Host 141.9.47.185
Germany
Verein zur Foerderung eines Deutschen Forschungsnetzes e.V.
-
CheckMK monitoring endpoint publicly available
An open CheckMK agent is publicly available.
This could leak sensitive information such as :
- Process list ( maybe credentials )
- Network interfaces
- Running services
- Firewall rules
- Internal OS configuration
https://docs.checkmk.com/latest/en/wato_monitoringagents.html
First seen 2024-09-11 02:37
Last seen 2024-12-22 00:58
Open for 101 days-
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363455ebfceFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12584,00:01:36/39-14:35:50,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-14:35:50,2) [kthreadd] (root,0,0,00:00:00/39-14:35:50,3) [rcu_gp] (root,0,0,00:00:00/39-14:35:50,4) [rcu_par_gp] (root,0,0,00:00:00/39-14:35:50,5) [slub_flushwq] (root,0,0,00:00:00/39-14:35:50,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-14:35:50,9) [mm_percpu_wq] (root,0,0,00:00:00/39-14:35:50,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-14:35:50,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-14:35:50,12) [rcu_tasks_trace] (root,0,0,00:01:15/39-14:35:50,13) [ksoftirqd/0] (root,0,0,01:45:18/39-14:35:50,14) [rcu_preempt] (root,0,0,00:00:15/39-14:35:50,15) [migration/0] (root,0,0,00:00:00/39-14:35:50,16) [idle_inject/0] (root,0,0,00:00:00/39-14:35:50,18) [cpuhp/0] (root,0,0,00:00:00/39-14:35:50,19) [cpuhp/1] (root,0,0,00:00:00/39-14:35:50,20) [idle_inject/1] (root,0,0,00:00:15/39-14:35:50,21) [migration/1] (root,0,0,00:01:05/39-14:35:50,22) [ksoftirqd/1] (root,0,0,00:00:00/39-14:35:50,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-14:35:50,25) [cpuhp/2] (root,0,0,00:00:00/39-14:35:50,26) [idle_inject/2] (root,0,0,00:00:12/39-14:35:50,27) [migration/2] (root,0,0,01:14:06/39-14:35:50,28) [ksoftirqd/2] (root,0,0,00:00:00/39-14:35:50,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-14:35:50,31) [cpuhp/3] (root,0,0,00:00:00/39-14:35:50,32) [idle_inject/3] (root,0,0,00:00:14/39-14:35:50,33) [migration/3] (root,0,0,00:03:31/39-14:35:50,34) [ksoftirqd/3] (root,0,0,00:00:00/39-14:35:50,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-14:35:50,39) [kdevtmpfs] (root,0,0,00:00:00/39-14:35:50,40) [netns] (root,0,0,00:00:00/39-14:35:50,41) [inet_frag_wq] (root,0,0,00:00:09/39-14:35:50,42) [kauditd] (root,0,0,00:00:00/39-14:35:50,43) [khungtaskd] (root,0,0,00:00:00/39-14:35:50,44) [oom_reaper] (root,0,0,00:00:00/39-14:35:50,45) [writeback] (root,0,0,00:01:56/39-14:35:50,46) [kcompactd0] (root,0,0,00:00:00/39-14:35:50,47) [ksmd] (root,0,0,00:01:57/39-14:35:50,48) [khugepaged] (root,0,0,00:00:00/39-14:35:50,74) [kintegrityd] (root,0,0,00:00:00/39-14:35:50,75) [kblockd] (root,0,0,00:00:00/39-14:35:50,76) [blkcg_punt_bio] (root,0,0,00:00:00/39-14:35:50,78) [tpm_dev_wq] (root,0,0,00:00:00/39-14:35:50,79) [edac-poller] (root,0,0,00:00:00/39-14:35:50,80) [devfreq_wq] (root,0,0,00:00:00/39-14:35:50,110) [watchdogd] (root,0,0,00:00:08/39-14:35:50,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/39-14:35:50,112) [kswapd0] (root,0,0,00:00:00/39-14:35:49,114) [kthrotld] (root,0,0,00:00:00/39-14:35:49,115) [mld] (root,0,0,00:00:00/39-14:35:49,116) [ipv6_addrconf] (root,0,0,00:00:17/39-14:35:49,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/39-14:35:49,122) [kstrp] (root,0,0,00:00:00/39-14:35:49,123) [zswap-shrink] (root,0,0,00:00:00/39-14:35:49,124) [kworker/u9:0] (root,0,0,00:00:00/39-14:35:49,129) [charger_manager] (root,0,0,00:00:08/39-14:35:48,172) [kworker/3:1H-kblockd] (root,0,0,00:00:09/39-14:35:48,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-14:35:48,205) [kaluad] (root,0,0,00:00:00/39-14:35:48,250) [kmpath_rdacd] (root,0,0,00:00:00/39-14:35:48,293) [kmpathd] (root,0,0,00:00:00/39-14:35:48,294) [kmpath_handlerd] (root,0,0,00:00:00/39-14:35:48,342) [ata_sff] (root,0,0,00:00:00/39-14:35:47,343) [scsi_eh_0] (root,0,0,00:00:00/39-14:35:47,344) [scsi_tmf_0] (root,0,0,00:00:00/39-14:35:47,345) [scsi_eh_1] (root,0,0,00:00:00/39-14:35:47,346) [scsi_tmf_1] (root,0,0,00:01:05/39-14:35:45,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-14:35:45,367) [ext4-rsv-conver] (root,38604,7788,00:00:54/39-14:35:33,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/39-14:35:32,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:59/39-14:35:30,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:19/39-14:34:56,512) /sbin/auditd (messagebus,22936,5548,00:01:45/39-14:34:56,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:01:01/39-14:34:56,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/39-14:34:56,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/39-14:34:55,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/39-14:34:55,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:44/39-14:34:41,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/39-14:34:41,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:45/39-14:34:40,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/39-14:34:40,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/39-14:34:40,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/39-14:34:40,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/39-14:34:40,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:50/39-14:34:40,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:23/39-14:34:40,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/39-14:34:40,1206) bpfilter_umh (root,26204,8212,00:00:16/39-14:34:40,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/39-14:34:40,1215) ntpd: asynchronous dns resolver (spot,299376,183068,2-02:58:36/39-14:34:40,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/39-14:34:39,1228) (sd-pam) (checkmk,48532,3192,00:00:00/39-14:34:39,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/39-14:34:39,1245) (sd-pam) (root,24216,5344,00:00:13/39-14:34:38,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/39-14:34:38,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/39-14:34:37,1354) /usr/sbin/cron -n (root,698484,82656,00:51:44/39-14:34:31,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,66924,00:17:03/39-14:34:17,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/01:58:39,2674) [kworker/0:2-events] (root,0,0,00:00:00/39:20,5528) [kworker/1:2-events] (root,0,0,00:00:00/05:07,7221) [kworker/3:0-events] (root,0,0,00:00:00/01:32:55,9266) [kworker/u8:0-writeback] (root,0,0,00:00:00/01:08,10883) [kworker/0:1] (root,0,0,00:00:00/24:08,12385) [kworker/0:0-cgroup_destroy] (postfix,24244,8292,00:00:00/03:09,13685) pickup -l -t fifo -u (root,0,0,00:00:00/02:06:41,15256) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/33-12:25:33,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:51/33-12:25:32,15391) sshd: cm-ssh (root,0,0,00:00:00/03:01,15706) [kworker/1:1-ata_sff] (root,35308,10072,00:00:00/23-13:54:11,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:22/23-13:54:10,16977) sshd: syslogtunnel (root,0,0,00:00:00/44:09,19043) [kworker/3:2-cgroup_destroy] (root,6656,3472,00:00:00/00:00,22151) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,22169) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,22170) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/11:31,24965) [kworker/2:0-events] (root,0,0,00:00:00/20:02,29419) [kworker/2:2-cgroup_destroy] (postfix,44628,9272,00:00:01/33-19:11:18,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/08:14,31013) [kworker/1:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-22 00:58 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363237e0dc4Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:26/37-14:01:43,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-14:01:43,2) [kthreadd] (root,0,0,00:00:00/37-14:01:43,3) [rcu_gp] (root,0,0,00:00:00/37-14:01:43,4) [rcu_par_gp] (root,0,0,00:00:00/37-14:01:43,5) [slub_flushwq] (root,0,0,00:00:00/37-14:01:43,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-14:01:43,9) [mm_percpu_wq] (root,0,0,00:00:00/37-14:01:43,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-14:01:43,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-14:01:43,12) [rcu_tasks_trace] (root,0,0,00:01:09/37-14:01:43,13) [ksoftirqd/0] (root,0,0,01:39:42/37-14:01:43,14) [rcu_preempt] (root,0,0,00:00:14/37-14:01:43,15) [migration/0] (root,0,0,00:00:00/37-14:01:43,16) [idle_inject/0] (root,0,0,00:00:00/37-14:01:43,18) [cpuhp/0] (root,0,0,00:00:00/37-14:01:43,19) [cpuhp/1] (root,0,0,00:00:00/37-14:01:43,20) [idle_inject/1] (root,0,0,00:00:14/37-14:01:43,21) [migration/1] (root,0,0,00:01:00/37-14:01:43,22) [ksoftirqd/1] (root,0,0,00:00:00/37-14:01:43,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-14:01:43,25) [cpuhp/2] (root,0,0,00:00:00/37-14:01:43,26) [idle_inject/2] (root,0,0,00:00:11/37-14:01:43,27) [migration/2] (root,0,0,01:10:40/37-14:01:43,28) [ksoftirqd/2] (root,0,0,00:00:00/37-14:01:43,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-14:01:43,31) [cpuhp/3] (root,0,0,00:00:00/37-14:01:43,32) [idle_inject/3] (root,0,0,00:00:14/37-14:01:43,33) [migration/3] (root,0,0,00:03:20/37-14:01:43,34) [ksoftirqd/3] (root,0,0,00:00:00/37-14:01:43,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-14:01:43,39) [kdevtmpfs] (root,0,0,00:00:00/37-14:01:43,40) [netns] (root,0,0,00:00:00/37-14:01:43,41) [inet_frag_wq] (root,0,0,00:00:08/37-14:01:43,42) [kauditd] (root,0,0,00:00:00/37-14:01:43,43) [khungtaskd] (root,0,0,00:00:00/37-14:01:43,44) [oom_reaper] (root,0,0,00:00:00/37-14:01:43,45) [writeback] (root,0,0,00:01:50/37-14:01:43,46) [kcompactd0] (root,0,0,00:00:00/37-14:01:43,47) [ksmd] (root,0,0,00:01:50/37-14:01:43,48) [khugepaged] (root,0,0,00:00:00/37-14:01:43,74) [kintegrityd] (root,0,0,00:00:00/37-14:01:43,75) [kblockd] (root,0,0,00:00:00/37-14:01:43,76) [blkcg_punt_bio] (root,0,0,00:00:00/37-14:01:43,78) [tpm_dev_wq] (root,0,0,00:00:00/37-14:01:43,79) [edac-poller] (root,0,0,00:00:00/37-14:01:43,80) [devfreq_wq] (root,0,0,00:00:00/37-14:01:43,110) [watchdogd] (root,0,0,00:00:07/37-14:01:43,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/37-14:01:43,112) [kswapd0] (root,0,0,00:00:00/37-14:01:42,114) [kthrotld] (root,0,0,00:00:00/37-14:01:42,115) [mld] (root,0,0,00:00:00/37-14:01:42,116) [ipv6_addrconf] (root,0,0,00:00:16/37-14:01:42,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/37-14:01:42,122) [kstrp] (root,0,0,00:00:00/37-14:01:42,123) [zswap-shrink] (root,0,0,00:00:00/37-14:01:42,124) [kworker/u9:0] (root,0,0,00:00:00/37-14:01:42,129) [charger_manager] (root,0,0,00:00:08/37-14:01:41,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/37-14:01:41,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-14:01:41,205) [kaluad] (root,0,0,00:00:00/37-14:01:41,250) [kmpath_rdacd] (root,0,0,00:00:00/37-14:01:41,293) [kmpathd] (root,0,0,00:00:00/37-14:01:41,294) [kmpath_handlerd] (root,0,0,00:00:00/37-14:01:41,342) [ata_sff] (root,0,0,00:00:00/37-14:01:40,343) [scsi_eh_0] (root,0,0,00:00:00/37-14:01:40,344) [scsi_tmf_0] (root,0,0,00:00:00/37-14:01:40,345) [scsi_eh_1] (root,0,0,00:00:00/37-14:01:40,346) [scsi_tmf_1] (root,0,0,00:01:01/37-14:01:38,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-14:01:38,367) [ext4-rsv-conver] (root,38604,7788,00:00:48/37-14:01:26,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/37-14:01:25,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:56/37-14:01:23,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:17/37-14:00:49,512) /sbin/auditd (messagebus,22936,5548,00:01:32/37-14:00:49,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:54/37-14:00:49,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/37-14:00:49,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/37-14:00:48,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/37-14:00:48,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:42/37-14:00:34,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/37-14:00:34,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:32/37-14:00:33,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/37-14:00:33,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/37-14:00:33,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/37-14:00:33,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/37-14:00:33,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:46/37-14:00:33,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:06/37-14:00:33,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/37-14:00:33,1206) bpfilter_umh (root,26204,8212,00:00:14/37-14:00:33,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/37-14:00:33,1215) ntpd: asynchronous dns resolver (spot,296208,182096,1-23:13:44/37-14:00:33,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/37-14:00:32,1228) (sd-pam) (checkmk,48532,3192,00:00:00/37-14:00:32,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/37-14:00:32,1245) (sd-pam) (root,24216,5344,00:00:12/37-14:00:31,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/37-14:00:31,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/37-14:00:30,1354) /usr/sbin/cron -n (root,698484,82412,00:49:05/37-14:00:24,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66044,00:16:08/37-14:00:10,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:19,2838) [kworker/3:1-events] (root,0,0,00:00:00/00:44,4583) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/00:22,6208) [kworker/1:2-ata_sff] (root,6656,3508,00:00:00/00:00,7320) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,7378) /bin/bash /usr/bin/check_mk_agent (root,6656,1840,00:00:00/00:00,7387) /bin/bash /usr/bin/check_mk_agent (root,25444,8760,00:00:00/00:00,7388) postconf -c /etc/postfix (root,5280,800,00:00:00/00:00,7389) grep ^multi_instance_directories (root,11644,964,00:00:00/00:00,7390) sed s/.*=[[:space:]]*//g (root,13744,3408,00:00:00/00:00,7402) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,7403) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:35:33,13355) [kworker/3:0-cgroup_destroy] (root,35308,10012,00:00:00/31-11:51:26,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:44/31-11:51:25,15391) sshd: cm-ssh (root,0,0,00:00:00/08:25,16397) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10072,00:00:00/21-13:20:04,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:14/21-13:20:03,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:43:45,17446) [kworker/0:2-events] (root,0,0,00:00:00/07:26,18386) [kworker/3:2-events] (root,0,0,00:00:00/38:22,19242) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/52:15,21022) [kworker/1:1-events] (postfix,24244,8204,00:00:00/01:31:05,22497) pickup -l -t fifo -u (root,0,0,00:00:00/19:41,23807) [kworker/2:0-events] (root,0,0,00:00:00/05:32,26762) [kworker/1:0-ata_sff] (root,0,0,00:00:00/17:39,26953) [kworker/0:1-cgroup_destroy] (postfix,44628,9272,00:00:01/31-18:37:11,30472) tlsmgr -l -t unix -u (root,0,0,00:00:02/01:47:45,32596) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-20 00:23 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633236c702Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:22/35-15:13:47,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/35-15:13:47,2) [kthreadd] (root,0,0,00:00:00/35-15:13:47,3) [rcu_gp] (root,0,0,00:00:00/35-15:13:47,4) [rcu_par_gp] (root,0,0,00:00:00/35-15:13:47,5) [slub_flushwq] (root,0,0,00:00:00/35-15:13:47,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-15:13:47,9) [mm_percpu_wq] (root,0,0,00:00:00/35-15:13:47,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-15:13:47,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-15:13:47,12) [rcu_tasks_trace] (root,0,0,00:01:05/35-15:13:47,13) [ksoftirqd/0] (root,0,0,01:34:29/35-15:13:47,14) [rcu_preempt] (root,0,0,00:00:13/35-15:13:47,15) [migration/0] (root,0,0,00:00:00/35-15:13:47,16) [idle_inject/0] (root,0,0,00:00:00/35-15:13:47,18) [cpuhp/0] (root,0,0,00:00:00/35-15:13:47,19) [cpuhp/1] (root,0,0,00:00:00/35-15:13:47,20) [idle_inject/1] (root,0,0,00:00:14/35-15:13:47,21) [migration/1] (root,0,0,00:00:57/35-15:13:47,22) [ksoftirqd/1] (root,0,0,00:00:00/35-15:13:47,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-15:13:47,25) [cpuhp/2] (root,0,0,00:00:00/35-15:13:47,26) [idle_inject/2] (root,0,0,00:00:11/35-15:13:47,27) [migration/2] (root,0,0,01:07:41/35-15:13:47,28) [ksoftirqd/2] (root,0,0,00:00:00/35-15:13:47,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-15:13:47,31) [cpuhp/3] (root,0,0,00:00:00/35-15:13:47,32) [idle_inject/3] (root,0,0,00:00:13/35-15:13:47,33) [migration/3] (root,0,0,00:03:11/35-15:13:47,34) [ksoftirqd/3] (root,0,0,00:00:00/35-15:13:47,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-15:13:47,39) [kdevtmpfs] (root,0,0,00:00:00/35-15:13:47,40) [netns] (root,0,0,00:00:00/35-15:13:47,41) [inet_frag_wq] (root,0,0,00:00:07/35-15:13:47,42) [kauditd] (root,0,0,00:00:00/35-15:13:47,43) [khungtaskd] (root,0,0,00:00:00/35-15:13:47,44) [oom_reaper] (root,0,0,00:00:00/35-15:13:47,45) [writeback] (root,0,0,00:01:45/35-15:13:47,46) [kcompactd0] (root,0,0,00:00:00/35-15:13:47,47) [ksmd] (root,0,0,00:01:43/35-15:13:47,48) [khugepaged] (root,0,0,00:00:00/35-15:13:47,74) [kintegrityd] (root,0,0,00:00:00/35-15:13:47,75) [kblockd] (root,0,0,00:00:00/35-15:13:47,76) [blkcg_punt_bio] (root,0,0,00:00:00/35-15:13:47,78) [tpm_dev_wq] (root,0,0,00:00:00/35-15:13:47,79) [edac-poller] (root,0,0,00:00:00/35-15:13:47,80) [devfreq_wq] (root,0,0,00:00:00/35-15:13:47,110) [watchdogd] (root,0,0,00:00:07/35-15:13:47,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/35-15:13:47,112) [kswapd0] (root,0,0,00:00:00/35-15:13:46,114) [kthrotld] (root,0,0,00:00:00/35-15:13:46,115) [mld] (root,0,0,00:00:00/35-15:13:46,116) [ipv6_addrconf] (root,0,0,00:00:15/35-15:13:46,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/35-15:13:46,122) [kstrp] (root,0,0,00:00:00/35-15:13:46,123) [zswap-shrink] (root,0,0,00:00:00/35-15:13:46,124) [kworker/u9:0] (root,0,0,00:00:00/35-15:13:46,129) [charger_manager] (root,0,0,00:00:07/35-15:13:45,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/35-15:13:45,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-15:13:45,205) [kaluad] (root,0,0,00:00:00/35-15:13:45,250) [kmpath_rdacd] (root,0,0,00:00:00/35-15:13:45,293) [kmpathd] (root,0,0,00:00:00/35-15:13:45,294) [kmpath_handlerd] (root,0,0,00:00:00/35-15:13:45,342) [ata_sff] (root,0,0,00:00:00/35-15:13:44,343) [scsi_eh_0] (root,0,0,00:00:00/35-15:13:44,344) [scsi_tmf_0] (root,0,0,00:00:00/35-15:13:44,345) [scsi_eh_1] (root,0,0,00:00:00/35-15:13:44,346) [scsi_tmf_1] (root,0,0,00:00:58/35-15:13:42,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-15:13:42,367) [ext4-rsv-conver] (root,38604,7788,00:00:46/35-15:13:30,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/35-15:13:29,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:53/35-15:13:27,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/35-15:12:53,512) /sbin/auditd (messagebus,22936,5548,00:01:28/35-15:12:53,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:51/35-15:12:53,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/35-15:12:53,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/35-15:12:52,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/35-15:12:52,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32960,00:00:40/35-15:12:38,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/35-15:12:38,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:21/35-15:12:37,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/35-15:12:37,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/35-15:12:37,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/35-15:12:37,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/35-15:12:37,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:44/35-15:12:37,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:50/35-15:12:37,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/35-15:12:37,1206) bpfilter_umh (root,26204,8212,00:00:13/35-15:12:37,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/35-15:12:37,1215) ntpd: asynchronous dns resolver (spot,293512,180008,1-20:12:58/35-15:12:37,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/35-15:12:36,1228) (sd-pam) (checkmk,48532,3192,00:00:00/35-15:12:36,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/35-15:12:36,1245) (sd-pam) (root,24216,5344,00:00:11/35-15:12:35,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/35-15:12:35,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/35-15:12:34,1354) /usr/sbin/cron -n (root,698228,81996,00:46:34/35-15:12:28,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,223680,64164,00:15:16/35-15:12:14,1380) /usr/bin/python3.11 /usr/bin/spot (root,6656,3484,00:00:00/00:00,1715) /bin/bash /usr/bin/check_mk_agent (root,13744,3516,00:00:00/00:00,1733) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,1734) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/56:21,7081) [kworker/1:1-events] (root,0,0,00:00:00/01:05:29,10630) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/29-13:03:30,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:38/29-13:03:29,15391) sshd: cm-ssh (root,0,0,00:00:00/04:49:03,15974) [kworker/u8:1-flush-253:0] (postfix,24244,8228,00:00:00/01:24:55,16513) pickup -l -t fifo -u (root,35308,10072,00:00:00/19-14:32:08,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:07/19-14:32:07,16977) sshd: syslogtunnel (root,0,0,00:00:00/04:28,17230) [kworker/1:0-ata_sff] (root,0,0,00:00:00/50:28,19051) [kworker/0:0-events] (root,0,0,00:00:00/19:39,25607) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/02:07:20,25943) [kworker/3:1] (root,0,0,00:00:00/02:00,27958) [kworker/2:0-events] (root,0,0,00:00:00/09:39,28071) [kworker/1:2-ata_sff] (root,0,0,00:00:00/02:35:49,29889) [kworker/3:0-events] (postfix,44628,9272,00:00:01/29-19:49:15,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:44:18,31877) [kworker/0:1-events] (root,0,0,00:00:00/27:15,32365) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-18 01:35 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363528bcb21Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:18/33-12:39:20,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/33-12:39:20,2) [kthreadd] (root,0,0,00:00:00/33-12:39:20,3) [rcu_gp] (root,0,0,00:00:00/33-12:39:20,4) [rcu_par_gp] (root,0,0,00:00:00/33-12:39:20,5) [slub_flushwq] (root,0,0,00:00:00/33-12:39:20,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-12:39:20,9) [mm_percpu_wq] (root,0,0,00:00:00/33-12:39:20,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-12:39:20,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-12:39:20,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-12:39:20,13) [ksoftirqd/0] (root,0,0,01:29:02/33-12:39:20,14) [rcu_preempt] (root,0,0,00:00:12/33-12:39:20,15) [migration/0] (root,0,0,00:00:00/33-12:39:20,16) [idle_inject/0] (root,0,0,00:00:00/33-12:39:20,18) [cpuhp/0] (root,0,0,00:00:00/33-12:39:20,19) [cpuhp/1] (root,0,0,00:00:00/33-12:39:20,20) [idle_inject/1] (root,0,0,00:00:13/33-12:39:20,21) [migration/1] (root,0,0,00:00:53/33-12:39:20,22) [ksoftirqd/1] (root,0,0,00:00:00/33-12:39:20,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-12:39:20,25) [cpuhp/2] (root,0,0,00:00:00/33-12:39:20,26) [idle_inject/2] (root,0,0,00:00:10/33-12:39:20,27) [migration/2] (root,0,0,01:04:46/33-12:39:20,28) [ksoftirqd/2] (root,0,0,00:00:00/33-12:39:20,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-12:39:20,31) [cpuhp/3] (root,0,0,00:00:00/33-12:39:20,32) [idle_inject/3] (root,0,0,00:00:12/33-12:39:20,33) [migration/3] (root,0,0,00:03:01/33-12:39:20,34) [ksoftirqd/3] (root,0,0,00:00:00/33-12:39:20,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-12:39:20,39) [kdevtmpfs] (root,0,0,00:00:00/33-12:39:20,40) [netns] (root,0,0,00:00:00/33-12:39:20,41) [inet_frag_wq] (root,0,0,00:00:07/33-12:39:20,42) [kauditd] (root,0,0,00:00:00/33-12:39:20,43) [khungtaskd] (root,0,0,00:00:00/33-12:39:20,44) [oom_reaper] (root,0,0,00:00:00/33-12:39:20,45) [writeback] (root,0,0,00:01:38/33-12:39:20,46) [kcompactd0] (root,0,0,00:00:00/33-12:39:20,47) [ksmd] (root,0,0,00:01:36/33-12:39:20,48) [khugepaged] (root,0,0,00:00:00/33-12:39:20,74) [kintegrityd] (root,0,0,00:00:00/33-12:39:20,75) [kblockd] (root,0,0,00:00:00/33-12:39:20,76) [blkcg_punt_bio] (root,0,0,00:00:00/33-12:39:20,78) [tpm_dev_wq] (root,0,0,00:00:00/33-12:39:20,79) [edac-poller] (root,0,0,00:00:00/33-12:39:20,80) [devfreq_wq] (root,0,0,00:00:00/33-12:39:20,110) [watchdogd] (root,0,0,00:00:07/33-12:39:20,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/33-12:39:20,112) [kswapd0] (root,0,0,00:00:00/33-12:39:19,114) [kthrotld] (root,0,0,00:00:00/33-12:39:19,115) [mld] (root,0,0,00:00:00/33-12:39:19,116) [ipv6_addrconf] (root,0,0,00:00:14/33-12:39:19,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/33-12:39:19,122) [kstrp] (root,0,0,00:00:00/33-12:39:19,123) [zswap-shrink] (root,0,0,00:00:00/33-12:39:19,124) [kworker/u9:0] (root,0,0,00:00:00/33-12:39:19,129) [charger_manager] (root,0,0,00:00:07/33-12:39:18,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/33-12:39:18,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-12:39:18,205) [kaluad] (root,0,0,00:00:00/33-12:39:18,250) [kmpath_rdacd] (root,0,0,00:00:00/33-12:39:18,293) [kmpathd] (root,0,0,00:00:00/33-12:39:18,294) [kmpath_handlerd] (root,0,0,00:00:00/33-12:39:18,342) [ata_sff] (root,0,0,00:00:00/33-12:39:17,343) [scsi_eh_0] (root,0,0,00:00:00/33-12:39:17,344) [scsi_tmf_0] (root,0,0,00:00:00/33-12:39:17,345) [scsi_eh_1] (root,0,0,00:00:00/33-12:39:17,346) [scsi_tmf_1] (root,6656,3480,00:00:00/00:00,347) /bin/bash /usr/bin/check_mk_agent (root,13744,3504,00:00:00/00:00,365) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,0,0,00:00:54/33-12:39:15,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-12:39:15,367) [ext4-rsv-conver] (root,11644,964,00:00:00/00:00,368) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,38604,7788,00:00:44/33-12:39:03,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/33-12:39:02,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:50/33-12:39:00,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/33-12:38:26,512) /sbin/auditd (messagebus,22936,5548,00:01:25/33-12:38:26,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:49/33-12:38:26,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/33-12:38:26,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/33-12:38:25,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/33-12:38:25,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:30:59,727) [kworker/u8:2-ext4-rsv-conversion] (root,548360,32524,00:00:38/33-12:38:11,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/33-12:38:11,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:08/33-12:38:10,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/33-12:38:10,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/33-12:38:10,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/33-12:38:10,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/33-12:38:10,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:42/33-12:38:10,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:34/33-12:38:10,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/33-12:38:10,1206) bpfilter_umh (root,26204,8212,00:00:13/33-12:38:10,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/33-12:38:10,1215) ntpd: asynchronous dns resolver (spot,293832,180136,1-17:42:44/33-12:38:10,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/33-12:38:09,1228) (sd-pam) (checkmk,48532,3192,00:00:00/33-12:38:09,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/33-12:38:09,1245) (sd-pam) (root,24216,5344,00:00:11/33-12:38:08,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/33-12:38:08,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/33-12:38:07,1354) /usr/sbin/cron -n (root,697972,81828,00:43:51/33-12:38:01,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,222656,63272,00:14:25/33-12:37:47,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/07:03,1470) [kworker/1:1-ata_sff] (root,0,0,00:00:00/32:42,3524) [kworker/2:2-events] (root,0,0,00:00:00/01:52,6053) [kworker/1:2-ata_sff] (root,0,0,00:00:00/12:15,7957) [kworker/1:0-events] (postfix,24244,8272,00:00:00/51:23,13877) pickup -l -t fifo -u (root,0,0,00:00:00/01:22,14111) [kworker/u8:0-writeback] (root,35308,10012,00:00:00/27-10:29:03,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:31/27-10:29:02,15391) sshd: cm-ssh (root,35308,10072,00:00:00/17-11:57:41,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:00/17-11:57:40,16977) sshd: syslogtunnel (root,0,0,00:00:00/40:02,17155) [kworker/0:0-events] (root,0,0,00:00:00/01:09:37,18088) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/03:01,19428) [kworker/0:2-events] (root,0,0,00:00:02/01:39:17,24863) [kworker/2:1-events] (root,0,0,00:00:00/47:17,25370) [kworker/u8:1-events_unbound] (root,0,0,00:00:01/02:01:35,29457) [kworker/3:0-events] (postfix,44628,9316,00:00:01/27-17:14:48,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/10:28,31017) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-15 23:01 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836394919480Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:15/31-13:27:18,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-13:27:18,2) [kthreadd] (root,0,0,00:00:00/31-13:27:18,3) [rcu_gp] (root,0,0,00:00:00/31-13:27:18,4) [rcu_par_gp] (root,0,0,00:00:00/31-13:27:18,5) [slub_flushwq] (root,0,0,00:00:00/31-13:27:18,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-13:27:18,9) [mm_percpu_wq] (root,0,0,00:00:00/31-13:27:18,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-13:27:18,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-13:27:18,12) [rcu_tasks_trace] (root,0,0,00:00:57/31-13:27:18,13) [ksoftirqd/0] (root,0,0,01:23:55/31-13:27:18,14) [rcu_preempt] (root,0,0,00:00:11/31-13:27:18,15) [migration/0] (root,0,0,00:00:00/31-13:27:18,16) [idle_inject/0] (root,0,0,00:00:00/31-13:27:18,18) [cpuhp/0] (root,0,0,00:00:00/31-13:27:18,19) [cpuhp/1] (root,0,0,00:00:00/31-13:27:18,20) [idle_inject/1] (root,0,0,00:00:12/31-13:27:18,21) [migration/1] (root,0,0,00:00:50/31-13:27:18,22) [ksoftirqd/1] (root,0,0,00:00:00/31-13:27:18,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-13:27:18,25) [cpuhp/2] (root,0,0,00:00:00/31-13:27:18,26) [idle_inject/2] (root,0,0,00:00:09/31-13:27:18,27) [migration/2] (root,0,0,01:01:46/31-13:27:18,28) [ksoftirqd/2] (root,0,0,00:00:00/31-13:27:18,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-13:27:18,31) [cpuhp/3] (root,0,0,00:00:00/31-13:27:18,32) [idle_inject/3] (root,0,0,00:00:11/31-13:27:18,33) [migration/3] (root,0,0,00:02:51/31-13:27:18,34) [ksoftirqd/3] (root,0,0,00:00:00/31-13:27:18,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-13:27:18,39) [kdevtmpfs] (root,0,0,00:00:00/31-13:27:18,40) [netns] (root,0,0,00:00:00/31-13:27:18,41) [inet_frag_wq] (root,0,0,00:00:07/31-13:27:18,42) [kauditd] (root,0,0,00:00:00/31-13:27:18,43) [khungtaskd] (root,0,0,00:00:00/31-13:27:18,44) [oom_reaper] (root,0,0,00:00:00/31-13:27:18,45) [writeback] (root,0,0,00:01:32/31-13:27:18,46) [kcompactd0] (root,0,0,00:00:00/31-13:27:18,47) [ksmd] (root,0,0,00:01:31/31-13:27:18,48) [khugepaged] (root,0,0,00:00:00/31-13:27:18,74) [kintegrityd] (root,0,0,00:00:00/31-13:27:18,75) [kblockd] (root,0,0,00:00:00/31-13:27:18,76) [blkcg_punt_bio] (root,0,0,00:00:00/31-13:27:18,78) [tpm_dev_wq] (root,0,0,00:00:00/31-13:27:18,79) [edac-poller] (root,0,0,00:00:00/31-13:27:18,80) [devfreq_wq] (root,0,0,00:00:00/31-13:27:18,110) [watchdogd] (root,0,0,00:00:06/31-13:27:18,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/31-13:27:18,112) [kswapd0] (root,0,0,00:00:00/31-13:27:17,114) [kthrotld] (root,0,0,00:00:00/31-13:27:17,115) [mld] (root,0,0,00:00:00/31-13:27:17,116) [ipv6_addrconf] (root,0,0,00:00:13/31-13:27:17,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/31-13:27:17,122) [kstrp] (root,0,0,00:00:00/31-13:27:17,123) [zswap-shrink] (root,0,0,00:00:00/31-13:27:17,124) [kworker/u9:0] (root,0,0,00:00:00/31-13:27:17,129) [charger_manager] (root,0,0,00:00:07/31-13:27:16,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/31-13:27:16,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-13:27:16,205) [kaluad] (root,0,0,00:00:00/31-13:27:16,250) [kmpath_rdacd] (root,0,0,00:00:00/31-13:27:16,293) [kmpathd] (root,0,0,00:00:00/31-13:27:16,294) [kmpath_handlerd] (root,0,0,00:00:00/31-13:27:16,342) [ata_sff] (root,0,0,00:00:00/31-13:27:15,343) [scsi_eh_0] (root,0,0,00:00:00/31-13:27:15,344) [scsi_tmf_0] (root,0,0,00:00:00/31-13:27:15,345) [scsi_eh_1] (root,0,0,00:00:00/31-13:27:15,346) [scsi_tmf_1] (root,0,0,00:00:51/31-13:27:13,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-13:27:13,367) [ext4-rsv-conver] (root,38604,7788,00:00:42/31-13:27:01,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/31-13:27:00,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:47/31-13:26:58,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:15/31-13:26:24,512) /sbin/auditd (messagebus,22936,5548,00:01:21/31-13:26:24,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:47/31-13:26:24,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/31-13:26:24,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/31-13:26:23,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/31-13:26:23,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:35/31-13:26:09,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/31-13:26:09,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:02:56/31-13:26:08,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/31-13:26:08,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/31-13:26:08,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/31-13:26:08,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/31-13:26:08,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:40/31-13:26:08,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:18/31-13:26:08,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/31-13:26:08,1206) bpfilter_umh (root,26204,8212,00:00:12/31-13:26:08,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/31-13:26:08,1215) ntpd: asynchronous dns resolver (spot,286792,173804,1-15:28:54/31-13:26:08,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/31-13:26:07,1228) (sd-pam) (checkmk,48532,3192,00:00:00/31-13:26:07,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/31-13:26:07,1245) (sd-pam) (root,24216,5344,00:00:10/31-13:26:06,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/31-13:26:06,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/31-13:26:05,1354) /usr/sbin/cron -n (root,697972,81512,00:41:17/31-13:25:59,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,221632,61380,00:13:37/31-13:25:45,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/07:49,5686) [kworker/1:0-ata_sff] (root,0,0,00:00:02/04:18:09,8787) [kworker/0:2-cgroup_destroy] (root,6656,3484,00:00:00/00:00,9825) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,9843) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,9844) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:02/01:43:04,11542) [kworker/2:0-events] (root,35308,10012,00:00:00/25-11:17:01,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:24/25-11:17:00,15391) sshd: cm-ssh (root,0,0,00:00:00/01:53:56,16327) [kworker/u8:0-flush-253:0] (root,35308,10072,00:00:00/15-12:45:39,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:53/15-12:45:38,16977) sshd: syslogtunnel (root,0,0,00:00:00/49:20,22377) [kworker/0:1-events] (root,0,0,00:00:00/49:19,23196) [kworker/1:2-ata_sff] (root,0,0,00:00:00/43:31,24430) [kworker/3:0-events] (root,0,0,00:00:00/13:49,25324) [kworker/3:1] (postfix,24244,8252,00:00:00/21:13,28439) pickup -l -t fifo -u (root,0,0,00:00:00/01:20:41,29649) [kworker/2:2-events] (postfix,44628,9316,00:00:01/25-18:02:46,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:39,31624) [kworker/1:1-events] (root,0,0,00:00:00/34:29,31712) [kworker/u8:1-writeback] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-13 23:49 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683634e6dbb80Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:12/29-14:22:39,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-14:22:39,2) [kthreadd] (root,0,0,00:00:00/29-14:22:39,3) [rcu_gp] (root,0,0,00:00:00/29-14:22:39,4) [rcu_par_gp] (root,0,0,00:00:00/29-14:22:39,5) [slub_flushwq] (root,0,0,00:00:00/29-14:22:39,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-14:22:39,9) [mm_percpu_wq] (root,0,0,00:00:00/29-14:22:39,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-14:22:39,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-14:22:39,12) [rcu_tasks_trace] (root,0,0,00:00:53/29-14:22:39,13) [ksoftirqd/0] (root,0,0,01:18:52/29-14:22:39,14) [rcu_preempt] (root,0,0,00:00:11/29-14:22:39,15) [migration/0] (root,0,0,00:00:00/29-14:22:39,16) [idle_inject/0] (root,0,0,00:00:00/29-14:22:39,18) [cpuhp/0] (root,0,0,00:00:00/29-14:22:39,19) [cpuhp/1] (root,0,0,00:00:00/29-14:22:39,20) [idle_inject/1] (root,0,0,00:00:11/29-14:22:39,21) [migration/1] (root,0,0,00:00:46/29-14:22:39,22) [ksoftirqd/1] (root,0,0,00:00:00/29-14:22:39,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-14:22:39,25) [cpuhp/2] (root,0,0,00:00:00/29-14:22:39,26) [idle_inject/2] (root,0,0,00:00:09/29-14:22:39,27) [migration/2] (root,0,0,00:58:14/29-14:22:39,28) [ksoftirqd/2] (root,0,0,00:00:00/29-14:22:39,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-14:22:39,31) [cpuhp/3] (root,0,0,00:00:00/29-14:22:39,32) [idle_inject/3] (root,0,0,00:00:11/29-14:22:39,33) [migration/3] (root,0,0,00:02:40/29-14:22:39,34) [ksoftirqd/3] (root,0,0,00:00:00/29-14:22:39,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-14:22:39,39) [kdevtmpfs] (root,0,0,00:00:00/29-14:22:39,40) [netns] (root,0,0,00:00:00/29-14:22:39,41) [inet_frag_wq] (root,0,0,00:00:06/29-14:22:39,42) [kauditd] (root,0,0,00:00:00/29-14:22:39,43) [khungtaskd] (root,0,0,00:00:00/29-14:22:39,44) [oom_reaper] (root,0,0,00:00:00/29-14:22:39,45) [writeback] (root,0,0,00:01:26/29-14:22:39,46) [kcompactd0] (root,0,0,00:00:00/29-14:22:39,47) [ksmd] (root,0,0,00:01:25/29-14:22:39,48) [khugepaged] (root,0,0,00:00:00/29-14:22:39,74) [kintegrityd] (root,0,0,00:00:00/29-14:22:39,75) [kblockd] (root,0,0,00:00:00/29-14:22:39,76) [blkcg_punt_bio] (root,0,0,00:00:00/29-14:22:39,78) [tpm_dev_wq] (root,0,0,00:00:00/29-14:22:39,79) [edac-poller] (root,0,0,00:00:00/29-14:22:39,80) [devfreq_wq] (root,0,0,00:00:00/29-14:22:39,110) [watchdogd] (root,0,0,00:00:06/29-14:22:39,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/29-14:22:39,112) [kswapd0] (root,0,0,00:00:00/29-14:22:38,114) [kthrotld] (root,0,0,00:00:00/29-14:22:38,115) [mld] (root,0,0,00:00:00/29-14:22:38,116) [ipv6_addrconf] (root,0,0,00:00:12/29-14:22:38,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/29-14:22:38,122) [kstrp] (root,0,0,00:00:00/29-14:22:38,123) [zswap-shrink] (root,0,0,00:00:00/29-14:22:38,124) [kworker/u9:0] (root,0,0,00:00:00/29-14:22:38,129) [charger_manager] (root,0,0,00:00:06/29-14:22:37,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/29-14:22:37,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-14:22:37,205) [kaluad] (root,0,0,00:00:00/29-14:22:37,250) [kmpath_rdacd] (root,0,0,00:00:00/29-14:22:37,293) [kmpathd] (root,0,0,00:00:00/29-14:22:37,294) [kmpath_handlerd] (root,0,0,00:00:00/29-14:22:37,342) [ata_sff] (root,0,0,00:00:00/29-14:22:36,343) [scsi_eh_0] (root,0,0,00:00:00/29-14:22:36,344) [scsi_tmf_0] (root,0,0,00:00:00/29-14:22:36,345) [scsi_eh_1] (root,0,0,00:00:00/29-14:22:36,346) [scsi_tmf_1] (root,0,0,00:00:48/29-14:22:34,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-14:22:34,367) [ext4-rsv-conver] (root,38604,7788,00:00:40/29-14:22:22,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/29-14:22:21,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:44/29-14:22:19,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/29-14:21:45,512) /sbin/auditd (messagebus,22936,5548,00:01:18/29-14:21:45,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:45/29-14:21:45,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/29-14:21:45,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/29-14:21:44,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/29-14:21:44,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/20:04,931) [kworker/3:1-events] (root,548360,31484,00:00:33/29-14:21:30,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/29-14:21:30,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:42/29-14:21:29,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/29-14:21:29,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/29-14:21:29,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/29-14:21:29,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/29-14:21:29,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:38/29-14:21:29,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:02/29-14:21:29,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/29-14:21:29,1206) bpfilter_umh (root,26204,8212,00:00:12/29-14:21:29,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/29-14:21:29,1215) ntpd: asynchronous dns resolver (spot,291452,178776,1-13:00:13/29-14:21:29,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/29-14:21:28,1228) (sd-pam) (checkmk,48532,3192,00:00:00/29-14:21:28,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/29-14:21:28,1245) (sd-pam) (root,24216,5344,00:00:09/29-14:21:27,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/29-14:21:27,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/29-14:21:26,1354) /usr/sbin/cron -n (root,697576,81136,00:38:43/29-14:21:20,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,220608,60500,00:12:54/29-14:21:06,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:24:26,3949) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/55:16,4092) [kworker/3:0-events] (root,0,0,00:00:00/00:25,7221) [kworker/1:2-ata_sff] (root,0,0,00:00:00/03:29:46,8802) [kworker/u8:0] (root,6656,3512,00:00:00/00:00,9824) /bin/bash /usr/bin/check_mk_agent (root,6656,3492,00:00:00/00:00,9896) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,10002) /bin/bash /usr/bin/check_mk_agent (root,13744,3392,00:00:00/00:00,10022) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,10023) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:10:05,10360) [kworker/2:2-events] (root,0,0,00:00:01/01:02:32,10395) [kworker/2:0-events] (root,35308,10012,00:00:00/23-12:12:22,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:18/23-12:12:21,15391) sshd: cm-ssh (root,0,0,00:00:00/05:35,16334) [kworker/1:0-ata_sff] (root,35308,10072,00:00:00/13-13:41:00,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:47/13-13:40:59,16977) sshd: syslogtunnel (root,0,0,00:00:01/07:05:12,20264) [kworker/0:1-events] (root,0,0,00:00:00/01:07:51,21615) [kworker/1:1-events] (root,0,0,00:00:00/12:52,23593) [kworker/0:0] (postfix,24244,8172,00:00:00/01:38:25,28504) pickup -l -t fifo -u (postfix,44628,9316,00:00:01/23-18:58:07,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-12 00:44 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b366460cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:08/27-13:50:17,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-13:50:17,2) [kthreadd] (root,0,0,00:00:00/27-13:50:17,3) [rcu_gp] (root,0,0,00:00:00/27-13:50:17,4) [rcu_par_gp] (root,0,0,00:00:00/27-13:50:17,5) [slub_flushwq] (root,0,0,00:00:00/27-13:50:17,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-13:50:17,9) [mm_percpu_wq] (root,0,0,00:00:00/27-13:50:17,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-13:50:17,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-13:50:17,12) [rcu_tasks_trace] (root,0,0,00:00:50/27-13:50:17,13) [ksoftirqd/0] (root,0,0,01:13:39/27-13:50:17,14) [rcu_preempt] (root,0,0,00:00:10/27-13:50:17,15) [migration/0] (root,0,0,00:00:00/27-13:50:17,16) [idle_inject/0] (root,0,0,00:00:00/27-13:50:17,18) [cpuhp/0] (root,0,0,00:00:00/27-13:50:17,19) [cpuhp/1] (root,0,0,00:00:00/27-13:50:17,20) [idle_inject/1] (root,0,0,00:00:10/27-13:50:17,21) [migration/1] (root,0,0,00:00:43/27-13:50:17,22) [ksoftirqd/1] (root,0,0,00:00:00/27-13:50:17,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-13:50:17,25) [cpuhp/2] (root,0,0,00:00:00/27-13:50:17,26) [idle_inject/2] (root,0,0,00:00:08/27-13:50:17,27) [migration/2] (root,0,0,00:55:25/27-13:50:17,28) [ksoftirqd/2] (root,0,0,00:00:00/27-13:50:17,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-13:50:17,31) [cpuhp/3] (root,0,0,00:00:00/27-13:50:17,32) [idle_inject/3] (root,0,0,00:00:10/27-13:50:17,33) [migration/3] (root,0,0,00:02:32/27-13:50:17,34) [ksoftirqd/3] (root,0,0,00:00:00/27-13:50:17,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-13:50:17,39) [kdevtmpfs] (root,0,0,00:00:00/27-13:50:17,40) [netns] (root,0,0,00:00:00/27-13:50:17,41) [inet_frag_wq] (root,0,0,00:00:06/27-13:50:17,42) [kauditd] (root,0,0,00:00:00/27-13:50:17,43) [khungtaskd] (root,0,0,00:00:00/27-13:50:17,44) [oom_reaper] (root,0,0,00:00:00/27-13:50:17,45) [writeback] (root,0,0,00:01:21/27-13:50:17,46) [kcompactd0] (root,0,0,00:00:00/27-13:50:17,47) [ksmd] (root,0,0,00:01:19/27-13:50:17,48) [khugepaged] (root,0,0,00:00:00/27-13:50:17,74) [kintegrityd] (root,0,0,00:00:00/27-13:50:17,75) [kblockd] (root,0,0,00:00:00/27-13:50:17,76) [blkcg_punt_bio] (root,0,0,00:00:00/27-13:50:17,78) [tpm_dev_wq] (root,0,0,00:00:00/27-13:50:17,79) [edac-poller] (root,0,0,00:00:00/27-13:50:17,80) [devfreq_wq] (root,0,0,00:00:00/27-13:50:17,110) [watchdogd] (root,0,0,00:00:05/27-13:50:17,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/27-13:50:17,112) [kswapd0] (root,0,0,00:00:00/27-13:50:16,114) [kthrotld] (root,0,0,00:00:00/27-13:50:16,115) [mld] (root,0,0,00:00:00/27-13:50:16,116) [ipv6_addrconf] (root,0,0,00:00:11/27-13:50:16,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/27-13:50:16,122) [kstrp] (root,0,0,00:00:00/27-13:50:16,123) [zswap-shrink] (root,0,0,00:00:00/27-13:50:16,124) [kworker/u9:0] (root,0,0,00:00:00/27-13:50:16,129) [charger_manager] (root,0,0,00:00:06/27-13:50:15,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/27-13:50:15,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-13:50:15,205) [kaluad] (root,0,0,00:00:00/27-13:50:15,250) [kmpath_rdacd] (root,0,0,00:00:00/27-13:50:15,293) [kmpathd] (root,0,0,00:00:00/27-13:50:15,294) [kmpath_handlerd] (root,0,0,00:00:00/27-13:50:15,342) [ata_sff] (root,0,0,00:00:00/27-13:50:14,343) [scsi_eh_0] (root,0,0,00:00:00/27-13:50:14,344) [scsi_tmf_0] (root,0,0,00:00:00/27-13:50:14,345) [scsi_eh_1] (root,0,0,00:00:00/27-13:50:14,346) [scsi_tmf_1] (root,0,0,00:00:44/27-13:50:12,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-13:50:12,367) [ext4-rsv-conver] (root,38604,7788,00:00:38/27-13:50:00,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/27-13:49:59,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:41/27-13:49:57,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/27-13:49:23,512) /sbin/auditd (messagebus,22936,5548,00:01:14/27-13:49:23,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8520,00:00:43/27-13:49:23,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/27-13:49:23,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/27-13:49:22,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/27-13:49:22,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:31/27-13:49:08,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/27-13:49:08,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:33/27-13:49:07,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/27-13:49:07,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/27-13:49:07,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/27-13:49:07,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/27-13:49:07,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:36/27-13:49:07,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:03:45/27-13:49:07,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/27-13:49:07,1206) bpfilter_umh (root,26204,8212,00:00:11/27-13:49:07,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/27-13:49:07,1215) ntpd: asynchronous dns resolver (spot,289800,176604,1-10:38:15/27-13:49:07,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/27-13:49:06,1228) (sd-pam) (checkmk,48532,3192,00:00:00/27-13:49:06,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/27-13:49:06,1245) (sd-pam) (root,24216,5344,00:00:09/27-13:49:05,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/27-13:49:05,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/27-13:49:04,1354) /usr/sbin/cron -n (root,697064,80568,00:36:05/27-13:48:58,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,219584,58620,00:11:35/27-13:48:44,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/03:03:49,1639) [kworker/3:1-events] (root,6656,3484,00:00:00/00:00,3616) /bin/bash /usr/bin/check_mk_agent (root,13744,3468,00:00:00/00:00,3634) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,3635) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/37:24,8451) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/34:43,13512) [kworker/1:3-events] (postfix,24244,8148,00:00:00/01:28:03,14566) pickup -l -t fifo -u (root,35308,10012,00:00:00/21-11:40:00,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:11/21-11:39:59,15391) sshd: cm-ssh (root,0,0,00:00:00/01:26:59,16439) [kworker/u8:1-ext4-rsv-conversion] (root,35308,10072,00:00:00/11-13:08:38,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:40/11-13:08:37,16977) sshd: syslogtunnel (root,0,0,00:00:00/13:02,18552) [kworker/0:2] (root,0,0,00:00:01/06:00:24,18730) [kworker/0:0-events] (root,0,0,00:00:00/03:50,19273) [kworker/1:1-ata_sff] (root,0,0,00:00:00/01:03:27,20552) [kworker/2:1] (root,0,0,00:00:01/01:12:19,27932) [kworker/2:2-events] (root,0,0,00:00:00/09:01,29890) [kworker/1:0-ata_sff] (postfix,44628,9316,00:00:00/21-18:25:45,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:56:44,32261) [kworker/3:0-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-10 00:12 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836329bd0fecFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12816,00:01:04/25-11:43:05,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-11:43:05,2) [kthreadd] (root,0,0,00:00:00/25-11:43:05,3) [rcu_gp] (root,0,0,00:00:00/25-11:43:05,4) [rcu_par_gp] (root,0,0,00:00:00/25-11:43:05,5) [slub_flushwq] (root,0,0,00:00:00/25-11:43:05,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-11:43:05,9) [mm_percpu_wq] (root,0,0,00:00:00/25-11:43:05,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-11:43:05,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-11:43:05,12) [rcu_tasks_trace] (root,0,0,00:00:46/25-11:43:05,13) [ksoftirqd/0] (root,0,0,01:08:06/25-11:43:05,14) [rcu_preempt] (root,0,0,00:00:09/25-11:43:05,15) [migration/0] (root,0,0,00:00:00/25-11:43:05,16) [idle_inject/0] (root,0,0,00:00:00/25-11:43:05,18) [cpuhp/0] (root,0,0,00:00:00/25-11:43:05,19) [cpuhp/1] (root,0,0,00:00:00/25-11:43:05,20) [idle_inject/1] (root,0,0,00:00:10/25-11:43:05,21) [migration/1] (root,0,0,00:00:40/25-11:43:05,22) [ksoftirqd/1] (root,0,0,00:00:00/25-11:43:05,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-11:43:05,25) [cpuhp/2] (root,0,0,00:00:00/25-11:43:05,26) [idle_inject/2] (root,0,0,00:00:08/25-11:43:05,27) [migration/2] (root,0,0,00:51:55/25-11:43:05,28) [ksoftirqd/2] (root,0,0,00:00:00/25-11:43:05,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-11:43:05,31) [cpuhp/3] (root,0,0,00:00:00/25-11:43:05,32) [idle_inject/3] (root,0,0,00:00:09/25-11:43:05,33) [migration/3] (root,0,0,00:02:20/25-11:43:05,34) [ksoftirqd/3] (root,0,0,00:00:00/25-11:43:05,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-11:43:05,39) [kdevtmpfs] (root,0,0,00:00:00/25-11:43:05,40) [netns] (root,0,0,00:00:00/25-11:43:05,41) [inet_frag_wq] (root,0,0,00:00:06/25-11:43:05,42) [kauditd] (root,0,0,00:00:00/25-11:43:05,43) [khungtaskd] (root,0,0,00:00:00/25-11:43:05,44) [oom_reaper] (root,0,0,00:00:00/25-11:43:05,45) [writeback] (root,0,0,00:01:14/25-11:43:05,46) [kcompactd0] (root,0,0,00:00:00/25-11:43:05,47) [ksmd] (root,0,0,00:01:13/25-11:43:05,48) [khugepaged] (root,0,0,00:00:00/25-11:43:05,74) [kintegrityd] (root,0,0,00:00:00/25-11:43:05,75) [kblockd] (root,0,0,00:00:00/25-11:43:05,76) [blkcg_punt_bio] (root,0,0,00:00:00/25-11:43:05,78) [tpm_dev_wq] (root,0,0,00:00:00/25-11:43:05,79) [edac-poller] (root,0,0,00:00:00/25-11:43:05,80) [devfreq_wq] (root,0,0,00:00:00/25-11:43:05,110) [watchdogd] (root,0,0,00:00:05/25-11:43:05,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/25-11:43:05,112) [kswapd0] (root,0,0,00:00:00/25-11:43:04,114) [kthrotld] (root,0,0,00:00:00/25-11:43:04,115) [mld] (root,0,0,00:00:00/25-11:43:04,116) [ipv6_addrconf] (root,0,0,00:00:10/25-11:43:04,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/25-11:43:04,122) [kstrp] (root,0,0,00:00:00/25-11:43:04,123) [zswap-shrink] (root,0,0,00:00:00/25-11:43:04,124) [kworker/u9:0] (root,0,0,00:00:00/25-11:43:04,129) [charger_manager] (root,0,0,00:00:05/25-11:43:03,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/25-11:43:03,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-11:43:03,205) [kaluad] (root,0,0,00:00:00/25-11:43:03,250) [kmpath_rdacd] (root,0,0,00:00:00/25-11:43:03,293) [kmpathd] (root,0,0,00:00:00/25-11:43:03,294) [kmpath_handlerd] (root,0,0,00:00:00/25-11:43:03,342) [ata_sff] (root,0,0,00:00:00/25-11:43:02,343) [scsi_eh_0] (root,0,0,00:00:00/25-11:43:02,344) [scsi_tmf_0] (root,0,0,00:00:00/25-11:43:02,345) [scsi_eh_1] (root,0,0,00:00:00/25-11:43:02,346) [scsi_tmf_1] (root,0,0,00:00:40/25-11:43:00,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-11:43:00,367) [ext4-rsv-conver] (root,38604,7876,00:00:36/25-11:42:48,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:03/25-11:42:47,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:38/25-11:42:45,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:13/25-11:42:11,512) /sbin/auditd (messagebus,22936,5640,00:01:10/25-11:42:11,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:40/25-11:42:11,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/25-11:42:11,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/25-11:42:10,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/25-11:42:10,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,30844,00:00:29/25-11:41:56,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/25-11:41:56,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:18/25-11:41:55,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/25-11:41:55,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/25-11:41:55,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/25-11:41:55,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/25-11:41:55,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:34/25-11:41:55,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:28/25-11:41:55,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/25-11:41:55,1206) bpfilter_umh (root,26204,8300,00:00:11/25-11:41:55,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/25-11:41:55,1215) ntpd: asynchronous dns resolver (spot,301776,188348,1-07:57:55/25-11:41:55,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/25-11:41:54,1228) (sd-pam) (checkmk,48532,3192,00:00:00/25-11:41:54,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/25-11:41:54,1245) (sd-pam) (root,24216,5348,00:00:08/25-11:41:53,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/25-11:41:53,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/25-11:41:52,1354) /usr/sbin/cron -n (root,694116,77804,00:33:20/25-11:41:46,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,218560,57720,00:10:06/25-11:41:32,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/54:52,1652) [kworker/u8:0-writeback] (root,0,0,00:00:00/03:23,2650) [kworker/1:0-ata_sff] (root,0,0,00:00:00/01:35:02,6276) [kworker/3:1-cgroup_destroy] (postfix,24244,8216,00:00:00/01:21:49,9556) pickup -l -t fifo -u (root,0,0,00:00:00/00:09,14894) [kworker/3:0] (root,0,0,00:00:00/01:01:20,15018) [kworker/0:2-events] (root,6656,3480,00:00:00/00:00,15313) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,15331) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,15332) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10012,00:00:00/19-09:32:48,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:04/19-09:32:47,15391) sshd: cm-ssh (root,0,0,00:00:00/08:33,16630) [kworker/1:2-ata_sff] (root,35308,10072,00:00:00/9-11:01:26,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:33/9-11:01:25,16977) sshd: syslogtunnel (root,0,0,00:00:00/07:35:16,17512) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/06:00:06,18263) [kworker/3:2-events] (root,0,0,00:00:00/27:35,19596) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:04/04:45:40,21123) [kworker/2:1-events] (root,0,0,00:00:00/06:49,22566) [kworker/2:2-cgroup_destroy] (postfix,44628,9372,00:00:00/19-16:18:33,30472) tlsmgr -l -t unix -u (root,0,0,00:00:01/02:02:42,31732) [kworker/1:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-07 22:05 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f8079a2fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12808,00:01:00/23-11:41:18,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-11:41:18,2) [kthreadd] (root,0,0,00:00:00/23-11:41:18,3) [rcu_gp] (root,0,0,00:00:00/23-11:41:18,4) [rcu_par_gp] (root,0,0,00:00:00/23-11:41:18,5) [slub_flushwq] (root,0,0,00:00:00/23-11:41:18,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-11:41:18,9) [mm_percpu_wq] (root,0,0,00:00:00/23-11:41:18,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-11:41:18,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-11:41:18,12) [rcu_tasks_trace] (root,0,0,00:00:42/23-11:41:18,13) [ksoftirqd/0] (root,0,0,01:02:31/23-11:41:18,14) [rcu_preempt] (root,0,0,00:00:08/23-11:41:18,15) [migration/0] (root,0,0,00:00:00/23-11:41:18,16) [idle_inject/0] (root,0,0,00:00:00/23-11:41:18,18) [cpuhp/0] (root,0,0,00:00:00/23-11:41:18,19) [cpuhp/1] (root,0,0,00:00:00/23-11:41:18,20) [idle_inject/1] (root,0,0,00:00:09/23-11:41:18,21) [migration/1] (root,0,0,00:00:36/23-11:41:18,22) [ksoftirqd/1] (root,0,0,00:00:00/23-11:41:18,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-11:41:18,25) [cpuhp/2] (root,0,0,00:00:00/23-11:41:18,26) [idle_inject/2] (root,0,0,00:00:07/23-11:41:18,27) [migration/2] (root,0,0,00:47:17/23-11:41:18,28) [ksoftirqd/2] (root,0,0,00:00:00/23-11:41:18,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-11:41:18,31) [cpuhp/3] (root,0,0,00:00:00/23-11:41:18,32) [idle_inject/3] (root,0,0,00:00:08/23-11:41:18,33) [migration/3] (root,0,0,00:02:09/23-11:41:18,34) [ksoftirqd/3] (root,0,0,00:00:00/23-11:41:18,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-11:41:18,39) [kdevtmpfs] (root,0,0,00:00:00/23-11:41:18,40) [netns] (root,0,0,00:00:00/23-11:41:18,41) [inet_frag_wq] (root,0,0,00:00:05/23-11:41:18,42) [kauditd] (root,0,0,00:00:00/23-11:41:18,43) [khungtaskd] (root,0,0,00:00:00/23-11:41:18,44) [oom_reaper] (root,0,0,00:00:00/23-11:41:18,45) [writeback] (root,0,0,00:01:08/23-11:41:18,46) [kcompactd0] (root,0,0,00:00:00/23-11:41:18,47) [ksmd] (root,0,0,00:01:07/23-11:41:18,48) [khugepaged] (root,0,0,00:00:00/23-11:41:18,74) [kintegrityd] (root,0,0,00:00:00/23-11:41:18,75) [kblockd] (root,0,0,00:00:00/23-11:41:18,76) [blkcg_punt_bio] (root,0,0,00:00:00/23-11:41:18,78) [tpm_dev_wq] (root,0,0,00:00:00/23-11:41:18,79) [edac-poller] (root,0,0,00:00:00/23-11:41:18,80) [devfreq_wq] (root,0,0,00:00:00/23-11:41:18,110) [watchdogd] (root,0,0,00:00:04/23-11:41:18,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/23-11:41:18,112) [kswapd0] (root,0,0,00:00:00/23-11:41:17,114) [kthrotld] (root,0,0,00:00:00/23-11:41:17,115) [mld] (root,0,0,00:00:00/23-11:41:17,116) [ipv6_addrconf] (root,0,0,00:00:09/23-11:41:17,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/23-11:41:17,122) [kstrp] (root,0,0,00:00:00/23-11:41:17,123) [zswap-shrink] (root,0,0,00:00:00/23-11:41:17,124) [kworker/u9:0] (root,0,0,00:00:00/23-11:41:17,129) [charger_manager] (root,0,0,00:00:05/23-11:41:16,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/23-11:41:16,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-11:41:16,205) [kaluad] (root,0,0,00:00:00/23-11:41:16,250) [kmpath_rdacd] (root,0,0,00:00:00/23-11:41:16,293) [kmpathd] (root,0,0,00:00:00/23-11:41:16,294) [kmpath_handlerd] (root,0,0,00:00:00/23-11:41:16,342) [ata_sff] (root,0,0,00:00:00/23-11:41:15,343) [scsi_eh_0] (root,0,0,00:00:00/23-11:41:15,344) [scsi_tmf_0] (root,0,0,00:00:00/23-11:41:15,345) [scsi_eh_1] (root,0,0,00:00:00/23-11:41:15,346) [scsi_tmf_1] (root,0,0,00:00:36/23-11:41:13,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-11:41:13,367) [ext4-rsv-conver] (root,38604,7876,00:00:33/23-11:41:01,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/23-11:41:00,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:35/23-11:40:58,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:12/23-11:40:24,512) /sbin/auditd (messagebus,22936,5640,00:01:06/23-11:40:24,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:38/23-11:40:24,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/23-11:40:24,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/23-11:40:23,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/23-11:40:23,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,6656,3476,00:00:00/00:00,1127) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,1145) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,1146) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,548104,30324,00:00:26/23-11:40:09,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/23-11:40:09,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:06/23-11:40:08,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/23-11:40:08,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/23-11:40:08,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/23-11:40:08,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/23-11:40:08,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:32/23-11:40:08,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:11/23-11:40:08,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/23-11:40:08,1206) bpfilter_umh (root,26204,8300,00:00:10/23-11:40:08,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/23-11:40:08,1215) ntpd: asynchronous dns resolver (spot,285436,172708,1-05:32:03/23-11:40:08,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/23-11:40:07,1228) (sd-pam) (checkmk,48532,3192,00:00:00/23-11:40:07,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/23-11:40:07,1245) (sd-pam) (root,24216,5348,00:00:07/23-11:40:06,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/23-11:40:06,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/23-11:40:05,1354) /usr/sbin/cron -n (root,693860,77148,00:30:38/23-11:39:59,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,55840,00:08:40/23-11:39:45,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/03:32:30,2229) [kworker/0:2-events] (root,0,0,00:00:00/03:09:00,6466) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/31:43,7973) [kworker/0:1-events] (root,0,0,00:00:00/42:57,8120) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/04:34,13795) [kworker/2:1-events] (root,0,0,00:00:00/04:22,14438) [kworker/1:1-ata_sff] (root,35308,10012,00:00:00/17-09:31:01,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:58/17-09:31:00,15391) sshd: cm-ssh (root,0,0,00:00:00/11:21,15454) [kworker/3:0] (root,0,0,00:00:00/02:25:21,16672) [kworker/3:2-mm_percpu_wq] (root,35308,10072,00:00:00/7-10:59:39,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:25/7-10:59:38,16977) sshd: syslogtunnel (root,0,0,00:00:00/38:30,21182) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:02/02:12:00,21755) [kworker/2:0-events] (root,0,0,00:00:00/02:57,22020) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/09:32,22939) [kworker/1:0-ata_sff] (postfix,24244,8160,00:00:00/01:46,28146) pickup -l -t fifo -u (root,0,0,00:00:00/45:52,30106) [kworker/1:2-events] (postfix,44628,9372,00:00:00/17-16:16:46,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-05 22:03 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836316170fe0Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12808,00:00:57/21-14:21:13,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-14:21:13,2) [kthreadd] (root,0,0,00:00:00/21-14:21:13,3) [rcu_gp] (root,0,0,00:00:00/21-14:21:13,4) [rcu_par_gp] (root,0,0,00:00:00/21-14:21:13,5) [slub_flushwq] (root,0,0,00:00:00/21-14:21:13,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-14:21:13,9) [mm_percpu_wq] (root,0,0,00:00:00/21-14:21:13,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-14:21:13,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-14:21:13,12) [rcu_tasks_trace] (root,0,0,00:00:39/21-14:21:13,13) [ksoftirqd/0] (root,0,0,00:57:30/21-14:21:13,14) [rcu_preempt] (root,0,0,00:00:08/21-14:21:13,15) [migration/0] (root,0,0,00:00:00/21-14:21:13,16) [idle_inject/0] (root,0,0,00:00:00/21-14:21:13,18) [cpuhp/0] (root,0,0,00:00:00/21-14:21:13,19) [cpuhp/1] (root,0,0,00:00:00/21-14:21:13,20) [idle_inject/1] (root,0,0,00:00:08/21-14:21:13,21) [migration/1] (root,0,0,00:00:34/21-14:21:13,22) [ksoftirqd/1] (root,0,0,00:00:00/21-14:21:13,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-14:21:13,25) [cpuhp/2] (root,0,0,00:00:00/21-14:21:13,26) [idle_inject/2] (root,0,0,00:00:06/21-14:21:13,27) [migration/2] (root,0,0,00:43:40/21-14:21:13,28) [ksoftirqd/2] (root,0,0,00:00:00/21-14:21:13,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-14:21:13,31) [cpuhp/3] (root,0,0,00:00:00/21-14:21:13,32) [idle_inject/3] (root,0,0,00:00:08/21-14:21:13,33) [migration/3] (root,0,0,00:02:00/21-14:21:13,34) [ksoftirqd/3] (root,0,0,00:00:00/21-14:21:13,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-14:21:13,39) [kdevtmpfs] (root,0,0,00:00:00/21-14:21:13,40) [netns] (root,0,0,00:00:00/21-14:21:13,41) [inet_frag_wq] (root,0,0,00:00:05/21-14:21:13,42) [kauditd] (root,0,0,00:00:00/21-14:21:13,43) [khungtaskd] (root,0,0,00:00:00/21-14:21:13,44) [oom_reaper] (root,0,0,00:00:00/21-14:21:13,45) [writeback] (root,0,0,00:01:03/21-14:21:13,46) [kcompactd0] (root,0,0,00:00:00/21-14:21:13,47) [ksmd] (root,0,0,00:01:02/21-14:21:13,48) [khugepaged] (root,0,0,00:00:00/21-14:21:13,74) [kintegrityd] (root,0,0,00:00:00/21-14:21:13,75) [kblockd] (root,0,0,00:00:00/21-14:21:13,76) [blkcg_punt_bio] (root,0,0,00:00:00/21-14:21:13,78) [tpm_dev_wq] (root,0,0,00:00:00/21-14:21:13,79) [edac-poller] (root,0,0,00:00:00/21-14:21:13,80) [devfreq_wq] (root,0,0,00:00:00/21-14:21:13,110) [watchdogd] (root,0,0,00:00:04/21-14:21:13,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/21-14:21:13,112) [kswapd0] (root,0,0,00:00:00/21-14:21:12,114) [kthrotld] (root,0,0,00:00:00/21-14:21:12,115) [mld] (root,0,0,00:00:00/21-14:21:12,116) [ipv6_addrconf] (root,0,0,00:00:09/21-14:21:12,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/21-14:21:12,122) [kstrp] (root,0,0,00:00:00/21-14:21:12,123) [zswap-shrink] (root,0,0,00:00:00/21-14:21:12,124) [kworker/u9:0] (root,0,0,00:00:00/21-14:21:12,129) [charger_manager] (root,0,0,00:00:04/21-14:21:11,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/21-14:21:11,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-14:21:11,205) [kaluad] (root,0,0,00:00:00/21-14:21:11,250) [kmpath_rdacd] (root,0,0,00:00:00/21-14:21:11,293) [kmpathd] (root,0,0,00:00:00/21-14:21:11,294) [kmpath_handlerd] (root,0,0,00:00:00/21-14:21:11,342) [ata_sff] (root,0,0,00:00:00/21-14:21:10,343) [scsi_eh_0] (root,0,0,00:00:00/21-14:21:10,344) [scsi_tmf_0] (root,0,0,00:00:00/21-14:21:10,345) [scsi_eh_1] (root,0,0,00:00:00/21-14:21:10,346) [scsi_tmf_1] (root,0,0,00:00:33/21-14:21:08,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-14:21:08,367) [ext4-rsv-conver] (root,38604,7876,00:00:31/21-14:20:56,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/21-14:20:55,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:32/21-14:20:53,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:11/21-14:20:19,512) /sbin/auditd (messagebus,22936,5640,00:01:03/21-14:20:19,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:36/21-14:20:19,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/21-14:20:19,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/21-14:20:18,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/21-14:20:18,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29804,00:00:24/21-14:20:04,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/21-14:20:04,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:00/21-14:20:03,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/21-14:20:03,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/21-14:20:03,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/21-14:20:03,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/21-14:20:03,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:30/21-14:20:03,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:02:56/21-14:20:03,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/21-14:20:03,1206) bpfilter_umh (root,26204,8300,00:00:09/21-14:20:03,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/21-14:20:03,1215) ntpd: asynchronous dns resolver (spot,285020,171832,1-03:19:12/21-14:20:03,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/21-14:20:02,1228) (sd-pam) (checkmk,48532,3192,00:00:00/21-14:20:02,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/21-14:20:02,1245) (sd-pam) (root,24216,5348,00:00:07/21-14:20:01,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/21-14:20:01,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/21-14:20:00,1354) /usr/sbin/cron -n (root,693604,76796,00:28:06/21-14:19:54,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,216512,54956,00:07:24/21-14:19:40,1380) /usr/bin/python3.11 /usr/bin/spot (root,6656,3492,00:00:00/00:00,1384) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,1402) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,1404) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:03/03:01:56,1511) [kworker/2:0-events] (root,0,0,00:00:00/43:20,1699) [kworker/u8:1] (root,0,0,00:00:01/01:34:39,3242) [kworker/1:2-events] (root,0,0,00:00:00/59:57,3967) [kworker/0:1-events] (postfix,24244,8180,00:00:00/01:23:31,7480) pickup -l -t fifo -u (root,0,0,00:00:00/34:27,8023) [kworker/3:0] (root,0,0,00:00:00/08:58,10807) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/06:29,11710) [kworker/1:1-ata_sff] (root,35308,10012,00:00:00/15-12:10:56,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:51/15-12:10:55,15391) sshd: cm-ssh (root,0,0,00:00:00/40:49,15465) [kworker/2:2-events] (root,35308,10072,00:00:00/5-13:39:34,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:19/5-13:39:33,16977) sshd: syslogtunnel (root,0,0,00:00:00/15:24,20907) [kworker/0:2] (root,0,0,00:00:02/08:52:30,30433) [kworker/3:1-events] (postfix,44628,9372,00:00:00/15-18:56:41,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:17,30889) [kworker/1:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-04 00:43 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e387eb9fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12828,00:00:53/19-15:01:35,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-15:01:35,2) [kthreadd] (root,0,0,00:00:00/19-15:01:35,3) [rcu_gp] (root,0,0,00:00:00/19-15:01:35,4) [rcu_par_gp] (root,0,0,00:00:00/19-15:01:35,5) [slub_flushwq] (root,0,0,00:00:00/19-15:01:35,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-15:01:35,9) [mm_percpu_wq] (root,0,0,00:00:00/19-15:01:35,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-15:01:35,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-15:01:35,12) [rcu_tasks_trace] (root,0,0,00:00:36/19-15:01:35,13) [ksoftirqd/0] (root,0,0,00:52:20/19-15:01:35,14) [rcu_preempt] (root,0,0,00:00:07/19-15:01:35,15) [migration/0] (root,0,0,00:00:00/19-15:01:35,16) [idle_inject/0] (root,0,0,00:00:00/19-15:01:35,18) [cpuhp/0] (root,0,0,00:00:00/19-15:01:35,19) [cpuhp/1] (root,0,0,00:00:00/19-15:01:35,20) [idle_inject/1] (root,0,0,00:00:07/19-15:01:35,21) [migration/1] (root,0,0,00:00:31/19-15:01:35,22) [ksoftirqd/1] (root,0,0,00:00:00/19-15:01:35,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-15:01:35,25) [cpuhp/2] (root,0,0,00:00:00/19-15:01:35,26) [idle_inject/2] (root,0,0,00:00:06/19-15:01:35,27) [migration/2] (root,0,0,00:39:10/19-15:01:35,28) [ksoftirqd/2] (root,0,0,00:00:00/19-15:01:35,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-15:01:35,31) [cpuhp/3] (root,0,0,00:00:00/19-15:01:35,32) [idle_inject/3] (root,0,0,00:00:07/19-15:01:35,33) [migration/3] (root,0,0,00:01:49/19-15:01:35,34) [ksoftirqd/3] (root,0,0,00:00:00/19-15:01:35,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-15:01:35,39) [kdevtmpfs] (root,0,0,00:00:00/19-15:01:35,40) [netns] (root,0,0,00:00:00/19-15:01:35,41) [inet_frag_wq] (root,0,0,00:00:05/19-15:01:35,42) [kauditd] (root,0,0,00:00:00/19-15:01:35,43) [khungtaskd] (root,0,0,00:00:00/19-15:01:35,44) [oom_reaper] (root,0,0,00:00:00/19-15:01:35,45) [writeback] (root,0,0,00:00:57/19-15:01:35,46) [kcompactd0] (root,0,0,00:00:00/19-15:01:35,47) [ksmd] (root,0,0,00:00:57/19-15:01:35,48) [khugepaged] (root,0,0,00:00:00/19-15:01:35,74) [kintegrityd] (root,0,0,00:00:00/19-15:01:35,75) [kblockd] (root,0,0,00:00:00/19-15:01:35,76) [blkcg_punt_bio] (root,0,0,00:00:00/19-15:01:35,78) [tpm_dev_wq] (root,0,0,00:00:00/19-15:01:35,79) [edac-poller] (root,0,0,00:00:00/19-15:01:35,80) [devfreq_wq] (root,0,0,00:00:00/19-15:01:35,110) [watchdogd] (root,0,0,00:00:03/19-15:01:35,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/19-15:01:35,112) [kswapd0] (root,0,0,00:00:00/19-15:01:34,114) [kthrotld] (root,0,0,00:00:00/19-15:01:34,115) [mld] (root,0,0,00:00:00/19-15:01:34,116) [ipv6_addrconf] (root,0,0,00:00:08/19-15:01:34,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/19-15:01:34,122) [kstrp] (root,0,0,00:00:00/19-15:01:34,123) [zswap-shrink] (root,0,0,00:00:00/19-15:01:34,124) [kworker/u9:0] (root,0,0,00:00:00/19-15:01:34,129) [charger_manager] (root,0,0,00:00:04/19-15:01:33,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/19-15:01:33,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-15:01:33,205) [kaluad] (root,0,0,00:00:00/19-15:01:33,250) [kmpath_rdacd] (root,0,0,00:00:00/19-15:01:33,293) [kmpathd] (root,0,0,00:00:00/19-15:01:33,294) [kmpath_handlerd] (root,0,0,00:00:00/19-15:01:33,342) [ata_sff] (root,0,0,00:00:00/19-15:01:32,343) [scsi_eh_0] (root,0,0,00:00:00/19-15:01:32,344) [scsi_tmf_0] (root,0,0,00:00:00/19-15:01:32,345) [scsi_eh_1] (root,0,0,00:00:00/19-15:01:32,346) [scsi_tmf_1] (root,0,0,00:00:29/19-15:01:30,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-15:01:30,367) [ext4-rsv-conver] (root,38604,7876,00:00:29/19-15:01:18,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/19-15:01:17,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:29/19-15:01:15,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:11/19-15:00:41,512) /sbin/auditd (messagebus,22936,5672,00:00:58/19-15:00:41,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:33/19-15:00:41,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/19-15:00:41,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/19-15:00:40,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/19-15:00:40,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29812,00:00:22/19-15:00:26,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/19-15:00:26,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:49/19-15:00:25,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/19-15:00:25,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/19-15:00:25,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/19-15:00:25,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/19-15:00:25,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:28/19-15:00:25,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:40/19-15:00:25,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/19-15:00:25,1206) bpfilter_umh (root,26204,8300,00:00:09/19-15:00:25,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/19-15:00:25,1215) ntpd: asynchronous dns resolver (spot,284700,171752,1-01:06:09/19-15:00:25,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/19-15:00:24,1228) (sd-pam) (checkmk,48532,3192,00:00:00/19-15:00:24,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/19-15:00:24,1245) (sd-pam) (root,24216,5348,00:00:06/19-15:00:23,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/19-15:00:23,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/19-15:00:22,1354) /usr/sbin/cron -n (root,692836,75760,00:25:30/19-15:00:16,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,215488,53056,00:06:35/19-15:00:02,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/07:02:59,3898) [kworker/3:2-events] (root,0,0,00:00:00/02:03:13,4121) [kworker/u8:0-writeback] (postfix,24244,8224,00:00:00/44:46,8017) pickup -l -t fifo -u (root,0,0,00:00:00/22:20,12709) [kworker/2:1-events] (root,0,0,00:00:00/10:50,14635) [kworker/1:0-events] (root,0,0,00:00:00/00:27,14902) [kworker/1:1-ata_sff] (root,35308,10012,00:00:00/13-12:51:18,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:45/13-12:51:17,15391) sshd: cm-ssh (root,6656,3508,00:00:00/00:00,16613) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,16739) /bin/bash /usr/bin/check_mk_agent (root,13744,3440,00:00:00/00:00,16761) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,16762) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10072,00:00:00/3-14:19:56,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:12/3-14:19:55,16977) sshd: syslogtunnel (root,0,0,00:00:00/53:43,20923) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:30:40,22032) [kworker/3:0-cgroup_destroy] (root,0,0,00:00:00/01:18:11,22794) [kworker/0:1] (root,0,0,00:00:01/01:30:28,23007) [kworker/2:2-events] (root,0,0,00:00:01/03:27:37,26126) [kworker/0:2-events] (root,0,0,00:00:00/05:38,30422) [kworker/1:2-ata_sff] (postfix,44628,9416,00:00:00/13-19:37:03,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-02 01:23 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a14645e3Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:49/17-14:07:00,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-14:07:00,2) [kthreadd] (root,0,0,00:00:00/17-14:07:00,3) [rcu_gp] (root,0,0,00:00:00/17-14:07:00,4) [rcu_par_gp] (root,0,0,00:00:00/17-14:07:00,5) [slub_flushwq] (root,0,0,00:00:00/17-14:07:00,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-14:07:00,9) [mm_percpu_wq] (root,0,0,00:00:00/17-14:07:00,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-14:07:00,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-14:07:00,12) [rcu_tasks_trace] (root,0,0,00:00:33/17-14:07:00,13) [ksoftirqd/0] (root,0,0,00:47:06/17-14:07:00,14) [rcu_preempt] (root,0,0,00:00:06/17-14:07:00,15) [migration/0] (root,0,0,00:00:00/17-14:07:00,16) [idle_inject/0] (root,0,0,00:00:00/17-14:07:00,18) [cpuhp/0] (root,0,0,00:00:00/17-14:07:00,19) [cpuhp/1] (root,0,0,00:00:00/17-14:07:00,20) [idle_inject/1] (root,0,0,00:00:07/17-14:07:00,21) [migration/1] (root,0,0,00:00:28/17-14:07:00,22) [ksoftirqd/1] (root,0,0,00:00:00/17-14:07:00,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-14:07:00,25) [cpuhp/2] (root,0,0,00:00:00/17-14:07:00,26) [idle_inject/2] (root,0,0,00:00:05/17-14:07:00,27) [migration/2] (root,0,0,00:35:54/17-14:07:00,28) [ksoftirqd/2] (root,0,0,00:00:00/17-14:07:00,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-14:07:00,31) [cpuhp/3] (root,0,0,00:00:00/17-14:07:00,32) [idle_inject/3] (root,0,0,00:00:06/17-14:07:00,33) [migration/3] (root,0,0,00:01:40/17-14:07:00,34) [ksoftirqd/3] (root,0,0,00:00:00/17-14:07:00,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-14:07:00,39) [kdevtmpfs] (root,0,0,00:00:00/17-14:07:00,40) [netns] (root,0,0,00:00:00/17-14:07:00,41) [inet_frag_wq] (root,0,0,00:00:04/17-14:07:00,42) [kauditd] (root,0,0,00:00:00/17-14:07:00,43) [khungtaskd] (root,0,0,00:00:00/17-14:07:00,44) [oom_reaper] (root,0,0,00:00:00/17-14:07:00,45) [writeback] (root,0,0,00:00:51/17-14:07:00,46) [kcompactd0] (root,0,0,00:00:00/17-14:07:00,47) [ksmd] (root,0,0,00:00:51/17-14:07:00,48) [khugepaged] (root,0,0,00:00:00/17-14:07:00,74) [kintegrityd] (root,0,0,00:00:00/17-14:07:00,75) [kblockd] (root,0,0,00:00:00/17-14:07:00,76) [blkcg_punt_bio] (root,0,0,00:00:00/17-14:07:00,78) [tpm_dev_wq] (root,0,0,00:00:00/17-14:07:00,79) [edac-poller] (root,0,0,00:00:00/17-14:07:00,80) [devfreq_wq] (root,0,0,00:00:00/17-14:07:00,110) [watchdogd] (root,0,0,00:00:03/17-14:07:00,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/17-14:07:00,112) [kswapd0] (root,0,0,00:00:00/17-14:06:59,114) [kthrotld] (root,0,0,00:00:00/17-14:06:59,115) [mld] (root,0,0,00:00:00/17-14:06:59,116) [ipv6_addrconf] (root,0,0,00:00:07/17-14:06:59,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/17-14:06:59,122) [kstrp] (root,0,0,00:00:00/17-14:06:59,123) [zswap-shrink] (root,0,0,00:00:00/17-14:06:59,124) [kworker/u9:0] (root,0,0,00:00:00/17-14:06:59,129) [charger_manager] (root,0,0,00:00:03/17-14:06:58,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/17-14:06:58,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-14:06:58,205) [kaluad] (root,0,0,00:00:00/17-14:06:58,250) [kmpath_rdacd] (root,0,0,00:00:00/17-14:06:58,293) [kmpathd] (root,0,0,00:00:00/17-14:06:58,294) [kmpath_handlerd] (root,0,0,00:00:00/17-14:06:58,342) [ata_sff] (root,0,0,00:00:00/17-14:06:57,343) [scsi_eh_0] (root,0,0,00:00:00/17-14:06:57,344) [scsi_tmf_0] (root,0,0,00:00:00/17-14:06:57,345) [scsi_eh_1] (root,0,0,00:00:00/17-14:06:57,346) [scsi_tmf_1] (root,0,0,00:00:26/17-14:06:55,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-14:06:55,367) [ext4-rsv-conver] (root,38604,7876,00:00:27/17-14:06:43,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/17-14:06:42,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:26/17-14:06:40,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:10/17-14:06:06,512) /sbin/auditd (messagebus,22936,5672,00:00:54/17-14:06:06,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:31/17-14:06:06,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/17-14:06:06,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/17-14:06:05,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/17-14:06:05,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,29016,00:00:19/17-14:05:51,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/17-14:05:51,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:38/17-14:05:50,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/17-14:05:50,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/17-14:05:50,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/17-14:05:50,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/17-14:05:50,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:26/17-14:05:50,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:22/17-14:05:50,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/17-14:05:50,1206) bpfilter_umh (root,26204,8300,00:00:08/17-14:05:50,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/17-14:05:50,1215) ntpd: asynchronous dns resolver (spot,284764,171768,23:07:24/17-14:05:50,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/17-14:05:49,1228) (sd-pam) (checkmk,48532,3192,00:00:00/17-14:05:49,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/17-14:05:49,1245) (sd-pam) (root,24216,5348,00:00:05/17-14:05:48,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/17-14:05:48,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/17-14:05:47,1354) /usr/sbin/cron -n (root,692236,75412,00:22:51/17-14:05:41,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,214464,51020,00:05:52/17-14:05:27,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/08:09,5395) [kworker/1:1-ata_sff] (root,0,0,00:00:00/01:33:12,6422) [kworker/0:2-events] (root,0,0,00:00:00/25:33,14661) [kworker/2:2-events] (root,35308,10012,00:00:00/11-11:56:43,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:38/11-11:56:42,15391) sshd: cm-ssh (root,6656,3492,00:00:00/00:00,16021) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,16039) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,16040) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10072,00:00:00/1-13:25:21,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:05/1-13:25:20,16977) sshd: syslogtunnel (postfix,24244,8200,00:00:00/12:03,18919) pickup -l -t fifo -u (root,0,0,00:00:00/44:04,22787) [kworker/3:0-events] (root,0,0,00:00:02/05:08:19,24312) [kworker/0:0-events] (root,0,0,00:00:00/43:38,26541) [kworker/u8:2-writeback] (root,0,0,00:00:00/34:05,28099) [kworker/1:0-events] (root,0,0,00:00:00/08:12:06,28658) [kworker/u8:1-writeback] (postfix,44628,9416,00:00:00/11-18:42:28,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/19:13,32239) [kworker/2:1] (root,0,0,00:00:01/03:54:09,32305) [kworker/3:1-events] (root,0,0,00:00:00/02:58,32431) [kworker/1:2-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-30 00:29 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363dbab7248Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:45/15-14:13:45,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-14:13:45,2) [kthreadd] (root,0,0,00:00:00/15-14:13:45,3) [rcu_gp] (root,0,0,00:00:00/15-14:13:45,4) [rcu_par_gp] (root,0,0,00:00:00/15-14:13:45,5) [slub_flushwq] (root,0,0,00:00:00/15-14:13:45,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-14:13:45,9) [mm_percpu_wq] (root,0,0,00:00:00/15-14:13:45,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-14:13:45,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-14:13:45,12) [rcu_tasks_trace] (root,0,0,00:00:29/15-14:13:45,13) [ksoftirqd/0] (root,0,0,00:41:52/15-14:13:45,14) [rcu_preempt] (root,0,0,00:00:05/15-14:13:45,15) [migration/0] (root,0,0,00:00:00/15-14:13:45,16) [idle_inject/0] (root,0,0,00:00:00/15-14:13:45,18) [cpuhp/0] (root,0,0,00:00:00/15-14:13:45,19) [cpuhp/1] (root,0,0,00:00:00/15-14:13:45,20) [idle_inject/1] (root,0,0,00:00:06/15-14:13:45,21) [migration/1] (root,0,0,00:00:25/15-14:13:45,22) [ksoftirqd/1] (root,0,0,00:00:00/15-14:13:45,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-14:13:45,25) [cpuhp/2] (root,0,0,00:00:00/15-14:13:45,26) [idle_inject/2] (root,0,0,00:00:05/15-14:13:45,27) [migration/2] (root,0,0,00:32:24/15-14:13:45,28) [ksoftirqd/2] (root,0,0,00:00:00/15-14:13:45,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-14:13:45,31) [cpuhp/3] (root,0,0,00:00:00/15-14:13:45,32) [idle_inject/3] (root,0,0,00:00:05/15-14:13:45,33) [migration/3] (root,0,0,00:01:30/15-14:13:45,34) [ksoftirqd/3] (root,0,0,00:00:00/15-14:13:45,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-14:13:45,39) [kdevtmpfs] (root,0,0,00:00:00/15-14:13:45,40) [netns] (root,0,0,00:00:00/15-14:13:45,41) [inet_frag_wq] (root,0,0,00:00:04/15-14:13:45,42) [kauditd] (root,0,0,00:00:00/15-14:13:45,43) [khungtaskd] (root,0,0,00:00:00/15-14:13:45,44) [oom_reaper] (root,0,0,00:00:00/15-14:13:45,45) [writeback] (root,0,0,00:00:46/15-14:13:45,46) [kcompactd0] (root,0,0,00:00:00/15-14:13:45,47) [ksmd] (root,0,0,00:00:46/15-14:13:45,48) [khugepaged] (root,0,0,00:00:00/15-14:13:45,74) [kintegrityd] (root,0,0,00:00:00/15-14:13:45,75) [kblockd] (root,0,0,00:00:00/15-14:13:45,76) [blkcg_punt_bio] (root,0,0,00:00:00/15-14:13:45,78) [tpm_dev_wq] (root,0,0,00:00:00/15-14:13:45,79) [edac-poller] (root,0,0,00:00:00/15-14:13:45,80) [devfreq_wq] (root,0,0,00:00:00/15-14:13:45,110) [watchdogd] (root,0,0,00:00:03/15-14:13:45,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/15-14:13:45,112) [kswapd0] (root,0,0,00:00:00/15-14:13:44,114) [kthrotld] (root,0,0,00:00:00/15-14:13:44,115) [mld] (root,0,0,00:00:00/15-14:13:44,116) [ipv6_addrconf] (root,0,0,00:00:06/15-14:13:44,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/15-14:13:44,122) [kstrp] (root,0,0,00:00:00/15-14:13:44,123) [zswap-shrink] (root,0,0,00:00:00/15-14:13:44,124) [kworker/u9:0] (root,0,0,00:00:00/15-14:13:44,129) [charger_manager] (root,0,0,00:00:03/15-14:13:43,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/15-14:13:43,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-14:13:43,205) [kaluad] (root,0,0,00:00:00/15-14:13:43,250) [kmpath_rdacd] (root,0,0,00:00:00/15-14:13:43,293) [kmpathd] (root,0,0,00:00:00/15-14:13:43,294) [kmpath_handlerd] (root,0,0,00:00:00/15-14:13:43,342) [ata_sff] (root,0,0,00:00:00/15-14:13:42,343) [scsi_eh_0] (root,0,0,00:00:00/15-14:13:42,344) [scsi_tmf_0] (root,0,0,00:00:00/15-14:13:42,345) [scsi_eh_1] (root,0,0,00:00:00/15-14:13:42,346) [scsi_tmf_1] (root,0,0,00:00:23/15-14:13:40,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-14:13:40,367) [ext4-rsv-conver] (root,38604,7876,00:00:24/15-14:13:28,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/15-14:13:27,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:23/15-14:13:25,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:09/15-14:12:51,512) /sbin/auditd (messagebus,22936,5672,00:00:49/15-14:12:51,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:28/15-14:12:51,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/15-14:12:51,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/15-14:12:50,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/15-14:12:50,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,6656,3512,00:00:00/00:00,636) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,644) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,728) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,757) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,758) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,547848,27976,00:00:17/15-14:12:36,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/15-14:12:36,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:25/15-14:12:35,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/15-14:12:35,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/15-14:12:35,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/15-14:12:35,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/15-14:12:35,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:24/15-14:12:35,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:06/15-14:12:35,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/15-14:12:35,1206) bpfilter_umh (root,26204,8300,00:00:07/15-14:12:35,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/15-14:12:35,1215) ntpd: asynchronous dns resolver (spot,285428,171376,20:58:33/15-14:12:35,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/15-14:12:34,1228) (sd-pam) (checkmk,48532,3192,00:00:00/15-14:12:34,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/15-14:12:34,1245) (sd-pam) (root,24216,5348,00:00:05/15-14:12:33,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/15-14:12:33,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/15-14:12:32,1354) /usr/sbin/cron -n (root,691980,74872,00:20:11/15-14:12:26,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,213440,49188,00:05:10/15-14:12:12,1380) /usr/bin/python3.11 /usr/bin/spot (postfix,24244,8144,00:00:00/40:53,7227) pickup -l -t fifo -u (root,35308,10012,00:00:00/8-06:08:39,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:29/8-06:08:39,8749) sshd: syslogtunnel (root,0,0,00:00:00/09:47,9270) [kworker/0:0-events] (root,0,0,00:00:00/01:06:03,10498) [kworker/3:0-events] (root,0,0,00:00:02/01:28:41,10640) [kworker/2:2-events] (root,0,0,00:00:00/15:52,13513) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/02:40,14782) [kworker/1:2-ata_sff] (root,0,0,00:00:00/15:27,15321) [kworker/3:1-cgroup_destroy] (root,35308,10012,00:00:00/9-12:03:28,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:31/9-12:03:27,15391) sshd: cm-ssh (root,0,0,00:00:00/01:04:56,16028) [kworker/1:1-events] (root,0,0,00:00:00/07:51,21261) [kworker/1:0-ata_sff] (root,0,0,00:00:00/26:47,25460) [kworker/2:0] (root,0,0,00:00:00/01:39:51,26890) [kworker/0:1-events] (postfix,44628,9416,00:00:00/9-18:49:13,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:35:02,30764) [kworker/u8:2-ext4-rsv-conversion] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-28 00:35 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836382fcd7e4Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:40/13-13:00:50,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-13:00:50,2) [kthreadd] (root,0,0,00:00:00/13-13:00:50,3) [rcu_gp] (root,0,0,00:00:00/13-13:00:50,4) [rcu_par_gp] (root,0,0,00:00:00/13-13:00:50,5) [slub_flushwq] (root,0,0,00:00:00/13-13:00:50,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-13:00:50,9) [mm_percpu_wq] (root,0,0,00:00:00/13-13:00:50,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-13:00:50,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-13:00:50,12) [rcu_tasks_trace] (root,0,0,00:00:25/13-13:00:50,13) [ksoftirqd/0] (root,0,0,00:36:27/13-13:00:50,14) [rcu_preempt] (root,0,0,00:00:05/13-13:00:50,15) [migration/0] (root,0,0,00:00:00/13-13:00:50,16) [idle_inject/0] (root,0,0,00:00:00/13-13:00:50,18) [cpuhp/0] (root,0,0,00:00:00/13-13:00:50,19) [cpuhp/1] (root,0,0,00:00:00/13-13:00:50,20) [idle_inject/1] (root,0,0,00:00:05/13-13:00:50,21) [migration/1] (root,0,0,00:00:22/13-13:00:50,22) [ksoftirqd/1] (root,0,0,00:00:00/13-13:00:50,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-13:00:50,25) [cpuhp/2] (root,0,0,00:00:00/13-13:00:50,26) [idle_inject/2] (root,0,0,00:00:04/13-13:00:50,27) [migration/2] (root,0,0,00:28:43/13-13:00:50,28) [ksoftirqd/2] (root,0,0,00:00:00/13-13:00:50,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-13:00:50,31) [cpuhp/3] (root,0,0,00:00:00/13-13:00:50,32) [idle_inject/3] (root,0,0,00:00:05/13-13:00:50,33) [migration/3] (root,0,0,00:01:19/13-13:00:50,34) [ksoftirqd/3] (root,0,0,00:00:00/13-13:00:50,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-13:00:50,39) [kdevtmpfs] (root,0,0,00:00:00/13-13:00:50,40) [netns] (root,0,0,00:00:00/13-13:00:50,41) [inet_frag_wq] (root,0,0,00:00:04/13-13:00:50,42) [kauditd] (root,0,0,00:00:00/13-13:00:50,43) [khungtaskd] (root,0,0,00:00:00/13-13:00:50,44) [oom_reaper] (root,0,0,00:00:00/13-13:00:50,45) [writeback] (root,0,0,00:00:40/13-13:00:50,46) [kcompactd0] (root,0,0,00:00:00/13-13:00:50,47) [ksmd] (root,0,0,00:00:40/13-13:00:50,48) [khugepaged] (root,0,0,00:00:00/13-13:00:50,74) [kintegrityd] (root,0,0,00:00:00/13-13:00:50,75) [kblockd] (root,0,0,00:00:00/13-13:00:50,76) [blkcg_punt_bio] (root,0,0,00:00:00/13-13:00:50,78) [tpm_dev_wq] (root,0,0,00:00:00/13-13:00:50,79) [edac-poller] (root,0,0,00:00:00/13-13:00:50,80) [devfreq_wq] (root,0,0,00:00:00/13-13:00:50,110) [watchdogd] (root,0,0,00:00:02/13-13:00:50,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/13-13:00:50,112) [kswapd0] (root,0,0,00:00:00/13-13:00:49,114) [kthrotld] (root,0,0,00:00:00/13-13:00:49,115) [mld] (root,0,0,00:00:00/13-13:00:49,116) [ipv6_addrconf] (root,0,0,00:00:05/13-13:00:49,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/13-13:00:49,122) [kstrp] (root,0,0,00:00:00/13-13:00:49,123) [zswap-shrink] (root,0,0,00:00:00/13-13:00:49,124) [kworker/u9:0] (root,0,0,00:00:00/13-13:00:49,129) [charger_manager] (root,0,0,00:00:02/13-13:00:48,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/13-13:00:48,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-13:00:48,205) [kaluad] (root,0,0,00:00:00/13-13:00:48,250) [kmpath_rdacd] (root,0,0,00:00:00/13-13:00:48,293) [kmpathd] (root,0,0,00:00:00/13-13:00:48,294) [kmpath_handlerd] (root,0,0,00:00:00/13-13:00:48,342) [ata_sff] (root,0,0,00:00:00/13-13:00:47,343) [scsi_eh_0] (root,0,0,00:00:00/13-13:00:47,344) [scsi_tmf_0] (root,0,0,00:00:00/13-13:00:47,345) [scsi_eh_1] (root,0,0,00:00:00/13-13:00:47,346) [scsi_tmf_1] (root,0,0,00:00:00/02:06:36,353) [kworker/0:0-events] (root,0,0,00:00:20/13-13:00:45,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-13:00:45,367) [ext4-rsv-conver] (root,38604,7876,00:00:22/13-13:00:33,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/13-13:00:32,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:20/13-13:00:30,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:08/13-12:59:56,512) /sbin/auditd (messagebus,22936,5672,00:00:45/13-12:59:56,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8536,00:00:25/13-12:59:56,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/13-12:59:56,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/13-12:59:55,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/13-12:59:55,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27716,00:00:15/13-12:59:41,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/13-12:59:41,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:11/13-12:59:40,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/13-12:59:40,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/13-12:59:40,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/13-12:59:40,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/13-12:59:40,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:21/13-12:59:40,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:01:50/13-12:59:40,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/13-12:59:40,1206) bpfilter_umh (root,26204,8300,00:00:07/13-12:59:40,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/13-12:59:40,1215) ntpd: asynchronous dns resolver (spot,286948,171684,18:09:27/13-12:59:40,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/13-12:59:39,1228) (sd-pam) (checkmk,48532,3192,00:00:00/13-12:59:39,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/13-12:59:39,1245) (sd-pam) (root,24216,5348,00:00:04/13-12:59:38,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/13-12:59:38,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/13-12:59:37,1354) /usr/sbin/cron -n (root,691980,74552,00:17:30/13-12:59:31,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,47900,00:04:28/13-12:59:17,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:03/02:57:28,4939) [kworker/2:2-events] (root,6656,3488,00:00:00/00:00,6137) /bin/bash /usr/bin/check_mk_agent (root,13744,3380,00:00:00/00:00,6155) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,6156) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10012,00:00:00/6-04:55:44,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:22/6-04:55:44,8749) sshd: syslogtunnel (root,0,0,00:00:00/53:28,10749) [kworker/1:2-events] (root,0,0,00:00:00/06:48,11955) [kworker/1:0-ata_sff] (root,0,0,00:00:00/02:10:26,15360) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/7-10:50:33,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:25/7-10:50:32,15391) sshd: cm-ssh (root,0,0,00:00:00/01:00:35,18087) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/22:52,19853) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/04:18,23451) [kworker/3:1-events] (root,0,0,00:00:00/34:38,24348) [kworker/u8:1-ext4-rsv-conversion] (postfix,24244,8208,00:00:00/01:29:55,24791) pickup -l -t fifo -u (root,0,0,00:00:00/19:45,30047) [kworker/0:1-events] (postfix,44628,9416,00:00:00/7-17:36:18,30472) tlsmgr -l -t unix -u (root,0,0,00:00:01/03:28:08,31777) [kworker/3:0-events] (root,0,0,00:00:00/01:35,32670) [kworker/1:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-25 23:23 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363acac5fd9Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:35/11-14:21:15,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-14:21:15,2) [kthreadd] (root,0,0,00:00:00/11-14:21:15,3) [rcu_gp] (root,0,0,00:00:00/11-14:21:15,4) [rcu_par_gp] (root,0,0,00:00:00/11-14:21:15,5) [slub_flushwq] (root,0,0,00:00:00/11-14:21:15,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-14:21:15,9) [mm_percpu_wq] (root,0,0,00:00:00/11-14:21:15,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-14:21:15,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-14:21:15,12) [rcu_tasks_trace] (root,0,0,00:00:21/11-14:21:15,13) [ksoftirqd/0] (root,0,0,00:30:53/11-14:21:15,14) [rcu_preempt] (root,0,0,00:00:04/11-14:21:15,15) [migration/0] (root,0,0,00:00:00/11-14:21:15,16) [idle_inject/0] (root,0,0,00:00:00/11-14:21:15,18) [cpuhp/0] (root,0,0,00:00:00/11-14:21:15,19) [cpuhp/1] (root,0,0,00:00:00/11-14:21:15,20) [idle_inject/1] (root,0,0,00:00:04/11-14:21:15,21) [migration/1] (root,0,0,00:00:18/11-14:21:15,22) [ksoftirqd/1] (root,0,0,00:00:00/11-14:21:15,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-14:21:15,25) [cpuhp/2] (root,0,0,00:00:00/11-14:21:15,26) [idle_inject/2] (root,0,0,00:00:03/11-14:21:15,27) [migration/2] (root,0,0,00:24:20/11-14:21:15,28) [ksoftirqd/2] (root,0,0,00:00:00/11-14:21:15,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-14:21:15,31) [cpuhp/3] (root,0,0,00:00:00/11-14:21:15,32) [idle_inject/3] (root,0,0,00:00:04/11-14:21:15,33) [migration/3] (root,0,0,00:01:06/11-14:21:15,34) [ksoftirqd/3] (root,0,0,00:00:00/11-14:21:15,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-14:21:15,39) [kdevtmpfs] (root,0,0,00:00:00/11-14:21:15,40) [netns] (root,0,0,00:00:00/11-14:21:15,41) [inet_frag_wq] (root,0,0,00:00:03/11-14:21:15,42) [kauditd] (root,0,0,00:00:00/11-14:21:15,43) [khungtaskd] (root,0,0,00:00:00/11-14:21:15,44) [oom_reaper] (root,0,0,00:00:00/11-14:21:15,45) [writeback] (root,0,0,00:00:33/11-14:21:15,46) [kcompactd0] (root,0,0,00:00:00/11-14:21:15,47) [ksmd] (root,0,0,00:00:34/11-14:21:15,48) [khugepaged] (root,0,0,00:00:00/11-14:21:15,74) [kintegrityd] (root,0,0,00:00:00/11-14:21:15,75) [kblockd] (root,0,0,00:00:00/11-14:21:15,76) [blkcg_punt_bio] (root,0,0,00:00:00/11-14:21:15,78) [tpm_dev_wq] (root,0,0,00:00:00/11-14:21:15,79) [edac-poller] (root,0,0,00:00:00/11-14:21:15,80) [devfreq_wq] (root,0,0,00:00:00/11-14:21:15,110) [watchdogd] (root,0,0,00:00:02/11-14:21:15,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-14:21:15,112) [kswapd0] (root,0,0,00:00:00/11-14:21:14,114) [kthrotld] (root,0,0,00:00:00/11-14:21:14,115) [mld] (root,0,0,00:00:00/11-14:21:14,116) [ipv6_addrconf] (root,0,0,00:00:04/11-14:21:14,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/11-14:21:14,122) [kstrp] (root,0,0,00:00:00/11-14:21:14,123) [zswap-shrink] (root,0,0,00:00:00/11-14:21:14,124) [kworker/u9:0] (root,0,0,00:00:00/11-14:21:14,129) [charger_manager] (root,0,0,00:00:02/11-14:21:13,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/11-14:21:13,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-14:21:13,205) [kaluad] (root,0,0,00:00:00/11-14:21:13,250) [kmpath_rdacd] (root,0,0,00:00:00/11-14:21:13,293) [kmpathd] (root,0,0,00:00:00/11-14:21:13,294) [kmpath_handlerd] (root,0,0,00:00:00/11-14:21:13,342) [ata_sff] (root,0,0,00:00:00/11-14:21:12,343) [scsi_eh_0] (root,0,0,00:00:00/11-14:21:12,344) [scsi_tmf_0] (root,0,0,00:00:00/11-14:21:12,345) [scsi_eh_1] (root,0,0,00:00:00/11-14:21:12,346) [scsi_tmf_1] (root,0,0,00:00:17/11-14:21:10,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-14:21:10,367) [ext4-rsv-conver] (root,38604,7900,00:00:19/11-14:20:58,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/11-14:20:57,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:17/11-14:20:55,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:07/11-14:20:21,512) /sbin/auditd (messagebus,22936,5672,00:00:39/11-14:20:21,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8548,00:00:22/11-14:20:21,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/11-14:20:21,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/11-14:20:20,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/11-14:20:20,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27724,00:00:13/11-14:20:06,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/11-14:20:06,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:02/11-14:20:05,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/11-14:20:05,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/11-14:20:05,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/11-14:20:05,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/11-14:20:05,1201) /usr/lib/systemd/systemd --user (root,448968,9084,00:00:18/11-14:20:05,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:33/11-14:20:05,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/11-14:20:05,1206) bpfilter_umh (root,26204,8300,00:00:06/11-14:20:05,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/11-14:20:05,1215) ntpd: asynchronous dns resolver (spot,284980,171188,14:24:04/11-14:20:05,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/11-14:20:04,1228) (sd-pam) (checkmk,48532,3192,00:00:00/11-14:20:04,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/11-14:20:04,1245) (sd-pam) (root,24216,5348,00:00:03/11-14:20:03,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/11-14:20:03,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/11-14:20:02,1354) /usr/sbin/cron -n (root,691724,74152,00:14:56/11-14:19:56,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,211392,46620,00:03:47/11-14:19:42,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/11:43:24,4619) [kworker/u8:0-ext4-rsv-conversion] (root,6656,3488,00:00:00/00:00,5529) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,5581) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,5582) /bin/bash /usr/bin/check_mk_agent (root,4480,1168,00:00:00/00:00,5583) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,772,00:00:00/00:00,5584) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,704,00:00:00/00:00,5585) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3488,00:00:00/00:00,5586) /bin/bash /usr/bin/check_mk_agent (root,13744,3516,00:00:00/00:00,5604) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,5605) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8200,00:00:00/01:30:57,7853) pickup -l -t fifo -u (root,35308,10012,00:00:00/4-06:16:09,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:15/4-06:16:09,8749) sshd: syslogtunnel (root,0,0,00:00:00/04:29,12648) [kworker/1:0-ata_sff] (root,0,0,00:00:00/09:42,12825) [kworker/1:2-ata_sff] (root,35308,10012,00:00:00/5-12:10:58,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:18/5-12:10:57,15391) sshd: cm-ssh (root,0,0,00:00:03/04:29:05,21671) [kworker/1:1-events] (root,0,0,00:00:00/27:48,23413) [kworker/0:1-events] (root,0,0,00:00:00/42:19,23908) [kworker/3:0-events] (root,0,0,00:00:01/01:24:51,27030) [kworker/2:0-events] (root,0,0,00:00:00/32:39,27246) [kworker/3:1] (root,0,0,00:00:00/07:17,28081) [kworker/0:0-events] (root,0,0,00:00:00/19:32,28261) [kworker/2:2-events] (postfix,44628,9464,00:00:00/5-18:56:43,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/04:02:21,31970) [kworker/u8:2-writeback] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-24 00:43 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836389d71d4cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:30/9-14:29:15,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-14:29:15,2) [kthreadd] (root,0,0,00:00:00/9-14:29:15,3) [rcu_gp] (root,0,0,00:00:00/9-14:29:15,4) [rcu_par_gp] (root,0,0,00:00:00/9-14:29:15,5) [slub_flushwq] (root,0,0,00:00:00/9-14:29:15,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-14:29:15,9) [mm_percpu_wq] (root,0,0,00:00:00/9-14:29:15,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-14:29:15,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-14:29:15,12) [rcu_tasks_trace] (root,0,0,00:00:17/9-14:29:15,13) [ksoftirqd/0] (root,0,0,00:25:25/9-14:29:15,14) [rcu_preempt] (root,0,0,00:00:03/9-14:29:15,15) [migration/0] (root,0,0,00:00:00/9-14:29:15,16) [idle_inject/0] (root,0,0,00:00:00/9-14:29:15,18) [cpuhp/0] (root,0,0,00:00:00/9-14:29:15,19) [cpuhp/1] (root,0,0,00:00:00/9-14:29:15,20) [idle_inject/1] (root,0,0,00:00:03/9-14:29:15,21) [migration/1] (root,0,0,00:00:14/9-14:29:15,22) [ksoftirqd/1] (root,0,0,00:00:00/9-14:29:15,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-14:29:15,25) [cpuhp/2] (root,0,0,00:00:00/9-14:29:15,26) [idle_inject/2] (root,0,0,00:00:03/9-14:29:15,27) [migration/2] (root,0,0,00:20:26/9-14:29:15,28) [ksoftirqd/2] (root,0,0,00:00:00/9-14:29:15,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-14:29:15,31) [cpuhp/3] (root,0,0,00:00:00/9-14:29:15,32) [idle_inject/3] (root,0,0,00:00:03/9-14:29:15,33) [migration/3] (root,0,0,00:00:54/9-14:29:15,34) [ksoftirqd/3] (root,0,0,00:00:00/9-14:29:15,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-14:29:15,39) [kdevtmpfs] (root,0,0,00:00:00/9-14:29:15,40) [netns] (root,0,0,00:00:00/9-14:29:15,41) [inet_frag_wq] (root,0,0,00:00:03/9-14:29:15,42) [kauditd] (root,0,0,00:00:00/9-14:29:15,43) [khungtaskd] (root,0,0,00:00:00/9-14:29:15,44) [oom_reaper] (root,0,0,00:00:00/9-14:29:15,45) [writeback] (root,0,0,00:00:27/9-14:29:15,46) [kcompactd0] (root,0,0,00:00:00/9-14:29:15,47) [ksmd] (root,0,0,00:00:29/9-14:29:15,48) [khugepaged] (root,0,0,00:00:00/9-14:29:15,74) [kintegrityd] (root,0,0,00:00:00/9-14:29:15,75) [kblockd] (root,0,0,00:00:00/9-14:29:15,76) [blkcg_punt_bio] (root,0,0,00:00:00/9-14:29:15,78) [tpm_dev_wq] (root,0,0,00:00:00/9-14:29:15,79) [edac-poller] (root,0,0,00:00:00/9-14:29:15,80) [devfreq_wq] (root,0,0,00:00:00/9-14:29:15,110) [watchdogd] (root,0,0,00:00:01/9-14:29:15,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-14:29:15,112) [kswapd0] (root,0,0,00:00:00/9-14:29:14,114) [kthrotld] (root,0,0,00:00:00/9-14:29:14,115) [mld] (root,0,0,00:00:00/9-14:29:14,116) [ipv6_addrconf] (root,0,0,00:00:04/9-14:29:14,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/9-14:29:14,122) [kstrp] (root,0,0,00:00:00/9-14:29:14,123) [zswap-shrink] (root,0,0,00:00:00/9-14:29:14,124) [kworker/u9:0] (root,0,0,00:00:00/9-14:29:14,129) [charger_manager] (root,0,0,00:00:02/9-14:29:13,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/9-14:29:13,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-14:29:13,205) [kaluad] (root,0,0,00:00:00/9-14:29:13,250) [kmpath_rdacd] (root,0,0,00:00:00/9-14:29:13,293) [kmpathd] (root,0,0,00:00:00/9-14:29:13,294) [kmpath_handlerd] (root,0,0,00:00:00/9-14:29:13,342) [ata_sff] (root,0,0,00:00:00/9-14:29:12,343) [scsi_eh_0] (root,0,0,00:00:00/9-14:29:12,344) [scsi_tmf_0] (root,0,0,00:00:00/9-14:29:12,345) [scsi_eh_1] (root,0,0,00:00:00/9-14:29:12,346) [scsi_tmf_1] (root,0,0,00:00:14/9-14:29:10,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-14:29:10,367) [ext4-rsv-conver] (root,38604,7900,00:00:16/9-14:28:58,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/9-14:28:57,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:14/9-14:28:55,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:06/9-14:28:21,512) /sbin/auditd (messagebus,22936,5672,00:00:33/9-14:28:21,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:19/9-14:28:21,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/9-14:28:21,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/9-14:28:20,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/9-14:28:20,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,26656,00:00:11/9-14:28:06,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/9-14:28:06,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:51/9-14:28:05,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/9-14:28:05,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/9-14:28:05,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/9-14:28:05,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/9-14:28:05,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:16/9-14:28:05,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:16/9-14:28:05,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/9-14:28:05,1206) bpfilter_umh (root,26204,8300,00:00:05/9-14:28:05,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/9-14:28:05,1215) ntpd: asynchronous dns resolver (spot,284676,169672,11:15:04/9-14:28:05,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/9-14:28:04,1228) (sd-pam) (checkmk,48532,3192,00:00:00/9-14:28:04,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/9-14:28:04,1245) (sd-pam) (root,24216,5348,00:00:03/9-14:28:03,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/9-14:28:03,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/9-14:28:02,1354) /usr/sbin/cron -n (root,691336,73836,00:12:21/9-14:27:56,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,210368,45336,00:03:07/9-14:27:42,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:06/05:56:22,2819) [kworker/2:2-events] (root,0,0,00:00:00/40:57,5542) [kworker/u8:2-flush-253:0] (postfix,24244,8256,00:00:00/20:47,5772) pickup -l -t fifo -u (root,0,0,00:00:00/12:31,8672) [kworker/2:1-cgroup_destroy] (root,35308,10012,00:00:00/2-06:24:09,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:08/2-06:24:09,8749) sshd: syslogtunnel (root,0,0,00:00:00/03:31,10686) [kworker/1:0-ata_sff] (root,0,0,00:00:00/19:05,10958) [kworker/1:1-events] (root,0,0,00:00:00/02:52,14414) [kworker/2:0] (root,35308,10012,00:00:00/3-12:18:58,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:11/3-12:18:57,15391) sshd: cm-ssh (root,0,0,00:00:00/36:55,16880) [kworker/3:1-events] (root,0,0,00:00:00/17:23,17419) [kworker/3:0-events] (root,0,0,00:00:00/01:39:13,22486) [kworker/u8:1] (root,0,0,00:00:00/08:42,24364) [kworker/1:2-ata_sff] (root,0,0,00:00:00/51:38,24499) [kworker/0:0] (root,6764,3600,00:00:00/00:00,25709) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,25839) /bin/bash /usr/bin/check_mk_agent (root,6656,3476,00:00:00/00:00,25854) /bin/bash /usr/bin/check_mk_agent (root,6292,3188,00:00:00/00:00,25878) /bin/bash ././spot.bash (root,13744,3452,00:00:00/00:00,25891) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,25893) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,13744,3424,00:00:00/00:00,25901) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,25902) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:06:25,26656) [kworker/0:2-events] (postfix,44628,9464,00:00:00/3-19:04:43,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-22 00:51 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836317bc0a64Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:25/8-00:34:03,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/8-00:34:03,2) [kthreadd] (root,0,0,00:00:00/8-00:34:03,3) [rcu_gp] (root,0,0,00:00:00/8-00:34:03,4) [rcu_par_gp] (root,0,0,00:00:00/8-00:34:03,5) [slub_flushwq] (root,0,0,00:00:00/8-00:34:03,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/8-00:34:03,9) [mm_percpu_wq] (root,0,0,00:00:00/8-00:34:03,10) [rcu_tasks_kthre] (root,0,0,00:00:00/8-00:34:03,11) [rcu_tasks_rude_] (root,0,0,00:00:00/8-00:34:03,12) [rcu_tasks_trace] (root,0,0,00:00:14/8-00:34:03,13) [ksoftirqd/0] (root,0,0,00:21:11/8-00:34:03,14) [rcu_preempt] (root,0,0,00:00:03/8-00:34:03,15) [migration/0] (root,0,0,00:00:00/8-00:34:03,16) [idle_inject/0] (root,0,0,00:00:00/8-00:34:03,18) [cpuhp/0] (root,0,0,00:00:00/8-00:34:03,19) [cpuhp/1] (root,0,0,00:00:00/8-00:34:03,20) [idle_inject/1] (root,0,0,00:00:03/8-00:34:03,21) [migration/1] (root,0,0,00:00:12/8-00:34:03,22) [ksoftirqd/1] (root,0,0,00:00:00/8-00:34:03,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/8-00:34:03,25) [cpuhp/2] (root,0,0,00:00:00/8-00:34:03,26) [idle_inject/2] (root,0,0,00:00:02/8-00:34:03,27) [migration/2] (root,0,0,00:16:56/8-00:34:03,28) [ksoftirqd/2] (root,0,0,00:00:00/8-00:34:03,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/8-00:34:03,31) [cpuhp/3] (root,0,0,00:00:00/8-00:34:03,32) [idle_inject/3] (root,0,0,00:00:03/8-00:34:03,33) [migration/3] (root,0,0,00:00:46/8-00:34:03,34) [ksoftirqd/3] (root,0,0,00:00:00/8-00:34:03,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/8-00:34:03,39) [kdevtmpfs] (root,0,0,00:00:00/8-00:34:03,40) [netns] (root,0,0,00:00:00/8-00:34:03,41) [inet_frag_wq] (root,0,0,00:00:02/8-00:34:03,42) [kauditd] (root,0,0,00:00:00/8-00:34:03,43) [khungtaskd] (root,0,0,00:00:00/8-00:34:03,44) [oom_reaper] (root,0,0,00:00:00/8-00:34:03,45) [writeback] (root,0,0,00:00:23/8-00:34:03,46) [kcompactd0] (root,0,0,00:00:00/8-00:34:03,47) [ksmd] (root,0,0,00:00:24/8-00:34:03,48) [khugepaged] (root,0,0,00:00:00/8-00:34:03,74) [kintegrityd] (root,0,0,00:00:00/8-00:34:03,75) [kblockd] (root,0,0,00:00:00/8-00:34:03,76) [blkcg_punt_bio] (root,0,0,00:00:00/8-00:34:03,78) [tpm_dev_wq] (root,0,0,00:00:00/8-00:34:03,79) [edac-poller] (root,0,0,00:00:00/8-00:34:03,80) [devfreq_wq] (root,0,0,00:00:00/8-00:34:03,110) [watchdogd] (root,0,0,00:00:01/8-00:34:03,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/8-00:34:03,112) [kswapd0] (root,0,0,00:00:00/8-00:34:02,114) [kthrotld] (root,0,0,00:00:00/8-00:34:02,115) [mld] (root,0,0,00:00:00/8-00:34:02,116) [ipv6_addrconf] (root,0,0,00:00:03/8-00:34:02,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/8-00:34:02,122) [kstrp] (root,0,0,00:00:00/8-00:34:02,123) [zswap-shrink] (root,0,0,00:00:00/8-00:34:02,124) [kworker/u9:0] (root,0,0,00:00:00/8-00:34:02,129) [charger_manager] (root,0,0,00:00:01/8-00:34:01,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/8-00:34:01,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/8-00:34:01,205) [kaluad] (root,0,0,00:00:00/8-00:34:01,250) [kmpath_rdacd] (root,0,0,00:00:00/8-00:34:01,293) [kmpathd] (root,0,0,00:00:00/8-00:34:01,294) [kmpath_handlerd] (root,0,0,00:00:00/8-00:34:01,342) [ata_sff] (root,0,0,00:00:00/8-00:34:00,343) [scsi_eh_0] (root,0,0,00:00:00/8-00:34:00,344) [scsi_tmf_0] (root,0,0,00:00:00/8-00:34:00,345) [scsi_eh_1] (root,0,0,00:00:00/8-00:34:00,346) [scsi_tmf_1] (root,0,0,00:00:12/8-00:33:58,366) [jbd2/vda1-8] (root,0,0,00:00:00/8-00:33:58,367) [ext4-rsv-conver] (root,38604,7900,00:00:14/8-00:33:46,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/8-00:33:45,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:12/8-00:33:43,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:05/8-00:33:09,512) /sbin/auditd (messagebus,22936,5672,00:00:28/8-00:33:09,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,0,0,00:00:00/13:39,528) [kworker/3:2-mm_percpu_wq] (root,38748,8544,00:00:16/8-00:33:09,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/8-00:33:09,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/8-00:33:08,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/8-00:33:08,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,26136,00:00:09/8-00:32:54,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/8-00:32:54,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/44:10,1188) [kworker/u8:1-ext4-rsv-conversion] (root,21172,4568,00:00:44/8-00:32:53,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/8-00:32:53,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/8-00:32:53,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/8-00:32:53,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/8-00:32:53,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:14/8-00:32:53,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:03/8-00:32:53,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/8-00:32:53,1206) bpfilter_umh (root,26204,8300,00:00:04/8-00:32:53,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/8-00:32:53,1215) ntpd: asynchronous dns resolver (spot,282836,169212,09:17:19/8-00:32:53,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/8-00:32:52,1228) (sd-pam) (checkmk,48532,3192,00:00:00/8-00:32:52,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/8-00:32:52,1245) (sd-pam) (root,24216,5348,00:00:02/8-00:32:51,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/8-00:32:51,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/8-00:32:50,1354) /usr/sbin/cron -n (root,691080,73640,00:10:18/8-00:32:44,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,44104,00:02:34/8-00:32:30,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/10:42,3267) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/10:07,4253) [kworker/0:1] (root,0,0,00:00:00/10:04,4254) [kworker/1:2-ata_sff] (root,0,0,00:00:00/06:02:21,7262) [kworker/0:2-events] (root,0,0,00:00:00/01:17:08,7686) [kworker/3:0-events] (root,35308,10012,00:00:00/16:28:57,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:02/16:28:57,8749) sshd: syslogtunnel (root,0,0,00:00:00/04:52,11165) [kworker/1:1-ata_sff] (root,0,0,00:00:01/01:42:31,14327) [kworker/2:0-events] (root,35308,10012,00:00:00/1-22:23:46,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:06/1-22:23:45,15391) sshd: cm-ssh (root,6656,3512,00:00:00/00:00,15482) /bin/bash /usr/bin/check_mk_agent (root,13744,3452,00:00:00/00:00,15500) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,15501) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:01:57,20611) [kworker/1:0-events] (root,0,0,00:00:00/16:32,29778) [kworker/2:1-events] (postfix,44628,9464,00:00:00/2-05:09:31,30472) tlsmgr -l -t unix -u (postfix,24244,8184,00:00:00/46:59,31785) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-20 10:55 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363bfb7a99aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:24/7-13:53:00,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-13:53:00,2) [kthreadd] (root,0,0,00:00:00/7-13:53:00,3) [rcu_gp] (root,0,0,00:00:00/7-13:53:00,4) [rcu_par_gp] (root,0,0,00:00:00/7-13:53:00,5) [slub_flushwq] (root,0,0,00:00:00/7-13:53:00,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-13:53:00,9) [mm_percpu_wq] (root,0,0,00:00:00/7-13:53:00,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-13:53:00,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-13:53:00,12) [rcu_tasks_trace] (root,0,0,00:00:13/7-13:53:00,13) [ksoftirqd/0] (root,0,0,00:19:57/7-13:53:00,14) [rcu_preempt] (root,0,0,00:00:02/7-13:53:00,15) [migration/0] (root,0,0,00:00:00/7-13:53:00,16) [idle_inject/0] (root,0,0,00:00:00/7-13:53:00,18) [cpuhp/0] (root,0,0,00:00:00/7-13:53:00,19) [cpuhp/1] (root,0,0,00:00:00/7-13:53:00,20) [idle_inject/1] (root,0,0,00:00:03/7-13:53:00,21) [migration/1] (root,0,0,00:00:11/7-13:53:00,22) [ksoftirqd/1] (root,0,0,00:00:00/7-13:53:00,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-13:53:00,25) [cpuhp/2] (root,0,0,00:00:00/7-13:53:00,26) [idle_inject/2] (root,0,0,00:00:02/7-13:53:00,27) [migration/2] (root,0,0,00:16:04/7-13:53:00,28) [ksoftirqd/2] (root,0,0,00:00:00/7-13:53:00,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-13:53:00,31) [cpuhp/3] (root,0,0,00:00:00/7-13:53:00,32) [idle_inject/3] (root,0,0,00:00:03/7-13:53:00,33) [migration/3] (root,0,0,00:00:43/7-13:53:00,34) [ksoftirqd/3] (root,0,0,00:00:00/7-13:53:00,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-13:53:00,39) [kdevtmpfs] (root,0,0,00:00:00/7-13:53:00,40) [netns] (root,0,0,00:00:00/7-13:53:00,41) [inet_frag_wq] (root,0,0,00:00:02/7-13:53:00,42) [kauditd] (root,0,0,00:00:00/7-13:53:00,43) [khungtaskd] (root,0,0,00:00:00/7-13:53:00,44) [oom_reaper] (root,0,0,00:00:00/7-13:53:00,45) [writeback] (root,0,0,00:00:22/7-13:53:00,46) [kcompactd0] (root,0,0,00:00:00/7-13:53:00,47) [ksmd] (root,0,0,00:00:23/7-13:53:00,48) [khugepaged] (root,0,0,00:00:00/7-13:53:00,74) [kintegrityd] (root,0,0,00:00:00/7-13:53:00,75) [kblockd] (root,0,0,00:00:00/7-13:53:00,76) [blkcg_punt_bio] (root,0,0,00:00:00/7-13:53:00,78) [tpm_dev_wq] (root,0,0,00:00:00/7-13:53:00,79) [edac-poller] (root,0,0,00:00:00/7-13:53:00,80) [devfreq_wq] (root,0,0,00:00:00/7-13:53:00,110) [watchdogd] (root,0,0,00:00:01/7-13:53:00,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-13:53:00,112) [kswapd0] (root,0,0,00:00:00/7-13:52:59,114) [kthrotld] (root,0,0,00:00:00/7-13:52:59,115) [mld] (root,0,0,00:00:00/7-13:52:59,116) [ipv6_addrconf] (root,0,0,00:00:03/7-13:52:59,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/7-13:52:59,122) [kstrp] (root,0,0,00:00:00/7-13:52:59,123) [zswap-shrink] (root,0,0,00:00:00/7-13:52:59,124) [kworker/u9:0] (root,0,0,00:00:00/7-13:52:59,129) [charger_manager] (root,0,0,00:00:01/7-13:52:58,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/7-13:52:58,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-13:52:58,205) [kaluad] (root,0,0,00:00:00/7-13:52:58,250) [kmpath_rdacd] (root,0,0,00:00:00/7-13:52:58,293) [kmpathd] (root,0,0,00:00:00/7-13:52:58,294) [kmpath_handlerd] (root,0,0,00:00:00/7-13:52:58,342) [ata_sff] (root,0,0,00:00:00/7-13:52:57,343) [scsi_eh_0] (root,0,0,00:00:00/7-13:52:57,344) [scsi_tmf_0] (root,0,0,00:00:00/7-13:52:57,345) [scsi_eh_1] (root,0,0,00:00:00/7-13:52:57,346) [scsi_tmf_1] (root,0,0,00:00:11/7-13:52:55,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-13:52:55,367) [ext4-rsv-conver] (root,38604,7900,00:00:13/7-13:52:43,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/7-13:52:42,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:11/7-13:52:40,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:04/7-13:52:06,512) /sbin/auditd (messagebus,22936,5672,00:00:27/7-13:52:06,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:15/7-13:52:06,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/7-13:52:06,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,0,0,00:00:00/01:37:06,589) [kworker/u8:0-flush-253:0] (root,31876,16220,00:00:03/7-13:52:05,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/7-13:52:05,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/06:51,776) [kworker/3:0-events] (root,547592,25356,00:00:08/7-13:51:51,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/7-13:51:51,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:40/7-13:51:50,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/7-13:51:50,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/7-13:51:50,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/7-13:51:50,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/7-13:51:50,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:13/7-13:51:50,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:00/7-13:51:50,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/7-13:51:50,1206) bpfilter_umh (root,26204,8300,00:00:04/7-13:51:50,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/7-13:51:50,1215) ntpd: asynchronous dns resolver (spot,284468,169620,08:38:14/7-13:51:50,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/7-13:51:49,1228) (sd-pam) (checkmk,48532,3192,00:00:00/7-13:51:49,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/7-13:51:49,1245) (sd-pam) (root,24216,5348,00:00:02/7-13:51:48,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/7-13:51:48,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/7-13:51:47,1354) /usr/sbin/cron -n (root,691080,73620,00:09:43/7-13:51:41,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,43784,00:02:25/7-13:51:27,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/02:02:39,1729) [kworker/0:2-events] (postfix,24244,8216,00:00:00/06:20,3178) pickup -l -t fifo -u (root,0,0,00:00:00/14:09,3478) [kworker/2:2-events] (root,0,0,00:00:00/36:00,4855) [kworker/2:0-events] (root,0,0,00:00:01/02:31:55,7055) [kworker/3:2-events] (root,35308,10012,00:00:00/05:47:54,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:00/05:47:54,8749) sshd: syslogtunnel (root,0,0,00:00:00/21:17,11487) [kworker/0:1-events] (root,35308,10012,00:00:00/1-11:42:43,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:05/1-11:42:42,15391) sshd: cm-ssh (root,0,0,00:00:00/01:59,22703) [kworker/1:0-ata_sff] (root,0,0,00:00:00/01:15:02,28289) [kworker/u8:2-ext4-rsv-conversion] (root,6656,3484,00:00:00/00:00,29193) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,29211) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,29212) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,44628,9464,00:00:00/1-18:28:28,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/07:09,32156) [kworker/1:1-ata_sff] (root,0,0,00:00:00/27:55,32522) [kworker/1:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-20 00:15 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836319940438Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:18/5-13:19:12,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-13:19:12,2) [kthreadd] (root,0,0,00:00:00/5-13:19:12,3) [rcu_gp] (root,0,0,00:00:00/5-13:19:12,4) [rcu_par_gp] (root,0,0,00:00:00/5-13:19:12,5) [slub_flushwq] (root,0,0,00:00:00/5-13:19:12,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-13:19:12,9) [mm_percpu_wq] (root,0,0,00:00:00/5-13:19:12,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-13:19:12,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-13:19:12,12) [rcu_tasks_trace] (root,0,0,00:00:09/5-13:19:12,13) [ksoftirqd/0] (root,0,0,00:14:27/5-13:19:12,14) [rcu_preempt] (root,0,0,00:00:02/5-13:19:12,15) [migration/0] (root,0,0,00:00:00/5-13:19:12,16) [idle_inject/0] (root,0,0,00:00:00/5-13:19:12,18) [cpuhp/0] (root,0,0,00:00:00/5-13:19:12,19) [cpuhp/1] (root,0,0,00:00:00/5-13:19:12,20) [idle_inject/1] (root,0,0,00:00:02/5-13:19:12,21) [migration/1] (root,0,0,00:00:07/5-13:19:12,22) [ksoftirqd/1] (root,0,0,00:00:00/5-13:19:12,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-13:19:12,25) [cpuhp/2] (root,0,0,00:00:00/5-13:19:12,26) [idle_inject/2] (root,0,0,00:00:01/5-13:19:12,27) [migration/2] (root,0,0,00:11:57/5-13:19:12,28) [ksoftirqd/2] (root,0,0,00:00:00/5-13:19:12,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-13:19:12,31) [cpuhp/3] (root,0,0,00:00:00/5-13:19:12,32) [idle_inject/3] (root,0,0,00:00:02/5-13:19:12,33) [migration/3] (root,0,0,00:00:30/5-13:19:12,34) [ksoftirqd/3] (root,0,0,00:00:00/5-13:19:12,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-13:19:12,39) [kdevtmpfs] (root,0,0,00:00:00/5-13:19:12,40) [netns] (root,0,0,00:00:00/5-13:19:12,41) [inet_frag_wq] (root,0,0,00:00:01/5-13:19:12,42) [kauditd] (root,0,0,00:00:00/5-13:19:12,43) [khungtaskd] (root,0,0,00:00:00/5-13:19:12,44) [oom_reaper] (root,0,0,00:00:00/5-13:19:12,45) [writeback] (root,0,0,00:00:14/5-13:19:12,46) [kcompactd0] (root,0,0,00:00:00/5-13:19:12,47) [ksmd] (root,0,0,00:00:15/5-13:19:12,48) [khugepaged] (root,0,0,00:00:00/5-13:19:12,74) [kintegrityd] (root,0,0,00:00:00/5-13:19:12,75) [kblockd] (root,0,0,00:00:00/5-13:19:12,76) [blkcg_punt_bio] (root,0,0,00:00:00/5-13:19:12,78) [tpm_dev_wq] (root,0,0,00:00:00/5-13:19:12,79) [edac-poller] (root,0,0,00:00:00/5-13:19:12,80) [devfreq_wq] (root,0,0,00:00:00/5-13:19:12,110) [watchdogd] (root,0,0,00:00:01/5-13:19:12,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-13:19:12,112) [kswapd0] (root,0,0,00:00:00/5-13:19:11,114) [kthrotld] (root,0,0,00:00:00/5-13:19:11,115) [mld] (root,0,0,00:00:00/5-13:19:11,116) [ipv6_addrconf] (root,0,0,00:00:02/5-13:19:11,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/5-13:19:11,122) [kstrp] (root,0,0,00:00:00/5-13:19:11,123) [zswap-shrink] (root,0,0,00:00:00/5-13:19:11,124) [kworker/u9:0] (root,0,0,00:00:00/5-13:19:11,129) [charger_manager] (root,0,0,00:00:01/5-13:19:10,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/5-13:19:10,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-13:19:10,205) [kaluad] (root,0,0,00:00:00/5-13:19:10,250) [kmpath_rdacd] (root,0,0,00:00:00/5-13:19:10,293) [kmpathd] (root,0,0,00:00:00/5-13:19:10,294) [kmpath_handlerd] (root,0,0,00:00:00/5-13:19:10,342) [ata_sff] (root,0,0,00:00:00/5-13:19:09,343) [scsi_eh_0] (root,0,0,00:00:00/5-13:19:09,344) [scsi_tmf_0] (root,0,0,00:00:00/5-13:19:09,345) [scsi_eh_1] (root,0,0,00:00:00/5-13:19:09,346) [scsi_tmf_1] (root,0,0,00:00:08/5-13:19:07,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-13:19:07,367) [ext4-rsv-conver] (root,38604,7544,00:00:09/5-13:18:55,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/5-13:18:54,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:08/5-13:18:52,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/5-13:18:18,512) /sbin/auditd (messagebus,22936,5824,00:00:20/5-13:18:18,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:11/5-13:18:18,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/5-13:18:18,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/5-13:18:17,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/5-13:18:17,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25572,00:00:06/5-13:18:03,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/5-13:18:03,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:28/5-13:18:02,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/5-13:18:02,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/5-13:18:02,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/5-13:18:02,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/5-13:18:02,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:10/5-13:18:02,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:43/5-13:18:02,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/5-13:18:02,1206) bpfilter_umh (root,26204,8340,00:00:03/5-13:18:02,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/5-13:18:02,1215) ntpd: asynchronous dns resolver (spot,276152,163736,06:05:17/5-13:18:02,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/5-13:18:01,1228) (sd-pam) (checkmk,48532,3192,00:00:00/5-13:18:01,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/5-13:18:01,1245) (sd-pam) (root,24216,5348,00:00:01/5-13:18:00,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/5-13:18:00,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/5-13:17:59,1354) /usr/sbin/cron -n (root,691080,73464,00:07:03/5-13:17:53,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,42496,00:01:45/5-13:17:39,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:15,2640) [kworker/1:1-ata_sff] (root,0,0,00:00:00/15:55,4571) [kworker/2:0-cgroup_destroy] (root,35308,10024,00:00:00/3-15:10:48,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:12/3-15:10:48,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/3-15:10:33,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:10/3-15:10:33,4688) sshd: cm-ssh (root,6656,3488,00:00:00/00:00,7904) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,7922) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,7923) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/15:12,9134) [kworker/3:0] (root,0,0,00:00:00/06:27,10552) [kworker/1:0-ata_sff] (postfix,24244,8244,00:00:00/01:33:27,12637) pickup -l -t fifo -u (root,0,0,00:00:00/45:17,17810) [kworker/3:1-events] (root,0,0,00:00:00/19:24,22337) [kworker/0:1] (root,0,0,00:00:00/05:10:51,26136) [kworker/u8:1-flush-253:0] (root,0,0,00:00:01/01:50:13,28062) [kworker/1:2-events] (root,0,0,00:00:00/01:20:51,30976) [kworker/u8:0-writeback] (root,0,0,00:00:00/02:27:11,31879) [kworker/0:2-events] (root,0,0,00:00:00/27:56,32749) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-17 23:41 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683630c172f4cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:13/3-14:00:17,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-14:00:17,2) [kthreadd] (root,0,0,00:00:00/3-14:00:17,3) [rcu_gp] (root,0,0,00:00:00/3-14:00:17,4) [rcu_par_gp] (root,0,0,00:00:00/3-14:00:17,5) [slub_flushwq] (root,0,0,00:00:00/3-14:00:17,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-14:00:17,9) [mm_percpu_wq] (root,0,0,00:00:00/3-14:00:17,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-14:00:17,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-14:00:17,12) [rcu_tasks_trace] (root,0,0,00:00:05/3-14:00:17,13) [ksoftirqd/0] (root,0,0,00:09:21/3-14:00:17,14) [rcu_preempt] (root,0,0,00:00:01/3-14:00:17,15) [migration/0] (root,0,0,00:00:00/3-14:00:17,16) [idle_inject/0] (root,0,0,00:00:00/3-14:00:17,18) [cpuhp/0] (root,0,0,00:00:00/3-14:00:17,19) [cpuhp/1] (root,0,0,00:00:00/3-14:00:17,20) [idle_inject/1] (root,0,0,00:00:01/3-14:00:17,21) [migration/1] (root,0,0,00:00:04/3-14:00:17,22) [ksoftirqd/1] (root,0,0,00:00:00/3-14:00:17,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-14:00:17,25) [cpuhp/2] (root,0,0,00:00:00/3-14:00:17,26) [idle_inject/2] (root,0,0,00:00:01/3-14:00:17,27) [migration/2] (root,0,0,00:07:51/3-14:00:17,28) [ksoftirqd/2] (root,0,0,00:00:00/3-14:00:17,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-14:00:17,31) [cpuhp/3] (root,0,0,00:00:00/3-14:00:17,32) [idle_inject/3] (root,0,0,00:00:01/3-14:00:17,33) [migration/3] (root,0,0,00:00:20/3-14:00:17,34) [ksoftirqd/3] (root,0,0,00:00:00/3-14:00:17,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-14:00:17,39) [kdevtmpfs] (root,0,0,00:00:00/3-14:00:17,40) [netns] (root,0,0,00:00:00/3-14:00:17,41) [inet_frag_wq] (root,0,0,00:00:01/3-14:00:17,42) [kauditd] (root,0,0,00:00:00/3-14:00:17,43) [khungtaskd] (root,0,0,00:00:00/3-14:00:17,44) [oom_reaper] (root,0,0,00:00:00/3-14:00:17,45) [writeback] (root,0,0,00:00:09/3-14:00:17,46) [kcompactd0] (root,0,0,00:00:00/3-14:00:17,47) [ksmd] (root,0,0,00:00:10/3-14:00:17,48) [khugepaged] (root,0,0,00:00:00/3-14:00:17,74) [kintegrityd] (root,0,0,00:00:00/3-14:00:17,75) [kblockd] (root,0,0,00:00:00/3-14:00:17,76) [blkcg_punt_bio] (root,0,0,00:00:00/3-14:00:17,78) [tpm_dev_wq] (root,0,0,00:00:00/3-14:00:17,79) [edac-poller] (root,0,0,00:00:00/3-14:00:17,80) [devfreq_wq] (root,0,0,00:00:00/3-14:00:17,110) [watchdogd] (root,0,0,00:00:00/3-14:00:17,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-14:00:17,112) [kswapd0] (root,0,0,00:00:00/3-14:00:16,114) [kthrotld] (root,0,0,00:00:00/3-14:00:16,115) [mld] (root,0,0,00:00:00/3-14:00:16,116) [ipv6_addrconf] (root,0,0,00:00:01/3-14:00:16,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-14:00:16,122) [kstrp] (root,0,0,00:00:00/3-14:00:16,123) [zswap-shrink] (root,0,0,00:00:00/3-14:00:16,124) [kworker/u9:0] (root,0,0,00:00:00/3-14:00:16,129) [charger_manager] (root,0,0,00:00:00/3-14:00:15,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-14:00:15,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-14:00:15,205) [kaluad] (root,0,0,00:00:00/3-14:00:15,250) [kmpath_rdacd] (root,0,0,00:00:00/3-14:00:15,293) [kmpathd] (root,0,0,00:00:00/3-14:00:15,294) [kmpath_handlerd] (root,0,0,00:00:00/3-14:00:15,342) [ata_sff] (root,0,0,00:00:00/3-14:00:14,343) [scsi_eh_0] (root,0,0,00:00:00/3-14:00:14,344) [scsi_tmf_0] (root,0,0,00:00:00/3-14:00:14,345) [scsi_eh_1] (root,0,0,00:00:00/3-14:00:14,346) [scsi_tmf_1] (root,0,0,00:00:05/3-14:00:12,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-14:00:12,367) [ext4-rsv-conver] (root,38604,7544,00:00:07/3-14:00:00,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/3-13:59:59,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:05/3-13:59:57,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/3-13:59:23,512) /sbin/auditd (messagebus,22936,5824,00:00:14/3-13:59:23,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:07/3-13:59:23,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/3-13:59:23,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/3-13:59:22,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/3-13:59:22,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24748,00:00:04/3-13:59:08,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/3-13:59:08,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:16/3-13:59:07,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/3-13:59:07,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/3-13:59:07,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/3-13:59:07,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/3-13:59:07,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:07/3-13:59:07,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:28/3-13:59:07,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/3-13:59:07,1206) bpfilter_umh (root,26204,8340,00:00:02/3-13:59:07,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/3-13:59:07,1215) ntpd: asynchronous dns resolver (spot,274988,163348,04:09:23/3-13:59:07,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/3-13:59:06,1228) (sd-pam) (checkmk,48532,3192,00:00:00/3-13:59:06,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/3-13:59:06,1245) (sd-pam) (root,24216,5348,00:00:01/3-13:59:05,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-13:59:05,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/3-13:59:04,1354) /usr/sbin/cron -n (root,689544,71904,00:04:35/3-13:58:58,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,207296,41148,00:01:09/3-13:58:44,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:02/02:31:39,3235) [kworker/2:0-events] (root,35308,10024,00:00:00/1-15:51:53,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:05/1-15:51:53,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/1-15:51:38,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:05/1-15:51:38,4688) sshd: cm-ssh (root,0,0,00:00:00/01:09:27,4707) [kworker/0:2-events] (postfix,24244,8236,00:00:00/56:32,11348) pickup -l -t fifo -u (root,0,0,00:00:00/34:53,11457) [kworker/3:1-cgroup_destroy] (root,6656,3488,00:00:00/00:00,11673) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,11705) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,11706) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/26:27,13597) [kworker/2:2] (root,0,0,00:00:00/01:57:18,13813) [kworker/3:2-events] (root,0,0,00:00:00/04:51,14038) [kworker/3:0-events] (root,0,0,00:00:00/03:02,19286) [kworker/1:0-ata_sff] (root,0,0,00:00:00/18:36,19322) [kworker/1:1-events] (root,0,0,00:00:00/16:56,25346) [kworker/u8:0-writeback] (root,0,0,00:00:00/08:15,28879) [kworker/1:2-ata_sff] (root,0,0,00:00:00/04:06:54,30146) [kworker/u8:2] (root,0,0,00:00:00/01:35:52,32518) [kworker/0:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-16 00:22 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683630426bbe1Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12692,00:00:13/3-11:50:45,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-11:50:45,2) [kthreadd] (root,0,0,00:00:00/3-11:50:45,3) [rcu_gp] (root,0,0,00:00:00/3-11:50:45,4) [rcu_par_gp] (root,0,0,00:00:00/3-11:50:45,5) [slub_flushwq] (root,0,0,00:00:00/3-11:50:45,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-11:50:45,9) [mm_percpu_wq] (root,0,0,00:00:00/3-11:50:45,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-11:50:45,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-11:50:45,12) [rcu_tasks_trace] (root,0,0,00:00:05/3-11:50:45,13) [ksoftirqd/0] (root,0,0,00:09:06/3-11:50:45,14) [rcu_preempt] (root,0,0,00:00:01/3-11:50:45,15) [migration/0] (root,0,0,00:00:00/3-11:50:45,16) [idle_inject/0] (root,0,0,00:00:00/3-11:50:45,18) [cpuhp/0] (root,0,0,00:00:00/3-11:50:45,19) [cpuhp/1] (root,0,0,00:00:00/3-11:50:45,20) [idle_inject/1] (root,0,0,00:00:01/3-11:50:45,21) [migration/1] (root,0,0,00:00:04/3-11:50:45,22) [ksoftirqd/1] (root,0,0,00:00:00/3-11:50:45,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-11:50:45,25) [cpuhp/2] (root,0,0,00:00:00/3-11:50:45,26) [idle_inject/2] (root,0,0,00:00:01/3-11:50:45,27) [migration/2] (root,0,0,00:07:36/3-11:50:45,28) [ksoftirqd/2] (root,0,0,00:00:00/3-11:50:45,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-11:50:45,31) [cpuhp/3] (root,0,0,00:00:00/3-11:50:45,32) [idle_inject/3] (root,0,0,00:00:01/3-11:50:45,33) [migration/3] (root,0,0,00:00:19/3-11:50:45,34) [ksoftirqd/3] (root,0,0,00:00:00/3-11:50:45,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-11:50:45,39) [kdevtmpfs] (root,0,0,00:00:00/3-11:50:45,40) [netns] (root,0,0,00:00:00/3-11:50:45,41) [inet_frag_wq] (root,0,0,00:00:01/3-11:50:45,42) [kauditd] (root,0,0,00:00:00/3-11:50:45,43) [khungtaskd] (root,0,0,00:00:00/3-11:50:45,44) [oom_reaper] (root,0,0,00:00:00/3-11:50:45,45) [writeback] (root,0,0,00:00:09/3-11:50:45,46) [kcompactd0] (root,0,0,00:00:00/3-11:50:45,47) [ksmd] (root,0,0,00:00:10/3-11:50:45,48) [khugepaged] (root,0,0,00:00:00/3-11:50:45,74) [kintegrityd] (root,0,0,00:00:00/3-11:50:45,75) [kblockd] (root,0,0,00:00:00/3-11:50:45,76) [blkcg_punt_bio] (root,0,0,00:00:00/3-11:50:45,78) [tpm_dev_wq] (root,0,0,00:00:00/3-11:50:45,79) [edac-poller] (root,0,0,00:00:00/3-11:50:45,80) [devfreq_wq] (root,0,0,00:00:00/3-11:50:45,110) [watchdogd] (root,0,0,00:00:00/3-11:50:45,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-11:50:45,112) [kswapd0] (root,0,0,00:00:00/3-11:50:44,114) [kthrotld] (root,0,0,00:00:00/3-11:50:44,115) [mld] (root,0,0,00:00:00/3-11:50:44,116) [ipv6_addrconf] (root,0,0,00:00:01/3-11:50:44,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-11:50:44,122) [kstrp] (root,0,0,00:00:00/3-11:50:44,123) [zswap-shrink] (root,0,0,00:00:00/3-11:50:44,124) [kworker/u9:0] (root,0,0,00:00:00/3-11:50:44,129) [charger_manager] (root,0,0,00:00:00/3-11:50:43,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-11:50:43,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-11:50:43,205) [kaluad] (root,0,0,00:00:00/3-11:50:43,250) [kmpath_rdacd] (root,0,0,00:00:00/3-11:50:43,293) [kmpathd] (root,0,0,00:00:00/3-11:50:43,294) [kmpath_handlerd] (root,0,0,00:00:00/3-11:50:43,342) [ata_sff] (root,0,0,00:00:00/3-11:50:42,343) [scsi_eh_0] (root,0,0,00:00:00/3-11:50:42,344) [scsi_tmf_0] (root,0,0,00:00:00/3-11:50:42,345) [scsi_eh_1] (root,0,0,00:00:00/3-11:50:42,346) [scsi_tmf_1] (root,0,0,00:00:05/3-11:50:40,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-11:50:40,367) [ext4-rsv-conver] (root,38604,7544,00:00:06/3-11:50:28,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/3-11:50:27,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:05/3-11:50:25,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/3-11:49:51,512) /sbin/auditd (messagebus,22936,5824,00:00:14/3-11:49:51,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8536,00:00:07/3-11:49:51,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/3-11:49:51,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/3-11:49:50,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/3-11:49:50,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24748,00:00:04/3-11:49:36,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/3-11:49:36,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:14/3-11:49:35,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/3-11:49:35,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/3-11:49:35,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/3-11:49:35,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/3-11:49:35,1201) /usr/lib/systemd/systemd --user (root,448724,8116,00:00:07/3-11:49:35,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:27/3-11:49:35,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/3-11:49:35,1206) bpfilter_umh (root,26204,8340,00:00:02/3-11:49:35,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/3-11:49:35,1215) ntpd: asynchronous dns resolver (spot,274844,163308,04:03:39/3-11:49:35,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/3-11:49:34,1228) (sd-pam) (checkmk,48532,3192,00:00:00/3-11:49:34,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/3-11:49:34,1245) (sd-pam) (root,24216,5348,00:00:01/3-11:49:33,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-11:49:33,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/3-11:49:32,1354) /usr/sbin/cron -n (root,689544,71904,00:04:28/3-11:49:26,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,207296,41140,00:01:08/3-11:49:12,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/22:07,3235) [kworker/2:0-events] (root,0,0,00:00:00/32:10,4422) [kworker/1:2-events] (root,35308,10024,00:00:00/1-13:42:21,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:05/1-13:42:21,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/1-13:42:06,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:04/1-13:42:06,4688) sshd: cm-ssh (root,0,0,00:00:00/04:51,8236) [kworker/1:1-ata_sff] (root,0,0,00:00:00/13:27,12198) [kworker/2:1-events] (root,0,0,00:00:00/02:30:46,14204) [kworker/3:0-events] (root,0,0,00:00:00/12:54,14772) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/10:04,24769) [kworker/1:0-ata_sff] (root,0,0,00:00:00/00:28,25690) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/34:55,26476) [kworker/0:2-events] (root,6656,3444,00:00:00/00:00,26983) /bin/bash /usr/bin/check_mk_agent (root,13744,3364,00:00:00/00:00,27001) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,27002) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/09:09,27353) [kworker/3:2-cgroup_destroy] (postfix,24244,8288,00:00:00/27:04,29806) pickup -l -t fifo -u (root,0,0,00:00:00/01:57:22,30146) [kworker/u8:2] (root,0,0,00:00:00/26:25,30247) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-15 22:12 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363eac2e1ffFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12668,00:00:07/1-11:56:37,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-11:56:37,2) [kthreadd] (root,0,0,00:00:00/1-11:56:37,3) [rcu_gp] (root,0,0,00:00:00/1-11:56:37,4) [rcu_par_gp] (root,0,0,00:00:00/1-11:56:37,5) [slub_flushwq] (root,0,0,00:00:00/1-11:56:37,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-11:56:37,9) [mm_percpu_wq] (root,0,0,00:00:00/1-11:56:37,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-11:56:37,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-11:56:37,12) [rcu_tasks_trace] (root,0,0,00:00:02/1-11:56:37,13) [ksoftirqd/0] (root,0,0,00:03:51/1-11:56:37,14) [rcu_preempt] (root,0,0,00:00:00/1-11:56:37,15) [migration/0] (root,0,0,00:00:00/1-11:56:37,16) [idle_inject/0] (root,0,0,00:00:00/1-11:56:37,18) [cpuhp/0] (root,0,0,00:00:00/1-11:56:37,19) [cpuhp/1] (root,0,0,00:00:00/1-11:56:37,20) [idle_inject/1] (root,0,0,00:00:00/1-11:56:37,21) [migration/1] (root,0,0,00:00:01/1-11:56:37,22) [ksoftirqd/1] (root,0,0,00:00:00/1-11:56:37,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-11:56:37,25) [cpuhp/2] (root,0,0,00:00:00/1-11:56:37,26) [idle_inject/2] (root,0,0,00:00:00/1-11:56:37,27) [migration/2] (root,0,0,00:03:06/1-11:56:37,28) [ksoftirqd/2] (root,0,0,00:00:00/1-11:56:37,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-11:56:37,31) [cpuhp/3] (root,0,0,00:00:00/1-11:56:37,32) [idle_inject/3] (root,0,0,00:00:00/1-11:56:37,33) [migration/3] (root,0,0,00:00:07/1-11:56:37,34) [ksoftirqd/3] (root,0,0,00:00:00/1-11:56:37,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-11:56:37,39) [kdevtmpfs] (root,0,0,00:00:00/1-11:56:37,40) [netns] (root,0,0,00:00:00/1-11:56:37,41) [inet_frag_wq] (root,0,0,00:00:00/1-11:56:37,42) [kauditd] (root,0,0,00:00:00/1-11:56:37,43) [khungtaskd] (root,0,0,00:00:00/1-11:56:37,44) [oom_reaper] (root,0,0,00:00:00/1-11:56:37,45) [writeback] (root,0,0,00:00:04/1-11:56:37,46) [kcompactd0] (root,0,0,00:00:00/1-11:56:37,47) [ksmd] (root,0,0,00:00:04/1-11:56:37,48) [khugepaged] (root,0,0,00:00:00/1-11:56:37,74) [kintegrityd] (root,0,0,00:00:00/1-11:56:37,75) [kblockd] (root,0,0,00:00:00/1-11:56:37,76) [blkcg_punt_bio] (root,0,0,00:00:00/1-11:56:37,78) [tpm_dev_wq] (root,0,0,00:00:00/1-11:56:37,79) [edac-poller] (root,0,0,00:00:00/1-11:56:37,80) [devfreq_wq] (root,0,0,00:00:00/1-11:56:37,110) [watchdogd] (root,0,0,00:00:00/1-11:56:37,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-11:56:37,112) [kswapd0] (root,0,0,00:00:00/1-11:56:36,114) [kthrotld] (root,0,0,00:00:00/1-11:56:36,115) [mld] (root,0,0,00:00:00/1-11:56:36,116) [ipv6_addrconf] (root,0,0,00:00:00/1-11:56:36,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-11:56:36,122) [kstrp] (root,0,0,00:00:00/1-11:56:36,123) [zswap-shrink] (root,0,0,00:00:00/1-11:56:36,124) [kworker/u9:0] (root,0,0,00:00:00/1-11:56:36,129) [charger_manager] (root,0,0,00:00:00/1-11:56:35,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-11:56:35,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-11:56:35,205) [kaluad] (root,0,0,00:00:00/1-11:56:35,250) [kmpath_rdacd] (root,0,0,00:00:00/1-11:56:35,293) [kmpathd] (root,0,0,00:00:00/1-11:56:35,294) [kmpath_handlerd] (root,0,0,00:00:00/1-11:56:35,342) [ata_sff] (root,0,0,00:00:00/1-11:56:34,343) [scsi_eh_0] (root,0,0,00:00:00/1-11:56:34,344) [scsi_tmf_0] (root,0,0,00:00:00/1-11:56:34,345) [scsi_eh_1] (root,0,0,00:00:00/1-11:56:34,346) [scsi_tmf_1] (root,0,0,00:00:02/1-11:56:32,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-11:56:32,367) [ext4-rsv-conver] (root,38604,7544,00:00:03/1-11:56:20,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/1-11:56:19,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:02/1-11:56:17,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/1-11:55:43,512) /sbin/auditd (messagebus,22936,5824,00:00:06/1-11:55:43,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8504,00:00:03/1-11:55:43,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/1-11:55:43,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/1-11:55:42,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/1-11:55:42,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24220,00:00:01/1-11:55:28,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/1-11:55:28,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:05/1-11:55:27,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/1-11:55:27,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/1-11:55:27,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/1-11:55:27,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/1-11:55:27,1201) /usr/lib/systemd/systemd --user (root,448724,7840,00:00:03/1-11:55:27,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:11/1-11:55:27,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/1-11:55:27,1206) bpfilter_umh (root,26204,8340,00:00:01/1-11:55:27,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/1-11:55:27,1215) ntpd: asynchronous dns resolver (spot,198980,161680,01:41:11/1-11:55:27,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/1-11:55:26,1228) (sd-pam) (checkmk,48532,3192,00:00:00/1-11:55:26,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/1-11:55:26,1245) (sd-pam) (root,24216,5348,00:00:00/1-11:55:25,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/1-11:55:25,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/1-11:55:24,1354) /usr/sbin/cron -n (root,35308,9992,00:00:00/1-11:55:20,1368) sshd: syslogtunnel [priv] (syslogtunnel,35308,5400,00:00:05/1-11:55:20,1371) sshd: syslogtunnel (root,689288,71280,00:01:56/1-11:55:18,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,40780,00:00:30/1-11:55:04,1380) /usr/bin/python3.11 /usr/bin/spot (root,35308,9976,00:00:00/1-11:54:45,1434) sshd: cm-ssh [priv] (cm-ssh,35308,5468,00:00:04/1-11:54:45,1436) sshd: cm-ssh (root,0,0,00:00:00/35:44,1742) [kworker/0:0-events] (root,0,0,00:00:03/06:21:02,3139) [kworker/1:0-events] (root,0,0,00:00:01/03:44:56,3220) [kworker/3:2-events] (root,6656,3484,00:00:00/00:00,7652) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,7670) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,7671) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/08:18,7690) [kworker/1:1-ata_sff] (postfix,24244,8272,00:00:00/54:53,11816) pickup -l -t fifo -u (root,0,0,00:00:01/01:34:12,13438) [kworker/2:0-events] (root,0,0,00:00:00/42:19,22827) [kworker/0:2-events] (root,0,0,00:00:00/02:48:19,23925) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/42:14,24085) [kworker/u8:1-writeback] (root,0,0,00:00:00/03:51:44,24173) [kworker/3:0-events] (root,0,0,00:00:00/11:13,27612) [kworker/2:1-events] (root,0,0,00:00:00/03:08,28104) [kworker/1:2-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-13 22:18 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a04ec7c9Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12368,00:03:06/62-11:58:41,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/62-11:58:41,2) [kthreadd] (root,0,0,00:00:00/62-11:58:41,3) [rcu_gp] (root,0,0,00:00:00/62-11:58:41,4) [rcu_par_gp] (root,0,0,00:00:00/62-11:58:41,5) [slub_flushwq] (root,0,0,00:00:00/62-11:58:41,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/62-11:58:41,9) [mm_percpu_wq] (root,0,0,00:00:00/62-11:58:41,10) [rcu_tasks_kthre] (root,0,0,00:00:00/62-11:58:41,11) [rcu_tasks_rude_] (root,0,0,00:00:00/62-11:58:41,12) [rcu_tasks_trace] (root,0,0,00:01:52/62-11:58:41,13) [ksoftirqd/0] (root,0,0,02:53:58/62-11:58:41,14) [rcu_preempt] (root,0,0,00:00:23/62-11:58:41,15) [migration/0] (root,0,0,00:00:00/62-11:58:41,16) [idle_inject/0] (root,0,0,00:00:00/62-11:58:41,18) [cpuhp/0] (root,0,0,00:00:00/62-11:58:41,19) [cpuhp/1] (root,0,0,00:00:00/62-11:58:41,20) [idle_inject/1] (root,0,0,00:00:23/62-11:58:41,21) [migration/1] (root,0,0,00:01:32/62-11:58:41,22) [ksoftirqd/1] (root,0,0,00:00:00/62-11:58:41,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/62-11:58:41,25) [cpuhp/2] (root,0,0,00:00:00/62-11:58:41,26) [idle_inject/2] (root,0,0,00:00:17/62-11:58:41,27) [migration/2] (root,0,0,01:53:18/62-11:58:41,28) [ksoftirqd/2] (root,0,0,00:00:00/62-11:58:41,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/62-11:58:41,31) [cpuhp/3] (root,0,0,00:00:00/62-11:58:41,32) [idle_inject/3] (root,0,0,00:00:22/62-11:58:41,33) [migration/3] (root,0,0,00:05:42/62-11:58:41,34) [ksoftirqd/3] (root,0,0,00:00:00/62-11:58:41,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/62-11:58:41,40) [kdevtmpfs] (root,0,0,00:00:00/62-11:58:41,41) [netns] (root,0,0,00:00:00/62-11:58:41,42) [inet_frag_wq] (root,0,0,00:00:22/62-11:58:41,43) [kauditd] (root,0,0,00:00:00/62-11:58:41,44) [khungtaskd] (root,0,0,00:00:00/62-11:58:41,45) [oom_reaper] (root,0,0,00:00:00/62-11:58:41,46) [writeback] (root,0,0,00:03:10/62-11:58:41,47) [kcompactd0] (root,0,0,00:00:00/62-11:58:41,48) [ksmd] (root,0,0,00:03:27/62-11:58:41,49) [khugepaged] (root,0,0,00:00:00/62-11:58:41,75) [kintegrityd] (root,0,0,00:00:00/62-11:58:41,76) [kblockd] (root,0,0,00:00:00/62-11:58:41,77) [blkcg_punt_bio] (root,0,0,00:00:00/62-11:58:41,79) [tpm_dev_wq] (root,0,0,00:00:00/62-11:58:41,80) [edac-poller] (root,0,0,00:00:00/62-11:58:41,81) [devfreq_wq] (root,0,0,00:00:00/62-11:58:41,110) [watchdogd] (root,0,0,00:00:05/62-11:58:41,111) [kswapd0] (root,0,0,00:00:15/62-11:58:41,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/62-11:58:39,115) [kthrotld] (root,0,0,00:00:00/62-11:58:39,116) [mld] (root,0,0,00:00:00/62-11:58:39,117) [ipv6_addrconf] (root,0,0,00:00:16/62-11:58:39,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/62-11:58:39,123) [kstrp] (root,0,0,00:00:00/62-11:58:39,124) [zswap-shrink] (root,0,0,00:00:00/62-11:58:39,125) [kworker/u9:0] (root,0,0,00:00:00/62-11:58:39,130) [charger_manager] (root,0,0,00:00:18/62-11:58:39,172) [kworker/1:1H-kblockd] (root,0,0,00:00:27/62-11:58:39,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/62-11:58:38,239) [kaluad] (root,0,0,00:00:00/62-11:58:38,258) [kmpath_rdacd] (root,0,0,00:00:00/62-11:58:38,304) [kmpathd] (root,0,0,00:00:00/62-11:58:38,305) [kmpath_handlerd] (root,0,0,00:00:00/62-11:58:37,342) [ata_sff] (root,0,0,00:00:00/62-11:58:37,343) [scsi_eh_0] (root,0,0,00:00:00/62-11:58:37,344) [scsi_tmf_0] (root,0,0,00:00:00/62-11:58:37,345) [scsi_eh_1] (root,0,0,00:00:00/62-11:58:37,346) [scsi_tmf_1] (root,0,0,00:01:59/62-11:58:34,366) [jbd2/vda1-8] (root,0,0,00:00:00/62-11:58:34,367) [ext4-rsv-conver] (root,38604,7852,00:01:47/62-11:58:22,440) /usr/lib/systemd/systemd-journald (root,53296,9324,00:00:07/62-11:58:21,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:36/62-11:58:19,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1584,00:00:39/62-11:57:48,511) /sbin/auditd (messagebus,22932,5400,00:03:34/62-11:57:47,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38880,8288,00:02:00/62-11:57:47,530) /usr/lib/systemd/systemd-logind (root,20556,4152,00:00:00/62-11:57:47,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15472,00:00:03/62-11:57:45,611) /usr/sbin/wickedd --systemd --foreground (root,31900,15904,00:00:00/62-11:57:45,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/36:50,1067) [kworker/u8:0-ext4-rsv-conversion] (root,549384,31628,00:01:13/62-11:57:31,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/62-11:57:31,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:06:03/62-11:57:31,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/62-11:57:31,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/62-11:57:31,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/62-11:57:31,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/62-11:57:31,1343) /usr/lib/systemd/systemd --user (root,449060,7988,00:01:55/62-11:57:31,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:52/62-11:57:31,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/62-11:57:31,1352) bpfilter_umh (root,26204,8096,00:00:33/62-11:57:31,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/62-11:57:31,1359) ntpd: asynchronous dns resolver (spot,362352,213480,3-10:59:21/62-11:57:30,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/62-11:57:30,1371) (sd-pam) (checkmk,48528,3180,00:00:00/62-11:57:30,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/62-11:57:30,1373) (sd-pam) (root,0,0,00:00:00/25:19,1415) [kworker/u8:2-ext4-rsv-conversion] (root,24216,5256,00:00:22/62-11:57:28,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/62-11:57:28,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/62-11:57:28,1485) /usr/sbin/cron -n (root,699464,80272,01:26:20/62-11:57:22,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,236992,82952,00:31:53/62-11:57:10,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9104,00:00:02/56-17:32:45,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/04:33,2753) [kworker/3:2-ata_sff] (root,0,0,00:00:00/02:00:35,8027) [kworker/0:1-mm_percpu_wq] (root,35304,10040,00:00:00/24-12:25:40,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:32/24-12:25:39,10514) sshd: syslogtunnel (postfix,24244,8240,00:00:00/48:17,10568) pickup -l -t fifo -u (root,0,0,00:00:00/09:44,11605) [kworker/3:1-ata_sff] (root,0,0,00:00:00/02:20,11735) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/54:30,17828) [kworker/0:0-mm_percpu_wq] (root,0,0,00:00:00/08:16,17955) [kworker/1:1-events] (root,0,0,00:00:00/59:19,19079) [kworker/2:2-events] (root,6656,3488,00:00:00/00:01,20658) /bin/bash /usr/bin/check_mk_agent (root,13744,3460,00:00:00/00:00,20676) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,20677) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/30:30,30091) [kworker/3:0-mm_percpu_wq] (root,0,0,00:00:00/13:13,30660) [kworker/2:1-events] (root,35308,10028,00:00:00/24-13:11:53,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:21/24-13:11:52,30947) sshd: cm-ssh (root,0,0,00:00:00/30:14,32761) [kworker/1:2-mm_percpu_wq] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-11 22:47 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363eec00a40Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:58/60-12:16:11,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/60-12:16:11,2) [kthreadd] (root,0,0,00:00:00/60-12:16:11,3) [rcu_gp] (root,0,0,00:00:00/60-12:16:11,4) [rcu_par_gp] (root,0,0,00:00:00/60-12:16:11,5) [slub_flushwq] (root,0,0,00:00:00/60-12:16:11,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/60-12:16:11,9) [mm_percpu_wq] (root,0,0,00:00:00/60-12:16:11,10) [rcu_tasks_kthre] (root,0,0,00:00:00/60-12:16:11,11) [rcu_tasks_rude_] (root,0,0,00:00:00/60-12:16:11,12) [rcu_tasks_trace] (root,0,0,00:01:48/60-12:16:11,13) [ksoftirqd/0] (root,0,0,02:48:54/60-12:16:11,14) [rcu_preempt] (root,0,0,00:00:23/60-12:16:11,15) [migration/0] (root,0,0,00:00:00/60-12:16:11,16) [idle_inject/0] (root,0,0,00:00:00/60-12:16:11,18) [cpuhp/0] (root,0,0,00:00:00/60-12:16:11,19) [cpuhp/1] (root,0,0,00:00:00/60-12:16:11,20) [idle_inject/1] (root,0,0,00:00:23/60-12:16:11,21) [migration/1] (root,0,0,00:01:29/60-12:16:11,22) [ksoftirqd/1] (root,0,0,00:00:00/60-12:16:11,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/60-12:16:11,25) [cpuhp/2] (root,0,0,00:00:00/60-12:16:11,26) [idle_inject/2] (root,0,0,00:00:17/60-12:16:11,27) [migration/2] (root,0,0,01:49:26/60-12:16:11,28) [ksoftirqd/2] (root,0,0,00:00:00/60-12:16:11,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/60-12:16:11,31) [cpuhp/3] (root,0,0,00:00:00/60-12:16:11,32) [idle_inject/3] (root,0,0,00:00:21/60-12:16:11,33) [migration/3] (root,0,0,00:05:32/60-12:16:11,34) [ksoftirqd/3] (root,0,0,00:00:00/60-12:16:11,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/60-12:16:11,40) [kdevtmpfs] (root,0,0,00:00:00/60-12:16:11,41) [netns] (root,0,0,00:00:00/60-12:16:11,42) [inet_frag_wq] (root,0,0,00:00:21/60-12:16:11,43) [kauditd] (root,0,0,00:00:00/60-12:16:11,44) [khungtaskd] (root,0,0,00:00:00/60-12:16:11,45) [oom_reaper] (root,0,0,00:00:00/60-12:16:11,46) [writeback] (root,0,0,00:03:04/60-12:16:11,47) [kcompactd0] (root,0,0,00:00:00/60-12:16:11,48) [ksmd] (root,0,0,00:03:20/60-12:16:11,49) [khugepaged] (root,0,0,00:00:00/60-12:16:11,75) [kintegrityd] (root,0,0,00:00:00/60-12:16:11,76) [kblockd] (root,0,0,00:00:00/60-12:16:11,77) [blkcg_punt_bio] (root,0,0,00:00:00/60-12:16:11,79) [tpm_dev_wq] (root,0,0,00:00:00/60-12:16:11,80) [edac-poller] (root,0,0,00:00:00/60-12:16:11,81) [devfreq_wq] (root,0,0,00:00:00/60-12:16:11,110) [watchdogd] (root,0,0,00:00:04/60-12:16:11,111) [kswapd0] (root,0,0,00:00:15/60-12:16:11,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/60-12:16:09,115) [kthrotld] (root,0,0,00:00:00/60-12:16:09,116) [mld] (root,0,0,00:00:00/60-12:16:09,117) [ipv6_addrconf] (root,0,0,00:00:16/60-12:16:09,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/60-12:16:09,123) [kstrp] (root,0,0,00:00:00/60-12:16:09,124) [zswap-shrink] (root,0,0,00:00:00/60-12:16:09,125) [kworker/u9:0] (root,0,0,00:00:00/60-12:16:09,130) [charger_manager] (root,0,0,00:00:18/60-12:16:09,172) [kworker/1:1H-kblockd] (root,0,0,00:00:26/60-12:16:09,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/60-12:16:08,239) [kaluad] (root,0,0,00:00:00/60-12:16:08,258) [kmpath_rdacd] (root,0,0,00:00:00/60-12:16:08,304) [kmpathd] (root,0,0,00:00:00/60-12:16:08,305) [kmpath_handlerd] (root,0,0,00:00:00/60-12:16:07,342) [ata_sff] (root,0,0,00:00:00/60-12:16:07,343) [scsi_eh_0] (root,0,0,00:00:00/60-12:16:07,344) [scsi_tmf_0] (root,0,0,00:00:00/60-12:16:07,345) [scsi_eh_1] (root,0,0,00:00:00/60-12:16:07,346) [scsi_tmf_1] (root,0,0,00:01:56/60-12:16:04,366) [jbd2/vda1-8] (root,0,0,00:00:00/60-12:16:04,367) [ext4-rsv-conver] (root,38604,7852,00:01:43/60-12:15:52,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/60-12:15:51,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:33/60-12:15:49,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:37/60-12:15:18,511) /sbin/auditd (messagebus,22932,5400,00:03:23/60-12:15:17,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8260,00:01:55/60-12:15:17,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/60-12:15:17,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/60-12:15:15,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/60-12:15:15,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549384,31636,00:01:11/60-12:15:01,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/60-12:15:01,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:53/60-12:15:01,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/60-12:15:01,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/60-12:15:01,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/60-12:15:01,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/60-12:15:01,1343) /usr/lib/systemd/systemd --user (root,449060,8208,00:01:51/60-12:15:01,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:36/60-12:15:01,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/60-12:15:01,1352) bpfilter_umh (root,26204,8096,00:00:31/60-12:15:01,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/60-12:15:01,1359) ntpd: asynchronous dns resolver (spot,362096,213432,3-08:23:34/60-12:15:00,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/60-12:15:00,1371) (sd-pam) (checkmk,48528,3180,00:00:00/60-12:15:00,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/60-12:15:00,1373) (sd-pam) (root,24216,5260,00:00:21/60-12:14:58,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/60-12:14:58,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/60-12:14:58,1485) /usr/sbin/cron -n (root,699208,80092,01:23:39/60-12:14:52,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,235968,82036,00:31:03/60-12:14:40,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/54-17:50:15,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:40:48,4301) [kworker/u8:0-events_unbound] (root,0,0,00:00:00/07:05,7852) [kworker/3:1-ata_sff] (root,35304,10040,00:00:00/22-12:43:10,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:24/22-12:43:09,10514) sshd: syslogtunnel (root,0,0,00:00:00/34:51,12806) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/12:15,13124) [kworker/3:2-events] (root,0,0,00:00:00/12:03,14305) [kworker/0:1-events] (root,0,0,00:00:00/04:49,18201) [kworker/0:0-events] (root,0,0,00:00:00/04:39,18483) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/04:39,18484) [kworker/1:0-events] (postfix,24244,8276,00:00:00/01:26:48,18926) pickup -l -t fifo -u (root,0,0,00:00:00/16:49,22406) [kworker/1:2-events] (root,0,0,00:00:00/02:35,24659) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/50:00,25987) [kworker/1:1-cgroup_destroy] (root,0,0,00:00:00/01:52,26595) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:04:15,29474) [kworker/0:2-rcu_gp] (root,35308,10028,00:00:00/22-13:29:23,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:15/22-13:29:22,30947) sshd: cm-ssh (root,6656,3476,00:00:00/00:00,31389) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,31407) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,31408) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/38:09,32105) [kworker/2:1-events] (root,0,0,00:00:00/01:30:16,32443) [kworker/2:0-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-09 23:04 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836346284281Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:49/58-12:06:48,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/58-12:06:48,2) [kthreadd] (root,0,0,00:00:00/58-12:06:48,3) [rcu_gp] (root,0,0,00:00:00/58-12:06:48,4) [rcu_par_gp] (root,0,0,00:00:00/58-12:06:48,5) [slub_flushwq] (root,0,0,00:00:00/58-12:06:48,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/58-12:06:48,9) [mm_percpu_wq] (root,0,0,00:00:00/58-12:06:48,10) [rcu_tasks_kthre] (root,0,0,00:00:00/58-12:06:48,11) [rcu_tasks_rude_] (root,0,0,00:00:00/58-12:06:48,12) [rcu_tasks_trace] (root,0,0,00:01:44/58-12:06:48,13) [ksoftirqd/0] (root,0,0,02:43:40/58-12:06:48,14) [rcu_preempt] (root,0,0,00:00:22/58-12:06:48,15) [migration/0] (root,0,0,00:00:00/58-12:06:48,16) [idle_inject/0] (root,0,0,00:00:00/58-12:06:48,18) [cpuhp/0] (root,0,0,00:00:00/58-12:06:48,19) [cpuhp/1] (root,0,0,00:00:00/58-12:06:48,20) [idle_inject/1] (root,0,0,00:00:22/58-12:06:48,21) [migration/1] (root,0,0,00:01:26/58-12:06:48,22) [ksoftirqd/1] (root,0,0,00:00:00/58-12:06:48,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/58-12:06:48,25) [cpuhp/2] (root,0,0,00:00:00/58-12:06:48,26) [idle_inject/2] (root,0,0,00:00:16/58-12:06:48,27) [migration/2] (root,0,0,01:44:28/58-12:06:48,28) [ksoftirqd/2] (root,0,0,00:00:00/58-12:06:48,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/58-12:06:48,31) [cpuhp/3] (root,0,0,00:00:00/58-12:06:48,32) [idle_inject/3] (root,0,0,00:00:20/58-12:06:48,33) [migration/3] (root,0,0,00:05:20/58-12:06:48,34) [ksoftirqd/3] (root,0,0,00:00:00/58-12:06:48,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/58-12:06:48,40) [kdevtmpfs] (root,0,0,00:00:00/58-12:06:48,41) [netns] (root,0,0,00:00:00/58-12:06:48,42) [inet_frag_wq] (root,0,0,00:00:20/58-12:06:48,43) [kauditd] (root,0,0,00:00:00/58-12:06:48,44) [khungtaskd] (root,0,0,00:00:00/58-12:06:48,45) [oom_reaper] (root,0,0,00:00:00/58-12:06:48,46) [writeback] (root,0,0,00:02:59/58-12:06:48,47) [kcompactd0] (root,0,0,00:00:00/58-12:06:48,48) [ksmd] (root,0,0,00:03:14/58-12:06:48,49) [khugepaged] (root,0,0,00:00:00/58-12:06:48,75) [kintegrityd] (root,0,0,00:00:00/58-12:06:48,76) [kblockd] (root,0,0,00:00:00/58-12:06:48,77) [blkcg_punt_bio] (root,0,0,00:00:00/58-12:06:48,79) [tpm_dev_wq] (root,0,0,00:00:00/58-12:06:48,80) [edac-poller] (root,0,0,00:00:00/58-12:06:48,81) [devfreq_wq] (root,0,0,00:00:00/58-12:06:48,110) [watchdogd] (root,0,0,00:00:04/58-12:06:48,111) [kswapd0] (root,0,0,00:00:15/58-12:06:48,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/58-12:06:46,115) [kthrotld] (root,0,0,00:00:00/58-12:06:46,116) [mld] (root,0,0,00:00:00/58-12:06:46,117) [ipv6_addrconf] (root,0,0,00:00:16/58-12:06:46,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/58-12:06:46,123) [kstrp] (root,0,0,00:00:00/58-12:06:46,124) [zswap-shrink] (root,0,0,00:00:00/58-12:06:46,125) [kworker/u9:0] (root,0,0,00:00:00/58-12:06:46,130) [charger_manager] (root,0,0,00:00:17/58-12:06:46,172) [kworker/1:1H-kblockd] (root,0,0,00:00:25/58-12:06:46,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/58-12:06:45,239) [kaluad] (root,0,0,00:00:00/58-12:06:45,258) [kmpath_rdacd] (root,0,0,00:00:00/58-12:06:45,304) [kmpathd] (root,0,0,00:00:00/58-12:06:45,305) [kmpath_handlerd] (root,0,0,00:00:00/58-12:06:44,342) [ata_sff] (root,0,0,00:00:00/58-12:06:44,343) [scsi_eh_0] (root,0,0,00:00:00/58-12:06:44,344) [scsi_tmf_0] (root,0,0,00:00:00/58-12:06:44,345) [scsi_eh_1] (root,0,0,00:00:00/58-12:06:44,346) [scsi_tmf_1] (root,0,0,00:01:52/58-12:06:41,366) [jbd2/vda1-8] (root,0,0,00:00:00/58-12:06:41,367) [ext4-rsv-conver] (root,38604,7852,00:01:38/58-12:06:29,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/58-12:06:28,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:30/58-12:06:26,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:35/58-12:05:55,511) /sbin/auditd (messagebus,22932,5400,00:03:12/58-12:05:54,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:48/58-12:05:54,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/58-12:05:54,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/58-12:05:52,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/58-12:05:52,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/03:44:59,1178) [kworker/u8:1-ext4-rsv-conversion] (root,549128,31272,00:01:09/58-12:05:38,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/58-12:05:38,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:42/58-12:05:38,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/58-12:05:38,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/58-12:05:38,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/58-12:05:38,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/58-12:05:38,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:47/58-12:05:38,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:20/58-12:05:38,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/58-12:05:38,1352) bpfilter_umh (root,26204,8096,00:00:30/58-12:05:38,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/58-12:05:38,1359) ntpd: asynchronous dns resolver (spot,363392,214496,3-05:17:52/58-12:05:37,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/58-12:05:37,1371) (sd-pam) (checkmk,48528,3180,00:00:00/58-12:05:37,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/58-12:05:37,1373) (sd-pam) (root,24216,5260,00:00:20/58-12:05:35,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/58-12:05:35,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/58-12:05:35,1485) /usr/sbin/cron -n (root,698952,79684,01:20:55/58-12:05:29,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,234944,80360,00:30:15/58-12:05:17,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/52-17:40:52,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/03:44,3002) [kworker/3:2-ata_sff] (root,0,0,00:00:00/36:28,9540) [kworker/0:0-cgroup_destroy] (root,35304,10040,00:00:00/20-12:33:47,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:16/20-12:33:46,10514) sshd: syslogtunnel (root,0,0,00:00:00/08:55,14226) [kworker/3:0-ata_sff] (root,0,0,00:00:00/08:48,14847) [kworker/2:0-events] (root,0,0,00:00:00/01:29:24,16568) [kworker/2:2-events] (root,6656,3488,00:00:00/00:00,17894) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,17899) /bin/bash /usr/bin/check_mk_agent (root,13744,3464,00:00:00/00:00,17934) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,17935) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/52:38,18323) [kworker/1:0-events] (root,0,0,00:00:00/01:17:22,22600) [kworker/u8:0-writeback] (root,0,0,00:00:00/01:08:46,26097) [kworker/0:2-events] (root,0,0,00:00:00/27:16,26874) [kworker/1:1-cgroup_destroy] (root,35308,10028,00:00:00/20-13:20:00,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:09/20-13:19:59,30947) sshd: cm-ssh (root,0,0,00:00:00/14:05,31562) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-07 22:55 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d8ab8a28Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12464,00:02:18/47-11:38:25,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/47-11:38:25,2) [kthreadd] (root,0,0,00:00:00/47-11:38:25,3) [rcu_gp] (root,0,0,00:00:00/47-11:38:25,4) [rcu_par_gp] (root,0,0,00:00:00/47-11:38:25,5) [slub_flushwq] (root,0,0,00:00:00/47-11:38:25,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/47-11:38:25,9) [mm_percpu_wq] (root,0,0,00:00:00/47-11:38:25,10) [rcu_tasks_kthre] (root,0,0,00:00:00/47-11:38:25,11) [rcu_tasks_rude_] (root,0,0,00:00:00/47-11:38:25,12) [rcu_tasks_trace] (root,0,0,00:01:26/47-11:38:25,13) [ksoftirqd/0] (root,0,0,02:15:38/47-11:38:25,14) [rcu_preempt] (root,0,0,00:00:18/47-11:38:25,15) [migration/0] (root,0,0,00:00:00/47-11:38:25,16) [idle_inject/0] (root,0,0,00:00:00/47-11:38:25,18) [cpuhp/0] (root,0,0,00:00:00/47-11:38:25,19) [cpuhp/1] (root,0,0,00:00:00/47-11:38:25,20) [idle_inject/1] (root,0,0,00:00:18/47-11:38:25,21) [migration/1] (root,0,0,00:01:10/47-11:38:25,22) [ksoftirqd/1] (root,0,0,00:00:00/47-11:38:25,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/47-11:38:25,25) [cpuhp/2] (root,0,0,00:00:00/47-11:38:25,26) [idle_inject/2] (root,0,0,00:00:13/47-11:38:25,27) [migration/2] (root,0,0,01:27:32/47-11:38:25,28) [ksoftirqd/2] (root,0,0,00:00:00/47-11:38:25,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/47-11:38:25,31) [cpuhp/3] (root,0,0,00:00:00/47-11:38:25,32) [idle_inject/3] (root,0,0,00:00:17/47-11:38:25,33) [migration/3] (root,0,0,00:04:30/47-11:38:25,34) [ksoftirqd/3] (root,0,0,00:00:00/47-11:38:25,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/47-11:38:25,40) [kdevtmpfs] (root,0,0,00:00:00/47-11:38:25,41) [netns] (root,0,0,00:00:00/47-11:38:25,42) [inet_frag_wq] (root,0,0,00:00:16/47-11:38:25,43) [kauditd] (root,0,0,00:00:00/47-11:38:25,44) [khungtaskd] (root,0,0,00:00:00/47-11:38:25,45) [oom_reaper] (root,0,0,00:00:00/47-11:38:25,46) [writeback] (root,0,0,00:02:28/47-11:38:25,47) [kcompactd0] (root,0,0,00:00:00/47-11:38:25,48) [ksmd] (root,0,0,00:02:37/47-11:38:25,49) [khugepaged] (root,0,0,00:00:00/47-11:38:25,75) [kintegrityd] (root,0,0,00:00:00/47-11:38:25,76) [kblockd] (root,0,0,00:00:00/47-11:38:25,77) [blkcg_punt_bio] (root,0,0,00:00:00/47-11:38:25,79) [tpm_dev_wq] (root,0,0,00:00:00/47-11:38:25,80) [edac-poller] (root,0,0,00:00:00/47-11:38:25,81) [devfreq_wq] (root,0,0,00:00:00/47-11:38:25,110) [watchdogd] (root,0,0,00:00:03/47-11:38:25,111) [kswapd0] (root,0,0,00:00:12/47-11:38:25,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/47-11:38:23,115) [kthrotld] (root,0,0,00:00:00/47-11:38:23,116) [mld] (root,0,0,00:00:00/47-11:38:23,117) [ipv6_addrconf] (root,0,0,00:00:13/47-11:38:23,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/47-11:38:23,123) [kstrp] (root,0,0,00:00:00/47-11:38:23,124) [zswap-shrink] (root,0,0,00:00:00/47-11:38:23,125) [kworker/u9:0] (root,0,0,00:00:00/47-11:38:23,130) [charger_manager] (root,0,0,00:00:14/47-11:38:23,172) [kworker/1:1H-kblockd] (root,0,0,00:00:21/47-11:38:23,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/47-11:38:22,239) [kaluad] (root,0,0,00:00:00/47-11:38:22,258) [kmpath_rdacd] (root,0,0,00:00:00/47-11:38:22,304) [kmpathd] (root,0,0,00:00:00/47-11:38:22,305) [kmpath_handlerd] (root,0,0,00:00:00/47-11:38:21,342) [ata_sff] (root,0,0,00:00:00/47-11:38:21,343) [scsi_eh_0] (root,0,0,00:00:00/47-11:38:21,344) [scsi_tmf_0] (root,0,0,00:00:00/47-11:38:21,345) [scsi_eh_1] (root,0,0,00:00:00/47-11:38:21,346) [scsi_tmf_1] (root,0,0,00:01:34/47-11:38:18,366) [jbd2/vda1-8] (root,0,0,00:00:00/47-11:38:18,367) [ext4-rsv-conver] (root,38604,7856,00:01:20/47-11:38:06,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/47-11:38:05,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:14/47-11:38:03,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:28/47-11:37:32,511) /sbin/auditd (messagebus,22932,5408,00:02:36/47-11:37:31,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:28/47-11:37:31,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/47-11:37:31,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/47-11:37:29,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/47-11:37:29,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:56/47-11:37:15,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/47-11:37:15,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:43/47-11:37:15,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/47-11:37:15,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/47-11:37:15,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/47-11:37:15,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/47-11:37:15,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:30/47-11:37:15,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:52/47-11:37:15,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/47-11:37:15,1352) bpfilter_umh (root,26204,8096,00:00:24/47-11:37:15,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/47-11:37:15,1359) ntpd: asynchronous dns resolver (spot,361520,212116,2-16:36:36/47-11:37:14,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/47-11:37:14,1371) (sd-pam) (checkmk,48528,3180,00:00:00/47-11:37:14,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/47-11:37:14,1373) (sd-pam) (root,24216,5260,00:00:16/47-11:37:12,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/47-11:37:12,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/47-11:37:12,1485) /usr/sbin/cron -n (root,697508,79208,01:06:01/47-11:37:06,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,229824,73024,00:25:43/47-11:36:54,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/41-17:12:29,2557) tlsmgr -l -t unix -u (root,6656,3488,00:00:00/00:00,7138) /bin/bash /usr/bin/check_mk_agent (root,13744,3364,00:00:00/00:00,7156) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,7157) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35304,10040,00:00:00/9-12:05:24,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:37/9-12:05:23,10514) sshd: syslogtunnel (root,0,0,00:00:00/08:27,10795) [kworker/3:1-ata_sff] (root,0,0,00:00:00/55:07,11812) [kworker/3:0-events] (root,0,0,00:00:00/02:30:54,13061) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/07:36,13442) [kworker/2:0-events] (root,0,0,00:00:00/02:16:00,14515) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/07:02,14895) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/02:06:16,15451) [kworker/1:1-events] (root,0,0,00:00:00/01:56:25,15985) [kworker/2:1-mm_percpu_wq] (root,0,0,00:00:00/01:31:42,18521) [kworker/1:0] (root,0,0,00:00:00/03:14,28185) [kworker/3:2-ata_sff] (root,0,0,00:00:00/05:48:44,29068) [kworker/0:0-events] (root,35308,10028,00:00:00/9-12:51:37,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:34/9-12:51:36,30947) sshd: cm-ssh (postfix,24244,8200,00:00:00/39:22,32130) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-27 22:27 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836383dbd843Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12460,00:02:13/45-12:38:25,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/45-12:38:25,2) [kthreadd] (root,0,0,00:00:00/45-12:38:25,3) [rcu_gp] (root,0,0,00:00:00/45-12:38:25,4) [rcu_par_gp] (root,0,0,00:00:00/45-12:38:25,5) [slub_flushwq] (root,0,0,00:00:00/45-12:38:25,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/45-12:38:25,9) [mm_percpu_wq] (root,0,0,00:00:00/45-12:38:25,10) [rcu_tasks_kthre] (root,0,0,00:00:00/45-12:38:25,11) [rcu_tasks_rude_] (root,0,0,00:00:00/45-12:38:25,12) [rcu_tasks_trace] (root,0,0,00:01:23/45-12:38:25,13) [ksoftirqd/0] (root,0,0,02:10:34/45-12:38:25,14) [rcu_preempt] (root,0,0,00:00:17/45-12:38:25,15) [migration/0] (root,0,0,00:00:00/45-12:38:25,16) [idle_inject/0] (root,0,0,00:00:00/45-12:38:25,18) [cpuhp/0] (root,0,0,00:00:00/45-12:38:25,19) [cpuhp/1] (root,0,0,00:00:00/45-12:38:25,20) [idle_inject/1] (root,0,0,00:00:17/45-12:38:25,21) [migration/1] (root,0,0,00:01:08/45-12:38:25,22) [ksoftirqd/1] (root,0,0,00:00:00/45-12:38:25,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/45-12:38:25,25) [cpuhp/2] (root,0,0,00:00:00/45-12:38:25,26) [idle_inject/2] (root,0,0,00:00:13/45-12:38:25,27) [migration/2] (root,0,0,01:25:13/45-12:38:25,28) [ksoftirqd/2] (root,0,0,00:00:00/45-12:38:25,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/45-12:38:25,31) [cpuhp/3] (root,0,0,00:00:00/45-12:38:25,32) [idle_inject/3] (root,0,0,00:00:16/45-12:38:25,33) [migration/3] (root,0,0,00:04:21/45-12:38:25,34) [ksoftirqd/3] (root,0,0,00:00:00/45-12:38:25,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/45-12:38:25,40) [kdevtmpfs] (root,0,0,00:00:00/45-12:38:25,41) [netns] (root,0,0,00:00:00/45-12:38:25,42) [inet_frag_wq] (root,0,0,00:00:16/45-12:38:25,43) [kauditd] (root,0,0,00:00:00/45-12:38:25,44) [khungtaskd] (root,0,0,00:00:00/45-12:38:25,45) [oom_reaper] (root,0,0,00:00:00/45-12:38:25,46) [writeback] (root,0,0,00:02:23/45-12:38:25,47) [kcompactd0] (root,0,0,00:00:00/45-12:38:25,48) [ksmd] (root,0,0,00:02:30/45-12:38:25,49) [khugepaged] (root,0,0,00:00:00/45-12:38:25,75) [kintegrityd] (root,0,0,00:00:00/45-12:38:25,76) [kblockd] (root,0,0,00:00:00/45-12:38:25,77) [blkcg_punt_bio] (root,0,0,00:00:00/45-12:38:25,79) [tpm_dev_wq] (root,0,0,00:00:00/45-12:38:25,80) [edac-poller] (root,0,0,00:00:00/45-12:38:25,81) [devfreq_wq] (root,0,0,00:00:00/45-12:38:25,110) [watchdogd] (root,0,0,00:00:03/45-12:38:25,111) [kswapd0] (root,0,0,00:00:12/45-12:38:25,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/45-12:38:23,115) [kthrotld] (root,0,0,00:00:00/45-12:38:23,116) [mld] (root,0,0,00:00:00/45-12:38:23,117) [ipv6_addrconf] (root,0,0,00:00:12/45-12:38:23,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/45-12:38:23,123) [kstrp] (root,0,0,00:00:00/45-12:38:23,124) [zswap-shrink] (root,0,0,00:00:00/45-12:38:23,125) [kworker/u9:0] (root,0,0,00:00:00/45-12:38:23,130) [charger_manager] (root,0,0,00:00:14/45-12:38:23,172) [kworker/1:1H-kblockd] (root,0,0,00:00:20/45-12:38:23,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/45-12:38:22,239) [kaluad] (root,0,0,00:00:00/45-12:38:22,258) [kmpath_rdacd] (root,0,0,00:00:00/45-12:38:22,304) [kmpathd] (root,0,0,00:00:00/45-12:38:22,305) [kmpath_handlerd] (root,0,0,00:00:00/45-12:38:21,342) [ata_sff] (root,0,0,00:00:00/45-12:38:21,343) [scsi_eh_0] (root,0,0,00:00:00/45-12:38:21,344) [scsi_tmf_0] (root,0,0,00:00:00/45-12:38:21,345) [scsi_eh_1] (root,0,0,00:00:00/45-12:38:21,346) [scsi_tmf_1] (root,0,0,00:01:30/45-12:38:18,366) [jbd2/vda1-8] (root,0,0,00:00:00/45-12:38:18,367) [ext4-rsv-conver] (root,38604,7856,00:01:17/45-12:38:06,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/45-12:38:05,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:11/45-12:38:03,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:27/45-12:37:32,511) /sbin/auditd (messagebus,22932,5408,00:02:30/45-12:37:31,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:25/45-12:37:31,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/45-12:37:31,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/45-12:37:29,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/45-12:37:29,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:54/45-12:37:15,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/45-12:37:15,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:34/45-12:37:15,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/45-12:37:15,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/45-12:37:15,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/45-12:37:15,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/45-12:37:15,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:28/45-12:37:15,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:36/45-12:37:15,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/45-12:37:15,1352) bpfilter_umh (root,26204,8096,00:00:23/45-12:37:15,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/45-12:37:15,1359) ntpd: asynchronous dns resolver (spot,361680,206100,2-14:32:06/45-12:37:14,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/45-12:37:14,1371) (sd-pam) (checkmk,48528,3180,00:00:00/45-12:37:14,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/45-12:37:14,1373) (sd-pam) (root,24216,5260,00:00:16/45-12:37:12,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/45-12:37:12,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/45-12:37:12,1485) /usr/sbin/cron -n (root,697508,76836,01:03:21/45-12:37:06,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,228800,71512,00:24:48/45-12:36:54,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/36:36,2530) [kworker/u8:2-flush-253:0] (postfix,44628,9184,00:00:01/39-18:12:29,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/06:20,2565) [kworker/0:0] (root,0,0,00:00:00/01:52:01,7467) [kworker/1:1-events] (postfix,24244,8216,00:00:00/21:14,9742) pickup -l -t fifo -u (root,0,0,00:00:00/51:33,9975) [kworker/2:2-events] (root,35304,10040,00:00:00/7-13:05:24,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:30/7-13:05:23,10514) sshd: syslogtunnel (root,0,0,00:00:00/01:06:36,13466) [kworker/1:2] (root,0,0,00:00:00/03:21,19917) [kworker/u8:0] (root,0,0,00:00:01/03:27:41,23049) [kworker/0:2-events] (root,0,0,00:00:00/01:34,24133) [kworker/3:2-ata_sff] (root,6656,3476,00:00:00/00:00,29129) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,29147) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,29148) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/16:14,30660) [kworker/2:1-events] (root,35308,10028,00:00:00/7-13:51:37,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:27/7-13:51:36,30947) sshd: cm-ssh (root,0,0,00:00:01/01:24:35,31141) [kworker/3:0-events] (root,0,0,00:00:00/02:37:11,32405) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/06:46,32470) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-25 23:27 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683634893bdb0Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:08/43-12:24:25,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/43-12:24:25,2) [kthreadd] (root,0,0,00:00:00/43-12:24:25,3) [rcu_gp] (root,0,0,00:00:00/43-12:24:25,4) [rcu_par_gp] (root,0,0,00:00:00/43-12:24:25,5) [slub_flushwq] (root,0,0,00:00:00/43-12:24:25,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/43-12:24:25,9) [mm_percpu_wq] (root,0,0,00:00:00/43-12:24:25,10) [rcu_tasks_kthre] (root,0,0,00:00:00/43-12:24:25,11) [rcu_tasks_rude_] (root,0,0,00:00:00/43-12:24:25,12) [rcu_tasks_trace] (root,0,0,00:01:19/43-12:24:25,13) [ksoftirqd/0] (root,0,0,02:05:03/43-12:24:25,14) [rcu_preempt] (root,0,0,00:00:16/43-12:24:25,15) [migration/0] (root,0,0,00:00:00/43-12:24:25,16) [idle_inject/0] (root,0,0,00:00:00/43-12:24:25,18) [cpuhp/0] (root,0,0,00:00:00/43-12:24:25,19) [cpuhp/1] (root,0,0,00:00:00/43-12:24:25,20) [idle_inject/1] (root,0,0,00:00:16/43-12:24:25,21) [migration/1] (root,0,0,00:01:05/43-12:24:25,22) [ksoftirqd/1] (root,0,0,00:00:00/43-12:24:25,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/43-12:24:25,25) [cpuhp/2] (root,0,0,00:00:00/43-12:24:25,26) [idle_inject/2] (root,0,0,00:00:12/43-12:24:25,27) [migration/2] (root,0,0,01:22:23/43-12:24:25,28) [ksoftirqd/2] (root,0,0,00:00:00/43-12:24:25,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/43-12:24:25,31) [cpuhp/3] (root,0,0,00:00:00/43-12:24:25,32) [idle_inject/3] (root,0,0,00:00:15/43-12:24:25,33) [migration/3] (root,0,0,00:04:12/43-12:24:25,34) [ksoftirqd/3] (root,0,0,00:00:00/43-12:24:25,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/43-12:24:25,40) [kdevtmpfs] (root,0,0,00:00:00/43-12:24:25,41) [netns] (root,0,0,00:00:00/43-12:24:25,42) [inet_frag_wq] (root,0,0,00:00:15/43-12:24:25,43) [kauditd] (root,0,0,00:00:00/43-12:24:25,44) [khungtaskd] (root,0,0,00:00:00/43-12:24:25,45) [oom_reaper] (root,0,0,00:00:00/43-12:24:25,46) [writeback] (root,0,0,00:02:17/43-12:24:25,47) [kcompactd0] (root,0,0,00:00:00/43-12:24:25,48) [ksmd] (root,0,0,00:02:24/43-12:24:25,49) [khugepaged] (root,0,0,00:00:00/43-12:24:25,75) [kintegrityd] (root,0,0,00:00:00/43-12:24:25,76) [kblockd] (root,0,0,00:00:00/43-12:24:25,77) [blkcg_punt_bio] (root,0,0,00:00:00/43-12:24:25,79) [tpm_dev_wq] (root,0,0,00:00:00/43-12:24:25,80) [edac-poller] (root,0,0,00:00:00/43-12:24:25,81) [devfreq_wq] (root,0,0,00:00:00/43-12:24:25,110) [watchdogd] (root,0,0,00:00:03/43-12:24:25,111) [kswapd0] (root,0,0,00:00:11/43-12:24:25,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/43-12:24:23,115) [kthrotld] (root,0,0,00:00:00/43-12:24:23,116) [mld] (root,0,0,00:00:00/43-12:24:23,117) [ipv6_addrconf] (root,0,0,00:00:12/43-12:24:23,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/43-12:24:23,123) [kstrp] (root,0,0,00:00:00/43-12:24:23,124) [zswap-shrink] (root,0,0,00:00:00/43-12:24:23,125) [kworker/u9:0] (root,0,0,00:00:00/43-12:24:23,130) [charger_manager] (root,0,0,00:00:13/43-12:24:23,172) [kworker/1:1H-kblockd] (root,0,0,00:00:19/43-12:24:23,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/43-12:24:22,239) [kaluad] (root,0,0,00:00:00/43-12:24:22,258) [kmpath_rdacd] (root,0,0,00:00:00/43-12:24:22,304) [kmpathd] (root,0,0,00:00:00/43-12:24:22,305) [kmpath_handlerd] (root,0,0,00:00:00/43-12:24:21,342) [ata_sff] (root,0,0,00:00:00/43-12:24:21,343) [scsi_eh_0] (root,0,0,00:00:00/43-12:24:21,344) [scsi_tmf_0] (root,0,0,00:00:00/43-12:24:21,345) [scsi_eh_1] (root,0,0,00:00:00/43-12:24:21,346) [scsi_tmf_1] (root,0,0,00:01:27/43-12:24:18,366) [jbd2/vda1-8] (root,0,0,00:00:00/43-12:24:18,367) [ext4-rsv-conver] (root,38604,7856,00:01:15/43-12:24:06,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/43-12:24:05,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:08/43-12:24:03,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:26/43-12:23:32,511) /sbin/auditd (messagebus,22932,5408,00:02:24/43-12:23:31,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:22/43-12:23:31,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/43-12:23:31,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/43-12:23:29,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/43-12:23:29,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:51/43-12:23:15,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/43-12:23:15,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:21/43-12:23:15,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/43-12:23:15,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/43-12:23:15,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/43-12:23:15,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/43-12:23:15,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:25/43-12:23:15,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:19/43-12:23:15,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/43-12:23:15,1352) bpfilter_umh (root,26204,8096,00:00:22/43-12:23:15,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/43-12:23:15,1359) ntpd: asynchronous dns resolver (spot,361920,206160,2-12:16:15/43-12:23:14,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/43-12:23:14,1371) (sd-pam) (checkmk,48528,3180,00:00:00/43-12:23:14,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/43-12:23:14,1373) (sd-pam) (root,24216,5260,00:00:15/43-12:23:12,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/43-12:23:12,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/43-12:23:12,1485) /usr/sbin/cron -n (root,697508,76760,01:00:32/43-12:23:06,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/07:49,1893) [kworker/3:1-ata_sff] (spot,227776,70172,00:23:49/43-12:22:54,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/37-17:58:29,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/06:53,3265) [kworker/2:2-events] (root,0,0,00:00:00/01:55:43,8260) [kworker/0:1] (root,35304,10040,00:00:00/5-12:51:24,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:22/5-12:51:23,10514) sshd: syslogtunnel (root,0,0,00:00:00/16:51,11196) [kworker/2:1-events] (root,0,0,00:00:00/02:15:12,12041) [kworker/1:0-events] (root,0,0,00:00:01/03:18:38,13819) [kworker/0:2-events] (root,0,0,00:00:00/02:37,14354) [kworker/3:2-ata_sff] (root,0,0,00:00:00/12:37,19317) [kworker/u8:2-writeback] (root,0,0,00:00:00/02:05:25,21552) [kworker/1:1] (postfix,24244,8252,00:00:00/28:57,22335) pickup -l -t fifo -u (root,6656,3488,00:00:00/00:00,22427) /bin/bash /usr/bin/check_mk_agent (root,13744,3460,00:00:00/00:00,22445) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,22446) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/28:04,23914) [kworker/u8:0-flush-253:0] (root,0,0,00:00:01/01:25:39,30519) [kworker/3:0-events] (root,35308,10028,00:00:00/5-13:37:37,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:20/5-13:37:36,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-23 23:13 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363bc4558acFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:03/41-12:19:47,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/41-12:19:47,2) [kthreadd] (root,0,0,00:00:00/41-12:19:47,3) [rcu_gp] (root,0,0,00:00:00/41-12:19:47,4) [rcu_par_gp] (root,0,0,00:00:00/41-12:19:47,5) [slub_flushwq] (root,0,0,00:00:00/41-12:19:47,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/41-12:19:47,9) [mm_percpu_wq] (root,0,0,00:00:00/41-12:19:47,10) [rcu_tasks_kthre] (root,0,0,00:00:00/41-12:19:47,11) [rcu_tasks_rude_] (root,0,0,00:00:00/41-12:19:47,12) [rcu_tasks_trace] (root,0,0,00:01:15/41-12:19:47,13) [ksoftirqd/0] (root,0,0,01:59:09/41-12:19:47,14) [rcu_preempt] (root,0,0,00:00:15/41-12:19:47,15) [migration/0] (root,0,0,00:00:00/41-12:19:47,16) [idle_inject/0] (root,0,0,00:00:00/41-12:19:47,18) [cpuhp/0] (root,0,0,00:00:00/41-12:19:47,19) [cpuhp/1] (root,0,0,00:00:00/41-12:19:47,20) [idle_inject/1] (root,0,0,00:00:16/41-12:19:47,21) [migration/1] (root,0,0,00:01:02/41-12:19:47,22) [ksoftirqd/1] (root,0,0,00:00:00/41-12:19:47,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/41-12:19:47,25) [cpuhp/2] (root,0,0,00:00:00/41-12:19:47,26) [idle_inject/2] (root,0,0,00:00:12/41-12:19:47,27) [migration/2] (root,0,0,01:18:24/41-12:19:47,28) [ksoftirqd/2] (root,0,0,00:00:00/41-12:19:47,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/41-12:19:47,31) [cpuhp/3] (root,0,0,00:00:00/41-12:19:47,32) [idle_inject/3] (root,0,0,00:00:15/41-12:19:47,33) [migration/3] (root,0,0,00:03:59/41-12:19:47,34) [ksoftirqd/3] (root,0,0,00:00:00/41-12:19:47,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/41-12:19:47,40) [kdevtmpfs] (root,0,0,00:00:00/41-12:19:47,41) [netns] (root,0,0,00:00:00/41-12:19:47,42) [inet_frag_wq] (root,0,0,00:00:14/41-12:19:47,43) [kauditd] (root,0,0,00:00:00/41-12:19:47,44) [khungtaskd] (root,0,0,00:00:00/41-12:19:47,45) [oom_reaper] (root,0,0,00:00:00/41-12:19:47,46) [writeback] (root,0,0,00:02:11/41-12:19:47,47) [kcompactd0] (root,0,0,00:00:00/41-12:19:47,48) [ksmd] (root,0,0,00:02:16/41-12:19:47,49) [khugepaged] (root,0,0,00:00:00/41-12:19:47,75) [kintegrityd] (root,0,0,00:00:00/41-12:19:47,76) [kblockd] (root,0,0,00:00:00/41-12:19:47,77) [blkcg_punt_bio] (root,0,0,00:00:00/41-12:19:47,79) [tpm_dev_wq] (root,0,0,00:00:00/41-12:19:47,80) [edac-poller] (root,0,0,00:00:00/41-12:19:47,81) [devfreq_wq] (root,0,0,00:00:00/41-12:19:47,110) [watchdogd] (root,0,0,00:00:03/41-12:19:47,111) [kswapd0] (root,0,0,00:00:11/41-12:19:47,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/41-12:19:45,115) [kthrotld] (root,0,0,00:00:00/41-12:19:45,116) [mld] (root,0,0,00:00:00/41-12:19:45,117) [ipv6_addrconf] (root,0,0,00:00:11/41-12:19:45,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/41-12:19:45,123) [kstrp] (root,0,0,00:00:00/41-12:19:45,124) [zswap-shrink] (root,0,0,00:00:00/41-12:19:45,125) [kworker/u9:0] (root,0,0,00:00:00/41-12:19:45,130) [charger_manager] (root,0,0,00:00:12/41-12:19:45,172) [kworker/1:1H-kblockd] (root,0,0,00:00:18/41-12:19:45,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/41-12:19:44,239) [kaluad] (root,0,0,00:00:00/41-12:19:44,258) [kmpath_rdacd] (root,0,0,00:00:00/41-12:19:44,304) [kmpathd] (root,0,0,00:00:00/41-12:19:44,305) [kmpath_handlerd] (root,0,0,00:00:00/41-12:19:43,342) [ata_sff] (root,0,0,00:00:00/41-12:19:43,343) [scsi_eh_0] (root,0,0,00:00:00/41-12:19:43,344) [scsi_tmf_0] (root,0,0,00:00:00/41-12:19:43,345) [scsi_eh_1] (root,0,0,00:00:00/41-12:19:43,346) [scsi_tmf_1] (root,0,0,00:01:23/41-12:19:40,366) [jbd2/vda1-8] (root,0,0,00:00:00/41-12:19:40,367) [ext4-rsv-conver] (root,38604,7856,00:01:12/41-12:19:28,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:04/41-12:19:27,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:05/41-12:19:25,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:25/41-12:18:54,511) /sbin/auditd (messagebus,22932,5408,00:02:18/41-12:18:53,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:18/41-12:18:53,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/41-12:18:53,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/41-12:18:51,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/41-12:18:51,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30208,00:00:49/41-12:18:37,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/41-12:18:37,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:09/41-12:18:37,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/41-12:18:37,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/41-12:18:37,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/41-12:18:37,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/41-12:18:37,1343) /usr/lib/systemd/systemd --user (root,449060,8448,00:01:22/41-12:18:37,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:01/41-12:18:37,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/41-12:18:37,1352) bpfilter_umh (root,26204,8096,00:00:21/41-12:18:37,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/41-12:18:37,1359) ntpd: asynchronous dns resolver (spot,361824,206136,2-09:28:50/41-12:18:36,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/41-12:18:36,1371) (sd-pam) (checkmk,48528,3180,00:00:00/41-12:18:36,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/41-12:18:36,1373) (sd-pam) (root,24216,5260,00:00:14/41-12:18:34,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/41-12:18:34,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/41-12:18:34,1485) /usr/sbin/cron -n (root,697108,78384,00:57:41/41-12:18:28,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,226752,68932,00:22:48/41-12:18:16,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/35-17:53:51,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:07:23,3309) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/13:02,8034) [kworker/3:1-events] (root,0,0,00:00:00/04:10,8459) [kworker/1:0] (root,0,0,00:00:00/03:46,8460) [kworker/u8:1-writeback] (root,0,0,00:00:00/02:39,10296) [kworker/3:0-ata_sff] (root,35304,10040,00:00:00/3-12:46:46,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:14/3-12:46:45,10514) sshd: syslogtunnel (postfix,24244,8308,00:00:00/46:16,11997) pickup -l -t fifo -u (root,0,0,00:00:00/28:08,15423) [kworker/u8:0] (root,0,0,00:00:00/28:08,15424) [kworker/0:2-events] (root,0,0,00:00:01/09:44:27,16954) [kworker/2:1-events] (root,0,0,00:00:01/02:23:29,18031) [kworker/1:2-events] (root,6656,3484,00:00:00/00:00,18776) /bin/bash /usr/bin/check_mk_agent (root,6656,1828,00:00:00/00:00,18817) /bin/bash /usr/bin/check_mk_agent (root,6656,2020,00:00:00/00:00,18818) /bin/bash /usr/bin/check_mk_agent (root,4480,1052,00:00:00/00:00,18819) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,788,00:00:00/00:00,18820) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,732,00:00:00/00:00,18821) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3488,00:00:00/00:00,18822) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,18840) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,18841) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:18:46,20231) [kworker/0:0-events] (root,0,0,00:00:00/23:19,25066) [kworker/2:0-events] (root,0,0,00:00:00/07:52,30558) [kworker/3:2-ata_sff] (root,35308,10028,00:00:00/3-13:32:59,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:14/3-13:32:58,30947) sshd: cm-ssh (root,0,0,00:00:00/18:35,32237) [kworker/1:1-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-21 23:08 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633960a701Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:57/39-10:26:48,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-10:26:48,2) [kthreadd] (root,0,0,00:00:00/39-10:26:48,3) [rcu_gp] (root,0,0,00:00:00/39-10:26:48,4) [rcu_par_gp] (root,0,0,00:00:00/39-10:26:48,5) [slub_flushwq] (root,0,0,00:00:00/39-10:26:48,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-10:26:48,9) [mm_percpu_wq] (root,0,0,00:00:00/39-10:26:48,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-10:26:48,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-10:26:48,12) [rcu_tasks_trace] (root,0,0,00:01:12/39-10:26:48,13) [ksoftirqd/0] (root,0,0,01:53:06/39-10:26:48,14) [rcu_preempt] (root,0,0,00:00:15/39-10:26:48,15) [migration/0] (root,0,0,00:00:00/39-10:26:48,16) [idle_inject/0] (root,0,0,00:00:00/39-10:26:48,18) [cpuhp/0] (root,0,0,00:00:00/39-10:26:48,19) [cpuhp/1] (root,0,0,00:00:00/39-10:26:48,20) [idle_inject/1] (root,0,0,00:00:15/39-10:26:48,21) [migration/1] (root,0,0,00:00:58/39-10:26:48,22) [ksoftirqd/1] (root,0,0,00:00:00/39-10:26:48,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-10:26:48,25) [cpuhp/2] (root,0,0,00:00:00/39-10:26:48,26) [idle_inject/2] (root,0,0,00:00:11/39-10:26:48,27) [migration/2] (root,0,0,01:13:17/39-10:26:48,28) [ksoftirqd/2] (root,0,0,00:00:00/39-10:26:48,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-10:26:48,31) [cpuhp/3] (root,0,0,00:00:00/39-10:26:48,32) [idle_inject/3] (root,0,0,00:00:14/39-10:26:48,33) [migration/3] (root,0,0,00:03:45/39-10:26:48,34) [ksoftirqd/3] (root,0,0,00:00:00/39-10:26:48,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-10:26:48,40) [kdevtmpfs] (root,0,0,00:00:00/39-10:26:48,41) [netns] (root,0,0,00:00:00/39-10:26:48,42) [inet_frag_wq] (root,0,0,00:00:14/39-10:26:48,43) [kauditd] (root,0,0,00:00:00/39-10:26:48,44) [khungtaskd] (root,0,0,00:00:00/39-10:26:48,45) [oom_reaper] (root,0,0,00:00:00/39-10:26:48,46) [writeback] (root,0,0,00:02:04/39-10:26:48,47) [kcompactd0] (root,0,0,00:00:00/39-10:26:48,48) [ksmd] (root,0,0,00:02:09/39-10:26:48,49) [khugepaged] (root,0,0,00:00:00/39-10:26:48,75) [kintegrityd] (root,0,0,00:00:00/39-10:26:48,76) [kblockd] (root,0,0,00:00:00/39-10:26:48,77) [blkcg_punt_bio] (root,0,0,00:00:00/39-10:26:48,79) [tpm_dev_wq] (root,0,0,00:00:00/39-10:26:48,80) [edac-poller] (root,0,0,00:00:00/39-10:26:48,81) [devfreq_wq] (root,0,0,00:00:00/39-10:26:48,110) [watchdogd] (root,0,0,00:00:02/39-10:26:48,111) [kswapd0] (root,0,0,00:00:10/39-10:26:48,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/39-10:26:46,115) [kthrotld] (root,0,0,00:00:00/39-10:26:46,116) [mld] (root,0,0,00:00:00/39-10:26:46,117) [ipv6_addrconf] (root,0,0,00:00:11/39-10:26:46,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-10:26:46,123) [kstrp] (root,0,0,00:00:00/39-10:26:46,124) [zswap-shrink] (root,0,0,00:00:00/39-10:26:46,125) [kworker/u9:0] (root,0,0,00:00:00/39-10:26:46,130) [charger_manager] (root,0,0,00:00:12/39-10:26:46,172) [kworker/1:1H-kblockd] (root,0,0,00:00:17/39-10:26:46,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/39-10:26:45,239) [kaluad] (root,0,0,00:00:00/39-10:26:45,258) [kmpath_rdacd] (root,0,0,00:00:00/39-10:26:45,304) [kmpathd] (root,0,0,00:00:00/39-10:26:45,305) [kmpath_handlerd] (root,0,0,00:00:00/39-10:26:44,342) [ata_sff] (root,0,0,00:00:00/39-10:26:44,343) [scsi_eh_0] (root,0,0,00:00:00/39-10:26:44,344) [scsi_tmf_0] (root,0,0,00:00:00/39-10:26:44,345) [scsi_eh_1] (root,0,0,00:00:00/39-10:26:44,346) [scsi_tmf_1] (root,0,0,00:01:18/39-10:26:41,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-10:26:41,367) [ext4-rsv-conver] (root,38604,7924,00:01:08/39-10:26:29,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/39-10:26:28,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:01:02/39-10:26:26,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:24/39-10:25:55,511) /sbin/auditd (messagebus,22932,5436,00:02:12/39-10:25:54,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:14/39-10:25:54,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/39-10:25:54,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/39-10:25:52,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/39-10:25:52,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/25:45,1266) [kworker/2:0-events] (root,548616,30300,00:00:46/39-10:25:38,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/39-10:25:38,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:54/39-10:25:38,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/39-10:25:38,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/39-10:25:38,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/39-10:25:38,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/39-10:25:38,1343) /usr/lib/systemd/systemd --user (root,449060,8596,00:01:19/39-10:25:38,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:42/39-10:25:38,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/39-10:25:38,1352) bpfilter_umh (root,26204,8116,00:00:20/39-10:25:38,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/39-10:25:38,1359) ntpd: asynchronous dns resolver (spot,361840,198444,2-07:13:45/39-10:25:37,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/39-10:25:37,1371) (sd-pam) (checkmk,48528,3192,00:00:00/39-10:25:37,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/39-10:25:37,1373) (sd-pam) (root,24216,5260,00:00:14/39-10:25:35,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/39-10:25:35,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/39-10:25:35,1485) /usr/sbin/cron -n (root,697108,78496,00:54:41/39-10:25:29,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,67424,00:21:41/39-10:25:17,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/33-16:00:52,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:00:29,4221) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/15:36,10453) [kworker/3:0-mm_percpu_wq] (root,35304,10040,00:00:00/1-10:53:47,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:06/1-10:53:46,10514) sshd: syslogtunnel (root,0,0,00:00:00/15:01,12444) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/11:46,14542) [kworker/0:2] (root,0,0,00:00:00/00:03,14996) [kworker/3:1-events] (root,6656,3484,00:00:00/00:01,15016) /bin/bash /usr/bin/check_mk_agent (root,0,0,00:00:00/35:00,15042) [kworker/1:1-events] (root,6656,1824,00:00:00/00:01,15089) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:01,15090) /bin/bash /usr/bin/check_mk_agent (root,4480,1068,00:00:00/00:01,15091) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,860,00:00:00/00:01,15092) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,696,00:00:00/00:01,15093) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3480,00:00:00/00:01,15097) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,15115) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,15116) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:17:06,16553) [kworker/0:0-events] (postfix,24244,8244,00:00:00/54:13,20658) pickup -l -t fifo -u (root,35308,10028,00:00:00/1-11:40:00,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:06/1-11:39:59,30947) sshd: cm-ssh (root,0,0,00:00:00/48:58,31742) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/05:13,31980) [kworker/3:2-ata_sff] (root,0,0,00:00:00/39:37,32470) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-19 21:15 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836340f610f9Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:51/37-12:03:30,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-12:03:30,2) [kthreadd] (root,0,0,00:00:00/37-12:03:30,3) [rcu_gp] (root,0,0,00:00:00/37-12:03:30,4) [rcu_par_gp] (root,0,0,00:00:00/37-12:03:30,5) [slub_flushwq] (root,0,0,00:00:00/37-12:03:30,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-12:03:30,9) [mm_percpu_wq] (root,0,0,00:00:00/37-12:03:30,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-12:03:30,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-12:03:30,12) [rcu_tasks_trace] (root,0,0,00:01:07/37-12:03:30,13) [ksoftirqd/0] (root,0,0,01:47:18/37-12:03:30,14) [rcu_preempt] (root,0,0,00:00:14/37-12:03:30,15) [migration/0] (root,0,0,00:00:00/37-12:03:30,16) [idle_inject/0] (root,0,0,00:00:00/37-12:03:30,18) [cpuhp/0] (root,0,0,00:00:00/37-12:03:30,19) [cpuhp/1] (root,0,0,00:00:00/37-12:03:30,20) [idle_inject/1] (root,0,0,00:00:14/37-12:03:30,21) [migration/1] (root,0,0,00:00:55/37-12:03:30,22) [ksoftirqd/1] (root,0,0,00:00:00/37-12:03:30,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-12:03:30,25) [cpuhp/2] (root,0,0,00:00:00/37-12:03:30,26) [idle_inject/2] (root,0,0,00:00:10/37-12:03:30,27) [migration/2] (root,0,0,01:07:50/37-12:03:30,28) [ksoftirqd/2] (root,0,0,00:00:00/37-12:03:30,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-12:03:30,31) [cpuhp/3] (root,0,0,00:00:00/37-12:03:30,32) [idle_inject/3] (root,0,0,00:00:13/37-12:03:30,33) [migration/3] (root,0,0,00:03:29/37-12:03:30,34) [ksoftirqd/3] (root,0,0,00:00:00/37-12:03:30,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-12:03:30,40) [kdevtmpfs] (root,0,0,00:00:00/37-12:03:30,41) [netns] (root,0,0,00:00:00/37-12:03:30,42) [inet_frag_wq] (root,0,0,00:00:13/37-12:03:30,43) [kauditd] (root,0,0,00:00:00/37-12:03:30,44) [khungtaskd] (root,0,0,00:00:00/37-12:03:30,45) [oom_reaper] (root,0,0,00:00:00/37-12:03:30,46) [writeback] (root,0,0,00:01:58/37-12:03:30,47) [kcompactd0] (root,0,0,00:00:00/37-12:03:30,48) [ksmd] (root,0,0,00:02:02/37-12:03:30,49) [khugepaged] (root,0,0,00:00:00/37-12:03:30,75) [kintegrityd] (root,0,0,00:00:00/37-12:03:30,76) [kblockd] (root,0,0,00:00:00/37-12:03:30,77) [blkcg_punt_bio] (root,0,0,00:00:00/37-12:03:30,79) [tpm_dev_wq] (root,0,0,00:00:00/37-12:03:30,80) [edac-poller] (root,0,0,00:00:00/37-12:03:30,81) [devfreq_wq] (root,0,0,00:00:00/37-12:03:30,110) [watchdogd] (root,0,0,00:00:02/37-12:03:30,111) [kswapd0] (root,0,0,00:00:10/37-12:03:30,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/37-12:03:28,115) [kthrotld] (root,0,0,00:00:00/37-12:03:28,116) [mld] (root,0,0,00:00:00/37-12:03:28,117) [ipv6_addrconf] (root,0,0,00:00:10/37-12:03:28,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-12:03:28,123) [kstrp] (root,0,0,00:00:00/37-12:03:28,124) [zswap-shrink] (root,0,0,00:00:00/37-12:03:28,125) [kworker/u9:0] (root,0,0,00:00:00/37-12:03:28,130) [charger_manager] (root,0,0,00:00:11/37-12:03:28,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/37-12:03:28,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/37-12:03:27,239) [kaluad] (root,0,0,00:00:00/37-12:03:27,258) [kmpath_rdacd] (root,0,0,00:00:00/37-12:03:27,304) [kmpathd] (root,0,0,00:00:00/37-12:03:27,305) [kmpath_handlerd] (root,0,0,00:00:00/37-12:03:26,342) [ata_sff] (root,0,0,00:00:00/37-12:03:26,343) [scsi_eh_0] (root,0,0,00:00:00/37-12:03:26,344) [scsi_tmf_0] (root,0,0,00:00:00/37-12:03:26,345) [scsi_eh_1] (root,0,0,00:00:00/37-12:03:26,346) [scsi_tmf_1] (root,0,0,00:01:14/37-12:03:23,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-12:03:23,367) [ext4-rsv-conver] (root,38604,7924,00:01:01/37-12:03:11,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/37-12:03:10,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:00:58/37-12:03:08,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:22/37-12:02:37,511) /sbin/auditd (messagebus,22932,5436,00:02:06/37-12:02:36,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:11/37-12:02:36,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/37-12:02:36,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/37-12:02:34,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/37-12:02:34,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30292,00:00:44/37-12:02:20,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/37-12:02:20,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:44/37-12:02:20,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/37-12:02:20,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/37-12:02:20,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/37-12:02:20,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/37-12:02:20,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:58/37-12:02:20,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:25/37-12:02:20,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/37-12:02:20,1352) bpfilter_umh (root,26204,8116,00:00:19/37-12:02:20,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/37-12:02:20,1359) ntpd: asynchronous dns resolver (spot,361888,198468,2-04:20:31/37-12:02:19,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/37-12:02:19,1371) (sd-pam) (checkmk,48528,3192,00:00:00/37-12:02:19,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/37-12:02:19,1373) (sd-pam) (root,24216,5260,00:00:13/37-12:02:17,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/37-12:02:17,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/37-12:02:17,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/37-12:02:14,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:19/37-12:02:13,1527) sshd: syslogtunnel (root,696596,75960,00:51:54/37-12:02:11,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66204,00:20:40/37-12:01:59,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/31-17:37:34,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/20:06,2691) [kworker/u8:1-ext4-rsv-conversion] (root,35308,10108,00:00:00/37-12:01:34,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:02:04/37-12:01:34,3218) sshd: cm-ssh (postfix,24244,8256,00:00:00/01:12:44,4691) pickup -l -t fifo -u (root,0,0,00:00:00/09:06,9208) [kworker/3:0-ata_sff] (root,6656,3484,00:00:00/00:00,11420) /bin/bash /usr/bin/check_mk_agent (root,13744,3412,00:00:00/00:00,11438) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,11439) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:27:09,18233) [kworker/u8:0-writeback] (root,0,0,00:00:00/06:41,18319) [kworker/1:2-events] (root,0,0,00:00:00/02:00:52,19177) [kworker/0:2-events] (root,0,0,00:00:00/52:54,19789) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/43:15,24321) [kworker/2:1-mm_percpu_wq] (root,0,0,00:00:00/01:06:30,26865) [kworker/1:0-events] (root,0,0,00:00:00/03:56,28403) [kworker/3:1-ata_sff] (root,0,0,00:00:00/57:28,32400) [kworker/2:2] (root,0,0,00:00:02/03:41:50,32737) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-17 22:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836324e5cfcaFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12620,00:01:45/35-11:03:53,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/35-11:03:53,2) [kthreadd] (root,0,0,00:00:00/35-11:03:53,3) [rcu_gp] (root,0,0,00:00:00/35-11:03:53,4) [rcu_par_gp] (root,0,0,00:00:00/35-11:03:53,5) [slub_flushwq] (root,0,0,00:00:00/35-11:03:53,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-11:03:53,9) [mm_percpu_wq] (root,0,0,00:00:00/35-11:03:53,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-11:03:53,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-11:03:53,12) [rcu_tasks_trace] (root,0,0,00:01:04/35-11:03:53,13) [ksoftirqd/0] (root,0,0,01:41:52/35-11:03:53,14) [rcu_preempt] (root,0,0,00:00:13/35-11:03:53,15) [migration/0] (root,0,0,00:00:00/35-11:03:53,16) [idle_inject/0] (root,0,0,00:00:00/35-11:03:53,18) [cpuhp/0] (root,0,0,00:00:00/35-11:03:53,19) [cpuhp/1] (root,0,0,00:00:00/35-11:03:53,20) [idle_inject/1] (root,0,0,00:00:13/35-11:03:53,21) [migration/1] (root,0,0,00:00:52/35-11:03:53,22) [ksoftirqd/1] (root,0,0,00:00:00/35-11:03:53,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-11:03:53,25) [cpuhp/2] (root,0,0,00:00:00/35-11:03:53,26) [idle_inject/2] (root,0,0,00:00:10/35-11:03:53,27) [migration/2] (root,0,0,01:04:50/35-11:03:53,28) [ksoftirqd/2] (root,0,0,00:00:00/35-11:03:53,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-11:03:53,31) [cpuhp/3] (root,0,0,00:00:00/35-11:03:53,32) [idle_inject/3] (root,0,0,00:00:12/35-11:03:53,33) [migration/3] (root,0,0,00:03:20/35-11:03:53,34) [ksoftirqd/3] (root,0,0,00:00:00/35-11:03:53,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-11:03:53,40) [kdevtmpfs] (root,0,0,00:00:00/35-11:03:53,41) [netns] (root,0,0,00:00:00/35-11:03:53,42) [inet_frag_wq] (root,0,0,00:00:12/35-11:03:53,43) [kauditd] (root,0,0,00:00:00/35-11:03:53,44) [khungtaskd] (root,0,0,00:00:00/35-11:03:53,45) [oom_reaper] (root,0,0,00:00:00/35-11:03:53,46) [writeback] (root,0,0,00:01:52/35-11:03:53,47) [kcompactd0] (root,0,0,00:00:00/35-11:03:53,48) [ksmd] (root,0,0,00:01:55/35-11:03:53,49) [khugepaged] (root,0,0,00:00:00/35-11:03:53,75) [kintegrityd] (root,0,0,00:00:00/35-11:03:53,76) [kblockd] (root,0,0,00:00:00/35-11:03:53,77) [blkcg_punt_bio] (root,0,0,00:00:00/35-11:03:53,79) [tpm_dev_wq] (root,0,0,00:00:00/35-11:03:53,80) [edac-poller] (root,0,0,00:00:00/35-11:03:53,81) [devfreq_wq] (root,0,0,00:00:00/35-11:03:53,110) [watchdogd] (root,0,0,00:00:02/35-11:03:53,111) [kswapd0] (root,0,0,00:00:09/35-11:03:53,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/35-11:03:51,115) [kthrotld] (root,0,0,00:00:00/35-11:03:51,116) [mld] (root,0,0,00:00:00/35-11:03:51,117) [ipv6_addrconf] (root,0,0,00:00:10/35-11:03:51,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-11:03:51,123) [kstrp] (root,0,0,00:00:00/35-11:03:51,124) [zswap-shrink] (root,0,0,00:00:00/35-11:03:51,125) [kworker/u9:0] (root,0,0,00:00:00/35-11:03:51,130) [charger_manager] (root,0,0,00:00:10/35-11:03:51,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/35-11:03:51,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/35-11:03:50,239) [kaluad] (root,0,0,00:00:00/35-11:03:50,258) [kmpath_rdacd] (root,0,0,00:00:00/35-11:03:50,304) [kmpathd] (root,0,0,00:00:00/35-11:03:50,305) [kmpath_handlerd] (root,0,0,00:00:00/35-11:03:49,342) [ata_sff] (root,0,0,00:00:00/35-11:03:49,343) [scsi_eh_0] (root,0,0,00:00:00/35-11:03:49,344) [scsi_tmf_0] (root,0,0,00:00:00/35-11:03:49,345) [scsi_eh_1] (root,0,0,00:00:00/35-11:03:49,346) [scsi_tmf_1] (root,0,0,00:01:11/35-11:03:46,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-11:03:46,367) [ext4-rsv-conver] (root,38604,7924,00:00:58/35-11:03:34,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/35-11:03:33,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:00:55/35-11:03:31,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:21/35-11:03:00,511) /sbin/auditd (messagebus,22932,5436,00:01:59/35-11:02:59,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:07/35-11:02:59,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/35-11:02:59,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/35-11:02:57,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/35-11:02:57,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29640,00:00:41/35-11:02:43,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/35-11:02:43,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:31/35-11:02:43,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/35-11:02:43,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/35-11:02:43,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/35-11:02:43,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/35-11:02:43,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:55/35-11:02:43,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:07/35-11:02:43,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/35-11:02:43,1352) bpfilter_umh (root,26204,8116,00:00:18/35-11:02:43,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/35-11:02:43,1359) ntpd: asynchronous dns resolver (spot,361664,198416,2-02:10:44/35-11:02:42,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/35-11:02:42,1371) (sd-pam) (checkmk,48528,3192,00:00:00/35-11:02:42,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/35-11:02:42,1373) (sd-pam) (root,24216,5260,00:00:12/35-11:02:40,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/35-11:02:40,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/35-11:02:40,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/35-11:02:37,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:12/35-11:02:36,1527) sshd: syslogtunnel (root,696596,77900,00:49:05/35-11:02:34,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,223680,64848,00:19:38/35-11:02:22,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/29-16:37:57,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/35-11:01:57,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:57/35-11:01:57,3218) sshd: cm-ssh (root,0,0,00:00:00/11:27,3248) [kworker/2:1] (root,0,0,00:00:00/40:34,3274) [kworker/0:2-events] (postfix,24244,8256,00:00:00/34:57,11037) pickup -l -t fifo -u (root,0,0,00:00:00/06:21,13732) [kworker/3:1-ata_sff] (root,0,0,00:00:00/04:25:41,14251) [kworker/u8:1] (root,0,0,00:00:00/04:22:01,14637) [kworker/2:0-events] (root,0,0,00:00:00/21:54,16573) [kworker/3:0-events] (root,0,0,00:00:00/19:47,19269) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/03:02,20362) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/01:10:23,23023) [kworker/1:1-events] (root,0,0,00:00:00/02:42:33,24304) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/01:08,25972) [kworker/3:2-ata_sff] (root,0,0,00:00:00/15:35,28809) [kworker/0:1] (root,6656,3508,00:00:00/00:00,28822) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,28958) /bin/bash /usr/bin/check_mk_agent (root,6656,1904,00:00:00/00:00,28966) /bin/bash /usr/bin/check_mk_agent (root,25440,8708,00:00:00/00:00,28970) postconf -h queue_directory (root,13744,3520,00:00:00/00:00,28978) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,28979) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-15 21:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a8f5965fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:39/33-12:23:35,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/33-12:23:35,2) [kthreadd] (root,0,0,00:00:00/33-12:23:35,3) [rcu_gp] (root,0,0,00:00:00/33-12:23:35,4) [rcu_par_gp] (root,0,0,00:00:00/33-12:23:35,5) [slub_flushwq] (root,0,0,00:00:00/33-12:23:35,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-12:23:35,9) [mm_percpu_wq] (root,0,0,00:00:00/33-12:23:35,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-12:23:35,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-12:23:35,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-12:23:35,13) [ksoftirqd/0] (root,0,0,01:36:42/33-12:23:35,14) [rcu_preempt] (root,0,0,00:00:12/33-12:23:35,15) [migration/0] (root,0,0,00:00:00/33-12:23:35,16) [idle_inject/0] (root,0,0,00:00:00/33-12:23:35,18) [cpuhp/0] (root,0,0,00:00:00/33-12:23:35,19) [cpuhp/1] (root,0,0,00:00:00/33-12:23:35,20) [idle_inject/1] (root,0,0,00:00:12/33-12:23:35,21) [migration/1] (root,0,0,00:00:50/33-12:23:35,22) [ksoftirqd/1] (root,0,0,00:00:00/33-12:23:35,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-12:23:35,25) [cpuhp/2] (root,0,0,00:00:00/33-12:23:35,26) [idle_inject/2] (root,0,0,00:00:09/33-12:23:35,27) [migration/2] (root,0,0,01:01:49/33-12:23:35,28) [ksoftirqd/2] (root,0,0,00:00:00/33-12:23:35,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-12:23:35,31) [cpuhp/3] (root,0,0,00:00:00/33-12:23:35,32) [idle_inject/3] (root,0,0,00:00:12/33-12:23:35,33) [migration/3] (root,0,0,00:03:11/33-12:23:35,34) [ksoftirqd/3] (root,0,0,00:00:00/33-12:23:35,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-12:23:35,40) [kdevtmpfs] (root,0,0,00:00:00/33-12:23:35,41) [netns] (root,0,0,00:00:00/33-12:23:35,42) [inet_frag_wq] (root,0,0,00:00:12/33-12:23:35,43) [kauditd] (root,0,0,00:00:00/33-12:23:35,44) [khungtaskd] (root,0,0,00:00:00/33-12:23:35,45) [oom_reaper] (root,0,0,00:00:00/33-12:23:35,46) [writeback] (root,0,0,00:01:46/33-12:23:35,47) [kcompactd0] (root,0,0,00:00:00/33-12:23:35,48) [ksmd] (root,0,0,00:01:49/33-12:23:35,49) [khugepaged] (root,0,0,00:00:00/33-12:23:35,75) [kintegrityd] (root,0,0,00:00:00/33-12:23:35,76) [kblockd] (root,0,0,00:00:00/33-12:23:35,77) [blkcg_punt_bio] (root,0,0,00:00:00/33-12:23:35,79) [tpm_dev_wq] (root,0,0,00:00:00/33-12:23:35,80) [edac-poller] (root,0,0,00:00:00/33-12:23:35,81) [devfreq_wq] (root,0,0,00:00:00/33-12:23:35,110) [watchdogd] (root,0,0,00:00:02/33-12:23:35,111) [kswapd0] (root,0,0,00:00:09/33-12:23:35,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/33-12:23:33,115) [kthrotld] (root,0,0,00:00:00/33-12:23:33,116) [mld] (root,0,0,00:00:00/33-12:23:33,117) [ipv6_addrconf] (root,0,0,00:00:09/33-12:23:33,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-12:23:33,123) [kstrp] (root,0,0,00:00:00/33-12:23:33,124) [zswap-shrink] (root,0,0,00:00:00/33-12:23:33,125) [kworker/u9:0] (root,0,0,00:00:00/33-12:23:33,130) [charger_manager] (root,0,0,00:00:10/33-12:23:33,172) [kworker/1:1H-kblockd] (root,0,0,00:00:15/33-12:23:33,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/33-12:23:32,239) [kaluad] (root,0,0,00:00:00/33-12:23:32,258) [kmpath_rdacd] (root,0,0,00:00:00/33-12:23:32,304) [kmpathd] (root,0,0,00:00:00/33-12:23:32,305) [kmpath_handlerd] (root,0,0,00:00:00/33-12:23:31,342) [ata_sff] (root,0,0,00:00:00/33-12:23:31,343) [scsi_eh_0] (root,0,0,00:00:00/33-12:23:31,344) [scsi_tmf_0] (root,0,0,00:00:00/33-12:23:31,345) [scsi_eh_1] (root,0,0,00:00:00/33-12:23:31,346) [scsi_tmf_1] (root,0,0,00:01:07/33-12:23:28,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-12:23:28,367) [ext4-rsv-conver] (root,38604,7944,00:00:54/33-12:23:16,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/33-12:23:15,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:52/33-12:23:13,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:20/33-12:22:42,511) /sbin/auditd (messagebus,22932,5632,00:01:52/33-12:22:41,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:01:03/33-12:22:41,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/33-12:22:41,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/33-12:22:39,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/33-12:22:39,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:39/33-12:22:25,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/33-12:22:25,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:22/33-12:22:25,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/33-12:22:25,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/33-12:22:25,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/33-12:22:25,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/33-12:22:25,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:51/33-12:22:25,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:51/33-12:22:25,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/33-12:22:25,1352) bpfilter_umh (root,26204,8128,00:00:17/33-12:22:25,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/33-12:22:25,1359) ntpd: asynchronous dns resolver (spot,360912,199944,2-00:17:06/33-12:22:24,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/33-12:22:24,1371) (sd-pam) (checkmk,48528,3192,00:00:00/33-12:22:24,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/33-12:22:24,1373) (sd-pam) (root,24216,5260,00:00:11/33-12:22:22,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/33-12:22:22,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/33-12:22:22,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/33-12:22:19,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:05/33-12:22:18,1527) sshd: syslogtunnel (root,694036,73228,00:46:23/33-12:22:16,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,222656,63352,00:18:41/33-12:22:04,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/27-17:57:39,2557) tlsmgr -l -t unix -u (root,0,0,00:00:01/01:39:27,2925) [kworker/3:2-events] (root,0,0,00:00:00/00:51,3078) [kworker/3:0-ata_sff] (root,35308,10108,00:00:00/33-12:21:39,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:51/33-12:21:39,3218) sshd: cm-ssh (root,0,0,00:00:00/21:52,3835) [kworker/1:1-cgroup_destroy] (root,0,0,00:00:00/11:48,7410) [kworker/u8:1-flush-253:0] (root,6656,3492,00:00:00/00:00,9057) /bin/bash /usr/bin/check_mk_agent (root,13744,3524,00:00:00/00:00,9075) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,9076) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/11:14,10297) [kworker/3:1-ata_sff] (root,0,0,00:00:01/04:08:58,15620) [kworker/2:2-events] (root,0,0,00:00:00/28:31,17463) [kworker/0:0] (root,0,0,00:00:00/48:39,21273) [kworker/0:1-events] (root,0,0,00:00:00/01:22:14,22539) [kworker/u8:2-ext4-rsv-conversion] (postfix,24244,8228,00:00:00/35:30,25034) pickup -l -t fifo -u (root,0,0,00:00:00/35:18,25667) [kworker/1:0-events] (root,0,0,00:00:00/55:30,29580) [kworker/2:1] (root,0,0,00:00:00/01:58,30034) [kworker/1:2] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-13 23:12 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836330e42c94Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:32/31-10:37:52,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-10:37:52,2) [kthreadd] (root,0,0,00:00:00/31-10:37:52,3) [rcu_gp] (root,0,0,00:00:00/31-10:37:52,4) [rcu_par_gp] (root,0,0,00:00:00/31-10:37:52,5) [slub_flushwq] (root,0,0,00:00:00/31-10:37:52,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-10:37:52,9) [mm_percpu_wq] (root,0,0,00:00:00/31-10:37:52,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-10:37:52,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-10:37:52,12) [rcu_tasks_trace] (root,0,0,00:00:58/31-10:37:52,13) [ksoftirqd/0] (root,0,0,01:31:06/31-10:37:52,14) [rcu_preempt] (root,0,0,00:00:12/31-10:37:52,15) [migration/0] (root,0,0,00:00:00/31-10:37:52,16) [idle_inject/0] (root,0,0,00:00:00/31-10:37:52,18) [cpuhp/0] (root,0,0,00:00:00/31-10:37:52,19) [cpuhp/1] (root,0,0,00:00:00/31-10:37:52,20) [idle_inject/1] (root,0,0,00:00:12/31-10:37:52,21) [migration/1] (root,0,0,00:00:47/31-10:37:52,22) [ksoftirqd/1] (root,0,0,00:00:00/31-10:37:52,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-10:37:52,25) [cpuhp/2] (root,0,0,00:00:00/31-10:37:52,26) [idle_inject/2] (root,0,0,00:00:09/31-10:37:52,27) [migration/2] (root,0,0,00:58:25/31-10:37:52,28) [ksoftirqd/2] (root,0,0,00:00:00/31-10:37:52,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-10:37:52,31) [cpuhp/3] (root,0,0,00:00:00/31-10:37:52,32) [idle_inject/3] (root,0,0,00:00:11/31-10:37:52,33) [migration/3] (root,0,0,00:03:01/31-10:37:52,34) [ksoftirqd/3] (root,0,0,00:00:00/31-10:37:52,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-10:37:52,40) [kdevtmpfs] (root,0,0,00:00:00/31-10:37:52,41) [netns] (root,0,0,00:00:00/31-10:37:52,42) [inet_frag_wq] (root,0,0,00:00:11/31-10:37:52,43) [kauditd] (root,0,0,00:00:00/31-10:37:52,44) [khungtaskd] (root,0,0,00:00:00/31-10:37:52,45) [oom_reaper] (root,0,0,00:00:00/31-10:37:52,46) [writeback] (root,0,0,00:01:40/31-10:37:52,47) [kcompactd0] (root,0,0,00:00:00/31-10:37:52,48) [ksmd] (root,0,0,00:01:43/31-10:37:52,49) [khugepaged] (root,0,0,00:00:00/31-10:37:52,75) [kintegrityd] (root,0,0,00:00:00/31-10:37:52,76) [kblockd] (root,0,0,00:00:00/31-10:37:52,77) [blkcg_punt_bio] (root,0,0,00:00:00/31-10:37:52,79) [tpm_dev_wq] (root,0,0,00:00:00/31-10:37:52,80) [edac-poller] (root,0,0,00:00:00/31-10:37:52,81) [devfreq_wq] (root,0,0,00:00:00/31-10:37:52,110) [watchdogd] (root,0,0,00:00:02/31-10:37:52,111) [kswapd0] (root,0,0,00:00:08/31-10:37:52,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/31-10:37:50,115) [kthrotld] (root,0,0,00:00:00/31-10:37:50,116) [mld] (root,0,0,00:00:00/31-10:37:50,117) [ipv6_addrconf] (root,0,0,00:00:09/31-10:37:50,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-10:37:50,123) [kstrp] (root,0,0,00:00:00/31-10:37:50,124) [zswap-shrink] (root,0,0,00:00:00/31-10:37:50,125) [kworker/u9:0] (root,0,0,00:00:00/31-10:37:50,130) [charger_manager] (root,0,0,00:00:09/31-10:37:50,172) [kworker/1:1H-kblockd] (root,0,0,00:00:14/31-10:37:50,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/31-10:37:49,239) [kaluad] (root,0,0,00:00:00/31-10:37:49,258) [kmpath_rdacd] (root,0,0,00:00:00/31-10:37:49,304) [kmpathd] (root,0,0,00:00:00/31-10:37:49,305) [kmpath_handlerd] (root,0,0,00:00:00/31-10:37:48,342) [ata_sff] (root,0,0,00:00:00/31-10:37:48,343) [scsi_eh_0] (root,0,0,00:00:00/31-10:37:48,344) [scsi_tmf_0] (root,0,0,00:00:00/31-10:37:48,345) [scsi_eh_1] (root,0,0,00:00:00/31-10:37:48,346) [scsi_tmf_1] (root,0,0,00:01:03/31-10:37:45,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-10:37:45,367) [ext4-rsv-conver] (root,38604,7944,00:00:50/31-10:37:33,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/31-10:37:32,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:49/31-10:37:30,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:18/31-10:36:59,511) /sbin/auditd (messagebus,22932,5632,00:01:44/31-10:36:58,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:58/31-10:36:58,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/31-10:36:58,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/31-10:36:56,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/31-10:36:56,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:37/31-10:36:42,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/31-10:36:42,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:09/31-10:36:42,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/31-10:36:42,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/31-10:36:42,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/31-10:36:42,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/31-10:36:42,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:48/31-10:36:42,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:34/31-10:36:42,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/31-10:36:42,1352) bpfilter_umh (root,26204,8128,00:00:16/31-10:36:42,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/31-10:36:42,1359) ntpd: asynchronous dns resolver (spot,361648,200144,1-22:01:15/31-10:36:41,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/31-10:36:41,1371) (sd-pam) (checkmk,48528,3192,00:00:00/31-10:36:41,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/31-10:36:41,1373) (sd-pam) (root,24216,5260,00:00:11/31-10:36:39,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/31-10:36:39,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/31-10:36:39,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/31-10:36:36,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:57/31-10:36:35,1527) sshd: syslogtunnel (root,693780,72896,00:43:33/31-10:36:33,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,221632,61976,00:17:36/31-10:36:21,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/25-16:11:56,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/31-10:35:56,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:44/31-10:35:56,3218) sshd: cm-ssh (root,0,0,00:00:00/34:56,5424) [kworker/0:2-events] (root,0,0,00:00:00/15:53,8236) [kworker/3:1-events] (root,0,0,00:00:00/15:41,8237) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/02:15:04,8637) [kworker/1:1-events] (root,0,0,00:00:00/41:37,10736) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/15:46:28,11736) [kworker/u8:1-ext4-rsv-conversion] (postfix,24244,8172,00:00:00/51:49,12724) pickup -l -t fifo -u (root,0,0,00:00:00/05:30,13427) [kworker/3:2-ata_sff] (root,0,0,00:00:00/31:38,17037) [kworker/2:2-events] (root,0,0,00:00:00/04:20,18658) [kworker/2:0] (root,0,0,00:00:00/58:24,22602) [kworker/2:1-events] (root,0,0,00:00:00/48:23,23131) [kworker/1:0-events] (root,0,0,00:00:00/01:01,28641) [kworker/0:1-events] (root,0,0,00:00:00/00:19,30667) [kworker/3:0-ata_sff] (root,6656,3508,00:00:00/00:00,31015) /bin/bash /usr/bin/check_mk_agent (root,6656,3476,00:00:00/00:00,31067) /bin/bash /usr/bin/check_mk_agent (root,13744,3496,00:00:00/00:00,31095) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,31096) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-11 21:26 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836325a8e74aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:25/29-11:17:47,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-11:17:47,2) [kthreadd] (root,0,0,00:00:00/29-11:17:47,3) [rcu_gp] (root,0,0,00:00:00/29-11:17:47,4) [rcu_par_gp] (root,0,0,00:00:00/29-11:17:47,5) [slub_flushwq] (root,0,0,00:00:00/29-11:17:47,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-11:17:47,9) [mm_percpu_wq] (root,0,0,00:00:00/29-11:17:47,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-11:17:47,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-11:17:47,12) [rcu_tasks_trace] (root,0,0,00:00:55/29-11:17:47,13) [ksoftirqd/0] (root,0,0,01:25:25/29-11:17:47,14) [rcu_preempt] (root,0,0,00:00:11/29-11:17:47,15) [migration/0] (root,0,0,00:00:00/29-11:17:47,16) [idle_inject/0] (root,0,0,00:00:00/29-11:17:47,18) [cpuhp/0] (root,0,0,00:00:00/29-11:17:47,19) [cpuhp/1] (root,0,0,00:00:00/29-11:17:47,20) [idle_inject/1] (root,0,0,00:00:11/29-11:17:47,21) [migration/1] (root,0,0,00:00:44/29-11:17:47,22) [ksoftirqd/1] (root,0,0,00:00:00/29-11:17:47,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-11:17:47,25) [cpuhp/2] (root,0,0,00:00:00/29-11:17:47,26) [idle_inject/2] (root,0,0,00:00:08/29-11:17:47,27) [migration/2] (root,0,0,00:54:28/29-11:17:47,28) [ksoftirqd/2] (root,0,0,00:00:00/29-11:17:47,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-11:17:47,31) [cpuhp/3] (root,0,0,00:00:00/29-11:17:47,32) [idle_inject/3] (root,0,0,00:00:10/29-11:17:47,33) [migration/3] (root,0,0,00:02:50/29-11:17:47,34) [ksoftirqd/3] (root,0,0,00:00:00/29-11:17:47,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-11:17:47,40) [kdevtmpfs] (root,0,0,00:00:00/29-11:17:47,41) [netns] (root,0,0,00:00:00/29-11:17:47,42) [inet_frag_wq] (root,0,0,00:00:10/29-11:17:47,43) [kauditd] (root,0,0,00:00:00/29-11:17:47,44) [khungtaskd] (root,0,0,00:00:00/29-11:17:47,45) [oom_reaper] (root,0,0,00:00:00/29-11:17:47,46) [writeback] (root,0,0,00:01:34/29-11:17:47,47) [kcompactd0] (root,0,0,00:00:00/29-11:17:47,48) [ksmd] (root,0,0,00:01:35/29-11:17:47,49) [khugepaged] (root,0,0,00:00:00/29-11:17:47,75) [kintegrityd] (root,0,0,00:00:00/29-11:17:47,76) [kblockd] (root,0,0,00:00:00/29-11:17:47,77) [blkcg_punt_bio] (root,0,0,00:00:00/29-11:17:47,79) [tpm_dev_wq] (root,0,0,00:00:00/29-11:17:47,80) [edac-poller] (root,0,0,00:00:00/29-11:17:47,81) [devfreq_wq] (root,0,0,00:00:00/29-11:17:47,110) [watchdogd] (root,0,0,00:00:02/29-11:17:47,111) [kswapd0] (root,0,0,00:00:08/29-11:17:47,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/29-11:17:45,115) [kthrotld] (root,0,0,00:00:00/29-11:17:45,116) [mld] (root,0,0,00:00:00/29-11:17:45,117) [ipv6_addrconf] (root,0,0,00:00:08/29-11:17:45,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-11:17:45,123) [kstrp] (root,0,0,00:00:00/29-11:17:45,124) [zswap-shrink] (root,0,0,00:00:00/29-11:17:45,125) [kworker/u9:0] (root,0,0,00:00:00/29-11:17:45,130) [charger_manager] (root,0,0,00:00:09/29-11:17:45,172) [kworker/1:1H-kblockd] (root,0,0,00:00:13/29-11:17:45,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/29-11:17:44,239) [kaluad] (root,0,0,00:00:00/29-11:17:44,258) [kmpath_rdacd] (root,0,0,00:00:00/29-11:17:44,304) [kmpathd] (root,0,0,00:00:00/29-11:17:44,305) [kmpath_handlerd] (root,0,0,00:00:00/29-11:17:43,342) [ata_sff] (root,0,0,00:00:00/29-11:17:43,343) [scsi_eh_0] (root,0,0,00:00:00/29-11:17:43,344) [scsi_tmf_0] (root,0,0,00:00:00/29-11:17:43,345) [scsi_eh_1] (root,0,0,00:00:00/29-11:17:43,346) [scsi_tmf_1] (root,0,0,00:00:59/29-11:17:40,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-11:17:40,367) [ext4-rsv-conver] (root,38604,7944,00:00:47/29-11:17:28,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/29-11:17:27,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:46/29-11:17:25,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:17/29-11:16:54,511) /sbin/auditd (messagebus,22932,5632,00:01:35/29-11:16:53,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:54/29-11:16:53,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/29-11:16:53,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/29-11:16:51,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/29-11:16:51,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:34/29-11:16:37,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/29-11:16:37,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:59/29-11:16:37,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/29-11:16:37,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/29-11:16:37,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/29-11:16:37,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/29-11:16:37,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:45/29-11:16:37,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:16/29-11:16:37,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/29-11:16:37,1352) bpfilter_umh (root,26204,8128,00:00:14/29-11:16:37,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/29-11:16:37,1359) ntpd: asynchronous dns resolver (spot,361408,200104,1-19:42:58/29-11:16:36,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/29-11:16:36,1371) (sd-pam) (checkmk,48528,3192,00:00:00/29-11:16:36,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/29-11:16:36,1373) (sd-pam) (root,24216,5260,00:00:10/29-11:16:34,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/29-11:16:34,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/29-11:16:34,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/29-11:16:31,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:50/29-11:16:30,1527) sshd: syslogtunnel (root,693524,72428,00:40:44/29-11:16:28,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,220608,60744,00:16:34/29-11:16:16,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/23-16:51:51,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/29-11:15:51,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:38/29-11:15:51,3218) sshd: cm-ssh (root,0,0,00:00:00/06:14,4977) [kworker/2:0-events] (root,0,0,00:00:00/02:47:27,5369) [kworker/1:2-events] (root,6656,3464,00:00:00/00:00,7911) /bin/bash /usr/bin/check_mk_agent (root,13744,3504,00:00:00/00:00,7929) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,7930) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/55:59,9946) [kworker/u8:1-writeback] (root,0,0,00:00:01/01:25:03,16583) [kworker/3:2-events] (root,0,0,00:00:00/09:40,18169) [kworker/0:2-events] (root,0,0,00:00:00/01:23:56,20379) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/02:51,21874) [kworker/3:0-ata_sff] (root,0,0,00:00:00/41:50,22291) [kworker/0:1-events] (postfix,24244,8236,00:00:00/13:39,24925) pickup -l -t fifo -u (root,0,0,00:00:00/08:02,26080) [kworker/3:1-ata_sff] (root,0,0,00:00:00/12:54,31224) [kworker/1:1-events] (root,0,0,00:00:00/03:22:39,31631) [kworker/u8:0-ext4-rsv-conversion] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-09 22:06 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683635d5940c7Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:18/27-11:27:37,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-11:27:37,2) [kthreadd] (root,0,0,00:00:00/27-11:27:37,3) [rcu_gp] (root,0,0,00:00:00/27-11:27:37,4) [rcu_par_gp] (root,0,0,00:00:00/27-11:27:37,5) [slub_flushwq] (root,0,0,00:00:00/27-11:27:37,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-11:27:37,9) [mm_percpu_wq] (root,0,0,00:00:00/27-11:27:37,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-11:27:37,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-11:27:37,12) [rcu_tasks_trace] (root,0,0,00:00:51/27-11:27:37,13) [ksoftirqd/0] (root,0,0,01:19:58/27-11:27:37,14) [rcu_preempt] (root,0,0,00:00:10/27-11:27:37,15) [migration/0] (root,0,0,00:00:00/27-11:27:37,16) [idle_inject/0] (root,0,0,00:00:00/27-11:27:37,18) [cpuhp/0] (root,0,0,00:00:00/27-11:27:37,19) [cpuhp/1] (root,0,0,00:00:00/27-11:27:37,20) [idle_inject/1] (root,0,0,00:00:10/27-11:27:37,21) [migration/1] (root,0,0,00:00:42/27-11:27:37,22) [ksoftirqd/1] (root,0,0,00:00:00/27-11:27:37,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-11:27:37,25) [cpuhp/2] (root,0,0,00:00:00/27-11:27:37,26) [idle_inject/2] (root,0,0,00:00:08/27-11:27:37,27) [migration/2] (root,0,0,00:51:25/27-11:27:37,28) [ksoftirqd/2] (root,0,0,00:00:00/27-11:27:37,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-11:27:37,31) [cpuhp/3] (root,0,0,00:00:00/27-11:27:37,32) [idle_inject/3] (root,0,0,00:00:10/27-11:27:37,33) [migration/3] (root,0,0,00:02:40/27-11:27:37,34) [ksoftirqd/3] (root,0,0,00:00:00/27-11:27:37,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-11:27:37,40) [kdevtmpfs] (root,0,0,00:00:00/27-11:27:37,41) [netns] (root,0,0,00:00:00/27-11:27:37,42) [inet_frag_wq] (root,0,0,00:00:09/27-11:27:37,43) [kauditd] (root,0,0,00:00:00/27-11:27:37,44) [khungtaskd] (root,0,0,00:00:00/27-11:27:37,45) [oom_reaper] (root,0,0,00:00:00/27-11:27:37,46) [writeback] (root,0,0,00:01:28/27-11:27:37,47) [kcompactd0] (root,0,0,00:00:00/27-11:27:37,48) [ksmd] (root,0,0,00:01:29/27-11:27:37,49) [khugepaged] (root,0,0,00:00:00/27-11:27:37,75) [kintegrityd] (root,0,0,00:00:00/27-11:27:37,76) [kblockd] (root,0,0,00:00:00/27-11:27:37,77) [blkcg_punt_bio] (root,0,0,00:00:00/27-11:27:37,79) [tpm_dev_wq] (root,0,0,00:00:00/27-11:27:37,80) [edac-poller] (root,0,0,00:00:00/27-11:27:37,81) [devfreq_wq] (root,0,0,00:00:00/27-11:27:37,110) [watchdogd] (root,0,0,00:00:02/27-11:27:37,111) [kswapd0] (root,0,0,00:00:07/27-11:27:37,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/27-11:27:35,115) [kthrotld] (root,0,0,00:00:00/27-11:27:35,116) [mld] (root,0,0,00:00:00/27-11:27:35,117) [ipv6_addrconf] (root,0,0,00:00:07/27-11:27:35,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-11:27:35,123) [kstrp] (root,0,0,00:00:00/27-11:27:35,124) [zswap-shrink] (root,0,0,00:00:00/27-11:27:35,125) [kworker/u9:0] (root,0,0,00:00:00/27-11:27:35,130) [charger_manager] (root,0,0,00:00:08/27-11:27:35,172) [kworker/1:1H-kblockd] (root,0,0,00:00:12/27-11:27:35,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/27-11:27:34,239) [kaluad] (root,0,0,00:00:00/27-11:27:34,258) [kmpath_rdacd] (root,0,0,00:00:00/27-11:27:34,304) [kmpathd] (root,0,0,00:00:00/27-11:27:34,305) [kmpath_handlerd] (root,0,0,00:00:00/27-11:27:33,342) [ata_sff] (root,0,0,00:00:00/27-11:27:33,343) [scsi_eh_0] (root,0,0,00:00:00/27-11:27:33,344) [scsi_tmf_0] (root,0,0,00:00:00/27-11:27:33,345) [scsi_eh_1] (root,0,0,00:00:00/27-11:27:33,346) [scsi_tmf_1] (root,0,0,00:00:55/27-11:27:30,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-11:27:30,367) [ext4-rsv-conver] (root,38604,7944,00:00:43/27-11:27:18,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/27-11:27:17,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:43/27-11:27:15,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:15/27-11:26:44,511) /sbin/auditd (messagebus,22932,5632,00:01:26/27-11:26:43,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8328,00:00:49/27-11:26:43,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/27-11:26:43,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/27-11:26:41,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/27-11:26:41,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28512,00:00:32/27-11:26:27,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/27-11:26:27,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:47/27-11:26:27,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/27-11:26:27,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/27-11:26:27,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/27-11:26:27,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/27-11:26:27,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:41/27-11:26:27,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:03:59/27-11:26:27,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/27-11:26:27,1352) bpfilter_umh (root,26204,8128,00:00:13/27-11:26:27,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/27-11:26:27,1359) ntpd: asynchronous dns resolver (spot,296192,195028,1-17:07:36/27-11:26:26,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/27-11:26:26,1371) (sd-pam) (checkmk,48528,3192,00:00:00/27-11:26:26,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/27-11:26:26,1373) (sd-pam) (root,24216,5260,00:00:09/27-11:26:24,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:01/27-11:26:24,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/27-11:26:24,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/27-11:26:21,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:42/27-11:26:20,1527) sshd: syslogtunnel (root,693268,72056,00:37:59/27-11:26:18,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/33:27,1861) [kworker/0:2-events] (spot,219584,59116,00:15:32/27-11:26:06,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/42:44,2214) [kworker/2:2] (postfix,44628,9244,00:00:00/21-17:01:41,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/27-11:25:41,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:31/27-11:25:41,3218) sshd: cm-ssh (root,0,0,00:00:00/04:15,4433) [kworker/3:0-ata_sff] (root,0,0,00:00:00/54:53,6602) [kworker/2:0-events] (root,0,0,00:00:00/30:26,7994) [kworker/1:0-events] (root,0,0,00:00:00/53:33,8895) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/09:27,14429) [kworker/3:1-ata_sff] (root,6656,3484,00:00:00/00:00,20565) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,20583) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,20584) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/15:24,21414) [kworker/0:0-events] (root,0,0,00:00:00/15:22,21505) [kworker/u8:2-flush-253:0] (root,0,0,00:00:01/02:13:57,24222) [kworker/3:2-events] (postfix,24244,8264,00:00:00/45:16,28642) pickup -l -t fifo -u (root,0,0,00:00:00/21:14,32123) [kworker/1:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-07 22:16 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363216b04bdFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:10/25-11:45:02,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-11:45:02,2) [kthreadd] (root,0,0,00:00:00/25-11:45:02,3) [rcu_gp] (root,0,0,00:00:00/25-11:45:02,4) [rcu_par_gp] (root,0,0,00:00:00/25-11:45:02,5) [slub_flushwq] (root,0,0,00:00:00/25-11:45:02,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-11:45:02,9) [mm_percpu_wq] (root,0,0,00:00:00/25-11:45:02,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-11:45:02,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-11:45:02,12) [rcu_tasks_trace] (root,0,0,00:00:48/25-11:45:02,13) [ksoftirqd/0] (root,0,0,01:14:34/25-11:45:02,14) [rcu_preempt] (root,0,0,00:00:09/25-11:45:02,15) [migration/0] (root,0,0,00:00:00/25-11:45:02,16) [idle_inject/0] (root,0,0,00:00:00/25-11:45:02,18) [cpuhp/0] (root,0,0,00:00:00/25-11:45:02,19) [cpuhp/1] (root,0,0,00:00:00/25-11:45:02,20) [idle_inject/1] (root,0,0,00:00:09/25-11:45:02,21) [migration/1] (root,0,0,00:00:39/25-11:45:02,22) [ksoftirqd/1] (root,0,0,00:00:00/25-11:45:02,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-11:45:02,25) [cpuhp/2] (root,0,0,00:00:00/25-11:45:02,26) [idle_inject/2] (root,0,0,00:00:07/25-11:45:02,27) [migration/2] (root,0,0,00:48:41/25-11:45:02,28) [ksoftirqd/2] (root,0,0,00:00:00/25-11:45:02,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-11:45:02,31) [cpuhp/3] (root,0,0,00:00:00/25-11:45:02,32) [idle_inject/3] (root,0,0,00:00:09/25-11:45:02,33) [migration/3] (root,0,0,00:02:30/25-11:45:02,34) [ksoftirqd/3] (root,0,0,00:00:00/25-11:45:02,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-11:45:02,40) [kdevtmpfs] (root,0,0,00:00:00/25-11:45:02,41) [netns] (root,0,0,00:00:00/25-11:45:02,42) [inet_frag_wq] (root,0,0,00:00:08/25-11:45:02,43) [kauditd] (root,0,0,00:00:00/25-11:45:02,44) [khungtaskd] (root,0,0,00:00:00/25-11:45:02,45) [oom_reaper] (root,0,0,00:00:00/25-11:45:02,46) [writeback] (root,0,0,00:01:21/25-11:45:02,47) [kcompactd0] (root,0,0,00:00:00/25-11:45:02,48) [ksmd] (root,0,0,00:01:23/25-11:45:02,49) [khugepaged] (root,0,0,00:00:00/25-11:45:02,75) [kintegrityd] (root,0,0,00:00:00/25-11:45:02,76) [kblockd] (root,0,0,00:00:00/25-11:45:02,77) [blkcg_punt_bio] (root,0,0,00:00:00/25-11:45:02,79) [tpm_dev_wq] (root,0,0,00:00:00/25-11:45:02,80) [edac-poller] (root,0,0,00:00:00/25-11:45:02,81) [devfreq_wq] (root,0,0,00:00:00/25-11:45:02,110) [watchdogd] (root,0,0,00:00:01/25-11:45:02,111) [kswapd0] (root,0,0,00:00:07/25-11:45:02,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/25-11:45:00,115) [kthrotld] (root,0,0,00:00:00/25-11:45:00,116) [mld] (root,0,0,00:00:00/25-11:45:00,117) [ipv6_addrconf] (root,0,0,00:00:07/25-11:45:00,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-11:45:00,123) [kstrp] (root,0,0,00:00:00/25-11:45:00,124) [zswap-shrink] (root,0,0,00:00:00/25-11:45:00,125) [kworker/u9:0] (root,0,0,00:00:00/25-11:45:00,130) [charger_manager] (root,0,0,00:00:07/25-11:45:00,172) [kworker/1:1H-kblockd] (root,0,0,00:00:11/25-11:45:00,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/25-11:44:59,239) [kaluad] (root,0,0,00:00:00/25-11:44:59,258) [kmpath_rdacd] (root,0,0,00:00:00/25-11:44:59,304) [kmpathd] (root,0,0,00:00:00/25-11:44:59,305) [kmpath_handlerd] (root,0,0,00:00:00/25-11:44:58,342) [ata_sff] (root,0,0,00:00:00/25-11:44:58,343) [scsi_eh_0] (root,0,0,00:00:00/25-11:44:58,344) [scsi_tmf_0] (root,0,0,00:00:00/25-11:44:58,345) [scsi_eh_1] (root,0,0,00:00:00/25-11:44:58,346) [scsi_tmf_1] (root,0,0,00:00:51/25-11:44:55,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-11:44:55,367) [ext4-rsv-conver] (root,38604,7992,00:00:39/25-11:44:43,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:03/25-11:44:42,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:40/25-11:44:40,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:14/25-11:44:09,511) /sbin/auditd (messagebus,22932,5912,00:01:17/25-11:44:08,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:44/25-11:44:08,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/25-11:44:08,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/25-11:44:06,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/25-11:44:06,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/00:08,1160) [kworker/3:0-ata_sff] (root,548104,29508,00:00:30/25-11:43:52,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/25-11:43:52,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:36/25-11:43:52,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/25-11:43:52,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/25-11:43:52,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/25-11:43:52,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/25-11:43:52,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:37/25-11:43:52,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:42/25-11:43:52,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/25-11:43:52,1352) bpfilter_umh (root,26204,8212,00:00:12/25-11:43:52,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/25-11:43:52,1359) ntpd: asynchronous dns resolver (spot,296304,191540,1-14:54:34/25-11:43:51,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/25-11:43:51,1371) (sd-pam) (checkmk,48528,3192,00:00:00/25-11:43:51,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/25-11:43:51,1373) (sd-pam) (root,24216,5268,00:00:09/25-11:43:49,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/25-11:43:49,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/25-11:43:49,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/25-11:43:46,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:34/25-11:43:45,1527) sshd: syslogtunnel (root,693268,73792,00:35:16/25-11:43:43,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,6656,3488,00:00:00/00:01,1574) /bin/bash /usr/bin/check_mk_agent (root,13744,3520,00:00:00/00:00,1592) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,1593) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (spot,218560,57868,00:14:34/25-11:43:31,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/19-17:19:06,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/25-11:43:06,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:25/25-11:43:06,3218) sshd: cm-ssh (root,0,0,00:00:00/16:05,8745) [kworker/0:0-events] (root,0,0,00:00:00/06:34,11861) [kworker/u8:0] (root,0,0,00:00:00/02:33:15,16766) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/05:19,17163) [kworker/3:1-ata_sff] (postfix,24244,8260,00:00:00/01:23:46,17284) pickup -l -t fifo -u (root,0,0,00:00:00/04:08,19952) [kworker/2:0-mm_percpu_wq] (root,0,0,00:00:00/28:08,20358) [kworker/2:1-events] (root,0,0,00:00:00/34:42,20406) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/43:42,21873) [kworker/1:0-events] (root,0,0,00:00:00/13:06,22480) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/26:05,27643) [kworker/3:2-events_freezable_power_] (root,0,0,00:00:00/40:43,31404) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-05 22:33 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ee79302cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12708,00:01:02/23-10:57:27,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-10:57:27,2) [kthreadd] (root,0,0,00:00:00/23-10:57:27,3) [rcu_gp] (root,0,0,00:00:00/23-10:57:27,4) [rcu_par_gp] (root,0,0,00:00:00/23-10:57:27,5) [slub_flushwq] (root,0,0,00:00:00/23-10:57:27,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-10:57:27,9) [mm_percpu_wq] (root,0,0,00:00:00/23-10:57:27,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-10:57:27,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-10:57:27,12) [rcu_tasks_trace] (root,0,0,00:00:45/23-10:57:27,13) [ksoftirqd/0] (root,0,0,01:08:51/23-10:57:27,14) [rcu_preempt] (root,0,0,00:00:09/23-10:57:27,15) [migration/0] (root,0,0,00:00:00/23-10:57:27,16) [idle_inject/0] (root,0,0,00:00:00/23-10:57:27,18) [cpuhp/0] (root,0,0,00:00:00/23-10:57:27,19) [cpuhp/1] (root,0,0,00:00:00/23-10:57:27,20) [idle_inject/1] (root,0,0,00:00:09/23-10:57:27,21) [migration/1] (root,0,0,00:00:36/23-10:57:27,22) [ksoftirqd/1] (root,0,0,00:00:00/23-10:57:27,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-10:57:27,25) [cpuhp/2] (root,0,0,00:00:00/23-10:57:27,26) [idle_inject/2] (root,0,0,00:00:07/23-10:57:27,27) [migration/2] (root,0,0,00:45:20/23-10:57:27,28) [ksoftirqd/2] (root,0,0,00:00:00/23-10:57:27,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-10:57:27,31) [cpuhp/3] (root,0,0,00:00:00/23-10:57:27,32) [idle_inject/3] (root,0,0,00:00:08/23-10:57:27,33) [migration/3] (root,0,0,00:02:20/23-10:57:27,34) [ksoftirqd/3] (root,0,0,00:00:00/23-10:57:27,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-10:57:27,40) [kdevtmpfs] (root,0,0,00:00:00/23-10:57:27,41) [netns] (root,0,0,00:00:00/23-10:57:27,42) [inet_frag_wq] (root,0,0,00:00:07/23-10:57:27,43) [kauditd] (root,0,0,00:00:00/23-10:57:27,44) [khungtaskd] (root,0,0,00:00:00/23-10:57:27,45) [oom_reaper] (root,0,0,00:00:00/23-10:57:27,46) [writeback] (root,0,0,00:01:15/23-10:57:27,47) [kcompactd0] (root,0,0,00:00:00/23-10:57:27,48) [ksmd] (root,0,0,00:01:16/23-10:57:27,49) [khugepaged] (root,0,0,00:00:00/23-10:57:27,75) [kintegrityd] (root,0,0,00:00:00/23-10:57:27,76) [kblockd] (root,0,0,00:00:00/23-10:57:27,77) [blkcg_punt_bio] (root,0,0,00:00:00/23-10:57:27,79) [tpm_dev_wq] (root,0,0,00:00:00/23-10:57:27,80) [edac-poller] (root,0,0,00:00:00/23-10:57:27,81) [devfreq_wq] (root,0,0,00:00:00/23-10:57:27,110) [watchdogd] (root,0,0,00:00:01/23-10:57:27,111) [kswapd0] (root,0,0,00:00:06/23-10:57:27,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/23-10:57:25,115) [kthrotld] (root,0,0,00:00:00/23-10:57:25,116) [mld] (root,0,0,00:00:00/23-10:57:25,117) [ipv6_addrconf] (root,0,0,00:00:06/23-10:57:25,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-10:57:25,123) [kstrp] (root,0,0,00:00:00/23-10:57:25,124) [zswap-shrink] (root,0,0,00:00:00/23-10:57:25,125) [kworker/u9:0] (root,0,0,00:00:00/23-10:57:25,130) [charger_manager] (root,0,0,00:00:07/23-10:57:25,172) [kworker/1:1H-kblockd] (root,0,0,00:00:10/23-10:57:25,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/23-10:57:24,239) [kaluad] (root,0,0,00:00:00/23-10:57:24,258) [kmpath_rdacd] (root,0,0,00:00:00/23-10:57:24,304) [kmpathd] (root,0,0,00:00:00/23-10:57:24,305) [kmpath_handlerd] (root,0,0,00:00:00/23-10:57:23,342) [ata_sff] (root,0,0,00:00:00/23-10:57:23,343) [scsi_eh_0] (root,0,0,00:00:00/23-10:57:23,344) [scsi_tmf_0] (root,0,0,00:00:00/23-10:57:23,345) [scsi_eh_1] (root,0,0,00:00:00/23-10:57:23,346) [scsi_tmf_1] (root,0,0,00:00:47/23-10:57:20,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-10:57:20,367) [ext4-rsv-conver] (root,38604,7992,00:00:35/23-10:57:08,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/23-10:57:07,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:37/23-10:57:05,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:12/23-10:56:34,511) /sbin/auditd (messagebus,22932,5912,00:01:07/23-10:56:33,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:38/23-10:56:33,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/23-10:56:33,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/23-10:56:31,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/23-10:56:31,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28468,00:00:27/23-10:56:17,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/23-10:56:17,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:25/23-10:56:17,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/23-10:56:17,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/23-10:56:17,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/23-10:56:17,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/23-10:56:17,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:33/23-10:56:17,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:24/23-10:56:17,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/23-10:56:17,1352) bpfilter_umh (root,26204,8212,00:00:10/23-10:56:17,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/23-10:56:17,1359) ntpd: asynchronous dns resolver (spot,291744,178048,1-12:25:35/23-10:56:16,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/23-10:56:16,1371) (sd-pam) (checkmk,48528,3192,00:00:00/23-10:56:16,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/23-10:56:16,1373) (sd-pam) (root,24216,5268,00:00:08/23-10:56:14,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/23-10:56:14,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/23-10:56:14,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/23-10:56:11,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:26/23-10:56:10,1527) sshd: syslogtunnel (root,692644,73224,00:32:27/23-10:56:08,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,56544,00:13:33/23-10:55:56,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/17-16:31:31,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/23-10:55:31,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:18/23-10:55:31,3218) sshd: cm-ssh (root,0,0,00:00:00/01:01:50,3775) [kworker/1:2-events] (root,0,0,00:00:00/03:39:02,4562) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/29:52,11873) [kworker/1:0] (root,0,0,00:00:00/01:44,12151) [kworker/0:1-events] (postfix,24244,8228,00:00:00/58:01,13008) pickup -l -t fifo -u (root,0,0,00:00:00/10:18,14928) [kworker/2:2] (root,0,0,00:00:00/19:43,15401) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/00:39,15898) [kworker/3:1-ata_sff] (root,0,0,00:00:00/00:36,15899) [kworker/u8:2] (root,6656,3488,00:00:00/00:00,18151) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,18169) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,18170) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:27:33,18956) [kworker/0:2-events] (root,0,0,00:00:00/26:36,20415) [kworker/3:0-events] (root,0,0,00:00:00/01:24:39,26013) [kworker/2:1-events_power_efficient] (root,0,0,00:00:00/05:50,30451) [kworker/3:2-ata_sff] (root,0,0,00:00:00/33:35,31973) [kworker/u8:1-writeback] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-03 21:46 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a613567fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:54/21-12:09:51,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-12:09:51,2) [kthreadd] (root,0,0,00:00:00/21-12:09:51,3) [rcu_gp] (root,0,0,00:00:00/21-12:09:51,4) [rcu_par_gp] (root,0,0,00:00:00/21-12:09:51,5) [slub_flushwq] (root,0,0,00:00:00/21-12:09:51,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-12:09:51,9) [mm_percpu_wq] (root,0,0,00:00:00/21-12:09:51,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-12:09:51,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-12:09:51,12) [rcu_tasks_trace] (root,0,0,00:00:41/21-12:09:51,13) [ksoftirqd/0] (root,0,0,01:03:21/21-12:09:51,14) [rcu_preempt] (root,0,0,00:00:08/21-12:09:51,15) [migration/0] (root,0,0,00:00:00/21-12:09:51,16) [idle_inject/0] (root,0,0,00:00:00/21-12:09:51,18) [cpuhp/0] (root,0,0,00:00:00/21-12:09:51,19) [cpuhp/1] (root,0,0,00:00:00/21-12:09:51,20) [idle_inject/1] (root,0,0,00:00:08/21-12:09:51,21) [migration/1] (root,0,0,00:00:34/21-12:09:51,22) [ksoftirqd/1] (root,0,0,00:00:00/21-12:09:51,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-12:09:51,25) [cpuhp/2] (root,0,0,00:00:00/21-12:09:51,26) [idle_inject/2] (root,0,0,00:00:06/21-12:09:51,27) [migration/2] (root,0,0,00:42:40/21-12:09:51,28) [ksoftirqd/2] (root,0,0,00:00:00/21-12:09:51,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-12:09:51,31) [cpuhp/3] (root,0,0,00:00:00/21-12:09:51,32) [idle_inject/3] (root,0,0,00:00:08/21-12:09:51,33) [migration/3] (root,0,0,00:02:11/21-12:09:51,34) [ksoftirqd/3] (root,0,0,00:00:00/21-12:09:51,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-12:09:51,40) [kdevtmpfs] (root,0,0,00:00:00/21-12:09:51,41) [netns] (root,0,0,00:00:00/21-12:09:51,42) [inet_frag_wq] (root,0,0,00:00:06/21-12:09:51,43) [kauditd] (root,0,0,00:00:00/21-12:09:51,44) [khungtaskd] (root,0,0,00:00:00/21-12:09:51,45) [oom_reaper] (root,0,0,00:00:00/21-12:09:51,46) [writeback] (root,0,0,00:01:09/21-12:09:51,47) [kcompactd0] (root,0,0,00:00:00/21-12:09:51,48) [ksmd] (root,0,0,00:01:10/21-12:09:51,49) [khugepaged] (root,0,0,00:00:00/21-12:09:51,75) [kintegrityd] (root,0,0,00:00:00/21-12:09:51,76) [kblockd] (root,0,0,00:00:00/21-12:09:51,77) [blkcg_punt_bio] (root,0,0,00:00:00/21-12:09:51,79) [tpm_dev_wq] (root,0,0,00:00:00/21-12:09:51,80) [edac-poller] (root,0,0,00:00:00/21-12:09:51,81) [devfreq_wq] (root,0,0,00:00:00/21-12:09:51,110) [watchdogd] (root,0,0,00:00:01/21-12:09:51,111) [kswapd0] (root,0,0,00:00:05/21-12:09:51,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/21-12:09:49,115) [kthrotld] (root,0,0,00:00:00/21-12:09:49,116) [mld] (root,0,0,00:00:00/21-12:09:49,117) [ipv6_addrconf] (root,0,0,00:00:06/21-12:09:49,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-12:09:49,123) [kstrp] (root,0,0,00:00:00/21-12:09:49,124) [zswap-shrink] (root,0,0,00:00:00/21-12:09:49,125) [kworker/u9:0] (root,0,0,00:00:00/21-12:09:49,130) [charger_manager] (root,0,0,00:00:06/21-12:09:49,172) [kworker/1:1H-kblockd] (root,0,0,00:00:09/21-12:09:49,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/21-12:09:48,239) [kaluad] (root,0,0,00:00:00/21-12:09:48,258) [kmpath_rdacd] (root,0,0,00:00:00/21-12:09:48,304) [kmpathd] (root,0,0,00:00:00/21-12:09:48,305) [kmpath_handlerd] (root,0,0,00:00:00/21-12:09:47,342) [ata_sff] (root,0,0,00:00:00/21-12:09:47,343) [scsi_eh_0] (root,0,0,00:00:00/21-12:09:47,344) [scsi_tmf_0] (root,0,0,00:00:00/21-12:09:47,345) [scsi_eh_1] (root,0,0,00:00:00/21-12:09:47,346) [scsi_tmf_1] (root,0,0,00:00:43/21-12:09:44,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-12:09:44,367) [ext4-rsv-conver] (root,38604,7992,00:00:30/21-12:09:32,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/21-12:09:31,454) /usr/lib/systemd/systemd-udevd (root,0,0,00:00:01/01:12:32,461) [kworker/3:0-events] (root,8624,6244,00:00:34/21-12:09:29,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:10/21-12:08:58,511) /sbin/auditd (messagebus,22932,5912,00:00:57/21-12:08:57,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:33/21-12:08:57,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/21-12:08:57,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/21-12:08:55,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/21-12:08:55,616) /usr/sbin/wickedd-nanny --systemd --foreground (postfix,24244,8220,00:00:00/52:12,1289) pickup -l -t fifo -u (root,548104,28468,00:00:25/21-12:08:41,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/21-12:08:41,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:15/21-12:08:41,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/21-12:08:41,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/21-12:08:41,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/21-12:08:41,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/21-12:08:41,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:29/21-12:08:41,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:07/21-12:08:41,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/21-12:08:41,1352) bpfilter_umh (root,26204,8212,00:00:09/21-12:08:41,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/21-12:08:41,1359) ntpd: asynchronous dns resolver (spot,313180,199344,1-09:52:38/21-12:08:40,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/21-12:08:40,1371) (sd-pam) (checkmk,48528,3192,00:00:00/21-12:08:40,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/21-12:08:40,1373) (sd-pam) (root,24216,5268,00:00:07/21-12:08:38,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/21-12:08:38,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/21-12:08:38,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/21-12:08:35,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:19/21-12:08:34,1527) sshd: syslogtunnel (root,692388,74908,00:29:45/21-12:08:32,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,216512,55044,00:12:31/21-12:08:20,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/15-17:43:55,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/21-12:07:55,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:11/21-12:07:55,3218) sshd: cm-ssh (root,0,0,00:00:00/10:17,3921) [kworker/3:2-ata_sff] (root,0,0,00:00:00/51:40,5347) [kworker/1:2-events] (root,0,0,00:00:00/08:53,6922) [kworker/0:2-events] (root,6656,3480,00:00:00/00:00,8606) /bin/bash /usr/bin/check_mk_agent (root,13744,3372,00:00:00/00:00,8624) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,8625) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:28:28,9313) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/31:41,14476) [kworker/u8:1-flush-253:0] (root,0,0,00:00:01/02:40:21,17228) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/40:17,17661) [kworker/1:1-events] (root,0,0,00:00:00/01:23:32,22368) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/05:04,24647) [kworker/3:1-ata_sff] (root,0,0,00:00:01/03:48:26,29790) [kworker/2:2-events] (root,0,0,00:00:00/02:57,30992) [kworker/0:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-01 22:58 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639908ae22Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12684,00:00:44/19-10:53:56,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-10:53:56,2) [kthreadd] (root,0,0,00:00:00/19-10:53:56,3) [rcu_gp] (root,0,0,00:00:00/19-10:53:56,4) [rcu_par_gp] (root,0,0,00:00:00/19-10:53:56,5) [slub_flushwq] (root,0,0,00:00:00/19-10:53:56,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-10:53:56,9) [mm_percpu_wq] (root,0,0,00:00:00/19-10:53:56,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-10:53:56,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-10:53:56,12) [rcu_tasks_trace] (root,0,0,00:00:37/19-10:53:56,13) [ksoftirqd/0] (root,0,0,00:56:59/19-10:53:56,14) [rcu_preempt] (root,0,0,00:00:07/19-10:53:56,15) [migration/0] (root,0,0,00:00:00/19-10:53:56,16) [idle_inject/0] (root,0,0,00:00:00/19-10:53:56,18) [cpuhp/0] (root,0,0,00:00:00/19-10:53:56,19) [cpuhp/1] (root,0,0,00:00:00/19-10:53:56,20) [idle_inject/1] (root,0,0,00:00:07/19-10:53:56,21) [migration/1] (root,0,0,00:00:31/19-10:53:56,22) [ksoftirqd/1] (root,0,0,00:00:00/19-10:53:56,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-10:53:56,25) [cpuhp/2] (root,0,0,00:00:00/19-10:53:56,26) [idle_inject/2] (root,0,0,00:00:05/19-10:53:56,27) [migration/2] (root,0,0,00:38:51/19-10:53:56,28) [ksoftirqd/2] (root,0,0,00:00:00/19-10:53:56,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-10:53:56,31) [cpuhp/3] (root,0,0,00:00:00/19-10:53:56,32) [idle_inject/3] (root,0,0,00:00:07/19-10:53:56,33) [migration/3] (root,0,0,00:01:57/19-10:53:56,34) [ksoftirqd/3] (root,0,0,00:00:00/19-10:53:56,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-10:53:56,40) [kdevtmpfs] (root,0,0,00:00:00/19-10:53:56,41) [netns] (root,0,0,00:00:00/19-10:53:56,42) [inet_frag_wq] (root,0,0,00:00:05/19-10:53:56,43) [kauditd] (root,0,0,00:00:00/19-10:53:56,44) [khungtaskd] (root,0,0,00:00:00/19-10:53:56,45) [oom_reaper] (root,0,0,00:00:00/19-10:53:56,46) [writeback] (root,0,0,00:01:02/19-10:53:56,47) [kcompactd0] (root,0,0,00:00:00/19-10:53:56,48) [ksmd] (root,0,0,00:01:03/19-10:53:56,49) [khugepaged] (root,0,0,00:00:00/19-10:53:56,75) [kintegrityd] (root,0,0,00:00:00/19-10:53:56,76) [kblockd] (root,0,0,00:00:00/19-10:53:56,77) [blkcg_punt_bio] (root,0,0,00:00:00/19-10:53:56,79) [tpm_dev_wq] (root,0,0,00:00:00/19-10:53:56,80) [edac-poller] (root,0,0,00:00:00/19-10:53:56,81) [devfreq_wq] (root,0,0,00:00:00/19-10:53:56,110) [watchdogd] (root,0,0,00:00:01/19-10:53:56,111) [kswapd0] (root,0,0,00:00:05/19-10:53:56,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/19-10:53:54,115) [kthrotld] (root,0,0,00:00:00/19-10:53:54,116) [mld] (root,0,0,00:00:00/19-10:53:54,117) [ipv6_addrconf] (root,0,0,00:00:05/19-10:53:54,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-10:53:54,123) [kstrp] (root,0,0,00:00:00/19-10:53:54,124) [zswap-shrink] (root,0,0,00:00:00/19-10:53:54,125) [kworker/u9:0] (root,0,0,00:00:00/19-10:53:54,130) [charger_manager] (root,0,0,00:00:05/19-10:53:54,172) [kworker/1:1H-kblockd] (root,0,0,00:00:08/19-10:53:54,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/19-10:53:53,239) [kaluad] (root,0,0,00:00:00/19-10:53:53,258) [kmpath_rdacd] (root,0,0,00:00:00/19-10:53:53,304) [kmpathd] (root,0,0,00:00:00/19-10:53:53,305) [kmpath_handlerd] (root,0,0,00:00:00/19-10:53:52,342) [ata_sff] (root,0,0,00:00:00/19-10:53:52,343) [scsi_eh_0] (root,0,0,00:00:00/19-10:53:52,344) [scsi_tmf_0] (root,0,0,00:00:00/19-10:53:52,345) [scsi_eh_1] (root,0,0,00:00:00/19-10:53:52,346) [scsi_tmf_1] (root,0,0,00:00:38/19-10:53:49,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-10:53:49,367) [ext4-rsv-conver] (root,0,0,00:00:00/06:30,432) [kworker/3:1-ata_sff] (root,38604,7616,00:00:24/19-10:53:37,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/19-10:53:36,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:31/19-10:53:34,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:08/19-10:53:03,511) /sbin/auditd (messagebus,22932,5912,00:00:45/19-10:53:02,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:26/19-10:53:02,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/19-10:53:02,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/19-10:53:00,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/19-10:53:00,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:23/19-10:52:46,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/19-10:52:46,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:02/19-10:52:46,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/19-10:52:46,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/19-10:52:46,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/19-10:52:46,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/19-10:52:46,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:24/19-10:52:46,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:48/19-10:52:46,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/19-10:52:46,1352) bpfilter_umh (root,26204,8212,00:00:06/19-10:52:46,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/19-10:52:46,1359) ntpd: asynchronous dns resolver (spot,314044,199560,1-06:54:39/19-10:52:45,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/19-10:52:45,1371) (sd-pam) (checkmk,48528,3192,00:00:00/19-10:52:45,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/19-10:52:45,1373) (sd-pam) (root,24216,5268,00:00:06/19-10:52:43,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/19-10:52:43,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/19-10:52:43,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/19-10:52:40,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:10/19-10:52:39,1527) sshd: syslogtunnel (root,618656,71492,00:26:47/19-10:52:37,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,214464,53704,00:11:16/19-10:52:25,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/13-16:28:00,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/19-10:52:00,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:04/19-10:52:00,3218) sshd: cm-ssh (postfix,24244,8184,00:00:00/01:37:17,3315) pickup -l -t fifo -u (root,0,0,00:00:00/01:08:44,3324) [kworker/3:0-events] (root,0,0,00:00:00/05:42:35,5852) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/52:05,8409) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/01:04:40,12961) [kworker/2:0-events] (root,0,0,00:00:00/01:17,19215) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:14,19386) [kworker/1:1] (root,0,0,00:00:00/09:52,21054) [kworker/2:2] (root,6656,3488,00:00:00/00:00,21911) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,21952) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,21953) /bin/bash /usr/bin/check_mk_agent (root,4480,1044,00:00:00/00:00,21954) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,828,00:00:00/00:00,21955) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,752,00:00:00/00:00,21956) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3484,00:00:00/00:00,21957) /bin/bash /usr/bin/check_mk_agent (root,13744,3504,00:00:00/00:00,21975) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,21976) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:00:24,23780) [kworker/0:1-events] (root,0,0,00:00:00/07:44,29227) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/28:31,29630) [kworker/1:2-events] (root,0,0,00:00:00/18:11,29670) [kworker/0:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-29 21:42 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363220b84d2Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:33/17-12:53:28,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-12:53:28,2) [kthreadd] (root,0,0,00:00:00/17-12:53:28,3) [rcu_gp] (root,0,0,00:00:00/17-12:53:28,4) [rcu_par_gp] (root,0,0,00:00:00/17-12:53:28,5) [slub_flushwq] (root,0,0,00:00:00/17-12:53:28,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-12:53:28,9) [mm_percpu_wq] (root,0,0,00:00:00/17-12:53:28,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-12:53:28,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-12:53:28,12) [rcu_tasks_trace] (root,0,0,00:00:33/17-12:53:28,13) [ksoftirqd/0] (root,0,0,00:50:23/17-12:53:28,14) [rcu_preempt] (root,0,0,00:00:06/17-12:53:28,15) [migration/0] (root,0,0,00:00:00/17-12:53:28,16) [idle_inject/0] (root,0,0,00:00:00/17-12:53:28,18) [cpuhp/0] (root,0,0,00:00:00/17-12:53:28,19) [cpuhp/1] (root,0,0,00:00:00/17-12:53:28,20) [idle_inject/1] (root,0,0,00:00:06/17-12:53:28,21) [migration/1] (root,0,0,00:00:27/17-12:53:28,22) [ksoftirqd/1] (root,0,0,00:00:00/17-12:53:28,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-12:53:28,25) [cpuhp/2] (root,0,0,00:00:00/17-12:53:28,26) [idle_inject/2] (root,0,0,00:00:05/17-12:53:28,27) [migration/2] (root,0,0,00:33:47/17-12:53:28,28) [ksoftirqd/2] (root,0,0,00:00:00/17-12:53:28,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-12:53:28,31) [cpuhp/3] (root,0,0,00:00:00/17-12:53:28,32) [idle_inject/3] (root,0,0,00:00:06/17-12:53:28,33) [migration/3] (root,0,0,00:01:41/17-12:53:28,34) [ksoftirqd/3] (root,0,0,00:00:00/17-12:53:28,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-12:53:28,40) [kdevtmpfs] (root,0,0,00:00:00/17-12:53:28,41) [netns] (root,0,0,00:00:00/17-12:53:28,42) [inet_frag_wq] (root,0,0,00:00:03/17-12:53:28,43) [kauditd] (root,0,0,00:00:00/17-12:53:28,44) [khungtaskd] (root,0,0,00:00:00/17-12:53:28,45) [oom_reaper] (root,0,0,00:00:00/17-12:53:28,46) [writeback] (root,0,0,00:00:55/17-12:53:28,47) [kcompactd0] (root,0,0,00:00:00/17-12:53:28,48) [ksmd] (root,0,0,00:00:56/17-12:53:28,49) [khugepaged] (root,0,0,00:00:00/17-12:53:28,75) [kintegrityd] (root,0,0,00:00:00/17-12:53:28,76) [kblockd] (root,0,0,00:00:00/17-12:53:28,77) [blkcg_punt_bio] (root,0,0,00:00:00/17-12:53:28,79) [tpm_dev_wq] (root,0,0,00:00:00/17-12:53:28,80) [edac-poller] (root,0,0,00:00:00/17-12:53:28,81) [devfreq_wq] (root,0,0,00:00:00/17-12:53:28,110) [watchdogd] (root,0,0,00:00:01/17-12:53:28,111) [kswapd0] (root,0,0,00:00:04/17-12:53:28,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/17-12:53:26,115) [kthrotld] (root,0,0,00:00:00/17-12:53:26,116) [mld] (root,0,0,00:00:00/17-12:53:26,117) [ipv6_addrconf] (root,0,0,00:00:04/17-12:53:26,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-12:53:26,123) [kstrp] (root,0,0,00:00:00/17-12:53:26,124) [zswap-shrink] (root,0,0,00:00:00/17-12:53:26,125) [kworker/u9:0] (root,0,0,00:00:00/17-12:53:26,130) [charger_manager] (root,0,0,00:00:05/17-12:53:26,172) [kworker/1:1H-kblockd] (root,0,0,00:00:08/17-12:53:26,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/17-12:53:25,239) [kaluad] (root,0,0,00:00:00/17-12:53:25,258) [kmpath_rdacd] (root,0,0,00:00:00/17-12:53:25,304) [kmpathd] (root,0,0,00:00:00/17-12:53:25,305) [kmpath_handlerd] (root,0,0,00:00:00/17-12:53:24,342) [ata_sff] (root,0,0,00:00:00/17-12:53:24,343) [scsi_eh_0] (root,0,0,00:00:00/17-12:53:24,344) [scsi_tmf_0] (root,0,0,00:00:00/17-12:53:24,345) [scsi_eh_1] (root,0,0,00:00:00/17-12:53:24,346) [scsi_tmf_1] (root,0,0,00:00:34/17-12:53:21,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-12:53:21,367) [ext4-rsv-conver] (root,38604,7616,00:00:19/17-12:53:09,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/17-12:53:08,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:27/17-12:53:06,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:06/17-12:52:35,511) /sbin/auditd (messagebus,22932,5912,00:00:31/17-12:52:34,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:18/17-12:52:34,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/17-12:52:34,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/17-12:52:32,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/17-12:52:32,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:20/17-12:52:18,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/17-12:52:18,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:51/17-12:52:18,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/17-12:52:18,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/17-12:52:18,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/17-12:52:18,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/17-12:52:18,1343) /usr/lib/systemd/systemd --user (root,448964,9120,00:00:19/17-12:52:18,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:30/17-12:52:18,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/17-12:52:18,1352) bpfilter_umh (root,26204,8212,00:00:04/17-12:52:18,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/17-12:52:18,1359) ntpd: asynchronous dns resolver (spot,315356,199888,1-03:04:48/17-12:52:17,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/17-12:52:17,1371) (sd-pam) (checkmk,48528,3192,00:00:00/17-12:52:17,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/17-12:52:17,1373) (sd-pam) (root,24216,5268,00:00:06/17-12:52:15,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/17-12:52:15,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/17-12:52:15,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/17-12:52:12,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:01/17-12:52:11,1527) sshd: syslogtunnel (root,618256,71120,00:23:58/17-12:52:09,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/12:44,1721) [kworker/3:1-events] (spot,214464,51672,00:10:02/17-12:51:57,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/11-18:27:32,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/04:34,2711) [kworker/2:1] (root,35308,10108,00:00:00/17-12:51:32,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:57/17-12:51:32,3218) sshd: cm-ssh (root,0,0,00:00:00/12:07,3936) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/21:28,6092) [kworker/0:2-events] (root,0,0,00:00:00/10:54,9322) [kworker/0:1] (root,0,0,00:00:00/02:21,13680) [kworker/3:0-ata_sff] (root,0,0,00:00:00/29:57,15869) [kworker/1:1] (root,0,0,00:00:00/51:50,17782) [kworker/1:2-events] (root,6656,3476,00:00:00/00:00,19177) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,19195) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,19196) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/03:14:02,19474) [kworker/2:0-events] (root,0,0,00:00:00/01:00:12,21562) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/07:31,25468) [kworker/3:2-ata_sff] (postfix,24244,8224,00:00:00/38:37,29850) pickup -l -t fifo -u (root,0,0,00:00:00/23:34,31974) [kworker/2:2-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-27 23:42 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836338beead8Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:23/15-12:54:04,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-12:54:04,2) [kthreadd] (root,0,0,00:00:00/15-12:54:04,3) [rcu_gp] (root,0,0,00:00:00/15-12:54:04,4) [rcu_par_gp] (root,0,0,00:00:00/15-12:54:04,5) [slub_flushwq] (root,0,0,00:00:00/15-12:54:04,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-12:54:04,9) [mm_percpu_wq] (root,0,0,00:00:00/15-12:54:04,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-12:54:04,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-12:54:04,12) [rcu_tasks_trace] (root,0,0,00:00:28/15-12:54:04,13) [ksoftirqd/0] (root,0,0,00:43:34/15-12:54:04,14) [rcu_preempt] (root,0,0,00:00:05/15-12:54:04,15) [migration/0] (root,0,0,00:00:00/15-12:54:04,16) [idle_inject/0] (root,0,0,00:00:00/15-12:54:04,18) [cpuhp/0] (root,0,0,00:00:00/15-12:54:04,19) [cpuhp/1] (root,0,0,00:00:00/15-12:54:04,20) [idle_inject/1] (root,0,0,00:00:06/15-12:54:04,21) [migration/1] (root,0,0,00:00:23/15-12:54:04,22) [ksoftirqd/1] (root,0,0,00:00:00/15-12:54:04,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-12:54:04,25) [cpuhp/2] (root,0,0,00:00:00/15-12:54:04,26) [idle_inject/2] (root,0,0,00:00:04/15-12:54:04,27) [migration/2] (root,0,0,00:28:29/15-12:54:04,28) [ksoftirqd/2] (root,0,0,00:00:00/15-12:54:04,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-12:54:04,31) [cpuhp/3] (root,0,0,00:00:00/15-12:54:04,32) [idle_inject/3] (root,0,0,00:00:05/15-12:54:04,33) [migration/3] (root,0,0,00:01:24/15-12:54:04,34) [ksoftirqd/3] (root,0,0,00:00:00/15-12:54:04,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-12:54:04,40) [kdevtmpfs] (root,0,0,00:00:00/15-12:54:04,41) [netns] (root,0,0,00:00:00/15-12:54:04,42) [inet_frag_wq] (root,0,0,00:00:01/15-12:54:04,43) [kauditd] (root,0,0,00:00:00/15-12:54:04,44) [khungtaskd] (root,0,0,00:00:00/15-12:54:04,45) [oom_reaper] (root,0,0,00:00:00/15-12:54:04,46) [writeback] (root,0,0,00:00:48/15-12:54:04,47) [kcompactd0] (root,0,0,00:00:00/15-12:54:04,48) [ksmd] (root,0,0,00:00:50/15-12:54:04,49) [khugepaged] (root,0,0,00:00:00/15-12:54:04,75) [kintegrityd] (root,0,0,00:00:00/15-12:54:04,76) [kblockd] (root,0,0,00:00:00/15-12:54:04,77) [blkcg_punt_bio] (root,0,0,00:00:00/15-12:54:04,79) [tpm_dev_wq] (root,0,0,00:00:00/15-12:54:04,80) [edac-poller] (root,0,0,00:00:00/15-12:54:04,81) [devfreq_wq] (root,0,0,00:00:00/15-12:54:04,110) [watchdogd] (root,0,0,00:00:01/15-12:54:04,111) [kswapd0] (root,0,0,00:00:04/15-12:54:04,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/15-12:54:02,115) [kthrotld] (root,0,0,00:00:00/15-12:54:02,116) [mld] (root,0,0,00:00:00/15-12:54:02,117) [ipv6_addrconf] (root,0,0,00:00:04/15-12:54:02,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-12:54:02,123) [kstrp] (root,0,0,00:00:00/15-12:54:02,124) [zswap-shrink] (root,0,0,00:00:00/15-12:54:02,125) [kworker/u9:0] (root,0,0,00:00:00/15-12:54:02,130) [charger_manager] (root,0,0,00:00:04/15-12:54:02,172) [kworker/1:1H-kblockd] (root,0,0,00:00:06/15-12:54:02,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/15-12:54:01,239) [kaluad] (root,0,0,00:00:00/15-12:54:01,258) [kmpath_rdacd] (root,0,0,00:00:00/15-12:54:01,304) [kmpathd] (root,0,0,00:00:00/15-12:54:01,305) [kmpath_handlerd] (root,0,0,00:00:00/15-12:54:00,342) [ata_sff] (root,0,0,00:00:00/15-12:54:00,343) [scsi_eh_0] (root,0,0,00:00:00/15-12:54:00,344) [scsi_tmf_0] (root,0,0,00:00:00/15-12:54:00,345) [scsi_eh_1] (root,0,0,00:00:00/15-12:54:00,346) [scsi_tmf_1] (root,0,0,00:00:29/15-12:53:57,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-12:53:57,367) [ext4-rsv-conver] (root,38604,7616,00:00:14/15-12:53:45,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/15-12:53:44,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:24/15-12:53:42,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:04/15-12:53:11,511) /sbin/auditd (messagebus,22932,5912,00:00:19/15-12:53:10,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:12/15-12:53:10,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/15-12:53:10,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/15-12:53:08,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/15-12:53:08,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26432,00:00:18/15-12:52:54,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/15-12:52:54,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:38/15-12:52:54,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/15-12:52:54,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/15-12:52:54,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/15-12:52:54,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/15-12:52:54,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:14/15-12:52:54,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:12/15-12:52:54,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/15-12:52:54,1352) bpfilter_umh (root,26204,8212,00:00:03/15-12:52:54,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/15-12:52:54,1359) ntpd: asynchronous dns resolver (spot,314060,199564,22:23:05/15-12:52:53,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/15-12:52:53,1371) (sd-pam) (checkmk,48528,3192,00:00:00/15-12:52:53,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/15-12:52:53,1373) (sd-pam) (root,24216,5268,00:00:05/15-12:52:51,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/15-12:52:51,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/15-12:52:51,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/15-12:52:48,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:53/15-12:52:47,1527) sshd: syslogtunnel (root,617868,70916,00:21:04/15-12:52:45,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,213440,49868,00:08:45/15-12:52:33,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/02:10:49,2076) [kworker/2:0-events] (postfix,44628,9336,00:00:00/9-18:28:08,2557) tlsmgr -l -t unix -u (root,0,0,00:00:02/05:17:41,2845) [kworker/0:2-events] (root,35308,10108,00:00:00/15-12:52:08,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:50/15-12:52:08,3218) sshd: cm-ssh (root,0,0,00:00:00/22:08,3630) [kworker/2:1-events] (root,0,0,00:00:00/03:31,5722) [kworker/3:0-events] (root,0,0,00:00:00/39:51,8954) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:57:18,9961) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:41:40,11304) [kworker/1:1-events] (root,0,0,00:00:00/44:55,15580) [kworker/1:0] (root,6656,3488,00:00:00/00:00,17860) /bin/bash /usr/bin/check_mk_agent (root,13744,3512,00:00:00/00:00,17878) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,17879) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/08:43,18877) [kworker/3:1-ata_sff] (root,0,0,00:00:00/09:01:11,21313) [kworker/0:0-events] (root,0,0,00:00:00/01:11:40,26431) [kworker/u8:1-writeback] (postfix,24244,8212,00:00:00/01:01:03,28252) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-25 23:42 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f79cd902Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:20/13-13:06:05,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-13:06:05,2) [kthreadd] (root,0,0,00:00:00/13-13:06:05,3) [rcu_gp] (root,0,0,00:00:00/13-13:06:05,4) [rcu_par_gp] (root,0,0,00:00:00/13-13:06:05,5) [slub_flushwq] (root,0,0,00:00:00/13-13:06:05,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-13:06:05,9) [mm_percpu_wq] (root,0,0,00:00:00/13-13:06:05,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-13:06:05,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-13:06:05,12) [rcu_tasks_trace] (root,0,0,00:00:24/13-13:06:05,13) [ksoftirqd/0] (root,0,0,00:37:19/13-13:06:05,14) [rcu_preempt] (root,0,0,00:00:05/13-13:06:05,15) [migration/0] (root,0,0,00:00:00/13-13:06:05,16) [idle_inject/0] (root,0,0,00:00:00/13-13:06:05,18) [cpuhp/0] (root,0,0,00:00:00/13-13:06:05,19) [cpuhp/1] (root,0,0,00:00:00/13-13:06:05,20) [idle_inject/1] (root,0,0,00:00:05/13-13:06:05,21) [migration/1] (root,0,0,00:00:20/13-13:06:05,22) [ksoftirqd/1] (root,0,0,00:00:00/13-13:06:05,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-13:06:05,25) [cpuhp/2] (root,0,0,00:00:00/13-13:06:05,26) [idle_inject/2] (root,0,0,00:00:03/13-13:06:05,27) [migration/2] (root,0,0,00:24:39/13-13:06:05,28) [ksoftirqd/2] (root,0,0,00:00:00/13-13:06:05,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-13:06:05,31) [cpuhp/3] (root,0,0,00:00:00/13-13:06:05,32) [idle_inject/3] (root,0,0,00:00:05/13-13:06:05,33) [migration/3] (root,0,0,00:01:11/13-13:06:05,34) [ksoftirqd/3] (root,0,0,00:00:00/13-13:06:05,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-13:06:05,40) [kdevtmpfs] (root,0,0,00:00:00/13-13:06:05,41) [netns] (root,0,0,00:00:00/13-13:06:05,42) [inet_frag_wq] (root,0,0,00:00:01/13-13:06:05,43) [kauditd] (root,0,0,00:00:00/13-13:06:05,44) [khungtaskd] (root,0,0,00:00:00/13-13:06:05,45) [oom_reaper] (root,0,0,00:00:00/13-13:06:05,46) [writeback] (root,0,0,00:00:41/13-13:06:05,47) [kcompactd0] (root,0,0,00:00:00/13-13:06:05,48) [ksmd] (root,0,0,00:00:44/13-13:06:05,49) [khugepaged] (root,0,0,00:00:00/13-13:06:05,75) [kintegrityd] (root,0,0,00:00:00/13-13:06:05,76) [kblockd] (root,0,0,00:00:00/13-13:06:05,77) [blkcg_punt_bio] (root,0,0,00:00:00/13-13:06:05,79) [tpm_dev_wq] (root,0,0,00:00:00/13-13:06:05,80) [edac-poller] (root,0,0,00:00:00/13-13:06:05,81) [devfreq_wq] (root,0,0,00:00:00/13-13:06:05,110) [watchdogd] (root,0,0,00:00:01/13-13:06:05,111) [kswapd0] (root,0,0,00:00:03/13-13:06:05,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/13-13:06:03,115) [kthrotld] (root,0,0,00:00:00/13-13:06:03,116) [mld] (root,0,0,00:00:00/13-13:06:03,117) [ipv6_addrconf] (root,0,0,00:00:03/13-13:06:03,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-13:06:03,123) [kstrp] (root,0,0,00:00:00/13-13:06:03,124) [zswap-shrink] (root,0,0,00:00:00/13-13:06:03,125) [kworker/u9:0] (root,0,0,00:00:00/13-13:06:03,130) [charger_manager] (root,0,0,00:00:04/13-13:06:03,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/13-13:06:03,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/13-13:06:02,239) [kaluad] (root,0,0,00:00:00/13-13:06:02,258) [kmpath_rdacd] (root,0,0,00:00:00/13-13:06:02,304) [kmpathd] (root,0,0,00:00:00/13-13:06:02,305) [kmpath_handlerd] (root,0,0,00:00:00/13-13:06:01,342) [ata_sff] (root,0,0,00:00:00/13-13:06:01,343) [scsi_eh_0] (root,0,0,00:00:00/13-13:06:01,344) [scsi_tmf_0] (root,0,0,00:00:00/13-13:06:01,345) [scsi_eh_1] (root,0,0,00:00:00/13-13:06:01,346) [scsi_tmf_1] (root,0,0,00:00:25/13-13:05:58,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-13:05:58,367) [ext4-rsv-conver] (root,38604,7616,00:00:12/13-13:05:46,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/13-13:05:45,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:21/13-13:05:43,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/13-13:05:12,511) /sbin/auditd (messagebus,22932,5912,00:00:16/13-13:05:11,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:10/13-13:05:11,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/13-13:05:11,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/13-13:05:09,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/13-13:05:09,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26172,00:00:15/13-13:04:55,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/13-13:04:55,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:25/13-13:04:55,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/13-13:04:55,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/13-13:04:55,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/13-13:04:55,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/13-13:04:55,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:13/13-13:04:55,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:54/13-13:04:55,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/13-13:04:55,1352) bpfilter_umh (root,26204,8212,00:00:02/13-13:04:55,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/13-13:04:55,1359) ntpd: asynchronous dns resolver (spot,305068,189636,18:43:57/13-13:04:54,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/13-13:04:54,1371) (sd-pam) (checkmk,48528,3192,00:00:00/13-13:04:54,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/13-13:04:54,1373) (sd-pam) (root,24216,5268,00:00:04/13-13:04:52,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/13-13:04:52,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/13-13:04:52,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/13-13:04:49,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:46/13-13:04:48,1527) sshd: syslogtunnel (root,617868,72668,00:18:15/13-13:04:46,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,48320,00:07:30/13-13:04:34,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/7-18:40:09,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/09:50,2894) [kworker/3:1-ata_sff] (root,35308,10108,00:00:00/13-13:04:09,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:43/13-13:04:09,3218) sshd: cm-ssh (root,0,0,00:00:00/01:47:47,5639) [kworker/2:2-cgroup_destroy] (root,6656,3484,00:00:00/00:00,12946) /bin/bash /usr/bin/check_mk_agent (root,13744,3496,00:00:00/00:00,12964) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,12965) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/21:29,14597) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:01/02:12:20,14919) [kworker/1:0-events] (root,0,0,00:00:00/35:47,15998) [kworker/3:2-events] (root,0,0,00:00:00/03:00:58,16390) [kworker/u8:1-writeback] (root,0,0,00:00:00/02:00:11,21914) [kworker/1:1-cgroup_destroy] (root,0,0,00:00:00/44:17,22455) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/04:40,22599) [kworker/3:0-ata_sff] (postfix,24244,8228,00:00:00/01:35:01,24772) pickup -l -t fifo -u (root,0,0,00:00:01/02:49:19,25621) [kworker/2:0-events] (root,0,0,00:00:00/01:23:31,29874) [kworker/0:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-23 23:54 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683637ccbe010Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:18/11-12:50:30,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-12:50:30,2) [kthreadd] (root,0,0,00:00:00/11-12:50:30,3) [rcu_gp] (root,0,0,00:00:00/11-12:50:30,4) [rcu_par_gp] (root,0,0,00:00:00/11-12:50:30,5) [slub_flushwq] (root,0,0,00:00:00/11-12:50:30,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-12:50:30,9) [mm_percpu_wq] (root,0,0,00:00:00/11-12:50:30,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-12:50:30,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-12:50:30,12) [rcu_tasks_trace] (root,0,0,00:00:20/11-12:50:30,13) [ksoftirqd/0] (root,0,0,00:31:42/11-12:50:30,14) [rcu_preempt] (root,0,0,00:00:04/11-12:50:30,15) [migration/0] (root,0,0,00:00:00/11-12:50:30,16) [idle_inject/0] (root,0,0,00:00:00/11-12:50:30,18) [cpuhp/0] (root,0,0,00:00:00/11-12:50:30,19) [cpuhp/1] (root,0,0,00:00:00/11-12:50:30,20) [idle_inject/1] (root,0,0,00:00:04/11-12:50:30,21) [migration/1] (root,0,0,00:00:17/11-12:50:30,22) [ksoftirqd/1] (root,0,0,00:00:00/11-12:50:30,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-12:50:30,25) [cpuhp/2] (root,0,0,00:00:00/11-12:50:30,26) [idle_inject/2] (root,0,0,00:00:03/11-12:50:30,27) [migration/2] (root,0,0,00:21:10/11-12:50:30,28) [ksoftirqd/2] (root,0,0,00:00:00/11-12:50:30,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-12:50:30,31) [cpuhp/3] (root,0,0,00:00:00/11-12:50:30,32) [idle_inject/3] (root,0,0,00:00:04/11-12:50:30,33) [migration/3] (root,0,0,00:01:00/11-12:50:30,34) [ksoftirqd/3] (root,0,0,00:00:00/11-12:50:30,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-12:50:30,40) [kdevtmpfs] (root,0,0,00:00:00/11-12:50:30,41) [netns] (root,0,0,00:00:00/11-12:50:30,42) [inet_frag_wq] (root,0,0,00:00:01/11-12:50:30,43) [kauditd] (root,0,0,00:00:00/11-12:50:30,44) [khungtaskd] (root,0,0,00:00:00/11-12:50:30,45) [oom_reaper] (root,0,0,00:00:00/11-12:50:30,46) [writeback] (root,0,0,00:00:34/11-12:50:30,47) [kcompactd0] (root,0,0,00:00:00/11-12:50:30,48) [ksmd] (root,0,0,00:00:37/11-12:50:30,49) [khugepaged] (root,0,0,00:00:00/11-12:50:30,75) [kintegrityd] (root,0,0,00:00:00/11-12:50:30,76) [kblockd] (root,0,0,00:00:00/11-12:50:30,77) [blkcg_punt_bio] (root,0,0,00:00:00/11-12:50:30,79) [tpm_dev_wq] (root,0,0,00:00:00/11-12:50:30,80) [edac-poller] (root,0,0,00:00:00/11-12:50:30,81) [devfreq_wq] (root,0,0,00:00:00/11-12:50:30,110) [watchdogd] (root,0,0,00:00:00/11-12:50:30,111) [kswapd0] (root,0,0,00:00:02/11-12:50:30,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-12:50:28,115) [kthrotld] (root,0,0,00:00:00/11-12:50:28,116) [mld] (root,0,0,00:00:00/11-12:50:28,117) [ipv6_addrconf] (root,0,0,00:00:03/11-12:50:28,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-12:50:28,123) [kstrp] (root,0,0,00:00:00/11-12:50:28,124) [zswap-shrink] (root,0,0,00:00:00/11-12:50:28,125) [kworker/u9:0] (root,0,0,00:00:00/11-12:50:28,130) [charger_manager] (root,0,0,00:00:03/11-12:50:28,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/11-12:50:28,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/11-12:50:27,239) [kaluad] (root,0,0,00:00:00/11-12:50:27,258) [kmpath_rdacd] (root,0,0,00:00:00/11-12:50:27,304) [kmpathd] (root,0,0,00:00:00/11-12:50:27,305) [kmpath_handlerd] (root,0,0,00:00:00/11-12:50:26,342) [ata_sff] (root,0,0,00:00:00/11-12:50:26,343) [scsi_eh_0] (root,0,0,00:00:00/11-12:50:26,344) [scsi_tmf_0] (root,0,0,00:00:00/11-12:50:26,345) [scsi_eh_1] (root,0,0,00:00:00/11-12:50:26,346) [scsi_tmf_1] (root,0,0,00:00:21/11-12:50:23,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-12:50:23,367) [ext4-rsv-conver] (root,38604,7616,00:00:10/11-12:50:11,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/11-12:50:10,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:17/11-12:50:08,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/11-12:49:37,511) /sbin/auditd (messagebus,22932,5912,00:00:14/11-12:49:36,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8380,00:00:08/11-12:49:36,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/11-12:49:36,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/11-12:49:34,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/11-12:49:34,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25104,00:00:13/11-12:49:20,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/11-12:49:20,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:13/11-12:49:20,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/11-12:49:20,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/11-12:49:20,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/11-12:49:20,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/11-12:49:20,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:11/11-12:49:20,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:38/11-12:49:20,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/11-12:49:20,1352) bpfilter_umh (root,26204,8212,00:00:02/11-12:49:20,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/11-12:49:20,1359) ntpd: asynchronous dns resolver (spot,292348,178948,15:31:40/11-12:49:19,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/11-12:49:19,1371) (sd-pam) (checkmk,48528,3192,00:00:00/11-12:49:19,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/11-12:49:19,1373) (sd-pam) (root,24216,5268,00:00:03/11-12:49:17,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/11-12:49:17,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/11-12:49:17,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/11-12:49:14,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:39/11-12:49:13,1527) sshd: syslogtunnel (root,617612,72248,00:15:31/11-12:49:11,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,211392,47288,00:06:18/11-12:48:59,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/5-18:24:34,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/11-12:48:34,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:36/11-12:48:34,3218) sshd: cm-ssh (root,0,0,00:00:00/43:42,5235) [kworker/2:2-events] (root,0,0,00:00:00/09:52,6963) [kworker/3:2-ata_sff] (root,0,0,00:00:03/22:59:03,7785) [kworker/2:1-events] (postfix,24244,8284,00:00:00/00:16,12836) pickup -l -t fifo -u (root,0,0,00:00:00/23:09,14236) [kworker/u8:2-ext4-rsv-conversion] (root,6656,3484,00:00:00/00:01,14303) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,14337) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,14338) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/05:47:37,19628) [kworker/0:1-events] (root,0,0,00:00:00/05:23:10,20763) [kworker/1:0-events] (root,0,0,00:00:00/04:40,23666) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:08:41,24598) [kworker/u8:1-flush-253:0] (root,0,0,00:00:01/04:22:53,28099) [kworker/1:2-events] (root,0,0,00:00:00/56:33,28318) [kworker/3:1-events] (root,0,0,00:00:01/03:58:44,29792) [kworker/0:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-21 23:39 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d85bc1cbFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:15/9-09:47:07,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-09:47:07,2) [kthreadd] (root,0,0,00:00:00/9-09:47:07,3) [rcu_gp] (root,0,0,00:00:00/9-09:47:07,4) [rcu_par_gp] (root,0,0,00:00:00/9-09:47:07,5) [slub_flushwq] (root,0,0,00:00:00/9-09:47:07,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-09:47:07,9) [mm_percpu_wq] (root,0,0,00:00:00/9-09:47:07,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-09:47:07,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-09:47:07,12) [rcu_tasks_trace] (root,0,0,00:00:16/9-09:47:07,13) [ksoftirqd/0] (root,0,0,00:25:31/9-09:47:07,14) [rcu_preempt] (root,0,0,00:00:03/9-09:47:07,15) [migration/0] (root,0,0,00:00:00/9-09:47:07,16) [idle_inject/0] (root,0,0,00:00:00/9-09:47:07,18) [cpuhp/0] (root,0,0,00:00:00/9-09:47:07,19) [cpuhp/1] (root,0,0,00:00:00/9-09:47:07,20) [idle_inject/1] (root,0,0,00:00:03/9-09:47:07,21) [migration/1] (root,0,0,00:00:13/9-09:47:07,22) [ksoftirqd/1] (root,0,0,00:00:00/9-09:47:07,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-09:47:07,25) [cpuhp/2] (root,0,0,00:00:00/9-09:47:07,26) [idle_inject/2] (root,0,0,00:00:02/9-09:47:07,27) [migration/2] (root,0,0,00:17:07/9-09:47:07,28) [ksoftirqd/2] (root,0,0,00:00:00/9-09:47:07,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-09:47:07,31) [cpuhp/3] (root,0,0,00:00:00/9-09:47:07,32) [idle_inject/3] (root,0,0,00:00:03/9-09:47:07,33) [migration/3] (root,0,0,00:00:48/9-09:47:07,34) [ksoftirqd/3] (root,0,0,00:00:00/9-09:47:07,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-09:47:07,40) [kdevtmpfs] (root,0,0,00:00:00/9-09:47:07,41) [netns] (root,0,0,00:00:00/9-09:47:07,42) [inet_frag_wq] (root,0,0,00:00:01/9-09:47:07,43) [kauditd] (root,0,0,00:00:00/9-09:47:07,44) [khungtaskd] (root,0,0,00:00:00/9-09:47:07,45) [oom_reaper] (root,0,0,00:00:00/9-09:47:07,46) [writeback] (root,0,0,00:00:28/9-09:47:07,47) [kcompactd0] (root,0,0,00:00:00/9-09:47:07,48) [ksmd] (root,0,0,00:00:31/9-09:47:07,49) [khugepaged] (root,0,0,00:00:00/9-09:47:07,75) [kintegrityd] (root,0,0,00:00:00/9-09:47:07,76) [kblockd] (root,0,0,00:00:00/9-09:47:07,77) [blkcg_punt_bio] (root,0,0,00:00:00/9-09:47:07,79) [tpm_dev_wq] (root,0,0,00:00:00/9-09:47:07,80) [edac-poller] (root,0,0,00:00:00/9-09:47:07,81) [devfreq_wq] (root,0,0,00:00:00/9-09:47:07,110) [watchdogd] (root,0,0,00:00:00/9-09:47:07,111) [kswapd0] (root,0,0,00:00:02/9-09:47:07,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-09:47:05,115) [kthrotld] (root,0,0,00:00:00/9-09:47:05,116) [mld] (root,0,0,00:00:00/9-09:47:05,117) [ipv6_addrconf] (root,0,0,00:00:02/9-09:47:05,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-09:47:05,123) [kstrp] (root,0,0,00:00:00/9-09:47:05,124) [zswap-shrink] (root,0,0,00:00:00/9-09:47:05,125) [kworker/u9:0] (root,0,0,00:00:00/9-09:47:05,130) [charger_manager] (root,0,0,00:00:02/9-09:47:05,172) [kworker/1:1H-kblockd] (root,0,0,00:00:04/9-09:47:05,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/9-09:47:04,239) [kaluad] (root,0,0,00:00:00/9-09:47:04,258) [kmpath_rdacd] (root,0,0,00:00:00/9-09:47:04,304) [kmpathd] (root,0,0,00:00:00/9-09:47:04,305) [kmpath_handlerd] (root,0,0,00:00:00/9-09:47:03,342) [ata_sff] (root,0,0,00:00:00/9-09:47:03,343) [scsi_eh_0] (root,0,0,00:00:00/9-09:47:03,344) [scsi_tmf_0] (root,0,0,00:00:00/9-09:47:03,345) [scsi_eh_1] (root,0,0,00:00:00/9-09:47:03,346) [scsi_tmf_1] (root,0,0,00:00:17/9-09:47:00,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-09:47:00,367) [ext4-rsv-conver] (root,38604,7616,00:00:08/9-09:46:48,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/9-09:46:47,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:14/9-09:46:45,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/9-09:46:14,511) /sbin/auditd (messagebus,22932,5912,00:00:11/9-09:46:13,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8368,00:00:07/9-09:46:13,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/9-09:46:13,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/9-09:46:11,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/9-09:46:11,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,24840,00:00:10/9-09:45:57,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/9-09:45:57,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:59/9-09:45:57,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/9-09:45:57,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/9-09:45:57,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/9-09:45:57,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/9-09:45:57,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:09/9-09:45:57,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:19/9-09:45:57,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/9-09:45:57,1352) bpfilter_umh (root,26204,8212,00:00:01/9-09:45:57,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/9-09:45:57,1359) ntpd: asynchronous dns resolver (spot,293920,180192,12:10:29/9-09:45:56,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/9-09:45:56,1371) (sd-pam) (checkmk,48528,3192,00:00:00/9-09:45:56,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/9-09:45:56,1373) (sd-pam) (root,24216,5268,00:00:03/9-09:45:54,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/9-09:45:54,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/9-09:45:54,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/9-09:45:51,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:31/9-09:45:50,1527) sshd: syslogtunnel (root,617356,71948,00:12:35/9-09:45:48,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,45712,00:05:04/9-09:45:36,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/3-15:21:11,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/9-09:45:11,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:30/9-09:45:11,3218) sshd: cm-ssh (root,6656,3484,00:00:00/00:00,5208) /bin/bash /usr/bin/check_mk_agent (root,13744,3504,00:00:00/00:00,5226) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,5227) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/04:40:57,8172) [kworker/2:2-events] (root,0,0,00:00:00/17:55,10860) [kworker/3:1-events] (root,0,0,00:00:00/39:41,11212) [kworker/2:0-events] (root,0,0,00:00:00/07:34,12262) [kworker/3:0-ata_sff] (root,0,0,00:00:00/03:05:20,14431) [kworker/u8:0-writeback] (root,0,0,00:00:00/02:05:17,14915) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/15:23,15432) [kworker/0:2-events] (root,0,0,00:00:00/01:51:44,15893) [kworker/0:0-events] (postfix,24244,8200,00:00:00/38:49,19776) pickup -l -t fifo -u (root,0,0,00:00:00/51:38,22079) [kworker/1:1] (root,0,0,00:00:01/05:05:11,26887) [kworker/1:2-mm_percpu_wq] (root,0,0,00:00:00/02:21,27010) [kworker/3:2-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-19 20:35 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363aff21b91Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:12/7-11:08:32,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-11:08:32,2) [kthreadd] (root,0,0,00:00:00/7-11:08:32,3) [rcu_gp] (root,0,0,00:00:00/7-11:08:32,4) [rcu_par_gp] (root,0,0,00:00:00/7-11:08:32,5) [slub_flushwq] (root,0,0,00:00:00/7-11:08:32,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-11:08:32,9) [mm_percpu_wq] (root,0,0,00:00:00/7-11:08:32,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-11:08:32,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-11:08:32,12) [rcu_tasks_trace] (root,0,0,00:00:12/7-11:08:32,13) [ksoftirqd/0] (root,0,0,00:19:49/7-11:08:32,14) [rcu_preempt] (root,0,0,00:00:02/7-11:08:32,15) [migration/0] (root,0,0,00:00:00/7-11:08:32,16) [idle_inject/0] (root,0,0,00:00:00/7-11:08:32,18) [cpuhp/0] (root,0,0,00:00:00/7-11:08:32,19) [cpuhp/1] (root,0,0,00:00:00/7-11:08:32,20) [idle_inject/1] (root,0,0,00:00:03/7-11:08:32,21) [migration/1] (root,0,0,00:00:10/7-11:08:32,22) [ksoftirqd/1] (root,0,0,00:00:00/7-11:08:32,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-11:08:32,25) [cpuhp/2] (root,0,0,00:00:00/7-11:08:32,26) [idle_inject/2] (root,0,0,00:00:02/7-11:08:32,27) [migration/2] (root,0,0,00:13:00/7-11:08:32,28) [ksoftirqd/2] (root,0,0,00:00:00/7-11:08:32,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-11:08:32,31) [cpuhp/3] (root,0,0,00:00:00/7-11:08:32,32) [idle_inject/3] (root,0,0,00:00:02/7-11:08:32,33) [migration/3] (root,0,0,00:00:36/7-11:08:32,34) [ksoftirqd/3] (root,0,0,00:00:00/7-11:08:32,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-11:08:32,40) [kdevtmpfs] (root,0,0,00:00:00/7-11:08:32,41) [netns] (root,0,0,00:00:00/7-11:08:32,42) [inet_frag_wq] (root,0,0,00:00:00/7-11:08:32,43) [kauditd] (root,0,0,00:00:00/7-11:08:32,44) [khungtaskd] (root,0,0,00:00:00/7-11:08:32,45) [oom_reaper] (root,0,0,00:00:00/7-11:08:32,46) [writeback] (root,0,0,00:00:21/7-11:08:32,47) [kcompactd0] (root,0,0,00:00:00/7-11:08:32,48) [ksmd] (root,0,0,00:00:24/7-11:08:32,49) [khugepaged] (root,0,0,00:00:00/7-11:08:32,75) [kintegrityd] (root,0,0,00:00:00/7-11:08:32,76) [kblockd] (root,0,0,00:00:00/7-11:08:32,77) [blkcg_punt_bio] (root,0,0,00:00:00/7-11:08:32,79) [tpm_dev_wq] (root,0,0,00:00:00/7-11:08:32,80) [edac-poller] (root,0,0,00:00:00/7-11:08:32,81) [devfreq_wq] (root,0,0,00:00:00/7-11:08:32,110) [watchdogd] (root,0,0,00:00:00/7-11:08:32,111) [kswapd0] (root,0,0,00:00:01/7-11:08:32,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-11:08:30,115) [kthrotld] (root,0,0,00:00:00/7-11:08:30,116) [mld] (root,0,0,00:00:00/7-11:08:30,117) [ipv6_addrconf] (root,0,0,00:00:01/7-11:08:30,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-11:08:30,123) [kstrp] (root,0,0,00:00:00/7-11:08:30,124) [zswap-shrink] (root,0,0,00:00:00/7-11:08:30,125) [kworker/u9:0] (root,0,0,00:00:00/7-11:08:30,130) [charger_manager] (root,0,0,00:00:02/7-11:08:30,172) [kworker/1:1H-kblockd] (root,0,0,00:00:03/7-11:08:30,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/7-11:08:29,239) [kaluad] (root,0,0,00:00:00/7-11:08:29,258) [kmpath_rdacd] (root,0,0,00:00:00/7-11:08:29,304) [kmpathd] (root,0,0,00:00:00/7-11:08:29,305) [kmpath_handlerd] (root,0,0,00:00:00/7-11:08:28,342) [ata_sff] (root,0,0,00:00:00/7-11:08:28,343) [scsi_eh_0] (root,0,0,00:00:00/7-11:08:28,344) [scsi_tmf_0] (root,0,0,00:00:00/7-11:08:28,345) [scsi_eh_1] (root,0,0,00:00:00/7-11:08:28,346) [scsi_tmf_1] (root,0,0,00:00:13/7-11:08:25,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-11:08:25,367) [ext4-rsv-conver] (root,38604,7616,00:00:07/7-11:08:13,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/7-11:08:12,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:11/7-11:08:10,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/7-11:07:39,511) /sbin/auditd (messagebus,22932,5912,00:00:09/7-11:07:38,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:05/7-11:07:38,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/7-11:07:38,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/7-11:07:36,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/7-11:07:36,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,6656,3484,00:00:00/00:00,870) /bin/bash /usr/bin/check_mk_agent (root,6656,3472,00:00:00/00:00,881) /bin/bash /usr/bin/check_mk_agent (root,13744,3520,00:00:00/00:00,895) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,896) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,547592,23800,00:00:08/7-11:07:22,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/7-11:07:22,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:45/7-11:07:22,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/7-11:07:22,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/7-11:07:22,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/7-11:07:22,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/7-11:07:22,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:07/7-11:07:22,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:01/7-11:07:22,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/7-11:07:22,1352) bpfilter_umh (root,26204,8212,00:00:01/7-11:07:22,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/7-11:07:22,1359) ntpd: asynchronous dns resolver (spot,290396,176784,09:07:27/7-11:07:21,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/7-11:07:21,1371) (sd-pam) (checkmk,48528,3192,00:00:00/7-11:07:21,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/7-11:07:21,1373) (sd-pam) (root,24216,5268,00:00:02/7-11:07:19,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/7-11:07:19,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/7-11:07:19,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/7-11:07:16,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:25/7-11:07:15,1527) sshd: syslogtunnel (root,617356,69808,00:09:54/7-11:07:13,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,44428,00:03:52/7-11:07:01,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/1-16:42:36,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/7-11:06:36,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:23/7-11:06:36,3218) sshd: cm-ssh (root,0,0,00:00:01/07:53:45,6969) [kworker/0:2-events] (root,0,0,00:00:00/02:56:41,8452) [kworker/1:2-events] (root,0,0,00:00:00/05:27,9208) [kworker/3:0-ata_sff] (root,0,0,00:00:00/38:20,12808) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/06:14:23,14219) [kworker/0:1] (root,0,0,00:00:00/45:24,17990) [kworker/2:0-events] (root,0,0,00:00:01/05:18:43,18376) [kworker/2:2-events] (root,0,0,00:00:00/10:38,22475) [kworker/3:2-events] (root,0,0,00:00:00/26:42,25953) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/01:50:59,26083) [kworker/1:1] (postfix,24244,8296,00:00:00/42:14,29149) pickup -l -t fifo -u (root,0,0,00:00:00/00:15,32239) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-17 21:57 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683637e201e27Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:09/5-12:34:45,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-12:34:45,2) [kthreadd] (root,0,0,00:00:00/5-12:34:45,3) [rcu_gp] (root,0,0,00:00:00/5-12:34:45,4) [rcu_par_gp] (root,0,0,00:00:00/5-12:34:45,5) [slub_flushwq] (root,0,0,00:00:00/5-12:34:45,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-12:34:45,9) [mm_percpu_wq] (root,0,0,00:00:00/5-12:34:45,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-12:34:45,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-12:34:45,12) [rcu_tasks_trace] (root,0,0,00:00:09/5-12:34:45,13) [ksoftirqd/0] (root,0,0,00:14:15/5-12:34:45,14) [rcu_preempt] (root,0,0,00:00:02/5-12:34:45,15) [migration/0] (root,0,0,00:00:00/5-12:34:45,16) [idle_inject/0] (root,0,0,00:00:00/5-12:34:45,18) [cpuhp/0] (root,0,0,00:00:00/5-12:34:45,19) [cpuhp/1] (root,0,0,00:00:00/5-12:34:45,20) [idle_inject/1] (root,0,0,00:00:02/5-12:34:45,21) [migration/1] (root,0,0,00:00:07/5-12:34:45,22) [ksoftirqd/1] (root,0,0,00:00:00/5-12:34:45,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-12:34:45,25) [cpuhp/2] (root,0,0,00:00:00/5-12:34:45,26) [idle_inject/2] (root,0,0,00:00:01/5-12:34:45,27) [migration/2] (root,0,0,00:09:21/5-12:34:45,28) [ksoftirqd/2] (root,0,0,00:00:00/5-12:34:45,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-12:34:45,31) [cpuhp/3] (root,0,0,00:00:00/5-12:34:45,32) [idle_inject/3] (root,0,0,00:00:02/5-12:34:45,33) [migration/3] (root,0,0,00:00:25/5-12:34:45,34) [ksoftirqd/3] (root,0,0,00:00:00/5-12:34:45,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-12:34:45,40) [kdevtmpfs] (root,0,0,00:00:00/5-12:34:45,41) [netns] (root,0,0,00:00:00/5-12:34:45,42) [inet_frag_wq] (root,0,0,00:00:00/5-12:34:45,43) [kauditd] (root,0,0,00:00:00/5-12:34:45,44) [khungtaskd] (root,0,0,00:00:00/5-12:34:45,45) [oom_reaper] (root,0,0,00:00:00/5-12:34:45,46) [writeback] (root,0,0,00:00:15/5-12:34:45,47) [kcompactd0] (root,0,0,00:00:00/5-12:34:45,48) [ksmd] (root,0,0,00:00:16/5-12:34:45,49) [khugepaged] (root,0,0,00:00:00/5-12:34:45,75) [kintegrityd] (root,0,0,00:00:00/5-12:34:45,76) [kblockd] (root,0,0,00:00:00/5-12:34:45,77) [blkcg_punt_bio] (root,0,0,00:00:00/5-12:34:45,79) [tpm_dev_wq] (root,0,0,00:00:00/5-12:34:45,80) [edac-poller] (root,0,0,00:00:00/5-12:34:45,81) [devfreq_wq] (root,0,0,00:00:00/5-12:34:45,110) [watchdogd] (root,0,0,00:00:00/5-12:34:45,111) [kswapd0] (root,0,0,00:00:01/5-12:34:45,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-12:34:43,115) [kthrotld] (root,0,0,00:00:00/5-12:34:43,116) [mld] (root,0,0,00:00:00/5-12:34:43,117) [ipv6_addrconf] (root,0,0,00:00:01/5-12:34:43,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-12:34:43,123) [kstrp] (root,0,0,00:00:00/5-12:34:43,124) [zswap-shrink] (root,0,0,00:00:00/5-12:34:43,125) [kworker/u9:0] (root,0,0,00:00:00/5-12:34:43,130) [charger_manager] (root,0,0,00:00:01/5-12:34:43,172) [kworker/1:1H-kblockd] (root,0,0,00:00:02/5-12:34:43,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/5-12:34:42,239) [kaluad] (root,0,0,00:00:00/5-12:34:42,258) [kmpath_rdacd] (root,0,0,00:00:00/5-12:34:42,304) [kmpathd] (root,0,0,00:00:00/5-12:34:42,305) [kmpath_handlerd] (root,0,0,00:00:00/5-12:34:41,342) [ata_sff] (root,0,0,00:00:00/5-12:34:41,343) [scsi_eh_0] (root,0,0,00:00:00/5-12:34:41,344) [scsi_tmf_0] (root,0,0,00:00:00/5-12:34:41,345) [scsi_eh_1] (root,0,0,00:00:00/5-12:34:41,346) [scsi_tmf_1] (root,0,0,00:00:09/5-12:34:38,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-12:34:38,367) [ext4-rsv-conver] (root,38604,7616,00:00:05/5-12:34:26,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/5-12:34:25,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:08/5-12:34:23,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/5-12:33:52,511) /sbin/auditd (messagebus,22932,5912,00:00:07/5-12:33:51,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:04/5-12:33:51,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/5-12:33:51,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/5-12:33:49,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/5-12:33:49,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,23628,00:00:06/5-12:33:35,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/5-12:33:35,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:34/5-12:33:35,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/5-12:33:35,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/5-12:33:35,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/5-12:33:35,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/5-12:33:35,1343) /usr/lib/systemd/systemd --user (root,448964,8616,00:00:06/5-12:33:35,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:44/5-12:33:35,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/5-12:33:35,1352) bpfilter_umh (root,26204,8212,00:00:01/5-12:33:35,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/5-12:33:35,1359) ntpd: asynchronous dns resolver (spot,212172,174628,06:17:59/5-12:33:34,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/5-12:33:34,1371) (sd-pam) (checkmk,48528,3192,00:00:00/5-12:33:34,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/5-12:33:34,1373) (sd-pam) (root,24216,5268,00:00:01/5-12:33:32,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/5-12:33:32,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/5-12:33:32,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/5-12:33:29,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:18/5-12:33:28,1527) sshd: syslogtunnel (root,617100,69512,00:07:11/5-12:33:26,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,43148,00:02:46/5-12:33:14,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/5-12:32:49,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:17/5-12:32:49,3218) sshd: cm-ssh (root,0,0,00:00:00/06:30,4408) [kworker/2:0-events] (root,0,0,00:00:00/22:58,4816) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/39:28,12853) [kworker/1:0-events] (postfix,24244,8228,00:00:00/49:18,15243) pickup -l -t fifo -u (root,0,0,00:00:00/02:41,16813) [kworker/3:1-ata_sff] (root,0,0,00:00:00/02:08:12,18842) [kworker/0:0-events] (root,0,0,00:00:00/01:10:07,19687) [kworker/3:0-events] (root,0,0,00:00:01/04:53:21,20908) [kworker/2:1-events] (root,0,0,00:00:00/28:25,24590) [kworker/0:2-events] (root,0,0,00:00:00/00:44,24763) [kworker/u8:1-writeback] (root,0,0,00:00:01/03:36:10,25521) [kworker/1:2-events] (root,6656,3484,00:00:00/00:00,28006) /bin/bash /usr/bin/check_mk_agent (root,13744,3360,00:00:00/00:00,28024) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,28025) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/09:27:58,28908) [kworker/u8:2-events_unbound] (root,0,0,00:00:00/07:52,31007) [kworker/3:2-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-15 23:23 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e5d4feadFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:07/3-11:19:36,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-11:19:36,2) [kthreadd] (root,0,0,00:00:00/3-11:19:36,3) [rcu_gp] (root,0,0,00:00:00/3-11:19:36,4) [rcu_par_gp] (root,0,0,00:00:00/3-11:19:36,5) [slub_flushwq] (root,0,0,00:00:00/3-11:19:36,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-11:19:36,9) [mm_percpu_wq] (root,0,0,00:00:00/3-11:19:36,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-11:19:36,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-11:19:36,12) [rcu_tasks_trace] (root,0,0,00:00:05/3-11:19:36,13) [ksoftirqd/0] (root,0,0,00:08:53/3-11:19:36,14) [rcu_preempt] (root,0,0,00:00:01/3-11:19:36,15) [migration/0] (root,0,0,00:00:00/3-11:19:36,16) [idle_inject/0] (root,0,0,00:00:00/3-11:19:36,18) [cpuhp/0] (root,0,0,00:00:00/3-11:19:36,19) [cpuhp/1] (root,0,0,00:00:00/3-11:19:36,20) [idle_inject/1] (root,0,0,00:00:01/3-11:19:36,21) [migration/1] (root,0,0,00:00:04/3-11:19:36,22) [ksoftirqd/1] (root,0,0,00:00:00/3-11:19:36,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-11:19:36,25) [cpuhp/2] (root,0,0,00:00:00/3-11:19:36,26) [idle_inject/2] (root,0,0,00:00:01/3-11:19:36,27) [migration/2] (root,0,0,00:06:00/3-11:19:36,28) [ksoftirqd/2] (root,0,0,00:00:00/3-11:19:36,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-11:19:36,31) [cpuhp/3] (root,0,0,00:00:00/3-11:19:36,32) [idle_inject/3] (root,0,0,00:00:01/3-11:19:36,33) [migration/3] (root,0,0,00:00:16/3-11:19:36,34) [ksoftirqd/3] (root,0,0,00:00:00/3-11:19:36,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-11:19:36,40) [kdevtmpfs] (root,0,0,00:00:00/3-11:19:36,41) [netns] (root,0,0,00:00:00/3-11:19:36,42) [inet_frag_wq] (root,0,0,00:00:00/3-11:19:36,43) [kauditd] (root,0,0,00:00:00/3-11:19:36,44) [khungtaskd] (root,0,0,00:00:00/3-11:19:36,45) [oom_reaper] (root,0,0,00:00:00/3-11:19:36,46) [writeback] (root,0,0,00:00:09/3-11:19:36,47) [kcompactd0] (root,0,0,00:00:00/3-11:19:36,48) [ksmd] (root,0,0,00:00:10/3-11:19:36,49) [khugepaged] (root,0,0,00:00:00/3-11:19:36,75) [kintegrityd] (root,0,0,00:00:00/3-11:19:36,76) [kblockd] (root,0,0,00:00:00/3-11:19:36,77) [blkcg_punt_bio] (root,0,0,00:00:00/3-11:19:36,79) [tpm_dev_wq] (root,0,0,00:00:00/3-11:19:36,80) [edac-poller] (root,0,0,00:00:00/3-11:19:36,81) [devfreq_wq] (root,0,0,00:00:00/3-11:19:36,110) [watchdogd] (root,0,0,00:00:00/3-11:19:36,111) [kswapd0] (root,0,0,00:00:00/3-11:19:36,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-11:19:34,115) [kthrotld] (root,0,0,00:00:00/3-11:19:34,116) [mld] (root,0,0,00:00:00/3-11:19:34,117) [ipv6_addrconf] (root,0,0,00:00:00/3-11:19:34,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-11:19:34,123) [kstrp] (root,0,0,00:00:00/3-11:19:34,124) [zswap-shrink] (root,0,0,00:00:00/3-11:19:34,125) [kworker/u9:0] (root,0,0,00:00:00/3-11:19:34,130) [charger_manager] (root,0,0,00:00:00/3-11:19:34,172) [kworker/1:1H-kblockd] (root,0,0,00:00:01/3-11:19:34,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-11:19:33,239) [kaluad] (root,0,0,00:00:00/3-11:19:33,258) [kmpath_rdacd] (root,0,0,00:00:00/3-11:19:33,304) [kmpathd] (root,0,0,00:00:00/3-11:19:33,305) [kmpath_handlerd] (root,0,0,00:00:00/3-11:19:32,342) [ata_sff] (root,0,0,00:00:00/3-11:19:32,343) [scsi_eh_0] (root,0,0,00:00:00/3-11:19:32,344) [scsi_tmf_0] (root,0,0,00:00:00/3-11:19:32,345) [scsi_eh_1] (root,0,0,00:00:00/3-11:19:32,346) [scsi_tmf_1] (root,0,0,00:00:05/3-11:19:29,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-11:19:29,367) [ext4-rsv-conver] (root,38604,7616,00:00:03/3-11:19:17,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/3-11:19:16,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:05/3-11:19:14,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/3-11:18:43,511) /sbin/auditd (messagebus,22932,5912,00:00:04/3-11:18:42,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8356,00:00:02/3-11:18:42,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/3-11:18:42,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/3-11:18:40,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/3-11:18:40,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/07:35,675) [kworker/3:2-ata_sff] (root,0,0,00:00:00/07:12,1306) [kworker/u8:0] (root,547336,22784,00:00:04/3-11:18:26,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/3-11:18:26,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/07:12,1333) [kworker/0:1-events] (root,21172,4536,00:00:21/3-11:18:26,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/3-11:18:26,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/3-11:18:26,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/3-11:18:26,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/3-11:18:26,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:04/3-11:18:26,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:27/3-11:18:26,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/3-11:18:26,1352) bpfilter_umh (root,26204,8212,00:00:00/3-11:18:26,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/3-11:18:26,1359) ntpd: asynchronous dns resolver (spot,205964,169192,04:00:48/3-11:18:25,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/3-11:18:25,1371) (sd-pam) (checkmk,48528,3192,00:00:00/3-11:18:25,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/3-11:18:25,1373) (sd-pam) (root,24216,5268,00:00:01/3-11:18:23,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/3-11:18:23,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/3-11:18:23,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/3-11:18:20,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:11/3-11:18:19,1527) sshd: syslogtunnel (root,615564,67936,00:04:32/3-11:18:17,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41868,00:01:48/3-11:18:05,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/06:46:17,2276) [kworker/1:2-events] (root,35308,10108,00:00:00/3-11:17:40,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:10/3-11:17:40,3218) sshd: cm-ssh (root,0,0,00:00:00/26:32,4067) [kworker/1:1] (root,0,0,00:00:01/06:30:14,5266) [kworker/2:1-events] (postfix,24244,8264,00:00:00/01:36:09,8312) pickup -l -t fifo -u (root,0,0,00:00:00/02:38:55,13615) [kworker/2:2] (root,0,0,00:00:00/38:42,15073) [kworker/3:0-events] (root,0,0,00:00:00/02:22,17542) [kworker/3:1-ata_sff] (root,0,0,00:00:00/45:10,22015) [kworker/u8:1-writeback] (root,6656,3484,00:00:00/00:00,25291) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,25309) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,948,00:00:00/00:00,25310) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:02/16:23:30,28478) [kworker/0:0-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-13 22:08 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683637675da15Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:04/1-13:32:47,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-13:32:47,2) [kthreadd] (root,0,0,00:00:00/1-13:32:47,3) [rcu_gp] (root,0,0,00:00:00/1-13:32:47,4) [rcu_par_gp] (root,0,0,00:00:00/1-13:32:47,5) [slub_flushwq] (root,0,0,00:00:00/1-13:32:47,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-13:32:47,9) [mm_percpu_wq] (root,0,0,00:00:00/1-13:32:47,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-13:32:47,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-13:32:47,12) [rcu_tasks_trace] (root,0,0,00:00:02/1-13:32:47,13) [ksoftirqd/0] (root,0,0,00:04:08/1-13:32:47,14) [rcu_preempt] (root,0,0,00:00:00/1-13:32:47,15) [migration/0] (root,0,0,00:00:00/1-13:32:47,16) [idle_inject/0] (root,0,0,00:00:00/1-13:32:47,18) [cpuhp/0] (root,0,0,00:00:00/1-13:32:47,19) [cpuhp/1] (root,0,0,00:00:00/1-13:32:47,20) [idle_inject/1] (root,0,0,00:00:00/1-13:32:47,21) [migration/1] (root,0,0,00:00:02/1-13:32:47,22) [ksoftirqd/1] (root,0,0,00:00:00/1-13:32:47,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-13:32:47,25) [cpuhp/2] (root,0,0,00:00:00/1-13:32:47,26) [idle_inject/2] (root,0,0,00:00:00/1-13:32:47,27) [migration/2] (root,0,0,00:02:40/1-13:32:47,28) [ksoftirqd/2] (root,0,0,00:00:00/1-13:32:47,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-13:32:47,31) [cpuhp/3] (root,0,0,00:00:00/1-13:32:47,32) [idle_inject/3] (root,0,0,00:00:00/1-13:32:47,33) [migration/3] (root,0,0,00:00:08/1-13:32:47,34) [ksoftirqd/3] (root,0,0,00:00:00/1-13:32:47,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-13:32:47,40) [kdevtmpfs] (root,0,0,00:00:00/1-13:32:47,41) [netns] (root,0,0,00:00:00/1-13:32:47,42) [inet_frag_wq] (root,0,0,00:00:00/1-13:32:47,43) [kauditd] (root,0,0,00:00:00/1-13:32:47,44) [khungtaskd] (root,0,0,00:00:00/1-13:32:47,45) [oom_reaper] (root,0,0,00:00:00/1-13:32:47,46) [writeback] (root,0,0,00:00:04/1-13:32:47,47) [kcompactd0] (root,0,0,00:00:00/1-13:32:47,48) [ksmd] (root,0,0,00:00:05/1-13:32:47,49) [khugepaged] (root,0,0,00:00:00/1-13:32:47,75) [kintegrityd] (root,0,0,00:00:00/1-13:32:47,76) [kblockd] (root,0,0,00:00:00/1-13:32:47,77) [blkcg_punt_bio] (root,0,0,00:00:00/1-13:32:47,79) [tpm_dev_wq] (root,0,0,00:00:00/1-13:32:47,80) [edac-poller] (root,0,0,00:00:00/1-13:32:47,81) [devfreq_wq] (root,0,0,00:00:00/1-13:32:47,110) [watchdogd] (root,0,0,00:00:00/1-13:32:47,111) [kswapd0] (root,0,0,00:00:00/1-13:32:47,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-13:32:45,115) [kthrotld] (root,0,0,00:00:00/1-13:32:45,116) [mld] (root,0,0,00:00:00/1-13:32:45,117) [ipv6_addrconf] (root,0,0,00:00:00/1-13:32:45,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-13:32:45,123) [kstrp] (root,0,0,00:00:00/1-13:32:45,124) [zswap-shrink] (root,0,0,00:00:00/1-13:32:45,125) [kworker/u9:0] (root,0,0,00:00:00/1-13:32:45,130) [charger_manager] (root,0,0,00:00:00/1-13:32:45,172) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-13:32:45,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-13:32:44,239) [kaluad] (root,0,0,00:00:00/1-13:32:44,258) [kmpath_rdacd] (root,0,0,00:00:00/1-13:32:44,304) [kmpathd] (root,0,0,00:00:00/1-13:32:44,305) [kmpath_handlerd] (root,0,0,00:00:00/1-13:32:43,342) [ata_sff] (root,0,0,00:00:00/1-13:32:43,343) [scsi_eh_0] (root,0,0,00:00:00/1-13:32:43,344) [scsi_tmf_0] (root,0,0,00:00:00/1-13:32:43,345) [scsi_eh_1] (root,0,0,00:00:00/1-13:32:43,346) [scsi_tmf_1] (root,0,0,00:00:02/1-13:32:40,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-13:32:40,367) [ext4-rsv-conver] (root,0,0,00:00:00/00:09,392) [kworker/3:1-ata_sff] (root,38604,7616,00:00:01/1-13:32:28,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/1-13:32:27,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:02/1-13:32:25,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/1-13:31:54,511) /sbin/auditd (messagebus,22932,5912,00:00:02/1-13:31:53,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:01/1-13:31:53,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/1-13:31:53,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/1-13:31:51,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/1-13:31:51,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,6656,3492,00:00:00/00:00,646) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,687) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,776) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,777) /bin/bash /usr/bin/check_mk_agent (root,4480,1068,00:00:00/00:00,778) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,820,00:00:00/00:00,779) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,696,00:00:00/00:00,780) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3488,00:00:00/00:00,781) /bin/bash /usr/bin/check_mk_agent (root,6656,3492,00:00:00/00:00,782) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,819) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,821) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,547336,22256,00:00:01/1-13:31:37,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/1-13:31:37,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:10/1-13:31:37,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/1-13:31:37,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/1-13:31:37,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/1-13:31:37,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/1-13:31:37,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:02/1-13:31:37,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:12/1-13:31:37,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/1-13:31:37,1352) bpfilter_umh (root,26204,8212,00:00:00/1-13:31:37,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/1-13:31:37,1359) ntpd: asynchronous dns resolver (spot,204636,167840,02:01:52/1-13:31:36,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/1-13:31:36,1371) (sd-pam) (checkmk,48528,3192,00:00:00/1-13:31:36,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/1-13:31:36,1373) (sd-pam) (root,24216,5268,00:00:00/1-13:31:34,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/1-13:31:34,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/1-13:31:34,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/1-13:31:31,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:05/1-13:31:30,1527) sshd: syslogtunnel (root,615564,67636,00:02:07/1-13:31:28,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/01:25:57,1585) [kworker/u8:0-writeback] (spot,206272,41352,00:00:51/1-13:31:16,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/1-13:30:51,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:04/1-13:30:51,3218) sshd: cm-ssh (postfix,24244,8204,00:00:00/51:09,5964) pickup -l -t fifo -u (root,0,0,00:00:01/01:43:55,10989) [kworker/3:2-events] (root,0,0,00:00:00/05:22,11590) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:08:50,11820) [kworker/2:2-events] (root,0,0,00:00:00/01:42:09,17596) [kworker/0:0-events] (root,0,0,00:00:00/35:50,22620) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/02:41:26,22963) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:08/07:32:09,25188) [kworker/1:2-events] (root,0,0,00:00:00/24:53,27435) [kworker/2:0-events] (root,0,0,00:00:00/01:24,27675) [kworker/1:1] (root,0,0,00:00:01/04:48:38,31079) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-12 00:21 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363adcbf42cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12528,00:00:03/15:49:03,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15:49:03,2) [kthreadd] (root,0,0,00:00:00/15:49:03,3) [rcu_gp] (root,0,0,00:00:00/15:49:03,4) [rcu_par_gp] (root,0,0,00:00:00/15:49:03,5) [slub_flushwq] (root,0,0,00:00:00/15:49:03,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15:49:03,9) [mm_percpu_wq] (root,0,0,00:00:00/15:49:03,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15:49:03,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15:49:03,12) [rcu_tasks_trace] (root,0,0,00:00:00/15:49:03,13) [ksoftirqd/0] (root,0,0,00:01:44/15:49:03,14) [rcu_preempt] (root,0,0,00:00:00/15:49:03,15) [migration/0] (root,0,0,00:00:00/15:49:03,16) [idle_inject/0] (root,0,0,00:00:00/15:49:03,18) [cpuhp/0] (root,0,0,00:00:00/15:49:03,19) [cpuhp/1] (root,0,0,00:00:00/15:49:03,20) [idle_inject/1] (root,0,0,00:00:00/15:49:03,21) [migration/1] (root,0,0,00:00:00/15:49:03,22) [ksoftirqd/1] (root,0,0,00:00:00/15:49:03,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15:49:03,25) [cpuhp/2] (root,0,0,00:00:00/15:49:03,26) [idle_inject/2] (root,0,0,00:00:00/15:49:03,27) [migration/2] (root,0,0,00:01:07/15:49:03,28) [ksoftirqd/2] (root,0,0,00:00:00/15:49:03,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15:49:03,31) [cpuhp/3] (root,0,0,00:00:00/15:49:03,32) [idle_inject/3] (root,0,0,00:00:00/15:49:03,33) [migration/3] (root,0,0,00:00:03/15:49:03,34) [ksoftirqd/3] (root,0,0,00:00:00/15:49:03,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15:49:03,40) [kdevtmpfs] (root,0,0,00:00:00/15:49:03,41) [netns] (root,0,0,00:00:00/15:49:03,42) [inet_frag_wq] (root,0,0,00:00:00/15:49:03,43) [kauditd] (root,0,0,00:00:00/15:49:03,44) [khungtaskd] (root,0,0,00:00:00/15:49:03,45) [oom_reaper] (root,0,0,00:00:00/15:49:03,46) [writeback] (root,0,0,00:00:01/15:49:03,47) [kcompactd0] (root,0,0,00:00:00/15:49:03,48) [ksmd] (root,0,0,00:00:02/15:49:03,49) [khugepaged] (root,0,0,00:00:00/15:49:03,75) [kintegrityd] (root,0,0,00:00:00/15:49:03,76) [kblockd] (root,0,0,00:00:00/15:49:03,77) [blkcg_punt_bio] (root,0,0,00:00:00/15:49:03,79) [tpm_dev_wq] (root,0,0,00:00:00/15:49:03,80) [edac-poller] (root,0,0,00:00:00/15:49:03,81) [devfreq_wq] (root,0,0,00:00:00/15:49:03,110) [watchdogd] (root,0,0,00:00:00/15:49:03,111) [kswapd0] (root,0,0,00:00:00/15:49:03,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/15:49:01,115) [kthrotld] (root,0,0,00:00:00/15:49:01,116) [mld] (root,0,0,00:00:00/15:49:01,117) [ipv6_addrconf] (root,0,0,00:00:00/15:49:01,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15:49:01,123) [kstrp] (root,0,0,00:00:00/15:49:01,124) [zswap-shrink] (root,0,0,00:00:00/15:49:01,125) [kworker/u9:0] (root,0,0,00:00:00/15:49:01,130) [charger_manager] (root,0,0,00:00:00/15:49:01,172) [kworker/1:1H-kblockd] (root,0,0,00:00:00/15:49:01,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/15:49:00,239) [kaluad] (root,0,0,00:00:00/15:49:00,258) [kmpath_rdacd] (root,0,0,00:00:00/15:49:00,304) [kmpathd] (root,0,0,00:00:00/15:49:00,305) [kmpath_handlerd] (root,0,0,00:00:00/15:48:59,342) [ata_sff] (root,0,0,00:00:00/15:48:59,343) [scsi_eh_0] (root,0,0,00:00:00/15:48:59,344) [scsi_tmf_0] (root,0,0,00:00:00/15:48:59,345) [scsi_eh_1] (root,0,0,00:00:00/15:48:59,346) [scsi_tmf_1] (root,0,0,00:00:01/15:48:56,366) [jbd2/vda1-8] (root,0,0,00:00:00/15:48:56,367) [ext4-rsv-conver] (root,38604,7616,00:00:00/15:48:44,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/15:48:43,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:01/15:48:41,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/15:48:10,511) /sbin/auditd (messagebus,22932,5912,00:00:01/15:48:09,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8324,00:00:00/15:48:09,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/15:48:09,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/15:48:07,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/15:48:07,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22256,00:00:01/15:47:53,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/15:47:53,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:01/15:47:53,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/15:47:53,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/15:47:53,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/15:47:53,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/15:47:53,1343) /usr/lib/systemd/systemd --user (root,448724,7512,00:00:01/15:47:53,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:05/15:47:53,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/15:47:53,1352) bpfilter_umh (root,26204,8212,00:00:00/15:47:53,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/15:47:53,1359) ntpd: asynchronous dns resolver (spot,189068,152012,00:59:32/15:47:52,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/15:47:52,1371) (sd-pam) (checkmk,48528,3192,00:00:00/15:47:52,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/15:47:52,1373) (sd-pam) (root,24216,5268,00:00:00/15:47:50,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/15:47:50,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/15:47:50,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/15:47:47,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:02/15:47:46,1527) sshd: syslogtunnel (root,615564,67536,00:00:56/15:47:44,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/09:03,1611) [kworker/3:2-ata_sff] (spot,206272,41060,00:00:24/15:47:32,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/23:51,2484) [kworker/u8:2-flush-253:0] (root,35308,10108,00:00:00/15:47:07,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:02/15:47:07,3218) sshd: cm-ssh (root,0,0,00:00:00/03:52,10917) [kworker/3:0-ata_sff] (root,0,0,00:00:00/02:15:54,12661) [kworker/0:1-events] (root,0,0,00:00:00/01:20:09,14090) [kworker/1:1-cgroup_destroy] (root,6656,3492,00:00:00/00:00,16458) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,16476) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,16477) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/32:50,21206) [kworker/1:2-events] (root,0,0,00:00:00/32:48,21526) [kworker/u8:0-flush-253:0] (postfix,24244,8236,00:00:00/48:14,23617) pickup -l -t fifo -u (root,0,0,00:00:00/09:47:49,24335) [kworker/2:2-events] (root,0,0,00:00:00/01:09:15,25492) [kworker/0:2] (root,0,0,00:00:04/09:39:47,26151) [kworker/3:1-events] (root,0,0,00:00:00/01:53:27,26524) [kworker/2:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-11 02:37
Domain summary
No record