) [rcu_preempt] (root,0,0,00:00:15/41-10:39:31,15) [migration/0] (root,0,0,00:00:00/41-10:39:31,16) [idle_inject/0] (root,0,0,00:00:00/41-10:39:31,18) [cpuhp/0] (root,0,0,00:00:00/41-10:39:31,19) [cpuhp/1] (root,0,0,00:00:00/41-10:39:31,20) [idle_inject/1] (root,0,0,00:00:15/41-10:39:31,21) [migration/1] (root,0,0,00:01:01/41-10:39:31,22) [ksoftirqd/1] (root,0,0,00:00:00/41-10:39:31,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/41-10:39:31,25) [cpuhp/2] (root,0,0,00:00:00/41-10:39:31,26) [idle_inject/2] (root,0,0,00:00:12/41-10:39:31,27) [migration/2] (root,0,0,01:18:13/41-10:39:31,28) [ksoftirqd/2] (root,0,0,00:00:00/41-10:39:31,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/41-10:39:31,31) [cpuhp/3] (root,0,0,00:00:00/41-10:39:31,32) [idle_inject/3] (root,0,0,00:00:15/41-10:39:31,33) [migration/3] (root,0,0,00:03:58/41-10:39:31,34) [ksoftirqd/3] (root,0,0,00:00:00/41-10:39:31,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/41-10:39:31,40) [kdevtmpfs] (root,0,0,00:00:00/41-10:39:31,41) [netns] (root,0,0,00:00:00/41-10:39:31,42) [inet_frag_wq] (root,0,0,00:00:14/41-10:39:31,43) [kauditd] (root,0,0,00:00:00/41-10:39:31,44) [khungtaskd] (root,0,0,00:00:00/41-10:39:31,45) [oom_reaper] (root,0,0,00:00:00/41-10:39:31,46) [writeback] (root,0,0,00:02:11/41-10:39:31,47) [kcompactd0] (root,0,0,00:00:00/41-10:39:31,48) [ksmd] (root,0,0,00:02:16/41-10:39:31,49) [khugepaged] (root,0,0,00:00:00/41-10:39:31,75) [kintegrityd] (root,0,0,00:00:00/41-10:39:31,76) [kblockd] (root,0,0,00:00:00/41-10:39:31,77) [blkcg_punt_bio] (root,0,0,00:00:00/41-10:39:31,79) [tpm_dev_wq] (root,0,0,00:00:00/41-10:39:31,80) [edac-poller] (root,0,0,00:00:00/41-10:39:31,81) [devfreq_wq] (root,0,0,00:00:00/41-10:39:31,110) [watchdogd] (root,0,0,00:00:03/41-10:39:31,111) [kswapd0] (root,0,0,00:00:11/41-10:39:31,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/41-10:39:29,115) [kthrotld] (root,0,0,00:00:00/41-10:39:29,116) [mld] (root,0,0,00:00:00/41-10:39:29,117) [ipv6_addrconf] (root,0,0,00:00:11/41-10:39:29,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/41-10:39:29,123) [kstrp] (root,0,0,00:00:00/41-10:39:29,124) [zswap-shrink] (root,0,0,00:00:00/41-10:39:29,125) [kworker/u9:0] (root,0,0,00:00:00/41-10:39:29,130) [charger_manager] (root,0,0,00:00:12/41-10:39:29,172) [kworker/1:1H-kblockd] (root,0,0,00:00:18/41-10:39:29,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/41-10:39:28,239) [kaluad] (root,0,0,00:00:00/41-10:39:28,258) [kmpath_rdacd] (root,0,0,00:00:00/41-10:39:28,304) [kmpathd] (root,0,0,00:00:00/41-10:39:28,305) [kmpath_handlerd] (root,0,0,00:00:00/41-10:39:27,342) [ata_sff] (root,0,0,00:00:00/41-10:39:27,343) [scsi_eh_0] (root,0,0,00:00:00/41-10:39:27,344) [scsi_tmf_0] (root,0,0,00:00:00/41-10:39:27,345) [scsi_eh_1] (root,0,0,00:00:00/41-10:39:27,346) [scsi_tmf_1] (root,0,0,00:01:22/41-10:39:24,366) [jbd2/vda1-8] (root,0,0,00:00:00/41-10:39:24,367) [ext4-rsv-conver] (root,38604,7856,00:01:11/41-10:39:12,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:04/41-10:39:11,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:05/41-10:39:09,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:25/41-10:38:38,511) /sbin/auditd (messagebus,22932,5408,00:02:18/41-10:38:37,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:18/41-10:38:37,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/41-10:38:37,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/41-10:38:35,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/41-10:38:35,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30208,00:00:49/41-10:38:21,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/41-10:38:21,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:07/41-10:38:21,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/41-10:38:21,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/41-10:38:21,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/41-10:38:21,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/41-10:38:21,1343) /usr/lib/systemd/systemd --user (root,449060,8448,00:01:22/41-10:38:21,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:00/41-10:38:21,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/41-10:38:21,1352) bpfilter_umh (root,26204,8096,00:00:21/41-10:38:21,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/41-10:38:21,1359) ntpd: asynchronous dns resolver (spot,361632,206088,2-09:23:47/41-10:38:20,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/41-10:38:20,1371) (sd-pam) (checkmk,48528,3180,00:00:00/41-10:38:20,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/41-10:38:20,1373) (sd-pam) (root,0,0,00:00:00/01:21:10,1398) [kworker/1:0-events] (root,24216,5260,00:00:14/41-10:38:18,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/41-10:38:18,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/41-10:38:18,1485) /usr/sbin/cron -n (root,697108,76360,00:57:35/41-10:38:12,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,226752,68932,00:22:46/41-10:38:00,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/35-16:13:35,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/06:09,6018) [kworker/3:1-ata_sff] (postfix,24244,8272,00:00:00/46:04,8568) pickup -l -t fifo -u (root,35304,10040,00:00:00/3-11:06:30,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:14/3-11:06:29,10514) sshd: syslogtunnel (root,0,0,00:00:00/52:43,15370) [kworker/u8:1-writeback] (root,0,0,00:00:01/08:04:11,16954) [kworker/2:1-events] (root,0,0,00:00:00/12:45,17760) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/43:13,18031) [kworker/1:2-events] (root,0,0,00:00:00/00:58,19400) [kworker/3:0-ata_sff] (root,0,0,00:00:00/38:30,20231) [kworker/0:0-events] (root,0,0,00:00:00/00:11,21149) [kworker/u8:0] (root,0,0,00:00:00/01:16:18,21301) [kworker/0:2-events] (root,6656,3488,00:00:00/00:00,22188) /bin/bash /usr/bin/check_mk_agent (root,13744,3496,00:00:00/00:00,22206) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,22207) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:02/03:38:53,27369) [kworker/3:2-events] (root,0,0,00:00:00/19:27,29732) [kworker/2:0-events] (root,35308,10028,00:00:00/3-11:52:43,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:13/3-11:52:42,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-21 21:28 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836380ad2c72Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:57/39-11:24:01,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-11:24:01,2) [kthreadd] (root,0,0,00:00:00/39-11:24:01,3) [rcu_gp] (root,0,0,00:00:00/39-11:24:01,4) [rcu_par_gp] (root,0,0,00:00:00/39-11:24:01,5) [slub_flushwq] (root,0,0,00:00:00/39-11:24:01,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-11:24:01,9) [mm_percpu_wq] (root,0,0,00:00:00/39-11:24:01,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-11:24:01,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-11:24:01,12) [rcu_tasks_trace] (root,0,0,00:01:12/39-11:24:01,13) [ksoftirqd/0] (root,0,0,01:53:15/39-11:24:01,14) [rcu_preempt] (root,0,0,00:00:15/39-11:24:01,15) [migration/0] (root,0,0,00:00:00/39-11:24:01,16) [idle_inject/0] (root,0,0,00:00:00/39-11:24:01,18) [cpuhp/0] (root,0,0,00:00:00/39-11:24:01,19) [cpuhp/1] (root,0,0,00:00:00/39-11:24:01,20) [idle_inject/1] (root,0,0,00:00:15/39-11:24:01,21) [migration/1] (root,0,0,00:00:58/39-11:24:01,22) [ksoftirqd/1] (root,0,0,00:00:00/39-11:24:01,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-11:24:01,25) [cpuhp/2] (root,0,0,00:00:00/39-11:24:01,26) [idle_inject/2] (root,0,0,00:00:11/39-11:24:01,27) [migration/2] (root,0,0,01:13:31/39-11:24:01,28) [ksoftirqd/2] (root,0,0,00:00:00/39-11:24:01,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-11:24:01,31) [cpuhp/3] (root,0,0,00:00:00/39-11:24:01,32) [idle_inject/3] (root,0,0,00:00:14/39-11:24:01,33) [migration/3] (root,0,0,00:03:45/39-11:24:01,34) [ksoftirqd/3] (root,0,0,00:00:00/39-11:24:01,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-11:24:01,40) [kdevtmpfs] (root,0,0,00:00:00/39-11:24:01,41) [netns] (root,0,0,00:00:00/39-11:24:01,42) [inet_frag_wq] (root,0,0,00:00:14/39-11:24:01,43) [kauditd] (root,0,0,00:00:00/39-11:24:01,44) [khungtaskd] (root,0,0,00:00:00/39-11:24:01,45) [oom_reaper] (root,0,0,00:00:00/39-11:24:01,46) [writeback] (root,0,0,00:02:04/39-11:24:01,47) [kcompactd0] (root,0,0,00:00:00/39-11:24:01,48) [ksmd] (root,0,0,00:02:09/39-11:24:01,49) [khugepaged] (root,0,0,00:00:00/39-11:24:01,75) [kintegrityd] (root,0,0,00:00:00/39-11:24:01,76) [kblockd] (root,0,0,00:00:00/39-11:24:01,77) [blkcg_punt_bio] (root,0,0,00:00:00/39-11:24:01,79) [tpm_dev_wq] (root,0,0,00:00:00/39-11:24:01,80) [edac-poller] (root,0,0,00:00:00/39-11:24:01,81) [devfreq_wq] (root,0,0,00:00:00/39-11:24:01,110) [watchdogd] (root,0,0,00:00:02/39-11:24:01,111) [kswapd0] (root,0,0,00:00:10/39-11:24:01,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/39-11:23:59,115) [kthrotld] (root,0,0,00:00:00/39-11:23:59,116) [mld] (root,0,0,00:00:00/39-11:23:59,117) [ipv6_addrconf] (root,0,0,00:00:11/39-11:23:59,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-11:23:59,123) [kstrp] (root,0,0,00:00:00/39-11:23:59,124) [zswap-shrink] (root,0,0,00:00:00/39-11:23:59,125) [kworker/u9:0] (root,0,0,00:00:00/39-11:23:59,130) [charger_manager] (root,0,0,00:00:12/39-11:23:59,172) [kworker/1:1H-kblockd] (root,0,0,00:00:17/39-11:23:59,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/39-11:23:58,239) [kaluad] (root,0,0,00:00:00/39-11:23:58,258) [kmpath_rdacd] (root,0,0,00:00:00/39-11:23:58,304) [kmpathd] (root,0,0,00:00:00/39-11:23:58,305) [kmpath_handlerd] (root,0,0,00:00:00/39-11:23:57,342) [ata_sff] (root,0,0,00:00:00/39-11:23:57,343) [scsi_eh_0] (root,0,0,00:00:00/39-11:23:57,344) [scsi_tmf_0] (root,0,0,00:00:00/39-11:23:57,345) [scsi_eh_1] (root,0,0,00:00:00/39-11:23:57,346) [scsi_tmf_1] (root,0,0,00:01:18/39-11:23:54,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-11:23:54,367) [ext4-rsv-conver] (root,38604,7924,00:01:08/39-11:23:42,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/39-11:23:41,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:01:02/39-11:23:39,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:24/39-11:23:08,511) /sbin/auditd (messagebus,22932,5436,00:02:12/39-11:23:07,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:15/39-11:23:07,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/39-11:23:07,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/39-11:23:05,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/39-11:23:05,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30300,00:00:46/39-11:22:51,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/39-11:22:51,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:55/39-11:22:51,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/39-11:22:51,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/39-11:22:51,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/39-11:22:51,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/39-11:22:51,1343) /usr/lib/systemd/systemd --user (root,449060,8596,00:01:19/39-11:22:51,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:43/39-11:22:51,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/39-11:22:51,1352) bpfilter_umh (root,26204,8116,00:00:20/39-11:22:51,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/39-11:22:51,1359) ntpd: asynchronous dns resolver (spot,361456,198364,2-07:16:45/39-11:22:50,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/39-11:22:50,1371) (sd-pam) (checkmk,48528,3192,00:00:00/39-11:22:50,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/39-11:22:50,1373) (sd-pam) (root,24216,5260,00:00:14/39-11:22:48,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/39-11:22:48,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/39-11:22:48,1485) /usr/sbin/cron -n (root,697108,76496,00:54:45/39-11:22:42,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,67424,00:21:43/39-11:22:30,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/33-16:58:05,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/26:58,3019) [kworker/1:2-events] (root,35304,10040,00:00:00/1-11:51:00,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:07/1-11:50:59,10514) sshd: syslogtunnel (root,0,0,00:00:00/41:40,11867) [kworker/3:2-events] (root,0,0,00:00:00/01:12:14,12444) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/40:57,15181) [kworker/0:1-events] (root,0,0,00:00:00/12:28,15955) [kworker/u8:0-writeback] (root,0,0,00:00:00/12:28,15966) [kworker/1:0-events] (root,0,0,00:00:00/12:28,15998) [kworker/2:1-events] (root,0,0,00:00:01/02:14:19,16553) [kworker/0:0-events] (root,0,0,00:00:00/00:12,18227) [kworker/3:0-ata_sff] (root,6764,3596,00:00:00/00:01,20162) /bin/bash /usr/bin/check_mk_agent (root,6292,3124,00:00:00/00:00,20352) /bin/bash ././mk_inventory.linux (root,29232,9004,00:00:00/00:00,20356) rpm -qa --qf %{NAME}\t%{VERSION}\t%{ARCH}\trpm\t%{RELEASE}\t%{SUMMARY}\t-\n (root,6656,3492,00:00:00/00:00,20357) /bin/bash /usr/bin/check_mk_agent (root,13744,3512,00:00:00/00:00,20375) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,20376) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/05:22,23200) [kworker/3:1-ata_sff] (root,35308,10028,00:00:00/1-12:37:13,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:06/1-12:37:12,30947) sshd: cm-ssh (postfix,24244,8232,00:00:00/11:22,31794) pickup -l -t fifo -u (root,0,0,00:00:00/01:36:50,32470) [kworker/2:2-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-19 22:12 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683631c23703eFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:51/37-10:47:46,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-10:47:46,2) [kthreadd] (root,0,0,00:00:00/37-10:47:46,3) [rcu_gp] (root,0,0,00:00:00/37-10:47:46,4) [rcu_par_gp] (root,0,0,00:00:00/37-10:47:46,5) [slub_flushwq] (root,0,0,00:00:00/37-10:47:46,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-10:47:46,9) [mm_percpu_wq] (root,0,0,00:00:00/37-10:47:46,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-10:47:46,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-10:47:46,12) [rcu_tasks_trace] (root,0,0,00:01:07/37-10:47:46,13) [ksoftirqd/0] (root,0,0,01:47:08/37-10:47:46,14) [rcu_preempt] (root,0,0,00:00:14/37-10:47:46,15) [migration/0] (root,0,0,00:00:00/37-10:47:46,16) [idle_inject/0] (root,0,0,00:00:00/37-10:47:46,18) [cpuhp/0] (root,0,0,00:00:00/37-10:47:46,19) [cpuhp/1] (root,0,0,00:00:00/37-10:47:46,20) [idle_inject/1] (root,0,0,00:00:14/37-10:47:46,21) [migration/1] (root,0,0,00:00:55/37-10:47:46,22) [ksoftirqd/1] (root,0,0,00:00:00/37-10:47:46,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-10:47:46,25) [cpuhp/2] (root,0,0,00:00:00/37-10:47:46,26) [idle_inject/2] (root,0,0,00:00:10/37-10:47:46,27) [migration/2] (root,0,0,01:07:43/37-10:47:46,28) [ksoftirqd/2] (root,0,0,00:00:00/37-10:47:46,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-10:47:46,31) [cpuhp/3] (root,0,0,00:00:00/37-10:47:46,32) [idle_inject/3] (root,0,0,00:00:13/37-10:47:46,33) [migration/3] (root,0,0,00:03:29/37-10:47:46,34) [ksoftirqd/3] (root,0,0,00:00:00/37-10:47:46,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-10:47:46,40) [kdevtmpfs] (root,0,0,00:00:00/37-10:47:46,41) [netns] (root,0,0,00:00:00/37-10:47:46,42) [inet_frag_wq] (root,0,0,00:00:13/37-10:47:46,43) [kauditd] (root,0,0,00:00:00/37-10:47:46,44) [khungtaskd] (root,0,0,00:00:00/37-10:47:46,45) [oom_reaper] (root,0,0,00:00:00/37-10:47:46,46) [writeback] (root,0,0,00:01:57/37-10:47:46,47) [kcompactd0] (root,0,0,00:00:00/37-10:47:46,48) [ksmd] (root,0,0,00:02:02/37-10:47:46,49) [khugepaged] (root,0,0,00:00:00/37-10:47:46,75) [kintegrityd] (root,0,0,00:00:00/37-10:47:46,76) [kblockd] (root,0,0,00:00:00/37-10:47:46,77) [blkcg_punt_bio] (root,0,0,00:00:00/37-10:47:46,79) [tpm_dev_wq] (root,0,0,00:00:00/37-10:47:46,80) [edac-poller] (root,0,0,00:00:00/37-10:47:46,81) [devfreq_wq] (root,0,0,00:00:00/37-10:47:46,110) [watchdogd] (root,0,0,00:00:02/37-10:47:46,111) [kswapd0] (root,0,0,00:00:10/37-10:47:46,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/37-10:47:44,115) [kthrotld] (root,0,0,00:00:00/37-10:47:44,116) [mld] (root,0,0,00:00:00/37-10:47:44,117) [ipv6_addrconf] (root,0,0,00:00:10/37-10:47:44,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-10:47:44,123) [kstrp] (root,0,0,00:00:00/37-10:47:44,124) [zswap-shrink] (root,0,0,00:00:00/37-10:47:44,125) [kworker/u9:0] (root,0,0,00:00:00/37-10:47:44,130) [charger_manager] (root,0,0,00:00:11/37-10:47:44,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/37-10:47:44,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/37-10:47:43,239) [kaluad] (root,0,0,00:00:00/37-10:47:43,258) [kmpath_rdacd] (root,0,0,00:00:00/37-10:47:43,304) [kmpathd] (root,0,0,00:00:00/37-10:47:43,305) [kmpath_handlerd] (root,0,0,00:00:00/37-10:47:42,342) [ata_sff] (root,0,0,00:00:00/37-10:47:42,343) [scsi_eh_0] (root,0,0,00:00:00/37-10:47:42,344) [scsi_tmf_0] (root,0,0,00:00:00/37-10:47:42,345) [scsi_eh_1] (root,0,0,00:00:00/37-10:47:42,346) [scsi_tmf_1] (root,0,0,00:01:14/37-10:47:39,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-10:47:39,367) [ext4-rsv-conver] (root,38604,7924,00:01:01/37-10:47:27,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/37-10:47:26,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:00:58/37-10:47:24,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:22/37-10:46:53,511) /sbin/auditd (messagebus,22932,5436,00:02:06/37-10:46:52,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:11/37-10:46:52,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/37-10:46:52,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/37-10:46:50,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/37-10:46:50,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/02:24:46,669) [kworker/2:0-events] (root,548616,30292,00:00:44/37-10:46:36,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/37-10:46:36,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:42/37-10:46:36,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/37-10:46:36,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/37-10:46:36,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/37-10:46:36,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/37-10:46:36,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:58/37-10:46:36,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:24/37-10:46:36,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/37-10:46:36,1352) bpfilter_umh (root,26204,8116,00:00:19/37-10:46:36,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/37-10:46:36,1359) ntpd: asynchronous dns resolver (spot,361744,198436,2-04:16:30/37-10:46:35,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/37-10:46:35,1371) (sd-pam) (checkmk,48528,3192,00:00:00/37-10:46:35,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/37-10:46:35,1373) (sd-pam) (root,24216,5260,00:00:13/37-10:46:33,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/37-10:46:33,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/37-10:46:33,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/37-10:46:30,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:19/37-10:46:29,1527) sshd: syslogtunnel (root,0,0,00:00:00/40:56,1530) [kworker/u8:2-ext4-rsv-conversion] (root,696596,75960,00:51:50/37-10:46:27,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66200,00:20:38/37-10:46:15,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/31-16:21:50,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/37-10:45:50,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:02:04/37-10:45:50,3218) sshd: cm-ssh (root,0,0,00:00:00/01:53:05,4224) [kworker/0:0-events] (root,0,0,00:00:00/06:01,7536) [kworker/3:0-ata_sff] (postfix,24244,8176,00:00:00/01:37:03,11352) pickup -l -t fifo -u (root,0,0,00:00:00/01:35:00,11965) [kworker/1:0-events] (root,0,0,00:00:00/11:25,18233) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/45:08,19177) [kworker/0:2-events] (root,0,0,00:00:00/00:49,22712) [kworker/3:1-ata_sff] (root,0,0,00:00:00/58:45,24929) [kworker/2:1-events] (root,6656,3484,00:00:00/00:00,25535) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,25553) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,25554) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:07:49,31156) [kworker/1:2-events] (root,0,0,00:00:01/02:26:06,32737) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-17 21:36 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f5c1f781Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12620,00:01:46/35-14:00:37,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/35-14:00:37,2) [kthreadd] (root,0,0,00:00:00/35-14:00:37,3) [rcu_gp] (root,0,0,00:00:00/35-14:00:37,4) [rcu_par_gp] (root,0,0,00:00:00/35-14:00:37,5) [slub_flushwq] (root,0,0,00:00:00/35-14:00:37,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-14:00:37,9) [mm_percpu_wq] (root,0,0,00:00:00/35-14:00:37,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-14:00:37,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-14:00:37,12) [rcu_tasks_trace] (root,0,0,00:01:04/35-14:00:37,13) [ksoftirqd/0] (root,0,0,01:42:12/35-14:00:37,14) [rcu_preempt] (root,0,0,00:00:13/35-14:00:37,15) [migration/0] (root,0,0,00:00:00/35-14:00:37,16) [idle_inject/0] (root,0,0,00:00:00/35-14:00:37,18) [cpuhp/0] (root,0,0,00:00:00/35-14:00:37,19) [cpuhp/1] (root,0,0,00:00:00/35-14:00:37,20) [idle_inject/1] (root,0,0,00:00:13/35-14:00:37,21) [migration/1] (root,0,0,00:00:52/35-14:00:37,22) [ksoftirqd/1] (root,0,0,00:00:00/35-14:00:37,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-14:00:37,25) [cpuhp/2] (root,0,0,00:00:00/35-14:00:37,26) [idle_inject/2] (root,0,0,00:00:10/35-14:00:37,27) [migration/2] (root,0,0,01:05:03/35-14:00:37,28) [ksoftirqd/2] (root,0,0,00:00:00/35-14:00:37,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-14:00:37,31) [cpuhp/3] (root,0,0,00:00:00/35-14:00:37,32) [idle_inject/3] (root,0,0,00:00:12/35-14:00:37,33) [migration/3] (root,0,0,00:03:21/35-14:00:37,34) [ksoftirqd/3] (root,0,0,00:00:00/35-14:00:37,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-14:00:37,40) [kdevtmpfs] (root,0,0,00:00:00/35-14:00:37,41) [netns] (root,0,0,00:00:00/35-14:00:37,42) [inet_frag_wq] (root,0,0,00:00:12/35-14:00:37,43) [kauditd] (root,0,0,00:00:00/35-14:00:37,44) [khungtaskd] (root,0,0,00:00:00/35-14:00:37,45) [oom_reaper] (root,0,0,00:00:00/35-14:00:37,46) [writeback] (root,0,0,00:01:52/35-14:00:37,47) [kcompactd0] (root,0,0,00:00:00/35-14:00:37,48) [ksmd] (root,0,0,00:01:56/35-14:00:37,49) [khugepaged] (root,0,0,00:00:00/35-14:00:37,75) [kintegrityd] (root,0,0,00:00:00/35-14:00:37,76) [kblockd] (root,0,0,00:00:00/35-14:00:37,77) [blkcg_punt_bio] (root,0,0,00:00:00/35-14:00:37,79) [tpm_dev_wq] (root,0,0,00:00:00/35-14:00:37,80) [edac-poller] (root,0,0,00:00:00/35-14:00:37,81) [devfreq_wq] (root,0,0,00:00:00/35-14:00:37,110) [watchdogd] (root,0,0,00:00:02/35-14:00:37,111) [kswapd0] (root,0,0,00:00:09/35-14:00:37,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/35-14:00:35,115) [kthrotld] (root,0,0,00:00:00/35-14:00:35,116) [mld] (root,0,0,00:00:00/35-14:00:35,117) [ipv6_addrconf] (root,0,0,00:00:10/35-14:00:35,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-14:00:35,123) [kstrp] (root,0,0,00:00:00/35-14:00:35,124) [zswap-shrink] (root,0,0,00:00:00/35-14:00:35,125) [kworker/u9:0] (root,0,0,00:00:00/35-14:00:35,130) [charger_manager] (root,0,0,00:00:10/35-14:00:35,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/35-14:00:35,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/35-14:00:34,239) [kaluad] (root,0,0,00:00:00/35-14:00:34,258) [kmpath_rdacd] (root,0,0,00:00:00/35-14:00:34,304) [kmpathd] (root,0,0,00:00:00/35-14:00:34,305) [kmpath_handlerd] (root,0,0,00:00:00/35-14:00:33,342) [ata_sff] (root,0,0,00:00:00/35-14:00:33,343) [scsi_eh_0] (root,0,0,00:00:00/35-14:00:33,344) [scsi_tmf_0] (root,0,0,00:00:00/35-14:00:33,345) [scsi_eh_1] (root,0,0,00:00:00/35-14:00:33,346) [scsi_tmf_1] (root,0,0,00:01:11/35-14:00:30,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-14:00:30,367) [ext4-rsv-conver] (root,38604,7924,00:00:58/35-14:00:18,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/35-14:00:17,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:00:56/35-14:00:15,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:21/35-13:59:44,511) /sbin/auditd (messagebus,22932,5436,00:01:59/35-13:59:43,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:07/35-13:59:43,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/35-13:59:43,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/35-13:59:41,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/35-13:59:41,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/33:49,633) [kworker/u8:1-writeback] (root,548616,30252,00:00:42/35-13:59:27,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/35-13:59:27,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:34/35-13:59:27,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/35-13:59:27,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/35-13:59:27,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/35-13:59:27,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/35-13:59:27,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:55/35-13:59:27,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:09/35-13:59:27,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/35-13:59:27,1352) bpfilter_umh (root,26204,8116,00:00:18/35-13:59:27,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/35-13:59:27,1359) ntpd: asynchronous dns resolver (spot,361504,198372,2-02:18:21/35-13:59:26,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/35-13:59:26,1371) (sd-pam) (checkmk,48528,3192,00:00:00/35-13:59:26,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/35-13:59:26,1373) (sd-pam) (root,24216,5260,00:00:12/35-13:59:24,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/35-13:59:24,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/35-13:59:24,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/35-13:59:21,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:12/35-13:59:20,1527) sshd: syslogtunnel (root,696596,77900,00:49:15/35-13:59:18,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:01/02:08:49,1719) [kworker/2:2-events] (root,6656,3488,00:00:00/00:00,1951) /bin/bash /usr/bin/check_mk_agent (root,13744,3464,00:00:00/00:00,1969) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,1970) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (spot,223680,64860,00:19:42/35-13:59:06,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/29-19:34:41,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/35-13:58:41,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:58/35-13:58:41,3218) sshd: cm-ssh (root,0,0,00:00:00/06:40,7158) [kworker/3:1-ata_sff] (root,0,0,00:00:00/01:06:00,11281) [kworker/0:1-events] (root,0,0,00:00:00/04:35,16207) [kworker/1:2-events] (postfix,24244,8160,00:00:00/11:33,18195) pickup -l -t fifo -u (root,0,0,00:00:00/03:16:31,19269) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:18:36,20934) [kworker/1:1-events] (root,0,0,00:00:00/48:10,21127) [kworker/3:0-events] (root,0,0,00:00:00/18:20,25651) [kworker/2:0] (root,0,0,00:00:00/01:28,27726) [kworker/3:2-ata_sff] (root,0,0,00:00:00/09:04,29321) [kworker/0:0-events] (root,0,0,00:00:00/44:17,31979) [kworker/1:0-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-16 00:49 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836357b87a1cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:39/33-10:57:40,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/33-10:57:40,2) [kthreadd] (root,0,0,00:00:00/33-10:57:40,3) [rcu_gp] (root,0,0,00:00:00/33-10:57:40,4) [rcu_par_gp] (root,0,0,00:00:00/33-10:57:40,5) [slub_flushwq] (root,0,0,00:00:00/33-10:57:40,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-10:57:40,9) [mm_percpu_wq] (root,0,0,00:00:00/33-10:57:40,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-10:57:40,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-10:57:40,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-10:57:40,13) [ksoftirqd/0] (root,0,0,01:36:31/33-10:57:40,14) [rcu_preempt] (root,0,0,00:00:12/33-10:57:40,15) [migration/0] (root,0,0,00:00:00/33-10:57:40,16) [idle_inject/0] (root,0,0,00:00:00/33-10:57:40,18) [cpuhp/0] (root,0,0,00:00:00/33-10:57:40,19) [cpuhp/1] (root,0,0,00:00:00/33-10:57:40,20) [idle_inject/1] (root,0,0,00:00:12/33-10:57:40,21) [migration/1] (root,0,0,00:00:50/33-10:57:40,22) [ksoftirqd/1] (root,0,0,00:00:00/33-10:57:40,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-10:57:40,25) [cpuhp/2] (root,0,0,00:00:00/33-10:57:40,26) [idle_inject/2] (root,0,0,00:00:09/33-10:57:40,27) [migration/2] (root,0,0,01:01:36/33-10:57:40,28) [ksoftirqd/2] (root,0,0,00:00:00/33-10:57:40,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-10:57:40,31) [cpuhp/3] (root,0,0,00:00:00/33-10:57:40,32) [idle_inject/3] (root,0,0,00:00:12/33-10:57:40,33) [migration/3] (root,0,0,00:03:10/33-10:57:40,34) [ksoftirqd/3] (root,0,0,00:00:00/33-10:57:40,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-10:57:40,40) [kdevtmpfs] (root,0,0,00:00:00/33-10:57:40,41) [netns] (root,0,0,00:00:00/33-10:57:40,42) [inet_frag_wq] (root,0,0,00:00:12/33-10:57:40,43) [kauditd] (root,0,0,00:00:00/33-10:57:40,44) [khungtaskd] (root,0,0,00:00:00/33-10:57:40,45) [oom_reaper] (root,0,0,00:00:00/33-10:57:40,46) [writeback] (root,0,0,00:01:45/33-10:57:40,47) [kcompactd0] (root,0,0,00:00:00/33-10:57:40,48) [ksmd] (root,0,0,00:01:49/33-10:57:40,49) [khugepaged] (root,0,0,00:00:00/33-10:57:40,75) [kintegrityd] (root,0,0,00:00:00/33-10:57:40,76) [kblockd] (root,0,0,00:00:00/33-10:57:40,77) [blkcg_punt_bio] (root,0,0,00:00:00/33-10:57:40,79) [tpm_dev_wq] (root,0,0,00:00:00/33-10:57:40,80) [edac-poller] (root,0,0,00:00:00/33-10:57:40,81) [devfreq_wq] (root,0,0,00:00:00/33-10:57:40,110) [watchdogd] (root,0,0,00:00:02/33-10:57:40,111) [kswapd0] (root,0,0,00:00:09/33-10:57:40,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/33-10:57:38,115) [kthrotld] (root,0,0,00:00:00/33-10:57:38,116) [mld] (root,0,0,00:00:00/33-10:57:38,117) [ipv6_addrconf] (root,0,0,00:00:09/33-10:57:38,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-10:57:38,123) [kstrp] (root,0,0,00:00:00/33-10:57:38,124) [zswap-shrink] (root,0,0,00:00:00/33-10:57:38,125) [kworker/u9:0] (root,0,0,00:00:00/33-10:57:38,130) [charger_manager] (root,0,0,00:00:10/33-10:57:38,172) [kworker/1:1H-kblockd] (root,0,0,00:00:15/33-10:57:38,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/33-10:57:37,239) [kaluad] (root,0,0,00:00:00/33-10:57:37,258) [kmpath_rdacd] (root,0,0,00:00:00/33-10:57:37,304) [kmpathd] (root,0,0,00:00:00/33-10:57:37,305) [kmpath_handlerd] (root,0,0,00:00:00/33-10:57:36,342) [ata_sff] (root,0,0,00:00:00/33-10:57:36,343) [scsi_eh_0] (root,0,0,00:00:00/33-10:57:36,344) [scsi_tmf_0] (root,0,0,00:00:00/33-10:57:36,345) [scsi_eh_1] (root,0,0,00:00:00/33-10:57:36,346) [scsi_tmf_1] (root,0,0,00:01:07/33-10:57:33,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-10:57:33,367) [ext4-rsv-conver] (root,38604,7944,00:00:54/33-10:57:21,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/33-10:57:20,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:52/33-10:57:18,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:20/33-10:56:47,511) /sbin/auditd (messagebus,22932,5632,00:01:51/33-10:56:46,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:01:03/33-10:56:46,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/33-10:56:46,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/33-10:56:44,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/33-10:56:44,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:39/33-10:56:30,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/33-10:56:30,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:21/33-10:56:30,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/33-10:56:30,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/33-10:56:30,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/33-10:56:30,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/33-10:56:30,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:51/33-10:56:30,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:50/33-10:56:30,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/33-10:56:30,1352) bpfilter_umh (root,26204,8128,00:00:17/33-10:56:30,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/33-10:56:30,1359) ntpd: asynchronous dns resolver (spot,361312,200044,2-00:12:52/33-10:56:29,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/33-10:56:29,1371) (sd-pam) (checkmk,48528,3192,00:00:00/33-10:56:29,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/33-10:56:29,1373) (sd-pam) (root,24216,5260,00:00:11/33-10:56:27,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/33-10:56:27,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/33-10:56:27,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/33-10:56:24,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:05/33-10:56:23,1527) sshd: syslogtunnel (root,694036,73228,00:46:18/33-10:56:21,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,222656,63340,00:18:39/33-10:56:09,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/27-16:31:44,2557) tlsmgr -l -t unix -u (postfix,24244,8240,00:00:00/49:40,2889) pickup -l -t fifo -u (root,0,0,00:00:00/13:32,2925) [kworker/3:2-events] (root,35308,10108,00:00:00/33-10:55:44,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:51/33-10:55:44,3218) sshd: cm-ssh (root,0,0,00:00:00/36:32,3437) [kworker/0:2-events] (root,6656,3484,00:00:00/00:00,8832) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,8850) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,8851) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:46:23,15338) [kworker/1:0-events] (root,0,0,00:00:00/02:43:03,15620) [kworker/2:2-events] (root,0,0,00:00:00/08:19,15777) [kworker/3:1-ata_sff] (root,0,0,00:00:00/53:10,19377) [kworker/1:2] (root,0,0,00:00:00/59:50,26016) [kworker/2:0] (root,0,0,00:00:00/59:49,26130) [kworker/u8:1-events_unbound] (root,0,0,00:00:00/19:49,26155) [kworker/0:0-events] (root,0,0,00:00:00/01:36:05,28574) [kworker/u8:0-writeback] (root,0,0,00:00:00/03:09,30088) [kworker/3:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-13 21:46 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836350cfa8a6Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:32/31-11:01:23,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-11:01:23,2) [kthreadd] (root,0,0,00:00:00/31-11:01:23,3) [rcu_gp] (root,0,0,00:00:00/31-11:01:23,4) [rcu_par_gp] (root,0,0,00:00:00/31-11:01:23,5) [slub_flushwq] (root,0,0,00:00:00/31-11:01:23,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-11:01:23,9) [mm_percpu_wq] (root,0,0,00:00:00/31-11:01:23,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-11:01:23,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-11:01:23,12) [rcu_tasks_trace] (root,0,0,00:00:58/31-11:01:23,13) [ksoftirqd/0] (root,0,0,01:31:09/31-11:01:23,14) [rcu_preempt] (root,0,0,00:00:12/31-11:01:23,15) [migration/0] (root,0,0,00:00:00/31-11:01:23,16) [idle_inject/0] (root,0,0,00:00:00/31-11:01:23,18) [cpuhp/0] (root,0,0,00:00:00/31-11:01:23,19) [cpuhp/1] (root,0,0,00:00:00/31-11:01:23,20) [idle_inject/1] (root,0,0,00:00:12/31-11:01:23,21) [migration/1] (root,0,0,00:00:47/31-11:01:23,22) [ksoftirqd/1] (root,0,0,00:00:00/31-11:01:23,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-11:01:23,25) [cpuhp/2] (root,0,0,00:00:00/31-11:01:23,26) [idle_inject/2] (root,0,0,00:00:09/31-11:01:23,27) [migration/2] (root,0,0,00:58:29/31-11:01:23,28) [ksoftirqd/2] (root,0,0,00:00:00/31-11:01:23,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-11:01:23,31) [cpuhp/3] (root,0,0,00:00:00/31-11:01:23,32) [idle_inject/3] (root,0,0,00:00:11/31-11:01:23,33) [migration/3] (root,0,0,00:03:01/31-11:01:23,34) [ksoftirqd/3] (root,0,0,00:00:00/31-11:01:23,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-11:01:23,40) [kdevtmpfs] (root,0,0,00:00:00/31-11:01:23,41) [netns] (root,0,0,00:00:00/31-11:01:23,42) [inet_frag_wq] (root,0,0,00:00:11/31-11:01:23,43) [kauditd] (root,0,0,00:00:00/31-11:01:23,44) [khungtaskd] (root,0,0,00:00:00/31-11:01:23,45) [oom_reaper] (root,0,0,00:00:00/31-11:01:23,46) [writeback] (root,0,0,00:01:40/31-11:01:23,47) [kcompactd0] (root,0,0,00:00:00/31-11:01:23,48) [ksmd] (root,0,0,00:01:43/31-11:01:23,49) [khugepaged] (root,0,0,00:00:00/31-11:01:23,75) [kintegrityd] (root,0,0,00:00:00/31-11:01:23,76) [kblockd] (root,0,0,00:00:00/31-11:01:23,77) [blkcg_punt_bio] (root,0,0,00:00:00/31-11:01:23,79) [tpm_dev_wq] (root,0,0,00:00:00/31-11:01:23,80) [edac-poller] (root,0,0,00:00:00/31-11:01:23,81) [devfreq_wq] (root,0,0,00:00:00/31-11:01:23,110) [watchdogd] (root,0,0,00:00:02/31-11:01:23,111) [kswapd0] (root,0,0,00:00:08/31-11:01:23,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/31-11:01:21,115) [kthrotld] (root,0,0,00:00:00/31-11:01:21,116) [mld] (root,0,0,00:00:00/31-11:01:21,117) [ipv6_addrconf] (root,0,0,00:00:09/31-11:01:21,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-11:01:21,123) [kstrp] (root,0,0,00:00:00/31-11:01:21,124) [zswap-shrink] (root,0,0,00:00:00/31-11:01:21,125) [kworker/u9:0] (root,0,0,00:00:00/31-11:01:21,130) [charger_manager] (root,0,0,00:00:09/31-11:01:21,172) [kworker/1:1H-kblockd] (root,0,0,00:00:14/31-11:01:21,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/31-11:01:20,239) [kaluad] (root,0,0,00:00:00/31-11:01:20,258) [kmpath_rdacd] (root,0,0,00:00:00/31-11:01:20,304) [kmpathd] (root,0,0,00:00:00/31-11:01:20,305) [kmpath_handlerd] (root,0,0,00:00:00/31-11:01:19,342) [ata_sff] (root,0,0,00:00:00/31-11:01:19,343) [scsi_eh_0] (root,0,0,00:00:00/31-11:01:19,344) [scsi_tmf_0] (root,0,0,00:00:00/31-11:01:19,345) [scsi_eh_1] (root,0,0,00:00:00/31-11:01:19,346) [scsi_tmf_1] (root,0,0,00:01:03/31-11:01:16,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-11:01:16,367) [ext4-rsv-conver] (root,38604,7944,00:00:51/31-11:01:04,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/31-11:01:03,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:49/31-11:01:01,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:18/31-11:00:30,511) /sbin/auditd (messagebus,22932,5632,00:01:44/31-11:00:29,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:59/31-11:00:29,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/31-11:00:29,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/31-11:00:27,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/31-11:00:27,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:37/31-11:00:13,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/31-11:00:13,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:10/31-11:00:13,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/31-11:00:13,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/31-11:00:13,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/31-11:00:13,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/31-11:00:13,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:48/31-11:00:13,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:34/31-11:00:13,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/31-11:00:13,1352) bpfilter_umh (root,26204,8128,00:00:16/31-11:00:13,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/31-11:00:13,1359) ntpd: asynchronous dns resolver (spot,361712,200172,1-22:02:34/31-11:00:12,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/31-11:00:12,1371) (sd-pam) (checkmk,48528,3192,00:00:00/31-11:00:12,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/31-11:00:12,1373) (sd-pam) (root,24216,5260,00:00:11/31-11:00:10,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/31-11:00:10,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/31-11:00:10,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/31-11:00:07,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:57/31-11:00:06,1527) sshd: syslogtunnel (root,693780,74896,00:43:35/31-11:00:04,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,221632,61976,00:17:37/31-10:59:52,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/25-16:35:27,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/31-10:59:27,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:44/31-10:59:27,3218) sshd: cm-ssh (root,0,0,00:00:00/11:13,5388) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/58:27,5424) [kworker/0:2-events] (root,0,0,00:00:00/39:24,8236) [kworker/3:1-ata_sff] (root,0,0,00:00:00/02:38:35,8637) [kworker/1:1-events] (root,0,0,00:00:00/01:18,9665) [kworker/2:0] (root,0,0,00:00:00/09:21,9918) [kworker/3:0-ata_sff] (root,0,0,00:00:00/16:09:59,11736) [kworker/u8:1-ext4-rsv-conversion] (postfix,24244,8172,00:00:00/01:15:20,12724) pickup -l -t fifo -u (root,6656,3484,00:00:00/00:00,15529) /bin/bash /usr/bin/check_mk_agent (root,13744,3504,00:00:00/00:00,15547) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,15548) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:21:55,22602) [kworker/2:1-events] (root,0,0,00:00:00/01:11:54,23131) [kworker/1:0-events] (root,0,0,00:00:00/14:36,23935) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/24:32,28641) [kworker/0:1-events] (root,0,0,00:00:00/04:11,32427) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-11 21:50 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836381e4023dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:25/29-10:49:24,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-10:49:24,2) [kthreadd] (root,0,0,00:00:00/29-10:49:24,3) [rcu_gp] (root,0,0,00:00:00/29-10:49:24,4) [rcu_par_gp] (root,0,0,00:00:00/29-10:49:24,5) [slub_flushwq] (root,0,0,00:00:00/29-10:49:24,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-10:49:24,9) [mm_percpu_wq] (root,0,0,00:00:00/29-10:49:24,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-10:49:24,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-10:49:24,12) [rcu_tasks_trace] (root,0,0,00:00:54/29-10:49:24,13) [ksoftirqd/0] (root,0,0,01:25:21/29-10:49:24,14) [rcu_preempt] (root,0,0,00:00:11/29-10:49:24,15) [migration/0] (root,0,0,00:00:00/29-10:49:24,16) [idle_inject/0] (root,0,0,00:00:00/29-10:49:24,18) [cpuhp/0] (root,0,0,00:00:00/29-10:49:24,19) [cpuhp/1] (root,0,0,00:00:00/29-10:49:24,20) [idle_inject/1] (root,0,0,00:00:11/29-10:49:24,21) [migration/1] (root,0,0,00:00:44/29-10:49:24,22) [ksoftirqd/1] (root,0,0,00:00:00/29-10:49:24,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-10:49:24,25) [cpuhp/2] (root,0,0,00:00:00/29-10:49:24,26) [idle_inject/2] (root,0,0,00:00:08/29-10:49:24,27) [migration/2] (root,0,0,00:54:24/29-10:49:24,28) [ksoftirqd/2] (root,0,0,00:00:00/29-10:49:24,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-10:49:24,31) [cpuhp/3] (root,0,0,00:00:00/29-10:49:24,32) [idle_inject/3] (root,0,0,00:00:10/29-10:49:24,33) [migration/3] (root,0,0,00:02:49/29-10:49:24,34) [ksoftirqd/3] (root,0,0,00:00:00/29-10:49:24,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-10:49:24,40) [kdevtmpfs] (root,0,0,00:00:00/29-10:49:24,41) [netns] (root,0,0,00:00:00/29-10:49:24,42) [inet_frag_wq] (root,0,0,00:00:10/29-10:49:24,43) [kauditd] (root,0,0,00:00:00/29-10:49:24,44) [khungtaskd] (root,0,0,00:00:00/29-10:49:24,45) [oom_reaper] (root,0,0,00:00:00/29-10:49:24,46) [writeback] (root,0,0,00:01:34/29-10:49:24,47) [kcompactd0] (root,0,0,00:00:00/29-10:49:24,48) [ksmd] (root,0,0,00:01:35/29-10:49:24,49) [khugepaged] (root,0,0,00:00:00/29-10:49:24,75) [kintegrityd] (root,0,0,00:00:00/29-10:49:24,76) [kblockd] (root,0,0,00:00:00/29-10:49:24,77) [blkcg_punt_bio] (root,0,0,00:00:00/29-10:49:24,79) [tpm_dev_wq] (root,0,0,00:00:00/29-10:49:24,80) [edac-poller] (root,0,0,00:00:00/29-10:49:24,81) [devfreq_wq] (root,0,0,00:00:00/29-10:49:24,110) [watchdogd] (root,0,0,00:00:02/29-10:49:24,111) [kswapd0] (root,0,0,00:00:08/29-10:49:24,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/29-10:49:22,115) [kthrotld] (root,0,0,00:00:00/29-10:49:22,116) [mld] (root,0,0,00:00:00/29-10:49:22,117) [ipv6_addrconf] (root,0,0,00:00:08/29-10:49:22,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-10:49:22,123) [kstrp] (root,0,0,00:00:00/29-10:49:22,124) [zswap-shrink] (root,0,0,00:00:00/29-10:49:22,125) [kworker/u9:0] (root,0,0,00:00:00/29-10:49:22,130) [charger_manager] (root,0,0,00:00:09/29-10:49:22,172) [kworker/1:1H-kblockd] (root,0,0,00:00:13/29-10:49:22,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/29-10:49:21,239) [kaluad] (root,0,0,00:00:00/29-10:49:21,258) [kmpath_rdacd] (root,0,0,00:00:00/29-10:49:21,304) [kmpathd] (root,0,0,00:00:00/29-10:49:21,305) [kmpath_handlerd] (root,0,0,00:00:00/29-10:49:20,342) [ata_sff] (root,0,0,00:00:00/29-10:49:20,343) [scsi_eh_0] (root,0,0,00:00:00/29-10:49:20,344) [scsi_tmf_0] (root,0,0,00:00:00/29-10:49:20,345) [scsi_eh_1] (root,0,0,00:00:00/29-10:49:20,346) [scsi_tmf_1] (root,0,0,00:00:59/29-10:49:17,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-10:49:17,367) [ext4-rsv-conver] (root,38604,7944,00:00:47/29-10:49:05,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/29-10:49:04,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:46/29-10:49:02,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:17/29-10:48:31,511) /sbin/auditd (messagebus,22932,5632,00:01:35/29-10:48:30,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:54/29-10:48:30,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/29-10:48:30,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/29-10:48:28,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/29-10:48:28,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:34/29-10:48:14,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/29-10:48:14,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:58/29-10:48:14,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/29-10:48:14,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/29-10:48:14,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/29-10:48:14,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/29-10:48:14,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:45/29-10:48:14,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:16/29-10:48:14,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/29-10:48:14,1352) bpfilter_umh (root,26204,8128,00:00:14/29-10:48:14,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/29-10:48:14,1359) ntpd: asynchronous dns resolver (spot,361872,200196,1-19:41:26/29-10:48:13,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/29-10:48:13,1371) (sd-pam) (checkmk,48528,3192,00:00:00/29-10:48:13,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/29-10:48:13,1373) (sd-pam) (root,24216,5260,00:00:10/29-10:48:11,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/29-10:48:11,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/29-10:48:11,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/29-10:48:08,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:50/29-10:48:07,1527) sshd: syslogtunnel (root,693524,74428,00:40:42/29-10:48:05,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/03:51,1780) [kworker/2:2] (spot,220608,60744,00:16:34/29-10:47:53,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/23-16:23:28,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/29-10:47:28,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:37/29-10:47:28,3218) sshd: cm-ssh (root,0,0,00:00:00/02:19:04,5369) [kworker/1:2-events] (postfix,24244,8272,00:00:00/01:25:21,7332) pickup -l -t fifo -u (root,0,0,00:00:00/16:41,7616) [kworker/1:0-mm_percpu_wq] (root,0,0,00:00:00/01:56:37,9463) [kworker/0:2-cgroup_destroy] (root,0,0,00:00:00/27:36,9946) [kworker/u8:1-writeback] (root,0,0,00:00:00/00:25,13926) [kworker/3:1-ata_sff] (root,6656,3488,00:00:00/00:00,16031) /bin/bash /usr/bin/check_mk_agent (root,13744,3360,00:00:00/00:00,16049) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,16050) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/56:40,16583) [kworker/3:2-events] (root,0,0,00:00:00/55:33,20379) [kworker/2:1-events] (root,0,0,00:00:00/13:27,22291) [kworker/0:1-events] (root,0,0,00:00:00/39:17,26725) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/05:35,27906) [kworker/3:0-ata_sff] (root,0,0,00:00:00/02:54:16,31631) [kworker/u8:0-ext4-rsv-conversion] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-09 21:38 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363007c2f4fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:18/27-11:54:51,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-11:54:51,2) [kthreadd] (root,0,0,00:00:00/27-11:54:51,3) [rcu_gp] (root,0,0,00:00:00/27-11:54:51,4) [rcu_par_gp] (root,0,0,00:00:00/27-11:54:51,5) [slub_flushwq] (root,0,0,00:00:00/27-11:54:51,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-11:54:51,9) [mm_percpu_wq] (root,0,0,00:00:00/27-11:54:51,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-11:54:51,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-11:54:51,12) [rcu_tasks_trace] (root,0,0,00:00:51/27-11:54:51,13) [ksoftirqd/0] (root,0,0,01:20:02/27-11:54:51,14) [rcu_preempt] (root,0,0,00:00:10/27-11:54:51,15) [migration/0] (root,0,0,00:00:00/27-11:54:51,16) [idle_inject/0] (root,0,0,00:00:00/27-11:54:51,18) [cpuhp/0] (root,0,0,00:00:00/27-11:54:51,19) [cpuhp/1] (root,0,0,00:00:00/27-11:54:51,20) [idle_inject/1] (root,0,0,00:00:10/27-11:54:51,21) [migration/1] (root,0,0,00:00:42/27-11:54:51,22) [ksoftirqd/1] (root,0,0,00:00:00/27-11:54:51,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-11:54:51,25) [cpuhp/2] (root,0,0,00:00:00/27-11:54:51,26) [idle_inject/2] (root,0,0,00:00:08/27-11:54:51,27) [migration/2] (root,0,0,00:51:28/27-11:54:51,28) [ksoftirqd/2] (root,0,0,00:00:00/27-11:54:51,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-11:54:51,31) [cpuhp/3] (root,0,0,00:00:00/27-11:54:51,32) [idle_inject/3] (root,0,0,00:00:10/27-11:54:51,33) [migration/3] (root,0,0,00:02:41/27-11:54:51,34) [ksoftirqd/3] (root,0,0,00:00:00/27-11:54:51,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-11:54:51,40) [kdevtmpfs] (root,0,0,00:00:00/27-11:54:51,41) [netns] (root,0,0,00:00:00/27-11:54:51,42) [inet_frag_wq] (root,0,0,00:00:09/27-11:54:51,43) [kauditd] (root,0,0,00:00:00/27-11:54:51,44) [khungtaskd] (root,0,0,00:00:00/27-11:54:51,45) [oom_reaper] (root,0,0,00:00:00/27-11:54:51,46) [writeback] (root,0,0,00:01:28/27-11:54:51,47) [kcompactd0] (root,0,0,00:00:00/27-11:54:51,48) [ksmd] (root,0,0,00:01:29/27-11:54:51,49) [khugepaged] (root,0,0,00:00:00/27-11:54:51,75) [kintegrityd] (root,0,0,00:00:00/27-11:54:51,76) [kblockd] (root,0,0,00:00:00/27-11:54:51,77) [blkcg_punt_bio] (root,0,0,00:00:00/27-11:54:51,79) [tpm_dev_wq] (root,0,0,00:00:00/27-11:54:51,80) [edac-poller] (root,0,0,00:00:00/27-11:54:51,81) [devfreq_wq] (root,0,0,00:00:00/27-11:54:51,110) [watchdogd] (root,0,0,00:00:02/27-11:54:51,111) [kswapd0] (root,0,0,00:00:07/27-11:54:51,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/27-11:54:49,115) [kthrotld] (root,0,0,00:00:00/27-11:54:49,116) [mld] (root,0,0,00:00:00/27-11:54:49,117) [ipv6_addrconf] (root,0,0,00:00:07/27-11:54:49,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-11:54:49,123) [kstrp] (root,0,0,00:00:00/27-11:54:49,124) [zswap-shrink] (root,0,0,00:00:00/27-11:54:49,125) [kworker/u9:0] (root,0,0,00:00:00/27-11:54:49,130) [charger_manager] (root,0,0,00:00:08/27-11:54:49,172) [kworker/1:1H-kblockd] (root,0,0,00:00:12/27-11:54:49,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/27-11:54:48,239) [kaluad] (root,0,0,00:00:00/27-11:54:48,258) [kmpath_rdacd] (root,0,0,00:00:00/27-11:54:48,304) [kmpathd] (root,0,0,00:00:00/27-11:54:48,305) [kmpath_handlerd] (root,0,0,00:00:00/27-11:54:47,342) [ata_sff] (root,0,0,00:00:00/27-11:54:47,343) [scsi_eh_0] (root,0,0,00:00:00/27-11:54:47,344) [scsi_tmf_0] (root,0,0,00:00:00/27-11:54:47,345) [scsi_eh_1] (root,0,0,00:00:00/27-11:54:47,346) [scsi_tmf_1] (root,0,0,00:00:55/27-11:54:44,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-11:54:44,367) [ext4-rsv-conver] (root,38604,7944,00:00:43/27-11:54:32,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/27-11:54:31,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:43/27-11:54:29,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:15/27-11:53:58,511) /sbin/auditd (messagebus,22932,5632,00:01:26/27-11:53:57,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8328,00:00:49/27-11:53:57,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/27-11:53:57,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/27-11:53:55,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/27-11:53:55,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28512,00:00:32/27-11:53:41,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/27-11:53:41,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:48/27-11:53:41,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/27-11:53:41,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/27-11:53:41,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/27-11:53:41,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/27-11:53:41,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:41/27-11:53:41,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:03:59/27-11:53:41,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/27-11:53:41,1352) bpfilter_umh (root,26204,8128,00:00:13/27-11:53:41,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/27-11:53:41,1359) ntpd: asynchronous dns resolver (spot,296240,195072,1-17:08:58/27-11:53:40,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/27-11:53:40,1371) (sd-pam) (checkmk,48528,3192,00:00:00/27-11:53:40,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/27-11:53:40,1373) (sd-pam) (root,24216,5260,00:00:09/27-11:53:38,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:01/27-11:53:38,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/27-11:53:38,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/27-11:53:35,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:42/27-11:53:34,1527) sshd: syslogtunnel (root,693268,74056,00:38:01/27-11:53:32,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/01:00:41,1861) [kworker/0:2-mm_percpu_wq] (spot,219584,59120,00:15:33/27-11:53:20,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/05:06,2311) [kworker/2:2] (postfix,44628,9244,00:00:00/21-17:28:55,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/27-11:52:55,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:31/27-11:52:55,3218) sshd: cm-ssh (root,0,0,00:00:00/23:00,4690) [kworker/u8:1] (root,0,0,00:00:00/01:22:07,6602) [kworker/2:0-events] (root,0,0,00:00:00/57:40,7994) [kworker/1:0-events] (root,0,0,00:00:00/02:38,11119) [kworker/0:0-events] (root,0,0,00:00:00/42:36,21505) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/00:22,21718) [kworker/3:2-ata_sff] (root,0,0,00:00:00/17:27,22103) [kworker/0:1-events] (root,6656,3484,00:00:00/00:00,22224) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,22242) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,22243) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/15:56,28201) [kworker/3:0-events] (postfix,24244,8264,00:00:00/01:12:30,28642) pickup -l -t fifo -u (root,0,0,00:00:00/48:28,32123) [kworker/1:1-events] (root,0,0,00:00:00/05:33,32305) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-07 22:43 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363733876afFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:10/25-11:05:49,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-11:05:49,2) [kthreadd] (root,0,0,00:00:00/25-11:05:49,3) [rcu_gp] (root,0,0,00:00:00/25-11:05:49,4) [rcu_par_gp] (root,0,0,00:00:00/25-11:05:49,5) [slub_flushwq] (root,0,0,00:00:00/25-11:05:49,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-11:05:49,9) [mm_percpu_wq] (root,0,0,00:00:00/25-11:05:49,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-11:05:49,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-11:05:49,12) [rcu_tasks_trace] (root,0,0,00:00:48/25-11:05:49,13) [ksoftirqd/0] (root,0,0,01:14:28/25-11:05:49,14) [rcu_preempt] (root,0,0,00:00:09/25-11:05:49,15) [migration/0] (root,0,0,00:00:00/25-11:05:49,16) [idle_inject/0] (root,0,0,00:00:00/25-11:05:49,18) [cpuhp/0] (root,0,0,00:00:00/25-11:05:49,19) [cpuhp/1] (root,0,0,00:00:00/25-11:05:49,20) [idle_inject/1] (root,0,0,00:00:09/25-11:05:49,21) [migration/1] (root,0,0,00:00:39/25-11:05:49,22) [ksoftirqd/1] (root,0,0,00:00:00/25-11:05:49,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-11:05:49,25) [cpuhp/2] (root,0,0,00:00:00/25-11:05:49,26) [idle_inject/2] (root,0,0,00:00:07/25-11:05:49,27) [migration/2] (root,0,0,00:48:35/25-11:05:49,28) [ksoftirqd/2] (root,0,0,00:00:00/25-11:05:49,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-11:05:49,31) [cpuhp/3] (root,0,0,00:00:00/25-11:05:49,32) [idle_inject/3] (root,0,0,00:00:09/25-11:05:49,33) [migration/3] (root,0,0,00:02:30/25-11:05:49,34) [ksoftirqd/3] (root,0,0,00:00:00/25-11:05:49,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-11:05:49,40) [kdevtmpfs] (root,0,0,00:00:00/25-11:05:49,41) [netns] (root,0,0,00:00:00/25-11:05:49,42) [inet_frag_wq] (root,0,0,00:00:08/25-11:05:49,43) [kauditd] (root,0,0,00:00:00/25-11:05:49,44) [khungtaskd] (root,0,0,00:00:00/25-11:05:49,45) [oom_reaper] (root,0,0,00:00:00/25-11:05:49,46) [writeback] (root,0,0,00:01:21/25-11:05:49,47) [kcompactd0] (root,0,0,00:00:00/25-11:05:49,48) [ksmd] (root,0,0,00:01:23/25-11:05:49,49) [khugepaged] (root,0,0,00:00:00/25-11:05:49,75) [kintegrityd] (root,0,0,00:00:00/25-11:05:49,76) [kblockd] (root,0,0,00:00:00/25-11:05:49,77) [blkcg_punt_bio] (root,0,0,00:00:00/25-11:05:49,79) [tpm_dev_wq] (root,0,0,00:00:00/25-11:05:49,80) [edac-poller] (root,0,0,00:00:00/25-11:05:49,81) [devfreq_wq] (root,0,0,00:00:00/25-11:05:49,110) [watchdogd] (root,0,0,00:00:01/25-11:05:49,111) [kswapd0] (root,0,0,00:00:07/25-11:05:49,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/25-11:05:47,115) [kthrotld] (root,0,0,00:00:00/25-11:05:47,116) [mld] (root,0,0,00:00:00/25-11:05:47,117) [ipv6_addrconf] (root,0,0,00:00:07/25-11:05:47,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-11:05:47,123) [kstrp] (root,0,0,00:00:00/25-11:05:47,124) [zswap-shrink] (root,0,0,00:00:00/25-11:05:47,125) [kworker/u9:0] (root,0,0,00:00:00/25-11:05:47,130) [charger_manager] (root,0,0,00:00:07/25-11:05:47,172) [kworker/1:1H-kblockd] (root,0,0,00:00:11/25-11:05:47,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/25-11:05:46,239) [kaluad] (root,0,0,00:00:00/25-11:05:46,258) [kmpath_rdacd] (root,0,0,00:00:00/25-11:05:46,304) [kmpathd] (root,0,0,00:00:00/25-11:05:46,305) [kmpath_handlerd] (root,0,0,00:00:00/25-11:05:45,342) [ata_sff] (root,0,0,00:00:00/25-11:05:45,343) [scsi_eh_0] (root,0,0,00:00:00/25-11:05:45,344) [scsi_tmf_0] (root,0,0,00:00:00/25-11:05:45,345) [scsi_eh_1] (root,0,0,00:00:00/25-11:05:45,346) [scsi_tmf_1] (root,0,0,00:00:51/25-11:05:42,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-11:05:42,367) [ext4-rsv-conver] (root,38604,7992,00:00:39/25-11:05:30,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:03/25-11:05:29,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:40/25-11:05:27,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:14/25-11:04:56,511) /sbin/auditd (messagebus,22932,5912,00:01:17/25-11:04:55,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:44/25-11:04:55,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/25-11:04:55,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/25-11:04:53,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/25-11:04:53,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29508,00:00:30/25-11:04:39,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/25-11:04:39,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:35/25-11:04:39,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/25-11:04:39,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/25-11:04:39,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/25-11:04:39,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/25-11:04:39,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:37/25-11:04:39,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:41/25-11:04:39,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/25-11:04:39,1352) bpfilter_umh (root,26204,8212,00:00:12/25-11:04:39,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/25-11:04:39,1359) ntpd: asynchronous dns resolver (spot,296608,191624,1-14:52:34/25-11:04:38,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/25-11:04:38,1371) (sd-pam) (checkmk,48528,3192,00:00:00/25-11:04:38,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/25-11:04:38,1373) (sd-pam) (root,24216,5268,00:00:08/25-11:04:36,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/25-11:04:36,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/25-11:04:36,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/25-11:04:33,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:34/25-11:04:32,1527) sshd: syslogtunnel (root,693268,75792,00:35:14/25-11:04:30,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/10:26,1678) [kworker/0:0-cgroup_destroy] (spot,218560,57868,00:14:33/25-11:04:18,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/19-16:39:53,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/25-11:03:53,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:25/25-11:03:53,3218) sshd: cm-ssh (root,6656,3480,00:00:00/00:00,4459) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,4460) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,4488) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,4490) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/49:08,5871) [kworker/3:1-events] (root,0,0,00:00:00/08:58,6647) [kworker/u8:0] (root,0,0,00:00:00/02:32:19,10636) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/07:36,12313) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:16:59,14592) [kworker/0:2-events] (root,0,0,00:00:00/01:54:02,16766) [kworker/u8:2-flush-253:0] (postfix,24244,8260,00:00:00/44:33,17284) pickup -l -t fifo -u (root,0,0,00:00:00/16:31,18946) [kworker/1:1-events] (root,0,0,00:00:00/04:29,21873) [kworker/1:0-events] (root,0,0,00:00:00/01:25:57,23197) [kworker/2:0-events] (root,0,0,00:00:00/02:26,29237) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:30,31404) [kworker/0:1-events] (root,0,0,00:00:00/40:27,31512) [kworker/2:1-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-05 21:54 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639c9ac29fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:03/23-11:48:42,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-11:48:42,2) [kthreadd] (root,0,0,00:00:00/23-11:48:42,3) [rcu_gp] (root,0,0,00:00:00/23-11:48:42,4) [rcu_par_gp] (root,0,0,00:00:00/23-11:48:42,5) [slub_flushwq] (root,0,0,00:00:00/23-11:48:42,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-11:48:42,9) [mm_percpu_wq] (root,0,0,00:00:00/23-11:48:42,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-11:48:42,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-11:48:42,12) [rcu_tasks_trace] (root,0,0,00:00:45/23-11:48:42,13) [ksoftirqd/0] (root,0,0,01:08:57/23-11:48:42,14) [rcu_preempt] (root,0,0,00:00:09/23-11:48:42,15) [migration/0] (root,0,0,00:00:00/23-11:48:42,16) [idle_inject/0] (root,0,0,00:00:00/23-11:48:42,18) [cpuhp/0] (root,0,0,00:00:00/23-11:48:42,19) [cpuhp/1] (root,0,0,00:00:00/23-11:48:42,20) [idle_inject/1] (root,0,0,00:00:09/23-11:48:42,21) [migration/1] (root,0,0,00:00:37/23-11:48:42,22) [ksoftirqd/1] (root,0,0,00:00:00/23-11:48:42,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-11:48:42,25) [cpuhp/2] (root,0,0,00:00:00/23-11:48:42,26) [idle_inject/2] (root,0,0,00:00:07/23-11:48:42,27) [migration/2] (root,0,0,00:45:24/23-11:48:42,28) [ksoftirqd/2] (root,0,0,00:00:00/23-11:48:42,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-11:48:42,31) [cpuhp/3] (root,0,0,00:00:00/23-11:48:42,32) [idle_inject/3] (root,0,0,00:00:08/23-11:48:42,33) [migration/3] (root,0,0,00:02:21/23-11:48:42,34) [ksoftirqd/3] (root,0,0,00:00:00/23-11:48:42,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-11:48:42,40) [kdevtmpfs] (root,0,0,00:00:00/23-11:48:42,41) [netns] (root,0,0,00:00:00/23-11:48:42,42) [inet_frag_wq] (root,0,0,00:00:07/23-11:48:42,43) [kauditd] (root,0,0,00:00:00/23-11:48:42,44) [khungtaskd] (root,0,0,00:00:00/23-11:48:42,45) [oom_reaper] (root,0,0,00:00:00/23-11:48:42,46) [writeback] (root,0,0,00:01:15/23-11:48:42,47) [kcompactd0] (root,0,0,00:00:00/23-11:48:42,48) [ksmd] (root,0,0,00:01:16/23-11:48:42,49) [khugepaged] (root,0,0,00:00:00/23-11:48:42,75) [kintegrityd] (root,0,0,00:00:00/23-11:48:42,76) [kblockd] (root,0,0,00:00:00/23-11:48:42,77) [blkcg_punt_bio] (root,0,0,00:00:00/23-11:48:42,79) [tpm_dev_wq] (root,0,0,00:00:00/23-11:48:42,80) [edac-poller] (root,0,0,00:00:00/23-11:48:42,81) [devfreq_wq] (root,0,0,00:00:00/23-11:48:42,110) [watchdogd] (root,0,0,00:00:01/23-11:48:42,111) [kswapd0] (root,0,0,00:00:06/23-11:48:42,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/23-11:48:40,115) [kthrotld] (root,0,0,00:00:00/23-11:48:40,116) [mld] (root,0,0,00:00:00/23-11:48:40,117) [ipv6_addrconf] (root,0,0,00:00:06/23-11:48:40,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-11:48:40,123) [kstrp] (root,0,0,00:00:00/23-11:48:40,124) [zswap-shrink] (root,0,0,00:00:00/23-11:48:40,125) [kworker/u9:0] (root,0,0,00:00:00/23-11:48:40,130) [charger_manager] (root,0,0,00:00:07/23-11:48:40,172) [kworker/1:1H-kblockd] (root,0,0,00:00:10/23-11:48:40,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/23-11:48:39,239) [kaluad] (root,0,0,00:00:00/23-11:48:39,258) [kmpath_rdacd] (root,0,0,00:00:00/23-11:48:39,304) [kmpathd] (root,0,0,00:00:00/23-11:48:39,305) [kmpath_handlerd] (root,0,0,00:00:00/23-11:48:38,342) [ata_sff] (root,0,0,00:00:00/23-11:48:38,343) [scsi_eh_0] (root,0,0,00:00:00/23-11:48:38,344) [scsi_tmf_0] (root,0,0,00:00:00/23-11:48:38,345) [scsi_eh_1] (root,0,0,00:00:00/23-11:48:38,346) [scsi_tmf_1] (root,0,0,00:00:47/23-11:48:35,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-11:48:35,367) [ext4-rsv-conver] (root,38604,7992,00:00:35/23-11:48:23,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/23-11:48:22,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:37/23-11:48:20,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:12/23-11:47:49,511) /sbin/auditd (messagebus,22932,5912,00:01:08/23-11:47:48,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,0,0,00:00:00/05:37,527) [kworker/0:1] (root,38748,8392,00:00:39/23-11:47:48,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/23-11:47:48,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/23-11:47:46,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/23-11:47:46,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28468,00:00:27/23-11:47:32,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/23-11:47:32,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:26/23-11:47:32,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/23-11:47:32,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/23-11:47:32,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/23-11:47:32,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/23-11:47:32,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:33/23-11:47:32,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:24/23-11:47:32,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/23-11:47:32,1352) bpfilter_umh (root,26204,8212,00:00:10/23-11:47:32,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/23-11:47:32,1359) ntpd: asynchronous dns resolver (spot,291888,178068,1-12:28:26/23-11:47:31,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/23-11:47:31,1371) (sd-pam) (checkmk,48528,3192,00:00:00/23-11:47:31,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/23-11:47:31,1373) (sd-pam) (root,24216,5268,00:00:08/23-11:47:29,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/23-11:47:29,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/23-11:47:29,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/23-11:47:26,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:27/23-11:47:25,1527) sshd: syslogtunnel (root,692644,75232,00:32:30/23-11:47:23,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,56544,00:13:34/23-11:47:11,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/17-17:22:46,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/23-11:46:46,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:18/23-11:46:46,3218) sshd: cm-ssh (root,0,0,00:00:00/01:53:05,3775) [kworker/1:2-events] (root,0,0,00:00:00/05:12,4056) [kworker/3:0-ata_sff] (root,0,0,00:00:00/05:06,4103) [kworker/u8:1-writeback] (root,0,0,00:00:00/04:30:17,4562) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/11:59,4623) [kworker/0:2-events] (root,0,0,00:00:00/44:15,6461) [kworker/2:0] (root,0,0,00:00:00/36:21,8177) [kworker/3:2-events] (root,0,0,00:00:00/18:37,18134) [kworker/2:2-events] (postfix,24244,8168,00:00:00/09:11,18770) pickup -l -t fifo -u (root,0,0,00:00:00/50:03,20947) [kworker/1:1-events] (root,0,0,00:00:00/00:01,28482) [kworker/3:1] (root,6656,3484,00:00:00/00:00,28699) /bin/bash /usr/bin/check_mk_agent (root,13744,3480,00:00:00/00:00,28717) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,28718) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-03 22:37 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ed9a60f5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:54/21-11:10:28,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-11:10:28,2) [kthreadd] (root,0,0,00:00:00/21-11:10:28,3) [rcu_gp] (root,0,0,00:00:00/21-11:10:28,4) [rcu_par_gp] (root,0,0,00:00:00/21-11:10:28,5) [slub_flushwq] (root,0,0,00:00:00/21-11:10:28,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-11:10:28,9) [mm_percpu_wq] (root,0,0,00:00:00/21-11:10:28,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-11:10:28,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-11:10:28,12) [rcu_tasks_trace] (root,0,0,00:00:41/21-11:10:28,13) [ksoftirqd/0] (root,0,0,01:03:11/21-11:10:28,14) [rcu_preempt] (root,0,0,00:00:08/21-11:10:28,15) [migration/0] (root,0,0,00:00:00/21-11:10:28,16) [idle_inject/0] (root,0,0,00:00:00/21-11:10:28,18) [cpuhp/0] (root,0,0,00:00:00/21-11:10:28,19) [cpuhp/1] (root,0,0,00:00:00/21-11:10:28,20) [idle_inject/1] (root,0,0,00:00:08/21-11:10:28,21) [migration/1] (root,0,0,00:00:34/21-11:10:28,22) [ksoftirqd/1] (root,0,0,00:00:00/21-11:10:28,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-11:10:28,25) [cpuhp/2] (root,0,0,00:00:00/21-11:10:28,26) [idle_inject/2] (root,0,0,00:00:06/21-11:10:28,27) [migration/2] (root,0,0,00:42:30/21-11:10:28,28) [ksoftirqd/2] (root,0,0,00:00:00/21-11:10:28,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-11:10:28,31) [cpuhp/3] (root,0,0,00:00:00/21-11:10:28,32) [idle_inject/3] (root,0,0,00:00:08/21-11:10:28,33) [migration/3] (root,0,0,00:02:10/21-11:10:28,34) [ksoftirqd/3] (root,0,0,00:00:00/21-11:10:28,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-11:10:28,40) [kdevtmpfs] (root,0,0,00:00:00/21-11:10:28,41) [netns] (root,0,0,00:00:00/21-11:10:28,42) [inet_frag_wq] (root,0,0,00:00:06/21-11:10:28,43) [kauditd] (root,0,0,00:00:00/21-11:10:28,44) [khungtaskd] (root,0,0,00:00:00/21-11:10:28,45) [oom_reaper] (root,0,0,00:00:00/21-11:10:28,46) [writeback] (root,0,0,00:01:09/21-11:10:28,47) [kcompactd0] (root,0,0,00:00:00/21-11:10:28,48) [ksmd] (root,0,0,00:01:10/21-11:10:28,49) [khugepaged] (root,0,0,00:00:00/21-11:10:28,75) [kintegrityd] (root,0,0,00:00:00/21-11:10:28,76) [kblockd] (root,0,0,00:00:00/21-11:10:28,77) [blkcg_punt_bio] (root,0,0,00:00:00/21-11:10:28,79) [tpm_dev_wq] (root,0,0,00:00:00/21-11:10:28,80) [edac-poller] (root,0,0,00:00:00/21-11:10:28,81) [devfreq_wq] (root,0,0,00:00:00/21-11:10:28,110) [watchdogd] (root,0,0,00:00:01/21-11:10:28,111) [kswapd0] (root,0,0,00:00:05/21-11:10:28,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/21-11:10:26,115) [kthrotld] (root,0,0,00:00:00/21-11:10:26,116) [mld] (root,0,0,00:00:00/21-11:10:26,117) [ipv6_addrconf] (root,0,0,00:00:06/21-11:10:26,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-11:10:26,123) [kstrp] (root,0,0,00:00:00/21-11:10:26,124) [zswap-shrink] (root,0,0,00:00:00/21-11:10:26,125) [kworker/u9:0] (root,0,0,00:00:00/21-11:10:26,130) [charger_manager] (root,0,0,00:00:06/21-11:10:26,172) [kworker/1:1H-kblockd] (root,0,0,00:00:09/21-11:10:26,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/21-11:10:25,239) [kaluad] (root,0,0,00:00:00/21-11:10:25,258) [kmpath_rdacd] (root,0,0,00:00:00/21-11:10:25,304) [kmpathd] (root,0,0,00:00:00/21-11:10:25,305) [kmpath_handlerd] (root,0,0,00:00:00/21-11:10:24,342) [ata_sff] (root,0,0,00:00:00/21-11:10:24,343) [scsi_eh_0] (root,0,0,00:00:00/21-11:10:24,344) [scsi_tmf_0] (root,0,0,00:00:00/21-11:10:24,345) [scsi_eh_1] (root,0,0,00:00:00/21-11:10:24,346) [scsi_tmf_1] (root,0,0,00:00:43/21-11:10:21,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-11:10:21,367) [ext4-rsv-conver] (root,38604,7992,00:00:30/21-11:10:09,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/21-11:10:08,454) /usr/lib/systemd/systemd-udevd (root,0,0,00:00:00/13:09,461) [kworker/3:0-events] (root,8624,6244,00:00:34/21-11:10:06,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:10/21-11:09:35,511) /sbin/auditd (messagebus,22932,5912,00:00:57/21-11:09:34,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:33/21-11:09:34,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/21-11:09:34,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/21-11:09:32,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/21-11:09:32,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28468,00:00:25/21-11:09:18,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/21-11:09:18,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:14/21-11:09:18,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/21-11:09:18,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/21-11:09:18,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/21-11:09:18,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/21-11:09:18,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:29/21-11:09:18,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:07/21-11:09:18,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/21-11:09:18,1352) bpfilter_umh (root,26204,8212,00:00:08/21-11:09:18,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/21-11:09:18,1359) ntpd: asynchronous dns resolver (spot,312828,199256,1-09:48:46/21-11:09:17,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/21-11:09:17,1371) (sd-pam) (checkmk,48528,3192,00:00:00/21-11:09:17,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/21-11:09:17,1373) (sd-pam) (root,24216,5268,00:00:07/21-11:09:15,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/21-11:09:15,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/21-11:09:15,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/21-11:09:12,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:19/21-11:09:11,1527) sshd: syslogtunnel (root,692388,72908,00:29:41/21-11:09:09,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,215488,54944,00:12:30/21-11:08:57,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/12:49,2459) [kworker/1:1] (postfix,44628,9292,00:00:00/15-16:44:32,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/21-11:08:32,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:11/21-11:08:32,3218) sshd: cm-ssh (root,0,0,00:00:00/01:26:47,3830) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/01:35:21,5153) [kworker/1:0-events] (root,0,0,00:00:00/29:47,6565) [kworker/0:0] (root,0,0,00:00:00/29:05,9313) [kworker/u8:2-ext4-rsv-conversion] (postfix,24244,8172,00:00:00/01:32:54,11110) pickup -l -t fifo -u (root,0,0,00:00:00/03:41,13755) [kworker/u8:0-writeback] (root,0,0,00:00:00/01:40:58,17228) [kworker/0:1-events] (root,0,0,00:00:00/02:46,18036) [kworker/3:2-ata_sff] (root,0,0,00:00:00/24:09,22368) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/07:58,26147) [kworker/3:1-ata_sff] (root,6656,3464,00:00:00/00:00,29154) /bin/bash /usr/bin/check_mk_agent (root,13744,3380,00:00:00/00:00,29172) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,29173) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:49:03,29790) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-01 21:59 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363210afe29Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:44/19-11:46:08,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-11:46:08,2) [kthreadd] (root,0,0,00:00:00/19-11:46:08,3) [rcu_gp] (root,0,0,00:00:00/19-11:46:08,4) [rcu_par_gp] (root,0,0,00:00:00/19-11:46:08,5) [slub_flushwq] (root,0,0,00:00:00/19-11:46:08,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-11:46:08,9) [mm_percpu_wq] (root,0,0,00:00:00/19-11:46:08,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-11:46:08,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-11:46:08,12) [rcu_tasks_trace] (root,0,0,00:00:37/19-11:46:08,13) [ksoftirqd/0] (root,0,0,00:57:08/19-11:46:08,14) [rcu_preempt] (root,0,0,00:00:07/19-11:46:08,15) [migration/0] (root,0,0,00:00:00/19-11:46:08,16) [idle_inject/0] (root,0,0,00:00:00/19-11:46:08,18) [cpuhp/0] (root,0,0,00:00:00/19-11:46:08,19) [cpuhp/1] (root,0,0,00:00:00/19-11:46:08,20) [idle_inject/1] (root,0,0,00:00:07/19-11:46:08,21) [migration/1] (root,0,0,00:00:31/19-11:46:08,22) [ksoftirqd/1] (root,0,0,00:00:00/19-11:46:08,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-11:46:08,25) [cpuhp/2] (root,0,0,00:00:00/19-11:46:08,26) [idle_inject/2] (root,0,0,00:00:05/19-11:46:08,27) [migration/2] (root,0,0,00:39:04/19-11:46:08,28) [ksoftirqd/2] (root,0,0,00:00:00/19-11:46:08,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-11:46:08,31) [cpuhp/3] (root,0,0,00:00:00/19-11:46:08,32) [idle_inject/3] (root,0,0,00:00:07/19-11:46:08,33) [migration/3] (root,0,0,00:01:58/19-11:46:08,34) [ksoftirqd/3] (root,0,0,00:00:00/19-11:46:08,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-11:46:08,40) [kdevtmpfs] (root,0,0,00:00:00/19-11:46:08,41) [netns] (root,0,0,00:00:00/19-11:46:08,42) [inet_frag_wq] (root,0,0,00:00:05/19-11:46:08,43) [kauditd] (root,0,0,00:00:00/19-11:46:08,44) [khungtaskd] (root,0,0,00:00:00/19-11:46:08,45) [oom_reaper] (root,0,0,00:00:00/19-11:46:08,46) [writeback] (root,0,0,00:01:02/19-11:46:08,47) [kcompactd0] (root,0,0,00:00:00/19-11:46:08,48) [ksmd] (root,0,0,00:01:03/19-11:46:08,49) [khugepaged] (root,0,0,00:00:00/19-11:46:08,75) [kintegrityd] (root,0,0,00:00:00/19-11:46:08,76) [kblockd] (root,0,0,00:00:00/19-11:46:08,77) [blkcg_punt_bio] (root,0,0,00:00:00/19-11:46:08,79) [tpm_dev_wq] (root,0,0,00:00:00/19-11:46:08,80) [edac-poller] (root,0,0,00:00:00/19-11:46:08,81) [devfreq_wq] (root,0,0,00:00:00/19-11:46:08,110) [watchdogd] (root,0,0,00:00:01/19-11:46:08,111) [kswapd0] (root,0,0,00:00:05/19-11:46:08,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/19-11:46:06,115) [kthrotld] (root,0,0,00:00:00/19-11:46:06,116) [mld] (root,0,0,00:00:00/19-11:46:06,117) [ipv6_addrconf] (root,0,0,00:00:05/19-11:46:06,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-11:46:06,123) [kstrp] (root,0,0,00:00:00/19-11:46:06,124) [zswap-shrink] (root,0,0,00:00:00/19-11:46:06,125) [kworker/u9:0] (root,0,0,00:00:00/19-11:46:06,130) [charger_manager] (root,0,0,00:00:05/19-11:46:06,172) [kworker/1:1H-kblockd] (root,0,0,00:00:08/19-11:46:06,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/19-11:46:05,239) [kaluad] (root,0,0,00:00:00/19-11:46:05,258) [kmpath_rdacd] (root,0,0,00:00:00/19-11:46:05,304) [kmpathd] (root,0,0,00:00:00/19-11:46:05,305) [kmpath_handlerd] (root,0,0,00:00:00/19-11:46:04,342) [ata_sff] (root,0,0,00:00:00/19-11:46:04,343) [scsi_eh_0] (root,0,0,00:00:00/19-11:46:04,344) [scsi_tmf_0] (root,0,0,00:00:00/19-11:46:04,345) [scsi_eh_1] (root,0,0,00:00:00/19-11:46:04,346) [scsi_tmf_1] (root,0,0,00:00:38/19-11:46:01,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-11:46:01,367) [ext4-rsv-conver] (root,38604,7616,00:00:25/19-11:45:49,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/19-11:45:48,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:31/19-11:45:46,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:08/19-11:45:15,511) /sbin/auditd (messagebus,22932,5912,00:00:45/19-11:45:14,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:26/19-11:45:14,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/19-11:45:14,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/19-11:45:12,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/19-11:45:12,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:23/19-11:44:58,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/19-11:44:58,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:03/19-11:44:58,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/19-11:44:58,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/19-11:44:58,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/19-11:44:58,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/19-11:44:58,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:24/19-11:44:58,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:49/19-11:44:58,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/19-11:44:58,1352) bpfilter_umh (root,26204,8212,00:00:07/19-11:44:58,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/19-11:44:58,1359) ntpd: asynchronous dns resolver (spot,314412,199652,1-07:00:01/19-11:44:57,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/19-11:44:57,1371) (sd-pam) (checkmk,48528,3192,00:00:00/19-11:44:57,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/19-11:44:57,1373) (sd-pam) (root,24216,5268,00:00:06/19-11:44:55,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/19-11:44:55,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/19-11:44:55,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/19-11:44:52,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:10/19-11:44:51,1527) sshd: syslogtunnel (root,618656,73492,00:26:51/19-11:44:49,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/06:48,1837) [kworker/3:1-ata_sff] (spot,215488,53708,00:11:18/19-11:44:37,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/13-17:20:12,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/19-11:44:12,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:04/19-11:44:12,3218) sshd: cm-ssh (root,0,0,00:00:01/02:00:56,3324) [kworker/3:0-events] (root,0,0,00:00:00/06:34:47,5852) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/04:13,10933) [kworker/2:1-events] (root,0,0,00:00:00/01:56:52,12961) [kworker/2:0-events] (root,0,0,00:00:00/34:19,17258) [kworker/1:0-events] (root,0,0,00:00:00/12:34,18109) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/01:37,21088) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:52:36,23780) [kworker/0:1-events] (root,6656,3484,00:00:00/00:00,24620) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,24638) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,24639) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/50:49,25296) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/01:20:43,29630) [kworker/1:2-events] (root,0,0,00:00:00/01:10:23,29670) [kworker/0:2-events] (postfix,24244,8268,00:00:00/49:24,29784) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-29 22:34 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363aeac10b7Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:33/17-11:58:39,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-11:58:39,2) [kthreadd] (root,0,0,00:00:00/17-11:58:39,3) [rcu_gp] (root,0,0,00:00:00/17-11:58:39,4) [rcu_par_gp] (root,0,0,00:00:00/17-11:58:39,5) [slub_flushwq] (root,0,0,00:00:00/17-11:58:39,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-11:58:39,9) [mm_percpu_wq] (root,0,0,00:00:00/17-11:58:39,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-11:58:39,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-11:58:39,12) [rcu_tasks_trace] (root,0,0,00:00:33/17-11:58:39,13) [ksoftirqd/0] (root,0,0,00:50:15/17-11:58:39,14) [rcu_preempt] (root,0,0,00:00:06/17-11:58:39,15) [migration/0] (root,0,0,00:00:00/17-11:58:39,16) [idle_inject/0] (root,0,0,00:00:00/17-11:58:39,18) [cpuhp/0] (root,0,0,00:00:00/17-11:58:39,19) [cpuhp/1] (root,0,0,00:00:00/17-11:58:39,20) [idle_inject/1] (root,0,0,00:00:06/17-11:58:39,21) [migration/1] (root,0,0,00:00:27/17-11:58:39,22) [ksoftirqd/1] (root,0,0,00:00:00/17-11:58:39,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-11:58:39,25) [cpuhp/2] (root,0,0,00:00:00/17-11:58:39,26) [idle_inject/2] (root,0,0,00:00:05/17-11:58:39,27) [migration/2] (root,0,0,00:33:37/17-11:58:39,28) [ksoftirqd/2] (root,0,0,00:00:00/17-11:58:39,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-11:58:39,31) [cpuhp/3] (root,0,0,00:00:00/17-11:58:39,32) [idle_inject/3] (root,0,0,00:00:06/17-11:58:39,33) [migration/3] (root,0,0,00:01:40/17-11:58:39,34) [ksoftirqd/3] (root,0,0,00:00:00/17-11:58:39,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-11:58:39,40) [kdevtmpfs] (root,0,0,00:00:00/17-11:58:39,41) [netns] (root,0,0,00:00:00/17-11:58:39,42) [inet_frag_wq] (root,0,0,00:00:03/17-11:58:39,43) [kauditd] (root,0,0,00:00:00/17-11:58:39,44) [khungtaskd] (root,0,0,00:00:00/17-11:58:39,45) [oom_reaper] (root,0,0,00:00:00/17-11:58:39,46) [writeback] (root,0,0,00:00:55/17-11:58:39,47) [kcompactd0] (root,0,0,00:00:00/17-11:58:39,48) [ksmd] (root,0,0,00:00:56/17-11:58:39,49) [khugepaged] (root,0,0,00:00:00/17-11:58:39,75) [kintegrityd] (root,0,0,00:00:00/17-11:58:39,76) [kblockd] (root,0,0,00:00:00/17-11:58:39,77) [blkcg_punt_bio] (root,0,0,00:00:00/17-11:58:39,79) [tpm_dev_wq] (root,0,0,00:00:00/17-11:58:39,80) [edac-poller] (root,0,0,00:00:00/17-11:58:39,81) [devfreq_wq] (root,0,0,00:00:00/17-11:58:39,110) [watchdogd] (root,0,0,00:00:01/17-11:58:39,111) [kswapd0] (root,0,0,00:00:04/17-11:58:39,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/17-11:58:37,115) [kthrotld] (root,0,0,00:00:00/17-11:58:37,116) [mld] (root,0,0,00:00:00/17-11:58:37,117) [ipv6_addrconf] (root,0,0,00:00:04/17-11:58:37,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-11:58:37,123) [kstrp] (root,0,0,00:00:00/17-11:58:37,124) [zswap-shrink] (root,0,0,00:00:00/17-11:58:37,125) [kworker/u9:0] (root,0,0,00:00:00/17-11:58:37,130) [charger_manager] (root,0,0,00:00:05/17-11:58:37,172) [kworker/1:1H-kblockd] (root,0,0,00:00:07/17-11:58:37,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/17-11:58:36,239) [kaluad] (root,0,0,00:00:00/17-11:58:36,258) [kmpath_rdacd] (root,0,0,00:00:00/17-11:58:36,304) [kmpathd] (root,0,0,00:00:00/17-11:58:36,305) [kmpath_handlerd] (root,0,0,00:00:00/17-11:58:35,342) [ata_sff] (root,0,0,00:00:00/17-11:58:35,343) [scsi_eh_0] (root,0,0,00:00:00/17-11:58:35,344) [scsi_tmf_0] (root,0,0,00:00:00/17-11:58:35,345) [scsi_eh_1] (root,0,0,00:00:00/17-11:58:35,346) [scsi_tmf_1] (root,0,0,00:00:34/17-11:58:32,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-11:58:32,367) [ext4-rsv-conver] (root,38604,7616,00:00:19/17-11:58:20,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/17-11:58:19,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:27/17-11:58:17,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:06/17-11:57:46,511) /sbin/auditd (messagebus,22932,5912,00:00:31/17-11:57:45,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:18/17-11:57:45,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/17-11:57:45,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/17-11:57:43,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/17-11:57:43,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:20/17-11:57:29,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/17-11:57:29,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:50/17-11:57:29,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/17-11:57:29,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/17-11:57:29,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/17-11:57:29,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/17-11:57:29,1343) /usr/lib/systemd/systemd --user (root,448964,9120,00:00:19/17-11:57:29,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:30/17-11:57:29,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/17-11:57:29,1352) bpfilter_umh (root,26204,8212,00:00:04/17-11:57:29,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/17-11:57:29,1359) ntpd: asynchronous dns resolver (spot,315212,199852,1-02:59:03/17-11:57:28,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/17-11:57:28,1371) (sd-pam) (checkmk,48528,3192,00:00:00/17-11:57:28,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/17-11:57:28,1373) (sd-pam) (root,24216,5268,00:00:06/17-11:57:26,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/17-11:57:26,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/17-11:57:26,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/17-11:57:23,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:01/17-11:57:22,1527) sshd: syslogtunnel (root,618256,73116,00:23:55/17-11:57:20,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,214464,51672,00:10:01/17-11:57:08,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/11-17:32:43,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/44:11,2865) [kworker/0:0-events] (root,35308,10108,00:00:00/17-11:56:43,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:57/17-11:56:43,3218) sshd: cm-ssh (root,0,0,00:00:00/38:21,7010) [kworker/1:1-events] (root,0,0,00:00:00/07:35,9027) [kworker/2:1-events] (root,6656,3484,00:00:00/00:00,9296) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,9314) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,9315) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:08:19,14908) [kworker/u8:1-ext4-rsv-conversion] (postfix,24244,8324,00:00:00/01:23:52,18468) pickup -l -t fifo -u (root,0,0,00:00:00/12:48,19214) [kworker/3:2-ata_sff] (root,0,0,00:00:01/02:19:13,19474) [kworker/2:0-events] (root,0,0,00:00:00/05:26,21348) [kworker/0:2] (root,0,0,00:00:00/05:23,21562) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/04:35,23436) [kworker/3:0-ata_sff] (root,0,0,00:00:00/18:18,26584) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/17:58,27288) [kworker/3:1-events] (root,0,0,00:00:00/03:19,30515) [kworker/1:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-27 22:47 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836317b4767dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:23/15-09:36:43,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-09:36:43,2) [kthreadd] (root,0,0,00:00:00/15-09:36:43,3) [rcu_gp] (root,0,0,00:00:00/15-09:36:43,4) [rcu_par_gp] (root,0,0,00:00:00/15-09:36:43,5) [slub_flushwq] (root,0,0,00:00:00/15-09:36:43,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-09:36:43,9) [mm_percpu_wq] (root,0,0,00:00:00/15-09:36:43,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-09:36:43,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-09:36:43,12) [rcu_tasks_trace] (root,0,0,00:00:27/15-09:36:43,13) [ksoftirqd/0] (root,0,0,00:43:05/15-09:36:43,14) [rcu_preempt] (root,0,0,00:00:05/15-09:36:43,15) [migration/0] (root,0,0,00:00:00/15-09:36:43,16) [idle_inject/0] (root,0,0,00:00:00/15-09:36:43,18) [cpuhp/0] (root,0,0,00:00:00/15-09:36:43,19) [cpuhp/1] (root,0,0,00:00:00/15-09:36:43,20) [idle_inject/1] (root,0,0,00:00:05/15-09:36:43,21) [migration/1] (root,0,0,00:00:23/15-09:36:43,22) [ksoftirqd/1] (root,0,0,00:00:00/15-09:36:43,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-09:36:43,25) [cpuhp/2] (root,0,0,00:00:00/15-09:36:43,26) [idle_inject/2] (root,0,0,00:00:04/15-09:36:43,27) [migration/2] (root,0,0,00:27:59/15-09:36:43,28) [ksoftirqd/2] (root,0,0,00:00:00/15-09:36:43,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-09:36:43,31) [cpuhp/3] (root,0,0,00:00:00/15-09:36:43,32) [idle_inject/3] (root,0,0,00:00:05/15-09:36:43,33) [migration/3] (root,0,0,00:01:23/15-09:36:43,34) [ksoftirqd/3] (root,0,0,00:00:00/15-09:36:43,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-09:36:43,40) [kdevtmpfs] (root,0,0,00:00:00/15-09:36:43,41) [netns] (root,0,0,00:00:00/15-09:36:43,42) [inet_frag_wq] (root,0,0,00:00:01/15-09:36:43,43) [kauditd] (root,0,0,00:00:00/15-09:36:43,44) [khungtaskd] (root,0,0,00:00:00/15-09:36:43,45) [oom_reaper] (root,0,0,00:00:00/15-09:36:43,46) [writeback] (root,0,0,00:00:47/15-09:36:43,47) [kcompactd0] (root,0,0,00:00:00/15-09:36:43,48) [ksmd] (root,0,0,00:00:49/15-09:36:43,49) [khugepaged] (root,0,0,00:00:00/15-09:36:43,75) [kintegrityd] (root,0,0,00:00:00/15-09:36:43,76) [kblockd] (root,0,0,00:00:00/15-09:36:43,77) [blkcg_punt_bio] (root,0,0,00:00:00/15-09:36:43,79) [tpm_dev_wq] (root,0,0,00:00:00/15-09:36:43,80) [edac-poller] (root,0,0,00:00:00/15-09:36:43,81) [devfreq_wq] (root,0,0,00:00:00/15-09:36:43,110) [watchdogd] (root,0,0,00:00:01/15-09:36:43,111) [kswapd0] (root,0,0,00:00:04/15-09:36:43,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/15-09:36:41,115) [kthrotld] (root,0,0,00:00:00/15-09:36:41,116) [mld] (root,0,0,00:00:00/15-09:36:41,117) [ipv6_addrconf] (root,0,0,00:00:04/15-09:36:41,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-09:36:41,123) [kstrp] (root,0,0,00:00:00/15-09:36:41,124) [zswap-shrink] (root,0,0,00:00:00/15-09:36:41,125) [kworker/u9:0] (root,0,0,00:00:00/15-09:36:41,130) [charger_manager] (root,0,0,00:00:04/15-09:36:41,172) [kworker/1:1H-kblockd] (root,0,0,00:00:06/15-09:36:41,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/15-09:36:40,239) [kaluad] (root,0,0,00:00:00/15-09:36:40,258) [kmpath_rdacd] (root,0,0,00:00:00/15-09:36:40,304) [kmpathd] (root,0,0,00:00:00/15-09:36:40,305) [kmpath_handlerd] (root,0,0,00:00:00/15-09:36:39,342) [ata_sff] (root,0,0,00:00:00/15-09:36:39,343) [scsi_eh_0] (root,0,0,00:00:00/15-09:36:39,344) [scsi_tmf_0] (root,0,0,00:00:00/15-09:36:39,345) [scsi_eh_1] (root,0,0,00:00:00/15-09:36:39,346) [scsi_tmf_1] (root,0,0,00:00:29/15-09:36:36,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-09:36:36,367) [ext4-rsv-conver] (root,38604,7616,00:00:13/15-09:36:24,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/15-09:36:23,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:23/15-09:36:21,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:04/15-09:35:50,511) /sbin/auditd (messagebus,22932,5912,00:00:18/15-09:35:49,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:11/15-09:35:49,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/15-09:35:49,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/15-09:35:47,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/15-09:35:47,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26432,00:00:18/15-09:35:33,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/15-09:35:33,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:35/15-09:35:33,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/15-09:35:33,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/15-09:35:33,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/15-09:35:33,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/15-09:35:33,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:14/15-09:35:33,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:10/15-09:35:33,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/15-09:35:33,1352) bpfilter_umh (root,26204,8212,00:00:03/15-09:35:33,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/15-09:35:33,1359) ntpd: asynchronous dns resolver (spot,314668,199716,22:07:44/15-09:35:32,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/15-09:35:32,1371) (sd-pam) (checkmk,48528,3192,00:00:00/15-09:35:32,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/15-09:35:32,1373) (sd-pam) (root,24216,5268,00:00:05/15-09:35:30,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/15-09:35:30,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/15-09:35:30,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/15-09:35:27,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:52/15-09:35:26,1527) sshd: syslogtunnel (root,617868,72916,00:20:52/15-09:35:24,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,49856,00:08:39/15-09:35:12,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/9-15:10:47,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:00:20,2845) [kworker/0:2-events] (root,35308,10108,00:00:00/15-09:34:47,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:49/15-09:34:47,3218) sshd: cm-ssh (root,0,0,00:00:00/13:43,3282) [kworker/3:1-events] (root,0,0,00:00:00/03:20,5762) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:35:26,6932) [kworker/2:2-events] (root,0,0,00:00:00/33:12,9389) [kworker/1:1] (root,0,0,00:00:00/24:53,13705) [kworker/u8:2-ext4-rsv-conversion] (root,6656,3484,00:00:00/00:00,15711) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,15729) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,15730) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/08:31,16496) [kworker/3:2-ata_sff] (postfix,24244,8280,00:00:00/01:03:49,20164) pickup -l -t fifo -u (root,0,0,00:00:00/05:43:50,21313) [kworker/0:0-events] (root,0,0,00:00:01/05:19:00,24128) [kworker/1:2-events] (root,0,0,00:00:00/02:25:09,29013) [kworker/2:0-events] (root,0,0,00:00:00/04:28:02,31205) [kworker/u8:0-flush-253:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-25 20:25 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f169973aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:20/13-11:38:38,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-11:38:38,2) [kthreadd] (root,0,0,00:00:00/13-11:38:38,3) [rcu_gp] (root,0,0,00:00:00/13-11:38:38,4) [rcu_par_gp] (root,0,0,00:00:00/13-11:38:38,5) [slub_flushwq] (root,0,0,00:00:00/13-11:38:38,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-11:38:38,9) [mm_percpu_wq] (root,0,0,00:00:00/13-11:38:38,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-11:38:38,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-11:38:38,12) [rcu_tasks_trace] (root,0,0,00:00:23/13-11:38:38,13) [ksoftirqd/0] (root,0,0,00:37:05/13-11:38:38,14) [rcu_preempt] (root,0,0,00:00:05/13-11:38:38,15) [migration/0] (root,0,0,00:00:00/13-11:38:38,16) [idle_inject/0] (root,0,0,00:00:00/13-11:38:38,18) [cpuhp/0] (root,0,0,00:00:00/13-11:38:38,19) [cpuhp/1] (root,0,0,00:00:00/13-11:38:38,20) [idle_inject/1] (root,0,0,00:00:05/13-11:38:38,21) [migration/1] (root,0,0,00:00:19/13-11:38:38,22) [ksoftirqd/1] (root,0,0,00:00:00/13-11:38:38,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-11:38:38,25) [cpuhp/2] (root,0,0,00:00:00/13-11:38:38,26) [idle_inject/2] (root,0,0,00:00:03/13-11:38:38,27) [migration/2] (root,0,0,00:24:25/13-11:38:38,28) [ksoftirqd/2] (root,0,0,00:00:00/13-11:38:38,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-11:38:38,31) [cpuhp/3] (root,0,0,00:00:00/13-11:38:38,32) [idle_inject/3] (root,0,0,00:00:04/13-11:38:38,33) [migration/3] (root,0,0,00:01:10/13-11:38:38,34) [ksoftirqd/3] (root,0,0,00:00:00/13-11:38:38,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-11:38:38,40) [kdevtmpfs] (root,0,0,00:00:00/13-11:38:38,41) [netns] (root,0,0,00:00:00/13-11:38:38,42) [inet_frag_wq] (root,0,0,00:00:01/13-11:38:38,43) [kauditd] (root,0,0,00:00:00/13-11:38:38,44) [khungtaskd] (root,0,0,00:00:00/13-11:38:38,45) [oom_reaper] (root,0,0,00:00:00/13-11:38:38,46) [writeback] (root,0,0,00:00:41/13-11:38:38,47) [kcompactd0] (root,0,0,00:00:00/13-11:38:38,48) [ksmd] (root,0,0,00:00:43/13-11:38:38,49) [khugepaged] (root,0,0,00:00:00/13-11:38:38,75) [kintegrityd] (root,0,0,00:00:00/13-11:38:38,76) [kblockd] (root,0,0,00:00:00/13-11:38:38,77) [blkcg_punt_bio] (root,0,0,00:00:00/13-11:38:38,79) [tpm_dev_wq] (root,0,0,00:00:00/13-11:38:38,80) [edac-poller] (root,0,0,00:00:00/13-11:38:38,81) [devfreq_wq] (root,0,0,00:00:00/13-11:38:38,110) [watchdogd] (root,0,0,00:00:01/13-11:38:38,111) [kswapd0] (root,0,0,00:00:03/13-11:38:38,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/13-11:38:36,115) [kthrotld] (root,0,0,00:00:00/13-11:38:36,116) [mld] (root,0,0,00:00:00/13-11:38:36,117) [ipv6_addrconf] (root,0,0,00:00:03/13-11:38:36,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-11:38:36,123) [kstrp] (root,0,0,00:00:00/13-11:38:36,124) [zswap-shrink] (root,0,0,00:00:00/13-11:38:36,125) [kworker/u9:0] (root,0,0,00:00:00/13-11:38:36,130) [charger_manager] (root,0,0,00:00:03/13-11:38:36,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/13-11:38:36,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/13-11:38:35,239) [kaluad] (root,0,0,00:00:00/13-11:38:35,258) [kmpath_rdacd] (root,0,0,00:00:00/13-11:38:35,304) [kmpathd] (root,0,0,00:00:00/13-11:38:35,305) [kmpath_handlerd] (root,0,0,00:00:00/13-11:38:34,342) [ata_sff] (root,0,0,00:00:00/13-11:38:34,343) [scsi_eh_0] (root,0,0,00:00:00/13-11:38:34,344) [scsi_tmf_0] (root,0,0,00:00:00/13-11:38:34,345) [scsi_eh_1] (root,0,0,00:00:00/13-11:38:34,346) [scsi_tmf_1] (root,0,0,00:00:25/13-11:38:31,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-11:38:31,367) [ext4-rsv-conver] (root,38604,7616,00:00:12/13-11:38:19,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/13-11:38:18,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:20/13-11:38:16,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/13-11:37:45,511) /sbin/auditd (messagebus,22932,5912,00:00:16/13-11:37:44,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:10/13-11:37:44,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/13-11:37:44,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/13-11:37:42,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/13-11:37:42,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26172,00:00:15/13-11:37:28,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/13-11:37:28,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:23/13-11:37:28,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/13-11:37:28,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/13-11:37:28,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/13-11:37:28,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/13-11:37:28,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:13/13-11:37:28,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:53/13-11:37:28,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/13-11:37:28,1352) bpfilter_umh (root,26204,8212,00:00:02/13-11:37:28,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/13-11:37:28,1359) ntpd: asynchronous dns resolver (spot,306428,189972,18:34:55/13-11:37:27,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/13-11:37:27,1371) (sd-pam) (checkmk,48528,3192,00:00:00/13-11:37:27,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/13-11:37:27,1373) (sd-pam) (root,24216,5268,00:00:04/13-11:37:25,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/13-11:37:25,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/13-11:37:25,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/13-11:37:22,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:45/13-11:37:21,1527) sshd: syslogtunnel (root,617868,70668,00:18:09/13-11:37:19,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/05:24,1941) [kworker/3:0-ata_sff] (spot,212416,48308,00:07:28/13-11:37:07,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/7-17:12:42,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/13-11:36:42,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:43/13-11:36:42,3218) sshd: cm-ssh (root,0,0,00:00:00/20:20,5639) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/44:53,14919) [kworker/1:0-events] (root,0,0,00:00:00/01:33:31,16390) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/00:13,19839) [kworker/3:2-ata_sff] (root,6656,3488,00:00:00/00:00,20092) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,20110) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,20111) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/16:48,21144) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/32:44,21914) [kworker/1:1-cgroup_destroy] (postfix,24244,8228,00:00:00/07:34,24772) pickup -l -t fifo -u (root,0,0,00:00:00/01:21:52,25621) [kworker/2:0-events] (root,0,0,00:00:00/15:48,25940) [kworker/3:1-events] (root,0,0,00:00:01/06:41:25,29222) [kworker/0:0-events] (root,0,0,00:00:00/01:09:33,31978) [kworker/0:1-events_power_efficient] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-23 22:27 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363580e82d7Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:18/11-11:34:15,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-11:34:15,2) [kthreadd] (root,0,0,00:00:00/11-11:34:15,3) [rcu_gp] (root,0,0,00:00:00/11-11:34:15,4) [rcu_par_gp] (root,0,0,00:00:00/11-11:34:15,5) [slub_flushwq] (root,0,0,00:00:00/11-11:34:15,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-11:34:15,9) [mm_percpu_wq] (root,0,0,00:00:00/11-11:34:15,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-11:34:15,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-11:34:15,12) [rcu_tasks_trace] (root,0,0,00:00:20/11-11:34:15,13) [ksoftirqd/0] (root,0,0,00:31:33/11-11:34:15,14) [rcu_preempt] (root,0,0,00:00:04/11-11:34:15,15) [migration/0] (root,0,0,00:00:00/11-11:34:15,16) [idle_inject/0] (root,0,0,00:00:00/11-11:34:15,18) [cpuhp/0] (root,0,0,00:00:00/11-11:34:15,19) [cpuhp/1] (root,0,0,00:00:00/11-11:34:15,20) [idle_inject/1] (root,0,0,00:00:04/11-11:34:15,21) [migration/1] (root,0,0,00:00:16/11-11:34:15,22) [ksoftirqd/1] (root,0,0,00:00:00/11-11:34:15,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-11:34:15,25) [cpuhp/2] (root,0,0,00:00:00/11-11:34:15,26) [idle_inject/2] (root,0,0,00:00:03/11-11:34:15,27) [migration/2] (root,0,0,00:21:00/11-11:34:15,28) [ksoftirqd/2] (root,0,0,00:00:00/11-11:34:15,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-11:34:15,31) [cpuhp/3] (root,0,0,00:00:00/11-11:34:15,32) [idle_inject/3] (root,0,0,00:00:04/11-11:34:15,33) [migration/3] (root,0,0,00:01:00/11-11:34:15,34) [ksoftirqd/3] (root,0,0,00:00:00/11-11:34:15,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-11:34:15,40) [kdevtmpfs] (root,0,0,00:00:00/11-11:34:15,41) [netns] (root,0,0,00:00:00/11-11:34:15,42) [inet_frag_wq] (root,0,0,00:00:01/11-11:34:15,43) [kauditd] (root,0,0,00:00:00/11-11:34:15,44) [khungtaskd] (root,0,0,00:00:00/11-11:34:15,45) [oom_reaper] (root,0,0,00:00:00/11-11:34:15,46) [writeback] (root,0,0,00:00:34/11-11:34:15,47) [kcompactd0] (root,0,0,00:00:00/11-11:34:15,48) [ksmd] (root,0,0,00:00:37/11-11:34:15,49) [khugepaged] (root,0,0,00:00:00/11-11:34:15,75) [kintegrityd] (root,0,0,00:00:00/11-11:34:15,76) [kblockd] (root,0,0,00:00:00/11-11:34:15,77) [blkcg_punt_bio] (root,0,0,00:00:00/11-11:34:15,79) [tpm_dev_wq] (root,0,0,00:00:00/11-11:34:15,80) [edac-poller] (root,0,0,00:00:00/11-11:34:15,81) [devfreq_wq] (root,0,0,00:00:00/11-11:34:15,110) [watchdogd] (root,0,0,00:00:00/11-11:34:15,111) [kswapd0] (root,0,0,00:00:02/11-11:34:15,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-11:34:13,115) [kthrotld] (root,0,0,00:00:00/11-11:34:13,116) [mld] (root,0,0,00:00:00/11-11:34:13,117) [ipv6_addrconf] (root,0,0,00:00:03/11-11:34:13,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-11:34:13,123) [kstrp] (root,0,0,00:00:00/11-11:34:13,124) [zswap-shrink] (root,0,0,00:00:00/11-11:34:13,125) [kworker/u9:0] (root,0,0,00:00:00/11-11:34:13,130) [charger_manager] (root,0,0,00:00:03/11-11:34:13,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/11-11:34:13,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/11-11:34:12,239) [kaluad] (root,0,0,00:00:00/11-11:34:12,258) [kmpath_rdacd] (root,0,0,00:00:00/11-11:34:12,304) [kmpathd] (root,0,0,00:00:00/11-11:34:12,305) [kmpath_handlerd] (root,0,0,00:00:00/11-11:34:11,342) [ata_sff] (root,0,0,00:00:00/11-11:34:11,343) [scsi_eh_0] (root,0,0,00:00:00/11-11:34:11,344) [scsi_tmf_0] (root,0,0,00:00:00/11-11:34:11,345) [scsi_eh_1] (root,0,0,00:00:00/11-11:34:11,346) [scsi_tmf_1] (root,0,0,00:00:21/11-11:34:08,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-11:34:08,367) [ext4-rsv-conver] (root,38604,7616,00:00:10/11-11:33:56,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/11-11:33:55,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:17/11-11:33:53,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/11-11:33:22,511) /sbin/auditd (messagebus,22932,5912,00:00:14/11-11:33:21,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8380,00:00:08/11-11:33:21,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/11-11:33:21,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/11-11:33:19,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/11-11:33:19,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25104,00:00:13/11-11:33:05,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/11-11:33:05,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:11/11-11:33:05,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/11-11:33:05,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/11-11:33:05,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/11-11:33:05,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/11-11:33:05,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:11/11-11:33:05,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:37/11-11:33:05,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/11-11:33:05,1352) bpfilter_umh (root,26204,8212,00:00:02/11-11:33:05,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/11-11:33:05,1359) ntpd: asynchronous dns resolver (spot,293724,179292,15:26:46/11-11:33:04,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/11-11:33:04,1371) (sd-pam) (checkmk,48528,3192,00:00:00/11-11:33:04,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/11-11:33:04,1373) (sd-pam) (root,24216,5268,00:00:03/11-11:33:02,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/11-11:33:02,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/11-11:33:02,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/11-11:32:59,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:39/11-11:32:58,1527) sshd: syslogtunnel (root,617612,70248,00:15:26/11-11:32:56,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,210368,47020,00:06:17/11-11:32:44,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/5-17:08:19,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/11-11:32:19,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:36/11-11:32:19,3218) sshd: cm-ssh (root,0,0,00:00:00/06:14,4699) [kworker/3:2-events] (root,0,0,00:00:03/21:42:48,7785) [kworker/2:1-events] (root,0,0,00:00:00/27:00,8324) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:55:37,12699) [kworker/u8:0-ext4-rsv-conversion] (postfix,24244,8224,00:00:00/24:06,13066) pickup -l -t fifo -u (root,0,0,00:00:00/02:05:44,15461) [kworker/u8:2-writeback] (root,0,0,00:00:00/04:31:22,19628) [kworker/0:1-events] (root,0,0,00:00:00/04:06:55,20763) [kworker/1:0-events] (root,0,0,00:00:00/03:30:58,24825) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/01:04,27262) [kworker/3:1-ata_sff] (root,0,0,00:00:00/03:06:38,28099) [kworker/1:2-events] (root,0,0,00:00:00/02:42:29,29792) [kworker/0:0-events] (root,6656,3484,00:00:00/00:00,30654) /bin/bash /usr/bin/check_mk_agent (root,13744,3504,00:00:00/00:00,30672) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,30673) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-21 22:22 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683630588f5abFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:15/9-12:37:54,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-12:37:54,2) [kthreadd] (root,0,0,00:00:00/9-12:37:54,3) [rcu_gp] (root,0,0,00:00:00/9-12:37:54,4) [rcu_par_gp] (root,0,0,00:00:00/9-12:37:54,5) [slub_flushwq] (root,0,0,00:00:00/9-12:37:54,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-12:37:54,9) [mm_percpu_wq] (root,0,0,00:00:00/9-12:37:54,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-12:37:54,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-12:37:54,12) [rcu_tasks_trace] (root,0,0,00:00:17/9-12:37:54,13) [ksoftirqd/0] (root,0,0,00:25:54/9-12:37:54,14) [rcu_preempt] (root,0,0,00:00:03/9-12:37:54,15) [migration/0] (root,0,0,00:00:00/9-12:37:54,16) [idle_inject/0] (root,0,0,00:00:00/9-12:37:54,18) [cpuhp/0] (root,0,0,00:00:00/9-12:37:54,19) [cpuhp/1] (root,0,0,00:00:00/9-12:37:54,20) [idle_inject/1] (root,0,0,00:00:03/9-12:37:54,21) [migration/1] (root,0,0,00:00:14/9-12:37:54,22) [ksoftirqd/1] (root,0,0,00:00:00/9-12:37:54,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-12:37:54,25) [cpuhp/2] (root,0,0,00:00:00/9-12:37:54,26) [idle_inject/2] (root,0,0,00:00:02/9-12:37:54,27) [migration/2] (root,0,0,00:17:31/9-12:37:54,28) [ksoftirqd/2] (root,0,0,00:00:00/9-12:37:54,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-12:37:54,31) [cpuhp/3] (root,0,0,00:00:00/9-12:37:54,32) [idle_inject/3] (root,0,0,00:00:03/9-12:37:54,33) [migration/3] (root,0,0,00:00:50/9-12:37:54,34) [ksoftirqd/3] (root,0,0,00:00:00/9-12:37:54,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-12:37:54,40) [kdevtmpfs] (root,0,0,00:00:00/9-12:37:54,41) [netns] (root,0,0,00:00:00/9-12:37:54,42) [inet_frag_wq] (root,0,0,00:00:01/9-12:37:54,43) [kauditd] (root,0,0,00:00:00/9-12:37:54,44) [khungtaskd] (root,0,0,00:00:00/9-12:37:54,45) [oom_reaper] (root,0,0,00:00:00/9-12:37:54,46) [writeback] (root,0,0,00:00:28/9-12:37:54,47) [kcompactd0] (root,0,0,00:00:00/9-12:37:54,48) [ksmd] (root,0,0,00:00:31/9-12:37:54,49) [khugepaged] (root,0,0,00:00:00/9-12:37:54,75) [kintegrityd] (root,0,0,00:00:00/9-12:37:54,76) [kblockd] (root,0,0,00:00:00/9-12:37:54,77) [blkcg_punt_bio] (root,0,0,00:00:00/9-12:37:54,79) [tpm_dev_wq] (root,0,0,00:00:00/9-12:37:54,80) [edac-poller] (root,0,0,00:00:00/9-12:37:54,81) [devfreq_wq] (root,0,0,00:00:00/9-12:37:54,110) [watchdogd] (root,0,0,00:00:00/9-12:37:54,111) [kswapd0] (root,0,0,00:00:02/9-12:37:54,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-12:37:52,115) [kthrotld] (root,0,0,00:00:00/9-12:37:52,116) [mld] (root,0,0,00:00:00/9-12:37:52,117) [ipv6_addrconf] (root,0,0,00:00:02/9-12:37:52,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-12:37:52,123) [kstrp] (root,0,0,00:00:00/9-12:37:52,124) [zswap-shrink] (root,0,0,00:00:00/9-12:37:52,125) [kworker/u9:0] (root,0,0,00:00:00/9-12:37:52,130) [charger_manager] (root,0,0,00:00:02/9-12:37:52,172) [kworker/1:1H-kblockd] (root,0,0,00:00:04/9-12:37:52,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/9-12:37:51,239) [kaluad] (root,0,0,00:00:00/9-12:37:51,258) [kmpath_rdacd] (root,0,0,00:00:00/9-12:37:51,304) [kmpathd] (root,0,0,00:00:00/9-12:37:51,305) [kmpath_handlerd] (root,0,0,00:00:00/9-12:37:50,342) [ata_sff] (root,0,0,00:00:00/9-12:37:50,343) [scsi_eh_0] (root,0,0,00:00:00/9-12:37:50,344) [scsi_tmf_0] (root,0,0,00:00:00/9-12:37:50,345) [scsi_eh_1] (root,0,0,00:00:00/9-12:37:50,346) [scsi_tmf_1] (root,0,0,00:00:17/9-12:37:47,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-12:37:47,367) [ext4-rsv-conver] (root,38604,7616,00:00:08/9-12:37:35,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/9-12:37:34,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:14/9-12:37:32,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/9-12:37:01,511) /sbin/auditd (messagebus,22932,5912,00:00:12/9-12:37:00,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8368,00:00:07/9-12:37:00,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/9-12:37:00,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/9-12:36:58,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/9-12:36:58,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,24840,00:00:11/9-12:36:44,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/9-12:36:44,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:02/9-12:36:44,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/9-12:36:44,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/9-12:36:44,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/9-12:36:44,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/9-12:36:44,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:09/9-12:36:44,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:20/9-12:36:44,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/9-12:36:44,1352) bpfilter_umh (root,26204,8212,00:00:01/9-12:36:44,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/9-12:36:44,1359) ntpd: asynchronous dns resolver (spot,293840,180184,12:22:20/9-12:36:43,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/9-12:36:43,1371) (sd-pam) (checkmk,48528,3192,00:00:00/9-12:36:43,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/9-12:36:43,1373) (sd-pam) (root,24216,5268,00:00:03/9-12:36:41,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/9-12:36:41,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/9-12:36:41,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/9-12:36:38,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:32/9-12:36:37,1527) sshd: syslogtunnel (root,617356,69960,00:12:45/9-12:36:35,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,210368,46000,00:05:08/9-12:36:23,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/3-18:11:58,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/9-12:35:58,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:30/9-12:35:58,3218) sshd: cm-ssh (root,0,0,00:00:00/01:27:07,4425) [kworker/2:2-events] (root,0,0,00:00:00/02:29:13,9613) [kworker/1:0-events] (root,0,0,00:00:00/03:30:28,11212) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/01:56,11956) [kworker/3:2-ata_sff] (root,0,0,00:00:01/01:35:19,12819) [kworker/3:1-events] (root,0,0,00:00:00/11:08,13984) [kworker/u8:0-writeback] (root,0,0,00:00:00/04:56:04,14915) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:01/04:42:31,15893) [kworker/0:0-events] (root,0,0,00:00:00/02:17:02,20227) [kworker/0:1] (root,6656,3480,00:00:00/00:00,20258) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,20319) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,20320) /bin/bash /usr/bin/check_mk_agent (root,4480,1188,00:00:00/00:00,20321) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,780,00:00:00/00:00,20322) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,6656,3484,00:00:00/00:00,20323) /bin/bash /usr/bin/check_mk_agent (root,2680,740,00:00:00/00:00,20324) cat /proc/net/tcp /proc/net/tcp6 (root,13744,3320,00:00:00/00:00,20342) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,20343) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8200,00:00:00/09:28,21847) pickup -l -t fifo -u (root,0,0,00:00:02/07:55:58,26887) [kworker/1:2-events] (root,0,0,00:00:00/07:08,28734) [kworker/3:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-19 23:26 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a66b6369Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:12/7-12:09:30,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-12:09:30,2) [kthreadd] (root,0,0,00:00:00/7-12:09:30,3) [rcu_gp] (root,0,0,00:00:00/7-12:09:30,4) [rcu_par_gp] (root,0,0,00:00:00/7-12:09:30,5) [slub_flushwq] (root,0,0,00:00:00/7-12:09:30,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-12:09:30,9) [mm_percpu_wq] (root,0,0,00:00:00/7-12:09:30,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-12:09:30,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-12:09:30,12) [rcu_tasks_trace] (root,0,0,00:00:12/7-12:09:30,13) [ksoftirqd/0] (root,0,0,00:19:58/7-12:09:30,14) [rcu_preempt] (root,0,0,00:00:02/7-12:09:30,15) [migration/0] (root,0,0,00:00:00/7-12:09:30,16) [idle_inject/0] (root,0,0,00:00:00/7-12:09:30,18) [cpuhp/0] (root,0,0,00:00:00/7-12:09:30,19) [cpuhp/1] (root,0,0,00:00:00/7-12:09:30,20) [idle_inject/1] (root,0,0,00:00:03/7-12:09:30,21) [migration/1] (root,0,0,00:00:10/7-12:09:30,22) [ksoftirqd/1] (root,0,0,00:00:00/7-12:09:30,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-12:09:30,25) [cpuhp/2] (root,0,0,00:00:00/7-12:09:30,26) [idle_inject/2] (root,0,0,00:00:02/7-12:09:30,27) [migration/2] (root,0,0,00:13:13/7-12:09:30,28) [ksoftirqd/2] (root,0,0,00:00:00/7-12:09:30,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-12:09:30,31) [cpuhp/3] (root,0,0,00:00:00/7-12:09:30,32) [idle_inject/3] (root,0,0,00:00:02/7-12:09:30,33) [migration/3] (root,0,0,00:00:37/7-12:09:30,34) [ksoftirqd/3] (root,0,0,00:00:00/7-12:09:30,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-12:09:30,40) [kdevtmpfs] (root,0,0,00:00:00/7-12:09:30,41) [netns] (root,0,0,00:00:00/7-12:09:30,42) [inet_frag_wq] (root,0,0,00:00:00/7-12:09:30,43) [kauditd] (root,0,0,00:00:00/7-12:09:30,44) [khungtaskd] (root,0,0,00:00:00/7-12:09:30,45) [oom_reaper] (root,0,0,00:00:00/7-12:09:30,46) [writeback] (root,0,0,00:00:22/7-12:09:30,47) [kcompactd0] (root,0,0,00:00:00/7-12:09:30,48) [ksmd] (root,0,0,00:00:24/7-12:09:30,49) [khugepaged] (root,0,0,00:00:00/7-12:09:30,75) [kintegrityd] (root,0,0,00:00:00/7-12:09:30,76) [kblockd] (root,0,0,00:00:00/7-12:09:30,77) [blkcg_punt_bio] (root,0,0,00:00:00/7-12:09:30,79) [tpm_dev_wq] (root,0,0,00:00:00/7-12:09:30,80) [edac-poller] (root,0,0,00:00:00/7-12:09:30,81) [devfreq_wq] (root,0,0,00:00:00/7-12:09:30,110) [watchdogd] (root,0,0,00:00:00/7-12:09:30,111) [kswapd0] (root,0,0,00:00:01/7-12:09:30,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-12:09:28,115) [kthrotld] (root,0,0,00:00:00/7-12:09:28,116) [mld] (root,0,0,00:00:00/7-12:09:28,117) [ipv6_addrconf] (root,0,0,00:00:01/7-12:09:28,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-12:09:28,123) [kstrp] (root,0,0,00:00:00/7-12:09:28,124) [zswap-shrink] (root,0,0,00:00:00/7-12:09:28,125) [kworker/u9:0] (root,0,0,00:00:00/7-12:09:28,130) [charger_manager] (root,0,0,00:00:02/7-12:09:28,172) [kworker/1:1H-kblockd] (root,0,0,00:00:03/7-12:09:28,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/7-12:09:27,239) [kaluad] (root,0,0,00:00:00/7-12:09:27,258) [kmpath_rdacd] (root,0,0,00:00:00/7-12:09:27,304) [kmpathd] (root,0,0,00:00:00/7-12:09:27,305) [kmpath_handlerd] (root,0,0,00:00:00/7-12:09:26,342) [ata_sff] (root,0,0,00:00:00/7-12:09:26,343) [scsi_eh_0] (root,0,0,00:00:00/7-12:09:26,344) [scsi_tmf_0] (root,0,0,00:00:00/7-12:09:26,345) [scsi_eh_1] (root,0,0,00:00:00/7-12:09:26,346) [scsi_tmf_1] (root,0,0,00:00:13/7-12:09:23,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-12:09:23,367) [ext4-rsv-conver] (root,38604,7616,00:00:07/7-12:09:11,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/7-12:09:10,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:11/7-12:09:08,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/7-12:08:37,511) /sbin/auditd (messagebus,22932,5912,00:00:09/7-12:08:36,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:05/7-12:08:36,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/7-12:08:36,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,0,0,00:00:00/18:00,599) [kworker/1:2] (root,31704,17436,00:00:03/7-12:08:34,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/7-12:08:34,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,23800,00:00:08/7-12:08:20,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/7-12:08:20,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:46/7-12:08:20,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/7-12:08:20,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/7-12:08:20,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/7-12:08:20,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/7-12:08:20,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:08/7-12:08:20,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:02/7-12:08:20,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/7-12:08:20,1352) bpfilter_umh (root,26204,8212,00:00:01/7-12:08:20,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/7-12:08:20,1359) ntpd: asynchronous dns resolver (spot,290684,176872,09:12:15/7-12:08:19,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/7-12:08:19,1371) (sd-pam) (checkmk,48528,3192,00:00:00/7-12:08:19,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/7-12:08:19,1373) (sd-pam) (root,24216,5268,00:00:02/7-12:08:17,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/7-12:08:17,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/7-12:08:17,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/7-12:08:14,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:25/7-12:08:13,1527) sshd: syslogtunnel (root,617356,69812,00:09:57/7-12:08:11,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,44436,00:03:54/7-12:07:59,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/04:09,2294) [kworker/3:0-ata_sff] (postfix,44628,9380,00:00:00/1-17:43:34,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/7-12:07:34,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:23/7-12:07:34,3218) sshd: cm-ssh (postfix,24244,8216,00:00:00/03:08,5947) pickup -l -t fifo -u (root,0,0,00:00:01/08:54:43,6969) [kworker/0:2-events] (root,0,0,00:00:00/01:39:18,12808) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/01:46:22,17990) [kworker/2:0-events] (root,0,0,00:00:01/06:19:41,18376) [kworker/2:2-events] (root,6656,3492,00:00:00/00:00,18783) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,18801) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,992,00:00:00/00:00,18802) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/57:40,20009) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/09:20,22435) [kworker/3:1-events] (root,0,0,00:00:00/01:11:36,22475) [kworker/3:2-ata_sff] (root,0,0,00:00:00/28:56,26012) [kworker/0:0-mm_percpu_wq] (root,0,0,00:00:00/51:37,27803) [kworker/1:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-17 22:58 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683630b6e091fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:09/5-11:15:53,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-11:15:53,2) [kthreadd] (root,0,0,00:00:00/5-11:15:53,3) [rcu_gp] (root,0,0,00:00:00/5-11:15:53,4) [rcu_par_gp] (root,0,0,00:00:00/5-11:15:53,5) [slub_flushwq] (root,0,0,00:00:00/5-11:15:53,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-11:15:53,9) [mm_percpu_wq] (root,0,0,00:00:00/5-11:15:53,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-11:15:53,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-11:15:53,12) [rcu_tasks_trace] (root,0,0,00:00:09/5-11:15:53,13) [ksoftirqd/0] (root,0,0,00:14:05/5-11:15:53,14) [rcu_preempt] (root,0,0,00:00:01/5-11:15:53,15) [migration/0] (root,0,0,00:00:00/5-11:15:53,16) [idle_inject/0] (root,0,0,00:00:00/5-11:15:53,18) [cpuhp/0] (root,0,0,00:00:00/5-11:15:53,19) [cpuhp/1] (root,0,0,00:00:00/5-11:15:53,20) [idle_inject/1] (root,0,0,00:00:02/5-11:15:53,21) [migration/1] (root,0,0,00:00:07/5-11:15:53,22) [ksoftirqd/1] (root,0,0,00:00:00/5-11:15:53,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-11:15:53,25) [cpuhp/2] (root,0,0,00:00:00/5-11:15:53,26) [idle_inject/2] (root,0,0,00:00:01/5-11:15:53,27) [migration/2] (root,0,0,00:09:10/5-11:15:53,28) [ksoftirqd/2] (root,0,0,00:00:00/5-11:15:53,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-11:15:53,31) [cpuhp/3] (root,0,0,00:00:00/5-11:15:53,32) [idle_inject/3] (root,0,0,00:00:02/5-11:15:53,33) [migration/3] (root,0,0,00:00:25/5-11:15:53,34) [ksoftirqd/3] (root,0,0,00:00:00/5-11:15:53,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-11:15:53,40) [kdevtmpfs] (root,0,0,00:00:00/5-11:15:53,41) [netns] (root,0,0,00:00:00/5-11:15:53,42) [inet_frag_wq] (root,0,0,00:00:00/5-11:15:53,43) [kauditd] (root,0,0,00:00:00/5-11:15:53,44) [khungtaskd] (root,0,0,00:00:00/5-11:15:53,45) [oom_reaper] (root,0,0,00:00:00/5-11:15:53,46) [writeback] (root,0,0,00:00:15/5-11:15:53,47) [kcompactd0] (root,0,0,00:00:00/5-11:15:53,48) [ksmd] (root,0,0,00:00:16/5-11:15:53,49) [khugepaged] (root,0,0,00:00:00/5-11:15:53,75) [kintegrityd] (root,0,0,00:00:00/5-11:15:53,76) [kblockd] (root,0,0,00:00:00/5-11:15:53,77) [blkcg_punt_bio] (root,0,0,00:00:00/5-11:15:53,79) [tpm_dev_wq] (root,0,0,00:00:00/5-11:15:53,80) [edac-poller] (root,0,0,00:00:00/5-11:15:53,81) [devfreq_wq] (root,0,0,00:00:00/5-11:15:53,110) [watchdogd] (root,0,0,00:00:00/5-11:15:53,111) [kswapd0] (root,0,0,00:00:01/5-11:15:53,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-11:15:51,115) [kthrotld] (root,0,0,00:00:00/5-11:15:51,116) [mld] (root,0,0,00:00:00/5-11:15:51,117) [ipv6_addrconf] (root,0,0,00:00:01/5-11:15:51,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-11:15:51,123) [kstrp] (root,0,0,00:00:00/5-11:15:51,124) [zswap-shrink] (root,0,0,00:00:00/5-11:15:51,125) [kworker/u9:0] (root,0,0,00:00:00/5-11:15:51,130) [charger_manager] (root,0,0,00:00:01/5-11:15:51,172) [kworker/1:1H-kblockd] (root,0,0,00:00:02/5-11:15:51,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/5-11:15:50,239) [kaluad] (root,0,0,00:00:00/5-11:15:50,258) [kmpath_rdacd] (root,0,0,00:00:00/5-11:15:50,304) [kmpathd] (root,0,0,00:00:00/5-11:15:50,305) [kmpath_handlerd] (root,0,0,00:00:00/5-11:15:49,342) [ata_sff] (root,0,0,00:00:00/5-11:15:49,343) [scsi_eh_0] (root,0,0,00:00:00/5-11:15:49,344) [scsi_tmf_0] (root,0,0,00:00:00/5-11:15:49,345) [scsi_eh_1] (root,0,0,00:00:00/5-11:15:49,346) [scsi_tmf_1] (root,0,0,00:00:09/5-11:15:46,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-11:15:46,367) [ext4-rsv-conver] (root,38604,7616,00:00:05/5-11:15:34,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/5-11:15:33,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:08/5-11:15:31,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/5-11:15:00,511) /sbin/auditd (messagebus,22932,5912,00:00:07/5-11:14:59,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:04/5-11:14:59,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/5-11:14:59,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/5-11:14:57,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/5-11:14:57,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,23628,00:00:06/5-11:14:43,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/5-11:14:43,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:33/5-11:14:43,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/5-11:14:43,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/5-11:14:43,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/5-11:14:43,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/5-11:14:43,1343) /usr/lib/systemd/systemd --user (root,448964,8616,00:00:06/5-11:14:43,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:43/5-11:14:43,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/5-11:14:43,1352) bpfilter_umh (root,26204,8212,00:00:01/5-11:14:43,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/5-11:14:43,1359) ntpd: asynchronous dns resolver (spot,212428,174688,06:14:01/5-11:14:42,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/5-11:14:42,1371) (sd-pam) (checkmk,48528,3192,00:00:00/5-11:14:42,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/5-11:14:42,1373) (sd-pam) (root,24216,5268,00:00:01/5-11:14:40,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/5-11:14:40,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/5-11:14:40,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/5-11:14:37,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:18/5-11:14:36,1527) sshd: syslogtunnel (root,617100,71456,00:07:07/5-11:14:34,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/04:48,1947) [kworker/1:1-events] (spot,207296,43148,00:02:45/5-11:14:22,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/5-11:13:57,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:16/5-11:13:57,3218) sshd: cm-ssh (root,0,0,00:00:03/07:20:10,7244) [kworker/3:2-events] (root,0,0,00:00:00/53:22,11231) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/01:38,16277) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:33:15,18387) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/49:20,18842) [kworker/0:0-events] (root,0,0,00:00:00/03:56:24,19129) [kworker/0:1-events] (root,6656,3484,00:00:00/00:00,20440) /bin/bash /usr/bin/check_mk_agent (root,13744,3532,00:00:00/00:00,20458) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,20459) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/03:34:29,20908) [kworker/2:1-events] (postfix,24244,8264,00:00:00/01:10:31,21538) pickup -l -t fifo -u (root,0,0,00:00:00/02:17:18,25521) [kworker/1:2-events] (root,0,0,00:00:00/06:49,27417) [kworker/3:1-ata_sff] (root,0,0,00:00:00/08:09:06,28908) [kworker/u8:2-writeback] (root,0,0,00:00:00/16:28,31575) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-15 22:04 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c935af4dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:07/3-11:58:53,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-11:58:53,2) [kthreadd] (root,0,0,00:00:00/3-11:58:53,3) [rcu_gp] (root,0,0,00:00:00/3-11:58:53,4) [rcu_par_gp] (root,0,0,00:00:00/3-11:58:53,5) [slub_flushwq] (root,0,0,00:00:00/3-11:58:53,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-11:58:53,9) [mm_percpu_wq] (root,0,0,00:00:00/3-11:58:53,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-11:58:53,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-11:58:53,12) [rcu_tasks_trace] (root,0,0,00:00:05/3-11:58:53,13) [ksoftirqd/0] (root,0,0,00:08:57/3-11:58:53,14) [rcu_preempt] (root,0,0,00:00:01/3-11:58:53,15) [migration/0] (root,0,0,00:00:00/3-11:58:53,16) [idle_inject/0] (root,0,0,00:00:00/3-11:58:53,18) [cpuhp/0] (root,0,0,00:00:00/3-11:58:53,19) [cpuhp/1] (root,0,0,00:00:00/3-11:58:53,20) [idle_inject/1] (root,0,0,00:00:01/3-11:58:53,21) [migration/1] (root,0,0,00:00:05/3-11:58:53,22) [ksoftirqd/1] (root,0,0,00:00:00/3-11:58:53,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-11:58:53,25) [cpuhp/2] (root,0,0,00:00:00/3-11:58:53,26) [idle_inject/2] (root,0,0,00:00:01/3-11:58:53,27) [migration/2] (root,0,0,00:06:02/3-11:58:53,28) [ksoftirqd/2] (root,0,0,00:00:00/3-11:58:53,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-11:58:53,31) [cpuhp/3] (root,0,0,00:00:00/3-11:58:53,32) [idle_inject/3] (root,0,0,00:00:01/3-11:58:53,33) [migration/3] (root,0,0,00:00:16/3-11:58:53,34) [ksoftirqd/3] (root,0,0,00:00:00/3-11:58:53,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-11:58:53,40) [kdevtmpfs] (root,0,0,00:00:00/3-11:58:53,41) [netns] (root,0,0,00:00:00/3-11:58:53,42) [inet_frag_wq] (root,0,0,00:00:00/3-11:58:53,43) [kauditd] (root,0,0,00:00:00/3-11:58:53,44) [khungtaskd] (root,0,0,00:00:00/3-11:58:53,45) [oom_reaper] (root,0,0,00:00:00/3-11:58:53,46) [writeback] (root,0,0,00:00:09/3-11:58:53,47) [kcompactd0] (root,0,0,00:00:00/3-11:58:53,48) [ksmd] (root,0,0,00:00:10/3-11:58:53,49) [khugepaged] (root,0,0,00:00:00/3-11:58:53,75) [kintegrityd] (root,0,0,00:00:00/3-11:58:53,76) [kblockd] (root,0,0,00:00:00/3-11:58:53,77) [blkcg_punt_bio] (root,0,0,00:00:00/3-11:58:53,79) [tpm_dev_wq] (root,0,0,00:00:00/3-11:58:53,80) [edac-poller] (root,0,0,00:00:00/3-11:58:53,81) [devfreq_wq] (root,0,0,00:00:00/3-11:58:53,110) [watchdogd] (root,0,0,00:00:00/3-11:58:53,111) [kswapd0] (root,0,0,00:00:00/3-11:58:53,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-11:58:51,115) [kthrotld] (root,0,0,00:00:00/3-11:58:51,116) [mld] (root,0,0,00:00:00/3-11:58:51,117) [ipv6_addrconf] (root,0,0,00:00:00/3-11:58:51,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-11:58:51,123) [kstrp] (root,0,0,00:00:00/3-11:58:51,124) [zswap-shrink] (root,0,0,00:00:00/3-11:58:51,125) [kworker/u9:0] (root,0,0,00:00:00/3-11:58:51,130) [charger_manager] (root,0,0,00:00:00/3-11:58:51,172) [kworker/1:1H-kblockd] (root,0,0,00:00:01/3-11:58:51,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-11:58:50,239) [kaluad] (root,0,0,00:00:00/3-11:58:50,258) [kmpath_rdacd] (root,0,0,00:00:00/3-11:58:50,304) [kmpathd] (root,0,0,00:00:00/3-11:58:50,305) [kmpath_handlerd] (root,0,0,00:00:00/3-11:58:49,342) [ata_sff] (root,0,0,00:00:00/3-11:58:49,343) [scsi_eh_0] (root,0,0,00:00:00/3-11:58:49,344) [scsi_tmf_0] (root,0,0,00:00:00/3-11:58:49,345) [scsi_eh_1] (root,0,0,00:00:00/3-11:58:49,346) [scsi_tmf_1] (root,0,0,00:00:05/3-11:58:46,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-11:58:46,367) [ext4-rsv-conver] (root,38604,7616,00:00:03/3-11:58:34,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/3-11:58:33,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:05/3-11:58:31,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/3-11:58:00,511) /sbin/auditd (messagebus,22932,5912,00:00:04/3-11:57:59,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8356,00:00:02/3-11:57:59,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/3-11:57:59,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/3-11:57:57,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/3-11:57:57,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22784,00:00:04/3-11:57:43,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/3-11:57:43,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/46:29,1333) [kworker/0:1-events] (root,21172,4536,00:00:22/3-11:57:43,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/3-11:57:43,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/3-11:57:43,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/3-11:57:43,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/3-11:57:43,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:04/3-11:57:43,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:27/3-11:57:43,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/3-11:57:43,1352) bpfilter_umh (root,26204,8212,00:00:00/3-11:57:43,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/3-11:57:43,1359) ntpd: asynchronous dns resolver (spot,206140,169236,04:01:55/3-11:57:42,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/3-11:57:42,1371) (sd-pam) (checkmk,48528,3192,00:00:00/3-11:57:42,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/3-11:57:42,1373) (sd-pam) (root,24216,5268,00:00:01/3-11:57:40,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/3-11:57:40,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/3-11:57:40,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/3-11:57:37,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:11/3-11:57:36,1527) sshd: syslogtunnel (root,615820,67940,00:04:34/3-11:57:34,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41868,00:01:48/3-11:57:22,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/07:25:34,2276) [kworker/1:2-events] (root,0,0,00:00:00/36:29,2497) [kworker/3:2-events] (root,0,0,00:00:00/05:20,3025) [kworker/3:0-ata_sff] (root,35308,10108,00:00:00/3-11:56:57,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:10/3-11:56:57,3218) sshd: cm-ssh (root,0,0,00:00:00/01:05:49,4067) [kworker/1:1] (root,0,0,00:00:01/07:09:31,5266) [kworker/2:1-events] (postfix,24244,8260,00:00:00/35:22,6052) pickup -l -t fifo -u (root,0,0,00:00:00/32:28,13330) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/03:18:12,13615) [kworker/2:2] (root,0,0,00:00:00/00:10,22442) [kworker/3:1-ata_sff] (root,6656,3480,00:00:00/00:00,23190) /bin/bash /usr/bin/check_mk_agent (root,6656,1820,00:00:00/00:00,23231) /bin/bash /usr/bin/check_mk_agent (root,6656,2012,00:00:00/00:00,23232) /bin/bash /usr/bin/check_mk_agent (root,4480,1060,00:00:00/00:00,23233) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,872,00:00:00/00:00,23234) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,732,00:00:00/00:00,23235) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3488,00:00:00/00:00,23236) /bin/bash /usr/bin/check_mk_agent (root,13744,3504,00:00:00/00:00,23254) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,23255) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/21:56,27113) [kworker/u8:1-writeback] (root,0,0,00:00:00/21:45,28172) [kworker/0:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-13 22:47 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f60216b6Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:04/1-11:54:04,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-11:54:04,2) [kthreadd] (root,0,0,00:00:00/1-11:54:04,3) [rcu_gp] (root,0,0,00:00:00/1-11:54:04,4) [rcu_par_gp] (root,0,0,00:00:00/1-11:54:04,5) [slub_flushwq] (root,0,0,00:00:00/1-11:54:04,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-11:54:04,9) [mm_percpu_wq] (root,0,0,00:00:00/1-11:54:04,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-11:54:04,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-11:54:04,12) [rcu_tasks_trace] (root,0,0,00:00:02/1-11:54:04,13) [ksoftirqd/0] (root,0,0,00:03:57/1-11:54:04,14) [rcu_preempt] (root,0,0,00:00:00/1-11:54:04,15) [migration/0] (root,0,0,00:00:00/1-11:54:04,16) [idle_inject/0] (root,0,0,00:00:00/1-11:54:04,18) [cpuhp/0] (root,0,0,00:00:00/1-11:54:04,19) [cpuhp/1] (root,0,0,00:00:00/1-11:54:04,20) [idle_inject/1] (root,0,0,00:00:00/1-11:54:04,21) [migration/1] (root,0,0,00:00:02/1-11:54:04,22) [ksoftirqd/1] (root,0,0,00:00:00/1-11:54:04,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-11:54:04,25) [cpuhp/2] (root,0,0,00:00:00/1-11:54:04,26) [idle_inject/2] (root,0,0,00:00:00/1-11:54:04,27) [migration/2] (root,0,0,00:02:32/1-11:54:04,28) [ksoftirqd/2] (root,0,0,00:00:00/1-11:54:04,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-11:54:04,31) [cpuhp/3] (root,0,0,00:00:00/1-11:54:04,32) [idle_inject/3] (root,0,0,00:00:00/1-11:54:04,33) [migration/3] (root,0,0,00:00:08/1-11:54:04,34) [ksoftirqd/3] (root,0,0,00:00:00/1-11:54:04,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-11:54:04,40) [kdevtmpfs] (root,0,0,00:00:00/1-11:54:04,41) [netns] (root,0,0,00:00:00/1-11:54:04,42) [inet_frag_wq] (root,0,0,00:00:00/1-11:54:04,43) [kauditd] (root,0,0,00:00:00/1-11:54:04,44) [khungtaskd] (root,0,0,00:00:00/1-11:54:04,45) [oom_reaper] (root,0,0,00:00:00/1-11:54:04,46) [writeback] (root,0,0,00:00:04/1-11:54:04,47) [kcompactd0] (root,0,0,00:00:00/1-11:54:04,48) [ksmd] (root,0,0,00:00:04/1-11:54:04,49) [khugepaged] (root,0,0,00:00:00/1-11:54:04,75) [kintegrityd] (root,0,0,00:00:00/1-11:54:04,76) [kblockd] (root,0,0,00:00:00/1-11:54:04,77) [blkcg_punt_bio] (root,0,0,00:00:00/1-11:54:04,79) [tpm_dev_wq] (root,0,0,00:00:00/1-11:54:04,80) [edac-poller] (root,0,0,00:00:00/1-11:54:04,81) [devfreq_wq] (root,0,0,00:00:00/1-11:54:04,110) [watchdogd] (root,0,0,00:00:00/1-11:54:04,111) [kswapd0] (root,0,0,00:00:00/1-11:54:04,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-11:54:02,115) [kthrotld] (root,0,0,00:00:00/1-11:54:02,116) [mld] (root,0,0,00:00:00/1-11:54:02,117) [ipv6_addrconf] (root,0,0,00:00:00/1-11:54:02,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-11:54:02,123) [kstrp] (root,0,0,00:00:00/1-11:54:02,124) [zswap-shrink] (root,0,0,00:00:00/1-11:54:02,125) [kworker/u9:0] (root,0,0,00:00:00/1-11:54:02,130) [charger_manager] (root,0,0,00:00:00/1-11:54:02,172) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-11:54:02,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-11:54:01,239) [kaluad] (root,0,0,00:00:00/1-11:54:01,258) [kmpath_rdacd] (root,0,0,00:00:00/1-11:54:01,304) [kmpathd] (root,0,0,00:00:00/1-11:54:01,305) [kmpath_handlerd] (root,0,0,00:00:00/1-11:54:00,342) [ata_sff] (root,0,0,00:00:00/1-11:54:00,343) [scsi_eh_0] (root,0,0,00:00:00/1-11:54:00,344) [scsi_tmf_0] (root,0,0,00:00:00/1-11:54:00,345) [scsi_eh_1] (root,0,0,00:00:00/1-11:54:00,346) [scsi_tmf_1] (root,0,0,00:00:02/1-11:53:57,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-11:53:57,367) [ext4-rsv-conver] (root,38604,7616,00:00:01/1-11:53:45,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/1-11:53:44,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:02/1-11:53:42,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/1-11:53:11,511) /sbin/auditd (messagebus,22932,5912,00:00:02/1-11:53:10,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:01/1-11:53:10,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/1-11:53:10,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/1-11:53:08,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/1-11:53:08,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22256,00:00:01/1-11:52:54,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/1-11:52:54,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:08/1-11:52:54,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/1-11:52:54,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/1-11:52:54,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/1-11:52:54,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/1-11:52:54,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:02/1-11:52:54,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:12/1-11:52:54,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/1-11:52:54,1352) bpfilter_umh (root,26204,8212,00:00:00/1-11:52:54,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/1-11:52:54,1359) ntpd: asynchronous dns resolver (spot,204812,167884,01:59:19/1-11:52:53,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/1-11:52:53,1371) (sd-pam) (checkmk,48528,3192,00:00:00/1-11:52:53,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/1-11:52:53,1373) (sd-pam) (root,24216,5268,00:00:00/1-11:52:51,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/1-11:52:51,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/1-11:52:51,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/1-11:52:48,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:05/1-11:52:47,1527) sshd: syslogtunnel (root,615564,67636,00:02:02/1-11:52:45,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41340,00:00:49/1-11:52:33,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/1-11:52:08,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:04/1-11:52:08,3218) sshd: cm-ssh (root,0,0,00:00:00/05:12,10989) [kworker/3:2-events] (postfix,24244,8224,00:00:00/52:29,12603) pickup -l -t fifo -u (root,0,0,00:00:00/03:26,17596) [kworker/0:0-events] (root,0,0,00:00:00/31:08,17872) [kworker/3:1-ata_sff] (root,0,0,00:00:00/01:57:14,18327) [kworker/u8:2-writeback] (root,0,0,00:00:00/14:22,22269) [kworker/0:2-events] (root,0,0,00:00:00/01:02:43,22963) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/01:20:34,24470) [kworker/2:1-events] (root,0,0,00:00:06/05:53:26,25188) [kworker/1:2-events] (root,0,0,00:00:00/04:04:15,25538) [kworker/1:1] (root,0,0,00:00:00/01:53:24,25963) [kworker/2:0-events] (root,0,0,00:00:00/00:02,28298) [kworker/3:0] (root,6656,3484,00:00:00/00:00,28346) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,28364) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,28365) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/03:09:55,31079) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-11 22:42 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f1e24b24Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12476,00:00:07/3-15:18:39,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-15:18:39,2) [kthreadd] (root,0,0,00:00:00/3-15:18:39,3) [rcu_gp] (root,0,0,00:00:00/3-15:18:39,4) [rcu_par_gp] (root,0,0,00:00:00/3-15:18:39,5) [slub_flushwq] (root,0,0,00:00:00/3-15:18:39,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-15:18:39,9) [mm_percpu_wq] (root,0,0,00:00:00/3-15:18:39,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-15:18:39,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-15:18:39,12) [rcu_tasks_trace] (root,0,0,00:00:09/3-15:18:39,13) [ksoftirqd/0] (root,0,0,00:13:01/3-15:18:39,14) [rcu_preempt] (root,0,0,00:00:01/3-15:18:39,15) [migration/0] (root,0,0,00:00:00/3-15:18:39,16) [idle_inject/0] (root,0,0,00:00:00/3-15:18:39,18) [cpuhp/0] (root,0,0,00:00:00/3-15:18:39,19) [cpuhp/1] (root,0,0,00:00:00/3-15:18:39,20) [idle_inject/1] (root,0,0,00:00:01/3-15:18:39,21) [migration/1] (root,0,0,00:00:07/3-15:18:39,22) [ksoftirqd/1] (root,0,0,00:00:00/3-15:18:39,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-15:18:39,25) [cpuhp/2] (root,0,0,00:00:00/3-15:18:39,26) [idle_inject/2] (root,0,0,00:00:01/3-15:18:39,27) [migration/2] (root,0,0,00:13:00/3-15:18:39,28) [ksoftirqd/2] (root,0,0,00:00:00/3-15:18:39,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-15:18:39,31) [cpuhp/3] (root,0,0,00:00:00/3-15:18:39,32) [idle_inject/3] (root,0,0,00:00:01/3-15:18:39,33) [migration/3] (root,0,0,00:00:35/3-15:18:39,34) [ksoftirqd/3] (root,0,0,00:00:00/3-15:18:39,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-15:18:39,41) [kdevtmpfs] (root,0,0,00:00:00/3-15:18:39,42) [netns] (root,0,0,00:00:00/3-15:18:39,43) [inet_frag_wq] (root,0,0,00:00:00/3-15:18:39,44) [kauditd] (root,0,0,00:00:00/3-15:18:39,46) [khungtaskd] (root,0,0,00:00:00/3-15:18:39,47) [oom_reaper] (root,0,0,00:00:00/3-15:18:39,48) [writeback] (root,0,0,00:00:15/3-15:18:39,49) [kcompactd0] (root,0,0,00:00:00/3-15:18:39,50) [ksmd] (root,0,0,00:00:11/3-15:18:39,51) [khugepaged] (root,0,0,00:00:00/3-15:18:39,76) [kintegrityd] (root,0,0,00:00:00/3-15:18:39,77) [kblockd] (root,0,0,00:00:00/3-15:18:39,78) [blkcg_punt_bio] (root,0,0,00:00:00/3-15:18:39,80) [tpm_dev_wq] (root,0,0,00:00:00/3-15:18:39,81) [edac-poller] (root,0,0,00:00:00/3-15:18:39,82) [devfreq_wq] (root,0,0,00:00:00/3-15:18:39,111) [watchdogd] (root,0,0,00:00:01/3-15:18:39,113) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-15:18:39,114) [kswapd0] (root,0,0,00:00:00/3-15:18:38,116) [kthrotld] (root,0,0,00:00:00/3-15:18:38,117) [mld] (root,0,0,00:00:00/3-15:18:38,118) [ipv6_addrconf] (root,0,0,00:00:01/3-15:18:38,119) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-15:18:38,124) [kstrp] (root,0,0,00:00:00/3-15:18:38,125) [zswap-shrink] (root,0,0,00:00:00/3-15:18:38,126) [kworker/u9:0] (root,0,0,00:00:00/3-15:18:38,131) [charger_manager] (root,0,0,00:00:01/3-15:18:38,173) [kworker/0:1H-kblockd] (root,0,0,00:00:01/3-15:18:38,177) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-15:18:38,190) [kaluad] (root,0,0,00:00:00/3-15:18:38,197) [kmpath_rdacd] (root,0,0,00:00:00/3-15:18:38,210) [kmpathd] (root,0,0,00:00:00/3-15:18:38,212) [kmpath_handlerd] (root,0,0,00:00:00/3-15:18:38,335) [ata_sff] (root,0,0,00:00:00/3-15:18:38,336) [scsi_eh_0] (root,0,0,00:00:00/3-15:18:38,337) [scsi_tmf_0] (root,0,0,00:00:00/3-15:18:38,338) [scsi_eh_1] (root,0,0,00:00:00/3-15:18:38,341) [scsi_tmf_1] (root,0,0,00:00:08/3-15:18:37,365) [jbd2/vda1-8] (root,0,0,00:00:00/3-15:18:37,366) [ext4-rsv-conver] (root,38604,7720,00:00:04/3-15:18:35,435) /usr/lib/systemd/systemd-journald (root,52912,9276,00:00:00/3-15:18:35,452) /usr/lib/systemd/systemd-udevd (root,8624,6920,00:00:07/3-15:18:35,490) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1648,00:00:01/3-15:18:34,509) /sbin/auditd (messagebus,22940,5852,00:00:05/3-15:18:34,515) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38756,8376,00:00:03/3-15:18:34,522) /usr/lib/systemd/systemd-logind (root,20556,6136,00:00:00/3-15:18:34,525) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17424,00:00:03/3-15:18:34,612) /usr/sbin/wickedd --systemd --foreground (root,31904,17884,00:00:00/3-15:18:34,613) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24716,00:00:04/3-15:18:23,2070) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26892,00:00:00/3-15:18:23,2082) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4524,00:00:20/3-15:18:23,2094) /usr/sbin/xinetd -stayalive -dontfork (root,448724,10192,00:00:05/3-15:18:23,2096) /usr/sbin/rsyslogd -n -iNONE (root,2984,1756,00:00:00/3-15:18:23,2097) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10592,00:00:00/3-15:18:23,2098) /usr/lib/systemd/systemd --user (cm-ssh,40560,10476,00:00:00/3-15:18:23,2099) /usr/lib/systemd/systemd --user (checkmk,40564,10532,00:00:00/3-15:18:23,2100) /usr/lib/systemd/systemd --user (ntp,20660,6368,00:00:36/3-15:18:23,2104) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,644,00:00:00/3-15:18:23,2106) bpfilter_umh (root,26204,8300,00:00:00/3-15:18:23,2109) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4396,00:00:00/3-15:18:23,2113) ntpd: asynchronous dns resolver (spot,226612,187460,08:28:30/3-15:18:23,2118) /usr/bin/python3.11 /usr/bin/spot (checkmk,48544,3180,00:00:00/3-15:18:23,2121) (sd-pam) (cm-ssh,48544,3180,00:00:00/3-15:18:23,2122) (sd-pam) (syslogtunnel,48544,3180,00:00:00/3-15:18:23,2123) (sd-pam) (root,24216,5416,00:00:01/3-15:18:22,2222) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-15:18:22,2224) qmgr -l -t fifo -u (root,8956,2652,00:00:00/3-15:18:22,2246) /usr/sbin/cron -n (root,616308,69032,00:05:50/3-15:18:22,2261) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,207296,41464,00:02:31/3-15:18:20,2272) /usr/bin/python3.11 /usr/bin/spot (root,35308,9940,00:00:00/3-15:18:17,2320) sshd: cm-ssh [priv] (cm-ssh,35308,5384,00:00:13/3-15:18:17,2322) sshd: cm-ssh (root,35308,9992,00:00:00/3-15:18:13,2329) sshd: syslogtunnel [priv] (syslogtunnel,35308,5312,00:00:15/3-15:18:13,2331) sshd: syslogtunnel (root,0,0,00:00:00/02:25:24,3663) [kworker/0:0] (root,0,0,00:00:00/01:07:10,4011) [kworker/0:2-events] (root,0,0,00:00:00/01:03:02,10069) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/02:14,11792) [kworker/3:0-ata_sff] (postfix,24244,8240,00:00:00/37:01,13051) pickup -l -t fifo -u (root,0,0,00:00:00/03:51:58,13520) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/34:06,14875) [kworker/1:0-events] (root,0,0,00:00:00/04:02:46,16689) [kworker/1:1-events] (postfix,44628,9388,00:00:00/19:39:18,18145) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:03:00,20649) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:01/02:01:33,21904) [kworker/3:1-events] (root,6656,3488,00:00:00/00:00,22215) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,22233) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,22234) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:24,27337) [kworker/3:2-ata_sff] (root,0,0,00:00:00/02:36:15,28204) [kworker/2:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-10 00:24 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683636db5abd9Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12472,00:00:06/3-07:56:00,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-07:56:00,2) [kthreadd] (root,0,0,00:00:00/3-07:56:00,3) [rcu_gp] (root,0,0,00:00:00/3-07:56:00,4) [rcu_par_gp] (root,0,0,00:00:00/3-07:56:00,5) [slub_flushwq] (root,0,0,00:00:00/3-07:56:00,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-07:56:00,9) [mm_percpu_wq] (root,0,0,00:00:00/3-07:56:00,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-07:56:00,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-07:56:00,12) [rcu_tasks_trace] (root,0,0,00:00:08/3-07:56:00,13) [ksoftirqd/0] (root,0,0,00:12:06/3-07:56:00,14) [rcu_preempt] (root,0,0,00:00:01/3-07:56:00,15) [migration/0] (root,0,0,00:00:00/3-07:56:00,16) [idle_inject/0] (root,0,0,00:00:00/3-07:56:00,18) [cpuhp/0] (root,0,0,00:00:00/3-07:56:00,19) [cpuhp/1] (root,0,0,00:00:00/3-07:56:00,20) [idle_inject/1] (root,0,0,00:00:01/3-07:56:00,21) [migration/1] (root,0,0,00:00:06/3-07:56:00,22) [ksoftirqd/1] (root,0,0,00:00:00/3-07:56:00,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-07:56:00,25) [cpuhp/2] (root,0,0,00:00:00/3-07:56:00,26) [idle_inject/2] (root,0,0,00:00:01/3-07:56:00,27) [migration/2] (root,0,0,00:12:21/3-07:56:00,28) [ksoftirqd/2] (root,0,0,00:00:00/3-07:56:00,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-07:56:00,31) [cpuhp/3] (root,0,0,00:00:00/3-07:56:00,32) [idle_inject/3] (root,0,0,00:00:01/3-07:56:00,33) [migration/3] (root,0,0,00:00:33/3-07:56:00,34) [ksoftirqd/3] (root,0,0,00:00:00/3-07:56:00,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-07:56:00,41) [kdevtmpfs] (root,0,0,00:00:00/3-07:56:00,42) [netns] (root,0,0,00:00:00/3-07:56:00,43) [inet_frag_wq] (root,0,0,00:00:00/3-07:56:00,44) [kauditd] (root,0,0,00:00:00/3-07:56:00,46) [khungtaskd] (root,0,0,00:00:00/3-07:56:00,47) [oom_reaper] (root,0,0,00:00:00/3-07:56:00,48) [writeback] (root,0,0,00:00:14/3-07:56:00,49) [kcompactd0] (root,0,0,00:00:00/3-07:56:00,50) [ksmd] (root,0,0,00:00:10/3-07:56:00,51) [khugepaged] (root,0,0,00:00:00/3-07:56:00,76) [kintegrityd] (root,0,0,00:00:00/3-07:56:00,77) [kblockd] (root,0,0,00:00:00/3-07:56:00,78) [blkcg_punt_bio] (root,0,0,00:00:00/3-07:56:00,80) [tpm_dev_wq] (root,0,0,00:00:00/3-07:56:00,81) [edac-poller] (root,0,0,00:00:00/3-07:56:00,82) [devfreq_wq] (root,0,0,00:00:00/3-07:56:00,111) [watchdogd] (root,0,0,00:00:01/3-07:56:00,113) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-07:56:00,114) [kswapd0] (root,0,0,00:00:00/3-07:55:59,116) [kthrotld] (root,0,0,00:00:00/3-07:55:59,117) [mld] (root,0,0,00:00:00/3-07:55:59,118) [ipv6_addrconf] (root,0,0,00:00:01/3-07:55:59,119) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-07:55:59,124) [kstrp] (root,0,0,00:00:00/3-07:55:59,125) [zswap-shrink] (root,0,0,00:00:00/3-07:55:59,126) [kworker/u9:0] (root,0,0,00:00:00/3-07:55:59,131) [charger_manager] (root,0,0,00:00:01/3-07:55:59,173) [kworker/0:1H-kblockd] (root,0,0,00:00:01/3-07:55:59,177) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-07:55:59,190) [kaluad] (root,0,0,00:00:00/3-07:55:59,197) [kmpath_rdacd] (root,0,0,00:00:00/3-07:55:59,210) [kmpathd] (root,0,0,00:00:00/3-07:55:59,212) [kmpath_handlerd] (root,0,0,00:00:00/3-07:55:59,335) [ata_sff] (root,0,0,00:00:00/3-07:55:59,336) [scsi_eh_0] (root,0,0,00:00:00/3-07:55:59,337) [scsi_tmf_0] (root,0,0,00:00:00/3-07:55:59,338) [scsi_eh_1] (root,0,0,00:00:00/3-07:55:59,341) [scsi_tmf_1] (root,0,0,00:00:07/3-07:55:58,365) [jbd2/vda1-8] (root,0,0,00:00:00/3-07:55:58,366) [ext4-rsv-conver] (root,38604,7720,00:00:03/3-07:55:56,435) /usr/lib/systemd/systemd-journald (root,52912,9276,00:00:00/3-07:55:56,452) /usr/lib/systemd/systemd-udevd (root,8624,6920,00:00:06/3-07:55:56,490) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1648,00:00:01/3-07:55:55,509) /sbin/auditd (messagebus,22940,5852,00:00:04/3-07:55:55,515) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38756,8376,00:00:03/3-07:55:55,522) /usr/lib/systemd/systemd-logind (root,20556,6136,00:00:00/3-07:55:55,525) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17424,00:00:03/3-07:55:55,612) /usr/sbin/wickedd --systemd --foreground (root,31904,17884,00:00:00/3-07:55:55,613) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:01/07:48:16,1697) [kworker/0:2-cgroup_destroy] (root,0,0,00:00:00/01:07:40,1833) [kworker/2:0] (root,547336,24208,00:00:04/3-07:55:44,2070) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26892,00:00:00/3-07:55:44,2082) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4524,00:00:18/3-07:55:44,2094) /usr/sbin/xinetd -stayalive -dontfork (root,448724,10192,00:00:04/3-07:55:44,2096) /usr/sbin/rsyslogd -n -iNONE (root,2984,1756,00:00:00/3-07:55:44,2097) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10592,00:00:00/3-07:55:44,2098) /usr/lib/systemd/systemd --user (cm-ssh,40560,10476,00:00:00/3-07:55:44,2099) /usr/lib/systemd/systemd --user (checkmk,40564,10532,00:00:00/3-07:55:44,2100) /usr/lib/systemd/systemd --user (ntp,20660,6368,00:00:33/3-07:55:44,2104) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,644,00:00:00/3-07:55:44,2106) bpfilter_umh (root,26204,8300,00:00:00/3-07:55:44,2109) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4396,00:00:00/3-07:55:44,2113) ntpd: asynchronous dns resolver (spot,226436,187416,07:52:53/3-07:55:44,2118) /usr/bin/python3.11 /usr/bin/spot (checkmk,48544,3180,00:00:00/3-07:55:44,2121) (sd-pam) (cm-ssh,48544,3180,00:00:00/3-07:55:44,2122) (sd-pam) (syslogtunnel,48544,3180,00:00:00/3-07:55:44,2123) (sd-pam) (root,24216,5416,00:00:01/3-07:55:43,2222) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-07:55:43,2224) qmgr -l -t fifo -u (root,8956,2652,00:00:00/3-07:55:43,2246) /usr/sbin/cron -n (root,616308,68952,00:05:23/3-07:55:43,2261) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41436,00:02:22/3-07:55:41,2272) /usr/bin/python3.11 /usr/bin/spot (root,35308,9940,00:00:00/3-07:55:38,2320) sshd: cm-ssh [priv] (cm-ssh,35308,5384,00:00:12/3-07:55:38,2322) sshd: cm-ssh (root,35308,9992,00:00:00/3-07:55:34,2329) sshd: syslogtunnel [priv] (syslogtunnel,35308,5312,00:00:14/3-07:55:34,2331) sshd: syslogtunnel (root,0,0,00:00:00/56:59,6348) [kworker/0:1-events] (root,0,0,00:00:00/04:12:51,11333) [kworker/1:0-events] (root,0,0,00:00:00/01:54:43,14254) [kworker/3:0-events] (root,0,0,00:00:00/35:59,15103) [kworker/u8:0-ext4-rsv-conversion] (postfix,44628,9388,00:00:00/12:16:39,18145) tlsmgr -l -t unix -u (root,0,0,00:00:00/03:16:25,24721) [kworker/u8:1-ext4-rsv-conversion] (postfix,24244,8176,00:00:00/01:34:42,25267) pickup -l -t fifo -u (root,0,0,00:00:00/05:18:36,27078) [kworker/2:2-events] (root,0,0,00:00:00/05:47,28456) [kworker/3:1-ata_sff] (root,0,0,00:00:00/03:14,29310) [kworker/0:0] (root,0,0,00:00:00/00:57,29867) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/00:34,30012) [kworker/3:2-ata_sff] (root,6656,3484,00:00:00/00:00,30086) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,30104) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,30105) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:18:17,31109) [kworker/1:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-09 17:01
Domain summary
No record