An open CheckMK agent is publicly available.
This could leak sensitive information such as :
https://docs.checkmk.com/latest/en/wato_monitoringagents.html
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca98a8b31c
Found public CheckMk agent: Version: 1.2.4b7 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,191264,3396,0.0) /usr/lib/systemd/systemd --switched-root --system --deserialize 21 (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [kworker/0:0H] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [rcu_bh] (root,0,0,0.1) [rcu_sched] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [kworker/1:0H] (root,0,0,0.0) [watchdog/2] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [kworker/2:0H] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [migration/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [kworker/3:0H] (root,0,0,0.0) [watchdog/4] (root,0,0,0.0) [migration/4] (root,0,0,0.0) [ksoftirqd/4] (root,0,0,0.0) [kworker/4:0H] (root,0,0,0.0) [watchdog/5] (root,0,0,0.0) [migration/5] (root,0,0,0.0) [ksoftirqd/5] (root,0,0,0.0) [kworker/5:0H] (root,0,0,0.0) [watchdog/6] (root,0,0,0.0) [migration/6] (root,0,0,0.0) [ksoftirqd/6] (root,0,0,0.0) [kworker/6:0H] (root,0,0,0.0) [watchdog/7] (root,0,0,0.0) [migration/7] (root,0,0,0.0) [ksoftirqd/7] (root,0,0,0.0) [kworker/7:0H] (root,0,0,0.0) [khelper] (root,0,0,0.0) [kdevtmpfs] (root,0,0,0.0) [netns] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [writeback] (root,0,0,0.0) [kintegrityd] (root,0,0,0.0) [bioset] (root,0,0,0.0) [kblockd] (root,0,0,0.0) [md] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [fsnotify_mark] (root,0,0,0.0) [crypto] (root,0,0,0.0) [kthrotld] (root,0,0,0.0) [kmpath_rdacd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [ipv6_addrconf] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kauditd] (root,0,0,0.0) [ata_sff] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_tmf_0] (root,0,0,0.0) [scsi_eh_1] (root,0,0,0.0) [scsi_tmf_1] (root,0,0,0.0) [mpt_poll_0] (root,0,0,0.0) [mpt/0] (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [scsi_tmf_2] (root,0,0,0.0) [ttm_swap] (root,0,0,0.0) [kworker/3:1H] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [bioset] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-rsv-conver] (root,0,0,0.0) [kworker/0:1H] (root,0,0,0.0) [kworker/6:1H] (root,192872,117120,0.0) /usr/lib/systemd/systemd-journald (root,274676,1768,0.0) /usr/sbin/lvmetad -f (root,43588,1624,0.0) /usr/lib/systemd/systemd-udevd (root,0,0,0.0) [nfit] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [bioset] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [bioset] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [bioset] (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-rsv-conver] (root,0,0,0.0) [jbd2/dm-2-8] (root,0,0,0.0) [ext4-rsv-conver] (root,0,0,0.0) [jbd2/dm-1-8] (root,0,0,0.0) [ext4-rsv-conver] (root,0,0,0.0) [jbd2/dm-3-8] (root,0,0,0.0) [ext4-rsv-conver] (root,0,0,0.0) [rpciod] (root,55536,916,0.0) /sbin/auditd (root,24256,1608,0.0) /usr/lib/systemd/systemd-logind (root,733312,64488,0.0) /usr/sbin/rsyslogd -n (polkitd,527740,6856,0.0) /usr/lib/polkit-1/polkitd --no-debug (root,281596,45764,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daemonize (rpc,65136,1120,0.0) /sbin/rpcbind -w (dbus,24516,1652,0.0) /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation (root,195212,1116,0.0) /usr/sbin/gssproxy -D (root,19376,1040,0.0) /usr/sbin/irqbalance --foreground (root,4781004,3132148,30.3) /opt/FortiEDRCollector/bin/FortiEDRCollector (root,988428,34952,0.0) /usr/bin/containerd (root,27172,964,0.0) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid (root,83220,1272,0.0) /usr/sbin/sshd (root,889880,1444,0.0) /opt/FortiEDRCollector/bin/FortiEDRAvScanner (root,205692,7488,0.0) /usr/sbin/vmtoolsd (root,57176,5088,0.0) /usr/lib/vmware-vgauth/VGAuthService -s (root,359580,4392,0.0) /opt/commvault/Base/cvlaunchd (root,3378756,150460,0.0) /opt/commvault/Base/cvd (root,598372,14968,0.0) /opt/commvault/Base/ClMgrS (root,115172,6240,0.0) /opt/commvault/Base/cvfwd (root,1289328,105056,0.6) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock (rpcuser,42516,1728,0.0) /usr/sbin/rpc.statd (root,0,0,0.0) [nfsiod] (root,0,0,0.0) [lockd] (root,0,0,0.0) [kworker/3:0] (root,126392,1444,0.0) /usr/sbin/crond -n (root,110200,796,0.0) /sbin/agetty --noclear tty1 linux (root,0,0,0.4) [kSocketWorker] (root,0,0,0.0) [UserSpaceWorker] (root,0,0,0.0) [kworker/1:1] (root,0,0,0.0) [kworker/3:2] (root,0,0,0.0) [kworker/0:1] (root,0,0,0.0) [kworker/4:0] (root,0,0,0.0) [kworker/5:1] (root,0,0,0.0) [kworker/2:0] (root,0,0,0.0) [kworker/6:2] (root,0,0,0.0) [kworker/4:2] (root,0,0,0.0) [kworker/u256:0] (root,0,0,0.0) [kworker/7:2] (root,0,0,0.0) [kworker/4:1] (root,0,0,0.0) [kworker/6:0] (root,178328,2472,0.0) /usr/sbin/CROND -n (root,113284,1208,0.0) /bin/sh -c /bin/sh /usr/local/sbin/system-mon.sh > /dev/null 2>&1 (root,113288,1424,0.0) /bin/sh /usr/local/sbin/system-mon.sh (root,0,0,0.0) [kworker/u256:2] (root,157784,2196,0.3) top -n 3 -b (root,115416,1604,0.0) /bin/bash /usr/bin/check_mk_agent (root,47540,1656,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,13328,928,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) / (root,0,0,0.0) [kworker/4:2H] (root,0,0,0.0) [kworker/2:2H] (root,0,0,0.0) [kworker/7:2H] (root,0,0,0.0) [kworker/5:2H] (root,0,0,0.0) [kworker/1:2H] (root,0,0,0.0) [kworker/0:0] (root,0,0,0.0) [kworker/u256:1] (root,0,0,0.0) [kworker/1:2] (root,0,0,0.0) [kworker/2:2] (root,0,0,0.0) [kworker/7:1] (root,0,0,0.0) [kworker/5:2] (root,0,0,0.0) [kworker/6:1]
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca4a33f073
Found public CheckMk agent: Version: 1.2.4b7 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,191264,4196,0.0) /usr/lib/systemd/systemd --switched-root --system --deserialize 21 (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [kworker/0:0H] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [rcu_bh] (root,0,0,0.1) [rcu_sched] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [kworker/1:0H] (root,0,0,0.0) [watchdog/2] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [kworker/2:0H] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [migration/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [kworker/3:0H] (root,0,0,0.0) [watchdog/4] (root,0,0,0.0) [migration/4] (root,0,0,0.0) [ksoftirqd/4] (root,0,0,0.0) [kworker/4:0H] (root,0,0,0.0) [watchdog/5] (root,0,0,0.0) [migration/5] (root,0,0,0.0) [ksoftirqd/5] (root,0,0,0.0) [kworker/5:0H] (root,0,0,0.0) [watchdog/6] (root,0,0,0.0) [migration/6] (root,0,0,0.0) [ksoftirqd/6] (root,0,0,0.0) [kworker/6:0H] (root,0,0,0.0) [watchdog/7] (root,0,0,0.0) [migration/7] (root,0,0,0.0) [ksoftirqd/7] (root,0,0,0.0) [kworker/7:0H] (root,0,0,0.0) [khelper] (root,0,0,0.0) [kdevtmpfs] (root,0,0,0.0) [netns] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [writeback] (root,0,0,0.0) [kintegrityd] (root,0,0,0.0) [bioset] (root,0,0,0.0) [kblockd] (root,0,0,0.0) [md] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [fsnotify_mark] (root,0,0,0.0) [crypto] (root,0,0,0.0) [kthrotld] (root,0,0,0.0) [kmpath_rdacd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [ipv6_addrconf] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kauditd] (root,0,0,0.0) [ata_sff] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_tmf_0] (root,0,0,0.0) [scsi_eh_1] (root,0,0,0.0) [scsi_tmf_1] (root,0,0,0.0) [mpt_poll_0] (root,0,0,0.0) [mpt/0] (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [scsi_tmf_2] (root,0,0,0.0) [ttm_swap] (root,0,0,0.0) [kworker/2:1H] (root,0,0,0.0) [kworker/3:1H] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [bioset] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-rsv-conver] (root,0,0,0.0) [kworker/0:1H] (root,0,0,0.0) [kworker/6:1H] (root,205408,124856,0.0) /usr/lib/systemd/systemd-journald (root,0,0,0.0) [kworker/1:1H] (root,274676,1608,0.0) /usr/sbin/lvmetad -f (root,43588,1836,0.0) /usr/lib/systemd/systemd-udevd (root,0,0,0.0) [nfit] (root,0,0,0.0) [kworker/7:1H] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [bioset] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [bioset] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [bioset] (root,0,0,0.0) [kworker/5:1H] (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-rsv-conver] (root,0,0,0.0) [jbd2/dm-2-8] (root,0,0,0.0) [ext4-rsv-conver] (root,0,0,0.0) [jbd2/dm-1-8] (root,0,0,0.0) [ext4-rsv-conver] (root,0,0,0.0) [jbd2/dm-3-8] (root,0,0,0.0) [ext4-rsv-conver] (root,0,0,0.0) [rpciod] (root,55536,1072,0.0) /sbin/auditd (root,24256,1744,0.0) /usr/lib/systemd/systemd-logind (root,507016,68500,0.0) /usr/sbin/rsyslogd -n (polkitd,527612,9832,0.0) /usr/lib/polkit-1/polkitd --no-debug (root,281464,49468,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daemonize (rpc,65064,1476,0.0) /sbin/rpcbind -w (dbus,24516,1828,0.0) /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation (root,195212,1240,0.0) /usr/sbin/gssproxy -D (root,19376,1312,0.0) /usr/sbin/irqbalance --foreground (root,2607404,1276604,18.7) /opt/FortiEDRCollector/bin/FortiEDRCollector (root,988428,51120,0.0) /usr/bin/containerd (root,27172,1104,0.0) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid (root,83220,1412,0.0) /usr/sbin/sshd (root,889880,53340,0.0) /opt/FortiEDRCollector/bin/FortiEDRAvScanner (root,196520,8868,0.0) /usr/sbin/vmtoolsd (root,57176,5904,0.0) /usr/lib/vmware-vgauth/VGAuthService -s (root,359580,12476,0.0) /opt/commvault/Base/cvlaunchd (root,3381852,212572,0.0) /opt/commvault/Base/cvd (root,0,0,0.0) [kworker/4:1H] (root,598372,63236,0.0) /opt/commvault/Base/ClMgrS (root,115172,6680,0.0) /opt/commvault/Base/cvfwd (root,1289328,170692,0.6) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock (rpcuser,42444,1752,0.0) /usr/sbin/rpc.statd (root,0,0,0.0) [nfsiod] (root,0,0,0.0) [lockd] (root,126392,1604,0.0) /usr/sbin/crond -n (root,110200,852,0.0) /sbin/agetty --noclear tty1 linux (root,49340,1404,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf (nginx,49776,2360,0.0) nginx: worker process (root,0,0,0.4) [kSocketWorker] (root,0,0,0.0) [UserSpaceWorker] (root,111960,12456,0.0) /usr/bin/containerd-shim-runc-v2 -namespace moby -id e30dc8bcd0e2d29d91b36f9549f2544e44862fcb30cf356c5991b1cc70058285 -address /run/containerd/containerd.sock (root,111704,12272,0.0) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 2ef2169d668ecc960f5637a672d2272311e11dc1f057d3d78eb641c468bdd362 -address /run/containerd/containerd.sock (root,13185504,732724,0.2) java -jar mpsc_oas_audit-0.0.1-SNAPSHOT.jar (root,14395400,2936788,1.4) java -jar oas-0.0.1-SNAPSHOT.jar (root,0,0,0.0) [kworker/2:0] (root,0,0,0.0) [kworker/u256:0] (root,0,0,0.0) [kworker/7:1] (root,0,0,0.0) [kworker/0:1] (root,0,0,0.0) [kworker/1:0] (root,0,0,0.0) [kworker/3:2] (root,0,0,0.0) [kworker/4:2] (root,0,0,0.0) [kworker/2:2] (root,0,0,0.0) [kworker/0:0] (root,0,0,0.0) [kworker/3:0] (root,0,0,0.0) [kworker/4:0] (root,0,0,0.0) [kworker/7:0] (root,0,0,0.0) [kworker/4:1] (root,0,0,0.0) [kworker/5:1] (root,0,0,0.0) [kworker/1:1] (root,0,0,0.0) [kworker/5:2] (root,0,0,0.0) [kworker/6:2] (root,0,0,0.0) [kworker/u256:2] (root,0,0,0.0) [kworker/6:1] (root,0,0,0.0) [kworker/u256:1] (root,0,0,0.0) [kworker/6:0] (root,115416,1604,0.0) /bin/bash /usr/bin/check_mk_agent (root,47540,1660,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,13328,928,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca501033cb
Found public CheckMk agent: Version: 1.2.4b7 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,191168,4200,0.0) /usr/lib/systemd/systemd --switched-root --system --deserialize 21 (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [kworker/0:0H] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [rcu_bh] (root,0,0,0.0) [rcu_sched] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [kworker/1:0H] (root,0,0,0.0) [watchdog/2] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [kworker/2:0H] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [migration/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [kworker/3:0H] (root,0,0,0.0) [watchdog/4] (root,0,0,0.0) [migration/4] (root,0,0,0.0) [ksoftirqd/4] (root,0,0,0.0) [kworker/4:0H] (root,0,0,0.0) [watchdog/5] (root,0,0,0.0) [migration/5] (root,0,0,0.0) [ksoftirqd/5] (root,0,0,0.0) [kworker/5:0H] (root,0,0,0.0) [watchdog/6] (root,0,0,0.0) [migration/6] (root,0,0,0.0) [ksoftirqd/6] (root,0,0,0.0) [kworker/6:0H] (root,0,0,0.0) [watchdog/7] (root,0,0,0.0) [migration/7] (root,0,0,0.0) [ksoftirqd/7] (root,0,0,0.0) [kworker/7:0H] (root,0,0,0.0) [khelper] (root,0,0,0.0) [kdevtmpfs] (root,0,0,0.0) [netns] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [writeback] (root,0,0,0.0) [kintegrityd] (root,0,0,0.0) [bioset] (root,0,0,0.0) [kblockd] (root,0,0,0.0) [md] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [fsnotify_mark] (root,0,0,0.0) [crypto] (root,0,0,0.0) [kthrotld] (root,0,0,0.0) [kmpath_rdacd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [ipv6_addrconf] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kauditd] (root,0,0,0.0) [ata_sff] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_tmf_0] (root,0,0,0.0) [scsi_eh_1] (root,0,0,0.0) [scsi_tmf_1] (root,0,0,0.0) [mpt_poll_0] (root,0,0,0.0) [mpt/0] (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [scsi_tmf_2] (root,0,0,0.0) [ttm_swap] (root,0,0,0.0) [kworker/0:1H] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [bioset] (root,0,0,0.0) [kworker/5:1H] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-rsv-conver] (root,202292,120620,0.0) /usr/lib/systemd/systemd-journald (root,274676,1848,0.0) /usr/sbin/lvmetad -f (root,43588,1832,0.0) /usr/lib/systemd/systemd-udevd (root,0,0,0.0) [nfit] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [bioset] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [bioset] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [bioset] (root,0,0,0.0) [jbd2/dm-3-8] (root,0,0,0.0) [ext4-rsv-conver] (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-rsv-conver] (root,0,0,0.0) [kworker/1:1H] (root,0,0,0.0) [jbd2/dm-1-8] (root,0,0,0.0) [ext4-rsv-conver] (root,0,0,0.0) [jbd2/dm-2-8] (root,0,0,0.0) [ext4-rsv-conver] (root,0,0,0.0) [rpciod] (root,55536,1080,0.0) /sbin/auditd (root,281476,49444,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daemonize (root,795804,67148,0.0) /usr/sbin/rsyslogd -n (root,19376,1312,0.0) /usr/sbin/irqbalance --foreground (rpc,65064,1448,0.0) /sbin/rpcbind -w (root,24256,1744,0.0) /usr/lib/systemd/systemd-logind (dbus,24536,1828,0.0) /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation (root,0,0,0.0) [kworker/4:1H] (polkitd,527740,12168,0.0) /usr/lib/polkit-1/polkitd --no-debug (root,27172,1096,0.0) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid (root,988428,52972,0.0) /usr/bin/containerd (root,0,0,0.0) [kworker/2:1H] (root,195212,1240,0.0) /usr/sbin/gssproxy -D (root,83220,1416,0.0) /usr/sbin/sshd (root,0,0,0.0) [kworker/6:1H] (root,0,0,0.0) [kworker/3:1H] (root,196520,8876,0.0) /usr/sbin/vmtoolsd (root,57176,5912,0.0) /usr/lib/vmware-vgauth/VGAuthService -s (root,327796,44912,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --config=/etc/puppetlabs/mcollective/server.cfg --pidfile=/var/run/puppetlabs/mcollective.pid --daemonize (root,0,0,0.0) [kworker/3:1] (root,359580,12476,0.0) /opt/commvault/Base/cvlaunchd (root,3117952,231584,0.0) /opt/commvault/Base/cvd (root,598372,63240,0.0) /opt/commvault/Base/ClMgrS (root,115172,6680,0.0) /opt/commvault/Base/cvfwd (root,0,0,0.0) [kworker/7:1H] (root,1280620,159680,0.7) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock (rpcuser,42516,1900,0.0) /usr/sbin/rpc.statd (root,0,0,0.0) [nfsiod] (root,0,0,0.0) [lockd] (root,126388,1600,0.0) /usr/sbin/crond -n (root,110200,852,0.0) /sbin/agetty --noclear tty1 linux (root,0,0,0.4) [kSocketWorker] (root,0,0,0.0) [UserSpaceWorker] (root,0,0,0.0) [kworker/0:0] (root,0,0,0.0) [kworker/5:2] (root,0,0,0.0) [kworker/2:0] (root,0,0,0.0) [kworker/7:0] (root,0,0,0.0) [kworker/u256:2] (root,0,0,0.0) [kworker/1:0] (root,0,0,0.0) [kworker/7:2] (root,0,0,0.0) [kworker/3:0] (root,0,0,0.0) [kworker/6:2] (root,0,0,0.0) [kworker/4:2] (root,0,0,0.0) [kworker/6:0] (root,0,0,0.0) [kworker/1:2] (root,0,0,0.0) [kworker/5:0] (root,0,0,0.0) [kworker/u256:1] (root,0,0,0.0) [kworker/2:1] (root,0,0,0.0) [kworker/0:2] (root,0,0,0.0) [kworker/6:1] (root,0,0,0.0) [kworker/0:1] (root,178324,2500,0.0) /usr/sbin/CROND -n (root,113284,1208,0.0) /bin/sh -c /bin/sh /usr/local/sbin/system-mon.sh > /dev/null 2>&1 (root,113288,1428,0.0) /bin/sh /usr/local/sbin/system-mon.sh (root,157784,2208,0.2) top -n 3 -b (root,140404,4816,0.0) sshd: unknown [priv] (sshd,88992,2628,0.0) sshd: unknown [net] (root,115416,1600,0.0) /bin/bash /usr/bin/check_mk_agent (root,47540,1652,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,13328,924,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) / (root,2119172,690956,1.4) /opt/FortiEDRCollector/bin/FortiEDRCollector (root,955416,51656,0.0) /opt/FortiEDRCollector/bin/FortiEDRAvScanner (root,111960,11964,0.0) /usr/bin/containerd-shim-runc-v2 -namespace moby -id a7d140e4cd98b3f5551383f1a1e2bef295b33e28e77adf8329450ad3fbc091c3 -address /run/containerd/containerd.sock (root,111960,10088,0.0) /usr/bin/containerd-shim-runc-v2 -namespace moby -id a49f6b3aa9e7735cf9c40a35154aac744335e43cbcb2d25315c19477693269a6 -address /run/containerd/containerd.sock (root,14196724,1506432,0.8) java -jar oas-0.0.1-SNAPSHOT.jar (root,13185504,1184912,0.2) java -jar mpsc_oas_audit-0.0.1-SNAPSHOT.jar (root,0,0,0.0) [kworker/4:0]
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca8be1eb05
Found public CheckMk agent: Version: 1.2.4b7 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,191168,4200,0.0) /usr/lib/systemd/systemd --switched-root --system --deserialize 21 (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [kworker/0:0H] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [rcu_bh] (root,0,0,0.0) [rcu_sched] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [kworker/1:0H] (root,0,0,0.0) [watchdog/2] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [kworker/2:0H] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [migration/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [kworker/3:0H] (root,0,0,0.0) [watchdog/4] (root,0,0,0.0) [migration/4] (root,0,0,0.0) [ksoftirqd/4] (root,0,0,0.0) [kworker/4:0H] (root,0,0,0.0) [watchdog/5] (root,0,0,0.0) [migration/5] (root,0,0,0.0) [ksoftirqd/5] (root,0,0,0.0) [kworker/5:0H] (root,0,0,0.0) [watchdog/6] (root,0,0,0.0) [migration/6] (root,0,0,0.0) [ksoftirqd/6] (root,0,0,0.0) [kworker/6:0H] (root,0,0,0.0) [watchdog/7] (root,0,0,0.0) [migration/7] (root,0,0,0.0) [ksoftirqd/7] (root,0,0,0.0) [kworker/7:0H] (root,0,0,0.0) [khelper] (root,0,0,0.0) [kdevtmpfs] (root,0,0,0.0) [netns] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [writeback] (root,0,0,0.0) [kintegrityd] (root,0,0,0.0) [bioset] (root,0,0,0.0) [kblockd] (root,0,0,0.0) [md] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [fsnotify_mark] (root,0,0,0.0) [crypto] (root,0,0,0.0) [kthrotld] (root,0,0,0.0) [kmpath_rdacd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [ipv6_addrconf] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kauditd] (root,0,0,0.0) [ata_sff] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_tmf_0] (root,0,0,0.0) [scsi_eh_1] (root,0,0,0.0) [scsi_tmf_1] (root,0,0,0.0) [mpt_poll_0] (root,0,0,0.0) [mpt/0] (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [scsi_tmf_2] (root,0,0,0.0) [ttm_swap] (root,0,0,0.0) [kworker/0:1H] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [bioset] (root,0,0,0.0) [kworker/5:1H] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-rsv-conver] (root,70000,33640,0.0) /usr/lib/systemd/systemd-journald (root,274676,1820,0.0) /usr/sbin/lvmetad -f (root,43588,1832,0.0) /usr/lib/systemd/systemd-udevd (root,0,0,0.0) [nfit] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [bioset] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [bioset] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [bioset] (root,0,0,0.0) [jbd2/dm-3-8] (root,0,0,0.0) [ext4-rsv-conver] (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-rsv-conver] (root,0,0,0.0) [kworker/1:1H] (root,0,0,0.0) [jbd2/dm-1-8] (root,0,0,0.0) [ext4-rsv-conver] (root,0,0,0.0) [jbd2/dm-2-8] (root,0,0,0.0) [ext4-rsv-conver] (root,0,0,0.0) [rpciod] (root,55536,1080,0.0) /sbin/auditd (root,281476,49444,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daemonize (root,658744,21680,0.0) /usr/sbin/rsyslogd -n (root,19376,1312,0.0) /usr/sbin/irqbalance --foreground (rpc,65064,1448,0.0) /sbin/rpcbind -w (root,24256,1744,0.0) /usr/lib/systemd/systemd-logind (dbus,24536,1828,0.0) /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation (root,0,0,0.0) [kworker/4:1H] (polkitd,527740,12168,0.0) /usr/lib/polkit-1/polkitd --no-debug (root,27172,1096,0.0) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid (root,988428,53020,0.0) /usr/bin/containerd (root,0,0,0.0) [kworker/2:1H] (root,195212,1240,0.0) /usr/sbin/gssproxy -D (root,83220,1416,0.0) /usr/sbin/sshd (root,0,0,0.0) [kworker/6:1H] (root,0,0,0.0) [kworker/3:1H] (root,196520,8876,0.0) /usr/sbin/vmtoolsd (root,57176,5912,0.0) /usr/lib/vmware-vgauth/VGAuthService -s (root,327796,44924,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --config=/etc/puppetlabs/mcollective/server.cfg --pidfile=/var/run/puppetlabs/mcollective.pid --daemonize (root,359580,12476,0.0) /opt/commvault/Base/cvlaunchd (root,3118468,231184,0.0) /opt/commvault/Base/cvd (root,598372,63240,0.0) /opt/commvault/Base/ClMgrS (root,115172,6680,0.0) /opt/commvault/Base/cvfwd (root,0,0,0.0) [kworker/7:1H] (root,1280620,161568,0.7) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock (rpcuser,42516,1900,0.0) /usr/sbin/rpc.statd (root,0,0,0.0) [nfsiod] (root,0,0,0.0) [lockd] (root,126388,1600,0.0) /usr/sbin/crond -n (root,110200,852,0.0) /sbin/agetty --noclear tty1 linux (root,0,0,0.0) [kworker/4:1] (root,0,0,0.0) [kworker/4:0] (root,0,0,0.0) [kworker/4:2] (root,0,0,0.0) [kworker/1:2] (root,0,0,0.0) [kworker/3:2] (root,0,0,0.0) [kworker/5:2] (root,0,0,0.0) [kworker/5:1] (root,0,0,0.0) [kworker/7:1] (root,0,0,0.0) [kworker/7:2] (root,2004492,565456,1.4) /opt/FortiEDRCollector/bin/FortiEDRCollector (root,955416,51672,0.0) /opt/FortiEDRCollector/bin/FortiEDRAvScanner (root,0,0,0.4) [kSocketWorker] (root,0,0,0.0) [UserSpaceWorker] (root,0,0,0.0) [kworker/6:0] (root,0,0,0.0) [kworker/u256:0] (root,0,0,0.0) [kworker/6:1] (root,111960,12316,0.0) /usr/bin/containerd-shim-runc-v2 -namespace moby -id a7d140e4cd98b3f5551383f1a1e2bef295b33e28e77adf8329450ad3fbc091c3 -address /run/containerd/containerd.sock (root,111960,9960,0.0) /usr/bin/containerd-shim-runc-v2 -namespace moby -id a49f6b3aa9e7735cf9c40a35154aac744335e43cbcb2d25315c19477693269a6 -address /run/containerd/containerd.sock (root,14178288,1484924,0.6) java -jar oas-0.0.1-SNAPSHOT.jar (root,13185504,1183888,0.2) java -jar mpsc_oas_audit-0.0.1-SNAPSHOT.jar (root,0,0,0.0) [kworker/2:0] (root,0,0,0.0) [kworker/0:2] (root,0,0,0.0) [kworker/1:0] (root,0,0,0.0) [kworker/3:1] (root,0,0,0.0) [kworker/2:1] (root,0,0,0.0) [kworker/0:0] (root,0,0,0.0) [kworker/u256:2] (root,0,0,0.0) [kworker/7:0] (root,0,0,0.0) [kworker/0:1] (root,178324,2500,0.0) /usr/sbin/CROND -n (root,113284,1208,0.0) /bin/sh -c /bin/sh /usr/local/sbin/system-mon.sh > /dev/null 2>&1 (root,113288,1420,0.0) /bin/sh /usr/local/sbin/system-mon.sh (root,108136,728,0.0) sar -u 5 2 (root,113316,956,0.1) sadc 5 3 -z (root,115416,1604,0.0) /bin/bash /usr/bin/check_mk_agent (root,47540,1656,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,13328,928,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca9d3f4caa
Found public CheckMk agent: Version: 1.2.4b7 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,191168,4192,0.0) /usr/lib/systemd/systemd --switched-root --system --deserialize 21 (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [kworker/0:0H] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [rcu_bh] (root,0,0,0.0) [rcu_sched] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [kworker/1:0H] (root,0,0,0.0) [watchdog/2] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [kworker/2:0H] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [migration/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [kworker/3:0H] (root,0,0,0.0) [watchdog/4] (root,0,0,0.0) [migration/4] (root,0,0,0.0) [ksoftirqd/4] (root,0,0,0.0) [kworker/4:0H] (root,0,0,0.0) [watchdog/5] (root,0,0,0.0) [migration/5] (root,0,0,0.0) [ksoftirqd/5] (root,0,0,0.0) [kworker/5:0H] (root,0,0,0.0) [watchdog/6] (root,0,0,0.0) [migration/6] (root,0,0,0.0) [ksoftirqd/6] (root,0,0,0.0) [kworker/6:0H] (root,0,0,0.0) [watchdog/7] (root,0,0,0.0) [migration/7] (root,0,0,0.0) [ksoftirqd/7] (root,0,0,0.0) [kworker/7:0H] (root,0,0,0.0) [khelper] (root,0,0,0.0) [kdevtmpfs] (root,0,0,0.0) [netns] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [writeback] (root,0,0,0.0) [kintegrityd] (root,0,0,0.0) [bioset] (root,0,0,0.0) [kblockd] (root,0,0,0.0) [md] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [fsnotify_mark] (root,0,0,0.0) [crypto] (root,0,0,0.0) [kthrotld] (root,0,0,0.0) [kmpath_rdacd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [ipv6_addrconf] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kauditd] (root,0,0,0.0) [ata_sff] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_tmf_0] (root,0,0,0.0) [scsi_eh_1] (root,0,0,0.0) [scsi_tmf_1] (root,0,0,0.0) [mpt_poll_0] (root,0,0,0.0) [mpt/0] (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [scsi_tmf_2] (root,0,0,0.0) [ttm_swap] (root,0,0,0.0) [kworker/0:1H] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [bioset] (root,0,0,0.0) [kworker/5:1H] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-rsv-conver] (root,98868,45956,0.0) /usr/lib/systemd/systemd-journald (root,274676,1724,0.0) /usr/sbin/lvmetad -f (root,43588,1832,0.0) /usr/lib/systemd/systemd-udevd (root,0,0,0.0) [nfit] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [bioset] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [bioset] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [bioset] (root,0,0,0.0) [jbd2/dm-3-8] (root,0,0,0.0) [ext4-rsv-conver] (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-rsv-conver] (root,0,0,0.0) [kworker/1:1H] (root,0,0,0.0) [jbd2/dm-1-8] (root,0,0,0.0) [ext4-rsv-conver] (root,0,0,0.0) [jbd2/dm-2-8] (root,0,0,0.0) [ext4-rsv-conver] (root,0,0,0.0) [rpciod] (root,55536,1080,0.0) /sbin/auditd (root,281476,49488,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daemonize (root,482636,25884,0.0) /usr/sbin/rsyslogd -n (root,19376,1312,0.0) /usr/sbin/irqbalance --foreground (rpc,65064,1448,0.0) /sbin/rpcbind -w (root,24256,1744,0.0) /usr/lib/systemd/systemd-logind (dbus,24444,1772,0.0) /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation (root,0,0,0.0) [kworker/4:1H] (polkitd,527740,12168,0.0) /usr/lib/polkit-1/polkitd --no-debug (root,27172,1096,0.0) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid (root,988428,52404,0.0) /usr/bin/containerd (root,0,0,0.0) [kworker/2:1H] (root,195212,1240,0.0) /usr/sbin/gssproxy -D (root,83220,1416,0.0) /usr/sbin/sshd (root,0,0,0.0) [kworker/6:1H] (root,0,0,0.0) [kworker/3:1H] (root,196520,8876,0.0) /usr/sbin/vmtoolsd (root,57176,5912,0.0) /usr/lib/vmware-vgauth/VGAuthService -s (root,327796,42912,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --config=/etc/puppetlabs/mcollective/server.cfg --pidfile=/var/run/puppetlabs/mcollective.pid --daemonize (root,359580,12476,0.0) /opt/commvault/Base/cvlaunchd (root,3047772,222176,0.0) /opt/commvault/Base/cvd (root,598372,63240,0.0) /opt/commvault/Base/ClMgrS (root,115172,6680,0.0) /opt/commvault/Base/cvfwd (root,0,0,0.0) [kworker/7:1H] (root,1280364,148908,0.7) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock (rpcuser,42444,1756,0.0) /usr/sbin/rpc.statd (root,0,0,0.0) [nfsiod] (root,0,0,0.0) [lockd] (root,126388,1600,0.0) /usr/sbin/crond -n (root,110200,852,0.0) /sbin/agetty --noclear tty1 linux (root,0,0,0.0) [kworker/6:2] (root,0,0,0.0) [kworker/6:1] (root,0,0,0.0) [kworker/6:0] (root,0,0,0.0) [kworker/7:0] (root,0,0,0.0) [kworker/5:0] (root,0,0,0.0) [kworker/2:2] (root,0,0,0.0) [kworker/4:0] (root,0,0,0.0) [kworker/1:1] (root,0,0,0.0) [kworker/3:0] (root,0,0,0.0) [kworker/0:2] (root,0,0,0.0) [kworker/1:0] (root,0,0,0.0) [kworker/u256:0] (root,1610976,238132,1.1) /opt/FortiEDRCollector/bin/FortiEDRCollector (root,955376,52932,0.0) /opt/FortiEDRCollector/bin/FortiEDRAvScanner (root,0,0,0.4) [kSocketWorker] (root,0,0,0.0) [UserSpaceWorker] (root,0,0,0.0) [kworker/3:2] (root,0,0,0.0) [kworker/7:2] (root,0,0,0.0) [kworker/4:1] (root,0,0,0.0) [kworker/u256:2] (root,0,0,0.0) [kworker/0:1] (root,0,0,0.0) [kworker/2:0] (root,0,0,0.0) [kworker/5:2] (root,111960,12284,0.0) /usr/bin/containerd-shim-runc-v2 -namespace moby -id a7d140e4cd98b3f5551383f1a1e2bef295b33e28e77adf8329450ad3fbc091c3 -address /run/containerd/containerd.sock (root,111960,10052,0.0) /usr/bin/containerd-shim-runc-v2 -namespace moby -id a49f6b3aa9e7735cf9c40a35154aac744335e43cbcb2d25315c19477693269a6 -address /run/containerd/containerd.sock (root,13611780,1308236,0.2) java -jar oas-0.0.1-SNAPSHOT.jar (root,13185504,1205760,0.2) java -jar mpsc_oas_audit-0.0.1-SNAPSHOT.jar (root,0,0,0.0) [kworker/u256:1] (root,115416,1608,0.0) /bin/bash /usr/bin/check_mk_agent (root,47540,1656,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,13328,928,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /