Host 141.9.47.230
Germany
Verein zur Foerderung eines Deutschen Forschungsnetzes e.V.
-
CheckMK monitoring endpoint publicly available
An open CheckMK agent is publicly available.
This could leak sensitive information such as :
- Process list ( maybe credentials )
- Network interfaces
- Running services
- Firewall rules
- Internal OS configuration
https://docs.checkmk.com/latest/en/wato_monitoringagents.html
First seen 2024-09-12 04:05
Last seen 2024-12-22 00:59
Open for 100 days-
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d575316eFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12584,00:01:36/39-14:37:29,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-14:37:29,2) [kthreadd] (root,0,0,00:00:00/39-14:37:29,3) [rcu_gp] (root,0,0,00:00:00/39-14:37:29,4) [rcu_par_gp] (root,0,0,00:00:00/39-14:37:29,5) [slub_flushwq] (root,0,0,00:00:00/39-14:37:29,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-14:37:29,9) [mm_percpu_wq] (root,0,0,00:00:00/39-14:37:29,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-14:37:29,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-14:37:29,12) [rcu_tasks_trace] (root,0,0,00:01:15/39-14:37:29,13) [ksoftirqd/0] (root,0,0,01:45:18/39-14:37:29,14) [rcu_preempt] (root,0,0,00:00:15/39-14:37:29,15) [migration/0] (root,0,0,00:00:00/39-14:37:29,16) [idle_inject/0] (root,0,0,00:00:00/39-14:37:29,18) [cpuhp/0] (root,0,0,00:00:00/39-14:37:29,19) [cpuhp/1] (root,0,0,00:00:00/39-14:37:29,20) [idle_inject/1] (root,0,0,00:00:15/39-14:37:29,21) [migration/1] (root,0,0,00:01:05/39-14:37:29,22) [ksoftirqd/1] (root,0,0,00:00:00/39-14:37:29,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-14:37:29,25) [cpuhp/2] (root,0,0,00:00:00/39-14:37:29,26) [idle_inject/2] (root,0,0,00:00:12/39-14:37:29,27) [migration/2] (root,0,0,01:14:06/39-14:37:29,28) [ksoftirqd/2] (root,0,0,00:00:00/39-14:37:29,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-14:37:29,31) [cpuhp/3] (root,0,0,00:00:00/39-14:37:29,32) [idle_inject/3] (root,0,0,00:00:14/39-14:37:29,33) [migration/3] (root,0,0,00:03:31/39-14:37:29,34) [ksoftirqd/3] (root,0,0,00:00:00/39-14:37:29,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-14:37:29,39) [kdevtmpfs] (root,0,0,00:00:00/39-14:37:29,40) [netns] (root,0,0,00:00:00/39-14:37:29,41) [inet_frag_wq] (root,0,0,00:00:09/39-14:37:29,42) [kauditd] (root,0,0,00:00:00/39-14:37:29,43) [khungtaskd] (root,0,0,00:00:00/39-14:37:29,44) [oom_reaper] (root,0,0,00:00:00/39-14:37:29,45) [writeback] (root,0,0,00:01:56/39-14:37:29,46) [kcompactd0] (root,0,0,00:00:00/39-14:37:29,47) [ksmd] (root,0,0,00:01:57/39-14:37:29,48) [khugepaged] (root,0,0,00:00:00/39-14:37:29,74) [kintegrityd] (root,0,0,00:00:00/39-14:37:29,75) [kblockd] (root,0,0,00:00:00/39-14:37:29,76) [blkcg_punt_bio] (root,0,0,00:00:00/39-14:37:29,78) [tpm_dev_wq] (root,0,0,00:00:00/39-14:37:29,79) [edac-poller] (root,0,0,00:00:00/39-14:37:29,80) [devfreq_wq] (root,0,0,00:00:00/39-14:37:29,110) [watchdogd] (root,0,0,00:00:08/39-14:37:29,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/39-14:37:29,112) [kswapd0] (root,0,0,00:00:00/39-14:37:28,114) [kthrotld] (root,0,0,00:00:00/39-14:37:28,115) [mld] (root,0,0,00:00:00/39-14:37:28,116) [ipv6_addrconf] (root,0,0,00:00:17/39-14:37:28,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/39-14:37:28,122) [kstrp] (root,0,0,00:00:00/39-14:37:28,123) [zswap-shrink] (root,0,0,00:00:00/39-14:37:28,124) [kworker/u9:0] (root,0,0,00:00:00/39-14:37:28,129) [charger_manager] (root,0,0,00:00:08/39-14:37:27,172) [kworker/3:1H-kblockd] (root,0,0,00:00:09/39-14:37:27,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-14:37:27,205) [kaluad] (root,0,0,00:00:00/39-14:37:27,250) [kmpath_rdacd] (root,0,0,00:00:00/39-14:37:27,293) [kmpathd] (root,0,0,00:00:00/39-14:37:27,294) [kmpath_handlerd] (root,0,0,00:00:00/39-14:37:27,342) [ata_sff] (root,0,0,00:00:00/39-14:37:26,343) [scsi_eh_0] (root,0,0,00:00:00/39-14:37:26,344) [scsi_tmf_0] (root,0,0,00:00:00/39-14:37:26,345) [scsi_eh_1] (root,0,0,00:00:00/39-14:37:26,346) [scsi_tmf_1] (root,0,0,00:01:05/39-14:37:24,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-14:37:24,367) [ext4-rsv-conver] (root,38604,7788,00:00:54/39-14:37:12,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/39-14:37:11,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:59/39-14:37:09,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:19/39-14:36:35,512) /sbin/auditd (messagebus,22936,5548,00:01:45/39-14:36:35,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:01:01/39-14:36:35,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/39-14:36:35,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/39-14:36:34,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/39-14:36:34,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:44/39-14:36:20,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/39-14:36:20,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:45/39-14:36:19,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/39-14:36:19,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/39-14:36:19,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/39-14:36:19,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/39-14:36:19,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:50/39-14:36:19,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:23/39-14:36:19,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/39-14:36:19,1206) bpfilter_umh (root,26204,8212,00:00:16/39-14:36:19,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/39-14:36:19,1215) ntpd: asynchronous dns resolver (spot,299344,183060,2-02:58:46/39-14:36:19,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/39-14:36:18,1228) (sd-pam) (checkmk,48532,3192,00:00:00/39-14:36:18,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/39-14:36:18,1245) (sd-pam) (root,24216,5344,00:00:13/39-14:36:17,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/39-14:36:17,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/39-14:36:16,1354) /usr/sbin/cron -n (root,698484,82656,00:51:44/39-14:36:10,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,66924,00:17:03/39-14:35:56,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/02:00:18,2674) [kworker/0:2-events] (root,0,0,00:00:00/40:59,5528) [kworker/1:2-events] (root,0,0,00:00:00/06:46,7221) [kworker/3:0-events] (root,0,0,00:00:00/01:34:34,9266) [kworker/u8:0-flush-253:0] (root,6656,3492,00:00:00/00:00,10787) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,10814) /bin/bash /usr/bin/check_mk_agent (root,6656,1828,00:00:00/00:00,10842) /bin/bash /usr/bin/check_mk_agent (root,6656,2020,00:00:00/00:00,10843) /bin/bash /usr/bin/check_mk_agent (root,4480,1156,00:00:00/00:00,10844) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,816,00:00:00/00:00,10845) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,652,00:00:00/00:00,10849) cat /proc/net/tcp /proc/net/tcp6 (root,13744,3360,00:00:00/00:00,10851) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,10852) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:47,10883) [kworker/0:1] (root,0,0,00:00:00/25:47,12385) [kworker/0:0-cgroup_destroy] (postfix,24244,8292,00:00:00/04:48,13685) pickup -l -t fifo -u (root,0,0,00:00:00/02:08:20,15256) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/33-12:27:12,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:51/33-12:27:11,15391) sshd: cm-ssh (root,0,0,00:00:00/04:40,15706) [kworker/1:1-ata_sff] (root,35308,10072,00:00:00/23-13:55:50,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:22/23-13:55:49,16977) sshd: syslogtunnel (root,0,0,00:00:00/45:48,19043) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/13:10,24965) [kworker/2:0-events] (root,0,0,00:00:00/21:41,29419) [kworker/2:2-cgroup_destroy] (postfix,44628,9272,00:00:01/33-19:12:57,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/09:53,31013) [kworker/1:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-22 00:59 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363895a3327Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:26/37-14:12:23,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-14:12:23,2) [kthreadd] (root,0,0,00:00:00/37-14:12:23,3) [rcu_gp] (root,0,0,00:00:00/37-14:12:23,4) [rcu_par_gp] (root,0,0,00:00:00/37-14:12:23,5) [slub_flushwq] (root,0,0,00:00:00/37-14:12:23,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-14:12:23,9) [mm_percpu_wq] (root,0,0,00:00:00/37-14:12:23,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-14:12:23,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-14:12:23,12) [rcu_tasks_trace] (root,0,0,00:01:09/37-14:12:23,13) [ksoftirqd/0] (root,0,0,01:39:43/37-14:12:23,14) [rcu_preempt] (root,0,0,00:00:14/37-14:12:23,15) [migration/0] (root,0,0,00:00:00/37-14:12:23,16) [idle_inject/0] (root,0,0,00:00:00/37-14:12:23,18) [cpuhp/0] (root,0,0,00:00:00/37-14:12:23,19) [cpuhp/1] (root,0,0,00:00:00/37-14:12:23,20) [idle_inject/1] (root,0,0,00:00:14/37-14:12:23,21) [migration/1] (root,0,0,00:01:01/37-14:12:23,22) [ksoftirqd/1] (root,0,0,00:00:00/37-14:12:23,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-14:12:23,25) [cpuhp/2] (root,0,0,00:00:00/37-14:12:23,26) [idle_inject/2] (root,0,0,00:00:11/37-14:12:23,27) [migration/2] (root,0,0,01:10:41/37-14:12:23,28) [ksoftirqd/2] (root,0,0,00:00:00/37-14:12:23,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-14:12:23,31) [cpuhp/3] (root,0,0,00:00:00/37-14:12:23,32) [idle_inject/3] (root,0,0,00:00:14/37-14:12:23,33) [migration/3] (root,0,0,00:03:20/37-14:12:23,34) [ksoftirqd/3] (root,0,0,00:00:00/37-14:12:23,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-14:12:23,39) [kdevtmpfs] (root,0,0,00:00:00/37-14:12:23,40) [netns] (root,0,0,00:00:00/37-14:12:23,41) [inet_frag_wq] (root,0,0,00:00:08/37-14:12:23,42) [kauditd] (root,0,0,00:00:00/37-14:12:23,43) [khungtaskd] (root,0,0,00:00:00/37-14:12:23,44) [oom_reaper] (root,0,0,00:00:00/37-14:12:23,45) [writeback] (root,0,0,00:01:50/37-14:12:23,46) [kcompactd0] (root,0,0,00:00:00/37-14:12:23,47) [ksmd] (root,0,0,00:01:50/37-14:12:23,48) [khugepaged] (root,0,0,00:00:00/37-14:12:23,74) [kintegrityd] (root,0,0,00:00:00/37-14:12:23,75) [kblockd] (root,0,0,00:00:00/37-14:12:23,76) [blkcg_punt_bio] (root,0,0,00:00:00/37-14:12:23,78) [tpm_dev_wq] (root,0,0,00:00:00/37-14:12:23,79) [edac-poller] (root,0,0,00:00:00/37-14:12:23,80) [devfreq_wq] (root,0,0,00:00:00/37-14:12:23,110) [watchdogd] (root,0,0,00:00:07/37-14:12:23,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/37-14:12:23,112) [kswapd0] (root,0,0,00:00:00/37-14:12:22,114) [kthrotld] (root,0,0,00:00:00/37-14:12:22,115) [mld] (root,0,0,00:00:00/37-14:12:22,116) [ipv6_addrconf] (root,0,0,00:00:16/37-14:12:22,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/37-14:12:22,122) [kstrp] (root,0,0,00:00:00/37-14:12:22,123) [zswap-shrink] (root,0,0,00:00:00/37-14:12:22,124) [kworker/u9:0] (root,0,0,00:00:00/37-14:12:22,129) [charger_manager] (root,0,0,00:00:08/37-14:12:21,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/37-14:12:21,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-14:12:21,205) [kaluad] (root,0,0,00:00:00/37-14:12:21,250) [kmpath_rdacd] (root,0,0,00:00:00/37-14:12:21,293) [kmpathd] (root,0,0,00:00:00/37-14:12:21,294) [kmpath_handlerd] (root,0,0,00:00:00/37-14:12:21,342) [ata_sff] (root,0,0,00:00:00/37-14:12:20,343) [scsi_eh_0] (root,0,0,00:00:00/37-14:12:20,344) [scsi_tmf_0] (root,0,0,00:00:00/37-14:12:20,345) [scsi_eh_1] (root,0,0,00:00:00/37-14:12:20,346) [scsi_tmf_1] (root,0,0,00:01:01/37-14:12:18,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-14:12:18,367) [ext4-rsv-conver] (root,38604,7788,00:00:48/37-14:12:06,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/37-14:12:05,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:56/37-14:12:03,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:17/37-14:11:29,512) /sbin/auditd (messagebus,22936,5548,00:01:32/37-14:11:29,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:54/37-14:11:29,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/37-14:11:29,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/37-14:11:28,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/37-14:11:28,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:42/37-14:11:14,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/37-14:11:14,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:32/37-14:11:13,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/37-14:11:13,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/37-14:11:13,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/37-14:11:13,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/37-14:11:13,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:46/37-14:11:13,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:06/37-14:11:13,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/37-14:11:13,1206) bpfilter_umh (root,26204,8212,00:00:14/37-14:11:13,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/37-14:11:13,1215) ntpd: asynchronous dns resolver (spot,296544,182180,1-23:14:27/37-14:11:13,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/37-14:11:12,1228) (sd-pam) (checkmk,48532,3192,00:00:00/37-14:11:12,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/37-14:11:12,1245) (sd-pam) (root,24216,5344,00:00:12/37-14:11:11,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/37-14:11:11,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/37-14:11:10,1354) /usr/sbin/cron -n (root,698484,82412,00:49:06/37-14:11:04,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66044,00:16:09/37-14:10:50,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/11:59,2838) [kworker/3:1-events] (postfix,24244,8276,00:00:00/01:40,2990) pickup -l -t fifo -u (root,0,0,00:00:00/01:40,2994) [kworker/3:0-events] (root,0,0,00:00:00/00:39,4338) [kworker/1:2-ata_sff] (root,0,0,00:00:00/11:24,4583) [kworker/u8:1-ext4-rsv-conversion] (root,6656,3440,00:00:00/00:00,7212) /bin/bash /usr/bin/check_mk_agent (root,13744,3444,00:00:00/00:00,7230) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,7231) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/09:53,10180) [kworker/2:2-events] (root,35308,10012,00:00:00/31-12:02:06,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:44/31-12:02:05,15391) sshd: cm-ssh (root,0,0,00:00:00/19:05,16397) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10072,00:00:00/21-13:30:44,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:14/21-13:30:43,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:54:25,17446) [kworker/0:2-events] (root,0,0,00:00:00/18:06,18386) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/01:02:55,21022) [kworker/1:1-events] (root,0,0,00:00:00/05:50,21821) [kworker/1:0-ata_sff] (root,0,0,00:00:00/28:19,26953) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/04:04,27235) [kworker/u8:2-writeback] (postfix,44628,9272,00:00:01/31-18:47:51,30472) tlsmgr -l -t unix -u (root,0,0,00:00:02/01:58:25,32596) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-20 00:34 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f941ceb4Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:22/35-15:25:06,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/35-15:25:06,2) [kthreadd] (root,0,0,00:00:00/35-15:25:06,3) [rcu_gp] (root,0,0,00:00:00/35-15:25:06,4) [rcu_par_gp] (root,0,0,00:00:00/35-15:25:06,5) [slub_flushwq] (root,0,0,00:00:00/35-15:25:06,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-15:25:06,9) [mm_percpu_wq] (root,0,0,00:00:00/35-15:25:06,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-15:25:06,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-15:25:06,12) [rcu_tasks_trace] (root,0,0,00:01:05/35-15:25:06,13) [ksoftirqd/0] (root,0,0,01:34:30/35-15:25:06,14) [rcu_preempt] (root,0,0,00:00:13/35-15:25:06,15) [migration/0] (root,0,0,00:00:00/35-15:25:06,16) [idle_inject/0] (root,0,0,00:00:00/35-15:25:06,18) [cpuhp/0] (root,0,0,00:00:00/35-15:25:06,19) [cpuhp/1] (root,0,0,00:00:00/35-15:25:06,20) [idle_inject/1] (root,0,0,00:00:14/35-15:25:06,21) [migration/1] (root,0,0,00:00:57/35-15:25:06,22) [ksoftirqd/1] (root,0,0,00:00:00/35-15:25:06,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-15:25:06,25) [cpuhp/2] (root,0,0,00:00:00/35-15:25:06,26) [idle_inject/2] (root,0,0,00:00:11/35-15:25:06,27) [migration/2] (root,0,0,01:07:42/35-15:25:06,28) [ksoftirqd/2] (root,0,0,00:00:00/35-15:25:06,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-15:25:06,31) [cpuhp/3] (root,0,0,00:00:00/35-15:25:06,32) [idle_inject/3] (root,0,0,00:00:13/35-15:25:06,33) [migration/3] (root,0,0,00:03:11/35-15:25:06,34) [ksoftirqd/3] (root,0,0,00:00:00/35-15:25:06,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-15:25:06,39) [kdevtmpfs] (root,0,0,00:00:00/35-15:25:06,40) [netns] (root,0,0,00:00:00/35-15:25:06,41) [inet_frag_wq] (root,0,0,00:00:07/35-15:25:06,42) [kauditd] (root,0,0,00:00:00/35-15:25:06,43) [khungtaskd] (root,0,0,00:00:00/35-15:25:06,44) [oom_reaper] (root,0,0,00:00:00/35-15:25:06,45) [writeback] (root,0,0,00:01:45/35-15:25:06,46) [kcompactd0] (root,0,0,00:00:00/35-15:25:06,47) [ksmd] (root,0,0,00:01:43/35-15:25:06,48) [khugepaged] (root,0,0,00:00:00/35-15:25:06,74) [kintegrityd] (root,0,0,00:00:00/35-15:25:06,75) [kblockd] (root,0,0,00:00:00/35-15:25:06,76) [blkcg_punt_bio] (root,0,0,00:00:00/35-15:25:06,78) [tpm_dev_wq] (root,0,0,00:00:00/35-15:25:06,79) [edac-poller] (root,0,0,00:00:00/35-15:25:06,80) [devfreq_wq] (root,0,0,00:00:00/35-15:25:06,110) [watchdogd] (root,0,0,00:00:07/35-15:25:06,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/35-15:25:06,112) [kswapd0] (root,0,0,00:00:00/35-15:25:05,114) [kthrotld] (root,0,0,00:00:00/35-15:25:05,115) [mld] (root,0,0,00:00:00/35-15:25:05,116) [ipv6_addrconf] (root,0,0,00:00:15/35-15:25:05,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/35-15:25:05,122) [kstrp] (root,0,0,00:00:00/35-15:25:05,123) [zswap-shrink] (root,0,0,00:00:00/35-15:25:05,124) [kworker/u9:0] (root,0,0,00:00:00/35-15:25:05,129) [charger_manager] (root,0,0,00:00:07/35-15:25:04,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/35-15:25:04,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-15:25:04,205) [kaluad] (root,0,0,00:00:00/35-15:25:04,250) [kmpath_rdacd] (root,0,0,00:00:00/35-15:25:04,293) [kmpathd] (root,0,0,00:00:00/35-15:25:04,294) [kmpath_handlerd] (root,0,0,00:00:00/35-15:25:04,342) [ata_sff] (root,0,0,00:00:00/35-15:25:03,343) [scsi_eh_0] (root,0,0,00:00:00/35-15:25:03,344) [scsi_tmf_0] (root,0,0,00:00:00/35-15:25:03,345) [scsi_eh_1] (root,0,0,00:00:00/35-15:25:03,346) [scsi_tmf_1] (root,0,0,00:00:58/35-15:25:01,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-15:25:01,367) [ext4-rsv-conver] (root,38604,7788,00:00:46/35-15:24:49,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/35-15:24:48,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:53/35-15:24:46,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/35-15:24:12,512) /sbin/auditd (messagebus,22936,5548,00:01:28/35-15:24:12,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:51/35-15:24:12,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/35-15:24:12,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/35-15:24:11,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/35-15:24:11,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32960,00:00:40/35-15:23:57,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/35-15:23:57,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:21/35-15:23:56,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/35-15:23:56,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/35-15:23:56,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/35-15:23:56,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/35-15:23:56,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:44/35-15:23:56,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:50/35-15:23:56,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/35-15:23:56,1206) bpfilter_umh (root,26204,8212,00:00:13/35-15:23:56,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/35-15:23:56,1215) ntpd: asynchronous dns resolver (spot,293800,180084,1-20:13:34/35-15:23:56,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/35-15:23:55,1228) (sd-pam) (checkmk,48532,3192,00:00:00/35-15:23:55,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/35-15:23:55,1245) (sd-pam) (root,24216,5344,00:00:11/35-15:23:54,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/35-15:23:54,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/35-15:23:53,1354) /usr/sbin/cron -n (root,698228,81996,00:46:35/35-15:23:47,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,223680,64168,00:15:16/35-15:23:33,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/00:14,4119) [kworker/1:1-ata_sff] (root,0,0,00:00:00/10:35,4297) [kworker/1:2-events] (root,6656,3488,00:00:00/00:00,5188) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,5237) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,5238) /bin/bash /usr/bin/check_mk_agent (root,4480,1060,00:00:00/00:00,5239) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,860,00:00:00/00:00,5240) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2676,1388,00:00:00/00:00,5241) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3488,00:00:00/00:00,5242) /bin/bash /usr/bin/check_mk_agent (root,13744,3360,00:00:00/00:00,5260) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,5261) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:16:48,10630) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/29-13:14:49,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:38/29-13:14:48,15391) sshd: cm-ssh (root,0,0,00:00:00/05:00:22,15974) [kworker/u8:1-writeback] (postfix,24244,8228,00:00:00/01:36:14,16513) pickup -l -t fifo -u (root,35308,10072,00:00:00/19-14:43:27,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:07/19-14:43:26,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:01:47,19051) [kworker/0:0-events] (root,0,0,00:00:00/05:33,20339) [kworker/3:2-events] (root,0,0,00:00:00/05:24,20978) [kworker/1:0-ata_sff] (root,0,0,00:00:00/13:19,27958) [kworker/2:0-events] (root,0,0,00:00:00/02:47:08,29889) [kworker/3:0-events] (postfix,44628,9272,00:00:01/29-20:00:34,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:55:37,31877) [kworker/0:1-events] (root,0,0,00:00:00/38:34,32365) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-18 01:47 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363dba38885Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:18/33-13:30:01,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/33-13:30:01,2) [kthreadd] (root,0,0,00:00:00/33-13:30:01,3) [rcu_gp] (root,0,0,00:00:00/33-13:30:01,4) [rcu_par_gp] (root,0,0,00:00:00/33-13:30:01,5) [slub_flushwq] (root,0,0,00:00:00/33-13:30:01,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-13:30:01,9) [mm_percpu_wq] (root,0,0,00:00:00/33-13:30:01,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-13:30:01,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-13:30:01,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-13:30:01,13) [ksoftirqd/0] (root,0,0,01:29:08/33-13:30:01,14) [rcu_preempt] (root,0,0,00:00:12/33-13:30:01,15) [migration/0] (root,0,0,00:00:00/33-13:30:01,16) [idle_inject/0] (root,0,0,00:00:00/33-13:30:01,18) [cpuhp/0] (root,0,0,00:00:00/33-13:30:01,19) [cpuhp/1] (root,0,0,00:00:00/33-13:30:01,20) [idle_inject/1] (root,0,0,00:00:13/33-13:30:01,21) [migration/1] (root,0,0,00:00:54/33-13:30:01,22) [ksoftirqd/1] (root,0,0,00:00:00/33-13:30:01,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-13:30:01,25) [cpuhp/2] (root,0,0,00:00:00/33-13:30:01,26) [idle_inject/2] (root,0,0,00:00:10/33-13:30:01,27) [migration/2] (root,0,0,01:04:51/33-13:30:01,28) [ksoftirqd/2] (root,0,0,00:00:00/33-13:30:01,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-13:30:01,31) [cpuhp/3] (root,0,0,00:00:00/33-13:30:01,32) [idle_inject/3] (root,0,0,00:00:12/33-13:30:01,33) [migration/3] (root,0,0,00:03:01/33-13:30:01,34) [ksoftirqd/3] (root,0,0,00:00:00/33-13:30:01,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-13:30:01,39) [kdevtmpfs] (root,0,0,00:00:00/33-13:30:01,40) [netns] (root,0,0,00:00:00/33-13:30:01,41) [inet_frag_wq] (root,0,0,00:00:07/33-13:30:01,42) [kauditd] (root,0,0,00:00:00/33-13:30:01,43) [khungtaskd] (root,0,0,00:00:00/33-13:30:01,44) [oom_reaper] (root,0,0,00:00:00/33-13:30:01,45) [writeback] (root,0,0,00:01:38/33-13:30:01,46) [kcompactd0] (root,0,0,00:00:00/33-13:30:01,47) [ksmd] (root,0,0,00:01:37/33-13:30:01,48) [khugepaged] (root,0,0,00:00:00/33-13:30:01,74) [kintegrityd] (root,0,0,00:00:00/33-13:30:01,75) [kblockd] (root,0,0,00:00:00/33-13:30:01,76) [blkcg_punt_bio] (root,0,0,00:00:00/33-13:30:01,78) [tpm_dev_wq] (root,0,0,00:00:00/33-13:30:01,79) [edac-poller] (root,0,0,00:00:00/33-13:30:01,80) [devfreq_wq] (root,0,0,00:00:00/33-13:30:01,110) [watchdogd] (root,0,0,00:00:07/33-13:30:01,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/33-13:30:01,112) [kswapd0] (root,0,0,00:00:00/33-13:30:00,114) [kthrotld] (root,0,0,00:00:00/33-13:30:00,115) [mld] (root,0,0,00:00:00/33-13:30:00,116) [ipv6_addrconf] (root,0,0,00:00:14/33-13:30:00,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/33-13:30:00,122) [kstrp] (root,0,0,00:00:00/33-13:30:00,123) [zswap-shrink] (root,0,0,00:00:00/33-13:30:00,124) [kworker/u9:0] (root,0,0,00:00:00/33-13:30:00,129) [charger_manager] (root,0,0,00:00:07/33-13:29:59,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/33-13:29:59,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-13:29:59,205) [kaluad] (root,0,0,00:00:00/33-13:29:59,250) [kmpath_rdacd] (root,0,0,00:00:00/33-13:29:59,293) [kmpathd] (root,0,0,00:00:00/33-13:29:59,294) [kmpath_handlerd] (root,0,0,00:00:00/33-13:29:59,342) [ata_sff] (root,0,0,00:00:00/33-13:29:58,343) [scsi_eh_0] (root,0,0,00:00:00/33-13:29:58,344) [scsi_tmf_0] (root,0,0,00:00:00/33-13:29:58,345) [scsi_eh_1] (root,0,0,00:00:00/33-13:29:58,346) [scsi_tmf_1] (root,0,0,00:00:54/33-13:29:56,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-13:29:56,367) [ext4-rsv-conver] (root,38604,7788,00:00:44/33-13:29:44,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/33-13:29:43,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:50/33-13:29:41,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/33-13:29:07,512) /sbin/auditd (messagebus,22936,5548,00:01:25/33-13:29:07,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:49/33-13:29:07,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/33-13:29:07,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/33-13:29:06,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/33-13:29:06,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/02:21:40,727) [kworker/u8:2-events_unbound] (root,548360,32524,00:00:38/33-13:28:52,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/33-13:28:52,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:09/33-13:28:51,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/33-13:28:51,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/33-13:28:51,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/33-13:28:51,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/33-13:28:51,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:42/33-13:28:51,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:34/33-13:28:51,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/33-13:28:51,1206) bpfilter_umh (root,26204,8212,00:00:13/33-13:28:51,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/33-13:28:51,1215) ntpd: asynchronous dns resolver (spot,293096,179952,1-17:45:28/33-13:28:51,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/33-13:28:50,1228) (sd-pam) (checkmk,48532,3192,00:00:00/33-13:28:50,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/33-13:28:50,1245) (sd-pam) (root,24216,5344,00:00:11/33-13:28:49,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/33-13:28:49,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/33-13:28:48,1354) /usr/sbin/cron -n (root,697972,81832,00:43:53/33-13:28:42,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,222656,63536,00:14:26/33-13:28:28,1380) /usr/bin/python3.11 /usr/bin/spot (postfix,24244,8284,00:00:00/02:01,2257) pickup -l -t fifo -u (root,0,0,00:00:00/01:46,3835) [kworker/u8:0] (root,0,0,00:00:00/01:46,3836) [kworker/3:1-cgroup_destroy] (root,0,0,00:00:00/36:40,7073) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/00:40,10122) [kworker/1:0-ata_sff] (root,0,0,00:00:00/05:51,12958) [kworker/1:1-events] (root,6656,3488,00:00:00/00:00,14175) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,14180) /bin/bash /usr/bin/check_mk_agent (root,13744,3532,00:00:00/00:00,14213) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,14214) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10012,00:00:00/27-11:19:44,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:31/27-11:19:43,15391) sshd: cm-ssh (root,35308,10072,00:00:00/17-12:48:22,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:00/17-12:48:21,16977) sshd: syslogtunnel (root,0,0,00:00:00/02:00:18,18088) [kworker/3:2-inet_frag_wq] (root,0,0,00:00:00/53:42,19428) [kworker/0:2-events] (root,0,0,00:00:04/02:29:58,24863) [kworker/2:1-events] (root,0,0,00:00:00/31:47,25067) [kworker/1:2-ata_sff] (root,0,0,00:00:02/02:52:16,29457) [kworker/3:0-events] (postfix,44628,9316,00:00:01/27-18:05:29,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:01:09,31017) [kworker/0:1-events] (root,0,0,00:00:00/30:20,31459) [kworker/2:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-15 23:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836303f3d152Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:15/31-13:42:42,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-13:42:42,2) [kthreadd] (root,0,0,00:00:00/31-13:42:42,3) [rcu_gp] (root,0,0,00:00:00/31-13:42:42,4) [rcu_par_gp] (root,0,0,00:00:00/31-13:42:42,5) [slub_flushwq] (root,0,0,00:00:00/31-13:42:42,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-13:42:42,9) [mm_percpu_wq] (root,0,0,00:00:00/31-13:42:42,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-13:42:42,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-13:42:42,12) [rcu_tasks_trace] (root,0,0,00:00:57/31-13:42:42,13) [ksoftirqd/0] (root,0,0,01:23:57/31-13:42:42,14) [rcu_preempt] (root,0,0,00:00:12/31-13:42:42,15) [migration/0] (root,0,0,00:00:00/31-13:42:42,16) [idle_inject/0] (root,0,0,00:00:00/31-13:42:42,18) [cpuhp/0] (root,0,0,00:00:00/31-13:42:42,19) [cpuhp/1] (root,0,0,00:00:00/31-13:42:42,20) [idle_inject/1] (root,0,0,00:00:12/31-13:42:42,21) [migration/1] (root,0,0,00:00:50/31-13:42:42,22) [ksoftirqd/1] (root,0,0,00:00:00/31-13:42:42,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-13:42:42,25) [cpuhp/2] (root,0,0,00:00:00/31-13:42:42,26) [idle_inject/2] (root,0,0,00:00:09/31-13:42:42,27) [migration/2] (root,0,0,01:01:48/31-13:42:42,28) [ksoftirqd/2] (root,0,0,00:00:00/31-13:42:42,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-13:42:42,31) [cpuhp/3] (root,0,0,00:00:00/31-13:42:42,32) [idle_inject/3] (root,0,0,00:00:11/31-13:42:42,33) [migration/3] (root,0,0,00:02:51/31-13:42:42,34) [ksoftirqd/3] (root,0,0,00:00:00/31-13:42:42,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-13:42:42,39) [kdevtmpfs] (root,0,0,00:00:00/31-13:42:42,40) [netns] (root,0,0,00:00:00/31-13:42:42,41) [inet_frag_wq] (root,0,0,00:00:07/31-13:42:42,42) [kauditd] (root,0,0,00:00:00/31-13:42:42,43) [khungtaskd] (root,0,0,00:00:00/31-13:42:42,44) [oom_reaper] (root,0,0,00:00:00/31-13:42:42,45) [writeback] (root,0,0,00:01:32/31-13:42:42,46) [kcompactd0] (root,0,0,00:00:00/31-13:42:42,47) [ksmd] (root,0,0,00:01:31/31-13:42:42,48) [khugepaged] (root,0,0,00:00:00/31-13:42:42,74) [kintegrityd] (root,0,0,00:00:00/31-13:42:42,75) [kblockd] (root,0,0,00:00:00/31-13:42:42,76) [blkcg_punt_bio] (root,0,0,00:00:00/31-13:42:42,78) [tpm_dev_wq] (root,0,0,00:00:00/31-13:42:42,79) [edac-poller] (root,0,0,00:00:00/31-13:42:42,80) [devfreq_wq] (root,0,0,00:00:00/31-13:42:42,110) [watchdogd] (root,0,0,00:00:06/31-13:42:42,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/31-13:42:42,112) [kswapd0] (root,0,0,00:00:00/31-13:42:41,114) [kthrotld] (root,0,0,00:00:00/31-13:42:41,115) [mld] (root,0,0,00:00:00/31-13:42:41,116) [ipv6_addrconf] (root,0,0,00:00:13/31-13:42:41,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/31-13:42:41,122) [kstrp] (root,0,0,00:00:00/31-13:42:41,123) [zswap-shrink] (root,0,0,00:00:00/31-13:42:41,124) [kworker/u9:0] (root,0,0,00:00:00/31-13:42:41,129) [charger_manager] (root,0,0,00:00:07/31-13:42:40,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/31-13:42:40,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-13:42:40,205) [kaluad] (root,0,0,00:00:00/31-13:42:40,250) [kmpath_rdacd] (root,0,0,00:00:00/31-13:42:40,293) [kmpathd] (root,0,0,00:00:00/31-13:42:40,294) [kmpath_handlerd] (root,0,0,00:00:00/31-13:42:40,342) [ata_sff] (root,0,0,00:00:00/31-13:42:39,343) [scsi_eh_0] (root,0,0,00:00:00/31-13:42:39,344) [scsi_tmf_0] (root,0,0,00:00:00/31-13:42:39,345) [scsi_eh_1] (root,0,0,00:00:00/31-13:42:39,346) [scsi_tmf_1] (root,0,0,00:00:51/31-13:42:37,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-13:42:37,367) [ext4-rsv-conver] (root,38604,7788,00:00:42/31-13:42:25,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/31-13:42:24,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:47/31-13:42:22,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:15/31-13:41:48,512) /sbin/auditd (messagebus,22936,5548,00:01:22/31-13:41:48,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:47/31-13:41:48,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/31-13:41:48,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/31-13:41:47,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/31-13:41:47,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:35/31-13:41:33,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/31-13:41:33,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:02:57/31-13:41:32,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/31-13:41:32,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/31-13:41:32,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/31-13:41:32,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/31-13:41:32,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:40/31-13:41:32,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:18/31-13:41:32,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/31-13:41:32,1206) bpfilter_umh (root,26204,8212,00:00:12/31-13:41:32,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/31-13:41:32,1215) ntpd: asynchronous dns resolver (spot,286584,173752,1-15:29:40/31-13:41:32,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/31-13:41:31,1228) (sd-pam) (checkmk,48532,3192,00:00:00/31-13:41:31,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/31-13:41:31,1245) (sd-pam) (root,24216,5344,00:00:10/31-13:41:30,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/31-13:41:30,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/31-13:41:29,1354) /usr/sbin/cron -n (root,697972,81512,00:41:18/31-13:41:23,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,221632,61380,00:13:37/31-13:41:09,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/02:27,9372) [kworker/1:0-ata_sff] (root,0,0,00:00:03/01:58:28,11542) [kworker/2:0-events] (root,35308,10012,00:00:00/25-11:32:25,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:24/25-11:32:24,15391) sshd: cm-ssh (root,0,0,00:00:00/02:09:20,16327) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10072,00:00:00/15-13:01:03,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:53/15-13:01:02,16977) sshd: syslogtunnel (root,0,0,00:00:00/07:39,20275) [kworker/1:2-events] (root,0,0,00:00:00/01:04:44,22377) [kworker/0:1-events] (root,0,0,00:00:00/58:55,24430) [kworker/3:0-events] (root,0,0,00:00:00/29:13,25324) [kworker/3:1] (root,6656,3484,00:00:00/00:00,27070) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,27088) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,27089) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:09,28354) [kworker/0:0-events] (postfix,24244,8252,00:00:00/36:37,28439) pickup -l -t fifo -u (root,0,0,00:00:00/01:36:05,29649) [kworker/2:2-events] (postfix,44628,9316,00:00:01/25-18:18:10,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/18:03,31624) [kworker/1:1-ata_sff] (root,0,0,00:00:00/49:53,31712) [kworker/u8:1-flush-253:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-14 00:04 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836366a636c5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:12/29-14:43:11,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-14:43:11,2) [kthreadd] (root,0,0,00:00:00/29-14:43:11,3) [rcu_gp] (root,0,0,00:00:00/29-14:43:11,4) [rcu_par_gp] (root,0,0,00:00:00/29-14:43:11,5) [slub_flushwq] (root,0,0,00:00:00/29-14:43:11,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-14:43:11,9) [mm_percpu_wq] (root,0,0,00:00:00/29-14:43:11,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-14:43:11,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-14:43:11,12) [rcu_tasks_trace] (root,0,0,00:00:53/29-14:43:11,13) [ksoftirqd/0] (root,0,0,01:18:54/29-14:43:11,14) [rcu_preempt] (root,0,0,00:00:11/29-14:43:11,15) [migration/0] (root,0,0,00:00:00/29-14:43:11,16) [idle_inject/0] (root,0,0,00:00:00/29-14:43:11,18) [cpuhp/0] (root,0,0,00:00:00/29-14:43:11,19) [cpuhp/1] (root,0,0,00:00:00/29-14:43:11,20) [idle_inject/1] (root,0,0,00:00:11/29-14:43:11,21) [migration/1] (root,0,0,00:00:46/29-14:43:11,22) [ksoftirqd/1] (root,0,0,00:00:00/29-14:43:11,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-14:43:11,25) [cpuhp/2] (root,0,0,00:00:00/29-14:43:11,26) [idle_inject/2] (root,0,0,00:00:09/29-14:43:11,27) [migration/2] (root,0,0,00:58:16/29-14:43:11,28) [ksoftirqd/2] (root,0,0,00:00:00/29-14:43:11,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-14:43:11,31) [cpuhp/3] (root,0,0,00:00:00/29-14:43:11,32) [idle_inject/3] (root,0,0,00:00:11/29-14:43:11,33) [migration/3] (root,0,0,00:02:40/29-14:43:11,34) [ksoftirqd/3] (root,0,0,00:00:00/29-14:43:11,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-14:43:11,39) [kdevtmpfs] (root,0,0,00:00:00/29-14:43:11,40) [netns] (root,0,0,00:00:00/29-14:43:11,41) [inet_frag_wq] (root,0,0,00:00:06/29-14:43:11,42) [kauditd] (root,0,0,00:00:00/29-14:43:11,43) [khungtaskd] (root,0,0,00:00:00/29-14:43:11,44) [oom_reaper] (root,0,0,00:00:00/29-14:43:11,45) [writeback] (root,0,0,00:01:27/29-14:43:11,46) [kcompactd0] (root,0,0,00:00:00/29-14:43:11,47) [ksmd] (root,0,0,00:01:25/29-14:43:11,48) [khugepaged] (root,0,0,00:00:00/29-14:43:11,74) [kintegrityd] (root,0,0,00:00:00/29-14:43:11,75) [kblockd] (root,0,0,00:00:00/29-14:43:11,76) [blkcg_punt_bio] (root,0,0,00:00:00/29-14:43:11,78) [tpm_dev_wq] (root,0,0,00:00:00/29-14:43:11,79) [edac-poller] (root,0,0,00:00:00/29-14:43:11,80) [devfreq_wq] (root,0,0,00:00:00/29-14:43:11,110) [watchdogd] (root,0,0,00:00:06/29-14:43:11,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/29-14:43:11,112) [kswapd0] (root,0,0,00:00:00/29-14:43:10,114) [kthrotld] (root,0,0,00:00:00/29-14:43:10,115) [mld] (root,0,0,00:00:00/29-14:43:10,116) [ipv6_addrconf] (root,0,0,00:00:12/29-14:43:10,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/29-14:43:10,122) [kstrp] (root,0,0,00:00:00/29-14:43:10,123) [zswap-shrink] (root,0,0,00:00:00/29-14:43:10,124) [kworker/u9:0] (root,0,0,00:00:00/29-14:43:10,129) [charger_manager] (root,0,0,00:00:06/29-14:43:09,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/29-14:43:09,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-14:43:09,205) [kaluad] (root,0,0,00:00:00/29-14:43:09,250) [kmpath_rdacd] (root,0,0,00:00:00/29-14:43:09,293) [kmpathd] (root,0,0,00:00:00/29-14:43:09,294) [kmpath_handlerd] (root,0,0,00:00:00/29-14:43:09,342) [ata_sff] (root,0,0,00:00:00/29-14:43:08,343) [scsi_eh_0] (root,0,0,00:00:00/29-14:43:08,344) [scsi_tmf_0] (root,0,0,00:00:00/29-14:43:08,345) [scsi_eh_1] (root,0,0,00:00:00/29-14:43:08,346) [scsi_tmf_1] (root,0,0,00:00:48/29-14:43:06,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-14:43:06,367) [ext4-rsv-conver] (root,38604,7788,00:00:40/29-14:42:54,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/29-14:42:53,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:44/29-14:42:51,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/29-14:42:17,512) /sbin/auditd (messagebus,22936,5548,00:01:18/29-14:42:17,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:45/29-14:42:17,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/29-14:42:17,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/29-14:42:16,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/29-14:42:16,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/40:36,931) [kworker/3:1-events] (root,548360,31484,00:00:33/29-14:42:02,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/29-14:42:02,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:42/29-14:42:01,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/29-14:42:01,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/29-14:42:01,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/29-14:42:01,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/29-14:42:01,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:38/29-14:42:01,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:02/29-14:42:01,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/29-14:42:01,1206) bpfilter_umh (root,26204,8212,00:00:12/29-14:42:01,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/29-14:42:01,1215) ntpd: asynchronous dns resolver (spot,291612,178816,1-13:01:10/29-14:42:01,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/29-14:42:00,1228) (sd-pam) (checkmk,48532,3192,00:00:00/29-14:42:00,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/29-14:42:00,1245) (sd-pam) (root,24216,5344,00:00:09/29-14:41:59,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/29-14:41:59,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/29-14:41:58,1354) /usr/sbin/cron -n (root,697576,81148,00:38:44/29-14:41:52,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,220608,60500,00:12:54/29-14:41:38,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/11:36,3903) [kworker/0:2-events] (root,0,0,00:00:00/01:44:58,3949) [kworker/u8:1-writeback] (root,0,0,00:00:00/01:15:48,4092) [kworker/3:0-events] (root,0,0,00:00:00/03:50:18,8802) [kworker/u8:0] (root,0,0,00:00:00/01:30:37,10360) [kworker/2:2-events] (root,0,0,00:00:01/01:23:04,10395) [kworker/2:0-events] (root,0,0,00:00:00/00:11,11574) [kworker/1:2-ata_sff] (root,6656,3488,00:00:00/00:00,12533) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,12574) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,12575) /bin/bash /usr/bin/check_mk_agent (root,4480,1036,00:00:00/00:00,12576) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,784,00:00:00/00:00,12577) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,680,00:00:00/00:00,12578) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3492,00:00:00/00:00,12579) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,12597) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,12598) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8204,00:00:00/18:52,14984) pickup -l -t fifo -u (root,35308,10012,00:00:00/23-12:32:54,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:18/23-12:32:53,15391) sshd: cm-ssh (root,35308,10072,00:00:00/13-14:01:32,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:47/13-14:01:31,16977) sshd: syslogtunnel (root,0,0,00:00:02/07:25:44,20264) [kworker/0:1-events] (root,0,0,00:00:01/01:28:23,21615) [kworker/1:1-ata_sff] (root,0,0,00:00:00/05:21,25239) [kworker/1:0-events] (postfix,44628,9316,00:00:01/23-19:18:39,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-12 01:05 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d644e50aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:08/27-14:45:26,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-14:45:26,2) [kthreadd] (root,0,0,00:00:00/27-14:45:26,3) [rcu_gp] (root,0,0,00:00:00/27-14:45:26,4) [rcu_par_gp] (root,0,0,00:00:00/27-14:45:26,5) [slub_flushwq] (root,0,0,00:00:00/27-14:45:26,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-14:45:26,9) [mm_percpu_wq] (root,0,0,00:00:00/27-14:45:26,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-14:45:26,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-14:45:26,12) [rcu_tasks_trace] (root,0,0,00:00:50/27-14:45:26,13) [ksoftirqd/0] (root,0,0,01:13:46/27-14:45:26,14) [rcu_preempt] (root,0,0,00:00:10/27-14:45:26,15) [migration/0] (root,0,0,00:00:00/27-14:45:26,16) [idle_inject/0] (root,0,0,00:00:00/27-14:45:26,18) [cpuhp/0] (root,0,0,00:00:00/27-14:45:26,19) [cpuhp/1] (root,0,0,00:00:00/27-14:45:26,20) [idle_inject/1] (root,0,0,00:00:10/27-14:45:26,21) [migration/1] (root,0,0,00:00:44/27-14:45:26,22) [ksoftirqd/1] (root,0,0,00:00:00/27-14:45:26,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-14:45:26,25) [cpuhp/2] (root,0,0,00:00:00/27-14:45:26,26) [idle_inject/2] (root,0,0,00:00:08/27-14:45:26,27) [migration/2] (root,0,0,00:55:30/27-14:45:26,28) [ksoftirqd/2] (root,0,0,00:00:00/27-14:45:26,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-14:45:26,31) [cpuhp/3] (root,0,0,00:00:00/27-14:45:26,32) [idle_inject/3] (root,0,0,00:00:10/27-14:45:26,33) [migration/3] (root,0,0,00:02:32/27-14:45:26,34) [ksoftirqd/3] (root,0,0,00:00:00/27-14:45:26,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-14:45:26,39) [kdevtmpfs] (root,0,0,00:00:00/27-14:45:26,40) [netns] (root,0,0,00:00:00/27-14:45:26,41) [inet_frag_wq] (root,0,0,00:00:06/27-14:45:26,42) [kauditd] (root,0,0,00:00:00/27-14:45:26,43) [khungtaskd] (root,0,0,00:00:00/27-14:45:26,44) [oom_reaper] (root,0,0,00:00:00/27-14:45:26,45) [writeback] (root,0,0,00:01:21/27-14:45:26,46) [kcompactd0] (root,0,0,00:00:00/27-14:45:26,47) [ksmd] (root,0,0,00:01:19/27-14:45:26,48) [khugepaged] (root,0,0,00:00:00/27-14:45:26,74) [kintegrityd] (root,0,0,00:00:00/27-14:45:26,75) [kblockd] (root,0,0,00:00:00/27-14:45:26,76) [blkcg_punt_bio] (root,0,0,00:00:00/27-14:45:26,78) [tpm_dev_wq] (root,0,0,00:00:00/27-14:45:26,79) [edac-poller] (root,0,0,00:00:00/27-14:45:26,80) [devfreq_wq] (root,0,0,00:00:00/27-14:45:26,110) [watchdogd] (root,0,0,00:00:05/27-14:45:26,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/27-14:45:26,112) [kswapd0] (root,0,0,00:00:00/27-14:45:25,114) [kthrotld] (root,0,0,00:00:00/27-14:45:25,115) [mld] (root,0,0,00:00:00/27-14:45:25,116) [ipv6_addrconf] (root,0,0,00:00:11/27-14:45:25,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/27-14:45:25,122) [kstrp] (root,0,0,00:00:00/27-14:45:25,123) [zswap-shrink] (root,0,0,00:00:00/27-14:45:25,124) [kworker/u9:0] (root,0,0,00:00:00/27-14:45:25,129) [charger_manager] (root,0,0,00:00:06/27-14:45:24,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/27-14:45:24,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-14:45:24,205) [kaluad] (root,0,0,00:00:00/27-14:45:24,250) [kmpath_rdacd] (root,0,0,00:00:00/27-14:45:24,293) [kmpathd] (root,0,0,00:00:00/27-14:45:24,294) [kmpath_handlerd] (root,0,0,00:00:00/27-14:45:24,342) [ata_sff] (root,0,0,00:00:00/27-14:45:23,343) [scsi_eh_0] (root,0,0,00:00:00/27-14:45:23,344) [scsi_tmf_0] (root,0,0,00:00:00/27-14:45:23,345) [scsi_eh_1] (root,0,0,00:00:00/27-14:45:23,346) [scsi_tmf_1] (root,0,0,00:00:45/27-14:45:21,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-14:45:21,367) [ext4-rsv-conver] (root,38604,7788,00:00:38/27-14:45:09,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/27-14:45:08,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:41/27-14:45:06,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/27-14:44:32,512) /sbin/auditd (messagebus,22936,5548,00:01:14/27-14:44:32,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8520,00:00:43/27-14:44:32,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/27-14:44:32,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,0,0,00:00:00/01:54,584) [kworker/1:0-ata_sff] (root,31876,16108,00:00:03/27-14:44:31,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/27-14:44:31,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:31/27-14:44:17,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/27-14:44:17,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:34/27-14:44:16,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/27-14:44:16,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/27-14:44:16,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/27-14:44:16,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/27-14:44:16,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:36/27-14:44:16,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:03:46/27-14:44:16,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/27-14:44:16,1206) bpfilter_umh (root,26204,8212,00:00:11/27-14:44:16,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/27-14:44:16,1215) ntpd: asynchronous dns resolver (spot,289960,176644,1-10:41:00/27-14:44:16,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/27-14:44:15,1228) (sd-pam) (checkmk,48532,3192,00:00:00/27-14:44:15,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/27-14:44:15,1245) (sd-pam) (root,24216,5344,00:00:09/27-14:44:14,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/27-14:44:14,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/27-14:44:13,1354) /usr/sbin/cron -n (root,697064,80568,00:36:08/27-14:44:07,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,219584,58620,00:11:36/27-14:43:53,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/03:58:58,1639) [kworker/3:1-events] (postfix,24244,8288,00:00:00/43:08,4237) pickup -l -t fifo -u (root,0,0,00:00:00/10:43,5127) [kworker/0:2] (root,0,0,00:00:00/53:58,7755) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/01:32:33,8451) [kworker/u8:2-ext4-rsv-conversion] (root,6656,3484,00:00:00/00:00,10354) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,10372) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,10373) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:06,12518) [kworker/1:2-ata_sff] (root,35308,10012,00:00:00/21-12:35:09,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:11/21-12:35:08,15391) sshd: cm-ssh (root,0,0,00:00:00/38:13,15445) [kworker/1:1-events] (root,0,0,00:00:00/18:11,16162) [kworker/0:1-events] (root,35308,10072,00:00:00/11-14:03:47,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:40/11-14:03:46,16977) sshd: syslogtunnel (root,0,0,00:00:00/27:04,19174) [kworker/u8:1-writeback] (root,0,0,00:00:00/25:18,24768) [kworker/2:0-events] (root,0,0,00:00:00/03:37,27446) [kworker/3:0] (root,0,0,00:00:02/02:07:28,27932) [kworker/2:2-events] (postfix,44628,9316,00:00:00/21-19:20:54,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-10 01:07 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836336eaa516Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12816,00:01:04/25-14:32:34,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-14:32:34,2) [kthreadd] (root,0,0,00:00:00/25-14:32:34,3) [rcu_gp] (root,0,0,00:00:00/25-14:32:34,4) [rcu_par_gp] (root,0,0,00:00:00/25-14:32:34,5) [slub_flushwq] (root,0,0,00:00:00/25-14:32:34,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-14:32:34,9) [mm_percpu_wq] (root,0,0,00:00:00/25-14:32:34,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-14:32:34,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-14:32:34,12) [rcu_tasks_trace] (root,0,0,00:00:46/25-14:32:34,13) [ksoftirqd/0] (root,0,0,01:08:27/25-14:32:34,14) [rcu_preempt] (root,0,0,00:00:09/25-14:32:34,15) [migration/0] (root,0,0,00:00:00/25-14:32:34,16) [idle_inject/0] (root,0,0,00:00:00/25-14:32:34,18) [cpuhp/0] (root,0,0,00:00:00/25-14:32:34,19) [cpuhp/1] (root,0,0,00:00:00/25-14:32:34,20) [idle_inject/1] (root,0,0,00:00:10/25-14:32:34,21) [migration/1] (root,0,0,00:00:40/25-14:32:34,22) [ksoftirqd/1] (root,0,0,00:00:00/25-14:32:34,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-14:32:34,25) [cpuhp/2] (root,0,0,00:00:00/25-14:32:34,26) [idle_inject/2] (root,0,0,00:00:08/25-14:32:34,27) [migration/2] (root,0,0,00:52:18/25-14:32:34,28) [ksoftirqd/2] (root,0,0,00:00:00/25-14:32:34,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-14:32:34,31) [cpuhp/3] (root,0,0,00:00:00/25-14:32:34,32) [idle_inject/3] (root,0,0,00:00:09/25-14:32:34,33) [migration/3] (root,0,0,00:02:22/25-14:32:34,34) [ksoftirqd/3] (root,0,0,00:00:00/25-14:32:34,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-14:32:34,39) [kdevtmpfs] (root,0,0,00:00:00/25-14:32:34,40) [netns] (root,0,0,00:00:00/25-14:32:34,41) [inet_frag_wq] (root,0,0,00:00:06/25-14:32:34,42) [kauditd] (root,0,0,00:00:00/25-14:32:34,43) [khungtaskd] (root,0,0,00:00:00/25-14:32:34,44) [oom_reaper] (root,0,0,00:00:00/25-14:32:34,45) [writeback] (root,0,0,00:01:15/25-14:32:34,46) [kcompactd0] (root,0,0,00:00:00/25-14:32:34,47) [ksmd] (root,0,0,00:01:14/25-14:32:34,48) [khugepaged] (root,0,0,00:00:00/25-14:32:34,74) [kintegrityd] (root,0,0,00:00:00/25-14:32:34,75) [kblockd] (root,0,0,00:00:00/25-14:32:34,76) [blkcg_punt_bio] (root,0,0,00:00:00/25-14:32:34,78) [tpm_dev_wq] (root,0,0,00:00:00/25-14:32:34,79) [edac-poller] (root,0,0,00:00:00/25-14:32:34,80) [devfreq_wq] (root,0,0,00:00:00/25-14:32:34,110) [watchdogd] (root,0,0,00:00:05/25-14:32:34,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/25-14:32:34,112) [kswapd0] (root,0,0,00:00:00/25-14:32:33,114) [kthrotld] (root,0,0,00:00:00/25-14:32:33,115) [mld] (root,0,0,00:00:00/25-14:32:33,116) [ipv6_addrconf] (root,0,0,00:00:11/25-14:32:33,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/25-14:32:33,122) [kstrp] (root,0,0,00:00:00/25-14:32:33,123) [zswap-shrink] (root,0,0,00:00:00/25-14:32:33,124) [kworker/u9:0] (root,0,0,00:00:00/25-14:32:33,129) [charger_manager] (root,0,0,00:00:05/25-14:32:32,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/25-14:32:32,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-14:32:32,205) [kaluad] (root,0,0,00:00:00/25-14:32:32,250) [kmpath_rdacd] (root,0,0,00:00:00/25-14:32:32,293) [kmpathd] (root,0,0,00:00:00/25-14:32:32,294) [kmpath_handlerd] (root,0,0,00:00:00/25-14:32:32,342) [ata_sff] (root,0,0,00:00:00/25-14:32:31,343) [scsi_eh_0] (root,0,0,00:00:00/25-14:32:31,344) [scsi_tmf_0] (root,0,0,00:00:00/25-14:32:31,345) [scsi_eh_1] (root,0,0,00:00:00/25-14:32:31,346) [scsi_tmf_1] (root,0,0,00:00:41/25-14:32:29,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-14:32:29,367) [ext4-rsv-conver] (root,38604,7876,00:00:36/25-14:32:17,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:03/25-14:32:16,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:38/25-14:32:14,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:13/25-14:31:40,512) /sbin/auditd (messagebus,22936,5640,00:01:11/25-14:31:40,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:41/25-14:31:40,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/25-14:31:40,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/25-14:31:39,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/25-14:31:39,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,30844,00:00:29/25-14:31:25,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/25-14:31:25,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:22/25-14:31:24,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/25-14:31:24,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/25-14:31:24,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/25-14:31:24,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/25-14:31:24,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:34/25-14:31:24,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:29/25-14:31:24,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/25-14:31:24,1206) bpfilter_umh (root,26204,8300,00:00:11/25-14:31:24,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/25-14:31:24,1215) ntpd: asynchronous dns resolver (spot,301616,188308,1-08:06:36/25-14:31:24,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/25-14:31:23,1228) (sd-pam) (checkmk,48532,3192,00:00:00/25-14:31:23,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/25-14:31:23,1245) (sd-pam) (root,24216,5348,00:00:08/25-14:31:22,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/25-14:31:22,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/25-14:31:21,1354) /usr/sbin/cron -n (root,694116,77808,00:33:30/25-14:31:15,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,218560,57996,00:10:11/25-14:31:01,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/06:50,4602) [kworker/1:1-ata_sff] (root,0,0,00:00:00/37:57,6090) [kworker/1:0-events] (root,0,0,00:00:00/39:40,6321) [kworker/u8:0-writeback] (root,0,0,00:00:00/06:26,6556) [kworker/0:0-events_power_efficient] (root,6656,3484,00:00:00/00:00,6754) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,6772) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,6773) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:27:47,14356) [kworker/2:0-events] (root,35308,10012,00:00:00/19-12:22:17,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:05/19-12:22:16,15391) sshd: cm-ssh (root,0,0,00:00:01/01:55:21,16404) [kworker/0:1-events] (root,35308,10072,00:00:00/9-13:50:55,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:33/9-13:50:54,16977) sshd: syslogtunnel (root,0,0,00:00:00/10:24:45,17512) [kworker/u8:2-ext4-rsv-conversion] (postfix,24244,8240,00:00:00/51:10,17853) pickup -l -t fifo -u (root,0,0,00:00:00/13:13,18061) [kworker/3:0] (root,0,0,00:00:07/07:35:09,21123) [kworker/2:1-events] (root,0,0,00:00:00/01:39,29707) [kworker/1:2-ata_sff] (postfix,44628,9372,00:00:00/19-19:08:02,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/19:50,30755) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-08 00:54 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836381c67e75Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:01:01/23-14:40:00,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-14:40:00,2) [kthreadd] (root,0,0,00:00:00/23-14:40:00,3) [rcu_gp] (root,0,0,00:00:00/23-14:40:00,4) [rcu_par_gp] (root,0,0,00:00:00/23-14:40:00,5) [slub_flushwq] (root,0,0,00:00:00/23-14:40:00,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-14:40:00,9) [mm_percpu_wq] (root,0,0,00:00:00/23-14:40:00,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-14:40:00,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-14:40:00,12) [rcu_tasks_trace] (root,0,0,00:00:43/23-14:40:00,13) [ksoftirqd/0] (root,0,0,01:02:53/23-14:40:00,14) [rcu_preempt] (root,0,0,00:00:08/23-14:40:00,15) [migration/0] (root,0,0,00:00:00/23-14:40:00,16) [idle_inject/0] (root,0,0,00:00:00/23-14:40:00,18) [cpuhp/0] (root,0,0,00:00:00/23-14:40:00,19) [cpuhp/1] (root,0,0,00:00:00/23-14:40:00,20) [idle_inject/1] (root,0,0,00:00:09/23-14:40:00,21) [migration/1] (root,0,0,00:00:37/23-14:40:00,22) [ksoftirqd/1] (root,0,0,00:00:00/23-14:40:00,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-14:40:00,25) [cpuhp/2] (root,0,0,00:00:00/23-14:40:00,26) [idle_inject/2] (root,0,0,00:00:07/23-14:40:00,27) [migration/2] (root,0,0,00:47:40/23-14:40:00,28) [ksoftirqd/2] (root,0,0,00:00:00/23-14:40:00,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-14:40:00,31) [cpuhp/3] (root,0,0,00:00:00/23-14:40:00,32) [idle_inject/3] (root,0,0,00:00:08/23-14:40:00,33) [migration/3] (root,0,0,00:02:10/23-14:40:00,34) [ksoftirqd/3] (root,0,0,00:00:00/23-14:40:00,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-14:40:00,39) [kdevtmpfs] (root,0,0,00:00:00/23-14:40:00,40) [netns] (root,0,0,00:00:00/23-14:40:00,41) [inet_frag_wq] (root,0,0,00:00:05/23-14:40:00,42) [kauditd] (root,0,0,00:00:00/23-14:40:00,43) [khungtaskd] (root,0,0,00:00:00/23-14:40:00,44) [oom_reaper] (root,0,0,00:00:00/23-14:40:00,45) [writeback] (root,0,0,00:01:09/23-14:40:00,46) [kcompactd0] (root,0,0,00:00:00/23-14:40:00,47) [ksmd] (root,0,0,00:01:08/23-14:40:00,48) [khugepaged] (root,0,0,00:00:00/23-14:40:00,74) [kintegrityd] (root,0,0,00:00:00/23-14:40:00,75) [kblockd] (root,0,0,00:00:00/23-14:40:00,76) [blkcg_punt_bio] (root,0,0,00:00:00/23-14:40:00,78) [tpm_dev_wq] (root,0,0,00:00:00/23-14:40:00,79) [edac-poller] (root,0,0,00:00:00/23-14:40:00,80) [devfreq_wq] (root,0,0,00:00:00/23-14:40:00,110) [watchdogd] (root,0,0,00:00:04/23-14:40:00,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/23-14:40:00,112) [kswapd0] (root,0,0,00:00:00/23-14:39:59,114) [kthrotld] (root,0,0,00:00:00/23-14:39:59,115) [mld] (root,0,0,00:00:00/23-14:39:59,116) [ipv6_addrconf] (root,0,0,00:00:10/23-14:39:59,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/23-14:39:59,122) [kstrp] (root,0,0,00:00:00/23-14:39:59,123) [zswap-shrink] (root,0,0,00:00:00/23-14:39:59,124) [kworker/u9:0] (root,0,0,00:00:00/23-14:39:59,129) [charger_manager] (root,0,0,00:00:05/23-14:39:58,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/23-14:39:58,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-14:39:58,205) [kaluad] (root,0,0,00:00:00/23-14:39:58,250) [kmpath_rdacd] (root,0,0,00:00:00/23-14:39:58,293) [kmpathd] (root,0,0,00:00:00/23-14:39:58,294) [kmpath_handlerd] (root,0,0,00:00:00/23-14:39:58,342) [ata_sff] (root,0,0,00:00:00/23-14:39:57,343) [scsi_eh_0] (root,0,0,00:00:00/23-14:39:57,344) [scsi_tmf_0] (root,0,0,00:00:00/23-14:39:57,345) [scsi_eh_1] (root,0,0,00:00:00/23-14:39:57,346) [scsi_tmf_1] (root,0,0,00:00:37/23-14:39:55,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-14:39:55,367) [ext4-rsv-conver] (root,38604,7876,00:00:34/23-14:39:43,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/23-14:39:42,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:35/23-14:39:40,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:12/23-14:39:06,512) /sbin/auditd (messagebus,22936,5640,00:01:07/23-14:39:06,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:38/23-14:39:06,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/23-14:39:06,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/23-14:39:05,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/23-14:39:05,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,30324,00:00:26/23-14:38:51,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/23-14:38:51,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:10/23-14:38:50,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/23-14:38:50,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/23-14:38:50,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/23-14:38:50,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/23-14:38:50,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:32/23-14:38:50,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:12/23-14:38:50,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/23-14:38:50,1206) bpfilter_umh (root,26204,8300,00:00:10/23-14:38:50,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/23-14:38:50,1215) ntpd: asynchronous dns resolver (spot,285372,172700,1-05:41:23/23-14:38:50,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/23-14:38:49,1228) (sd-pam) (checkmk,48532,3192,00:00:00/23-14:38:49,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/23-14:38:49,1245) (sd-pam) (root,24216,5348,00:00:07/23-14:38:48,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/23-14:38:48,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/23-14:38:47,1354) /usr/sbin/cron -n (root,693860,77156,00:30:48/23-14:38:41,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,55852,00:08:45/23-14:38:27,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/15:53,4265) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/01:21:34,7327) [kworker/0:0-events] (root,0,0,00:00:00/03:30:25,7973) [kworker/0:1-events] (root,0,0,00:00:00/14:12,11498) [kworker/3:1-events] (root,0,0,00:00:00/21:38,13370) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/01:27,13429) [kworker/1:2-events] (root,35308,10012,00:00:00/17-12:29:43,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:58/17-12:29:42,15391) sshd: cm-ssh (postfix,24244,8204,00:00:00/01:20:24,15690) pickup -l -t fifo -u (root,0,0,00:00:00/07:29,15975) [kworker/2:0-events] (root,0,0,00:00:01/05:24:03,16672) [kworker/3:2-events] (root,35308,10072,00:00:00/7-13:58:21,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:26/7-13:58:20,16977) sshd: syslogtunnel (root,0,0,00:00:01/01:28:19,19831) [kworker/2:1-events] (root,0,0,00:00:00/00:32,22650) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/06:40,24035) [kworker/1:0-ata_sff] (root,0,0,00:00:00/17:03,26077) [kworker/1:1-ata_sff] (root,6656,3484,00:00:00/00:00,26138) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,26156) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,26157) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,44628,9372,00:00:00/17-19:15:28,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-06 01:02 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683634ed3ad98Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12808,00:00:57/21-14:33:44,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-14:33:44,2) [kthreadd] (root,0,0,00:00:00/21-14:33:44,3) [rcu_gp] (root,0,0,00:00:00/21-14:33:44,4) [rcu_par_gp] (root,0,0,00:00:00/21-14:33:44,5) [slub_flushwq] (root,0,0,00:00:00/21-14:33:44,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-14:33:44,9) [mm_percpu_wq] (root,0,0,00:00:00/21-14:33:44,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-14:33:44,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-14:33:44,12) [rcu_tasks_trace] (root,0,0,00:00:39/21-14:33:44,13) [ksoftirqd/0] (root,0,0,00:57:31/21-14:33:44,14) [rcu_preempt] (root,0,0,00:00:08/21-14:33:44,15) [migration/0] (root,0,0,00:00:00/21-14:33:44,16) [idle_inject/0] (root,0,0,00:00:00/21-14:33:44,18) [cpuhp/0] (root,0,0,00:00:00/21-14:33:44,19) [cpuhp/1] (root,0,0,00:00:00/21-14:33:44,20) [idle_inject/1] (root,0,0,00:00:08/21-14:33:44,21) [migration/1] (root,0,0,00:00:34/21-14:33:44,22) [ksoftirqd/1] (root,0,0,00:00:00/21-14:33:44,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-14:33:44,25) [cpuhp/2] (root,0,0,00:00:00/21-14:33:44,26) [idle_inject/2] (root,0,0,00:00:06/21-14:33:44,27) [migration/2] (root,0,0,00:43:41/21-14:33:44,28) [ksoftirqd/2] (root,0,0,00:00:00/21-14:33:44,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-14:33:44,31) [cpuhp/3] (root,0,0,00:00:00/21-14:33:44,32) [idle_inject/3] (root,0,0,00:00:08/21-14:33:44,33) [migration/3] (root,0,0,00:02:00/21-14:33:44,34) [ksoftirqd/3] (root,0,0,00:00:00/21-14:33:44,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-14:33:44,39) [kdevtmpfs] (root,0,0,00:00:00/21-14:33:44,40) [netns] (root,0,0,00:00:00/21-14:33:44,41) [inet_frag_wq] (root,0,0,00:00:05/21-14:33:44,42) [kauditd] (root,0,0,00:00:00/21-14:33:44,43) [khungtaskd] (root,0,0,00:00:00/21-14:33:44,44) [oom_reaper] (root,0,0,00:00:00/21-14:33:44,45) [writeback] (root,0,0,00:01:03/21-14:33:44,46) [kcompactd0] (root,0,0,00:00:00/21-14:33:44,47) [ksmd] (root,0,0,00:01:02/21-14:33:44,48) [khugepaged] (root,0,0,00:00:00/21-14:33:44,74) [kintegrityd] (root,0,0,00:00:00/21-14:33:44,75) [kblockd] (root,0,0,00:00:00/21-14:33:44,76) [blkcg_punt_bio] (root,0,0,00:00:00/21-14:33:44,78) [tpm_dev_wq] (root,0,0,00:00:00/21-14:33:44,79) [edac-poller] (root,0,0,00:00:00/21-14:33:44,80) [devfreq_wq] (root,0,0,00:00:00/21-14:33:44,110) [watchdogd] (root,0,0,00:00:04/21-14:33:44,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/21-14:33:44,112) [kswapd0] (root,0,0,00:00:00/21-14:33:43,114) [kthrotld] (root,0,0,00:00:00/21-14:33:43,115) [mld] (root,0,0,00:00:00/21-14:33:43,116) [ipv6_addrconf] (root,0,0,00:00:09/21-14:33:43,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/21-14:33:43,122) [kstrp] (root,0,0,00:00:00/21-14:33:43,123) [zswap-shrink] (root,0,0,00:00:00/21-14:33:43,124) [kworker/u9:0] (root,0,0,00:00:00/21-14:33:43,129) [charger_manager] (root,0,0,00:00:04/21-14:33:42,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/21-14:33:42,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-14:33:42,205) [kaluad] (root,0,0,00:00:00/21-14:33:42,250) [kmpath_rdacd] (root,0,0,00:00:00/21-14:33:42,293) [kmpathd] (root,0,0,00:00:00/21-14:33:42,294) [kmpath_handlerd] (root,0,0,00:00:00/21-14:33:42,342) [ata_sff] (root,0,0,00:00:00/21-14:33:41,343) [scsi_eh_0] (root,0,0,00:00:00/21-14:33:41,344) [scsi_tmf_0] (root,0,0,00:00:00/21-14:33:41,345) [scsi_eh_1] (root,0,0,00:00:00/21-14:33:41,346) [scsi_tmf_1] (root,0,0,00:00:33/21-14:33:39,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-14:33:39,367) [ext4-rsv-conver] (root,38604,7876,00:00:31/21-14:33:27,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/21-14:33:26,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:32/21-14:33:24,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:11/21-14:32:50,512) /sbin/auditd (messagebus,22936,5640,00:01:03/21-14:32:50,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:36/21-14:32:50,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/21-14:32:50,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/21-14:32:49,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/21-14:32:49,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29804,00:00:24/21-14:32:35,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/21-14:32:35,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:00/21-14:32:34,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/21-14:32:34,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/21-14:32:34,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/21-14:32:34,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/21-14:32:34,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:30/21-14:32:34,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:02:56/21-14:32:34,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/21-14:32:34,1206) bpfilter_umh (root,26204,8300,00:00:09/21-14:32:34,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/21-14:32:34,1215) ntpd: asynchronous dns resolver (spot,285068,171844,1-03:19:51/21-14:32:34,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/21-14:32:33,1228) (sd-pam) (checkmk,48532,3192,00:00:00/21-14:32:33,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/21-14:32:33,1245) (sd-pam) (root,24216,5348,00:00:07/21-14:32:32,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/21-14:32:32,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/21-14:32:31,1354) /usr/sbin/cron -n (root,693604,76796,00:28:07/21-14:32:25,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,216512,54960,00:07:25/21-14:32:11,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:03/03:14:27,1511) [kworker/2:0-events] (root,0,0,00:00:00/55:51,1699) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:01/01:47:10,3242) [kworker/1:2-ata_sff] (root,0,0,00:00:00/03:25,3890) [kworker/1:0-events] (root,0,0,00:00:00/01:12:28,3967) [kworker/0:1-events] (postfix,24244,8180,00:00:00/01:36:02,7480) pickup -l -t fifo -u (root,0,0,00:00:00/46:58,8023) [kworker/3:0] (root,0,0,00:00:00/21:29,10807) [kworker/u8:0-writeback] (root,0,0,00:00:00/08:49,14577) [kworker/2:1-events] (root,0,0,00:00:00/08:37,15330) [kworker/1:1-ata_sff] (root,35308,10012,00:00:00/15-12:23:27,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:51/15-12:23:26,15391) sshd: cm-ssh (root,35308,10072,00:00:00/5-13:52:05,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:19/5-13:52:04,16977) sshd: syslogtunnel (root,0,0,00:00:00/27:55,20907) [kworker/0:2] (root,6656,3488,00:00:00/00:00,22814) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,22832) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,22833) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:02/09:05:01,30433) [kworker/3:1-events] (postfix,44628,9372,00:00:00/15-19:09:12,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-04 00:55 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836345742975Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12828,00:00:53/19-15:18:12,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-15:18:12,2) [kthreadd] (root,0,0,00:00:00/19-15:18:12,3) [rcu_gp] (root,0,0,00:00:00/19-15:18:12,4) [rcu_par_gp] (root,0,0,00:00:00/19-15:18:12,5) [slub_flushwq] (root,0,0,00:00:00/19-15:18:12,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-15:18:12,9) [mm_percpu_wq] (root,0,0,00:00:00/19-15:18:12,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-15:18:12,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-15:18:12,12) [rcu_tasks_trace] (root,0,0,00:00:36/19-15:18:12,13) [ksoftirqd/0] (root,0,0,00:52:22/19-15:18:12,14) [rcu_preempt] (root,0,0,00:00:07/19-15:18:12,15) [migration/0] (root,0,0,00:00:00/19-15:18:12,16) [idle_inject/0] (root,0,0,00:00:00/19-15:18:12,18) [cpuhp/0] (root,0,0,00:00:00/19-15:18:12,19) [cpuhp/1] (root,0,0,00:00:00/19-15:18:12,20) [idle_inject/1] (root,0,0,00:00:07/19-15:18:12,21) [migration/1] (root,0,0,00:00:31/19-15:18:12,22) [ksoftirqd/1] (root,0,0,00:00:00/19-15:18:12,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-15:18:12,25) [cpuhp/2] (root,0,0,00:00:00/19-15:18:12,26) [idle_inject/2] (root,0,0,00:00:06/19-15:18:12,27) [migration/2] (root,0,0,00:39:11/19-15:18:12,28) [ksoftirqd/2] (root,0,0,00:00:00/19-15:18:12,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-15:18:12,31) [cpuhp/3] (root,0,0,00:00:00/19-15:18:12,32) [idle_inject/3] (root,0,0,00:00:07/19-15:18:12,33) [migration/3] (root,0,0,00:01:49/19-15:18:12,34) [ksoftirqd/3] (root,0,0,00:00:00/19-15:18:12,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-15:18:12,39) [kdevtmpfs] (root,0,0,00:00:00/19-15:18:12,40) [netns] (root,0,0,00:00:00/19-15:18:12,41) [inet_frag_wq] (root,0,0,00:00:05/19-15:18:12,42) [kauditd] (root,0,0,00:00:00/19-15:18:12,43) [khungtaskd] (root,0,0,00:00:00/19-15:18:12,44) [oom_reaper] (root,0,0,00:00:00/19-15:18:12,45) [writeback] (root,0,0,00:00:57/19-15:18:12,46) [kcompactd0] (root,0,0,00:00:00/19-15:18:12,47) [ksmd] (root,0,0,00:00:57/19-15:18:12,48) [khugepaged] (root,0,0,00:00:00/19-15:18:12,74) [kintegrityd] (root,0,0,00:00:00/19-15:18:12,75) [kblockd] (root,0,0,00:00:00/19-15:18:12,76) [blkcg_punt_bio] (root,0,0,00:00:00/19-15:18:12,78) [tpm_dev_wq] (root,0,0,00:00:00/19-15:18:12,79) [edac-poller] (root,0,0,00:00:00/19-15:18:12,80) [devfreq_wq] (root,0,0,00:00:00/19-15:18:12,110) [watchdogd] (root,0,0,00:00:03/19-15:18:12,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/19-15:18:12,112) [kswapd0] (root,0,0,00:00:00/19-15:18:11,114) [kthrotld] (root,0,0,00:00:00/19-15:18:11,115) [mld] (root,0,0,00:00:00/19-15:18:11,116) [ipv6_addrconf] (root,0,0,00:00:08/19-15:18:11,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/19-15:18:11,122) [kstrp] (root,0,0,00:00:00/19-15:18:11,123) [zswap-shrink] (root,0,0,00:00:00/19-15:18:11,124) [kworker/u9:0] (root,0,0,00:00:00/19-15:18:11,129) [charger_manager] (root,0,0,00:00:04/19-15:18:10,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/19-15:18:10,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-15:18:10,205) [kaluad] (root,0,0,00:00:00/19-15:18:10,250) [kmpath_rdacd] (root,0,0,00:00:00/19-15:18:10,293) [kmpathd] (root,0,0,00:00:00/19-15:18:10,294) [kmpath_handlerd] (root,0,0,00:00:00/19-15:18:10,342) [ata_sff] (root,0,0,00:00:00/19-15:18:09,343) [scsi_eh_0] (root,0,0,00:00:00/19-15:18:09,344) [scsi_tmf_0] (root,0,0,00:00:00/19-15:18:09,345) [scsi_eh_1] (root,0,0,00:00:00/19-15:18:09,346) [scsi_tmf_1] (root,0,0,00:00:29/19-15:18:07,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-15:18:07,367) [ext4-rsv-conver] (root,38604,7876,00:00:29/19-15:17:55,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/19-15:17:54,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:29/19-15:17:52,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:11/19-15:17:18,512) /sbin/auditd (messagebus,22936,5672,00:00:58/19-15:17:18,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:33/19-15:17:18,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/19-15:17:18,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/19-15:17:17,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/19-15:17:17,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29812,00:00:22/19-15:17:03,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/19-15:17:03,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:50/19-15:17:02,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/19-15:17:02,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/19-15:17:02,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/19-15:17:02,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/19-15:17:02,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:28/19-15:17:02,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:40/19-15:17:02,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/19-15:17:02,1206) bpfilter_umh (root,26204,8300,00:00:09/19-15:17:02,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/19-15:17:02,1215) ntpd: asynchronous dns resolver (spot,284652,171740,1-01:06:46/19-15:17:02,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/19-15:17:01,1228) (sd-pam) (checkmk,48532,3192,00:00:00/19-15:17:01,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/19-15:17:01,1245) (sd-pam) (root,24216,5348,00:00:06/19-15:17:00,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/19-15:17:00,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/19-15:16:59,1354) /usr/sbin/cron -n (root,692836,75760,00:25:31/19-15:16:53,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,215488,53056,00:06:35/19-15:16:39,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:02/07:19:36,3898) [kworker/3:2-events] (root,6656,3488,00:00:00/00:00,4000) /bin/bash /usr/bin/check_mk_agent (root,13744,3524,00:00:00/00:00,4018) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,4019) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:19:50,4121) [kworker/u8:0-writeback] (postfix,24244,8224,00:00:00/01:01:23,8017) pickup -l -t fifo -u (root,0,0,00:00:00/06:41,12244) [kworker/1:1-ata_sff] (root,0,0,00:00:00/38:57,12709) [kworker/2:1-events] (root,0,0,00:00:00/27:27,14635) [kworker/1:0-events] (root,35308,10012,00:00:00/13-13:07:55,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:45/13-13:07:54,15391) sshd: cm-ssh (root,35308,10072,00:00:00/3-14:36:33,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:12/3-14:36:32,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:10:20,20923) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:34:48,22794) [kworker/0:1] (root,0,0,00:00:02/01:47:05,23007) [kworker/2:2-events] (root,0,0,00:00:01/03:44:14,26126) [kworker/0:2-events] (root,0,0,00:00:00/11:58,26393) [kworker/3:1-events] (postfix,44628,9416,00:00:00/13-19:53:40,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:31,30982) [kworker/1:2-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-02 01:40 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633b357ed7Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:49/17-14:39:35,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-14:39:35,2) [kthreadd] (root,0,0,00:00:00/17-14:39:35,3) [rcu_gp] (root,0,0,00:00:00/17-14:39:35,4) [rcu_par_gp] (root,0,0,00:00:00/17-14:39:35,5) [slub_flushwq] (root,0,0,00:00:00/17-14:39:35,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-14:39:35,9) [mm_percpu_wq] (root,0,0,00:00:00/17-14:39:35,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-14:39:35,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-14:39:35,12) [rcu_tasks_trace] (root,0,0,00:00:33/17-14:39:35,13) [ksoftirqd/0] (root,0,0,00:47:10/17-14:39:35,14) [rcu_preempt] (root,0,0,00:00:06/17-14:39:35,15) [migration/0] (root,0,0,00:00:00/17-14:39:35,16) [idle_inject/0] (root,0,0,00:00:00/17-14:39:35,18) [cpuhp/0] (root,0,0,00:00:00/17-14:39:35,19) [cpuhp/1] (root,0,0,00:00:00/17-14:39:35,20) [idle_inject/1] (root,0,0,00:00:07/17-14:39:35,21) [migration/1] (root,0,0,00:00:28/17-14:39:35,22) [ksoftirqd/1] (root,0,0,00:00:00/17-14:39:35,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-14:39:35,25) [cpuhp/2] (root,0,0,00:00:00/17-14:39:35,26) [idle_inject/2] (root,0,0,00:00:05/17-14:39:35,27) [migration/2] (root,0,0,00:36:00/17-14:39:35,28) [ksoftirqd/2] (root,0,0,00:00:00/17-14:39:35,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-14:39:35,31) [cpuhp/3] (root,0,0,00:00:00/17-14:39:35,32) [idle_inject/3] (root,0,0,00:00:06/17-14:39:35,33) [migration/3] (root,0,0,00:01:40/17-14:39:35,34) [ksoftirqd/3] (root,0,0,00:00:00/17-14:39:35,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-14:39:35,39) [kdevtmpfs] (root,0,0,00:00:00/17-14:39:35,40) [netns] (root,0,0,00:00:00/17-14:39:35,41) [inet_frag_wq] (root,0,0,00:00:04/17-14:39:35,42) [kauditd] (root,0,0,00:00:00/17-14:39:35,43) [khungtaskd] (root,0,0,00:00:00/17-14:39:35,44) [oom_reaper] (root,0,0,00:00:00/17-14:39:35,45) [writeback] (root,0,0,00:00:51/17-14:39:35,46) [kcompactd0] (root,0,0,00:00:00/17-14:39:35,47) [ksmd] (root,0,0,00:00:51/17-14:39:35,48) [khugepaged] (root,0,0,00:00:00/17-14:39:35,74) [kintegrityd] (root,0,0,00:00:00/17-14:39:35,75) [kblockd] (root,0,0,00:00:00/17-14:39:35,76) [blkcg_punt_bio] (root,0,0,00:00:00/17-14:39:35,78) [tpm_dev_wq] (root,0,0,00:00:00/17-14:39:35,79) [edac-poller] (root,0,0,00:00:00/17-14:39:35,80) [devfreq_wq] (root,0,0,00:00:00/17-14:39:35,110) [watchdogd] (root,0,0,00:00:03/17-14:39:35,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/17-14:39:35,112) [kswapd0] (root,0,0,00:00:00/17-14:39:34,114) [kthrotld] (root,0,0,00:00:00/17-14:39:34,115) [mld] (root,0,0,00:00:00/17-14:39:34,116) [ipv6_addrconf] (root,0,0,00:00:07/17-14:39:34,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/17-14:39:34,122) [kstrp] (root,0,0,00:00:00/17-14:39:34,123) [zswap-shrink] (root,0,0,00:00:00/17-14:39:34,124) [kworker/u9:0] (root,0,0,00:00:00/17-14:39:34,129) [charger_manager] (root,0,0,00:00:03/17-14:39:33,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/17-14:39:33,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-14:39:33,205) [kaluad] (root,0,0,00:00:00/17-14:39:33,250) [kmpath_rdacd] (root,0,0,00:00:00/17-14:39:33,293) [kmpathd] (root,0,0,00:00:00/17-14:39:33,294) [kmpath_handlerd] (root,0,0,00:00:00/17-14:39:33,342) [ata_sff] (root,0,0,00:00:00/17-14:39:32,343) [scsi_eh_0] (root,0,0,00:00:00/17-14:39:32,344) [scsi_tmf_0] (root,0,0,00:00:00/17-14:39:32,345) [scsi_eh_1] (root,0,0,00:00:00/17-14:39:32,346) [scsi_tmf_1] (root,0,0,00:00:26/17-14:39:30,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-14:39:30,367) [ext4-rsv-conver] (root,38604,7876,00:00:27/17-14:39:18,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/17-14:39:17,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:26/17-14:39:15,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:10/17-14:38:41,512) /sbin/auditd (messagebus,22936,5672,00:00:54/17-14:38:41,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:31/17-14:38:41,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/17-14:38:41,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/17-14:38:40,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/17-14:38:40,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,29016,00:00:19/17-14:38:26,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/17-14:38:26,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:38/17-14:38:25,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/17-14:38:25,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/17-14:38:25,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/17-14:38:25,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/17-14:38:25,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:26/17-14:38:25,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:23/17-14:38:25,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/17-14:38:25,1206) bpfilter_umh (root,26204,8300,00:00:08/17-14:38:25,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/17-14:38:25,1215) ntpd: asynchronous dns resolver (spot,284828,171784,23:08:49/17-14:38:25,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/17-14:38:24,1228) (sd-pam) (checkmk,48532,3192,00:00:00/17-14:38:24,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/17-14:38:24,1245) (sd-pam) (root,24216,5348,00:00:05/17-14:38:23,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/17-14:38:23,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/17-14:38:22,1354) /usr/sbin/cron -n (root,692236,75412,00:22:53/17-14:38:16,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,214464,51284,00:05:53/17-14:38:02,1380) /usr/bin/python3.11 /usr/bin/spot (root,6656,3488,00:00:00/00:00,2070) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,2088) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,924,00:00:00/00:00,2089) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:05:47,6422) [kworker/0:2-events] (root,0,0,00:00:00/09:37,7955) [kworker/1:1-events] (root,0,0,00:00:00/04:27,12982) [kworker/1:2-ata_sff] (root,0,0,00:00:01/58:08,14661) [kworker/2:2-events] (root,35308,10012,00:00:00/11-12:29:18,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:38/11-12:29:17,15391) sshd: cm-ssh (root,35308,10072,00:00:00/1-13:57:56,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:05/1-13:57:55,16977) sshd: syslogtunnel (postfix,24244,8200,00:00:00/44:38,18919) pickup -l -t fifo -u (root,0,0,00:00:00/01:16:39,22787) [kworker/3:0-events] (root,0,0,00:00:02/05:40:54,24312) [kworker/0:0-events] (root,0,0,00:00:00/01:16:13,26541) [kworker/u8:2-writeback] (root,0,0,00:00:01/01:06:40,28099) [kworker/1:0-ata_sff] (root,0,0,00:00:00/08:44:41,28658) [kworker/u8:1-events_unbound] (postfix,44628,9416,00:00:00/11-19:15:03,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/51:48,32239) [kworker/2:1] (root,0,0,00:00:01/04:26:44,32305) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-30 01:01 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836311fc19b1Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:45/15-14:43:46,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-14:43:46,2) [kthreadd] (root,0,0,00:00:00/15-14:43:46,3) [rcu_gp] (root,0,0,00:00:00/15-14:43:46,4) [rcu_par_gp] (root,0,0,00:00:00/15-14:43:46,5) [slub_flushwq] (root,0,0,00:00:00/15-14:43:46,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-14:43:46,9) [mm_percpu_wq] (root,0,0,00:00:00/15-14:43:46,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-14:43:46,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-14:43:46,12) [rcu_tasks_trace] (root,0,0,00:00:29/15-14:43:46,13) [ksoftirqd/0] (root,0,0,00:41:56/15-14:43:46,14) [rcu_preempt] (root,0,0,00:00:05/15-14:43:46,15) [migration/0] (root,0,0,00:00:00/15-14:43:46,16) [idle_inject/0] (root,0,0,00:00:00/15-14:43:46,18) [cpuhp/0] (root,0,0,00:00:00/15-14:43:46,19) [cpuhp/1] (root,0,0,00:00:00/15-14:43:46,20) [idle_inject/1] (root,0,0,00:00:06/15-14:43:46,21) [migration/1] (root,0,0,00:00:25/15-14:43:46,22) [ksoftirqd/1] (root,0,0,00:00:00/15-14:43:46,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-14:43:46,25) [cpuhp/2] (root,0,0,00:00:00/15-14:43:46,26) [idle_inject/2] (root,0,0,00:00:05/15-14:43:46,27) [migration/2] (root,0,0,00:32:28/15-14:43:46,28) [ksoftirqd/2] (root,0,0,00:00:00/15-14:43:46,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-14:43:46,31) [cpuhp/3] (root,0,0,00:00:00/15-14:43:46,32) [idle_inject/3] (root,0,0,00:00:06/15-14:43:46,33) [migration/3] (root,0,0,00:01:30/15-14:43:46,34) [ksoftirqd/3] (root,0,0,00:00:00/15-14:43:46,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-14:43:46,39) [kdevtmpfs] (root,0,0,00:00:00/15-14:43:46,40) [netns] (root,0,0,00:00:00/15-14:43:46,41) [inet_frag_wq] (root,0,0,00:00:04/15-14:43:46,42) [kauditd] (root,0,0,00:00:00/15-14:43:46,43) [khungtaskd] (root,0,0,00:00:00/15-14:43:46,44) [oom_reaper] (root,0,0,00:00:00/15-14:43:46,45) [writeback] (root,0,0,00:00:46/15-14:43:46,46) [kcompactd0] (root,0,0,00:00:00/15-14:43:46,47) [ksmd] (root,0,0,00:00:46/15-14:43:46,48) [khugepaged] (root,0,0,00:00:00/15-14:43:46,74) [kintegrityd] (root,0,0,00:00:00/15-14:43:46,75) [kblockd] (root,0,0,00:00:00/15-14:43:46,76) [blkcg_punt_bio] (root,0,0,00:00:00/15-14:43:46,78) [tpm_dev_wq] (root,0,0,00:00:00/15-14:43:46,79) [edac-poller] (root,0,0,00:00:00/15-14:43:46,80) [devfreq_wq] (root,0,0,00:00:00/15-14:43:46,110) [watchdogd] (root,0,0,00:00:03/15-14:43:46,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/15-14:43:46,112) [kswapd0] (root,0,0,00:00:00/15-14:43:45,114) [kthrotld] (root,0,0,00:00:00/15-14:43:45,115) [mld] (root,0,0,00:00:00/15-14:43:45,116) [ipv6_addrconf] (root,0,0,00:00:06/15-14:43:45,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/15-14:43:45,122) [kstrp] (root,0,0,00:00:00/15-14:43:45,123) [zswap-shrink] (root,0,0,00:00:00/15-14:43:45,124) [kworker/u9:0] (root,0,0,00:00:00/15-14:43:45,129) [charger_manager] (root,0,0,00:00:03/15-14:43:44,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/15-14:43:44,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-14:43:44,205) [kaluad] (root,0,0,00:00:00/15-14:43:44,250) [kmpath_rdacd] (root,0,0,00:00:00/15-14:43:44,293) [kmpathd] (root,0,0,00:00:00/15-14:43:44,294) [kmpath_handlerd] (root,0,0,00:00:00/15-14:43:44,342) [ata_sff] (root,0,0,00:00:00/15-14:43:43,343) [scsi_eh_0] (root,0,0,00:00:00/15-14:43:43,344) [scsi_tmf_0] (root,0,0,00:00:00/15-14:43:43,345) [scsi_eh_1] (root,0,0,00:00:00/15-14:43:43,346) [scsi_tmf_1] (root,0,0,00:00:23/15-14:43:41,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-14:43:41,367) [ext4-rsv-conver] (root,38604,7876,00:00:24/15-14:43:29,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/15-14:43:28,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:23/15-14:43:26,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:09/15-14:42:52,512) /sbin/auditd (messagebus,22936,5672,00:00:50/15-14:42:52,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:28/15-14:42:52,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/15-14:42:52,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/15-14:42:51,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/15-14:42:51,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27976,00:00:17/15-14:42:37,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/15-14:42:37,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:26/15-14:42:36,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/15-14:42:36,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/15-14:42:36,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/15-14:42:36,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/15-14:42:36,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:24/15-14:42:36,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:06/15-14:42:36,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/15-14:42:36,1206) bpfilter_umh (root,26204,8300,00:00:07/15-14:42:36,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/15-14:42:36,1215) ntpd: asynchronous dns resolver (spot,285092,171292,21:00:20/15-14:42:36,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/15-14:42:35,1228) (sd-pam) (checkmk,48532,3192,00:00:00/15-14:42:35,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/15-14:42:35,1245) (sd-pam) (root,24216,5348,00:00:05/15-14:42:34,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/15-14:42:34,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/15-14:42:33,1354) /usr/sbin/cron -n (root,691980,74872,00:20:13/15-14:42:27,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,213440,49188,00:05:11/15-14:42:13,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/22:59,3117) [kworker/2:1] (postfix,24244,8144,00:00:00/01:10:54,7227) pickup -l -t fifo -u (root,0,0,00:00:00/28:37,8654) [kworker/0:2] (root,35308,10012,00:00:00/8-06:38:40,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:29/8-06:38:40,8749) sshd: syslogtunnel (root,0,0,00:00:00/15:55,9870) [kworker/u8:0-events_unbound] (root,0,0,00:00:00/01:36:04,10498) [kworker/3:0-events] (root,0,0,00:00:02/01:58:42,10640) [kworker/2:2-events] (root,0,0,00:00:00/45:53,13513) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/01:32,13705) [kworker/1:2-ata_sff] (root,0,0,00:00:00/45:28,15321) [kworker/3:1-cgroup_destroy] (root,35308,10012,00:00:00/9-12:33:29,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:31/9-12:33:28,15391) sshd: cm-ssh (root,0,0,00:00:01/01:34:57,16028) [kworker/1:1-events] (root,0,0,00:00:00/00:22,24046) [kworker/3:2-events] (root,6656,3480,00:00:00/00:00,26779) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,26871) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,26874) /bin/bash /usr/bin/check_mk_agent (root,0,0,00:00:01/02:09:52,26890) [kworker/0:1-events] (root,13744,3372,00:00:00/00:00,26908) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,26909) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/00:00,26911) [sed] <defunct> (root,0,0,00:00:00/06:45,29686) [kworker/1:0-ata_sff] (postfix,44628,9416,00:00:00/9-19:19:14,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-28 01:05 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683634e575357Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:40/13-14:43:59,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-14:43:59,2) [kthreadd] (root,0,0,00:00:00/13-14:43:59,3) [rcu_gp] (root,0,0,00:00:00/13-14:43:59,4) [rcu_par_gp] (root,0,0,00:00:00/13-14:43:59,5) [slub_flushwq] (root,0,0,00:00:00/13-14:43:59,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-14:43:59,9) [mm_percpu_wq] (root,0,0,00:00:00/13-14:43:59,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-14:43:59,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-14:43:59,12) [rcu_tasks_trace] (root,0,0,00:00:25/13-14:43:59,13) [ksoftirqd/0] (root,0,0,00:36:40/13-14:43:59,14) [rcu_preempt] (root,0,0,00:00:05/13-14:43:59,15) [migration/0] (root,0,0,00:00:00/13-14:43:59,16) [idle_inject/0] (root,0,0,00:00:00/13-14:43:59,18) [cpuhp/0] (root,0,0,00:00:00/13-14:43:59,19) [cpuhp/1] (root,0,0,00:00:00/13-14:43:59,20) [idle_inject/1] (root,0,0,00:00:05/13-14:43:59,21) [migration/1] (root,0,0,00:00:22/13-14:43:59,22) [ksoftirqd/1] (root,0,0,00:00:00/13-14:43:59,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-14:43:59,25) [cpuhp/2] (root,0,0,00:00:00/13-14:43:59,26) [idle_inject/2] (root,0,0,00:00:04/13-14:43:59,27) [migration/2] (root,0,0,00:28:55/13-14:43:59,28) [ksoftirqd/2] (root,0,0,00:00:00/13-14:43:59,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-14:43:59,31) [cpuhp/3] (root,0,0,00:00:00/13-14:43:59,32) [idle_inject/3] (root,0,0,00:00:05/13-14:43:59,33) [migration/3] (root,0,0,00:01:19/13-14:43:59,34) [ksoftirqd/3] (root,0,0,00:00:00/13-14:43:59,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-14:43:59,39) [kdevtmpfs] (root,0,0,00:00:00/13-14:43:59,40) [netns] (root,0,0,00:00:00/13-14:43:59,41) [inet_frag_wq] (root,0,0,00:00:04/13-14:43:59,42) [kauditd] (root,0,0,00:00:00/13-14:43:59,43) [khungtaskd] (root,0,0,00:00:00/13-14:43:59,44) [oom_reaper] (root,0,0,00:00:00/13-14:43:59,45) [writeback] (root,0,0,00:00:40/13-14:43:59,46) [kcompactd0] (root,0,0,00:00:00/13-14:43:59,47) [ksmd] (root,0,0,00:00:40/13-14:43:59,48) [khugepaged] (root,0,0,00:00:00/13-14:43:59,74) [kintegrityd] (root,0,0,00:00:00/13-14:43:59,75) [kblockd] (root,0,0,00:00:00/13-14:43:59,76) [blkcg_punt_bio] (root,0,0,00:00:00/13-14:43:59,78) [tpm_dev_wq] (root,0,0,00:00:00/13-14:43:59,79) [edac-poller] (root,0,0,00:00:00/13-14:43:59,80) [devfreq_wq] (root,0,0,00:00:00/13-14:43:59,110) [watchdogd] (root,0,0,00:00:02/13-14:43:59,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/13-14:43:59,112) [kswapd0] (root,0,0,00:00:00/13-14:43:58,114) [kthrotld] (root,0,0,00:00:00/13-14:43:58,115) [mld] (root,0,0,00:00:00/13-14:43:58,116) [ipv6_addrconf] (root,0,0,00:00:05/13-14:43:58,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/13-14:43:58,122) [kstrp] (root,0,0,00:00:00/13-14:43:58,123) [zswap-shrink] (root,0,0,00:00:00/13-14:43:58,124) [kworker/u9:0] (root,0,0,00:00:00/13-14:43:58,129) [charger_manager] (root,0,0,00:00:02/13-14:43:57,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/13-14:43:57,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-14:43:57,205) [kaluad] (root,0,0,00:00:00/13-14:43:57,250) [kmpath_rdacd] (root,0,0,00:00:00/13-14:43:57,293) [kmpathd] (root,0,0,00:00:00/13-14:43:57,294) [kmpath_handlerd] (root,0,0,00:00:00/13-14:43:57,342) [ata_sff] (root,0,0,00:00:00/13-14:43:56,343) [scsi_eh_0] (root,0,0,00:00:00/13-14:43:56,344) [scsi_tmf_0] (root,0,0,00:00:00/13-14:43:56,345) [scsi_eh_1] (root,0,0,00:00:00/13-14:43:56,346) [scsi_tmf_1] (root,0,0,00:00:20/13-14:43:54,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-14:43:54,367) [ext4-rsv-conver] (root,38604,7876,00:00:22/13-14:43:42,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/13-14:43:41,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:20/13-14:43:39,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:08/13-14:43:05,512) /sbin/auditd (messagebus,22936,5672,00:00:45/13-14:43:05,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8536,00:00:25/13-14:43:05,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/13-14:43:05,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/13-14:43:04,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/13-14:43:04,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27716,00:00:15/13-14:42:50,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/13-14:42:50,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:13/13-14:42:49,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/13-14:42:49,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/13-14:42:49,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/13-14:42:49,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/13-14:42:49,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:21/13-14:42:49,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:01:50/13-14:42:49,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/13-14:42:49,1206) bpfilter_umh (root,26204,8300,00:00:07/13-14:42:49,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/13-14:42:49,1215) ntpd: asynchronous dns resolver (spot,286756,171636,18:17:37/13-14:42:49,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/13-14:42:48,1228) (sd-pam) (checkmk,48532,3192,00:00:00/13-14:42:48,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/13-14:42:48,1245) (sd-pam) (root,24216,5348,00:00:04/13-14:42:47,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/13-14:42:47,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/13-14:42:46,1354) /usr/sbin/cron -n (root,691980,74552,00:17:36/13-14:42:40,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,47908,00:04:30/13-14:42:26,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:22:00,2659) [kworker/2:0-events] (root,0,0,00:00:05/04:40:37,4939) [kworker/2:2-events] (root,35308,10012,00:00:00/6-06:38:53,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:22/6-06:38:53,8749) sshd: syslogtunnel (root,0,0,00:00:00/01:27:00,13988) [kworker/0:0-events] (root,0,0,00:00:00/09:25,14012) [kworker/u8:2-writeback] (root,0,0,00:00:00/16:32,15008) [kworker/1:1-events] (root,35308,10012,00:00:00/7-12:33:42,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:25/7-12:33:41,15391) sshd: cm-ssh (postfix,24244,8212,00:00:00/01:33:01,19097) pickup -l -t fifo -u (root,0,0,00:00:00/00:58,22403) [kworker/1:0-ata_sff] (root,0,0,00:00:00/01:47:27,23451) [kworker/3:1-events] (root,0,0,00:00:00/02:17:47,24348) [kworker/u8:1-ext4-rsv-conversion] (root,6656,3520,00:00:00/00:00,28463) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,28466) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,28541) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,28542) /bin/bash /usr/bin/check_mk_agent (root,4480,1184,00:00:00/00:00,28543) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,776,00:00:00/00:00,28545) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,732,00:00:00/00:00,28548) cat /proc/net/tcp /proc/net/tcp6 (root,6656,1824,00:00:00/00:00,28550) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,28551) /bin/bash /usr/bin/check_mk_agent (root,4480,1016,00:00:00/00:00,28552) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,816,00:00:00/00:00,28553) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,712,00:00:00/00:00,28554) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3488,00:00:00/00:00,28555) /bin/bash /usr/bin/check_mk_agent (root,13744,3404,00:00:00/00:00,28573) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,28574) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/06:11,29035) [kworker/1:2-ata_sff] (postfix,44628,9416,00:00:00/7-19:19:27,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:37:14,31001) [kworker/0:2-events] (root,0,0,00:00:01/05:11:17,31777) [kworker/3:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-26 01:06 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b780f6a8Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:35/11-14:31:31,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-14:31:31,2) [kthreadd] (root,0,0,00:00:00/11-14:31:31,3) [rcu_gp] (root,0,0,00:00:00/11-14:31:31,4) [rcu_par_gp] (root,0,0,00:00:00/11-14:31:31,5) [slub_flushwq] (root,0,0,00:00:00/11-14:31:31,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-14:31:31,9) [mm_percpu_wq] (root,0,0,00:00:00/11-14:31:31,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-14:31:31,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-14:31:31,12) [rcu_tasks_trace] (root,0,0,00:00:21/11-14:31:31,13) [ksoftirqd/0] (root,0,0,00:30:54/11-14:31:31,14) [rcu_preempt] (root,0,0,00:00:04/11-14:31:31,15) [migration/0] (root,0,0,00:00:00/11-14:31:31,16) [idle_inject/0] (root,0,0,00:00:00/11-14:31:31,18) [cpuhp/0] (root,0,0,00:00:00/11-14:31:31,19) [cpuhp/1] (root,0,0,00:00:00/11-14:31:31,20) [idle_inject/1] (root,0,0,00:00:04/11-14:31:31,21) [migration/1] (root,0,0,00:00:18/11-14:31:31,22) [ksoftirqd/1] (root,0,0,00:00:00/11-14:31:31,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-14:31:31,25) [cpuhp/2] (root,0,0,00:00:00/11-14:31:31,26) [idle_inject/2] (root,0,0,00:00:03/11-14:31:31,27) [migration/2] (root,0,0,00:24:22/11-14:31:31,28) [ksoftirqd/2] (root,0,0,00:00:00/11-14:31:31,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-14:31:31,31) [cpuhp/3] (root,0,0,00:00:00/11-14:31:31,32) [idle_inject/3] (root,0,0,00:00:04/11-14:31:31,33) [migration/3] (root,0,0,00:01:06/11-14:31:31,34) [ksoftirqd/3] (root,0,0,00:00:00/11-14:31:31,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-14:31:31,39) [kdevtmpfs] (root,0,0,00:00:00/11-14:31:31,40) [netns] (root,0,0,00:00:00/11-14:31:31,41) [inet_frag_wq] (root,0,0,00:00:03/11-14:31:31,42) [kauditd] (root,0,0,00:00:00/11-14:31:31,43) [khungtaskd] (root,0,0,00:00:00/11-14:31:31,44) [oom_reaper] (root,0,0,00:00:00/11-14:31:31,45) [writeback] (root,0,0,00:00:33/11-14:31:31,46) [kcompactd0] (root,0,0,00:00:00/11-14:31:31,47) [ksmd] (root,0,0,00:00:34/11-14:31:31,48) [khugepaged] (root,0,0,00:00:00/11-14:31:31,74) [kintegrityd] (root,0,0,00:00:00/11-14:31:31,75) [kblockd] (root,0,0,00:00:00/11-14:31:31,76) [blkcg_punt_bio] (root,0,0,00:00:00/11-14:31:31,78) [tpm_dev_wq] (root,0,0,00:00:00/11-14:31:31,79) [edac-poller] (root,0,0,00:00:00/11-14:31:31,80) [devfreq_wq] (root,0,0,00:00:00/11-14:31:31,110) [watchdogd] (root,0,0,00:00:02/11-14:31:31,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-14:31:31,112) [kswapd0] (root,0,0,00:00:00/11-14:31:30,114) [kthrotld] (root,0,0,00:00:00/11-14:31:30,115) [mld] (root,0,0,00:00:00/11-14:31:30,116) [ipv6_addrconf] (root,0,0,00:00:04/11-14:31:30,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/11-14:31:30,122) [kstrp] (root,0,0,00:00:00/11-14:31:30,123) [zswap-shrink] (root,0,0,00:00:00/11-14:31:30,124) [kworker/u9:0] (root,0,0,00:00:00/11-14:31:30,129) [charger_manager] (root,0,0,00:00:02/11-14:31:29,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/11-14:31:29,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-14:31:29,205) [kaluad] (root,0,0,00:00:00/11-14:31:29,250) [kmpath_rdacd] (root,0,0,00:00:00/11-14:31:29,293) [kmpathd] (root,0,0,00:00:00/11-14:31:29,294) [kmpath_handlerd] (root,0,0,00:00:00/04:22,309) [kworker/1:0-ata_sff] (root,0,0,00:00:00/11-14:31:29,342) [ata_sff] (root,0,0,00:00:00/11-14:31:28,343) [scsi_eh_0] (root,0,0,00:00:00/11-14:31:28,344) [scsi_tmf_0] (root,0,0,00:00:00/11-14:31:28,345) [scsi_eh_1] (root,0,0,00:00:00/11-14:31:28,346) [scsi_tmf_1] (root,0,0,00:00:17/11-14:31:26,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-14:31:26,367) [ext4-rsv-conver] (root,38604,7900,00:00:19/11-14:31:14,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/11-14:31:13,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:17/11-14:31:11,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:07/11-14:30:37,512) /sbin/auditd (messagebus,22936,5672,00:00:39/11-14:30:37,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8548,00:00:22/11-14:30:37,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/11-14:30:37,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/11-14:30:36,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/11-14:30:36,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27724,00:00:13/11-14:30:22,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/11-14:30:22,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:02/11-14:30:21,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/11-14:30:21,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/11-14:30:21,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/11-14:30:21,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/11-14:30:21,1201) /usr/lib/systemd/systemd --user (root,448968,9084,00:00:18/11-14:30:21,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:33/11-14:30:21,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/11-14:30:21,1206) bpfilter_umh (root,26204,8300,00:00:06/11-14:30:21,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/11-14:30:21,1215) ntpd: asynchronous dns resolver (spot,284820,171148,14:24:41/11-14:30:21,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/11-14:30:20,1228) (sd-pam) (checkmk,48532,3192,00:00:00/11-14:30:20,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/11-14:30:20,1245) (sd-pam) (root,24216,5348,00:00:03/11-14:30:19,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/11-14:30:19,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/11-14:30:18,1354) /usr/sbin/cron -n (root,691724,74152,00:14:56/11-14:30:12,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,211392,46620,00:03:47/11-14:29:58,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/11:53:40,4619) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/09:35,8058) [kworker/1:2-ata_sff] (root,35308,10012,00:00:00/4-06:26:25,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:15/4-06:26:25,8749) sshd: syslogtunnel (root,0,0,00:00:00/09:23,8823) [kworker/3:2-events] (root,35308,10012,00:00:00/5-12:21:14,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:18/5-12:21:13,15391) sshd: cm-ssh (postfix,24244,8256,00:00:00/01:08,17661) pickup -l -t fifo -u (root,0,0,00:00:00/01:07,18637) [kworker/3:1] (root,0,0,00:00:03/04:39:21,21671) [kworker/1:1-events] (root,0,0,00:00:00/38:04,23413) [kworker/0:1-events] (root,0,0,00:00:00/52:35,23908) [kworker/3:0-events] (root,6656,3448,00:00:00/00:00,24250) /bin/bash /usr/bin/check_mk_agent (root,13744,3392,00:00:00/00:00,24268) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,24269) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:02/01:35:07,27030) [kworker/2:0-events] (root,0,0,00:00:00/17:33,28081) [kworker/0:0-events] (root,0,0,00:00:00/29:48,28261) [kworker/2:2-events] (postfix,44628,9464,00:00:00/5-19:06:59,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/04:12:37,31970) [kworker/u8:2-flush-253:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-24 00:53 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363443a6ff6Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:30/9-14:31:38,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-14:31:38,2) [kthreadd] (root,0,0,00:00:00/9-14:31:38,3) [rcu_gp] (root,0,0,00:00:00/9-14:31:38,4) [rcu_par_gp] (root,0,0,00:00:00/9-14:31:38,5) [slub_flushwq] (root,0,0,00:00:00/9-14:31:38,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-14:31:38,9) [mm_percpu_wq] (root,0,0,00:00:00/9-14:31:38,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-14:31:38,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-14:31:38,12) [rcu_tasks_trace] (root,0,0,00:00:17/9-14:31:38,13) [ksoftirqd/0] (root,0,0,00:25:26/9-14:31:38,14) [rcu_preempt] (root,0,0,00:00:03/9-14:31:38,15) [migration/0] (root,0,0,00:00:00/9-14:31:38,16) [idle_inject/0] (root,0,0,00:00:00/9-14:31:38,18) [cpuhp/0] (root,0,0,00:00:00/9-14:31:38,19) [cpuhp/1] (root,0,0,00:00:00/9-14:31:38,20) [idle_inject/1] (root,0,0,00:00:03/9-14:31:38,21) [migration/1] (root,0,0,00:00:14/9-14:31:38,22) [ksoftirqd/1] (root,0,0,00:00:00/9-14:31:38,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-14:31:38,25) [cpuhp/2] (root,0,0,00:00:00/9-14:31:38,26) [idle_inject/2] (root,0,0,00:00:03/9-14:31:38,27) [migration/2] (root,0,0,00:20:27/9-14:31:38,28) [ksoftirqd/2] (root,0,0,00:00:00/9-14:31:38,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-14:31:38,31) [cpuhp/3] (root,0,0,00:00:00/9-14:31:38,32) [idle_inject/3] (root,0,0,00:00:03/9-14:31:38,33) [migration/3] (root,0,0,00:00:54/9-14:31:38,34) [ksoftirqd/3] (root,0,0,00:00:00/9-14:31:38,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-14:31:38,39) [kdevtmpfs] (root,0,0,00:00:00/9-14:31:38,40) [netns] (root,0,0,00:00:00/9-14:31:38,41) [inet_frag_wq] (root,0,0,00:00:03/9-14:31:38,42) [kauditd] (root,0,0,00:00:00/9-14:31:38,43) [khungtaskd] (root,0,0,00:00:00/9-14:31:38,44) [oom_reaper] (root,0,0,00:00:00/9-14:31:38,45) [writeback] (root,0,0,00:00:27/9-14:31:38,46) [kcompactd0] (root,0,0,00:00:00/9-14:31:38,47) [ksmd] (root,0,0,00:00:29/9-14:31:38,48) [khugepaged] (root,0,0,00:00:00/9-14:31:38,74) [kintegrityd] (root,0,0,00:00:00/9-14:31:38,75) [kblockd] (root,0,0,00:00:00/9-14:31:38,76) [blkcg_punt_bio] (root,0,0,00:00:00/9-14:31:38,78) [tpm_dev_wq] (root,0,0,00:00:00/9-14:31:38,79) [edac-poller] (root,0,0,00:00:00/9-14:31:38,80) [devfreq_wq] (root,0,0,00:00:00/9-14:31:38,110) [watchdogd] (root,0,0,00:00:01/9-14:31:38,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-14:31:38,112) [kswapd0] (root,0,0,00:00:00/9-14:31:37,114) [kthrotld] (root,0,0,00:00:00/9-14:31:37,115) [mld] (root,0,0,00:00:00/9-14:31:37,116) [ipv6_addrconf] (root,0,0,00:00:04/9-14:31:37,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/9-14:31:37,122) [kstrp] (root,0,0,00:00:00/9-14:31:37,123) [zswap-shrink] (root,0,0,00:00:00/9-14:31:37,124) [kworker/u9:0] (root,0,0,00:00:00/9-14:31:37,129) [charger_manager] (root,0,0,00:00:02/9-14:31:36,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/9-14:31:36,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-14:31:36,205) [kaluad] (root,0,0,00:00:00/9-14:31:36,250) [kmpath_rdacd] (root,0,0,00:00:00/9-14:31:36,293) [kmpathd] (root,0,0,00:00:00/9-14:31:36,294) [kmpath_handlerd] (root,0,0,00:00:00/9-14:31:36,342) [ata_sff] (root,0,0,00:00:00/9-14:31:35,343) [scsi_eh_0] (root,0,0,00:00:00/9-14:31:35,344) [scsi_tmf_0] (root,0,0,00:00:00/9-14:31:35,345) [scsi_eh_1] (root,0,0,00:00:00/9-14:31:35,346) [scsi_tmf_1] (root,0,0,00:00:14/9-14:31:33,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-14:31:33,367) [ext4-rsv-conver] (root,38604,7900,00:00:16/9-14:31:21,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/9-14:31:20,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:14/9-14:31:18,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:06/9-14:30:44,512) /sbin/auditd (messagebus,22936,5672,00:00:33/9-14:30:44,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:19/9-14:30:44,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/9-14:30:44,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/9-14:30:43,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/9-14:30:43,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,26656,00:00:11/9-14:30:29,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/9-14:30:29,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:52/9-14:30:28,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/9-14:30:28,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/9-14:30:28,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/9-14:30:28,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/9-14:30:28,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:16/9-14:30:28,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:17/9-14:30:28,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/9-14:30:28,1206) bpfilter_umh (root,26204,8300,00:00:05/9-14:30:28,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/9-14:30:28,1215) ntpd: asynchronous dns resolver (spot,285156,169792,11:15:16/9-14:30:28,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/9-14:30:27,1228) (sd-pam) (checkmk,48532,3192,00:00:00/9-14:30:27,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/9-14:30:27,1245) (sd-pam) (root,24216,5348,00:00:03/9-14:30:26,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/9-14:30:26,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/9-14:30:25,1354) /usr/sbin/cron -n (root,691336,73836,00:12:21/9-14:30:19,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,210368,45336,00:03:07/9-14:30:05,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:06/05:58:45,2819) [kworker/2:2-events] (root,0,0,00:00:00/43:20,5542) [kworker/u8:2-writeback] (postfix,24244,8256,00:00:00/23:10,5772) pickup -l -t fifo -u (root,0,0,00:00:00/00:42,6350) [kworker/1:2-ata_sff] (root,0,0,00:00:00/00:27,7714) [kworker/0:1] (root,35308,10012,00:00:00/2-06:26:32,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:08/2-06:26:32,8749) sshd: syslogtunnel (root,0,0,00:00:00/05:54,10686) [kworker/1:0-ata_sff] (root,0,0,00:00:00/21:28,10958) [kworker/1:1-events] (root,6656,3516,00:00:00/00:00,11062) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,11210) /bin/bash /usr/bin/check_mk_agent (root,13744,3460,00:00:00/00:00,11239) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,11240) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/05:15,14414) [kworker/2:0] (root,35308,10012,00:00:00/3-12:21:21,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:11/3-12:21:20,15391) sshd: cm-ssh (root,0,0,00:00:00/39:18,16880) [kworker/3:1-events] (root,0,0,00:00:00/19:46,17419) [kworker/3:0-events] (root,0,0,00:00:00/01:41:36,22486) [kworker/u8:1] (root,0,0,00:00:00/54:01,24499) [kworker/0:0-events] (root,0,0,00:00:00/01:08:48,26656) [kworker/0:2-events] (postfix,44628,9464,00:00:00/3-19:07:06,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-22 00:53 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683636dddaef7Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:25/7-21:13:51,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-21:13:51,2) [kthreadd] (root,0,0,00:00:00/7-21:13:51,3) [rcu_gp] (root,0,0,00:00:00/7-21:13:51,4) [rcu_par_gp] (root,0,0,00:00:00/7-21:13:51,5) [slub_flushwq] (root,0,0,00:00:00/7-21:13:51,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-21:13:51,9) [mm_percpu_wq] (root,0,0,00:00:00/7-21:13:51,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-21:13:51,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-21:13:51,12) [rcu_tasks_trace] (root,0,0,00:00:14/7-21:13:51,13) [ksoftirqd/0] (root,0,0,00:20:49/7-21:13:51,14) [rcu_preempt] (root,0,0,00:00:02/7-21:13:51,15) [migration/0] (root,0,0,00:00:00/7-21:13:51,16) [idle_inject/0] (root,0,0,00:00:00/7-21:13:51,18) [cpuhp/0] (root,0,0,00:00:00/7-21:13:51,19) [cpuhp/1] (root,0,0,00:00:00/7-21:13:51,20) [idle_inject/1] (root,0,0,00:00:03/7-21:13:51,21) [migration/1] (root,0,0,00:00:12/7-21:13:51,22) [ksoftirqd/1] (root,0,0,00:00:00/7-21:13:51,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-21:13:51,25) [cpuhp/2] (root,0,0,00:00:00/7-21:13:51,26) [idle_inject/2] (root,0,0,00:00:02/7-21:13:51,27) [migration/2] (root,0,0,00:16:44/7-21:13:51,28) [ksoftirqd/2] (root,0,0,00:00:00/7-21:13:51,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-21:13:51,31) [cpuhp/3] (root,0,0,00:00:00/7-21:13:51,32) [idle_inject/3] (root,0,0,00:00:03/7-21:13:51,33) [migration/3] (root,0,0,00:00:45/7-21:13:51,34) [ksoftirqd/3] (root,0,0,00:00:00/7-21:13:51,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-21:13:51,39) [kdevtmpfs] (root,0,0,00:00:00/7-21:13:51,40) [netns] (root,0,0,00:00:00/7-21:13:51,41) [inet_frag_wq] (root,0,0,00:00:02/7-21:13:51,42) [kauditd] (root,0,0,00:00:00/7-21:13:51,43) [khungtaskd] (root,0,0,00:00:00/7-21:13:51,44) [oom_reaper] (root,0,0,00:00:00/7-21:13:51,45) [writeback] (root,0,0,00:00:23/7-21:13:51,46) [kcompactd0] (root,0,0,00:00:00/7-21:13:51,47) [ksmd] (root,0,0,00:00:24/7-21:13:51,48) [khugepaged] (root,0,0,00:00:00/7-21:13:51,74) [kintegrityd] (root,0,0,00:00:00/7-21:13:51,75) [kblockd] (root,0,0,00:00:00/7-21:13:51,76) [blkcg_punt_bio] (root,0,0,00:00:00/7-21:13:51,78) [tpm_dev_wq] (root,0,0,00:00:00/7-21:13:51,79) [edac-poller] (root,0,0,00:00:00/7-21:13:51,80) [devfreq_wq] (root,0,0,00:00:00/7-21:13:51,110) [watchdogd] (root,0,0,00:00:01/7-21:13:51,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-21:13:51,112) [kswapd0] (root,0,0,00:00:00/7-21:13:50,114) [kthrotld] (root,0,0,00:00:00/7-21:13:50,115) [mld] (root,0,0,00:00:00/7-21:13:50,116) [ipv6_addrconf] (root,0,0,00:00:03/7-21:13:50,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/7-21:13:50,122) [kstrp] (root,0,0,00:00:00/7-21:13:50,123) [zswap-shrink] (root,0,0,00:00:00/7-21:13:50,124) [kworker/u9:0] (root,0,0,00:00:00/7-21:13:50,129) [charger_manager] (root,0,0,00:00:01/7-21:13:49,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/7-21:13:49,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-21:13:49,205) [kaluad] (root,0,0,00:00:00/7-21:13:49,250) [kmpath_rdacd] (root,0,0,00:00:00/7-21:13:49,293) [kmpathd] (root,0,0,00:00:00/7-21:13:49,294) [kmpath_handlerd] (root,0,0,00:00:00/7-21:13:49,342) [ata_sff] (root,0,0,00:00:00/7-21:13:48,343) [scsi_eh_0] (root,0,0,00:00:00/7-21:13:48,344) [scsi_tmf_0] (root,0,0,00:00:00/7-21:13:48,345) [scsi_eh_1] (root,0,0,00:00:00/7-21:13:48,346) [scsi_tmf_1] (root,0,0,00:00:11/7-21:13:46,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-21:13:46,367) [ext4-rsv-conver] (root,38604,7900,00:00:13/7-21:13:34,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/7-21:13:33,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:11/7-21:13:31,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:05/7-21:12:57,512) /sbin/auditd (messagebus,22936,5672,00:00:28/7-21:12:57,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:15/7-21:12:57,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/7-21:12:57,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/7-21:12:56,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/7-21:12:56,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25876,00:00:09/7-21:12:42,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/7-21:12:42,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:43/7-21:12:41,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/7-21:12:41,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/7-21:12:41,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/7-21:12:41,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/7-21:12:41,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:13/7-21:12:41,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:02/7-21:12:41,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/7-21:12:41,1206) bpfilter_umh (root,26204,8300,00:00:04/7-21:12:41,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/7-21:12:41,1215) ntpd: asynchronous dns resolver (spot,282852,169216,09:08:06/7-21:12:41,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/7-21:12:40,1228) (sd-pam) (checkmk,48532,3192,00:00:00/7-21:12:40,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/7-21:12:40,1245) (sd-pam) (root,24216,5348,00:00:02/7-21:12:39,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/7-21:12:39,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/7-21:12:38,1354) /usr/sbin/cron -n (root,691080,73640,00:10:07/7-21:12:32,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,44088,00:02:32/7-21:12:18,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:05:32,3340) [kworker/u8:0-flush-253:0] (root,0,0,00:00:01/02:53:03,4727) [kworker/1:0-events] (root,0,0,00:00:00/02:42:09,7262) [kworker/0:2-events] (postfix,24244,8288,00:00:00/46:53,7297) pickup -l -t fifo -u (root,35308,10012,00:00:00/13:08:45,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:02/13:08:45,8749) sshd: syslogtunnel (root,0,0,00:00:00/35:56,11849) [kworker/3:0-events] (root,35308,10012,00:00:00/1-19:03:34,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:06/1-19:03:33,15391) sshd: cm-ssh (root,0,0,00:00:00/21:31,15522) [kworker/2:0-events] (root,0,0,00:00:00/02:08:44,17178) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/14:27,18627) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/10:50,19692) [kworker/3:1] (root,0,0,00:00:00/07:15,20106) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/07:00,20109) [kworker/1:1-ata_sff] (root,0,0,00:00:00/03:42,20674) [kworker/2:2-events] (root,0,0,00:00:00/01:50,20902) [kworker/1:2-ata_sff] (root,0,0,00:00:00/00:32,21831) [kworker/u8:2] (root,0,0,00:00:00/00:05,22530) [kworker/0:0-events] (root,6656,3488,00:00:00/00:00,22760) /bin/bash /usr/bin/check_mk_agent (root,13744,3460,00:00:00/00:00,22778) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,22779) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,44628,9464,00:00:00/2-01:49:19,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-20 07:35 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363de61b549Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:24/7-15:05:03,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-15:05:03,2) [kthreadd] (root,0,0,00:00:00/7-15:05:03,3) [rcu_gp] (root,0,0,00:00:00/7-15:05:03,4) [rcu_par_gp] (root,0,0,00:00:00/7-15:05:03,5) [slub_flushwq] (root,0,0,00:00:00/7-15:05:03,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-15:05:03,9) [mm_percpu_wq] (root,0,0,00:00:00/7-15:05:03,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-15:05:03,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-15:05:03,12) [rcu_tasks_trace] (root,0,0,00:00:13/7-15:05:03,13) [ksoftirqd/0] (root,0,0,00:20:06/7-15:05:03,14) [rcu_preempt] (root,0,0,00:00:02/7-15:05:03,15) [migration/0] (root,0,0,00:00:00/7-15:05:03,16) [idle_inject/0] (root,0,0,00:00:00/7-15:05:03,18) [cpuhp/0] (root,0,0,00:00:00/7-15:05:03,19) [cpuhp/1] (root,0,0,00:00:00/7-15:05:03,20) [idle_inject/1] (root,0,0,00:00:03/7-15:05:03,21) [migration/1] (root,0,0,00:00:11/7-15:05:03,22) [ksoftirqd/1] (root,0,0,00:00:00/7-15:05:03,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-15:05:03,25) [cpuhp/2] (root,0,0,00:00:00/7-15:05:03,26) [idle_inject/2] (root,0,0,00:00:02/7-15:05:03,27) [migration/2] (root,0,0,00:16:14/7-15:05:03,28) [ksoftirqd/2] (root,0,0,00:00:00/7-15:05:03,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-15:05:03,31) [cpuhp/3] (root,0,0,00:00:00/7-15:05:03,32) [idle_inject/3] (root,0,0,00:00:03/7-15:05:03,33) [migration/3] (root,0,0,00:00:43/7-15:05:03,34) [ksoftirqd/3] (root,0,0,00:00:00/7-15:05:03,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-15:05:03,39) [kdevtmpfs] (root,0,0,00:00:00/7-15:05:03,40) [netns] (root,0,0,00:00:00/7-15:05:03,41) [inet_frag_wq] (root,0,0,00:00:02/7-15:05:03,42) [kauditd] (root,0,0,00:00:00/7-15:05:03,43) [khungtaskd] (root,0,0,00:00:00/7-15:05:03,44) [oom_reaper] (root,0,0,00:00:00/7-15:05:03,45) [writeback] (root,0,0,00:00:22/7-15:05:03,46) [kcompactd0] (root,0,0,00:00:00/7-15:05:03,47) [ksmd] (root,0,0,00:00:23/7-15:05:03,48) [khugepaged] (root,0,0,00:00:00/7-15:05:03,74) [kintegrityd] (root,0,0,00:00:00/7-15:05:03,75) [kblockd] (root,0,0,00:00:00/7-15:05:03,76) [blkcg_punt_bio] (root,0,0,00:00:00/7-15:05:03,78) [tpm_dev_wq] (root,0,0,00:00:00/7-15:05:03,79) [edac-poller] (root,0,0,00:00:00/7-15:05:03,80) [devfreq_wq] (root,0,0,00:00:00/7-15:05:03,110) [watchdogd] (root,0,0,00:00:01/7-15:05:03,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-15:05:03,112) [kswapd0] (root,0,0,00:00:00/7-15:05:02,114) [kthrotld] (root,0,0,00:00:00/7-15:05:02,115) [mld] (root,0,0,00:00:00/7-15:05:02,116) [ipv6_addrconf] (root,0,0,00:00:03/7-15:05:02,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/7-15:05:02,122) [kstrp] (root,0,0,00:00:00/7-15:05:02,123) [zswap-shrink] (root,0,0,00:00:00/7-15:05:02,124) [kworker/u9:0] (root,0,0,00:00:00/7-15:05:02,129) [charger_manager] (root,0,0,00:00:01/7-15:05:01,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/7-15:05:01,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-15:05:01,205) [kaluad] (root,0,0,00:00:00/7-15:05:01,250) [kmpath_rdacd] (root,0,0,00:00:00/7-15:05:01,293) [kmpathd] (root,0,0,00:00:00/7-15:05:01,294) [kmpath_handlerd] (root,0,0,00:00:00/7-15:05:01,342) [ata_sff] (root,0,0,00:00:00/7-15:05:00,343) [scsi_eh_0] (root,0,0,00:00:00/7-15:05:00,344) [scsi_tmf_0] (root,0,0,00:00:00/7-15:05:00,345) [scsi_eh_1] (root,0,0,00:00:00/7-15:05:00,346) [scsi_tmf_1] (root,0,0,00:00:11/7-15:04:58,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-15:04:58,367) [ext4-rsv-conver] (root,38604,7900,00:00:13/7-15:04:46,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/7-15:04:45,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:11/7-15:04:43,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:04/7-15:04:09,512) /sbin/auditd (messagebus,22936,5672,00:00:27/7-15:04:09,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:15/7-15:04:09,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/7-15:04:09,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/7-15:04:08,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/7-15:04:08,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:18:54,776) [kworker/3:0-events] (root,0,0,00:00:00/01:25,1151) [kworker/1:0-ata_sff] (root,547592,25356,00:00:08/7-15:03:54,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/7-15:03:54,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:42/7-15:03:53,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/7-15:03:53,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/7-15:03:53,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/7-15:03:53,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/7-15:03:53,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:13/7-15:03:53,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:00/7-15:03:53,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/7-15:03:53,1206) bpfilter_umh (root,26204,8300,00:00:04/7-15:03:53,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/7-15:03:53,1215) ntpd: asynchronous dns resolver (spot,284500,169628,08:43:37/7-15:03:53,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/7-15:03:52,1228) (sd-pam) (checkmk,48532,3192,00:00:00/7-15:03:52,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/7-15:03:52,1245) (sd-pam) (root,24216,5348,00:00:02/7-15:03:51,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/7-15:03:51,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/7-15:03:50,1354) /usr/sbin/cron -n (root,691080,73620,00:09:47/7-15:03:44,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,43792,00:02:26/7-15:03:30,1380) /usr/bin/python3.11 /usr/bin/spot (postfix,24244,8216,00:00:00/01:18:23,3178) pickup -l -t fifo -u (root,6656,3488,00:00:00/00:00,6275) /bin/bash /usr/bin/check_mk_agent (root,13744,3364,00:00:00/00:00,6293) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,6294) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/03:43:58,7055) [kworker/3:2-events] (root,0,0,00:00:00/51:42,7981) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10012,00:00:00/06:59:57,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:01/06:59:57,8749) sshd: syslogtunnel (root,0,0,00:00:00/08:06,10528) [kworker/2:1-events] (root,0,0,00:00:00/08:05,10529) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/49:50,13261) [kworker/0:2] (root,35308,10012,00:00:00/1-12:54:46,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:05/1-12:54:45,15391) sshd: cm-ssh (root,0,0,00:00:00/06:35,19229) [kworker/1:2-ata_sff] (root,0,0,00:00:00/01:04:08,23924) [kworker/0:0-events] (root,0,0,00:00:00/37:42,24194) [kworker/1:1-events] (postfix,44628,9464,00:00:00/1-19:40:31,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/27:19,31725) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-20 01:27 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363671705fdFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:18/5-13:31:53,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-13:31:53,2) [kthreadd] (root,0,0,00:00:00/5-13:31:53,3) [rcu_gp] (root,0,0,00:00:00/5-13:31:53,4) [rcu_par_gp] (root,0,0,00:00:00/5-13:31:53,5) [slub_flushwq] (root,0,0,00:00:00/5-13:31:53,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-13:31:53,9) [mm_percpu_wq] (root,0,0,00:00:00/5-13:31:53,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-13:31:53,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-13:31:53,12) [rcu_tasks_trace] (root,0,0,00:00:09/5-13:31:53,13) [ksoftirqd/0] (root,0,0,00:14:28/5-13:31:53,14) [rcu_preempt] (root,0,0,00:00:02/5-13:31:53,15) [migration/0] (root,0,0,00:00:00/5-13:31:53,16) [idle_inject/0] (root,0,0,00:00:00/5-13:31:53,18) [cpuhp/0] (root,0,0,00:00:00/5-13:31:53,19) [cpuhp/1] (root,0,0,00:00:00/5-13:31:53,20) [idle_inject/1] (root,0,0,00:00:02/5-13:31:53,21) [migration/1] (root,0,0,00:00:07/5-13:31:53,22) [ksoftirqd/1] (root,0,0,00:00:00/5-13:31:53,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-13:31:53,25) [cpuhp/2] (root,0,0,00:00:00/5-13:31:53,26) [idle_inject/2] (root,0,0,00:00:01/5-13:31:53,27) [migration/2] (root,0,0,00:11:59/5-13:31:53,28) [ksoftirqd/2] (root,0,0,00:00:00/5-13:31:53,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-13:31:53,31) [cpuhp/3] (root,0,0,00:00:00/5-13:31:53,32) [idle_inject/3] (root,0,0,00:00:02/5-13:31:53,33) [migration/3] (root,0,0,00:00:30/5-13:31:53,34) [ksoftirqd/3] (root,0,0,00:00:00/5-13:31:53,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-13:31:53,39) [kdevtmpfs] (root,0,0,00:00:00/5-13:31:53,40) [netns] (root,0,0,00:00:00/5-13:31:53,41) [inet_frag_wq] (root,0,0,00:00:01/5-13:31:53,42) [kauditd] (root,0,0,00:00:00/5-13:31:53,43) [khungtaskd] (root,0,0,00:00:00/5-13:31:53,44) [oom_reaper] (root,0,0,00:00:00/5-13:31:53,45) [writeback] (root,0,0,00:00:15/5-13:31:53,46) [kcompactd0] (root,0,0,00:00:00/5-13:31:53,47) [ksmd] (root,0,0,00:00:15/5-13:31:53,48) [khugepaged] (root,0,0,00:00:00/5-13:31:53,74) [kintegrityd] (root,0,0,00:00:00/5-13:31:53,75) [kblockd] (root,0,0,00:00:00/5-13:31:53,76) [blkcg_punt_bio] (root,0,0,00:00:00/5-13:31:53,78) [tpm_dev_wq] (root,0,0,00:00:00/5-13:31:53,79) [edac-poller] (root,0,0,00:00:00/5-13:31:53,80) [devfreq_wq] (root,0,0,00:00:00/5-13:31:53,110) [watchdogd] (root,0,0,00:00:01/5-13:31:53,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-13:31:53,112) [kswapd0] (root,0,0,00:00:00/5-13:31:52,114) [kthrotld] (root,0,0,00:00:00/5-13:31:52,115) [mld] (root,0,0,00:00:00/5-13:31:52,116) [ipv6_addrconf] (root,0,0,00:00:02/5-13:31:52,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/5-13:31:52,122) [kstrp] (root,0,0,00:00:00/5-13:31:52,123) [zswap-shrink] (root,0,0,00:00:00/5-13:31:52,124) [kworker/u9:0] (root,0,0,00:00:00/5-13:31:52,129) [charger_manager] (root,0,0,00:00:01/5-13:31:51,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/5-13:31:51,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-13:31:51,205) [kaluad] (root,0,0,00:00:00/5-13:31:51,250) [kmpath_rdacd] (root,0,0,00:00:00/5-13:31:51,293) [kmpathd] (root,0,0,00:00:00/5-13:31:51,294) [kmpath_handlerd] (root,0,0,00:00:00/5-13:31:51,342) [ata_sff] (root,0,0,00:00:00/5-13:31:50,343) [scsi_eh_0] (root,0,0,00:00:00/5-13:31:50,344) [scsi_tmf_0] (root,0,0,00:00:00/5-13:31:50,345) [scsi_eh_1] (root,0,0,00:00:00/5-13:31:50,346) [scsi_tmf_1] (root,0,0,00:00:08/5-13:31:48,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-13:31:48,367) [ext4-rsv-conver] (root,38604,7544,00:00:09/5-13:31:36,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/5-13:31:35,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:08/5-13:31:33,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/5-13:30:59,512) /sbin/auditd (messagebus,22936,5824,00:00:20/5-13:30:59,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:11/5-13:30:59,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/5-13:30:59,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/5-13:30:58,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/5-13:30:58,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25572,00:00:06/5-13:30:44,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/5-13:30:44,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:29/5-13:30:43,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/5-13:30:43,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/5-13:30:43,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/5-13:30:43,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/5-13:30:43,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:10/5-13:30:43,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:43/5-13:30:43,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/5-13:30:43,1206) bpfilter_umh (root,26204,8340,00:00:03/5-13:30:43,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/5-13:30:43,1215) ntpd: asynchronous dns resolver (spot,275880,163668,06:05:54/5-13:30:43,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/5-13:30:42,1228) (sd-pam) (checkmk,48532,3192,00:00:00/5-13:30:42,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/5-13:30:42,1245) (sd-pam) (root,24216,5348,00:00:01/5-13:30:41,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/5-13:30:41,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/5-13:30:40,1354) /usr/sbin/cron -n (root,691080,73464,00:07:04/5-13:30:34,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,42496,00:01:45/5-13:30:20,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/28:36,4571) [kworker/2:0-cgroup_destroy] (root,35308,10024,00:00:00/3-15:23:29,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:12/3-15:23:29,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/3-15:23:14,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:11/3-15:23:14,4688) sshd: cm-ssh (root,6656,3512,00:00:00/00:00,6931) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,7050) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,7072) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,7073) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,6656,1908,00:00:00/00:00,7074) /bin/bash /usr/bin/check_mk_agent (root,24272,5364,00:00:00/00:00,7075) postconf -h queue_directory (root,0,0,00:00:00/27:53,9134) [kworker/3:0] (postfix,24244,8216,00:00:00/06:05,11162) pickup -l -t fifo -u (root,0,0,00:00:00/57:58,17810) [kworker/3:1-events] (root,0,0,00:00:00/03:34,20628) [kworker/1:1-ata_sff] (root,0,0,00:00:00/32:05,22337) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/05:23:32,26136) [kworker/u8:1-writeback] (root,0,0,00:00:01/02:02:54,28062) [kworker/1:2-events] (root,0,0,00:00:00/08:45,29243) [kworker/1:0-ata_sff] (root,0,0,00:00:00/01:59,29441) [kworker/0:0-events] (root,0,0,00:00:00/01:33:32,30976) [kworker/u8:0-writeback] (root,0,0,00:00:01/02:39:52,31879) [kworker/0:2-events] (root,0,0,00:00:00/40:37,32749) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-17 23:54 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683634a18ef37Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12692,00:00:13/3-12:16:34,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-12:16:34,2) [kthreadd] (root,0,0,00:00:00/3-12:16:34,3) [rcu_gp] (root,0,0,00:00:00/3-12:16:34,4) [rcu_par_gp] (root,0,0,00:00:00/3-12:16:34,5) [slub_flushwq] (root,0,0,00:00:00/3-12:16:34,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-12:16:34,9) [mm_percpu_wq] (root,0,0,00:00:00/3-12:16:34,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-12:16:34,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-12:16:34,12) [rcu_tasks_trace] (root,0,0,00:00:05/3-12:16:34,13) [ksoftirqd/0] (root,0,0,00:09:09/3-12:16:34,14) [rcu_preempt] (root,0,0,00:00:01/3-12:16:34,15) [migration/0] (root,0,0,00:00:00/3-12:16:34,16) [idle_inject/0] (root,0,0,00:00:00/3-12:16:34,18) [cpuhp/0] (root,0,0,00:00:00/3-12:16:34,19) [cpuhp/1] (root,0,0,00:00:00/3-12:16:34,20) [idle_inject/1] (root,0,0,00:00:01/3-12:16:34,21) [migration/1] (root,0,0,00:00:04/3-12:16:34,22) [ksoftirqd/1] (root,0,0,00:00:00/3-12:16:34,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-12:16:34,25) [cpuhp/2] (root,0,0,00:00:00/3-12:16:34,26) [idle_inject/2] (root,0,0,00:00:01/3-12:16:34,27) [migration/2] (root,0,0,00:07:39/3-12:16:34,28) [ksoftirqd/2] (root,0,0,00:00:00/3-12:16:34,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-12:16:34,31) [cpuhp/3] (root,0,0,00:00:00/3-12:16:34,32) [idle_inject/3] (root,0,0,00:00:01/3-12:16:34,33) [migration/3] (root,0,0,00:00:19/3-12:16:34,34) [ksoftirqd/3] (root,0,0,00:00:00/3-12:16:34,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-12:16:34,39) [kdevtmpfs] (root,0,0,00:00:00/3-12:16:34,40) [netns] (root,0,0,00:00:00/3-12:16:34,41) [inet_frag_wq] (root,0,0,00:00:01/3-12:16:34,42) [kauditd] (root,0,0,00:00:00/3-12:16:34,43) [khungtaskd] (root,0,0,00:00:00/3-12:16:34,44) [oom_reaper] (root,0,0,00:00:00/3-12:16:34,45) [writeback] (root,0,0,00:00:09/3-12:16:34,46) [kcompactd0] (root,0,0,00:00:00/3-12:16:34,47) [ksmd] (root,0,0,00:00:10/3-12:16:34,48) [khugepaged] (root,0,0,00:00:00/3-12:16:34,74) [kintegrityd] (root,0,0,00:00:00/3-12:16:34,75) [kblockd] (root,0,0,00:00:00/3-12:16:34,76) [blkcg_punt_bio] (root,0,0,00:00:00/3-12:16:34,78) [tpm_dev_wq] (root,0,0,00:00:00/3-12:16:34,79) [edac-poller] (root,0,0,00:00:00/3-12:16:34,80) [devfreq_wq] (root,0,0,00:00:00/3-12:16:34,110) [watchdogd] (root,0,0,00:00:00/3-12:16:34,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-12:16:34,112) [kswapd0] (root,0,0,00:00:00/3-12:16:33,114) [kthrotld] (root,0,0,00:00:00/3-12:16:33,115) [mld] (root,0,0,00:00:00/3-12:16:33,116) [ipv6_addrconf] (root,0,0,00:00:01/3-12:16:33,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-12:16:33,122) [kstrp] (root,0,0,00:00:00/3-12:16:33,123) [zswap-shrink] (root,0,0,00:00:00/3-12:16:33,124) [kworker/u9:0] (root,0,0,00:00:00/3-12:16:33,129) [charger_manager] (root,0,0,00:00:00/3-12:16:32,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-12:16:32,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-12:16:32,205) [kaluad] (root,0,0,00:00:00/3-12:16:32,250) [kmpath_rdacd] (root,0,0,00:00:00/3-12:16:32,293) [kmpathd] (root,0,0,00:00:00/3-12:16:32,294) [kmpath_handlerd] (root,0,0,00:00:00/3-12:16:32,342) [ata_sff] (root,0,0,00:00:00/3-12:16:31,343) [scsi_eh_0] (root,0,0,00:00:00/3-12:16:31,344) [scsi_tmf_0] (root,0,0,00:00:00/3-12:16:31,345) [scsi_eh_1] (root,0,0,00:00:00/3-12:16:31,346) [scsi_tmf_1] (root,0,0,00:00:05/3-12:16:29,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-12:16:29,367) [ext4-rsv-conver] (root,38604,7544,00:00:06/3-12:16:17,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/3-12:16:16,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:05/3-12:16:14,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/3-12:15:40,512) /sbin/auditd (messagebus,22936,5824,00:00:14/3-12:15:40,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8536,00:00:07/3-12:15:40,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/3-12:15:40,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/3-12:15:39,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/3-12:15:39,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24748,00:00:04/3-12:15:25,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/3-12:15:25,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:14/3-12:15:24,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/3-12:15:24,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/3-12:15:24,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/3-12:15:24,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/3-12:15:24,1201) /usr/lib/systemd/systemd --user (root,448724,8116,00:00:07/3-12:15:24,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:27/3-12:15:24,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/3-12:15:24,1206) bpfilter_umh (root,26204,8340,00:00:02/3-12:15:24,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/3-12:15:24,1215) ntpd: asynchronous dns resolver (spot,274908,163324,04:05:01/3-12:15:24,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/3-12:15:23,1228) (sd-pam) (checkmk,48532,3192,00:00:00/3-12:15:23,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/3-12:15:23,1245) (sd-pam) (root,24216,5348,00:00:01/3-12:15:22,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-12:15:22,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/3-12:15:21,1354) /usr/sbin/cron -n (root,689544,71904,00:04:29/3-12:15:15,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,207296,41140,00:01:08/3-12:15:01,1380) /usr/bin/python3.11 /usr/bin/spot (root,6656,3484,00:00:00/00:00,2084) /bin/bash /usr/bin/check_mk_agent (root,13744,3504,00:00:00/00:00,2102) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,2103) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/47:56,3235) [kworker/2:0-events] (root,0,0,00:00:00/57:59,4422) [kworker/1:2-events] (root,35308,10024,00:00:00/1-14:08:10,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:05/1-14:08:10,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/1-14:07:55,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:04/1-14:07:55,4688) sshd: cm-ssh (root,0,0,00:00:00/22:03,7443) [kworker/3:1-events] (root,0,0,00:00:00/13:35,13813) [kworker/3:2-events] (root,0,0,00:00:00/13:12,16604) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/04:44,18508) [kworker/1:0-ata_sff] (root,0,0,00:00:00/26:17,25690) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/01:00:44,26476) [kworker/0:2-events] (postfix,24244,8288,00:00:00/52:53,29806) pickup -l -t fifo -u (root,0,0,00:00:00/09:56,30011) [kworker/1:1-ata_sff] (root,0,0,00:00:00/02:23:11,30146) [kworker/u8:2] (root,0,0,00:00:00/52:14,30247) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-15 22:38 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a1c1543fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12692,00:00:13/3-11:59:41,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-11:59:41,2) [kthreadd] (root,0,0,00:00:00/3-11:59:41,3) [rcu_gp] (root,0,0,00:00:00/3-11:59:41,4) [rcu_par_gp] (root,0,0,00:00:00/3-11:59:41,5) [slub_flushwq] (root,0,0,00:00:00/3-11:59:41,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-11:59:41,9) [mm_percpu_wq] (root,0,0,00:00:00/3-11:59:41,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-11:59:41,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-11:59:41,12) [rcu_tasks_trace] (root,0,0,00:00:05/3-11:59:41,13) [ksoftirqd/0] (root,0,0,00:09:07/3-11:59:41,14) [rcu_preempt] (root,0,0,00:00:01/3-11:59:41,15) [migration/0] (root,0,0,00:00:00/3-11:59:41,16) [idle_inject/0] (root,0,0,00:00:00/3-11:59:41,18) [cpuhp/0] (root,0,0,00:00:00/3-11:59:41,19) [cpuhp/1] (root,0,0,00:00:00/3-11:59:41,20) [idle_inject/1] (root,0,0,00:00:01/3-11:59:41,21) [migration/1] (root,0,0,00:00:04/3-11:59:41,22) [ksoftirqd/1] (root,0,0,00:00:00/3-11:59:41,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-11:59:41,25) [cpuhp/2] (root,0,0,00:00:00/3-11:59:41,26) [idle_inject/2] (root,0,0,00:00:01/3-11:59:41,27) [migration/2] (root,0,0,00:07:37/3-11:59:41,28) [ksoftirqd/2] (root,0,0,00:00:00/3-11:59:41,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-11:59:41,31) [cpuhp/3] (root,0,0,00:00:00/3-11:59:41,32) [idle_inject/3] (root,0,0,00:00:01/3-11:59:41,33) [migration/3] (root,0,0,00:00:19/3-11:59:41,34) [ksoftirqd/3] (root,0,0,00:00:00/3-11:59:41,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-11:59:41,39) [kdevtmpfs] (root,0,0,00:00:00/3-11:59:41,40) [netns] (root,0,0,00:00:00/3-11:59:41,41) [inet_frag_wq] (root,0,0,00:00:01/3-11:59:41,42) [kauditd] (root,0,0,00:00:00/3-11:59:41,43) [khungtaskd] (root,0,0,00:00:00/3-11:59:41,44) [oom_reaper] (root,0,0,00:00:00/3-11:59:41,45) [writeback] (root,0,0,00:00:09/3-11:59:41,46) [kcompactd0] (root,0,0,00:00:00/3-11:59:41,47) [ksmd] (root,0,0,00:00:10/3-11:59:41,48) [khugepaged] (root,0,0,00:00:00/3-11:59:41,74) [kintegrityd] (root,0,0,00:00:00/3-11:59:41,75) [kblockd] (root,0,0,00:00:00/3-11:59:41,76) [blkcg_punt_bio] (root,0,0,00:00:00/3-11:59:41,78) [tpm_dev_wq] (root,0,0,00:00:00/3-11:59:41,79) [edac-poller] (root,0,0,00:00:00/3-11:59:41,80) [devfreq_wq] (root,0,0,00:00:00/3-11:59:41,110) [watchdogd] (root,0,0,00:00:00/3-11:59:41,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-11:59:41,112) [kswapd0] (root,0,0,00:00:00/3-11:59:40,114) [kthrotld] (root,0,0,00:00:00/3-11:59:40,115) [mld] (root,0,0,00:00:00/3-11:59:40,116) [ipv6_addrconf] (root,0,0,00:00:01/3-11:59:40,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-11:59:40,122) [kstrp] (root,0,0,00:00:00/3-11:59:40,123) [zswap-shrink] (root,0,0,00:00:00/3-11:59:40,124) [kworker/u9:0] (root,0,0,00:00:00/3-11:59:40,129) [charger_manager] (root,0,0,00:00:00/3-11:59:39,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-11:59:39,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-11:59:39,205) [kaluad] (root,0,0,00:00:00/3-11:59:39,250) [kmpath_rdacd] (root,0,0,00:00:00/3-11:59:39,293) [kmpathd] (root,0,0,00:00:00/3-11:59:39,294) [kmpath_handlerd] (root,0,0,00:00:00/3-11:59:39,342) [ata_sff] (root,0,0,00:00:00/3-11:59:38,343) [scsi_eh_0] (root,0,0,00:00:00/3-11:59:38,344) [scsi_tmf_0] (root,0,0,00:00:00/3-11:59:38,345) [scsi_eh_1] (root,0,0,00:00:00/3-11:59:38,346) [scsi_tmf_1] (root,0,0,00:00:05/3-11:59:36,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-11:59:36,367) [ext4-rsv-conver] (root,38604,7544,00:00:06/3-11:59:24,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/3-11:59:23,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:05/3-11:59:21,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/3-11:58:47,512) /sbin/auditd (messagebus,22936,5824,00:00:14/3-11:58:47,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8536,00:00:07/3-11:58:47,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/3-11:58:47,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/3-11:58:46,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/3-11:58:46,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24748,00:00:04/3-11:58:32,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/3-11:58:32,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:14/3-11:58:31,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/3-11:58:31,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/3-11:58:31,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/3-11:58:31,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/3-11:58:31,1201) /usr/lib/systemd/systemd --user (root,448724,8116,00:00:07/3-11:58:31,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:27/3-11:58:31,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/3-11:58:31,1206) bpfilter_umh (root,26204,8340,00:00:02/3-11:58:31,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/3-11:58:31,1215) ntpd: asynchronous dns resolver (spot,274876,163316,04:04:08/3-11:58:31,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/3-11:58:30,1228) (sd-pam) (checkmk,48532,3192,00:00:00/3-11:58:30,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/3-11:58:30,1245) (sd-pam) (root,24216,5348,00:00:01/3-11:58:29,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-11:58:29,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/3-11:58:28,1354) /usr/sbin/cron -n (root,689544,71904,00:04:29/3-11:58:22,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,207296,41140,00:01:08/3-11:58:08,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/31:03,3235) [kworker/2:0-events] (root,0,0,00:00:00/41:06,4422) [kworker/1:2-events] (root,35308,10024,00:00:00/1-13:51:17,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:05/1-13:51:17,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/1-13:51:02,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:04/1-13:51:02,4688) sshd: cm-ssh (root,0,0,00:00:00/05:10,7443) [kworker/3:1-events] (root,0,0,00:00:00/02:39:42,14204) [kworker/3:0-events] (root,0,0,00:00:00/21:50,14772) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/03:24,15978) [kworker/1:1-ata_sff] (root,0,0,00:00:00/09:24,25690) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/43:51,26476) [kworker/0:2-events] (root,0,0,00:00:00/01:21,27767) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/08:37,28173) [kworker/1:0-ata_sff] (postfix,24244,8288,00:00:00/36:00,29806) pickup -l -t fifo -u (root,0,0,00:00:00/02:06:18,30146) [kworker/u8:2] (root,0,0,00:00:00/35:21,30247) [kworker/0:1-events] (root,6656,3484,00:00:00/00:00,32424) /bin/bash /usr/bin/check_mk_agent (root,13744,3420,00:00:00/00:00,32442) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,32443) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-15 22:21 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363342621dbFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12668,00:00:07/1-11:49:02,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-11:49:02,2) [kthreadd] (root,0,0,00:00:00/1-11:49:02,3) [rcu_gp] (root,0,0,00:00:00/1-11:49:02,4) [rcu_par_gp] (root,0,0,00:00:00/1-11:49:02,5) [slub_flushwq] (root,0,0,00:00:00/1-11:49:02,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-11:49:02,9) [mm_percpu_wq] (root,0,0,00:00:00/1-11:49:02,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-11:49:02,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-11:49:02,12) [rcu_tasks_trace] (root,0,0,00:00:02/1-11:49:02,13) [ksoftirqd/0] (root,0,0,00:03:50/1-11:49:02,14) [rcu_preempt] (root,0,0,00:00:00/1-11:49:02,15) [migration/0] (root,0,0,00:00:00/1-11:49:02,16) [idle_inject/0] (root,0,0,00:00:00/1-11:49:02,18) [cpuhp/0] (root,0,0,00:00:00/1-11:49:02,19) [cpuhp/1] (root,0,0,00:00:00/1-11:49:02,20) [idle_inject/1] (root,0,0,00:00:00/1-11:49:02,21) [migration/1] (root,0,0,00:00:01/1-11:49:02,22) [ksoftirqd/1] (root,0,0,00:00:00/1-11:49:02,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-11:49:02,25) [cpuhp/2] (root,0,0,00:00:00/1-11:49:02,26) [idle_inject/2] (root,0,0,00:00:00/1-11:49:02,27) [migration/2] (root,0,0,00:03:05/1-11:49:02,28) [ksoftirqd/2] (root,0,0,00:00:00/1-11:49:02,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-11:49:02,31) [cpuhp/3] (root,0,0,00:00:00/1-11:49:02,32) [idle_inject/3] (root,0,0,00:00:00/1-11:49:02,33) [migration/3] (root,0,0,00:00:07/1-11:49:02,34) [ksoftirqd/3] (root,0,0,00:00:00/1-11:49:02,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-11:49:02,39) [kdevtmpfs] (root,0,0,00:00:00/1-11:49:02,40) [netns] (root,0,0,00:00:00/1-11:49:02,41) [inet_frag_wq] (root,0,0,00:00:00/1-11:49:02,42) [kauditd] (root,0,0,00:00:00/1-11:49:02,43) [khungtaskd] (root,0,0,00:00:00/1-11:49:02,44) [oom_reaper] (root,0,0,00:00:00/1-11:49:02,45) [writeback] (root,0,0,00:00:04/1-11:49:02,46) [kcompactd0] (root,0,0,00:00:00/1-11:49:02,47) [ksmd] (root,0,0,00:00:04/1-11:49:02,48) [khugepaged] (root,0,0,00:00:00/1-11:49:02,74) [kintegrityd] (root,0,0,00:00:00/1-11:49:02,75) [kblockd] (root,0,0,00:00:00/1-11:49:02,76) [blkcg_punt_bio] (root,0,0,00:00:00/1-11:49:02,78) [tpm_dev_wq] (root,0,0,00:00:00/1-11:49:02,79) [edac-poller] (root,0,0,00:00:00/1-11:49:02,80) [devfreq_wq] (root,0,0,00:00:00/1-11:49:02,110) [watchdogd] (root,0,0,00:00:00/1-11:49:02,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-11:49:02,112) [kswapd0] (root,0,0,00:00:00/1-11:49:01,114) [kthrotld] (root,0,0,00:00:00/1-11:49:01,115) [mld] (root,0,0,00:00:00/1-11:49:01,116) [ipv6_addrconf] (root,0,0,00:00:00/1-11:49:01,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-11:49:01,122) [kstrp] (root,0,0,00:00:00/1-11:49:01,123) [zswap-shrink] (root,0,0,00:00:00/1-11:49:01,124) [kworker/u9:0] (root,0,0,00:00:00/1-11:49:01,129) [charger_manager] (root,0,0,00:00:00/1-11:49:00,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-11:49:00,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-11:49:00,205) [kaluad] (root,0,0,00:00:00/1-11:49:00,250) [kmpath_rdacd] (root,0,0,00:00:00/1-11:49:00,293) [kmpathd] (root,0,0,00:00:00/1-11:49:00,294) [kmpath_handlerd] (root,0,0,00:00:00/1-11:49:00,342) [ata_sff] (root,0,0,00:00:00/1-11:48:59,343) [scsi_eh_0] (root,0,0,00:00:00/1-11:48:59,344) [scsi_tmf_0] (root,0,0,00:00:00/1-11:48:59,345) [scsi_eh_1] (root,0,0,00:00:00/1-11:48:59,346) [scsi_tmf_1] (root,0,0,00:00:02/1-11:48:57,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-11:48:57,367) [ext4-rsv-conver] (root,38604,7544,00:00:03/1-11:48:45,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/1-11:48:44,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:02/1-11:48:42,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/1-11:48:08,512) /sbin/auditd (messagebus,22936,5824,00:00:06/1-11:48:08,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8504,00:00:03/1-11:48:08,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/1-11:48:08,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/1-11:48:07,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/1-11:48:07,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24220,00:00:01/1-11:47:53,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/1-11:47:53,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:05/1-11:47:52,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/1-11:47:52,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/1-11:47:52,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/1-11:47:52,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/1-11:47:52,1201) /usr/lib/systemd/systemd --user (root,448724,7840,00:00:03/1-11:47:52,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:11/1-11:47:52,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/1-11:47:52,1206) bpfilter_umh (root,26204,8340,00:00:01/1-11:47:52,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/1-11:47:52,1215) ntpd: asynchronous dns resolver (spot,199044,161696,01:40:52/1-11:47:52,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/1-11:47:51,1228) (sd-pam) (checkmk,48532,3192,00:00:00/1-11:47:51,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/1-11:47:51,1245) (sd-pam) (root,24216,5348,00:00:00/1-11:47:50,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/1-11:47:50,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/1-11:47:49,1354) /usr/sbin/cron -n (root,35308,9992,00:00:00/1-11:47:45,1368) sshd: syslogtunnel [priv] (syslogtunnel,35308,5400,00:00:05/1-11:47:45,1371) sshd: syslogtunnel (root,689288,71280,00:01:56/1-11:47:43,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,40780,00:00:30/1-11:47:29,1380) /usr/bin/python3.11 /usr/bin/spot (root,35308,9976,00:00:00/1-11:47:10,1434) sshd: cm-ssh [priv] (cm-ssh,35308,5468,00:00:04/1-11:47:10,1436) sshd: cm-ssh (root,0,0,00:00:00/28:09,1742) [kworker/0:0-events] (root,0,0,00:00:03/06:13:27,3139) [kworker/1:0-events] (root,0,0,00:00:01/03:37:21,3220) [kworker/3:2-events] (root,0,0,00:00:00/00:43,7690) [kworker/1:1-ata_sff] (root,6656,3488,00:00:00/00:00,11056) /bin/bash /usr/bin/check_mk_agent (root,13744,3452,00:00:00/00:00,11074) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,948,00:00:00/00:00,11075) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8272,00:00:00/47:18,11816) pickup -l -t fifo -u (root,0,0,00:00:01/01:26:37,13438) [kworker/2:0-events] (root,0,0,00:00:00/05:56,17851) [kworker/1:2-ata_sff] (root,0,0,00:00:00/34:44,22827) [kworker/0:2-events] (root,0,0,00:00:00/14:31,22974) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/02:40:44,23925) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/34:39,24085) [kworker/u8:1-writeback] (root,0,0,00:00:00/03:44:09,24173) [kworker/3:0-events] (root,0,0,00:00:00/03:38,27612) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-13 22:11 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ff7a3b23Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12368,00:03:06/62-12:08:56,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/62-12:08:56,2) [kthreadd] (root,0,0,00:00:00/62-12:08:56,3) [rcu_gp] (root,0,0,00:00:00/62-12:08:56,4) [rcu_par_gp] (root,0,0,00:00:00/62-12:08:56,5) [slub_flushwq] (root,0,0,00:00:00/62-12:08:56,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/62-12:08:56,9) [mm_percpu_wq] (root,0,0,00:00:00/62-12:08:56,10) [rcu_tasks_kthre] (root,0,0,00:00:00/62-12:08:56,11) [rcu_tasks_rude_] (root,0,0,00:00:00/62-12:08:56,12) [rcu_tasks_trace] (root,0,0,00:01:52/62-12:08:56,13) [ksoftirqd/0] (root,0,0,02:53:59/62-12:08:56,14) [rcu_preempt] (root,0,0,00:00:23/62-12:08:56,15) [migration/0] (root,0,0,00:00:00/62-12:08:56,16) [idle_inject/0] (root,0,0,00:00:00/62-12:08:56,18) [cpuhp/0] (root,0,0,00:00:00/62-12:08:56,19) [cpuhp/1] (root,0,0,00:00:00/62-12:08:56,20) [idle_inject/1] (root,0,0,00:00:23/62-12:08:56,21) [migration/1] (root,0,0,00:01:32/62-12:08:56,22) [ksoftirqd/1] (root,0,0,00:00:00/62-12:08:56,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/62-12:08:56,25) [cpuhp/2] (root,0,0,00:00:00/62-12:08:56,26) [idle_inject/2] (root,0,0,00:00:17/62-12:08:56,27) [migration/2] (root,0,0,01:53:20/62-12:08:56,28) [ksoftirqd/2] (root,0,0,00:00:00/62-12:08:56,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/62-12:08:56,31) [cpuhp/3] (root,0,0,00:00:00/62-12:08:56,32) [idle_inject/3] (root,0,0,00:00:22/62-12:08:56,33) [migration/3] (root,0,0,00:05:42/62-12:08:56,34) [ksoftirqd/3] (root,0,0,00:00:00/62-12:08:56,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/62-12:08:56,40) [kdevtmpfs] (root,0,0,00:00:00/62-12:08:56,41) [netns] (root,0,0,00:00:00/62-12:08:56,42) [inet_frag_wq] (root,0,0,00:00:22/62-12:08:56,43) [kauditd] (root,0,0,00:00:00/62-12:08:56,44) [khungtaskd] (root,0,0,00:00:00/62-12:08:56,45) [oom_reaper] (root,0,0,00:00:00/62-12:08:56,46) [writeback] (root,0,0,00:03:10/62-12:08:56,47) [kcompactd0] (root,0,0,00:00:00/62-12:08:56,48) [ksmd] (root,0,0,00:03:27/62-12:08:56,49) [khugepaged] (root,0,0,00:00:00/62-12:08:56,75) [kintegrityd] (root,0,0,00:00:00/62-12:08:56,76) [kblockd] (root,0,0,00:00:00/62-12:08:56,77) [blkcg_punt_bio] (root,0,0,00:00:00/62-12:08:56,79) [tpm_dev_wq] (root,0,0,00:00:00/62-12:08:56,80) [edac-poller] (root,0,0,00:00:00/62-12:08:56,81) [devfreq_wq] (root,0,0,00:00:00/62-12:08:56,110) [watchdogd] (root,0,0,00:00:05/62-12:08:56,111) [kswapd0] (root,0,0,00:00:15/62-12:08:56,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/62-12:08:54,115) [kthrotld] (root,0,0,00:00:00/62-12:08:54,116) [mld] (root,0,0,00:00:00/62-12:08:54,117) [ipv6_addrconf] (root,0,0,00:00:16/62-12:08:54,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/62-12:08:54,123) [kstrp] (root,0,0,00:00:00/62-12:08:54,124) [zswap-shrink] (root,0,0,00:00:00/62-12:08:54,125) [kworker/u9:0] (root,0,0,00:00:00/62-12:08:54,130) [charger_manager] (root,0,0,00:00:18/62-12:08:54,172) [kworker/1:1H-kblockd] (root,0,0,00:00:27/62-12:08:54,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/62-12:08:53,239) [kaluad] (root,0,0,00:00:00/62-12:08:53,258) [kmpath_rdacd] (root,0,0,00:00:00/62-12:08:53,304) [kmpathd] (root,0,0,00:00:00/62-12:08:53,305) [kmpath_handlerd] (root,0,0,00:00:00/62-12:08:52,342) [ata_sff] (root,0,0,00:00:00/62-12:08:52,343) [scsi_eh_0] (root,0,0,00:00:00/62-12:08:52,344) [scsi_tmf_0] (root,0,0,00:00:00/62-12:08:52,345) [scsi_eh_1] (root,0,0,00:00:00/62-12:08:52,346) [scsi_tmf_1] (root,0,0,00:01:59/62-12:08:49,366) [jbd2/vda1-8] (root,0,0,00:00:00/62-12:08:49,367) [ext4-rsv-conver] (root,38604,7852,00:01:47/62-12:08:37,440) /usr/lib/systemd/systemd-journald (root,53296,9324,00:00:07/62-12:08:36,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:36/62-12:08:34,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1584,00:00:39/62-12:08:03,511) /sbin/auditd (messagebus,22932,5400,00:03:34/62-12:08:02,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38880,8288,00:02:01/62-12:08:02,530) /usr/lib/systemd/systemd-logind (root,20556,4152,00:00:00/62-12:08:02,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15472,00:00:03/62-12:08:00,611) /usr/sbin/wickedd --systemd --foreground (root,31900,15904,00:00:00/62-12:08:00,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/47:05,1067) [kworker/u8:0-ext4-rsv-conversion] (root,549384,31628,00:01:13/62-12:07:46,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/62-12:07:46,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:06:03/62-12:07:46,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/62-12:07:46,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/62-12:07:46,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/62-12:07:46,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/62-12:07:46,1343) /usr/lib/systemd/systemd --user (root,449060,7988,00:01:55/62-12:07:46,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:52/62-12:07:46,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/62-12:07:46,1352) bpfilter_umh (root,26204,8096,00:00:33/62-12:07:46,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/62-12:07:46,1359) ntpd: asynchronous dns resolver (spot,362592,213540,3-11:00:08/62-12:07:45,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/62-12:07:45,1371) (sd-pam) (checkmk,48528,3180,00:00:00/62-12:07:45,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/62-12:07:45,1373) (sd-pam) (root,24216,5256,00:00:22/62-12:07:43,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/62-12:07:43,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/62-12:07:43,1485) /usr/sbin/cron -n (root,699464,78276,01:26:21/62-12:07:37,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,236992,82952,00:31:53/62-12:07:25,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9104,00:00:02/56-17:43:00,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/06:11,3845) [kworker/2:0] (root,0,0,00:00:00/02:10:50,8027) [kworker/0:1-cgroup_destroy] (root,35304,10040,00:00:00/24-12:35:55,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:32/24-12:35:54,10514) sshd: syslogtunnel (postfix,24244,8240,00:00:00/58:32,10568) pickup -l -t fifo -u (root,0,0,00:00:00/12:35,11735) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/04:26,12997) [kworker/3:2-ata_sff] (root,0,0,00:00:00/03:46,15942) [kworker/0:2-cgroup_destroy] (root,0,0,00:00:00/01:04:45,17828) [kworker/0:0-events] (root,0,0,00:00:00/18:31,17955) [kworker/1:1-events] (root,0,0,00:00:00/01:09:34,19079) [kworker/2:2-events] (root,0,0,00:00:00/09:36,24230) [kworker/3:1-ata_sff] (root,0,0,00:00:00/40:45,30091) [kworker/3:0-events] (root,6656,3492,00:00:00/00:00,30707) /bin/bash /usr/bin/check_mk_agent (root,6656,3492,00:00:00/00:00,30820) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,30842) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,30843) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10028,00:00:00/24-13:22:08,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:21/24-13:22:07,30947) sshd: cm-ssh (root,0,0,00:00:00/40:29,32761) [kworker/1:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-11 22:57 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683637850746fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:58/60-12:09:23,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/60-12:09:23,2) [kthreadd] (root,0,0,00:00:00/60-12:09:23,3) [rcu_gp] (root,0,0,00:00:00/60-12:09:23,4) [rcu_par_gp] (root,0,0,00:00:00/60-12:09:23,5) [slub_flushwq] (root,0,0,00:00:00/60-12:09:23,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/60-12:09:23,9) [mm_percpu_wq] (root,0,0,00:00:00/60-12:09:23,10) [rcu_tasks_kthre] (root,0,0,00:00:00/60-12:09:23,11) [rcu_tasks_rude_] (root,0,0,00:00:00/60-12:09:23,12) [rcu_tasks_trace] (root,0,0,00:01:48/60-12:09:23,13) [ksoftirqd/0] (root,0,0,02:48:53/60-12:09:23,14) [rcu_preempt] (root,0,0,00:00:23/60-12:09:23,15) [migration/0] (root,0,0,00:00:00/60-12:09:23,16) [idle_inject/0] (root,0,0,00:00:00/60-12:09:23,18) [cpuhp/0] (root,0,0,00:00:00/60-12:09:23,19) [cpuhp/1] (root,0,0,00:00:00/60-12:09:23,20) [idle_inject/1] (root,0,0,00:00:23/60-12:09:23,21) [migration/1] (root,0,0,00:01:29/60-12:09:23,22) [ksoftirqd/1] (root,0,0,00:00:00/60-12:09:23,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/60-12:09:23,25) [cpuhp/2] (root,0,0,00:00:00/60-12:09:23,26) [idle_inject/2] (root,0,0,00:00:17/60-12:09:23,27) [migration/2] (root,0,0,01:49:25/60-12:09:23,28) [ksoftirqd/2] (root,0,0,00:00:00/60-12:09:23,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/60-12:09:23,31) [cpuhp/3] (root,0,0,00:00:00/60-12:09:23,32) [idle_inject/3] (root,0,0,00:00:21/60-12:09:23,33) [migration/3] (root,0,0,00:05:32/60-12:09:23,34) [ksoftirqd/3] (root,0,0,00:00:00/60-12:09:23,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/60-12:09:23,40) [kdevtmpfs] (root,0,0,00:00:00/60-12:09:23,41) [netns] (root,0,0,00:00:00/60-12:09:23,42) [inet_frag_wq] (root,0,0,00:00:21/60-12:09:23,43) [kauditd] (root,0,0,00:00:00/60-12:09:23,44) [khungtaskd] (root,0,0,00:00:00/60-12:09:23,45) [oom_reaper] (root,0,0,00:00:00/60-12:09:23,46) [writeback] (root,0,0,00:03:04/60-12:09:23,47) [kcompactd0] (root,0,0,00:00:00/60-12:09:23,48) [ksmd] (root,0,0,00:03:20/60-12:09:23,49) [khugepaged] (root,0,0,00:00:00/60-12:09:23,75) [kintegrityd] (root,0,0,00:00:00/60-12:09:23,76) [kblockd] (root,0,0,00:00:00/60-12:09:23,77) [blkcg_punt_bio] (root,0,0,00:00:00/60-12:09:23,79) [tpm_dev_wq] (root,0,0,00:00:00/60-12:09:23,80) [edac-poller] (root,0,0,00:00:00/60-12:09:23,81) [devfreq_wq] (root,0,0,00:00:00/60-12:09:23,110) [watchdogd] (root,0,0,00:00:04/60-12:09:23,111) [kswapd0] (root,0,0,00:00:15/60-12:09:23,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/60-12:09:21,115) [kthrotld] (root,0,0,00:00:00/60-12:09:21,116) [mld] (root,0,0,00:00:00/60-12:09:21,117) [ipv6_addrconf] (root,0,0,00:00:16/60-12:09:21,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/60-12:09:21,123) [kstrp] (root,0,0,00:00:00/60-12:09:21,124) [zswap-shrink] (root,0,0,00:00:00/60-12:09:21,125) [kworker/u9:0] (root,0,0,00:00:00/60-12:09:21,130) [charger_manager] (root,0,0,00:00:18/60-12:09:21,172) [kworker/1:1H-kblockd] (root,0,0,00:00:26/60-12:09:21,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/60-12:09:20,239) [kaluad] (root,0,0,00:00:00/60-12:09:20,258) [kmpath_rdacd] (root,0,0,00:00:00/60-12:09:20,304) [kmpathd] (root,0,0,00:00:00/60-12:09:20,305) [kmpath_handlerd] (root,0,0,00:00:00/60-12:09:19,342) [ata_sff] (root,0,0,00:00:00/60-12:09:19,343) [scsi_eh_0] (root,0,0,00:00:00/60-12:09:19,344) [scsi_tmf_0] (root,0,0,00:00:00/60-12:09:19,345) [scsi_eh_1] (root,0,0,00:00:00/60-12:09:19,346) [scsi_tmf_1] (root,0,0,00:01:56/60-12:09:16,366) [jbd2/vda1-8] (root,0,0,00:00:00/60-12:09:16,367) [ext4-rsv-conver] (root,38604,7852,00:01:43/60-12:09:04,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/60-12:09:03,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:33/60-12:09:01,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:37/60-12:08:30,511) /sbin/auditd (messagebus,22932,5400,00:03:23/60-12:08:29,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:55/60-12:08:29,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/60-12:08:29,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/60-12:08:27,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/60-12:08:27,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549384,31636,00:01:11/60-12:08:13,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/60-12:08:13,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:53/60-12:08:13,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/60-12:08:13,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/60-12:08:13,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/60-12:08:13,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/60-12:08:13,1343) /usr/lib/systemd/systemd --user (root,449060,8208,00:01:51/60-12:08:13,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:36/60-12:08:13,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/60-12:08:13,1352) bpfilter_umh (root,26204,8096,00:00:31/60-12:08:13,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/60-12:08:13,1359) ntpd: asynchronous dns resolver (spot,362416,213512,3-08:23:10/60-12:08:12,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/60-12:08:12,1371) (sd-pam) (checkmk,48528,3180,00:00:00/60-12:08:12,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/60-12:08:12,1373) (sd-pam) (root,24216,5260,00:00:21/60-12:08:10,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/60-12:08:10,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/60-12:08:10,1485) /usr/sbin/cron -n (root,699208,78092,01:23:39/60-12:08:04,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,235968,82036,00:31:03/60-12:07:52,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/54-17:43:27,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:34:00,4301) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/00:17,7852) [kworker/3:1-ata_sff] (root,6656,3488,00:00:00/00:00,8896) /bin/bash /usr/bin/check_mk_agent (root,13744,3440,00:00:00/00:00,8914) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,8915) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35304,10040,00:00:00/22-12:36:22,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:24/22-12:36:21,10514) sshd: syslogtunnel (root,0,0,00:00:00/28:03,12806) [kworker/u8:1-writeback] (root,0,0,00:00:00/05:27,13124) [kworker/3:2-events] (root,0,0,00:00:00/05:15,14305) [kworker/0:1-events] (postfix,24244,8276,00:00:00/01:20:00,18926) pickup -l -t fifo -u (root,0,0,00:00:00/10:38,19277) [kworker/3:0-ata_sff] (root,0,0,00:00:00/10:01,22406) [kworker/1:2-events] (root,0,0,00:00:00/43:12,25987) [kworker/1:1-events] (root,0,0,00:00:00/57:27,29474) [kworker/0:2-events] (root,35308,10028,00:00:00/22-13:22:35,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:15/22-13:22:34,30947) sshd: cm-ssh (root,0,0,00:00:00/31:21,32105) [kworker/2:1-events] (root,0,0,00:00:00/01:23:28,32443) [kworker/2:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-09 22:58 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683631376a52dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,14416,00:02:49/58-12:17:52,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/58-12:17:52,2) [kthreadd] (root,0,0,00:00:00/58-12:17:52,3) [rcu_gp] (root,0,0,00:00:00/58-12:17:52,4) [rcu_par_gp] (root,0,0,00:00:00/58-12:17:52,5) [slub_flushwq] (root,0,0,00:00:00/58-12:17:52,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/58-12:17:52,9) [mm_percpu_wq] (root,0,0,00:00:00/58-12:17:52,10) [rcu_tasks_kthre] (root,0,0,00:00:00/58-12:17:52,11) [rcu_tasks_rude_] (root,0,0,00:00:00/58-12:17:52,12) [rcu_tasks_trace] (root,0,0,00:01:44/58-12:17:52,13) [ksoftirqd/0] (root,0,0,02:43:41/58-12:17:52,14) [rcu_preempt] (root,0,0,00:00:22/58-12:17:52,15) [migration/0] (root,0,0,00:00:00/58-12:17:52,16) [idle_inject/0] (root,0,0,00:00:00/58-12:17:52,18) [cpuhp/0] (root,0,0,00:00:00/58-12:17:52,19) [cpuhp/1] (root,0,0,00:00:00/58-12:17:52,20) [idle_inject/1] (root,0,0,00:00:22/58-12:17:52,21) [migration/1] (root,0,0,00:01:26/58-12:17:52,22) [ksoftirqd/1] (root,0,0,00:00:00/58-12:17:52,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/58-12:17:52,25) [cpuhp/2] (root,0,0,00:00:00/58-12:17:52,26) [idle_inject/2] (root,0,0,00:00:16/58-12:17:52,27) [migration/2] (root,0,0,01:44:30/58-12:17:52,28) [ksoftirqd/2] (root,0,0,00:00:00/58-12:17:52,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/58-12:17:52,31) [cpuhp/3] (root,0,0,00:00:00/58-12:17:52,32) [idle_inject/3] (root,0,0,00:00:20/58-12:17:52,33) [migration/3] (root,0,0,00:05:20/58-12:17:52,34) [ksoftirqd/3] (root,0,0,00:00:00/58-12:17:52,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/58-12:17:52,40) [kdevtmpfs] (root,0,0,00:00:00/58-12:17:52,41) [netns] (root,0,0,00:00:00/58-12:17:52,42) [inet_frag_wq] (root,0,0,00:00:20/58-12:17:52,43) [kauditd] (root,0,0,00:00:00/58-12:17:52,44) [khungtaskd] (root,0,0,00:00:00/58-12:17:52,45) [oom_reaper] (root,0,0,00:00:00/58-12:17:52,46) [writeback] (root,0,0,00:02:59/58-12:17:52,47) [kcompactd0] (root,0,0,00:00:00/58-12:17:52,48) [ksmd] (root,0,0,00:03:14/58-12:17:52,49) [khugepaged] (root,0,0,00:00:00/58-12:17:52,75) [kintegrityd] (root,0,0,00:00:00/58-12:17:52,76) [kblockd] (root,0,0,00:00:00/58-12:17:52,77) [blkcg_punt_bio] (root,0,0,00:00:00/58-12:17:52,79) [tpm_dev_wq] (root,0,0,00:00:00/58-12:17:52,80) [edac-poller] (root,0,0,00:00:00/58-12:17:52,81) [devfreq_wq] (root,0,0,00:00:00/58-12:17:52,110) [watchdogd] (root,0,0,00:00:04/58-12:17:52,111) [kswapd0] (root,0,0,00:00:15/58-12:17:52,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/58-12:17:50,115) [kthrotld] (root,0,0,00:00:00/58-12:17:50,116) [mld] (root,0,0,00:00:00/58-12:17:50,117) [ipv6_addrconf] (root,0,0,00:00:16/58-12:17:50,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/58-12:17:50,123) [kstrp] (root,0,0,00:00:00/58-12:17:50,124) [zswap-shrink] (root,0,0,00:00:00/58-12:17:50,125) [kworker/u9:0] (root,0,0,00:00:00/58-12:17:50,130) [charger_manager] (root,0,0,00:00:17/58-12:17:50,172) [kworker/1:1H-kblockd] (root,0,0,00:00:25/58-12:17:50,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/58-12:17:49,239) [kaluad] (root,0,0,00:00:00/58-12:17:49,258) [kmpath_rdacd] (root,0,0,00:00:00/58-12:17:49,304) [kmpathd] (root,0,0,00:00:00/58-12:17:49,305) [kmpath_handlerd] (root,0,0,00:00:00/58-12:17:48,342) [ata_sff] (root,0,0,00:00:00/58-12:17:48,343) [scsi_eh_0] (root,0,0,00:00:00/58-12:17:48,344) [scsi_tmf_0] (root,0,0,00:00:00/58-12:17:48,345) [scsi_eh_1] (root,0,0,00:00:00/58-12:17:48,346) [scsi_tmf_1] (root,0,0,00:01:52/58-12:17:45,366) [jbd2/vda1-8] (root,0,0,00:00:00/58-12:17:45,367) [ext4-rsv-conver] (root,38604,7852,00:01:38/58-12:17:33,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/58-12:17:32,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:30/58-12:17:30,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:35/58-12:16:59,511) /sbin/auditd (messagebus,22932,5400,00:03:12/58-12:16:58,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:48/58-12:16:58,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/58-12:16:58,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/58-12:16:56,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/58-12:16:56,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549128,31272,00:01:09/58-12:16:42,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/58-12:16:42,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:42/58-12:16:42,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/58-12:16:42,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/58-12:16:42,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/58-12:16:42,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/58-12:16:42,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:47/58-12:16:42,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:20/58-12:16:42,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/58-12:16:42,1352) bpfilter_umh (root,26204,8096,00:00:30/58-12:16:42,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/58-12:16:42,1359) ntpd: asynchronous dns resolver (spot,363264,214476,3-05:18:29/58-12:16:41,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/58-12:16:41,1371) (sd-pam) (checkmk,48528,3180,00:00:00/58-12:16:41,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/58-12:16:41,1373) (sd-pam) (root,24216,5260,00:00:20/58-12:16:39,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/58-12:16:39,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/58-12:16:39,1485) /usr/sbin/cron -n (root,698952,77684,01:20:56/58-12:16:33,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,234944,80360,00:30:15/58-12:16:21,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/52-17:51:56,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/06:01,4789) [kworker/0:1] (root,0,0,00:00:00/05:51,5373) [kworker/1:2-events] (root,0,0,00:00:00/05:27,6651) [kworker/u8:2-flush-253:0] (root,35304,10040,00:00:00/20-12:44:51,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:16/20-12:44:50,10514) sshd: syslogtunnel (root,0,0,00:00:00/04:25,12321) [kworker/3:2-ata_sff] (root,0,0,00:00:00/19:52,14847) [kworker/2:0-events] (root,0,0,00:00:00/01:40:28,16568) [kworker/2:2-events] (root,0,0,00:00:00/01:03:42,18323) [kworker/1:0-events] (postfix,24244,8272,00:00:00/10:15,20776) pickup -l -t fifo -u (root,0,0,00:00:00/01:28:26,22600) [kworker/u8:0-writeback] (root,0,0,00:00:00/09:36,23984) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:19:50,26097) [kworker/0:2-events] (root,6656,3488,00:00:00/00:00,30205) /bin/bash /usr/bin/check_mk_agent (root,13744,3428,00:00:00/00:00,30223) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,30224) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10028,00:00:00/20-13:31:04,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:09/20-13:31:03,30947) sshd: cm-ssh (root,0,0,00:00:00/25:09,31562) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-07 23:06 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e7ffd7a5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12388,00:02:23/49-13:53:07,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/49-13:53:07,2) [kthreadd] (root,0,0,00:00:00/49-13:53:07,3) [rcu_gp] (root,0,0,00:00:00/49-13:53:07,4) [rcu_par_gp] (root,0,0,00:00:00/49-13:53:07,5) [slub_flushwq] (root,0,0,00:00:00/49-13:53:07,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/49-13:53:07,9) [mm_percpu_wq] (root,0,0,00:00:00/49-13:53:07,10) [rcu_tasks_kthre] (root,0,0,00:00:00/49-13:53:07,11) [rcu_tasks_rude_] (root,0,0,00:00:00/49-13:53:07,12) [rcu_tasks_trace] (root,0,0,00:01:29/49-13:53:07,13) [ksoftirqd/0] (root,0,0,02:21:04/49-13:53:07,14) [rcu_preempt] (root,0,0,00:00:19/49-13:53:07,15) [migration/0] (root,0,0,00:00:00/49-13:53:07,16) [idle_inject/0] (root,0,0,00:00:00/49-13:53:07,18) [cpuhp/0] (root,0,0,00:00:00/49-13:53:07,19) [cpuhp/1] (root,0,0,00:00:00/49-13:53:07,20) [idle_inject/1] (root,0,0,00:00:19/49-13:53:07,21) [migration/1] (root,0,0,00:01:13/49-13:53:07,22) [ksoftirqd/1] (root,0,0,00:00:00/49-13:53:07,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/49-13:53:07,25) [cpuhp/2] (root,0,0,00:00:00/49-13:53:07,26) [idle_inject/2] (root,0,0,00:00:14/49-13:53:07,27) [migration/2] (root,0,0,01:30:10/49-13:53:07,28) [ksoftirqd/2] (root,0,0,00:00:00/49-13:53:07,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/49-13:53:07,31) [cpuhp/3] (root,0,0,00:00:00/49-13:53:07,32) [idle_inject/3] (root,0,0,00:00:17/49-13:53:07,33) [migration/3] (root,0,0,00:04:39/49-13:53:07,34) [ksoftirqd/3] (root,0,0,00:00:00/49-13:53:07,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/49-13:53:07,40) [kdevtmpfs] (root,0,0,00:00:00/49-13:53:07,41) [netns] (root,0,0,00:00:00/49-13:53:07,42) [inet_frag_wq] (root,0,0,00:00:17/49-13:53:07,43) [kauditd] (root,0,0,00:00:00/49-13:53:07,44) [khungtaskd] (root,0,0,00:00:00/49-13:53:07,45) [oom_reaper] (root,0,0,00:00:00/49-13:53:07,46) [writeback] (root,0,0,00:02:34/49-13:53:07,47) [kcompactd0] (root,0,0,00:00:00/49-13:53:07,48) [ksmd] (root,0,0,00:02:44/49-13:53:07,49) [khugepaged] (root,0,0,00:00:00/49-13:53:07,75) [kintegrityd] (root,0,0,00:00:00/49-13:53:07,76) [kblockd] (root,0,0,00:00:00/49-13:53:07,77) [blkcg_punt_bio] (root,0,0,00:00:00/49-13:53:07,79) [tpm_dev_wq] (root,0,0,00:00:00/49-13:53:07,80) [edac-poller] (root,0,0,00:00:00/49-13:53:07,81) [devfreq_wq] (root,0,0,00:00:00/49-13:53:07,110) [watchdogd] (root,0,0,00:00:04/49-13:53:07,111) [kswapd0] (root,0,0,00:00:13/49-13:53:07,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/49-13:53:05,115) [kthrotld] (root,0,0,00:00:00/49-13:53:05,116) [mld] (root,0,0,00:00:00/49-13:53:05,117) [ipv6_addrconf] (root,0,0,00:00:13/49-13:53:05,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/49-13:53:05,123) [kstrp] (root,0,0,00:00:00/49-13:53:05,124) [zswap-shrink] (root,0,0,00:00:00/49-13:53:05,125) [kworker/u9:0] (root,0,0,00:00:00/49-13:53:05,130) [charger_manager] (root,0,0,00:00:15/49-13:53:05,172) [kworker/1:1H-kblockd] (root,0,0,00:00:22/49-13:53:05,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/49-13:53:04,239) [kaluad] (root,0,0,00:00:00/49-13:53:04,258) [kmpath_rdacd] (root,0,0,00:00:00/49-13:53:04,304) [kmpathd] (root,0,0,00:00:00/49-13:53:04,305) [kmpath_handlerd] (root,0,0,00:00:00/49-13:53:03,342) [ata_sff] (root,0,0,00:00:00/49-13:53:03,343) [scsi_eh_0] (root,0,0,00:00:00/49-13:53:03,344) [scsi_tmf_0] (root,0,0,00:00:00/49-13:53:03,345) [scsi_eh_1] (root,0,0,00:00:00/49-13:53:03,346) [scsi_tmf_1] (root,0,0,00:01:38/49-13:53:00,366) [jbd2/vda1-8] (root,0,0,00:00:00/49-13:53:00,367) [ext4-rsv-conver] (root,38604,7852,00:01:23/49-13:52:48,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:05/49-13:52:47,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:17/49-13:52:45,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:29/49-13:52:14,511) /sbin/auditd (messagebus,22932,5400,00:02:41/49-13:52:13,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:31/49-13:52:13,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/49-13:52:13,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/49-13:52:11,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/49-13:52:11,616) /usr/sbin/wickedd-nanny --systemd --foreground (postfix,24244,8256,00:00:00/53:01,680) pickup -l -t fifo -u (root,548872,30612,00:00:59/49-13:51:57,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/49-13:51:57,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:57/49-13:51:57,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/49-13:51:57,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/49-13:51:57,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/49-13:51:57,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/49-13:51:57,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:33/49-13:51:57,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:07:09/49-13:51:57,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/49-13:51:57,1352) bpfilter_umh (root,26204,8096,00:00:25/49-13:51:57,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/49-13:51:57,1359) ntpd: asynchronous dns resolver (spot,360864,211908,2-18:40:56/49-13:51:56,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/49-13:51:56,1371) (sd-pam) (checkmk,48528,3180,00:00:00/49-13:51:56,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/49-13:51:56,1373) (sd-pam) (root,24216,5260,00:00:17/49-13:51:54,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/49-13:51:54,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/49-13:51:54,1485) /usr/sbin/cron -n (root,697764,76136,01:08:55/49-13:51:48,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,230848,74272,00:26:43/49-13:51:36,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9160,00:00:01/43-19:27:11,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/09:59,7744) [kworker/2:1] (root,0,0,00:00:00/01:06:05,8678) [kworker/0:2-events] (root,6656,3512,00:00:00/00:00,10135) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,10187) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,10214) /bin/bash /usr/bin/check_mk_agent (root,6656,3472,00:00:00/00:00,10248) /bin/bash /usr/bin/check_mk_agent (root,6656,1844,00:00:00/00:00,10254) /bin/bash /usr/bin/check_mk_agent (root,25368,8748,00:00:00/00:00,10263) postconf -c /etc/postfix (root,5280,804,00:00:00/00:00,10265) grep ^multi_instance_directories (root,11644,964,00:00:00/00:00,10266) sed s/.*=[[:space:]]*//g (root,6656,1820,00:00:00/00:00,10267) /bin/bash /usr/bin/check_mk_agent (root,6656,2012,00:00:00/00:00,10268) /bin/bash /usr/bin/check_mk_agent (root,4480,1088,00:00:00/00:00,10269) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,13744,3528,00:00:00/00:00,10270) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,10271) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,2728,780,00:00:00/00:00,10272) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,0,0,00:00:00/30:03,10330) [kworker/u8:0-ext4-rsv-conversion] (root,35304,10040,00:00:00/11-14:20:06,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:45/11-14:20:05,10514) sshd: syslogtunnel (root,0,0,00:00:00/08:46,11443) [kworker/3:0-ata_sff] (root,0,0,00:00:00/56:03,19062) [kworker/0:0] (root,0,0,00:00:01/06:41:09,21090) [kworker/1:0-events] (root,0,0,00:00:00/05:01,25756) [kworker/1:2] (root,0,0,00:00:00/45:37,26139) [kworker/2:0-events] (root,0,0,00:00:00/01:11:12,26697) [kworker/1:1-cgroup_destroy] (root,0,0,00:00:00/01:10:50,26705) [kworker/u8:2-events_unbound] (root,0,0,00:00:00/03:33,30571) [kworker/3:1-ata_sff] (root,0,0,00:00:01/02:49:35,30917) [kworker/3:2-events] (root,35308,10028,00:00:00/11-15:06:19,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:41/11-15:06:18,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-30 00:41 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c6ff1ce4Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12464,00:02:18/47-11:12:59,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/47-11:12:59,2) [kthreadd] (root,0,0,00:00:00/47-11:12:59,3) [rcu_gp] (root,0,0,00:00:00/47-11:12:59,4) [rcu_par_gp] (root,0,0,00:00:00/47-11:12:59,5) [slub_flushwq] (root,0,0,00:00:00/47-11:12:59,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/47-11:12:59,9) [mm_percpu_wq] (root,0,0,00:00:00/47-11:12:59,10) [rcu_tasks_kthre] (root,0,0,00:00:00/47-11:12:59,11) [rcu_tasks_rude_] (root,0,0,00:00:00/47-11:12:59,12) [rcu_tasks_trace] (root,0,0,00:01:26/47-11:12:59,13) [ksoftirqd/0] (root,0,0,02:15:35/47-11:12:59,14) [rcu_preempt] (root,0,0,00:00:18/47-11:12:59,15) [migration/0] (root,0,0,00:00:00/47-11:12:59,16) [idle_inject/0] (root,0,0,00:00:00/47-11:12:59,18) [cpuhp/0] (root,0,0,00:00:00/47-11:12:59,19) [cpuhp/1] (root,0,0,00:00:00/47-11:12:59,20) [idle_inject/1] (root,0,0,00:00:18/47-11:12:59,21) [migration/1] (root,0,0,00:01:10/47-11:12:59,22) [ksoftirqd/1] (root,0,0,00:00:00/47-11:12:59,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/47-11:12:59,25) [cpuhp/2] (root,0,0,00:00:00/47-11:12:59,26) [idle_inject/2] (root,0,0,00:00:13/47-11:12:59,27) [migration/2] (root,0,0,01:27:30/47-11:12:59,28) [ksoftirqd/2] (root,0,0,00:00:00/47-11:12:59,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/47-11:12:59,31) [cpuhp/3] (root,0,0,00:00:00/47-11:12:59,32) [idle_inject/3] (root,0,0,00:00:17/47-11:12:59,33) [migration/3] (root,0,0,00:04:29/47-11:12:59,34) [ksoftirqd/3] (root,0,0,00:00:00/47-11:12:59,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/47-11:12:59,40) [kdevtmpfs] (root,0,0,00:00:00/47-11:12:59,41) [netns] (root,0,0,00:00:00/47-11:12:59,42) [inet_frag_wq] (root,0,0,00:00:16/47-11:12:59,43) [kauditd] (root,0,0,00:00:00/47-11:12:59,44) [khungtaskd] (root,0,0,00:00:00/47-11:12:59,45) [oom_reaper] (root,0,0,00:00:00/47-11:12:59,46) [writeback] (root,0,0,00:02:28/47-11:12:59,47) [kcompactd0] (root,0,0,00:00:00/47-11:12:59,48) [ksmd] (root,0,0,00:02:37/47-11:12:59,49) [khugepaged] (root,0,0,00:00:00/47-11:12:59,75) [kintegrityd] (root,0,0,00:00:00/47-11:12:59,76) [kblockd] (root,0,0,00:00:00/47-11:12:59,77) [blkcg_punt_bio] (root,0,0,00:00:00/47-11:12:59,79) [tpm_dev_wq] (root,0,0,00:00:00/47-11:12:59,80) [edac-poller] (root,0,0,00:00:00/47-11:12:59,81) [devfreq_wq] (root,0,0,00:00:00/47-11:12:59,110) [watchdogd] (root,0,0,00:00:03/47-11:12:59,111) [kswapd0] (root,0,0,00:00:12/47-11:12:59,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/47-11:12:57,115) [kthrotld] (root,0,0,00:00:00/47-11:12:57,116) [mld] (root,0,0,00:00:00/47-11:12:57,117) [ipv6_addrconf] (root,0,0,00:00:13/47-11:12:57,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/47-11:12:57,123) [kstrp] (root,0,0,00:00:00/47-11:12:57,124) [zswap-shrink] (root,0,0,00:00:00/47-11:12:57,125) [kworker/u9:0] (root,0,0,00:00:00/47-11:12:57,130) [charger_manager] (root,0,0,00:00:14/47-11:12:57,172) [kworker/1:1H-kblockd] (root,0,0,00:00:21/47-11:12:57,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/47-11:12:56,239) [kaluad] (root,0,0,00:00:00/47-11:12:56,258) [kmpath_rdacd] (root,0,0,00:00:00/47-11:12:56,304) [kmpathd] (root,0,0,00:00:00/47-11:12:56,305) [kmpath_handlerd] (root,0,0,00:00:00/47-11:12:55,342) [ata_sff] (root,0,0,00:00:00/47-11:12:55,343) [scsi_eh_0] (root,0,0,00:00:00/47-11:12:55,344) [scsi_tmf_0] (root,0,0,00:00:00/47-11:12:55,345) [scsi_eh_1] (root,0,0,00:00:00/47-11:12:55,346) [scsi_tmf_1] (root,0,0,00:01:34/47-11:12:52,366) [jbd2/vda1-8] (root,0,0,00:00:00/47-11:12:52,367) [ext4-rsv-conver] (root,38604,7856,00:01:20/47-11:12:40,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/47-11:12:39,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:14/47-11:12:37,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:28/47-11:12:06,511) /sbin/auditd (messagebus,22932,5408,00:02:35/47-11:12:05,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:28/47-11:12:05,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/47-11:12:05,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/47-11:12:03,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/47-11:12:03,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:56/47-11:11:49,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/47-11:11:49,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:42/47-11:11:49,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/47-11:11:49,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/47-11:11:49,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/47-11:11:49,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/47-11:11:49,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:30/47-11:11:49,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:51/47-11:11:49,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/47-11:11:49,1352) bpfilter_umh (root,26204,8096,00:00:24/47-11:11:49,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/47-11:11:49,1359) ntpd: asynchronous dns resolver (spot,361712,212140,2-16:35:32/47-11:11:48,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/47-11:11:48,1371) (sd-pam) (checkmk,48528,3180,00:00:00/47-11:11:48,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/47-11:11:48,1373) (sd-pam) (root,24216,5260,00:00:16/47-11:11:46,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/47-11:11:46,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/47-11:11:46,1485) /usr/sbin/cron -n (root,697508,77208,01:06:00/47-11:11:40,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,229824,73024,00:25:43/47-11:11:28,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/41-16:47:03,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/08:57,9903) [kworker/3:2-ata_sff] (root,35304,10040,00:00:00/9-11:39:58,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:37/9-11:39:57,10514) sshd: syslogtunnel (root,0,0,00:00:00/07:57:18,11605) [kworker/2:2-events] (root,0,0,00:00:00/29:41,11812) [kworker/3:0-events] (root,0,0,00:00:00/02:05:28,13061) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/01:50:34,14515) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:40:50,15451) [kworker/1:1-events] (root,0,0,00:00:00/01:30:59,15985) [kworker/2:1-events] (root,0,0,00:00:00/01:25:56,16475) [kworker/u8:1-writeback] (root,0,0,00:00:00/01:06:16,18521) [kworker/1:0] (root,0,0,00:00:00/03:45,22821) [kworker/3:1-ata_sff] (root,0,0,00:00:00/05:23:18,29068) [kworker/0:0-events] (root,6656,3488,00:00:00/00:00,30146) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,30164) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,30165) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10028,00:00:00/9-12:26:11,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:34/9-12:26:10,30947) sshd: cm-ssh (postfix,24244,8200,00:00:00/13:56,32130) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-27 22:01 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c6c5cbd8Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12460,00:02:13/45-12:57:22,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/45-12:57:22,2) [kthreadd] (root,0,0,00:00:00/45-12:57:22,3) [rcu_gp] (root,0,0,00:00:00/45-12:57:22,4) [rcu_par_gp] (root,0,0,00:00:00/45-12:57:22,5) [slub_flushwq] (root,0,0,00:00:00/45-12:57:22,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/45-12:57:22,9) [mm_percpu_wq] (root,0,0,00:00:00/45-12:57:22,10) [rcu_tasks_kthre] (root,0,0,00:00:00/45-12:57:22,11) [rcu_tasks_rude_] (root,0,0,00:00:00/45-12:57:22,12) [rcu_tasks_trace] (root,0,0,00:01:23/45-12:57:22,13) [ksoftirqd/0] (root,0,0,02:10:36/45-12:57:22,14) [rcu_preempt] (root,0,0,00:00:17/45-12:57:22,15) [migration/0] (root,0,0,00:00:00/45-12:57:22,16) [idle_inject/0] (root,0,0,00:00:00/45-12:57:22,18) [cpuhp/0] (root,0,0,00:00:00/45-12:57:22,19) [cpuhp/1] (root,0,0,00:00:00/45-12:57:22,20) [idle_inject/1] (root,0,0,00:00:17/45-12:57:22,21) [migration/1] (root,0,0,00:01:08/45-12:57:22,22) [ksoftirqd/1] (root,0,0,00:00:00/45-12:57:22,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/45-12:57:22,25) [cpuhp/2] (root,0,0,00:00:00/45-12:57:22,26) [idle_inject/2] (root,0,0,00:00:13/45-12:57:22,27) [migration/2] (root,0,0,01:25:14/45-12:57:22,28) [ksoftirqd/2] (root,0,0,00:00:00/45-12:57:22,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/45-12:57:22,31) [cpuhp/3] (root,0,0,00:00:00/45-12:57:22,32) [idle_inject/3] (root,0,0,00:00:16/45-12:57:22,33) [migration/3] (root,0,0,00:04:22/45-12:57:22,34) [ksoftirqd/3] (root,0,0,00:00:00/45-12:57:22,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/45-12:57:22,40) [kdevtmpfs] (root,0,0,00:00:00/45-12:57:22,41) [netns] (root,0,0,00:00:00/45-12:57:22,42) [inet_frag_wq] (root,0,0,00:00:16/45-12:57:22,43) [kauditd] (root,0,0,00:00:00/45-12:57:22,44) [khungtaskd] (root,0,0,00:00:00/45-12:57:22,45) [oom_reaper] (root,0,0,00:00:00/45-12:57:22,46) [writeback] (root,0,0,00:02:23/45-12:57:22,47) [kcompactd0] (root,0,0,00:00:00/45-12:57:22,48) [ksmd] (root,0,0,00:02:30/45-12:57:22,49) [khugepaged] (root,0,0,00:00:00/45-12:57:22,75) [kintegrityd] (root,0,0,00:00:00/45-12:57:22,76) [kblockd] (root,0,0,00:00:00/45-12:57:22,77) [blkcg_punt_bio] (root,0,0,00:00:00/45-12:57:22,79) [tpm_dev_wq] (root,0,0,00:00:00/45-12:57:22,80) [edac-poller] (root,0,0,00:00:00/45-12:57:22,81) [devfreq_wq] (root,0,0,00:00:00/45-12:57:22,110) [watchdogd] (root,0,0,00:00:03/45-12:57:22,111) [kswapd0] (root,0,0,00:00:12/45-12:57:22,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/45-12:57:20,115) [kthrotld] (root,0,0,00:00:00/45-12:57:20,116) [mld] (root,0,0,00:00:00/45-12:57:20,117) [ipv6_addrconf] (root,0,0,00:00:12/45-12:57:20,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/45-12:57:20,123) [kstrp] (root,0,0,00:00:00/45-12:57:20,124) [zswap-shrink] (root,0,0,00:00:00/45-12:57:20,125) [kworker/u9:0] (root,0,0,00:00:00/45-12:57:20,130) [charger_manager] (root,0,0,00:00:14/45-12:57:20,172) [kworker/1:1H-kblockd] (root,0,0,00:00:20/45-12:57:20,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/45-12:57:19,239) [kaluad] (root,0,0,00:00:00/45-12:57:19,258) [kmpath_rdacd] (root,0,0,00:00:00/45-12:57:19,304) [kmpathd] (root,0,0,00:00:00/45-12:57:19,305) [kmpath_handlerd] (root,0,0,00:00:00/45-12:57:18,342) [ata_sff] (root,0,0,00:00:00/45-12:57:18,343) [scsi_eh_0] (root,0,0,00:00:00/45-12:57:18,344) [scsi_tmf_0] (root,0,0,00:00:00/45-12:57:18,345) [scsi_eh_1] (root,0,0,00:00:00/45-12:57:18,346) [scsi_tmf_1] (root,0,0,00:01:31/45-12:57:15,366) [jbd2/vda1-8] (root,0,0,00:00:00/45-12:57:15,367) [ext4-rsv-conver] (root,38604,7856,00:01:17/45-12:57:03,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/45-12:57:02,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:11/45-12:57:00,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:27/45-12:56:29,511) /sbin/auditd (messagebus,22932,5408,00:02:30/45-12:56:28,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:25/45-12:56:28,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/45-12:56:28,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/45-12:56:26,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/45-12:56:26,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:54/45-12:56:12,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/45-12:56:12,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:34/45-12:56:12,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/45-12:56:12,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/45-12:56:12,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/45-12:56:12,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/45-12:56:12,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:28/45-12:56:12,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:36/45-12:56:12,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/45-12:56:12,1352) bpfilter_umh (root,26204,8096,00:00:23/45-12:56:12,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/45-12:56:12,1359) ntpd: asynchronous dns resolver (spot,361904,206156,2-14:32:57/45-12:56:11,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/45-12:56:11,1371) (sd-pam) (checkmk,48528,3180,00:00:00/45-12:56:11,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/45-12:56:11,1373) (sd-pam) (root,24216,5260,00:00:16/45-12:56:09,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/45-12:56:09,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/45-12:56:09,1485) /usr/sbin/cron -n (root,697508,76836,01:03:22/45-12:56:03,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,228800,71512,00:24:48/45-12:55:51,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/55:33,2530) [kworker/u8:2-ext4-rsv-conversion] (postfix,44628,9184,00:00:01/39-18:31:26,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/25:17,2565) [kworker/0:0] (root,0,0,00:00:00/02:10:58,7467) [kworker/1:1-events] (root,0,0,00:00:00/15:20,8464) [kworker/3:1-events] (postfix,24244,8216,00:00:00/40:11,9742) pickup -l -t fifo -u (root,0,0,00:00:00/01:10:30,9975) [kworker/2:2-events] (root,6656,3488,00:00:00/00:00,10029) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,10047) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,10048) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35304,10040,00:00:00/7-13:24:21,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:30/7-13:24:20,10514) sshd: syslogtunnel (root,0,0,00:00:00/01:25:33,13466) [kworker/1:2] (root,0,0,00:00:01/03:46:38,23049) [kworker/0:2-events] (root,0,0,00:00:00/04:57,23330) [kworker/3:0-ata_sff] (root,0,0,00:00:00/35:11,30660) [kworker/2:1-events] (root,35308,10028,00:00:00/7-14:10:34,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:27/7-14:10:33,30947) sshd: cm-ssh (root,0,0,00:00:00/10:08,31385) [kworker/3:2-ata_sff] (root,0,0,00:00:00/02:56:08,32405) [kworker/u8:1-flush-253:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-25 23:46 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683635aaf3685Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:08/43-12:38:05,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/43-12:38:05,2) [kthreadd] (root,0,0,00:00:00/43-12:38:05,3) [rcu_gp] (root,0,0,00:00:00/43-12:38:05,4) [rcu_par_gp] (root,0,0,00:00:00/43-12:38:05,5) [slub_flushwq] (root,0,0,00:00:00/43-12:38:05,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/43-12:38:05,9) [mm_percpu_wq] (root,0,0,00:00:00/43-12:38:05,10) [rcu_tasks_kthre] (root,0,0,00:00:00/43-12:38:05,11) [rcu_tasks_rude_] (root,0,0,00:00:00/43-12:38:05,12) [rcu_tasks_trace] (root,0,0,00:01:19/43-12:38:05,13) [ksoftirqd/0] (root,0,0,02:05:05/43-12:38:05,14) [rcu_preempt] (root,0,0,00:00:16/43-12:38:05,15) [migration/0] (root,0,0,00:00:00/43-12:38:05,16) [idle_inject/0] (root,0,0,00:00:00/43-12:38:05,18) [cpuhp/0] (root,0,0,00:00:00/43-12:38:05,19) [cpuhp/1] (root,0,0,00:00:00/43-12:38:05,20) [idle_inject/1] (root,0,0,00:00:16/43-12:38:05,21) [migration/1] (root,0,0,00:01:05/43-12:38:05,22) [ksoftirqd/1] (root,0,0,00:00:00/43-12:38:05,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/43-12:38:05,25) [cpuhp/2] (root,0,0,00:00:00/43-12:38:05,26) [idle_inject/2] (root,0,0,00:00:12/43-12:38:05,27) [migration/2] (root,0,0,01:22:25/43-12:38:05,28) [ksoftirqd/2] (root,0,0,00:00:00/43-12:38:05,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/43-12:38:05,31) [cpuhp/3] (root,0,0,00:00:00/43-12:38:05,32) [idle_inject/3] (root,0,0,00:00:15/43-12:38:05,33) [migration/3] (root,0,0,00:04:12/43-12:38:05,34) [ksoftirqd/3] (root,0,0,00:00:00/43-12:38:05,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/43-12:38:05,40) [kdevtmpfs] (root,0,0,00:00:00/43-12:38:05,41) [netns] (root,0,0,00:00:00/43-12:38:05,42) [inet_frag_wq] (root,0,0,00:00:15/43-12:38:05,43) [kauditd] (root,0,0,00:00:00/43-12:38:05,44) [khungtaskd] (root,0,0,00:00:00/43-12:38:05,45) [oom_reaper] (root,0,0,00:00:00/43-12:38:05,46) [writeback] (root,0,0,00:02:17/43-12:38:05,47) [kcompactd0] (root,0,0,00:00:00/43-12:38:05,48) [ksmd] (root,0,0,00:02:24/43-12:38:05,49) [khugepaged] (root,0,0,00:00:00/43-12:38:05,75) [kintegrityd] (root,0,0,00:00:00/43-12:38:05,76) [kblockd] (root,0,0,00:00:00/43-12:38:05,77) [blkcg_punt_bio] (root,0,0,00:00:00/43-12:38:05,79) [tpm_dev_wq] (root,0,0,00:00:00/43-12:38:05,80) [edac-poller] (root,0,0,00:00:00/43-12:38:05,81) [devfreq_wq] (root,0,0,00:00:00/43-12:38:05,110) [watchdogd] (root,0,0,00:00:03/43-12:38:05,111) [kswapd0] (root,0,0,00:00:11/43-12:38:05,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/43-12:38:03,115) [kthrotld] (root,0,0,00:00:00/43-12:38:03,116) [mld] (root,0,0,00:00:00/43-12:38:03,117) [ipv6_addrconf] (root,0,0,00:00:12/43-12:38:03,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/43-12:38:03,123) [kstrp] (root,0,0,00:00:00/43-12:38:03,124) [zswap-shrink] (root,0,0,00:00:00/43-12:38:03,125) [kworker/u9:0] (root,0,0,00:00:00/43-12:38:03,130) [charger_manager] (root,0,0,00:00:13/43-12:38:03,172) [kworker/1:1H-kblockd] (root,0,0,00:00:19/43-12:38:03,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/43-12:38:02,239) [kaluad] (root,0,0,00:00:00/43-12:38:02,258) [kmpath_rdacd] (root,0,0,00:00:00/43-12:38:02,304) [kmpathd] (root,0,0,00:00:00/43-12:38:02,305) [kmpath_handlerd] (root,0,0,00:00:00/43-12:38:01,342) [ata_sff] (root,0,0,00:00:00/43-12:38:01,343) [scsi_eh_0] (root,0,0,00:00:00/43-12:38:01,344) [scsi_tmf_0] (root,0,0,00:00:00/43-12:38:01,345) [scsi_eh_1] (root,0,0,00:00:00/43-12:38:01,346) [scsi_tmf_1] (root,0,0,00:01:27/43-12:37:58,366) [jbd2/vda1-8] (root,0,0,00:00:00/43-12:37:58,367) [ext4-rsv-conver] (root,38604,7856,00:01:15/43-12:37:46,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/43-12:37:45,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:08/43-12:37:43,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:26/43-12:37:12,511) /sbin/auditd (messagebus,22932,5408,00:02:24/43-12:37:11,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:22/43-12:37:11,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/43-12:37:11,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/43-12:37:09,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/43-12:37:09,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/10:31,883) [kworker/2:0-events] (root,548872,30852,00:00:51/43-12:36:55,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/43-12:36:55,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:21/43-12:36:55,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/43-12:36:55,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/43-12:36:55,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/43-12:36:55,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/43-12:36:55,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:25/43-12:36:55,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:19/43-12:36:55,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/43-12:36:55,1352) bpfilter_umh (root,26204,8096,00:00:22/43-12:36:55,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/43-12:36:55,1359) ntpd: asynchronous dns resolver (spot,361520,206060,2-12:16:48/43-12:36:54,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/43-12:36:54,1371) (sd-pam) (checkmk,48528,3180,00:00:00/43-12:36:54,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/43-12:36:54,1373) (sd-pam) (root,24216,5260,00:00:15/43-12:36:52,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/43-12:36:52,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/43-12:36:52,1485) /usr/sbin/cron -n (root,697508,76760,01:00:33/43-12:36:46,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,227776,70172,00:23:49/43-12:36:34,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/37-18:12:09,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:09:23,8260) [kworker/0:1] (root,0,0,00:00:00/05:54,8317) [kworker/3:2-ata_sff] (root,35304,10040,00:00:00/5-13:05:04,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:22/5-13:05:03,10514) sshd: syslogtunnel (root,0,0,00:00:00/30:31,11196) [kworker/2:1-events] (root,0,0,00:00:00/02:28:52,12041) [kworker/1:0-events] (root,0,0,00:00:01/03:32:18,13819) [kworker/0:2-events] (root,0,0,00:00:00/26:17,19317) [kworker/u8:2-writeback] (root,0,0,00:00:00/02:19:05,21552) [kworker/1:1] (postfix,24244,8252,00:00:00/42:37,22335) pickup -l -t fifo -u (root,0,0,00:00:00/41:44,23914) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/00:43,27607) [kworker/3:1-ata_sff] (root,6656,3488,00:00:00/00:00,30132) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,30150) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,30151) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/01:39:19,30519) [kworker/3:0-events] (root,35308,10028,00:00:00/5-13:51:17,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:20/5-13:51:16,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-23 23:26 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683637591027eFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:03/41-13:00:12,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/41-13:00:12,2) [kthreadd] (root,0,0,00:00:00/41-13:00:12,3) [rcu_gp] (root,0,0,00:00:00/41-13:00:12,4) [rcu_par_gp] (root,0,0,00:00:00/41-13:00:12,5) [slub_flushwq] (root,0,0,00:00:00/41-13:00:12,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/41-13:00:12,9) [mm_percpu_wq] (root,0,0,00:00:00/41-13:00:12,10) [rcu_tasks_kthre] (root,0,0,00:00:00/41-13:00:12,11) [rcu_tasks_rude_] (root,0,0,00:00:00/41-13:00:12,12) [rcu_tasks_trace] (root,0,0,00:01:16/41-13:00:12,13) [ksoftirqd/0] (root,0,0,01:59:15/41-13:00:12,14) [rcu_preempt] (root,0,0,00:00:16/41-13:00:12,15) [migration/0] (root,0,0,00:00:00/41-13:00:12,16) [idle_inject/0] (root,0,0,00:00:00/41-13:00:12,18) [cpuhp/0] (root,0,0,00:00:00/41-13:00:12,19) [cpuhp/1] (root,0,0,00:00:00/41-13:00:12,20) [idle_inject/1] (root,0,0,00:00:16/41-13:00:12,21) [migration/1] (root,0,0,00:01:02/41-13:00:12,22) [ksoftirqd/1] (root,0,0,00:00:00/41-13:00:12,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/41-13:00:12,25) [cpuhp/2] (root,0,0,00:00:00/41-13:00:12,26) [idle_inject/2] (root,0,0,00:00:12/41-13:00:12,27) [migration/2] (root,0,0,01:18:28/41-13:00:12,28) [ksoftirqd/2] (root,0,0,00:00:00/41-13:00:12,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/41-13:00:12,31) [cpuhp/3] (root,0,0,00:00:00/41-13:00:12,32) [idle_inject/3] (root,0,0,00:00:15/41-13:00:12,33) [migration/3] (root,0,0,00:03:59/41-13:00:12,34) [ksoftirqd/3] (root,0,0,00:00:00/41-13:00:12,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/41-13:00:12,40) [kdevtmpfs] (root,0,0,00:00:00/41-13:00:12,41) [netns] (root,0,0,00:00:00/41-13:00:12,42) [inet_frag_wq] (root,0,0,00:00:14/41-13:00:12,43) [kauditd] (root,0,0,00:00:00/41-13:00:12,44) [khungtaskd] (root,0,0,00:00:00/41-13:00:12,45) [oom_reaper] (root,0,0,00:00:00/41-13:00:12,46) [writeback] (root,0,0,00:02:11/41-13:00:12,47) [kcompactd0] (root,0,0,00:00:00/41-13:00:12,48) [ksmd] (root,0,0,00:02:17/41-13:00:12,49) [khugepaged] (root,0,0,00:00:00/41-13:00:12,75) [kintegrityd] (root,0,0,00:00:00/41-13:00:12,76) [kblockd] (root,0,0,00:00:00/41-13:00:12,77) [blkcg_punt_bio] (root,0,0,00:00:00/41-13:00:12,79) [tpm_dev_wq] (root,0,0,00:00:00/41-13:00:12,80) [edac-poller] (root,0,0,00:00:00/41-13:00:12,81) [devfreq_wq] (root,0,0,00:00:00/41-13:00:12,110) [watchdogd] (root,0,0,00:00:03/41-13:00:12,111) [kswapd0] (root,0,0,00:00:11/41-13:00:12,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/41-13:00:10,115) [kthrotld] (root,0,0,00:00:00/41-13:00:10,116) [mld] (root,0,0,00:00:00/41-13:00:10,117) [ipv6_addrconf] (root,0,0,00:00:11/41-13:00:10,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/41-13:00:10,123) [kstrp] (root,0,0,00:00:00/41-13:00:10,124) [zswap-shrink] (root,0,0,00:00:00/41-13:00:10,125) [kworker/u9:0] (root,0,0,00:00:00/41-13:00:10,130) [charger_manager] (root,0,0,00:00:13/41-13:00:10,172) [kworker/1:1H-kblockd] (root,0,0,00:00:18/41-13:00:10,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/41-13:00:09,239) [kaluad] (root,0,0,00:00:00/41-13:00:09,258) [kmpath_rdacd] (root,0,0,00:00:00/41-13:00:09,304) [kmpathd] (root,0,0,00:00:00/41-13:00:09,305) [kmpath_handlerd] (root,0,0,00:00:00/41-13:00:08,342) [ata_sff] (root,0,0,00:00:00/41-13:00:08,343) [scsi_eh_0] (root,0,0,00:00:00/41-13:00:08,344) [scsi_tmf_0] (root,0,0,00:00:00/41-13:00:08,345) [scsi_eh_1] (root,0,0,00:00:00/41-13:00:08,346) [scsi_tmf_1] (root,0,0,00:01:23/41-13:00:05,366) [jbd2/vda1-8] (root,0,0,00:00:00/41-13:00:05,367) [ext4-rsv-conver] (root,38604,7856,00:01:12/41-12:59:53,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:04/41-12:59:52,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:05/41-12:59:50,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:25/41-12:59:19,511) /sbin/auditd (messagebus,22932,5408,00:02:19/41-12:59:18,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:18/41-12:59:18,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/41-12:59:18,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/41-12:59:16,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/41-12:59:16,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30208,00:00:49/41-12:59:02,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/41-12:59:02,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:09/41-12:59:02,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/41-12:59:02,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/41-12:59:02,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/41-12:59:02,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/41-12:59:02,1343) /usr/lib/systemd/systemd --user (root,449060,8448,00:01:22/41-12:59:02,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:01/41-12:59:02,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/41-12:59:02,1352) bpfilter_umh (root,26204,8096,00:00:21/41-12:59:02,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/41-12:59:02,1359) ntpd: asynchronous dns resolver (spot,361968,206172,2-09:30:46/41-12:59:01,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/41-12:59:01,1371) (sd-pam) (checkmk,48528,3180,00:00:00/41-12:59:01,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/41-12:59:01,1373) (sd-pam) (root,24216,5260,00:00:14/41-12:58:59,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/41-12:58:59,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/41-12:58:59,1485) /usr/sbin/cron -n (root,697108,78400,00:57:43/41-12:58:53,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,226752,68932,00:22:49/41-12:58:41,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/35-18:34:16,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:47:48,3309) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/25:25,4186) [kworker/0:0] (root,35304,10040,00:00:00/3-13:27:11,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:15/3-13:27:10,10514) sshd: syslogtunnel (postfix,24244,8308,00:00:00/01:26:41,11997) pickup -l -t fifo -u (root,0,0,00:00:00/06:47,12259) [kworker/3:1-events] (root,0,0,00:00:00/01:08:33,15424) [kworker/0:2-events] (root,0,0,00:00:02/10:24:52,16954) [kworker/2:1-events] (root,0,0,00:00:01/03:03:54,18031) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/30:09,21069) [kworker/2:2] (root,0,0,00:00:00/11:01,23332) [kworker/1:1-events] (root,0,0,00:00:00/37:54,23469) [kworker/3:2-ata_sff] (root,0,0,00:00:00/28:25,25841) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/01:34,26953) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:33,27124) [kworker/1:0-events] (root,35308,10028,00:00:00/3-14:13:24,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:14/3-14:13:23,30947) sshd: cm-ssh (root,6656,3488,00:00:00/00:00,32583) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,32624) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,32625) /bin/bash /usr/bin/check_mk_agent (root,4480,1016,00:00:00/00:00,32626) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,816,00:00:00/00:00,32627) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,660,00:00:00/00:00,32628) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3484,00:00:00/00:00,32629) /bin/bash /usr/bin/check_mk_agent (root,13744,3516,00:00:00/00:00,32647) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,32648) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-21 23:48 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b222eeebFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:57/39-13:04:09,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-13:04:09,2) [kthreadd] (root,0,0,00:00:00/39-13:04:09,3) [rcu_gp] (root,0,0,00:00:00/39-13:04:09,4) [rcu_par_gp] (root,0,0,00:00:00/39-13:04:09,5) [slub_flushwq] (root,0,0,00:00:00/39-13:04:09,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-13:04:09,9) [mm_percpu_wq] (root,0,0,00:00:00/39-13:04:09,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-13:04:09,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-13:04:09,12) [rcu_tasks_trace] (root,0,0,00:01:12/39-13:04:09,13) [ksoftirqd/0] (root,0,0,01:53:30/39-13:04:09,14) [rcu_preempt] (root,0,0,00:00:15/39-13:04:09,15) [migration/0] (root,0,0,00:00:00/39-13:04:09,16) [idle_inject/0] (root,0,0,00:00:00/39-13:04:09,18) [cpuhp/0] (root,0,0,00:00:00/39-13:04:09,19) [cpuhp/1] (root,0,0,00:00:00/39-13:04:09,20) [idle_inject/1] (root,0,0,00:00:15/39-13:04:09,21) [migration/1] (root,0,0,00:00:59/39-13:04:09,22) [ksoftirqd/1] (root,0,0,00:00:00/39-13:04:09,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-13:04:09,25) [cpuhp/2] (root,0,0,00:00:00/39-13:04:09,26) [idle_inject/2] (root,0,0,00:00:11/39-13:04:09,27) [migration/2] (root,0,0,01:13:54/39-13:04:09,28) [ksoftirqd/2] (root,0,0,00:00:00/39-13:04:09,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-13:04:09,31) [cpuhp/3] (root,0,0,00:00:00/39-13:04:09,32) [idle_inject/3] (root,0,0,00:00:14/39-13:04:09,33) [migration/3] (root,0,0,00:03:47/39-13:04:09,34) [ksoftirqd/3] (root,0,0,00:00:00/39-13:04:09,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-13:04:09,40) [kdevtmpfs] (root,0,0,00:00:00/39-13:04:09,41) [netns] (root,0,0,00:00:00/39-13:04:09,42) [inet_frag_wq] (root,0,0,00:00:14/39-13:04:09,43) [kauditd] (root,0,0,00:00:00/39-13:04:09,44) [khungtaskd] (root,0,0,00:00:00/39-13:04:09,45) [oom_reaper] (root,0,0,00:00:00/39-13:04:09,46) [writeback] (root,0,0,00:02:04/39-13:04:09,47) [kcompactd0] (root,0,0,00:00:00/39-13:04:09,48) [ksmd] (root,0,0,00:02:09/39-13:04:09,49) [khugepaged] (root,0,0,00:00:00/39-13:04:09,75) [kintegrityd] (root,0,0,00:00:00/39-13:04:09,76) [kblockd] (root,0,0,00:00:00/39-13:04:09,77) [blkcg_punt_bio] (root,0,0,00:00:00/39-13:04:09,79) [tpm_dev_wq] (root,0,0,00:00:00/39-13:04:09,80) [edac-poller] (root,0,0,00:00:00/39-13:04:09,81) [devfreq_wq] (root,0,0,00:00:00/39-13:04:09,110) [watchdogd] (root,0,0,00:00:02/39-13:04:09,111) [kswapd0] (root,0,0,00:00:10/39-13:04:09,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/39-13:04:07,115) [kthrotld] (root,0,0,00:00:00/39-13:04:07,116) [mld] (root,0,0,00:00:00/39-13:04:07,117) [ipv6_addrconf] (root,0,0,00:00:11/39-13:04:07,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-13:04:07,123) [kstrp] (root,0,0,00:00:00/39-13:04:07,124) [zswap-shrink] (root,0,0,00:00:00/39-13:04:07,125) [kworker/u9:0] (root,0,0,00:00:00/39-13:04:07,130) [charger_manager] (root,0,0,00:00:12/39-13:04:07,172) [kworker/1:1H-kblockd] (root,0,0,00:00:17/39-13:04:07,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/39-13:04:06,239) [kaluad] (root,0,0,00:00:00/39-13:04:06,258) [kmpath_rdacd] (root,0,0,00:00:00/39-13:04:06,304) [kmpathd] (root,0,0,00:00:00/39-13:04:06,305) [kmpath_handlerd] (root,0,0,00:00:00/39-13:04:05,342) [ata_sff] (root,0,0,00:00:00/39-13:04:05,343) [scsi_eh_0] (root,0,0,00:00:00/39-13:04:05,344) [scsi_tmf_0] (root,0,0,00:00:00/39-13:04:05,345) [scsi_eh_1] (root,0,0,00:00:00/39-13:04:05,346) [scsi_tmf_1] (root,0,0,00:01:19/39-13:04:02,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-13:04:02,367) [ext4-rsv-conver] (root,38604,7924,00:01:09/39-13:03:50,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/39-13:03:49,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:01:02/39-13:03:47,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:24/39-13:03:16,511) /sbin/auditd (messagebus,22932,5436,00:02:12/39-13:03:15,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:15/39-13:03:15,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/39-13:03:15,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/39-13:03:13,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/39-13:03:13,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30300,00:00:47/39-13:02:59,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/39-13:02:59,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:57/39-13:02:59,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/39-13:02:59,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/39-13:02:59,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/39-13:02:59,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/39-13:02:59,1343) /usr/lib/systemd/systemd --user (root,449060,8596,00:01:19/39-13:02:59,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:44/39-13:02:59,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/39-13:02:59,1352) bpfilter_umh (root,26204,8116,00:00:20/39-13:02:59,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/39-13:02:59,1359) ntpd: asynchronous dns resolver (spot,361136,198260,2-07:21:42/39-13:02:58,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/39-13:02:58,1371) (sd-pam) (checkmk,48528,3192,00:00:00/39-13:02:58,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/39-13:02:58,1373) (sd-pam) (root,24216,5260,00:00:14/39-13:02:56,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/39-13:02:56,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/39-13:02:56,1485) /usr/sbin/cron -n (root,697108,76496,00:54:52/39-13:02:50,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,67440,00:21:45/39-13:02:38,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/06:56,2077) [kworker/3:0-ata_sff] (postfix,44628,9244,00:00:01/33-18:38:13,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:07:06,3019) [kworker/1:2-events] (root,0,0,00:00:00/19:38,6192) [kworker/2:2-events] (root,0,0,00:00:00/01:20:10,8710) [kworker/0:2-events] (root,35304,10040,00:00:00/1-13:31:08,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:07/1-13:31:07,10514) sshd: syslogtunnel (postfix,24244,8232,00:00:00/11:26,11858) pickup -l -t fifo -u (root,0,0,00:00:00/02:52:22,12444) [kworker/u8:2-writeback] (root,0,0,00:00:01/01:52:36,15998) [kworker/2:1-events] (root,0,0,00:00:00/17:19,17829) [kworker/3:2-events] (root,0,0,00:00:00/01:17:19,18830) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/24:11,21979) [kworker/0:1-events] (root,0,0,00:00:00/01:45,22374) [kworker/3:1-ata_sff] (root,6656,3484,00:00:00/00:00,29618) /bin/bash /usr/bin/check_mk_agent (root,13744,3460,00:00:00/00:00,29636) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,29637) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10028,00:00:00/1-14:17:21,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:07/1-14:17:20,30947) sshd: cm-ssh (root,0,0,00:00:00/01:06:18,31080) [kworker/1:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-19 23:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683635c28dad8Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:51/37-12:42:44,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-12:42:44,2) [kthreadd] (root,0,0,00:00:00/37-12:42:44,3) [rcu_gp] (root,0,0,00:00:00/37-12:42:44,4) [rcu_par_gp] (root,0,0,00:00:00/37-12:42:44,5) [slub_flushwq] (root,0,0,00:00:00/37-12:42:44,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-12:42:44,9) [mm_percpu_wq] (root,0,0,00:00:00/37-12:42:44,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-12:42:44,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-12:42:44,12) [rcu_tasks_trace] (root,0,0,00:01:07/37-12:42:44,13) [ksoftirqd/0] (root,0,0,01:47:22/37-12:42:44,14) [rcu_preempt] (root,0,0,00:00:14/37-12:42:44,15) [migration/0] (root,0,0,00:00:00/37-12:42:44,16) [idle_inject/0] (root,0,0,00:00:00/37-12:42:44,18) [cpuhp/0] (root,0,0,00:00:00/37-12:42:44,19) [cpuhp/1] (root,0,0,00:00:00/37-12:42:44,20) [idle_inject/1] (root,0,0,00:00:14/37-12:42:44,21) [migration/1] (root,0,0,00:00:55/37-12:42:44,22) [ksoftirqd/1] (root,0,0,00:00:00/37-12:42:44,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-12:42:44,25) [cpuhp/2] (root,0,0,00:00:00/37-12:42:44,26) [idle_inject/2] (root,0,0,00:00:10/37-12:42:44,27) [migration/2] (root,0,0,01:07:53/37-12:42:44,28) [ksoftirqd/2] (root,0,0,00:00:00/37-12:42:44,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-12:42:44,31) [cpuhp/3] (root,0,0,00:00:00/37-12:42:44,32) [idle_inject/3] (root,0,0,00:00:13/37-12:42:44,33) [migration/3] (root,0,0,00:03:29/37-12:42:44,34) [ksoftirqd/3] (root,0,0,00:00:00/37-12:42:44,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-12:42:44,40) [kdevtmpfs] (root,0,0,00:00:00/37-12:42:44,41) [netns] (root,0,0,00:00:00/37-12:42:44,42) [inet_frag_wq] (root,0,0,00:00:13/37-12:42:44,43) [kauditd] (root,0,0,00:00:00/37-12:42:44,44) [khungtaskd] (root,0,0,00:00:00/37-12:42:44,45) [oom_reaper] (root,0,0,00:00:00/37-12:42:44,46) [writeback] (root,0,0,00:01:58/37-12:42:44,47) [kcompactd0] (root,0,0,00:00:00/37-12:42:44,48) [ksmd] (root,0,0,00:02:02/37-12:42:44,49) [khugepaged] (root,0,0,00:00:00/37-12:42:44,75) [kintegrityd] (root,0,0,00:00:00/37-12:42:44,76) [kblockd] (root,0,0,00:00:00/37-12:42:44,77) [blkcg_punt_bio] (root,0,0,00:00:00/37-12:42:44,79) [tpm_dev_wq] (root,0,0,00:00:00/37-12:42:44,80) [edac-poller] (root,0,0,00:00:00/37-12:42:44,81) [devfreq_wq] (root,0,0,00:00:00/37-12:42:44,110) [watchdogd] (root,0,0,00:00:02/37-12:42:44,111) [kswapd0] (root,0,0,00:00:10/37-12:42:44,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/37-12:42:42,115) [kthrotld] (root,0,0,00:00:00/37-12:42:42,116) [mld] (root,0,0,00:00:00/37-12:42:42,117) [ipv6_addrconf] (root,0,0,00:00:10/37-12:42:42,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-12:42:42,123) [kstrp] (root,0,0,00:00:00/37-12:42:42,124) [zswap-shrink] (root,0,0,00:00:00/37-12:42:42,125) [kworker/u9:0] (root,0,0,00:00:00/37-12:42:42,130) [charger_manager] (root,0,0,00:00:11/37-12:42:42,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/37-12:42:42,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/37-12:42:41,239) [kaluad] (root,0,0,00:00:00/37-12:42:41,258) [kmpath_rdacd] (root,0,0,00:00:00/37-12:42:41,304) [kmpathd] (root,0,0,00:00:00/37-12:42:41,305) [kmpath_handlerd] (root,0,0,00:00:00/37-12:42:40,342) [ata_sff] (root,0,0,00:00:00/37-12:42:40,343) [scsi_eh_0] (root,0,0,00:00:00/37-12:42:40,344) [scsi_tmf_0] (root,0,0,00:00:00/37-12:42:40,345) [scsi_eh_1] (root,0,0,00:00:00/37-12:42:40,346) [scsi_tmf_1] (root,0,0,00:01:15/37-12:42:37,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-12:42:37,367) [ext4-rsv-conver] (root,38604,7924,00:01:01/37-12:42:25,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/37-12:42:24,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:00:58/37-12:42:22,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:22/37-12:41:51,511) /sbin/auditd (messagebus,22932,5436,00:02:06/37-12:41:50,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:11/37-12:41:50,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/37-12:41:50,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/37-12:41:48,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/37-12:41:48,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30292,00:00:44/37-12:41:34,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/37-12:41:34,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:44/37-12:41:34,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/37-12:41:34,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/37-12:41:34,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/37-12:41:34,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/37-12:41:34,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:58/37-12:41:34,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:25/37-12:41:34,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/37-12:41:34,1352) bpfilter_umh (root,26204,8116,00:00:19/37-12:41:34,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/37-12:41:34,1359) ntpd: asynchronous dns resolver (spot,362592,198648,2-04:22:41/37-12:41:33,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/37-12:41:33,1371) (sd-pam) (checkmk,48528,3192,00:00:00/37-12:41:33,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/37-12:41:33,1373) (sd-pam) (root,24216,5260,00:00:13/37-12:41:31,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/37-12:41:31,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/37-12:41:31,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/37-12:41:28,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:19/37-12:41:27,1527) sshd: syslogtunnel (root,696596,75960,00:51:56/37-12:41:25,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66204,00:20:41/37-12:41:13,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/31-18:16:48,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/59:20,2691) [kworker/u8:1-ext4-rsv-conversion] (root,35308,10108,00:00:00/37-12:40:48,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:02:04/37-12:40:48,3218) sshd: cm-ssh (root,0,0,00:00:00/06:51,9730) [kworker/3:0-ata_sff] (root,0,0,00:00:00/23:03,10083) [kworker/1:2-events] (root,0,0,00:00:00/02:06:23,18233) [kworker/u8:0-writeback] (root,0,0,00:00:01/02:40:06,19177) [kworker/0:2-events] (root,0,0,00:00:00/01:32:08,19789) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/01:38,21009) [kworker/3:1-ata_sff] (root,0,0,00:00:00/01:22:29,24321) [kworker/2:1-events] (root,0,0,00:00:00/01:45:44,26865) [kworker/1:0-cgroup_destroy] (root,6656,3480,00:00:00/00:00,26892) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,26893) /bin/bash /usr/bin/check_mk_agent (root,13744,3472,00:00:00/00:00,26927) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,26928) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/13:47,27095) [kworker/2:0-events] (postfix,24244,8148,00:00:00/11:54,28767) pickup -l -t fifo -u (root,0,0,00:00:02/04:21:04,32737) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-17 23:31 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e9a7e324Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12620,00:01:46/35-14:30:34,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/35-14:30:34,2) [kthreadd] (root,0,0,00:00:00/35-14:30:34,3) [rcu_gp] (root,0,0,00:00:00/35-14:30:34,4) [rcu_par_gp] (root,0,0,00:00:00/35-14:30:34,5) [slub_flushwq] (root,0,0,00:00:00/35-14:30:34,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-14:30:34,9) [mm_percpu_wq] (root,0,0,00:00:00/35-14:30:34,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-14:30:34,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-14:30:34,12) [rcu_tasks_trace] (root,0,0,00:01:04/35-14:30:34,13) [ksoftirqd/0] (root,0,0,01:42:19/35-14:30:34,14) [rcu_preempt] (root,0,0,00:00:13/35-14:30:34,15) [migration/0] (root,0,0,00:00:00/35-14:30:34,16) [idle_inject/0] (root,0,0,00:00:00/35-14:30:34,18) [cpuhp/0] (root,0,0,00:00:00/35-14:30:34,19) [cpuhp/1] (root,0,0,00:00:00/35-14:30:34,20) [idle_inject/1] (root,0,0,00:00:13/35-14:30:34,21) [migration/1] (root,0,0,00:00:52/35-14:30:34,22) [ksoftirqd/1] (root,0,0,00:00:00/35-14:30:34,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-14:30:34,25) [cpuhp/2] (root,0,0,00:00:00/35-14:30:34,26) [idle_inject/2] (root,0,0,00:00:10/35-14:30:34,27) [migration/2] (root,0,0,01:05:12/35-14:30:34,28) [ksoftirqd/2] (root,0,0,00:00:00/35-14:30:34,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-14:30:34,31) [cpuhp/3] (root,0,0,00:00:00/35-14:30:34,32) [idle_inject/3] (root,0,0,00:00:12/35-14:30:34,33) [migration/3] (root,0,0,00:03:21/35-14:30:34,34) [ksoftirqd/3] (root,0,0,00:00:00/35-14:30:34,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-14:30:34,40) [kdevtmpfs] (root,0,0,00:00:00/35-14:30:34,41) [netns] (root,0,0,00:00:00/35-14:30:34,42) [inet_frag_wq] (root,0,0,00:00:12/35-14:30:34,43) [kauditd] (root,0,0,00:00:00/35-14:30:34,44) [khungtaskd] (root,0,0,00:00:00/35-14:30:34,45) [oom_reaper] (root,0,0,00:00:00/35-14:30:34,46) [writeback] (root,0,0,00:01:52/35-14:30:34,47) [kcompactd0] (root,0,0,00:00:00/35-14:30:34,48) [ksmd] (root,0,0,00:01:56/35-14:30:34,49) [khugepaged] (root,0,0,00:00:00/35-14:30:34,75) [kintegrityd] (root,0,0,00:00:00/35-14:30:34,76) [kblockd] (root,0,0,00:00:00/35-14:30:34,77) [blkcg_punt_bio] (root,0,0,00:00:00/35-14:30:34,79) [tpm_dev_wq] (root,0,0,00:00:00/35-14:30:34,80) [edac-poller] (root,0,0,00:00:00/35-14:30:34,81) [devfreq_wq] (root,0,0,00:00:00/35-14:30:34,110) [watchdogd] (root,0,0,00:00:02/35-14:30:34,111) [kswapd0] (root,0,0,00:00:09/35-14:30:34,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/35-14:30:32,115) [kthrotld] (root,0,0,00:00:00/35-14:30:32,116) [mld] (root,0,0,00:00:00/35-14:30:32,117) [ipv6_addrconf] (root,0,0,00:00:10/35-14:30:32,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-14:30:32,123) [kstrp] (root,0,0,00:00:00/35-14:30:32,124) [zswap-shrink] (root,0,0,00:00:00/35-14:30:32,125) [kworker/u9:0] (root,0,0,00:00:00/35-14:30:32,130) [charger_manager] (root,0,0,00:00:10/35-14:30:32,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/35-14:30:32,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/35-14:30:31,239) [kaluad] (root,0,0,00:00:00/35-14:30:31,258) [kmpath_rdacd] (root,0,0,00:00:00/35-14:30:31,304) [kmpathd] (root,0,0,00:00:00/35-14:30:31,305) [kmpath_handlerd] (root,0,0,00:00:00/35-14:30:30,342) [ata_sff] (root,0,0,00:00:00/35-14:30:30,343) [scsi_eh_0] (root,0,0,00:00:00/35-14:30:30,344) [scsi_tmf_0] (root,0,0,00:00:00/35-14:30:30,345) [scsi_eh_1] (root,0,0,00:00:00/35-14:30:30,346) [scsi_tmf_1] (root,0,0,00:01:11/35-14:30:27,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-14:30:27,367) [ext4-rsv-conver] (root,38604,7924,00:00:58/35-14:30:15,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/35-14:30:14,454) /usr/lib/systemd/systemd-udevd (root,0,0,00:00:00/09:48,485) [kworker/0:2-events] (root,8624,6172,00:00:56/35-14:30:12,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:21/35-14:29:41,511) /sbin/auditd (messagebus,22932,5436,00:01:59/35-14:29:40,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:07/35-14:29:40,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/35-14:29:40,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/35-14:29:38,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/35-14:29:38,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:03:46,633) [kworker/u8:1-writeback] (root,548616,30252,00:00:42/35-14:29:24,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/35-14:29:24,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:35/35-14:29:24,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/35-14:29:24,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/35-14:29:24,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/35-14:29:24,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/35-14:29:24,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:55/35-14:29:24,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:09/35-14:29:24,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/35-14:29:24,1352) bpfilter_umh (root,26204,8116,00:00:18/35-14:29:24,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/35-14:29:24,1359) ntpd: asynchronous dns resolver (spot,361104,198272,2-02:20:04/35-14:29:23,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/35-14:29:23,1371) (sd-pam) (checkmk,48528,3192,00:00:00/35-14:29:23,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/35-14:29:23,1373) (sd-pam) (root,24216,5260,00:00:12/35-14:29:21,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/35-14:29:21,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/35-14:29:21,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/35-14:29:18,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:13/35-14:29:17,1527) sshd: syslogtunnel (root,696596,77900,00:49:18/35-14:29:15,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:01/02:38:46,1719) [kworker/2:2-events] (spot,223680,64864,00:19:43/35-14:29:03,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/29-20:04:38,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/00:18,3161) [kworker/3:1-ata_sff] (root,35308,10108,00:00:00/35-14:28:38,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:58/35-14:28:38,3218) sshd: cm-ssh (root,6656,3508,00:00:00/00:00,4264) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,4384) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,4407) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,4408) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:35:57,11281) [kworker/0:1-events] (root,0,0,00:00:00/05:29,16037) [kworker/3:0-events] (root,0,0,00:00:00/34:32,16207) [kworker/1:2-events] (postfix,24244,8160,00:00:00/41:30,18195) pickup -l -t fifo -u (root,0,0,00:00:00/03:46:28,19269) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:48:33,20934) [kworker/1:1-events] (root,0,0,00:00:00/14:23,21129) [kworker/2:0-events] (root,0,0,00:00:03/10:41,31160) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-16 01:19 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683634c9dc228Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:39/33-13:03:26,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/33-13:03:26,2) [kthreadd] (root,0,0,00:00:00/33-13:03:26,3) [rcu_gp] (root,0,0,00:00:00/33-13:03:26,4) [rcu_par_gp] (root,0,0,00:00:00/33-13:03:26,5) [slub_flushwq] (root,0,0,00:00:00/33-13:03:26,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-13:03:26,9) [mm_percpu_wq] (root,0,0,00:00:00/33-13:03:26,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-13:03:26,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-13:03:26,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-13:03:26,13) [ksoftirqd/0] (root,0,0,01:36:47/33-13:03:26,14) [rcu_preempt] (root,0,0,00:00:12/33-13:03:26,15) [migration/0] (root,0,0,00:00:00/33-13:03:26,16) [idle_inject/0] (root,0,0,00:00:00/33-13:03:26,18) [cpuhp/0] (root,0,0,00:00:00/33-13:03:26,19) [cpuhp/1] (root,0,0,00:00:00/33-13:03:26,20) [idle_inject/1] (root,0,0,00:00:12/33-13:03:26,21) [migration/1] (root,0,0,00:00:50/33-13:03:26,22) [ksoftirqd/1] (root,0,0,00:00:00/33-13:03:26,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-13:03:26,25) [cpuhp/2] (root,0,0,00:00:00/33-13:03:26,26) [idle_inject/2] (root,0,0,00:00:09/33-13:03:26,27) [migration/2] (root,0,0,01:01:57/33-13:03:26,28) [ksoftirqd/2] (root,0,0,00:00:00/33-13:03:26,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-13:03:26,31) [cpuhp/3] (root,0,0,00:00:00/33-13:03:26,32) [idle_inject/3] (root,0,0,00:00:12/33-13:03:26,33) [migration/3] (root,0,0,00:03:11/33-13:03:26,34) [ksoftirqd/3] (root,0,0,00:00:00/33-13:03:26,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-13:03:26,40) [kdevtmpfs] (root,0,0,00:00:00/33-13:03:26,41) [netns] (root,0,0,00:00:00/33-13:03:26,42) [inet_frag_wq] (root,0,0,00:00:12/33-13:03:26,43) [kauditd] (root,0,0,00:00:00/33-13:03:26,44) [khungtaskd] (root,0,0,00:00:00/33-13:03:26,45) [oom_reaper] (root,0,0,00:00:00/33-13:03:26,46) [writeback] (root,0,0,00:01:46/33-13:03:26,47) [kcompactd0] (root,0,0,00:00:00/33-13:03:26,48) [ksmd] (root,0,0,00:01:49/33-13:03:26,49) [khugepaged] (root,0,0,00:00:00/33-13:03:26,75) [kintegrityd] (root,0,0,00:00:00/33-13:03:26,76) [kblockd] (root,0,0,00:00:00/33-13:03:26,77) [blkcg_punt_bio] (root,0,0,00:00:00/33-13:03:26,79) [tpm_dev_wq] (root,0,0,00:00:00/33-13:03:26,80) [edac-poller] (root,0,0,00:00:00/33-13:03:26,81) [devfreq_wq] (root,0,0,00:00:00/33-13:03:26,110) [watchdogd] (root,0,0,00:00:02/33-13:03:26,111) [kswapd0] (root,0,0,00:00:09/33-13:03:26,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/33-13:03:24,115) [kthrotld] (root,0,0,00:00:00/33-13:03:24,116) [mld] (root,0,0,00:00:00/33-13:03:24,117) [ipv6_addrconf] (root,0,0,00:00:09/33-13:03:24,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-13:03:24,123) [kstrp] (root,0,0,00:00:00/33-13:03:24,124) [zswap-shrink] (root,0,0,00:00:00/33-13:03:24,125) [kworker/u9:0] (root,0,0,00:00:00/33-13:03:24,130) [charger_manager] (root,0,0,00:00:10/33-13:03:24,172) [kworker/1:1H-kblockd] (root,0,0,00:00:15/33-13:03:24,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/33-13:03:23,239) [kaluad] (root,0,0,00:00:00/33-13:03:23,258) [kmpath_rdacd] (root,0,0,00:00:00/33-13:03:23,304) [kmpathd] (root,0,0,00:00:00/33-13:03:23,305) [kmpath_handlerd] (root,0,0,00:00:00/33-13:03:22,342) [ata_sff] (root,0,0,00:00:00/33-13:03:22,343) [scsi_eh_0] (root,0,0,00:00:00/33-13:03:22,344) [scsi_tmf_0] (root,0,0,00:00:00/33-13:03:22,345) [scsi_eh_1] (root,0,0,00:00:00/33-13:03:22,346) [scsi_tmf_1] (root,0,0,00:01:07/33-13:03:19,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-13:03:19,367) [ext4-rsv-conver] (root,38604,7944,00:00:54/33-13:03:07,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/33-13:03:06,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:53/33-13:03:04,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:20/33-13:02:33,511) /sbin/auditd (messagebus,22932,5632,00:01:52/33-13:02:32,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:01:03/33-13:02:32,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/33-13:02:32,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/33-13:02:30,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/33-13:02:30,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:39/33-13:02:16,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/33-13:02:16,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:23/33-13:02:16,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/33-13:02:16,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/33-13:02:16,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/33-13:02:16,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/33-13:02:16,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:52/33-13:02:16,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:51/33-13:02:16,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/33-13:02:16,1352) bpfilter_umh (root,26204,8128,00:00:17/33-13:02:16,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/33-13:02:16,1359) ntpd: asynchronous dns resolver (spot,361360,200072,2-00:18:52/33-13:02:15,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/33-13:02:15,1371) (sd-pam) (checkmk,48528,3192,00:00:00/33-13:02:15,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/33-13:02:15,1373) (sd-pam) (root,24216,5260,00:00:11/33-13:02:13,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/33-13:02:13,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/33-13:02:13,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/33-13:02:10,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:05/33-13:02:09,1527) sshd: syslogtunnel (root,694036,73228,00:46:26/33-13:02:07,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/16:08,1600) [kworker/3:0-events] (spot,222656,63352,00:18:42/33-13:01:55,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/27-18:37:30,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/33-13:01:30,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:51/33-13:01:30,3218) sshd: cm-ssh (root,0,0,00:00:00/28:25,4095) [kworker/2:0] (root,0,0,00:00:00/22:05,7631) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/00:35,8286) [kworker/3:2-ata_sff] (root,6656,3488,00:00:00/00:00,10511) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,10525) /bin/bash /usr/bin/check_mk_agent (root,13744,3452,00:00:00/00:00,10551) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,10552) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:02/04:48:49,15620) [kworker/2:2-events] (root,0,0,00:00:00/05:45,16144) [kworker/3:1-ata_sff] (root,0,0,00:00:00/12:53,16920) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/05:11,18362) [kworker/0:2-cgroup_destroy] (root,0,0,00:00:00/01:28:30,21273) [kworker/0:1-events] (root,0,0,00:00:00/18:29,22988) [kworker/1:2-cgroup_destroy] (postfix,24244,8228,00:00:00/01:15:21,25034) pickup -l -t fifo -u (root,0,0,00:00:00/01:15:09,25667) [kworker/1:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-13 23:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363bc00e270Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:33/31-13:05:00,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-13:05:00,2) [kthreadd] (root,0,0,00:00:00/31-13:05:00,3) [rcu_gp] (root,0,0,00:00:00/31-13:05:00,4) [rcu_par_gp] (root,0,0,00:00:00/31-13:05:00,5) [slub_flushwq] (root,0,0,00:00:00/31-13:05:00,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-13:05:00,9) [mm_percpu_wq] (root,0,0,00:00:00/31-13:05:00,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-13:05:00,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-13:05:00,12) [rcu_tasks_trace] (root,0,0,00:00:58/31-13:05:00,13) [ksoftirqd/0] (root,0,0,01:31:28/31-13:05:00,14) [rcu_preempt] (root,0,0,00:00:12/31-13:05:00,15) [migration/0] (root,0,0,00:00:00/31-13:05:00,16) [idle_inject/0] (root,0,0,00:00:00/31-13:05:00,18) [cpuhp/0] (root,0,0,00:00:00/31-13:05:00,19) [cpuhp/1] (root,0,0,00:00:00/31-13:05:00,20) [idle_inject/1] (root,0,0,00:00:12/31-13:05:00,21) [migration/1] (root,0,0,00:00:47/31-13:05:00,22) [ksoftirqd/1] (root,0,0,00:00:00/31-13:05:00,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-13:05:00,25) [cpuhp/2] (root,0,0,00:00:00/31-13:05:00,26) [idle_inject/2] (root,0,0,00:00:09/31-13:05:00,27) [migration/2] (root,0,0,00:58:56/31-13:05:00,28) [ksoftirqd/2] (root,0,0,00:00:00/31-13:05:00,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-13:05:00,31) [cpuhp/3] (root,0,0,00:00:00/31-13:05:00,32) [idle_inject/3] (root,0,0,00:00:11/31-13:05:00,33) [migration/3] (root,0,0,00:03:03/31-13:05:00,34) [ksoftirqd/3] (root,0,0,00:00:00/31-13:05:00,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-13:05:00,40) [kdevtmpfs] (root,0,0,00:00:00/31-13:05:00,41) [netns] (root,0,0,00:00:00/31-13:05:00,42) [inet_frag_wq] (root,0,0,00:00:11/31-13:05:00,43) [kauditd] (root,0,0,00:00:00/31-13:05:00,44) [khungtaskd] (root,0,0,00:00:00/31-13:05:00,45) [oom_reaper] (root,0,0,00:00:00/31-13:05:00,46) [writeback] (root,0,0,00:01:40/31-13:05:00,47) [kcompactd0] (root,0,0,00:00:00/31-13:05:00,48) [ksmd] (root,0,0,00:01:43/31-13:05:00,49) [khugepaged] (root,0,0,00:00:00/31-13:05:00,75) [kintegrityd] (root,0,0,00:00:00/31-13:05:00,76) [kblockd] (root,0,0,00:00:00/31-13:05:00,77) [blkcg_punt_bio] (root,0,0,00:00:00/31-13:05:00,79) [tpm_dev_wq] (root,0,0,00:00:00/31-13:05:00,80) [edac-poller] (root,0,0,00:00:00/31-13:05:00,81) [devfreq_wq] (root,0,0,00:00:00/31-13:05:00,110) [watchdogd] (root,0,0,00:00:02/31-13:05:00,111) [kswapd0] (root,0,0,00:00:08/31-13:05:00,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/31-13:04:58,115) [kthrotld] (root,0,0,00:00:00/31-13:04:58,116) [mld] (root,0,0,00:00:00/31-13:04:58,117) [ipv6_addrconf] (root,0,0,00:00:09/31-13:04:58,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-13:04:58,123) [kstrp] (root,0,0,00:00:00/31-13:04:58,124) [zswap-shrink] (root,0,0,00:00:00/31-13:04:58,125) [kworker/u9:0] (root,0,0,00:00:00/31-13:04:58,130) [charger_manager] (root,0,0,00:00:09/31-13:04:58,172) [kworker/1:1H-kblockd] (root,0,0,00:00:14/31-13:04:58,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/31-13:04:57,239) [kaluad] (root,0,0,00:00:00/31-13:04:57,258) [kmpath_rdacd] (root,0,0,00:00:00/31-13:04:57,304) [kmpathd] (root,0,0,00:00:00/31-13:04:57,305) [kmpath_handlerd] (root,0,0,00:00:00/31-13:04:56,342) [ata_sff] (root,0,0,00:00:00/31-13:04:56,343) [scsi_eh_0] (root,0,0,00:00:00/31-13:04:56,344) [scsi_tmf_0] (root,0,0,00:00:00/31-13:04:56,345) [scsi_eh_1] (root,0,0,00:00:00/31-13:04:56,346) [scsi_tmf_1] (root,0,0,00:01:03/31-13:04:53,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-13:04:53,367) [ext4-rsv-conver] (root,38604,7944,00:00:51/31-13:04:41,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/31-13:04:40,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:49/31-13:04:38,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:18/31-13:04:07,511) /sbin/auditd (messagebus,22932,5632,00:01:44/31-13:04:06,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:59/31-13:04:06,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/31-13:04:06,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/31-13:04:04,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/31-13:04:04,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:37/31-13:03:50,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/31-13:03:50,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:12/31-13:03:50,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/31-13:03:50,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/31-13:03:50,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/31-13:03:50,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/31-13:03:50,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:48/31-13:03:50,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:35/31-13:03:50,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/31-13:03:50,1352) bpfilter_umh (root,26204,8128,00:00:16/31-13:03:50,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/31-13:03:50,1359) ntpd: asynchronous dns resolver (spot,362192,200292,1-22:10:33/31-13:03:49,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/31-13:03:49,1371) (sd-pam) (checkmk,48528,3192,00:00:00/31-13:03:49,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/31-13:03:49,1373) (sd-pam) (root,24216,5260,00:00:11/31-13:03:47,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/31-13:03:47,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/31-13:03:47,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/31-13:03:44,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:58/31-13:03:43,1527) sshd: syslogtunnel (root,693780,72896,00:43:43/31-13:03:41,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/03:15,1852) [kworker/3:0-ata_sff] (spot,221632,61988,00:17:41/31-13:03:29,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/25-18:39:04,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/09:24,2865) [kworker/u8:2-writeback] (root,35308,10108,00:00:00/31-13:03:04,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:45/31-13:03:04,3218) sshd: cm-ssh (root,0,0,00:00:00/08:28,6836) [kworker/3:2-ata_sff] (root,0,0,00:00:00/18:13:36,11736) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/06:59,15172) [kworker/0:2-events] (root,6656,3492,00:00:00/00:01,16835) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,16853) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,16854) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/20:23,18883) [kworker/1:1-events] (root,0,0,00:00:01/03:25:32,22602) [kworker/2:1-events] (root,0,0,00:00:00/01:53:01,23881) [kworker/1:2-events] (postfix,24244,8268,00:00:00/01:38:52,25794) pickup -l -t fifo -u (root,0,0,00:00:00/33:44,27419) [kworker/2:2-events] (root,0,0,00:00:01/02:28:09,28641) [kworker/0:1-events] (root,0,0,00:00:00/24:01,31518) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-11 23:53 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683632d68f2e6Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:25/29-13:03:19,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-13:03:19,2) [kthreadd] (root,0,0,00:00:00/29-13:03:19,3) [rcu_gp] (root,0,0,00:00:00/29-13:03:19,4) [rcu_par_gp] (root,0,0,00:00:00/29-13:03:19,5) [slub_flushwq] (root,0,0,00:00:00/29-13:03:19,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-13:03:19,9) [mm_percpu_wq] (root,0,0,00:00:00/29-13:03:19,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-13:03:19,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-13:03:19,12) [rcu_tasks_trace] (root,0,0,00:00:55/29-13:03:19,13) [ksoftirqd/0] (root,0,0,01:25:38/29-13:03:19,14) [rcu_preempt] (root,0,0,00:00:11/29-13:03:19,15) [migration/0] (root,0,0,00:00:00/29-13:03:19,16) [idle_inject/0] (root,0,0,00:00:00/29-13:03:19,18) [cpuhp/0] (root,0,0,00:00:00/29-13:03:19,19) [cpuhp/1] (root,0,0,00:00:00/29-13:03:19,20) [idle_inject/1] (root,0,0,00:00:11/29-13:03:19,21) [migration/1] (root,0,0,00:00:45/29-13:03:19,22) [ksoftirqd/1] (root,0,0,00:00:00/29-13:03:19,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-13:03:19,25) [cpuhp/2] (root,0,0,00:00:00/29-13:03:19,26) [idle_inject/2] (root,0,0,00:00:08/29-13:03:19,27) [migration/2] (root,0,0,00:54:42/29-13:03:19,28) [ksoftirqd/2] (root,0,0,00:00:00/29-13:03:19,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-13:03:19,31) [cpuhp/3] (root,0,0,00:00:00/29-13:03:19,32) [idle_inject/3] (root,0,0,00:00:10/29-13:03:19,33) [migration/3] (root,0,0,00:02:50/29-13:03:19,34) [ksoftirqd/3] (root,0,0,00:00:00/29-13:03:19,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-13:03:19,40) [kdevtmpfs] (root,0,0,00:00:00/29-13:03:19,41) [netns] (root,0,0,00:00:00/29-13:03:19,42) [inet_frag_wq] (root,0,0,00:00:10/29-13:03:19,43) [kauditd] (root,0,0,00:00:00/29-13:03:19,44) [khungtaskd] (root,0,0,00:00:00/29-13:03:19,45) [oom_reaper] (root,0,0,00:00:00/29-13:03:19,46) [writeback] (root,0,0,00:01:34/29-13:03:19,47) [kcompactd0] (root,0,0,00:00:00/29-13:03:19,48) [ksmd] (root,0,0,00:01:36/29-13:03:19,49) [khugepaged] (root,0,0,00:00:00/29-13:03:19,75) [kintegrityd] (root,0,0,00:00:00/29-13:03:19,76) [kblockd] (root,0,0,00:00:00/29-13:03:19,77) [blkcg_punt_bio] (root,0,0,00:00:00/29-13:03:19,79) [tpm_dev_wq] (root,0,0,00:00:00/29-13:03:19,80) [edac-poller] (root,0,0,00:00:00/29-13:03:19,81) [devfreq_wq] (root,0,0,00:00:00/29-13:03:19,110) [watchdogd] (root,0,0,00:00:02/29-13:03:19,111) [kswapd0] (root,0,0,00:00:08/29-13:03:19,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/29-13:03:17,115) [kthrotld] (root,0,0,00:00:00/29-13:03:17,116) [mld] (root,0,0,00:00:00/29-13:03:17,117) [ipv6_addrconf] (root,0,0,00:00:08/29-13:03:17,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-13:03:17,123) [kstrp] (root,0,0,00:00:00/29-13:03:17,124) [zswap-shrink] (root,0,0,00:00:00/29-13:03:17,125) [kworker/u9:0] (root,0,0,00:00:00/29-13:03:17,130) [charger_manager] (root,0,0,00:00:09/29-13:03:17,172) [kworker/1:1H-kblockd] (root,0,0,00:00:13/29-13:03:17,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/29-13:03:16,239) [kaluad] (root,0,0,00:00:00/29-13:03:16,258) [kmpath_rdacd] (root,0,0,00:00:00/29-13:03:16,304) [kmpathd] (root,0,0,00:00:00/29-13:03:16,305) [kmpath_handlerd] (root,0,0,00:00:00/29-13:03:15,342) [ata_sff] (root,0,0,00:00:00/29-13:03:15,343) [scsi_eh_0] (root,0,0,00:00:00/29-13:03:15,344) [scsi_tmf_0] (root,0,0,00:00:00/29-13:03:15,345) [scsi_eh_1] (root,0,0,00:00:00/29-13:03:15,346) [scsi_tmf_1] (root,0,0,00:00:59/29-13:03:12,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-13:03:12,367) [ext4-rsv-conver] (root,38604,7944,00:00:47/29-13:03:00,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/29-13:02:59,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:46/29-13:02:57,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:17/29-13:02:26,511) /sbin/auditd (messagebus,22932,5632,00:01:35/29-13:02:25,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:54/29-13:02:25,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/29-13:02:25,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/29-13:02:23,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/29-13:02:23,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:35/29-13:02:09,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/29-13:02:09,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:01/29-13:02:09,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/29-13:02:09,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/29-13:02:09,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/29-13:02:09,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/29-13:02:09,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:45/29-13:02:09,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:17/29-13:02:09,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/29-13:02:09,1352) bpfilter_umh (root,26204,8128,00:00:14/29-13:02:09,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/29-13:02:09,1359) ntpd: asynchronous dns resolver (spot,361184,200012,1-19:48:07/29-13:02:08,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/29-13:02:08,1371) (sd-pam) (checkmk,48528,3192,00:00:00/29-13:02:08,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/29-13:02:08,1373) (sd-pam) (root,24216,5260,00:00:10/29-13:02:06,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/29-13:02:06,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/29-13:02:06,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/29-13:02:03,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:50/29-13:02:02,1527) sshd: syslogtunnel (root,693524,74428,00:40:50/29-13:02:00,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,220608,60744,00:16:37/29-13:01:48,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/23-18:37:23,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/26:27,2706) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10108,00:00:00/29-13:01:23,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:38/29-13:01:23,3218) sshd: cm-ssh (root,0,0,00:00:00/05:00,3972) [kworker/u8:2-writeback] (root,0,0,00:00:00/04:37,4803) [kworker/3:0-ata_sff] (postfix,24244,8232,00:00:00/19:07,5297) pickup -l -t fifo -u (root,0,0,00:00:01/01:27:37,11915) [kworker/3:2-events] (root,0,0,00:00:00/01:18,13161) [kworker/1:0-events] (root,0,0,00:00:00/17:19,14664) [kworker/0:0] (root,0,0,00:00:00/09:48,15553) [kworker/3:1-ata_sff] (root,6656,3492,00:00:00/00:00,17536) /bin/bash /usr/bin/check_mk_agent (root,6656,1828,00:00:00/00:00,17577) /bin/bash /usr/bin/check_mk_agent (root,0,0,00:00:00/00:00,17578) [check_mk_agent] (root,4480,1152,00:00:00/00:00,17579) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,6656,3480,00:00:00/00:00,17582) /bin/bash /usr/bin/check_mk_agent (root,13744,3396,00:00:00/00:00,17600) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,17601) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/02:27:22,22291) [kworker/0:1-events] (root,0,0,00:00:00/01:18:17,25049) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/36:40,25890) [kworker/2:0] (root,0,0,00:00:00/59:38,28994) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/01:15:48,29505) [kworker/2:1-events] (root,0,0,00:00:00/14:08,30310) [kworker/1:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-09 23:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683637e4061b2Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:18/27-13:04:23,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-13:04:23,2) [kthreadd] (root,0,0,00:00:00/27-13:04:23,3) [rcu_gp] (root,0,0,00:00:00/27-13:04:23,4) [rcu_par_gp] (root,0,0,00:00:00/27-13:04:23,5) [slub_flushwq] (root,0,0,00:00:00/27-13:04:23,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-13:04:23,9) [mm_percpu_wq] (root,0,0,00:00:00/27-13:04:23,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-13:04:23,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-13:04:23,12) [rcu_tasks_trace] (root,0,0,00:00:51/27-13:04:23,13) [ksoftirqd/0] (root,0,0,01:20:09/27-13:04:23,14) [rcu_preempt] (root,0,0,00:00:10/27-13:04:23,15) [migration/0] (root,0,0,00:00:00/27-13:04:23,16) [idle_inject/0] (root,0,0,00:00:00/27-13:04:23,18) [cpuhp/0] (root,0,0,00:00:00/27-13:04:23,19) [cpuhp/1] (root,0,0,00:00:00/27-13:04:23,20) [idle_inject/1] (root,0,0,00:00:10/27-13:04:23,21) [migration/1] (root,0,0,00:00:42/27-13:04:23,22) [ksoftirqd/1] (root,0,0,00:00:00/27-13:04:23,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-13:04:23,25) [cpuhp/2] (root,0,0,00:00:00/27-13:04:23,26) [idle_inject/2] (root,0,0,00:00:08/27-13:04:23,27) [migration/2] (root,0,0,00:51:33/27-13:04:23,28) [ksoftirqd/2] (root,0,0,00:00:00/27-13:04:23,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-13:04:23,31) [cpuhp/3] (root,0,0,00:00:00/27-13:04:23,32) [idle_inject/3] (root,0,0,00:00:10/27-13:04:23,33) [migration/3] (root,0,0,00:02:41/27-13:04:23,34) [ksoftirqd/3] (root,0,0,00:00:00/27-13:04:23,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-13:04:23,40) [kdevtmpfs] (root,0,0,00:00:00/27-13:04:23,41) [netns] (root,0,0,00:00:00/27-13:04:23,42) [inet_frag_wq] (root,0,0,00:00:09/27-13:04:23,43) [kauditd] (root,0,0,00:00:00/27-13:04:23,44) [khungtaskd] (root,0,0,00:00:00/27-13:04:23,45) [oom_reaper] (root,0,0,00:00:00/27-13:04:23,46) [writeback] (root,0,0,00:01:28/27-13:04:23,47) [kcompactd0] (root,0,0,00:00:00/27-13:04:23,48) [ksmd] (root,0,0,00:01:29/27-13:04:23,49) [khugepaged] (root,0,0,00:00:00/27-13:04:23,75) [kintegrityd] (root,0,0,00:00:00/27-13:04:23,76) [kblockd] (root,0,0,00:00:00/27-13:04:23,77) [blkcg_punt_bio] (root,0,0,00:00:00/27-13:04:23,79) [tpm_dev_wq] (root,0,0,00:00:00/27-13:04:23,80) [edac-poller] (root,0,0,00:00:00/27-13:04:23,81) [devfreq_wq] (root,0,0,00:00:00/27-13:04:23,110) [watchdogd] (root,0,0,00:00:02/27-13:04:23,111) [kswapd0] (root,0,0,00:00:07/27-13:04:23,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/27-13:04:21,115) [kthrotld] (root,0,0,00:00:00/27-13:04:21,116) [mld] (root,0,0,00:00:00/27-13:04:21,117) [ipv6_addrconf] (root,0,0,00:00:07/27-13:04:21,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-13:04:21,123) [kstrp] (root,0,0,00:00:00/27-13:04:21,124) [zswap-shrink] (root,0,0,00:00:00/27-13:04:21,125) [kworker/u9:0] (root,0,0,00:00:00/27-13:04:21,130) [charger_manager] (root,0,0,00:00:08/27-13:04:21,172) [kworker/1:1H-kblockd] (root,0,0,00:00:12/27-13:04:21,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/27-13:04:20,239) [kaluad] (root,0,0,00:00:00/27-13:04:20,258) [kmpath_rdacd] (root,0,0,00:00:00/27-13:04:20,304) [kmpathd] (root,0,0,00:00:00/27-13:04:20,305) [kmpath_handlerd] (root,0,0,00:00:00/27-13:04:19,342) [ata_sff] (root,0,0,00:00:00/27-13:04:19,343) [scsi_eh_0] (root,0,0,00:00:00/27-13:04:19,344) [scsi_tmf_0] (root,0,0,00:00:00/27-13:04:19,345) [scsi_eh_1] (root,0,0,00:00:00/27-13:04:19,346) [scsi_tmf_1] (root,0,0,00:00:55/27-13:04:16,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-13:04:16,367) [ext4-rsv-conver] (root,38604,7944,00:00:43/27-13:04:04,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/27-13:04:03,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:43/27-13:04:01,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:15/27-13:03:30,511) /sbin/auditd (messagebus,22932,5632,00:01:26/27-13:03:29,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8328,00:00:49/27-13:03:29,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/27-13:03:29,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/27-13:03:27,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/27-13:03:27,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28776,00:00:32/27-13:03:13,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/27-13:03:13,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:49/27-13:03:13,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/27-13:03:13,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/27-13:03:13,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/27-13:03:13,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/27-13:03:13,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:41/27-13:03:13,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:00/27-13:03:13,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/27-13:03:13,1352) bpfilter_umh (root,26204,8128,00:00:13/27-13:03:13,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/27-13:03:13,1359) ntpd: asynchronous dns resolver (spot,296048,195016,1-17:12:21/27-13:03:12,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/27-13:03:12,1371) (sd-pam) (checkmk,48528,3192,00:00:00/27-13:03:12,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/27-13:03:12,1373) (sd-pam) (root,24216,5260,00:00:09/27-13:03:10,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:01/27-13:03:10,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/27-13:03:10,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/27-13:03:07,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:42/27-13:03:06,1527) sshd: syslogtunnel (root,693268,72064,00:38:05/27-13:03:04,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,219584,59132,00:15:34/27-13:02:52,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:00/21-18:38:27,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/27-13:02:27,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:31/27-13:02:27,3218) sshd: cm-ssh (root,0,0,00:00:00/01:32:32,4690) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/03:10,4886) [kworker/1:0-events] (root,0,0,00:00:00/02:27,8133) [kworker/3:1-ata_sff] (postfix,24244,8176,00:00:00/41:57,10198) pickup -l -t fifo -u (root,0,0,00:00:00/09:25,14310) [kworker/0:0-cgroup_destroy] (root,6656,3456,00:00:00/00:00,18589) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,18607) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,18608) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:38,18691) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:52:08,21505) [kworker/u8:2-events_unbound] (root,0,0,00:00:00/01:26:59,22103) [kworker/0:1-events] (root,0,0,00:00:00/25:00,23590) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/01:08:30,24824) [kworker/2:1-events] (root,0,0,00:00:00/06:17,24846) [kworker/2:0-events] (root,0,0,00:00:01/01:25:28,28201) [kworker/3:0-events] (root,0,0,00:00:00/37:28,28567) [kworker/1:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-07 23:53 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363cf9a5bd8Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:11/25-12:51:51,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-12:51:51,2) [kthreadd] (root,0,0,00:00:00/25-12:51:51,3) [rcu_gp] (root,0,0,00:00:00/25-12:51:51,4) [rcu_par_gp] (root,0,0,00:00:00/25-12:51:51,5) [slub_flushwq] (root,0,0,00:00:00/25-12:51:51,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-12:51:51,9) [mm_percpu_wq] (root,0,0,00:00:00/25-12:51:51,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-12:51:51,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-12:51:51,12) [rcu_tasks_trace] (root,0,0,00:00:48/25-12:51:51,13) [ksoftirqd/0] (root,0,0,01:14:44/25-12:51:51,14) [rcu_preempt] (root,0,0,00:00:09/25-12:51:51,15) [migration/0] (root,0,0,00:00:00/25-12:51:51,16) [idle_inject/0] (root,0,0,00:00:00/25-12:51:51,18) [cpuhp/0] (root,0,0,00:00:00/25-12:51:51,19) [cpuhp/1] (root,0,0,00:00:00/25-12:51:51,20) [idle_inject/1] (root,0,0,00:00:09/25-12:51:51,21) [migration/1] (root,0,0,00:00:39/25-12:51:51,22) [ksoftirqd/1] (root,0,0,00:00:00/25-12:51:51,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-12:51:51,25) [cpuhp/2] (root,0,0,00:00:00/25-12:51:51,26) [idle_inject/2] (root,0,0,00:00:07/25-12:51:51,27) [migration/2] (root,0,0,00:48:51/25-12:51:51,28) [ksoftirqd/2] (root,0,0,00:00:00/25-12:51:51,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-12:51:51,31) [cpuhp/3] (root,0,0,00:00:00/25-12:51:51,32) [idle_inject/3] (root,0,0,00:00:09/25-12:51:51,33) [migration/3] (root,0,0,00:02:31/25-12:51:51,34) [ksoftirqd/3] (root,0,0,00:00:00/25-12:51:51,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-12:51:51,40) [kdevtmpfs] (root,0,0,00:00:00/25-12:51:51,41) [netns] (root,0,0,00:00:00/25-12:51:51,42) [inet_frag_wq] (root,0,0,00:00:08/25-12:51:51,43) [kauditd] (root,0,0,00:00:00/25-12:51:51,44) [khungtaskd] (root,0,0,00:00:00/25-12:51:51,45) [oom_reaper] (root,0,0,00:00:00/25-12:51:51,46) [writeback] (root,0,0,00:01:21/25-12:51:51,47) [kcompactd0] (root,0,0,00:00:00/25-12:51:51,48) [ksmd] (root,0,0,00:01:23/25-12:51:51,49) [khugepaged] (root,0,0,00:00:00/25-12:51:51,75) [kintegrityd] (root,0,0,00:00:00/25-12:51:51,76) [kblockd] (root,0,0,00:00:00/25-12:51:51,77) [blkcg_punt_bio] (root,0,0,00:00:00/25-12:51:51,79) [tpm_dev_wq] (root,0,0,00:00:00/25-12:51:51,80) [edac-poller] (root,0,0,00:00:00/25-12:51:51,81) [devfreq_wq] (root,0,0,00:00:00/25-12:51:51,110) [watchdogd] (root,0,0,00:00:01/25-12:51:51,111) [kswapd0] (root,0,0,00:00:07/25-12:51:51,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/25-12:51:49,115) [kthrotld] (root,0,0,00:00:00/25-12:51:49,116) [mld] (root,0,0,00:00:00/25-12:51:49,117) [ipv6_addrconf] (root,0,0,00:00:07/25-12:51:49,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-12:51:49,123) [kstrp] (root,0,0,00:00:00/25-12:51:49,124) [zswap-shrink] (root,0,0,00:00:00/25-12:51:49,125) [kworker/u9:0] (root,0,0,00:00:00/25-12:51:49,130) [charger_manager] (root,0,0,00:00:07/25-12:51:49,172) [kworker/1:1H-kblockd] (root,0,0,00:00:11/25-12:51:49,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/25-12:51:48,239) [kaluad] (root,0,0,00:00:00/25-12:51:48,258) [kmpath_rdacd] (root,0,0,00:00:00/25-12:51:48,304) [kmpathd] (root,0,0,00:00:00/25-12:51:48,305) [kmpath_handlerd] (root,0,0,00:00:00/25-12:51:47,342) [ata_sff] (root,0,0,00:00:00/25-12:51:47,343) [scsi_eh_0] (root,0,0,00:00:00/25-12:51:47,344) [scsi_tmf_0] (root,0,0,00:00:00/25-12:51:47,345) [scsi_eh_1] (root,0,0,00:00:00/25-12:51:47,346) [scsi_tmf_1] (root,0,0,00:00:51/25-12:51:44,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-12:51:44,367) [ext4-rsv-conver] (root,38604,7992,00:00:39/25-12:51:32,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:03/25-12:51:31,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:40/25-12:51:29,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:14/25-12:50:58,511) /sbin/auditd (messagebus,22932,5912,00:01:17/25-12:50:57,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:44/25-12:50:57,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/25-12:50:57,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/25-12:50:55,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/25-12:50:55,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/00:34,710) [kworker/0:0-events] (root,548104,29508,00:00:30/25-12:50:41,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/25-12:50:41,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:37/25-12:50:41,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/25-12:50:41,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/25-12:50:41,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/25-12:50:41,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/25-12:50:41,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:37/25-12:50:41,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:42/25-12:50:41,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/25-12:50:41,1352) bpfilter_umh (root,26204,8212,00:00:12/25-12:50:41,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/25-12:50:41,1359) ntpd: asynchronous dns resolver (spot,296256,191524,1-14:58:03/25-12:50:40,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/25-12:50:40,1371) (sd-pam) (checkmk,48528,3192,00:00:00/25-12:50:40,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/25-12:50:40,1373) (sd-pam) (root,24216,5268,00:00:09/25-12:50:38,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/25-12:50:38,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/25-12:50:38,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/25-12:50:35,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:35/25-12:50:34,1527) sshd: syslogtunnel (root,693268,75792,00:35:20/25-12:50:32,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,218560,57872,00:14:36/25-12:50:20,1995) /usr/bin/python3.11 /usr/bin/spot (root,6656,3488,00:00:00/00:00,2160) /bin/bash /usr/bin/check_mk_agent (root,6656,3480,00:00:00/00:00,2181) /bin/bash /usr/bin/check_mk_agent (root,13744,3364,00:00:00/00:00,2208) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,2209) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,44628,9292,00:00:00/19-18:25:55,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/25-12:49:55,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:25/25-12:49:55,3218) sshd: cm-ssh (root,0,0,00:00:00/09:54,3732) [kworker/3:1-ata_sff] (root,0,0,00:00:00/01:13:23,11861) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/06:34,15928) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/46:43,16699) [kworker/2:2-events] (root,0,0,00:00:00/37:44,17398) [kworker/2:1-events] (root,0,0,00:00:00/12:39,20983) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/01:50:31,21873) [kworker/1:0-events] (root,0,0,00:00:00/04:41,22152) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:00:04,22713) [kworker/u8:1-flush-253:0] (root,0,0,00:00:01/01:32:54,27643) [kworker/3:2-events] (root,0,0,00:00:00/58:46,28674) [kworker/0:2-events] (postfix,24244,8204,00:00:00/50:30,32576) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-05 23:40 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683634b88d484Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:03/23-12:49:48,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-12:49:48,2) [kthreadd] (root,0,0,00:00:00/23-12:49:48,3) [rcu_gp] (root,0,0,00:00:00/23-12:49:48,4) [rcu_par_gp] (root,0,0,00:00:00/23-12:49:48,5) [slub_flushwq] (root,0,0,00:00:00/23-12:49:48,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-12:49:48,9) [mm_percpu_wq] (root,0,0,00:00:00/23-12:49:48,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-12:49:48,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-12:49:48,12) [rcu_tasks_trace] (root,0,0,00:00:45/23-12:49:48,13) [ksoftirqd/0] (root,0,0,01:09:06/23-12:49:48,14) [rcu_preempt] (root,0,0,00:00:09/23-12:49:48,15) [migration/0] (root,0,0,00:00:00/23-12:49:48,16) [idle_inject/0] (root,0,0,00:00:00/23-12:49:48,18) [cpuhp/0] (root,0,0,00:00:00/23-12:49:48,19) [cpuhp/1] (root,0,0,00:00:00/23-12:49:48,20) [idle_inject/1] (root,0,0,00:00:09/23-12:49:48,21) [migration/1] (root,0,0,00:00:37/23-12:49:48,22) [ksoftirqd/1] (root,0,0,00:00:00/23-12:49:48,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-12:49:48,25) [cpuhp/2] (root,0,0,00:00:00/23-12:49:48,26) [idle_inject/2] (root,0,0,00:00:07/23-12:49:48,27) [migration/2] (root,0,0,00:45:31/23-12:49:48,28) [ksoftirqd/2] (root,0,0,00:00:00/23-12:49:48,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-12:49:48,31) [cpuhp/3] (root,0,0,00:00:00/23-12:49:48,32) [idle_inject/3] (root,0,0,00:00:08/23-12:49:48,33) [migration/3] (root,0,0,00:02:21/23-12:49:48,34) [ksoftirqd/3] (root,0,0,00:00:00/23-12:49:48,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-12:49:48,40) [kdevtmpfs] (root,0,0,00:00:00/23-12:49:48,41) [netns] (root,0,0,00:00:00/23-12:49:48,42) [inet_frag_wq] (root,0,0,00:00:07/23-12:49:48,43) [kauditd] (root,0,0,00:00:00/23-12:49:48,44) [khungtaskd] (root,0,0,00:00:00/23-12:49:48,45) [oom_reaper] (root,0,0,00:00:00/23-12:49:48,46) [writeback] (root,0,0,00:01:15/23-12:49:48,47) [kcompactd0] (root,0,0,00:00:00/23-12:49:48,48) [ksmd] (root,0,0,00:01:17/23-12:49:48,49) [khugepaged] (root,0,0,00:00:00/23-12:49:48,75) [kintegrityd] (root,0,0,00:00:00/23-12:49:48,76) [kblockd] (root,0,0,00:00:00/23-12:49:48,77) [blkcg_punt_bio] (root,0,0,00:00:00/23-12:49:48,79) [tpm_dev_wq] (root,0,0,00:00:00/23-12:49:48,80) [edac-poller] (root,0,0,00:00:00/23-12:49:48,81) [devfreq_wq] (root,0,0,00:00:00/23-12:49:48,110) [watchdogd] (root,0,0,00:00:01/23-12:49:48,111) [kswapd0] (root,0,0,00:00:06/23-12:49:48,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/23-12:49:46,115) [kthrotld] (root,0,0,00:00:00/23-12:49:46,116) [mld] (root,0,0,00:00:00/23-12:49:46,117) [ipv6_addrconf] (root,0,0,00:00:06/23-12:49:46,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-12:49:46,123) [kstrp] (root,0,0,00:00:00/23-12:49:46,124) [zswap-shrink] (root,0,0,00:00:00/23-12:49:46,125) [kworker/u9:0] (root,0,0,00:00:00/23-12:49:46,130) [charger_manager] (root,0,0,00:00:07/23-12:49:46,172) [kworker/1:1H-kblockd] (root,0,0,00:00:10/23-12:49:46,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/23-12:49:45,239) [kaluad] (root,0,0,00:00:00/23-12:49:45,258) [kmpath_rdacd] (root,0,0,00:00:00/23-12:49:45,304) [kmpathd] (root,0,0,00:00:00/23-12:49:45,305) [kmpath_handlerd] (root,0,0,00:00:00/23-12:49:44,342) [ata_sff] (root,0,0,00:00:00/23-12:49:44,343) [scsi_eh_0] (root,0,0,00:00:00/23-12:49:44,344) [scsi_tmf_0] (root,0,0,00:00:00/23-12:49:44,345) [scsi_eh_1] (root,0,0,00:00:00/23-12:49:44,346) [scsi_tmf_1] (root,0,0,00:00:47/23-12:49:41,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-12:49:41,367) [ext4-rsv-conver] (root,38604,7992,00:00:35/23-12:49:29,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/23-12:49:28,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:37/23-12:49:26,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:12/23-12:48:55,511) /sbin/auditd (messagebus,22932,5912,00:01:08/23-12:48:54,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:39/23-12:48:54,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/23-12:48:54,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/23-12:48:52,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/23-12:48:52,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28468,00:00:27/23-12:48:38,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/23-12:48:38,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:27/23-12:48:38,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/23-12:48:38,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/23-12:48:38,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/23-12:48:38,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/23-12:48:38,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:33/23-12:48:38,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:25/23-12:48:38,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/23-12:48:38,1352) bpfilter_umh (root,26204,8212,00:00:10/23-12:48:38,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/23-12:48:38,1359) ntpd: asynchronous dns resolver (spot,291776,178052,1-12:32:05/23-12:48:37,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/23-12:48:37,1371) (sd-pam) (checkmk,48528,3192,00:00:00/23-12:48:37,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/23-12:48:37,1373) (sd-pam) (root,24216,5268,00:00:08/23-12:48:35,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/23-12:48:35,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/23-12:48:35,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/23-12:48:32,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:27/23-12:48:31,1527) sshd: syslogtunnel (root,692644,73248,00:32:34/23-12:48:29,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,56548,00:13:35/23-12:48:17,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/17-18:23:52,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/23-12:47:52,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:18/23-12:47:52,3218) sshd: cm-ssh (root,0,0,00:00:00/57:46,3867) [kworker/0:0-events] (root,0,0,00:00:00/23:17,3961) [kworker/1:2-events] (root,0,0,00:00:00/01:06:12,4103) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/05:31:23,4562) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/14:24,6663) [kworker/0:2-events] (root,6656,3488,00:00:00/00:00,8188) /bin/bash /usr/bin/check_mk_agent (root,13744,3364,00:00:00/00:00,8206) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,8207) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/42:23,14029) [kworker/2:1-events] (root,0,0,00:00:00/01:19:43,18134) [kworker/2:2-events] (root,0,0,00:00:00/40:21,18665) [kworker/3:1-events] (postfix,24244,8168,00:00:00/01:10:17,18770) pickup -l -t fifo -u (root,0,0,00:00:00/04:02,25097) [kworker/3:2-ata_sff] (root,0,0,00:00:00/17:18,28637) [kworker/1:1] (root,0,0,00:00:00/09:14,29474) [kworker/3:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-03 23:38 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e8de153fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:54/21-13:00:51,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-13:00:51,2) [kthreadd] (root,0,0,00:00:00/21-13:00:51,3) [rcu_gp] (root,0,0,00:00:00/21-13:00:51,4) [rcu_par_gp] (root,0,0,00:00:00/21-13:00:51,5) [slub_flushwq] (root,0,0,00:00:00/21-13:00:51,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-13:00:51,9) [mm_percpu_wq] (root,0,0,00:00:00/21-13:00:51,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-13:00:51,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-13:00:51,12) [rcu_tasks_trace] (root,0,0,00:00:42/21-13:00:51,13) [ksoftirqd/0] (root,0,0,01:03:27/21-13:00:51,14) [rcu_preempt] (root,0,0,00:00:08/21-13:00:51,15) [migration/0] (root,0,0,00:00:00/21-13:00:51,16) [idle_inject/0] (root,0,0,00:00:00/21-13:00:51,18) [cpuhp/0] (root,0,0,00:00:00/21-13:00:51,19) [cpuhp/1] (root,0,0,00:00:00/21-13:00:51,20) [idle_inject/1] (root,0,0,00:00:08/21-13:00:51,21) [migration/1] (root,0,0,00:00:34/21-13:00:51,22) [ksoftirqd/1] (root,0,0,00:00:00/21-13:00:51,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-13:00:51,25) [cpuhp/2] (root,0,0,00:00:00/21-13:00:51,26) [idle_inject/2] (root,0,0,00:00:06/21-13:00:51,27) [migration/2] (root,0,0,00:42:44/21-13:00:51,28) [ksoftirqd/2] (root,0,0,00:00:00/21-13:00:51,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-13:00:51,31) [cpuhp/3] (root,0,0,00:00:00/21-13:00:51,32) [idle_inject/3] (root,0,0,00:00:08/21-13:00:51,33) [migration/3] (root,0,0,00:02:11/21-13:00:51,34) [ksoftirqd/3] (root,0,0,00:00:00/21-13:00:51,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-13:00:51,40) [kdevtmpfs] (root,0,0,00:00:00/21-13:00:51,41) [netns] (root,0,0,00:00:00/21-13:00:51,42) [inet_frag_wq] (root,0,0,00:00:06/21-13:00:51,43) [kauditd] (root,0,0,00:00:00/21-13:00:51,44) [khungtaskd] (root,0,0,00:00:00/21-13:00:51,45) [oom_reaper] (root,0,0,00:00:00/21-13:00:51,46) [writeback] (root,0,0,00:01:09/21-13:00:51,47) [kcompactd0] (root,0,0,00:00:00/21-13:00:51,48) [ksmd] (root,0,0,00:01:10/21-13:00:51,49) [khugepaged] (root,0,0,00:00:00/21-13:00:51,75) [kintegrityd] (root,0,0,00:00:00/21-13:00:51,76) [kblockd] (root,0,0,00:00:00/21-13:00:51,77) [blkcg_punt_bio] (root,0,0,00:00:00/21-13:00:51,79) [tpm_dev_wq] (root,0,0,00:00:00/21-13:00:51,80) [edac-poller] (root,0,0,00:00:00/21-13:00:51,81) [devfreq_wq] (root,0,0,00:00:00/21-13:00:51,110) [watchdogd] (root,0,0,00:00:01/21-13:00:51,111) [kswapd0] (root,0,0,00:00:05/21-13:00:51,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/21-13:00:49,115) [kthrotld] (root,0,0,00:00:00/21-13:00:49,116) [mld] (root,0,0,00:00:00/21-13:00:49,117) [ipv6_addrconf] (root,0,0,00:00:06/21-13:00:49,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-13:00:49,123) [kstrp] (root,0,0,00:00:00/21-13:00:49,124) [zswap-shrink] (root,0,0,00:00:00/21-13:00:49,125) [kworker/u9:0] (root,0,0,00:00:00/21-13:00:49,130) [charger_manager] (root,0,0,00:00:06/21-13:00:49,172) [kworker/1:1H-kblockd] (root,0,0,00:00:09/21-13:00:49,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/21-13:00:48,239) [kaluad] (root,0,0,00:00:00/21-13:00:48,258) [kmpath_rdacd] (root,0,0,00:00:00/21-13:00:48,304) [kmpathd] (root,0,0,00:00:00/21-13:00:48,305) [kmpath_handlerd] (root,0,0,00:00:00/21-13:00:47,342) [ata_sff] (root,0,0,00:00:00/21-13:00:47,343) [scsi_eh_0] (root,0,0,00:00:00/21-13:00:47,344) [scsi_tmf_0] (root,0,0,00:00:00/21-13:00:47,345) [scsi_eh_1] (root,0,0,00:00:00/21-13:00:47,346) [scsi_tmf_1] (root,0,0,00:00:43/21-13:00:44,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-13:00:44,367) [ext4-rsv-conver] (root,38604,7992,00:00:30/21-13:00:32,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/21-13:00:31,454) /usr/lib/systemd/systemd-udevd (root,0,0,00:00:01/02:03:32,461) [kworker/3:0-events] (root,8624,6244,00:00:34/21-13:00:29,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:10/21-12:59:58,511) /sbin/auditd (messagebus,22932,5912,00:00:58/21-12:59:57,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:33/21-12:59:57,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/21-12:59:57,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/21-12:59:55,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/21-12:59:55,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28468,00:00:25/21-12:59:41,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/21-12:59:41,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:16/21-12:59:41,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/21-12:59:41,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/21-12:59:41,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/21-12:59:41,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/21-12:59:41,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:29/21-12:59:41,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:07/21-12:59:41,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/21-12:59:41,1352) bpfilter_umh (root,26204,8212,00:00:09/21-12:59:41,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/21-12:59:41,1359) ntpd: asynchronous dns resolver (spot,314188,199596,1-09:55:43/21-12:59:40,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/21-12:59:40,1371) (sd-pam) (checkmk,48528,3192,00:00:00/21-12:59:40,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/21-12:59:40,1373) (sd-pam) (root,24216,5268,00:00:07/21-12:59:38,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/21-12:59:38,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/21-12:59:38,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/21-12:59:35,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:19/21-12:59:34,1527) sshd: syslogtunnel (root,692388,74908,00:29:48/21-12:59:32,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,216512,55044,00:12:32/21-12:59:20,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/15-18:34:55,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/21-12:58:55,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:12/21-12:58:55,3218) sshd: cm-ssh (root,0,0,00:00:00/33:19,3360) [kworker/2:0-events] (root,0,0,00:00:00/19:05,3491) [kworker/1:2-events] (root,0,0,00:00:00/02:06,3759) [kworker/0:0-events] (root,0,0,00:00:00/59:53,6922) [kworker/0:2-events] (root,0,0,00:00:00/09:24,8901) [kworker/3:2-ata_sff] (root,6656,3484,00:00:00/00:00,9129) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,9147) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,9148) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:19:28,9313) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:22:41,14476) [kworker/u8:1-writeback] (root,0,0,00:00:00/24:49,18332) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/13:25,20656) [kworker/1:0] (root,0,0,00:00:00/04:56,25731) [kworker/2:1-events] (root,0,0,00:00:00/04:13,27423) [kworker/3:1-ata_sff] (root,0,0,00:00:01/04:39:26,29790) [kworker/2:2-cgroup_destroy] (postfix,24244,8256,00:00:00/03:10,30941) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-01 23:49 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363280bfcd8Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:44/19-13:00:14,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-13:00:14,2) [kthreadd] (root,0,0,00:00:00/19-13:00:14,3) [rcu_gp] (root,0,0,00:00:00/19-13:00:14,4) [rcu_par_gp] (root,0,0,00:00:00/19-13:00:14,5) [slub_flushwq] (root,0,0,00:00:00/19-13:00:14,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-13:00:14,9) [mm_percpu_wq] (root,0,0,00:00:00/19-13:00:14,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-13:00:14,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-13:00:14,12) [rcu_tasks_trace] (root,0,0,00:00:38/19-13:00:14,13) [ksoftirqd/0] (root,0,0,00:57:22/19-13:00:14,14) [rcu_preempt] (root,0,0,00:00:07/19-13:00:14,15) [migration/0] (root,0,0,00:00:00/19-13:00:14,16) [idle_inject/0] (root,0,0,00:00:00/19-13:00:14,18) [cpuhp/0] (root,0,0,00:00:00/19-13:00:14,19) [cpuhp/1] (root,0,0,00:00:00/19-13:00:14,20) [idle_inject/1] (root,0,0,00:00:07/19-13:00:14,21) [migration/1] (root,0,0,00:00:31/19-13:00:14,22) [ksoftirqd/1] (root,0,0,00:00:00/19-13:00:14,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-13:00:14,25) [cpuhp/2] (root,0,0,00:00:00/19-13:00:14,26) [idle_inject/2] (root,0,0,00:00:05/19-13:00:14,27) [migration/2] (root,0,0,00:39:20/19-13:00:14,28) [ksoftirqd/2] (root,0,0,00:00:00/19-13:00:14,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-13:00:14,31) [cpuhp/3] (root,0,0,00:00:00/19-13:00:14,32) [idle_inject/3] (root,0,0,00:00:07/19-13:00:14,33) [migration/3] (root,0,0,00:01:59/19-13:00:14,34) [ksoftirqd/3] (root,0,0,00:00:00/19-13:00:14,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-13:00:14,40) [kdevtmpfs] (root,0,0,00:00:00/19-13:00:14,41) [netns] (root,0,0,00:00:00/19-13:00:14,42) [inet_frag_wq] (root,0,0,00:00:05/19-13:00:14,43) [kauditd] (root,0,0,00:00:00/19-13:00:14,44) [khungtaskd] (root,0,0,00:00:00/19-13:00:14,45) [oom_reaper] (root,0,0,00:00:00/19-13:00:14,46) [writeback] (root,0,0,00:01:02/19-13:00:14,47) [kcompactd0] (root,0,0,00:00:00/19-13:00:14,48) [ksmd] (root,0,0,00:01:03/19-13:00:14,49) [khugepaged] (root,0,0,00:00:00/19-13:00:14,75) [kintegrityd] (root,0,0,00:00:00/19-13:00:14,76) [kblockd] (root,0,0,00:00:00/19-13:00:14,77) [blkcg_punt_bio] (root,0,0,00:00:00/19-13:00:14,79) [tpm_dev_wq] (root,0,0,00:00:00/19-13:00:14,80) [edac-poller] (root,0,0,00:00:00/19-13:00:14,81) [devfreq_wq] (root,0,0,00:00:00/19-13:00:14,110) [watchdogd] (root,0,0,00:00:01/19-13:00:14,111) [kswapd0] (root,0,0,00:00:05/19-13:00:14,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/19-13:00:12,115) [kthrotld] (root,0,0,00:00:00/19-13:00:12,116) [mld] (root,0,0,00:00:00/19-13:00:12,117) [ipv6_addrconf] (root,0,0,00:00:05/19-13:00:12,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-13:00:12,123) [kstrp] (root,0,0,00:00:00/19-13:00:12,124) [zswap-shrink] (root,0,0,00:00:00/19-13:00:12,125) [kworker/u9:0] (root,0,0,00:00:00/19-13:00:12,130) [charger_manager] (root,0,0,00:00:06/19-13:00:12,172) [kworker/1:1H-kblockd] (root,0,0,00:00:09/19-13:00:12,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/19-13:00:11,239) [kaluad] (root,0,0,00:00:00/19-13:00:11,258) [kmpath_rdacd] (root,0,0,00:00:00/19-13:00:11,304) [kmpathd] (root,0,0,00:00:00/19-13:00:11,305) [kmpath_handlerd] (root,0,0,00:00:00/19-13:00:10,342) [ata_sff] (root,0,0,00:00:00/19-13:00:10,343) [scsi_eh_0] (root,0,0,00:00:00/19-13:00:10,344) [scsi_tmf_0] (root,0,0,00:00:00/19-13:00:10,345) [scsi_eh_1] (root,0,0,00:00:00/19-13:00:10,346) [scsi_tmf_1] (root,0,0,00:00:39/19-13:00:07,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-13:00:07,367) [ext4-rsv-conver] (root,38604,7616,00:00:25/19-12:59:55,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/19-12:59:54,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:31/19-12:59:52,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:08/19-12:59:21,511) /sbin/auditd (messagebus,22932,5912,00:00:45/19-12:59:20,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:26/19-12:59:20,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/19-12:59:20,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/19-12:59:18,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/19-12:59:18,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:23/19-12:59:04,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/19-12:59:04,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:05/19-12:59:04,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/19-12:59:04,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/19-12:59:04,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/19-12:59:04,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/19-12:59:04,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:25/19-12:59:04,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:49/19-12:59:04,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/19-12:59:04,1352) bpfilter_umh (root,26204,8212,00:00:07/19-12:59:04,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/19-12:59:04,1359) ntpd: asynchronous dns resolver (spot,314044,199560,1-07:07:02/19-12:59:03,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/19-12:59:03,1371) (sd-pam) (checkmk,48528,3192,00:00:00/19-12:59:03,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/19-12:59:03,1373) (sd-pam) (root,24216,5268,00:00:06/19-12:59:01,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/19-12:59:01,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/19-12:59:01,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/19-12:58:58,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:10/19-12:58:57,1527) sshd: syslogtunnel (root,618656,71492,00:26:56/19-12:58:55,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,215488,53708,00:11:20/19-12:58:43,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/13-18:34:18,2557) tlsmgr -l -t unix -u (root,6656,3492,00:00:00/00:00,2738) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,2758) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,2759) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10108,00:00:00/19-12:58:18,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:05/19-12:58:18,3218) sshd: cm-ssh (root,0,0,00:00:00/52:56,4244) [kworker/0:0-events] (root,0,0,00:00:00/07:15,5008) [kworker/u8:1] (root,0,0,00:00:00/34:13,7171) [kworker/3:2-events] (root,0,0,00:00:00/50:32,10508) [kworker/2:2-events] (root,0,0,00:00:01/03:10:58,12961) [kworker/2:0-events] (root,0,0,00:00:00/13:06,16908) [kworker/0:2-events] (root,0,0,00:00:00/13:05,16909) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/01:48:25,17258) [kworker/1:0-events] (postfix,24244,8296,00:00:00/23:26,18563) pickup -l -t fifo -u (root,0,0,00:00:00/03:04,21706) [kworker/3:1-ata_sff] (root,0,0,00:00:00/10:29,29017) [kworker/1:1] (root,0,0,00:00:00/08:16,32535) [kworker/3:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-29 23:48 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d78fbdfbFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:33/17-12:59:33,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-12:59:33,2) [kthreadd] (root,0,0,00:00:00/17-12:59:33,3) [rcu_gp] (root,0,0,00:00:00/17-12:59:33,4) [rcu_par_gp] (root,0,0,00:00:00/17-12:59:33,5) [slub_flushwq] (root,0,0,00:00:00/17-12:59:33,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-12:59:33,9) [mm_percpu_wq] (root,0,0,00:00:00/17-12:59:33,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-12:59:33,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-12:59:33,12) [rcu_tasks_trace] (root,0,0,00:00:33/17-12:59:33,13) [ksoftirqd/0] (root,0,0,00:50:24/17-12:59:33,14) [rcu_preempt] (root,0,0,00:00:06/17-12:59:33,15) [migration/0] (root,0,0,00:00:00/17-12:59:33,16) [idle_inject/0] (root,0,0,00:00:00/17-12:59:33,18) [cpuhp/0] (root,0,0,00:00:00/17-12:59:33,19) [cpuhp/1] (root,0,0,00:00:00/17-12:59:33,20) [idle_inject/1] (root,0,0,00:00:06/17-12:59:33,21) [migration/1] (root,0,0,00:00:27/17-12:59:33,22) [ksoftirqd/1] (root,0,0,00:00:00/17-12:59:33,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-12:59:33,25) [cpuhp/2] (root,0,0,00:00:00/17-12:59:33,26) [idle_inject/2] (root,0,0,00:00:05/17-12:59:33,27) [migration/2] (root,0,0,00:33:48/17-12:59:33,28) [ksoftirqd/2] (root,0,0,00:00:00/17-12:59:33,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-12:59:33,31) [cpuhp/3] (root,0,0,00:00:00/17-12:59:33,32) [idle_inject/3] (root,0,0,00:00:06/17-12:59:33,33) [migration/3] (root,0,0,00:01:41/17-12:59:33,34) [ksoftirqd/3] (root,0,0,00:00:00/17-12:59:33,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-12:59:33,40) [kdevtmpfs] (root,0,0,00:00:00/17-12:59:33,41) [netns] (root,0,0,00:00:00/17-12:59:33,42) [inet_frag_wq] (root,0,0,00:00:03/17-12:59:33,43) [kauditd] (root,0,0,00:00:00/17-12:59:33,44) [khungtaskd] (root,0,0,00:00:00/17-12:59:33,45) [oom_reaper] (root,0,0,00:00:00/17-12:59:33,46) [writeback] (root,0,0,00:00:55/17-12:59:33,47) [kcompactd0] (root,0,0,00:00:00/17-12:59:33,48) [ksmd] (root,0,0,00:00:56/17-12:59:33,49) [khugepaged] (root,0,0,00:00:00/17-12:59:33,75) [kintegrityd] (root,0,0,00:00:00/17-12:59:33,76) [kblockd] (root,0,0,00:00:00/17-12:59:33,77) [blkcg_punt_bio] (root,0,0,00:00:00/17-12:59:33,79) [tpm_dev_wq] (root,0,0,00:00:00/17-12:59:33,80) [edac-poller] (root,0,0,00:00:00/17-12:59:33,81) [devfreq_wq] (root,0,0,00:00:00/17-12:59:33,110) [watchdogd] (root,0,0,00:00:01/17-12:59:33,111) [kswapd0] (root,0,0,00:00:04/17-12:59:33,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/17-12:59:31,115) [kthrotld] (root,0,0,00:00:00/17-12:59:31,116) [mld] (root,0,0,00:00:00/17-12:59:31,117) [ipv6_addrconf] (root,0,0,00:00:04/17-12:59:31,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-12:59:31,123) [kstrp] (root,0,0,00:00:00/17-12:59:31,124) [zswap-shrink] (root,0,0,00:00:00/17-12:59:31,125) [kworker/u9:0] (root,0,0,00:00:00/17-12:59:31,130) [charger_manager] (root,0,0,00:00:05/17-12:59:31,172) [kworker/1:1H-kblockd] (root,0,0,00:00:08/17-12:59:31,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/17-12:59:30,239) [kaluad] (root,0,0,00:00:00/17-12:59:30,258) [kmpath_rdacd] (root,0,0,00:00:00/17-12:59:30,304) [kmpathd] (root,0,0,00:00:00/17-12:59:30,305) [kmpath_handlerd] (root,0,0,00:00:00/17-12:59:29,342) [ata_sff] (root,0,0,00:00:00/17-12:59:29,343) [scsi_eh_0] (root,0,0,00:00:00/17-12:59:29,344) [scsi_tmf_0] (root,0,0,00:00:00/17-12:59:29,345) [scsi_eh_1] (root,0,0,00:00:00/17-12:59:29,346) [scsi_tmf_1] (root,0,0,00:00:34/17-12:59:26,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-12:59:26,367) [ext4-rsv-conver] (root,38604,7616,00:00:19/17-12:59:14,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/17-12:59:13,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:27/17-12:59:11,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:06/17-12:58:40,511) /sbin/auditd (messagebus,22932,5912,00:00:32/17-12:58:39,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:18/17-12:58:39,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/17-12:58:39,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/17-12:58:37,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/17-12:58:37,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:20/17-12:58:23,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/17-12:58:23,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:51/17-12:58:23,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/17-12:58:23,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/17-12:58:23,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/17-12:58:23,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/17-12:58:23,1343) /usr/lib/systemd/systemd --user (root,448964,9120,00:00:19/17-12:58:23,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:30/17-12:58:23,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/17-12:58:23,1352) bpfilter_umh (root,26204,8212,00:00:04/17-12:58:23,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/17-12:58:23,1359) ntpd: asynchronous dns resolver (spot,315516,199928,1-03:05:27/17-12:58:22,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/17-12:58:22,1371) (sd-pam) (checkmk,48528,3192,00:00:00/17-12:58:22,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/17-12:58:22,1373) (sd-pam) (root,24216,5268,00:00:06/17-12:58:20,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/17-12:58:20,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/17-12:58:20,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/17-12:58:17,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:01/17-12:58:16,1527) sshd: syslogtunnel (root,618256,73120,00:23:58/17-12:58:14,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/18:49,1721) [kworker/3:1-events] (spot,214464,51672,00:10:02/17-12:58:02,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/11-18:33:37,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/10:39,2711) [kworker/2:1-cgroup_destroy] (root,35308,10108,00:00:00/17-12:57:37,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:57/17-12:57:37,3218) sshd: cm-ssh (root,0,0,00:00:00/18:12,3936) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/27:33,6092) [kworker/0:2-events] (root,0,0,00:00:00/16:59,9322) [kworker/0:1] (root,6656,3484,00:00:00/00:00,10622) /bin/bash /usr/bin/check_mk_agent (root,13744,3424,00:00:00/00:00,10640) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,10641) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/08:26,13680) [kworker/3:0-ata_sff] (root,0,0,00:00:00/36:02,15869) [kworker/1:1] (root,0,0,00:00:00/57:55,17782) [kworker/1:2-mm_percpu_wq] (root,0,0,00:00:01/03:20:07,19474) [kworker/2:0-events] (root,0,0,00:00:00/01:06:17,21562) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/04:04,26111) [kworker/2:2-events] (root,0,0,00:00:00/03:15,27757) [kworker/3:2-ata_sff] (root,0,0,00:00:00/03:12,27758) [kworker/u8:1-flush-253:0] (postfix,24244,8224,00:00:00/44:42,29850) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-27 23:48 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683638a6691e4Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:23/15-13:06:13,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-13:06:13,2) [kthreadd] (root,0,0,00:00:00/15-13:06:13,3) [rcu_gp] (root,0,0,00:00:00/15-13:06:13,4) [rcu_par_gp] (root,0,0,00:00:00/15-13:06:13,5) [slub_flushwq] (root,0,0,00:00:00/15-13:06:13,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-13:06:13,9) [mm_percpu_wq] (root,0,0,00:00:00/15-13:06:13,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-13:06:13,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-13:06:13,12) [rcu_tasks_trace] (root,0,0,00:00:28/15-13:06:13,13) [ksoftirqd/0] (root,0,0,00:43:36/15-13:06:13,14) [rcu_preempt] (root,0,0,00:00:05/15-13:06:13,15) [migration/0] (root,0,0,00:00:00/15-13:06:13,16) [idle_inject/0] (root,0,0,00:00:00/15-13:06:13,18) [cpuhp/0] (root,0,0,00:00:00/15-13:06:13,19) [cpuhp/1] (root,0,0,00:00:00/15-13:06:13,20) [idle_inject/1] (root,0,0,00:00:06/15-13:06:13,21) [migration/1] (root,0,0,00:00:23/15-13:06:13,22) [ksoftirqd/1] (root,0,0,00:00:00/15-13:06:13,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-13:06:13,25) [cpuhp/2] (root,0,0,00:00:00/15-13:06:13,26) [idle_inject/2] (root,0,0,00:00:04/15-13:06:13,27) [migration/2] (root,0,0,00:28:32/15-13:06:13,28) [ksoftirqd/2] (root,0,0,00:00:00/15-13:06:13,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-13:06:13,31) [cpuhp/3] (root,0,0,00:00:00/15-13:06:13,32) [idle_inject/3] (root,0,0,00:00:05/15-13:06:13,33) [migration/3] (root,0,0,00:01:24/15-13:06:13,34) [ksoftirqd/3] (root,0,0,00:00:00/15-13:06:13,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-13:06:13,40) [kdevtmpfs] (root,0,0,00:00:00/15-13:06:13,41) [netns] (root,0,0,00:00:00/15-13:06:13,42) [inet_frag_wq] (root,0,0,00:00:01/15-13:06:13,43) [kauditd] (root,0,0,00:00:00/15-13:06:13,44) [khungtaskd] (root,0,0,00:00:00/15-13:06:13,45) [oom_reaper] (root,0,0,00:00:00/15-13:06:13,46) [writeback] (root,0,0,00:00:48/15-13:06:13,47) [kcompactd0] (root,0,0,00:00:00/15-13:06:13,48) [ksmd] (root,0,0,00:00:50/15-13:06:13,49) [khugepaged] (root,0,0,00:00:00/15-13:06:13,75) [kintegrityd] (root,0,0,00:00:00/15-13:06:13,76) [kblockd] (root,0,0,00:00:00/15-13:06:13,77) [blkcg_punt_bio] (root,0,0,00:00:00/15-13:06:13,79) [tpm_dev_wq] (root,0,0,00:00:00/15-13:06:13,80) [edac-poller] (root,0,0,00:00:00/15-13:06:13,81) [devfreq_wq] (root,0,0,00:00:00/15-13:06:13,110) [watchdogd] (root,0,0,00:00:01/15-13:06:13,111) [kswapd0] (root,0,0,00:00:04/15-13:06:13,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/15-13:06:11,115) [kthrotld] (root,0,0,00:00:00/15-13:06:11,116) [mld] (root,0,0,00:00:00/15-13:06:11,117) [ipv6_addrconf] (root,0,0,00:00:04/15-13:06:11,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-13:06:11,123) [kstrp] (root,0,0,00:00:00/15-13:06:11,124) [zswap-shrink] (root,0,0,00:00:00/15-13:06:11,125) [kworker/u9:0] (root,0,0,00:00:00/15-13:06:11,130) [charger_manager] (root,0,0,00:00:04/15-13:06:11,172) [kworker/1:1H-kblockd] (root,0,0,00:00:06/15-13:06:11,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/15-13:06:10,239) [kaluad] (root,0,0,00:00:00/15-13:06:10,258) [kmpath_rdacd] (root,0,0,00:00:00/15-13:06:10,304) [kmpathd] (root,0,0,00:00:00/15-13:06:10,305) [kmpath_handlerd] (root,0,0,00:00:00/15-13:06:09,342) [ata_sff] (root,0,0,00:00:00/15-13:06:09,343) [scsi_eh_0] (root,0,0,00:00:00/15-13:06:09,344) [scsi_tmf_0] (root,0,0,00:00:00/15-13:06:09,345) [scsi_eh_1] (root,0,0,00:00:00/15-13:06:09,346) [scsi_tmf_1] (root,0,0,00:00:29/15-13:06:06,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-13:06:06,367) [ext4-rsv-conver] (root,38604,7616,00:00:14/15-13:05:54,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/15-13:05:53,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:24/15-13:05:51,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:04/15-13:05:20,511) /sbin/auditd (messagebus,22932,5912,00:00:19/15-13:05:19,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:12/15-13:05:19,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/15-13:05:19,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/15-13:05:17,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/15-13:05:17,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26432,00:00:18/15-13:05:03,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/15-13:05:03,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:38/15-13:05:03,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/15-13:05:03,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/15-13:05:03,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/15-13:05:03,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/15-13:05:03,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:14/15-13:05:03,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:12/15-13:05:03,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/15-13:05:03,1352) bpfilter_umh (root,26204,8212,00:00:03/15-13:05:03,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/15-13:05:03,1359) ntpd: asynchronous dns resolver (spot,314284,199620,22:24:00/15-13:05:02,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/15-13:05:02,1371) (sd-pam) (checkmk,48528,3192,00:00:00/15-13:05:02,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/15-13:05:02,1373) (sd-pam) (root,24216,5268,00:00:05/15-13:05:00,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/15-13:05:00,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/15-13:05:00,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/15-13:04:57,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:53/15-13:04:56,1527) sshd: syslogtunnel (root,617868,72916,00:21:05/15-13:04:54,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,213440,49872,00:08:45/15-13:04:42,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/02:22:58,2076) [kworker/2:0-events] (postfix,44628,9336,00:00:00/9-18:40:17,2557) tlsmgr -l -t unix -u (root,0,0,00:00:02/05:29:50,2845) [kworker/0:2-events] (root,35308,10108,00:00:00/15-13:04:17,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:50/15-13:04:17,3218) sshd: cm-ssh (root,0,0,00:00:00/34:17,3630) [kworker/2:1-events] (root,0,0,00:00:00/05:19,8737) [kworker/3:2-ata_sff] (root,0,0,00:00:00/02:09:27,9961) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:53:49,11304) [kworker/1:1-events] (root,0,0,00:00:00/57:04,15580) [kworker/1:0] (root,0,0,00:00:00/09:13:20,21313) [kworker/0:0-events] (root,0,0,00:00:00/10:29,22803) [kworker/3:1-events] (root,0,0,00:00:00/01:23:49,26431) [kworker/u8:1-flush-253:0] (postfix,24244,8212,00:00:00/01:13:12,28252) pickup -l -t fifo -u (root,0,0,00:00:00/00:06,31733) [kworker/3:0-ata_sff] (root,6656,3480,00:00:00/00:00,31868) /bin/bash /usr/bin/check_mk_agent (root,13744,3388,00:00:00/00:00,31886) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,31887) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-25 23:54 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363db233ed9Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:20/13-13:11:21,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-13:11:21,2) [kthreadd] (root,0,0,00:00:00/13-13:11:21,3) [rcu_gp] (root,0,0,00:00:00/13-13:11:21,4) [rcu_par_gp] (root,0,0,00:00:00/13-13:11:21,5) [slub_flushwq] (root,0,0,00:00:00/13-13:11:21,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-13:11:21,9) [mm_percpu_wq] (root,0,0,00:00:00/13-13:11:21,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-13:11:21,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-13:11:21,12) [rcu_tasks_trace] (root,0,0,00:00:24/13-13:11:21,13) [ksoftirqd/0] (root,0,0,00:37:20/13-13:11:21,14) [rcu_preempt] (root,0,0,00:00:05/13-13:11:21,15) [migration/0] (root,0,0,00:00:00/13-13:11:21,16) [idle_inject/0] (root,0,0,00:00:00/13-13:11:21,18) [cpuhp/0] (root,0,0,00:00:00/13-13:11:21,19) [cpuhp/1] (root,0,0,00:00:00/13-13:11:21,20) [idle_inject/1] (root,0,0,00:00:05/13-13:11:21,21) [migration/1] (root,0,0,00:00:20/13-13:11:21,22) [ksoftirqd/1] (root,0,0,00:00:00/13-13:11:21,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-13:11:21,25) [cpuhp/2] (root,0,0,00:00:00/13-13:11:21,26) [idle_inject/2] (root,0,0,00:00:03/13-13:11:21,27) [migration/2] (root,0,0,00:24:40/13-13:11:21,28) [ksoftirqd/2] (root,0,0,00:00:00/13-13:11:21,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-13:11:21,31) [cpuhp/3] (root,0,0,00:00:00/13-13:11:21,32) [idle_inject/3] (root,0,0,00:00:05/13-13:11:21,33) [migration/3] (root,0,0,00:01:11/13-13:11:21,34) [ksoftirqd/3] (root,0,0,00:00:00/13-13:11:21,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-13:11:21,40) [kdevtmpfs] (root,0,0,00:00:00/13-13:11:21,41) [netns] (root,0,0,00:00:00/13-13:11:21,42) [inet_frag_wq] (root,0,0,00:00:01/13-13:11:21,43) [kauditd] (root,0,0,00:00:00/13-13:11:21,44) [khungtaskd] (root,0,0,00:00:00/13-13:11:21,45) [oom_reaper] (root,0,0,00:00:00/13-13:11:21,46) [writeback] (root,0,0,00:00:41/13-13:11:21,47) [kcompactd0] (root,0,0,00:00:00/13-13:11:21,48) [ksmd] (root,0,0,00:00:44/13-13:11:21,49) [khugepaged] (root,0,0,00:00:00/13-13:11:21,75) [kintegrityd] (root,0,0,00:00:00/13-13:11:21,76) [kblockd] (root,0,0,00:00:00/13-13:11:21,77) [blkcg_punt_bio] (root,0,0,00:00:00/13-13:11:21,79) [tpm_dev_wq] (root,0,0,00:00:00/13-13:11:21,80) [edac-poller] (root,0,0,00:00:00/13-13:11:21,81) [devfreq_wq] (root,0,0,00:00:00/13-13:11:21,110) [watchdogd] (root,0,0,00:00:01/13-13:11:21,111) [kswapd0] (root,0,0,00:00:03/13-13:11:21,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/13-13:11:19,115) [kthrotld] (root,0,0,00:00:00/13-13:11:19,116) [mld] (root,0,0,00:00:00/13-13:11:19,117) [ipv6_addrconf] (root,0,0,00:00:03/13-13:11:19,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-13:11:19,123) [kstrp] (root,0,0,00:00:00/13-13:11:19,124) [zswap-shrink] (root,0,0,00:00:00/13-13:11:19,125) [kworker/u9:0] (root,0,0,00:00:00/13-13:11:19,130) [charger_manager] (root,0,0,00:00:04/13-13:11:19,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/13-13:11:19,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/13-13:11:18,239) [kaluad] (root,0,0,00:00:00/13-13:11:18,258) [kmpath_rdacd] (root,0,0,00:00:00/13-13:11:18,304) [kmpathd] (root,0,0,00:00:00/13-13:11:18,305) [kmpath_handlerd] (root,0,0,00:00:00/13-13:11:17,342) [ata_sff] (root,0,0,00:00:00/13-13:11:17,343) [scsi_eh_0] (root,0,0,00:00:00/13-13:11:17,344) [scsi_tmf_0] (root,0,0,00:00:00/13-13:11:17,345) [scsi_eh_1] (root,0,0,00:00:00/13-13:11:17,346) [scsi_tmf_1] (root,0,0,00:00:25/13-13:11:14,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-13:11:14,367) [ext4-rsv-conver] (root,38604,7616,00:00:12/13-13:11:02,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/13-13:11:01,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:21/13-13:10:59,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/13-13:10:28,511) /sbin/auditd (messagebus,22932,5912,00:00:16/13-13:10:27,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:10/13-13:10:27,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/13-13:10:27,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/13-13:10:25,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/13-13:10:25,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26172,00:00:15/13-13:10:11,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/13-13:10:11,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:25/13-13:10:11,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/13-13:10:11,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/13-13:10:11,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/13-13:10:11,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/13-13:10:11,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:13/13-13:10:11,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:54/13-13:10:11,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/13-13:10:11,1352) bpfilter_umh (root,26204,8212,00:00:02/13-13:10:11,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/13-13:10:11,1359) ntpd: asynchronous dns resolver (spot,304732,189540,18:44:29/13-13:10:10,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/13-13:10:10,1371) (sd-pam) (checkmk,48528,3192,00:00:00/13-13:10:10,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/13-13:10:10,1373) (sd-pam) (root,24216,5268,00:00:04/13-13:10:08,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/13-13:10:08,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/13-13:10:08,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/13-13:10:05,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:46/13-13:10:04,1527) sshd: syslogtunnel (root,617868,72668,00:18:15/13-13:10:02,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,48324,00:07:30/13-13:09:50,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/7-18:45:25,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/13-13:09:25,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:43/13-13:09:25,3218) sshd: cm-ssh (root,0,0,00:00:00/01:53:03,5639) [kworker/2:2-cgroup_destroy] (postfix,24244,8244,00:00:00/00:14,7772) pickup -l -t fifo -u (root,6656,3484,00:00:00/00:00,8634) /bin/bash /usr/bin/check_mk_agent (root,0,0,00:00:00/00:00,8675) [check_mk_agent] (root,6656,3480,00:00:00/00:00,8680) /bin/bash /usr/bin/check_mk_agent (root,13744,3424,00:00:00/00:00,8698) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,8699) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/26:45,14597) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:01/02:17:36,14919) [kworker/1:0-events] (root,0,0,00:00:00/41:03,15998) [kworker/3:2-events] (root,0,0,00:00:00/03:06:14,16390) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/04:43,16790) [kworker/3:1-ata_sff] (root,0,0,00:00:00/02:05:27,21914) [kworker/1:1-cgroup_destroy] (root,0,0,00:00:00/49:33,22455) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/09:56,22599) [kworker/3:0-ata_sff] (root,0,0,00:00:01/02:54:35,25621) [kworker/2:0-events] (root,0,0,00:00:00/01:28:47,29874) [kworker/0:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-24 00:00 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363de8d4d7dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:18/11-12:57:31,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-12:57:31,2) [kthreadd] (root,0,0,00:00:00/11-12:57:31,3) [rcu_gp] (root,0,0,00:00:00/11-12:57:31,4) [rcu_par_gp] (root,0,0,00:00:00/11-12:57:31,5) [slub_flushwq] (root,0,0,00:00:00/11-12:57:31,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-12:57:31,9) [mm_percpu_wq] (root,0,0,00:00:00/11-12:57:31,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-12:57:31,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-12:57:31,12) [rcu_tasks_trace] (root,0,0,00:00:20/11-12:57:31,13) [ksoftirqd/0] (root,0,0,00:31:43/11-12:57:31,14) [rcu_preempt] (root,0,0,00:00:04/11-12:57:31,15) [migration/0] (root,0,0,00:00:00/11-12:57:31,16) [idle_inject/0] (root,0,0,00:00:00/11-12:57:31,18) [cpuhp/0] (root,0,0,00:00:00/11-12:57:31,19) [cpuhp/1] (root,0,0,00:00:00/11-12:57:31,20) [idle_inject/1] (root,0,0,00:00:04/11-12:57:31,21) [migration/1] (root,0,0,00:00:17/11-12:57:31,22) [ksoftirqd/1] (root,0,0,00:00:00/11-12:57:31,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-12:57:31,25) [cpuhp/2] (root,0,0,00:00:00/11-12:57:31,26) [idle_inject/2] (root,0,0,00:00:03/11-12:57:31,27) [migration/2] (root,0,0,00:21:11/11-12:57:31,28) [ksoftirqd/2] (root,0,0,00:00:00/11-12:57:31,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-12:57:31,31) [cpuhp/3] (root,0,0,00:00:00/11-12:57:31,32) [idle_inject/3] (root,0,0,00:00:04/11-12:57:31,33) [migration/3] (root,0,0,00:01:01/11-12:57:31,34) [ksoftirqd/3] (root,0,0,00:00:00/11-12:57:31,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-12:57:31,40) [kdevtmpfs] (root,0,0,00:00:00/11-12:57:31,41) [netns] (root,0,0,00:00:00/11-12:57:31,42) [inet_frag_wq] (root,0,0,00:00:01/11-12:57:31,43) [kauditd] (root,0,0,00:00:00/11-12:57:31,44) [khungtaskd] (root,0,0,00:00:00/11-12:57:31,45) [oom_reaper] (root,0,0,00:00:00/11-12:57:31,46) [writeback] (root,0,0,00:00:34/11-12:57:31,47) [kcompactd0] (root,0,0,00:00:00/11-12:57:31,48) [ksmd] (root,0,0,00:00:37/11-12:57:31,49) [khugepaged] (root,0,0,00:00:00/11-12:57:31,75) [kintegrityd] (root,0,0,00:00:00/11-12:57:31,76) [kblockd] (root,0,0,00:00:00/11-12:57:31,77) [blkcg_punt_bio] (root,0,0,00:00:00/11-12:57:31,79) [tpm_dev_wq] (root,0,0,00:00:00/11-12:57:31,80) [edac-poller] (root,0,0,00:00:00/11-12:57:31,81) [devfreq_wq] (root,0,0,00:00:00/11-12:57:31,110) [watchdogd] (root,0,0,00:00:00/11-12:57:31,111) [kswapd0] (root,0,0,00:00:02/11-12:57:31,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-12:57:29,115) [kthrotld] (root,0,0,00:00:00/11-12:57:29,116) [mld] (root,0,0,00:00:00/11-12:57:29,117) [ipv6_addrconf] (root,0,0,00:00:03/11-12:57:29,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-12:57:29,123) [kstrp] (root,0,0,00:00:00/11-12:57:29,124) [zswap-shrink] (root,0,0,00:00:00/11-12:57:29,125) [kworker/u9:0] (root,0,0,00:00:00/11-12:57:29,130) [charger_manager] (root,0,0,00:00:03/11-12:57:29,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/11-12:57:29,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/11-12:57:28,239) [kaluad] (root,0,0,00:00:00/11-12:57:28,258) [kmpath_rdacd] (root,0,0,00:00:00/11-12:57:28,304) [kmpathd] (root,0,0,00:00:00/11-12:57:28,305) [kmpath_handlerd] (root,0,0,00:00:00/11-12:57:27,342) [ata_sff] (root,0,0,00:00:00/11-12:57:27,343) [scsi_eh_0] (root,0,0,00:00:00/11-12:57:27,344) [scsi_tmf_0] (root,0,0,00:00:00/11-12:57:27,345) [scsi_eh_1] (root,0,0,00:00:00/11-12:57:27,346) [scsi_tmf_1] (root,0,0,00:00:21/11-12:57:24,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-12:57:24,367) [ext4-rsv-conver] (root,38604,7616,00:00:10/11-12:57:12,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/11-12:57:11,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:17/11-12:57:09,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/11-12:56:38,511) /sbin/auditd (messagebus,22932,5912,00:00:14/11-12:56:37,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8380,00:00:08/11-12:56:37,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/11-12:56:37,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/11-12:56:35,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/11-12:56:35,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25104,00:00:13/11-12:56:21,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/11-12:56:21,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:13/11-12:56:21,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/11-12:56:21,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/11-12:56:21,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/11-12:56:21,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/11-12:56:21,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:11/11-12:56:21,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:38/11-12:56:21,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/11-12:56:21,1352) bpfilter_umh (root,26204,8212,00:00:02/11-12:56:21,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/11-12:56:21,1359) ntpd: asynchronous dns resolver (spot,292540,178996,15:32:10/11-12:56:20,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/11-12:56:20,1371) (sd-pam) (checkmk,48528,3192,00:00:00/11-12:56:20,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/11-12:56:20,1373) (sd-pam) (root,24216,5268,00:00:03/11-12:56:18,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/11-12:56:18,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/11-12:56:18,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/11-12:56:15,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:39/11-12:56:14,1527) sshd: syslogtunnel (root,617612,70248,00:15:31/11-12:56:12,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,211392,47288,00:06:19/11-12:56:00,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/5-18:31:35,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/11-12:55:35,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:37/11-12:55:35,3218) sshd: cm-ssh (root,0,0,00:00:00/01:20,4682) [kworker/3:0-ata_sff] (root,0,0,00:00:00/50:43,5235) [kworker/2:2-events] (root,0,0,00:00:03/23:06:04,7785) [kworker/2:1-events] (root,6656,3492,00:00:00/00:00,11282) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,11302) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,11330) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,11332) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,6656,2016,00:00:00/00:00,11333) /bin/bash /usr/bin/check_mk_agent (postfix,24244,8284,00:00:00/07:17,12836) pickup -l -t fifo -u (root,0,0,00:00:00/30:10,14236) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/06:30,17823) [kworker/3:2-ata_sff] (root,0,0,00:00:00/05:54:38,19628) [kworker/0:1-events] (root,0,0,00:00:00/05:30:11,20763) [kworker/1:0-events] (root,0,0,00:00:00/01:15:42,24598) [kworker/u8:1-flush-253:0] (root,0,0,00:00:01/04:29:54,28099) [kworker/1:2-events] (root,0,0,00:00:00/01:03:34,28318) [kworker/3:1-events] (root,0,0,00:00:01/04:05:45,29792) [kworker/0:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-21 23:46 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836344018175Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:15/9-12:53:13,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-12:53:13,2) [kthreadd] (root,0,0,00:00:00/9-12:53:13,3) [rcu_gp] (root,0,0,00:00:00/9-12:53:13,4) [rcu_par_gp] (root,0,0,00:00:00/9-12:53:13,5) [slub_flushwq] (root,0,0,00:00:00/9-12:53:13,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-12:53:13,9) [mm_percpu_wq] (root,0,0,00:00:00/9-12:53:13,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-12:53:13,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-12:53:13,12) [rcu_tasks_trace] (root,0,0,00:00:17/9-12:53:13,13) [ksoftirqd/0] (root,0,0,00:25:56/9-12:53:13,14) [rcu_preempt] (root,0,0,00:00:03/9-12:53:13,15) [migration/0] (root,0,0,00:00:00/9-12:53:13,16) [idle_inject/0] (root,0,0,00:00:00/9-12:53:13,18) [cpuhp/0] (root,0,0,00:00:00/9-12:53:13,19) [cpuhp/1] (root,0,0,00:00:00/9-12:53:13,20) [idle_inject/1] (root,0,0,00:00:03/9-12:53:13,21) [migration/1] (root,0,0,00:00:14/9-12:53:13,22) [ksoftirqd/1] (root,0,0,00:00:00/9-12:53:13,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-12:53:13,25) [cpuhp/2] (root,0,0,00:00:00/9-12:53:13,26) [idle_inject/2] (root,0,0,00:00:02/9-12:53:13,27) [migration/2] (root,0,0,00:17:34/9-12:53:13,28) [ksoftirqd/2] (root,0,0,00:00:00/9-12:53:13,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-12:53:13,31) [cpuhp/3] (root,0,0,00:00:00/9-12:53:13,32) [idle_inject/3] (root,0,0,00:00:03/9-12:53:13,33) [migration/3] (root,0,0,00:00:50/9-12:53:13,34) [ksoftirqd/3] (root,0,0,00:00:00/9-12:53:13,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-12:53:13,40) [kdevtmpfs] (root,0,0,00:00:00/9-12:53:13,41) [netns] (root,0,0,00:00:00/9-12:53:13,42) [inet_frag_wq] (root,0,0,00:00:01/9-12:53:13,43) [kauditd] (root,0,0,00:00:00/9-12:53:13,44) [khungtaskd] (root,0,0,00:00:00/9-12:53:13,45) [oom_reaper] (root,0,0,00:00:00/9-12:53:13,46) [writeback] (root,0,0,00:00:28/9-12:53:13,47) [kcompactd0] (root,0,0,00:00:00/9-12:53:13,48) [ksmd] (root,0,0,00:00:31/9-12:53:13,49) [khugepaged] (root,0,0,00:00:00/9-12:53:13,75) [kintegrityd] (root,0,0,00:00:00/9-12:53:13,76) [kblockd] (root,0,0,00:00:00/9-12:53:13,77) [blkcg_punt_bio] (root,0,0,00:00:00/9-12:53:13,79) [tpm_dev_wq] (root,0,0,00:00:00/9-12:53:13,80) [edac-poller] (root,0,0,00:00:00/9-12:53:13,81) [devfreq_wq] (root,0,0,00:00:00/9-12:53:13,110) [watchdogd] (root,0,0,00:00:00/9-12:53:13,111) [kswapd0] (root,0,0,00:00:02/9-12:53:13,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-12:53:11,115) [kthrotld] (root,0,0,00:00:00/9-12:53:11,116) [mld] (root,0,0,00:00:00/9-12:53:11,117) [ipv6_addrconf] (root,0,0,00:00:02/9-12:53:11,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-12:53:11,123) [kstrp] (root,0,0,00:00:00/9-12:53:11,124) [zswap-shrink] (root,0,0,00:00:00/9-12:53:11,125) [kworker/u9:0] (root,0,0,00:00:00/9-12:53:11,130) [charger_manager] (root,0,0,00:00:02/9-12:53:11,172) [kworker/1:1H-kblockd] (root,0,0,00:00:04/9-12:53:11,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/9-12:53:10,239) [kaluad] (root,0,0,00:00:00/9-12:53:10,258) [kmpath_rdacd] (root,0,0,00:00:00/9-12:53:10,304) [kmpathd] (root,0,0,00:00:00/9-12:53:10,305) [kmpath_handlerd] (root,0,0,00:00:00/9-12:53:09,342) [ata_sff] (root,0,0,00:00:00/9-12:53:09,343) [scsi_eh_0] (root,0,0,00:00:00/9-12:53:09,344) [scsi_tmf_0] (root,0,0,00:00:00/9-12:53:09,345) [scsi_eh_1] (root,0,0,00:00:00/9-12:53:09,346) [scsi_tmf_1] (root,0,0,00:00:17/9-12:53:06,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-12:53:06,367) [ext4-rsv-conver] (root,38604,7616,00:00:08/9-12:52:54,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/9-12:52:53,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:14/9-12:52:51,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,0,0,00:00:00/04:36,504) [kworker/u8:1-writeback] (root,13476,1652,00:00:02/9-12:52:20,511) /sbin/auditd (messagebus,22932,5912,00:00:12/9-12:52:19,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8368,00:00:07/9-12:52:19,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/9-12:52:19,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/9-12:52:17,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/9-12:52:17,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,24840,00:00:11/9-12:52:03,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/9-12:52:03,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:03/9-12:52:03,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/9-12:52:03,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/9-12:52:03,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/9-12:52:03,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/9-12:52:03,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:09/9-12:52:03,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:20/9-12:52:03,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/9-12:52:03,1352) bpfilter_umh (root,26204,8212,00:00:01/9-12:52:03,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/9-12:52:03,1359) ntpd: asynchronous dns resolver (spot,294208,180276,12:23:16/9-12:52:02,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/9-12:52:02,1371) (sd-pam) (checkmk,48528,3192,00:00:00/9-12:52:02,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/9-12:52:02,1373) (sd-pam) (root,24216,5268,00:00:03/9-12:52:00,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/9-12:52:00,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/9-12:52:00,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/9-12:51:57,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:32/9-12:51:56,1527) sshd: syslogtunnel (root,617356,71960,00:12:46/9-12:51:54,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,210368,46000,00:05:08/9-12:51:42,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/3-18:27:17,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/9-12:51:17,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:30/9-12:51:17,3218) sshd: cm-ssh (root,0,0,00:00:00/01:42:26,4425) [kworker/2:2-events] (root,0,0,00:00:00/02:44:32,9613) [kworker/1:0-events] (root,0,0,00:00:00/03:45:47,11212) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/01:41,11404) [kworker/3:0-events] (root,0,0,00:00:01/01:50:38,12819) [kworker/3:1-ata_sff] (root,0,0,00:00:00/26:27,13984) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/05:11:23,14915) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:01/04:57:50,15893) [kworker/0:0-events] (root,6656,3488,00:00:00/00:00,18316) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,18321) /bin/bash /usr/bin/check_mk_agent (root,13744,3492,00:00:00/00:00,18355) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,18356) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:32:21,20227) [kworker/0:1] (postfix,24244,8200,00:00:00/24:47,21847) pickup -l -t fifo -u (root,0,0,00:00:00/06:54,21983) [kworker/3:2-ata_sff] (root,0,0,00:00:02/08:11:17,26887) [kworker/1:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-19 23:41 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363874f50c1Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:12/7-12:50:18,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-12:50:18,2) [kthreadd] (root,0,0,00:00:00/7-12:50:18,3) [rcu_gp] (root,0,0,00:00:00/7-12:50:18,4) [rcu_par_gp] (root,0,0,00:00:00/7-12:50:18,5) [slub_flushwq] (root,0,0,00:00:00/7-12:50:18,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-12:50:18,9) [mm_percpu_wq] (root,0,0,00:00:00/7-12:50:18,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-12:50:18,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-12:50:18,12) [rcu_tasks_trace] (root,0,0,00:00:13/7-12:50:18,13) [ksoftirqd/0] (root,0,0,00:20:03/7-12:50:18,14) [rcu_preempt] (root,0,0,00:00:02/7-12:50:18,15) [migration/0] (root,0,0,00:00:00/7-12:50:18,16) [idle_inject/0] (root,0,0,00:00:00/7-12:50:18,18) [cpuhp/0] (root,0,0,00:00:00/7-12:50:18,19) [cpuhp/1] (root,0,0,00:00:00/7-12:50:18,20) [idle_inject/1] (root,0,0,00:00:03/7-12:50:18,21) [migration/1] (root,0,0,00:00:11/7-12:50:18,22) [ksoftirqd/1] (root,0,0,00:00:00/7-12:50:18,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-12:50:18,25) [cpuhp/2] (root,0,0,00:00:00/7-12:50:18,26) [idle_inject/2] (root,0,0,00:00:02/7-12:50:18,27) [migration/2] (root,0,0,00:13:19/7-12:50:18,28) [ksoftirqd/2] (root,0,0,00:00:00/7-12:50:18,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-12:50:18,31) [cpuhp/3] (root,0,0,00:00:00/7-12:50:18,32) [idle_inject/3] (root,0,0,00:00:02/7-12:50:18,33) [migration/3] (root,0,0,00:00:37/7-12:50:18,34) [ksoftirqd/3] (root,0,0,00:00:00/7-12:50:18,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-12:50:18,40) [kdevtmpfs] (root,0,0,00:00:00/7-12:50:18,41) [netns] (root,0,0,00:00:00/7-12:50:18,42) [inet_frag_wq] (root,0,0,00:00:00/7-12:50:18,43) [kauditd] (root,0,0,00:00:00/7-12:50:18,44) [khungtaskd] (root,0,0,00:00:00/7-12:50:18,45) [oom_reaper] (root,0,0,00:00:00/7-12:50:18,46) [writeback] (root,0,0,00:00:22/7-12:50:18,47) [kcompactd0] (root,0,0,00:00:00/7-12:50:18,48) [ksmd] (root,0,0,00:00:25/7-12:50:18,49) [khugepaged] (root,0,0,00:00:00/7-12:50:18,75) [kintegrityd] (root,0,0,00:00:00/7-12:50:18,76) [kblockd] (root,0,0,00:00:00/7-12:50:18,77) [blkcg_punt_bio] (root,0,0,00:00:00/7-12:50:18,79) [tpm_dev_wq] (root,0,0,00:00:00/7-12:50:18,80) [edac-poller] (root,0,0,00:00:00/7-12:50:18,81) [devfreq_wq] (root,0,0,00:00:00/7-12:50:18,110) [watchdogd] (root,0,0,00:00:00/7-12:50:18,111) [kswapd0] (root,0,0,00:00:01/7-12:50:18,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-12:50:16,115) [kthrotld] (root,0,0,00:00:00/7-12:50:16,116) [mld] (root,0,0,00:00:00/7-12:50:16,117) [ipv6_addrconf] (root,0,0,00:00:01/7-12:50:16,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-12:50:16,123) [kstrp] (root,0,0,00:00:00/7-12:50:16,124) [zswap-shrink] (root,0,0,00:00:00/7-12:50:16,125) [kworker/u9:0] (root,0,0,00:00:00/7-12:50:16,130) [charger_manager] (root,0,0,00:00:02/7-12:50:16,172) [kworker/1:1H-kblockd] (root,0,0,00:00:03/7-12:50:16,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/7-12:50:15,239) [kaluad] (root,0,0,00:00:00/7-12:50:15,258) [kmpath_rdacd] (root,0,0,00:00:00/7-12:50:15,304) [kmpathd] (root,0,0,00:00:00/7-12:50:15,305) [kmpath_handlerd] (root,0,0,00:00:00/7-12:50:14,342) [ata_sff] (root,0,0,00:00:00/7-12:50:14,343) [scsi_eh_0] (root,0,0,00:00:00/7-12:50:14,344) [scsi_tmf_0] (root,0,0,00:00:00/7-12:50:14,345) [scsi_eh_1] (root,0,0,00:00:00/7-12:50:14,346) [scsi_tmf_1] (root,0,0,00:00:13/7-12:50:11,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-12:50:11,367) [ext4-rsv-conver] (root,38604,7616,00:00:07/7-12:49:59,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/7-12:49:58,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:11/7-12:49:56,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/7-12:49:25,511) /sbin/auditd (messagebus,22932,5912,00:00:09/7-12:49:24,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:05/7-12:49:24,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/7-12:49:24,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/7-12:49:22,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/7-12:49:22,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,23800,00:00:08/7-12:49:08,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/7-12:49:08,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:47/7-12:49:08,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/7-12:49:08,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/7-12:49:08,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/7-12:49:08,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/7-12:49:08,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:08/7-12:49:08,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:02/7-12:49:08,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/7-12:49:08,1352) bpfilter_umh (root,26204,8212,00:00:01/7-12:49:08,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/7-12:49:08,1359) ntpd: asynchronous dns resolver (spot,290092,176724,09:14:55/7-12:49:07,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/7-12:49:07,1371) (sd-pam) (checkmk,48528,3192,00:00:00/7-12:49:07,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/7-12:49:07,1373) (sd-pam) (root,24216,5268,00:00:02/7-12:49:05,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/7-12:49:05,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/7-12:49:05,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/7-12:49:02,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:25/7-12:49:01,1527) sshd: syslogtunnel (root,617356,71816,00:10:00/7-12:48:59,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,44444,00:03:54/7-12:48:47,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/1-18:24:22,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/7-12:48:22,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:23/7-12:48:22,3218) sshd: cm-ssh (postfix,24244,8216,00:00:00/43:56,5947) pickup -l -t fifo -u (root,0,0,00:00:01/09:35:31,6969) [kworker/0:2-events] (root,0,0,00:00:00/08:38,7867) [kworker/3:2-ata_sff] (root,6656,3488,00:00:00/00:00,10713) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,10731) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,10732) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:20:06,12808) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/24:34,14333) [kworker/1:0-events] (root,0,0,00:00:00/02:27:10,17990) [kworker/2:0-events] (root,0,0,00:00:02/07:00:29,18376) [kworker/2:2-events] (root,0,0,00:00:00/01:38:28,20009) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/50:08,22435) [kworker/3:1-events] (root,0,0,00:00:00/01:09:44,26012) [kworker/0:0-events] (root,0,0,00:00:00/01:32:25,27803) [kworker/1:1-events] (root,0,0,00:00:00/03:27,29383) [kworker/3:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-17 23:39 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363dbb3785aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:09/5-12:56:35,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-12:56:35,2) [kthreadd] (root,0,0,00:00:00/5-12:56:35,3) [rcu_gp] (root,0,0,00:00:00/5-12:56:35,4) [rcu_par_gp] (root,0,0,00:00:00/5-12:56:35,5) [slub_flushwq] (root,0,0,00:00:00/5-12:56:35,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-12:56:35,9) [mm_percpu_wq] (root,0,0,00:00:00/5-12:56:35,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-12:56:35,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-12:56:35,12) [rcu_tasks_trace] (root,0,0,00:00:09/5-12:56:35,13) [ksoftirqd/0] (root,0,0,00:14:18/5-12:56:35,14) [rcu_preempt] (root,0,0,00:00:02/5-12:56:35,15) [migration/0] (root,0,0,00:00:00/5-12:56:35,16) [idle_inject/0] (root,0,0,00:00:00/5-12:56:35,18) [cpuhp/0] (root,0,0,00:00:00/5-12:56:35,19) [cpuhp/1] (root,0,0,00:00:00/5-12:56:35,20) [idle_inject/1] (root,0,0,00:00:02/5-12:56:35,21) [migration/1] (root,0,0,00:00:07/5-12:56:35,22) [ksoftirqd/1] (root,0,0,00:00:00/5-12:56:35,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-12:56:35,25) [cpuhp/2] (root,0,0,00:00:00/5-12:56:35,26) [idle_inject/2] (root,0,0,00:00:01/5-12:56:35,27) [migration/2] (root,0,0,00:09:23/5-12:56:35,28) [ksoftirqd/2] (root,0,0,00:00:00/5-12:56:35,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-12:56:35,31) [cpuhp/3] (root,0,0,00:00:00/5-12:56:35,32) [idle_inject/3] (root,0,0,00:00:02/5-12:56:35,33) [migration/3] (root,0,0,00:00:26/5-12:56:35,34) [ksoftirqd/3] (root,0,0,00:00:00/5-12:56:35,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-12:56:35,40) [kdevtmpfs] (root,0,0,00:00:00/5-12:56:35,41) [netns] (root,0,0,00:00:00/5-12:56:35,42) [inet_frag_wq] (root,0,0,00:00:00/5-12:56:35,43) [kauditd] (root,0,0,00:00:00/5-12:56:35,44) [khungtaskd] (root,0,0,00:00:00/5-12:56:35,45) [oom_reaper] (root,0,0,00:00:00/5-12:56:35,46) [writeback] (root,0,0,00:00:15/5-12:56:35,47) [kcompactd0] (root,0,0,00:00:00/5-12:56:35,48) [ksmd] (root,0,0,00:00:16/5-12:56:35,49) [khugepaged] (root,0,0,00:00:00/5-12:56:35,75) [kintegrityd] (root,0,0,00:00:00/5-12:56:35,76) [kblockd] (root,0,0,00:00:00/5-12:56:35,77) [blkcg_punt_bio] (root,0,0,00:00:00/5-12:56:35,79) [tpm_dev_wq] (root,0,0,00:00:00/5-12:56:35,80) [edac-poller] (root,0,0,00:00:00/5-12:56:35,81) [devfreq_wq] (root,0,0,00:00:00/5-12:56:35,110) [watchdogd] (root,0,0,00:00:00/5-12:56:35,111) [kswapd0] (root,0,0,00:00:01/5-12:56:35,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-12:56:33,115) [kthrotld] (root,0,0,00:00:00/5-12:56:33,116) [mld] (root,0,0,00:00:00/5-12:56:33,117) [ipv6_addrconf] (root,0,0,00:00:01/5-12:56:33,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-12:56:33,123) [kstrp] (root,0,0,00:00:00/5-12:56:33,124) [zswap-shrink] (root,0,0,00:00:00/5-12:56:33,125) [kworker/u9:0] (root,0,0,00:00:00/5-12:56:33,130) [charger_manager] (root,0,0,00:00:01/5-12:56:33,172) [kworker/1:1H-kblockd] (root,0,0,00:00:02/5-12:56:33,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/5-12:56:32,239) [kaluad] (root,0,0,00:00:00/5-12:56:32,258) [kmpath_rdacd] (root,0,0,00:00:00/5-12:56:32,304) [kmpathd] (root,0,0,00:00:00/5-12:56:32,305) [kmpath_handlerd] (root,0,0,00:00:00/5-12:56:31,342) [ata_sff] (root,0,0,00:00:00/5-12:56:31,343) [scsi_eh_0] (root,0,0,00:00:00/5-12:56:31,344) [scsi_tmf_0] (root,0,0,00:00:00/5-12:56:31,345) [scsi_eh_1] (root,0,0,00:00:00/5-12:56:31,346) [scsi_tmf_1] (root,0,0,00:00:09/5-12:56:28,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-12:56:28,367) [ext4-rsv-conver] (root,38604,7616,00:00:05/5-12:56:16,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/5-12:56:15,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:08/5-12:56:13,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/5-12:55:42,511) /sbin/auditd (messagebus,22932,5912,00:00:07/5-12:55:41,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:04/5-12:55:41,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/5-12:55:41,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/5-12:55:39,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/5-12:55:39,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/06:15,1225) [kworker/1:1] (root,547592,23628,00:00:06/5-12:55:25,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/5-12:55:25,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:34/5-12:55:25,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/5-12:55:25,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/5-12:55:25,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/5-12:55:25,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/5-12:55:25,1343) /usr/lib/systemd/systemd --user (root,448964,8616,00:00:06/5-12:55:25,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:44/5-12:55:25,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/5-12:55:25,1352) bpfilter_umh (root,26204,8212,00:00:01/5-12:55:25,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/5-12:55:25,1359) ntpd: asynchronous dns resolver (spot,212140,174620,06:18:54/5-12:55:24,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/5-12:55:24,1371) (sd-pam) (checkmk,48528,3192,00:00:00/5-12:55:24,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/5-12:55:24,1373) (sd-pam) (root,24216,5268,00:00:01/5-12:55:22,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/5-12:55:22,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/5-12:55:22,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/5-12:55:19,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:18/5-12:55:18,1527) sshd: syslogtunnel (root,617100,71516,00:07:12/5-12:55:16,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,43152,00:02:46/5-12:55:04,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/5-12:54:39,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:17/5-12:54:39,3218) sshd: cm-ssh (root,0,0,00:00:00/28:20,4408) [kworker/2:0-events] (root,0,0,00:00:00/17:19,12469) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/03:45,12715) [kworker/3:1-ata_sff] (postfix,24244,8228,00:00:00/01:11:08,15243) pickup -l -t fifo -u (root,0,0,00:00:00/02:30:02,18842) [kworker/0:0-events] (root,0,0,00:00:01/01:31:57,19687) [kworker/3:0-events] (root,0,0,00:00:00/08:58,21941) [kworker/3:2-ata_sff] (root,0,0,00:00:00/50:15,24590) [kworker/0:2-events] (root,0,0,00:00:00/22:34,24763) [kworker/u8:1-writeback] (root,0,0,00:00:01/03:58:00,25521) [kworker/1:2-events] (root,6656,3480,00:00:00/00:00,26776) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,26794) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,26795) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/09:49:48,28908) [kworker/u8:2-writeback] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-15 23:45 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363693b61bbFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:07/3-12:42:20,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-12:42:20,2) [kthreadd] (root,0,0,00:00:00/3-12:42:20,3) [rcu_gp] (root,0,0,00:00:00/3-12:42:20,4) [rcu_par_gp] (root,0,0,00:00:00/3-12:42:20,5) [slub_flushwq] (root,0,0,00:00:00/3-12:42:20,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-12:42:20,9) [mm_percpu_wq] (root,0,0,00:00:00/3-12:42:20,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-12:42:20,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-12:42:20,12) [rcu_tasks_trace] (root,0,0,00:00:06/3-12:42:20,13) [ksoftirqd/0] (root,0,0,00:09:01/3-12:42:20,14) [rcu_preempt] (root,0,0,00:00:01/3-12:42:20,15) [migration/0] (root,0,0,00:00:00/3-12:42:20,16) [idle_inject/0] (root,0,0,00:00:00/3-12:42:20,18) [cpuhp/0] (root,0,0,00:00:00/3-12:42:20,19) [cpuhp/1] (root,0,0,00:00:00/3-12:42:20,20) [idle_inject/1] (root,0,0,00:00:01/3-12:42:20,21) [migration/1] (root,0,0,00:00:05/3-12:42:20,22) [ksoftirqd/1] (root,0,0,00:00:00/3-12:42:20,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-12:42:20,25) [cpuhp/2] (root,0,0,00:00:00/3-12:42:20,26) [idle_inject/2] (root,0,0,00:00:01/3-12:42:20,27) [migration/2] (root,0,0,00:06:05/3-12:42:20,28) [ksoftirqd/2] (root,0,0,00:00:00/3-12:42:20,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-12:42:20,31) [cpuhp/3] (root,0,0,00:00:00/3-12:42:20,32) [idle_inject/3] (root,0,0,00:00:01/3-12:42:20,33) [migration/3] (root,0,0,00:00:16/3-12:42:20,34) [ksoftirqd/3] (root,0,0,00:00:00/3-12:42:20,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-12:42:20,40) [kdevtmpfs] (root,0,0,00:00:00/3-12:42:20,41) [netns] (root,0,0,00:00:00/3-12:42:20,42) [inet_frag_wq] (root,0,0,00:00:00/3-12:42:20,43) [kauditd] (root,0,0,00:00:00/3-12:42:20,44) [khungtaskd] (root,0,0,00:00:00/3-12:42:20,45) [oom_reaper] (root,0,0,00:00:00/3-12:42:20,46) [writeback] (root,0,0,00:00:09/3-12:42:20,47) [kcompactd0] (root,0,0,00:00:00/3-12:42:20,48) [ksmd] (root,0,0,00:00:10/3-12:42:20,49) [khugepaged] (root,0,0,00:00:00/3-12:42:20,75) [kintegrityd] (root,0,0,00:00:00/3-12:42:20,76) [kblockd] (root,0,0,00:00:00/3-12:42:20,77) [blkcg_punt_bio] (root,0,0,00:00:00/3-12:42:20,79) [tpm_dev_wq] (root,0,0,00:00:00/3-12:42:20,80) [edac-poller] (root,0,0,00:00:00/3-12:42:20,81) [devfreq_wq] (root,0,0,00:00:00/3-12:42:20,110) [watchdogd] (root,0,0,00:00:00/3-12:42:20,111) [kswapd0] (root,0,0,00:00:00/3-12:42:20,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-12:42:18,115) [kthrotld] (root,0,0,00:00:00/3-12:42:18,116) [mld] (root,0,0,00:00:00/3-12:42:18,117) [ipv6_addrconf] (root,0,0,00:00:00/3-12:42:18,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-12:42:18,123) [kstrp] (root,0,0,00:00:00/3-12:42:18,124) [zswap-shrink] (root,0,0,00:00:00/3-12:42:18,125) [kworker/u9:0] (root,0,0,00:00:00/3-12:42:18,130) [charger_manager] (root,0,0,00:00:00/3-12:42:18,172) [kworker/1:1H-kblockd] (root,0,0,00:00:01/3-12:42:18,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-12:42:17,239) [kaluad] (root,0,0,00:00:00/3-12:42:17,258) [kmpath_rdacd] (root,0,0,00:00:00/3-12:42:17,304) [kmpathd] (root,0,0,00:00:00/3-12:42:17,305) [kmpath_handlerd] (root,0,0,00:00:00/3-12:42:16,342) [ata_sff] (root,0,0,00:00:00/3-12:42:16,343) [scsi_eh_0] (root,0,0,00:00:00/3-12:42:16,344) [scsi_tmf_0] (root,0,0,00:00:00/3-12:42:16,345) [scsi_eh_1] (root,0,0,00:00:00/3-12:42:16,346) [scsi_tmf_1] (root,0,0,00:00:05/3-12:42:13,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-12:42:13,367) [ext4-rsv-conver] (root,38604,7616,00:00:03/3-12:42:01,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/3-12:42:00,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:05/3-12:41:58,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/3-12:41:27,511) /sbin/auditd (messagebus,22932,5912,00:00:04/3-12:41:26,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8356,00:00:02/3-12:41:26,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/3-12:41:26,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/3-12:41:24,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/3-12:41:24,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22784,00:00:04/3-12:41:10,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/3-12:41:10,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/01:29:56,1333) [kworker/0:1-events] (root,21172,4536,00:00:22/3-12:41:10,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/3-12:41:10,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/3-12:41:10,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/3-12:41:10,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/3-12:41:10,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:04/3-12:41:10,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:28/3-12:41:10,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/3-12:41:10,1352) bpfilter_umh (root,26204,8212,00:00:00/3-12:41:10,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/3-12:41:10,1359) ntpd: asynchronous dns resolver (spot,206268,169268,04:03:05/3-12:41:09,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/3-12:41:09,1371) (sd-pam) (checkmk,48528,3192,00:00:00/3-12:41:09,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/3-12:41:09,1373) (sd-pam) (root,0,0,00:00:00/07:17,1446) [kworker/3:2-ata_sff] (root,24216,5268,00:00:01/3-12:41:07,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/3-12:41:07,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/3-12:41:07,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/3-12:41:04,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:11/3-12:41:03,1527) sshd: syslogtunnel (root,615820,67960,00:04:37/3-12:41:01,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41868,00:01:49/3-12:40:49,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/08:09:01,2276) [kworker/1:2-events] (root,35308,10108,00:00:00/3-12:40:24,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:10/3-12:40:24,3218) sshd: cm-ssh (root,0,0,00:00:00/01:49:16,4067) [kworker/1:1] (root,0,0,00:00:02/07:52:58,5266) [kworker/2:1-events] (postfix,24244,8260,00:00:00/01:18:49,6052) pickup -l -t fifo -u (root,0,0,00:00:00/01:15:55,13330) [kworker/u8:2-writeback] (root,0,0,00:00:00/20:36,18236) [kworker/2:2-events] (root,0,0,00:00:00/02:07,25351) [kworker/3:1-ata_sff] (root,0,0,00:00:00/01:05:23,27113) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/01:05:12,28172) [kworker/0:2-events] (root,0,0,00:00:00/17:40,28530) [kworker/3:0-events] (root,6656,3484,00:00:00/00:00,31189) /bin/bash /usr/bin/check_mk_agent (root,13744,3452,00:00:00/00:00,31207) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,31208) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-13 23:31 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683630ac86963Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:04/1-17:16:23,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-17:16:23,2) [kthreadd] (root,0,0,00:00:00/1-17:16:23,3) [rcu_gp] (root,0,0,00:00:00/1-17:16:23,4) [rcu_par_gp] (root,0,0,00:00:00/1-17:16:23,5) [slub_flushwq] (root,0,0,00:00:00/1-17:16:23,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-17:16:23,9) [mm_percpu_wq] (root,0,0,00:00:00/1-17:16:23,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-17:16:23,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-17:16:23,12) [rcu_tasks_trace] (root,0,0,00:00:03/1-17:16:23,13) [ksoftirqd/0] (root,0,0,00:04:32/1-17:16:23,14) [rcu_preempt] (root,0,0,00:00:00/1-17:16:23,15) [migration/0] (root,0,0,00:00:00/1-17:16:23,16) [idle_inject/0] (root,0,0,00:00:00/1-17:16:23,18) [cpuhp/0] (root,0,0,00:00:00/1-17:16:23,19) [cpuhp/1] (root,0,0,00:00:00/1-17:16:23,20) [idle_inject/1] (root,0,0,00:00:01/1-17:16:23,21) [migration/1] (root,0,0,00:00:02/1-17:16:23,22) [ksoftirqd/1] (root,0,0,00:00:00/1-17:16:23,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-17:16:23,25) [cpuhp/2] (root,0,0,00:00:00/1-17:16:23,26) [idle_inject/2] (root,0,0,00:00:00/1-17:16:23,27) [migration/2] (root,0,0,00:03:00/1-17:16:23,28) [ksoftirqd/2] (root,0,0,00:00:00/1-17:16:23,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-17:16:23,31) [cpuhp/3] (root,0,0,00:00:00/1-17:16:23,32) [idle_inject/3] (root,0,0,00:00:00/1-17:16:23,33) [migration/3] (root,0,0,00:00:09/1-17:16:23,34) [ksoftirqd/3] (root,0,0,00:00:00/1-17:16:23,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-17:16:23,40) [kdevtmpfs] (root,0,0,00:00:00/1-17:16:23,41) [netns] (root,0,0,00:00:00/1-17:16:23,42) [inet_frag_wq] (root,0,0,00:00:00/1-17:16:23,43) [kauditd] (root,0,0,00:00:00/1-17:16:23,44) [khungtaskd] (root,0,0,00:00:00/1-17:16:23,45) [oom_reaper] (root,0,0,00:00:00/1-17:16:23,46) [writeback] (root,0,0,00:00:05/1-17:16:23,47) [kcompactd0] (root,0,0,00:00:00/1-17:16:23,48) [ksmd] (root,0,0,00:00:05/1-17:16:23,49) [khugepaged] (root,0,0,00:00:00/1-17:16:23,75) [kintegrityd] (root,0,0,00:00:00/1-17:16:23,76) [kblockd] (root,0,0,00:00:00/1-17:16:23,77) [blkcg_punt_bio] (root,0,0,00:00:00/1-17:16:23,79) [tpm_dev_wq] (root,0,0,00:00:00/1-17:16:23,80) [edac-poller] (root,0,0,00:00:00/1-17:16:23,81) [devfreq_wq] (root,0,0,00:00:00/1-17:16:23,110) [watchdogd] (root,0,0,00:00:00/1-17:16:23,111) [kswapd0] (root,0,0,00:00:00/1-17:16:23,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-17:16:21,115) [kthrotld] (root,0,0,00:00:00/1-17:16:21,116) [mld] (root,0,0,00:00:00/1-17:16:21,117) [ipv6_addrconf] (root,0,0,00:00:00/1-17:16:21,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-17:16:21,123) [kstrp] (root,0,0,00:00:00/1-17:16:21,124) [zswap-shrink] (root,0,0,00:00:00/1-17:16:21,125) [kworker/u9:0] (root,0,0,00:00:00/1-17:16:21,130) [charger_manager] (root,0,0,00:00:00/1-17:16:21,172) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-17:16:21,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-17:16:20,239) [kaluad] (root,0,0,00:00:00/1-17:16:20,258) [kmpath_rdacd] (root,0,0,00:00:00/1-17:16:20,304) [kmpathd] (root,0,0,00:00:00/1-17:16:20,305) [kmpath_handlerd] (root,0,0,00:00:00/1-17:16:19,342) [ata_sff] (root,0,0,00:00:00/1-17:16:19,343) [scsi_eh_0] (root,0,0,00:00:00/1-17:16:19,344) [scsi_tmf_0] (root,0,0,00:00:00/1-17:16:19,345) [scsi_eh_1] (root,0,0,00:00:00/1-17:16:19,346) [scsi_tmf_1] (root,0,0,00:00:02/1-17:16:16,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-17:16:16,367) [ext4-rsv-conver] (root,38604,7616,00:00:01/1-17:16:04,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/1-17:16:03,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:02/1-17:16:01,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/1-17:15:30,511) /sbin/auditd (messagebus,22932,5912,00:00:02/1-17:15:29,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8340,00:00:01/1-17:15:29,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/1-17:15:29,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/1-17:15:27,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/1-17:15:27,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22256,00:00:02/1-17:15:13,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/1-17:15:13,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:11/1-17:15:13,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/1-17:15:13,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/1-17:15:13,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/1-17:15:13,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/1-17:15:13,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:02/1-17:15:13,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:14/1-17:15:13,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/1-17:15:13,1352) bpfilter_umh (root,26204,8212,00:00:00/1-17:15:13,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/1-17:15:13,1359) ntpd: asynchronous dns resolver (spot,204764,167872,02:08:22/1-17:15:12,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/1-17:15:12,1371) (sd-pam) (checkmk,48528,3192,00:00:00/1-17:15:12,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/1-17:15:12,1373) (sd-pam) (root,24216,5268,00:00:00/1-17:15:10,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/1-17:15:10,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/1-17:15:10,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/1-17:15:07,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:06/1-17:15:06,1527) sshd: syslogtunnel (root,615564,69640,00:02:19/1-17:15:04,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:10/03:17:49,1941) [kworker/3:0-events] (spot,206272,41360,00:00:53/1-17:14:52,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/1-17:14:27,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:05/1-17:14:27,3218) sshd: cm-ssh (postfix,24244,8276,00:00:00/01:14:38,4891) pickup -l -t fifo -u (root,0,0,00:00:02/02:47:53,6590) [kworker/1:0-events] (root,0,0,00:00:01/04:52:26,11820) [kworker/2:2-events] (root,0,0,00:00:00/50:03,12493) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/45:47,14195) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/34:38,18103) [kworker/1:1] (root,0,0,00:00:00/02:30:03,22783) [kworker/u8:0-writeback] (root,0,0,00:00:00/01:59:10,23968) [kworker/0:2-events] (root,0,0,00:00:00/05:51,29029) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:51,29870) [kworker/2:0-events] (root,0,0,00:00:00/00:41,30009) [kworker/3:1-ata_sff] (root,6656,3488,00:00:00/00:00,30103) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,30121) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,948,00:00:00/00:00,30122) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/08:32:14,31079) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-12 04:05
Domain summary
No record