Host 141.9.46.64
Germany
Verein zur Foerderung eines Deutschen Forschungsnetzes e.V.
-
CheckMK monitoring endpoint publicly available
An open CheckMK agent is publicly available.
This could leak sensitive information such as :
- Process list ( maybe credentials )
- Network interfaces
- Running services
- Firewall rules
- Internal OS configuration
https://docs.checkmk.com/latest/en/wato_monitoringagents.html
First seen 2024-09-12 06:13
Last seen 2024-12-22 00:57
Open for 100 days-
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836320f7e395Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12584,00:01:36/39-14:35:32,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-14:35:32,2) [kthreadd] (root,0,0,00:00:00/39-14:35:32,3) [rcu_gp] (root,0,0,00:00:00/39-14:35:32,4) [rcu_par_gp] (root,0,0,00:00:00/39-14:35:32,5) [slub_flushwq] (root,0,0,00:00:00/39-14:35:32,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-14:35:32,9) [mm_percpu_wq] (root,0,0,00:00:00/39-14:35:32,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-14:35:32,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-14:35:32,12) [rcu_tasks_trace] (root,0,0,00:01:15/39-14:35:32,13) [ksoftirqd/0] (root,0,0,01:45:18/39-14:35:32,14) [rcu_preempt] (root,0,0,00:00:15/39-14:35:32,15) [migration/0] (root,0,0,00:00:00/39-14:35:32,16) [idle_inject/0] (root,0,0,00:00:00/39-14:35:32,18) [cpuhp/0] (root,0,0,00:00:00/39-14:35:32,19) [cpuhp/1] (root,0,0,00:00:00/39-14:35:32,20) [idle_inject/1] (root,0,0,00:00:15/39-14:35:32,21) [migration/1] (root,0,0,00:01:05/39-14:35:32,22) [ksoftirqd/1] (root,0,0,00:00:00/39-14:35:32,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-14:35:32,25) [cpuhp/2] (root,0,0,00:00:00/39-14:35:32,26) [idle_inject/2] (root,0,0,00:00:12/39-14:35:32,27) [migration/2] (root,0,0,01:14:06/39-14:35:32,28) [ksoftirqd/2] (root,0,0,00:00:00/39-14:35:32,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-14:35:32,31) [cpuhp/3] (root,0,0,00:00:00/39-14:35:32,32) [idle_inject/3] (root,0,0,00:00:14/39-14:35:32,33) [migration/3] (root,0,0,00:03:31/39-14:35:32,34) [ksoftirqd/3] (root,0,0,00:00:00/39-14:35:32,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-14:35:32,39) [kdevtmpfs] (root,0,0,00:00:00/39-14:35:32,40) [netns] (root,0,0,00:00:00/39-14:35:32,41) [inet_frag_wq] (root,0,0,00:00:09/39-14:35:32,42) [kauditd] (root,0,0,00:00:00/39-14:35:32,43) [khungtaskd] (root,0,0,00:00:00/39-14:35:32,44) [oom_reaper] (root,0,0,00:00:00/39-14:35:32,45) [writeback] (root,0,0,00:01:56/39-14:35:32,46) [kcompactd0] (root,0,0,00:00:00/39-14:35:32,47) [ksmd] (root,0,0,00:01:57/39-14:35:32,48) [khugepaged] (root,0,0,00:00:00/39-14:35:32,74) [kintegrityd] (root,0,0,00:00:00/39-14:35:32,75) [kblockd] (root,0,0,00:00:00/39-14:35:32,76) [blkcg_punt_bio] (root,0,0,00:00:00/39-14:35:32,78) [tpm_dev_wq] (root,0,0,00:00:00/39-14:35:32,79) [edac-poller] (root,0,0,00:00:00/39-14:35:32,80) [devfreq_wq] (root,0,0,00:00:00/39-14:35:32,110) [watchdogd] (root,0,0,00:00:08/39-14:35:32,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/39-14:35:32,112) [kswapd0] (root,0,0,00:00:00/39-14:35:31,114) [kthrotld] (root,0,0,00:00:00/39-14:35:31,115) [mld] (root,0,0,00:00:00/39-14:35:31,116) [ipv6_addrconf] (root,0,0,00:00:17/39-14:35:31,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/39-14:35:31,122) [kstrp] (root,0,0,00:00:00/39-14:35:31,123) [zswap-shrink] (root,0,0,00:00:00/39-14:35:31,124) [kworker/u9:0] (root,0,0,00:00:00/39-14:35:31,129) [charger_manager] (root,0,0,00:00:08/39-14:35:30,172) [kworker/3:1H-kblockd] (root,0,0,00:00:09/39-14:35:30,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-14:35:30,205) [kaluad] (root,0,0,00:00:00/39-14:35:30,250) [kmpath_rdacd] (root,0,0,00:00:00/39-14:35:30,293) [kmpathd] (root,0,0,00:00:00/39-14:35:30,294) [kmpath_handlerd] (root,0,0,00:00:00/39-14:35:30,342) [ata_sff] (root,0,0,00:00:00/39-14:35:29,343) [scsi_eh_0] (root,0,0,00:00:00/39-14:35:29,344) [scsi_tmf_0] (root,0,0,00:00:00/39-14:35:29,345) [scsi_eh_1] (root,0,0,00:00:00/39-14:35:29,346) [scsi_tmf_1] (root,0,0,00:01:05/39-14:35:27,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-14:35:27,367) [ext4-rsv-conver] (root,38604,7788,00:00:54/39-14:35:15,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/39-14:35:14,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:59/39-14:35:12,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:19/39-14:34:38,512) /sbin/auditd (messagebus,22936,5548,00:01:45/39-14:34:38,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:01:01/39-14:34:38,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/39-14:34:38,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/39-14:34:37,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/39-14:34:37,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:44/39-14:34:23,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/39-14:34:23,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:45/39-14:34:22,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/39-14:34:22,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/39-14:34:22,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/39-14:34:22,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/39-14:34:22,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:50/39-14:34:22,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:23/39-14:34:22,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/39-14:34:22,1206) bpfilter_umh (root,26204,8212,00:00:16/39-14:34:22,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/39-14:34:22,1215) ntpd: asynchronous dns resolver (spot,299536,183108,2-02:58:34/39-14:34:22,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/39-14:34:21,1228) (sd-pam) (checkmk,48532,3192,00:00:00/39-14:34:21,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/39-14:34:21,1245) (sd-pam) (root,24216,5344,00:00:13/39-14:34:20,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/39-14:34:20,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/39-14:34:19,1354) /usr/sbin/cron -n (root,698484,82656,00:51:44/39-14:34:13,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,66924,00:17:03/39-14:33:59,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/01:58:21,2674) [kworker/0:2-events] (root,0,0,00:00:00/39:02,5528) [kworker/1:2-events] (root,0,0,00:00:00/04:49,7221) [kworker/3:0-events] (root,0,0,00:00:00/01:32:37,9266) [kworker/u8:0-writeback] (root,0,0,00:00:00/00:50,10883) [kworker/0:1] (root,0,0,00:00:00/23:50,12385) [kworker/0:0-cgroup_destroy] (postfix,24244,8292,00:00:00/02:51,13685) pickup -l -t fifo -u (root,0,0,00:00:00/02:06:23,15256) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/33-12:25:15,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:51/33-12:25:14,15391) sshd: cm-ssh (root,0,0,00:00:00/02:43,15706) [kworker/1:1-ata_sff] (root,35308,10072,00:00:00/23-13:53:53,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:22/23-13:53:52,16977) sshd: syslogtunnel (root,6656,3488,00:00:00/00:00,18334) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,18337) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,18372) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,18373) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/13:25,18644) [kworker/3:1-cgroup_destroy] (root,0,0,00:00:00/43:51,19043) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/11:13,24965) [kworker/2:0-events] (root,0,0,00:00:00/19:44,29419) [kworker/2:2-cgroup_destroy] (postfix,44628,9272,00:00:01/33-19:11:00,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/07:56,31013) [kworker/1:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-22 00:57 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836332f1a032Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:26/37-14:09:55,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-14:09:55,2) [kthreadd] (root,0,0,00:00:00/37-14:09:55,3) [rcu_gp] (root,0,0,00:00:00/37-14:09:55,4) [rcu_par_gp] (root,0,0,00:00:00/37-14:09:55,5) [slub_flushwq] (root,0,0,00:00:00/37-14:09:55,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-14:09:55,9) [mm_percpu_wq] (root,0,0,00:00:00/37-14:09:55,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-14:09:55,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-14:09:55,12) [rcu_tasks_trace] (root,0,0,00:01:09/37-14:09:55,13) [ksoftirqd/0] (root,0,0,01:39:43/37-14:09:55,14) [rcu_preempt] (root,0,0,00:00:14/37-14:09:55,15) [migration/0] (root,0,0,00:00:00/37-14:09:55,16) [idle_inject/0] (root,0,0,00:00:00/37-14:09:55,18) [cpuhp/0] (root,0,0,00:00:00/37-14:09:55,19) [cpuhp/1] (root,0,0,00:00:00/37-14:09:55,20) [idle_inject/1] (root,0,0,00:00:14/37-14:09:55,21) [migration/1] (root,0,0,00:01:00/37-14:09:55,22) [ksoftirqd/1] (root,0,0,00:00:00/37-14:09:55,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-14:09:55,25) [cpuhp/2] (root,0,0,00:00:00/37-14:09:55,26) [idle_inject/2] (root,0,0,00:00:11/37-14:09:55,27) [migration/2] (root,0,0,01:10:41/37-14:09:55,28) [ksoftirqd/2] (root,0,0,00:00:00/37-14:09:55,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-14:09:55,31) [cpuhp/3] (root,0,0,00:00:00/37-14:09:55,32) [idle_inject/3] (root,0,0,00:00:14/37-14:09:55,33) [migration/3] (root,0,0,00:03:20/37-14:09:55,34) [ksoftirqd/3] (root,0,0,00:00:00/37-14:09:55,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-14:09:55,39) [kdevtmpfs] (root,0,0,00:00:00/37-14:09:55,40) [netns] (root,0,0,00:00:00/37-14:09:55,41) [inet_frag_wq] (root,0,0,00:00:08/37-14:09:55,42) [kauditd] (root,0,0,00:00:00/37-14:09:55,43) [khungtaskd] (root,0,0,00:00:00/37-14:09:55,44) [oom_reaper] (root,0,0,00:00:00/37-14:09:55,45) [writeback] (root,0,0,00:01:50/37-14:09:55,46) [kcompactd0] (root,0,0,00:00:00/37-14:09:55,47) [ksmd] (root,0,0,00:01:50/37-14:09:55,48) [khugepaged] (root,0,0,00:00:00/37-14:09:55,74) [kintegrityd] (root,0,0,00:00:00/37-14:09:55,75) [kblockd] (root,0,0,00:00:00/37-14:09:55,76) [blkcg_punt_bio] (root,0,0,00:00:00/37-14:09:55,78) [tpm_dev_wq] (root,0,0,00:00:00/37-14:09:55,79) [edac-poller] (root,0,0,00:00:00/37-14:09:55,80) [devfreq_wq] (root,0,0,00:00:00/37-14:09:55,110) [watchdogd] (root,0,0,00:00:07/37-14:09:55,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/37-14:09:55,112) [kswapd0] (root,0,0,00:00:00/37-14:09:54,114) [kthrotld] (root,0,0,00:00:00/37-14:09:54,115) [mld] (root,0,0,00:00:00/37-14:09:54,116) [ipv6_addrconf] (root,0,0,00:00:16/37-14:09:54,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/37-14:09:54,122) [kstrp] (root,0,0,00:00:00/37-14:09:54,123) [zswap-shrink] (root,0,0,00:00:00/37-14:09:54,124) [kworker/u9:0] (root,0,0,00:00:00/37-14:09:54,129) [charger_manager] (root,0,0,00:00:08/37-14:09:53,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/37-14:09:53,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-14:09:53,205) [kaluad] (root,0,0,00:00:00/37-14:09:53,250) [kmpath_rdacd] (root,0,0,00:00:00/37-14:09:53,293) [kmpathd] (root,0,0,00:00:00/37-14:09:53,294) [kmpath_handlerd] (root,0,0,00:00:00/37-14:09:53,342) [ata_sff] (root,0,0,00:00:00/37-14:09:52,343) [scsi_eh_0] (root,0,0,00:00:00/37-14:09:52,344) [scsi_tmf_0] (root,0,0,00:00:00/37-14:09:52,345) [scsi_eh_1] (root,0,0,00:00:00/37-14:09:52,346) [scsi_tmf_1] (root,0,0,00:01:01/37-14:09:50,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-14:09:50,367) [ext4-rsv-conver] (root,38604,7788,00:00:48/37-14:09:38,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/37-14:09:37,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:56/37-14:09:35,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:17/37-14:09:01,512) /sbin/auditd (messagebus,22936,5548,00:01:32/37-14:09:01,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:54/37-14:09:01,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/37-14:09:01,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/37-14:09:00,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/37-14:09:00,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:42/37-14:08:46,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/37-14:08:46,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:32/37-14:08:45,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/37-14:08:45,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/37-14:08:45,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/37-14:08:45,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/37-14:08:45,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:46/37-14:08:45,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:06/37-14:08:45,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/37-14:08:45,1206) bpfilter_umh (root,26204,8212,00:00:14/37-14:08:45,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/37-14:08:45,1215) ntpd: asynchronous dns resolver (spot,296464,182160,1-23:14:17/37-14:08:45,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/37-14:08:44,1228) (sd-pam) (checkmk,48532,3192,00:00:00/37-14:08:44,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/37-14:08:44,1245) (sd-pam) (root,24216,5344,00:00:12/37-14:08:43,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/37-14:08:43,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/37-14:08:42,1354) /usr/sbin/cron -n (root,698484,82412,00:49:06/37-14:08:36,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66044,00:16:08/37-14:08:22,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/09:31,2838) [kworker/3:1-events] (root,0,0,00:00:00/08:56,4583) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/08:34,6208) [kworker/1:2-ata_sff] (root,0,0,00:00:00/07:25,10180) [kworker/2:2-events] (root,35308,10012,00:00:00/31-11:59:38,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:44/31-11:59:37,15391) sshd: cm-ssh (root,0,0,00:00:00/16:37,16397) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10072,00:00:00/21-13:28:16,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:14/21-13:28:15,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:51:57,17446) [kworker/0:2-events] (root,0,0,00:00:00/15:38,18386) [kworker/3:2-events] (root,0,0,00:00:00/01:00:27,21022) [kworker/1:1-events] (root,0,0,00:00:00/03:22,21821) [kworker/1:0-ata_sff] (root,0,0,00:00:00/25:51,26953) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/01:36,27235) [kworker/u8:2-writeback] (postfix,44628,9272,00:00:01/31-18:45:23,30472) tlsmgr -l -t unix -u (root,6656,3488,00:00:00/00:00,32093) /bin/bash /usr/bin/check_mk_agent (root,6656,3492,00:00:00/00:00,32094) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,32129) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,13744,3416,00:00:00/00:00,32130) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,32131) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,11644,968,00:00:00/00:00,32132) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:02/01:55:57,32596) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-20 00:32 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836329d861ebFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:22/35-15:17:01,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/35-15:17:01,2) [kthreadd] (root,0,0,00:00:00/35-15:17:01,3) [rcu_gp] (root,0,0,00:00:00/35-15:17:01,4) [rcu_par_gp] (root,0,0,00:00:00/35-15:17:01,5) [slub_flushwq] (root,0,0,00:00:00/35-15:17:01,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-15:17:01,9) [mm_percpu_wq] (root,0,0,00:00:00/35-15:17:01,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-15:17:01,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-15:17:01,12) [rcu_tasks_trace] (root,0,0,00:01:05/35-15:17:01,13) [ksoftirqd/0] (root,0,0,01:34:30/35-15:17:01,14) [rcu_preempt] (root,0,0,00:00:13/35-15:17:01,15) [migration/0] (root,0,0,00:00:00/35-15:17:01,16) [idle_inject/0] (root,0,0,00:00:00/35-15:17:01,18) [cpuhp/0] (root,0,0,00:00:00/35-15:17:01,19) [cpuhp/1] (root,0,0,00:00:00/35-15:17:01,20) [idle_inject/1] (root,0,0,00:00:14/35-15:17:01,21) [migration/1] (root,0,0,00:00:57/35-15:17:01,22) [ksoftirqd/1] (root,0,0,00:00:00/35-15:17:01,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-15:17:01,25) [cpuhp/2] (root,0,0,00:00:00/35-15:17:01,26) [idle_inject/2] (root,0,0,00:00:11/35-15:17:01,27) [migration/2] (root,0,0,01:07:42/35-15:17:01,28) [ksoftirqd/2] (root,0,0,00:00:00/35-15:17:01,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-15:17:01,31) [cpuhp/3] (root,0,0,00:00:00/35-15:17:01,32) [idle_inject/3] (root,0,0,00:00:13/35-15:17:01,33) [migration/3] (root,0,0,00:03:11/35-15:17:01,34) [ksoftirqd/3] (root,0,0,00:00:00/35-15:17:01,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-15:17:01,39) [kdevtmpfs] (root,0,0,00:00:00/35-15:17:01,40) [netns] (root,0,0,00:00:00/35-15:17:01,41) [inet_frag_wq] (root,0,0,00:00:07/35-15:17:01,42) [kauditd] (root,0,0,00:00:00/35-15:17:01,43) [khungtaskd] (root,0,0,00:00:00/35-15:17:01,44) [oom_reaper] (root,0,0,00:00:00/35-15:17:01,45) [writeback] (root,0,0,00:01:45/35-15:17:01,46) [kcompactd0] (root,0,0,00:00:00/35-15:17:01,47) [ksmd] (root,0,0,00:01:43/35-15:17:01,48) [khugepaged] (root,0,0,00:00:00/35-15:17:01,74) [kintegrityd] (root,0,0,00:00:00/35-15:17:01,75) [kblockd] (root,0,0,00:00:00/35-15:17:01,76) [blkcg_punt_bio] (root,0,0,00:00:00/35-15:17:01,78) [tpm_dev_wq] (root,0,0,00:00:00/35-15:17:01,79) [edac-poller] (root,0,0,00:00:00/35-15:17:01,80) [devfreq_wq] (root,0,0,00:00:00/35-15:17:01,110) [watchdogd] (root,0,0,00:00:07/35-15:17:01,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/35-15:17:01,112) [kswapd0] (root,0,0,00:00:00/35-15:17:00,114) [kthrotld] (root,0,0,00:00:00/35-15:17:00,115) [mld] (root,0,0,00:00:00/35-15:17:00,116) [ipv6_addrconf] (root,0,0,00:00:15/35-15:17:00,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/35-15:17:00,122) [kstrp] (root,0,0,00:00:00/35-15:17:00,123) [zswap-shrink] (root,0,0,00:00:00/35-15:17:00,124) [kworker/u9:0] (root,0,0,00:00:00/35-15:17:00,129) [charger_manager] (root,0,0,00:00:07/35-15:16:59,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/35-15:16:59,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-15:16:59,205) [kaluad] (root,0,0,00:00:00/35-15:16:59,250) [kmpath_rdacd] (root,0,0,00:00:00/35-15:16:59,293) [kmpathd] (root,0,0,00:00:00/35-15:16:59,294) [kmpath_handlerd] (root,0,0,00:00:00/35-15:16:59,342) [ata_sff] (root,0,0,00:00:00/35-15:16:58,343) [scsi_eh_0] (root,0,0,00:00:00/35-15:16:58,344) [scsi_tmf_0] (root,0,0,00:00:00/35-15:16:58,345) [scsi_eh_1] (root,0,0,00:00:00/35-15:16:58,346) [scsi_tmf_1] (root,0,0,00:00:58/35-15:16:56,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-15:16:56,367) [ext4-rsv-conver] (root,38604,7788,00:00:46/35-15:16:44,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/35-15:16:43,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:53/35-15:16:41,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/35-15:16:07,512) /sbin/auditd (messagebus,22936,5548,00:01:28/35-15:16:07,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:51/35-15:16:07,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/35-15:16:07,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/35-15:16:06,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/35-15:16:06,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32960,00:00:40/35-15:15:52,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/35-15:15:52,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:21/35-15:15:51,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/35-15:15:51,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/35-15:15:51,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/35-15:15:51,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/35-15:15:51,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:44/35-15:15:51,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:50/35-15:15:51,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/35-15:15:51,1206) bpfilter_umh (root,26204,8212,00:00:13/35-15:15:51,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/35-15:15:51,1215) ntpd: asynchronous dns resolver (spot,293832,180092,1-20:13:09/35-15:15:51,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/35-15:15:50,1228) (sd-pam) (checkmk,48532,3192,00:00:00/35-15:15:50,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/35-15:15:50,1245) (sd-pam) (root,24216,5344,00:00:11/35-15:15:49,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/35-15:15:49,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/35-15:15:48,1354) /usr/sbin/cron -n (root,698228,81996,00:46:34/35-15:15:42,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,223680,64164,00:15:16/35-15:15:28,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/02:30,4297) [kworker/1:2-events] (root,0,0,00:00:00/59:35,7081) [kworker/1:1-ata_sff] (root,0,0,00:00:00/01:08:43,10630) [kworker/u8:2-ext4-rsv-conversion] (root,6656,3488,00:00:00/00:00,10777) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,10795) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,10796) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10012,00:00:00/29-13:06:44,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:38/29-13:06:43,15391) sshd: cm-ssh (root,0,0,00:00:00/04:52:17,15974) [kworker/u8:1-flush-253:0] (postfix,24244,8228,00:00:00/01:28:09,16513) pickup -l -t fifo -u (root,35308,10072,00:00:00/19-14:35:22,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:07/19-14:35:21,16977) sshd: syslogtunnel (root,0,0,00:00:00/07:42,17230) [kworker/1:0-ata_sff] (root,0,0,00:00:00/53:42,19051) [kworker/0:0-events] (root,0,0,00:00:00/02:10:34,25943) [kworker/3:1] (root,0,0,00:00:00/05:14,27958) [kworker/2:0-events] (root,0,0,00:00:00/02:39:03,29889) [kworker/3:0-events] (postfix,44628,9272,00:00:01/29-19:52:29,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:47:32,31877) [kworker/0:1-events] (root,0,0,00:00:00/30:29,32365) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-18 01:39 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f9809edbFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:18/33-12:58:59,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/33-12:58:59,2) [kthreadd] (root,0,0,00:00:00/33-12:58:59,3) [rcu_gp] (root,0,0,00:00:00/33-12:58:59,4) [rcu_par_gp] (root,0,0,00:00:00/33-12:58:59,5) [slub_flushwq] (root,0,0,00:00:00/33-12:58:59,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-12:58:59,9) [mm_percpu_wq] (root,0,0,00:00:00/33-12:58:59,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-12:58:59,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-12:58:59,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-12:58:59,13) [ksoftirqd/0] (root,0,0,01:29:04/33-12:58:59,14) [rcu_preempt] (root,0,0,00:00:12/33-12:58:59,15) [migration/0] (root,0,0,00:00:00/33-12:58:59,16) [idle_inject/0] (root,0,0,00:00:00/33-12:58:59,18) [cpuhp/0] (root,0,0,00:00:00/33-12:58:59,19) [cpuhp/1] (root,0,0,00:00:00/33-12:58:59,20) [idle_inject/1] (root,0,0,00:00:13/33-12:58:59,21) [migration/1] (root,0,0,00:00:53/33-12:58:59,22) [ksoftirqd/1] (root,0,0,00:00:00/33-12:58:59,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-12:58:59,25) [cpuhp/2] (root,0,0,00:00:00/33-12:58:59,26) [idle_inject/2] (root,0,0,00:00:10/33-12:58:59,27) [migration/2] (root,0,0,01:04:48/33-12:58:59,28) [ksoftirqd/2] (root,0,0,00:00:00/33-12:58:59,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-12:58:59,31) [cpuhp/3] (root,0,0,00:00:00/33-12:58:59,32) [idle_inject/3] (root,0,0,00:00:12/33-12:58:59,33) [migration/3] (root,0,0,00:03:01/33-12:58:59,34) [ksoftirqd/3] (root,0,0,00:00:00/33-12:58:59,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-12:58:59,39) [kdevtmpfs] (root,0,0,00:00:00/33-12:58:59,40) [netns] (root,0,0,00:00:00/33-12:58:59,41) [inet_frag_wq] (root,0,0,00:00:07/33-12:58:59,42) [kauditd] (root,0,0,00:00:00/33-12:58:59,43) [khungtaskd] (root,0,0,00:00:00/33-12:58:59,44) [oom_reaper] (root,0,0,00:00:00/33-12:58:59,45) [writeback] (root,0,0,00:01:38/33-12:58:59,46) [kcompactd0] (root,0,0,00:00:00/33-12:58:59,47) [ksmd] (root,0,0,00:01:37/33-12:58:59,48) [khugepaged] (root,0,0,00:00:00/33-12:58:59,74) [kintegrityd] (root,0,0,00:00:00/33-12:58:59,75) [kblockd] (root,0,0,00:00:00/33-12:58:59,76) [blkcg_punt_bio] (root,0,0,00:00:00/33-12:58:59,78) [tpm_dev_wq] (root,0,0,00:00:00/33-12:58:59,79) [edac-poller] (root,0,0,00:00:00/33-12:58:59,80) [devfreq_wq] (root,0,0,00:00:00/33-12:58:59,110) [watchdogd] (root,0,0,00:00:07/33-12:58:59,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/33-12:58:59,112) [kswapd0] (root,0,0,00:00:00/33-12:58:58,114) [kthrotld] (root,0,0,00:00:00/33-12:58:58,115) [mld] (root,0,0,00:00:00/33-12:58:58,116) [ipv6_addrconf] (root,0,0,00:00:14/33-12:58:58,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/33-12:58:58,122) [kstrp] (root,0,0,00:00:00/33-12:58:58,123) [zswap-shrink] (root,0,0,00:00:00/33-12:58:58,124) [kworker/u9:0] (root,0,0,00:00:00/33-12:58:58,129) [charger_manager] (root,0,0,00:00:07/33-12:58:57,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/33-12:58:57,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-12:58:57,205) [kaluad] (root,0,0,00:00:00/33-12:58:57,250) [kmpath_rdacd] (root,0,0,00:00:00/33-12:58:57,293) [kmpathd] (root,0,0,00:00:00/33-12:58:57,294) [kmpath_handlerd] (root,0,0,00:00:00/33-12:58:57,342) [ata_sff] (root,0,0,00:00:00/33-12:58:56,343) [scsi_eh_0] (root,0,0,00:00:00/33-12:58:56,344) [scsi_tmf_0] (root,0,0,00:00:00/33-12:58:56,345) [scsi_eh_1] (root,0,0,00:00:00/33-12:58:56,346) [scsi_tmf_1] (root,0,0,00:00:54/33-12:58:54,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-12:58:54,367) [ext4-rsv-conver] (root,38604,7788,00:00:44/33-12:58:42,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/33-12:58:41,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:50/33-12:58:39,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/33-12:58:05,512) /sbin/auditd (messagebus,22936,5548,00:01:25/33-12:58:05,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:49/33-12:58:05,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/33-12:58:05,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/33-12:58:04,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/33-12:58:04,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:50:38,727) [kworker/u8:2-ext4-rsv-conversion] (root,548360,32524,00:00:38/33-12:57:50,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/33-12:57:50,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:08/33-12:57:49,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/33-12:57:49,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/33-12:57:49,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/33-12:57:49,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/33-12:57:49,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:42/33-12:57:49,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:34/33-12:57:49,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/33-12:57:49,1206) bpfilter_umh (root,26204,8212,00:00:13/33-12:57:49,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/33-12:57:49,1215) ntpd: asynchronous dns resolver (spot,293320,180008,1-17:43:49/33-12:57:49,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/33-12:57:48,1228) (sd-pam) (checkmk,48532,3192,00:00:00/33-12:57:48,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/33-12:57:48,1245) (sd-pam) (root,24216,5344,00:00:11/33-12:57:47,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/33-12:57:47,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/33-12:57:46,1354) /usr/sbin/cron -n (root,697972,81828,00:43:52/33-12:57:40,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,222656,63272,00:14:26/33-12:57:26,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/52:21,3524) [kworker/2:2-events] (root,0,0,00:00:00/05:58,3850) [kworker/1:1-ata_sff] (root,0,0,00:00:00/05:38,7073) [kworker/u8:1-writeback] (root,0,0,00:00:00/31:54,7957) [kworker/1:0-ata_sff] (postfix,24244,8272,00:00:00/01:11:02,13877) pickup -l -t fifo -u (root,35308,10012,00:00:00/27-10:48:42,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:31/27-10:48:41,15391) sshd: cm-ssh (root,35308,10072,00:00:00/17-12:17:20,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:00/17-12:17:19,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:29:16,18088) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/22:40,19428) [kworker/0:2-events] (root,0,0,00:00:03/01:58:56,24863) [kworker/2:1-events] (root,0,0,00:00:00/00:45,25067) [kworker/1:2-events] (root,6656,3488,00:00:00/00:00,29320) /bin/bash /usr/bin/check_mk_agent (root,13744,3392,00:00:00/00:00,29338) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,29339) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:02/02:21:14,29457) [kworker/3:0-events] (postfix,44628,9316,00:00:01/27-17:34:27,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/30:07,31017) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-15 23:21 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363bcc69c6cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:15/31-12:35:54,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-12:35:54,2) [kthreadd] (root,0,0,00:00:00/31-12:35:54,3) [rcu_gp] (root,0,0,00:00:00/31-12:35:54,4) [rcu_par_gp] (root,0,0,00:00:00/31-12:35:54,5) [slub_flushwq] (root,0,0,00:00:00/31-12:35:54,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-12:35:54,9) [mm_percpu_wq] (root,0,0,00:00:00/31-12:35:54,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-12:35:54,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-12:35:54,12) [rcu_tasks_trace] (root,0,0,00:00:57/31-12:35:54,13) [ksoftirqd/0] (root,0,0,01:23:49/31-12:35:54,14) [rcu_preempt] (root,0,0,00:00:11/31-12:35:54,15) [migration/0] (root,0,0,00:00:00/31-12:35:54,16) [idle_inject/0] (root,0,0,00:00:00/31-12:35:54,18) [cpuhp/0] (root,0,0,00:00:00/31-12:35:54,19) [cpuhp/1] (root,0,0,00:00:00/31-12:35:54,20) [idle_inject/1] (root,0,0,00:00:12/31-12:35:54,21) [migration/1] (root,0,0,00:00:50/31-12:35:54,22) [ksoftirqd/1] (root,0,0,00:00:00/31-12:35:54,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-12:35:54,25) [cpuhp/2] (root,0,0,00:00:00/31-12:35:54,26) [idle_inject/2] (root,0,0,00:00:09/31-12:35:54,27) [migration/2] (root,0,0,01:01:42/31-12:35:54,28) [ksoftirqd/2] (root,0,0,00:00:00/31-12:35:54,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-12:35:54,31) [cpuhp/3] (root,0,0,00:00:00/31-12:35:54,32) [idle_inject/3] (root,0,0,00:00:11/31-12:35:54,33) [migration/3] (root,0,0,00:02:50/31-12:35:54,34) [ksoftirqd/3] (root,0,0,00:00:00/31-12:35:54,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-12:35:54,39) [kdevtmpfs] (root,0,0,00:00:00/31-12:35:54,40) [netns] (root,0,0,00:00:00/31-12:35:54,41) [inet_frag_wq] (root,0,0,00:00:07/31-12:35:54,42) [kauditd] (root,0,0,00:00:00/31-12:35:54,43) [khungtaskd] (root,0,0,00:00:00/31-12:35:54,44) [oom_reaper] (root,0,0,00:00:00/31-12:35:54,45) [writeback] (root,0,0,00:01:32/31-12:35:54,46) [kcompactd0] (root,0,0,00:00:00/31-12:35:54,47) [ksmd] (root,0,0,00:01:31/31-12:35:54,48) [khugepaged] (root,0,0,00:00:00/31-12:35:54,74) [kintegrityd] (root,0,0,00:00:00/31-12:35:54,75) [kblockd] (root,0,0,00:00:00/31-12:35:54,76) [blkcg_punt_bio] (root,0,0,00:00:00/31-12:35:54,78) [tpm_dev_wq] (root,0,0,00:00:00/31-12:35:54,79) [edac-poller] (root,0,0,00:00:00/31-12:35:54,80) [devfreq_wq] (root,0,0,00:00:00/31-12:35:54,110) [watchdogd] (root,0,0,00:00:06/31-12:35:54,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/31-12:35:54,112) [kswapd0] (root,0,0,00:00:00/31-12:35:53,114) [kthrotld] (root,0,0,00:00:00/31-12:35:53,115) [mld] (root,0,0,00:00:00/31-12:35:53,116) [ipv6_addrconf] (root,0,0,00:00:13/31-12:35:53,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/31-12:35:53,122) [kstrp] (root,0,0,00:00:00/31-12:35:53,123) [zswap-shrink] (root,0,0,00:00:00/31-12:35:53,124) [kworker/u9:0] (root,0,0,00:00:00/31-12:35:53,129) [charger_manager] (root,0,0,00:00:07/31-12:35:52,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/31-12:35:52,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-12:35:52,205) [kaluad] (root,0,0,00:00:00/31-12:35:52,250) [kmpath_rdacd] (root,0,0,00:00:00/31-12:35:52,293) [kmpathd] (root,0,0,00:00:00/31-12:35:52,294) [kmpath_handlerd] (root,0,0,00:00:00/31-12:35:52,342) [ata_sff] (root,0,0,00:00:00/31-12:35:51,343) [scsi_eh_0] (root,0,0,00:00:00/31-12:35:51,344) [scsi_tmf_0] (root,0,0,00:00:00/31-12:35:51,345) [scsi_eh_1] (root,0,0,00:00:00/31-12:35:51,346) [scsi_tmf_1] (root,0,0,00:00:51/31-12:35:49,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-12:35:49,367) [ext4-rsv-conver] (root,38604,7788,00:00:42/31-12:35:37,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/31-12:35:36,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:47/31-12:35:34,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:15/31-12:35:00,512) /sbin/auditd (messagebus,22936,5548,00:01:21/31-12:35:00,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:47/31-12:35:00,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/31-12:35:00,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/31-12:34:59,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/31-12:34:59,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/52:34,843) [kworker/u8:2-flush-253:0] (root,548360,31484,00:00:35/31-12:34:45,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/31-12:34:45,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:02:55/31-12:34:44,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/31-12:34:44,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/31-12:34:44,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/31-12:34:44,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/31-12:34:44,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:40/31-12:34:44,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:17/31-12:34:44,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/31-12:34:44,1206) bpfilter_umh (root,26204,8212,00:00:12/31-12:34:44,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/31-12:34:44,1215) ntpd: asynchronous dns resolver (spot,286648,173768,1-15:26:24/31-12:34:44,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/31-12:34:43,1228) (sd-pam) (checkmk,48532,3192,00:00:00/31-12:34:43,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/31-12:34:43,1245) (sd-pam) (root,24216,5344,00:00:10/31-12:34:42,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/31-12:34:42,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/31-12:34:41,1354) /usr/sbin/cron -n (root,697972,81512,00:41:14/31-12:34:35,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,221632,61380,00:13:36/31-12:34:21,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:02/03:49:16,5886) [kworker/3:1-events] (root,0,0,00:00:02/03:26:45,8787) [kworker/0:2-events] (root,0,0,00:00:00/07:13,9978) [kworker/3:0-events] (root,0,0,00:00:01/51:40,11542) [kworker/2:0-events] (root,35308,10012,00:00:00/25-10:25:37,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:24/25-10:25:36,15391) sshd: cm-ssh (root,0,0,00:00:00/01:02:32,16327) [kworker/u8:0-writeback] (root,35308,10072,00:00:00/15-11:54:15,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:53/15-11:54:14,16977) sshd: syslogtunnel (root,0,0,00:00:00/08:18,24941) [kworker/1:2-ata_sff] (postfix,24244,8232,00:00:00/01:09:54,25164) pickup -l -t fifo -u (root,6656,3488,00:00:00/00:00,26104) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,26145) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,26146) /bin/bash /usr/bin/check_mk_agent (root,4480,1088,00:00:00/00:00,26147) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,768,00:00:00/00:00,26148) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2676,1304,00:00:00/00:00,26149) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3484,00:00:00/00:00,26150) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,26168) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,26169) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/29:17,29649) [kworker/2:2-events] (root,0,0,00:00:00/03:08,29982) [kworker/1:1-ata_sff] (postfix,44628,9316,00:00:01/25-17:11:22,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/29:04,31543) [kworker/1:0-events] (root,0,0,00:00:00/04:41:13,31966) [kworker/0:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-13 22:58 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836372f50519Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:12/29-13:05:09,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-13:05:09,2) [kthreadd] (root,0,0,00:00:00/29-13:05:09,3) [rcu_gp] (root,0,0,00:00:00/29-13:05:09,4) [rcu_par_gp] (root,0,0,00:00:00/29-13:05:09,5) [slub_flushwq] (root,0,0,00:00:00/29-13:05:09,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-13:05:09,9) [mm_percpu_wq] (root,0,0,00:00:00/29-13:05:09,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-13:05:09,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-13:05:09,12) [rcu_tasks_trace] (root,0,0,00:00:53/29-13:05:09,13) [ksoftirqd/0] (root,0,0,01:18:42/29-13:05:09,14) [rcu_preempt] (root,0,0,00:00:11/29-13:05:09,15) [migration/0] (root,0,0,00:00:00/29-13:05:09,16) [idle_inject/0] (root,0,0,00:00:00/29-13:05:09,18) [cpuhp/0] (root,0,0,00:00:00/29-13:05:09,19) [cpuhp/1] (root,0,0,00:00:00/29-13:05:09,20) [idle_inject/1] (root,0,0,00:00:11/29-13:05:09,21) [migration/1] (root,0,0,00:00:46/29-13:05:09,22) [ksoftirqd/1] (root,0,0,00:00:00/29-13:05:09,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-13:05:09,25) [cpuhp/2] (root,0,0,00:00:00/29-13:05:09,26) [idle_inject/2] (root,0,0,00:00:09/29-13:05:09,27) [migration/2] (root,0,0,00:58:02/29-13:05:09,28) [ksoftirqd/2] (root,0,0,00:00:00/29-13:05:09,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-13:05:09,31) [cpuhp/3] (root,0,0,00:00:00/29-13:05:09,32) [idle_inject/3] (root,0,0,00:00:11/29-13:05:09,33) [migration/3] (root,0,0,00:02:40/29-13:05:09,34) [ksoftirqd/3] (root,0,0,00:00:00/29-13:05:09,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-13:05:09,39) [kdevtmpfs] (root,0,0,00:00:00/29-13:05:09,40) [netns] (root,0,0,00:00:00/29-13:05:09,41) [inet_frag_wq] (root,0,0,00:00:06/29-13:05:09,42) [kauditd] (root,0,0,00:00:00/29-13:05:09,43) [khungtaskd] (root,0,0,00:00:00/29-13:05:09,44) [oom_reaper] (root,0,0,00:00:00/29-13:05:09,45) [writeback] (root,0,0,00:01:26/29-13:05:09,46) [kcompactd0] (root,0,0,00:00:00/29-13:05:09,47) [ksmd] (root,0,0,00:01:25/29-13:05:09,48) [khugepaged] (root,0,0,00:00:00/29-13:05:09,74) [kintegrityd] (root,0,0,00:00:00/29-13:05:09,75) [kblockd] (root,0,0,00:00:00/29-13:05:09,76) [blkcg_punt_bio] (root,0,0,00:00:00/29-13:05:09,78) [tpm_dev_wq] (root,0,0,00:00:00/29-13:05:09,79) [edac-poller] (root,0,0,00:00:00/29-13:05:09,80) [devfreq_wq] (root,0,0,00:00:00/29-13:05:09,110) [watchdogd] (root,0,0,00:00:06/29-13:05:09,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/29-13:05:09,112) [kswapd0] (root,0,0,00:00:00/29-13:05:08,114) [kthrotld] (root,0,0,00:00:00/29-13:05:08,115) [mld] (root,0,0,00:00:00/29-13:05:08,116) [ipv6_addrconf] (root,0,0,00:00:12/29-13:05:08,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/29-13:05:08,122) [kstrp] (root,0,0,00:00:00/29-13:05:08,123) [zswap-shrink] (root,0,0,00:00:00/29-13:05:08,124) [kworker/u9:0] (root,0,0,00:00:00/29-13:05:08,129) [charger_manager] (root,0,0,00:00:06/29-13:05:07,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/29-13:05:07,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-13:05:07,205) [kaluad] (root,0,0,00:00:00/29-13:05:07,250) [kmpath_rdacd] (root,0,0,00:00:00/29-13:05:07,293) [kmpathd] (root,0,0,00:00:00/29-13:05:07,294) [kmpath_handlerd] (root,0,0,00:00:00/29-13:05:07,342) [ata_sff] (root,0,0,00:00:00/29-13:05:06,343) [scsi_eh_0] (root,0,0,00:00:00/29-13:05:06,344) [scsi_tmf_0] (root,0,0,00:00:00/29-13:05:06,345) [scsi_eh_1] (root,0,0,00:00:00/29-13:05:06,346) [scsi_tmf_1] (root,0,0,00:00:48/29-13:05:04,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-13:05:04,367) [ext4-rsv-conver] (root,38604,7788,00:00:40/29-13:04:52,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/29-13:04:51,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:44/29-13:04:49,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/29-13:04:15,512) /sbin/auditd (messagebus,22936,5548,00:01:18/29-13:04:15,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:45/29-13:04:15,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/29-13:04:15,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/29-13:04:14,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/29-13:04:14,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:33/29-13:04:00,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/29-13:04:00,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:41/29-13:03:59,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/29-13:03:59,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/29-13:03:59,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/29-13:03:59,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/29-13:03:59,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:38/29-13:03:59,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:01/29-13:03:59,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/29-13:03:59,1206) bpfilter_umh (root,26204,8212,00:00:12/29-13:03:59,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/29-13:03:59,1215) ntpd: asynchronous dns resolver (spot,291564,178804,1-12:56:30/29-13:03:59,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/29-13:03:58,1228) (sd-pam) (checkmk,48532,3192,00:00:00/29-13:03:58,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/29-13:03:58,1245) (sd-pam) (root,24216,5344,00:00:09/29-13:03:57,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/29-13:03:57,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/29-13:03:56,1354) /usr/sbin/cron -n (root,697576,81132,00:38:38/29-13:03:50,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,220608,60496,00:12:52/29-13:03:36,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/07:00,3727) [kworker/2:1] (root,0,0,00:00:00/06:56,3949) [kworker/u8:1-writeback] (root,0,0,00:00:00/10:19:23,6101) [kworker/0:2-events] (root,0,0,00:00:00/05:55,7065) [kworker/1:2-ata_sff] (root,0,0,00:00:00/02:12:16,8802) [kworker/u8:0] (root,0,0,00:00:00/28:57,12543) [kworker/3:2-events] (root,0,0,00:00:00/27:21,13387) [kworker/2:0-events] (root,0,0,00:00:00/01:32:10,14764) [kworker/3:0-events] (root,35308,10012,00:00:00/23-10:54:52,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:18/23-10:54:51,15391) sshd: cm-ssh (root,35308,10072,00:00:00/13-12:23:30,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:46/13-12:23:29,16977) sshd: syslogtunnel (root,0,0,00:00:00/00:44,20153) [kworker/1:1-ata_sff] (root,0,0,00:00:01/05:47:42,20264) [kworker/0:1-events] (root,6656,3488,00:00:00/00:00,22094) /bin/bash /usr/bin/check_mk_agent (root,13744,3464,00:00:00/00:00,22112) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,22113) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8172,00:00:00/20:55,28504) pickup -l -t fifo -u (root,0,0,00:00:07/15:24:15,29407) [kworker/1:0-events] (postfix,44628,9316,00:00:01/23-17:40:37,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-11 23:27 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836305311935Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:08/27-13:17:58,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-13:17:58,2) [kthreadd] (root,0,0,00:00:00/27-13:17:58,3) [rcu_gp] (root,0,0,00:00:00/27-13:17:58,4) [rcu_par_gp] (root,0,0,00:00:00/27-13:17:58,5) [slub_flushwq] (root,0,0,00:00:00/27-13:17:58,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-13:17:58,9) [mm_percpu_wq] (root,0,0,00:00:00/27-13:17:58,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-13:17:58,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-13:17:58,12) [rcu_tasks_trace] (root,0,0,00:00:50/27-13:17:58,13) [ksoftirqd/0] (root,0,0,01:13:35/27-13:17:58,14) [rcu_preempt] (root,0,0,00:00:10/27-13:17:58,15) [migration/0] (root,0,0,00:00:00/27-13:17:58,16) [idle_inject/0] (root,0,0,00:00:00/27-13:17:58,18) [cpuhp/0] (root,0,0,00:00:00/27-13:17:58,19) [cpuhp/1] (root,0,0,00:00:00/27-13:17:58,20) [idle_inject/1] (root,0,0,00:00:10/27-13:17:58,21) [migration/1] (root,0,0,00:00:43/27-13:17:58,22) [ksoftirqd/1] (root,0,0,00:00:00/27-13:17:58,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-13:17:58,25) [cpuhp/2] (root,0,0,00:00:00/27-13:17:58,26) [idle_inject/2] (root,0,0,00:00:08/27-13:17:58,27) [migration/2] (root,0,0,00:55:22/27-13:17:58,28) [ksoftirqd/2] (root,0,0,00:00:00/27-13:17:58,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-13:17:58,31) [cpuhp/3] (root,0,0,00:00:00/27-13:17:58,32) [idle_inject/3] (root,0,0,00:00:10/27-13:17:58,33) [migration/3] (root,0,0,00:02:31/27-13:17:58,34) [ksoftirqd/3] (root,0,0,00:00:00/27-13:17:58,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-13:17:58,39) [kdevtmpfs] (root,0,0,00:00:00/27-13:17:58,40) [netns] (root,0,0,00:00:00/27-13:17:58,41) [inet_frag_wq] (root,0,0,00:00:06/27-13:17:58,42) [kauditd] (root,0,0,00:00:00/27-13:17:58,43) [khungtaskd] (root,0,0,00:00:00/27-13:17:58,44) [oom_reaper] (root,0,0,00:00:00/27-13:17:58,45) [writeback] (root,0,0,00:01:21/27-13:17:58,46) [kcompactd0] (root,0,0,00:00:00/27-13:17:58,47) [ksmd] (root,0,0,00:01:19/27-13:17:58,48) [khugepaged] (root,0,0,00:00:00/27-13:17:58,74) [kintegrityd] (root,0,0,00:00:00/27-13:17:58,75) [kblockd] (root,0,0,00:00:00/27-13:17:58,76) [blkcg_punt_bio] (root,0,0,00:00:00/27-13:17:58,78) [tpm_dev_wq] (root,0,0,00:00:00/27-13:17:58,79) [edac-poller] (root,0,0,00:00:00/27-13:17:58,80) [devfreq_wq] (root,0,0,00:00:00/27-13:17:58,110) [watchdogd] (root,0,0,00:00:05/27-13:17:58,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/27-13:17:58,112) [kswapd0] (root,0,0,00:00:00/27-13:17:57,114) [kthrotld] (root,0,0,00:00:00/27-13:17:57,115) [mld] (root,0,0,00:00:00/27-13:17:57,116) [ipv6_addrconf] (root,0,0,00:00:11/27-13:17:57,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/27-13:17:57,122) [kstrp] (root,0,0,00:00:00/27-13:17:57,123) [zswap-shrink] (root,0,0,00:00:00/27-13:17:57,124) [kworker/u9:0] (root,0,0,00:00:00/27-13:17:57,129) [charger_manager] (root,0,0,00:00:06/27-13:17:56,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/27-13:17:56,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-13:17:56,205) [kaluad] (root,0,0,00:00:00/27-13:17:56,250) [kmpath_rdacd] (root,0,0,00:00:00/27-13:17:56,293) [kmpathd] (root,0,0,00:00:00/27-13:17:56,294) [kmpath_handlerd] (root,0,0,00:00:00/27-13:17:56,342) [ata_sff] (root,0,0,00:00:00/27-13:17:55,343) [scsi_eh_0] (root,0,0,00:00:00/27-13:17:55,344) [scsi_tmf_0] (root,0,0,00:00:00/27-13:17:55,345) [scsi_eh_1] (root,0,0,00:00:00/27-13:17:55,346) [scsi_tmf_1] (root,0,0,00:00:44/27-13:17:53,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-13:17:53,367) [ext4-rsv-conver] (root,38604,7788,00:00:38/27-13:17:41,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/27-13:17:40,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:41/27-13:17:38,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/27-13:17:04,512) /sbin/auditd (messagebus,22936,5548,00:01:14/27-13:17:04,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8520,00:00:43/27-13:17:04,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/27-13:17:04,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/27-13:17:03,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/27-13:17:03,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:31/27-13:16:49,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/27-13:16:49,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:33/27-13:16:48,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/27-13:16:48,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/27-13:16:48,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/27-13:16:48,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/27-13:16:48,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:36/27-13:16:48,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:03:45/27-13:16:48,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/27-13:16:48,1206) bpfilter_umh (root,26204,8212,00:00:11/27-13:16:48,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/27-13:16:48,1215) ntpd: asynchronous dns resolver (spot,290056,176668,1-10:36:38/27-13:16:48,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/27-13:16:47,1228) (sd-pam) (checkmk,48532,3192,00:00:00/27-13:16:47,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/27-13:16:47,1245) (sd-pam) (root,24216,5344,00:00:09/27-13:16:46,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/27-13:16:46,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/27-13:16:45,1354) /usr/sbin/cron -n (root,697064,80568,00:36:03/27-13:16:39,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,219584,58616,00:11:34/27-13:16:25,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/02:31:30,1639) [kworker/3:1-events] (root,0,0,00:00:00/05:05,8451) [kworker/u8:2-writeback] (root,0,0,00:00:00/20:07,9624) [kworker/1:0-events] (root,0,0,00:00:00/04:33,9934) [kworker/1:2-events_freezable_power_] (root,0,0,00:00:00/02:24,13512) [kworker/1:3-events] (postfix,24244,8148,00:00:00/55:44,14566) pickup -l -t fifo -u (root,35308,10012,00:00:00/21-11:07:41,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:11/21-11:07:40,15391) sshd: cm-ssh (root,0,0,00:00:00/54:40,16439) [kworker/u8:1-ext4-rsv-conversion] (root,35308,10072,00:00:00/11-12:36:19,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:40/11-12:36:18,16977) sshd: syslogtunnel (root,0,0,00:00:01/05:28:05,18730) [kworker/0:0-events] (root,6656,3488,00:00:00/00:00,19770) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,19788) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,19789) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/24:54,20541) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/31:08,20552) [kworker/2:1] (root,0,0,00:00:00/52:31,23802) [kworker/0:1] (root,0,0,00:00:00/09:46,26286) [kworker/1:1-ata_sff] (root,0,0,00:00:00/40:00,27932) [kworker/2:2-events] (postfix,44628,9316,00:00:00/21-17:53:26,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:24:25,32261) [kworker/3:0-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-09 23:40 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b27b5b2eFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12816,00:01:04/25-13:07:03,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-13:07:03,2) [kthreadd] (root,0,0,00:00:00/25-13:07:03,3) [rcu_gp] (root,0,0,00:00:00/25-13:07:03,4) [rcu_par_gp] (root,0,0,00:00:00/25-13:07:03,5) [slub_flushwq] (root,0,0,00:00:00/25-13:07:03,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-13:07:03,9) [mm_percpu_wq] (root,0,0,00:00:00/25-13:07:03,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-13:07:03,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-13:07:03,12) [rcu_tasks_trace] (root,0,0,00:00:46/25-13:07:03,13) [ksoftirqd/0] (root,0,0,01:08:16/25-13:07:03,14) [rcu_preempt] (root,0,0,00:00:09/25-13:07:03,15) [migration/0] (root,0,0,00:00:00/25-13:07:03,16) [idle_inject/0] (root,0,0,00:00:00/25-13:07:03,18) [cpuhp/0] (root,0,0,00:00:00/25-13:07:03,19) [cpuhp/1] (root,0,0,00:00:00/25-13:07:03,20) [idle_inject/1] (root,0,0,00:00:10/25-13:07:03,21) [migration/1] (root,0,0,00:00:40/25-13:07:03,22) [ksoftirqd/1] (root,0,0,00:00:00/25-13:07:03,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-13:07:03,25) [cpuhp/2] (root,0,0,00:00:00/25-13:07:03,26) [idle_inject/2] (root,0,0,00:00:08/25-13:07:03,27) [migration/2] (root,0,0,00:52:04/25-13:07:03,28) [ksoftirqd/2] (root,0,0,00:00:00/25-13:07:03,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-13:07:03,31) [cpuhp/3] (root,0,0,00:00:00/25-13:07:03,32) [idle_inject/3] (root,0,0,00:00:09/25-13:07:03,33) [migration/3] (root,0,0,00:02:21/25-13:07:03,34) [ksoftirqd/3] (root,0,0,00:00:00/25-13:07:03,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-13:07:03,39) [kdevtmpfs] (root,0,0,00:00:00/25-13:07:03,40) [netns] (root,0,0,00:00:00/25-13:07:03,41) [inet_frag_wq] (root,0,0,00:00:06/25-13:07:03,42) [kauditd] (root,0,0,00:00:00/25-13:07:03,43) [khungtaskd] (root,0,0,00:00:00/25-13:07:03,44) [oom_reaper] (root,0,0,00:00:00/25-13:07:03,45) [writeback] (root,0,0,00:01:14/25-13:07:03,46) [kcompactd0] (root,0,0,00:00:00/25-13:07:03,47) [ksmd] (root,0,0,00:01:14/25-13:07:03,48) [khugepaged] (root,0,0,00:00:00/25-13:07:03,74) [kintegrityd] (root,0,0,00:00:00/25-13:07:03,75) [kblockd] (root,0,0,00:00:00/25-13:07:03,76) [blkcg_punt_bio] (root,0,0,00:00:00/25-13:07:03,78) [tpm_dev_wq] (root,0,0,00:00:00/25-13:07:03,79) [edac-poller] (root,0,0,00:00:00/25-13:07:03,80) [devfreq_wq] (root,0,0,00:00:00/25-13:07:03,110) [watchdogd] (root,0,0,00:00:05/25-13:07:03,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/25-13:07:03,112) [kswapd0] (root,0,0,00:00:00/25-13:07:02,114) [kthrotld] (root,0,0,00:00:00/25-13:07:02,115) [mld] (root,0,0,00:00:00/25-13:07:02,116) [ipv6_addrconf] (root,0,0,00:00:11/25-13:07:02,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/25-13:07:02,122) [kstrp] (root,0,0,00:00:00/25-13:07:02,123) [zswap-shrink] (root,0,0,00:00:00/25-13:07:02,124) [kworker/u9:0] (root,0,0,00:00:00/25-13:07:02,129) [charger_manager] (root,0,0,00:00:05/25-13:07:01,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/25-13:07:01,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-13:07:01,205) [kaluad] (root,0,0,00:00:00/25-13:07:01,250) [kmpath_rdacd] (root,0,0,00:00:00/25-13:07:01,293) [kmpathd] (root,0,0,00:00:00/25-13:07:01,294) [kmpath_handlerd] (root,0,0,00:00:00/25-13:07:01,342) [ata_sff] (root,0,0,00:00:00/25-13:07:00,343) [scsi_eh_0] (root,0,0,00:00:00/25-13:07:00,344) [scsi_tmf_0] (root,0,0,00:00:00/25-13:07:00,345) [scsi_eh_1] (root,0,0,00:00:00/25-13:07:00,346) [scsi_tmf_1] (root,0,0,00:00:40/25-13:06:58,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-13:06:58,367) [ext4-rsv-conver] (root,38604,7876,00:00:36/25-13:06:46,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:03/25-13:06:45,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:38/25-13:06:43,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:13/25-13:06:09,512) /sbin/auditd (messagebus,22936,5640,00:01:10/25-13:06:09,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:40/25-13:06:09,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/25-13:06:09,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/25-13:06:08,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/25-13:06:08,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,30844,00:00:29/25-13:05:54,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/25-13:05:54,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:19/25-13:05:53,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/25-13:05:53,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/25-13:05:53,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/25-13:05:53,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/25-13:05:53,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:34/25-13:05:53,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:28/25-13:05:53,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/25-13:05:53,1206) bpfilter_umh (root,26204,8300,00:00:11/25-13:05:53,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/25-13:05:53,1215) ntpd: asynchronous dns resolver (spot,301744,188340,1-08:02:11/25-13:05:53,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/25-13:05:52,1228) (sd-pam) (checkmk,48532,3192,00:00:00/25-13:05:52,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/25-13:05:52,1245) (sd-pam) (root,24216,5348,00:00:08/25-13:05:51,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/25-13:05:51,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/25-13:05:50,1354) /usr/sbin/cron -n (root,694116,77808,00:33:25/25-13:05:44,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,218560,57992,00:10:09/25-13:05:30,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/04:19,3014) [kworker/1:0-events] (root,0,0,00:00:00/36:38,7950) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/02:16,14356) [kworker/2:0-events] (root,0,0,00:00:00/02:25:18,15018) [kworker/0:2-events] (root,35308,10012,00:00:00/19-10:56:46,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:05/19-10:56:45,15391) sshd: cm-ssh (root,0,0,00:00:00/29:50,16404) [kworker/0:1-events] (root,35308,10072,00:00:00/9-12:25:24,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:33/9-12:25:23,16977) sshd: syslogtunnel (root,0,0,00:00:00/09:31,17007) [kworker/1:2-ata_sff] (root,0,0,00:00:00/08:59:14,17512) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:01/07:24:04,18263) [kworker/3:2-events] (root,0,0,00:00:05/06:09:38,21123) [kworker/2:1-events] (root,6656,3488,00:00:00/00:00,22541) /bin/bash /usr/bin/check_mk_agent (root,13744,3524,00:00:00/00:00,22559) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,22560) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/59:06,25316) [kworker/u8:0-writeback] (postfix,44628,9372,00:00:00/19-17:42:31,30472) tlsmgr -l -t unix -u (postfix,24244,8260,00:00:00/01:05:43,30743) pickup -l -t fifo -u (root,0,0,00:00:00/22:59,31436) [kworker/3:1] (root,0,0,00:00:02/03:26:40,31732) [kworker/1:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-07 23:29 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633d9c06deFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:01:01/23-13:17:30,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-13:17:30,2) [kthreadd] (root,0,0,00:00:00/23-13:17:30,3) [rcu_gp] (root,0,0,00:00:00/23-13:17:30,4) [rcu_par_gp] (root,0,0,00:00:00/23-13:17:30,5) [slub_flushwq] (root,0,0,00:00:00/23-13:17:30,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-13:17:30,9) [mm_percpu_wq] (root,0,0,00:00:00/23-13:17:30,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-13:17:30,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-13:17:30,12) [rcu_tasks_trace] (root,0,0,00:00:42/23-13:17:30,13) [ksoftirqd/0] (root,0,0,01:02:43/23-13:17:30,14) [rcu_preempt] (root,0,0,00:00:08/23-13:17:30,15) [migration/0] (root,0,0,00:00:00/23-13:17:30,16) [idle_inject/0] (root,0,0,00:00:00/23-13:17:30,18) [cpuhp/0] (root,0,0,00:00:00/23-13:17:30,19) [cpuhp/1] (root,0,0,00:00:00/23-13:17:30,20) [idle_inject/1] (root,0,0,00:00:09/23-13:17:30,21) [migration/1] (root,0,0,00:00:37/23-13:17:30,22) [ksoftirqd/1] (root,0,0,00:00:00/23-13:17:30,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-13:17:30,25) [cpuhp/2] (root,0,0,00:00:00/23-13:17:30,26) [idle_inject/2] (root,0,0,00:00:07/23-13:17:30,27) [migration/2] (root,0,0,00:47:27/23-13:17:30,28) [ksoftirqd/2] (root,0,0,00:00:00/23-13:17:30,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-13:17:30,31) [cpuhp/3] (root,0,0,00:00:00/23-13:17:30,32) [idle_inject/3] (root,0,0,00:00:08/23-13:17:30,33) [migration/3] (root,0,0,00:02:10/23-13:17:30,34) [ksoftirqd/3] (root,0,0,00:00:00/23-13:17:30,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-13:17:30,39) [kdevtmpfs] (root,0,0,00:00:00/23-13:17:30,40) [netns] (root,0,0,00:00:00/23-13:17:30,41) [inet_frag_wq] (root,0,0,00:00:05/23-13:17:30,42) [kauditd] (root,0,0,00:00:00/23-13:17:30,43) [khungtaskd] (root,0,0,00:00:00/23-13:17:30,44) [oom_reaper] (root,0,0,00:00:00/23-13:17:30,45) [writeback] (root,0,0,00:01:09/23-13:17:30,46) [kcompactd0] (root,0,0,00:00:00/23-13:17:30,47) [ksmd] (root,0,0,00:01:08/23-13:17:30,48) [khugepaged] (root,0,0,00:00:00/23-13:17:30,74) [kintegrityd] (root,0,0,00:00:00/23-13:17:30,75) [kblockd] (root,0,0,00:00:00/23-13:17:30,76) [blkcg_punt_bio] (root,0,0,00:00:00/23-13:17:30,78) [tpm_dev_wq] (root,0,0,00:00:00/23-13:17:30,79) [edac-poller] (root,0,0,00:00:00/23-13:17:30,80) [devfreq_wq] (root,0,0,00:00:00/23-13:17:30,110) [watchdogd] (root,0,0,00:00:04/23-13:17:30,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/23-13:17:30,112) [kswapd0] (root,0,0,00:00:00/23-13:17:29,114) [kthrotld] (root,0,0,00:00:00/23-13:17:29,115) [mld] (root,0,0,00:00:00/23-13:17:29,116) [ipv6_addrconf] (root,0,0,00:00:10/23-13:17:29,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/23-13:17:29,122) [kstrp] (root,0,0,00:00:00/23-13:17:29,123) [zswap-shrink] (root,0,0,00:00:00/23-13:17:29,124) [kworker/u9:0] (root,0,0,00:00:00/23-13:17:29,129) [charger_manager] (root,0,0,00:00:05/23-13:17:28,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/23-13:17:28,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-13:17:28,205) [kaluad] (root,0,0,00:00:00/23-13:17:28,250) [kmpath_rdacd] (root,0,0,00:00:00/23-13:17:28,293) [kmpathd] (root,0,0,00:00:00/23-13:17:28,294) [kmpath_handlerd] (root,0,0,00:00:00/23-13:17:28,342) [ata_sff] (root,0,0,00:00:00/23-13:17:27,343) [scsi_eh_0] (root,0,0,00:00:00/23-13:17:27,344) [scsi_tmf_0] (root,0,0,00:00:00/23-13:17:27,345) [scsi_eh_1] (root,0,0,00:00:00/23-13:17:27,346) [scsi_tmf_1] (root,0,0,00:00:37/23-13:17:25,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-13:17:25,367) [ext4-rsv-conver] (root,38604,7876,00:00:34/23-13:17:13,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/23-13:17:12,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:35/23-13:17:10,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:12/23-13:16:36,512) /sbin/auditd (messagebus,22936,5640,00:01:07/23-13:16:36,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:38/23-13:16:36,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/23-13:16:36,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/23-13:16:35,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/23-13:16:35,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,30324,00:00:26/23-13:16:21,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/23-13:16:21,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:07/23-13:16:20,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/23-13:16:20,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/23-13:16:20,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/23-13:16:20,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/23-13:16:20,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:32/23-13:16:20,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:12/23-13:16:20,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/23-13:16:20,1206) bpfilter_umh (root,26204,8300,00:00:10/23-13:16:20,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/23-13:16:20,1215) ntpd: asynchronous dns resolver (spot,285548,172744,1-05:36:57/23-13:16:20,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/23-13:16:19,1228) (sd-pam) (checkmk,48532,3192,00:00:00/23-13:16:19,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/23-13:16:19,1245) (sd-pam) (root,24216,5348,00:00:07/23-13:16:18,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/23-13:16:18,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/23-13:16:17,1354) /usr/sbin/cron -n (root,693860,77156,00:30:43/23-13:16:11,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,55852,00:08:42/23-13:15:57,1380) /usr/bin/python3.11 /usr/bin/spot (root,6656,3480,00:00:00/00:00,2017) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,2035) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,2036) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/47:06,3891) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/39:00,7143) [kworker/u8:1-writeback] (root,0,0,00:00:00/02:07:55,7973) [kworker/0:1-events] (root,35308,10012,00:00:00/17-11:07:13,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:58/17-11:07:12,15391) sshd: cm-ssh (root,0,0,00:00:00/07:09,16533) [kworker/1:1-ata_sff] (root,0,0,00:00:01/04:01:33,16672) [kworker/3:2-events] (root,35308,10072,00:00:00/7-12:35:51,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:26/7-12:35:50,16977) sshd: syslogtunnel (root,0,0,00:00:00/05:49,19831) [kworker/2:1-events] (root,0,0,00:00:00/12:41,26295) [kworker/0:2-events] (root,0,0,00:00:00/26:23,27140) [kworker/2:2-events] (postfix,24244,8160,00:00:00/01:37:58,28146) pickup -l -t fifo -u (root,0,0,00:00:01/02:22:04,30106) [kworker/1:2-events] (root,0,0,00:00:00/01:59,30408) [kworker/1:0-ata_sff] (postfix,44628,9372,00:00:00/17-17:52:58,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:07:10,31932) [kworker/3:1] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-05 23:39 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a364ebe5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12808,00:00:57/21-13:34:29,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-13:34:29,2) [kthreadd] (root,0,0,00:00:00/21-13:34:29,3) [rcu_gp] (root,0,0,00:00:00/21-13:34:29,4) [rcu_par_gp] (root,0,0,00:00:00/21-13:34:29,5) [slub_flushwq] (root,0,0,00:00:00/21-13:34:29,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-13:34:29,9) [mm_percpu_wq] (root,0,0,00:00:00/21-13:34:29,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-13:34:29,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-13:34:29,12) [rcu_tasks_trace] (root,0,0,00:00:39/21-13:34:29,13) [ksoftirqd/0] (root,0,0,00:57:24/21-13:34:29,14) [rcu_preempt] (root,0,0,00:00:08/21-13:34:29,15) [migration/0] (root,0,0,00:00:00/21-13:34:29,16) [idle_inject/0] (root,0,0,00:00:00/21-13:34:29,18) [cpuhp/0] (root,0,0,00:00:00/21-13:34:29,19) [cpuhp/1] (root,0,0,00:00:00/21-13:34:29,20) [idle_inject/1] (root,0,0,00:00:08/21-13:34:29,21) [migration/1] (root,0,0,00:00:34/21-13:34:29,22) [ksoftirqd/1] (root,0,0,00:00:00/21-13:34:29,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-13:34:29,25) [cpuhp/2] (root,0,0,00:00:00/21-13:34:29,26) [idle_inject/2] (root,0,0,00:00:06/21-13:34:29,27) [migration/2] (root,0,0,00:43:34/21-13:34:29,28) [ksoftirqd/2] (root,0,0,00:00:00/21-13:34:29,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-13:34:29,31) [cpuhp/3] (root,0,0,00:00:00/21-13:34:29,32) [idle_inject/3] (root,0,0,00:00:08/21-13:34:29,33) [migration/3] (root,0,0,00:02:00/21-13:34:29,34) [ksoftirqd/3] (root,0,0,00:00:00/21-13:34:29,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-13:34:29,39) [kdevtmpfs] (root,0,0,00:00:00/21-13:34:29,40) [netns] (root,0,0,00:00:00/21-13:34:29,41) [inet_frag_wq] (root,0,0,00:00:05/21-13:34:29,42) [kauditd] (root,0,0,00:00:00/21-13:34:29,43) [khungtaskd] (root,0,0,00:00:00/21-13:34:29,44) [oom_reaper] (root,0,0,00:00:00/21-13:34:29,45) [writeback] (root,0,0,00:01:03/21-13:34:29,46) [kcompactd0] (root,0,0,00:00:00/21-13:34:29,47) [ksmd] (root,0,0,00:01:02/21-13:34:29,48) [khugepaged] (root,0,0,00:00:00/21-13:34:29,74) [kintegrityd] (root,0,0,00:00:00/21-13:34:29,75) [kblockd] (root,0,0,00:00:00/21-13:34:29,76) [blkcg_punt_bio] (root,0,0,00:00:00/21-13:34:29,78) [tpm_dev_wq] (root,0,0,00:00:00/21-13:34:29,79) [edac-poller] (root,0,0,00:00:00/21-13:34:29,80) [devfreq_wq] (root,0,0,00:00:00/21-13:34:29,110) [watchdogd] (root,0,0,00:00:04/21-13:34:29,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/21-13:34:29,112) [kswapd0] (root,0,0,00:00:00/21-13:34:28,114) [kthrotld] (root,0,0,00:00:00/21-13:34:28,115) [mld] (root,0,0,00:00:00/21-13:34:28,116) [ipv6_addrconf] (root,0,0,00:00:09/21-13:34:28,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/21-13:34:28,122) [kstrp] (root,0,0,00:00:00/21-13:34:28,123) [zswap-shrink] (root,0,0,00:00:00/21-13:34:28,124) [kworker/u9:0] (root,0,0,00:00:00/21-13:34:28,129) [charger_manager] (root,0,0,00:00:04/21-13:34:27,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/21-13:34:27,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-13:34:27,205) [kaluad] (root,0,0,00:00:00/21-13:34:27,250) [kmpath_rdacd] (root,0,0,00:00:00/21-13:34:27,293) [kmpathd] (root,0,0,00:00:00/21-13:34:27,294) [kmpath_handlerd] (root,0,0,00:00:00/21-13:34:27,342) [ata_sff] (root,0,0,00:00:00/21-13:34:26,343) [scsi_eh_0] (root,0,0,00:00:00/21-13:34:26,344) [scsi_tmf_0] (root,0,0,00:00:00/21-13:34:26,345) [scsi_eh_1] (root,0,0,00:00:00/21-13:34:26,346) [scsi_tmf_1] (root,0,0,00:00:33/21-13:34:24,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-13:34:24,367) [ext4-rsv-conver] (root,38604,7876,00:00:31/21-13:34:12,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/21-13:34:11,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:32/21-13:34:09,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:11/21-13:33:35,512) /sbin/auditd (messagebus,22936,5640,00:01:03/21-13:33:35,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:36/21-13:33:35,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/21-13:33:35,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/21-13:33:34,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/21-13:33:34,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29804,00:00:24/21-13:33:20,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/21-13:33:20,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:59/21-13:33:19,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/21-13:33:19,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/21-13:33:19,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/21-13:33:19,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/21-13:33:19,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:30/21-13:33:19,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:02:55/21-13:33:19,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/21-13:33:19,1206) bpfilter_umh (root,26204,8300,00:00:09/21-13:33:19,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/21-13:33:19,1215) ntpd: asynchronous dns resolver (spot,285564,171968,1-03:16:35/21-13:33:19,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/21-13:33:18,1228) (sd-pam) (checkmk,48532,3192,00:00:00/21-13:33:18,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/21-13:33:18,1245) (sd-pam) (root,24216,5348,00:00:07/21-13:33:17,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/21-13:33:17,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/21-13:33:16,1354) /usr/sbin/cron -n (root,693604,76796,00:28:04/21-13:33:10,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,216512,54956,00:07:23/21-13:32:56,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:02/02:15:12,1511) [kworker/2:0-events] (root,0,0,00:00:00/47:55,3242) [kworker/1:2-events] (root,0,0,00:00:00/13:13,3967) [kworker/0:1-events] (postfix,24244,8180,00:00:00/36:47,7480) pickup -l -t fifo -u (root,0,0,00:00:00/19:31,9645) [kworker/2:1] (root,0,0,00:00:00/01:15,11851) [kworker/1:1-ata_sff] (root,35308,10012,00:00:00/15-11:24:12,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:51/15-11:24:11,15391) sshd: cm-ssh (root,0,0,00:00:00/25:51,15943) [kworker/3:2-events] (root,35308,10072,00:00:00/5-12:52:50,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:19/5-12:52:49,16977) sshd: syslogtunnel (root,6656,3484,00:00:00/00:00,18146) /bin/bash /usr/bin/check_mk_agent (root,6656,1820,00:00:00/00:00,18187) /bin/bash /usr/bin/check_mk_agent (root,6656,2012,00:00:00/00:00,18188) /bin/bash /usr/bin/check_mk_agent (root,4480,1168,00:00:00/00:00,18189) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,812,00:00:00/00:00,18190) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,652,00:00:00/00:00,18191) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3484,00:00:00/00:00,18192) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,18210) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,18211) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:04:52,20180) [kworker/0:0-events] (root,0,0,00:00:00/01:11:38,27154) [kworker/u8:0-writeback] (root,0,0,00:00:00/04:09:29,28374) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/06:26,28466) [kworker/1:0-ata_sff] (root,0,0,00:00:02/08:05:46,30433) [kworker/3:1-events] (postfix,44628,9372,00:00:00/15-18:09:57,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-03 23:56 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363332b22faFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12828,00:00:53/19-12:52:21,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-12:52:21,2) [kthreadd] (root,0,0,00:00:00/19-12:52:21,3) [rcu_gp] (root,0,0,00:00:00/19-12:52:21,4) [rcu_par_gp] (root,0,0,00:00:00/19-12:52:21,5) [slub_flushwq] (root,0,0,00:00:00/19-12:52:21,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-12:52:21,9) [mm_percpu_wq] (root,0,0,00:00:00/19-12:52:21,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-12:52:21,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-12:52:21,12) [rcu_tasks_trace] (root,0,0,00:00:35/19-12:52:21,13) [ksoftirqd/0] (root,0,0,00:52:03/19-12:52:21,14) [rcu_preempt] (root,0,0,00:00:07/19-12:52:21,15) [migration/0] (root,0,0,00:00:00/19-12:52:21,16) [idle_inject/0] (root,0,0,00:00:00/19-12:52:21,18) [cpuhp/0] (root,0,0,00:00:00/19-12:52:21,19) [cpuhp/1] (root,0,0,00:00:00/19-12:52:21,20) [idle_inject/1] (root,0,0,00:00:07/19-12:52:21,21) [migration/1] (root,0,0,00:00:31/19-12:52:21,22) [ksoftirqd/1] (root,0,0,00:00:00/19-12:52:21,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-12:52:21,25) [cpuhp/2] (root,0,0,00:00:00/19-12:52:21,26) [idle_inject/2] (root,0,0,00:00:06/19-12:52:21,27) [migration/2] (root,0,0,00:38:53/19-12:52:21,28) [ksoftirqd/2] (root,0,0,00:00:00/19-12:52:21,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-12:52:21,31) [cpuhp/3] (root,0,0,00:00:00/19-12:52:21,32) [idle_inject/3] (root,0,0,00:00:07/19-12:52:21,33) [migration/3] (root,0,0,00:01:48/19-12:52:21,34) [ksoftirqd/3] (root,0,0,00:00:00/19-12:52:21,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-12:52:21,39) [kdevtmpfs] (root,0,0,00:00:00/19-12:52:21,40) [netns] (root,0,0,00:00:00/19-12:52:21,41) [inet_frag_wq] (root,0,0,00:00:05/19-12:52:21,42) [kauditd] (root,0,0,00:00:00/19-12:52:21,43) [khungtaskd] (root,0,0,00:00:00/19-12:52:21,44) [oom_reaper] (root,0,0,00:00:00/19-12:52:21,45) [writeback] (root,0,0,00:00:56/19-12:52:21,46) [kcompactd0] (root,0,0,00:00:00/19-12:52:21,47) [ksmd] (root,0,0,00:00:57/19-12:52:21,48) [khugepaged] (root,0,0,00:00:00/19-12:52:21,74) [kintegrityd] (root,0,0,00:00:00/19-12:52:21,75) [kblockd] (root,0,0,00:00:00/19-12:52:21,76) [blkcg_punt_bio] (root,0,0,00:00:00/19-12:52:21,78) [tpm_dev_wq] (root,0,0,00:00:00/19-12:52:21,79) [edac-poller] (root,0,0,00:00:00/19-12:52:21,80) [devfreq_wq] (root,0,0,00:00:00/19-12:52:21,110) [watchdogd] (root,0,0,00:00:03/19-12:52:21,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/19-12:52:21,112) [kswapd0] (root,0,0,00:00:00/19-12:52:20,114) [kthrotld] (root,0,0,00:00:00/19-12:52:20,115) [mld] (root,0,0,00:00:00/19-12:52:20,116) [ipv6_addrconf] (root,0,0,00:00:08/19-12:52:20,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/19-12:52:20,122) [kstrp] (root,0,0,00:00:00/19-12:52:20,123) [zswap-shrink] (root,0,0,00:00:00/19-12:52:20,124) [kworker/u9:0] (root,0,0,00:00:00/19-12:52:20,129) [charger_manager] (root,0,0,00:00:04/19-12:52:19,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/19-12:52:19,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-12:52:19,205) [kaluad] (root,0,0,00:00:00/19-12:52:19,250) [kmpath_rdacd] (root,0,0,00:00:00/19-12:52:19,293) [kmpathd] (root,0,0,00:00:00/19-12:52:19,294) [kmpath_handlerd] (root,0,0,00:00:00/19-12:52:19,342) [ata_sff] (root,0,0,00:00:00/19-12:52:18,343) [scsi_eh_0] (root,0,0,00:00:00/19-12:52:18,344) [scsi_tmf_0] (root,0,0,00:00:00/19-12:52:18,345) [scsi_eh_1] (root,0,0,00:00:00/19-12:52:18,346) [scsi_tmf_1] (root,0,0,00:00:29/19-12:52:16,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-12:52:16,367) [ext4-rsv-conver] (root,38604,7876,00:00:29/19-12:52:04,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/19-12:52:03,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:29/19-12:52:01,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:10/19-12:51:27,512) /sbin/auditd (messagebus,22936,5672,00:00:58/19-12:51:27,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:33/19-12:51:27,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/19-12:51:27,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/19-12:51:26,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/19-12:51:26,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29812,00:00:22/19-12:51:12,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/19-12:51:12,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:48/19-12:51:11,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/19-12:51:11,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/19-12:51:11,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/19-12:51:11,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/19-12:51:11,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:28/19-12:51:11,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:39/19-12:51:11,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/19-12:51:11,1206) bpfilter_umh (root,26204,8300,00:00:09/19-12:51:11,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/19-12:51:11,1215) ntpd: asynchronous dns resolver (spot,284892,171800,1-01:00:41/19-12:51:11,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/19-12:51:10,1228) (sd-pam) (checkmk,48532,3192,00:00:00/19-12:51:10,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/19-12:51:10,1245) (sd-pam) (root,24216,5348,00:00:06/19-12:51:09,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/19-12:51:09,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/19-12:51:08,1354) /usr/sbin/cron -n (root,692836,75756,00:25:22/19-12:51:02,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,215488,53048,00:06:33/19-12:50:48,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/06:06,1389) [kworker/1:2-ata_sff] (root,0,0,00:00:00/01:06:08,3881) [kworker/0:0] (root,0,0,00:00:01/04:53:45,3898) [kworker/3:2-events] (root,0,0,00:00:00/01:24:59,5253) [kworker/u8:2-writeback] (root,0,0,00:00:00/48:01,5674) [kworker/3:1] (root,0,0,00:00:00/47:38,7240) [kworker/1:1-events] (root,0,0,00:00:00/00:56,14977) [kworker/1:0-ata_sff] (root,35308,10012,00:00:00/13-10:42:04,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:44/13-10:42:03,15391) sshd: cm-ssh (root,35308,10072,00:00:00/3-12:10:42,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:12/3-12:10:41,16977) sshd: syslogtunnel (root,0,0,00:00:00/04:04:00,17740) [kworker/u8:1-flush-253:0] (root,6656,3488,00:00:00/00:00,18688) /bin/bash /usr/bin/check_mk_agent (root,13744,3452,00:00:00/00:00,18706) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,18707) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:02/02:38:13,19370) [kworker/2:0-events] (root,0,0,00:00:00/10:31,21913) [kworker/2:2-events] (postfix,24244,8204,00:00:00/15:37,22577) pickup -l -t fifo -u (root,0,0,00:00:00/01:18:23,26126) [kworker/0:2-events] (postfix,44628,9416,00:00:00/13-17:27:49,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-01 23:14 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639c76d6f1Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:49/17-13:10:14,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-13:10:14,2) [kthreadd] (root,0,0,00:00:00/17-13:10:14,3) [rcu_gp] (root,0,0,00:00:00/17-13:10:14,4) [rcu_par_gp] (root,0,0,00:00:00/17-13:10:14,5) [slub_flushwq] (root,0,0,00:00:00/17-13:10:14,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-13:10:14,9) [mm_percpu_wq] (root,0,0,00:00:00/17-13:10:14,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-13:10:14,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-13:10:14,12) [rcu_tasks_trace] (root,0,0,00:00:32/17-13:10:14,13) [ksoftirqd/0] (root,0,0,00:46:58/17-13:10:14,14) [rcu_preempt] (root,0,0,00:00:06/17-13:10:14,15) [migration/0] (root,0,0,00:00:00/17-13:10:14,16) [idle_inject/0] (root,0,0,00:00:00/17-13:10:14,18) [cpuhp/0] (root,0,0,00:00:00/17-13:10:14,19) [cpuhp/1] (root,0,0,00:00:00/17-13:10:14,20) [idle_inject/1] (root,0,0,00:00:07/17-13:10:14,21) [migration/1] (root,0,0,00:00:28/17-13:10:14,22) [ksoftirqd/1] (root,0,0,00:00:00/17-13:10:14,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-13:10:14,25) [cpuhp/2] (root,0,0,00:00:00/17-13:10:14,26) [idle_inject/2] (root,0,0,00:00:05/17-13:10:14,27) [migration/2] (root,0,0,00:35:45/17-13:10:14,28) [ksoftirqd/2] (root,0,0,00:00:00/17-13:10:14,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-13:10:14,31) [cpuhp/3] (root,0,0,00:00:00/17-13:10:14,32) [idle_inject/3] (root,0,0,00:00:06/17-13:10:14,33) [migration/3] (root,0,0,00:01:39/17-13:10:14,34) [ksoftirqd/3] (root,0,0,00:00:00/17-13:10:14,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-13:10:14,39) [kdevtmpfs] (root,0,0,00:00:00/17-13:10:14,40) [netns] (root,0,0,00:00:00/17-13:10:14,41) [inet_frag_wq] (root,0,0,00:00:04/17-13:10:14,42) [kauditd] (root,0,0,00:00:00/17-13:10:14,43) [khungtaskd] (root,0,0,00:00:00/17-13:10:14,44) [oom_reaper] (root,0,0,00:00:00/17-13:10:14,45) [writeback] (root,0,0,00:00:51/17-13:10:14,46) [kcompactd0] (root,0,0,00:00:00/17-13:10:14,47) [ksmd] (root,0,0,00:00:51/17-13:10:14,48) [khugepaged] (root,0,0,00:00:00/17-13:10:14,74) [kintegrityd] (root,0,0,00:00:00/17-13:10:14,75) [kblockd] (root,0,0,00:00:00/17-13:10:14,76) [blkcg_punt_bio] (root,0,0,00:00:00/17-13:10:14,78) [tpm_dev_wq] (root,0,0,00:00:00/17-13:10:14,79) [edac-poller] (root,0,0,00:00:00/17-13:10:14,80) [devfreq_wq] (root,0,0,00:00:00/17-13:10:14,110) [watchdogd] (root,0,0,00:00:03/17-13:10:14,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/17-13:10:14,112) [kswapd0] (root,0,0,00:00:00/17-13:10:13,114) [kthrotld] (root,0,0,00:00:00/17-13:10:13,115) [mld] (root,0,0,00:00:00/17-13:10:13,116) [ipv6_addrconf] (root,0,0,00:00:07/17-13:10:13,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/17-13:10:13,122) [kstrp] (root,0,0,00:00:00/17-13:10:13,123) [zswap-shrink] (root,0,0,00:00:00/17-13:10:13,124) [kworker/u9:0] (root,0,0,00:00:00/17-13:10:13,129) [charger_manager] (root,0,0,00:00:03/17-13:10:12,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/17-13:10:12,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-13:10:12,205) [kaluad] (root,0,0,00:00:00/17-13:10:12,250) [kmpath_rdacd] (root,0,0,00:00:00/17-13:10:12,293) [kmpathd] (root,0,0,00:00:00/17-13:10:12,294) [kmpath_handlerd] (root,0,0,00:00:00/17-13:10:12,342) [ata_sff] (root,0,0,00:00:00/17-13:10:11,343) [scsi_eh_0] (root,0,0,00:00:00/17-13:10:11,344) [scsi_tmf_0] (root,0,0,00:00:00/17-13:10:11,345) [scsi_eh_1] (root,0,0,00:00:00/17-13:10:11,346) [scsi_tmf_1] (root,0,0,00:00:26/17-13:10:09,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-13:10:09,367) [ext4-rsv-conver] (root,38604,7876,00:00:27/17-13:09:57,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/17-13:09:56,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:26/17-13:09:54,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:10/17-13:09:20,512) /sbin/auditd (messagebus,22936,5672,00:00:54/17-13:09:20,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:31/17-13:09:20,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/17-13:09:20,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/17-13:09:19,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/17-13:09:19,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,29016,00:00:19/17-13:09:05,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/17-13:09:05,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:36/17-13:09:04,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/17-13:09:04,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/17-13:09:04,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/17-13:09:04,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/17-13:09:04,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:26/17-13:09:04,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:22/17-13:09:04,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/17-13:09:04,1206) bpfilter_umh (root,26204,8300,00:00:08/17-13:09:04,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/17-13:09:04,1215) ntpd: asynchronous dns resolver (spot,285516,171956,23:04:48/17-13:09:04,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/17-13:09:03,1228) (sd-pam) (checkmk,48532,3192,00:00:00/17-13:09:03,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/17-13:09:03,1245) (sd-pam) (root,24216,5348,00:00:05/17-13:09:02,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/17-13:09:02,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/17-13:09:01,1354) /usr/sbin/cron -n (root,692236,75412,00:22:47/17-13:08:55,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,214464,51012,00:05:52/17-13:08:41,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:03/02:26:59,3299) [kworker/2:0-events] (root,0,0,00:00:00/36:26,6422) [kworker/0:2-events] (root,0,0,00:00:00/08:28,9703) [kworker/1:0-ata_sff] (postfix,24244,8240,00:00:00/55:22,9878) pickup -l -t fifo -u (root,0,0,00:00:00/03:16,12034) [kworker/1:1-ata_sff] (root,35308,10012,00:00:00/11-10:59:57,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:38/11-10:59:56,15391) sshd: cm-ssh (root,35308,10072,00:00:00/1-12:28:35,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:05/1-12:28:34,16977) sshd: syslogtunnel (root,0,0,00:00:00/24:00,19748) [kworker/2:2-events] (root,0,0,00:00:02/04:53:49,19752) [kworker/1:2-events] (root,0,0,00:00:00/01:27:21,19953) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:01/04:11:33,24312) [kworker/0:0-events] (root,0,0,00:00:00/07:15:20,28658) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/05:43,29069) [kworker/3:2] (postfix,44628,9416,00:00:00/11-17:45:42,30472) tlsmgr -l -t unix -u (root,6656,3492,00:00:00/00:00,31635) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,31655) /bin/bash /usr/bin/check_mk_agent (root,6656,1952,00:00:00/00:00,31683) /bin/bash /usr/bin/check_mk_agent (root,13744,3496,00:00:00/00:00,31685) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,31686) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/02:57:23,32305) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-29 23:32 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633420ebd6Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:45/15-13:29:56,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-13:29:56,2) [kthreadd] (root,0,0,00:00:00/15-13:29:56,3) [rcu_gp] (root,0,0,00:00:00/15-13:29:56,4) [rcu_par_gp] (root,0,0,00:00:00/15-13:29:56,5) [slub_flushwq] (root,0,0,00:00:00/15-13:29:56,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-13:29:56,9) [mm_percpu_wq] (root,0,0,00:00:00/15-13:29:56,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-13:29:56,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-13:29:56,12) [rcu_tasks_trace] (root,0,0,00:00:29/15-13:29:56,13) [ksoftirqd/0] (root,0,0,00:41:46/15-13:29:56,14) [rcu_preempt] (root,0,0,00:00:05/15-13:29:56,15) [migration/0] (root,0,0,00:00:00/15-13:29:56,16) [idle_inject/0] (root,0,0,00:00:00/15-13:29:56,18) [cpuhp/0] (root,0,0,00:00:00/15-13:29:56,19) [cpuhp/1] (root,0,0,00:00:00/15-13:29:56,20) [idle_inject/1] (root,0,0,00:00:06/15-13:29:56,21) [migration/1] (root,0,0,00:00:25/15-13:29:56,22) [ksoftirqd/1] (root,0,0,00:00:00/15-13:29:56,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-13:29:56,25) [cpuhp/2] (root,0,0,00:00:00/15-13:29:56,26) [idle_inject/2] (root,0,0,00:00:05/15-13:29:56,27) [migration/2] (root,0,0,00:32:18/15-13:29:56,28) [ksoftirqd/2] (root,0,0,00:00:00/15-13:29:56,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-13:29:56,31) [cpuhp/3] (root,0,0,00:00:00/15-13:29:56,32) [idle_inject/3] (root,0,0,00:00:05/15-13:29:56,33) [migration/3] (root,0,0,00:01:29/15-13:29:56,34) [ksoftirqd/3] (root,0,0,00:00:00/15-13:29:56,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-13:29:56,39) [kdevtmpfs] (root,0,0,00:00:00/15-13:29:56,40) [netns] (root,0,0,00:00:00/15-13:29:56,41) [inet_frag_wq] (root,0,0,00:00:04/15-13:29:56,42) [kauditd] (root,0,0,00:00:00/15-13:29:56,43) [khungtaskd] (root,0,0,00:00:00/15-13:29:56,44) [oom_reaper] (root,0,0,00:00:00/15-13:29:56,45) [writeback] (root,0,0,00:00:46/15-13:29:56,46) [kcompactd0] (root,0,0,00:00:00/15-13:29:56,47) [ksmd] (root,0,0,00:00:46/15-13:29:56,48) [khugepaged] (root,0,0,00:00:00/15-13:29:56,74) [kintegrityd] (root,0,0,00:00:00/15-13:29:56,75) [kblockd] (root,0,0,00:00:00/15-13:29:56,76) [blkcg_punt_bio] (root,0,0,00:00:00/15-13:29:56,78) [tpm_dev_wq] (root,0,0,00:00:00/15-13:29:56,79) [edac-poller] (root,0,0,00:00:00/15-13:29:56,80) [devfreq_wq] (root,0,0,00:00:00/15-13:29:56,110) [watchdogd] (root,0,0,00:00:03/15-13:29:56,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/15-13:29:56,112) [kswapd0] (root,0,0,00:00:00/15-13:29:55,114) [kthrotld] (root,0,0,00:00:00/15-13:29:55,115) [mld] (root,0,0,00:00:00/15-13:29:55,116) [ipv6_addrconf] (root,0,0,00:00:06/15-13:29:55,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/15-13:29:55,122) [kstrp] (root,0,0,00:00:00/15-13:29:55,123) [zswap-shrink] (root,0,0,00:00:00/15-13:29:55,124) [kworker/u9:0] (root,0,0,00:00:00/15-13:29:55,129) [charger_manager] (root,0,0,00:00:03/15-13:29:54,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/15-13:29:54,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-13:29:54,205) [kaluad] (root,0,0,00:00:00/15-13:29:54,250) [kmpath_rdacd] (root,0,0,00:00:00/15-13:29:54,293) [kmpathd] (root,0,0,00:00:00/15-13:29:54,294) [kmpath_handlerd] (root,0,0,00:00:00/15-13:29:54,342) [ata_sff] (root,0,0,00:00:00/15-13:29:53,343) [scsi_eh_0] (root,0,0,00:00:00/15-13:29:53,344) [scsi_tmf_0] (root,0,0,00:00:00/15-13:29:53,345) [scsi_eh_1] (root,0,0,00:00:00/15-13:29:53,346) [scsi_tmf_1] (root,0,0,00:00:23/15-13:29:51,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-13:29:51,367) [ext4-rsv-conver] (root,38604,7876,00:00:24/15-13:29:39,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/15-13:29:38,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:23/15-13:29:36,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:09/15-13:29:02,512) /sbin/auditd (messagebus,22936,5672,00:00:49/15-13:29:02,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:28/15-13:29:02,531) /usr/lib/systemd/systemd-logind (root,0,0,00:00:00/33:33,539) [kworker/0:2] (root,20556,5140,00:00:00/15-13:29:02,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/15-13:29:01,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/15-13:29:01,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27976,00:00:17/15-13:28:47,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/15-13:28:47,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:24/15-13:28:46,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/15-13:28:46,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/15-13:28:46,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/15-13:28:46,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/15-13:28:46,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:24/15-13:28:46,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:06/15-13:28:46,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/15-13:28:46,1206) bpfilter_umh (root,26204,8300,00:00:07/15-13:28:46,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/15-13:28:46,1215) ntpd: asynchronous dns resolver (spot,285124,171300,20:55:48/15-13:28:46,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/15-13:28:45,1228) (sd-pam) (checkmk,48532,3192,00:00:00/15-13:28:45,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/15-13:28:45,1245) (sd-pam) (root,24216,5348,00:00:05/15-13:28:44,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/15-13:28:44,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/15-13:28:43,1354) /usr/sbin/cron -n (root,691980,74872,00:20:09/15-13:28:37,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,213440,49184,00:05:10/15-13:28:23,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/05:31,3353) [kworker/1:0-ata_sff] (postfix,24244,8220,00:00:00/01:37:09,7356) pickup -l -t fifo -u (root,35308,10012,00:00:00/8-05:24:50,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:29/8-05:24:50,8749) sshd: syslogtunnel (root,0,0,00:00:00/22:14,10498) [kworker/3:0-events] (root,0,0,00:00:00/44:52,10640) [kworker/2:2-mm_percpu_wq] (root,0,0,00:00:00/16:37,12886) [kworker/2:0] (root,35308,10012,00:00:00/9-11:19:39,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:31/9-11:19:38,15391) sshd: cm-ssh (root,0,0,00:00:00/21:07,16028) [kworker/1:1-events] (root,0,0,00:00:00/00:21,23211) [kworker/1:2-ata_sff] (root,6656,3504,00:00:00/00:00,23954) /bin/bash /usr/bin/check_mk_agent (root,6656,3480,00:00:00/00:00,24023) /bin/bash /usr/bin/check_mk_agent (root,6292,3084,00:00:00/00:00,24054) /bin/bash (root,13744,3372,00:00:00/00:00,24057) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,24058) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,6292,2148,00:00:00/00:00,24059) /bin/bash (root,11644,952,00:00:00/00:00,24060) sed -e 1,2d -e s/^\(.\)/\1 / -e s/^ /%/ (root,2728,860,00:00:00/00:00,24061) timeout 5 ntpq -np (root,0,0,00:00:00/26:36,26061) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/56:02,26890) [kworker/0:1-events] (postfix,44628,9416,00:00:00/9-18:05:24,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/51:13,30764) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:01/05:19:14,31041) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-27 23:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836396ebd409Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:40/13-13:52:55,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-13:52:55,2) [kthreadd] (root,0,0,00:00:00/13-13:52:55,3) [rcu_gp] (root,0,0,00:00:00/13-13:52:55,4) [rcu_par_gp] (root,0,0,00:00:00/13-13:52:55,5) [slub_flushwq] (root,0,0,00:00:00/13-13:52:55,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-13:52:55,9) [mm_percpu_wq] (root,0,0,00:00:00/13-13:52:55,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-13:52:55,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-13:52:55,12) [rcu_tasks_trace] (root,0,0,00:00:25/13-13:52:55,13) [ksoftirqd/0] (root,0,0,00:36:35/13-13:52:55,14) [rcu_preempt] (root,0,0,00:00:05/13-13:52:55,15) [migration/0] (root,0,0,00:00:00/13-13:52:55,16) [idle_inject/0] (root,0,0,00:00:00/13-13:52:55,18) [cpuhp/0] (root,0,0,00:00:00/13-13:52:55,19) [cpuhp/1] (root,0,0,00:00:00/13-13:52:55,20) [idle_inject/1] (root,0,0,00:00:05/13-13:52:55,21) [migration/1] (root,0,0,00:00:22/13-13:52:55,22) [ksoftirqd/1] (root,0,0,00:00:00/13-13:52:55,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-13:52:55,25) [cpuhp/2] (root,0,0,00:00:00/13-13:52:55,26) [idle_inject/2] (root,0,0,00:00:04/13-13:52:55,27) [migration/2] (root,0,0,00:28:51/13-13:52:55,28) [ksoftirqd/2] (root,0,0,00:00:00/13-13:52:55,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-13:52:55,31) [cpuhp/3] (root,0,0,00:00:00/13-13:52:55,32) [idle_inject/3] (root,0,0,00:00:05/13-13:52:55,33) [migration/3] (root,0,0,00:01:19/13-13:52:55,34) [ksoftirqd/3] (root,0,0,00:00:00/13-13:52:55,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-13:52:55,39) [kdevtmpfs] (root,0,0,00:00:00/13-13:52:55,40) [netns] (root,0,0,00:00:00/13-13:52:55,41) [inet_frag_wq] (root,0,0,00:00:04/13-13:52:55,42) [kauditd] (root,0,0,00:00:00/13-13:52:55,43) [khungtaskd] (root,0,0,00:00:00/13-13:52:55,44) [oom_reaper] (root,0,0,00:00:00/13-13:52:55,45) [writeback] (root,0,0,00:00:40/13-13:52:55,46) [kcompactd0] (root,0,0,00:00:00/13-13:52:55,47) [ksmd] (root,0,0,00:00:40/13-13:52:55,48) [khugepaged] (root,0,0,00:00:00/13-13:52:55,74) [kintegrityd] (root,0,0,00:00:00/13-13:52:55,75) [kblockd] (root,0,0,00:00:00/13-13:52:55,76) [blkcg_punt_bio] (root,0,0,00:00:00/13-13:52:55,78) [tpm_dev_wq] (root,0,0,00:00:00/13-13:52:55,79) [edac-poller] (root,0,0,00:00:00/13-13:52:55,80) [devfreq_wq] (root,0,0,00:00:00/13-13:52:55,110) [watchdogd] (root,0,0,00:00:02/13-13:52:55,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/13-13:52:55,112) [kswapd0] (root,0,0,00:00:00/13-13:52:54,114) [kthrotld] (root,0,0,00:00:00/13-13:52:54,115) [mld] (root,0,0,00:00:00/13-13:52:54,116) [ipv6_addrconf] (root,0,0,00:00:05/13-13:52:54,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/13-13:52:54,122) [kstrp] (root,0,0,00:00:00/13-13:52:54,123) [zswap-shrink] (root,0,0,00:00:00/13-13:52:54,124) [kworker/u9:0] (root,0,0,00:00:00/13-13:52:54,129) [charger_manager] (root,0,0,00:00:02/13-13:52:53,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/13-13:52:53,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-13:52:53,205) [kaluad] (root,0,0,00:00:00/13-13:52:53,250) [kmpath_rdacd] (root,0,0,00:00:00/13-13:52:53,293) [kmpathd] (root,0,0,00:00:00/13-13:52:53,294) [kmpath_handlerd] (root,0,0,00:00:00/13-13:52:53,342) [ata_sff] (root,0,0,00:00:00/13-13:52:52,343) [scsi_eh_0] (root,0,0,00:00:00/13-13:52:52,344) [scsi_tmf_0] (root,0,0,00:00:00/13-13:52:52,345) [scsi_eh_1] (root,0,0,00:00:00/13-13:52:52,346) [scsi_tmf_1] (root,0,0,00:00:20/13-13:52:50,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-13:52:50,367) [ext4-rsv-conver] (root,38604,7876,00:00:22/13-13:52:38,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/13-13:52:37,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:20/13-13:52:35,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:08/13-13:52:01,512) /sbin/auditd (messagebus,22936,5672,00:00:45/13-13:52:01,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8536,00:00:25/13-13:52:01,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/13-13:52:01,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/13-13:52:00,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/13-13:52:00,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27716,00:00:15/13-13:51:46,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/13-13:51:46,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:12/13-13:51:45,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/13-13:51:45,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/13-13:51:45,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/13-13:51:45,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/13-13:51:45,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:21/13-13:51:45,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:01:50/13-13:51:45,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/13-13:51:45,1206) bpfilter_umh (root,26204,8300,00:00:07/13-13:51:45,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/13-13:51:45,1215) ntpd: asynchronous dns resolver (spot,286596,171596,18:13:52/13-13:51:45,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/13-13:51:44,1228) (sd-pam) (checkmk,48532,3192,00:00:00/13-13:51:44,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/13-13:51:44,1245) (sd-pam) (root,24216,5348,00:00:04/13-13:51:43,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/13-13:51:43,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/13-13:51:42,1354) /usr/sbin/cron -n (root,691980,74552,00:17:33/13-13:51:36,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,47904,00:04:29/13-13:51:22,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/30:56,2659) [kworker/2:0-events] (root,0,0,00:00:00/12:10,3454) [kworker/1:1-events] (root,0,0,00:00:04/03:49:33,4939) [kworker/2:2-events] (root,35308,10012,00:00:00/6-05:47:49,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:22/6-05:47:49,8749) sshd: syslogtunnel (root,0,0,00:00:00/01:47,10657) [kworker/1:0-ata_sff] (root,0,0,00:00:00/35:56,13988) [kworker/0:0-events] (root,35308,10012,00:00:00/7-11:42:38,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:25/7-11:42:37,15391) sshd: cm-ssh (root,6656,3484,00:00:00/00:00,17502) /bin/bash /usr/bin/check_mk_agent (root,13744,3420,00:00:00/00:00,17520) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,17521) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8212,00:00:00/41:57,19097) pickup -l -t fifo -u (root,0,0,00:00:00/56:23,23451) [kworker/3:1-events] (root,0,0,00:00:00/07:00,24026) [kworker/1:2-ata_sff] (root,0,0,00:00:00/01:26:43,24348) [kworker/u8:1-ext4-rsv-conversion] (postfix,44628,9416,00:00:00/7-18:28:23,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/46:10,31001) [kworker/0:2-events] (root,0,0,00:00:00/14:33,31497) [kworker/u8:2-flush-253:0] (root,0,0,00:00:01/04:20:13,31777) [kworker/3:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-26 00:15 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683632f700ac7Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:35/11-12:57:30,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-12:57:30,2) [kthreadd] (root,0,0,00:00:00/11-12:57:30,3) [rcu_gp] (root,0,0,00:00:00/11-12:57:30,4) [rcu_par_gp] (root,0,0,00:00:00/11-12:57:30,5) [slub_flushwq] (root,0,0,00:00:00/11-12:57:30,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-12:57:30,9) [mm_percpu_wq] (root,0,0,00:00:00/11-12:57:30,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-12:57:30,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-12:57:30,12) [rcu_tasks_trace] (root,0,0,00:00:20/11-12:57:30,13) [ksoftirqd/0] (root,0,0,00:30:43/11-12:57:30,14) [rcu_preempt] (root,0,0,00:00:04/11-12:57:30,15) [migration/0] (root,0,0,00:00:00/11-12:57:30,16) [idle_inject/0] (root,0,0,00:00:00/11-12:57:30,18) [cpuhp/0] (root,0,0,00:00:00/11-12:57:30,19) [cpuhp/1] (root,0,0,00:00:00/11-12:57:30,20) [idle_inject/1] (root,0,0,00:00:04/11-12:57:30,21) [migration/1] (root,0,0,00:00:17/11-12:57:30,22) [ksoftirqd/1] (root,0,0,00:00:00/11-12:57:30,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-12:57:30,25) [cpuhp/2] (root,0,0,00:00:00/11-12:57:30,26) [idle_inject/2] (root,0,0,00:00:03/11-12:57:30,27) [migration/2] (root,0,0,00:24:10/11-12:57:30,28) [ksoftirqd/2] (root,0,0,00:00:00/11-12:57:30,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-12:57:30,31) [cpuhp/3] (root,0,0,00:00:00/11-12:57:30,32) [idle_inject/3] (root,0,0,00:00:04/11-12:57:30,33) [migration/3] (root,0,0,00:01:05/11-12:57:30,34) [ksoftirqd/3] (root,0,0,00:00:00/11-12:57:30,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-12:57:30,39) [kdevtmpfs] (root,0,0,00:00:00/11-12:57:30,40) [netns] (root,0,0,00:00:00/11-12:57:30,41) [inet_frag_wq] (root,0,0,00:00:03/11-12:57:30,42) [kauditd] (root,0,0,00:00:00/11-12:57:30,43) [khungtaskd] (root,0,0,00:00:00/11-12:57:30,44) [oom_reaper] (root,0,0,00:00:00/11-12:57:30,45) [writeback] (root,0,0,00:00:33/11-12:57:30,46) [kcompactd0] (root,0,0,00:00:00/11-12:57:30,47) [ksmd] (root,0,0,00:00:34/11-12:57:30,48) [khugepaged] (root,0,0,00:00:00/11-12:57:30,74) [kintegrityd] (root,0,0,00:00:00/11-12:57:30,75) [kblockd] (root,0,0,00:00:00/11-12:57:30,76) [blkcg_punt_bio] (root,0,0,00:00:00/11-12:57:30,78) [tpm_dev_wq] (root,0,0,00:00:00/11-12:57:30,79) [edac-poller] (root,0,0,00:00:00/11-12:57:30,80) [devfreq_wq] (root,0,0,00:00:00/11-12:57:30,110) [watchdogd] (root,0,0,00:00:02/11-12:57:30,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-12:57:30,112) [kswapd0] (root,0,0,00:00:00/11-12:57:29,114) [kthrotld] (root,0,0,00:00:00/11-12:57:29,115) [mld] (root,0,0,00:00:00/11-12:57:29,116) [ipv6_addrconf] (root,0,0,00:00:04/11-12:57:29,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/11-12:57:29,122) [kstrp] (root,0,0,00:00:00/11-12:57:29,123) [zswap-shrink] (root,0,0,00:00:00/11-12:57:29,124) [kworker/u9:0] (root,0,0,00:00:00/11-12:57:29,129) [charger_manager] (root,0,0,00:00:02/11-12:57:28,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/11-12:57:28,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-12:57:28,205) [kaluad] (root,0,0,00:00:00/11-12:57:28,250) [kmpath_rdacd] (root,0,0,00:00:00/11-12:57:28,293) [kmpathd] (root,0,0,00:00:00/11-12:57:28,294) [kmpath_handlerd] (root,0,0,00:00:00/11-12:57:28,342) [ata_sff] (root,0,0,00:00:00/11-12:57:27,343) [scsi_eh_0] (root,0,0,00:00:00/11-12:57:27,344) [scsi_tmf_0] (root,0,0,00:00:00/11-12:57:27,345) [scsi_eh_1] (root,0,0,00:00:00/11-12:57:27,346) [scsi_tmf_1] (root,0,0,00:00:17/11-12:57:25,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-12:57:25,367) [ext4-rsv-conver] (root,38604,7900,00:00:19/11-12:57:13,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/11-12:57:12,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:17/11-12:57:10,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:07/11-12:56:36,512) /sbin/auditd (messagebus,22936,5672,00:00:39/11-12:56:36,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8548,00:00:22/11-12:56:36,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/11-12:56:36,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/11-12:56:35,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/11-12:56:35,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,6656,3484,00:00:00/00:00,831) /bin/bash /usr/bin/check_mk_agent (root,13744,3436,00:00:00/00:00,849) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,850) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,547848,27724,00:00:13/11-12:56:21,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/11-12:56:21,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:00/11-12:56:20,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/11-12:56:20,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/11-12:56:20,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/11-12:56:20,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/11-12:56:20,1201) /usr/lib/systemd/systemd --user (root,448968,9084,00:00:18/11-12:56:20,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:32/11-12:56:20,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/11-12:56:20,1206) bpfilter_umh (root,26204,8300,00:00:06/11-12:56:20,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/11-12:56:20,1215) ntpd: asynchronous dns resolver (spot,285364,171284,14:18:35/11-12:56:20,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/11-12:56:19,1228) (sd-pam) (checkmk,48532,3192,00:00:00/11-12:56:19,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/11-12:56:19,1245) (sd-pam) (root,24216,5348,00:00:03/11-12:56:18,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/11-12:56:18,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/11-12:56:17,1354) /usr/sbin/cron -n (root,691724,74148,00:14:51/11-12:56:11,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,211392,46608,00:03:46/11-12:55:57,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/08:56,3737) [kworker/1:2-ata_sff] (root,0,0,00:00:00/10:19:39,4619) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/01:00:46,6242) [kworker/3:1] (postfix,24244,8200,00:00:00/07:12,7853) pickup -l -t fifo -u (root,35308,10012,00:00:00/4-04:52:24,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:15/4-04:52:24,8749) sshd: syslogtunnel (root,0,0,00:00:00/01:29:25,9247) [kworker/0:1-events] (root,0,0,00:00:00/27:59,11036) [kworker/2:1-events] (root,35308,10012,00:00:00/5-10:47:13,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:18/5-10:47:12,15391) sshd: cm-ssh (root,0,0,00:00:00/02:22:43,16718) [kworker/2:2-events] (root,0,0,00:00:00/03:46,18508) [kworker/1:0-ata_sff] (root,0,0,00:00:00/02:01:49,18633) [kworker/3:2-events] (root,0,0,00:00:02/03:05:20,21671) [kworker/1:1-events_freezable_power_] (root,0,0,00:00:00/01:06,27030) [kworker/2:0-events] (root,0,0,00:00:00/32:07,30297) [kworker/0:2-events] (postfix,44628,9464,00:00:00/5-17:32:58,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:38:36,31970) [kworker/u8:2-flush-253:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-23 23:19 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f870dd5aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:30/9-13:30:53,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-13:30:53,2) [kthreadd] (root,0,0,00:00:00/9-13:30:53,3) [rcu_gp] (root,0,0,00:00:00/9-13:30:53,4) [rcu_par_gp] (root,0,0,00:00:00/9-13:30:53,5) [slub_flushwq] (root,0,0,00:00:00/9-13:30:53,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-13:30:53,9) [mm_percpu_wq] (root,0,0,00:00:00/9-13:30:53,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-13:30:53,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-13:30:53,12) [rcu_tasks_trace] (root,0,0,00:00:16/9-13:30:53,13) [ksoftirqd/0] (root,0,0,00:25:19/9-13:30:53,14) [rcu_preempt] (root,0,0,00:00:03/9-13:30:53,15) [migration/0] (root,0,0,00:00:00/9-13:30:53,16) [idle_inject/0] (root,0,0,00:00:00/9-13:30:53,18) [cpuhp/0] (root,0,0,00:00:00/9-13:30:53,19) [cpuhp/1] (root,0,0,00:00:00/9-13:30:53,20) [idle_inject/1] (root,0,0,00:00:03/9-13:30:53,21) [migration/1] (root,0,0,00:00:14/9-13:30:53,22) [ksoftirqd/1] (root,0,0,00:00:00/9-13:30:53,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-13:30:53,25) [cpuhp/2] (root,0,0,00:00:00/9-13:30:53,26) [idle_inject/2] (root,0,0,00:00:03/9-13:30:53,27) [migration/2] (root,0,0,00:20:19/9-13:30:53,28) [ksoftirqd/2] (root,0,0,00:00:00/9-13:30:53,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-13:30:53,31) [cpuhp/3] (root,0,0,00:00:00/9-13:30:53,32) [idle_inject/3] (root,0,0,00:00:03/9-13:30:53,33) [migration/3] (root,0,0,00:00:54/9-13:30:53,34) [ksoftirqd/3] (root,0,0,00:00:00/9-13:30:53,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-13:30:53,39) [kdevtmpfs] (root,0,0,00:00:00/9-13:30:53,40) [netns] (root,0,0,00:00:00/9-13:30:53,41) [inet_frag_wq] (root,0,0,00:00:03/9-13:30:53,42) [kauditd] (root,0,0,00:00:00/9-13:30:53,43) [khungtaskd] (root,0,0,00:00:00/9-13:30:53,44) [oom_reaper] (root,0,0,00:00:00/9-13:30:53,45) [writeback] (root,0,0,00:00:27/9-13:30:53,46) [kcompactd0] (root,0,0,00:00:00/9-13:30:53,47) [ksmd] (root,0,0,00:00:29/9-13:30:53,48) [khugepaged] (root,0,0,00:00:00/9-13:30:53,74) [kintegrityd] (root,0,0,00:00:00/9-13:30:53,75) [kblockd] (root,0,0,00:00:00/9-13:30:53,76) [blkcg_punt_bio] (root,0,0,00:00:00/9-13:30:53,78) [tpm_dev_wq] (root,0,0,00:00:00/9-13:30:53,79) [edac-poller] (root,0,0,00:00:00/9-13:30:53,80) [devfreq_wq] (root,0,0,00:00:00/9-13:30:53,110) [watchdogd] (root,0,0,00:00:01/9-13:30:53,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-13:30:53,112) [kswapd0] (root,0,0,00:00:00/9-13:30:52,114) [kthrotld] (root,0,0,00:00:00/9-13:30:52,115) [mld] (root,0,0,00:00:00/9-13:30:52,116) [ipv6_addrconf] (root,0,0,00:00:04/9-13:30:52,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/9-13:30:52,122) [kstrp] (root,0,0,00:00:00/9-13:30:52,123) [zswap-shrink] (root,0,0,00:00:00/9-13:30:52,124) [kworker/u9:0] (root,0,0,00:00:00/9-13:30:52,129) [charger_manager] (root,0,0,00:00:02/9-13:30:51,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/9-13:30:51,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-13:30:51,205) [kaluad] (root,0,0,00:00:00/9-13:30:51,250) [kmpath_rdacd] (root,0,0,00:00:00/9-13:30:51,293) [kmpathd] (root,0,0,00:00:00/9-13:30:51,294) [kmpath_handlerd] (root,0,0,00:00:00/9-13:30:51,342) [ata_sff] (root,0,0,00:00:00/9-13:30:50,343) [scsi_eh_0] (root,0,0,00:00:00/9-13:30:50,344) [scsi_tmf_0] (root,0,0,00:00:00/9-13:30:50,345) [scsi_eh_1] (root,0,0,00:00:00/9-13:30:50,346) [scsi_tmf_1] (root,0,0,00:00:14/9-13:30:48,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-13:30:48,367) [ext4-rsv-conver] (root,38604,7900,00:00:16/9-13:30:36,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/9-13:30:35,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:14/9-13:30:33,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:06/9-13:29:59,512) /sbin/auditd (messagebus,22936,5672,00:00:33/9-13:29:59,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:19/9-13:29:59,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/9-13:29:59,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/9-13:29:58,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/9-13:29:58,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,26656,00:00:11/9-13:29:44,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/9-13:29:44,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:50/9-13:29:43,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/9-13:29:43,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/9-13:29:43,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/9-13:29:43,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/9-13:29:43,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:16/9-13:29:43,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:16/9-13:29:43,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/9-13:29:43,1206) bpfilter_umh (root,26204,8300,00:00:05/9-13:29:43,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/9-13:29:43,1215) ntpd: asynchronous dns resolver (spot,282756,169192,11:11:27/9-13:29:43,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/9-13:29:42,1228) (sd-pam) (checkmk,48532,3192,00:00:00/9-13:29:42,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/9-13:29:42,1245) (sd-pam) (root,24216,5348,00:00:02/9-13:29:41,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/9-13:29:41,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/9-13:29:40,1354) /usr/sbin/cron -n (root,691336,73820,00:12:18/9-13:29:34,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,210368,45328,00:03:06/9-13:29:20,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:04/04:58:00,2819) [kworker/2:2-events] (root,0,0,00:00:00/59:18,6061) [kworker/1:0-events] (root,0,0,00:00:00/03:06,8026) [kworker/2:0] (root,35308,10012,00:00:00/2-05:25:47,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:08/2-05:25:47,8749) sshd: syslogtunnel (root,0,0,00:00:00/02:13,11619) [kworker/1:1-ata_sff] (root,0,0,00:00:00/32:20,12858) [kworker/3:2] (root,35308,10012,00:00:00/3-11:20:36,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:11/3-11:20:35,15391) sshd: cm-ssh (root,0,0,00:00:00/52:55,15939) [kworker/2:1-events] (root,0,0,00:00:00/52:22,16117) [kworker/u8:0-writeback] (root,0,0,00:00:00/02:45:58,22141) [kworker/3:0-mm_percpu_wq] (root,0,0,00:00:00/40:51,22486) [kworker/u8:1] (root,6656,3488,00:00:00/00:00,22538) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,22556) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,22557) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:41:54,25498) [kworker/0:1-events] (root,0,0,00:00:00/08:03,26656) [kworker/0:2-events] (postfix,24244,8308,00:00:00/01:02:28,28263) pickup -l -t fifo -u (root,0,0,00:00:00/07:25,28459) [kworker/1:2-ata_sff] (postfix,44628,9464,00:00:00/3-18:06:21,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-21 23:53 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836370064b6aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:24/7-12:29:10,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-12:29:10,2) [kthreadd] (root,0,0,00:00:00/7-12:29:10,3) [rcu_gp] (root,0,0,00:00:00/7-12:29:10,4) [rcu_par_gp] (root,0,0,00:00:00/7-12:29:10,5) [slub_flushwq] (root,0,0,00:00:00/7-12:29:10,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-12:29:10,9) [mm_percpu_wq] (root,0,0,00:00:00/7-12:29:10,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-12:29:10,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-12:29:10,12) [rcu_tasks_trace] (root,0,0,00:00:13/7-12:29:10,13) [ksoftirqd/0] (root,0,0,00:19:46/7-12:29:10,14) [rcu_preempt] (root,0,0,00:00:02/7-12:29:10,15) [migration/0] (root,0,0,00:00:00/7-12:29:10,16) [idle_inject/0] (root,0,0,00:00:00/7-12:29:10,18) [cpuhp/0] (root,0,0,00:00:00/7-12:29:10,19) [cpuhp/1] (root,0,0,00:00:00/7-12:29:10,20) [idle_inject/1] (root,0,0,00:00:03/7-12:29:10,21) [migration/1] (root,0,0,00:00:11/7-12:29:10,22) [ksoftirqd/1] (root,0,0,00:00:00/7-12:29:10,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-12:29:10,25) [cpuhp/2] (root,0,0,00:00:00/7-12:29:10,26) [idle_inject/2] (root,0,0,00:00:02/7-12:29:10,27) [migration/2] (root,0,0,00:15:53/7-12:29:10,28) [ksoftirqd/2] (root,0,0,00:00:00/7-12:29:10,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-12:29:10,31) [cpuhp/3] (root,0,0,00:00:00/7-12:29:10,32) [idle_inject/3] (root,0,0,00:00:03/7-12:29:10,33) [migration/3] (root,0,0,00:00:42/7-12:29:10,34) [ksoftirqd/3] (root,0,0,00:00:00/7-12:29:10,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-12:29:10,39) [kdevtmpfs] (root,0,0,00:00:00/7-12:29:10,40) [netns] (root,0,0,00:00:00/7-12:29:10,41) [inet_frag_wq] (root,0,0,00:00:02/7-12:29:10,42) [kauditd] (root,0,0,00:00:00/7-12:29:10,43) [khungtaskd] (root,0,0,00:00:00/7-12:29:10,44) [oom_reaper] (root,0,0,00:00:00/7-12:29:10,45) [writeback] (root,0,0,00:00:22/7-12:29:10,46) [kcompactd0] (root,0,0,00:00:00/7-12:29:10,47) [ksmd] (root,0,0,00:00:22/7-12:29:10,48) [khugepaged] (root,0,0,00:00:00/7-12:29:10,74) [kintegrityd] (root,0,0,00:00:00/7-12:29:10,75) [kblockd] (root,0,0,00:00:00/7-12:29:10,76) [blkcg_punt_bio] (root,0,0,00:00:00/7-12:29:10,78) [tpm_dev_wq] (root,0,0,00:00:00/7-12:29:10,79) [edac-poller] (root,0,0,00:00:00/7-12:29:10,80) [devfreq_wq] (root,0,0,00:00:00/7-12:29:10,110) [watchdogd] (root,0,0,00:00:01/7-12:29:10,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-12:29:10,112) [kswapd0] (root,0,0,00:00:00/7-12:29:09,114) [kthrotld] (root,0,0,00:00:00/7-12:29:09,115) [mld] (root,0,0,00:00:00/7-12:29:09,116) [ipv6_addrconf] (root,0,0,00:00:03/7-12:29:09,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/7-12:29:09,122) [kstrp] (root,0,0,00:00:00/7-12:29:09,123) [zswap-shrink] (root,0,0,00:00:00/7-12:29:09,124) [kworker/u9:0] (root,0,0,00:00:00/7-12:29:09,129) [charger_manager] (root,0,0,00:00:01/7-12:29:08,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/7-12:29:08,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-12:29:08,205) [kaluad] (root,0,0,00:00:00/7-12:29:08,250) [kmpath_rdacd] (root,0,0,00:00:00/7-12:29:08,293) [kmpathd] (root,0,0,00:00:00/7-12:29:08,294) [kmpath_handlerd] (root,0,0,00:00:00/7-12:29:08,342) [ata_sff] (root,0,0,00:00:00/7-12:29:07,343) [scsi_eh_0] (root,0,0,00:00:00/7-12:29:07,344) [scsi_tmf_0] (root,0,0,00:00:00/7-12:29:07,345) [scsi_eh_1] (root,0,0,00:00:00/7-12:29:07,346) [scsi_tmf_1] (root,0,0,00:00:11/7-12:29:05,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-12:29:05,367) [ext4-rsv-conver] (root,38604,7900,00:00:13/7-12:28:53,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/7-12:28:52,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:11/7-12:28:50,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:04/7-12:28:16,512) /sbin/auditd (messagebus,22936,5672,00:00:26/7-12:28:16,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:15/7-12:28:16,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/7-12:28:16,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,0,0,00:00:00/13:16,589) [kworker/u8:0-writeback] (root,31876,16220,00:00:03/7-12:28:15,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/7-12:28:15,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25356,00:00:08/7-12:28:01,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/7-12:28:01,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:39/7-12:28:00,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/7-12:28:00,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/7-12:28:00,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/7-12:28:00,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/7-12:28:00,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:13/7-12:28:00,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:00:59/7-12:28:00,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/7-12:28:00,1206) bpfilter_umh (root,26204,8300,00:00:04/7-12:28:00,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/7-12:28:00,1215) ntpd: asynchronous dns resolver (spot,284212,169556,08:31:28/7-12:28:00,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/7-12:27:59,1228) (sd-pam) (checkmk,48532,3192,00:00:00/7-12:27:59,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/7-12:27:59,1245) (sd-pam) (root,24216,5348,00:00:02/7-12:27:58,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/7-12:27:58,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/7-12:27:57,1354) /usr/sbin/cron -n (root,691080,73620,00:09:38/7-12:27:51,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,43784,00:02:24/7-12:27:37,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/38:49,1729) [kworker/0:2-events] (root,0,0,00:00:00/31:36,3298) [kworker/2:1-events] (root,0,0,00:00:00/06:21,6632) [kworker/1:2-ata_sff] (root,0,0,00:00:00/01:08:05,7055) [kworker/3:2-events] (root,6656,3484,00:00:00/00:00,7114) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,7132) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,7133) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/46:11,8300) [kworker/3:1-events] (root,35308,10012,00:00:00/04:24:04,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:00/04:24:04,8749) sshd: syslogtunnel (root,35308,10012,00:00:00/1-10:18:53,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:04/1-10:18:52,15391) sshd: cm-ssh (root,0,0,00:00:00/10:11,17554) [kworker/0:1-events] (postfix,24244,8324,00:00:00/22:34,18194) pickup -l -t fifo -u (root,0,0,00:00:00/35:49,18809) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/42:40,21988) [kworker/1:0-events] (postfix,44628,9464,00:00:00/1-17:04:38,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/13:46,30892) [kworker/2:2] (root,0,0,00:00:00/01:10,32541) [kworker/1:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-19 22:51 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836319a6d84dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:18/5-11:31:19,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-11:31:19,2) [kthreadd] (root,0,0,00:00:00/5-11:31:19,3) [rcu_gp] (root,0,0,00:00:00/5-11:31:19,4) [rcu_par_gp] (root,0,0,00:00:00/5-11:31:19,5) [slub_flushwq] (root,0,0,00:00:00/5-11:31:19,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-11:31:19,9) [mm_percpu_wq] (root,0,0,00:00:00/5-11:31:19,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-11:31:19,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-11:31:19,12) [rcu_tasks_trace] (root,0,0,00:00:08/5-11:31:19,13) [ksoftirqd/0] (root,0,0,00:14:15/5-11:31:19,14) [rcu_preempt] (root,0,0,00:00:02/5-11:31:19,15) [migration/0] (root,0,0,00:00:00/5-11:31:19,16) [idle_inject/0] (root,0,0,00:00:00/5-11:31:19,18) [cpuhp/0] (root,0,0,00:00:00/5-11:31:19,19) [cpuhp/1] (root,0,0,00:00:00/5-11:31:19,20) [idle_inject/1] (root,0,0,00:00:02/5-11:31:19,21) [migration/1] (root,0,0,00:00:07/5-11:31:19,22) [ksoftirqd/1] (root,0,0,00:00:00/5-11:31:19,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-11:31:19,25) [cpuhp/2] (root,0,0,00:00:00/5-11:31:19,26) [idle_inject/2] (root,0,0,00:00:01/5-11:31:19,27) [migration/2] (root,0,0,00:11:45/5-11:31:19,28) [ksoftirqd/2] (root,0,0,00:00:00/5-11:31:19,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-11:31:19,31) [cpuhp/3] (root,0,0,00:00:00/5-11:31:19,32) [idle_inject/3] (root,0,0,00:00:02/5-11:31:19,33) [migration/3] (root,0,0,00:00:29/5-11:31:19,34) [ksoftirqd/3] (root,0,0,00:00:00/5-11:31:19,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-11:31:19,39) [kdevtmpfs] (root,0,0,00:00:00/5-11:31:19,40) [netns] (root,0,0,00:00:00/5-11:31:19,41) [inet_frag_wq] (root,0,0,00:00:01/5-11:31:19,42) [kauditd] (root,0,0,00:00:00/5-11:31:19,43) [khungtaskd] (root,0,0,00:00:00/5-11:31:19,44) [oom_reaper] (root,0,0,00:00:00/5-11:31:19,45) [writeback] (root,0,0,00:00:14/5-11:31:19,46) [kcompactd0] (root,0,0,00:00:00/5-11:31:19,47) [ksmd] (root,0,0,00:00:15/5-11:31:19,48) [khugepaged] (root,0,0,00:00:00/5-11:31:19,74) [kintegrityd] (root,0,0,00:00:00/5-11:31:19,75) [kblockd] (root,0,0,00:00:00/5-11:31:19,76) [blkcg_punt_bio] (root,0,0,00:00:00/5-11:31:19,78) [tpm_dev_wq] (root,0,0,00:00:00/5-11:31:19,79) [edac-poller] (root,0,0,00:00:00/5-11:31:19,80) [devfreq_wq] (root,0,0,00:00:00/5-11:31:19,110) [watchdogd] (root,0,0,00:00:01/5-11:31:19,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-11:31:19,112) [kswapd0] (root,0,0,00:00:00/5-11:31:18,114) [kthrotld] (root,0,0,00:00:00/5-11:31:18,115) [mld] (root,0,0,00:00:00/5-11:31:18,116) [ipv6_addrconf] (root,0,0,00:00:02/5-11:31:18,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/5-11:31:18,122) [kstrp] (root,0,0,00:00:00/5-11:31:18,123) [zswap-shrink] (root,0,0,00:00:00/5-11:31:18,124) [kworker/u9:0] (root,0,0,00:00:00/5-11:31:18,129) [charger_manager] (root,0,0,00:00:01/5-11:31:17,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/5-11:31:17,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-11:31:17,205) [kaluad] (root,0,0,00:00:00/5-11:31:17,250) [kmpath_rdacd] (root,0,0,00:00:00/5-11:31:17,293) [kmpathd] (root,0,0,00:00:00/5-11:31:17,294) [kmpath_handlerd] (root,0,0,00:00:00/5-11:31:17,342) [ata_sff] (root,0,0,00:00:00/5-11:31:16,343) [scsi_eh_0] (root,0,0,00:00:00/5-11:31:16,344) [scsi_tmf_0] (root,0,0,00:00:00/5-11:31:16,345) [scsi_eh_1] (root,0,0,00:00:00/5-11:31:16,346) [scsi_tmf_1] (root,0,0,00:00:08/5-11:31:14,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-11:31:14,367) [ext4-rsv-conver] (root,38604,7544,00:00:09/5-11:31:02,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/5-11:31:01,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:08/5-11:30:59,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/5-11:30:25,512) /sbin/auditd (messagebus,22936,5824,00:00:19/5-11:30:25,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:11/5-11:30:25,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/5-11:30:25,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/5-11:30:24,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/5-11:30:24,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25572,00:00:06/5-11:30:10,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/5-11:30:10,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:27/5-11:30:09,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/5-11:30:09,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/5-11:30:09,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/5-11:30:09,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/5-11:30:09,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:10/5-11:30:09,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:43/5-11:30:09,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/5-11:30:09,1206) bpfilter_umh (root,26204,8340,00:00:03/5-11:30:09,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/5-11:30:09,1215) ntpd: asynchronous dns resolver (spot,276088,163720,05:59:57/5-11:30:09,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/5-11:30:08,1228) (sd-pam) (checkmk,48532,3192,00:00:00/5-11:30:08,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/5-11:30:08,1245) (sd-pam) (root,24216,5348,00:00:01/5-11:30:07,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/5-11:30:07,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/5-11:30:06,1354) /usr/sbin/cron -n (root,691080,73440,00:06:57/5-11:30:00,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,42484,00:01:44/5-11:29:46,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/22:12,4430) [kworker/0:0-events] (root,35308,10024,00:00:00/3-13:22:55,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:12/3-13:22:55,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/3-13:22:40,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:10/3-13:22:40,4688) sshd: cm-ssh (root,0,0,00:00:00/07:30,7039) [kworker/1:1-ata_sff] (root,6656,3488,00:00:00/00:00,7667) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,7693) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,7694) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:05/12:01:02,13342) [kworker/1:0-ata_sff] (root,0,0,00:00:01/01:51:45,22417) [kworker/2:2-events] (root,0,0,00:00:00/01:51:41,22418) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/03:22:58,26136) [kworker/u8:1-ext4-rsv-conversion] (postfix,24244,8272,00:00:00/01:25:38,27452) pickup -l -t fifo -u (root,0,0,00:00:00/05:02:54,27907) [kworker/3:1-cgroup_destroy] (root,0,0,00:00:00/02:20,28062) [kworker/1:2-events] (root,0,0,00:00:00/01:09:11,28891) [kworker/3:2-events] (root,0,0,00:00:00/56:25,29918) [kworker/2:0] (root,0,0,00:00:00/39:18,31879) [kworker/0:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-17 21:53 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a3f25e99Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:13/3-15:12:02,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-15:12:02,2) [kthreadd] (root,0,0,00:00:00/3-15:12:02,3) [rcu_gp] (root,0,0,00:00:00/3-15:12:02,4) [rcu_par_gp] (root,0,0,00:00:00/3-15:12:02,5) [slub_flushwq] (root,0,0,00:00:00/3-15:12:02,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-15:12:02,9) [mm_percpu_wq] (root,0,0,00:00:00/3-15:12:02,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-15:12:02,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-15:12:02,12) [rcu_tasks_trace] (root,0,0,00:00:05/3-15:12:02,13) [ksoftirqd/0] (root,0,0,00:09:30/3-15:12:02,14) [rcu_preempt] (root,0,0,00:00:01/3-15:12:02,15) [migration/0] (root,0,0,00:00:00/3-15:12:02,16) [idle_inject/0] (root,0,0,00:00:00/3-15:12:02,18) [cpuhp/0] (root,0,0,00:00:00/3-15:12:02,19) [cpuhp/1] (root,0,0,00:00:00/3-15:12:02,20) [idle_inject/1] (root,0,0,00:00:01/3-15:12:02,21) [migration/1] (root,0,0,00:00:05/3-15:12:02,22) [ksoftirqd/1] (root,0,0,00:00:00/3-15:12:02,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-15:12:02,25) [cpuhp/2] (root,0,0,00:00:00/3-15:12:02,26) [idle_inject/2] (root,0,0,00:00:01/3-15:12:02,27) [migration/2] (root,0,0,00:08:01/3-15:12:02,28) [ksoftirqd/2] (root,0,0,00:00:00/3-15:12:02,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-15:12:02,31) [cpuhp/3] (root,0,0,00:00:00/3-15:12:02,32) [idle_inject/3] (root,0,0,00:00:01/3-15:12:02,33) [migration/3] (root,0,0,00:00:20/3-15:12:02,34) [ksoftirqd/3] (root,0,0,00:00:00/3-15:12:02,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-15:12:02,39) [kdevtmpfs] (root,0,0,00:00:00/3-15:12:02,40) [netns] (root,0,0,00:00:00/3-15:12:02,41) [inet_frag_wq] (root,0,0,00:00:01/3-15:12:02,42) [kauditd] (root,0,0,00:00:00/3-15:12:02,43) [khungtaskd] (root,0,0,00:00:00/3-15:12:02,44) [oom_reaper] (root,0,0,00:00:00/3-15:12:02,45) [writeback] (root,0,0,00:00:09/3-15:12:02,46) [kcompactd0] (root,0,0,00:00:00/3-15:12:02,47) [ksmd] (root,0,0,00:00:10/3-15:12:02,48) [khugepaged] (root,0,0,00:00:00/3-15:12:02,74) [kintegrityd] (root,0,0,00:00:00/3-15:12:02,75) [kblockd] (root,0,0,00:00:00/3-15:12:02,76) [blkcg_punt_bio] (root,0,0,00:00:00/3-15:12:02,78) [tpm_dev_wq] (root,0,0,00:00:00/3-15:12:02,79) [edac-poller] (root,0,0,00:00:00/3-15:12:02,80) [devfreq_wq] (root,0,0,00:00:00/3-15:12:02,110) [watchdogd] (root,0,0,00:00:00/3-15:12:02,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-15:12:02,112) [kswapd0] (root,0,0,00:00:00/3-15:12:01,114) [kthrotld] (root,0,0,00:00:00/3-15:12:01,115) [mld] (root,0,0,00:00:00/3-15:12:01,116) [ipv6_addrconf] (root,0,0,00:00:01/3-15:12:01,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-15:12:01,122) [kstrp] (root,0,0,00:00:00/3-15:12:01,123) [zswap-shrink] (root,0,0,00:00:00/3-15:12:01,124) [kworker/u9:0] (root,0,0,00:00:00/3-15:12:01,129) [charger_manager] (root,0,0,00:00:00/3-15:12:00,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-15:12:00,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-15:12:00,205) [kaluad] (root,0,0,00:00:00/3-15:12:00,250) [kmpath_rdacd] (root,0,0,00:00:00/3-15:12:00,293) [kmpathd] (root,0,0,00:00:00/3-15:12:00,294) [kmpath_handlerd] (root,0,0,00:00:00/3-15:12:00,342) [ata_sff] (root,0,0,00:00:00/3-15:11:59,343) [scsi_eh_0] (root,0,0,00:00:00/3-15:11:59,344) [scsi_tmf_0] (root,0,0,00:00:00/3-15:11:59,345) [scsi_eh_1] (root,0,0,00:00:00/3-15:11:59,346) [scsi_tmf_1] (root,0,0,00:00:05/3-15:11:57,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-15:11:57,367) [ext4-rsv-conver] (root,38604,7544,00:00:07/3-15:11:45,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/3-15:11:44,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:05/3-15:11:42,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/3-15:11:08,512) /sbin/auditd (messagebus,22936,5824,00:00:14/3-15:11:08,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:08/3-15:11:08,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/3-15:11:08,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/3-15:11:07,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/3-15:11:07,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24748,00:00:04/3-15:10:53,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/3-15:10:53,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:18/3-15:10:52,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/3-15:10:52,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/3-15:10:52,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/3-15:10:52,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/3-15:10:52,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:07/3-15:10:52,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:28/3-15:10:52,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/3-15:10:52,1206) bpfilter_umh (root,26204,8340,00:00:02/3-15:10:52,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/3-15:10:52,1215) ntpd: asynchronous dns resolver (spot,273804,162284,04:12:18/3-15:10:52,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/3-15:10:51,1228) (sd-pam) (checkmk,48532,3192,00:00:00/3-15:10:51,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/3-15:10:51,1245) (sd-pam) (root,0,0,00:00:00/18:47,1284) [kworker/2:1] (root,24216,5348,00:00:01/3-15:10:50,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-15:10:50,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/3-15:10:49,1354) /usr/sbin/cron -n (root,689544,71904,00:04:39/3-15:10:43,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,207296,41156,00:01:10/3-15:10:29,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:08:04,1655) [kworker/0:1-events] (root,0,0,00:00:04/03:43:24,3235) [kworker/2:0-events] (root,35308,10024,00:00:00/1-17:03:38,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:05/1-17:03:38,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/1-17:03:23,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:05/1-17:03:23,4688) sshd: cm-ssh (root,0,0,00:00:00/02:21:12,4707) [kworker/0:2-events] (root,6656,3488,00:00:00/00:00,6815) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,6833) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,6834) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8164,00:00:00/28:12,13818) pickup -l -t fifo -u (root,0,0,00:00:01/01:30:21,19322) [kworker/1:1-events] (root,0,0,00:00:00/01:28:41,25346) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/07:21,25518) [kworker/1:2-ata_sff] (root,0,0,00:00:00/07:00,26463) [kworker/3:0-events] (root,0,0,00:00:00/02:11,28129) [kworker/1:0-ata_sff] (root,0,0,00:00:00/05:18:39,30146) [kworker/u8:2] (root,0,0,00:00:00/42:14,30663) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-16 01:34 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363baa6fb2fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12672,00:00:07/1-14:13:27,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-14:13:27,2) [kthreadd] (root,0,0,00:00:00/1-14:13:27,3) [rcu_gp] (root,0,0,00:00:00/1-14:13:27,4) [rcu_par_gp] (root,0,0,00:00:00/1-14:13:27,5) [slub_flushwq] (root,0,0,00:00:00/1-14:13:27,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-14:13:27,9) [mm_percpu_wq] (root,0,0,00:00:00/1-14:13:27,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-14:13:27,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-14:13:27,12) [rcu_tasks_trace] (root,0,0,00:00:02/1-14:13:27,13) [ksoftirqd/0] (root,0,0,00:04:07/1-14:13:27,14) [rcu_preempt] (root,0,0,00:00:00/1-14:13:27,15) [migration/0] (root,0,0,00:00:00/1-14:13:27,16) [idle_inject/0] (root,0,0,00:00:00/1-14:13:27,18) [cpuhp/0] (root,0,0,00:00:00/1-14:13:27,19) [cpuhp/1] (root,0,0,00:00:00/1-14:13:27,20) [idle_inject/1] (root,0,0,00:00:00/1-14:13:27,21) [migration/1] (root,0,0,00:00:02/1-14:13:27,22) [ksoftirqd/1] (root,0,0,00:00:00/1-14:13:27,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-14:13:27,25) [cpuhp/2] (root,0,0,00:00:00/1-14:13:27,26) [idle_inject/2] (root,0,0,00:00:00/1-14:13:27,27) [migration/2] (root,0,0,00:03:24/1-14:13:27,28) [ksoftirqd/2] (root,0,0,00:00:00/1-14:13:27,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-14:13:27,31) [cpuhp/3] (root,0,0,00:00:00/1-14:13:27,32) [idle_inject/3] (root,0,0,00:00:00/1-14:13:27,33) [migration/3] (root,0,0,00:00:08/1-14:13:27,34) [ksoftirqd/3] (root,0,0,00:00:00/1-14:13:27,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-14:13:27,39) [kdevtmpfs] (root,0,0,00:00:00/1-14:13:27,40) [netns] (root,0,0,00:00:00/1-14:13:27,41) [inet_frag_wq] (root,0,0,00:00:00/1-14:13:27,42) [kauditd] (root,0,0,00:00:00/1-14:13:27,43) [khungtaskd] (root,0,0,00:00:00/1-14:13:27,44) [oom_reaper] (root,0,0,00:00:00/1-14:13:27,45) [writeback] (root,0,0,00:00:04/1-14:13:27,46) [kcompactd0] (root,0,0,00:00:00/1-14:13:27,47) [ksmd] (root,0,0,00:00:04/1-14:13:27,48) [khugepaged] (root,0,0,00:00:00/1-14:13:27,74) [kintegrityd] (root,0,0,00:00:00/1-14:13:27,75) [kblockd] (root,0,0,00:00:00/1-14:13:27,76) [blkcg_punt_bio] (root,0,0,00:00:00/1-14:13:27,78) [tpm_dev_wq] (root,0,0,00:00:00/1-14:13:27,79) [edac-poller] (root,0,0,00:00:00/1-14:13:27,80) [devfreq_wq] (root,0,0,00:00:00/1-14:13:27,110) [watchdogd] (root,0,0,00:00:00/1-14:13:27,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-14:13:27,112) [kswapd0] (root,0,0,00:00:00/1-14:13:26,114) [kthrotld] (root,0,0,00:00:00/1-14:13:26,115) [mld] (root,0,0,00:00:00/1-14:13:26,116) [ipv6_addrconf] (root,0,0,00:00:00/1-14:13:26,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-14:13:26,122) [kstrp] (root,0,0,00:00:00/1-14:13:26,123) [zswap-shrink] (root,0,0,00:00:00/1-14:13:26,124) [kworker/u9:0] (root,0,0,00:00:00/1-14:13:26,129) [charger_manager] (root,0,0,00:00:00/1-14:13:25,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-14:13:25,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-14:13:25,205) [kaluad] (root,0,0,00:00:00/1-14:13:25,250) [kmpath_rdacd] (root,0,0,00:00:00/1-14:13:25,293) [kmpathd] (root,0,0,00:00:00/1-14:13:25,294) [kmpath_handlerd] (root,0,0,00:00:00/1-14:13:25,342) [ata_sff] (root,0,0,00:00:00/1-14:13:24,343) [scsi_eh_0] (root,0,0,00:00:00/1-14:13:24,344) [scsi_tmf_0] (root,0,0,00:00:00/1-14:13:24,345) [scsi_eh_1] (root,0,0,00:00:00/1-14:13:24,346) [scsi_tmf_1] (root,0,0,00:00:02/1-14:13:22,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-14:13:22,367) [ext4-rsv-conver] (root,38604,7544,00:00:03/1-14:13:10,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/1-14:13:09,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:02/1-14:13:07,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/1-14:12:33,512) /sbin/auditd (messagebus,22936,5824,00:00:07/1-14:12:33,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8508,00:00:03/1-14:12:33,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/1-14:12:33,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/1-14:12:32,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/1-14:12:32,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24220,00:00:02/1-14:12:18,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/1-14:12:18,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:07/1-14:12:17,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/1-14:12:17,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/1-14:12:17,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/1-14:12:17,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/1-14:12:17,1201) /usr/lib/systemd/systemd --user (root,448724,7840,00:00:03/1-14:12:17,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:12/1-14:12:17,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/1-14:12:17,1206) bpfilter_umh (root,26204,8340,00:00:01/1-14:12:17,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/1-14:12:17,1215) ntpd: asynchronous dns resolver (spot,198964,161676,01:46:53/1-14:12:17,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/1-14:12:16,1228) (sd-pam) (checkmk,48532,3192,00:00:00/1-14:12:16,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/1-14:12:16,1245) (sd-pam) (root,24216,5348,00:00:00/1-14:12:15,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/1-14:12:15,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/1-14:12:14,1354) /usr/sbin/cron -n (root,35308,9992,00:00:00/1-14:12:10,1368) sshd: syslogtunnel [priv] (syslogtunnel,35308,5400,00:00:05/1-14:12:10,1371) sshd: syslogtunnel (root,689288,71288,00:02:04/1-14:12:08,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,40784,00:00:32/1-14:11:54,1380) /usr/bin/python3.11 /usr/bin/spot (root,35308,9976,00:00:00/1-14:11:35,1434) sshd: cm-ssh [priv] (cm-ssh,35308,5468,00:00:04/1-14:11:35,1436) sshd: cm-ssh (root,0,0,00:00:05/08:37:52,3139) [kworker/1:0-ata_sff] (root,0,0,00:00:00/20:20,4324) [kworker/3:1-events] (root,0,0,00:00:00/03:28,4802) [kworker/3:2] (postfix,24244,8168,00:00:00/01:31:40,8239) pickup -l -t fifo -u (root,0,0,00:00:00/48:29,9251) [kworker/0:2-events] (root,0,0,00:00:00/10:14,10983) [kworker/1:1-events] (root,0,0,00:00:00/10:08,11248) [kworker/u8:0-writeback] (root,0,0,00:00:00/16:59,17764) [kworker/2:2] (root,6656,3476,00:00:00/00:01,22214) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,22225) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,22301) /bin/bash /usr/bin/check_mk_agent (root,0,0,00:00:00/00:00,22302) [check_mk_agent] <defunct> (root,0,0,00:00:00/00:00,22303) [awk] (root,6656,3488,00:00:00/00:00,22306) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,22324) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,22325) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:11:01,27345) [kworker/3:0-cgroup_destroy] (root,0,0,00:00:00/01:35:29,28896) [kworker/0:0-events] (root,0,0,00:00:00/01:35:09,29594) [kworker/u8:1] (root,0,0,00:00:00/05:03,29799) [kworker/1:2-ata_sff] (root,0,0,00:00:01/52:06,32356) [kworker/2:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-14 00:35 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e9990d99Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12368,00:03:07/62-13:21:34,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/62-13:21:34,2) [kthreadd] (root,0,0,00:00:00/62-13:21:34,3) [rcu_gp] (root,0,0,00:00:00/62-13:21:34,4) [rcu_par_gp] (root,0,0,00:00:00/62-13:21:34,5) [slub_flushwq] (root,0,0,00:00:00/62-13:21:34,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/62-13:21:34,9) [mm_percpu_wq] (root,0,0,00:00:00/62-13:21:34,10) [rcu_tasks_kthre] (root,0,0,00:00:00/62-13:21:34,11) [rcu_tasks_rude_] (root,0,0,00:00:00/62-13:21:34,12) [rcu_tasks_trace] (root,0,0,00:01:52/62-13:21:34,13) [ksoftirqd/0] (root,0,0,02:54:07/62-13:21:34,14) [rcu_preempt] (root,0,0,00:00:23/62-13:21:34,15) [migration/0] (root,0,0,00:00:00/62-13:21:34,16) [idle_inject/0] (root,0,0,00:00:00/62-13:21:34,18) [cpuhp/0] (root,0,0,00:00:00/62-13:21:34,19) [cpuhp/1] (root,0,0,00:00:00/62-13:21:34,20) [idle_inject/1] (root,0,0,00:00:23/62-13:21:34,21) [migration/1] (root,0,0,00:01:33/62-13:21:34,22) [ksoftirqd/1] (root,0,0,00:00:00/62-13:21:34,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/62-13:21:34,25) [cpuhp/2] (root,0,0,00:00:00/62-13:21:34,26) [idle_inject/2] (root,0,0,00:00:17/62-13:21:34,27) [migration/2] (root,0,0,01:53:28/62-13:21:34,28) [ksoftirqd/2] (root,0,0,00:00:00/62-13:21:34,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/62-13:21:34,31) [cpuhp/3] (root,0,0,00:00:00/62-13:21:34,32) [idle_inject/3] (root,0,0,00:00:22/62-13:21:34,33) [migration/3] (root,0,0,00:05:43/62-13:21:34,34) [ksoftirqd/3] (root,0,0,00:00:00/62-13:21:34,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/62-13:21:34,40) [kdevtmpfs] (root,0,0,00:00:00/62-13:21:34,41) [netns] (root,0,0,00:00:00/62-13:21:34,42) [inet_frag_wq] (root,0,0,00:00:22/62-13:21:34,43) [kauditd] (root,0,0,00:00:00/62-13:21:34,44) [khungtaskd] (root,0,0,00:00:00/62-13:21:34,45) [oom_reaper] (root,0,0,00:00:00/62-13:21:34,46) [writeback] (root,0,0,00:03:11/62-13:21:34,47) [kcompactd0] (root,0,0,00:00:00/62-13:21:34,48) [ksmd] (root,0,0,00:03:27/62-13:21:34,49) [khugepaged] (root,0,0,00:00:00/62-13:21:34,75) [kintegrityd] (root,0,0,00:00:00/62-13:21:34,76) [kblockd] (root,0,0,00:00:00/62-13:21:34,77) [blkcg_punt_bio] (root,0,0,00:00:00/62-13:21:34,79) [tpm_dev_wq] (root,0,0,00:00:00/62-13:21:34,80) [edac-poller] (root,0,0,00:00:00/62-13:21:34,81) [devfreq_wq] (root,0,0,00:00:00/62-13:21:34,110) [watchdogd] (root,0,0,00:00:05/62-13:21:34,111) [kswapd0] (root,0,0,00:00:15/62-13:21:34,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/62-13:21:32,115) [kthrotld] (root,0,0,00:00:00/62-13:21:32,116) [mld] (root,0,0,00:00:00/62-13:21:32,117) [ipv6_addrconf] (root,0,0,00:00:16/62-13:21:32,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/62-13:21:32,123) [kstrp] (root,0,0,00:00:00/62-13:21:32,124) [zswap-shrink] (root,0,0,00:00:00/62-13:21:32,125) [kworker/u9:0] (root,0,0,00:00:00/62-13:21:32,130) [charger_manager] (root,0,0,00:00:18/62-13:21:32,172) [kworker/1:1H-kblockd] (root,0,0,00:00:27/62-13:21:32,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/62-13:21:31,239) [kaluad] (root,0,0,00:00:00/62-13:21:31,258) [kmpath_rdacd] (root,0,0,00:00:00/62-13:21:31,304) [kmpathd] (root,0,0,00:00:00/62-13:21:31,305) [kmpath_handlerd] (root,0,0,00:00:00/62-13:21:30,342) [ata_sff] (root,0,0,00:00:00/62-13:21:30,343) [scsi_eh_0] (root,0,0,00:00:00/62-13:21:30,344) [scsi_tmf_0] (root,0,0,00:00:00/62-13:21:30,345) [scsi_eh_1] (root,0,0,00:00:00/62-13:21:30,346) [scsi_tmf_1] (root,0,0,00:01:59/62-13:21:27,366) [jbd2/vda1-8] (root,0,0,00:00:00/62-13:21:27,367) [ext4-rsv-conver] (root,38604,7852,00:01:47/62-13:21:15,440) /usr/lib/systemd/systemd-journald (root,53296,9324,00:00:07/62-13:21:14,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:36/62-13:21:12,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1584,00:00:39/62-13:20:41,511) /sbin/auditd (messagebus,22932,5400,00:03:34/62-13:20:40,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38880,8288,00:02:01/62-13:20:40,530) /usr/lib/systemd/systemd-logind (root,20556,4152,00:00:00/62-13:20:40,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15472,00:00:03/62-13:20:38,611) /usr/sbin/wickedd --systemd --foreground (root,31900,15904,00:00:00/62-13:20:38,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549384,31628,00:01:13/62-13:20:24,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/62-13:20:24,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:06:04/62-13:20:24,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/62-13:20:24,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/62-13:20:24,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/62-13:20:24,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/62-13:20:24,1343) /usr/lib/systemd/systemd --user (root,449060,7988,00:01:56/62-13:20:24,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:52/62-13:20:24,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/62-13:20:24,1352) bpfilter_umh (root,26204,8096,00:00:33/62-13:20:24,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/62-13:20:24,1359) ntpd: asynchronous dns resolver (spot,362640,213548,3-11:05:40/62-13:20:23,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/62-13:20:23,1371) (sd-pam) (checkmk,48528,3180,00:00:00/62-13:20:23,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/62-13:20:23,1373) (sd-pam) (root,24216,5256,00:00:22/62-13:20:21,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/62-13:20:21,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/62-13:20:21,1485) /usr/sbin/cron -n (root,699464,80288,01:26:25/62-13:20:15,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/56:09,1818) [kworker/1:0-mm_percpu_wq] (spot,236992,82964,00:31:54/62-13:20:03,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/11:29,2406) [kworker/u8:0-writeback] (postfix,44628,9104,00:00:02/56-18:55:38,2557) tlsmgr -l -t unix -u (root,6656,3484,00:00:00/00:00,4768) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,4786) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,4787) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/09:37,5187) [kworker/3:2-ata_sff] (root,0,0,00:00:00/09:30,5538) [kworker/2:1-mm_percpu_wq] (root,0,0,00:00:00/07:01,9738) [kworker/0:2-cgroup_destroy] (root,35304,10040,00:00:00/24-13:48:33,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:32/24-13:48:32,10514) sshd: syslogtunnel (root,0,0,00:00:00/01:09:36,12427) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/19:19,14894) [kworker/1:1] (root,0,0,00:00:00/04:25,16788) [kworker/3:0-ata_sff] (root,0,0,00:00:01/02:22:12,19079) [kworker/2:2-mm_percpu_wq] (postfix,24244,8252,00:00:00/31:05,21014) pickup -l -t fifo -u (root,0,0,00:00:00/40:44,25290) [kworker/3:1-events] (root,0,0,00:00:00/38:58,30822) [kworker/0:1-events] (root,35308,10028,00:00:00/24-14:34:46,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:22/24-14:34:45,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-12 00:10 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363deadb731Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:58/60-14:15:56,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/60-14:15:56,2) [kthreadd] (root,0,0,00:00:00/60-14:15:56,3) [rcu_gp] (root,0,0,00:00:00/60-14:15:56,4) [rcu_par_gp] (root,0,0,00:00:00/60-14:15:56,5) [slub_flushwq] (root,0,0,00:00:00/60-14:15:56,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/60-14:15:56,9) [mm_percpu_wq] (root,0,0,00:00:00/60-14:15:56,10) [rcu_tasks_kthre] (root,0,0,00:00:00/60-14:15:56,11) [rcu_tasks_rude_] (root,0,0,00:00:00/60-14:15:56,12) [rcu_tasks_trace] (root,0,0,00:01:48/60-14:15:56,13) [ksoftirqd/0] (root,0,0,02:49:07/60-14:15:56,14) [rcu_preempt] (root,0,0,00:00:23/60-14:15:56,15) [migration/0] (root,0,0,00:00:00/60-14:15:56,16) [idle_inject/0] (root,0,0,00:00:00/60-14:15:56,18) [cpuhp/0] (root,0,0,00:00:00/60-14:15:56,19) [cpuhp/1] (root,0,0,00:00:00/60-14:15:56,20) [idle_inject/1] (root,0,0,00:00:23/60-14:15:56,21) [migration/1] (root,0,0,00:01:30/60-14:15:56,22) [ksoftirqd/1] (root,0,0,00:00:00/60-14:15:56,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/60-14:15:56,25) [cpuhp/2] (root,0,0,00:00:00/60-14:15:56,26) [idle_inject/2] (root,0,0,00:00:17/60-14:15:56,27) [migration/2] (root,0,0,01:49:37/60-14:15:56,28) [ksoftirqd/2] (root,0,0,00:00:00/60-14:15:56,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/60-14:15:56,31) [cpuhp/3] (root,0,0,00:00:00/60-14:15:56,32) [idle_inject/3] (root,0,0,00:00:21/60-14:15:56,33) [migration/3] (root,0,0,00:05:33/60-14:15:56,34) [ksoftirqd/3] (root,0,0,00:00:00/60-14:15:56,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/60-14:15:56,40) [kdevtmpfs] (root,0,0,00:00:00/60-14:15:56,41) [netns] (root,0,0,00:00:00/60-14:15:56,42) [inet_frag_wq] (root,0,0,00:00:21/60-14:15:56,43) [kauditd] (root,0,0,00:00:00/60-14:15:56,44) [khungtaskd] (root,0,0,00:00:00/60-14:15:56,45) [oom_reaper] (root,0,0,00:00:00/60-14:15:56,46) [writeback] (root,0,0,00:03:05/60-14:15:56,47) [kcompactd0] (root,0,0,00:00:00/60-14:15:56,48) [ksmd] (root,0,0,00:03:21/60-14:15:56,49) [khugepaged] (root,0,0,00:00:00/60-14:15:56,75) [kintegrityd] (root,0,0,00:00:00/60-14:15:56,76) [kblockd] (root,0,0,00:00:00/60-14:15:56,77) [blkcg_punt_bio] (root,0,0,00:00:00/60-14:15:56,79) [tpm_dev_wq] (root,0,0,00:00:00/60-14:15:56,80) [edac-poller] (root,0,0,00:00:00/60-14:15:56,81) [devfreq_wq] (root,0,0,00:00:00/60-14:15:56,110) [watchdogd] (root,0,0,00:00:04/60-14:15:56,111) [kswapd0] (root,0,0,00:00:15/60-14:15:56,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/60-14:15:54,115) [kthrotld] (root,0,0,00:00:00/60-14:15:54,116) [mld] (root,0,0,00:00:00/60-14:15:54,117) [ipv6_addrconf] (root,0,0,00:00:16/60-14:15:54,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/60-14:15:54,123) [kstrp] (root,0,0,00:00:00/60-14:15:54,124) [zswap-shrink] (root,0,0,00:00:00/60-14:15:54,125) [kworker/u9:0] (root,0,0,00:00:00/60-14:15:54,130) [charger_manager] (root,0,0,00:00:18/60-14:15:54,172) [kworker/1:1H-kblockd] (root,0,0,00:00:26/60-14:15:54,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/60-14:15:53,239) [kaluad] (root,0,0,00:00:00/60-14:15:53,258) [kmpath_rdacd] (root,0,0,00:00:00/60-14:15:53,304) [kmpathd] (root,0,0,00:00:00/60-14:15:53,305) [kmpath_handlerd] (root,0,0,00:00:00/60-14:15:52,342) [ata_sff] (root,0,0,00:00:00/60-14:15:52,343) [scsi_eh_0] (root,0,0,00:00:00/60-14:15:52,344) [scsi_tmf_0] (root,0,0,00:00:00/60-14:15:52,345) [scsi_eh_1] (root,0,0,00:00:00/60-14:15:52,346) [scsi_tmf_1] (root,0,0,00:01:56/60-14:15:49,366) [jbd2/vda1-8] (root,0,0,00:00:00/60-14:15:49,367) [ext4-rsv-conver] (root,38604,7852,00:01:43/60-14:15:37,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/60-14:15:36,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:33/60-14:15:34,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:37/60-14:15:03,511) /sbin/auditd (messagebus,22932,5400,00:03:24/60-14:15:02,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8272,00:01:55/60-14:15:02,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/60-14:15:02,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/60-14:15:00,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/60-14:15:00,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549384,31636,00:01:11/60-14:14:46,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/60-14:14:46,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:54/60-14:14:46,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/60-14:14:46,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/60-14:14:46,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/60-14:14:46,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/60-14:14:46,1343) /usr/lib/systemd/systemd --user (root,449060,8208,00:01:51/60-14:14:46,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:36/60-14:14:46,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/60-14:14:46,1352) bpfilter_umh (root,26204,8096,00:00:31/60-14:14:46,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/60-14:14:46,1359) ntpd: asynchronous dns resolver (spot,362512,213532,3-08:29:48/60-14:14:45,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/60-14:14:45,1371) (sd-pam) (checkmk,48528,3180,00:00:00/60-14:14:45,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/60-14:14:45,1373) (sd-pam) (root,24216,5260,00:00:21/60-14:14:43,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/60-14:14:43,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/60-14:14:43,1485) /usr/sbin/cron -n (root,699208,80092,01:23:46/60-14:14:37,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,235968,82040,00:31:05/60-14:14:25,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/54-19:50:00,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/00:21,6343) [kworker/2:2-events] (root,0,0,00:00:00/10:25,7686) [kworker/0:0] (root,6764,3612,00:00:00/00:01,8938) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,9084) /bin/bash /usr/bin/check_mk_agent (root,15108,10496,00:00:00/00:00,9106) python ././remotecheck (root,13744,3508,00:00:00/00:00,9127) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,9128) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35304,10040,00:00:00/22-14:42:55,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:24/22-14:42:54,10514) sshd: syslogtunnel (root,0,0,00:00:00/02:34:36,12806) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:01/02:12:00,13124) [kworker/3:2-mm_percpu_wq] (root,0,0,00:00:00/06:57,14712) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:55:00,15347) [kworker/2:0-events] (postfix,24244,8244,00:00:00/06:24,16450) pickup -l -t fifo -u (root,0,0,00:00:00/38:31,17961) [kworker/u8:0-writeback] (root,0,0,00:00:00/05:38,18947) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/45:55,20158) [kworker/1:1-events] (root,0,0,00:00:00/01:12:05,24113) [kworker/0:2-mm_percpu_wq] (root,0,0,00:00:00/22:11,25821) [kworker/1:0-events] (root,0,0,00:00:00/01:46,30543) [kworker/3:1-ata_sff] (root,35308,10028,00:00:00/22-15:29:08,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:15/22-15:29:07,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-10 01:04 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683636118c22aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,14416,00:02:49/58-14:23:32,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/58-14:23:32,2) [kthreadd] (root,0,0,00:00:00/58-14:23:32,3) [rcu_gp] (root,0,0,00:00:00/58-14:23:32,4) [rcu_par_gp] (root,0,0,00:00:00/58-14:23:32,5) [slub_flushwq] (root,0,0,00:00:00/58-14:23:32,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/58-14:23:32,9) [mm_percpu_wq] (root,0,0,00:00:00/58-14:23:32,10) [rcu_tasks_kthre] (root,0,0,00:00:00/58-14:23:32,11) [rcu_tasks_rude_] (root,0,0,00:00:00/58-14:23:32,12) [rcu_tasks_trace] (root,0,0,00:01:44/58-14:23:32,13) [ksoftirqd/0] (root,0,0,02:43:56/58-14:23:32,14) [rcu_preempt] (root,0,0,00:00:22/58-14:23:32,15) [migration/0] (root,0,0,00:00:00/58-14:23:32,16) [idle_inject/0] (root,0,0,00:00:00/58-14:23:32,18) [cpuhp/0] (root,0,0,00:00:00/58-14:23:32,19) [cpuhp/1] (root,0,0,00:00:00/58-14:23:32,20) [idle_inject/1] (root,0,0,00:00:22/58-14:23:32,21) [migration/1] (root,0,0,00:01:26/58-14:23:32,22) [ksoftirqd/1] (root,0,0,00:00:00/58-14:23:32,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/58-14:23:32,25) [cpuhp/2] (root,0,0,00:00:00/58-14:23:32,26) [idle_inject/2] (root,0,0,00:00:16/58-14:23:32,27) [migration/2] (root,0,0,01:44:50/58-14:23:32,28) [ksoftirqd/2] (root,0,0,00:00:00/58-14:23:32,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/58-14:23:32,31) [cpuhp/3] (root,0,0,00:00:00/58-14:23:32,32) [idle_inject/3] (root,0,0,00:00:20/58-14:23:32,33) [migration/3] (root,0,0,00:05:21/58-14:23:32,34) [ksoftirqd/3] (root,0,0,00:00:00/58-14:23:32,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/58-14:23:32,40) [kdevtmpfs] (root,0,0,00:00:00/58-14:23:32,41) [netns] (root,0,0,00:00:00/58-14:23:32,42) [inet_frag_wq] (root,0,0,00:00:20/58-14:23:32,43) [kauditd] (root,0,0,00:00:00/58-14:23:32,44) [khungtaskd] (root,0,0,00:00:00/58-14:23:32,45) [oom_reaper] (root,0,0,00:00:00/58-14:23:32,46) [writeback] (root,0,0,00:02:59/58-14:23:32,47) [kcompactd0] (root,0,0,00:00:00/58-14:23:32,48) [ksmd] (root,0,0,00:03:14/58-14:23:32,49) [khugepaged] (root,0,0,00:00:00/58-14:23:32,75) [kintegrityd] (root,0,0,00:00:00/58-14:23:32,76) [kblockd] (root,0,0,00:00:00/58-14:23:32,77) [blkcg_punt_bio] (root,0,0,00:00:00/58-14:23:32,79) [tpm_dev_wq] (root,0,0,00:00:00/58-14:23:32,80) [edac-poller] (root,0,0,00:00:00/58-14:23:32,81) [devfreq_wq] (root,0,0,00:00:00/58-14:23:32,110) [watchdogd] (root,0,0,00:00:04/58-14:23:32,111) [kswapd0] (root,0,0,00:00:15/58-14:23:32,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/58-14:23:30,115) [kthrotld] (root,0,0,00:00:00/58-14:23:30,116) [mld] (root,0,0,00:00:00/58-14:23:30,117) [ipv6_addrconf] (root,0,0,00:00:16/58-14:23:30,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/58-14:23:30,123) [kstrp] (root,0,0,00:00:00/58-14:23:30,124) [zswap-shrink] (root,0,0,00:00:00/58-14:23:30,125) [kworker/u9:0] (root,0,0,00:00:00/58-14:23:30,130) [charger_manager] (root,0,0,00:00:17/58-14:23:30,172) [kworker/1:1H-kblockd] (root,0,0,00:00:25/58-14:23:30,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/58-14:23:29,239) [kaluad] (root,0,0,00:00:00/58-14:23:29,258) [kmpath_rdacd] (root,0,0,00:00:00/58-14:23:29,304) [kmpathd] (root,0,0,00:00:00/58-14:23:29,305) [kmpath_handlerd] (root,0,0,00:00:00/58-14:23:28,342) [ata_sff] (root,0,0,00:00:00/58-14:23:28,343) [scsi_eh_0] (root,0,0,00:00:00/58-14:23:28,344) [scsi_tmf_0] (root,0,0,00:00:00/58-14:23:28,345) [scsi_eh_1] (root,0,0,00:00:00/58-14:23:28,346) [scsi_tmf_1] (root,0,0,00:01:52/58-14:23:25,366) [jbd2/vda1-8] (root,0,0,00:00:00/58-14:23:25,367) [ext4-rsv-conver] (root,38604,7852,00:01:38/58-14:23:13,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/58-14:23:12,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:30/58-14:23:10,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:35/58-14:22:39,511) /sbin/auditd (messagebus,22932,5400,00:03:13/58-14:22:38,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:49/58-14:22:38,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/58-14:22:38,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/58-14:22:36,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/58-14:22:36,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549128,31272,00:01:09/58-14:22:22,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/58-14:22:22,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:44/58-14:22:22,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/58-14:22:22,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/58-14:22:22,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/58-14:22:22,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/58-14:22:22,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:47/58-14:22:22,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:21/58-14:22:22,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/58-14:22:22,1352) bpfilter_umh (root,26204,8096,00:00:30/58-14:22:22,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/58-14:22:22,1359) ntpd: asynchronous dns resolver (spot,363808,214628,3-05:26:48/58-14:22:21,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/58-14:22:21,1371) (sd-pam) (checkmk,48528,3180,00:00:00/58-14:22:21,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/58-14:22:21,1373) (sd-pam) (root,24216,5260,00:00:20/58-14:22:19,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/58-14:22:19,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/58-14:22:19,1485) /usr/sbin/cron -n (root,698952,79684,01:21:03/58-14:22:13,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,234944,80364,00:30:17/58-14:22:01,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/52-19:57:36,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/04:42,3048) [kworker/2:2-events] (root,35304,10040,00:00:00/20-14:50:31,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:17/20-14:50:30,10514) sshd: syslogtunnel (postfix,24244,8144,00:00:00/35:50,12925) pickup -l -t fifo -u (root,0,0,00:00:00/41:02,18745) [kworker/0:1-events] (root,0,0,00:00:00/34:09,19023) [kworker/1:0-events] (root,0,0,00:00:00/21:07,19227) [kworker/3:1-events] (root,0,0,00:00:00/00:23,20983) [kworker/3:0-ata_sff] (root,0,0,00:00:00/54:53,21124) [kworker/2:1-events] (root,6656,3484,00:00:00/00:00,22067) /bin/bash /usr/bin/check_mk_agent (root,13744,3372,00:00:00/00:00,22091) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,22092) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:11,25238) [kworker/u8:2-flush-253:0] (root,0,0,00:00:01/03:25:30,26097) [kworker/0:2-events] (root,0,0,00:00:00/15:41,28268) [kworker/1:1-events] (root,0,0,00:00:00/15:33,28459) [kworker/u8:1-flush-253:0] (root,35308,10028,00:00:00/20-15:36:44,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:09/20-15:36:43,30947) sshd: cm-ssh (root,0,0,00:00:00/38:44,31568) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/05:34,31754) [kworker/3:2-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-08 01:12 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e1257579Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:39/56-13:52:34,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/56-13:52:34,2) [kthreadd] (root,0,0,00:00:00/56-13:52:34,3) [rcu_gp] (root,0,0,00:00:00/56-13:52:34,4) [rcu_par_gp] (root,0,0,00:00:00/56-13:52:34,5) [slub_flushwq] (root,0,0,00:00:00/56-13:52:34,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/56-13:52:34,9) [mm_percpu_wq] (root,0,0,00:00:00/56-13:52:34,10) [rcu_tasks_kthre] (root,0,0,00:00:00/56-13:52:34,11) [rcu_tasks_rude_] (root,0,0,00:00:00/56-13:52:34,12) [rcu_tasks_trace] (root,0,0,00:01:41/56-13:52:34,13) [ksoftirqd/0] (root,0,0,02:38:34/56-13:52:34,14) [rcu_preempt] (root,0,0,00:00:21/56-13:52:34,15) [migration/0] (root,0,0,00:00:00/56-13:52:34,16) [idle_inject/0] (root,0,0,00:00:00/56-13:52:34,18) [cpuhp/0] (root,0,0,00:00:00/56-13:52:34,19) [cpuhp/1] (root,0,0,00:00:00/56-13:52:34,20) [idle_inject/1] (root,0,0,00:00:21/56-13:52:34,21) [migration/1] (root,0,0,00:01:23/56-13:52:34,22) [ksoftirqd/1] (root,0,0,00:00:00/56-13:52:34,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/56-13:52:34,25) [cpuhp/2] (root,0,0,00:00:00/56-13:52:34,26) [idle_inject/2] (root,0,0,00:00:16/56-13:52:34,27) [migration/2] (root,0,0,01:40:22/56-13:52:34,28) [ksoftirqd/2] (root,0,0,00:00:00/56-13:52:34,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/56-13:52:34,31) [cpuhp/3] (root,0,0,00:00:00/56-13:52:34,32) [idle_inject/3] (root,0,0,00:00:20/56-13:52:34,33) [migration/3] (root,0,0,00:05:09/56-13:52:34,34) [ksoftirqd/3] (root,0,0,00:00:00/56-13:52:34,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/56-13:52:34,40) [kdevtmpfs] (root,0,0,00:00:00/56-13:52:34,41) [netns] (root,0,0,00:00:00/56-13:52:34,42) [inet_frag_wq] (root,0,0,00:00:19/56-13:52:34,43) [kauditd] (root,0,0,00:00:00/56-13:52:34,44) [khungtaskd] (root,0,0,00:00:00/56-13:52:34,45) [oom_reaper] (root,0,0,00:00:00/56-13:52:34,46) [writeback] (root,0,0,00:02:53/56-13:52:34,47) [kcompactd0] (root,0,0,00:00:00/56-13:52:34,48) [ksmd] (root,0,0,00:03:08/56-13:52:34,49) [khugepaged] (root,0,0,00:00:00/56-13:52:34,75) [kintegrityd] (root,0,0,00:00:00/56-13:52:34,76) [kblockd] (root,0,0,00:00:00/56-13:52:34,77) [blkcg_punt_bio] (root,0,0,00:00:00/56-13:52:34,79) [tpm_dev_wq] (root,0,0,00:00:00/56-13:52:34,80) [edac-poller] (root,0,0,00:00:00/56-13:52:34,81) [devfreq_wq] (root,0,0,00:00:00/56-13:52:34,110) [watchdogd] (root,0,0,00:00:04/56-13:52:34,111) [kswapd0] (root,0,0,00:00:14/56-13:52:34,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/56-13:52:32,115) [kthrotld] (root,0,0,00:00:00/56-13:52:32,116) [mld] (root,0,0,00:00:00/56-13:52:32,117) [ipv6_addrconf] (root,0,0,00:00:15/56-13:52:32,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/56-13:52:32,123) [kstrp] (root,0,0,00:00:00/56-13:52:32,124) [zswap-shrink] (root,0,0,00:00:00/56-13:52:32,125) [kworker/u9:0] (root,0,0,00:00:00/56-13:52:32,130) [charger_manager] (root,0,0,00:00:17/56-13:52:32,172) [kworker/1:1H-kblockd] (root,0,0,00:00:25/56-13:52:32,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/56-13:52:31,239) [kaluad] (root,0,0,00:00:00/56-13:52:31,258) [kmpath_rdacd] (root,0,0,00:00:00/56-13:52:31,304) [kmpathd] (root,0,0,00:00:00/56-13:52:31,305) [kmpath_handlerd] (root,0,0,00:00:00/56-13:52:30,342) [ata_sff] (root,0,0,00:00:00/56-13:52:30,343) [scsi_eh_0] (root,0,0,00:00:00/56-13:52:30,344) [scsi_tmf_0] (root,0,0,00:00:00/56-13:52:30,345) [scsi_eh_1] (root,0,0,00:00:00/56-13:52:30,346) [scsi_tmf_1] (root,0,0,00:01:49/56-13:52:27,366) [jbd2/vda1-8] (root,0,0,00:00:00/56-13:52:27,367) [ext4-rsv-conver] (root,38604,7852,00:01:33/56-13:52:15,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/56-13:52:14,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:27/56-13:52:12,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:32/56-13:51:41,511) /sbin/auditd (messagebus,22932,5400,00:03:00/56-13:51:40,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:42/56-13:51:40,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/56-13:51:40,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/56-13:51:38,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/56-13:51:38,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549128,31272,00:01:07/56-13:51:24,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/56-13:51:24,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:35/56-13:51:24,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/56-13:51:24,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/56-13:51:24,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/56-13:51:24,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/56-13:51:24,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:42/56-13:51:24,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:04/56-13:51:24,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/56-13:51:24,1352) bpfilter_umh (root,26204,8096,00:00:28/56-13:51:24,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/56-13:51:24,1359) ntpd: asynchronous dns resolver (spot,364832,215652,3-02:29:36/56-13:51:23,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/56-13:51:23,1371) (sd-pam) (checkmk,48528,3180,00:00:00/56-13:51:23,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/56-13:51:23,1373) (sd-pam) (root,24216,5260,00:00:20/56-13:51:21,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/56-13:51:21,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:07/56-13:51:21,1485) /usr/sbin/cron -n (root,698412,77180,01:18:15/56-13:51:15,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,233920,79172,00:29:30/56-13:51:03,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/50-19:26:38,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/30:15,3798) [kworker/0:0-events] (root,0,0,00:00:00/00:31,4585) [kworker/1:1-events] (root,6656,3484,00:00:00/00:00,4945) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,5006) /bin/bash /usr/bin/check_mk_agent (root,6656,1820,00:00:00/00:00,5045) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,5046) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,5047) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,6656,2012,00:00:00/00:00,5048) /bin/bash /usr/bin/check_mk_agent (root,4480,1168,00:00:00/00:00,5049) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,860,00:00:00/00:00,5050) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,736,00:00:00/00:00,5051) cat /proc/net/tcp /proc/net/tcp6 (root,0,0,00:00:00/39:45,6586) [kworker/1:2-events] (root,0,0,00:00:00/15:20,9914) [kworker/2:0-events] (root,0,0,00:00:00/08:46,10401) [kworker/3:1-ata_sff] (root,35304,10040,00:00:00/18-14:19:33,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:09/18-14:19:32,10514) sshd: syslogtunnel (root,0,0,00:00:00/21:45,11111) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/37:33,11848) [kworker/0:2-events] (postfix,24244,8236,00:00:00/26:44,15810) pickup -l -t fifo -u (root,0,0,00:00:00/25:47,20853) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/25:46,21031) [kworker/2:1-events] (root,0,0,00:00:00/06:12,21048) [kworker/u8:1-writeback] (root,0,0,00:00:00/03:35,28016) [kworker/3:2-ata_sff] (root,0,0,00:00:00/02:35,29432) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/24:19,29448) [kworker/3:0-events] (root,35308,10028,00:00:00/18-15:05:46,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:03/18-15:05:45,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-06 00:41 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836351d13275Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:34/54-11:22:33,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/54-11:22:33,2) [kthreadd] (root,0,0,00:00:00/54-11:22:33,3) [rcu_gp] (root,0,0,00:00:00/54-11:22:33,4) [rcu_par_gp] (root,0,0,00:00:00/54-11:22:33,5) [slub_flushwq] (root,0,0,00:00:00/54-11:22:33,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/54-11:22:33,9) [mm_percpu_wq] (root,0,0,00:00:00/54-11:22:33,10) [rcu_tasks_kthre] (root,0,0,00:00:00/54-11:22:33,11) [rcu_tasks_rude_] (root,0,0,00:00:00/54-11:22:33,12) [rcu_tasks_trace] (root,0,0,00:01:37/54-11:22:33,13) [ksoftirqd/0] (root,0,0,02:33:05/54-11:22:33,14) [rcu_preempt] (root,0,0,00:00:20/54-11:22:33,15) [migration/0] (root,0,0,00:00:00/54-11:22:33,16) [idle_inject/0] (root,0,0,00:00:00/54-11:22:33,18) [cpuhp/0] (root,0,0,00:00:00/54-11:22:33,19) [cpuhp/1] (root,0,0,00:00:00/54-11:22:33,20) [idle_inject/1] (root,0,0,00:00:20/54-11:22:33,21) [migration/1] (root,0,0,00:01:20/54-11:22:33,22) [ksoftirqd/1] (root,0,0,00:00:00/54-11:22:33,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/54-11:22:33,25) [cpuhp/2] (root,0,0,00:00:00/54-11:22:33,26) [idle_inject/2] (root,0,0,00:00:15/54-11:22:33,27) [migration/2] (root,0,0,01:36:26/54-11:22:33,28) [ksoftirqd/2] (root,0,0,00:00:00/54-11:22:33,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/54-11:22:33,31) [cpuhp/3] (root,0,0,00:00:00/54-11:22:33,32) [idle_inject/3] (root,0,0,00:00:19/54-11:22:33,33) [migration/3] (root,0,0,00:04:59/54-11:22:33,34) [ksoftirqd/3] (root,0,0,00:00:00/54-11:22:33,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/54-11:22:33,40) [kdevtmpfs] (root,0,0,00:00:00/54-11:22:33,41) [netns] (root,0,0,00:00:00/54-11:22:33,42) [inet_frag_wq] (root,0,0,00:00:18/54-11:22:33,43) [kauditd] (root,0,0,00:00:00/54-11:22:33,44) [khungtaskd] (root,0,0,00:00:00/54-11:22:33,45) [oom_reaper] (root,0,0,00:00:00/54-11:22:33,46) [writeback] (root,0,0,00:02:47/54-11:22:33,47) [kcompactd0] (root,0,0,00:00:00/54-11:22:33,48) [ksmd] (root,0,0,00:03:01/54-11:22:33,49) [khugepaged] (root,0,0,00:00:00/54-11:22:33,75) [kintegrityd] (root,0,0,00:00:00/54-11:22:33,76) [kblockd] (root,0,0,00:00:00/54-11:22:33,77) [blkcg_punt_bio] (root,0,0,00:00:00/54-11:22:33,79) [tpm_dev_wq] (root,0,0,00:00:00/54-11:22:33,80) [edac-poller] (root,0,0,00:00:00/54-11:22:33,81) [devfreq_wq] (root,0,0,00:00:00/54-11:22:33,110) [watchdogd] (root,0,0,00:00:04/54-11:22:33,111) [kswapd0] (root,0,0,00:00:14/54-11:22:33,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/54-11:22:31,115) [kthrotld] (root,0,0,00:00:00/54-11:22:31,116) [mld] (root,0,0,00:00:00/54-11:22:31,117) [ipv6_addrconf] (root,0,0,00:00:15/54-11:22:31,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/54-11:22:31,123) [kstrp] (root,0,0,00:00:00/54-11:22:31,124) [zswap-shrink] (root,0,0,00:00:00/54-11:22:31,125) [kworker/u9:0] (root,0,0,00:00:00/54-11:22:31,130) [charger_manager] (root,0,0,00:00:16/54-11:22:31,172) [kworker/1:1H-kblockd] (root,0,0,00:00:24/54-11:22:31,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/54-11:22:30,239) [kaluad] (root,0,0,00:00:00/54-11:22:30,258) [kmpath_rdacd] (root,0,0,00:00:00/54-11:22:30,304) [kmpathd] (root,0,0,00:00:00/54-11:22:30,305) [kmpath_handlerd] (root,0,0,00:00:00/54-11:22:29,342) [ata_sff] (root,0,0,00:00:00/54-11:22:29,343) [scsi_eh_0] (root,0,0,00:00:00/54-11:22:29,344) [scsi_tmf_0] (root,0,0,00:00:00/54-11:22:29,345) [scsi_eh_1] (root,0,0,00:00:00/54-11:22:29,346) [scsi_tmf_1] (root,0,0,00:01:46/54-11:22:26,366) [jbd2/vda1-8] (root,0,0,00:00:00/54-11:22:26,367) [ext4-rsv-conver] (root,38604,7852,00:01:30/54-11:22:14,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/54-11:22:13,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:24/54-11:22:11,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:31/54-11:21:40,511) /sbin/auditd (root,0,0,00:00:00/10:44,516) [kworker/u8:0-ext4-rsv-conversion] (messagebus,22932,5400,00:02:53/54-11:21:39,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:38/54-11:21:39,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/54-11:21:39,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/54-11:21:37,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/54-11:21:37,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/10:04,1237) [kworker/3:1-ata_sff] (root,549128,31272,00:01:04/54-11:21:23,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/54-11:21:23,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:22/54-11:21:23,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/54-11:21:23,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/54-11:21:23,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/54-11:21:23,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/54-11:21:23,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:39/54-11:21:23,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:07:47/54-11:21:23,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/54-11:21:23,1352) bpfilter_umh (root,26204,8096,00:00:27/54-11:21:23,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/54-11:21:23,1359) ntpd: asynchronous dns resolver (spot,365088,215768,2-23:29:43/54-11:21:22,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/54-11:21:22,1371) (sd-pam) (checkmk,48528,3180,00:00:00/54-11:21:22,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/54-11:21:22,1373) (sd-pam) (root,24216,5260,00:00:19/54-11:21:20,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/54-11:21:20,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:07/54-11:21:20,1485) /usr/sbin/cron -n (root,698412,77068,01:15:23/54-11:21:14,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,232896,77748,00:28:42/54-11:21:02,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9160,00:00:02/48-16:56:37,2557) tlsmgr -l -t unix -u (root,35304,10040,00:00:00/16-11:49:32,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:01/16-11:49:31,10514) sshd: syslogtunnel (postfix,24244,8200,00:00:00/01:37:50,12214) pickup -l -t fifo -u (root,0,0,00:00:00/01:26:15,13020) [kworker/0:1-events] (root,0,0,00:00:00/04:52,14504) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:12:20,15796) [kworker/3:2-events] (root,0,0,00:00:00/18:13,17737) [kworker/0:2-events] (root,0,0,00:00:00/02:31,22800) [kworker/0:0] (root,0,0,00:00:00/06:31:11,24743) [kworker/u8:1-writeback] (root,0,0,00:00:00/39:01,25166) [kworker/2:1-events] (root,6656,3400,00:00:00/00:00,26449) /bin/bash /usr/bin/check_mk_agent (root,13744,3524,00:00:00/00:00,26467) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,26468) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/23:29,29849) [kworker/1:2-events] (root,35308,10028,00:00:00/16-12:35:45,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:56/16-12:35:44,30947) sshd: cm-ssh (root,0,0,00:00:00/28:42,31272) [kworker/2:0] (root,0,0,00:00:00/59:57,32060) [kworker/1:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-03 22:11 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ef3976afFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12388,00:02:23/49-13:52:34,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/49-13:52:34,2) [kthreadd] (root,0,0,00:00:00/49-13:52:34,3) [rcu_gp] (root,0,0,00:00:00/49-13:52:34,4) [rcu_par_gp] (root,0,0,00:00:00/49-13:52:34,5) [slub_flushwq] (root,0,0,00:00:00/49-13:52:34,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/49-13:52:34,9) [mm_percpu_wq] (root,0,0,00:00:00/49-13:52:34,10) [rcu_tasks_kthre] (root,0,0,00:00:00/49-13:52:34,11) [rcu_tasks_rude_] (root,0,0,00:00:00/49-13:52:34,12) [rcu_tasks_trace] (root,0,0,00:01:29/49-13:52:34,13) [ksoftirqd/0] (root,0,0,02:21:04/49-13:52:34,14) [rcu_preempt] (root,0,0,00:00:19/49-13:52:34,15) [migration/0] (root,0,0,00:00:00/49-13:52:34,16) [idle_inject/0] (root,0,0,00:00:00/49-13:52:34,18) [cpuhp/0] (root,0,0,00:00:00/49-13:52:34,19) [cpuhp/1] (root,0,0,00:00:00/49-13:52:34,20) [idle_inject/1] (root,0,0,00:00:19/49-13:52:34,21) [migration/1] (root,0,0,00:01:13/49-13:52:34,22) [ksoftirqd/1] (root,0,0,00:00:00/49-13:52:34,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/49-13:52:34,25) [cpuhp/2] (root,0,0,00:00:00/49-13:52:34,26) [idle_inject/2] (root,0,0,00:00:14/49-13:52:34,27) [migration/2] (root,0,0,01:30:10/49-13:52:34,28) [ksoftirqd/2] (root,0,0,00:00:00/49-13:52:34,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/49-13:52:34,31) [cpuhp/3] (root,0,0,00:00:00/49-13:52:34,32) [idle_inject/3] (root,0,0,00:00:17/49-13:52:34,33) [migration/3] (root,0,0,00:04:39/49-13:52:34,34) [ksoftirqd/3] (root,0,0,00:00:00/49-13:52:34,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/49-13:52:34,40) [kdevtmpfs] (root,0,0,00:00:00/49-13:52:34,41) [netns] (root,0,0,00:00:00/49-13:52:34,42) [inet_frag_wq] (root,0,0,00:00:17/49-13:52:34,43) [kauditd] (root,0,0,00:00:00/49-13:52:34,44) [khungtaskd] (root,0,0,00:00:00/49-13:52:34,45) [oom_reaper] (root,0,0,00:00:00/49-13:52:34,46) [writeback] (root,0,0,00:02:34/49-13:52:34,47) [kcompactd0] (root,0,0,00:00:00/49-13:52:34,48) [ksmd] (root,0,0,00:02:44/49-13:52:34,49) [khugepaged] (root,0,0,00:00:00/49-13:52:34,75) [kintegrityd] (root,0,0,00:00:00/49-13:52:34,76) [kblockd] (root,0,0,00:00:00/49-13:52:34,77) [blkcg_punt_bio] (root,0,0,00:00:00/49-13:52:34,79) [tpm_dev_wq] (root,0,0,00:00:00/49-13:52:34,80) [edac-poller] (root,0,0,00:00:00/49-13:52:34,81) [devfreq_wq] (root,0,0,00:00:00/49-13:52:34,110) [watchdogd] (root,0,0,00:00:04/49-13:52:34,111) [kswapd0] (root,0,0,00:00:13/49-13:52:34,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/49-13:52:32,115) [kthrotld] (root,0,0,00:00:00/49-13:52:32,116) [mld] (root,0,0,00:00:00/49-13:52:32,117) [ipv6_addrconf] (root,0,0,00:00:13/49-13:52:32,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/49-13:52:32,123) [kstrp] (root,0,0,00:00:00/49-13:52:32,124) [zswap-shrink] (root,0,0,00:00:00/49-13:52:32,125) [kworker/u9:0] (root,0,0,00:00:00/49-13:52:32,130) [charger_manager] (root,0,0,00:00:15/49-13:52:32,172) [kworker/1:1H-kblockd] (root,0,0,00:00:22/49-13:52:32,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/49-13:52:31,239) [kaluad] (root,0,0,00:00:00/49-13:52:31,258) [kmpath_rdacd] (root,0,0,00:00:00/49-13:52:31,304) [kmpathd] (root,0,0,00:00:00/49-13:52:31,305) [kmpath_handlerd] (root,0,0,00:00:00/49-13:52:30,342) [ata_sff] (root,0,0,00:00:00/49-13:52:30,343) [scsi_eh_0] (root,0,0,00:00:00/49-13:52:30,344) [scsi_tmf_0] (root,0,0,00:00:00/49-13:52:30,345) [scsi_eh_1] (root,0,0,00:00:00/49-13:52:30,346) [scsi_tmf_1] (root,0,0,00:01:38/49-13:52:27,366) [jbd2/vda1-8] (root,0,0,00:00:00/49-13:52:27,367) [ext4-rsv-conver] (root,38604,7852,00:01:23/49-13:52:15,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:05/49-13:52:14,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:17/49-13:52:12,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:29/49-13:51:41,511) /sbin/auditd (messagebus,22932,5400,00:02:41/49-13:51:40,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:31/49-13:51:40,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/49-13:51:40,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/49-13:51:38,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/49-13:51:38,616) /usr/sbin/wickedd-nanny --systemd --foreground (postfix,24244,8256,00:00:00/52:28,680) pickup -l -t fifo -u (root,548872,30612,00:00:59/49-13:51:24,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/49-13:51:24,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:57/49-13:51:24,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/49-13:51:24,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/49-13:51:24,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/49-13:51:24,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/49-13:51:24,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:33/49-13:51:24,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:07:09/49-13:51:24,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/49-13:51:24,1352) bpfilter_umh (root,26204,8096,00:00:25/49-13:51:24,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/49-13:51:24,1359) ntpd: asynchronous dns resolver (spot,360896,211916,2-18:40:55/49-13:51:23,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/49-13:51:23,1371) (sd-pam) (checkmk,48528,3180,00:00:00/49-13:51:23,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/49-13:51:23,1373) (sd-pam) (root,24216,5260,00:00:17/49-13:51:21,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/49-13:51:21,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/49-13:51:21,1485) /usr/sbin/cron -n (root,697764,76136,01:08:55/49-13:51:15,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,230848,74272,00:26:43/49-13:51:03,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9160,00:00:01/43-19:26:38,2557) tlsmgr -l -t unix -u (root,6656,3488,00:00:00/00:00,6508) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,6526) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,6527) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/09:26,7744) [kworker/2:1] (root,0,0,00:00:00/01:05:32,8678) [kworker/0:2-events] (root,0,0,00:00:00/29:30,10330) [kworker/u8:0-ext4-rsv-conversion] (root,35304,10040,00:00:00/11-14:19:33,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:45/11-14:19:32,10514) sshd: syslogtunnel (root,0,0,00:00:00/08:13,11443) [kworker/3:0-ata_sff] (root,0,0,00:00:00/55:30,19062) [kworker/0:0] (root,0,0,00:00:01/06:40:36,21090) [kworker/1:0-events] (root,0,0,00:00:00/04:28,25756) [kworker/1:2] (root,0,0,00:00:00/45:04,26139) [kworker/2:0-events] (root,0,0,00:00:00/01:10:39,26697) [kworker/1:1-cgroup_destroy] (root,0,0,00:00:00/01:10:17,26705) [kworker/u8:2-writeback] (root,0,0,00:00:00/03:00,30571) [kworker/3:1-ata_sff] (root,0,0,00:00:01/02:49:02,30917) [kworker/3:2-events] (root,35308,10028,00:00:00/11-15:05:46,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:41/11-15:05:45,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-30 00:41 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836353d483a4Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12464,00:02:18/47-11:13:36,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/47-11:13:36,2) [kthreadd] (root,0,0,00:00:00/47-11:13:36,3) [rcu_gp] (root,0,0,00:00:00/47-11:13:36,4) [rcu_par_gp] (root,0,0,00:00:00/47-11:13:36,5) [slub_flushwq] (root,0,0,00:00:00/47-11:13:36,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/47-11:13:36,9) [mm_percpu_wq] (root,0,0,00:00:00/47-11:13:36,10) [rcu_tasks_kthre] (root,0,0,00:00:00/47-11:13:36,11) [rcu_tasks_rude_] (root,0,0,00:00:00/47-11:13:36,12) [rcu_tasks_trace] (root,0,0,00:01:26/47-11:13:36,13) [ksoftirqd/0] (root,0,0,02:15:35/47-11:13:36,14) [rcu_preempt] (root,0,0,00:00:18/47-11:13:36,15) [migration/0] (root,0,0,00:00:00/47-11:13:36,16) [idle_inject/0] (root,0,0,00:00:00/47-11:13:36,18) [cpuhp/0] (root,0,0,00:00:00/47-11:13:36,19) [cpuhp/1] (root,0,0,00:00:00/47-11:13:36,20) [idle_inject/1] (root,0,0,00:00:18/47-11:13:36,21) [migration/1] (root,0,0,00:01:10/47-11:13:36,22) [ksoftirqd/1] (root,0,0,00:00:00/47-11:13:36,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/47-11:13:36,25) [cpuhp/2] (root,0,0,00:00:00/47-11:13:36,26) [idle_inject/2] (root,0,0,00:00:13/47-11:13:36,27) [migration/2] (root,0,0,01:27:30/47-11:13:36,28) [ksoftirqd/2] (root,0,0,00:00:00/47-11:13:36,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/47-11:13:36,31) [cpuhp/3] (root,0,0,00:00:00/47-11:13:36,32) [idle_inject/3] (root,0,0,00:00:17/47-11:13:36,33) [migration/3] (root,0,0,00:04:29/47-11:13:36,34) [ksoftirqd/3] (root,0,0,00:00:00/47-11:13:36,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/47-11:13:36,40) [kdevtmpfs] (root,0,0,00:00:00/47-11:13:36,41) [netns] (root,0,0,00:00:00/47-11:13:36,42) [inet_frag_wq] (root,0,0,00:00:16/47-11:13:36,43) [kauditd] (root,0,0,00:00:00/47-11:13:36,44) [khungtaskd] (root,0,0,00:00:00/47-11:13:36,45) [oom_reaper] (root,0,0,00:00:00/47-11:13:36,46) [writeback] (root,0,0,00:02:28/47-11:13:36,47) [kcompactd0] (root,0,0,00:00:00/47-11:13:36,48) [ksmd] (root,0,0,00:02:37/47-11:13:36,49) [khugepaged] (root,0,0,00:00:00/47-11:13:36,75) [kintegrityd] (root,0,0,00:00:00/47-11:13:36,76) [kblockd] (root,0,0,00:00:00/47-11:13:36,77) [blkcg_punt_bio] (root,0,0,00:00:00/47-11:13:36,79) [tpm_dev_wq] (root,0,0,00:00:00/47-11:13:36,80) [edac-poller] (root,0,0,00:00:00/47-11:13:36,81) [devfreq_wq] (root,0,0,00:00:00/47-11:13:36,110) [watchdogd] (root,0,0,00:00:03/47-11:13:36,111) [kswapd0] (root,0,0,00:00:12/47-11:13:36,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/47-11:13:34,115) [kthrotld] (root,0,0,00:00:00/47-11:13:34,116) [mld] (root,0,0,00:00:00/47-11:13:34,117) [ipv6_addrconf] (root,0,0,00:00:13/47-11:13:34,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/47-11:13:34,123) [kstrp] (root,0,0,00:00:00/47-11:13:34,124) [zswap-shrink] (root,0,0,00:00:00/47-11:13:34,125) [kworker/u9:0] (root,0,0,00:00:00/47-11:13:34,130) [charger_manager] (root,0,0,00:00:14/47-11:13:34,172) [kworker/1:1H-kblockd] (root,0,0,00:00:21/47-11:13:34,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/47-11:13:33,239) [kaluad] (root,0,0,00:00:00/47-11:13:33,258) [kmpath_rdacd] (root,0,0,00:00:00/47-11:13:33,304) [kmpathd] (root,0,0,00:00:00/47-11:13:33,305) [kmpath_handlerd] (root,0,0,00:00:00/47-11:13:32,342) [ata_sff] (root,0,0,00:00:00/47-11:13:32,343) [scsi_eh_0] (root,0,0,00:00:00/47-11:13:32,344) [scsi_tmf_0] (root,0,0,00:00:00/47-11:13:32,345) [scsi_eh_1] (root,0,0,00:00:00/47-11:13:32,346) [scsi_tmf_1] (root,0,0,00:01:34/47-11:13:29,366) [jbd2/vda1-8] (root,0,0,00:00:00/47-11:13:29,367) [ext4-rsv-conver] (root,38604,7856,00:01:20/47-11:13:17,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/47-11:13:16,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:14/47-11:13:14,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:28/47-11:12:43,511) /sbin/auditd (messagebus,22932,5408,00:02:35/47-11:12:42,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:28/47-11:12:42,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/47-11:12:42,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/47-11:12:40,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/47-11:12:40,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:56/47-11:12:26,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/47-11:12:26,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:42/47-11:12:26,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/47-11:12:26,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/47-11:12:26,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/47-11:12:26,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/47-11:12:26,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:30/47-11:12:26,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:51/47-11:12:26,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/47-11:12:26,1352) bpfilter_umh (root,26204,8096,00:00:24/47-11:12:26,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/47-11:12:26,1359) ntpd: asynchronous dns resolver (spot,361664,212128,2-16:35:34/47-11:12:25,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/47-11:12:25,1371) (sd-pam) (checkmk,48528,3180,00:00:00/47-11:12:25,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/47-11:12:25,1373) (sd-pam) (root,24216,5260,00:00:16/47-11:12:23,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/47-11:12:23,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/47-11:12:23,1485) /usr/sbin/cron -n (root,697508,77208,01:06:00/47-11:12:17,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,229824,73024,00:25:43/47-11:12:05,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/41-16:47:40,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/09:34,9903) [kworker/3:2-ata_sff] (root,35304,10040,00:00:00/9-11:40:35,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:37/9-11:40:34,10514) sshd: syslogtunnel (root,0,0,00:00:00/07:57:55,11605) [kworker/2:2-events] (root,0,0,00:00:00/30:18,11812) [kworker/3:0-events] (root,0,0,00:00:00/02:06:05,13061) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/01:51:11,14515) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:41:27,15451) [kworker/1:1-events] (root,0,0,00:00:00/01:31:36,15985) [kworker/2:1-events] (root,0,0,00:00:00/01:26:33,16475) [kworker/u8:1-writeback] (root,0,0,00:00:00/01:06:53,18521) [kworker/1:0] (root,0,0,00:00:00/04:22,22821) [kworker/3:1-ata_sff] (root,0,0,00:00:00/05:23:55,29068) [kworker/0:0-events] (root,35308,10028,00:00:00/9-12:26:48,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:34/9-12:26:47,30947) sshd: cm-ssh (root,6656,3488,00:00:00/00:00,31412) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,31453) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,31454) /bin/bash /usr/bin/check_mk_agent (root,4480,1032,00:00:00/00:00,31455) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,848,00:00:00/00:00,31456) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,704,00:00:00/00:00,31457) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3464,00:00:00/00:00,31458) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,31476) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,31477) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8200,00:00:00/14:33,32130) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-27 22:02 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836370999bf2Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12460,00:02:13/45-12:56:47,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/45-12:56:47,2) [kthreadd] (root,0,0,00:00:00/45-12:56:47,3) [rcu_gp] (root,0,0,00:00:00/45-12:56:47,4) [rcu_par_gp] (root,0,0,00:00:00/45-12:56:47,5) [slub_flushwq] (root,0,0,00:00:00/45-12:56:47,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/45-12:56:47,9) [mm_percpu_wq] (root,0,0,00:00:00/45-12:56:47,10) [rcu_tasks_kthre] (root,0,0,00:00:00/45-12:56:47,11) [rcu_tasks_rude_] (root,0,0,00:00:00/45-12:56:47,12) [rcu_tasks_trace] (root,0,0,00:01:23/45-12:56:47,13) [ksoftirqd/0] (root,0,0,02:10:36/45-12:56:47,14) [rcu_preempt] (root,0,0,00:00:17/45-12:56:47,15) [migration/0] (root,0,0,00:00:00/45-12:56:47,16) [idle_inject/0] (root,0,0,00:00:00/45-12:56:47,18) [cpuhp/0] (root,0,0,00:00:00/45-12:56:47,19) [cpuhp/1] (root,0,0,00:00:00/45-12:56:47,20) [idle_inject/1] (root,0,0,00:00:17/45-12:56:47,21) [migration/1] (root,0,0,00:01:08/45-12:56:47,22) [ksoftirqd/1] (root,0,0,00:00:00/45-12:56:47,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/45-12:56:47,25) [cpuhp/2] (root,0,0,00:00:00/45-12:56:47,26) [idle_inject/2] (root,0,0,00:00:13/45-12:56:47,27) [migration/2] (root,0,0,01:25:14/45-12:56:47,28) [ksoftirqd/2] (root,0,0,00:00:00/45-12:56:47,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/45-12:56:47,31) [cpuhp/3] (root,0,0,00:00:00/45-12:56:47,32) [idle_inject/3] (root,0,0,00:00:16/45-12:56:47,33) [migration/3] (root,0,0,00:04:22/45-12:56:47,34) [ksoftirqd/3] (root,0,0,00:00:00/45-12:56:47,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/45-12:56:47,40) [kdevtmpfs] (root,0,0,00:00:00/45-12:56:47,41) [netns] (root,0,0,00:00:00/45-12:56:47,42) [inet_frag_wq] (root,0,0,00:00:16/45-12:56:47,43) [kauditd] (root,0,0,00:00:00/45-12:56:47,44) [khungtaskd] (root,0,0,00:00:00/45-12:56:47,45) [oom_reaper] (root,0,0,00:00:00/45-12:56:47,46) [writeback] (root,0,0,00:02:23/45-12:56:47,47) [kcompactd0] (root,0,0,00:00:00/45-12:56:47,48) [ksmd] (root,0,0,00:02:30/45-12:56:47,49) [khugepaged] (root,0,0,00:00:00/45-12:56:47,75) [kintegrityd] (root,0,0,00:00:00/45-12:56:47,76) [kblockd] (root,0,0,00:00:00/45-12:56:47,77) [blkcg_punt_bio] (root,0,0,00:00:00/45-12:56:47,79) [tpm_dev_wq] (root,0,0,00:00:00/45-12:56:47,80) [edac-poller] (root,0,0,00:00:00/45-12:56:47,81) [devfreq_wq] (root,0,0,00:00:00/45-12:56:47,110) [watchdogd] (root,0,0,00:00:03/45-12:56:47,111) [kswapd0] (root,0,0,00:00:12/45-12:56:47,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/45-12:56:45,115) [kthrotld] (root,0,0,00:00:00/45-12:56:45,116) [mld] (root,0,0,00:00:00/45-12:56:45,117) [ipv6_addrconf] (root,0,0,00:00:12/45-12:56:45,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/45-12:56:45,123) [kstrp] (root,0,0,00:00:00/45-12:56:45,124) [zswap-shrink] (root,0,0,00:00:00/45-12:56:45,125) [kworker/u9:0] (root,0,0,00:00:00/45-12:56:45,130) [charger_manager] (root,0,0,00:00:14/45-12:56:45,172) [kworker/1:1H-kblockd] (root,0,0,00:00:20/45-12:56:45,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/45-12:56:44,239) [kaluad] (root,0,0,00:00:00/45-12:56:44,258) [kmpath_rdacd] (root,0,0,00:00:00/45-12:56:44,304) [kmpathd] (root,0,0,00:00:00/45-12:56:44,305) [kmpath_handlerd] (root,0,0,00:00:00/45-12:56:43,342) [ata_sff] (root,0,0,00:00:00/45-12:56:43,343) [scsi_eh_0] (root,0,0,00:00:00/45-12:56:43,344) [scsi_tmf_0] (root,0,0,00:00:00/45-12:56:43,345) [scsi_eh_1] (root,0,0,00:00:00/45-12:56:43,346) [scsi_tmf_1] (root,0,0,00:01:31/45-12:56:40,366) [jbd2/vda1-8] (root,0,0,00:00:00/45-12:56:40,367) [ext4-rsv-conver] (root,38604,7856,00:01:17/45-12:56:28,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/45-12:56:27,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:11/45-12:56:25,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:27/45-12:55:54,511) /sbin/auditd (messagebus,22932,5408,00:02:30/45-12:55:53,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:25/45-12:55:53,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/45-12:55:53,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/45-12:55:51,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/45-12:55:51,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:54/45-12:55:37,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/45-12:55:37,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:34/45-12:55:37,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/45-12:55:37,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/45-12:55:37,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/45-12:55:37,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/45-12:55:37,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:28/45-12:55:37,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:36/45-12:55:37,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/45-12:55:37,1352) bpfilter_umh (root,26204,8096,00:00:23/45-12:55:37,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/45-12:55:37,1359) ntpd: asynchronous dns resolver (spot,361760,206120,2-14:32:55/45-12:55:36,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/45-12:55:36,1371) (sd-pam) (checkmk,48528,3180,00:00:00/45-12:55:36,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/45-12:55:36,1373) (sd-pam) (root,24216,5260,00:00:16/45-12:55:34,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/45-12:55:34,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/45-12:55:34,1485) /usr/sbin/cron -n (root,697508,78836,01:03:22/45-12:55:28,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,228800,71512,00:24:48/45-12:55:16,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/54:58,2530) [kworker/u8:2-ext4-rsv-conversion] (postfix,44628,9184,00:00:01/39-18:30:51,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/24:42,2565) [kworker/0:0] (root,6656,3492,00:00:00/00:00,6957) /bin/bash /usr/bin/check_mk_agent (root,13744,3372,00:00:00/00:00,6975) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,6976) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:10:23,7467) [kworker/1:1-events] (root,0,0,00:00:00/14:45,8464) [kworker/3:1-events] (postfix,24244,8216,00:00:00/39:36,9742) pickup -l -t fifo -u (root,0,0,00:00:00/01:09:55,9975) [kworker/2:2-events] (root,35304,10040,00:00:00/7-13:23:46,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:30/7-13:23:45,10514) sshd: syslogtunnel (root,0,0,00:00:00/01:24:58,13466) [kworker/1:2] (root,0,0,00:00:01/03:46:03,23049) [kworker/0:2-events] (root,0,0,00:00:00/04:22,23330) [kworker/3:0-ata_sff] (root,0,0,00:00:00/34:36,30660) [kworker/2:1-events] (root,35308,10028,00:00:00/7-14:09:59,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:27/7-14:09:58,30947) sshd: cm-ssh (root,0,0,00:00:00/09:33,31385) [kworker/3:2-ata_sff] (root,0,0,00:00:00/02:55:33,32405) [kworker/u8:1-flush-253:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-25 23:45 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683636d19d97aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:08/43-12:39:12,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/43-12:39:12,2) [kthreadd] (root,0,0,00:00:00/43-12:39:12,3) [rcu_gp] (root,0,0,00:00:00/43-12:39:12,4) [rcu_par_gp] (root,0,0,00:00:00/43-12:39:12,5) [slub_flushwq] (root,0,0,00:00:00/43-12:39:12,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/43-12:39:12,9) [mm_percpu_wq] (root,0,0,00:00:00/43-12:39:12,10) [rcu_tasks_kthre] (root,0,0,00:00:00/43-12:39:12,11) [rcu_tasks_rude_] (root,0,0,00:00:00/43-12:39:12,12) [rcu_tasks_trace] (root,0,0,00:01:19/43-12:39:12,13) [ksoftirqd/0] (root,0,0,02:05:05/43-12:39:12,14) [rcu_preempt] (root,0,0,00:00:16/43-12:39:12,15) [migration/0] (root,0,0,00:00:00/43-12:39:12,16) [idle_inject/0] (root,0,0,00:00:00/43-12:39:12,18) [cpuhp/0] (root,0,0,00:00:00/43-12:39:12,19) [cpuhp/1] (root,0,0,00:00:00/43-12:39:12,20) [idle_inject/1] (root,0,0,00:00:16/43-12:39:12,21) [migration/1] (root,0,0,00:01:05/43-12:39:12,22) [ksoftirqd/1] (root,0,0,00:00:00/43-12:39:12,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/43-12:39:12,25) [cpuhp/2] (root,0,0,00:00:00/43-12:39:12,26) [idle_inject/2] (root,0,0,00:00:12/43-12:39:12,27) [migration/2] (root,0,0,01:22:25/43-12:39:12,28) [ksoftirqd/2] (root,0,0,00:00:00/43-12:39:12,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/43-12:39:12,31) [cpuhp/3] (root,0,0,00:00:00/43-12:39:12,32) [idle_inject/3] (root,0,0,00:00:15/43-12:39:12,33) [migration/3] (root,0,0,00:04:12/43-12:39:12,34) [ksoftirqd/3] (root,0,0,00:00:00/43-12:39:12,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/43-12:39:12,40) [kdevtmpfs] (root,0,0,00:00:00/43-12:39:12,41) [netns] (root,0,0,00:00:00/43-12:39:12,42) [inet_frag_wq] (root,0,0,00:00:15/43-12:39:12,43) [kauditd] (root,0,0,00:00:00/43-12:39:12,44) [khungtaskd] (root,0,0,00:00:00/43-12:39:12,45) [oom_reaper] (root,0,0,00:00:00/43-12:39:12,46) [writeback] (root,0,0,00:02:17/43-12:39:12,47) [kcompactd0] (root,0,0,00:00:00/43-12:39:12,48) [ksmd] (root,0,0,00:02:24/43-12:39:12,49) [khugepaged] (root,0,0,00:00:00/43-12:39:12,75) [kintegrityd] (root,0,0,00:00:00/43-12:39:12,76) [kblockd] (root,0,0,00:00:00/43-12:39:12,77) [blkcg_punt_bio] (root,0,0,00:00:00/43-12:39:12,79) [tpm_dev_wq] (root,0,0,00:00:00/43-12:39:12,80) [edac-poller] (root,0,0,00:00:00/43-12:39:12,81) [devfreq_wq] (root,0,0,00:00:00/43-12:39:12,110) [watchdogd] (root,0,0,00:00:03/43-12:39:12,111) [kswapd0] (root,0,0,00:00:11/43-12:39:12,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/43-12:39:10,115) [kthrotld] (root,0,0,00:00:00/43-12:39:10,116) [mld] (root,0,0,00:00:00/43-12:39:10,117) [ipv6_addrconf] (root,0,0,00:00:12/43-12:39:10,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/43-12:39:10,123) [kstrp] (root,0,0,00:00:00/43-12:39:10,124) [zswap-shrink] (root,0,0,00:00:00/43-12:39:10,125) [kworker/u9:0] (root,0,0,00:00:00/43-12:39:10,130) [charger_manager] (root,0,0,00:00:13/43-12:39:10,172) [kworker/1:1H-kblockd] (root,0,0,00:00:19/43-12:39:10,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/43-12:39:09,239) [kaluad] (root,0,0,00:00:00/43-12:39:09,258) [kmpath_rdacd] (root,0,0,00:00:00/43-12:39:09,304) [kmpathd] (root,0,0,00:00:00/43-12:39:09,305) [kmpath_handlerd] (root,0,0,00:00:00/43-12:39:08,342) [ata_sff] (root,0,0,00:00:00/43-12:39:08,343) [scsi_eh_0] (root,0,0,00:00:00/43-12:39:08,344) [scsi_tmf_0] (root,0,0,00:00:00/43-12:39:08,345) [scsi_eh_1] (root,0,0,00:00:00/43-12:39:08,346) [scsi_tmf_1] (root,0,0,00:01:27/43-12:39:05,366) [jbd2/vda1-8] (root,0,0,00:00:00/43-12:39:05,367) [ext4-rsv-conver] (root,38604,7856,00:01:15/43-12:38:53,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/43-12:38:52,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:08/43-12:38:50,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:26/43-12:38:19,511) /sbin/auditd (messagebus,22932,5408,00:02:24/43-12:38:18,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:22/43-12:38:18,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/43-12:38:18,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/43-12:38:16,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/43-12:38:16,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/11:38,883) [kworker/2:0-events] (root,548872,30852,00:00:51/43-12:38:02,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/43-12:38:02,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:21/43-12:38:02,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/43-12:38:02,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/43-12:38:02,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/43-12:38:02,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/43-12:38:02,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:25/43-12:38:02,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:19/43-12:38:02,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/43-12:38:02,1352) bpfilter_umh (root,26204,8096,00:00:22/43-12:38:02,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/43-12:38:02,1359) ntpd: asynchronous dns resolver (spot,361888,206152,2-12:16:50/43-12:38:01,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/43-12:38:01,1371) (sd-pam) (checkmk,48528,3180,00:00:00/43-12:38:01,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/43-12:38:01,1373) (sd-pam) (root,24216,5260,00:00:15/43-12:37:59,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/43-12:37:59,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/43-12:37:59,1485) /usr/sbin/cron -n (root,697508,78760,01:00:33/43-12:37:53,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,227776,70172,00:23:49/43-12:37:41,1995) /usr/bin/python3.11 /usr/bin/spot (root,6656,3484,00:00:00/00:00,2189) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,2207) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,2208) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,44628,9184,00:00:01/37-18:13:16,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:10:30,8260) [kworker/0:1] (root,0,0,00:00:00/07:01,8317) [kworker/3:2-ata_sff] (root,35304,10040,00:00:00/5-13:06:11,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:22/5-13:06:10,10514) sshd: syslogtunnel (root,0,0,00:00:00/31:38,11196) [kworker/2:1-events] (root,0,0,00:00:00/02:29:59,12041) [kworker/1:0-events] (root,0,0,00:00:01/03:33:25,13819) [kworker/0:2-events] (root,0,0,00:00:00/27:24,19317) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/02:20:12,21552) [kworker/1:1] (postfix,24244,8252,00:00:00/43:44,22335) pickup -l -t fifo -u (root,0,0,00:00:00/42:51,23914) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/01:50,27607) [kworker/3:1-ata_sff] (root,0,0,00:00:01/01:40:26,30519) [kworker/3:0-events] (root,35308,10028,00:00:00/5-13:52:24,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:20/5-13:52:23,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-23 23:27 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683634b3253c1Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:03/41-12:59:21,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/41-12:59:21,2) [kthreadd] (root,0,0,00:00:00/41-12:59:21,3) [rcu_gp] (root,0,0,00:00:00/41-12:59:21,4) [rcu_par_gp] (root,0,0,00:00:00/41-12:59:21,5) [slub_flushwq] (root,0,0,00:00:00/41-12:59:21,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/41-12:59:21,9) [mm_percpu_wq] (root,0,0,00:00:00/41-12:59:21,10) [rcu_tasks_kthre] (root,0,0,00:00:00/41-12:59:21,11) [rcu_tasks_rude_] (root,0,0,00:00:00/41-12:59:21,12) [rcu_tasks_trace] (root,0,0,00:01:16/41-12:59:21,13) [ksoftirqd/0] (root,0,0,01:59:14/41-12:59:21,14) [rcu_preempt] (root,0,0,00:00:15/41-12:59:21,15) [migration/0] (root,0,0,00:00:00/41-12:59:21,16) [idle_inject/0] (root,0,0,00:00:00/41-12:59:21,18) [cpuhp/0] (root,0,0,00:00:00/41-12:59:21,19) [cpuhp/1] (root,0,0,00:00:00/41-12:59:21,20) [idle_inject/1] (root,0,0,00:00:16/41-12:59:21,21) [migration/1] (root,0,0,00:01:02/41-12:59:21,22) [ksoftirqd/1] (root,0,0,00:00:00/41-12:59:21,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/41-12:59:21,25) [cpuhp/2] (root,0,0,00:00:00/41-12:59:21,26) [idle_inject/2] (root,0,0,00:00:12/41-12:59:21,27) [migration/2] (root,0,0,01:18:28/41-12:59:21,28) [ksoftirqd/2] (root,0,0,00:00:00/41-12:59:21,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/41-12:59:21,31) [cpuhp/3] (root,0,0,00:00:00/41-12:59:21,32) [idle_inject/3] (root,0,0,00:00:15/41-12:59:21,33) [migration/3] (root,0,0,00:03:59/41-12:59:21,34) [ksoftirqd/3] (root,0,0,00:00:00/41-12:59:21,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/41-12:59:21,40) [kdevtmpfs] (root,0,0,00:00:00/41-12:59:21,41) [netns] (root,0,0,00:00:00/41-12:59:21,42) [inet_frag_wq] (root,0,0,00:00:14/41-12:59:21,43) [kauditd] (root,0,0,00:00:00/41-12:59:21,44) [khungtaskd] (root,0,0,00:00:00/41-12:59:21,45) [oom_reaper] (root,0,0,00:00:00/41-12:59:21,46) [writeback] (root,0,0,00:02:11/41-12:59:21,47) [kcompactd0] (root,0,0,00:00:00/41-12:59:21,48) [ksmd] (root,0,0,00:02:17/41-12:59:21,49) [khugepaged] (root,0,0,00:00:00/41-12:59:21,75) [kintegrityd] (root,0,0,00:00:00/41-12:59:21,76) [kblockd] (root,0,0,00:00:00/41-12:59:21,77) [blkcg_punt_bio] (root,0,0,00:00:00/41-12:59:21,79) [tpm_dev_wq] (root,0,0,00:00:00/41-12:59:21,80) [edac-poller] (root,0,0,00:00:00/41-12:59:21,81) [devfreq_wq] (root,0,0,00:00:00/41-12:59:21,110) [watchdogd] (root,0,0,00:00:03/41-12:59:21,111) [kswapd0] (root,0,0,00:00:11/41-12:59:21,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/41-12:59:19,115) [kthrotld] (root,0,0,00:00:00/41-12:59:19,116) [mld] (root,0,0,00:00:00/41-12:59:19,117) [ipv6_addrconf] (root,0,0,00:00:11/41-12:59:19,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/41-12:59:19,123) [kstrp] (root,0,0,00:00:00/41-12:59:19,124) [zswap-shrink] (root,0,0,00:00:00/41-12:59:19,125) [kworker/u9:0] (root,0,0,00:00:00/41-12:59:19,130) [charger_manager] (root,0,0,00:00:13/41-12:59:19,172) [kworker/1:1H-kblockd] (root,0,0,00:00:18/41-12:59:19,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/41-12:59:18,239) [kaluad] (root,0,0,00:00:00/41-12:59:18,258) [kmpath_rdacd] (root,0,0,00:00:00/41-12:59:18,304) [kmpathd] (root,0,0,00:00:00/41-12:59:18,305) [kmpath_handlerd] (root,0,0,00:00:00/41-12:59:17,342) [ata_sff] (root,0,0,00:00:00/41-12:59:17,343) [scsi_eh_0] (root,0,0,00:00:00/41-12:59:17,344) [scsi_tmf_0] (root,0,0,00:00:00/41-12:59:17,345) [scsi_eh_1] (root,0,0,00:00:00/41-12:59:17,346) [scsi_tmf_1] (root,0,0,00:01:23/41-12:59:14,366) [jbd2/vda1-8] (root,0,0,00:00:00/41-12:59:14,367) [ext4-rsv-conver] (root,38604,7856,00:01:12/41-12:59:02,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:04/41-12:59:01,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:05/41-12:58:59,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:25/41-12:58:28,511) /sbin/auditd (messagebus,22932,5408,00:02:19/41-12:58:27,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:18/41-12:58:27,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/41-12:58:27,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/41-12:58:25,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/41-12:58:25,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30208,00:00:49/41-12:58:11,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/41-12:58:11,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:09/41-12:58:11,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/41-12:58:11,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/41-12:58:11,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/41-12:58:11,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/41-12:58:11,1343) /usr/lib/systemd/systemd --user (root,449060,8448,00:01:22/41-12:58:11,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:01/41-12:58:11,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/41-12:58:11,1352) bpfilter_umh (root,26204,8096,00:00:21/41-12:58:11,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/41-12:58:11,1359) ntpd: asynchronous dns resolver (spot,361936,206164,2-09:30:43/41-12:58:10,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/41-12:58:10,1371) (sd-pam) (checkmk,48528,3180,00:00:00/41-12:58:10,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/41-12:58:10,1373) (sd-pam) (root,24216,5260,00:00:14/41-12:58:08,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/41-12:58:08,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/41-12:58:08,1485) /usr/sbin/cron -n (root,697108,76400,00:57:43/41-12:58:02,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,226752,68932,00:22:49/41-12:57:50,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/35-18:33:25,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:46:57,3309) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/24:34,4186) [kworker/0:0] (root,35304,10040,00:00:00/3-13:26:20,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:15/3-13:26:19,10514) sshd: syslogtunnel (postfix,24244,8308,00:00:00/01:25:50,11997) pickup -l -t fifo -u (root,0,0,00:00:00/05:56,12259) [kworker/3:1-events] (root,0,0,00:00:00/01:07:42,15424) [kworker/0:2-events] (root,0,0,00:00:02/10:24:01,16954) [kworker/2:1-events] (root,0,0,00:00:01/03:03:03,18031) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/29:18,21069) [kworker/2:2] (root,0,0,00:00:00/10:10,23332) [kworker/1:1-events] (root,0,0,00:00:00/37:03,23469) [kworker/3:2-ata_sff] (root,0,0,00:00:00/27:34,25841) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/00:43,26953) [kworker/3:0-ata_sff] (root,0,0,00:00:00/00:42,27124) [kworker/1:0-events] (root,6656,3480,00:00:00/00:00,29451) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,29469) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,29470) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10028,00:00:00/3-14:12:33,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:14/3-14:12:32,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-21 23:48 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639e8511c2Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:57/39-13:04:53,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-13:04:53,2) [kthreadd] (root,0,0,00:00:00/39-13:04:53,3) [rcu_gp] (root,0,0,00:00:00/39-13:04:53,4) [rcu_par_gp] (root,0,0,00:00:00/39-13:04:53,5) [slub_flushwq] (root,0,0,00:00:00/39-13:04:53,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-13:04:53,9) [mm_percpu_wq] (root,0,0,00:00:00/39-13:04:53,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-13:04:53,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-13:04:53,12) [rcu_tasks_trace] (root,0,0,00:01:12/39-13:04:53,13) [ksoftirqd/0] (root,0,0,01:53:31/39-13:04:53,14) [rcu_preempt] (root,0,0,00:00:15/39-13:04:53,15) [migration/0] (root,0,0,00:00:00/39-13:04:53,16) [idle_inject/0] (root,0,0,00:00:00/39-13:04:53,18) [cpuhp/0] (root,0,0,00:00:00/39-13:04:53,19) [cpuhp/1] (root,0,0,00:00:00/39-13:04:53,20) [idle_inject/1] (root,0,0,00:00:15/39-13:04:53,21) [migration/1] (root,0,0,00:00:59/39-13:04:53,22) [ksoftirqd/1] (root,0,0,00:00:00/39-13:04:53,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-13:04:53,25) [cpuhp/2] (root,0,0,00:00:00/39-13:04:53,26) [idle_inject/2] (root,0,0,00:00:11/39-13:04:53,27) [migration/2] (root,0,0,01:13:54/39-13:04:53,28) [ksoftirqd/2] (root,0,0,00:00:00/39-13:04:53,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-13:04:53,31) [cpuhp/3] (root,0,0,00:00:00/39-13:04:53,32) [idle_inject/3] (root,0,0,00:00:14/39-13:04:53,33) [migration/3] (root,0,0,00:03:47/39-13:04:53,34) [ksoftirqd/3] (root,0,0,00:00:00/39-13:04:53,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-13:04:53,40) [kdevtmpfs] (root,0,0,00:00:00/39-13:04:53,41) [netns] (root,0,0,00:00:00/39-13:04:53,42) [inet_frag_wq] (root,0,0,00:00:14/39-13:04:53,43) [kauditd] (root,0,0,00:00:00/39-13:04:53,44) [khungtaskd] (root,0,0,00:00:00/39-13:04:53,45) [oom_reaper] (root,0,0,00:00:00/39-13:04:53,46) [writeback] (root,0,0,00:02:04/39-13:04:53,47) [kcompactd0] (root,0,0,00:00:00/39-13:04:53,48) [ksmd] (root,0,0,00:02:09/39-13:04:53,49) [khugepaged] (root,0,0,00:00:00/39-13:04:53,75) [kintegrityd] (root,0,0,00:00:00/39-13:04:53,76) [kblockd] (root,0,0,00:00:00/39-13:04:53,77) [blkcg_punt_bio] (root,0,0,00:00:00/39-13:04:53,79) [tpm_dev_wq] (root,0,0,00:00:00/39-13:04:53,80) [edac-poller] (root,0,0,00:00:00/39-13:04:53,81) [devfreq_wq] (root,0,0,00:00:00/39-13:04:53,110) [watchdogd] (root,0,0,00:00:02/39-13:04:53,111) [kswapd0] (root,0,0,00:00:10/39-13:04:53,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/39-13:04:51,115) [kthrotld] (root,0,0,00:00:00/39-13:04:51,116) [mld] (root,0,0,00:00:00/39-13:04:51,117) [ipv6_addrconf] (root,0,0,00:00:11/39-13:04:51,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-13:04:51,123) [kstrp] (root,0,0,00:00:00/39-13:04:51,124) [zswap-shrink] (root,0,0,00:00:00/39-13:04:51,125) [kworker/u9:0] (root,0,0,00:00:00/39-13:04:51,130) [charger_manager] (root,0,0,00:00:12/39-13:04:51,172) [kworker/1:1H-kblockd] (root,0,0,00:00:17/39-13:04:51,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/39-13:04:50,239) [kaluad] (root,0,0,00:00:00/39-13:04:50,258) [kmpath_rdacd] (root,0,0,00:00:00/39-13:04:50,304) [kmpathd] (root,0,0,00:00:00/39-13:04:50,305) [kmpath_handlerd] (root,0,0,00:00:00/39-13:04:49,342) [ata_sff] (root,0,0,00:00:00/39-13:04:49,343) [scsi_eh_0] (root,0,0,00:00:00/39-13:04:49,344) [scsi_tmf_0] (root,0,0,00:00:00/39-13:04:49,345) [scsi_eh_1] (root,0,0,00:00:00/39-13:04:49,346) [scsi_tmf_1] (root,0,0,00:01:19/39-13:04:46,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-13:04:46,367) [ext4-rsv-conver] (root,38604,7924,00:01:09/39-13:04:34,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/39-13:04:33,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:01:02/39-13:04:31,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:24/39-13:04:00,511) /sbin/auditd (messagebus,22932,5436,00:02:12/39-13:03:59,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:15/39-13:03:59,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/39-13:03:59,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/39-13:03:57,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/39-13:03:57,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30300,00:00:47/39-13:03:43,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/39-13:03:43,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:57/39-13:03:43,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/39-13:03:43,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/39-13:03:43,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/39-13:03:43,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/39-13:03:43,1343) /usr/lib/systemd/systemd --user (root,449060,8596,00:01:19/39-13:03:43,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:44/39-13:03:43,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/39-13:03:43,1352) bpfilter_umh (root,26204,8116,00:00:20/39-13:03:43,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/39-13:03:43,1359) ntpd: asynchronous dns resolver (spot,361152,198264,2-07:21:45/39-13:03:42,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/39-13:03:42,1371) (sd-pam) (checkmk,48528,3192,00:00:00/39-13:03:42,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/39-13:03:42,1373) (sd-pam) (root,24216,5260,00:00:14/39-13:03:40,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/39-13:03:40,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/39-13:03:40,1485) /usr/sbin/cron -n (root,697108,76496,00:54:52/39-13:03:34,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,67440,00:21:45/39-13:03:22,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/07:40,2077) [kworker/3:0-ata_sff] (postfix,44628,9244,00:00:01/33-18:38:57,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:07:50,3019) [kworker/1:2-events] (root,0,0,00:00:00/20:22,6192) [kworker/2:2-events] (root,0,0,00:00:00/01:20:54,8710) [kworker/0:2-mm_percpu_wq] (root,35304,10040,00:00:00/1-13:31:52,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:07/1-13:31:51,10514) sshd: syslogtunnel (postfix,24244,8232,00:00:00/12:10,11858) pickup -l -t fifo -u (root,0,0,00:00:00/02:53:06,12444) [kworker/u8:2-flush-253:0] (root,0,0,00:00:01/01:53:20,15998) [kworker/2:1-mm_percpu_wq] (root,0,0,00:00:00/18:03,17829) [kworker/3:2-events] (root,0,0,00:00:00/01:18:03,18830) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/24:55,21979) [kworker/0:1-events] (root,0,0,00:00:00/02:29,22374) [kworker/3:1-ata_sff] (root,35308,10028,00:00:00/1-14:18:05,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:07/1-14:18:04,30947) sshd: cm-ssh (root,0,0,00:00:00/01:07:02,31080) [kworker/1:0] (root,6656,3488,00:00:00/00:01,31196) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,31214) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,31215) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-19 23:53 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f0c96e8aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:51/37-12:41:27,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-12:41:27,2) [kthreadd] (root,0,0,00:00:00/37-12:41:27,3) [rcu_gp] (root,0,0,00:00:00/37-12:41:27,4) [rcu_par_gp] (root,0,0,00:00:00/37-12:41:27,5) [slub_flushwq] (root,0,0,00:00:00/37-12:41:27,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-12:41:27,9) [mm_percpu_wq] (root,0,0,00:00:00/37-12:41:27,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-12:41:27,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-12:41:27,12) [rcu_tasks_trace] (root,0,0,00:01:07/37-12:41:27,13) [ksoftirqd/0] (root,0,0,01:47:22/37-12:41:27,14) [rcu_preempt] (root,0,0,00:00:14/37-12:41:27,15) [migration/0] (root,0,0,00:00:00/37-12:41:27,16) [idle_inject/0] (root,0,0,00:00:00/37-12:41:27,18) [cpuhp/0] (root,0,0,00:00:00/37-12:41:27,19) [cpuhp/1] (root,0,0,00:00:00/37-12:41:27,20) [idle_inject/1] (root,0,0,00:00:14/37-12:41:27,21) [migration/1] (root,0,0,00:00:55/37-12:41:27,22) [ksoftirqd/1] (root,0,0,00:00:00/37-12:41:27,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-12:41:27,25) [cpuhp/2] (root,0,0,00:00:00/37-12:41:27,26) [idle_inject/2] (root,0,0,00:00:10/37-12:41:27,27) [migration/2] (root,0,0,01:07:53/37-12:41:27,28) [ksoftirqd/2] (root,0,0,00:00:00/37-12:41:27,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-12:41:27,31) [cpuhp/3] (root,0,0,00:00:00/37-12:41:27,32) [idle_inject/3] (root,0,0,00:00:13/37-12:41:27,33) [migration/3] (root,0,0,00:03:29/37-12:41:27,34) [ksoftirqd/3] (root,0,0,00:00:00/37-12:41:27,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-12:41:27,40) [kdevtmpfs] (root,0,0,00:00:00/37-12:41:27,41) [netns] (root,0,0,00:00:00/37-12:41:27,42) [inet_frag_wq] (root,0,0,00:00:13/37-12:41:27,43) [kauditd] (root,0,0,00:00:00/37-12:41:27,44) [khungtaskd] (root,0,0,00:00:00/37-12:41:27,45) [oom_reaper] (root,0,0,00:00:00/37-12:41:27,46) [writeback] (root,0,0,00:01:58/37-12:41:27,47) [kcompactd0] (root,0,0,00:00:00/37-12:41:27,48) [ksmd] (root,0,0,00:02:02/37-12:41:27,49) [khugepaged] (root,0,0,00:00:00/37-12:41:27,75) [kintegrityd] (root,0,0,00:00:00/37-12:41:27,76) [kblockd] (root,0,0,00:00:00/37-12:41:27,77) [blkcg_punt_bio] (root,0,0,00:00:00/37-12:41:27,79) [tpm_dev_wq] (root,0,0,00:00:00/37-12:41:27,80) [edac-poller] (root,0,0,00:00:00/37-12:41:27,81) [devfreq_wq] (root,0,0,00:00:00/37-12:41:27,110) [watchdogd] (root,0,0,00:00:02/37-12:41:27,111) [kswapd0] (root,0,0,00:00:10/37-12:41:27,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/37-12:41:25,115) [kthrotld] (root,0,0,00:00:00/37-12:41:25,116) [mld] (root,0,0,00:00:00/37-12:41:25,117) [ipv6_addrconf] (root,0,0,00:00:10/37-12:41:25,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-12:41:25,123) [kstrp] (root,0,0,00:00:00/37-12:41:25,124) [zswap-shrink] (root,0,0,00:00:00/37-12:41:25,125) [kworker/u9:0] (root,0,0,00:00:00/37-12:41:25,130) [charger_manager] (root,0,0,00:00:11/37-12:41:25,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/37-12:41:25,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/37-12:41:24,239) [kaluad] (root,0,0,00:00:00/37-12:41:24,258) [kmpath_rdacd] (root,0,0,00:00:00/37-12:41:24,304) [kmpathd] (root,0,0,00:00:00/37-12:41:24,305) [kmpath_handlerd] (root,0,0,00:00:00/37-12:41:23,342) [ata_sff] (root,0,0,00:00:00/37-12:41:23,343) [scsi_eh_0] (root,0,0,00:00:00/37-12:41:23,344) [scsi_tmf_0] (root,0,0,00:00:00/37-12:41:23,345) [scsi_eh_1] (root,0,0,00:00:00/37-12:41:23,346) [scsi_tmf_1] (root,0,0,00:01:15/37-12:41:20,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-12:41:20,367) [ext4-rsv-conver] (root,38604,7924,00:01:01/37-12:41:08,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/37-12:41:07,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:00:58/37-12:41:05,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:22/37-12:40:34,511) /sbin/auditd (messagebus,22932,5436,00:02:06/37-12:40:33,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:11/37-12:40:33,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/37-12:40:33,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/37-12:40:31,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/37-12:40:31,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30292,00:00:44/37-12:40:17,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/37-12:40:17,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:44/37-12:40:17,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/37-12:40:17,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/37-12:40:17,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/37-12:40:17,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/37-12:40:17,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:58/37-12:40:17,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:25/37-12:40:17,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/37-12:40:17,1352) bpfilter_umh (root,26204,8116,00:00:19/37-12:40:17,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/37-12:40:17,1359) ntpd: asynchronous dns resolver (spot,362240,198560,2-04:22:37/37-12:40:16,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/37-12:40:16,1371) (sd-pam) (checkmk,48528,3192,00:00:00/37-12:40:16,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/37-12:40:16,1373) (sd-pam) (root,24216,5260,00:00:13/37-12:40:14,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/37-12:40:14,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/37-12:40:14,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/37-12:40:11,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:19/37-12:40:10,1527) sshd: syslogtunnel (root,696596,77960,00:51:56/37-12:40:08,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66204,00:20:41/37-12:39:56,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/31-18:15:31,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/58:03,2691) [kworker/u8:1-ext4-rsv-conversion] (root,35308,10108,00:00:00/37-12:39:31,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:02:04/37-12:39:31,3218) sshd: cm-ssh (root,0,0,00:00:00/05:34,9730) [kworker/3:0-ata_sff] (root,0,0,00:00:00/21:46,10083) [kworker/1:2-events] (root,0,0,00:00:00/02:05:06,18233) [kworker/u8:0-writeback] (root,0,0,00:00:01/02:38:49,19177) [kworker/0:2-events] (root,0,0,00:00:00/01:30:51,19789) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/00:21,21009) [kworker/3:1-ata_sff] (root,6656,3484,00:00:00/00:00,22346) /bin/bash /usr/bin/check_mk_agent (root,13744,3492,00:00:00/00:00,22364) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,22365) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:21:12,24321) [kworker/2:1-events] (root,0,0,00:00:00/01:44:27,26865) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/12:30,27095) [kworker/2:0-events] (postfix,24244,8148,00:00:00/10:37,28767) pickup -l -t fifo -u (root,0,0,00:00:02/04:19:47,32737) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-17 23:30 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363db10ac8bFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12620,00:01:46/35-14:31:33,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/35-14:31:33,2) [kthreadd] (root,0,0,00:00:00/35-14:31:33,3) [rcu_gp] (root,0,0,00:00:00/35-14:31:33,4) [rcu_par_gp] (root,0,0,00:00:00/35-14:31:33,5) [slub_flushwq] (root,0,0,00:00:00/35-14:31:33,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-14:31:33,9) [mm_percpu_wq] (root,0,0,00:00:00/35-14:31:33,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-14:31:33,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-14:31:33,12) [rcu_tasks_trace] (root,0,0,00:01:04/35-14:31:33,13) [ksoftirqd/0] (root,0,0,01:42:19/35-14:31:33,14) [rcu_preempt] (root,0,0,00:00:13/35-14:31:33,15) [migration/0] (root,0,0,00:00:00/35-14:31:33,16) [idle_inject/0] (root,0,0,00:00:00/35-14:31:33,18) [cpuhp/0] (root,0,0,00:00:00/35-14:31:33,19) [cpuhp/1] (root,0,0,00:00:00/35-14:31:33,20) [idle_inject/1] (root,0,0,00:00:13/35-14:31:33,21) [migration/1] (root,0,0,00:00:52/35-14:31:33,22) [ksoftirqd/1] (root,0,0,00:00:00/35-14:31:33,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-14:31:33,25) [cpuhp/2] (root,0,0,00:00:00/35-14:31:33,26) [idle_inject/2] (root,0,0,00:00:10/35-14:31:33,27) [migration/2] (root,0,0,01:05:12/35-14:31:33,28) [ksoftirqd/2] (root,0,0,00:00:00/35-14:31:33,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-14:31:33,31) [cpuhp/3] (root,0,0,00:00:00/35-14:31:33,32) [idle_inject/3] (root,0,0,00:00:12/35-14:31:33,33) [migration/3] (root,0,0,00:03:21/35-14:31:33,34) [ksoftirqd/3] (root,0,0,00:00:00/35-14:31:33,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-14:31:33,40) [kdevtmpfs] (root,0,0,00:00:00/35-14:31:33,41) [netns] (root,0,0,00:00:00/35-14:31:33,42) [inet_frag_wq] (root,0,0,00:00:12/35-14:31:33,43) [kauditd] (root,0,0,00:00:00/35-14:31:33,44) [khungtaskd] (root,0,0,00:00:00/35-14:31:33,45) [oom_reaper] (root,0,0,00:00:00/35-14:31:33,46) [writeback] (root,0,0,00:01:52/35-14:31:33,47) [kcompactd0] (root,0,0,00:00:00/35-14:31:33,48) [ksmd] (root,0,0,00:01:56/35-14:31:33,49) [khugepaged] (root,0,0,00:00:00/35-14:31:33,75) [kintegrityd] (root,0,0,00:00:00/35-14:31:33,76) [kblockd] (root,0,0,00:00:00/35-14:31:33,77) [blkcg_punt_bio] (root,0,0,00:00:00/35-14:31:33,79) [tpm_dev_wq] (root,0,0,00:00:00/35-14:31:33,80) [edac-poller] (root,0,0,00:00:00/35-14:31:33,81) [devfreq_wq] (root,0,0,00:00:00/35-14:31:33,110) [watchdogd] (root,0,0,00:00:02/35-14:31:33,111) [kswapd0] (root,0,0,00:00:09/35-14:31:33,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/35-14:31:31,115) [kthrotld] (root,0,0,00:00:00/35-14:31:31,116) [mld] (root,0,0,00:00:00/35-14:31:31,117) [ipv6_addrconf] (root,0,0,00:00:10/35-14:31:31,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-14:31:31,123) [kstrp] (root,0,0,00:00:00/35-14:31:31,124) [zswap-shrink] (root,0,0,00:00:00/35-14:31:31,125) [kworker/u9:0] (root,0,0,00:00:00/35-14:31:31,130) [charger_manager] (root,0,0,00:00:10/35-14:31:31,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/35-14:31:31,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/35-14:31:30,239) [kaluad] (root,0,0,00:00:00/35-14:31:30,258) [kmpath_rdacd] (root,0,0,00:00:00/35-14:31:30,304) [kmpathd] (root,0,0,00:00:00/35-14:31:30,305) [kmpath_handlerd] (root,0,0,00:00:00/35-14:31:29,342) [ata_sff] (root,0,0,00:00:00/35-14:31:29,343) [scsi_eh_0] (root,0,0,00:00:00/35-14:31:29,344) [scsi_tmf_0] (root,0,0,00:00:00/35-14:31:29,345) [scsi_eh_1] (root,0,0,00:00:00/35-14:31:29,346) [scsi_tmf_1] (root,0,0,00:01:11/35-14:31:26,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-14:31:26,367) [ext4-rsv-conver] (root,38604,7924,00:00:58/35-14:31:14,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/35-14:31:13,454) /usr/lib/systemd/systemd-udevd (root,0,0,00:00:00/10:47,485) [kworker/0:2-events] (root,8624,6172,00:00:56/35-14:31:11,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:21/35-14:30:40,511) /sbin/auditd (messagebus,22932,5436,00:01:59/35-14:30:39,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:07/35-14:30:39,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/35-14:30:39,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/35-14:30:37,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/35-14:30:37,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:04:45,633) [kworker/u8:1-flush-253:0] (root,548616,30252,00:00:42/35-14:30:23,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/35-14:30:23,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:35/35-14:30:23,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/35-14:30:23,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/35-14:30:23,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/35-14:30:23,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/35-14:30:23,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:55/35-14:30:23,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:09/35-14:30:23,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/35-14:30:23,1352) bpfilter_umh (root,26204,8116,00:00:18/35-14:30:23,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/35-14:30:23,1359) ntpd: asynchronous dns resolver (spot,361008,198248,2-02:20:06/35-14:30:22,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/35-14:30:22,1371) (sd-pam) (checkmk,48528,3192,00:00:00/35-14:30:22,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/35-14:30:22,1373) (sd-pam) (root,24216,5260,00:00:12/35-14:30:20,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/35-14:30:20,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/35-14:30:20,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/35-14:30:17,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:13/35-14:30:16,1527) sshd: syslogtunnel (root,696596,77900,00:49:18/35-14:30:14,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:01/02:39:45,1719) [kworker/2:2-events] (spot,223680,64864,00:19:43/35-14:30:02,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/29-20:05:37,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:17,3161) [kworker/3:1-ata_sff] (root,35308,10108,00:00:00/35-14:29:37,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:58/35-14:29:37,3218) sshd: cm-ssh (root,6656,3484,00:00:00/00:00,7253) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,7271) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,7272) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:36:56,11281) [kworker/0:1-events] (root,0,0,00:00:00/06:28,16037) [kworker/3:0-events] (root,0,0,00:00:00/35:31,16207) [kworker/1:2-events] (postfix,24244,8160,00:00:00/42:29,18195) pickup -l -t fifo -u (root,0,0,00:00:00/03:47:27,19269) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:49:32,20934) [kworker/1:1-events] (root,0,0,00:00:00/15:22,21129) [kworker/2:0-events] (root,0,0,00:00:03/11:40,31160) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-16 01:20 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836380d07b44Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:39/33-13:07:49,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/33-13:07:49,2) [kthreadd] (root,0,0,00:00:00/33-13:07:49,3) [rcu_gp] (root,0,0,00:00:00/33-13:07:49,4) [rcu_par_gp] (root,0,0,00:00:00/33-13:07:49,5) [slub_flushwq] (root,0,0,00:00:00/33-13:07:49,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-13:07:49,9) [mm_percpu_wq] (root,0,0,00:00:00/33-13:07:49,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-13:07:49,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-13:07:49,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-13:07:49,13) [ksoftirqd/0] (root,0,0,01:36:48/33-13:07:49,14) [rcu_preempt] (root,0,0,00:00:12/33-13:07:49,15) [migration/0] (root,0,0,00:00:00/33-13:07:49,16) [idle_inject/0] (root,0,0,00:00:00/33-13:07:49,18) [cpuhp/0] (root,0,0,00:00:00/33-13:07:49,19) [cpuhp/1] (root,0,0,00:00:00/33-13:07:49,20) [idle_inject/1] (root,0,0,00:00:12/33-13:07:49,21) [migration/1] (root,0,0,00:00:50/33-13:07:49,22) [ksoftirqd/1] (root,0,0,00:00:00/33-13:07:49,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-13:07:49,25) [cpuhp/2] (root,0,0,00:00:00/33-13:07:49,26) [idle_inject/2] (root,0,0,00:00:09/33-13:07:49,27) [migration/2] (root,0,0,01:01:59/33-13:07:49,28) [ksoftirqd/2] (root,0,0,00:00:00/33-13:07:49,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-13:07:49,31) [cpuhp/3] (root,0,0,00:00:00/33-13:07:49,32) [idle_inject/3] (root,0,0,00:00:12/33-13:07:49,33) [migration/3] (root,0,0,00:03:12/33-13:07:49,34) [ksoftirqd/3] (root,0,0,00:00:00/33-13:07:49,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-13:07:49,40) [kdevtmpfs] (root,0,0,00:00:00/33-13:07:49,41) [netns] (root,0,0,00:00:00/33-13:07:49,42) [inet_frag_wq] (root,0,0,00:00:12/33-13:07:49,43) [kauditd] (root,0,0,00:00:00/33-13:07:49,44) [khungtaskd] (root,0,0,00:00:00/33-13:07:49,45) [oom_reaper] (root,0,0,00:00:00/33-13:07:49,46) [writeback] (root,0,0,00:01:46/33-13:07:49,47) [kcompactd0] (root,0,0,00:00:00/33-13:07:49,48) [ksmd] (root,0,0,00:01:49/33-13:07:49,49) [khugepaged] (root,0,0,00:00:00/33-13:07:49,75) [kintegrityd] (root,0,0,00:00:00/33-13:07:49,76) [kblockd] (root,0,0,00:00:00/33-13:07:49,77) [blkcg_punt_bio] (root,0,0,00:00:00/33-13:07:49,79) [tpm_dev_wq] (root,0,0,00:00:00/33-13:07:49,80) [edac-poller] (root,0,0,00:00:00/33-13:07:49,81) [devfreq_wq] (root,0,0,00:00:00/33-13:07:49,110) [watchdogd] (root,0,0,00:00:02/33-13:07:49,111) [kswapd0] (root,0,0,00:00:09/33-13:07:49,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/33-13:07:47,115) [kthrotld] (root,0,0,00:00:00/33-13:07:47,116) [mld] (root,0,0,00:00:00/33-13:07:47,117) [ipv6_addrconf] (root,0,0,00:00:09/33-13:07:47,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-13:07:47,123) [kstrp] (root,0,0,00:00:00/33-13:07:47,124) [zswap-shrink] (root,0,0,00:00:00/33-13:07:47,125) [kworker/u9:0] (root,0,0,00:00:00/33-13:07:47,130) [charger_manager] (root,0,0,00:00:10/33-13:07:47,172) [kworker/1:1H-kblockd] (root,0,0,00:00:15/33-13:07:47,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/33-13:07:46,239) [kaluad] (root,0,0,00:00:00/33-13:07:46,258) [kmpath_rdacd] (root,0,0,00:00:00/33-13:07:46,304) [kmpathd] (root,0,0,00:00:00/33-13:07:46,305) [kmpath_handlerd] (root,0,0,00:00:00/33-13:07:45,342) [ata_sff] (root,0,0,00:00:00/33-13:07:45,343) [scsi_eh_0] (root,0,0,00:00:00/33-13:07:45,344) [scsi_tmf_0] (root,0,0,00:00:00/33-13:07:45,345) [scsi_eh_1] (root,0,0,00:00:00/33-13:07:45,346) [scsi_tmf_1] (root,0,0,00:01:07/33-13:07:42,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-13:07:42,367) [ext4-rsv-conver] (root,38604,7944,00:00:54/33-13:07:30,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/33-13:07:29,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:53/33-13:07:27,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:20/33-13:06:56,511) /sbin/auditd (messagebus,22932,5632,00:01:52/33-13:06:55,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:01:03/33-13:06:55,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/33-13:06:55,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/33-13:06:53,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/33-13:06:53,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:39/33-13:06:39,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/33-13:06:39,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:24/33-13:06:39,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/33-13:06:39,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/33-13:06:39,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/33-13:06:39,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/33-13:06:39,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:52/33-13:06:39,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:51/33-13:06:39,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/33-13:06:39,1352) bpfilter_umh (root,26204,8128,00:00:17/33-13:06:39,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/33-13:06:39,1359) ntpd: asynchronous dns resolver (spot,361264,200060,2-00:19:05/33-13:06:38,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/33-13:06:38,1371) (sd-pam) (checkmk,48528,3192,00:00:00/33-13:06:38,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/33-13:06:38,1373) (sd-pam) (root,24216,5260,00:00:11/33-13:06:36,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/33-13:06:36,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/33-13:06:36,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/33-13:06:33,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:05/33-13:06:32,1527) sshd: syslogtunnel (root,694036,73228,00:46:26/33-13:06:30,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/20:31,1600) [kworker/3:0-events] (spot,222656,63352,00:18:43/33-13:06:18,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/27-18:41:53,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/33-13:05:53,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:51/33-13:05:53,3218) sshd: cm-ssh (root,0,0,00:00:00/32:48,4095) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/26:28,7631) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/04:58,8286) [kworker/3:2-ata_sff] (root,0,0,00:00:02/04:53:12,15620) [kworker/2:2-events] (root,0,0,00:00:00/10:08,16144) [kworker/3:1-ata_sff] (root,0,0,00:00:00/17:16,16920) [kworker/u8:2-writeback] (root,0,0,00:00:00/09:34,18362) [kworker/0:2-cgroup_destroy] (root,0,0,00:00:00/02:51,19454) [kworker/2:1-events] (root,0,0,00:00:00/01:32:53,21273) [kworker/0:1-events] (root,0,0,00:00:00/22:52,22988) [kworker/1:2-cgroup_destroy] (postfix,24244,8228,00:00:00/01:19:44,25034) pickup -l -t fifo -u (root,0,0,00:00:00/01:19:32,25667) [kworker/1:0-events] (root,6656,3484,00:00:00/00:00,30901) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,30919) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,30920) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-13 23:56 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639e1ff3b3Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:33/31-13:05:43,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-13:05:43,2) [kthreadd] (root,0,0,00:00:00/31-13:05:43,3) [rcu_gp] (root,0,0,00:00:00/31-13:05:43,4) [rcu_par_gp] (root,0,0,00:00:00/31-13:05:43,5) [slub_flushwq] (root,0,0,00:00:00/31-13:05:43,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-13:05:43,9) [mm_percpu_wq] (root,0,0,00:00:00/31-13:05:43,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-13:05:43,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-13:05:43,12) [rcu_tasks_trace] (root,0,0,00:00:58/31-13:05:43,13) [ksoftirqd/0] (root,0,0,01:31:28/31-13:05:43,14) [rcu_preempt] (root,0,0,00:00:12/31-13:05:43,15) [migration/0] (root,0,0,00:00:00/31-13:05:43,16) [idle_inject/0] (root,0,0,00:00:00/31-13:05:43,18) [cpuhp/0] (root,0,0,00:00:00/31-13:05:43,19) [cpuhp/1] (root,0,0,00:00:00/31-13:05:43,20) [idle_inject/1] (root,0,0,00:00:12/31-13:05:43,21) [migration/1] (root,0,0,00:00:47/31-13:05:43,22) [ksoftirqd/1] (root,0,0,00:00:00/31-13:05:43,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-13:05:43,25) [cpuhp/2] (root,0,0,00:00:00/31-13:05:43,26) [idle_inject/2] (root,0,0,00:00:09/31-13:05:43,27) [migration/2] (root,0,0,00:58:56/31-13:05:43,28) [ksoftirqd/2] (root,0,0,00:00:00/31-13:05:43,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-13:05:43,31) [cpuhp/3] (root,0,0,00:00:00/31-13:05:43,32) [idle_inject/3] (root,0,0,00:00:11/31-13:05:43,33) [migration/3] (root,0,0,00:03:03/31-13:05:43,34) [ksoftirqd/3] (root,0,0,00:00:00/31-13:05:43,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-13:05:43,40) [kdevtmpfs] (root,0,0,00:00:00/31-13:05:43,41) [netns] (root,0,0,00:00:00/31-13:05:43,42) [inet_frag_wq] (root,0,0,00:00:11/31-13:05:43,43) [kauditd] (root,0,0,00:00:00/31-13:05:43,44) [khungtaskd] (root,0,0,00:00:00/31-13:05:43,45) [oom_reaper] (root,0,0,00:00:00/31-13:05:43,46) [writeback] (root,0,0,00:01:40/31-13:05:43,47) [kcompactd0] (root,0,0,00:00:00/31-13:05:43,48) [ksmd] (root,0,0,00:01:43/31-13:05:43,49) [khugepaged] (root,0,0,00:00:00/31-13:05:43,75) [kintegrityd] (root,0,0,00:00:00/31-13:05:43,76) [kblockd] (root,0,0,00:00:00/31-13:05:43,77) [blkcg_punt_bio] (root,0,0,00:00:00/31-13:05:43,79) [tpm_dev_wq] (root,0,0,00:00:00/31-13:05:43,80) [edac-poller] (root,0,0,00:00:00/31-13:05:43,81) [devfreq_wq] (root,0,0,00:00:00/31-13:05:43,110) [watchdogd] (root,0,0,00:00:02/31-13:05:43,111) [kswapd0] (root,0,0,00:00:08/31-13:05:43,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/31-13:05:41,115) [kthrotld] (root,0,0,00:00:00/31-13:05:41,116) [mld] (root,0,0,00:00:00/31-13:05:41,117) [ipv6_addrconf] (root,0,0,00:00:09/31-13:05:41,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-13:05:41,123) [kstrp] (root,0,0,00:00:00/31-13:05:41,124) [zswap-shrink] (root,0,0,00:00:00/31-13:05:41,125) [kworker/u9:0] (root,0,0,00:00:00/31-13:05:41,130) [charger_manager] (root,0,0,00:00:09/31-13:05:41,172) [kworker/1:1H-kblockd] (root,0,0,00:00:14/31-13:05:41,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/31-13:05:40,239) [kaluad] (root,0,0,00:00:00/31-13:05:40,258) [kmpath_rdacd] (root,0,0,00:00:00/31-13:05:40,304) [kmpathd] (root,0,0,00:00:00/31-13:05:40,305) [kmpath_handlerd] (root,0,0,00:00:00/31-13:05:39,342) [ata_sff] (root,0,0,00:00:00/31-13:05:39,343) [scsi_eh_0] (root,0,0,00:00:00/31-13:05:39,344) [scsi_tmf_0] (root,0,0,00:00:00/31-13:05:39,345) [scsi_eh_1] (root,0,0,00:00:00/31-13:05:39,346) [scsi_tmf_1] (root,0,0,00:01:03/31-13:05:36,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-13:05:36,367) [ext4-rsv-conver] (root,38604,7944,00:00:51/31-13:05:24,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/31-13:05:23,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:49/31-13:05:21,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:18/31-13:04:50,511) /sbin/auditd (messagebus,22932,5632,00:01:44/31-13:04:49,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:59/31-13:04:49,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/31-13:04:49,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/31-13:04:47,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/31-13:04:47,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:37/31-13:04:33,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/31-13:04:33,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:12/31-13:04:33,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/31-13:04:33,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/31-13:04:33,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/31-13:04:33,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/31-13:04:33,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:48/31-13:04:33,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:35/31-13:04:33,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/31-13:04:33,1352) bpfilter_umh (root,26204,8128,00:00:16/31-13:04:33,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/31-13:04:33,1359) ntpd: asynchronous dns resolver (spot,362320,200324,1-22:10:36/31-13:04:32,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/31-13:04:32,1371) (sd-pam) (checkmk,48528,3192,00:00:00/31-13:04:32,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/31-13:04:32,1373) (sd-pam) (root,24216,5260,00:00:11/31-13:04:30,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/31-13:04:30,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/31-13:04:30,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/31-13:04:27,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:58/31-13:04:26,1527) sshd: syslogtunnel (root,693780,72896,00:43:43/31-13:04:24,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/03:58,1852) [kworker/3:0-ata_sff] (spot,221632,61988,00:17:41/31-13:04:12,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/25-18:39:47,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/10:07,2865) [kworker/u8:2-writeback] (root,35308,10108,00:00:00/31-13:03:47,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:45/31-13:03:47,3218) sshd: cm-ssh (root,0,0,00:00:00/09:11,6836) [kworker/3:2-ata_sff] (root,0,0,00:00:00/18:14:19,11736) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/07:42,15172) [kworker/0:2-events] (root,0,0,00:00:00/21:06,18883) [kworker/1:1-events] (root,6656,3488,00:00:00/00:00,19852) /bin/bash /usr/bin/check_mk_agent (root,13744,3364,00:00:00/00:00,19870) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,19871) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/03:26:15,22602) [kworker/2:1-events] (root,0,0,00:00:00/01:53:44,23881) [kworker/1:2-events] (root,0,0,00:00:00/34:27,27419) [kworker/2:2-events] (root,0,0,00:00:01/02:28:52,28641) [kworker/0:1-events] (root,0,0,00:00:00/24:44,31518) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-11 23:54 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363762a6d25Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:25/29-13:04:27,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-13:04:27,2) [kthreadd] (root,0,0,00:00:00/29-13:04:27,3) [rcu_gp] (root,0,0,00:00:00/29-13:04:27,4) [rcu_par_gp] (root,0,0,00:00:00/29-13:04:27,5) [slub_flushwq] (root,0,0,00:00:00/29-13:04:27,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-13:04:27,9) [mm_percpu_wq] (root,0,0,00:00:00/29-13:04:27,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-13:04:27,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-13:04:27,12) [rcu_tasks_trace] (root,0,0,00:00:55/29-13:04:27,13) [ksoftirqd/0] (root,0,0,01:25:38/29-13:04:27,14) [rcu_preempt] (root,0,0,00:00:11/29-13:04:27,15) [migration/0] (root,0,0,00:00:00/29-13:04:27,16) [idle_inject/0] (root,0,0,00:00:00/29-13:04:27,18) [cpuhp/0] (root,0,0,00:00:00/29-13:04:27,19) [cpuhp/1] (root,0,0,00:00:00/29-13:04:27,20) [idle_inject/1] (root,0,0,00:00:11/29-13:04:27,21) [migration/1] (root,0,0,00:00:45/29-13:04:27,22) [ksoftirqd/1] (root,0,0,00:00:00/29-13:04:27,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-13:04:27,25) [cpuhp/2] (root,0,0,00:00:00/29-13:04:27,26) [idle_inject/2] (root,0,0,00:00:08/29-13:04:27,27) [migration/2] (root,0,0,00:54:42/29-13:04:27,28) [ksoftirqd/2] (root,0,0,00:00:00/29-13:04:27,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-13:04:27,31) [cpuhp/3] (root,0,0,00:00:00/29-13:04:27,32) [idle_inject/3] (root,0,0,00:00:10/29-13:04:27,33) [migration/3] (root,0,0,00:02:50/29-13:04:27,34) [ksoftirqd/3] (root,0,0,00:00:00/29-13:04:27,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-13:04:27,40) [kdevtmpfs] (root,0,0,00:00:00/29-13:04:27,41) [netns] (root,0,0,00:00:00/29-13:04:27,42) [inet_frag_wq] (root,0,0,00:00:10/29-13:04:27,43) [kauditd] (root,0,0,00:00:00/29-13:04:27,44) [khungtaskd] (root,0,0,00:00:00/29-13:04:27,45) [oom_reaper] (root,0,0,00:00:00/29-13:04:27,46) [writeback] (root,0,0,00:01:34/29-13:04:27,47) [kcompactd0] (root,0,0,00:00:00/29-13:04:27,48) [ksmd] (root,0,0,00:01:36/29-13:04:27,49) [khugepaged] (root,0,0,00:00:00/29-13:04:27,75) [kintegrityd] (root,0,0,00:00:00/29-13:04:27,76) [kblockd] (root,0,0,00:00:00/29-13:04:27,77) [blkcg_punt_bio] (root,0,0,00:00:00/29-13:04:27,79) [tpm_dev_wq] (root,0,0,00:00:00/29-13:04:27,80) [edac-poller] (root,0,0,00:00:00/29-13:04:27,81) [devfreq_wq] (root,0,0,00:00:00/29-13:04:27,110) [watchdogd] (root,0,0,00:00:02/29-13:04:27,111) [kswapd0] (root,0,0,00:00:08/29-13:04:27,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/29-13:04:25,115) [kthrotld] (root,0,0,00:00:00/29-13:04:25,116) [mld] (root,0,0,00:00:00/29-13:04:25,117) [ipv6_addrconf] (root,0,0,00:00:08/29-13:04:25,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-13:04:25,123) [kstrp] (root,0,0,00:00:00/29-13:04:25,124) [zswap-shrink] (root,0,0,00:00:00/29-13:04:25,125) [kworker/u9:0] (root,0,0,00:00:00/29-13:04:25,130) [charger_manager] (root,0,0,00:00:09/29-13:04:25,172) [kworker/1:1H-kblockd] (root,0,0,00:00:13/29-13:04:25,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/29-13:04:24,239) [kaluad] (root,0,0,00:00:00/29-13:04:24,258) [kmpath_rdacd] (root,0,0,00:00:00/29-13:04:24,304) [kmpathd] (root,0,0,00:00:00/29-13:04:24,305) [kmpath_handlerd] (root,0,0,00:00:00/29-13:04:23,342) [ata_sff] (root,0,0,00:00:00/29-13:04:23,343) [scsi_eh_0] (root,0,0,00:00:00/29-13:04:23,344) [scsi_tmf_0] (root,0,0,00:00:00/29-13:04:23,345) [scsi_eh_1] (root,0,0,00:00:00/29-13:04:23,346) [scsi_tmf_1] (root,0,0,00:00:59/29-13:04:20,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-13:04:20,367) [ext4-rsv-conver] (root,38604,7944,00:00:47/29-13:04:08,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/29-13:04:07,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:46/29-13:04:05,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:17/29-13:03:34,511) /sbin/auditd (messagebus,22932,5632,00:01:35/29-13:03:33,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:54/29-13:03:33,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/29-13:03:33,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/29-13:03:31,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/29-13:03:31,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:35/29-13:03:17,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/29-13:03:17,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:01/29-13:03:17,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/29-13:03:17,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/29-13:03:17,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/29-13:03:17,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/29-13:03:17,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:45/29-13:03:17,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:17/29-13:03:17,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/29-13:03:17,1352) bpfilter_umh (root,26204,8128,00:00:14/29-13:03:17,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/29-13:03:17,1359) ntpd: asynchronous dns resolver (spot,360992,199964,1-19:48:10/29-13:03:16,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/29-13:03:16,1371) (sd-pam) (checkmk,48528,3192,00:00:00/29-13:03:16,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/29-13:03:16,1373) (sd-pam) (root,24216,5260,00:00:10/29-13:03:14,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/29-13:03:14,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/29-13:03:14,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/29-13:03:11,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:50/29-13:03:10,1527) sshd: syslogtunnel (root,693524,74428,00:40:50/29-13:03:08,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,220608,60744,00:16:37/29-13:02:56,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/23-18:38:31,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/27:35,2706) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10108,00:00:00/29-13:02:31,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:38/29-13:02:31,3218) sshd: cm-ssh (root,0,0,00:00:00/06:08,3972) [kworker/u8:2-writeback] (root,0,0,00:00:00/05:45,4803) [kworker/3:0-ata_sff] (postfix,24244,8232,00:00:00/20:15,5297) pickup -l -t fifo -u (root,0,0,00:00:01/01:28:45,11915) [kworker/3:2-events] (root,0,0,00:00:00/02:26,13161) [kworker/1:0-events] (root,0,0,00:00:00/18:27,14664) [kworker/0:0] (root,0,0,00:00:00/00:35,20952) [kworker/3:1-ata_sff] (root,0,0,00:00:01/02:28:30,22291) [kworker/0:1-events] (root,6656,3480,00:00:00/00:00,22581) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,22599) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,22600) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/37:48,25890) [kworker/2:0] (root,0,0,00:00:00/01:00:46,28994) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/01:16:56,29505) [kworker/2:1-events] (root,0,0,00:00:00/15:16,30310) [kworker/1:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-09 23:53 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363030b5a19Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:18/27-13:08:55,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-13:08:55,2) [kthreadd] (root,0,0,00:00:00/27-13:08:55,3) [rcu_gp] (root,0,0,00:00:00/27-13:08:55,4) [rcu_par_gp] (root,0,0,00:00:00/27-13:08:55,5) [slub_flushwq] (root,0,0,00:00:00/27-13:08:55,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-13:08:55,9) [mm_percpu_wq] (root,0,0,00:00:00/27-13:08:55,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-13:08:55,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-13:08:55,12) [rcu_tasks_trace] (root,0,0,00:00:52/27-13:08:55,13) [ksoftirqd/0] (root,0,0,01:20:10/27-13:08:55,14) [rcu_preempt] (root,0,0,00:00:10/27-13:08:55,15) [migration/0] (root,0,0,00:00:00/27-13:08:55,16) [idle_inject/0] (root,0,0,00:00:00/27-13:08:55,18) [cpuhp/0] (root,0,0,00:00:00/27-13:08:55,19) [cpuhp/1] (root,0,0,00:00:00/27-13:08:55,20) [idle_inject/1] (root,0,0,00:00:10/27-13:08:55,21) [migration/1] (root,0,0,00:00:42/27-13:08:55,22) [ksoftirqd/1] (root,0,0,00:00:00/27-13:08:55,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-13:08:55,25) [cpuhp/2] (root,0,0,00:00:00/27-13:08:55,26) [idle_inject/2] (root,0,0,00:00:08/27-13:08:55,27) [migration/2] (root,0,0,00:51:34/27-13:08:55,28) [ksoftirqd/2] (root,0,0,00:00:00/27-13:08:55,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-13:08:55,31) [cpuhp/3] (root,0,0,00:00:00/27-13:08:55,32) [idle_inject/3] (root,0,0,00:00:10/27-13:08:55,33) [migration/3] (root,0,0,00:02:41/27-13:08:55,34) [ksoftirqd/3] (root,0,0,00:00:00/27-13:08:55,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-13:08:55,40) [kdevtmpfs] (root,0,0,00:00:00/27-13:08:55,41) [netns] (root,0,0,00:00:00/27-13:08:55,42) [inet_frag_wq] (root,0,0,00:00:09/27-13:08:55,43) [kauditd] (root,0,0,00:00:00/27-13:08:55,44) [khungtaskd] (root,0,0,00:00:00/27-13:08:55,45) [oom_reaper] (root,0,0,00:00:00/27-13:08:55,46) [writeback] (root,0,0,00:01:28/27-13:08:55,47) [kcompactd0] (root,0,0,00:00:00/27-13:08:55,48) [ksmd] (root,0,0,00:01:29/27-13:08:55,49) [khugepaged] (root,0,0,00:00:00/27-13:08:55,75) [kintegrityd] (root,0,0,00:00:00/27-13:08:55,76) [kblockd] (root,0,0,00:00:00/27-13:08:55,77) [blkcg_punt_bio] (root,0,0,00:00:00/27-13:08:55,79) [tpm_dev_wq] (root,0,0,00:00:00/27-13:08:55,80) [edac-poller] (root,0,0,00:00:00/27-13:08:55,81) [devfreq_wq] (root,0,0,00:00:00/27-13:08:55,110) [watchdogd] (root,0,0,00:00:02/27-13:08:55,111) [kswapd0] (root,0,0,00:00:07/27-13:08:55,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/27-13:08:53,115) [kthrotld] (root,0,0,00:00:00/27-13:08:53,116) [mld] (root,0,0,00:00:00/27-13:08:53,117) [ipv6_addrconf] (root,0,0,00:00:07/27-13:08:53,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-13:08:53,123) [kstrp] (root,0,0,00:00:00/27-13:08:53,124) [zswap-shrink] (root,0,0,00:00:00/27-13:08:53,125) [kworker/u9:0] (root,0,0,00:00:00/27-13:08:53,130) [charger_manager] (root,0,0,00:00:08/27-13:08:53,172) [kworker/1:1H-kblockd] (root,0,0,00:00:12/27-13:08:53,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/27-13:08:52,239) [kaluad] (root,0,0,00:00:00/27-13:08:52,258) [kmpath_rdacd] (root,0,0,00:00:00/27-13:08:52,304) [kmpathd] (root,0,0,00:00:00/27-13:08:52,305) [kmpath_handlerd] (root,0,0,00:00:00/27-13:08:51,342) [ata_sff] (root,0,0,00:00:00/27-13:08:51,343) [scsi_eh_0] (root,0,0,00:00:00/27-13:08:51,344) [scsi_tmf_0] (root,0,0,00:00:00/27-13:08:51,345) [scsi_eh_1] (root,0,0,00:00:00/27-13:08:51,346) [scsi_tmf_1] (root,0,0,00:00:55/27-13:08:48,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-13:08:48,367) [ext4-rsv-conver] (root,38604,7944,00:00:43/27-13:08:36,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/27-13:08:35,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:43/27-13:08:33,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:15/27-13:08:02,511) /sbin/auditd (messagebus,22932,5632,00:01:26/27-13:08:01,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8328,00:00:49/27-13:08:01,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/27-13:08:01,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/27-13:07:59,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/27-13:07:59,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28776,00:00:32/27-13:07:45,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/27-13:07:45,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:49/27-13:07:45,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/27-13:07:45,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/27-13:07:45,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/27-13:07:45,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/27-13:07:45,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:41/27-13:07:45,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:00/27-13:07:45,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/27-13:07:45,1352) bpfilter_umh (root,26204,8128,00:00:13/27-13:07:45,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/27-13:07:45,1359) ntpd: asynchronous dns resolver (spot,295920,194972,1-17:12:32/27-13:07:44,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/27-13:07:44,1371) (sd-pam) (checkmk,48528,3192,00:00:00/27-13:07:44,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/27-13:07:44,1373) (sd-pam) (root,24216,5260,00:00:09/27-13:07:42,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:01/27-13:07:42,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/27-13:07:42,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/27-13:07:39,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:42/27-13:07:38,1527) sshd: syslogtunnel (root,693268,74064,00:38:05/27-13:07:36,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,219584,59132,00:15:35/27-13:07:24,1995) /usr/bin/python3.11 /usr/bin/spot (root,6656,3484,00:00:00/00:00,2394) /bin/bash /usr/bin/check_mk_agent (root,6656,1820,00:00:00/00:00,2435) /bin/bash /usr/bin/check_mk_agent (root,6656,2012,00:00:00/00:00,2436) /bin/bash /usr/bin/check_mk_agent (root,4480,1060,00:00:00/00:00,2437) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,848,00:00:00/00:00,2438) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,736,00:00:00/00:00,2439) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3480,00:00:00/00:00,2440) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,2458) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,2459) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,44628,9244,00:00:00/21-18:42:59,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/27-13:06:59,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:31/27-13:06:59,3218) sshd: cm-ssh (root,0,0,00:00:00/01:37:04,4690) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/07:42,4886) [kworker/1:0-events] (root,0,0,00:00:00/06:59,8133) [kworker/3:1-ata_sff] (postfix,24244,8176,00:00:00/46:29,10198) pickup -l -t fifo -u (root,0,0,00:00:00/13:57,14310) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/01:56:40,21505) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/01:31:31,22103) [kworker/0:1-events] (root,0,0,00:00:00/01:13:02,24824) [kworker/2:1-events] (root,0,0,00:00:00/10:49,24846) [kworker/2:0-events] (root,0,0,00:00:01/01:30:00,28201) [kworker/3:0-events] (root,0,0,00:00:00/42:00,28567) [kworker/1:1-events] (root,0,0,00:00:00/01:47,29528) [kworker/3:2-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-07 23:57 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ced7d7b0Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:11/25-12:55:23,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-12:55:23,2) [kthreadd] (root,0,0,00:00:00/25-12:55:23,3) [rcu_gp] (root,0,0,00:00:00/25-12:55:23,4) [rcu_par_gp] (root,0,0,00:00:00/25-12:55:23,5) [slub_flushwq] (root,0,0,00:00:00/25-12:55:23,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-12:55:23,9) [mm_percpu_wq] (root,0,0,00:00:00/25-12:55:23,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-12:55:23,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-12:55:23,12) [rcu_tasks_trace] (root,0,0,00:00:48/25-12:55:23,13) [ksoftirqd/0] (root,0,0,01:14:44/25-12:55:23,14) [rcu_preempt] (root,0,0,00:00:09/25-12:55:23,15) [migration/0] (root,0,0,00:00:00/25-12:55:23,16) [idle_inject/0] (root,0,0,00:00:00/25-12:55:23,18) [cpuhp/0] (root,0,0,00:00:00/25-12:55:23,19) [cpuhp/1] (root,0,0,00:00:00/25-12:55:23,20) [idle_inject/1] (root,0,0,00:00:09/25-12:55:23,21) [migration/1] (root,0,0,00:00:39/25-12:55:23,22) [ksoftirqd/1] (root,0,0,00:00:00/25-12:55:23,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-12:55:23,25) [cpuhp/2] (root,0,0,00:00:00/25-12:55:23,26) [idle_inject/2] (root,0,0,00:00:07/25-12:55:23,27) [migration/2] (root,0,0,00:48:51/25-12:55:23,28) [ksoftirqd/2] (root,0,0,00:00:00/25-12:55:23,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-12:55:23,31) [cpuhp/3] (root,0,0,00:00:00/25-12:55:23,32) [idle_inject/3] (root,0,0,00:00:09/25-12:55:23,33) [migration/3] (root,0,0,00:02:31/25-12:55:23,34) [ksoftirqd/3] (root,0,0,00:00:00/25-12:55:23,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-12:55:23,40) [kdevtmpfs] (root,0,0,00:00:00/25-12:55:23,41) [netns] (root,0,0,00:00:00/25-12:55:23,42) [inet_frag_wq] (root,0,0,00:00:08/25-12:55:23,43) [kauditd] (root,0,0,00:00:00/25-12:55:23,44) [khungtaskd] (root,0,0,00:00:00/25-12:55:23,45) [oom_reaper] (root,0,0,00:00:00/25-12:55:23,46) [writeback] (root,0,0,00:01:21/25-12:55:23,47) [kcompactd0] (root,0,0,00:00:00/25-12:55:23,48) [ksmd] (root,0,0,00:01:23/25-12:55:23,49) [khugepaged] (root,0,0,00:00:00/25-12:55:23,75) [kintegrityd] (root,0,0,00:00:00/25-12:55:23,76) [kblockd] (root,0,0,00:00:00/25-12:55:23,77) [blkcg_punt_bio] (root,0,0,00:00:00/25-12:55:23,79) [tpm_dev_wq] (root,0,0,00:00:00/25-12:55:23,80) [edac-poller] (root,0,0,00:00:00/25-12:55:23,81) [devfreq_wq] (root,0,0,00:00:00/25-12:55:23,110) [watchdogd] (root,0,0,00:00:01/25-12:55:23,111) [kswapd0] (root,0,0,00:00:07/25-12:55:23,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/25-12:55:21,115) [kthrotld] (root,0,0,00:00:00/25-12:55:21,116) [mld] (root,0,0,00:00:00/25-12:55:21,117) [ipv6_addrconf] (root,0,0,00:00:07/25-12:55:21,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-12:55:21,123) [kstrp] (root,0,0,00:00:00/25-12:55:21,124) [zswap-shrink] (root,0,0,00:00:00/25-12:55:21,125) [kworker/u9:0] (root,0,0,00:00:00/25-12:55:21,130) [charger_manager] (root,0,0,00:00:07/25-12:55:21,172) [kworker/1:1H-kblockd] (root,0,0,00:00:11/25-12:55:21,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/25-12:55:20,239) [kaluad] (root,0,0,00:00:00/25-12:55:20,258) [kmpath_rdacd] (root,0,0,00:00:00/25-12:55:20,304) [kmpathd] (root,0,0,00:00:00/25-12:55:20,305) [kmpath_handlerd] (root,0,0,00:00:00/25-12:55:19,342) [ata_sff] (root,0,0,00:00:00/25-12:55:19,343) [scsi_eh_0] (root,0,0,00:00:00/25-12:55:19,344) [scsi_tmf_0] (root,0,0,00:00:00/25-12:55:19,345) [scsi_eh_1] (root,0,0,00:00:00/25-12:55:19,346) [scsi_tmf_1] (root,0,0,00:00:51/25-12:55:16,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-12:55:16,367) [ext4-rsv-conver] (root,38604,7992,00:00:39/25-12:55:04,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:03/25-12:55:03,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:40/25-12:55:01,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:14/25-12:54:30,511) /sbin/auditd (messagebus,22932,5912,00:01:17/25-12:54:29,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:44/25-12:54:29,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/25-12:54:29,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/25-12:54:27,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/25-12:54:27,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/04:06,710) [kworker/0:0-events] (root,548104,29508,00:00:30/25-12:54:13,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/25-12:54:13,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:37/25-12:54:13,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/25-12:54:13,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/25-12:54:13,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/25-12:54:13,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/25-12:54:13,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:38/25-12:54:13,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:42/25-12:54:13,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/25-12:54:13,1352) bpfilter_umh (root,26204,8212,00:00:12/25-12:54:13,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/25-12:54:13,1359) ntpd: asynchronous dns resolver (spot,296080,191492,1-14:58:12/25-12:54:12,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/25-12:54:12,1371) (sd-pam) (checkmk,48528,3192,00:00:00/25-12:54:12,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/25-12:54:12,1373) (sd-pam) (root,24216,5268,00:00:09/25-12:54:10,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/25-12:54:10,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/25-12:54:10,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/25-12:54:07,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:35/25-12:54:06,1527) sshd: syslogtunnel (root,693268,75792,00:35:21/25-12:54:04,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,218560,57872,00:14:36/25-12:53:52,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/19-18:29:27,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/25-12:53:27,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:25/25-12:53:27,3218) sshd: cm-ssh (root,0,0,00:00:00/03:02,4073) [kworker/3:1-ata_sff] (root,0,0,00:00:00/01:16:55,11861) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/01:07,12802) [kworker/u8:2] (root,0,0,00:00:00/10:06,15928) [kworker/1:2-cgroup_destroy] (root,6656,3488,00:00:00/00:00,16012) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,16053) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,16054) /bin/bash /usr/bin/check_mk_agent (root,4480,1164,00:00:00/00:00,16055) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,824,00:00:00/00:00,16056) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2676,1204,00:00:00/00:00,16057) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3484,00:00:00/00:00,16058) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,16076) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,16077) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/50:15,16699) [kworker/2:2-events] (root,0,0,00:00:00/41:16,17398) [kworker/2:1-events] (root,0,0,00:00:00/16:11,20983) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/01:54:03,21873) [kworker/1:0-events] (root,0,0,00:00:00/08:13,22152) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:03:36,22713) [kworker/u8:1-writeback] (root,0,0,00:00:01/01:36:26,27643) [kworker/3:2-events] (root,0,0,00:00:00/01:02:18,28674) [kworker/0:2-cgroup_destroy] (postfix,24244,8204,00:00:00/54:02,32576) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-05 23:44 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363739b9705Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:03/23-12:52:20,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-12:52:20,2) [kthreadd] (root,0,0,00:00:00/23-12:52:20,3) [rcu_gp] (root,0,0,00:00:00/23-12:52:20,4) [rcu_par_gp] (root,0,0,00:00:00/23-12:52:20,5) [slub_flushwq] (root,0,0,00:00:00/23-12:52:20,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-12:52:20,9) [mm_percpu_wq] (root,0,0,00:00:00/23-12:52:20,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-12:52:20,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-12:52:20,12) [rcu_tasks_trace] (root,0,0,00:00:45/23-12:52:20,13) [ksoftirqd/0] (root,0,0,01:09:06/23-12:52:20,14) [rcu_preempt] (root,0,0,00:00:09/23-12:52:20,15) [migration/0] (root,0,0,00:00:00/23-12:52:20,16) [idle_inject/0] (root,0,0,00:00:00/23-12:52:20,18) [cpuhp/0] (root,0,0,00:00:00/23-12:52:20,19) [cpuhp/1] (root,0,0,00:00:00/23-12:52:20,20) [idle_inject/1] (root,0,0,00:00:09/23-12:52:20,21) [migration/1] (root,0,0,00:00:37/23-12:52:20,22) [ksoftirqd/1] (root,0,0,00:00:00/23-12:52:20,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-12:52:20,25) [cpuhp/2] (root,0,0,00:00:00/23-12:52:20,26) [idle_inject/2] (root,0,0,00:00:07/23-12:52:20,27) [migration/2] (root,0,0,00:45:32/23-12:52:20,28) [ksoftirqd/2] (root,0,0,00:00:00/23-12:52:20,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-12:52:20,31) [cpuhp/3] (root,0,0,00:00:00/23-12:52:20,32) [idle_inject/3] (root,0,0,00:00:08/23-12:52:20,33) [migration/3] (root,0,0,00:02:21/23-12:52:20,34) [ksoftirqd/3] (root,0,0,00:00:00/23-12:52:20,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-12:52:20,40) [kdevtmpfs] (root,0,0,00:00:00/23-12:52:20,41) [netns] (root,0,0,00:00:00/23-12:52:20,42) [inet_frag_wq] (root,0,0,00:00:07/23-12:52:20,43) [kauditd] (root,0,0,00:00:00/23-12:52:20,44) [khungtaskd] (root,0,0,00:00:00/23-12:52:20,45) [oom_reaper] (root,0,0,00:00:00/23-12:52:20,46) [writeback] (root,0,0,00:01:15/23-12:52:20,47) [kcompactd0] (root,0,0,00:00:00/23-12:52:20,48) [ksmd] (root,0,0,00:01:17/23-12:52:20,49) [khugepaged] (root,0,0,00:00:00/23-12:52:20,75) [kintegrityd] (root,0,0,00:00:00/23-12:52:20,76) [kblockd] (root,0,0,00:00:00/23-12:52:20,77) [blkcg_punt_bio] (root,0,0,00:00:00/23-12:52:20,79) [tpm_dev_wq] (root,0,0,00:00:00/23-12:52:20,80) [edac-poller] (root,0,0,00:00:00/23-12:52:20,81) [devfreq_wq] (root,0,0,00:00:00/23-12:52:20,110) [watchdogd] (root,0,0,00:00:01/23-12:52:20,111) [kswapd0] (root,0,0,00:00:06/23-12:52:20,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/23-12:52:18,115) [kthrotld] (root,0,0,00:00:00/23-12:52:18,116) [mld] (root,0,0,00:00:00/23-12:52:18,117) [ipv6_addrconf] (root,0,0,00:00:06/23-12:52:18,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-12:52:18,123) [kstrp] (root,0,0,00:00:00/23-12:52:18,124) [zswap-shrink] (root,0,0,00:00:00/23-12:52:18,125) [kworker/u9:0] (root,0,0,00:00:00/23-12:52:18,130) [charger_manager] (root,0,0,00:00:07/23-12:52:18,172) [kworker/1:1H-kblockd] (root,0,0,00:00:10/23-12:52:18,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/23-12:52:17,239) [kaluad] (root,0,0,00:00:00/23-12:52:17,258) [kmpath_rdacd] (root,0,0,00:00:00/23-12:52:17,304) [kmpathd] (root,0,0,00:00:00/23-12:52:17,305) [kmpath_handlerd] (root,0,0,00:00:00/23-12:52:16,342) [ata_sff] (root,0,0,00:00:00/23-12:52:16,343) [scsi_eh_0] (root,0,0,00:00:00/23-12:52:16,344) [scsi_tmf_0] (root,0,0,00:00:00/23-12:52:16,345) [scsi_eh_1] (root,0,0,00:00:00/23-12:52:16,346) [scsi_tmf_1] (root,0,0,00:00:47/23-12:52:13,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-12:52:13,367) [ext4-rsv-conver] (root,38604,7992,00:00:35/23-12:52:01,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/23-12:52:00,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:37/23-12:51:58,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:12/23-12:51:27,511) /sbin/auditd (messagebus,22932,5912,00:01:08/23-12:51:26,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:39/23-12:51:26,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/23-12:51:26,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/23-12:51:24,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/23-12:51:24,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28468,00:00:27/23-12:51:10,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/23-12:51:10,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:27/23-12:51:10,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/23-12:51:10,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/23-12:51:10,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/23-12:51:10,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/23-12:51:10,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:33/23-12:51:10,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:25/23-12:51:10,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/23-12:51:10,1352) bpfilter_umh (root,26204,8212,00:00:10/23-12:51:10,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/23-12:51:10,1359) ntpd: asynchronous dns resolver (spot,292160,178148,1-12:32:15/23-12:51:09,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/23-12:51:09,1371) (sd-pam) (checkmk,48528,3192,00:00:00/23-12:51:09,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/23-12:51:09,1373) (sd-pam) (root,24216,5268,00:00:08/23-12:51:07,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/23-12:51:07,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/23-12:51:07,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/23-12:51:04,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:27/23-12:51:03,1527) sshd: syslogtunnel (root,692644,73248,00:32:34/23-12:51:01,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,56548,00:13:35/23-12:50:49,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/17-18:26:24,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/23-12:50:24,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:18/23-12:50:24,3218) sshd: cm-ssh (root,0,0,00:00:00/01:00:18,3867) [kworker/0:0-events] (root,0,0,00:00:00/25:49,3961) [kworker/1:2-events] (root,0,0,00:00:00/01:08:44,4103) [kworker/u8:1-writeback] (root,0,0,00:00:00/05:33:55,4562) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/16:56,6663) [kworker/0:2-events] (root,0,0,00:00:00/44:55,14029) [kworker/2:1-mm_percpu_wq] (root,0,0,00:00:00/01:23,16238) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:22:15,18134) [kworker/2:2-events] (root,0,0,00:00:00/42:53,18665) [kworker/3:1-events] (postfix,24244,8168,00:00:00/01:12:49,18770) pickup -l -t fifo -u (root,6656,3488,00:00:00/00:01,20862) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,20880) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,20881) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/06:34,25097) [kworker/3:2-ata_sff] (root,0,0,00:00:00/19:50,28637) [kworker/1:1] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-03 23:41 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836310f0ab25Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:54/21-12:58:12,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-12:58:12,2) [kthreadd] (root,0,0,00:00:00/21-12:58:12,3) [rcu_gp] (root,0,0,00:00:00/21-12:58:12,4) [rcu_par_gp] (root,0,0,00:00:00/21-12:58:12,5) [slub_flushwq] (root,0,0,00:00:00/21-12:58:12,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-12:58:12,9) [mm_percpu_wq] (root,0,0,00:00:00/21-12:58:12,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-12:58:12,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-12:58:12,12) [rcu_tasks_trace] (root,0,0,00:00:42/21-12:58:12,13) [ksoftirqd/0] (root,0,0,01:03:27/21-12:58:12,14) [rcu_preempt] (root,0,0,00:00:08/21-12:58:12,15) [migration/0] (root,0,0,00:00:00/21-12:58:12,16) [idle_inject/0] (root,0,0,00:00:00/21-12:58:12,18) [cpuhp/0] (root,0,0,00:00:00/21-12:58:12,19) [cpuhp/1] (root,0,0,00:00:00/21-12:58:12,20) [idle_inject/1] (root,0,0,00:00:08/21-12:58:12,21) [migration/1] (root,0,0,00:00:34/21-12:58:12,22) [ksoftirqd/1] (root,0,0,00:00:00/21-12:58:12,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-12:58:12,25) [cpuhp/2] (root,0,0,00:00:00/21-12:58:12,26) [idle_inject/2] (root,0,0,00:00:06/21-12:58:12,27) [migration/2] (root,0,0,00:42:44/21-12:58:12,28) [ksoftirqd/2] (root,0,0,00:00:00/21-12:58:12,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-12:58:12,31) [cpuhp/3] (root,0,0,00:00:00/21-12:58:12,32) [idle_inject/3] (root,0,0,00:00:08/21-12:58:12,33) [migration/3] (root,0,0,00:02:11/21-12:58:12,34) [ksoftirqd/3] (root,0,0,00:00:00/21-12:58:12,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-12:58:12,40) [kdevtmpfs] (root,0,0,00:00:00/21-12:58:12,41) [netns] (root,0,0,00:00:00/21-12:58:12,42) [inet_frag_wq] (root,0,0,00:00:06/21-12:58:12,43) [kauditd] (root,0,0,00:00:00/21-12:58:12,44) [khungtaskd] (root,0,0,00:00:00/21-12:58:12,45) [oom_reaper] (root,0,0,00:00:00/21-12:58:12,46) [writeback] (root,0,0,00:01:09/21-12:58:12,47) [kcompactd0] (root,0,0,00:00:00/21-12:58:12,48) [ksmd] (root,0,0,00:01:10/21-12:58:12,49) [khugepaged] (root,0,0,00:00:00/21-12:58:12,75) [kintegrityd] (root,0,0,00:00:00/21-12:58:12,76) [kblockd] (root,0,0,00:00:00/21-12:58:12,77) [blkcg_punt_bio] (root,0,0,00:00:00/21-12:58:12,79) [tpm_dev_wq] (root,0,0,00:00:00/21-12:58:12,80) [edac-poller] (root,0,0,00:00:00/21-12:58:12,81) [devfreq_wq] (root,0,0,00:00:00/21-12:58:12,110) [watchdogd] (root,0,0,00:00:01/21-12:58:12,111) [kswapd0] (root,0,0,00:00:05/21-12:58:12,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/21-12:58:10,115) [kthrotld] (root,0,0,00:00:00/21-12:58:10,116) [mld] (root,0,0,00:00:00/21-12:58:10,117) [ipv6_addrconf] (root,0,0,00:00:06/21-12:58:10,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-12:58:10,123) [kstrp] (root,0,0,00:00:00/21-12:58:10,124) [zswap-shrink] (root,0,0,00:00:00/21-12:58:10,125) [kworker/u9:0] (root,0,0,00:00:00/21-12:58:10,130) [charger_manager] (root,0,0,00:00:06/21-12:58:10,172) [kworker/1:1H-kblockd] (root,0,0,00:00:09/21-12:58:10,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/21-12:58:09,239) [kaluad] (root,0,0,00:00:00/21-12:58:09,258) [kmpath_rdacd] (root,0,0,00:00:00/21-12:58:09,304) [kmpathd] (root,0,0,00:00:00/21-12:58:09,305) [kmpath_handlerd] (root,0,0,00:00:00/21-12:58:08,342) [ata_sff] (root,0,0,00:00:00/21-12:58:08,343) [scsi_eh_0] (root,0,0,00:00:00/21-12:58:08,344) [scsi_tmf_0] (root,0,0,00:00:00/21-12:58:08,345) [scsi_eh_1] (root,0,0,00:00:00/21-12:58:08,346) [scsi_tmf_1] (root,0,0,00:00:43/21-12:58:05,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-12:58:05,367) [ext4-rsv-conver] (root,38604,7992,00:00:30/21-12:57:53,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/21-12:57:52,454) /usr/lib/systemd/systemd-udevd (root,0,0,00:00:01/02:00:53,461) [kworker/3:0-events] (root,8624,6244,00:00:34/21-12:57:50,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:10/21-12:57:19,511) /sbin/auditd (messagebus,22932,5912,00:00:58/21-12:57:18,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:33/21-12:57:18,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/21-12:57:18,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/21-12:57:16,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/21-12:57:16,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28468,00:00:25/21-12:57:02,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/21-12:57:02,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:16/21-12:57:02,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/21-12:57:02,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/21-12:57:02,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/21-12:57:02,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/21-12:57:02,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:29/21-12:57:02,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:07/21-12:57:02,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/21-12:57:02,1352) bpfilter_umh (root,26204,8212,00:00:09/21-12:57:02,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/21-12:57:02,1359) ntpd: asynchronous dns resolver (spot,314076,199568,1-09:55:31/21-12:57:01,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/21-12:57:01,1371) (sd-pam) (checkmk,48528,3192,00:00:00/21-12:57:01,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/21-12:57:01,1373) (sd-pam) (root,24216,5268,00:00:07/21-12:56:59,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/21-12:56:59,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/21-12:56:59,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/21-12:56:56,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:19/21-12:56:55,1527) sshd: syslogtunnel (root,692388,72908,00:29:47/21-12:56:53,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,216512,55044,00:12:32/21-12:56:41,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/15-18:32:16,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/21-12:56:16,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:12/21-12:56:16,3218) sshd: cm-ssh (root,0,0,00:00:00/30:40,3360) [kworker/2:0-events] (root,0,0,00:00:00/16:26,3491) [kworker/1:2-events] (root,0,0,00:00:00/57:14,6922) [kworker/0:2-events] (root,0,0,00:00:00/06:45,8901) [kworker/3:2-ata_sff] (root,0,0,00:00:00/02:16:49,9313) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:20:02,14476) [kworker/u8:1-writeback] (root,0,0,00:00:00/22:10,18332) [kworker/0:1] (root,0,0,00:00:00/10:46,20656) [kworker/1:0] (root,0,0,00:00:00/02:17,25731) [kworker/2:1-events] (root,0,0,00:00:00/01:34,27423) [kworker/3:1-ata_sff] (root,0,0,00:00:01/04:36:47,29790) [kworker/2:2-cgroup_destroy] (postfix,24244,8256,00:00:00/00:31,30941) pickup -l -t fifo -u (root,6656,3492,00:00:00/00:00,32102) /bin/bash /usr/bin/check_mk_agent (root,13744,3380,00:00:00/00:00,32120) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,32121) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-01 23:46 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363494e0378Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:44/19-12:57:23,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-12:57:23,2) [kthreadd] (root,0,0,00:00:00/19-12:57:23,3) [rcu_gp] (root,0,0,00:00:00/19-12:57:23,4) [rcu_par_gp] (root,0,0,00:00:00/19-12:57:23,5) [slub_flushwq] (root,0,0,00:00:00/19-12:57:23,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-12:57:23,9) [mm_percpu_wq] (root,0,0,00:00:00/19-12:57:23,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-12:57:23,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-12:57:23,12) [rcu_tasks_trace] (root,0,0,00:00:38/19-12:57:23,13) [ksoftirqd/0] (root,0,0,00:57:22/19-12:57:23,14) [rcu_preempt] (root,0,0,00:00:07/19-12:57:23,15) [migration/0] (root,0,0,00:00:00/19-12:57:23,16) [idle_inject/0] (root,0,0,00:00:00/19-12:57:23,18) [cpuhp/0] (root,0,0,00:00:00/19-12:57:23,19) [cpuhp/1] (root,0,0,00:00:00/19-12:57:23,20) [idle_inject/1] (root,0,0,00:00:07/19-12:57:23,21) [migration/1] (root,0,0,00:00:31/19-12:57:23,22) [ksoftirqd/1] (root,0,0,00:00:00/19-12:57:23,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-12:57:23,25) [cpuhp/2] (root,0,0,00:00:00/19-12:57:23,26) [idle_inject/2] (root,0,0,00:00:05/19-12:57:23,27) [migration/2] (root,0,0,00:39:19/19-12:57:23,28) [ksoftirqd/2] (root,0,0,00:00:00/19-12:57:23,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-12:57:23,31) [cpuhp/3] (root,0,0,00:00:00/19-12:57:23,32) [idle_inject/3] (root,0,0,00:00:07/19-12:57:23,33) [migration/3] (root,0,0,00:01:59/19-12:57:23,34) [ksoftirqd/3] (root,0,0,00:00:00/19-12:57:23,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-12:57:23,40) [kdevtmpfs] (root,0,0,00:00:00/19-12:57:23,41) [netns] (root,0,0,00:00:00/19-12:57:23,42) [inet_frag_wq] (root,0,0,00:00:05/19-12:57:23,43) [kauditd] (root,0,0,00:00:00/19-12:57:23,44) [khungtaskd] (root,0,0,00:00:00/19-12:57:23,45) [oom_reaper] (root,0,0,00:00:00/19-12:57:23,46) [writeback] (root,0,0,00:01:02/19-12:57:23,47) [kcompactd0] (root,0,0,00:00:00/19-12:57:23,48) [ksmd] (root,0,0,00:01:03/19-12:57:23,49) [khugepaged] (root,0,0,00:00:00/19-12:57:23,75) [kintegrityd] (root,0,0,00:00:00/19-12:57:23,76) [kblockd] (root,0,0,00:00:00/19-12:57:23,77) [blkcg_punt_bio] (root,0,0,00:00:00/19-12:57:23,79) [tpm_dev_wq] (root,0,0,00:00:00/19-12:57:23,80) [edac-poller] (root,0,0,00:00:00/19-12:57:23,81) [devfreq_wq] (root,0,0,00:00:00/19-12:57:23,110) [watchdogd] (root,0,0,00:00:01/19-12:57:23,111) [kswapd0] (root,0,0,00:00:05/19-12:57:23,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/19-12:57:21,115) [kthrotld] (root,0,0,00:00:00/19-12:57:21,116) [mld] (root,0,0,00:00:00/19-12:57:21,117) [ipv6_addrconf] (root,0,0,00:00:05/19-12:57:21,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-12:57:21,123) [kstrp] (root,0,0,00:00:00/19-12:57:21,124) [zswap-shrink] (root,0,0,00:00:00/19-12:57:21,125) [kworker/u9:0] (root,0,0,00:00:00/19-12:57:21,130) [charger_manager] (root,0,0,00:00:06/19-12:57:21,172) [kworker/1:1H-kblockd] (root,0,0,00:00:09/19-12:57:21,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/19-12:57:20,239) [kaluad] (root,0,0,00:00:00/19-12:57:20,258) [kmpath_rdacd] (root,0,0,00:00:00/19-12:57:20,304) [kmpathd] (root,0,0,00:00:00/19-12:57:20,305) [kmpath_handlerd] (root,0,0,00:00:00/19-12:57:19,342) [ata_sff] (root,0,0,00:00:00/19-12:57:19,343) [scsi_eh_0] (root,0,0,00:00:00/19-12:57:19,344) [scsi_tmf_0] (root,0,0,00:00:00/19-12:57:19,345) [scsi_eh_1] (root,0,0,00:00:00/19-12:57:19,346) [scsi_tmf_1] (root,0,0,00:00:39/19-12:57:16,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-12:57:16,367) [ext4-rsv-conver] (root,38604,7616,00:00:25/19-12:57:04,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/19-12:57:03,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:31/19-12:57:01,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:08/19-12:56:30,511) /sbin/auditd (messagebus,22932,5912,00:00:45/19-12:56:29,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:26/19-12:56:29,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/19-12:56:29,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/19-12:56:27,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/19-12:56:27,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:23/19-12:56:13,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/19-12:56:13,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:05/19-12:56:13,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/19-12:56:13,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/19-12:56:13,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/19-12:56:13,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/19-12:56:13,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:25/19-12:56:13,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:49/19-12:56:13,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/19-12:56:13,1352) bpfilter_umh (root,26204,8212,00:00:07/19-12:56:13,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/19-12:56:13,1359) ntpd: asynchronous dns resolver (spot,314060,199564,1-07:06:47/19-12:56:12,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/19-12:56:12,1371) (sd-pam) (checkmk,48528,3192,00:00:00/19-12:56:12,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/19-12:56:12,1373) (sd-pam) (root,24216,5268,00:00:06/19-12:56:10,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/19-12:56:10,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/19-12:56:10,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/19-12:56:07,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:10/19-12:56:06,1527) sshd: syslogtunnel (root,618656,71492,00:26:56/19-12:56:04,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,215488,53708,00:11:20/19-12:55:52,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/13-18:31:27,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/19-12:55:27,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:05/19-12:55:27,3218) sshd: cm-ssh (root,0,0,00:00:00/50:05,4244) [kworker/0:0-events] (root,0,0,00:00:00/04:24,5008) [kworker/u8:1] (root,0,0,00:00:00/31:22,7171) [kworker/3:2-events] (root,0,0,00:00:00/47:41,10508) [kworker/2:2-events] (root,0,0,00:00:01/03:08:07,12961) [kworker/2:0-events] (root,0,0,00:00:00/37:06,15979) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/10:15,16908) [kworker/0:2-events] (root,0,0,00:00:00/10:14,16909) [kworker/u8:0-writeback] (root,0,0,00:00:00/01:45:34,17258) [kworker/1:0-events] (postfix,24244,8296,00:00:00/20:35,18563) pickup -l -t fifo -u (root,0,0,00:00:00/00:13,21706) [kworker/3:1-ata_sff] (root,6764,3600,00:00:00/00:00,23321) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,23446) /bin/bash /usr/bin/check_mk_agent (root,6292,3188,00:00:00/00:00,23468) /bin/bash ././spot.bash (root,13744,3512,00:00:00/00:00,23483) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,23485) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:38,29017) [kworker/1:1] (root,0,0,00:00:00/05:25,32535) [kworker/3:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-29 23:46 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639b25f103Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:33/17-12:56:46,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-12:56:46,2) [kthreadd] (root,0,0,00:00:00/17-12:56:46,3) [rcu_gp] (root,0,0,00:00:00/17-12:56:46,4) [rcu_par_gp] (root,0,0,00:00:00/17-12:56:46,5) [slub_flushwq] (root,0,0,00:00:00/17-12:56:46,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-12:56:46,9) [mm_percpu_wq] (root,0,0,00:00:00/17-12:56:46,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-12:56:46,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-12:56:46,12) [rcu_tasks_trace] (root,0,0,00:00:33/17-12:56:46,13) [ksoftirqd/0] (root,0,0,00:50:24/17-12:56:46,14) [rcu_preempt] (root,0,0,00:00:06/17-12:56:46,15) [migration/0] (root,0,0,00:00:00/17-12:56:46,16) [idle_inject/0] (root,0,0,00:00:00/17-12:56:46,18) [cpuhp/0] (root,0,0,00:00:00/17-12:56:46,19) [cpuhp/1] (root,0,0,00:00:00/17-12:56:46,20) [idle_inject/1] (root,0,0,00:00:06/17-12:56:46,21) [migration/1] (root,0,0,00:00:27/17-12:56:46,22) [ksoftirqd/1] (root,0,0,00:00:00/17-12:56:46,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-12:56:46,25) [cpuhp/2] (root,0,0,00:00:00/17-12:56:46,26) [idle_inject/2] (root,0,0,00:00:05/17-12:56:46,27) [migration/2] (root,0,0,00:33:47/17-12:56:46,28) [ksoftirqd/2] (root,0,0,00:00:00/17-12:56:46,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-12:56:46,31) [cpuhp/3] (root,0,0,00:00:00/17-12:56:46,32) [idle_inject/3] (root,0,0,00:00:06/17-12:56:46,33) [migration/3] (root,0,0,00:01:41/17-12:56:46,34) [ksoftirqd/3] (root,0,0,00:00:00/17-12:56:46,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-12:56:46,40) [kdevtmpfs] (root,0,0,00:00:00/17-12:56:46,41) [netns] (root,0,0,00:00:00/17-12:56:46,42) [inet_frag_wq] (root,0,0,00:00:03/17-12:56:46,43) [kauditd] (root,0,0,00:00:00/17-12:56:46,44) [khungtaskd] (root,0,0,00:00:00/17-12:56:46,45) [oom_reaper] (root,0,0,00:00:00/17-12:56:46,46) [writeback] (root,0,0,00:00:55/17-12:56:46,47) [kcompactd0] (root,0,0,00:00:00/17-12:56:46,48) [ksmd] (root,0,0,00:00:56/17-12:56:46,49) [khugepaged] (root,0,0,00:00:00/17-12:56:46,75) [kintegrityd] (root,0,0,00:00:00/17-12:56:46,76) [kblockd] (root,0,0,00:00:00/17-12:56:46,77) [blkcg_punt_bio] (root,0,0,00:00:00/17-12:56:46,79) [tpm_dev_wq] (root,0,0,00:00:00/17-12:56:46,80) [edac-poller] (root,0,0,00:00:00/17-12:56:46,81) [devfreq_wq] (root,0,0,00:00:00/17-12:56:46,110) [watchdogd] (root,0,0,00:00:01/17-12:56:46,111) [kswapd0] (root,0,0,00:00:04/17-12:56:46,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/17-12:56:44,115) [kthrotld] (root,0,0,00:00:00/17-12:56:44,116) [mld] (root,0,0,00:00:00/17-12:56:44,117) [ipv6_addrconf] (root,0,0,00:00:04/17-12:56:44,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-12:56:44,123) [kstrp] (root,0,0,00:00:00/17-12:56:44,124) [zswap-shrink] (root,0,0,00:00:00/17-12:56:44,125) [kworker/u9:0] (root,0,0,00:00:00/17-12:56:44,130) [charger_manager] (root,0,0,00:00:05/17-12:56:44,172) [kworker/1:1H-kblockd] (root,0,0,00:00:08/17-12:56:44,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/17-12:56:43,239) [kaluad] (root,0,0,00:00:00/17-12:56:43,258) [kmpath_rdacd] (root,0,0,00:00:00/17-12:56:43,304) [kmpathd] (root,0,0,00:00:00/17-12:56:43,305) [kmpath_handlerd] (root,0,0,00:00:00/17-12:56:42,342) [ata_sff] (root,0,0,00:00:00/17-12:56:42,343) [scsi_eh_0] (root,0,0,00:00:00/17-12:56:42,344) [scsi_tmf_0] (root,0,0,00:00:00/17-12:56:42,345) [scsi_eh_1] (root,0,0,00:00:00/17-12:56:42,346) [scsi_tmf_1] (root,0,0,00:00:34/17-12:56:39,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-12:56:39,367) [ext4-rsv-conver] (root,38604,7616,00:00:19/17-12:56:27,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/17-12:56:26,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:27/17-12:56:24,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:06/17-12:55:53,511) /sbin/auditd (messagebus,22932,5912,00:00:31/17-12:55:52,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:18/17-12:55:52,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/17-12:55:52,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/17-12:55:50,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/17-12:55:50,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:20/17-12:55:36,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/17-12:55:36,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:51/17-12:55:36,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/17-12:55:36,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/17-12:55:36,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/17-12:55:36,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/17-12:55:36,1343) /usr/lib/systemd/systemd --user (root,448964,9120,00:00:19/17-12:55:36,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:30/17-12:55:36,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/17-12:55:36,1352) bpfilter_umh (root,26204,8212,00:00:04/17-12:55:36,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/17-12:55:36,1359) ntpd: asynchronous dns resolver (spot,315500,199924,1-03:05:11/17-12:55:35,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/17-12:55:35,1371) (sd-pam) (checkmk,48528,3192,00:00:00/17-12:55:35,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/17-12:55:35,1373) (sd-pam) (root,24216,5268,00:00:06/17-12:55:33,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/17-12:55:33,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/17-12:55:33,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/17-12:55:30,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:01/17-12:55:29,1527) sshd: syslogtunnel (root,618256,73120,00:23:58/17-12:55:27,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/16:02,1721) [kworker/3:1-mm_percpu_wq] (spot,214464,51672,00:10:02/17-12:55:15,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/11-18:30:50,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/07:52,2711) [kworker/2:1-cgroup_destroy] (root,35308,10108,00:00:00/17-12:54:50,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:57/17-12:54:50,3218) sshd: cm-ssh (root,0,0,00:00:00/15:25,3936) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/24:46,6092) [kworker/0:2-events] (root,0,0,00:00:00/14:12,9322) [kworker/0:1] (root,0,0,00:00:00/05:39,13680) [kworker/3:0-ata_sff] (root,0,0,00:00:00/33:15,15869) [kworker/1:1] (root,0,0,00:00:00/55:08,17782) [kworker/1:2-events] (root,0,0,00:00:01/03:17:20,19474) [kworker/2:0-events] (root,0,0,00:00:00/01:03:30,21562) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/01:17,26111) [kworker/2:2-events] (root,0,0,00:00:00/00:28,27757) [kworker/3:2-ata_sff] (root,0,0,00:00:00/00:25,27758) [kworker/u8:1-flush-253:0] (postfix,24244,8224,00:00:00/41:55,29850) pickup -l -t fifo -u (root,6656,3512,00:00:00/00:00,30232) /bin/bash /usr/bin/check_mk_agent (root,6656,3480,00:00:00/00:00,30336) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,30356) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,30357) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,6656,3480,00:00:00/00:00,30358) /bin/bash /usr/bin/check_mk_agent Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-27 23:45 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683632852cd4aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:23/15-13:02:03,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-13:02:03,2) [kthreadd] (root,0,0,00:00:00/15-13:02:03,3) [rcu_gp] (root,0,0,00:00:00/15-13:02:03,4) [rcu_par_gp] (root,0,0,00:00:00/15-13:02:03,5) [slub_flushwq] (root,0,0,00:00:00/15-13:02:03,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-13:02:03,9) [mm_percpu_wq] (root,0,0,00:00:00/15-13:02:03,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-13:02:03,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-13:02:03,12) [rcu_tasks_trace] (root,0,0,00:00:28/15-13:02:03,13) [ksoftirqd/0] (root,0,0,00:43:35/15-13:02:03,14) [rcu_preempt] (root,0,0,00:00:05/15-13:02:03,15) [migration/0] (root,0,0,00:00:00/15-13:02:03,16) [idle_inject/0] (root,0,0,00:00:00/15-13:02:03,18) [cpuhp/0] (root,0,0,00:00:00/15-13:02:03,19) [cpuhp/1] (root,0,0,00:00:00/15-13:02:03,20) [idle_inject/1] (root,0,0,00:00:06/15-13:02:03,21) [migration/1] (root,0,0,00:00:23/15-13:02:03,22) [ksoftirqd/1] (root,0,0,00:00:00/15-13:02:03,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-13:02:03,25) [cpuhp/2] (root,0,0,00:00:00/15-13:02:03,26) [idle_inject/2] (root,0,0,00:00:04/15-13:02:03,27) [migration/2] (root,0,0,00:28:31/15-13:02:03,28) [ksoftirqd/2] (root,0,0,00:00:00/15-13:02:03,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-13:02:03,31) [cpuhp/3] (root,0,0,00:00:00/15-13:02:03,32) [idle_inject/3] (root,0,0,00:00:05/15-13:02:03,33) [migration/3] (root,0,0,00:01:24/15-13:02:03,34) [ksoftirqd/3] (root,0,0,00:00:00/15-13:02:03,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-13:02:03,40) [kdevtmpfs] (root,0,0,00:00:00/15-13:02:03,41) [netns] (root,0,0,00:00:00/15-13:02:03,42) [inet_frag_wq] (root,0,0,00:00:01/15-13:02:03,43) [kauditd] (root,0,0,00:00:00/15-13:02:03,44) [khungtaskd] (root,0,0,00:00:00/15-13:02:03,45) [oom_reaper] (root,0,0,00:00:00/15-13:02:03,46) [writeback] (root,0,0,00:00:48/15-13:02:03,47) [kcompactd0] (root,0,0,00:00:00/15-13:02:03,48) [ksmd] (root,0,0,00:00:50/15-13:02:03,49) [khugepaged] (root,0,0,00:00:00/15-13:02:03,75) [kintegrityd] (root,0,0,00:00:00/15-13:02:03,76) [kblockd] (root,0,0,00:00:00/15-13:02:03,77) [blkcg_punt_bio] (root,0,0,00:00:00/15-13:02:03,79) [tpm_dev_wq] (root,0,0,00:00:00/15-13:02:03,80) [edac-poller] (root,0,0,00:00:00/15-13:02:03,81) [devfreq_wq] (root,0,0,00:00:00/15-13:02:03,110) [watchdogd] (root,0,0,00:00:01/15-13:02:03,111) [kswapd0] (root,0,0,00:00:04/15-13:02:03,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/15-13:02:01,115) [kthrotld] (root,0,0,00:00:00/15-13:02:01,116) [mld] (root,0,0,00:00:00/15-13:02:01,117) [ipv6_addrconf] (root,0,0,00:00:04/15-13:02:01,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-13:02:01,123) [kstrp] (root,0,0,00:00:00/15-13:02:01,124) [zswap-shrink] (root,0,0,00:00:00/15-13:02:01,125) [kworker/u9:0] (root,0,0,00:00:00/15-13:02:01,130) [charger_manager] (root,0,0,00:00:04/15-13:02:01,172) [kworker/1:1H-kblockd] (root,0,0,00:00:06/15-13:02:01,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/15-13:02:00,239) [kaluad] (root,0,0,00:00:00/15-13:02:00,258) [kmpath_rdacd] (root,0,0,00:00:00/15-13:02:00,304) [kmpathd] (root,0,0,00:00:00/15-13:02:00,305) [kmpath_handlerd] (root,0,0,00:00:00/15-13:01:59,342) [ata_sff] (root,0,0,00:00:00/15-13:01:59,343) [scsi_eh_0] (root,0,0,00:00:00/15-13:01:59,344) [scsi_tmf_0] (root,0,0,00:00:00/15-13:01:59,345) [scsi_eh_1] (root,0,0,00:00:00/15-13:01:59,346) [scsi_tmf_1] (root,0,0,00:00:29/15-13:01:56,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-13:01:56,367) [ext4-rsv-conver] (root,38604,7616,00:00:14/15-13:01:44,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/15-13:01:43,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:24/15-13:01:41,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:04/15-13:01:10,511) /sbin/auditd (messagebus,22932,5912,00:00:19/15-13:01:09,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:12/15-13:01:09,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/15-13:01:09,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/15-13:01:07,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/15-13:01:07,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26432,00:00:18/15-13:00:53,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/15-13:00:53,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:38/15-13:00:53,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/15-13:00:53,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/15-13:00:53,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/15-13:00:53,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/15-13:00:53,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:14/15-13:00:53,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:12/15-13:00:53,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/15-13:00:53,1352) bpfilter_umh (root,26204,8212,00:00:03/15-13:00:53,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/15-13:00:53,1359) ntpd: asynchronous dns resolver (spot,314268,199616,22:23:43/15-13:00:52,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/15-13:00:52,1371) (sd-pam) (checkmk,48528,3192,00:00:00/15-13:00:52,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/15-13:00:52,1373) (sd-pam) (root,24216,5268,00:00:05/15-13:00:50,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/15-13:00:50,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/15-13:00:50,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/15-13:00:47,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:53/15-13:00:46,1527) sshd: syslogtunnel (root,617868,72916,00:21:04/15-13:00:44,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,213440,49872,00:08:45/15-13:00:32,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/02:18:48,2076) [kworker/2:0-events] (postfix,44628,9336,00:00:00/9-18:36:07,2557) tlsmgr -l -t unix -u (root,0,0,00:00:02/05:25:40,2845) [kworker/0:2-events] (root,35308,10108,00:00:00/15-13:00:07,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:50/15-13:00:07,3218) sshd: cm-ssh (root,0,0,00:00:00/30:07,3630) [kworker/2:1-events] (root,0,0,00:00:00/11:30,5722) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:09,8737) [kworker/3:2-ata_sff] (root,0,0,00:00:00/02:05:17,9961) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:49:39,11304) [kworker/1:1-events] (root,6656,3488,00:00:00/00:00,13664) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,13682) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,13683) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/52:54,15580) [kworker/1:0] (root,0,0,00:00:00/09:09:10,21313) [kworker/0:0-events] (root,0,0,00:00:00/06:19,22803) [kworker/3:1-events] (root,0,0,00:00:00/01:19:39,26431) [kworker/u8:1-writeback] (postfix,24244,8212,00:00:00/01:09:02,28252) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-25 23:50 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836340481318Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:20/13-13:07:46,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-13:07:46,2) [kthreadd] (root,0,0,00:00:00/13-13:07:46,3) [rcu_gp] (root,0,0,00:00:00/13-13:07:46,4) [rcu_par_gp] (root,0,0,00:00:00/13-13:07:46,5) [slub_flushwq] (root,0,0,00:00:00/13-13:07:46,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-13:07:46,9) [mm_percpu_wq] (root,0,0,00:00:00/13-13:07:46,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-13:07:46,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-13:07:46,12) [rcu_tasks_trace] (root,0,0,00:00:24/13-13:07:46,13) [ksoftirqd/0] (root,0,0,00:37:19/13-13:07:46,14) [rcu_preempt] (root,0,0,00:00:05/13-13:07:46,15) [migration/0] (root,0,0,00:00:00/13-13:07:46,16) [idle_inject/0] (root,0,0,00:00:00/13-13:07:46,18) [cpuhp/0] (root,0,0,00:00:00/13-13:07:46,19) [cpuhp/1] (root,0,0,00:00:00/13-13:07:46,20) [idle_inject/1] (root,0,0,00:00:05/13-13:07:46,21) [migration/1] (root,0,0,00:00:20/13-13:07:46,22) [ksoftirqd/1] (root,0,0,00:00:00/13-13:07:46,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-13:07:46,25) [cpuhp/2] (root,0,0,00:00:00/13-13:07:46,26) [idle_inject/2] (root,0,0,00:00:03/13-13:07:46,27) [migration/2] (root,0,0,00:24:39/13-13:07:46,28) [ksoftirqd/2] (root,0,0,00:00:00/13-13:07:46,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-13:07:46,31) [cpuhp/3] (root,0,0,00:00:00/13-13:07:46,32) [idle_inject/3] (root,0,0,00:00:05/13-13:07:46,33) [migration/3] (root,0,0,00:01:11/13-13:07:46,34) [ksoftirqd/3] (root,0,0,00:00:00/13-13:07:46,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-13:07:46,40) [kdevtmpfs] (root,0,0,00:00:00/13-13:07:46,41) [netns] (root,0,0,00:00:00/13-13:07:46,42) [inet_frag_wq] (root,0,0,00:00:01/13-13:07:46,43) [kauditd] (root,0,0,00:00:00/13-13:07:46,44) [khungtaskd] (root,0,0,00:00:00/13-13:07:46,45) [oom_reaper] (root,0,0,00:00:00/13-13:07:46,46) [writeback] (root,0,0,00:00:41/13-13:07:46,47) [kcompactd0] (root,0,0,00:00:00/13-13:07:46,48) [ksmd] (root,0,0,00:00:44/13-13:07:46,49) [khugepaged] (root,0,0,00:00:00/13-13:07:46,75) [kintegrityd] (root,0,0,00:00:00/13-13:07:46,76) [kblockd] (root,0,0,00:00:00/13-13:07:46,77) [blkcg_punt_bio] (root,0,0,00:00:00/13-13:07:46,79) [tpm_dev_wq] (root,0,0,00:00:00/13-13:07:46,80) [edac-poller] (root,0,0,00:00:00/13-13:07:46,81) [devfreq_wq] (root,0,0,00:00:00/13-13:07:46,110) [watchdogd] (root,0,0,00:00:01/13-13:07:46,111) [kswapd0] (root,0,0,00:00:03/13-13:07:46,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/13-13:07:44,115) [kthrotld] (root,0,0,00:00:00/13-13:07:44,116) [mld] (root,0,0,00:00:00/13-13:07:44,117) [ipv6_addrconf] (root,0,0,00:00:03/13-13:07:44,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-13:07:44,123) [kstrp] (root,0,0,00:00:00/13-13:07:44,124) [zswap-shrink] (root,0,0,00:00:00/13-13:07:44,125) [kworker/u9:0] (root,0,0,00:00:00/13-13:07:44,130) [charger_manager] (root,0,0,00:00:04/13-13:07:44,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/13-13:07:44,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/13-13:07:43,239) [kaluad] (root,0,0,00:00:00/13-13:07:43,258) [kmpath_rdacd] (root,0,0,00:00:00/13-13:07:43,304) [kmpathd] (root,0,0,00:00:00/13-13:07:43,305) [kmpath_handlerd] (root,0,0,00:00:00/13-13:07:42,342) [ata_sff] (root,0,0,00:00:00/13-13:07:42,343) [scsi_eh_0] (root,0,0,00:00:00/13-13:07:42,344) [scsi_tmf_0] (root,0,0,00:00:00/13-13:07:42,345) [scsi_eh_1] (root,0,0,00:00:00/13-13:07:42,346) [scsi_tmf_1] (root,0,0,00:00:25/13-13:07:39,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-13:07:39,367) [ext4-rsv-conver] (root,38604,7616,00:00:12/13-13:07:27,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/13-13:07:26,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:21/13-13:07:24,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/13-13:06:53,511) /sbin/auditd (messagebus,22932,5912,00:00:16/13-13:06:52,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:10/13-13:06:52,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/13-13:06:52,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/13-13:06:50,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/13-13:06:50,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26172,00:00:15/13-13:06:36,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/13-13:06:36,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:25/13-13:06:36,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/13-13:06:36,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/13-13:06:36,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/13-13:06:36,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/13-13:06:36,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:13/13-13:06:36,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:54/13-13:06:36,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/13-13:06:36,1352) bpfilter_umh (root,26204,8212,00:00:02/13-13:06:36,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/13-13:06:36,1359) ntpd: asynchronous dns resolver (spot,305228,189676,18:44:08/13-13:06:35,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/13-13:06:35,1371) (sd-pam) (checkmk,48528,3192,00:00:00/13-13:06:35,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/13-13:06:35,1373) (sd-pam) (root,24216,5268,00:00:04/13-13:06:33,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/13-13:06:33,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/13-13:06:33,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/13-13:06:30,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:46/13-13:06:29,1527) sshd: syslogtunnel (root,617868,70668,00:18:15/13-13:06:27,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,48320,00:07:30/13-13:06:15,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/7-18:41:50,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/13-13:05:50,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:43/13-13:05:50,3218) sshd: cm-ssh (root,0,0,00:00:00/01:49:28,5639) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/23:10,14597) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:01/02:14:01,14919) [kworker/1:0-events] (root,0,0,00:00:00/37:28,15998) [kworker/3:2-events] (root,0,0,00:00:00/03:02:39,16390) [kworker/u8:1-writeback] (root,0,0,00:00:00/01:08,16790) [kworker/3:1-ata_sff] (root,0,0,00:00:00/02:01:52,21914) [kworker/1:1-cgroup_destroy] (root,0,0,00:00:00/45:58,22455) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/06:21,22599) [kworker/3:0-ata_sff] (root,6656,3488,00:00:00/00:00,23957) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,24003) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,24032) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,24035) /bin/bash /usr/bin/check_mk_agent (root,4480,1168,00:00:00/00:00,24036) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,848,00:00:00/00:00,24037) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,684,00:00:00/00:00,24038) cat /proc/net/tcp /proc/net/tcp6 (root,13744,3500,00:00:00/00:00,24040) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,24041) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8228,00:00:00/01:36:42,24772) pickup -l -t fifo -u (root,0,0,00:00:01/02:51:00,25621) [kworker/2:0-events] (root,0,0,00:00:00/01:25:12,29874) [kworker/0:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-23 23:56 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e529350aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:18/11-12:55:33,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-12:55:33,2) [kthreadd] (root,0,0,00:00:00/11-12:55:33,3) [rcu_gp] (root,0,0,00:00:00/11-12:55:33,4) [rcu_par_gp] (root,0,0,00:00:00/11-12:55:33,5) [slub_flushwq] (root,0,0,00:00:00/11-12:55:33,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-12:55:33,9) [mm_percpu_wq] (root,0,0,00:00:00/11-12:55:33,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-12:55:33,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-12:55:33,12) [rcu_tasks_trace] (root,0,0,00:00:20/11-12:55:33,13) [ksoftirqd/0] (root,0,0,00:31:43/11-12:55:33,14) [rcu_preempt] (root,0,0,00:00:04/11-12:55:33,15) [migration/0] (root,0,0,00:00:00/11-12:55:33,16) [idle_inject/0] (root,0,0,00:00:00/11-12:55:33,18) [cpuhp/0] (root,0,0,00:00:00/11-12:55:33,19) [cpuhp/1] (root,0,0,00:00:00/11-12:55:33,20) [idle_inject/1] (root,0,0,00:00:04/11-12:55:33,21) [migration/1] (root,0,0,00:00:17/11-12:55:33,22) [ksoftirqd/1] (root,0,0,00:00:00/11-12:55:33,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-12:55:33,25) [cpuhp/2] (root,0,0,00:00:00/11-12:55:33,26) [idle_inject/2] (root,0,0,00:00:03/11-12:55:33,27) [migration/2] (root,0,0,00:21:10/11-12:55:33,28) [ksoftirqd/2] (root,0,0,00:00:00/11-12:55:33,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-12:55:33,31) [cpuhp/3] (root,0,0,00:00:00/11-12:55:33,32) [idle_inject/3] (root,0,0,00:00:04/11-12:55:33,33) [migration/3] (root,0,0,00:01:01/11-12:55:33,34) [ksoftirqd/3] (root,0,0,00:00:00/11-12:55:33,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-12:55:33,40) [kdevtmpfs] (root,0,0,00:00:00/11-12:55:33,41) [netns] (root,0,0,00:00:00/11-12:55:33,42) [inet_frag_wq] (root,0,0,00:00:01/11-12:55:33,43) [kauditd] (root,0,0,00:00:00/11-12:55:33,44) [khungtaskd] (root,0,0,00:00:00/11-12:55:33,45) [oom_reaper] (root,0,0,00:00:00/11-12:55:33,46) [writeback] (root,0,0,00:00:34/11-12:55:33,47) [kcompactd0] (root,0,0,00:00:00/11-12:55:33,48) [ksmd] (root,0,0,00:00:37/11-12:55:33,49) [khugepaged] (root,0,0,00:00:00/11-12:55:33,75) [kintegrityd] (root,0,0,00:00:00/11-12:55:33,76) [kblockd] (root,0,0,00:00:00/11-12:55:33,77) [blkcg_punt_bio] (root,0,0,00:00:00/11-12:55:33,79) [tpm_dev_wq] (root,0,0,00:00:00/11-12:55:33,80) [edac-poller] (root,0,0,00:00:00/11-12:55:33,81) [devfreq_wq] (root,0,0,00:00:00/11-12:55:33,110) [watchdogd] (root,0,0,00:00:00/11-12:55:33,111) [kswapd0] (root,0,0,00:00:02/11-12:55:33,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-12:55:31,115) [kthrotld] (root,0,0,00:00:00/11-12:55:31,116) [mld] (root,0,0,00:00:00/11-12:55:31,117) [ipv6_addrconf] (root,0,0,00:00:03/11-12:55:31,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-12:55:31,123) [kstrp] (root,0,0,00:00:00/11-12:55:31,124) [zswap-shrink] (root,0,0,00:00:00/11-12:55:31,125) [kworker/u9:0] (root,0,0,00:00:00/11-12:55:31,130) [charger_manager] (root,0,0,00:00:03/11-12:55:31,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/11-12:55:31,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/11-12:55:30,239) [kaluad] (root,0,0,00:00:00/11-12:55:30,258) [kmpath_rdacd] (root,0,0,00:00:00/11-12:55:30,304) [kmpathd] (root,0,0,00:00:00/11-12:55:30,305) [kmpath_handlerd] (root,0,0,00:00:00/11-12:55:29,342) [ata_sff] (root,0,0,00:00:00/11-12:55:29,343) [scsi_eh_0] (root,0,0,00:00:00/11-12:55:29,344) [scsi_tmf_0] (root,0,0,00:00:00/11-12:55:29,345) [scsi_eh_1] (root,0,0,00:00:00/11-12:55:29,346) [scsi_tmf_1] (root,0,0,00:00:21/11-12:55:26,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-12:55:26,367) [ext4-rsv-conver] (root,38604,7616,00:00:10/11-12:55:14,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/11-12:55:13,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:17/11-12:55:11,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/11-12:54:40,511) /sbin/auditd (messagebus,22932,5912,00:00:14/11-12:54:39,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8380,00:00:08/11-12:54:39,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/11-12:54:39,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/11-12:54:37,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/11-12:54:37,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25104,00:00:13/11-12:54:23,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/11-12:54:23,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:13/11-12:54:23,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/11-12:54:23,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/11-12:54:23,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/11-12:54:23,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/11-12:54:23,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:11/11-12:54:23,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:38/11-12:54:23,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/11-12:54:23,1352) bpfilter_umh (root,26204,8212,00:00:02/11-12:54:23,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/11-12:54:23,1359) ntpd: asynchronous dns resolver (spot,292444,178972,15:32:02/11-12:54:22,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/11-12:54:22,1371) (sd-pam) (checkmk,48528,3192,00:00:00/11-12:54:22,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/11-12:54:22,1373) (sd-pam) (root,24216,5268,00:00:03/11-12:54:20,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/11-12:54:20,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/11-12:54:20,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/11-12:54:17,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:39/11-12:54:16,1527) sshd: syslogtunnel (root,617612,72248,00:15:31/11-12:54:14,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,211392,47288,00:06:19/11-12:54:02,1995) /usr/bin/python3.11 /usr/bin/spot (root,6656,3488,00:00:00/00:00,2330) /bin/bash /usr/bin/check_mk_agent (root,13744,3448,00:00:00/00:00,2348) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,2349) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,44628,9380,00:00:00/5-18:29:37,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/11-12:53:37,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:37/11-12:53:37,3218) sshd: cm-ssh (root,0,0,00:00:00/48:45,5235) [kworker/2:2-events] (root,0,0,00:00:03/23:04:06,7785) [kworker/2:1-events] (postfix,24244,8284,00:00:00/05:19,12836) pickup -l -t fifo -u (root,0,0,00:00:00/28:12,14236) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/04:32,17823) [kworker/3:2-ata_sff] (root,0,0,00:00:00/05:52:40,19628) [kworker/0:1-events] (root,0,0,00:00:00/05:28:13,20763) [kworker/1:0-events] (root,0,0,00:00:00/09:43,23666) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:13:44,24598) [kworker/u8:1-events_unbound] (root,0,0,00:00:01/04:27:56,28099) [kworker/1:2-events] (root,0,0,00:00:00/01:01:36,28318) [kworker/3:1-events] (root,0,0,00:00:01/04:03:47,29792) [kworker/0:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-21 23:44 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836370f16342Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:15/9-12:53:10,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-12:53:10,2) [kthreadd] (root,0,0,00:00:00/9-12:53:10,3) [rcu_gp] (root,0,0,00:00:00/9-12:53:10,4) [rcu_par_gp] (root,0,0,00:00:00/9-12:53:10,5) [slub_flushwq] (root,0,0,00:00:00/9-12:53:10,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-12:53:10,9) [mm_percpu_wq] (root,0,0,00:00:00/9-12:53:10,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-12:53:10,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-12:53:10,12) [rcu_tasks_trace] (root,0,0,00:00:17/9-12:53:10,13) [ksoftirqd/0] (root,0,0,00:25:56/9-12:53:10,14) [rcu_preempt] (root,0,0,00:00:03/9-12:53:10,15) [migration/0] (root,0,0,00:00:00/9-12:53:10,16) [idle_inject/0] (root,0,0,00:00:00/9-12:53:10,18) [cpuhp/0] (root,0,0,00:00:00/9-12:53:10,19) [cpuhp/1] (root,0,0,00:00:00/9-12:53:10,20) [idle_inject/1] (root,0,0,00:00:03/9-12:53:10,21) [migration/1] (root,0,0,00:00:14/9-12:53:10,22) [ksoftirqd/1] (root,0,0,00:00:00/9-12:53:10,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-12:53:10,25) [cpuhp/2] (root,0,0,00:00:00/9-12:53:10,26) [idle_inject/2] (root,0,0,00:00:02/9-12:53:10,27) [migration/2] (root,0,0,00:17:34/9-12:53:10,28) [ksoftirqd/2] (root,0,0,00:00:00/9-12:53:10,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-12:53:10,31) [cpuhp/3] (root,0,0,00:00:00/9-12:53:10,32) [idle_inject/3] (root,0,0,00:00:03/9-12:53:10,33) [migration/3] (root,0,0,00:00:50/9-12:53:10,34) [ksoftirqd/3] (root,0,0,00:00:00/9-12:53:10,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-12:53:10,40) [kdevtmpfs] (root,0,0,00:00:00/9-12:53:10,41) [netns] (root,0,0,00:00:00/9-12:53:10,42) [inet_frag_wq] (root,0,0,00:00:01/9-12:53:10,43) [kauditd] (root,0,0,00:00:00/9-12:53:10,44) [khungtaskd] (root,0,0,00:00:00/9-12:53:10,45) [oom_reaper] (root,0,0,00:00:00/9-12:53:10,46) [writeback] (root,0,0,00:00:28/9-12:53:10,47) [kcompactd0] (root,0,0,00:00:00/9-12:53:10,48) [ksmd] (root,0,0,00:00:31/9-12:53:10,49) [khugepaged] (root,0,0,00:00:00/9-12:53:10,75) [kintegrityd] (root,0,0,00:00:00/9-12:53:10,76) [kblockd] (root,0,0,00:00:00/9-12:53:10,77) [blkcg_punt_bio] (root,0,0,00:00:00/9-12:53:10,79) [tpm_dev_wq] (root,0,0,00:00:00/9-12:53:10,80) [edac-poller] (root,0,0,00:00:00/9-12:53:10,81) [devfreq_wq] (root,0,0,00:00:00/9-12:53:10,110) [watchdogd] (root,0,0,00:00:00/9-12:53:10,111) [kswapd0] (root,0,0,00:00:02/9-12:53:10,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-12:53:08,115) [kthrotld] (root,0,0,00:00:00/9-12:53:08,116) [mld] (root,0,0,00:00:00/9-12:53:08,117) [ipv6_addrconf] (root,0,0,00:00:02/9-12:53:08,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-12:53:08,123) [kstrp] (root,0,0,00:00:00/9-12:53:08,124) [zswap-shrink] (root,0,0,00:00:00/9-12:53:08,125) [kworker/u9:0] (root,0,0,00:00:00/9-12:53:08,130) [charger_manager] (root,0,0,00:00:02/9-12:53:08,172) [kworker/1:1H-kblockd] (root,0,0,00:00:04/9-12:53:08,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/9-12:53:07,239) [kaluad] (root,0,0,00:00:00/9-12:53:07,258) [kmpath_rdacd] (root,0,0,00:00:00/9-12:53:07,304) [kmpathd] (root,0,0,00:00:00/9-12:53:07,305) [kmpath_handlerd] (root,0,0,00:00:00/9-12:53:06,342) [ata_sff] (root,0,0,00:00:00/9-12:53:06,343) [scsi_eh_0] (root,0,0,00:00:00/9-12:53:06,344) [scsi_tmf_0] (root,0,0,00:00:00/9-12:53:06,345) [scsi_eh_1] (root,0,0,00:00:00/9-12:53:06,346) [scsi_tmf_1] (root,0,0,00:00:17/9-12:53:03,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-12:53:03,367) [ext4-rsv-conver] (root,38604,7616,00:00:08/9-12:52:51,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/9-12:52:50,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:14/9-12:52:48,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,0,0,00:00:00/04:33,504) [kworker/u8:1-writeback] (root,13476,1652,00:00:02/9-12:52:17,511) /sbin/auditd (messagebus,22932,5912,00:00:12/9-12:52:16,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8368,00:00:07/9-12:52:16,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/9-12:52:16,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/9-12:52:14,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/9-12:52:14,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,24840,00:00:11/9-12:52:00,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/9-12:52:00,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:03/9-12:52:00,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/9-12:52:00,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/9-12:52:00,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/9-12:52:00,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/9-12:52:00,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:09/9-12:52:00,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:20/9-12:52:00,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/9-12:52:00,1352) bpfilter_umh (root,26204,8212,00:00:01/9-12:52:00,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/9-12:52:00,1359) ntpd: asynchronous dns resolver (spot,294208,180276,12:23:16/9-12:51:59,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/9-12:51:59,1371) (sd-pam) (checkmk,48528,3192,00:00:00/9-12:51:59,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/9-12:51:59,1373) (sd-pam) (root,24216,5268,00:00:03/9-12:51:57,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/9-12:51:57,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/9-12:51:57,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/9-12:51:54,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:32/9-12:51:53,1527) sshd: syslogtunnel (root,617356,71960,00:12:46/9-12:51:51,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,210368,46000,00:05:08/9-12:51:39,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/3-18:27:14,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/9-12:51:14,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:30/9-12:51:14,3218) sshd: cm-ssh (root,0,0,00:00:00/01:42:23,4425) [kworker/2:2-events] (root,0,0,00:00:00/02:44:29,9613) [kworker/1:0-events] (root,0,0,00:00:00/03:45:44,11212) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/01:38,11404) [kworker/3:0-events] (root,0,0,00:00:01/01:50:35,12819) [kworker/3:1-ata_sff] (root,0,0,00:00:00/26:24,13984) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/05:11:20,14915) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:01/04:57:47,15893) [kworker/0:0-events] (root,6656,3488,00:00:00/00:00,18086) /bin/bash /usr/bin/check_mk_agent (root,13744,3420,00:00:00/00:00,18104) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,18105) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:32:18,20227) [kworker/0:1] (postfix,24244,8200,00:00:00/24:44,21847) pickup -l -t fifo -u (root,0,0,00:00:00/06:51,21983) [kworker/3:2-ata_sff] (root,0,0,00:00:02/08:11:14,26887) [kworker/1:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-19 23:41 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639b9b3500Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:12/7-12:50:34,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-12:50:34,2) [kthreadd] (root,0,0,00:00:00/7-12:50:34,3) [rcu_gp] (root,0,0,00:00:00/7-12:50:34,4) [rcu_par_gp] (root,0,0,00:00:00/7-12:50:34,5) [slub_flushwq] (root,0,0,00:00:00/7-12:50:34,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-12:50:34,9) [mm_percpu_wq] (root,0,0,00:00:00/7-12:50:34,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-12:50:34,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-12:50:34,12) [rcu_tasks_trace] (root,0,0,00:00:13/7-12:50:34,13) [ksoftirqd/0] (root,0,0,00:20:03/7-12:50:34,14) [rcu_preempt] (root,0,0,00:00:02/7-12:50:34,15) [migration/0] (root,0,0,00:00:00/7-12:50:34,16) [idle_inject/0] (root,0,0,00:00:00/7-12:50:34,18) [cpuhp/0] (root,0,0,00:00:00/7-12:50:34,19) [cpuhp/1] (root,0,0,00:00:00/7-12:50:34,20) [idle_inject/1] (root,0,0,00:00:03/7-12:50:34,21) [migration/1] (root,0,0,00:00:11/7-12:50:34,22) [ksoftirqd/1] (root,0,0,00:00:00/7-12:50:34,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-12:50:34,25) [cpuhp/2] (root,0,0,00:00:00/7-12:50:34,26) [idle_inject/2] (root,0,0,00:00:02/7-12:50:34,27) [migration/2] (root,0,0,00:13:19/7-12:50:34,28) [ksoftirqd/2] (root,0,0,00:00:00/7-12:50:34,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-12:50:34,31) [cpuhp/3] (root,0,0,00:00:00/7-12:50:34,32) [idle_inject/3] (root,0,0,00:00:02/7-12:50:34,33) [migration/3] (root,0,0,00:00:37/7-12:50:34,34) [ksoftirqd/3] (root,0,0,00:00:00/7-12:50:34,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-12:50:34,40) [kdevtmpfs] (root,0,0,00:00:00/7-12:50:34,41) [netns] (root,0,0,00:00:00/7-12:50:34,42) [inet_frag_wq] (root,0,0,00:00:00/7-12:50:34,43) [kauditd] (root,0,0,00:00:00/7-12:50:34,44) [khungtaskd] (root,0,0,00:00:00/7-12:50:34,45) [oom_reaper] (root,0,0,00:00:00/7-12:50:34,46) [writeback] (root,0,0,00:00:22/7-12:50:34,47) [kcompactd0] (root,0,0,00:00:00/7-12:50:34,48) [ksmd] (root,0,0,00:00:25/7-12:50:34,49) [khugepaged] (root,0,0,00:00:00/7-12:50:34,75) [kintegrityd] (root,0,0,00:00:00/7-12:50:34,76) [kblockd] (root,0,0,00:00:00/7-12:50:34,77) [blkcg_punt_bio] (root,0,0,00:00:00/7-12:50:34,79) [tpm_dev_wq] (root,0,0,00:00:00/7-12:50:34,80) [edac-poller] (root,0,0,00:00:00/7-12:50:34,81) [devfreq_wq] (root,0,0,00:00:00/7-12:50:34,110) [watchdogd] (root,0,0,00:00:00/7-12:50:34,111) [kswapd0] (root,0,0,00:00:01/7-12:50:34,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-12:50:32,115) [kthrotld] (root,0,0,00:00:00/7-12:50:32,116) [mld] (root,0,0,00:00:00/7-12:50:32,117) [ipv6_addrconf] (root,0,0,00:00:01/7-12:50:32,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-12:50:32,123) [kstrp] (root,0,0,00:00:00/7-12:50:32,124) [zswap-shrink] (root,0,0,00:00:00/7-12:50:32,125) [kworker/u9:0] (root,0,0,00:00:00/7-12:50:32,130) [charger_manager] (root,0,0,00:00:02/7-12:50:32,172) [kworker/1:1H-kblockd] (root,0,0,00:00:03/7-12:50:32,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/7-12:50:31,239) [kaluad] (root,0,0,00:00:00/7-12:50:31,258) [kmpath_rdacd] (root,0,0,00:00:00/7-12:50:31,304) [kmpathd] (root,0,0,00:00:00/7-12:50:31,305) [kmpath_handlerd] (root,0,0,00:00:00/7-12:50:30,342) [ata_sff] (root,0,0,00:00:00/7-12:50:30,343) [scsi_eh_0] (root,0,0,00:00:00/7-12:50:30,344) [scsi_tmf_0] (root,0,0,00:00:00/7-12:50:30,345) [scsi_eh_1] (root,0,0,00:00:00/7-12:50:30,346) [scsi_tmf_1] (root,0,0,00:00:13/7-12:50:27,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-12:50:27,367) [ext4-rsv-conver] (root,38604,7616,00:00:07/7-12:50:15,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/7-12:50:14,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:11/7-12:50:12,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/7-12:49:41,511) /sbin/auditd (messagebus,22932,5912,00:00:09/7-12:49:40,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:05/7-12:49:40,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/7-12:49:40,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/7-12:49:38,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/7-12:49:38,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,23800,00:00:08/7-12:49:24,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/7-12:49:24,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:47/7-12:49:24,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/7-12:49:24,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/7-12:49:24,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/7-12:49:24,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/7-12:49:24,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:08/7-12:49:24,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:02/7-12:49:24,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/7-12:49:24,1352) bpfilter_umh (root,26204,8212,00:00:01/7-12:49:24,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/7-12:49:24,1359) ntpd: asynchronous dns resolver (spot,289932,176684,09:14:56/7-12:49:23,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/7-12:49:23,1371) (sd-pam) (checkmk,48528,3192,00:00:00/7-12:49:23,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/7-12:49:23,1373) (sd-pam) (root,24216,5268,00:00:02/7-12:49:21,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/7-12:49:21,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/7-12:49:21,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/7-12:49:18,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:25/7-12:49:17,1527) sshd: syslogtunnel (root,617356,71816,00:10:00/7-12:49:15,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,44444,00:03:54/7-12:49:03,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/1-18:24:38,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/7-12:48:38,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:23/7-12:48:38,3218) sshd: cm-ssh (postfix,24244,8216,00:00:00/44:12,5947) pickup -l -t fifo -u (root,0,0,00:00:01/09:35:47,6969) [kworker/0:2-events] (root,0,0,00:00:00/08:54,7867) [kworker/3:2-ata_sff] (root,6656,3488,00:00:00/00:00,11578) /bin/bash /usr/bin/check_mk_agent (root,13744,3452,00:00:00/00:00,11596) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,11597) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:20:22,12808) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/24:50,14333) [kworker/1:0-events] (root,0,0,00:00:00/02:27:26,17990) [kworker/2:0-events] (root,0,0,00:00:02/07:00:45,18376) [kworker/2:2-events] (root,0,0,00:00:00/01:38:44,20009) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/50:24,22435) [kworker/3:1-events] (root,0,0,00:00:00/01:10:00,26012) [kworker/0:0-events] (root,0,0,00:00:00/01:32:41,27803) [kworker/1:1-events] (root,0,0,00:00:00/03:43,29383) [kworker/3:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-17 23:39 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363be5c3769Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:09/5-13:03:51,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-13:03:51,2) [kthreadd] (root,0,0,00:00:00/5-13:03:51,3) [rcu_gp] (root,0,0,00:00:00/5-13:03:51,4) [rcu_par_gp] (root,0,0,00:00:00/5-13:03:51,5) [slub_flushwq] (root,0,0,00:00:00/5-13:03:51,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-13:03:51,9) [mm_percpu_wq] (root,0,0,00:00:00/5-13:03:51,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-13:03:51,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-13:03:51,12) [rcu_tasks_trace] (root,0,0,00:00:09/5-13:03:51,13) [ksoftirqd/0] (root,0,0,00:14:19/5-13:03:51,14) [rcu_preempt] (root,0,0,00:00:02/5-13:03:51,15) [migration/0] (root,0,0,00:00:00/5-13:03:51,16) [idle_inject/0] (root,0,0,00:00:00/5-13:03:51,18) [cpuhp/0] (root,0,0,00:00:00/5-13:03:51,19) [cpuhp/1] (root,0,0,00:00:00/5-13:03:51,20) [idle_inject/1] (root,0,0,00:00:02/5-13:03:51,21) [migration/1] (root,0,0,00:00:07/5-13:03:51,22) [ksoftirqd/1] (root,0,0,00:00:00/5-13:03:51,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-13:03:51,25) [cpuhp/2] (root,0,0,00:00:00/5-13:03:51,26) [idle_inject/2] (root,0,0,00:00:01/5-13:03:51,27) [migration/2] (root,0,0,00:09:24/5-13:03:51,28) [ksoftirqd/2] (root,0,0,00:00:00/5-13:03:51,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-13:03:51,31) [cpuhp/3] (root,0,0,00:00:00/5-13:03:51,32) [idle_inject/3] (root,0,0,00:00:02/5-13:03:51,33) [migration/3] (root,0,0,00:00:26/5-13:03:51,34) [ksoftirqd/3] (root,0,0,00:00:00/5-13:03:51,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-13:03:51,40) [kdevtmpfs] (root,0,0,00:00:00/5-13:03:51,41) [netns] (root,0,0,00:00:00/5-13:03:51,42) [inet_frag_wq] (root,0,0,00:00:00/5-13:03:51,43) [kauditd] (root,0,0,00:00:00/5-13:03:51,44) [khungtaskd] (root,0,0,00:00:00/5-13:03:51,45) [oom_reaper] (root,0,0,00:00:00/5-13:03:51,46) [writeback] (root,0,0,00:00:15/5-13:03:51,47) [kcompactd0] (root,0,0,00:00:00/5-13:03:51,48) [ksmd] (root,0,0,00:00:16/5-13:03:51,49) [khugepaged] (root,0,0,00:00:00/5-13:03:51,75) [kintegrityd] (root,0,0,00:00:00/5-13:03:51,76) [kblockd] (root,0,0,00:00:00/5-13:03:51,77) [blkcg_punt_bio] (root,0,0,00:00:00/5-13:03:51,79) [tpm_dev_wq] (root,0,0,00:00:00/5-13:03:51,80) [edac-poller] (root,0,0,00:00:00/5-13:03:51,81) [devfreq_wq] (root,0,0,00:00:00/5-13:03:51,110) [watchdogd] (root,0,0,00:00:00/5-13:03:51,111) [kswapd0] (root,0,0,00:00:01/5-13:03:51,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-13:03:49,115) [kthrotld] (root,0,0,00:00:00/5-13:03:49,116) [mld] (root,0,0,00:00:00/5-13:03:49,117) [ipv6_addrconf] (root,0,0,00:00:01/5-13:03:49,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-13:03:49,123) [kstrp] (root,0,0,00:00:00/5-13:03:49,124) [zswap-shrink] (root,0,0,00:00:00/5-13:03:49,125) [kworker/u9:0] (root,0,0,00:00:00/5-13:03:49,130) [charger_manager] (root,0,0,00:00:01/5-13:03:49,172) [kworker/1:1H-kblockd] (root,0,0,00:00:02/5-13:03:49,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/5-13:03:48,239) [kaluad] (root,0,0,00:00:00/5-13:03:48,258) [kmpath_rdacd] (root,0,0,00:00:00/5-13:03:48,304) [kmpathd] (root,0,0,00:00:00/5-13:03:48,305) [kmpath_handlerd] (root,0,0,00:00:00/5-13:03:47,342) [ata_sff] (root,0,0,00:00:00/5-13:03:47,343) [scsi_eh_0] (root,0,0,00:00:00/5-13:03:47,344) [scsi_tmf_0] (root,0,0,00:00:00/5-13:03:47,345) [scsi_eh_1] (root,0,0,00:00:00/5-13:03:47,346) [scsi_tmf_1] (root,0,0,00:00:09/5-13:03:44,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-13:03:44,367) [ext4-rsv-conver] (root,38604,7616,00:00:05/5-13:03:32,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/5-13:03:31,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:08/5-13:03:29,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/5-13:02:58,511) /sbin/auditd (messagebus,22932,5912,00:00:07/5-13:02:57,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:04/5-13:02:57,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/5-13:02:57,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/5-13:02:55,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/5-13:02:55,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/13:31,1225) [kworker/1:1] (root,547592,23628,00:00:06/5-13:02:41,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/5-13:02:41,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:34/5-13:02:41,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/5-13:02:41,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/5-13:02:41,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/5-13:02:41,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/5-13:02:41,1343) /usr/lib/systemd/systemd --user (root,448964,8616,00:00:06/5-13:02:41,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:44/5-13:02:41,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/5-13:02:41,1352) bpfilter_umh (root,26204,8212,00:00:01/5-13:02:41,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/5-13:02:41,1359) ntpd: asynchronous dns resolver (spot,212204,174636,06:19:11/5-13:02:40,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/5-13:02:40,1371) (sd-pam) (checkmk,48528,3192,00:00:00/5-13:02:40,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/5-13:02:40,1373) (sd-pam) (root,24216,5268,00:00:01/5-13:02:38,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/5-13:02:38,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/5-13:02:38,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/5-13:02:35,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:18/5-13:02:34,1527) sshd: syslogtunnel (root,617100,71516,00:07:13/5-13:02:32,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,43156,00:02:46/5-13:02:20,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/5-13:01:55,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:17/5-13:01:55,3218) sshd: cm-ssh (root,0,0,00:00:00/35:36,4408) [kworker/2:0-events] (root,0,0,00:00:00/02:34,10822) [kworker/2:1-events] (root,0,0,00:00:00/24:35,12469) [kworker/2:2-cgroup_destroy] (postfix,24244,8228,00:00:00/01:18:24,15243) pickup -l -t fifo -u (root,0,0,00:00:00/02:37:18,18842) [kworker/0:0-events] (root,0,0,00:00:01/01:39:13,19687) [kworker/3:0-events] (root,0,0,00:00:00/00:40,20089) [kworker/3:1-ata_sff] (root,6656,3496,00:00:00/00:00,23565) /bin/bash /usr/bin/check_mk_agent (root,6656,3524,00:00:00/00:00,23582) /bin/bash /usr/bin/check_mk_agent (root,6656,1828,00:00:00/00:00,23652) /bin/bash /usr/bin/check_mk_agent (root,6656,2020,00:00:00/00:00,23653) /bin/bash /usr/bin/check_mk_agent (root,4480,1184,00:00:00/00:00,23654) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,776,00:00:00/00:00,23655) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,676,00:00:00/00:00,23656) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3484,00:00:00/00:00,23657) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,23675) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,23676) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/57:31,24590) [kworker/0:2-events] (root,0,0,00:00:00/29:50,24763) [kworker/u8:1-writeback] (root,0,0,00:00:01/04:05:16,25521) [kworker/1:2-events] (root,0,0,00:00:00/09:57:04,28908) [kworker/u8:2-writeback] (root,0,0,00:00:00/05:50,31858) [kworker/3:2-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-15 23:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363bce7c4e4Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:07/3-12:51:23,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-12:51:23,2) [kthreadd] (root,0,0,00:00:00/3-12:51:23,3) [rcu_gp] (root,0,0,00:00:00/3-12:51:23,4) [rcu_par_gp] (root,0,0,00:00:00/3-12:51:23,5) [slub_flushwq] (root,0,0,00:00:00/3-12:51:23,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-12:51:23,9) [mm_percpu_wq] (root,0,0,00:00:00/3-12:51:23,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-12:51:23,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-12:51:23,12) [rcu_tasks_trace] (root,0,0,00:00:06/3-12:51:23,13) [ksoftirqd/0] (root,0,0,00:09:02/3-12:51:23,14) [rcu_preempt] (root,0,0,00:00:01/3-12:51:23,15) [migration/0] (root,0,0,00:00:00/3-12:51:23,16) [idle_inject/0] (root,0,0,00:00:00/3-12:51:23,18) [cpuhp/0] (root,0,0,00:00:00/3-12:51:23,19) [cpuhp/1] (root,0,0,00:00:00/3-12:51:23,20) [idle_inject/1] (root,0,0,00:00:01/3-12:51:23,21) [migration/1] (root,0,0,00:00:05/3-12:51:23,22) [ksoftirqd/1] (root,0,0,00:00:00/3-12:51:23,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-12:51:23,25) [cpuhp/2] (root,0,0,00:00:00/3-12:51:23,26) [idle_inject/2] (root,0,0,00:00:01/3-12:51:23,27) [migration/2] (root,0,0,00:06:05/3-12:51:23,28) [ksoftirqd/2] (root,0,0,00:00:00/3-12:51:23,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-12:51:23,31) [cpuhp/3] (root,0,0,00:00:00/3-12:51:23,32) [idle_inject/3] (root,0,0,00:00:01/3-12:51:23,33) [migration/3] (root,0,0,00:00:16/3-12:51:23,34) [ksoftirqd/3] (root,0,0,00:00:00/3-12:51:23,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-12:51:23,40) [kdevtmpfs] (root,0,0,00:00:00/3-12:51:23,41) [netns] (root,0,0,00:00:00/3-12:51:23,42) [inet_frag_wq] (root,0,0,00:00:00/3-12:51:23,43) [kauditd] (root,0,0,00:00:00/3-12:51:23,44) [khungtaskd] (root,0,0,00:00:00/3-12:51:23,45) [oom_reaper] (root,0,0,00:00:00/3-12:51:23,46) [writeback] (root,0,0,00:00:09/3-12:51:23,47) [kcompactd0] (root,0,0,00:00:00/3-12:51:23,48) [ksmd] (root,0,0,00:00:10/3-12:51:23,49) [khugepaged] (root,0,0,00:00:00/3-12:51:23,75) [kintegrityd] (root,0,0,00:00:00/3-12:51:23,76) [kblockd] (root,0,0,00:00:00/3-12:51:23,77) [blkcg_punt_bio] (root,0,0,00:00:00/3-12:51:23,79) [tpm_dev_wq] (root,0,0,00:00:00/3-12:51:23,80) [edac-poller] (root,0,0,00:00:00/3-12:51:23,81) [devfreq_wq] (root,0,0,00:00:00/3-12:51:23,110) [watchdogd] (root,0,0,00:00:00/3-12:51:23,111) [kswapd0] (root,0,0,00:00:00/3-12:51:23,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-12:51:21,115) [kthrotld] (root,0,0,00:00:00/3-12:51:21,116) [mld] (root,0,0,00:00:00/3-12:51:21,117) [ipv6_addrconf] (root,0,0,00:00:00/3-12:51:21,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-12:51:21,123) [kstrp] (root,0,0,00:00:00/3-12:51:21,124) [zswap-shrink] (root,0,0,00:00:00/3-12:51:21,125) [kworker/u9:0] (root,0,0,00:00:00/3-12:51:21,130) [charger_manager] (root,0,0,00:00:00/3-12:51:21,172) [kworker/1:1H-kblockd] (root,0,0,00:00:01/3-12:51:21,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-12:51:20,239) [kaluad] (root,0,0,00:00:00/3-12:51:20,258) [kmpath_rdacd] (root,0,0,00:00:00/3-12:51:20,304) [kmpathd] (root,0,0,00:00:00/3-12:51:20,305) [kmpath_handlerd] (root,0,0,00:00:00/3-12:51:19,342) [ata_sff] (root,0,0,00:00:00/3-12:51:19,343) [scsi_eh_0] (root,0,0,00:00:00/3-12:51:19,344) [scsi_tmf_0] (root,0,0,00:00:00/3-12:51:19,345) [scsi_eh_1] (root,0,0,00:00:00/3-12:51:19,346) [scsi_tmf_1] (root,0,0,00:00:05/3-12:51:16,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-12:51:16,367) [ext4-rsv-conver] (root,38604,7616,00:00:03/3-12:51:04,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/3-12:51:03,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:05/3-12:51:01,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/3-12:50:30,511) /sbin/auditd (messagebus,22932,5912,00:00:04/3-12:50:29,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8356,00:00:02/3-12:50:29,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/3-12:50:29,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/3-12:50:27,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/3-12:50:27,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22784,00:00:04/3-12:50:13,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/3-12:50:13,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/01:38:59,1333) [kworker/0:1-events] (root,21172,4536,00:00:22/3-12:50:13,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/3-12:50:13,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/3-12:50:13,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/3-12:50:13,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/3-12:50:13,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:04/3-12:50:13,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:28/3-12:50:13,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/3-12:50:13,1352) bpfilter_umh (root,26204,8212,00:00:00/3-12:50:13,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/3-12:50:13,1359) ntpd: asynchronous dns resolver (spot,206192,169252,04:03:19/3-12:50:12,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/3-12:50:12,1371) (sd-pam) (checkmk,48528,3192,00:00:00/3-12:50:12,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/3-12:50:12,1373) (sd-pam) (root,24216,5268,00:00:01/3-12:50:10,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/3-12:50:10,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/3-12:50:10,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/3-12:50:07,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:11/3-12:50:06,1527) sshd: syslogtunnel (root,615820,69960,00:04:37/3-12:50:04,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41868,00:01:49/3-12:49:52,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/08:18:04,2276) [kworker/1:2-events] (root,6656,3480,00:00:00/00:00,2584) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,2587) /bin/bash /usr/bin/check_mk_agent (root,13744,3452,00:00:00/00:00,2616) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,2617) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:22,3150) [kworker/1:0] (root,35308,10108,00:00:00/3-12:49:27,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:10/3-12:49:27,3218) sshd: cm-ssh (root,0,0,00:00:02/08:02:01,5266) [kworker/2:1-events] (postfix,24244,8260,00:00:00/01:27:52,6052) pickup -l -t fifo -u (root,0,0,00:00:00/05:57,8609) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:24:58,13330) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/29:39,18236) [kworker/2:2-events] (root,0,0,00:00:00/01:14:26,27113) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/01:14:15,28172) [kworker/0:2-events] (root,0,0,00:00:00/26:43,28530) [kworker/3:0-events] (root,0,0,00:00:00/00:47,31661) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-13 23:40 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c372f7bcFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:04/1-19:24:36,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-19:24:36,2) [kthreadd] (root,0,0,00:00:00/1-19:24:36,3) [rcu_gp] (root,0,0,00:00:00/1-19:24:36,4) [rcu_par_gp] (root,0,0,00:00:00/1-19:24:36,5) [slub_flushwq] (root,0,0,00:00:00/1-19:24:36,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-19:24:36,9) [mm_percpu_wq] (root,0,0,00:00:00/1-19:24:36,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-19:24:36,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-19:24:36,12) [rcu_tasks_trace] (root,0,0,00:00:03/1-19:24:36,13) [ksoftirqd/0] (root,0,0,00:04:45/1-19:24:36,14) [rcu_preempt] (root,0,0,00:00:00/1-19:24:36,15) [migration/0] (root,0,0,00:00:00/1-19:24:36,16) [idle_inject/0] (root,0,0,00:00:00/1-19:24:36,18) [cpuhp/0] (root,0,0,00:00:00/1-19:24:36,19) [cpuhp/1] (root,0,0,00:00:00/1-19:24:36,20) [idle_inject/1] (root,0,0,00:00:01/1-19:24:36,21) [migration/1] (root,0,0,00:00:02/1-19:24:36,22) [ksoftirqd/1] (root,0,0,00:00:00/1-19:24:36,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-19:24:36,25) [cpuhp/2] (root,0,0,00:00:00/1-19:24:36,26) [idle_inject/2] (root,0,0,00:00:00/1-19:24:36,27) [migration/2] (root,0,0,00:03:28/1-19:24:36,28) [ksoftirqd/2] (root,0,0,00:00:00/1-19:24:36,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-19:24:36,31) [cpuhp/3] (root,0,0,00:00:00/1-19:24:36,32) [idle_inject/3] (root,0,0,00:00:00/1-19:24:36,33) [migration/3] (root,0,0,00:00:09/1-19:24:36,34) [ksoftirqd/3] (root,0,0,00:00:00/1-19:24:36,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-19:24:36,40) [kdevtmpfs] (root,0,0,00:00:00/1-19:24:36,41) [netns] (root,0,0,00:00:00/1-19:24:36,42) [inet_frag_wq] (root,0,0,00:00:00/1-19:24:36,43) [kauditd] (root,0,0,00:00:00/1-19:24:36,44) [khungtaskd] (root,0,0,00:00:00/1-19:24:36,45) [oom_reaper] (root,0,0,00:00:00/1-19:24:36,46) [writeback] (root,0,0,00:00:05/1-19:24:36,47) [kcompactd0] (root,0,0,00:00:00/1-19:24:36,48) [ksmd] (root,0,0,00:00:05/1-19:24:36,49) [khugepaged] (root,0,0,00:00:00/1-19:24:36,75) [kintegrityd] (root,0,0,00:00:00/1-19:24:36,76) [kblockd] (root,0,0,00:00:00/1-19:24:36,77) [blkcg_punt_bio] (root,0,0,00:00:00/1-19:24:36,79) [tpm_dev_wq] (root,0,0,00:00:00/1-19:24:36,80) [edac-poller] (root,0,0,00:00:00/1-19:24:36,81) [devfreq_wq] (root,0,0,00:00:00/1-19:24:36,110) [watchdogd] (root,0,0,00:00:00/1-19:24:36,111) [kswapd0] (root,0,0,00:00:00/1-19:24:36,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-19:24:34,115) [kthrotld] (root,0,0,00:00:00/1-19:24:34,116) [mld] (root,0,0,00:00:00/1-19:24:34,117) [ipv6_addrconf] (root,0,0,00:00:00/1-19:24:34,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-19:24:34,123) [kstrp] (root,0,0,00:00:00/1-19:24:34,124) [zswap-shrink] (root,0,0,00:00:00/1-19:24:34,125) [kworker/u9:0] (root,0,0,00:00:00/1-19:24:34,130) [charger_manager] (root,0,0,00:00:00/1-19:24:34,172) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-19:24:34,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-19:24:33,239) [kaluad] (root,0,0,00:00:00/1-19:24:33,258) [kmpath_rdacd] (root,0,0,00:00:00/1-19:24:33,304) [kmpathd] (root,0,0,00:00:00/1-19:24:33,305) [kmpath_handlerd] (root,0,0,00:00:00/1-19:24:32,342) [ata_sff] (root,0,0,00:00:00/1-19:24:32,343) [scsi_eh_0] (root,0,0,00:00:00/1-19:24:32,344) [scsi_tmf_0] (root,0,0,00:00:00/1-19:24:32,345) [scsi_eh_1] (root,0,0,00:00:00/1-19:24:32,346) [scsi_tmf_1] (root,0,0,00:00:02/1-19:24:29,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-19:24:29,367) [ext4-rsv-conver] (root,0,0,00:00:00/10:31,371) [kworker/2:1] (root,0,0,00:00:00/09:33,418) [kworker/3:2-events_freezable_power_] (root,38604,7616,00:00:01/1-19:24:17,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/1-19:24:16,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:02/1-19:24:14,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/1-19:23:43,511) /sbin/auditd (messagebus,22932,5912,00:00:02/1-19:23:42,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8344,00:00:01/1-19:23:42,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/1-19:23:42,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/1-19:23:40,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/1-19:23:40,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22256,00:00:02/1-19:23:26,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/1-19:23:26,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:11/1-19:23:26,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/1-19:23:26,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/1-19:23:26,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/1-19:23:26,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/1-19:23:26,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:02/1-19:23:26,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:14/1-19:23:26,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/1-19:23:26,1352) bpfilter_umh (root,26204,8212,00:00:00/1-19:23:26,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/1-19:23:26,1359) ntpd: asynchronous dns resolver (spot,204460,167796,02:12:03/1-19:23:25,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/1-19:23:25,1371) (sd-pam) (checkmk,48528,3192,00:00:00/1-19:23:25,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/1-19:23:25,1373) (sd-pam) (root,24216,5268,00:00:00/1-19:23:23,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/1-19:23:23,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/1-19:23:23,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/1-19:23:20,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:06/1-19:23:19,1527) sshd: syslogtunnel (root,615564,67668,00:02:26/1-19:23:17,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:11/05:26:02,1941) [kworker/3:0-ata_sff] (spot,206272,41360,00:00:55/1-19:23:05,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/04:22,3090) [kworker/3:1-ata_sff] (root,35308,10108,00:00:00/1-19:22:40,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:05/1-19:22:40,3218) sshd: cm-ssh (postfix,24244,8248,00:00:00/02:43,3568) pickup -l -t fifo -u (root,6656,3488,00:00:00/00:00,4705) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,4723) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,4724) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/07:00:39,11820) [kworker/2:2-events] (root,0,0,00:00:00/02:58:16,12493) [kworker/u8:1-writeback] (root,0,0,00:00:00/01:15:24,13394) [kworker/1:1-events] (root,0,0,00:00:00/01:04:30,15857) [kworker/1:2-events] (root,0,0,00:00:00/04:07:23,23968) [kworker/0:2-events] (root,0,0,00:00:00/32:11,25309) [kworker/0:1-events] (root,0,0,00:00:00/23:16,27905) [kworker/u8:2-events_unbound] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-12 06:13
-
SSH is potenitally vulnerable
WARNING: This plugin will generate false positive and is purely informative:
regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (CVE-2024-6387)
First seen 2024-09-09 19:57
Last seen 2024-12-19 22:47
Open for 101 days-
Severity: info
Fingerprint: 3f43e0ebb5dce37ab8b59eb5ffe8ab2b0c11d8260c11d8260c11d8260c11d826Found potentially vulnerable SSH version: SSH-2.0-OpenSSH_4.3 WARNING, RISK IS ESTIMATED FALSE POSITIVE ARE LIKELY
Found on 2024-12-19 22:47
-
-
Open service 141.9.46.64:22
2024-12-19 22:47
Found 3 days ago by SSHOpenPluginCreate report
-
Open service 141.9.46.64:22
2024-12-13 23:39
Found 2024-12-13 by SSHOpenPluginCreate report
-
Open service 141.9.46.64:22
2024-12-02 00:04
Found 2024-12-02 by SSHOpenPluginCreate report
-
Open service 141.9.46.64:22
2024-11-29 23:08
Found 2024-11-29 by SSHOpenPluginCreate report
Domain summary
No record