LeakIX - Host 176.31.202.83

Host 176.31.202.83

France

OVH SAS

Ubuntu

Software information

Apache Apache 2.4.7

tcp/80

CheckMK monitoring endpoint publicly available

An open CheckMK agent is publicly available.

This could leak sensitive information such as :

Process list ( maybe credentials )
Network interfaces
Running services
Firewall rules
Internal OS configuration

https://docs.checkmk.com/latest/en/wato_monitoringagents.html

IP: 176.31.202.83
Port: 6556

First seen 2024-09-11 01:40
Last seen 2024-12-22 00:58
Open for 101 days

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ceb698006a

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1734829113
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2536 00:00:21 169-13:59:40 1 /sbin/init
- root 0 0 00:00:00 169-13:59:40 2 [kthreadd]
- root 0 0 00:00:18 169-13:59:40 3 [ksoftirqd/0]
- root 0 0 00:00:00 169-13:59:40 4 [kworker/0:0]
- root 0 0 00:00:00 169-13:59:40 5 [kworker/0:0H]
- root 0 0 00:08:30 169-13:59:40 7 [rcu_sched]
- root 0 0 00:07:46 169-13:59:40 8 [rcuos/0]
- root 0 0 00:07:25 169-13:59:40 9 [rcuos/1]
- root 0 0 00:00:00 169-13:59:40 10 [rcu_bh]
- root 0 0 00:00:00 169-13:59:40 11 [rcuob/0]
- root 0 0 00:00:00 169-13:59:40 12 [rcuob/1]
- root 0 0 00:01:33 169-13:59:40 13 [migration/0]
- root 0 0 00:00:48 169-13:59:40 14 [watchdog/0]
- root 0 0 00:00:41 169-13:59:40 15 [watchdog/1]
- root 0 0 00:01:31 169-13:59:40 16 [migration/1]
- root 0 0 00:00:10 169-13:59:40 17 [ksoftirqd/1]
- root 0 0 00:00:00 169-13:59:40 19 [kworker/1:0H]
- root 0 0 00:00:00 169-13:59:40 20 [khelper]
- root 0 0 00:00:00 169-13:59:40 21 [kdevtmpfs]
- root 0 0 00:00:00 169-13:59:40 22 [netns]
- root 0 0 00:00:00 169-13:59:40 23 [writeback]
- root 0 0 00:00:00 169-13:59:40 24 [kintegrityd]
- root 0 0 00:00:00 169-13:59:40 25 [bioset]
- root 0 0 00:00:00 169-13:59:40 27 [kblockd]
- root 0 0 00:00:00 169-13:59:40 28 [ata_sff]
- root 0 0 00:00:00 169-13:59:40 29 [khubd]
- root 0 0 00:00:00 169-13:59:40 30 [md]
- root 0 0 00:00:00 169-13:59:40 31 [devfreq_wq]
- root 0 0 00:05:19 169-13:59:40 32 [kworker/0:1]
- root 0 0 00:08:32 169-13:59:40 33 [kworker/1:1]
- root 0 0 00:00:05 169-13:59:40 35 [khungtaskd]
- root 0 0 00:15:01 169-13:59:40 36 [kswapd0]
- root 0 0 00:00:00 169-13:59:40 37 [vmstat]
- root 0 0 00:00:00 169-13:59:40 38 [ksmd]
- root 0 0 00:01:14 169-13:59:40 39 [khugepaged]
- root 0 0 00:00:00 169-13:59:40 40 [fsnotify_mark]
- root 0 0 00:00:00 169-13:59:40 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 169-13:59:40 42 [crypto]
- root 0 0 00:00:00 169-13:59:40 54 [kthrotld]
- root 0 0 00:00:00 169-13:59:40 56 [scsi_eh_0]
- root 0 0 00:00:00 169-13:59:40 57 [scsi_eh_1]
- root 0 0 00:00:00 169-13:59:40 78 [deferwq]
- root 0 0 00:00:00 169-13:59:40 79 [charger_manager]
- root 0 0 00:00:00 169-13:59:40 124 [kpsmoused]
- root 0 0 00:00:00 169-13:59:40 125 [mpt_poll_0]
- root 0 0 00:00:00 169-13:59:40 126 [mpt/0]
- root 0 0 00:00:00 169-13:59:39 127 [scsi_eh_2]
- root 0 0 00:00:00 169-13:59:39 128 [ttm_swap]
- root 0 0 00:04:45 169-13:59:34 178 [jbd2/sda1-8]
- root 0 0 00:00:00 169-13:59:34 179 [ext4-rsv-conver]
- root 28808 1124 00:00:00 169-13:59:34 216 mountall --daemon
- root 19608 732 00:00:00 169-13:59:34 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 169-13:59:34 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1284 00:00:00 169-13:59:34 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 169-13:59:34 432 /lib/systemd/systemd-logind
- syslog 269660 1432 00:01:16 169-13:59:34 435 rsyslogd
- root 15804 992 00:00:00 169-13:59:33 671 upstart-file-bridge --daemon
- root 165340 2396 00:05:01 169-13:59:33 687 sssd -i -f
- root 15260 576 00:00:00 169-13:59:33 697 upstart-socket-bridge --daemon
- root 180020 7444 00:47:53 169-13:59:33 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151240 3500 00:16:44 169-13:59:33 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137316 3016 00:02:55 169-13:59:33 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2280 00:02:36 169-13:59:33 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 169-13:59:33 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 169-13:59:33 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 169-13:59:33 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 169-13:59:33 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 169-13:59:33 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:02:37 169-13:59:33 845 /usr/sbin/sshd -D
- root 25896 908 00:01:02 169-13:59:33 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:21 169-13:59:33 851 cron
- daemon 35128 316 00:00:00 169-13:59:33 853 atd
- whoopsie 344444 2100 00:00:32 169-13:59:32 860 whoopsie
- root 4368 520 00:00:00 169-13:59:32 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:15:46 169-13:59:32 883 /usr/sbin/irqbalance
- mysql 632796 173384 05:09:07 169-13:59:32 1063 /usr/sbin/mysqld
- Debian-exim 63920 928 00:00:03 169-13:59:32 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2264 00:00:26 169-13:59:30 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 255180 04:25:53 169-13:59:30 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 193988 18152 05:44:10 169-13:59:30 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 169-13:59:29 1728 /sbin/getty -8 38400 tty1
- root 0 0 00:00:00 11-23:39:21 4306 [kworker/u5:1]
2:name=systemd:/user/5028.user/2.session www-data 396612 25320 00:00:00 6-16:31:47 5260 /usr/sbin/apache2 -k start
- root 91792 2624 02:13:54 169-13:59:08 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 169-13:59:07 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 169-13:57:35 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 396160 27008 00:00:00 6-19:17:57 14829 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 393680 26076 00:00:00 6-19:17:57 14832 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 395744 23476 00:00:00 6-14:52:20 18845 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 42:19 19384 [kworker/u4:0]
2:name=systemd:/user/5028.user/2.session www-data 395760 23376 00:00:00 6-14:43:51 20078 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 397692 29036 00:00:00 6-14:43:50 20079 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 27:26 21420 [kworker/u4:2]
2:name=systemd:/user/5028.user/2.session www-data 378892 19532 00:00:00 3-05:27:14 22589 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 93-09:24:22 23423 [kworker/1:0]
- root 0 0 00:00:00 03:39 24685 [kworker/u4:1]
- root 34636 3056 00:00:00 00:00 25343 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:00 25365 /bin/bash /usr/bin/check_mk_agent
- root 34644 1892 00:00:00 00:00 25366 /bin/bash /usr/bin/check_mk_agent
- root 8904 584 00:00:00 00:00 25368 cat
- root 34708 1932 00:00:00 00:00 25401 /bin/bash /usr/bin/check_mk_agent
- root 31008 1456 00:00:00 00:00 25402 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 25403 tr -s 
2:name=systemd:/user/5028.user/2.session www-data 375704 19712 00:00:00 1-18:31:48 25980 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 378336 20108 00:00:00 1-18:31:46 25990 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 378380 20696 00:00:00 1-18:31:37 26004 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 49-19:06:34 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session root 372192 19136 00:04:54 122-12:49:31 29938 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-12-22 00:58

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169cec61dc17a

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1734654612
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2624 00:00:21 167-13:31:18 1 /sbin/init
- root 0 0 00:00:00 167-13:31:18 2 [kthreadd]
- root 0 0 00:00:18 167-13:31:18 3 [ksoftirqd/0]
- root 0 0 00:00:00 167-13:31:18 4 [kworker/0:0]
- root 0 0 00:00:00 167-13:31:18 5 [kworker/0:0H]
- root 0 0 00:08:24 167-13:31:18 7 [rcu_sched]
- root 0 0 00:07:40 167-13:31:18 8 [rcuos/0]
- root 0 0 00:07:19 167-13:31:18 9 [rcuos/1]
- root 0 0 00:00:00 167-13:31:18 10 [rcu_bh]
- root 0 0 00:00:00 167-13:31:18 11 [rcuob/0]
- root 0 0 00:00:00 167-13:31:18 12 [rcuob/1]
- root 0 0 00:01:32 167-13:31:18 13 [migration/0]
- root 0 0 00:00:47 167-13:31:18 14 [watchdog/0]
- root 0 0 00:00:40 167-13:31:18 15 [watchdog/1]
- root 0 0 00:01:30 167-13:31:18 16 [migration/1]
- root 0 0 00:00:10 167-13:31:18 17 [ksoftirqd/1]
- root 0 0 00:00:00 167-13:31:18 19 [kworker/1:0H]
- root 0 0 00:00:00 167-13:31:18 20 [khelper]
- root 0 0 00:00:00 167-13:31:18 21 [kdevtmpfs]
- root 0 0 00:00:00 167-13:31:18 22 [netns]
- root 0 0 00:00:00 167-13:31:18 23 [writeback]
- root 0 0 00:00:00 167-13:31:18 24 [kintegrityd]
- root 0 0 00:00:00 167-13:31:18 25 [bioset]
- root 0 0 00:00:00 167-13:31:18 27 [kblockd]
- root 0 0 00:00:00 167-13:31:18 28 [ata_sff]
- root 0 0 00:00:00 167-13:31:18 29 [khubd]
- root 0 0 00:00:00 167-13:31:18 30 [md]
- root 0 0 00:00:00 167-13:31:18 31 [devfreq_wq]
- root 0 0 00:05:14 167-13:31:18 32 [kworker/0:1]
- root 0 0 00:08:27 167-13:31:18 33 [kworker/1:1]
- root 0 0 00:00:05 167-13:31:18 35 [khungtaskd]
- root 0 0 00:14:51 167-13:31:18 36 [kswapd0]
- root 0 0 00:00:00 167-13:31:18 37 [vmstat]
- root 0 0 00:00:00 167-13:31:18 38 [ksmd]
- root 0 0 00:01:13 167-13:31:18 39 [khugepaged]
- root 0 0 00:00:00 167-13:31:18 40 [fsnotify_mark]
- root 0 0 00:00:00 167-13:31:18 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 167-13:31:18 42 [crypto]
- root 0 0 00:00:00 167-13:31:18 54 [kthrotld]
- root 0 0 00:00:00 167-13:31:18 56 [scsi_eh_0]
- root 0 0 00:00:00 167-13:31:18 57 [scsi_eh_1]
- root 0 0 00:00:00 167-13:31:18 78 [deferwq]
- root 0 0 00:00:00 167-13:31:18 79 [charger_manager]
- root 0 0 00:00:00 167-13:31:18 124 [kpsmoused]
- root 0 0 00:00:00 167-13:31:18 125 [mpt_poll_0]
- root 0 0 00:00:00 167-13:31:18 126 [mpt/0]
- root 0 0 00:00:00 167-13:31:17 127 [scsi_eh_2]
- root 0 0 00:00:00 167-13:31:17 128 [ttm_swap]
- root 0 0 00:04:42 167-13:31:12 178 [jbd2/sda1-8]
- root 0 0 00:00:00 167-13:31:12 179 [ext4-rsv-conver]
- root 28808 1140 00:00:00 167-13:31:12 216 mountall --daemon
- root 19608 740 00:00:00 167-13:31:12 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 167-13:31:12 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1148 00:00:00 167-13:31:12 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 167-13:31:12 432 /lib/systemd/systemd-logind
- syslog 269660 1456 00:01:15 167-13:31:12 435 rsyslogd
- root 15804 1024 00:00:00 167-13:31:11 671 upstart-file-bridge --daemon
- root 165340 2396 00:04:58 167-13:31:11 687 sssd -i -f
- root 15260 616 00:00:00 167-13:31:11 697 upstart-socket-bridge --daemon
- root 180020 7444 00:47:26 167-13:31:11 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151240 3596 00:16:31 167-13:31:11 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137316 3224 00:02:52 167-13:31:11 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2308 00:02:34 167-13:31:11 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 167-13:31:11 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 167-13:31:11 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 167-13:31:11 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 167-13:31:11 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 167-13:31:11 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:02:35 167-13:31:11 845 /usr/sbin/sshd -D
- root 25896 908 00:01:01 167-13:31:11 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:21 167-13:31:11 851 cron
- daemon 35128 340 00:00:00 167-13:31:11 853 atd
- whoopsie 344444 2124 00:00:31 167-13:31:10 860 whoopsie
- root 4368 520 00:00:00 167-13:31:10 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:15:35 167-13:31:10 883 /usr/sbin/irqbalance
- mysql 632796 173260 05:05:26 167-13:31:10 1063 /usr/sbin/mysqld
- Debian-exim 63920 928 00:00:03 167-13:31:10 1335 /usr/sbin/exim4 -bd -q30m
- root 495952 3124 00:00:25 167-13:31:08 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 253092 04:22:38 167-13:31:08 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 193732 18000 05:35:26 167-13:31:08 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 167-13:31:07 1728 /sbin/getty -8 38400 tty1
- root 0 0 00:00:00 9-23:10:59 4306 [kworker/u5:1]
2:name=systemd:/user/5028.user/2.session www-data 396612 25280 00:00:00 4-16:03:25 5260 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 00:06 5907 [kworker/u4:0]
- root 72184 3216 00:00:00 00:04 5908 sshd: [accepted] 
- root 34636 3052 00:00:00 00:00 6012 /bin/bash /usr/bin/check_mk_agent
- root 72184 3212 00:00:00 00:00 6024 sshd: [accepted] 
- root 34736 2408 00:00:00 00:00 6039 /bin/bash /usr/bin/check_mk_agent
- root 34644 1888 00:00:00 00:00 6040 /bin/bash /usr/bin/check_mk_agent
- root 8904 584 00:00:00 00:00 6043 cat
- root 34708 1928 00:00:00 00:00 6075 /bin/bash /usr/bin/check_mk_agent
- root 31008 1460 00:00:00 00:00 6076 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 6077 tr -s 
- root 91792 2624 02:12:16 167-13:30:46 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 167-13:30:45 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 167-13:29:13 11727 [kauditd]
- root 0 0 00:00:00 02:47:13 14515 [kworker/u4:2]
2:name=systemd:/user/5028.user/2.session www-data 393308 21996 00:00:00 4-18:49:35 14829 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 395784 25284 00:00:00 4-18:49:35 14830 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 391792 17768 00:00:00 4-18:49:35 14832 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 395608 23020 00:00:00 4-18:20:25 18839 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 395744 23468 00:00:00 4-14:23:58 18845 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376616 19740 00:00:00 4-14:15:30 20077 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 391800 17460 00:00:00 4-14:15:29 20078 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 397692 29064 00:00:00 4-14:15:28 20079 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374632 15136 00:00:00 1-04:58:52 22589 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 91-08:56:00 23423 [kworker/1:0]
- root 0 0 00:00:00 47-18:38:12 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session root 372192 19088 00:04:49 120-12:21:09 29938 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 56:17 30006 [kworker/u4:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-12-20 00:30

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ce6afde556

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1734486248
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2328 00:00:21 165-14:45:15 1 /sbin/init
- root 0 0 00:00:00 165-14:45:15 2 [kthreadd]
- root 0 0 00:00:17 165-14:45:15 3 [ksoftirqd/0]
- root 0 0 00:00:00 165-14:45:15 4 [kworker/0:0]
- root 0 0 00:00:00 165-14:45:15 5 [kworker/0:0H]
- root 0 0 00:08:19 165-14:45:15 7 [rcu_sched]
- root 0 0 00:07:35 165-14:45:15 8 [rcuos/0]
- root 0 0 00:07:15 165-14:45:15 9 [rcuos/1]
- root 0 0 00:00:00 165-14:45:15 10 [rcu_bh]
- root 0 0 00:00:00 165-14:45:15 11 [rcuob/0]
- root 0 0 00:00:00 165-14:45:15 12 [rcuob/1]
- root 0 0 00:01:31 165-14:45:15 13 [migration/0]
- root 0 0 00:00:47 165-14:45:15 14 [watchdog/0]
- root 0 0 00:00:40 165-14:45:15 15 [watchdog/1]
- root 0 0 00:01:29 165-14:45:15 16 [migration/1]
- root 0 0 00:00:10 165-14:45:15 17 [ksoftirqd/1]
- root 0 0 00:00:00 165-14:45:15 19 [kworker/1:0H]
- root 0 0 00:00:00 165-14:45:15 20 [khelper]
- root 0 0 00:00:00 165-14:45:15 21 [kdevtmpfs]
- root 0 0 00:00:00 165-14:45:15 22 [netns]
- root 0 0 00:00:00 165-14:45:15 23 [writeback]
- root 0 0 00:00:00 165-14:45:15 24 [kintegrityd]
- root 0 0 00:00:00 165-14:45:15 25 [bioset]
- root 0 0 00:00:00 165-14:45:15 27 [kblockd]
- root 0 0 00:00:00 165-14:45:15 28 [ata_sff]
- root 0 0 00:00:00 165-14:45:15 29 [khubd]
- root 0 0 00:00:00 165-14:45:15 30 [md]
- root 0 0 00:00:00 165-14:45:15 31 [devfreq_wq]
- root 0 0 00:05:10 165-14:45:15 32 [kworker/0:1]
- root 0 0 00:08:21 165-14:45:15 33 [kworker/1:1]
- root 0 0 00:00:05 165-14:45:15 35 [khungtaskd]
- root 0 0 00:14:43 165-14:45:15 36 [kswapd0]
- root 0 0 00:00:00 165-14:45:15 37 [vmstat]
- root 0 0 00:00:00 165-14:45:15 38 [ksmd]
- root 0 0 00:01:12 165-14:45:15 39 [khugepaged]
- root 0 0 00:00:00 165-14:45:15 40 [fsnotify_mark]
- root 0 0 00:00:00 165-14:45:15 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 165-14:45:15 42 [crypto]
- root 0 0 00:00:00 165-14:45:15 54 [kthrotld]
- root 0 0 00:00:00 165-14:45:15 56 [scsi_eh_0]
- root 0 0 00:00:00 165-14:45:15 57 [scsi_eh_1]
- root 0 0 00:00:00 165-14:45:15 78 [deferwq]
- root 0 0 00:00:00 165-14:45:15 79 [charger_manager]
- root 0 0 00:00:00 165-14:45:15 124 [kpsmoused]
- root 0 0 00:00:00 165-14:45:15 125 [mpt_poll_0]
- root 0 0 00:00:00 165-14:45:15 126 [mpt/0]
- root 0 0 00:00:00 165-14:45:14 127 [scsi_eh_2]
- root 0 0 00:00:00 165-14:45:14 128 [ttm_swap]
- root 0 0 00:04:39 165-14:45:09 178 [jbd2/sda1-8]
- root 0 0 00:00:00 165-14:45:09 179 [ext4-rsv-conver]
- root 28808 1144 00:00:00 165-14:45:09 216 mountall --daemon
- root 19608 740 00:00:00 165-14:45:09 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 165-14:45:09 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 964 00:00:00 165-14:45:09 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 165-14:45:09 432 /lib/systemd/systemd-logind
- syslog 269660 1264 00:01:14 165-14:45:09 435 rsyslogd
- root 15804 1036 00:00:00 165-14:45:08 671 upstart-file-bridge --daemon
- root 165340 2396 00:04:54 165-14:45:08 687 sssd -i -f
- root 15260 632 00:00:00 165-14:45:08 697 upstart-socket-bridge --daemon
- root 180020 7304 00:46:53 165-14:45:08 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151240 3152 00:16:20 165-14:45:08 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137316 3032 00:02:50 165-14:45:08 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2308 00:02:32 165-14:45:08 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 165-14:45:08 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 165-14:45:08 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 165-14:45:08 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 165-14:45:08 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 165-14:45:08 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:02:32 165-14:45:08 845 /usr/sbin/sshd -D
- root 25896 908 00:01:01 165-14:45:08 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:21 165-14:45:08 851 cron
- daemon 35128 188 00:00:00 165-14:45:08 853 atd
- whoopsie 344444 1964 00:00:31 165-14:45:07 860 whoopsie
- root 4368 520 00:00:00 165-14:45:07 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:15:24 165-14:45:07 883 /usr/sbin/irqbalance
- mysql 632796 171484 05:01:48 165-14:45:07 1063 /usr/sbin/mysqld
- Debian-exim 63920 892 00:00:03 165-14:45:07 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 1912 00:00:24 165-14:45:05 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 252976 04:19:31 165-14:45:05 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 193732 17844 05:27:03 165-14:45:05 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 165-14:45:04 1728 /sbin/getty -8 38400 tty1
- root 0 0 00:00:00 8-00:24:56 4306 [kworker/u5:1]
- root 34636 3060 00:00:00 00:01 5247 /bin/bash /usr/bin/check_mk_agent
2:name=systemd:/user/5028.user/2.session www-data 393508 21728 00:00:00 2-17:17:22 5260 /usr/sbin/apache2 -k start
- root 34736 2416 00:00:00 00:00 5270 /bin/bash /usr/bin/check_mk_agent
- root 34644 1896 00:00:00 00:00 5271 /bin/bash /usr/bin/check_mk_agent
- root 8904 584 00:00:00 00:00 5272 cat
- root 34708 1936 00:00:00 00:00 5306 /bin/bash /usr/bin/check_mk_agent
- root 31008 1452 00:00:00 00:00 5307 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 5308 tr -s 
- root 91792 2624 02:10:41 165-14:44:43 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 165-14:44:42 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 165-14:43:10 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 393308 21784 00:00:00 2-20:03:32 14829 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 395784 24928 00:00:00 2-20:03:32 14830 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 391792 17468 00:00:00 2-20:03:32 14832 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 395608 22708 00:00:00 2-19:34:22 18839 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 395744 23228 00:00:00 2-15:37:55 18845 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 396340 25436 00:00:00 2-15:29:28 20076 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376616 19560 00:00:00 2-15:29:27 20077 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 391800 17036 00:00:00 2-15:29:26 20078 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 397692 25912 00:00:00 2-15:29:25 20079 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 01:35:58 21873 [kworker/u4:0]
- root 0 0 00:00:00 89-10:09:57 23423 [kworker/1:0]
- root 0 0 00:00:00 45-19:52:09 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session root 372192 19128 00:04:45 118-13:35:06 29938 /usr/sbin/apache2 -k start
- root 0 0 00:00:01 32:06 31581 [kworker/u4:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-12-18 01:44

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ce297dea9a

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1734306570
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2560 00:00:21 163-12:50:37 1 /sbin/init
- root 0 0 00:00:00 163-12:50:37 2 [kthreadd]
- root 0 0 00:00:17 163-12:50:37 3 [ksoftirqd/0]
- root 0 0 00:00:00 163-12:50:37 4 [kworker/0:0]
- root 0 0 00:00:00 163-12:50:37 5 [kworker/0:0H]
- root 0 0 00:08:12 163-12:50:37 7 [rcu_sched]
- root 0 0 00:07:28 163-12:50:37 8 [rcuos/0]
- root 0 0 00:07:08 163-12:50:37 9 [rcuos/1]
- root 0 0 00:00:00 163-12:50:37 10 [rcu_bh]
- root 0 0 00:00:00 163-12:50:37 11 [rcuob/0]
- root 0 0 00:00:00 163-12:50:37 12 [rcuob/1]
- root 0 0 00:01:30 163-12:50:37 13 [migration/0]
- root 0 0 00:00:46 163-12:50:37 14 [watchdog/0]
- root 0 0 00:00:39 163-12:50:37 15 [watchdog/1]
- root 0 0 00:01:28 163-12:50:37 16 [migration/1]
- root 0 0 00:00:10 163-12:50:37 17 [ksoftirqd/1]
- root 0 0 00:00:00 163-12:50:37 19 [kworker/1:0H]
- root 0 0 00:00:00 163-12:50:37 20 [khelper]
- root 0 0 00:00:00 163-12:50:37 21 [kdevtmpfs]
- root 0 0 00:00:00 163-12:50:37 22 [netns]
- root 0 0 00:00:00 163-12:50:37 23 [writeback]
- root 0 0 00:00:00 163-12:50:37 24 [kintegrityd]
- root 0 0 00:00:00 163-12:50:37 25 [bioset]
- root 0 0 00:00:00 163-12:50:37 27 [kblockd]
- root 0 0 00:00:00 163-12:50:37 28 [ata_sff]
- root 0 0 00:00:00 163-12:50:37 29 [khubd]
- root 0 0 00:00:00 163-12:50:37 30 [md]
- root 0 0 00:00:00 163-12:50:37 31 [devfreq_wq]
- root 0 0 00:05:05 163-12:50:37 32 [kworker/0:1]
- root 0 0 00:08:15 163-12:50:37 33 [kworker/1:1]
- root 0 0 00:00:05 163-12:50:37 35 [khungtaskd]
- root 0 0 00:14:29 163-12:50:37 36 [kswapd0]
- root 0 0 00:00:00 163-12:50:37 37 [vmstat]
- root 0 0 00:00:00 163-12:50:37 38 [ksmd]
- root 0 0 00:01:11 163-12:50:37 39 [khugepaged]
- root 0 0 00:00:00 163-12:50:37 40 [fsnotify_mark]
- root 0 0 00:00:00 163-12:50:37 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 163-12:50:37 42 [crypto]
- root 0 0 00:00:00 163-12:50:37 54 [kthrotld]
- root 0 0 00:00:00 163-12:50:37 56 [scsi_eh_0]
- root 0 0 00:00:00 163-12:50:37 57 [scsi_eh_1]
- root 0 0 00:00:00 163-12:50:37 78 [deferwq]
- root 0 0 00:00:00 163-12:50:37 79 [charger_manager]
- root 0 0 00:00:00 163-12:50:37 124 [kpsmoused]
- root 0 0 00:00:00 163-12:50:37 125 [mpt_poll_0]
- root 0 0 00:00:00 163-12:50:37 126 [mpt/0]
- root 0 0 00:00:00 163-12:50:36 127 [scsi_eh_2]
- root 0 0 00:00:00 163-12:50:36 128 [ttm_swap]
- root 0 0 00:04:35 163-12:50:31 178 [jbd2/sda1-8]
- root 0 0 00:00:00 163-12:50:31 179 [ext4-rsv-conver]
- root 28808 1168 00:00:00 163-12:50:31 216 mountall --daemon
- root 19608 752 00:00:00 163-12:50:31 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 163-12:50:31 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1124 00:00:00 163-12:50:31 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 163-12:50:31 432 /lib/systemd/systemd-logind
- syslog 269660 1320 00:01:13 163-12:50:31 435 rsyslogd
- root 15804 1084 00:00:00 163-12:50:30 671 upstart-file-bridge --daemon
- root 165340 2396 00:04:50 163-12:50:30 687 sssd -i -f
- root 15260 464 00:00:00 163-12:50:30 697 upstart-socket-bridge --daemon
- root 180020 7452 00:46:22 163-12:50:30 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151240 3660 00:16:07 163-12:50:30 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137316 3088 00:02:48 163-12:50:30 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2412 00:02:30 163-12:50:30 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 163-12:50:30 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 163-12:50:30 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 163-12:50:30 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 163-12:50:30 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 163-12:50:30 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:02:29 163-12:50:30 845 /usr/sbin/sshd -D
- root 25896 908 00:01:00 163-12:50:30 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:21 163-12:50:30 851 cron
- daemon 35128 192 00:00:00 163-12:50:30 853 atd
- whoopsie 344444 2000 00:00:31 163-12:50:29 860 whoopsie
- root 4368 520 00:00:00 163-12:50:29 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:15:12 163-12:50:29 883 /usr/sbin/irqbalance
- mysql 632796 173872 04:58:06 163-12:50:29 1063 /usr/sbin/mysqld
- root 0 0 00:00:00 17:06 1272 [kworker/u4:1]
- Debian-exim 63920 928 00:00:03 163-12:50:29 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2132 00:00:24 163-12:50:27 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 255740 04:16:03 163-12:50:27 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 193476 17756 05:18:11 163-12:50:27 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 163-12:50:26 1728 /sbin/getty -8 38400 tty1
- root 34636 3060 00:00:00 00:00 3969 /bin/bash /usr/bin/check_mk_agent
- root 34736 2416 00:00:00 00:00 3992 /bin/bash /usr/bin/check_mk_agent
- root 34644 1896 00:00:00 00:00 3993 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 3994 cat
- root 34708 1936 00:00:00 00:00 4028 /bin/bash /usr/bin/check_mk_agent
- root 31008 1452 00:00:00 00:00 4029 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 4030 tr -s 
- root 0 0 00:00:00 5-22:30:18 4306 [kworker/u5:1]
2:name=systemd:/user/5028.user/2.session www-data 375472 19112 00:00:00 15:22:44 5260 /usr/sbin/apache2 -k start
- root 91792 2624 02:09:01 163-12:50:05 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 163-12:50:04 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 163-12:48:32 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 376584 21696 00:00:00 18:08:54 14829 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 379100 24068 00:00:00 18:08:54 14830 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374636 15596 00:00:00 18:08:54 14832 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 378840 21704 00:00:00 17:39:44 18839 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375664 19916 00:00:00 13:43:17 18845 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376900 23696 00:00:00 13:34:50 20076 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375700 19944 00:00:00 13:34:49 20077 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374628 15564 00:00:00 13:34:48 20078 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376596 22060 00:00:00 13:34:47 20079 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 87-08:15:19 23423 [kworker/1:0]
- root 0 0 00:00:00 43-17:57:31 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session root 372192 25676 00:04:40 116-11:40:28 29938 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 27:47 32059 [kworker/u4:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-12-15 23:49

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ce98c61180

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1734134728
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2648 00:00:20 161-13:06:35 1 /sbin/init
- root 0 0 00:00:00 161-13:06:35 2 [kthreadd]
- root 0 0 00:00:17 161-13:06:35 3 [ksoftirqd/0]
- root 0 0 00:00:00 161-13:06:35 4 [kworker/0:0]
- root 0 0 00:00:00 161-13:06:35 5 [kworker/0:0H]
- root 0 0 00:08:06 161-13:06:35 7 [rcu_sched]
- root 0 0 00:07:23 161-13:06:35 8 [rcuos/0]
- root 0 0 00:07:03 161-13:06:35 9 [rcuos/1]
- root 0 0 00:00:00 161-13:06:35 10 [rcu_bh]
- root 0 0 00:00:00 161-13:06:35 11 [rcuob/0]
- root 0 0 00:00:00 161-13:06:35 12 [rcuob/1]
- root 0 0 00:01:29 161-13:06:35 13 [migration/0]
- root 0 0 00:00:46 161-13:06:35 14 [watchdog/0]
- root 0 0 00:00:39 161-13:06:35 15 [watchdog/1]
- root 0 0 00:01:27 161-13:06:35 16 [migration/1]
- root 0 0 00:00:10 161-13:06:35 17 [ksoftirqd/1]
- root 0 0 00:00:00 161-13:06:35 19 [kworker/1:0H]
- root 0 0 00:00:00 161-13:06:35 20 [khelper]
- root 0 0 00:00:00 161-13:06:35 21 [kdevtmpfs]
- root 0 0 00:00:00 161-13:06:35 22 [netns]
- root 0 0 00:00:00 161-13:06:35 23 [writeback]
- root 0 0 00:00:00 161-13:06:35 24 [kintegrityd]
- root 0 0 00:00:00 161-13:06:35 25 [bioset]
- root 0 0 00:00:00 161-13:06:35 27 [kblockd]
- root 0 0 00:00:00 161-13:06:35 28 [ata_sff]
- root 0 0 00:00:00 161-13:06:35 29 [khubd]
- root 0 0 00:00:00 161-13:06:35 30 [md]
- root 0 0 00:00:00 161-13:06:35 31 [devfreq_wq]
- root 0 0 00:05:01 161-13:06:35 32 [kworker/0:1]
- root 0 0 00:08:10 161-13:06:35 33 [kworker/1:1]
- root 0 0 00:00:05 161-13:06:35 35 [khungtaskd]
- root 0 0 00:14:19 161-13:06:35 36 [kswapd0]
- root 0 0 00:00:00 161-13:06:35 37 [vmstat]
- root 0 0 00:00:00 161-13:06:35 38 [ksmd]
- root 0 0 00:01:11 161-13:06:35 39 [khugepaged]
- root 0 0 00:00:00 161-13:06:35 40 [fsnotify_mark]
- root 0 0 00:00:00 161-13:06:35 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 161-13:06:35 42 [crypto]
- root 0 0 00:00:00 161-13:06:35 54 [kthrotld]
- root 0 0 00:00:00 161-13:06:35 56 [scsi_eh_0]
- root 0 0 00:00:00 161-13:06:35 57 [scsi_eh_1]
- root 0 0 00:00:00 161-13:06:35 78 [deferwq]
- root 0 0 00:00:00 161-13:06:35 79 [charger_manager]
- root 0 0 00:00:00 161-13:06:35 124 [kpsmoused]
- root 0 0 00:00:00 161-13:06:35 125 [mpt_poll_0]
- root 0 0 00:00:00 161-13:06:35 126 [mpt/0]
- root 0 0 00:00:00 161-13:06:34 127 [scsi_eh_2]
- root 0 0 00:00:00 161-13:06:34 128 [ttm_swap]
- root 0 0 00:04:32 161-13:06:29 178 [jbd2/sda1-8]
- root 0 0 00:00:00 161-13:06:29 179 [ext4-rsv-conver]
- root 28808 1180 00:00:00 161-13:06:29 216 mountall --daemon
- root 19608 756 00:00:00 161-13:06:29 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 161-13:06:29 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1244 00:00:00 161-13:06:29 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 161-13:06:29 432 /lib/systemd/systemd-logind
- syslog 269660 1336 00:01:12 161-13:06:29 435 rsyslogd
2:name=systemd:/user/5028.user/2.session www-data 378988 22928 00:00:00 2-05:04:14 444 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376592 21092 00:00:00 2-05:04:13 445 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376880 23700 00:00:00 2-05:04:13 446 /usr/sbin/apache2 -k start
- root 15804 892 00:00:00 161-13:06:28 671 upstart-file-bridge --daemon
- root 165340 2396 00:04:47 161-13:06:28 687 sssd -i -f
- root 15260 500 00:00:00 161-13:06:28 697 upstart-socket-bridge --daemon
- root 180020 7552 00:45:53 161-13:06:28 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151240 3556 00:15:56 161-13:06:28 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137316 3176 00:02:46 161-13:06:28 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2208 00:02:29 161-13:06:28 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 161-13:06:28 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 161-13:06:28 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 161-13:06:28 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 161-13:06:28 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 161-13:06:28 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:02:27 161-13:06:28 845 /usr/sbin/sshd -D
- root 25896 908 00:00:59 161-13:06:28 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:20 161-13:06:28 851 cron
- daemon 35128 216 00:00:00 161-13:06:28 853 atd
- whoopsie 344444 2032 00:00:30 161-13:06:27 860 whoopsie
- root 4368 520 00:00:00 161-13:06:27 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:15:01 161-13:06:27 883 /usr/sbin/irqbalance
- mysql 632796 173992 04:54:29 161-13:06:27 1063 /usr/sbin/mysqld
- Debian-exim 63920 928 00:00:03 161-13:06:27 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2096 00:00:23 161-13:06:25 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 259860 04:13:00 161-13:06:25 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 193220 17492 05:10:14 161-13:06:25 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 161-13:06:24 1728 /sbin/getty -8 38400 tty1
- root 0 0 00:00:00 3-22:46:16 4306 [kworker/u5:1]
2:name=systemd:/user/5028.user/2.session www-data 375280 18584 00:00:00 1-01:05:01 8170 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 379656 25140 00:00:00 3-14:44:05 8844 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 379624 24112 00:00:00 3-14:44:02 8987 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375692 18956 00:00:00 3-14:44:02 8992 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375744 19616 00:00:00 1-20:20:25 10314 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 378832 22860 00:00:00 1-20:19:16 10451 /usr/sbin/apache2 -k start
- root 91792 2624 02:07:28 161-13:06:03 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 161-13:06:02 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 161-13:04:30 11727 [kauditd]
- root 0 0 00:00:00 01:13:43 15335 [kworker/u4:0]
- root 0 0 00:00:00 48:07 18772 [kworker/u4:1]
- root 0 0 00:00:00 85-08:31:17 23423 [kworker/1:0]
- root 34636 3056 00:00:00 00:00 25620 /bin/bash /usr/bin/check_mk_agent
- root 34736 2408 00:00:00 00:00 25642 /bin/bash /usr/bin/check_mk_agent
- root 34644 1892 00:00:00 00:00 25643 /bin/bash /usr/bin/check_mk_agent
- root 8904 584 00:00:00 00:00 25644 cat
- root 34708 1928 00:00:00 00:00 25678 /bin/bash /usr/bin/check_mk_agent
- root 31008 1456 00:00:00 00:00 25679 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 592 00:00:00 00:00 25680 tr -s 
2:name=systemd:/user/5028.user/2.session www-data 380084 24284 00:00:00 4-15:28:15 26544 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 41-18:13:29 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session root 372192 19592 00:04:35 114-11:56:26 29938 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-12-14 00:05

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ceba0903ea

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1733965383
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2540 00:00:20 159-14:04:09 1 /sbin/init
- root 0 0 00:00:00 159-14:04:09 2 [kthreadd]
- root 0 0 00:00:17 159-14:04:09 3 [ksoftirqd/0]
- root 0 0 00:00:00 159-14:04:09 4 [kworker/0:0]
- root 0 0 00:00:00 159-14:04:09 5 [kworker/0:0H]
- root 0 0 00:08:00 159-14:04:09 7 [rcu_sched]
- root 0 0 00:07:18 159-14:04:09 8 [rcuos/0]
- root 0 0 00:06:58 159-14:04:09 9 [rcuos/1]
- root 0 0 00:00:00 159-14:04:09 10 [rcu_bh]
- root 0 0 00:00:00 159-14:04:09 11 [rcuob/0]
- root 0 0 00:00:00 159-14:04:09 12 [rcuob/1]
- root 0 0 00:01:28 159-14:04:09 13 [migration/0]
- root 0 0 00:00:45 159-14:04:09 14 [watchdog/0]
- root 0 0 00:00:38 159-14:04:09 15 [watchdog/1]
- root 0 0 00:01:26 159-14:04:09 16 [migration/1]
- root 0 0 00:00:09 159-14:04:09 17 [ksoftirqd/1]
- root 0 0 00:00:00 159-14:04:09 19 [kworker/1:0H]
- root 0 0 00:00:00 159-14:04:09 20 [khelper]
- root 0 0 00:00:00 159-14:04:09 21 [kdevtmpfs]
- root 0 0 00:00:00 159-14:04:09 22 [netns]
- root 0 0 00:00:00 159-14:04:09 23 [writeback]
- root 0 0 00:00:00 159-14:04:09 24 [kintegrityd]
- root 0 0 00:00:00 159-14:04:09 25 [bioset]
- root 0 0 00:00:00 159-14:04:09 27 [kblockd]
- root 0 0 00:00:00 159-14:04:09 28 [ata_sff]
- root 0 0 00:00:00 159-14:04:09 29 [khubd]
- root 0 0 00:00:00 159-14:04:09 30 [md]
- root 0 0 00:00:00 159-14:04:09 31 [devfreq_wq]
- root 0 0 00:04:57 159-14:04:09 32 [kworker/0:1]
- root 0 0 00:08:04 159-14:04:09 33 [kworker/1:1]
- root 0 0 00:00:05 159-14:04:09 35 [khungtaskd]
- root 0 0 00:14:08 159-14:04:09 36 [kswapd0]
- root 0 0 00:00:00 159-14:04:09 37 [vmstat]
- root 0 0 00:00:00 159-14:04:09 38 [ksmd]
- root 0 0 00:01:10 159-14:04:09 39 [khugepaged]
- root 0 0 00:00:00 159-14:04:09 40 [fsnotify_mark]
- root 0 0 00:00:00 159-14:04:09 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 159-14:04:09 42 [crypto]
- root 0 0 00:00:00 159-14:04:09 54 [kthrotld]
- root 0 0 00:00:00 159-14:04:09 56 [scsi_eh_0]
- root 0 0 00:00:00 159-14:04:09 57 [scsi_eh_1]
- root 0 0 00:00:00 159-14:04:09 78 [deferwq]
- root 0 0 00:00:00 159-14:04:09 79 [charger_manager]
- root 0 0 00:00:00 159-14:04:09 124 [kpsmoused]
- root 0 0 00:00:00 159-14:04:09 125 [mpt_poll_0]
- root 0 0 00:00:00 159-14:04:09 126 [mpt/0]
- root 0 0 00:00:00 159-14:04:08 127 [scsi_eh_2]
- root 0 0 00:00:00 159-14:04:08 128 [ttm_swap]
- root 0 0 00:04:28 159-14:04:03 178 [jbd2/sda1-8]
- root 0 0 00:00:00 159-14:04:03 179 [ext4-rsv-conver]
- root 28808 1016 00:00:00 159-14:04:03 216 mountall --daemon
- root 19608 796 00:00:00 159-14:04:03 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 159-14:04:03 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 956 00:00:00 159-14:04:03 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 159-14:04:03 432 /lib/systemd/systemd-logind
- syslog 269660 1364 00:01:10 159-14:04:03 435 rsyslogd
2:name=systemd:/user/5028.user/2.session www-data 374528 15424 00:00:00 06:01:48 444 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374528 15340 00:00:00 06:01:47 445 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374520 15348 00:00:00 06:01:47 446 /usr/sbin/apache2 -k start
- root 15804 952 00:00:00 159-14:04:02 671 upstart-file-bridge --daemon
- root 165340 2396 00:04:43 159-14:04:02 687 sssd -i -f
- root 15260 572 00:00:00 159-14:04:02 697 upstart-socket-bridge --daemon
- root 180020 7444 00:45:25 159-14:04:02 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151240 3616 00:15:44 159-14:04:02 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137316 3204 00:02:44 159-14:04:02 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2208 00:02:27 159-14:04:02 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 159-14:04:02 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 159-14:04:02 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 159-14:04:02 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 159-14:04:02 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 159-14:04:02 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:02:25 159-14:04:02 845 /usr/sbin/sshd -D
- root 25896 908 00:00:59 159-14:04:02 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:20 159-14:04:02 851 cron
- daemon 35128 240 00:00:00 159-14:04:02 853 atd
- whoopsie 344444 2064 00:00:30 159-14:04:01 860 whoopsie
- root 4368 520 00:00:00 159-14:04:01 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:14:50 159-14:04:01 883 /usr/sbin/irqbalance
- mysql 632796 173872 04:50:51 159-14:04:01 1063 /usr/sbin/mysqld
- Debian-exim 63920 928 00:00:02 159-14:04:01 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 1920 00:00:23 159-14:03:59 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 254980 04:09:56 159-14:03:59 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 192964 17276 05:02:23 159-14:03:59 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 159-14:03:58 1728 /sbin/getty -8 38400 tty1
- root 0 0 00:00:00 1-23:43:50 4306 [kworker/u5:1]
2:name=systemd:/user/5028.user/2.session www-data 379980 25144 00:00:00 2-03:11:03 5979 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 379656 25340 00:00:00 1-15:41:39 8844 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374664 15284 00:00:00 1-15:41:37 8981 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 379624 24528 00:00:00 1-15:41:36 8987 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374992 15644 00:00:00 1-15:41:36 8992 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 01:03:15 9071 [kworker/u4:0]
- root 0 0 00:00:00 50:17 10832 [kworker/u4:2]
- root 91792 2624 02:05:56 159-14:03:37 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 159-14:03:36 11526 /usr/lib/vmware-vgauth/VGAuthService -s
2:name=systemd:/user/5028.user/2.session www-data 378500 21280 00:00:00 1-19:12:17 11548 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 159-14:02:04 11727 [kauditd]
- root 99204 2116 00:00:00 03:01 17220 CRON
- root 4444 648 00:00:00 03:01 17221 /bin/sh -c /etc/backup/SVN_backup.sh > /var/log/cron/backup_svn.log
- root 4444 724 00:00:00 03:01 17222 /bin/sh /etc/backup/SVN_backup.sh
- root 66736 21800 00:00:00 00:01 17894 /usr/bin/svnadmin dump --deltas --quiet /var/svn/repository/agence_solaire
- root 13768 6968 00:00:01 00:01 17895 bzip2 --compress --stdout
- root 34636 3056 00:00:00 00:00 18001 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:00 18027 /bin/bash /usr/bin/check_mk_agent
- root 34644 1892 00:00:00 00:00 18028 /bin/bash /usr/bin/check_mk_agent
- root 8904 584 00:00:00 00:00 18029 cat
- root 34708 1932 00:00:00 00:00 18063 /bin/bash /usr/bin/check_mk_agent
- root 31008 1460 00:00:00 00:00 18064 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 18065 tr -s 
- root 0 0 00:00:00 83-09:28:51 23423 [kworker/1:0]
2:name=systemd:/user/5028.user/2.session www-data 380084 24448 00:00:00 2-16:25:49 26544 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 39-19:11:03 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session root 372192 20452 00:04:30 112-12:54:00 29938 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-12-12 01:03

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ceff920726

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1733792673
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2600 00:00:20 157-14:05:40 1 /sbin/init
- root 0 0 00:00:00 157-14:05:40 2 [kthreadd]
- root 0 0 00:00:16 157-14:05:40 3 [ksoftirqd/0]
- root 0 0 00:00:00 157-14:05:40 4 [kworker/0:0]
- root 0 0 00:00:00 157-14:05:40 5 [kworker/0:0H]
- root 0 0 00:07:54 157-14:05:40 7 [rcu_sched]
- root 0 0 00:07:12 157-14:05:40 8 [rcuos/0]
- root 0 0 00:06:53 157-14:05:40 9 [rcuos/1]
- root 0 0 00:00:00 157-14:05:40 10 [rcu_bh]
- root 0 0 00:00:00 157-14:05:40 11 [rcuob/0]
- root 0 0 00:00:00 157-14:05:40 12 [rcuob/1]
- root 0 0 00:01:27 157-14:05:40 13 [migration/0]
- root 0 0 00:00:45 157-14:05:40 14 [watchdog/0]
- root 0 0 00:00:38 157-14:05:40 15 [watchdog/1]
- root 0 0 00:01:25 157-14:05:40 16 [migration/1]
- root 0 0 00:00:09 157-14:05:40 17 [ksoftirqd/1]
- root 0 0 00:00:00 157-14:05:40 19 [kworker/1:0H]
- root 0 0 00:00:00 157-14:05:40 20 [khelper]
- root 0 0 00:00:00 157-14:05:40 21 [kdevtmpfs]
- root 0 0 00:00:00 157-14:05:40 22 [netns]
- root 0 0 00:00:00 157-14:05:40 23 [writeback]
- root 0 0 00:00:00 157-14:05:40 24 [kintegrityd]
- root 0 0 00:00:00 157-14:05:40 25 [bioset]
- root 0 0 00:00:00 157-14:05:40 27 [kblockd]
- root 0 0 00:00:00 157-14:05:40 28 [ata_sff]
- root 0 0 00:00:00 157-14:05:40 29 [khubd]
- root 0 0 00:00:00 157-14:05:40 30 [md]
- root 0 0 00:00:00 157-14:05:40 31 [devfreq_wq]
- root 0 0 00:04:52 157-14:05:40 32 [kworker/0:1]
- root 0 0 00:07:58 157-14:05:40 33 [kworker/1:1]
- root 0 0 00:00:05 157-14:05:40 35 [khungtaskd]
- root 0 0 00:13:58 157-14:05:40 36 [kswapd0]
- root 0 0 00:00:00 157-14:05:40 37 [vmstat]
- root 0 0 00:00:00 157-14:05:40 38 [ksmd]
- root 0 0 00:01:09 157-14:05:40 39 [khugepaged]
- root 0 0 00:00:00 157-14:05:40 40 [fsnotify_mark]
- root 0 0 00:00:00 157-14:05:40 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 157-14:05:40 42 [crypto]
- root 0 0 00:00:00 157-14:05:40 54 [kthrotld]
- root 0 0 00:00:00 157-14:05:40 56 [scsi_eh_0]
- root 0 0 00:00:00 157-14:05:40 57 [scsi_eh_1]
- root 0 0 00:00:00 157-14:05:40 78 [deferwq]
- root 0 0 00:00:00 157-14:05:40 79 [charger_manager]
- root 0 0 00:00:00 157-14:05:40 124 [kpsmoused]
- root 0 0 00:00:00 157-14:05:40 125 [mpt_poll_0]
- root 0 0 00:00:00 157-14:05:40 126 [mpt/0]
- root 0 0 00:00:00 157-14:05:39 127 [scsi_eh_2]
- root 0 0 00:00:00 157-14:05:39 128 [ttm_swap]
- root 0 0 00:04:25 157-14:05:34 178 [jbd2/sda1-8]
- root 0 0 00:00:00 157-14:05:34 179 [ext4-rsv-conver]
- root 28808 1028 00:00:00 157-14:05:34 216 mountall --daemon
- root 19608 800 00:00:00 157-14:05:34 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 157-14:05:34 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1116 00:00:00 157-14:05:34 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 157-14:05:34 432 /lib/systemd/systemd-logind
- syslog 269660 1388 00:01:09 157-14:05:34 435 rsyslogd
- root 15804 984 00:00:00 157-14:05:33 671 upstart-file-bridge --daemon
- root 165340 2396 00:04:40 157-14:05:33 687 sssd -i -f
- root 15260 608 00:00:00 157-14:05:33 697 upstart-socket-bridge --daemon
- root 180020 7532 00:44:57 157-14:05:33 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151240 3728 00:15:32 157-14:05:33 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137316 3084 00:02:42 157-14:05:33 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2236 00:02:25 157-14:05:33 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 157-14:05:33 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 157-14:05:33 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 157-14:05:33 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 157-14:05:33 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 157-14:05:33 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:02:21 157-14:05:33 845 /usr/sbin/sshd -D
- root 25896 908 00:00:58 157-14:05:33 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:20 157-14:05:33 851 cron
- daemon 35128 264 00:00:00 157-14:05:33 853 atd
- root 67604 22920 00:00:02 00:09 855 /usr/bin/svnadmin dump --deltas --quiet /var/svn/repository/altercorp_GAO
- root 13768 6964 00:00:06 00:09 856 bzip2 --compress --stdout
- whoopsie 344444 2088 00:00:29 157-14:05:32 860 whoopsie
- root 4368 520 00:00:00 157-14:05:32 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:14:39 157-14:05:32 883 /usr/sbin/irqbalance
- root 0 0 00:00:00 00:06 936 [kworker/u4:1]
- root 72184 3216 00:00:00 00:04 937 sshd: [accepted] 
- root 34636 3056 00:00:00 00:01 1040 /bin/bash /usr/bin/check_mk_agent
- mysql 632796 173872 04:47:15 157-14:05:32 1063 /usr/sbin/mysqld
- root 34736 2412 00:00:00 00:00 1065 /bin/bash /usr/bin/check_mk_agent
- root 34644 1892 00:00:00 00:00 1066 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 1067 cat
- root 34708 1932 00:00:00 00:00 1101 /bin/bash /usr/bin/check_mk_agent
- root 31008 1448 00:00:00 00:00 1102 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 1103 tr -s 
- Debian-exim 63920 928 00:00:02 157-14:05:32 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2084 00:00:23 157-14:05:30 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 256644 04:06:48 157-14:05:30 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 192964 17252 04:54:24 157-14:05:30 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 157-14:05:29 1728 /sbin/getty -8 38400 tty1
2:name=systemd:/user/5028.user/2.session www-data 374680 15472 00:00:00 03:13:53 5828 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374652 15512 00:00:00 03:13:22 5835 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374512 15416 00:00:00 03:12:34 5979 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374520 15092 00:00:00 03:12:17 5983 /usr/sbin/apache2 -k start
- root 91792 2624 02:04:21 157-14:05:08 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 157-14:05:07 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 157-14:03:35 11727 [kauditd]
- root 0 0 00:00:00 81-09:30:22 23423 [kworker/1:0]
- root 0 0 00:00:00 99-01:00:03 24186 [kworker/u5:0]
2:name=systemd:/user/5028.user/2.session www-data 374788 15756 00:00:00 16:27:20 26544 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375704 20408 00:00:00 16:27:18 26546 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375324 18940 00:00:00 16:27:17 26547 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 31:13 28496 [kworker/u4:0]
- root 0 0 00:00:00 37-19:12:34 28700 [kworker/u5:2]
- root 0 0 00:00:00 22:41 29728 [kworker/u4:2]
2:name=systemd:/user/5028.user/2.session root 372192 25572 00:04:25 110-12:55:31 29938 /usr/sbin/apache2 -k start
- root 99204 2116 00:00:00 04:32 32244 CRON
- root 4444 644 00:00:00 04:32 32245 /bin/sh -c /etc/backup/SVN_backup.sh > /var/log/cron/backup_svn.log
- root 4444 720 00:00:00 04:32 32246 /bin/sh /etc/backup/SVN_backup.sh
2:name=systemd:/user/5028.user/2.session www-data 374864 15816 00:00:00 19:30:33 32729 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 379052 24296 00:00:00 19:30:33 32730 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374832 15740 00:00:00 19:30:33 32732 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-12-10 01:04

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ce516be9c6

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1733619032
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2464 00:00:20 155-13:51:39 1 /sbin/init
- root 0 0 00:00:00 155-13:51:39 2 [kthreadd]
- root 0 0 00:00:16 155-13:51:39 3 [ksoftirqd/0]
- root 0 0 00:00:00 155-13:51:39 4 [kworker/0:0]
- root 0 0 00:00:00 155-13:51:39 5 [kworker/0:0H]
- root 0 0 00:07:48 155-13:51:39 7 [rcu_sched]
- root 0 0 00:07:07 155-13:51:39 8 [rcuos/0]
- root 0 0 00:06:48 155-13:51:39 9 [rcuos/1]
- root 0 0 00:00:00 155-13:51:39 10 [rcu_bh]
- root 0 0 00:00:00 155-13:51:39 11 [rcuob/0]
- root 0 0 00:00:00 155-13:51:39 12 [rcuob/1]
- root 0 0 00:01:25 155-13:51:39 13 [migration/0]
- root 0 0 00:00:44 155-13:51:39 14 [watchdog/0]
- root 0 0 00:00:37 155-13:51:39 15 [watchdog/1]
- root 0 0 00:01:24 155-13:51:39 16 [migration/1]
- root 0 0 00:00:09 155-13:51:39 17 [ksoftirqd/1]
- root 0 0 00:00:00 155-13:51:39 19 [kworker/1:0H]
- root 0 0 00:00:00 155-13:51:39 20 [khelper]
- root 0 0 00:00:00 155-13:51:39 21 [kdevtmpfs]
- root 0 0 00:00:00 155-13:51:39 22 [netns]
- root 0 0 00:00:00 155-13:51:39 23 [writeback]
- root 0 0 00:00:00 155-13:51:39 24 [kintegrityd]
- root 0 0 00:00:00 155-13:51:39 25 [bioset]
- root 0 0 00:00:00 155-13:51:39 27 [kblockd]
- root 0 0 00:00:00 155-13:51:39 28 [ata_sff]
- root 0 0 00:00:00 155-13:51:39 29 [khubd]
- root 0 0 00:00:00 155-13:51:39 30 [md]
- root 0 0 00:00:00 155-13:51:39 31 [devfreq_wq]
- root 0 0 00:04:48 155-13:51:39 32 [kworker/0:1]
- root 0 0 00:07:53 155-13:51:39 33 [kworker/1:1]
- root 0 0 00:00:05 155-13:51:39 35 [khungtaskd]
- root 0 0 00:13:47 155-13:51:39 36 [kswapd0]
- root 0 0 00:00:00 155-13:51:39 37 [vmstat]
- root 0 0 00:00:00 155-13:51:39 38 [ksmd]
- root 0 0 00:01:08 155-13:51:39 39 [khugepaged]
- root 0 0 00:00:00 155-13:51:39 40 [fsnotify_mark]
- root 0 0 00:00:00 155-13:51:39 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 155-13:51:39 42 [crypto]
- root 0 0 00:00:00 155-13:51:39 54 [kthrotld]
- root 0 0 00:00:00 155-13:51:39 56 [scsi_eh_0]
- root 0 0 00:00:00 155-13:51:39 57 [scsi_eh_1]
- root 0 0 00:00:00 155-13:51:39 78 [deferwq]
- root 0 0 00:00:00 155-13:51:39 79 [charger_manager]
- root 0 0 00:00:00 155-13:51:39 124 [kpsmoused]
- root 0 0 00:00:00 155-13:51:39 125 [mpt_poll_0]
- root 0 0 00:00:00 155-13:51:39 126 [mpt/0]
- root 0 0 00:00:00 155-13:51:38 127 [scsi_eh_2]
- root 0 0 00:00:00 155-13:51:38 128 [ttm_swap]
- root 0 0 00:04:21 155-13:51:33 178 [jbd2/sda1-8]
- root 0 0 00:00:00 155-13:51:33 179 [ext4-rsv-conver]
- root 28808 1040 00:00:00 155-13:51:33 216 mountall --daemon
- root 19608 804 00:00:00 155-13:51:33 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 155-13:51:33 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1088 00:00:00 155-13:51:33 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 155-13:51:33 432 /lib/systemd/systemd-logind
- syslog 269660 1420 00:01:08 155-13:51:33 435 rsyslogd
- root 15804 1012 00:00:00 155-13:51:32 671 upstart-file-bridge --daemon
- root 165340 2396 00:04:36 155-13:51:32 687 sssd -i -f
- root 15260 644 00:00:00 155-13:51:32 697 upstart-socket-bridge --daemon
- root 180020 7412 00:44:27 155-13:51:32 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151240 3548 00:15:20 155-13:51:32 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137316 2968 00:02:40 155-13:51:32 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2236 00:02:23 155-13:51:32 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 155-13:51:32 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 155-13:51:32 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 155-13:51:32 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 155-13:51:32 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 155-13:51:32 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:02:18 155-13:51:32 845 /usr/sbin/sshd -D
- root 25896 908 00:00:57 155-13:51:32 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:20 155-13:51:32 851 cron
- daemon 35128 288 00:00:00 155-13:51:32 853 atd
- whoopsie 344444 2120 00:00:29 155-13:51:31 860 whoopsie
- root 4368 520 00:00:00 155-13:51:31 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:14:28 155-13:51:31 883 /usr/sbin/irqbalance
- mysql 632796 173708 04:43:36 155-13:51:31 1063 /usr/sbin/mysqld
2:name=systemd:/user/5028.user/2.session www-data 379828 25208 00:00:00 3-07:05:27 1150 /usr/sbin/apache2 -k start
- Debian-exim 63920 928 00:00:02 155-13:51:31 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2128 00:00:23 155-13:51:29 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 252192 04:03:38 155-13:51:29 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 192964 17044 04:46:35 155-13:51:29 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 155-13:51:28 1728 /sbin/getty -8 38400 tty1
- root 0 0 00:00:00 01:15:32 6214 [kworker/u4:1]
2:name=systemd:/user/5028.user/2.session www-data 374812 15828 00:00:00 20:37:21 8631 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 379260 24800 00:00:00 20:37:20 8633 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374780 15444 00:00:00 1-00:15:39 8917 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 379656 23148 00:00:00 3-06:03:17 9755 /usr/sbin/apache2 -k start
- root 91792 2624 02:02:47 155-13:51:07 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 155-13:51:06 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 155-13:49:34 11727 [kauditd]
- root 72184 3188 00:00:00 01:43 16351 sshd: [accepted] 
- sshd 72184 1144 00:00:00 01:41 16352 sshd: [net] 
- root 34636 3056 00:00:00 00:00 16892 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:00 16914 /bin/bash /usr/bin/check_mk_agent
- root 34644 1892 00:00:00 00:00 16915 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 16916 cat
- root 34708 1932 00:00:00 00:00 16950 /bin/bash /usr/bin/check_mk_agent
- root 31008 1460 00:00:00 00:00 16951 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 592 00:00:00 00:00 16952 tr -s 
2:name=systemd:/user/5028.user/2.session www-data 374552 15420 00:00:00 07:27:40 19889 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375336 17464 00:00:00 1-02:37:21 21939 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375544 18872 00:00:00 1-02:36:09 22077 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 379556 24752 00:00:00 1-02:35:43 22212 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 79-09:16:21 23423 [kworker/1:0]
- root 0 0 00:00:00 97-00:46:02 24186 [kworker/u5:0]
- root 0 0 00:00:00 35-18:58:33 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session root 372060 19352 00:04:20 108-12:41:30 29938 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 379704 24308 00:00:00 3-03:29:36 30867 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 02:01:12 32217 [kworker/u4:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-12-08 00:50

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ce68e69089

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1733446572
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2588 00:00:19 153-13:57:19 1 /sbin/init
- root 0 0 00:00:00 153-13:57:19 2 [kthreadd]
- root 0 0 00:00:16 153-13:57:19 3 [ksoftirqd/0]
- root 0 0 00:00:00 153-13:57:19 4 [kworker/0:0]
- root 0 0 00:00:00 153-13:57:19 5 [kworker/0:0H]
- root 0 0 00:07:42 153-13:57:19 7 [rcu_sched]
- root 0 0 00:07:01 153-13:57:19 8 [rcuos/0]
- root 0 0 00:06:42 153-13:57:19 9 [rcuos/1]
- root 0 0 00:00:00 153-13:57:19 10 [rcu_bh]
- root 0 0 00:00:00 153-13:57:19 11 [rcuob/0]
- root 0 0 00:00:00 153-13:57:19 12 [rcuob/1]
- root 0 0 00:01:24 153-13:57:19 13 [migration/0]
- root 0 0 00:00:43 153-13:57:19 14 [watchdog/0]
- root 0 0 00:00:37 153-13:57:19 15 [watchdog/1]
- root 0 0 00:01:23 153-13:57:19 16 [migration/1]
- root 0 0 00:00:09 153-13:57:19 17 [ksoftirqd/1]
- root 0 0 00:00:00 153-13:57:19 19 [kworker/1:0H]
- root 0 0 00:00:00 153-13:57:19 20 [khelper]
- root 0 0 00:00:00 153-13:57:19 21 [kdevtmpfs]
- root 0 0 00:00:00 153-13:57:19 22 [netns]
- root 0 0 00:00:00 153-13:57:19 23 [writeback]
- root 0 0 00:00:00 153-13:57:19 24 [kintegrityd]
- root 0 0 00:00:00 153-13:57:19 25 [bioset]
- root 0 0 00:00:00 153-13:57:19 27 [kblockd]
- root 0 0 00:00:00 153-13:57:19 28 [ata_sff]
- root 0 0 00:00:00 153-13:57:19 29 [khubd]
- root 0 0 00:00:00 153-13:57:19 30 [md]
- root 0 0 00:00:00 153-13:57:19 31 [devfreq_wq]
- root 0 0 00:04:44 153-13:57:19 32 [kworker/0:1]
- root 0 0 00:07:47 153-13:57:19 33 [kworker/1:1]
- root 0 0 00:00:05 153-13:57:19 35 [khungtaskd]
- root 0 0 00:13:36 153-13:57:19 36 [kswapd0]
- root 0 0 00:00:00 153-13:57:19 37 [vmstat]
- root 0 0 00:00:00 153-13:57:19 38 [ksmd]
- root 0 0 00:01:07 153-13:57:19 39 [khugepaged]
- root 0 0 00:00:00 153-13:57:19 40 [fsnotify_mark]
- root 0 0 00:00:00 153-13:57:19 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 153-13:57:19 42 [crypto]
- root 0 0 00:00:00 153-13:57:19 54 [kthrotld]
- root 0 0 00:00:00 153-13:57:19 56 [scsi_eh_0]
- root 0 0 00:00:00 153-13:57:19 57 [scsi_eh_1]
- root 0 0 00:00:00 153-13:57:19 78 [deferwq]
- root 0 0 00:00:00 153-13:57:19 79 [charger_manager]
- root 0 0 00:00:00 153-13:57:19 124 [kpsmoused]
- root 0 0 00:00:00 153-13:57:19 125 [mpt_poll_0]
- root 0 0 00:00:00 153-13:57:19 126 [mpt/0]
- root 0 0 00:00:00 153-13:57:18 127 [scsi_eh_2]
- root 0 0 00:00:00 153-13:57:18 128 [ttm_swap]
- root 0 0 00:04:18 153-13:57:13 178 [jbd2/sda1-8]
- root 0 0 00:00:00 153-13:57:13 179 [ext4-rsv-conver]
- root 28808 1080 00:00:00 153-13:57:13 216 mountall --daemon
- root 19608 836 00:00:00 153-13:57:13 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 153-13:57:13 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1208 00:00:00 153-13:57:13 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 153-13:57:13 432 /lib/systemd/systemd-logind
- syslog 269660 1444 00:01:07 153-13:57:13 435 rsyslogd
- root 15804 1068 00:00:00 153-13:57:12 671 upstart-file-bridge --daemon
- root 165340 2396 00:04:33 153-13:57:12 687 sssd -i -f
- root 15260 476 00:00:00 153-13:57:12 697 upstart-socket-bridge --daemon
- root 180020 7412 00:43:58 153-13:57:12 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151240 3516 00:15:08 153-13:57:12 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137316 3012 00:02:38 153-13:57:12 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2264 00:02:21 153-13:57:12 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 153-13:57:12 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 153-13:57:12 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 153-13:57:12 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 153-13:57:12 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 153-13:57:12 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:02:16 153-13:57:12 845 /usr/sbin/sshd -D
- root 25896 908 00:00:56 153-13:57:12 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:19 153-13:57:12 851 cron
- daemon 35128 312 00:00:00 153-13:57:12 853 atd
- whoopsie 344444 1984 00:00:29 153-13:57:11 860 whoopsie
- root 4368 520 00:00:00 153-13:57:11 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:14:17 153-13:57:11 883 /usr/sbin/irqbalance
- mysql 632796 173996 04:39:55 153-13:57:11 1063 /usr/sbin/mysqld
2:name=systemd:/user/5028.user/2.session www-data 378944 23056 00:00:00 1-07:11:07 1150 /usr/sbin/apache2 -k start
- Debian-exim 63920 928 00:00:02 153-13:57:11 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2128 00:00:23 153-13:57:09 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 257608 04:00:26 153-13:57:09 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 192708 16932 04:38:51 153-13:57:09 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 153-13:57:08 1728 /sbin/getty -8 38400 tty1
- root 0 0 00:00:00 12:13 1859 [kworker/u4:1]
- root 72184 3188 00:00:00 01:57 3272 sshd: [accepted] 
- sshd 72184 1144 00:00:00 01:55 3273 sshd: [net] 
- root 34636 3056 00:00:00 00:00 3667 /bin/bash /usr/bin/check_mk_agent
- root 34736 2408 00:00:00 00:00 3694 /bin/bash /usr/bin/check_mk_agent
- root 34644 1892 00:00:00 00:00 3695 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 3697 cat
- root 34708 1928 00:00:00 00:00 3730 /bin/bash /usr/bin/check_mk_agent
- root 31008 1456 00:00:00 00:00 3731 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 3732 tr -s 
2:name=systemd:/user/5028.user/2.session www-data 380000 25740 00:00:00 2-01:50:02 7098 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 379332 24440 00:00:00 2-01:38:18 8737 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 379504 24948 00:00:00 2-01:38:16 8749 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 379016 21984 00:00:00 1-06:08:57 9755 /usr/sbin/apache2 -k start
- root 91792 2624 02:01:12 153-13:56:47 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 153-13:56:46 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 153-13:55:14 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 378844 21460 00:00:00 1-05:11:21 17875 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374536 15256 00:00:00 1-00:59:16 20254 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 77-09:22:01 23423 [kworker/1:0]
- root 0 0 00:00:00 95-00:51:42 24186 [kworker/u5:0]
- root 0 0 00:00:00 33-19:04:13 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session www-data 374360 15380 00:00:00 12:24:47 29367 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 45:36 29755 [kworker/u4:2]
2:name=systemd:/user/5028.user/2.session root 372060 19692 00:04:15 106-12:47:10 29938 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 378424 22444 00:00:00 1-03:35:16 30867 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372260 13648 00:00:00 30:26 31794 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-12-06 00:56

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ce8b85cd03

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1733273342
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2468 00:00:19 151-13:50:09 1 /sbin/init
- root 0 0 00:00:00 151-13:50:09 2 [kthreadd]
- root 0 0 00:00:16 151-13:50:09 3 [ksoftirqd/0]
- root 0 0 00:00:00 151-13:50:09 4 [kworker/0:0]
- root 0 0 00:00:00 151-13:50:09 5 [kworker/0:0H]
- root 0 0 00:07:36 151-13:50:09 7 [rcu_sched]
- root 0 0 00:06:56 151-13:50:09 8 [rcuos/0]
- root 0 0 00:06:37 151-13:50:09 9 [rcuos/1]
- root 0 0 00:00:00 151-13:50:09 10 [rcu_bh]
- root 0 0 00:00:00 151-13:50:09 11 [rcuob/0]
- root 0 0 00:00:00 151-13:50:09 12 [rcuob/1]
- root 0 0 00:01:23 151-13:50:09 13 [migration/0]
- root 0 0 00:00:43 151-13:50:09 14 [watchdog/0]
- root 0 0 00:00:36 151-13:50:09 15 [watchdog/1]
- root 0 0 00:01:22 151-13:50:09 16 [migration/1]
- root 0 0 00:00:09 151-13:50:09 17 [ksoftirqd/1]
- root 0 0 00:00:00 151-13:50:09 19 [kworker/1:0H]
- root 0 0 00:00:00 151-13:50:09 20 [khelper]
- root 0 0 00:00:00 151-13:50:09 21 [kdevtmpfs]
- root 0 0 00:00:00 151-13:50:09 22 [netns]
- root 0 0 00:00:00 151-13:50:09 23 [writeback]
- root 0 0 00:00:00 151-13:50:09 24 [kintegrityd]
- root 0 0 00:00:00 151-13:50:09 25 [bioset]
- root 0 0 00:00:00 151-13:50:09 27 [kblockd]
- root 0 0 00:00:00 151-13:50:09 28 [ata_sff]
- root 0 0 00:00:00 151-13:50:09 29 [khubd]
- root 0 0 00:00:00 151-13:50:09 30 [md]
- root 0 0 00:00:00 151-13:50:09 31 [devfreq_wq]
- root 0 0 00:04:40 151-13:50:09 32 [kworker/0:1]
- root 0 0 00:07:41 151-13:50:09 33 [kworker/1:1]
- root 0 0 00:00:05 151-13:50:09 35 [khungtaskd]
- root 0 0 00:13:25 151-13:50:09 36 [kswapd0]
- root 0 0 00:00:00 151-13:50:09 37 [vmstat]
- root 0 0 00:00:00 151-13:50:09 38 [ksmd]
- root 0 0 00:01:06 151-13:50:09 39 [khugepaged]
- root 0 0 00:00:00 151-13:50:09 40 [fsnotify_mark]
- root 0 0 00:00:00 151-13:50:09 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 151-13:50:09 42 [crypto]
- root 0 0 00:00:00 151-13:50:09 54 [kthrotld]
- root 0 0 00:00:00 151-13:50:09 56 [scsi_eh_0]
- root 0 0 00:00:00 151-13:50:09 57 [scsi_eh_1]
- root 0 0 00:00:00 151-13:50:09 78 [deferwq]
- root 0 0 00:00:00 151-13:50:09 79 [charger_manager]
- root 0 0 00:00:00 151-13:50:09 124 [kpsmoused]
- root 0 0 00:00:00 151-13:50:09 125 [mpt_poll_0]
- root 0 0 00:00:00 151-13:50:09 126 [mpt/0]
- root 0 0 00:00:00 151-13:50:08 127 [scsi_eh_2]
- root 0 0 00:00:00 151-13:50:08 128 [ttm_swap]
- root 0 0 00:04:14 151-13:50:03 178 [jbd2/sda1-8]
- root 0 0 00:00:00 151-13:50:03 179 [ext4-rsv-conver]
- root 28808 1132 00:00:00 151-13:50:03 216 mountall --daemon
- root 19608 616 00:00:00 151-13:50:03 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 151-13:50:03 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1072 00:00:00 151-13:50:03 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 151-13:50:03 432 /lib/systemd/systemd-logind
- syslog 269660 1332 00:01:06 151-13:50:03 435 rsyslogd
- root 15804 908 00:00:00 151-13:50:02 671 upstart-file-bridge --daemon
- root 165340 2396 00:04:29 151-13:50:02 687 sssd -i -f
- root 15260 552 00:00:00 151-13:50:02 697 upstart-socket-bridge --daemon
- root 180020 7412 00:43:27 151-13:50:02 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151240 3596 00:14:56 151-13:50:02 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137316 3024 00:02:36 151-13:50:02 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2292 00:02:19 151-13:50:02 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 151-13:50:02 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 151-13:50:02 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 151-13:50:02 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 151-13:50:02 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 151-13:50:02 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:02:13 151-13:50:02 845 /usr/sbin/sshd -D
- root 25896 908 00:00:56 151-13:50:02 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:19 151-13:50:02 851 cron
- daemon 35128 336 00:00:00 151-13:50:02 853 atd
- whoopsie 344444 2016 00:00:28 151-13:50:01 860 whoopsie
- root 4368 520 00:00:00 151-13:50:01 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:14:05 151-13:50:01 883 /usr/sbin/irqbalance
- mysql 632796 173884 04:36:16 151-13:50:01 1063 /usr/sbin/mysqld
- Debian-exim 63920 928 00:00:02 151-13:50:01 1335 /usr/sbin/exim4 -bd -q30m
- root 0 0 00:00:00 02:22:02 1500 [kworker/u4:2]
- root 495040 2128 00:00:22 151-13:49:59 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 249836 03:57:14 151-13:49:59 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 192708 16920 04:31:07 151-13:49:59 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 151-13:49:58 1728 /sbin/getty -8 38400 tty1
2:name=systemd:/user/5028.user/2.session www-data 379520 27404 00:00:00 01:43:51 6947 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374772 15724 00:00:00 01:43:04 7094 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 378744 21872 00:00:00 01:43:03 7095 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 378724 22436 00:00:00 01:42:52 7098 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374384 15112 00:00:00 01:31:08 8737 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374808 15544 00:00:00 01:31:07 8739 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374356 15124 00:00:00 01:31:06 8745 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374744 16524 00:00:00 01:31:06 8746 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 378480 21896 00:00:00 01:31:06 8749 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374356 15084 00:00:00 01:31:06 8750 /usr/sbin/apache2 -k start
- root 91792 2624 01:59:36 151-13:49:37 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 151-13:49:36 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 151-13:48:04 11727 [kauditd]
- root 0 0 00:00:00 44:55 15033 [kworker/u4:1]
- root 34636 3052 00:00:00 00:01 21427 /bin/bash /usr/bin/check_mk_agent
- root 34736 2408 00:00:00 00:00 21449 /bin/bash /usr/bin/check_mk_agent
- root 34644 1888 00:00:00 00:00 21450 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 21451 cat
- root 34708 1928 00:00:00 00:00 21485 /bin/bash /usr/bin/check_mk_agent
- root 31008 1452 00:00:00 00:00 21486 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 21487 tr -s 
- root 0 0 00:00:00 75-09:14:51 23423 [kworker/1:0]
- root 0 0 00:00:00 93-00:44:32 24186 [kworker/u5:0]
- root 0 0 00:00:00 31-18:57:03 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session root 372060 25468 00:04:11 104-12:40:00 29938 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-12-04 00:49

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ce9e501736

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1733102943
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2388 00:00:19 149-14:30:10 1 /sbin/init
- root 0 0 00:00:00 149-14:30:10 2 [kthreadd]
- root 0 0 00:00:16 149-14:30:10 3 [ksoftirqd/0]
- root 0 0 00:00:00 149-14:30:10 4 [kworker/0:0]
- root 0 0 00:00:00 149-14:30:10 5 [kworker/0:0H]
- root 0 0 00:07:30 149-14:30:10 7 [rcu_sched]
- root 0 0 00:06:51 149-14:30:10 8 [rcuos/0]
- root 0 0 00:06:32 149-14:30:10 9 [rcuos/1]
- root 0 0 00:00:00 149-14:30:10 10 [rcu_bh]
- root 0 0 00:00:00 149-14:30:10 11 [rcuob/0]
- root 0 0 00:00:00 149-14:30:10 12 [rcuob/1]
- root 0 0 00:01:22 149-14:30:10 13 [migration/0]
- root 0 0 00:00:42 149-14:30:10 14 [watchdog/0]
- root 0 0 00:00:36 149-14:30:10 15 [watchdog/1]
- root 0 0 00:01:21 149-14:30:10 16 [migration/1]
- root 0 0 00:00:09 149-14:30:10 17 [ksoftirqd/1]
- root 0 0 00:00:00 149-14:30:10 19 [kworker/1:0H]
- root 0 0 00:00:00 149-14:30:10 20 [khelper]
- root 0 0 00:00:00 149-14:30:10 21 [kdevtmpfs]
- root 0 0 00:00:00 149-14:30:10 22 [netns]
- root 0 0 00:00:00 149-14:30:10 23 [writeback]
- root 0 0 00:00:00 149-14:30:10 24 [kintegrityd]
- root 0 0 00:00:00 149-14:30:10 25 [bioset]
- root 0 0 00:00:00 149-14:30:10 27 [kblockd]
- root 0 0 00:00:00 149-14:30:10 28 [ata_sff]
- root 0 0 00:00:00 149-14:30:10 29 [khubd]
- root 0 0 00:00:00 149-14:30:10 30 [md]
- root 0 0 00:00:00 149-14:30:10 31 [devfreq_wq]
- root 0 0 00:04:35 149-14:30:10 32 [kworker/0:1]
- root 0 0 00:07:36 149-14:30:10 33 [kworker/1:1]
- root 0 0 00:00:05 149-14:30:10 35 [khungtaskd]
- root 0 0 00:13:17 149-14:30:10 36 [kswapd0]
- root 0 0 00:00:00 149-14:30:10 37 [vmstat]
- root 0 0 00:00:00 149-14:30:10 38 [ksmd]
- root 0 0 00:01:05 149-14:30:10 39 [khugepaged]
- root 0 0 00:00:00 149-14:30:10 40 [fsnotify_mark]
- root 0 0 00:00:00 149-14:30:10 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 149-14:30:10 42 [crypto]
- root 0 0 00:00:00 149-14:30:10 54 [kthrotld]
- root 0 0 00:00:00 149-14:30:10 56 [scsi_eh_0]
- root 0 0 00:00:00 149-14:30:10 57 [scsi_eh_1]
- root 0 0 00:00:00 149-14:30:10 78 [deferwq]
- root 0 0 00:00:00 149-14:30:10 79 [charger_manager]
- root 0 0 00:00:00 149-14:30:10 124 [kpsmoused]
- root 0 0 00:00:00 149-14:30:10 125 [mpt_poll_0]
- root 0 0 00:00:00 149-14:30:10 126 [mpt/0]
- root 0 0 00:00:00 149-14:30:09 127 [scsi_eh_2]
- root 0 0 00:00:00 149-14:30:09 128 [ttm_swap]
- root 0 0 00:04:12 149-14:30:04 178 [jbd2/sda1-8]
- root 0 0 00:00:00 149-14:30:04 179 [ext4-rsv-conver]
- root 28808 1136 00:00:00 149-14:30:04 216 mountall --daemon
- root 19608 616 00:00:00 149-14:30:04 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 149-14:30:04 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 892 00:00:00 149-14:30:04 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 149-14:30:04 432 /lib/systemd/systemd-logind
- syslog 269660 1332 00:01:04 149-14:30:04 435 rsyslogd
- root 15804 920 00:00:00 149-14:30:03 671 upstart-file-bridge --daemon
- root 165340 2396 00:04:26 149-14:30:03 687 sssd -i -f
- root 15260 568 00:00:00 149-14:30:03 697 upstart-socket-bridge --daemon
- root 180020 7264 00:43:03 149-14:30:03 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151240 3196 00:14:44 149-14:30:03 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137316 3136 00:02:34 149-14:30:03 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2292 00:02:18 149-14:30:03 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 149-14:30:03 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 149-14:30:03 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 149-14:30:03 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 149-14:30:03 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 149-14:30:03 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:02:10 149-14:30:03 845 /usr/sbin/sshd -D
- root 25896 908 00:00:55 149-14:30:03 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:19 149-14:30:03 851 cron
- daemon 35128 188 00:00:00 149-14:30:03 853 atd
- whoopsie 344444 2036 00:00:28 149-14:30:02 860 whoopsie
- root 4368 520 00:00:00 149-14:30:02 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:13:55 149-14:30:02 883 /usr/sbin/irqbalance
- mysql 632796 172124 04:32:40 149-14:30:02 1063 /usr/sbin/mysqld
- Debian-exim 63920 892 00:00:02 149-14:30:02 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 1916 00:00:22 149-14:30:00 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 254252 03:54:11 149-14:30:00 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 192452 16796 04:23:35 149-14:30:00 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 149-14:29:59 1728 /sbin/getty -8 38400 tty1
2:name=systemd:/user/5028.user/2.session www-data 374652 17720 00:00:00 19:43:35 3891 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373388 14068 00:00:00 19:43:35 3892 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375164 19372 00:00:00 19:43:35 3893 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374428 17300 00:00:00 19:43:35 3894 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373356 14088 00:00:00 19:43:35 3895 /usr/sbin/apache2 -k start
- root 99204 1576 00:00:00 29:03 5000 CRON
- root 4444 636 00:00:00 29:03 5001 /bin/sh -c /etc/backup/SVN_backup.sh > /var/log/cron/backup_svn.log
- root 4444 712 00:00:00 29:03 5002 /bin/sh /etc/backup/SVN_backup.sh
- root 0 0 00:00:00 14:54 8167 [kworker/u4:0]
- root 67768 23128 00:00:43 14:21 8365 /usr/bin/svnadmin dump --deltas --quiet /var/svn/repository/happening
- root 13768 7756 00:13:20 14:21 8366 bzip2 --compress --stdout
- root 0 0 00:00:00 09:46 9063 [kworker/u4:1]
- root 0 0 00:00:00 02:28 10038 [kworker/u4:2]
- root 34636 3056 00:00:00 00:00 10407 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:00 10429 /bin/bash /usr/bin/check_mk_agent
- root 34644 1892 00:00:00 00:00 10430 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 10431 cat
- root 34708 1932 00:00:00 00:00 10465 /bin/bash /usr/bin/check_mk_agent
- root 31008 1456 00:00:00 00:00 10466 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 10467 tr -s 
- root 91792 2624 01:58:03 149-14:29:38 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 149-14:29:37 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 149-14:28:05 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 373388 14020 00:00:00 18:05:43 17768 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374140 16100 00:00:00 18:01:41 18334 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 73-09:54:52 23423 [kworker/1:0]
2:name=systemd:/user/5028.user/2.session www-data 373388 13928 00:00:00 13:44:48 23482 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373388 13996 00:00:00 13:43:57 23620 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373388 13836 00:00:00 13:43:54 23622 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 91-01:24:33 24186 [kworker/u5:0]
- root 0 0 00:00:00 29-19:37:04 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session root 371036 19972 00:04:06 102-13:20:01 29938 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-12-02 01:29

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ce3e36a795

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1732926948
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2648 00:00:18 147-13:36:55 1 /sbin/init
- root 0 0 00:00:00 147-13:36:55 2 [kthreadd]
- root 0 0 00:00:15 147-13:36:55 3 [ksoftirqd/0]
- root 0 0 00:00:00 147-13:36:55 4 [kworker/0:0]
- root 0 0 00:00:00 147-13:36:55 5 [kworker/0:0H]
- root 0 0 00:07:23 147-13:36:55 7 [rcu_sched]
- root 0 0 00:06:45 147-13:36:55 8 [rcuos/0]
- root 0 0 00:06:26 147-13:36:55 9 [rcuos/1]
- root 0 0 00:00:00 147-13:36:55 10 [rcu_bh]
- root 0 0 00:00:00 147-13:36:55 11 [rcuob/0]
- root 0 0 00:00:00 147-13:36:55 12 [rcuob/1]
- root 0 0 00:01:21 147-13:36:55 13 [migration/0]
- root 0 0 00:00:42 147-13:36:55 14 [watchdog/0]
- root 0 0 00:00:35 147-13:36:55 15 [watchdog/1]
- root 0 0 00:01:20 147-13:36:55 16 [migration/1]
- root 0 0 00:00:09 147-13:36:55 17 [ksoftirqd/1]
- root 0 0 00:00:00 147-13:36:55 19 [kworker/1:0H]
- root 0 0 00:00:00 147-13:36:55 20 [khelper]
- root 0 0 00:00:00 147-13:36:55 21 [kdevtmpfs]
- root 0 0 00:00:00 147-13:36:55 22 [netns]
- root 0 0 00:00:00 147-13:36:55 23 [writeback]
- root 0 0 00:00:00 147-13:36:55 24 [kintegrityd]
- root 0 0 00:00:00 147-13:36:55 25 [bioset]
- root 0 0 00:00:00 147-13:36:55 27 [kblockd]
- root 0 0 00:00:00 147-13:36:55 28 [ata_sff]
- root 0 0 00:00:00 147-13:36:55 29 [khubd]
- root 0 0 00:00:00 147-13:36:55 30 [md]
- root 0 0 00:00:00 147-13:36:55 31 [devfreq_wq]
- root 0 0 00:04:31 147-13:36:55 32 [kworker/0:1]
- root 0 0 00:07:30 147-13:36:55 33 [kworker/1:1]
- root 0 0 00:00:05 147-13:36:55 35 [khungtaskd]
- root 0 0 00:13:04 147-13:36:55 36 [kswapd0]
- root 0 0 00:00:00 147-13:36:55 37 [vmstat]
- root 0 0 00:00:00 147-13:36:55 38 [ksmd]
- root 0 0 00:01:04 147-13:36:55 39 [khugepaged]
- root 0 0 00:00:00 147-13:36:55 40 [fsnotify_mark]
- root 0 0 00:00:00 147-13:36:55 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 147-13:36:55 42 [crypto]
- root 0 0 00:00:00 147-13:36:55 54 [kthrotld]
- root 0 0 00:00:00 147-13:36:55 56 [scsi_eh_0]
- root 0 0 00:00:00 147-13:36:55 57 [scsi_eh_1]
- root 0 0 00:00:00 147-13:36:55 78 [deferwq]
- root 0 0 00:00:00 147-13:36:55 79 [charger_manager]
- root 0 0 00:00:00 147-13:36:55 124 [kpsmoused]
- root 0 0 00:00:00 147-13:36:55 125 [mpt_poll_0]
- root 0 0 00:00:00 147-13:36:55 126 [mpt/0]
- root 0 0 00:00:00 147-13:36:54 127 [scsi_eh_2]
- root 0 0 00:00:00 147-13:36:54 128 [ttm_swap]
- root 0 0 00:04:07 147-13:36:49 178 [jbd2/sda1-8]
- root 0 0 00:00:00 147-13:36:49 179 [ext4-rsv-conver]
- root 28808 992 00:00:00 147-13:36:49 216 mountall --daemon
- root 19608 660 00:00:00 147-13:36:49 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 147-13:36:49 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1060 00:00:00 147-13:36:49 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 147-13:36:49 432 /lib/systemd/systemd-logind
- syslog 269660 1208 00:01:03 147-13:36:49 435 rsyslogd
- root 15804 1000 00:00:00 147-13:36:48 671 upstart-file-bridge --daemon
- root 165340 2396 00:04:22 147-13:36:48 687 sssd -i -f
- root 15260 660 00:00:00 147-13:36:48 697 upstart-socket-bridge --daemon
- root 180020 7420 00:42:39 147-13:36:48 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151240 3612 00:14:32 147-13:36:48 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137316 3112 00:02:32 147-13:36:48 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2320 00:02:16 147-13:36:48 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 147-13:36:48 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 147-13:36:48 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 147-13:36:48 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 147-13:36:48 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 147-13:36:48 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:02:06 147-13:36:48 845 /usr/sbin/sshd -D
- root 25896 908 00:00:54 147-13:36:48 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:18 147-13:36:48 851 cron
- daemon 35128 188 00:00:00 147-13:36:48 853 atd
- whoopsie 344444 2080 00:00:28 147-13:36:47 860 whoopsie
- root 4368 520 00:00:00 147-13:36:47 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:13:44 147-13:36:47 883 /usr/sbin/irqbalance
- mysql 632796 173924 04:28:59 147-13:36:47 1063 /usr/sbin/mysqld
- Debian-exim 63920 928 00:00:02 147-13:36:47 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2148 00:00:22 147-13:36:45 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 251940 03:51:01 147-13:36:45 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 192452 16556 04:16:05 147-13:36:45 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 147-13:36:44 1728 /sbin/getty -8 38400 tty1
2:name=systemd:/user/5028.user/2.session www-data 374124 17436 00:00:00 1-23:38:30 5860 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374092 17504 00:00:00 1-23:38:11 5861 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 35:33 11445 [kworker/u4:2]
- root 91792 2624 01:56:29 147-13:36:23 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 147-13:36:22 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 147-13:34:50 11727 [kauditd]
- root 0 0 00:00:00 27:52 12524 [kworker/u4:0]
- root 34636 3052 00:00:00 00:00 16417 /bin/bash /usr/bin/check_mk_agent
- root 34736 2408 00:00:00 00:00 16443 /bin/bash /usr/bin/check_mk_agent
- root 34644 1888 00:00:00 00:00 16444 /bin/bash /usr/bin/check_mk_agent
- root 8904 584 00:00:00 00:00 16446 cat
- root 34708 1928 00:00:00 00:00 16479 /bin/bash /usr/bin/check_mk_agent
- root 31008 1452 00:00:00 00:00 16480 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 592 00:00:00 00:00 16481 tr -s 
- root 0 0 00:00:00 71-09:01:37 23423 [kworker/1:0]
- root 0 0 00:00:00 89-00:31:18 24186 [kworker/u5:0]
2:name=systemd:/user/5028.user/2.session www-data 377648 21992 00:00:03 4-11:12:34 26437 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374324 17644 00:00:00 4-11:12:31 26580 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374460 17800 00:00:00 4-19:02:50 26927 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374412 19996 00:00:00 4-19:02:50 26931 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377620 21808 00:00:03 4-19:00:45 27248 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 27-18:43:49 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session root 370892 18324 00:04:01 100-12:26:46 29938 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 379944 25896 00:00:03 4-18:41:01 29963 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377600 21848 00:00:03 4-18:39:59 30099 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377472 21792 00:00:03 4-18:39:20 30234 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-11-30 00:35

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ce79a53702

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1732753491
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2456 00:00:18 145-13:25:58 1 /sbin/init
- root 0 0 00:00:00 145-13:25:58 2 [kthreadd]
- root 0 0 00:00:15 145-13:25:58 3 [ksoftirqd/0]
- root 0 0 00:00:00 145-13:25:58 4 [kworker/0:0]
- root 0 0 00:00:00 145-13:25:58 5 [kworker/0:0H]
- root 0 0 00:07:17 145-13:25:58 7 [rcu_sched]
- root 0 0 00:06:39 145-13:25:58 8 [rcuos/0]
- root 0 0 00:06:21 145-13:25:58 9 [rcuos/1]
- root 0 0 00:00:00 145-13:25:58 10 [rcu_bh]
- root 0 0 00:00:00 145-13:25:58 11 [rcuob/0]
- root 0 0 00:00:00 145-13:25:58 12 [rcuob/1]
- root 0 0 00:01:20 145-13:25:58 13 [migration/0]
- root 0 0 00:00:41 145-13:25:58 14 [watchdog/0]
- root 0 0 00:00:35 145-13:25:58 15 [watchdog/1]
- root 0 0 00:01:19 145-13:25:58 16 [migration/1]
- root 0 0 00:00:09 145-13:25:58 17 [ksoftirqd/1]
- root 0 0 00:00:00 145-13:25:58 19 [kworker/1:0H]
- root 0 0 00:00:00 145-13:25:58 20 [khelper]
- root 0 0 00:00:00 145-13:25:58 21 [kdevtmpfs]
- root 0 0 00:00:00 145-13:25:58 22 [netns]
- root 0 0 00:00:00 145-13:25:58 23 [writeback]
- root 0 0 00:00:00 145-13:25:58 24 [kintegrityd]
- root 0 0 00:00:00 145-13:25:58 25 [bioset]
- root 0 0 00:00:00 145-13:25:58 27 [kblockd]
- root 0 0 00:00:00 145-13:25:58 28 [ata_sff]
- root 0 0 00:00:00 145-13:25:58 29 [khubd]
- root 0 0 00:00:00 145-13:25:58 30 [md]
- root 0 0 00:00:00 145-13:25:58 31 [devfreq_wq]
- root 0 0 00:04:27 145-13:25:58 32 [kworker/0:1]
- root 0 0 00:07:24 145-13:25:58 33 [kworker/1:1]
- root 0 0 00:00:05 145-13:25:58 35 [khungtaskd]
- root 0 0 00:12:54 145-13:25:58 36 [kswapd0]
- root 0 0 00:00:00 145-13:25:58 37 [vmstat]
- root 0 0 00:00:00 145-13:25:58 38 [ksmd]
- root 0 0 00:01:03 145-13:25:58 39 [khugepaged]
- root 0 0 00:00:00 145-13:25:58 40 [fsnotify_mark]
- root 0 0 00:00:00 145-13:25:58 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 145-13:25:58 42 [crypto]
- root 0 0 00:00:00 145-13:25:58 54 [kthrotld]
- root 0 0 00:00:00 145-13:25:58 56 [scsi_eh_0]
- root 0 0 00:00:00 145-13:25:58 57 [scsi_eh_1]
- root 0 0 00:00:00 145-13:25:58 78 [deferwq]
- root 0 0 00:00:00 145-13:25:58 79 [charger_manager]
- root 0 0 00:00:00 145-13:25:58 124 [kpsmoused]
- root 0 0 00:00:00 145-13:25:58 125 [mpt_poll_0]
- root 0 0 00:00:00 145-13:25:58 126 [mpt/0]
- root 0 0 00:00:00 145-13:25:57 127 [scsi_eh_2]
- root 0 0 00:00:00 145-13:25:57 128 [ttm_swap]
- root 0 0 00:04:04 145-13:25:52 178 [jbd2/sda1-8]
- root 0 0 00:00:00 145-13:25:52 179 [ext4-rsv-conver]
- root 28808 1004 00:00:00 145-13:25:52 216 mountall --daemon
- root 19608 664 00:00:00 145-13:25:52 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 145-13:25:52 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1172 00:00:00 145-13:25:52 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 145-13:25:52 432 /lib/systemd/systemd-logind
- syslog 269660 1232 00:01:02 145-13:25:52 435 rsyslogd
- root 15804 1028 00:00:00 145-13:25:51 671 upstart-file-bridge --daemon
- root 165340 2396 00:04:18 145-13:25:51 687 sssd -i -f
- root 15260 472 00:00:00 145-13:25:51 697 upstart-socket-bridge --daemon
- root 180020 7424 00:42:12 145-13:25:51 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151240 3612 00:14:21 145-13:25:51 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137316 3004 00:02:30 145-13:25:51 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2376 00:02:14 145-13:25:51 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 145-13:25:51 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 145-13:25:51 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 145-13:25:51 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 145-13:25:51 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 145-13:25:51 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:02:04 145-13:25:51 845 /usr/sbin/sshd -D
- root 25896 908 00:00:54 145-13:25:51 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:18 145-13:25:51 851 cron
- daemon 35128 208 00:00:00 145-13:25:51 853 atd
- whoopsie 344444 2104 00:00:27 145-13:25:50 860 whoopsie
- root 4368 520 00:00:00 145-13:25:50 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:13:33 145-13:25:50 883 /usr/sbin/irqbalance
- mysql 632796 173956 04:25:21 145-13:25:50 1063 /usr/sbin/mysqld
- root 34636 3056 00:00:00 00:01 1117 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:01 1139 /bin/bash /usr/bin/check_mk_agent
- root 34644 1892 00:00:00 00:01 1140 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:01 1143 cat
- root 34708 1932 00:00:00 00:00 1175 /bin/bash /usr/bin/check_mk_agent
- root 31008 1444 00:00:00 00:00 1176 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 1177 tr -s 
- Debian-exim 63920 928 00:00:02 145-13:25:50 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2152 00:00:22 145-13:25:48 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 258856 03:47:57 145-13:25:48 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 192196 16472 04:08:48 145-13:25:48 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 145-13:25:47 1728 /sbin/getty -8 38400 tty1
- root 91792 2624 01:54:55 145-13:25:26 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 145-13:25:25 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 145-13:23:53 11727 [kauditd]
- root 0 0 00:00:00 69-08:50:40 23423 [kworker/1:0]
- root 0 0 00:00:00 87-00:20:21 24186 [kworker/u5:0]
- root 0 0 00:00:00 59:14 25291 [kworker/u4:0]
2:name=systemd:/user/5028.user/2.session www-data 377128 18212 00:00:00 2-11:01:37 26437 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374812 20260 00:00:00 2-11:01:35 26441 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373340 14056 00:00:00 2-11:01:34 26580 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374228 17640 00:00:00 2-18:51:53 26927 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373364 14136 00:00:00 2-18:51:53 26930 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373460 14164 00:00:00 2-18:51:53 26931 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374180 17584 00:00:00 2-18:49:48 27248 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 25-18:32:52 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session root 370892 18492 00:03:56 98-12:15:49 29938 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375188 21648 00:00:00 2-18:30:04 29963 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373324 14104 00:00:00 2-18:29:02 30099 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373332 14196 00:00:00 2-18:28:23 30234 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 16:20 31274 [kworker/u4:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-11-28 00:24

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169cef3fdefe7

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1732578818
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2580 00:00:18 143-12:54:45 1 /sbin/init
- root 0 0 00:00:00 143-12:54:45 2 [kthreadd]
- root 0 0 00:00:15 143-12:54:45 3 [ksoftirqd/0]
- root 0 0 00:00:00 143-12:54:45 4 [kworker/0:0]
- root 0 0 00:00:00 143-12:54:45 5 [kworker/0:0H]
- root 0 0 00:07:11 143-12:54:45 7 [rcu_sched]
- root 0 0 00:06:34 143-12:54:45 8 [rcuos/0]
- root 0 0 00:06:16 143-12:54:45 9 [rcuos/1]
- root 0 0 00:00:00 143-12:54:45 10 [rcu_bh]
- root 0 0 00:00:00 143-12:54:45 11 [rcuob/0]
- root 0 0 00:00:00 143-12:54:45 12 [rcuob/1]
- root 0 0 00:01:19 143-12:54:45 13 [migration/0]
- root 0 0 00:00:40 143-12:54:45 14 [watchdog/0]
- root 0 0 00:00:34 143-12:54:45 15 [watchdog/1]
- root 0 0 00:01:18 143-12:54:45 16 [migration/1]
- root 0 0 00:00:08 143-12:54:45 17 [ksoftirqd/1]
- root 0 0 00:00:00 143-12:54:45 19 [kworker/1:0H]
- root 0 0 00:00:00 143-12:54:45 20 [khelper]
- root 0 0 00:00:00 143-12:54:45 21 [kdevtmpfs]
- root 0 0 00:00:00 143-12:54:45 22 [netns]
- root 0 0 00:00:00 143-12:54:45 23 [writeback]
- root 0 0 00:00:00 143-12:54:45 24 [kintegrityd]
- root 0 0 00:00:00 143-12:54:45 25 [bioset]
- root 0 0 00:00:00 143-12:54:45 27 [kblockd]
- root 0 0 00:00:00 143-12:54:45 28 [ata_sff]
- root 0 0 00:00:00 143-12:54:45 29 [khubd]
- root 0 0 00:00:00 143-12:54:45 30 [md]
- root 0 0 00:00:00 143-12:54:45 31 [devfreq_wq]
- root 0 0 00:04:23 143-12:54:45 32 [kworker/0:1]
- root 0 0 00:07:18 143-12:54:45 33 [kworker/1:1]
- root 0 0 00:00:04 143-12:54:45 35 [khungtaskd]
- root 0 0 00:12:43 143-12:54:45 36 [kswapd0]
- root 0 0 00:00:00 143-12:54:45 37 [vmstat]
- root 0 0 00:00:00 143-12:54:45 38 [ksmd]
- root 0 0 00:01:02 143-12:54:45 39 [khugepaged]
- root 0 0 00:00:00 143-12:54:45 40 [fsnotify_mark]
- root 0 0 00:00:00 143-12:54:45 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 143-12:54:45 42 [crypto]
- root 0 0 00:00:00 143-12:54:45 54 [kthrotld]
- root 0 0 00:00:00 143-12:54:45 56 [scsi_eh_0]
- root 0 0 00:00:00 143-12:54:45 57 [scsi_eh_1]
- root 0 0 00:00:00 143-12:54:45 78 [deferwq]
- root 0 0 00:00:00 143-12:54:45 79 [charger_manager]
- root 0 0 00:00:00 143-12:54:45 124 [kpsmoused]
- root 0 0 00:00:00 143-12:54:45 125 [mpt_poll_0]
- root 0 0 00:00:00 143-12:54:45 126 [mpt/0]
- root 0 0 00:00:00 143-12:54:44 127 [scsi_eh_2]
- root 0 0 00:00:00 143-12:54:44 128 [ttm_swap]
- root 0 0 00:04:00 143-12:54:39 178 [jbd2/sda1-8]
- root 0 0 00:00:00 143-12:54:39 179 [ext4-rsv-conver]
- root 28808 1040 00:00:00 143-12:54:39 216 mountall --daemon
- root 19608 692 00:00:00 143-12:54:39 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 143-12:54:39 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1288 00:00:00 143-12:54:39 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 143-12:54:39 432 /lib/systemd/systemd-logind
- syslog 269660 1260 00:01:01 143-12:54:39 435 rsyslogd
- root 15804 1080 00:00:00 143-12:54:38 671 upstart-file-bridge --daemon
- root 165340 2396 00:04:15 143-12:54:38 687 sssd -i -f
- root 15260 532 00:00:00 143-12:54:38 697 upstart-socket-bridge --daemon
- root 180020 7536 00:41:43 143-12:54:38 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151240 3424 00:14:10 143-12:54:38 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137168 3044 00:02:27 143-12:54:38 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2204 00:02:12 143-12:54:38 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 143-12:54:38 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 143-12:54:38 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 143-12:54:38 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 143-12:54:38 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 143-12:54:38 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:02:02 143-12:54:38 845 /usr/sbin/sshd -D
- root 25896 908 00:00:53 143-12:54:38 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:18 143-12:54:38 851 cron
- daemon 35128 232 00:00:00 143-12:54:38 853 atd
- whoopsie 344444 2128 00:00:27 143-12:54:37 860 whoopsie
- root 4368 520 00:00:00 143-12:54:37 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:13:21 143-12:54:37 883 /usr/sbin/irqbalance
- mysql 632796 173920 04:21:41 143-12:54:37 1063 /usr/sbin/mysqld
- Debian-exim 63920 928 00:00:02 143-12:54:37 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2148 00:00:21 143-12:54:35 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 256916 03:44:40 143-12:54:35 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 192196 16332 04:01:24 143-12:54:35 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 143-12:54:34 1728 /sbin/getty -8 38400 tty1
- root 0 0 00:00:00 36:56 10899 [kworker/u4:0]
- root 91792 2624 01:53:19 143-12:54:13 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 143-12:54:12 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 143-12:52:40 11727 [kauditd]
- root 0 0 00:00:00 05:30 15103 [kworker/u4:1]
- root 34636 3060 00:00:00 00:00 16014 /bin/bash /usr/bin/check_mk_agent
- root 34736 2416 00:00:00 00:00 16040 /bin/bash /usr/bin/check_mk_agent
- root 34644 1896 00:00:00 00:00 16041 /bin/bash /usr/bin/check_mk_agent
- root 8904 584 00:00:00 00:00 16042 cat
- root 34708 1936 00:00:00 00:00 16076 /bin/bash /usr/bin/check_mk_agent
- root 31008 1452 00:00:00 00:00 16077 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 592 00:00:00 00:00 16078 tr -s 
- root 0 0 00:00:00 67-08:19:27 23423 [kworker/1:0]
- root 0 0 00:00:00 84-23:49:08 24186 [kworker/u5:0]
2:name=systemd:/user/5028.user/2.session www-data 373188 14188 00:00:00 10:30:24 26437 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373196 14276 00:00:00 10:30:22 26441 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373188 14128 00:00:00 10:30:21 26580 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373348 14572 00:00:00 18:20:40 26927 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373364 14352 00:00:00 18:20:40 26930 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373328 14372 00:00:00 18:20:40 26931 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373364 14332 00:00:00 18:18:35 27248 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 23-18:01:39 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session root 370892 24316 00:03:51 96-11:44:36 29938 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373332 14376 00:00:00 17:58:51 29963 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373324 14424 00:00:00 17:57:49 30099 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373324 14336 00:00:00 17:57:10 30234 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-11-25 23:53

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169cef2bc4269

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1732405428
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2488 00:00:17 141-12:44:54 1 /sbin/init
- root 0 0 00:00:00 141-12:44:54 2 [kthreadd]
- root 0 0 00:00:15 141-12:44:54 3 [ksoftirqd/0]
- root 0 0 00:00:00 141-12:44:54 4 [kworker/0:0]
- root 0 0 00:00:00 141-12:44:54 5 [kworker/0:0H]
- root 0 0 00:07:06 141-12:44:54 7 [rcu_sched]
- root 0 0 00:06:28 141-12:44:54 8 [rcuos/0]
- root 0 0 00:06:11 141-12:44:54 9 [rcuos/1]
- root 0 0 00:00:00 141-12:44:54 10 [rcu_bh]
- root 0 0 00:00:00 141-12:44:54 11 [rcuob/0]
- root 0 0 00:00:00 141-12:44:54 12 [rcuob/1]
- root 0 0 00:01:18 141-12:44:54 13 [migration/0]
- root 0 0 00:00:40 141-12:44:54 14 [watchdog/0]
- root 0 0 00:00:34 141-12:44:54 15 [watchdog/1]
- root 0 0 00:01:17 141-12:44:54 16 [migration/1]
- root 0 0 00:00:08 141-12:44:54 17 [ksoftirqd/1]
- root 0 0 00:00:00 141-12:44:54 19 [kworker/1:0H]
- root 0 0 00:00:00 141-12:44:54 20 [khelper]
- root 0 0 00:00:00 141-12:44:54 21 [kdevtmpfs]
- root 0 0 00:00:00 141-12:44:54 22 [netns]
- root 0 0 00:00:00 141-12:44:54 23 [writeback]
- root 0 0 00:00:00 141-12:44:54 24 [kintegrityd]
- root 0 0 00:00:00 141-12:44:54 25 [bioset]
- root 0 0 00:00:00 141-12:44:54 27 [kblockd]
- root 0 0 00:00:00 141-12:44:54 28 [ata_sff]
- root 0 0 00:00:00 141-12:44:54 29 [khubd]
- root 0 0 00:00:00 141-12:44:54 30 [md]
- root 0 0 00:00:00 141-12:44:54 31 [devfreq_wq]
- root 0 0 00:04:18 141-12:44:54 32 [kworker/0:1]
- root 0 0 00:07:13 141-12:44:54 33 [kworker/1:1]
- root 0 0 00:00:04 141-12:44:54 35 [khungtaskd]
- root 0 0 00:12:32 141-12:44:54 36 [kswapd0]
- root 0 0 00:00:00 141-12:44:54 37 [vmstat]
- root 0 0 00:00:00 141-12:44:54 38 [ksmd]
- root 0 0 00:01:02 141-12:44:54 39 [khugepaged]
- root 0 0 00:00:00 141-12:44:54 40 [fsnotify_mark]
- root 0 0 00:00:00 141-12:44:54 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 141-12:44:54 42 [crypto]
- root 0 0 00:00:00 141-12:44:54 54 [kthrotld]
- root 0 0 00:00:00 141-12:44:54 56 [scsi_eh_0]
- root 0 0 00:00:00 141-12:44:54 57 [scsi_eh_1]
- root 0 0 00:00:00 141-12:44:54 78 [deferwq]
- root 0 0 00:00:00 141-12:44:54 79 [charger_manager]
- root 0 0 00:00:00 141-12:44:54 124 [kpsmoused]
- root 0 0 00:00:00 141-12:44:54 125 [mpt_poll_0]
- root 0 0 00:00:00 141-12:44:54 126 [mpt/0]
- root 0 0 00:00:00 141-12:44:53 127 [scsi_eh_2]
- root 0 0 00:00:00 141-12:44:53 128 [ttm_swap]
- root 0 0 00:03:57 141-12:44:48 178 [jbd2/sda1-8]
- root 0 0 00:00:00 141-12:44:48 179 [ext4-rsv-conver]
- root 28808 1084 00:00:00 141-12:44:48 216 mountall --daemon
- root 19608 728 00:00:00 141-12:44:48 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 141-12:44:48 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1152 00:00:00 141-12:44:48 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 141-12:44:48 432 /lib/systemd/systemd-logind
- syslog 269660 1280 00:01:00 141-12:44:48 435 rsyslogd
2:name=systemd:/user/5028.user/2.session www-data 377756 20700 00:00:00 6-03:00:58 529 /usr/sbin/apache2 -k start
- root 15804 920 00:00:00 141-12:44:47 671 upstart-file-bridge --daemon
- root 165340 2396 00:04:11 141-12:44:47 687 sssd -i -f
- root 15260 600 00:00:00 141-12:44:47 697 upstart-socket-bridge --daemon
- root 180020 7524 00:41:17 141-12:44:47 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151240 3568 00:13:58 141-12:44:47 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137168 3032 00:02:25 141-12:44:47 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2260 00:02:10 141-12:44:47 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 141-12:44:47 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 141-12:44:47 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 141-12:44:47 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 141-12:44:47 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 141-12:44:47 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:02:00 141-12:44:47 845 /usr/sbin/sshd -D
- root 25896 908 00:00:52 141-12:44:47 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:18 141-12:44:47 851 cron
- daemon 35128 256 00:00:00 141-12:44:47 853 atd
- whoopsie 344444 1984 00:00:26 141-12:44:46 860 whoopsie
- root 4368 520 00:00:00 141-12:44:46 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:13:11 141-12:44:46 883 /usr/sbin/irqbalance
- mysql 632796 174040 04:18:01 141-12:44:46 1063 /usr/sbin/mysqld
- root 0 0 00:00:00 02:06 1165 [kworker/u4:2]
- Debian-exim 63920 928 00:00:02 141-12:44:46 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2148 00:00:21 141-12:44:44 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 34636 3052 00:00:00 00:00 1555 /bin/bash /usr/bin/check_mk_agent
- root 34736 2408 00:00:00 00:00 1582 /bin/bash /usr/bin/check_mk_agent
- root 34644 1888 00:00:00 00:00 1583 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 1585 cat
- root 3601096 253780 03:41:31 141-12:44:44 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 34708 1928 00:00:00 00:00 1619 /bin/bash /usr/bin/check_mk_agent
- root 31008 1452 00:00:00 00:00 1620 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 1621 tr -s 
- root 191940 16132 03:54:19 141-12:44:44 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 141-12:44:43 1728 /sbin/getty -8 38400 tty1
2:name=systemd:/user/5028.user/2.session www-data 377728 21208 00:00:01 6-18:00:45 6687 /usr/sbin/apache2 -k start
- root 91792 2624 01:51:44 141-12:44:22 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 141-12:44:21 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 141-12:42:49 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 377844 21848 00:00:01 6-05:32:59 12269 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 65-08:09:36 23423 [kworker/1:0]
- root 0 0 00:00:00 82-23:39:17 24186 [kworker/u5:0]
2:name=systemd:/user/5028.user/2.session www-data 377808 21700 00:00:00 5-12:44:46 24346 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 378464 23160 00:00:00 5-12:44:38 24358 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377556 18356 00:00:00 5-12:44:31 24496 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 56:16 26072 [kworker/u4:1]
2:name=systemd:/user/5028.user/2.session www-data 375296 20360 00:00:00 20:26:40 26765 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373076 14160 00:00:00 20:26:39 26775 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373920 17584 00:00:00 20:26:39 26776 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 21-17:51:48 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session www-data 373372 14056 00:00:00 3-13:51:59 29857 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session root 370752 18044 00:03:46 94-11:34:45 29938 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 17:09 31444 [kworker/u4:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-11-23 23:43

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169cea8cb6b09

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1732228430
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2528 00:00:17 139-11:34:57 1 /sbin/init
- root 0 0 00:00:00 139-11:34:57 2 [kthreadd]
- root 0 0 00:00:14 139-11:34:57 3 [ksoftirqd/0]
- root 0 0 00:00:00 139-11:34:57 4 [kworker/0:0]
- root 0 0 00:00:00 139-11:34:57 5 [kworker/0:0H]
- root 0 0 00:07:00 139-11:34:57 7 [rcu_sched]
- root 0 0 00:06:23 139-11:34:57 8 [rcuos/0]
- root 0 0 00:06:07 139-11:34:57 9 [rcuos/1]
- root 0 0 00:00:00 139-11:34:57 10 [rcu_bh]
- root 0 0 00:00:00 139-11:34:57 11 [rcuob/0]
- root 0 0 00:00:00 139-11:34:57 12 [rcuob/1]
- root 0 0 00:01:17 139-11:34:57 13 [migration/0]
- root 0 0 00:00:39 139-11:34:57 14 [watchdog/0]
- root 0 0 00:00:33 139-11:34:57 15 [watchdog/1]
- root 0 0 00:01:16 139-11:34:57 16 [migration/1]
- root 0 0 00:00:08 139-11:34:57 17 [ksoftirqd/1]
- root 0 0 00:00:00 139-11:34:57 19 [kworker/1:0H]
- root 0 0 00:00:00 139-11:34:57 20 [khelper]
- root 0 0 00:00:00 139-11:34:57 21 [kdevtmpfs]
- root 0 0 00:00:00 139-11:34:57 22 [netns]
- root 0 0 00:00:00 139-11:34:57 23 [writeback]
- root 0 0 00:00:00 139-11:34:57 24 [kintegrityd]
- root 0 0 00:00:00 139-11:34:57 25 [bioset]
- root 0 0 00:00:00 139-11:34:57 27 [kblockd]
- root 0 0 00:00:00 139-11:34:57 28 [ata_sff]
- root 0 0 00:00:00 139-11:34:57 29 [khubd]
- root 0 0 00:00:00 139-11:34:57 30 [md]
- root 0 0 00:00:00 139-11:34:57 31 [devfreq_wq]
- root 0 0 00:04:14 139-11:34:57 32 [kworker/0:1]
- root 0 0 00:07:07 139-11:34:57 33 [kworker/1:1]
- root 0 0 00:00:04 139-11:34:57 35 [khungtaskd]
- root 0 0 00:12:22 139-11:34:57 36 [kswapd0]
- root 0 0 00:00:00 139-11:34:57 37 [vmstat]
- root 0 0 00:00:00 139-11:34:57 38 [ksmd]
- root 0 0 00:01:00 139-11:34:57 39 [khugepaged]
- root 0 0 00:00:00 139-11:34:57 40 [fsnotify_mark]
- root 0 0 00:00:00 139-11:34:57 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 139-11:34:57 42 [crypto]
- root 0 0 00:00:00 139-11:34:57 54 [kthrotld]
- root 0 0 00:00:00 139-11:34:57 56 [scsi_eh_0]
- root 0 0 00:00:00 139-11:34:57 57 [scsi_eh_1]
- root 0 0 00:00:00 139-11:34:57 78 [deferwq]
- root 0 0 00:00:00 139-11:34:57 79 [charger_manager]
- root 0 0 00:00:00 139-11:34:57 124 [kpsmoused]
- root 0 0 00:00:00 139-11:34:57 125 [mpt_poll_0]
- root 0 0 00:00:00 139-11:34:57 126 [mpt/0]
- root 0 0 00:00:00 139-11:34:56 127 [scsi_eh_2]
- root 0 0 00:00:00 139-11:34:56 128 [ttm_swap]
- root 0 0 00:03:53 139-11:34:51 178 [jbd2/sda1-8]
- root 0 0 00:00:00 139-11:34:51 179 [ext4-rsv-conver]
- root 28808 1096 00:00:00 139-11:34:51 216 mountall --daemon
- root 19608 732 00:00:00 139-11:34:51 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 139-11:34:51 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1268 00:00:00 139-11:34:51 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 139-11:34:51 432 /lib/systemd/systemd-logind
- syslog 269660 1312 00:00:59 139-11:34:51 435 rsyslogd
2:name=systemd:/user/5028.user/2.session www-data 377756 20672 00:00:00 4-01:51:01 529 /usr/sbin/apache2 -k start
- root 15804 948 00:00:00 139-11:34:50 671 upstart-file-bridge --daemon
- root 165340 2396 00:04:08 139-11:34:50 687 sssd -i -f
- root 15260 636 00:00:00 139-11:34:50 697 upstart-socket-bridge --daemon
- root 180020 7400 00:40:53 139-11:34:50 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151240 3536 00:13:47 139-11:34:50 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137168 2960 00:02:23 139-11:34:50 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2316 00:02:08 139-11:34:50 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 139-11:34:50 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 139-11:34:50 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 139-11:34:50 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 139-11:34:50 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 139-11:34:50 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:01:58 139-11:34:50 845 /usr/sbin/sshd -D
- root 25896 908 00:00:51 139-11:34:50 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:17 139-11:34:50 851 cron
- daemon 35128 280 00:00:00 139-11:34:50 853 atd
- whoopsie 344444 2016 00:00:26 139-11:34:49 860 whoopsie
- root 4368 520 00:00:00 139-11:34:49 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:13:00 139-11:34:49 883 /usr/sbin/irqbalance
- mysql 632796 173924 04:14:27 139-11:34:49 1063 /usr/sbin/mysqld
- Debian-exim 63920 928 00:00:02 139-11:34:49 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2128 00:00:20 139-11:34:47 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 250796 03:38:22 139-11:34:47 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 191940 15988 03:47:13 139-11:34:47 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 139-11:34:46 1728 /sbin/getty -8 38400 tty1
- root 0 0 00:00:00 48:59 4532 [kworker/u4:0]
2:name=systemd:/user/5028.user/2.session www-data 377692 22452 00:00:00 4-16:50:48 6685 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373924 16068 00:00:00 4-16:50:48 6686 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377728 19836 00:00:00 4-16:50:48 6687 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 07:41 10281 [kworker/u4:2]
- root 34636 3056 00:00:00 00:00 11466 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:00 11488 /bin/bash /usr/bin/check_mk_agent
- root 34644 1884 00:00:00 00:00 11489 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 11492 cat
- root 91792 2624 01:50:09 139-11:34:25 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 139-11:34:24 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 34708 1932 00:00:00 00:00 11528 /bin/bash /usr/bin/check_mk_agent
- root 31008 1456 00:00:00 00:00 11529 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 592 00:00:00 00:00 11530 tr -s 
- root 0 0 00:00:00 139-11:32:52 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 377340 20164 00:00:00 4-04:23:02 12269 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373236 13684 00:00:00 1-18:30:11 13825 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 63-06:59:39 23423 [kworker/1:0]
- root 0 0 00:00:00 80-22:29:20 24186 [kworker/u5:0]
2:name=systemd:/user/5028.user/2.session www-data 377296 18152 00:00:00 3-11:34:49 24346 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377576 19636 00:00:00 3-11:34:41 24358 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377556 18272 00:00:00 3-11:34:34 24496 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 19-16:41:51 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session www-data 373228 13924 00:00:00 1-12:42:02 29857 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session root 370752 18044 00:03:41 92-10:24:48 29938 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-11-21 22:33

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169cef635dfe4

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1732062464
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2604 00:00:17 137-13:28:50 1 /sbin/init
- root 0 0 00:00:00 137-13:28:50 2 [kthreadd]
- root 0 0 00:00:14 137-13:28:50 3 [ksoftirqd/0]
- root 0 0 00:00:00 137-13:28:50 4 [kworker/0:0]
- root 0 0 00:00:00 137-13:28:50 5 [kworker/0:0H]
- root 0 0 00:06:55 137-13:28:50 7 [rcu_sched]
- root 0 0 00:06:18 137-13:28:50 8 [rcuos/0]
- root 0 0 00:06:02 137-13:28:50 9 [rcuos/1]
- root 0 0 00:00:00 137-13:28:50 10 [rcu_bh]
- root 0 0 00:00:00 137-13:28:50 11 [rcuob/0]
- root 0 0 00:00:00 137-13:28:50 12 [rcuob/1]
- root 0 0 00:01:16 137-13:28:50 13 [migration/0]
- root 0 0 00:00:39 137-13:28:50 14 [watchdog/0]
- root 0 0 00:00:33 137-13:28:50 15 [watchdog/1]
- root 0 0 00:01:15 137-13:28:50 16 [migration/1]
- root 0 0 00:00:08 137-13:28:50 17 [ksoftirqd/1]
- root 0 0 00:00:00 137-13:28:50 19 [kworker/1:0H]
- root 0 0 00:00:00 137-13:28:50 20 [khelper]
- root 0 0 00:00:00 137-13:28:50 21 [kdevtmpfs]
- root 0 0 00:00:00 137-13:28:50 22 [netns]
- root 0 0 00:00:00 137-13:28:50 23 [writeback]
- root 0 0 00:00:00 137-13:28:50 24 [kintegrityd]
- root 0 0 00:00:00 137-13:28:50 25 [bioset]
- root 0 0 00:00:00 137-13:28:50 27 [kblockd]
- root 0 0 00:00:00 137-13:28:50 28 [ata_sff]
- root 0 0 00:00:00 137-13:28:50 29 [khubd]
- root 0 0 00:00:00 137-13:28:50 30 [md]
- root 0 0 00:00:00 137-13:28:50 31 [devfreq_wq]
- root 0 0 00:04:10 137-13:28:50 32 [kworker/0:1]
- root 0 0 00:07:01 137-13:28:50 33 [kworker/1:1]
- root 0 0 00:00:04 137-13:28:50 35 [khungtaskd]
- root 0 0 00:12:11 137-13:28:50 36 [kswapd0]
- root 0 0 00:00:00 137-13:28:50 37 [vmstat]
- root 0 0 00:00:00 137-13:28:50 38 [ksmd]
- root 0 0 00:01:00 137-13:28:50 39 [khugepaged]
- root 0 0 00:00:00 137-13:28:50 40 [fsnotify_mark]
- root 0 0 00:00:00 137-13:28:50 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 137-13:28:50 42 [crypto]
- root 0 0 00:00:00 137-13:28:50 54 [kthrotld]
- root 0 0 00:00:00 137-13:28:50 56 [scsi_eh_0]
- root 0 0 00:00:00 137-13:28:50 57 [scsi_eh_1]
- root 0 0 00:00:00 137-13:28:50 78 [deferwq]
- root 0 0 00:00:00 137-13:28:50 79 [charger_manager]
- root 0 0 00:00:00 137-13:28:50 124 [kpsmoused]
- root 0 0 00:00:00 137-13:28:50 125 [mpt_poll_0]
- root 0 0 00:00:00 137-13:28:50 126 [mpt/0]
- root 0 0 00:00:00 137-13:28:49 127 [scsi_eh_2]
- root 0 0 00:00:00 137-13:28:49 128 [ttm_swap]
- root 0 0 00:03:50 137-13:28:44 178 [jbd2/sda1-8]
- root 0 0 00:00:00 137-13:28:44 179 [ext4-rsv-conver]
- root 28808 1108 00:00:00 137-13:28:44 216 mountall --daemon
- root 19608 736 00:00:00 137-13:28:44 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 137-13:28:44 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1136 00:00:00 137-13:28:44 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 137-13:28:44 432 /lib/systemd/systemd-logind
- syslog 269660 1344 00:00:58 137-13:28:44 435 rsyslogd
2:name=systemd:/user/5028.user/2.session www-data 377756 20588 00:00:00 2-03:44:54 529 /usr/sbin/apache2 -k start
- root 15804 976 00:00:00 137-13:28:43 671 upstart-file-bridge --daemon
- root 165340 2396 00:04:04 137-13:28:43 687 sssd -i -f
- root 15260 672 00:00:00 137-13:28:43 697 upstart-socket-bridge --daemon
- root 180020 7400 00:40:31 137-13:28:43 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151092 3408 00:13:37 137-13:28:43 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137168 3008 00:02:21 137-13:28:43 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2344 00:02:06 137-13:28:43 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 137-13:28:43 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 137-13:28:43 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 137-13:28:43 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 137-13:28:43 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 137-13:28:43 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:01:55 137-13:28:43 845 /usr/sbin/sshd -D
- root 25896 908 00:00:51 137-13:28:43 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:17 137-13:28:43 851 cron
- daemon 35128 304 00:00:00 137-13:28:43 853 atd
- whoopsie 344444 2048 00:00:26 137-13:28:42 860 whoopsie
- root 4368 520 00:00:00 137-13:28:42 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:12:48 137-13:28:42 883 /usr/sbin/irqbalance
- mysql 632796 174044 04:10:52 137-13:28:42 1063 /usr/sbin/mysqld
- Debian-exim 63920 928 00:00:02 137-13:28:42 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2144 00:00:19 137-13:28:40 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 256084 03:35:22 137-13:28:40 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 191684 15840 03:40:39 137-13:28:40 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 137-13:28:39 1728 /sbin/getty -8 38400 tty1
- root 0 0 00:00:00 01:04:36 4440 [kworker/u4:0]
2:name=systemd:/user/5028.user/2.session www-data 377692 22452 00:00:00 2-18:44:41 6685 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373924 16000 00:00:00 2-18:44:41 6686 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377268 21288 00:00:00 2-18:44:41 6687 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 21:03 10438 [kworker/u4:1]
- root 91792 2624 01:48:39 137-13:28:18 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 137-13:28:17 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 137-13:26:45 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 377340 18244 00:00:00 2-06:16:55 12269 /usr/sbin/apache2 -k start
- root 72184 3216 00:00:00 00:02 13308 sshd: [accepted] 
- root 34636 3056 00:00:00 00:00 13425 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:00 13451 /bin/bash /usr/bin/check_mk_agent
- root 34644 1892 00:00:00 00:00 13452 /bin/bash /usr/bin/check_mk_agent
- root 8904 584 00:00:00 00:00 13453 cat
- root 34708 1932 00:00:00 00:00 13487 /bin/bash /usr/bin/check_mk_agent
- root 31008 1456 00:00:00 00:00 13488 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 13489 tr -s 
- root 0 0 00:00:00 61-08:53:32 23423 [kworker/1:0]
- root 0 0 00:00:00 79-00:23:13 24186 [kworker/u5:0]
2:name=systemd:/user/5028.user/2.session www-data 373356 13876 00:00:00 1-13:28:44 24335 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373340 14080 00:00:00 1-13:28:43 24338 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373372 14068 00:00:00 1-13:28:42 24346 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373372 14036 00:00:00 1-13:28:34 24358 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377556 20212 00:00:00 1-13:28:27 24496 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 17-18:35:44 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session root 370752 18272 00:03:37 90-12:18:41 29938 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-11-20 00:27

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ce428965fd

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1732056737
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2604 00:00:17 137-11:53:24 1 /sbin/init
- root 0 0 00:00:00 137-11:53:24 2 [kthreadd]
- root 0 0 00:00:14 137-11:53:24 3 [ksoftirqd/0]
- root 0 0 00:00:00 137-11:53:24 4 [kworker/0:0]
- root 0 0 00:00:00 137-11:53:24 5 [kworker/0:0H]
- root 0 0 00:06:55 137-11:53:24 7 [rcu_sched]
- root 0 0 00:06:18 137-11:53:24 8 [rcuos/0]
- root 0 0 00:06:02 137-11:53:24 9 [rcuos/1]
- root 0 0 00:00:00 137-11:53:24 10 [rcu_bh]
- root 0 0 00:00:00 137-11:53:24 11 [rcuob/0]
- root 0 0 00:00:00 137-11:53:24 12 [rcuob/1]
- root 0 0 00:01:16 137-11:53:24 13 [migration/0]
- root 0 0 00:00:39 137-11:53:24 14 [watchdog/0]
- root 0 0 00:00:33 137-11:53:24 15 [watchdog/1]
- root 0 0 00:01:15 137-11:53:24 16 [migration/1]
- root 0 0 00:00:08 137-11:53:24 17 [ksoftirqd/1]
- root 0 0 00:00:00 137-11:53:24 19 [kworker/1:0H]
- root 0 0 00:00:00 137-11:53:24 20 [khelper]
- root 0 0 00:00:00 137-11:53:24 21 [kdevtmpfs]
- root 0 0 00:00:00 137-11:53:24 22 [netns]
- root 0 0 00:00:00 137-11:53:24 23 [writeback]
- root 0 0 00:00:00 137-11:53:24 24 [kintegrityd]
- root 0 0 00:00:00 137-11:53:24 25 [bioset]
- root 0 0 00:00:00 137-11:53:24 27 [kblockd]
- root 0 0 00:00:00 137-11:53:24 28 [ata_sff]
- root 0 0 00:00:00 137-11:53:24 29 [khubd]
- root 0 0 00:00:00 137-11:53:24 30 [md]
- root 0 0 00:00:00 137-11:53:24 31 [devfreq_wq]
- root 0 0 00:04:10 137-11:53:24 32 [kworker/0:1]
- root 0 0 00:07:01 137-11:53:24 33 [kworker/1:1]
- root 0 0 00:00:04 137-11:53:24 35 [khungtaskd]
- root 0 0 00:12:11 137-11:53:24 36 [kswapd0]
- root 0 0 00:00:00 137-11:53:24 37 [vmstat]
- root 0 0 00:00:00 137-11:53:24 38 [ksmd]
- root 0 0 00:01:00 137-11:53:24 39 [khugepaged]
- root 0 0 00:00:00 137-11:53:24 40 [fsnotify_mark]
- root 0 0 00:00:00 137-11:53:24 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 137-11:53:24 42 [crypto]
- root 0 0 00:00:00 137-11:53:24 54 [kthrotld]
- root 0 0 00:00:00 137-11:53:24 56 [scsi_eh_0]
- root 0 0 00:00:00 137-11:53:24 57 [scsi_eh_1]
- root 0 0 00:00:00 137-11:53:24 78 [deferwq]
- root 0 0 00:00:00 137-11:53:24 79 [charger_manager]
- root 0 0 00:00:00 137-11:53:24 124 [kpsmoused]
- root 0 0 00:00:00 137-11:53:24 125 [mpt_poll_0]
- root 0 0 00:00:00 137-11:53:24 126 [mpt/0]
- root 0 0 00:00:00 137-11:53:23 127 [scsi_eh_2]
- root 0 0 00:00:00 137-11:53:23 128 [ttm_swap]
- root 0 0 00:03:50 137-11:53:18 178 [jbd2/sda1-8]
- root 0 0 00:00:00 137-11:53:18 179 [ext4-rsv-conver]
- root 28808 1108 00:00:00 137-11:53:18 216 mountall --daemon
- root 19608 736 00:00:00 137-11:53:18 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 137-11:53:18 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1136 00:00:00 137-11:53:18 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 137-11:53:18 432 /lib/systemd/systemd-logind
- syslog 269660 1344 00:00:58 137-11:53:18 435 rsyslogd
2:name=systemd:/user/5028.user/2.session www-data 377756 20588 00:00:00 2-02:09:28 529 /usr/sbin/apache2 -k start
- root 15804 976 00:00:00 137-11:53:17 671 upstart-file-bridge --daemon
- root 165340 2396 00:04:04 137-11:53:17 687 sssd -i -f
- root 15260 672 00:00:00 137-11:53:17 697 upstart-socket-bridge --daemon
- root 180020 7400 00:40:30 137-11:53:17 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151092 3408 00:13:36 137-11:53:17 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137168 3008 00:02:21 137-11:53:17 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2344 00:02:06 137-11:53:17 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 137-11:53:17 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 137-11:53:17 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 137-11:53:17 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 137-11:53:17 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 137-11:53:17 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:01:55 137-11:53:17 845 /usr/sbin/sshd -D
- root 25896 908 00:00:51 137-11:53:17 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:17 137-11:53:17 851 cron
- daemon 35128 304 00:00:00 137-11:53:17 853 atd
- whoopsie 344444 2048 00:00:26 137-11:53:16 860 whoopsie
- root 4368 520 00:00:00 137-11:53:16 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:12:48 137-11:53:16 883 /usr/sbin/irqbalance
- mysql 632796 174044 04:10:50 137-11:53:16 1063 /usr/sbin/mysqld
- Debian-exim 63920 928 00:00:02 137-11:53:16 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2144 00:00:19 137-11:53:14 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 256100 03:35:17 137-11:53:14 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 191684 15836 03:40:25 137-11:53:14 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 137-11:53:13 1728 /sbin/getty -8 38400 tty1
2:name=systemd:/user/5028.user/2.session www-data 377692 22452 00:00:00 2-17:09:15 6685 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373924 16000 00:00:00 2-17:09:15 6686 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377268 21288 00:00:00 2-17:09:15 6687 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 03:04:08 7095 [kworker/u4:2]
- root 91792 2624 01:48:36 137-11:52:52 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 137-11:52:51 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 137-11:51:19 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 377340 18168 00:00:00 2-04:41:29 12269 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 01:17:32 21709 [kworker/u4:1]
- root 0 0 00:00:00 61-07:18:06 23423 [kworker/1:0]
- root 0 0 00:00:00 78-22:47:47 24186 [kworker/u5:0]
2:name=systemd:/user/5028.user/2.session www-data 373356 13876 00:00:00 1-11:53:18 24335 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373340 14080 00:00:00 1-11:53:17 24338 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373372 14068 00:00:00 1-11:53:16 24346 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373372 14036 00:00:00 1-11:53:08 24358 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377556 20204 00:00:00 1-11:53:01 24496 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 17-17:00:18 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session root 370752 18272 00:03:37 90-10:43:15 29938 /usr/sbin/apache2 -k start
- root 72184 3192 00:00:00 00:50 32205 sshd: [accepted] 
- sshd 72184 1144 00:00:00 00:49 32206 sshd: [net] 
- root 34636 3056 00:00:00 00:00 32439 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:00 32464 /bin/bash /usr/bin/check_mk_agent
- root 34644 1884 00:00:00 00:00 32465 /bin/bash /usr/bin/check_mk_agent
- root 8904 584 00:00:00 00:00 32467 cat
- root 34708 1932 00:00:00 00:00 32500 /bin/bash /usr/bin/check_mk_agent
- root 31008 1460 00:00:00 00:00 32501 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 592 00:00:00 00:00 32502 tr -s 

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-11-19 22:52

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169cea9b1e199

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1731880373
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2648 00:00:17 135-10:54:00 1 /sbin/init
- root 0 0 00:00:00 135-10:54:00 2 [kthreadd]
- root 0 0 00:00:14 135-10:54:00 3 [ksoftirqd/0]
- root 0 0 00:00:00 135-10:54:00 4 [kworker/0:0]
- root 0 0 00:00:00 135-10:54:00 5 [kworker/0:0H]
- root 0 0 00:06:49 135-10:54:00 7 [rcu_sched]
- root 0 0 00:06:13 135-10:54:00 8 [rcuos/0]
- root 0 0 00:05:57 135-10:54:00 9 [rcuos/1]
- root 0 0 00:00:00 135-10:54:00 10 [rcu_bh]
- root 0 0 00:00:00 135-10:54:00 11 [rcuob/0]
- root 0 0 00:00:00 135-10:54:00 12 [rcuob/1]
- root 0 0 00:01:15 135-10:54:00 13 [migration/0]
- root 0 0 00:00:38 135-10:54:00 14 [watchdog/0]
- root 0 0 00:00:32 135-10:54:00 15 [watchdog/1]
- root 0 0 00:01:14 135-10:54:00 16 [migration/1]
- root 0 0 00:00:08 135-10:54:00 17 [ksoftirqd/1]
- root 0 0 00:00:00 135-10:54:00 19 [kworker/1:0H]
- root 0 0 00:00:00 135-10:54:00 20 [khelper]
- root 0 0 00:00:00 135-10:54:00 21 [kdevtmpfs]
- root 0 0 00:00:00 135-10:54:00 22 [netns]
- root 0 0 00:00:00 135-10:54:00 23 [writeback]
- root 0 0 00:00:00 135-10:54:00 24 [kintegrityd]
- root 0 0 00:00:00 135-10:54:00 25 [bioset]
- root 0 0 00:00:00 135-10:54:00 27 [kblockd]
- root 0 0 00:00:00 135-10:54:00 28 [ata_sff]
- root 0 0 00:00:00 135-10:54:00 29 [khubd]
- root 0 0 00:00:00 135-10:54:00 30 [md]
- root 0 0 00:00:00 135-10:54:00 31 [devfreq_wq]
- root 0 0 00:04:06 135-10:54:00 32 [kworker/0:1]
- root 0 0 00:06:56 135-10:54:00 33 [kworker/1:1]
- root 0 0 00:00:04 135-10:54:00 35 [khungtaskd]
- root 0 0 00:12:00 135-10:54:00 36 [kswapd0]
- root 0 0 00:00:00 135-10:54:00 37 [vmstat]
- root 0 0 00:00:00 135-10:54:00 38 [ksmd]
- root 0 0 00:00:59 135-10:54:00 39 [khugepaged]
- root 0 0 00:00:00 135-10:54:00 40 [fsnotify_mark]
- root 0 0 00:00:00 135-10:54:00 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 135-10:54:00 42 [crypto]
- root 0 0 00:00:00 135-10:54:00 54 [kthrotld]
- root 0 0 00:00:00 135-10:54:00 56 [scsi_eh_0]
- root 0 0 00:00:00 135-10:54:00 57 [scsi_eh_1]
- root 0 0 00:00:00 135-10:54:00 78 [deferwq]
- root 0 0 00:00:00 135-10:54:00 79 [charger_manager]
- root 0 0 00:00:00 135-10:54:00 124 [kpsmoused]
- root 0 0 00:00:00 135-10:54:00 125 [mpt_poll_0]
- root 0 0 00:00:00 135-10:54:00 126 [mpt/0]
- root 0 0 00:00:00 135-10:53:59 127 [scsi_eh_2]
- root 0 0 00:00:00 135-10:53:59 128 [ttm_swap]
- root 0 0 00:03:47 135-10:53:54 178 [jbd2/sda1-8]
- root 0 0 00:00:00 135-10:53:54 179 [ext4-rsv-conver]
- root 28808 1124 00:00:00 135-10:53:54 216 mountall --daemon
- root 19608 744 00:00:00 135-10:53:54 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 135-10:53:54 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1252 00:00:00 135-10:53:54 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 135-10:53:54 432 /lib/systemd/systemd-logind
- syslog 269660 1364 00:00:56 135-10:53:54 435 rsyslogd
2:name=systemd:/user/5028.user/2.session www-data 370964 12380 00:00:00 01:10:04 529 /usr/sbin/apache2 -k start
- root 15804 1008 00:00:00 135-10:53:53 671 upstart-file-bridge --daemon
- root 165340 2396 00:04:01 135-10:53:53 687 sssd -i -f
- root 15260 484 00:00:00 135-10:53:53 697 upstart-socket-bridge --daemon
- root 180020 7400 00:40:09 135-10:53:53 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151092 3484 00:13:25 135-10:53:53 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137168 3084 00:02:19 135-10:53:53 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2372 00:02:04 135-10:53:53 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 135-10:53:53 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 135-10:53:53 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 135-10:53:53 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 135-10:53:53 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 135-10:53:53 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:01:53 135-10:53:53 845 /usr/sbin/sshd -D
- root 25896 908 00:00:50 135-10:53:53 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:17 135-10:53:53 851 cron
- daemon 35128 328 00:00:00 135-10:53:53 853 atd
- whoopsie 344444 2072 00:00:25 135-10:53:52 860 whoopsie
- root 4368 520 00:00:00 135-10:53:52 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:12:36 135-10:53:52 883 /usr/sbin/irqbalance
- mysql 632796 173928 04:07:11 135-10:53:52 1063 /usr/sbin/mysqld
- Debian-exim 63920 928 00:00:02 135-10:53:52 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2088 00:00:18 135-10:53:50 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 247600 03:32:08 135-10:53:50 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 191684 15792 03:33:32 135-10:53:50 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 135-10:53:49 1728 /sbin/getty -8 38400 tty1
2:name=systemd:/user/5028.user/2.session www-data 374940 21252 00:00:00 16:09:51 6683 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374428 19500 00:00:00 16:09:51 6684 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374196 18916 00:00:00 16:09:51 6685 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373916 17540 00:00:00 16:09:51 6686 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373204 14248 00:00:00 16:09:51 6687 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373244 14204 00:00:00 16:06:47 7146 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 19:02 7627 [kworker/u4:2]
- root 0 0 00:00:00 00:40 10245 [kworker/u4:1]
- root 34636 3052 00:00:00 00:00 10341 /bin/bash /usr/bin/check_mk_agent
- root 34736 2408 00:00:00 00:00 10363 /bin/bash /usr/bin/check_mk_agent
- root 34644 1888 00:00:00 00:00 10364 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 10367 cat
- root 34708 1928 00:00:00 00:00 10399 /bin/bash /usr/bin/check_mk_agent
- root 31008 1456 00:00:00 00:00 10400 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 10401 tr -s 
- root 91792 2624 01:47:02 135-10:53:28 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 135-10:53:27 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 135-10:51:55 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 373060 13984 00:00:00 03:42:05 12269 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 59-06:18:42 23423 [kworker/1:0]
- root 0 0 00:00:00 76-21:48:23 24186 [kworker/u5:0]
- root 0 0 00:00:00 02:05:48 25393 [kworker/u4:0]
- root 0 0 00:00:00 15-16:00:54 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session root 370752 24204 00:03:32 88-09:43:51 29938 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-11-17 21:52

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ce51f91aa9

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1731720890
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2344 00:00:16 133-14:35:57 1 /sbin/init
- root 0 0 00:00:00 133-14:35:57 2 [kthreadd]
- root 0 0 00:00:14 133-14:35:57 3 [ksoftirqd/0]
- root 0 0 00:00:00 133-14:35:57 4 [kworker/0:0]
- root 0 0 00:00:00 133-14:35:57 5 [kworker/0:0H]
- root 0 0 00:06:44 133-14:35:57 7 [rcu_sched]
- root 0 0 00:06:08 133-14:35:57 8 [rcuos/0]
- root 0 0 00:05:53 133-14:35:57 9 [rcuos/1]
- root 0 0 00:00:00 133-14:35:57 10 [rcu_bh]
- root 0 0 00:00:00 133-14:35:57 11 [rcuob/0]
- root 0 0 00:00:00 133-14:35:57 12 [rcuob/1]
- root 0 0 00:01:14 133-14:35:57 13 [migration/0]
- root 0 0 00:00:38 133-14:35:57 14 [watchdog/0]
- root 0 0 00:00:32 133-14:35:57 15 [watchdog/1]
- root 0 0 00:01:13 133-14:35:57 16 [migration/1]
- root 0 0 00:00:08 133-14:35:57 17 [ksoftirqd/1]
- root 0 0 00:00:00 133-14:35:57 19 [kworker/1:0H]
- root 0 0 00:00:00 133-14:35:57 20 [khelper]
- root 0 0 00:00:00 133-14:35:57 21 [kdevtmpfs]
- root 0 0 00:00:00 133-14:35:57 22 [netns]
- root 0 0 00:00:00 133-14:35:57 23 [writeback]
- root 0 0 00:00:00 133-14:35:57 24 [kintegrityd]
- root 0 0 00:00:00 133-14:35:57 25 [bioset]
- root 0 0 00:00:00 133-14:35:57 27 [kblockd]
- root 0 0 00:00:00 133-14:35:57 28 [ata_sff]
- root 0 0 00:00:00 133-14:35:57 29 [khubd]
- root 0 0 00:00:00 133-14:35:57 30 [md]
- root 0 0 00:00:00 133-14:35:57 31 [devfreq_wq]
- root 0 0 00:04:02 133-14:35:57 32 [kworker/0:1]
- root 0 0 00:06:50 133-14:35:57 33 [kworker/1:1]
- root 0 0 00:00:04 133-14:35:57 35 [khungtaskd]
- root 0 0 00:11:52 133-14:35:57 36 [kswapd0]
- root 0 0 00:00:00 133-14:35:57 37 [vmstat]
- root 0 0 00:00:00 133-14:35:57 38 [ksmd]
- root 0 0 00:00:58 133-14:35:57 39 [khugepaged]
- root 0 0 00:00:00 133-14:35:57 40 [fsnotify_mark]
- root 0 0 00:00:00 133-14:35:57 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 133-14:35:57 42 [crypto]
- root 0 0 00:00:00 133-14:35:57 54 [kthrotld]
- root 0 0 00:00:00 133-14:35:57 56 [scsi_eh_0]
- root 0 0 00:00:00 133-14:35:57 57 [scsi_eh_1]
- root 0 0 00:00:00 133-14:35:57 78 [deferwq]
- root 0 0 00:00:00 133-14:35:57 79 [charger_manager]
- root 0 0 00:00:00 133-14:35:57 124 [kpsmoused]
- root 0 0 00:00:00 133-14:35:57 125 [mpt_poll_0]
- root 0 0 00:00:00 133-14:35:57 126 [mpt/0]
- root 0 0 00:00:00 133-14:35:56 127 [scsi_eh_2]
- root 0 0 00:00:00 133-14:35:56 128 [ttm_swap]
- root 0 0 00:03:44 133-14:35:51 178 [jbd2/sda1-8]
- root 0 0 00:00:00 133-14:35:51 179 [ext4-rsv-conver]
- root 28808 1132 00:00:00 133-14:35:51 216 mountall --daemon
- root 19608 748 00:00:00 133-14:35:51 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 133-14:35:51 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 812 00:00:00 133-14:35:51 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 133-14:35:51 432 /lib/systemd/systemd-logind
- syslog 269660 1364 00:00:55 133-14:35:51 435 rsyslogd
- root 15804 1024 00:00:00 133-14:35:50 671 upstart-file-bridge --daemon
- root 165340 2396 00:03:57 133-14:35:50 687 sssd -i -f
- root 15260 504 00:00:00 133-14:35:50 697 upstart-socket-bridge --daemon
- root 180020 7296 00:39:49 133-14:35:50 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151092 3064 00:13:15 133-14:35:50 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137168 3024 00:02:17 133-14:35:50 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2168 00:02:03 133-14:35:50 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 133-14:35:50 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 133-14:35:50 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 133-14:35:50 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 133-14:35:50 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 133-14:35:50 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:01:50 133-14:35:50 845 /usr/sbin/sshd -D
- root 25896 908 00:00:49 133-14:35:50 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:17 133-14:35:50 851 cron
- daemon 35128 188 00:00:00 133-14:35:50 853 atd
- whoopsie 344444 2084 00:00:25 133-14:35:49 860 whoopsie
- root 4368 520 00:00:00 133-14:35:49 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:12:26 133-14:35:49 883 /usr/sbin/irqbalance
- mysql 632796 172116 04:03:39 133-14:35:49 1063 /usr/sbin/mysqld
- Debian-exim 63920 904 00:00:02 133-14:35:49 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 1952 00:00:18 133-14:35:47 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 255924 03:29:19 133-14:35:47 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 191428 15556 03:27:29 133-14:35:47 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 133-14:35:46 1728 /sbin/getty -8 38400 tty1
- root 91792 2624 01:45:36 133-14:35:25 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 133-14:35:24 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 133-14:33:52 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 375036 17584 00:00:00 1-12:21:00 13486 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374064 15308 00:00:00 5-19:55:11 19624 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376820 16756 00:00:00 04:41:18 19984 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372916 12872 00:00:00 04:41:17 19987 /usr/sbin/apache2 -k start
- root 99204 2076 00:00:00 34:49 21629 CRON
- root 4444 644 00:00:00 34:49 21630 /bin/sh -c /etc/backup/SVN_backup.sh > /var/log/cron/backup_svn.log
- root 4444 720 00:00:00 34:49 21631 /bin/sh /etc/backup/SVN_backup.sh
2:name=systemd:/user/5028.user/2.session www-data 374316 16404 00:00:00 3-21:04:47 22523 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 378304 21060 00:00:00 3-21:04:47 22524 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 378388 21236 00:00:00 3-21:04:47 22529 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 378200 20616 00:00:00 4-04:33:30 23040 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 57-10:00:39 23423 [kworker/1:0]
- root 0 0 00:00:00 75-01:30:20 24186 [kworker/u5:0]
- root 0 0 00:00:00 20:45 24928 [kworker/u4:0]
- root 0 0 00:00:00 06:14 27090 [kworker/u4:1]
- root 72184 3188 00:00:00 01:25 28133 sshd: [accepted] 
- root 85864 38832 00:00:03 00:29 28357 /usr/bin/svnadmin dump --deltas --quiet /var/svn/repository/moodpeek
- root 13768 6964 00:00:25 00:29 28358 bzip2 --compress --stdout
- root 72184 3212 00:00:00 00:04 28359 sshd: [accepted] 
- root 34636 3056 00:00:00 00:00 28473 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:00 28499 /bin/bash /usr/bin/check_mk_agent
- root 34644 1892 00:00:00 00:00 28500 /bin/bash /usr/bin/check_mk_agent
- root 8904 584 00:00:00 00:00 28501 cat
- root 34708 1932 00:00:00 00:00 28535 /bin/bash /usr/bin/check_mk_agent
- root 31008 1456 00:00:00 00:00 28536 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 28537 tr -s 
- root 0 0 00:00:00 13-19:42:51 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session root 370612 17952 00:03:27 86-13:25:48 29938 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377576 18808 00:00:00 5-10:34:18 31929 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 378320 21768 00:00:00 5-18:22:00 32459 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-11-16 01:34

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ced9af44e8

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1731544290
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2596 00:00:16 131-13:32:37 1 /sbin/init
- root 0 0 00:00:00 131-13:32:37 2 [kthreadd]
- root 0 0 00:00:13 131-13:32:37 3 [ksoftirqd/0]
- root 0 0 00:00:00 131-13:32:37 4 [kworker/0:0]
- root 0 0 00:00:00 131-13:32:37 5 [kworker/0:0H]
- root 0 0 00:06:37 131-13:32:37 7 [rcu_sched]
- root 0 0 00:06:02 131-13:32:37 8 [rcuos/0]
- root 0 0 00:05:47 131-13:32:37 9 [rcuos/1]
- root 0 0 00:00:00 131-13:32:37 10 [rcu_bh]
- root 0 0 00:00:00 131-13:32:37 11 [rcuob/0]
- root 0 0 00:00:00 131-13:32:37 12 [rcuob/1]
- root 0 0 00:01:12 131-13:32:37 13 [migration/0]
- root 0 0 00:00:37 131-13:32:37 14 [watchdog/0]
- root 0 0 00:00:32 131-13:32:37 15 [watchdog/1]
- root 0 0 00:01:12 131-13:32:37 16 [migration/1]
- root 0 0 00:00:08 131-13:32:37 17 [ksoftirqd/1]
- root 0 0 00:00:00 131-13:32:37 19 [kworker/1:0H]
- root 0 0 00:00:00 131-13:32:37 20 [khelper]
- root 0 0 00:00:00 131-13:32:37 21 [kdevtmpfs]
- root 0 0 00:00:00 131-13:32:37 22 [netns]
- root 0 0 00:00:00 131-13:32:37 23 [writeback]
- root 0 0 00:00:00 131-13:32:37 24 [kintegrityd]
- root 0 0 00:00:00 131-13:32:37 25 [bioset]
- root 0 0 00:00:00 131-13:32:37 27 [kblockd]
- root 0 0 00:00:00 131-13:32:37 28 [ata_sff]
- root 0 0 00:00:00 131-13:32:37 29 [khubd]
- root 0 0 00:00:00 131-13:32:37 30 [md]
- root 0 0 00:00:00 131-13:32:37 31 [devfreq_wq]
- root 0 0 00:03:58 131-13:32:37 32 [kworker/0:1]
- root 0 0 00:06:45 131-13:32:37 33 [kworker/1:1]
- root 0 0 00:00:04 131-13:32:37 35 [khungtaskd]
- root 0 0 00:11:39 131-13:32:37 36 [kswapd0]
- root 0 0 00:00:00 131-13:32:37 37 [vmstat]
- root 0 0 00:00:00 131-13:32:37 38 [ksmd]
- root 0 0 00:00:57 131-13:32:37 39 [khugepaged]
- root 0 0 00:00:00 131-13:32:37 40 [fsnotify_mark]
- root 0 0 00:00:00 131-13:32:37 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 131-13:32:37 42 [crypto]
- root 0 0 00:00:00 131-13:32:37 54 [kthrotld]
- root 0 0 00:00:00 131-13:32:37 56 [scsi_eh_0]
- root 0 0 00:00:00 131-13:32:37 57 [scsi_eh_1]
- root 0 0 00:00:00 131-13:32:37 78 [deferwq]
- root 0 0 00:00:00 131-13:32:37 79 [charger_manager]
- root 0 0 00:00:00 131-13:32:37 124 [kpsmoused]
- root 0 0 00:00:00 131-13:32:37 125 [mpt_poll_0]
- root 0 0 00:00:00 131-13:32:37 126 [mpt/0]
- root 0 0 00:00:00 131-13:32:36 127 [scsi_eh_2]
- root 0 0 00:00:00 131-13:32:36 128 [ttm_swap]
- root 0 0 00:03:40 131-13:32:31 178 [jbd2/sda1-8]
- root 0 0 00:00:00 131-13:32:31 179 [ext4-rsv-conver]
- root 28808 992 00:00:00 131-13:32:31 216 mountall --daemon
- root 19608 788 00:00:00 131-13:32:31 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 131-13:32:31 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1236 00:00:00 131-13:32:31 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 131-13:32:31 432 /lib/systemd/systemd-logind
- syslog 269660 1412 00:00:54 131-13:32:31 435 rsyslogd
- root 15804 884 00:00:00 131-13:32:30 671 upstart-file-bridge --daemon
- root 165340 2396 00:03:54 131-13:32:30 687 sssd -i -f
- root 15260 592 00:00:00 131-13:32:30 697 upstart-socket-bridge --daemon
- root 180020 7400 00:39:27 131-13:32:30 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151092 3388 00:13:04 131-13:32:30 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137168 3120 00:02:15 131-13:32:30 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2196 00:02:01 131-13:32:30 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 131-13:32:30 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 131-13:32:30 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 131-13:32:30 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 131-13:32:30 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 131-13:32:30 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:01:47 131-13:32:30 845 /usr/sbin/sshd -D
- root 25896 908 00:00:49 131-13:32:30 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:16 131-13:32:30 851 cron
- daemon 35128 188 00:00:00 131-13:32:30 853 atd
- whoopsie 344444 2128 00:00:25 131-13:32:29 860 whoopsie
- root 4368 520 00:00:00 131-13:32:29 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:12:15 131-13:32:29 883 /usr/sbin/irqbalance
- mysql 632796 173928 04:00:05 131-13:32:29 1063 /usr/sbin/mysqld
- Debian-exim 63920 928 00:00:02 131-13:32:29 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2096 00:00:18 131-13:32:27 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 266228 03:26:07 131-13:32:27 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 191428 15456 03:20:46 131-13:32:27 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 131-13:32:26 1728 /sbin/getty -8 38400 tty1
- root 34636 3060 00:00:00 00:00 2307 /bin/bash /usr/bin/check_mk_agent
- root 34736 2416 00:00:00 00:00 2329 /bin/bash /usr/bin/check_mk_agent
- root 34644 1888 00:00:00 00:00 2330 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 2333 cat
- root 34708 1936 00:00:00 00:00 2365 /bin/bash /usr/bin/check_mk_agent
- root 31008 1452 00:00:00 00:00 2366 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 2367 tr -s 
- root 91792 2624 01:44:02 131-13:32:05 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 131-13:32:04 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 131-13:30:32 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 374056 17360 00:00:00 3-18:51:51 19624 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 01:39:27 20943 [kworker/u4:0]
2:name=systemd:/user/5028.user/2.session www-data 373884 17352 00:00:00 1-20:01:28 22521 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373292 13988 00:00:00 1-20:01:27 22523 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377412 20032 00:00:00 1-20:01:27 22524 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377364 20088 00:00:00 1-20:01:27 22529 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 380256 23012 00:00:00 2-03:30:15 23031 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377176 19880 00:00:00 2-03:30:10 23040 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 55-08:57:19 23423 [kworker/1:0]
- root 0 0 00:00:00 73-00:27:00 24186 [kworker/u5:0]
2:name=systemd:/user/5028.user/2.session www-data 373252 13768 00:00:00 1-07:50:11 26942 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 44:54 28462 [kworker/u4:1]
- root 0 0 00:00:00 11-18:39:31 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session root 370612 17980 00:03:23 84-12:22:28 29938 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377328 18140 00:00:00 3-09:30:58 31929 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 378320 24104 00:00:00 3-17:18:40 32459 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-11-14 00:31

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ce68cc560c

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1731370649
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2456 00:00:16 129-13:18:35 1 /sbin/init
- root 0 0 00:00:00 129-13:18:35 2 [kthreadd]
- root 0 0 00:00:13 129-13:18:35 3 [ksoftirqd/0]
- root 0 0 00:00:00 129-13:18:35 4 [kworker/0:0]
- root 0 0 00:00:00 129-13:18:35 5 [kworker/0:0H]
- root 0 0 00:06:31 129-13:18:35 7 [rcu_sched]
- root 0 0 00:05:57 129-13:18:35 8 [rcuos/0]
- root 0 0 00:05:42 129-13:18:35 9 [rcuos/1]
- root 0 0 00:00:00 129-13:18:35 10 [rcu_bh]
- root 0 0 00:00:00 129-13:18:35 11 [rcuob/0]
- root 0 0 00:00:00 129-13:18:35 12 [rcuob/1]
- root 0 0 00:01:11 129-13:18:35 13 [migration/0]
- root 0 0 00:00:36 129-13:18:35 14 [watchdog/0]
- root 0 0 00:00:31 129-13:18:35 15 [watchdog/1]
- root 0 0 00:01:11 129-13:18:35 16 [migration/1]
- root 0 0 00:00:08 129-13:18:35 17 [ksoftirqd/1]
- root 0 0 00:00:00 129-13:18:35 19 [kworker/1:0H]
- root 0 0 00:00:00 129-13:18:35 20 [khelper]
- root 0 0 00:00:00 129-13:18:35 21 [kdevtmpfs]
- root 0 0 00:00:00 129-13:18:35 22 [netns]
- root 0 0 00:00:00 129-13:18:35 23 [writeback]
- root 0 0 00:00:00 129-13:18:35 24 [kintegrityd]
- root 0 0 00:00:00 129-13:18:35 25 [bioset]
- root 0 0 00:00:00 129-13:18:35 27 [kblockd]
- root 0 0 00:00:00 129-13:18:35 28 [ata_sff]
- root 0 0 00:00:00 129-13:18:35 29 [khubd]
- root 0 0 00:00:00 129-13:18:35 30 [md]
- root 0 0 00:00:00 129-13:18:35 31 [devfreq_wq]
- root 0 0 00:03:54 129-13:18:35 32 [kworker/0:1]
- root 0 0 00:06:39 129-13:18:35 33 [kworker/1:1]
- root 0 0 00:00:04 129-13:18:35 35 [khungtaskd]
- root 0 0 00:11:28 129-13:18:35 36 [kswapd0]
- root 0 0 00:00:00 129-13:18:35 37 [vmstat]
- root 0 0 00:00:00 129-13:18:35 38 [ksmd]
- root 0 0 00:00:56 129-13:18:35 39 [khugepaged]
- root 0 0 00:00:00 129-13:18:35 40 [fsnotify_mark]
- root 0 0 00:00:00 129-13:18:35 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 129-13:18:35 42 [crypto]
- root 0 0 00:00:00 129-13:18:35 54 [kthrotld]
- root 0 0 00:00:00 129-13:18:35 56 [scsi_eh_0]
- root 0 0 00:00:00 129-13:18:35 57 [scsi_eh_1]
- root 0 0 00:00:00 129-13:18:35 78 [deferwq]
- root 0 0 00:00:00 129-13:18:35 79 [charger_manager]
- root 0 0 00:00:00 129-13:18:35 124 [kpsmoused]
- root 0 0 00:00:00 129-13:18:35 125 [mpt_poll_0]
- root 0 0 00:00:00 129-13:18:35 126 [mpt/0]
- root 0 0 00:00:00 129-13:18:34 127 [scsi_eh_2]
- root 0 0 00:00:00 129-13:18:34 128 [ttm_swap]
- root 0 0 00:03:36 129-13:18:29 178 [jbd2/sda1-8]
- root 0 0 00:00:00 129-13:18:29 179 [ext4-rsv-conver]
- root 28808 1000 00:00:00 129-13:18:29 216 mountall --daemon
- root 19608 788 00:00:00 129-13:18:29 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 129-13:18:29 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1096 00:00:00 129-13:18:29 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 129-13:18:29 432 /lib/systemd/systemd-logind
- syslog 269660 1252 00:00:53 129-13:18:29 435 rsyslogd
- root 15804 908 00:00:00 129-13:18:28 671 upstart-file-bridge --daemon
- root 165340 2396 00:03:50 129-13:18:28 687 sssd -i -f
- root 15260 624 00:00:00 129-13:18:28 697 upstart-socket-bridge --daemon
- root 180020 7400 00:39:03 129-13:18:28 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151092 3488 00:12:52 129-13:18:28 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137168 3072 00:02:13 129-13:18:28 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2196 00:01:59 129-13:18:28 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 129-13:18:28 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 129-13:18:28 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 129-13:18:28 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 129-13:18:28 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 129-13:18:28 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:01:45 129-13:18:28 845 /usr/sbin/sshd -D
- root 25896 908 00:00:48 129-13:18:28 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:16 129-13:18:28 851 cron
- daemon 35128 204 00:00:00 129-13:18:28 853 atd
- whoopsie 344444 1988 00:00:24 129-13:18:27 860 whoopsie
- root 4368 520 00:00:00 129-13:18:27 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:12:03 129-13:18:27 883 /usr/sbin/irqbalance
- mysql 632796 174048 03:56:18 129-13:18:27 1063 /usr/sbin/mysqld
- Debian-exim 63920 928 00:00:02 129-13:18:27 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2128 00:00:18 129-13:18:25 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 265716 03:22:57 129-13:18:25 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 191428 15380 03:13:31 129-13:18:25 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 129-13:18:24 1728 /sbin/getty -8 38400 tty1
- root 0 0 00:00:00 01:15:02 7294 [kworker/u4:1]
- root 91792 2624 01:42:28 129-13:18:03 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 129-13:18:02 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 129-13:16:30 11727 [kauditd]
- root 0 0 00:00:00 17:31 15097 [kworker/u4:2]
- root 34636 3052 00:00:00 00:00 17738 /bin/bash /usr/bin/check_mk_agent
- root 34736 2408 00:00:00 00:00 17760 /bin/bash /usr/bin/check_mk_agent
- root 34644 1888 00:00:00 00:00 17761 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 17764 cat
- root 34708 1928 00:00:00 00:00 17796 /bin/bash /usr/bin/check_mk_agent
- root 31008 1448 00:00:00 00:00 17797 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 17798 tr -s 
2:name=systemd:/user/5028.user/2.session www-data 377376 21368 00:00:00 1-18:37:49 19620 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373156 13824 00:00:00 1-18:37:49 19622 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373876 17228 00:00:00 1-18:37:49 19624 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 379744 20896 00:00:00 03:16:13 23031 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372956 13832 00:00:00 03:16:09 23037 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372956 13688 00:00:00 03:16:08 23040 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372956 13832 00:00:00 03:16:08 23046 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 53-08:43:17 23423 [kworker/1:0]
- root 0 0 00:00:00 71-00:12:58 24186 [kworker/u5:0]
- root 0 0 00:00:00 9-18:25:29 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session root 370612 18028 00:03:18 82-12:08:26 29938 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373056 13748 00:00:00 1-09:16:56 31929 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374988 19712 00:00:00 1-09:16:51 31933 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374848 20984 00:00:00 1-17:04:38 32459 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-11-12 00:17

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ced83d652b

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1731200312
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2580 00:00:15 127-13:59:39 1 /sbin/init
- root 0 0 00:00:00 127-13:59:39 2 [kthreadd]
- root 0 0 00:00:13 127-13:59:39 3 [ksoftirqd/0]
- root 0 0 00:00:00 127-13:59:39 4 [kworker/0:0]
- root 0 0 00:00:00 127-13:59:39 5 [kworker/0:0H]
- root 0 0 00:06:26 127-13:59:39 7 [rcu_sched]
- root 0 0 00:05:52 127-13:59:39 8 [rcuos/0]
- root 0 0 00:05:37 127-13:59:39 9 [rcuos/1]
- root 0 0 00:00:00 127-13:59:39 10 [rcu_bh]
- root 0 0 00:00:00 127-13:59:39 11 [rcuob/0]
- root 0 0 00:00:00 127-13:59:39 12 [rcuob/1]
- root 0 0 00:01:10 127-13:59:39 13 [migration/0]
- root 0 0 00:00:36 127-13:59:39 14 [watchdog/0]
- root 0 0 00:00:31 127-13:59:39 15 [watchdog/1]
- root 0 0 00:01:10 127-13:59:39 16 [migration/1]
- root 0 0 00:00:07 127-13:59:39 17 [ksoftirqd/1]
- root 0 0 00:00:00 127-13:59:39 19 [kworker/1:0H]
- root 0 0 00:00:00 127-13:59:39 20 [khelper]
- root 0 0 00:00:00 127-13:59:39 21 [kdevtmpfs]
- root 0 0 00:00:00 127-13:59:39 22 [netns]
- root 0 0 00:00:00 127-13:59:39 23 [writeback]
- root 0 0 00:00:00 127-13:59:39 24 [kintegrityd]
- root 0 0 00:00:00 127-13:59:39 25 [bioset]
- root 0 0 00:00:00 127-13:59:39 27 [kblockd]
- root 0 0 00:00:00 127-13:59:39 28 [ata_sff]
- root 0 0 00:00:00 127-13:59:39 29 [khubd]
- root 0 0 00:00:00 127-13:59:39 30 [md]
- root 0 0 00:00:00 127-13:59:39 31 [devfreq_wq]
- root 0 0 00:03:50 127-13:59:39 32 [kworker/0:1]
- root 0 0 00:06:33 127-13:59:39 33 [kworker/1:1]
- root 0 0 00:00:04 127-13:59:39 35 [khungtaskd]
- root 0 0 00:11:17 127-13:59:39 36 [kswapd0]
- root 0 0 00:00:00 127-13:59:39 37 [vmstat]
- root 0 0 00:00:00 127-13:59:39 38 [ksmd]
- root 0 0 00:00:55 127-13:59:39 39 [khugepaged]
- root 0 0 00:00:00 127-13:59:39 40 [fsnotify_mark]
- root 0 0 00:00:00 127-13:59:39 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 127-13:59:39 42 [crypto]
- root 0 0 00:00:00 127-13:59:39 54 [kthrotld]
- root 0 0 00:00:00 127-13:59:39 56 [scsi_eh_0]
- root 0 0 00:00:00 127-13:59:39 57 [scsi_eh_1]
- root 0 0 00:00:00 127-13:59:39 78 [deferwq]
- root 0 0 00:00:00 127-13:59:39 79 [charger_manager]
- root 0 0 00:00:00 127-13:59:39 124 [kpsmoused]
- root 0 0 00:00:00 127-13:59:39 125 [mpt_poll_0]
- root 0 0 00:00:00 127-13:59:39 126 [mpt/0]
- root 0 0 00:00:00 127-13:59:38 127 [scsi_eh_2]
- root 0 0 00:00:00 127-13:59:38 128 [ttm_swap]
- root 0 0 00:03:33 127-13:59:33 178 [jbd2/sda1-8]
- root 0 0 00:00:00 127-13:59:33 179 [ext4-rsv-conver]
- root 28808 1040 00:00:00 127-13:59:33 216 mountall --daemon
- root 19608 820 00:00:00 127-13:59:33 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 127-13:59:33 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1216 00:00:00 127-13:59:33 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 127-13:59:33 432 /lib/systemd/systemd-logind
- syslog 269660 1280 00:00:52 127-13:59:33 435 rsyslogd
- root 15804 964 00:00:00 127-13:59:32 671 upstart-file-bridge --daemon
- root 165340 2396 00:03:47 127-13:59:32 687 sssd -i -f
- root 15260 468 00:00:00 127-13:59:32 697 upstart-socket-bridge --daemon
- root 180020 7400 00:38:39 127-13:59:32 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151092 3596 00:12:42 127-13:59:32 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137168 3040 00:02:11 127-13:59:32 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2224 00:01:57 127-13:59:32 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 127-13:59:32 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 127-13:59:32 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 127-13:59:32 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 127-13:59:32 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 127-13:59:32 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:01:43 127-13:59:32 845 /usr/sbin/sshd -D
- root 25896 908 00:00:47 127-13:59:32 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:16 127-13:59:32 851 cron
- daemon 35128 228 00:00:00 127-13:59:32 853 atd
- whoopsie 344444 2020 00:00:24 127-13:59:31 860 whoopsie
- root 4368 520 00:00:00 127-13:59:31 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:11:51 127-13:59:31 883 /usr/sbin/irqbalance
- mysql 632796 173928 03:52:35 127-13:59:31 1063 /usr/sbin/mysqld
- Debian-exim 63920 928 00:00:02 127-13:59:31 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2088 00:00:18 127-13:59:29 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 267004 03:19:55 127-13:59:29 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 191172 15248 03:06:28 127-13:59:29 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 127-13:59:28 1728 /sbin/getty -8 38400 tty1
2:name=systemd:/user/5028.user/2.session www-data 375016 19076 00:00:00 5-19:16:27 8099 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375004 18120 00:00:00 5-19:16:27 8100 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374220 18188 00:00:00 5-19:16:27 8101 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373764 15760 00:00:00 5-19:16:27 8103 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 14:29 8415 [kworker/u4:0]
2:name=systemd:/user/5028.user/2.session www-data 377060 18060 00:00:00 5-19:15:18 8420 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377376 21248 00:00:00 5-19:15:17 8421 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373052 13800 00:00:00 1-07:13:31 8665 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376816 20996 00:00:00 1-07:13:29 8667 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 02:59 10043 [kworker/u4:2]
- root 72184 3192 00:00:00 01:26 10178 sshd: [accepted] 
- root 34636 3052 00:00:00 00:01 10543 /bin/bash /usr/bin/check_mk_agent
- root 34736 2408 00:00:00 00:00 10565 /bin/bash /usr/bin/check_mk_agent
- root 34644 1888 00:00:00 00:00 10566 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 10568 cat
- root 34708 1928 00:00:00 00:00 10601 /bin/bash /usr/bin/check_mk_agent
- root 31008 1456 00:00:00 00:00 10602 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 10603 tr -s 
- root 91792 2624 01:40:58 127-13:59:07 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 127-13:59:06 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 127-13:57:34 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 377252 20744 00:00:00 4-04:02:18 14155 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377800 22872 00:00:00 4-04:02:12 14156 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 51-09:24:21 23423 [kworker/1:0]
- root 0 0 00:00:00 69-00:54:02 24186 [kworker/u5:0]
- root 0 0 00:00:00 7-19:06:33 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session root 370604 17976 00:03:13 80-12:49:30 29938 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 01:24:46 31083 [kworker/u4:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-11-10 00:58

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ce117b8316

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1731028500
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2568 00:00:15 125-14:16:07 1 /sbin/init
- root 0 0 00:00:00 125-14:16:07 2 [kthreadd]
- root 0 0 00:00:13 125-14:16:07 3 [ksoftirqd/0]
- root 0 0 00:00:00 125-14:16:07 4 [kworker/0:0]
- root 0 0 00:00:00 125-14:16:07 5 [kworker/0:0H]
- root 0 0 00:06:20 125-14:16:07 7 [rcu_sched]
- root 0 0 00:05:48 125-14:16:07 8 [rcuos/0]
- root 0 0 00:05:32 125-14:16:07 9 [rcuos/1]
- root 0 0 00:00:00 125-14:16:07 10 [rcu_bh]
- root 0 0 00:00:00 125-14:16:07 11 [rcuob/0]
- root 0 0 00:00:00 125-14:16:07 12 [rcuob/1]
- root 0 0 00:01:09 125-14:16:07 13 [migration/0]
- root 0 0 00:00:35 125-14:16:07 14 [watchdog/0]
- root 0 0 00:00:30 125-14:16:07 15 [watchdog/1]
- root 0 0 00:01:09 125-14:16:07 16 [migration/1]
- root 0 0 00:00:07 125-14:16:07 17 [ksoftirqd/1]
- root 0 0 00:00:00 125-14:16:07 19 [kworker/1:0H]
- root 0 0 00:00:00 125-14:16:07 20 [khelper]
- root 0 0 00:00:00 125-14:16:07 21 [kdevtmpfs]
- root 0 0 00:00:00 125-14:16:07 22 [netns]
- root 0 0 00:00:00 125-14:16:07 23 [writeback]
- root 0 0 00:00:00 125-14:16:07 24 [kintegrityd]
- root 0 0 00:00:00 125-14:16:07 25 [bioset]
- root 0 0 00:00:00 125-14:16:07 27 [kblockd]
- root 0 0 00:00:00 125-14:16:07 28 [ata_sff]
- root 0 0 00:00:00 125-14:16:07 29 [khubd]
- root 0 0 00:00:00 125-14:16:07 30 [md]
- root 0 0 00:00:00 125-14:16:07 31 [devfreq_wq]
- root 0 0 00:03:45 125-14:16:07 32 [kworker/0:1]
- root 0 0 00:06:28 125-14:16:07 33 [kworker/1:1]
- root 0 0 00:00:04 125-14:16:07 35 [khungtaskd]
- root 0 0 00:11:07 125-14:16:07 36 [kswapd0]
- root 0 0 00:00:00 125-14:16:07 37 [vmstat]
- root 0 0 00:00:00 125-14:16:07 38 [ksmd]
- root 0 0 00:00:54 125-14:16:07 39 [khugepaged]
- root 0 0 00:00:00 125-14:16:07 40 [fsnotify_mark]
- root 0 0 00:00:00 125-14:16:07 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 125-14:16:07 42 [crypto]
- root 0 0 00:00:00 125-14:16:07 54 [kthrotld]
- root 0 0 00:00:00 125-14:16:07 56 [scsi_eh_0]
- root 0 0 00:00:00 125-14:16:07 57 [scsi_eh_1]
- root 0 0 00:00:00 125-14:16:07 78 [deferwq]
- root 0 0 00:00:00 125-14:16:07 79 [charger_manager]
- root 0 0 00:00:00 125-14:16:07 124 [kpsmoused]
- root 0 0 00:00:00 125-14:16:07 125 [mpt_poll_0]
- root 0 0 00:00:00 125-14:16:07 126 [mpt/0]
- root 0 0 00:00:00 125-14:16:06 127 [scsi_eh_2]
- root 0 0 00:00:00 125-14:16:06 128 [ttm_swap]
- root 0 0 00:03:30 125-14:16:01 178 [jbd2/sda1-8]
- root 0 0 00:00:00 125-14:16:01 179 [ext4-rsv-conver]
- root 28808 1044 00:00:00 125-14:16:01 216 mountall --daemon
- root 19608 820 00:00:00 125-14:16:01 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 125-14:16:01 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 780 00:00:00 125-14:16:01 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 125-14:16:01 432 /lib/systemd/systemd-logind
- syslog 269660 1276 00:00:51 125-14:16:01 435 rsyslogd
- root 15804 976 00:00:00 125-14:16:00 671 upstart-file-bridge --daemon
- root 165340 2396 00:03:43 125-14:16:00 687 sssd -i -f
- root 15260 484 00:00:00 125-14:16:00 697 upstart-socket-bridge --daemon
- root 180020 7104 00:38:14 125-14:16:00 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151092 3060 00:12:31 125-14:16:00 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137168 3020 00:02:09 125-14:16:00 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2224 00:01:55 125-14:16:00 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 125-14:16:00 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 125-14:16:00 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 125-14:16:00 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 125-14:16:00 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 125-14:16:00 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:01:41 125-14:16:00 845 /usr/sbin/sshd -D
- root 25896 908 00:00:47 125-14:16:00 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:16 125-14:16:00 851 cron
- daemon 35128 252 00:00:00 125-14:16:00 853 atd
- whoopsie 344444 2032 00:00:23 125-14:15:59 860 whoopsie
- root 4368 520 00:00:00 125-14:15:59 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:11:39 125-14:15:59 883 /usr/sbin/irqbalance
- mysql 632796 173604 03:48:51 125-14:15:59 1063 /usr/sbin/mysqld
- Debian-exim 63920 920 00:00:02 125-14:15:59 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 1916 00:00:17 125-14:15:57 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 268780 03:16:55 125-14:15:57 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 190916 15044 02:59:28 125-14:15:57 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 125-14:15:56 1728 /sbin/getty -8 38400 tty1
2:name=systemd:/user/5028.user/2.session www-data 373692 15220 00:00:00 3-15:40:06 7905 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375016 18648 00:00:00 3-19:32:55 8099 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373084 13268 00:00:00 3-19:32:55 8100 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373812 17432 00:00:00 3-19:32:55 8101 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377444 19868 00:00:00 3-19:32:55 8102 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373764 15276 00:00:00 3-19:32:55 8103 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377060 17764 00:00:00 3-19:31:46 8420 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376848 18604 00:00:00 3-19:31:45 8421 /usr/sbin/apache2 -k start
- root 91792 2624 01:39:27 125-14:15:35 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 125-14:15:34 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 125-14:14:02 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 376996 17456 00:00:00 2-04:18:46 14155 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374932 17660 00:00:00 2-04:18:40 14156 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 49-09:40:49 23423 [kworker/1:0]
- root 0 0 00:00:00 67-01:10:30 24186 [kworker/u5:0]
- root 0 0 00:00:00 35:48 25683 [kworker/u4:2]
- root 0 0 00:00:00 16:41 28270 [kworker/u4:0]
- root 99204 2004 00:00:00 15:00 28408 CRON
- root 4444 644 00:00:00 15:00 28409 /bin/sh -c /etc/backup/SVN_backup.sh > /var/log/cron/backup_svn.log
- root 4444 720 00:00:00 15:00 28410 /bin/sh /etc/backup/SVN_backup.sh
- root 0 0 00:00:00 5-19:23:01 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session root 370604 17972 00:03:09 78-13:05:58 29938 /usr/sbin/apache2 -k start
- root 70712 26044 00:00:01 00:17 31718 /usr/bin/svnadmin dump --deltas --quiet /var/svn/repository/happening
- root 13768 7760 00:00:15 00:17 31719 bzip2 --compress --stdout
- root 34636 3056 00:00:00 00:00 31920 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:00 31942 /bin/bash /usr/bin/check_mk_agent
- root 34644 1892 00:00:00 00:00 31943 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 31944 cat
- root 34708 1932 00:00:00 00:00 31978 /bin/bash /usr/bin/check_mk_agent
- root 31008 1460 00:00:00 00:00 31979 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 31980 tr -s 

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-11-08 01:14

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ce95ba8296

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1730854448
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2560 00:00:15 123-13:55:15 1 /sbin/init
- root 0 0 00:00:00 123-13:55:15 2 [kthreadd]
- root 0 0 00:00:13 123-13:55:15 3 [ksoftirqd/0]
- root 0 0 00:00:00 123-13:55:15 4 [kworker/0:0]
- root 0 0 00:00:00 123-13:55:15 5 [kworker/0:0H]
- root 0 0 00:06:14 123-13:55:15 7 [rcu_sched]
- root 0 0 00:05:42 123-13:55:15 8 [rcuos/0]
- root 0 0 00:05:28 123-13:55:15 9 [rcuos/1]
- root 0 0 00:00:00 123-13:55:15 10 [rcu_bh]
- root 0 0 00:00:00 123-13:55:15 11 [rcuob/0]
- root 0 0 00:00:00 123-13:55:15 12 [rcuob/1]
- root 0 0 00:01:08 123-13:55:15 13 [migration/0]
- root 0 0 00:00:35 123-13:55:15 14 [watchdog/0]
- root 0 0 00:00:30 123-13:55:15 15 [watchdog/1]
- root 0 0 00:01:08 123-13:55:15 16 [migration/1]
- root 0 0 00:00:07 123-13:55:15 17 [ksoftirqd/1]
- root 0 0 00:00:00 123-13:55:15 19 [kworker/1:0H]
- root 0 0 00:00:00 123-13:55:15 20 [khelper]
- root 0 0 00:00:00 123-13:55:15 21 [kdevtmpfs]
- root 0 0 00:00:00 123-13:55:15 22 [netns]
- root 0 0 00:00:00 123-13:55:15 23 [writeback]
- root 0 0 00:00:00 123-13:55:15 24 [kintegrityd]
- root 0 0 00:00:00 123-13:55:15 25 [bioset]
- root 0 0 00:00:00 123-13:55:15 27 [kblockd]
- root 0 0 00:00:00 123-13:55:15 28 [ata_sff]
- root 0 0 00:00:00 123-13:55:15 29 [khubd]
- root 0 0 00:00:00 123-13:55:15 30 [md]
- root 0 0 00:00:00 123-13:55:15 31 [devfreq_wq]
- root 0 0 00:03:41 123-13:55:15 32 [kworker/0:1]
- root 0 0 00:06:23 123-13:55:15 33 [kworker/1:1]
- root 0 0 00:00:04 123-13:55:15 35 [khungtaskd]
- root 0 0 00:10:55 123-13:55:15 36 [kswapd0]
- root 0 0 00:00:00 123-13:55:15 37 [vmstat]
- root 0 0 00:00:00 123-13:55:15 38 [ksmd]
- root 0 0 00:00:53 123-13:55:15 39 [khugepaged]
- root 0 0 00:00:00 123-13:55:15 40 [fsnotify_mark]
- root 0 0 00:00:00 123-13:55:15 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 123-13:55:15 42 [crypto]
- root 0 0 00:00:00 123-13:55:15 54 [kthrotld]
- root 0 0 00:00:00 123-13:55:15 56 [scsi_eh_0]
- root 0 0 00:00:00 123-13:55:15 57 [scsi_eh_1]
- root 0 0 00:00:00 123-13:55:15 78 [deferwq]
- root 0 0 00:00:00 123-13:55:15 79 [charger_manager]
- root 0 0 00:00:00 123-13:55:15 124 [kpsmoused]
- root 0 0 00:00:00 123-13:55:15 125 [mpt_poll_0]
- root 0 0 00:00:00 123-13:55:15 126 [mpt/0]
- root 0 0 00:00:00 123-13:55:14 127 [scsi_eh_2]
- root 0 0 00:00:00 123-13:55:14 128 [ttm_swap]
- root 0 0 00:03:26 123-13:55:09 178 [jbd2/sda1-8]
- root 0 0 00:00:00 123-13:55:09 179 [ext4-rsv-conver]
- root 28808 1088 00:00:00 123-13:55:09 216 mountall --daemon
- root 19608 852 00:00:00 123-13:55:09 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 123-13:55:09 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1196 00:00:00 123-13:55:09 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 123-13:55:09 432 /lib/systemd/systemd-logind
- syslog 269660 1324 00:00:50 123-13:55:09 435 rsyslogd
- root 15804 1044 00:00:00 123-13:55:08 671 upstart-file-bridge --daemon
- root 165340 2396 00:03:39 123-13:55:08 687 sssd -i -f
- root 15260 564 00:00:00 123-13:55:08 697 upstart-socket-bridge --daemon
- root 180020 7416 00:37:52 123-13:55:08 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 151092 3480 00:12:20 123-13:55:08 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137168 2976 00:02:07 123-13:55:08 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2252 00:01:54 123-13:55:08 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 123-13:55:08 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 123-13:55:08 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 123-13:55:08 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 123-13:55:08 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 123-13:55:08 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:01:39 123-13:55:08 845 /usr/sbin/sshd -D
- root 25896 908 00:00:46 123-13:55:08 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:15 123-13:55:08 851 cron
- daemon 35128 276 00:00:00 123-13:55:08 853 atd
- whoopsie 344444 2076 00:00:23 123-13:55:07 860 whoopsie
- root 4368 520 00:00:00 123-13:55:07 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:11:28 123-13:55:07 883 /usr/sbin/irqbalance
- mysql 632796 173932 03:45:16 123-13:55:07 1063 /usr/sbin/mysqld
- Debian-exim 63920 928 00:00:02 123-13:55:07 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2108 00:00:17 123-13:55:05 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 267652 03:13:47 123-13:55:05 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 190916 14804 02:53:20 123-13:55:05 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 123-13:55:04 1728 /sbin/getty -8 38400 tty1
2:name=systemd:/user/5028.user/2.session www-data 373692 15644 00:00:00 1-15:19:14 7905 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 46:14 8082 [kworker/u4:2]
2:name=systemd:/user/5028.user/2.session www-data 375016 19192 00:00:00 1-19:12:03 8099 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373084 13768 00:00:00 1-19:12:03 8100 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373812 17084 00:00:00 1-19:12:03 8101 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377444 20348 00:00:00 1-19:12:03 8102 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372952 13676 00:00:00 1-19:12:03 8103 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376808 19616 00:00:00 1-19:10:54 8420 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373748 17052 00:00:00 1-19:10:53 8421 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 37:42 9332 [kworker/u4:0]
- root 91792 2624 01:37:54 123-13:54:43 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 123-13:54:42 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 123-13:53:10 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 372940 13728 00:00:00 03:57:54 14155 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372908 13540 00:00:00 03:57:48 14156 /usr/sbin/apache2 -k start
- root 34636 3060 00:00:00 00:00 14683 /bin/bash /usr/bin/check_mk_agent
- root 34736 2416 00:00:00 00:00 14705 /bin/bash /usr/bin/check_mk_agent
- root 34644 1896 00:00:00 00:00 14706 /bin/bash /usr/bin/check_mk_agent
- root 8904 584 00:00:00 00:00 14709 cat
- root 34708 1936 00:00:00 00:00 14741 /bin/bash /usr/bin/check_mk_agent
- root 31008 1452 00:00:00 00:00 14742 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 14743 tr -s 
- root 0 0 00:00:00 47-09:19:57 23423 [kworker/1:0]
- root 0 0 00:00:00 65-00:49:38 24186 [kworker/u5:0]
- root 0 0 00:00:00 3-19:02:09 28700 [kworker/u5:2]
2:name=systemd:/user/5028.user/2.session root 370604 19264 00:03:04 76-12:45:06 29938 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-11-06 00:54

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169cef0cf3745

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1730240545
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2648 00:00:13 116-11:23:32 1 /sbin/init
- root 0 0 00:00:00 116-11:23:32 2 [kthreadd]
- root 0 0 00:00:12 116-11:23:32 3 [ksoftirqd/0]
- root 0 0 00:00:00 116-11:23:32 4 [kworker/0:0]
- root 0 0 00:00:00 116-11:23:32 5 [kworker/0:0H]
- root 0 0 00:05:54 116-11:23:32 7 [rcu_sched]
- root 0 0 00:05:23 116-11:23:32 8 [rcuos/0]
- root 0 0 00:05:11 116-11:23:32 9 [rcuos/1]
- root 0 0 00:00:00 116-11:23:32 10 [rcu_bh]
- root 0 0 00:00:00 116-11:23:32 11 [rcuob/0]
- root 0 0 00:00:00 116-11:23:32 12 [rcuob/1]
- root 0 0 00:01:04 116-11:23:32 13 [migration/0]
- root 0 0 00:00:33 116-11:23:32 14 [watchdog/0]
- root 0 0 00:00:28 116-11:23:32 15 [watchdog/1]
- root 0 0 00:01:05 116-11:23:32 16 [migration/1]
- root 0 0 00:00:07 116-11:23:32 17 [ksoftirqd/1]
- root 0 0 00:00:00 116-11:23:32 19 [kworker/1:0H]
- root 0 0 00:00:00 116-11:23:32 20 [khelper]
- root 0 0 00:00:00 116-11:23:32 21 [kdevtmpfs]
- root 0 0 00:00:00 116-11:23:32 22 [netns]
- root 0 0 00:00:00 116-11:23:32 23 [writeback]
- root 0 0 00:00:00 116-11:23:32 24 [kintegrityd]
- root 0 0 00:00:00 116-11:23:32 25 [bioset]
- root 0 0 00:00:00 116-11:23:32 27 [kblockd]
- root 0 0 00:00:00 116-11:23:32 28 [ata_sff]
- root 0 0 00:00:00 116-11:23:32 29 [khubd]
- root 0 0 00:00:00 116-11:23:32 30 [md]
- root 0 0 00:00:00 116-11:23:32 31 [devfreq_wq]
- root 0 0 00:03:27 116-11:23:32 32 [kworker/0:1]
- root 0 0 00:06:02 116-11:23:32 33 [kworker/1:1]
- root 0 0 00:00:03 116-11:23:32 35 [khungtaskd]
- root 0 0 00:10:18 116-11:23:32 36 [kswapd0]
- root 0 0 00:00:00 116-11:23:32 37 [vmstat]
- root 0 0 00:00:00 116-11:23:32 38 [ksmd]
- root 0 0 00:00:50 116-11:23:32 39 [khugepaged]
- root 0 0 00:00:00 116-11:23:32 40 [fsnotify_mark]
- root 0 0 00:00:00 116-11:23:32 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 116-11:23:32 42 [crypto]
- root 0 0 00:00:00 116-11:23:32 54 [kthrotld]
- root 0 0 00:00:00 116-11:23:32 56 [scsi_eh_0]
- root 0 0 00:00:00 116-11:23:32 57 [scsi_eh_1]
- root 0 0 00:00:00 116-11:23:32 78 [deferwq]
- root 0 0 00:00:00 116-11:23:32 79 [charger_manager]
- root 0 0 00:00:00 116-11:23:32 124 [kpsmoused]
- root 0 0 00:00:00 116-11:23:32 125 [mpt_poll_0]
- root 0 0 00:00:00 116-11:23:32 126 [mpt/0]
- root 0 0 00:00:00 116-11:23:31 127 [scsi_eh_2]
- root 0 0 00:00:00 116-11:23:31 128 [ttm_swap]
- root 0 0 00:03:14 116-11:23:26 178 [jbd2/sda1-8]
- root 0 0 00:00:00 116-11:23:26 179 [ext4-rsv-conver]
- root 28808 1124 00:00:00 116-11:23:26 216 mountall --daemon
- root 19608 596 00:00:00 116-11:23:26 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 116-11:23:26 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1092 00:00:00 116-11:23:26 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 116-11:23:26 432 /lib/systemd/systemd-logind
- syslog 269660 1396 00:00:45 116-11:23:26 435 rsyslogd
- root 15804 916 00:00:00 116-11:23:25 671 upstart-file-bridge --daemon
- root 165340 2396 00:03:27 116-11:23:25 687 sssd -i -f
- root 0 0 00:00:00 01:03:48 694 [kworker/u4:1]
- root 15260 684 00:00:00 116-11:23:25 697 upstart-socket-bridge --daemon
- root 180020 7488 00:36:01 116-11:23:25 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150972 3480 00:11:39 116-11:23:25 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137048 2892 00:01:59 116-11:23:25 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2336 00:01:47 116-11:23:25 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 116-11:23:25 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 116-11:23:25 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 116-11:23:25 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 116-11:23:25 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 116-11:23:25 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:01:31 116-11:23:25 845 /usr/sbin/sshd -D
- root 25896 908 00:00:43 116-11:23:25 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:14 116-11:23:25 851 cron
- daemon 35128 188 00:00:00 116-11:23:25 853 atd
- whoopsie 344444 1976 00:00:22 116-11:23:24 860 whoopsie
- root 4368 520 00:00:00 116-11:23:24 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:10:50 116-11:23:24 883 /usr/sbin/irqbalance
- mysql 632796 173880 03:32:40 116-11:23:24 1063 /usr/sbin/mysqld
- Debian-exim 63920 928 00:00:02 116-11:23:24 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2088 00:00:16 116-11:23:22 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 260920 03:02:56 116-11:23:22 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 189892 13928 02:33:18 116-11:23:22 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 116-11:23:21 1728 /sbin/getty -8 38400 tty1
- root 0 0 00:00:00 09:28 8207 [kworker/u4:0]
2:name=systemd:/user/5028.user/2.session www-data 373700 16876 00:00:00 2-14:19:24 9186 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372948 13660 00:00:00 2-14:18:18 9327 /usr/sbin/apache2 -k start
- root 34636 3052 00:00:00 00:00 9608 /bin/bash /usr/bin/check_mk_agent
- root 34736 2408 00:00:00 00:00 9647 /bin/bash /usr/bin/check_mk_agent
- root 34644 1888 00:00:00 00:00 9648 /bin/bash /usr/bin/check_mk_agent
- root 8904 584 00:00:00 00:00 9649 cat
- root 34708 1928 00:00:00 00:00 9683 /bin/bash /usr/bin/check_mk_agent
- root 31008 1452 00:00:00 00:00 9684 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 9685 tr -s 
2:name=systemd:/user/5028.user/2.session www-data 372816 13692 00:00:00 19:34:08 10468 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373580 17288 00:00:00 19:34:07 10469 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376624 19564 00:00:00 19:34:07 10470 /usr/sbin/apache2 -k start
- root 91792 2624 01:32:24 116-11:23:00 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 116-11:22:59 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 116-11:21:27 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 377036 19196 00:00:00 1-02:24:13 16019 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372900 13408 00:00:00 1-02:24:12 16020 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372932 13444 00:00:00 1-02:24:12 16021 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374724 20868 00:00:00 2-16:36:32 22715 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373652 15628 00:00:00 2-16:36:32 22717 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 40-06:48:14 23423 [kworker/1:0]
- root 0 0 00:00:00 57-22:17:55 24186 [kworker/u5:0]
- root 0 0 00:00:00 115-22:04:29 25875 [kworker/u5:1]
2:name=systemd:/user/5028.user/2.session root 370464 17668 00:02:47 69-10:13:23 29938 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-10-29 22:22

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169cec29b1fb5

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1730071978
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2568 00:00:13 114-12:34:05 1 /sbin/init
- root 0 0 00:00:00 114-12:34:05 2 [kthreadd]
- root 0 0 00:00:12 114-12:34:05 3 [ksoftirqd/0]
- root 0 0 00:00:00 114-12:34:05 4 [kworker/0:0]
- root 0 0 00:00:00 114-12:34:05 5 [kworker/0:0H]
- root 0 0 00:05:48 114-12:34:05 7 [rcu_sched]
- root 0 0 00:05:17 114-12:34:05 8 [rcuos/0]
- root 0 0 00:05:06 114-12:34:05 9 [rcuos/1]
- root 0 0 00:00:00 114-12:34:05 10 [rcu_bh]
- root 0 0 00:00:00 114-12:34:05 11 [rcuob/0]
- root 0 0 00:00:00 114-12:34:05 12 [rcuob/1]
- root 0 0 00:01:03 114-12:34:05 13 [migration/0]
- root 0 0 00:00:32 114-12:34:05 14 [watchdog/0]
- root 0 0 00:00:28 114-12:34:05 15 [watchdog/1]
- root 0 0 00:01:04 114-12:34:05 16 [migration/1]
- root 0 0 00:00:06 114-12:34:05 17 [ksoftirqd/1]
- root 0 0 00:00:00 114-12:34:05 19 [kworker/1:0H]
- root 0 0 00:00:00 114-12:34:05 20 [khelper]
- root 0 0 00:00:00 114-12:34:05 21 [kdevtmpfs]
- root 0 0 00:00:00 114-12:34:05 22 [netns]
- root 0 0 00:00:00 114-12:34:05 23 [writeback]
- root 0 0 00:00:00 114-12:34:05 24 [kintegrityd]
- root 0 0 00:00:00 114-12:34:05 25 [bioset]
- root 0 0 00:00:00 114-12:34:05 27 [kblockd]
- root 0 0 00:00:00 114-12:34:05 28 [ata_sff]
- root 0 0 00:00:00 114-12:34:05 29 [khubd]
- root 0 0 00:00:00 114-12:34:05 30 [md]
- root 0 0 00:00:00 114-12:34:05 31 [devfreq_wq]
- root 0 0 00:03:24 114-12:34:05 32 [kworker/0:1]
- root 0 0 00:05:56 114-12:34:05 33 [kworker/1:1]
- root 0 0 00:00:03 114-12:34:05 35 [khungtaskd]
- root 0 0 00:10:08 114-12:34:05 36 [kswapd0]
- root 0 0 00:00:00 114-12:34:05 37 [vmstat]
- root 0 0 00:00:00 114-12:34:05 38 [ksmd]
- root 0 0 00:00:49 114-12:34:05 39 [khugepaged]
- root 0 0 00:00:00 114-12:34:05 40 [fsnotify_mark]
- root 0 0 00:00:00 114-12:34:05 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 114-12:34:05 42 [crypto]
- root 0 0 00:00:00 114-12:34:05 54 [kthrotld]
- root 0 0 00:00:00 114-12:34:05 56 [scsi_eh_0]
- root 0 0 00:00:00 114-12:34:05 57 [scsi_eh_1]
- root 0 0 00:00:00 114-12:34:05 78 [deferwq]
- root 0 0 00:00:00 114-12:34:05 79 [charger_manager]
- root 0 0 00:00:00 114-12:34:05 124 [kpsmoused]
- root 0 0 00:00:00 114-12:34:05 125 [mpt_poll_0]
- root 0 0 00:00:00 114-12:34:05 126 [mpt/0]
- root 0 0 00:00:00 114-12:34:04 127 [scsi_eh_2]
- root 0 0 00:00:00 114-12:34:04 128 [ttm_swap]
- root 0 0 00:03:11 114-12:33:59 178 [jbd2/sda1-8]
- root 0 0 00:00:00 114-12:33:59 179 [ext4-rsv-conver]
- root 28808 1176 00:00:00 114-12:33:59 216 mountall --daemon
- root 19608 640 00:00:00 114-12:33:59 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 114-12:33:59 313 /lib/systemd/systemd-udevd --daemon
- root 0 0 00:00:00 46:40 383 [kworker/u4:2]
- messagebus 53060 1216 00:00:00 114-12:33:59 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 114-12:33:59 432 /lib/systemd/systemd-logind
- syslog 269660 1428 00:00:44 114-12:33:59 435 rsyslogd
- root 15804 984 00:00:00 114-12:33:58 671 upstart-file-bridge --daemon
- root 165340 2396 00:03:23 114-12:33:58 687 sssd -i -f
- root 15260 532 00:00:00 114-12:33:58 697 upstart-socket-bridge --daemon
- root 180020 7508 00:35:21 114-12:33:58 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150972 3436 00:11:27 114-12:33:58 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137048 2864 00:01:57 114-12:33:58 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2364 00:01:45 114-12:33:58 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 114-12:33:58 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 114-12:33:58 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 114-12:33:58 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 114-12:33:58 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 114-12:33:58 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:01:29 114-12:33:58 845 /usr/sbin/sshd -D
- root 25896 908 00:00:43 114-12:33:58 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:14 114-12:33:58 851 cron
- daemon 35128 188 00:00:00 114-12:33:58 853 atd
- whoopsie 344444 2016 00:00:21 114-12:33:57 860 whoopsie
- root 4368 520 00:00:00 114-12:33:57 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:10:39 114-12:33:57 883 /usr/sbin/irqbalance
- mysql 632796 174004 03:29:08 114-12:33:57 1063 /usr/sbin/mysqld
- Debian-exim 63920 928 00:00:02 114-12:33:57 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2128 00:00:16 114-12:33:55 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 259888 02:59:55 114-12:33:55 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 189892 13812 02:28:11 114-12:33:55 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 114-12:33:54 1728 /sbin/getty -8 38400 tty1
- root 99204 2116 00:00:00 32:57 2347 CRON
- root 4444 648 00:00:00 32:57 2349 /bin/sh -c test -x /usr/bin/certbot && perl -e 'sleep int(rand(3600))' && certbot -q renew
- root 20544 1740 00:00:00 32:57 2351 perl -e sleep int(rand(3600))
- root 0 0 00:00:00 11:53 5265 [kworker/u4:1]
- root 34636 3056 00:00:00 00:01 7146 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:00 7168 /bin/bash /usr/bin/check_mk_agent
- root 34644 1892 00:00:00 00:00 7169 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 7171 cat
- root 34708 1932 00:00:00 00:00 7204 /bin/bash /usr/bin/check_mk_agent
- root 31008 1448 00:00:00 00:00 7205 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 592 00:00:00 00:00 7206 tr -s 
2:name=systemd:/user/5028.user/2.session www-data 372916 13764 00:00:00 15:41:57 7535 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372900 13748 00:00:00 15:29:57 9186 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372900 13712 00:00:00 15:29:56 9187 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372940 13772 00:00:00 15:28:51 9327 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372760 13668 00:00:00 15:27:56 9471 /usr/sbin/apache2 -k start
- root 91792 2624 01:30:52 114-12:33:33 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 114-12:33:32 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 114-12:32:00 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 373944 19000 00:00:00 17:47:05 22713 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372900 13752 00:00:00 17:47:05 22714 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372900 13772 00:00:00 17:47:05 22715 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377292 22168 00:00:00 17:47:05 22716 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372900 13764 00:00:00 17:47:05 22717 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 38-07:58:47 23423 [kworker/1:0]
- root 0 0 00:00:00 55-23:28:28 24186 [kworker/u5:0]
- root 0 0 00:00:00 113-23:15:02 25875 [kworker/u5:1]
2:name=systemd:/user/5028.user/2.session root 370464 23868 00:02:43 67-11:23:56 29938 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-10-27 23:32

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169cef2c4ed72

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1729726867
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2564 00:00:12 110-12:42:14 1 /sbin/init
- root 0 0 00:00:00 110-12:42:14 2 [kthreadd]
- root 0 0 00:00:11 110-12:42:14 3 [ksoftirqd/0]
- root 0 0 00:00:00 110-12:42:14 4 [kworker/0:0]
- root 0 0 00:00:00 110-12:42:14 5 [kworker/0:0H]
- root 0 0 00:05:35 110-12:42:14 7 [rcu_sched]
- root 0 0 00:05:06 110-12:42:14 8 [rcuos/0]
- root 0 0 00:04:55 110-12:42:14 9 [rcuos/1]
- root 0 0 00:00:00 110-12:42:14 10 [rcu_bh]
- root 0 0 00:00:00 110-12:42:14 11 [rcuob/0]
- root 0 0 00:00:00 110-12:42:14 12 [rcuob/1]
- root 0 0 00:01:01 110-12:42:14 13 [migration/0]
- root 0 0 00:00:31 110-12:42:14 14 [watchdog/0]
- root 0 0 00:00:27 110-12:42:14 15 [watchdog/1]
- root 0 0 00:01:01 110-12:42:14 16 [migration/1]
- root 0 0 00:00:06 110-12:42:14 17 [ksoftirqd/1]
- root 0 0 00:00:00 110-12:42:14 19 [kworker/1:0H]
- root 0 0 00:00:00 110-12:42:14 20 [khelper]
- root 0 0 00:00:00 110-12:42:14 21 [kdevtmpfs]
- root 0 0 00:00:00 110-12:42:14 22 [netns]
- root 0 0 00:00:00 110-12:42:14 23 [writeback]
- root 0 0 00:00:00 110-12:42:14 24 [kintegrityd]
- root 0 0 00:00:00 110-12:42:14 25 [bioset]
- root 0 0 00:00:00 110-12:42:14 27 [kblockd]
- root 0 0 00:00:00 110-12:42:14 28 [ata_sff]
- root 0 0 00:00:00 110-12:42:14 29 [khubd]
- root 0 0 00:00:00 110-12:42:14 30 [md]
- root 0 0 00:00:00 110-12:42:14 31 [devfreq_wq]
- root 0 0 00:03:17 110-12:42:14 32 [kworker/0:1]
- root 0 0 00:05:43 110-12:42:14 33 [kworker/1:1]
- root 0 0 00:00:03 110-12:42:14 35 [khungtaskd]
- root 0 0 00:09:47 110-12:42:14 36 [kswapd0]
- root 0 0 00:00:00 110-12:42:14 37 [vmstat]
- root 0 0 00:00:00 110-12:42:14 38 [ksmd]
- root 0 0 00:00:47 110-12:42:14 39 [khugepaged]
- root 0 0 00:00:00 110-12:42:14 40 [fsnotify_mark]
- root 0 0 00:00:00 110-12:42:14 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 110-12:42:14 42 [crypto]
- root 0 0 00:00:00 110-12:42:14 54 [kthrotld]
- root 0 0 00:00:00 110-12:42:14 56 [scsi_eh_0]
- root 0 0 00:00:00 110-12:42:14 57 [scsi_eh_1]
- root 0 0 00:00:00 110-12:42:14 78 [deferwq]
- root 0 0 00:00:00 110-12:42:14 79 [charger_manager]
- root 0 0 00:00:00 110-12:42:14 124 [kpsmoused]
- root 0 0 00:00:00 110-12:42:14 125 [mpt_poll_0]
- root 0 0 00:00:00 110-12:42:14 126 [mpt/0]
- root 0 0 00:00:00 110-12:42:13 127 [scsi_eh_2]
- root 0 0 00:00:00 110-12:42:13 128 [ttm_swap]
- root 0 0 00:03:04 110-12:42:08 178 [jbd2/sda1-8]
- root 0 0 00:00:00 110-12:42:08 179 [ext4-rsv-conver]
- root 28808 1020 00:00:00 110-12:42:08 216 mountall --daemon
- root 19608 680 00:00:00 110-12:42:08 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 110-12:42:08 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1200 00:00:00 110-12:42:08 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 110-12:42:08 432 /lib/systemd/systemd-logind
- syslog 269660 1480 00:00:42 110-12:42:08 435 rsyslogd
- root 15804 1072 00:00:00 110-12:42:07 671 upstart-file-bridge --daemon
- root 165340 2396 00:03:16 110-12:42:07 687 sssd -i -f
- root 15260 636 00:00:00 110-12:42:07 697 upstart-socket-bridge --daemon
- root 180020 7504 00:34:00 110-12:42:07 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150972 3356 00:11:02 110-12:42:07 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 137048 2944 00:01:52 110-12:42:07 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2248 00:01:42 110-12:42:07 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 110-12:42:07 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 110-12:42:07 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 110-12:42:07 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 110-12:42:07 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 110-12:42:07 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:01:26 110-12:42:07 845 /usr/sbin/sshd -D
- root 25896 908 00:00:41 110-12:42:07 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:14 110-12:42:07 851 cron
- daemon 35128 232 00:00:00 110-12:42:07 853 atd
- whoopsie 344444 2080 00:00:21 110-12:42:06 860 whoopsie
- root 4368 520 00:00:00 110-12:42:06 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:10:15 110-12:42:06 883 /usr/sbin/irqbalance
- mysql 632796 173876 03:21:55 110-12:42:06 1063 /usr/sbin/mysqld
- Debian-exim 63920 928 00:00:02 110-12:42:06 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2148 00:00:16 110-12:42:04 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 263340 02:53:47 110-12:42:04 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 189380 13180 02:18:14 110-12:42:04 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 110-12:42:03 1728 /sbin/getty -8 38400 tty1
2:name=systemd:/user/5028.user/2.session www-data 372672 13596 00:00:00 13:09:32 2293 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376068 18044 00:00:00 13:09:31 2303 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372664 13628 00:00:00 13:09:31 2304 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376660 19740 00:00:00 13:09:30 2308 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376356 18960 00:00:00 13:09:21 2322 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 34:44 9584 [kworker/u4:2]
- root 91792 2624 01:27:46 110-12:41:42 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 110-12:41:41 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 20:08 11614 [kworker/u4:0]
- root 0 0 00:00:00 110-12:40:09 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 377144 20280 00:00:00 3-01:26:33 13735 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 00:20 14321 [kworker/u4:1]
- root 34636 3056 00:00:00 00:00 14361 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:00 14383 /bin/bash /usr/bin/check_mk_agent
- root 34644 1884 00:00:00 00:00 14384 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 14386 cat
- root 34636 3052 00:00:00 00:00 14422 /bin/bash /usr/bin/check_mk_agent
- root 34736 2408 00:00:00 00:00 14444 /bin/bash /usr/bin/check_mk_agent
- root 34644 1880 00:00:00 00:00 14445 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 14446 cat
- root 34708 1928 00:00:00 00:00 14480 /bin/bash /usr/bin/check_mk_agent
- root 31008 1456 00:00:00 00:00 14481 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 14482 tr -s 
2:name=systemd:/user/5028.user/2.session www-data 376756 21256 00:00:00 2-21:31:02 16241 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 34-08:06:56 23423 [kworker/1:0]
- root 0 0 00:00:00 51-23:36:37 24186 [kworker/u5:0]
- root 0 0 00:00:00 109-23:23:11 25875 [kworker/u5:1]
2:name=systemd:/user/5028.user/2.session www-data 372828 13636 00:00:00 1-05:06:49 29484 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377056 20028 00:00:00 3-19:15:42 29733 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session root 370184 17528 00:02:33 63-11:32:05 29938 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372680 13560 00:00:00 2-03:48:11 32674 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-10-23 23:41

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ce88d45edf

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1729554074
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2560 00:00:12 108-12:42:21 1 /sbin/init
- root 0 0 00:00:00 108-12:42:21 2 [kthreadd]
- root 0 0 00:00:11 108-12:42:21 3 [ksoftirqd/0]
- root 0 0 00:00:00 108-12:42:21 4 [kworker/0:0]
- root 0 0 00:00:00 108-12:42:21 5 [kworker/0:0H]
- root 0 0 00:05:29 108-12:42:21 7 [rcu_sched]
- root 0 0 00:05:00 108-12:42:21 8 [rcuos/0]
- root 0 0 00:04:49 108-12:42:21 9 [rcuos/1]
- root 0 0 00:00:00 108-12:42:21 10 [rcu_bh]
- root 0 0 00:00:00 108-12:42:21 11 [rcuob/0]
- root 0 0 00:00:00 108-12:42:21 12 [rcuob/1]
- root 0 0 00:01:00 108-12:42:21 13 [migration/0]
- root 0 0 00:00:31 108-12:42:21 14 [watchdog/0]
- root 0 0 00:00:26 108-12:42:21 15 [watchdog/1]
- root 0 0 00:01:00 108-12:42:21 16 [migration/1]
- root 0 0 00:00:06 108-12:42:21 17 [ksoftirqd/1]
- root 0 0 00:00:00 108-12:42:21 19 [kworker/1:0H]
- root 0 0 00:00:00 108-12:42:21 20 [khelper]
- root 0 0 00:00:00 108-12:42:21 21 [kdevtmpfs]
- root 0 0 00:00:00 108-12:42:21 22 [netns]
- root 0 0 00:00:00 108-12:42:21 23 [writeback]
- root 0 0 00:00:00 108-12:42:21 24 [kintegrityd]
- root 0 0 00:00:00 108-12:42:21 25 [bioset]
- root 0 0 00:00:00 108-12:42:21 27 [kblockd]
- root 0 0 00:00:00 108-12:42:21 28 [ata_sff]
- root 0 0 00:00:00 108-12:42:21 29 [khubd]
- root 0 0 00:00:00 108-12:42:21 30 [md]
- root 0 0 00:00:00 108-12:42:21 31 [devfreq_wq]
- root 0 0 00:03:14 108-12:42:21 32 [kworker/0:1]
- root 0 0 00:05:37 108-12:42:21 33 [kworker/1:1]
- root 0 0 00:00:03 108-12:42:21 35 [khungtaskd]
- root 0 0 00:09:36 108-12:42:21 36 [kswapd0]
- root 0 0 00:00:00 108-12:42:21 37 [vmstat]
- root 0 0 00:00:00 108-12:42:21 38 [ksmd]
- root 0 0 00:00:46 108-12:42:21 39 [khugepaged]
- root 0 0 00:00:00 108-12:42:21 40 [fsnotify_mark]
- root 0 0 00:00:00 108-12:42:21 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 108-12:42:21 42 [crypto]
- root 0 0 00:00:00 108-12:42:21 54 [kthrotld]
- root 0 0 00:00:00 108-12:42:21 56 [scsi_eh_0]
- root 0 0 00:00:00 108-12:42:21 57 [scsi_eh_1]
- root 0 0 00:00:00 108-12:42:21 78 [deferwq]
- root 0 0 00:00:00 108-12:42:21 79 [charger_manager]
- root 0 0 00:00:00 108-12:42:21 124 [kpsmoused]
- root 0 0 00:00:00 108-12:42:21 125 [mpt_poll_0]
- root 0 0 00:00:00 108-12:42:21 126 [mpt/0]
- root 0 0 00:00:00 108-12:42:20 127 [scsi_eh_2]
- root 0 0 00:00:00 108-12:42:20 128 [ttm_swap]
- root 0 0 00:03:00 108-12:42:15 178 [jbd2/sda1-8]
- root 0 0 00:00:00 108-12:42:15 179 [ext4-rsv-conver]
- root 28808 1032 00:00:00 108-12:42:15 216 mountall --daemon
- root 19608 684 00:00:00 108-12:42:15 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 108-12:42:15 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1064 00:00:00 108-12:42:15 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 108-12:42:15 432 /lib/systemd/systemd-logind
- syslog 269660 1312 00:00:41 108-12:42:15 435 rsyslogd
- root 15804 872 00:00:00 108-12:42:14 671 upstart-file-bridge --daemon
- root 165340 2396 00:03:13 108-12:42:14 687 sssd -i -f
- root 15260 672 00:00:00 108-12:42:14 697 upstart-socket-bridge --daemon
- root 180020 7380 00:33:32 108-12:42:14 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150876 3352 00:10:50 108-12:42:14 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 136952 2848 00:01:50 108-12:42:14 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2304 00:01:40 108-12:42:14 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 108-12:42:14 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 108-12:42:14 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 108-12:42:14 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 108-12:42:14 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 108-12:42:14 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:01:23 108-12:42:14 845 /usr/sbin/sshd -D
- root 25896 908 00:00:41 108-12:42:14 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:13 108-12:42:14 851 cron
- daemon 35128 256 00:00:00 108-12:42:14 853 atd
- whoopsie 344444 2104 00:00:20 108-12:42:13 860 whoopsie
- root 4368 520 00:00:00 108-12:42:13 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:10:03 108-12:42:13 883 /usr/sbin/irqbalance
- mysql 632796 173904 03:18:19 108-12:42:13 1063 /usr/sbin/mysqld
- Debian-exim 63920 928 00:00:02 108-12:42:13 1335 /usr/sbin/exim4 -bd -q30m
- root 495168 2140 00:00:15 108-12:42:11 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 258392 02:50:42 108-12:42:11 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 188868 12816 02:13:36 108-12:42:11 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 108-12:42:10 1728 /sbin/getty -8 38400 tty1
- root 91792 2624 01:26:13 108-12:41:49 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 108-12:41:48 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 108-12:40:16 11727 [kauditd]
- root 0 0 00:00:00 02:21:25 12204 [kworker/u4:1]
2:name=systemd:/user/5028.user/2.session www-data 376812 17496 00:00:00 1-01:26:40 13735 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372648 13628 00:00:00 21:31:19 16228 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372664 13612 00:00:00 21:31:09 16241 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 32-08:07:03 23423 [kworker/1:0]
- root 0 0 00:00:00 49-23:36:44 24186 [kworker/u5:0]
- root 0 0 00:00:00 107-23:23:18 25875 [kworker/u5:1]
- root 0 0 00:00:00 36:58 26603 [kworker/u4:2]
2:name=systemd:/user/5028.user/2.session www-data 372636 13288 00:00:00 1-19:15:49 29732 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376824 17532 00:00:00 1-19:15:49 29733 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376900 19496 00:00:00 1-19:15:49 29734 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session root 370184 17968 00:02:28 61-11:32:12 29938 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372632 13340 00:00:00 1-19:10:56 30452 /usr/sbin/apache2 -k start
- root 34636 3060 00:00:00 00:00 31761 /bin/bash /usr/bin/check_mk_agent
- root 34736 2416 00:00:00 00:00 31783 /bin/bash /usr/bin/check_mk_agent
- root 34644 1896 00:00:00 00:00 31784 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 31786 cat
- root 34708 1936 00:00:00 00:00 31819 /bin/bash /usr/bin/check_mk_agent
- root 31008 1456 00:00:00 00:00 31820 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 31821 tr -s 
- root 34636 3060 00:00:00 00:00 31822 /bin/bash /usr/bin/check_mk_agent
- root 34736 2416 00:00:00 00:00 31844 /bin/bash /usr/bin/check_mk_agent
- root 34644 1896 00:00:00 00:00 31845 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 31847 cat
- root 34708 1936 00:00:00 00:00 31880 /bin/bash /usr/bin/check_mk_agent
- root 31008 1456 00:00:00 00:00 31881 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
2:name=systemd:/user/5028.user/2.session www-data 372500 13408 00:00:00 03:48:20 32669 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372500 13352 00:00:00 03:48:19 32670 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372500 13384 00:00:00 03:48:18 32674 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-10-21 23:41

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ceb4c9e933

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1729374841
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2468 00:00:12 106-10:55:08 1 /sbin/init
- root 0 0 00:00:00 106-10:55:08 2 [kthreadd]
- root 0 0 00:00:11 106-10:55:08 3 [ksoftirqd/0]
- root 0 0 00:00:00 106-10:55:08 4 [kworker/0:0]
- root 0 0 00:00:00 106-10:55:08 5 [kworker/0:0H]
- root 0 0 00:05:23 106-10:55:08 7 [rcu_sched]
- root 0 0 00:04:55 106-10:55:08 8 [rcuos/0]
- root 0 0 00:04:44 106-10:55:08 9 [rcuos/1]
- root 0 0 00:00:00 106-10:55:08 10 [rcu_bh]
- root 0 0 00:00:00 106-10:55:08 11 [rcuob/0]
- root 0 0 00:00:00 106-10:55:08 12 [rcuob/1]
- root 0 0 00:00:58 106-10:55:08 13 [migration/0]
- root 0 0 00:00:30 106-10:55:08 14 [watchdog/0]
- root 0 0 00:00:26 106-10:55:08 15 [watchdog/1]
- root 0 0 00:00:59 106-10:55:08 16 [migration/1]
- root 0 0 00:00:06 106-10:55:08 17 [ksoftirqd/1]
- root 0 0 00:00:00 106-10:55:08 19 [kworker/1:0H]
- root 0 0 00:00:00 106-10:55:08 20 [khelper]
- root 0 0 00:00:00 106-10:55:08 21 [kdevtmpfs]
- root 0 0 00:00:00 106-10:55:08 22 [netns]
- root 0 0 00:00:00 106-10:55:08 23 [writeback]
- root 0 0 00:00:00 106-10:55:08 24 [kintegrityd]
- root 0 0 00:00:00 106-10:55:08 25 [bioset]
- root 0 0 00:00:00 106-10:55:08 27 [kblockd]
- root 0 0 00:00:00 106-10:55:08 28 [ata_sff]
- root 0 0 00:00:00 106-10:55:08 29 [khubd]
- root 0 0 00:00:00 106-10:55:08 30 [md]
- root 0 0 00:00:00 106-10:55:08 31 [devfreq_wq]
- root 0 0 00:03:10 106-10:55:08 32 [kworker/0:1]
- root 0 0 00:05:31 106-10:55:08 33 [kworker/1:1]
- root 0 0 00:00:03 106-10:55:08 35 [khungtaskd]
- root 0 0 00:09:25 106-10:55:08 36 [kswapd0]
- root 0 0 00:00:00 106-10:55:08 37 [vmstat]
- root 0 0 00:00:00 106-10:55:08 38 [ksmd]
- root 0 0 00:00:45 106-10:55:08 39 [khugepaged]
- root 0 0 00:00:00 106-10:55:08 40 [fsnotify_mark]
- root 0 0 00:00:00 106-10:55:08 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 106-10:55:08 42 [crypto]
- root 0 0 00:00:00 106-10:55:08 54 [kthrotld]
- root 0 0 00:00:00 106-10:55:08 56 [scsi_eh_0]
- root 0 0 00:00:00 106-10:55:08 57 [scsi_eh_1]
- root 0 0 00:00:00 106-10:55:08 78 [deferwq]
- root 0 0 00:00:00 106-10:55:08 79 [charger_manager]
- root 0 0 00:00:00 106-10:55:08 124 [kpsmoused]
- root 0 0 00:00:00 106-10:55:08 125 [mpt_poll_0]
- root 0 0 00:00:00 106-10:55:08 126 [mpt/0]
- root 0 0 00:00:00 106-10:55:07 127 [scsi_eh_2]
- root 0 0 00:00:00 106-10:55:07 128 [ttm_swap]
- root 0 0 00:02:57 106-10:55:02 178 [jbd2/sda1-8]
- root 0 0 00:00:00 106-10:55:02 179 [ext4-rsv-conver]
- root 28808 1084 00:00:00 106-10:55:02 216 mountall --daemon
- root 19608 728 00:00:00 106-10:55:02 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 106-10:55:02 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1184 00:00:00 106-10:55:02 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 106-10:55:02 432 /lib/systemd/systemd-logind
- syslog 269660 1340 00:00:40 106-10:55:02 435 rsyslogd
- root 15804 940 00:00:00 106-10:55:01 671 upstart-file-bridge --daemon
- root 165340 2396 00:03:09 106-10:55:01 687 sssd -i -f
- root 15260 512 00:00:00 106-10:55:01 697 upstart-socket-bridge --daemon
- root 180020 7468 00:33:02 106-10:55:01 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150876 3092 00:10:37 106-10:55:01 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 136952 2868 00:01:48 106-10:55:01 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2332 00:01:38 106-10:55:01 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 106-10:55:01 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 106-10:55:01 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 106-10:55:01 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 106-10:55:01 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 106-10:55:01 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:01:22 106-10:55:01 845 /usr/sbin/sshd -D
- root 25896 908 00:00:40 106-10:55:01 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:13 106-10:55:01 851 cron
- daemon 35128 280 00:00:00 106-10:55:01 853 atd
- whoopsie 344444 2136 00:00:20 106-10:55:00 860 whoopsie
- root 4368 520 00:00:00 106-10:55:00 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 0 0 00:00:00 37:23 882 [kworker/u4:1]
- root 19292 712 00:09:52 106-10:55:00 883 /usr/sbin/irqbalance
- mysql 632796 174028 03:14:43 106-10:55:00 1063 /usr/sbin/mysqld
- Debian-exim 63920 928 00:00:02 106-10:55:00 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2132 00:00:14 106-10:54:58 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 258924 02:47:30 106-10:54:58 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 188868 12612 02:09:02 106-10:54:58 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 106-10:54:57 1728 /sbin/getty -8 38400 tty1
2:name=systemd:/user/5028.user/2.session www-data 377144 22696 00:00:00 5-16:59:33 3380 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373372 15408 00:00:00 5-16:59:28 3462 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 15:05 3958 [kworker/u4:0]
- root 34636 3056 00:00:00 00:01 6121 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:00 6143 /bin/bash /usr/bin/check_mk_agent
- root 34644 1892 00:00:00 00:00 6144 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 6146 cat
- root 34708 1932 00:00:00 00:00 6179 /bin/bash /usr/bin/check_mk_agent
- root 31008 1452 00:00:00 00:00 6180 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 6181 tr -s 
- root 34636 3056 00:00:00 00:00 6182 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:00 6204 /bin/bash /usr/bin/check_mk_agent
- root 34644 1892 00:00:00 00:00 6205 /bin/bash /usr/bin/check_mk_agent
- root 8904 584 00:00:00 00:00 6206 cat
- root 34708 1932 00:00:00 00:00 6240 /bin/bash /usr/bin/check_mk_agent
- root 31008 1456 00:00:00 00:00 6241 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 6242 tr -s 
- root 91792 2624 01:24:35 106-10:54:36 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 106-10:54:35 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 106-10:53:03 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 377640 22632 00:00:00 5-11:51:02 13275 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 378820 23480 00:00:00 5-11:51:01 13276 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376296 19340 00:00:00 17:45:03 22691 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373304 16904 00:00:00 17:45:02 22692 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372532 13460 00:00:00 17:44:37 22705 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 30-06:19:50 23423 [kworker/1:0]
- root 0 0 00:00:00 47-21:49:31 24186 [kworker/u5:0]
- root 0 0 00:00:00 105-21:36:05 25875 [kworker/u5:1]
2:name=systemd:/user/5028.user/2.session root 370176 17368 00:02:23 59-09:44:59 29938 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374556 18996 00:00:00 5-17:24:59 32253 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374604 18492 00:00:00 5-17:24:59 32254 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376544 19220 00:00:00 5-17:24:59 32256 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-10-19 21:54

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ced7d0406e

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1729202640
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2540 00:00:12 104-11:05:07 1 /sbin/init
- root 0 0 00:00:00 104-11:05:07 2 [kthreadd]
- root 0 0 00:00:10 104-11:05:07 3 [ksoftirqd/0]
- root 0 0 00:00:00 104-11:05:07 4 [kworker/0:0]
- root 0 0 00:00:00 104-11:05:07 5 [kworker/0:0H]
- root 0 0 00:05:17 104-11:05:07 7 [rcu_sched]
- root 0 0 00:04:49 104-11:05:07 8 [rcuos/0]
- root 0 0 00:04:39 104-11:05:07 9 [rcuos/1]
- root 0 0 00:00:00 104-11:05:07 10 [rcu_bh]
- root 0 0 00:00:00 104-11:05:07 11 [rcuob/0]
- root 0 0 00:00:00 104-11:05:07 12 [rcuob/1]
- root 0 0 00:00:57 104-11:05:07 13 [migration/0]
- root 0 0 00:00:29 104-11:05:07 14 [watchdog/0]
- root 0 0 00:00:25 104-11:05:07 15 [watchdog/1]
- root 0 0 00:00:58 104-11:05:07 16 [migration/1]
- root 0 0 00:00:06 104-11:05:07 17 [ksoftirqd/1]
- root 0 0 00:00:00 104-11:05:07 19 [kworker/1:0H]
- root 0 0 00:00:00 104-11:05:07 20 [khelper]
- root 0 0 00:00:00 104-11:05:07 21 [kdevtmpfs]
- root 0 0 00:00:00 104-11:05:07 22 [netns]
- root 0 0 00:00:00 104-11:05:07 23 [writeback]
- root 0 0 00:00:00 104-11:05:07 24 [kintegrityd]
- root 0 0 00:00:00 104-11:05:07 25 [bioset]
- root 0 0 00:00:00 104-11:05:07 27 [kblockd]
- root 0 0 00:00:00 104-11:05:07 28 [ata_sff]
- root 0 0 00:00:00 104-11:05:07 29 [khubd]
- root 0 0 00:00:00 104-11:05:07 30 [md]
- root 0 0 00:00:00 104-11:05:07 31 [devfreq_wq]
- root 0 0 00:03:07 104-11:05:07 32 [kworker/0:1]
- root 0 0 00:05:24 104-11:05:07 33 [kworker/1:1]
- root 0 0 00:00:03 104-11:05:07 35 [khungtaskd]
- root 0 0 00:09:15 104-11:05:07 36 [kswapd0]
- root 0 0 00:00:00 104-11:05:07 37 [vmstat]
- root 0 0 00:00:00 104-11:05:07 38 [ksmd]
- root 0 0 00:00:44 104-11:05:07 39 [khugepaged]
- root 0 0 00:00:00 104-11:05:07 40 [fsnotify_mark]
- root 0 0 00:00:00 104-11:05:07 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 104-11:05:07 42 [crypto]
- root 0 0 00:00:00 104-11:05:07 54 [kthrotld]
- root 0 0 00:00:00 104-11:05:07 56 [scsi_eh_0]
- root 0 0 00:00:00 104-11:05:07 57 [scsi_eh_1]
- root 0 0 00:00:00 104-11:05:07 78 [deferwq]
- root 0 0 00:00:00 104-11:05:07 79 [charger_manager]
- root 0 0 00:00:00 104-11:05:07 124 [kpsmoused]
- root 0 0 00:00:00 104-11:05:07 125 [mpt_poll_0]
- root 0 0 00:00:00 104-11:05:07 126 [mpt/0]
- root 0 0 00:00:00 104-11:05:06 127 [scsi_eh_2]
- root 0 0 00:00:00 104-11:05:06 128 [ttm_swap]
- root 0 0 00:02:54 104-11:05:01 178 [jbd2/sda1-8]
- root 0 0 00:00:00 104-11:05:01 179 [ext4-rsv-conver]
- root 28808 1096 00:00:00 104-11:05:01 216 mountall --daemon
- root 19608 732 00:00:00 104-11:05:01 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 104-11:05:01 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1056 00:00:00 104-11:05:01 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 104-11:05:01 432 /lib/systemd/systemd-logind
- syslog 269660 1372 00:00:40 104-11:05:01 435 rsyslogd
- root 15804 968 00:00:00 104-11:05:00 671 upstart-file-bridge --daemon
- root 165340 2396 00:03:05 104-11:05:00 687 sssd -i -f
- root 15260 548 00:00:00 104-11:05:00 697 upstart-socket-bridge --daemon
- root 180020 7380 00:32:34 104-11:05:00 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150876 3244 00:10:26 104-11:05:00 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 136952 2764 00:01:46 104-11:05:00 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2332 00:01:36 104-11:05:00 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 104-11:05:00 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 104-11:05:00 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 104-11:05:00 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 104-11:05:00 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 104-11:05:00 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:01:21 104-11:05:00 845 /usr/sbin/sshd -D
- root 25896 908 00:00:39 104-11:05:00 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:13 104-11:05:00 851 cron
- daemon 35128 304 00:00:00 104-11:05:00 853 atd
- whoopsie 344444 1992 00:00:20 104-11:04:59 860 whoopsie
- root 4368 520 00:00:00 104-11:04:59 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:09:41 104-11:04:59 883 /usr/sbin/irqbalance
- mysql 632796 173832 03:11:00 104-11:04:59 1063 /usr/sbin/mysqld
- Debian-exim 63920 928 00:00:01 104-11:04:59 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 1900 00:00:14 104-11:04:57 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 259628 02:44:21 104-11:04:57 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 188612 12560 02:04:43 104-11:04:57 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 104-11:04:56 1728 /sbin/getty -8 38400 tty1
2:name=systemd:/user/5028.user/2.session www-data 377144 22672 00:00:00 3-17:09:32 3380 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373364 15280 00:00:00 3-17:09:27 3462 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 02:22:03 10833 [kworker/u4:0]
- root 91792 2624 01:23:01 104-11:04:35 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 104-11:04:34 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 104-11:03:02 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 373372 15348 00:00:00 3-12:01:04 13274 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374764 17884 00:00:00 3-12:01:01 13275 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373668 16000 00:00:00 3-12:01:00 13276 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 01:47:59 15451 [kworker/u4:1]
- root 0 0 00:00:00 28-06:29:49 23423 [kworker/1:0]
- root 0 0 00:00:00 45-21:59:30 24186 [kworker/u5:0]
- root 0 0 00:00:00 103-21:46:04 25875 [kworker/u5:1]
- root 99204 2116 00:00:00 04:00 29753 CRON
- root 4444 644 00:00:00 04:00 29754 /bin/sh -c test -x /usr/bin/certbot && perl -e 'sleep int(rand(3600))' && certbot -q renew
- root 20544 1744 00:00:00 04:00 29756 perl -e sleep int(rand(3600))
2:name=systemd:/user/5028.user/2.session root 370176 17348 00:02:18 57-09:54:58 29938 /usr/sbin/apache2 -k start
- root 34636 3056 00:00:00 00:01 30396 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:00 30418 /bin/bash /usr/bin/check_mk_agent
- root 34644 1888 00:00:00 00:00 30419 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 30421 cat
- root 34708 1932 00:00:00 00:00 30454 /bin/bash /usr/bin/check_mk_agent
- root 31008 1456 00:00:00 00:00 30455 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 30456 tr -s 
2:name=systemd:/user/5028.user/2.session www-data 373364 15272 00:00:00 3-17:34:58 32253 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374604 18368 00:00:00 3-17:34:58 32254 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373316 15324 00:00:00 3-17:34:58 32255 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372652 13192 00:00:00 3-17:34:58 32256 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373524 16284 00:00:00 3-17:34:58 32257 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-10-17 22:03

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169cea81ea41a

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1729038258
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2304 00:00:11 102-13:25:25 1 /sbin/init
- root 0 0 00:00:00 102-13:25:25 2 [kthreadd]
- root 0 0 00:00:10 102-13:25:25 3 [ksoftirqd/0]
- root 0 0 00:00:00 102-13:25:25 4 [kworker/0:0]
- root 0 0 00:00:00 102-13:25:25 5 [kworker/0:0H]
- root 0 0 00:05:11 102-13:25:25 7 [rcu_sched]
- root 0 0 00:04:45 102-13:25:25 8 [rcuos/0]
- root 0 0 00:04:34 102-13:25:25 9 [rcuos/1]
- root 0 0 00:00:00 102-13:25:25 10 [rcu_bh]
- root 0 0 00:00:00 102-13:25:25 11 [rcuob/0]
- root 0 0 00:00:00 102-13:25:25 12 [rcuob/1]
- root 0 0 00:00:56 102-13:25:25 13 [migration/0]
- root 0 0 00:00:29 102-13:25:25 14 [watchdog/0]
- root 0 0 00:00:25 102-13:25:25 15 [watchdog/1]
- root 0 0 00:00:57 102-13:25:25 16 [migration/1]
- root 0 0 00:00:06 102-13:25:25 17 [ksoftirqd/1]
- root 0 0 00:00:00 102-13:25:25 19 [kworker/1:0H]
- root 0 0 00:00:00 102-13:25:25 20 [khelper]
- root 0 0 00:00:00 102-13:25:25 21 [kdevtmpfs]
- root 0 0 00:00:00 102-13:25:25 22 [netns]
- root 0 0 00:00:00 102-13:25:25 23 [writeback]
- root 0 0 00:00:00 102-13:25:25 24 [kintegrityd]
- root 0 0 00:00:00 102-13:25:25 25 [bioset]
- root 0 0 00:00:00 102-13:25:25 27 [kblockd]
- root 0 0 00:00:00 102-13:25:25 28 [ata_sff]
- root 0 0 00:00:00 102-13:25:25 29 [khubd]
- root 0 0 00:00:00 102-13:25:25 30 [md]
- root 0 0 00:00:00 102-13:25:25 31 [devfreq_wq]
- root 0 0 00:03:03 102-13:25:25 32 [kworker/0:1]
- root 0 0 00:05:19 102-13:25:25 33 [kworker/1:1]
- root 0 0 00:00:03 102-13:25:25 35 [khungtaskd]
- root 0 0 00:09:06 102-13:25:25 36 [kswapd0]
- root 0 0 00:00:00 102-13:25:25 37 [vmstat]
- root 0 0 00:00:00 102-13:25:25 38 [ksmd]
- root 0 0 00:00:43 102-13:25:25 39 [khugepaged]
- root 0 0 00:00:00 102-13:25:25 40 [fsnotify_mark]
- root 0 0 00:00:00 102-13:25:25 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 102-13:25:25 42 [crypto]
- root 0 0 00:00:00 102-13:25:25 54 [kthrotld]
- root 0 0 00:00:00 102-13:25:25 56 [scsi_eh_0]
- root 0 0 00:00:00 102-13:25:25 57 [scsi_eh_1]
- root 0 0 00:00:00 102-13:25:25 78 [deferwq]
- root 0 0 00:00:00 102-13:25:25 79 [charger_manager]
- root 0 0 00:00:00 102-13:25:25 124 [kpsmoused]
- root 0 0 00:00:00 102-13:25:25 125 [mpt_poll_0]
- root 0 0 00:00:00 102-13:25:25 126 [mpt/0]
- root 0 0 00:00:00 102-13:25:24 127 [scsi_eh_2]
- root 0 0 00:00:00 102-13:25:24 128 [ttm_swap]
- root 0 0 00:02:51 102-13:25:19 178 [jbd2/sda1-8]
- root 0 0 00:00:00 102-13:25:19 179 [ext4-rsv-conver]
- root 28808 1136 00:00:00 102-13:25:19 216 mountall --daemon
- root 19608 768 00:00:00 102-13:25:19 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 102-13:25:19 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 872 00:00:00 102-13:25:19 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 102-13:25:19 432 /lib/systemd/systemd-logind
- syslog 269660 1364 00:00:39 102-13:25:19 435 rsyslogd
- root 15804 1016 00:00:00 102-13:25:18 671 upstart-file-bridge --daemon
- root 165340 2396 00:03:02 102-13:25:18 687 sssd -i -f
- root 15260 600 00:00:00 102-13:25:18 697 upstart-socket-bridge --daemon
- root 180020 6936 00:32:09 102-13:25:18 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150876 2848 00:10:14 102-13:25:18 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 136952 2776 00:01:44 102-13:25:18 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2332 00:01:34 102-13:25:18 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 102-13:25:18 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 102-13:25:18 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 102-13:25:18 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 102-13:25:18 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 102-13:25:18 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:01:19 102-13:25:18 845 /usr/sbin/sshd -D
- root 25896 908 00:00:38 102-13:25:18 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:13 102-13:25:18 851 cron
- daemon 35128 316 00:00:00 102-13:25:18 853 atd
- whoopsie 344444 2012 00:00:19 102-13:25:17 860 whoopsie
- root 4368 520 00:00:00 102-13:25:17 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:09:31 102-13:25:17 883 /usr/sbin/irqbalance
- mysql 632796 172160 03:07:27 102-13:25:17 1063 /usr/sbin/mysqld
- Debian-exim 63920 892 00:00:01 102-13:25:17 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 1936 00:00:14 102-13:25:15 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 256220 02:41:21 102-13:25:15 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 188612 12392 02:00:38 102-13:25:15 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 102-13:25:14 1728 /sbin/getty -8 38400 tty1
- root 99204 1408 00:00:00 24:17 3031 CRON
- root 4444 624 00:00:00 24:17 3032 /bin/sh -c /etc/backup/SVN_backup.sh > /var/log/cron/backup_svn.log
- root 4444 696 00:00:00 24:17 3033 /bin/sh /etc/backup/SVN_backup.sh
2:name=systemd:/user/5028.user/2.session www-data 377144 21824 00:00:00 1-19:29:50 3380 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373364 14504 00:00:00 1-19:29:45 3462 /usr/sbin/apache2 -k start
- root 67672 22904 00:00:30 09:40 6370 /usr/bin/svnadmin dump --deltas --quiet /var/svn/repository/happening
- root 13768 7952 00:08:56 09:40 6371 bzip2 --compress --stdout
- root 0 0 00:00:00 05:13 6913 [kworker/u4:0]
- root 34636 3052 00:00:00 00:00 7645 /bin/bash /usr/bin/check_mk_agent
- root 34736 2408 00:00:00 00:00 7667 /bin/bash /usr/bin/check_mk_agent
- root 34644 1888 00:00:00 00:00 7668 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 7669 cat
- root 34708 1928 00:00:00 00:00 7703 /bin/bash /usr/bin/check_mk_agent
- root 31008 1456 00:00:00 00:00 7704 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 0 0 00:00:00 00:00 7705 [tr] <defunct>
- root 34636 3060 00:00:00 00:00 7706 /bin/bash /usr/bin/check_mk_agent
- root 34736 2416 00:00:00 00:00 7728 /bin/bash /usr/bin/check_mk_agent
- root 34644 1896 00:00:00 00:00 7729 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 7730 cat
- root 34708 1936 00:00:00 00:00 7764 /bin/bash /usr/bin/check_mk_agent
- root 31008 1456 00:00:00 00:00 7765 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 592 00:00:00 00:00 7766 tr -s 
- root 91792 2624 01:21:31 102-13:24:53 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 102-13:24:52 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 102-13:23:20 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 373372 14548 00:00:00 1-14:21:22 13274 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373336 14416 00:00:00 1-14:21:19 13275 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373668 15340 00:00:00 1-14:21:18 13276 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 26-08:50:07 23423 [kworker/1:0]
- root 0 0 00:00:00 44-00:19:48 24186 [kworker/u5:0]
- root 0 0 00:00:00 102-00:06:22 25875 [kworker/u5:1]
- root 0 0 00:00:00 01:10:13 29137 [kworker/u4:2]
2:name=systemd:/user/5028.user/2.session root 370176 17372 00:02:14 55-12:15:16 29938 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373364 14476 00:00:00 1-19:55:16 32253 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374604 17628 00:00:00 1-19:55:16 32254 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373316 14544 00:00:00 1-19:55:16 32255 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372652 12456 00:00:00 1-19:55:16 32256 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373524 15636 00:00:00 1-19:55:16 32257 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-10-16 00:24

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169cedbb06c55

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1728862814
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2604 00:00:11 100-12:41:21 1 /sbin/init
- root 0 0 00:00:00 100-12:41:21 2 [kthreadd]
- root 0 0 00:00:10 100-12:41:21 3 [ksoftirqd/0]
- root 0 0 00:00:00 100-12:41:21 4 [kworker/0:0]
- root 0 0 00:00:00 100-12:41:21 5 [kworker/0:0H]
- root 0 0 00:05:05 100-12:41:21 7 [rcu_sched]
- root 0 0 00:04:39 100-12:41:21 8 [rcuos/0]
- root 0 0 00:04:28 100-12:41:21 9 [rcuos/1]
- root 0 0 00:00:00 100-12:41:21 10 [rcu_bh]
- root 0 0 00:00:00 100-12:41:21 11 [rcuob/0]
- root 0 0 00:00:00 100-12:41:21 12 [rcuob/1]
- root 0 0 00:00:55 100-12:41:21 13 [migration/0]
- root 0 0 00:00:28 100-12:41:21 14 [watchdog/0]
- root 0 0 00:00:24 100-12:41:21 15 [watchdog/1]
- root 0 0 00:00:56 100-12:41:21 16 [migration/1]
- root 0 0 00:00:06 100-12:41:21 17 [ksoftirqd/1]
- root 0 0 00:00:00 100-12:41:21 19 [kworker/1:0H]
- root 0 0 00:00:00 100-12:41:21 20 [khelper]
- root 0 0 00:00:00 100-12:41:21 21 [kdevtmpfs]
- root 0 0 00:00:00 100-12:41:21 22 [netns]
- root 0 0 00:00:00 100-12:41:21 23 [writeback]
- root 0 0 00:00:00 100-12:41:21 24 [kintegrityd]
- root 0 0 00:00:00 100-12:41:21 25 [bioset]
- root 0 0 00:00:00 100-12:41:21 27 [kblockd]
- root 0 0 00:00:00 100-12:41:21 28 [ata_sff]
- root 0 0 00:00:00 100-12:41:21 29 [khubd]
- root 0 0 00:00:00 100-12:41:21 30 [md]
- root 0 0 00:00:00 100-12:41:21 31 [devfreq_wq]
- root 0 0 00:02:59 100-12:41:21 32 [kworker/0:1]
- root 0 0 00:05:12 100-12:41:21 33 [kworker/1:1]
- root 0 0 00:00:03 100-12:41:21 35 [khungtaskd]
- root 0 0 00:08:54 100-12:41:21 36 [kswapd0]
- root 0 0 00:00:00 100-12:41:21 37 [vmstat]
- root 0 0 00:00:00 100-12:41:21 38 [ksmd]
- root 0 0 00:00:42 100-12:41:21 39 [khugepaged]
- root 0 0 00:00:00 100-12:41:21 40 [fsnotify_mark]
- root 0 0 00:00:00 100-12:41:21 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 100-12:41:21 42 [crypto]
- root 0 0 00:00:00 100-12:41:21 54 [kthrotld]
- root 0 0 00:00:00 100-12:41:21 56 [scsi_eh_0]
- root 0 0 00:00:00 100-12:41:21 57 [scsi_eh_1]
- root 0 0 00:00:00 100-12:41:21 78 [deferwq]
- root 0 0 00:00:00 100-12:41:21 79 [charger_manager]
- root 0 0 00:00:00 100-12:41:21 124 [kpsmoused]
- root 0 0 00:00:00 100-12:41:21 125 [mpt_poll_0]
- root 0 0 00:00:00 100-12:41:21 126 [mpt/0]
- root 0 0 00:00:00 100-12:41:20 127 [scsi_eh_2]
- root 0 0 00:00:00 100-12:41:20 128 [ttm_swap]
- root 0 0 00:02:47 100-12:41:15 178 [jbd2/sda1-8]
- root 0 0 00:00:00 100-12:41:15 179 [ext4-rsv-conver]
- root 28808 968 00:00:00 100-12:41:15 216 mountall --daemon
- root 19608 816 00:00:00 100-12:41:15 307 upstart-udev-bridge --daemon
- root 58416 1168 00:00:00 100-12:41:15 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1292 00:00:00 100-12:41:15 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 100-12:41:15 432 /lib/systemd/systemd-logind
- syslog 269660 1292 00:00:38 100-12:41:15 435 rsyslogd
- root 15804 864 00:00:00 100-12:41:14 671 upstart-file-bridge --daemon
- root 165340 2396 00:02:58 100-12:41:14 687 sssd -i -f
- root 15260 460 00:00:00 100-12:41:14 697 upstart-socket-bridge --daemon
- root 180020 7388 00:31:42 100-12:41:14 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150876 3284 00:10:02 100-12:41:14 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 136952 2656 00:01:42 100-12:41:14 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2388 00:01:32 100-12:41:14 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 856 00:00:00 100-12:41:14 749 /sbin/getty -8 38400 tty4
- root 25156 848 00:00:00 100-12:41:14 754 /sbin/getty -8 38400 tty5
- root 25156 848 00:00:00 100-12:41:14 760 /sbin/getty -8 38400 tty2
- root 25156 848 00:00:00 100-12:41:14 761 /sbin/getty -8 38400 tty3
- root 25156 848 00:00:00 100-12:41:14 796 /sbin/getty -8 38400 tty6
- root 70112 1552 00:01:18 100-12:41:14 845 /usr/sbin/sshd -D
- root 25896 908 00:00:38 100-12:41:14 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:12 100-12:41:14 851 cron
- daemon 35128 188 00:00:00 100-12:41:14 853 atd
- whoopsie 344444 2064 00:00:19 100-12:41:13 860 whoopsie
- root 4368 520 00:00:00 100-12:41:13 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:09:20 100-12:41:13 883 /usr/sbin/irqbalance
- mysql 632796 173812 03:03:49 100-12:41:13 1063 /usr/sbin/mysqld
- Debian-exim 63920 928 00:00:01 100-12:41:13 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2104 00:00:14 100-12:41:11 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 264068 02:38:04 100-12:41:11 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 188612 12376 01:56:21 100-12:41:11 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 844 00:00:00 100-12:41:10 1728 /sbin/getty -8 38400 tty1
2:name=systemd:/user/5028.user/2.session www-data 376840 19152 00:00:00 5-06:03:58 7941 /usr/sbin/apache2 -k start
- root 91792 2624 01:19:54 100-12:40:49 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 100-12:40:48 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 100-12:39:16 11727 [kauditd]
- root 0 0 00:00:00 58:12 14606 [kworker/u4:2]
2:name=systemd:/user/5028.user/2.session www-data 377304 20412 00:00:00 5-05:00:41 16730 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376460 17356 00:00:00 3-02:25:19 17634 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 35:13 17699 [kworker/u4:0]
2:name=systemd:/user/5028.user/2.session www-data 376344 17288 00:00:00 3-02:24:09 17783 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376788 20704 00:00:00 3-02:24:07 17792 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376764 19348 00:00:00 3-02:24:07 17796 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373200 16800 00:00:00 15:56:52 21451 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372372 13416 00:00:00 15:56:51 21452 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373140 16732 00:00:00 15:56:51 21453 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374320 18764 00:00:00 3-13:46:53 21612 /usr/sbin/apache2 -k start
- root 34636 3060 00:00:00 00:01 22556 /bin/bash /usr/bin/check_mk_agent
- root 34736 2416 00:00:00 00:00 22586 /bin/bash /usr/bin/check_mk_agent
- root 34644 1896 00:00:00 00:00 22587 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 22588 cat
- root 34708 1936 00:00:00 00:00 22622 /bin/bash /usr/bin/check_mk_agent
- root 31008 1456 00:00:00 00:00 22623 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 22624 tr -s 
- root 0 0 00:00:00 24-08:06:03 23423 [kworker/1:0]
- root 0 0 00:00:00 41-23:35:44 24186 [kworker/u5:0]
- root 0 0 00:00:00 99-23:22:18 25875 [kworker/u5:1]
2:name=systemd:/user/5028.user/2.session root 370040 17196 00:02:09 53-11:31:12 29938 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-10-13 23:40

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ce3fd09c1b

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1728690395
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2468 00:00:11 98-12:47:42 1 /sbin/init
- root 0 0 00:00:00 98-12:47:42 2 [kthreadd]
- root 0 0 00:00:10 98-12:47:42 3 [ksoftirqd/0]
- root 0 0 00:00:00 98-12:47:42 4 [kworker/0:0]
- root 0 0 00:00:00 98-12:47:42 5 [kworker/0:0H]
- root 0 0 00:04:59 98-12:47:42 7 [rcu_sched]
- root 0 0 00:04:33 98-12:47:42 8 [rcuos/0]
- root 0 0 00:04:23 98-12:47:42 9 [rcuos/1]
- root 0 0 00:00:00 98-12:47:42 10 [rcu_bh]
- root 0 0 00:00:00 98-12:47:42 11 [rcuob/0]
- root 0 0 00:00:00 98-12:47:42 12 [rcuob/1]
- root 0 0 00:00:54 98-12:47:42 13 [migration/0]
- root 0 0 00:00:28 98-12:47:42 14 [watchdog/0]
- root 0 0 00:00:24 98-12:47:42 15 [watchdog/1]
- root 0 0 00:00:55 98-12:47:42 16 [migration/1]
- root 0 0 00:00:06 98-12:47:42 17 [ksoftirqd/1]
- root 0 0 00:00:00 98-12:47:42 19 [kworker/1:0H]
- root 0 0 00:00:00 98-12:47:42 20 [khelper]
- root 0 0 00:00:00 98-12:47:42 21 [kdevtmpfs]
- root 0 0 00:00:00 98-12:47:42 22 [netns]
- root 0 0 00:00:00 98-12:47:42 23 [writeback]
- root 0 0 00:00:00 98-12:47:42 24 [kintegrityd]
- root 0 0 00:00:00 98-12:47:42 25 [bioset]
- root 0 0 00:00:00 98-12:47:42 27 [kblockd]
- root 0 0 00:00:00 98-12:47:42 28 [ata_sff]
- root 0 0 00:00:00 98-12:47:42 29 [khubd]
- root 0 0 00:00:00 98-12:47:42 30 [md]
- root 0 0 00:00:00 98-12:47:42 31 [devfreq_wq]
- root 0 0 00:02:56 98-12:47:42 32 [kworker/0:1]
- root 0 0 00:05:06 98-12:47:42 33 [kworker/1:1]
- root 0 0 00:00:03 98-12:47:42 35 [khungtaskd]
- root 0 0 00:08:43 98-12:47:42 36 [kswapd0]
- root 0 0 00:00:00 98-12:47:42 37 [vmstat]
- root 0 0 00:00:00 98-12:47:42 38 [ksmd]
- root 0 0 00:00:41 98-12:47:42 39 [khugepaged]
- root 0 0 00:00:00 98-12:47:42 40 [fsnotify_mark]
- root 0 0 00:00:00 98-12:47:42 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 98-12:47:42 42 [crypto]
- root 0 0 00:00:00 98-12:47:42 54 [kthrotld]
- root 0 0 00:00:00 98-12:47:42 56 [scsi_eh_0]
- root 0 0 00:00:00 98-12:47:42 57 [scsi_eh_1]
- root 0 0 00:00:00 98-12:47:42 78 [deferwq]
- root 0 0 00:00:00 98-12:47:42 79 [charger_manager]
- root 0 0 00:00:00 98-12:47:42 124 [kpsmoused]
- root 0 0 00:00:00 98-12:47:42 125 [mpt_poll_0]
- root 0 0 00:00:00 98-12:47:42 126 [mpt/0]
- root 0 0 00:00:00 98-12:47:41 127 [scsi_eh_2]
- root 0 0 00:00:00 98-12:47:41 128 [ttm_swap]
- root 0 0 00:02:44 98-12:47:36 178 [jbd2/sda1-8]
- root 0 0 00:00:00 98-12:47:36 179 [ext4-rsv-conver]
- root 28808 984 00:00:00 98-12:47:36 216 mountall --daemon
- root 19608 824 00:00:00 98-12:47:36 307 upstart-udev-bridge --daemon
- root 58416 1172 00:00:00 98-12:47:36 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1160 00:00:00 98-12:47:36 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 98-12:47:36 432 /lib/systemd/systemd-logind
- syslog 269660 1328 00:00:37 98-12:47:36 435 rsyslogd
- root 15804 896 00:00:00 98-12:47:35 671 upstart-file-bridge --daemon
- root 165340 2396 00:02:55 98-12:47:35 687 sssd -i -f
- root 15260 500 00:00:00 98-12:47:35 697 upstart-socket-bridge --daemon
- root 180020 7380 00:31:16 98-12:47:35 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150876 3256 00:09:50 98-12:47:35 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 136952 2656 00:01:40 98-12:47:35 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2388 00:01:30 98-12:47:35 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 860 00:00:00 98-12:47:35 749 /sbin/getty -8 38400 tty4
- root 25156 852 00:00:00 98-12:47:35 754 /sbin/getty -8 38400 tty5
- root 25156 852 00:00:00 98-12:47:35 760 /sbin/getty -8 38400 tty2
- root 25156 852 00:00:00 98-12:47:35 761 /sbin/getty -8 38400 tty3
- root 25156 852 00:00:00 98-12:47:35 796 /sbin/getty -8 38400 tty6
- root 70112 1556 00:01:17 98-12:47:35 845 /usr/sbin/sshd -D
- root 25896 908 00:00:37 98-12:47:35 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:12 98-12:47:35 851 cron
- daemon 35128 188 00:00:00 98-12:47:35 853 atd
- whoopsie 344444 2100 00:00:18 98-12:47:34 860 whoopsie
- root 4368 520 00:00:00 98-12:47:34 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:09:09 98-12:47:34 883 /usr/sbin/irqbalance
- mysql 632796 174036 03:00:07 98-12:47:34 1063 /usr/sbin/mysqld
- Debian-exim 63920 932 00:00:01 98-12:47:34 1335 /usr/sbin/exim4 -bd -q30m
- root 495040 2092 00:00:13 98-12:47:32 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 258856 02:34:55 98-12:47:32 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 188356 12276 01:52:13 98-12:47:32 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 848 00:00:00 98-12:47:31 1728 /sbin/getty -8 38400 tty1
- root 0 0 00:00:00 04:30:49 7139 [kworker/u4:0]
2:name=systemd:/user/5028.user/2.session www-data 376840 19160 00:00:00 3-06:10:19 7941 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 23:19 8988 [kworker/u4:1]
- root 91792 2624 01:18:19 98-12:47:10 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 98-12:47:09 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 98-12:45:37 11727 [kauditd]
- root 34636 3056 00:00:00 00:00 12475 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:00 12497 /bin/bash /usr/bin/check_mk_agent
- root 34644 1892 00:00:00 00:00 12498 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 12499 cat
- root 34708 1932 00:00:00 00:00 12533 /bin/bash /usr/bin/check_mk_agent
- root 31008 1452 00:00:00 00:00 12534 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 12535 tr -s 
2:name=systemd:/user/5028.user/2.session www-data 377304 20416 00:00:00 3-05:07:02 16730 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376460 19304 00:00:00 1-02:31:40 17634 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372404 13300 00:00:00 1-02:30:30 17783 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376276 19236 00:00:00 1-02:30:28 17792 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372404 13144 00:00:00 1-02:30:28 17794 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372356 13240 00:00:00 1-02:30:28 17795 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372408 13276 00:00:00 1-02:30:28 17796 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374320 19060 00:00:00 1-13:53:14 21612 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 22-08:12:24 23423 [kworker/1:0]
2:name=systemd:/user/5028.user/2.session www-data 373428 16312 00:00:00 5-18:51:57 24160 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 39-23:42:05 24186 [kworker/u5:0]
- root 0 0 00:00:00 97-23:28:39 25875 [kworker/u5:1]
2:name=systemd:/user/5028.user/2.session root 370040 17368 00:02:04 51-11:37:33 29938 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-10-11 23:46

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ceb37c240b

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1728517830
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2608 00:00:11 96-12:51:37 1 /sbin/init
- root 0 0 00:00:00 96-12:51:37 2 [kthreadd]
- root 0 0 00:00:10 96-12:51:37 3 [ksoftirqd/0]
- root 0 0 00:00:00 96-12:51:37 4 [kworker/0:0]
- root 0 0 00:00:00 96-12:51:37 5 [kworker/0:0H]
- root 0 0 00:04:53 96-12:51:37 7 [rcu_sched]
- root 0 0 00:04:28 96-12:51:37 8 [rcuos/0]
- root 0 0 00:04:17 96-12:51:37 9 [rcuos/1]
- root 0 0 00:00:00 96-12:51:37 10 [rcu_bh]
- root 0 0 00:00:00 96-12:51:37 11 [rcuob/0]
- root 0 0 00:00:00 96-12:51:37 12 [rcuob/1]
- root 0 0 00:00:53 96-12:51:37 13 [migration/0]
- root 0 0 00:00:27 96-12:51:37 14 [watchdog/0]
- root 0 0 00:00:23 96-12:51:37 15 [watchdog/1]
- root 0 0 00:00:54 96-12:51:37 16 [migration/1]
- root 0 0 00:00:05 96-12:51:37 17 [ksoftirqd/1]
- root 0 0 00:00:00 96-12:51:37 19 [kworker/1:0H]
- root 0 0 00:00:00 96-12:51:37 20 [khelper]
- root 0 0 00:00:00 96-12:51:37 21 [kdevtmpfs]
- root 0 0 00:00:00 96-12:51:37 22 [netns]
- root 0 0 00:00:00 96-12:51:37 23 [writeback]
- root 0 0 00:00:00 96-12:51:37 24 [kintegrityd]
- root 0 0 00:00:00 96-12:51:37 25 [bioset]
- root 0 0 00:00:00 96-12:51:37 27 [kblockd]
- root 0 0 00:00:00 96-12:51:37 28 [ata_sff]
- root 0 0 00:00:00 96-12:51:37 29 [khubd]
- root 0 0 00:00:00 96-12:51:37 30 [md]
- root 0 0 00:00:00 96-12:51:37 31 [devfreq_wq]
- root 0 0 00:02:52 96-12:51:37 32 [kworker/0:1]
- root 0 0 00:05:00 96-12:51:37 33 [kworker/1:1]
- root 0 0 00:00:03 96-12:51:37 35 [khungtaskd]
- root 0 0 00:08:32 96-12:51:37 36 [kswapd0]
- root 0 0 00:00:00 96-12:51:37 37 [vmstat]
- root 0 0 00:00:00 96-12:51:37 38 [ksmd]
- root 0 0 00:00:40 96-12:51:37 39 [khugepaged]
- root 0 0 00:00:00 96-12:51:37 40 [fsnotify_mark]
- root 0 0 00:00:00 96-12:51:37 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 96-12:51:37 42 [crypto]
- root 0 0 00:00:00 96-12:51:37 54 [kthrotld]
- root 0 0 00:00:00 96-12:51:37 56 [scsi_eh_0]
- root 0 0 00:00:00 96-12:51:37 57 [scsi_eh_1]
- root 0 0 00:00:00 96-12:51:37 78 [deferwq]
- root 0 0 00:00:00 96-12:51:37 79 [charger_manager]
- root 0 0 00:00:00 96-12:51:37 124 [kpsmoused]
- root 0 0 00:00:00 96-12:51:37 125 [mpt_poll_0]
- root 0 0 00:00:00 96-12:51:37 126 [mpt/0]
- root 0 0 00:00:00 96-12:51:36 127 [scsi_eh_2]
- root 0 0 00:00:00 96-12:51:36 128 [ttm_swap]
- root 0 0 00:02:40 96-12:51:31 178 [jbd2/sda1-8]
- root 0 0 00:00:00 96-12:51:31 179 [ext4-rsv-conver]
- root 28808 1024 00:00:00 96-12:51:31 216 mountall --daemon
- root 19608 592 00:00:00 96-12:51:31 307 upstart-udev-bridge --daemon
- root 58416 1172 00:00:00 96-12:51:31 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1280 00:00:00 96-12:51:31 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 96-12:51:31 432 /lib/systemd/systemd-logind
- syslog 269660 1352 00:00:37 96-12:51:31 435 rsyslogd
- root 15804 952 00:00:00 96-12:51:30 671 upstart-file-bridge --daemon
- root 165340 2396 00:02:51 96-12:51:30 687 sssd -i -f
- root 15260 564 00:00:00 96-12:51:30 697 upstart-socket-bridge --daemon
- root 180020 7380 00:30:50 96-12:51:30 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150800 3196 00:09:38 96-12:51:30 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 136876 2844 00:01:38 96-12:51:30 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2416 00:01:28 96-12:51:30 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 860 00:00:00 96-12:51:30 749 /sbin/getty -8 38400 tty4
- root 25156 852 00:00:00 96-12:51:30 754 /sbin/getty -8 38400 tty5
- root 25156 852 00:00:00 96-12:51:30 760 /sbin/getty -8 38400 tty2
- root 25156 852 00:00:00 96-12:51:30 761 /sbin/getty -8 38400 tty3
- root 25156 852 00:00:00 96-12:51:30 796 /sbin/getty -8 38400 tty6
- root 70112 1556 00:01:15 96-12:51:30 845 /usr/sbin/sshd -D
- root 25896 908 00:00:36 96-12:51:30 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:12 96-12:51:30 851 cron
- daemon 35128 204 00:00:00 96-12:51:30 853 atd
- whoopsie 344444 2140 00:00:18 96-12:51:29 860 whoopsie
- root 4368 520 00:00:00 96-12:51:29 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 72184 3188 00:00:00 00:18 874 sshd: [accepted] 
- root 19292 712 00:08:58 96-12:51:29 883 /usr/sbin/irqbalance
- mysql 632796 173916 02:56:27 96-12:51:29 1063 /usr/sbin/mysqld
- root 34636 3056 00:00:00 00:00 1291 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:00 1313 /bin/bash /usr/bin/check_mk_agent
- root 34644 1892 00:00:00 00:00 1314 /bin/bash /usr/bin/check_mk_agent
- root 8904 584 00:00:00 00:00 1315 cat
- Debian-exim 63920 932 00:00:01 96-12:51:29 1335 /usr/sbin/exim4 -bd -q30m
- root 34708 1932 00:00:00 00:00 1350 /bin/bash /usr/bin/check_mk_agent
- root 31008 1448 00:00:00 00:00 1351 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 1352 tr -s 
- root 495044 2136 00:00:13 96-12:51:27 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 260476 02:31:46 96-12:51:27 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 188356 12144 01:48:10 96-12:51:27 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 848 00:00:00 96-12:51:26 1728 /sbin/getty -8 38400 tty1
2:name=systemd:/user/5028.user/2.session www-data 372540 13556 00:00:00 22:42:50 7918 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372556 13488 00:00:00 22:42:49 7923 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377392 22640 00:00:00 1-06:14:18 7935 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376804 20860 00:00:00 1-06:14:16 7937 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376592 18808 00:00:00 1-06:14:14 7941 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373252 15260 00:00:00 1-06:14:13 7951 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372356 13352 00:00:00 06:42:15 10301 /usr/sbin/apache2 -k start
- root 91792 2624 01:16:44 96-12:51:05 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 96-12:51:04 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 96-12:49:32 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 377304 22384 00:00:00 1-05:10:57 16730 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 374420 17780 00:00:00 2-20:17:05 17744 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 20-08:16:19 23423 [kworker/1:0]
2:name=systemd:/user/5028.user/2.session www-data 373428 16336 00:00:00 3-18:55:52 24160 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 37-23:46:00 24186 [kworker/u5:0]
- root 0 0 00:00:00 57:12 25018 [kworker/u4:2]
- root 0 0 00:00:00 95-23:32:34 25875 [kworker/u5:1]
- root 0 0 00:00:00 45:36 26789 [kworker/u4:0]
2:name=systemd:/user/5028.user/2.session root 370040 17356 00:01:59 49-11:41:28 29938 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-10-09 23:50

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ce9e666d00

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1728345056
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2532 00:00:10 94-12:52:03 1 /sbin/init
- root 0 0 00:00:00 94-12:52:03 2 [kthreadd]
- root 0 0 00:00:09 94-12:52:03 3 [ksoftirqd/0]
- root 0 0 00:00:00 94-12:52:03 4 [kworker/0:0]
- root 0 0 00:00:00 94-12:52:03 5 [kworker/0:0H]
- root 0 0 00:04:47 94-12:52:03 7 [rcu_sched]
- root 0 0 00:04:22 94-12:52:03 8 [rcuos/0]
- root 0 0 00:04:12 94-12:52:03 9 [rcuos/1]
- root 0 0 00:00:00 94-12:52:03 10 [rcu_bh]
- root 0 0 00:00:00 94-12:52:03 11 [rcuob/0]
- root 0 0 00:00:00 94-12:52:03 12 [rcuob/1]
- root 0 0 00:00:52 94-12:52:03 13 [migration/0]
- root 0 0 00:00:27 94-12:52:03 14 [watchdog/0]
- root 0 0 00:00:23 94-12:52:03 15 [watchdog/1]
- root 0 0 00:00:53 94-12:52:03 16 [migration/1]
- root 0 0 00:00:05 94-12:52:03 17 [ksoftirqd/1]
- root 0 0 00:00:00 94-12:52:03 19 [kworker/1:0H]
- root 0 0 00:00:00 94-12:52:03 20 [khelper]
- root 0 0 00:00:00 94-12:52:03 21 [kdevtmpfs]
- root 0 0 00:00:00 94-12:52:03 22 [netns]
- root 0 0 00:00:00 94-12:52:03 23 [writeback]
- root 0 0 00:00:00 94-12:52:03 24 [kintegrityd]
- root 0 0 00:00:00 94-12:52:03 25 [bioset]
- root 0 0 00:00:00 94-12:52:03 27 [kblockd]
- root 0 0 00:00:00 94-12:52:03 28 [ata_sff]
- root 0 0 00:00:00 94-12:52:03 29 [khubd]
- root 0 0 00:00:00 94-12:52:03 30 [md]
- root 0 0 00:00:00 94-12:52:03 31 [devfreq_wq]
- root 0 0 00:02:49 94-12:52:03 32 [kworker/0:1]
- root 0 0 00:04:54 94-12:52:03 33 [kworker/1:1]
- root 0 0 00:00:03 94-12:52:03 35 [khungtaskd]
- root 0 0 00:08:22 94-12:52:03 36 [kswapd0]
- root 0 0 00:00:00 94-12:52:03 37 [vmstat]
- root 0 0 00:00:00 94-12:52:03 38 [ksmd]
- root 0 0 00:00:39 94-12:52:03 39 [khugepaged]
- root 0 0 00:00:00 94-12:52:03 40 [fsnotify_mark]
- root 0 0 00:00:00 94-12:52:03 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 94-12:52:03 42 [crypto]
- root 0 0 00:00:00 94-12:52:03 54 [kthrotld]
- root 0 0 00:00:00 94-12:52:03 56 [scsi_eh_0]
- root 0 0 00:00:00 94-12:52:03 57 [scsi_eh_1]
- root 0 0 00:00:00 94-12:52:03 78 [deferwq]
- root 0 0 00:00:00 94-12:52:03 79 [charger_manager]
- root 0 0 00:00:00 94-12:52:03 124 [kpsmoused]
- root 0 0 00:00:00 94-12:52:03 125 [mpt_poll_0]
- root 0 0 00:00:00 94-12:52:03 126 [mpt/0]
- root 0 0 00:00:00 94-12:52:02 127 [scsi_eh_2]
- root 0 0 00:00:00 94-12:52:02 128 [ttm_swap]
- root 0 0 00:02:37 94-12:51:57 178 [jbd2/sda1-8]
- root 0 0 00:00:00 94-12:51:57 179 [ext4-rsv-conver]
- root 28808 1104 00:00:00 94-12:51:57 216 mountall --daemon
- root 19608 664 00:00:00 94-12:51:57 307 upstart-udev-bridge --daemon
- root 58416 1172 00:00:00 94-12:51:57 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1152 00:00:00 94-12:51:57 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 94-12:51:57 432 /lib/systemd/systemd-logind
- syslog 269660 1388 00:00:36 94-12:51:57 435 rsyslogd
- root 15804 1048 00:00:00 94-12:51:56 671 upstart-file-bridge --daemon
- root 165340 2396 00:02:48 94-12:51:56 687 sssd -i -f
- root 15260 668 00:00:00 94-12:51:56 697 upstart-socket-bridge --daemon
- root 180020 7380 00:30:24 94-12:51:56 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150800 3164 00:09:26 94-12:51:56 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 136876 2828 00:01:36 94-12:51:56 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2184 00:01:27 94-12:51:56 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 860 00:00:00 94-12:51:56 749 /sbin/getty -8 38400 tty4
- root 25156 852 00:00:00 94-12:51:56 754 /sbin/getty -8 38400 tty5
- root 25156 852 00:00:00 94-12:51:56 760 /sbin/getty -8 38400 tty2
- root 25156 852 00:00:00 94-12:51:56 761 /sbin/getty -8 38400 tty3
- root 25156 852 00:00:00 94-12:51:56 796 /sbin/getty -8 38400 tty6
- root 70112 1556 00:01:13 94-12:51:56 845 /usr/sbin/sshd -D
- root 25896 908 00:00:35 94-12:51:56 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:12 94-12:51:56 851 cron
- daemon 35128 228 00:00:00 94-12:51:56 853 atd
- whoopsie 344444 1996 00:00:18 94-12:51:55 860 whoopsie
- root 4368 520 00:00:00 94-12:51:55 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:08:45 94-12:51:55 883 /usr/sbin/irqbalance
- mysql 632796 173940 02:52:51 94-12:51:55 1063 /usr/sbin/mysqld
- Debian-exim 63920 932 00:00:01 94-12:51:55 1335 /usr/sbin/exim4 -bd -q30m
- root 495044 4164 00:00:13 94-12:51:53 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 261684 02:28:38 94-12:51:53 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 188356 12040 01:44:12 94-12:51:53 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 848 00:00:00 94-12:51:52 1728 /sbin/getty -8 38400 tty1
2:name=systemd:/user/5028.user/2.session www-data 377540 23016 00:00:00 21:22:17 9109 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 01:29:37 9487 [kworker/u4:0]
- root 91792 2624 01:15:09 94-12:51:31 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 94-12:51:30 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 94-12:49:58 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 376808 21896 00:00:00 1-08:30:11 12388 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 54:46 14234 [kworker/u4:1]
2:name=systemd:/user/5028.user/2.session www-data 374420 19812 00:00:00 20:17:31 17744 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376676 19644 00:00:00 20:16:52 17879 /usr/sbin/apache2 -k start
- root 72184 3188 00:00:00 00:22 21718 sshd: [accepted] 
- root 34636 3052 00:00:00 00:00 21763 /bin/bash /usr/bin/check_mk_agent
- root 34736 2408 00:00:00 00:00 21785 /bin/bash /usr/bin/check_mk_agent
- root 34644 1888 00:00:00 00:00 21786 /bin/bash /usr/bin/check_mk_agent
- root 34636 3052 00:00:00 00:00 21824 /bin/bash /usr/bin/check_mk_agent
- root 34736 2408 00:00:00 00:00 21846 /bin/bash /usr/bin/check_mk_agent
- root 34644 1888 00:00:00 00:00 21847 /bin/bash /usr/bin/check_mk_agent
- root 8904 584 00:00:00 00:00 21849 cat
- root 34708 1928 00:00:00 00:00 21882 /bin/bash /usr/bin/check_mk_agent
- root 31008 1460 00:00:00 00:00 21883 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 592 00:00:00 00:00 21884 tr -s 
- root 0 0 00:00:00 18-08:16:45 23423 [kworker/1:0]
2:name=systemd:/user/5028.user/2.session www-data 373428 16292 00:00:00 1-18:56:18 24160 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373668 16784 00:00:00 1-18:56:18 24161 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377064 21176 00:00:00 1-18:56:18 24163 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376892 19432 00:00:00 1-18:56:18 24164 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 35-23:46:26 24186 [kworker/u5:0]
- root 0 0 00:00:00 93-23:33:00 25875 [kworker/u5:1]
2:name=systemd:/user/5028.user/2.session www-data 373748 17624 00:00:00 1-18:38:54 26568 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session root 370040 17732 00:01:55 47-11:41:54 29938 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376968 19540 00:00:00 1-18:07:10 30964 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-10-07 23:50

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ceda73a8e9

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1728171496
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2628 00:00:10 92-12:39:23 1 /sbin/init
- root 0 0 00:00:00 92-12:39:23 2 [kthreadd]
- root 0 0 00:00:09 92-12:39:23 3 [ksoftirqd/0]
- root 0 0 00:00:00 92-12:39:23 4 [kworker/0:0]
- root 0 0 00:00:00 92-12:39:23 5 [kworker/0:0H]
- root 0 0 00:04:41 92-12:39:23 7 [rcu_sched]
- root 0 0 00:04:16 92-12:39:23 8 [rcuos/0]
- root 0 0 00:04:07 92-12:39:23 9 [rcuos/1]
- root 0 0 00:00:00 92-12:39:23 10 [rcu_bh]
- root 0 0 00:00:00 92-12:39:23 11 [rcuob/0]
- root 0 0 00:00:00 92-12:39:23 12 [rcuob/1]
- root 0 0 00:00:51 92-12:39:23 13 [migration/0]
- root 0 0 00:00:26 92-12:39:23 14 [watchdog/0]
- root 0 0 00:00:22 92-12:39:23 15 [watchdog/1]
- root 0 0 00:00:52 92-12:39:23 16 [migration/1]
- root 0 0 00:00:05 92-12:39:23 17 [ksoftirqd/1]
- root 0 0 00:00:00 92-12:39:23 19 [kworker/1:0H]
- root 0 0 00:00:00 92-12:39:23 20 [khelper]
- root 0 0 00:00:00 92-12:39:23 21 [kdevtmpfs]
- root 0 0 00:00:00 92-12:39:23 22 [netns]
- root 0 0 00:00:00 92-12:39:23 23 [writeback]
- root 0 0 00:00:00 92-12:39:23 24 [kintegrityd]
- root 0 0 00:00:00 92-12:39:23 25 [bioset]
- root 0 0 00:00:00 92-12:39:23 27 [kblockd]
- root 0 0 00:00:00 92-12:39:23 28 [ata_sff]
- root 0 0 00:00:00 92-12:39:23 29 [khubd]
- root 0 0 00:00:00 92-12:39:23 30 [md]
- root 0 0 00:00:00 92-12:39:23 31 [devfreq_wq]
- root 0 0 00:02:45 92-12:39:23 32 [kworker/0:1]
- root 0 0 00:04:48 92-12:39:23 33 [kworker/1:1]
- root 0 0 00:00:03 92-12:39:23 35 [khungtaskd]
- root 0 0 00:08:11 92-12:39:23 36 [kswapd0]
- root 0 0 00:00:00 92-12:39:23 37 [vmstat]
- root 0 0 00:00:00 92-12:39:23 38 [ksmd]
- root 0 0 00:00:38 92-12:39:23 39 [khugepaged]
- root 0 0 00:00:00 92-12:39:23 40 [fsnotify_mark]
- root 0 0 00:00:00 92-12:39:23 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 92-12:39:23 42 [crypto]
- root 0 0 00:00:00 92-12:39:23 54 [kthrotld]
- root 0 0 00:00:00 92-12:39:23 56 [scsi_eh_0]
- root 0 0 00:00:00 92-12:39:23 57 [scsi_eh_1]
- root 0 0 00:00:00 92-12:39:23 78 [deferwq]
- root 0 0 00:00:00 92-12:39:23 79 [charger_manager]
- root 0 0 00:00:00 92-12:39:23 124 [kpsmoused]
- root 0 0 00:00:00 92-12:39:23 125 [mpt_poll_0]
- root 0 0 00:00:00 92-12:39:23 126 [mpt/0]
- root 0 0 00:00:00 92-12:39:22 127 [scsi_eh_2]
- root 0 0 00:00:00 92-12:39:22 128 [ttm_swap]
- root 0 0 00:02:34 92-12:39:17 178 [jbd2/sda1-8]
- root 0 0 00:00:00 92-12:39:17 179 [ext4-rsv-conver]
- root 28808 1152 00:00:00 92-12:39:17 216 mountall --daemon
- root 19608 704 00:00:00 92-12:39:17 307 upstart-udev-bridge --daemon
- root 58416 1172 00:00:00 92-12:39:17 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1272 00:00:00 92-12:39:17 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 92-12:39:17 432 /lib/systemd/systemd-logind
- syslog 269660 1232 00:00:35 92-12:39:17 435 rsyslogd
- root 15804 880 00:00:00 92-12:39:16 671 upstart-file-bridge --daemon
- root 165340 2396 00:02:44 92-12:39:16 687 sssd -i -f
- root 15260 500 00:00:00 92-12:39:16 697 upstart-socket-bridge --daemon
- root 180020 7384 00:29:57 92-12:39:16 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150800 3016 00:09:14 92-12:39:16 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 136876 2620 00:01:34 92-12:39:16 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2184 00:01:25 92-12:39:16 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 860 00:00:00 92-12:39:16 749 /sbin/getty -8 38400 tty4
- root 25156 852 00:00:00 92-12:39:16 754 /sbin/getty -8 38400 tty5
- root 25156 852 00:00:00 92-12:39:16 760 /sbin/getty -8 38400 tty2
- root 25156 852 00:00:00 92-12:39:16 761 /sbin/getty -8 38400 tty3
- root 25156 852 00:00:00 92-12:39:16 796 /sbin/getty -8 38400 tty6
- root 70112 1556 00:01:12 92-12:39:16 845 /usr/sbin/sshd -D
- root 25896 908 00:00:35 92-12:39:16 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:11 92-12:39:16 851 cron
- daemon 35128 252 00:00:00 92-12:39:16 853 atd
- whoopsie 344444 2036 00:00:17 92-12:39:15 860 whoopsie
- root 4368 520 00:00:00 92-12:39:15 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:08:34 92-12:39:15 883 /usr/sbin/irqbalance
- mysql 632796 173916 02:49:13 92-12:39:15 1063 /usr/sbin/mysqld
- Debian-exim 63920 932 00:00:01 92-12:39:15 1335 /usr/sbin/exim4 -bd -q30m
- root 495044 4168 00:00:13 92-12:39:13 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 255276 02:25:28 92-12:39:13 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 188100 11996 01:40:19 92-12:39:13 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 848 00:00:00 92-12:39:12 1728 /sbin/getty -8 38400 tty1
- root 0 0 00:00:00 47:23 3493 [kworker/u4:0]
2:name=systemd:/user/5028.user/2.session www-data 374164 18912 00:00:00 1-00:07:42 4098 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377024 22168 00:00:00 1-00:07:41 4099 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376588 21360 00:00:00 1-00:07:41 4100 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 15:55 7766 [kworker/u4:1]
- root 34636 3056 00:00:00 00:01 9990 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:00 10012 /bin/bash /usr/bin/check_mk_agent
- root 34644 1892 00:00:00 00:00 10013 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 10014 cat
- root 34708 1932 00:00:00 00:00 10048 /bin/bash /usr/bin/check_mk_agent
- root 31008 1456 00:00:00 00:00 10049 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 592 00:00:00 00:00 10050 tr -s 
- root 34636 3052 00:00:00 00:00 10051 /bin/bash /usr/bin/check_mk_agent
- root 34736 2408 00:00:00 00:00 10073 /bin/bash /usr/bin/check_mk_agent
- root 34644 1888 00:00:00 00:00 10074 /bin/bash /usr/bin/check_mk_agent
- root 8904 584 00:00:00 00:00 10077 cat
- root 34708 1928 00:00:00 00:00 10109 /bin/bash /usr/bin/check_mk_agent
- root 31008 1456 00:00:00 00:00 10110 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 10111 tr -s 
- root 91792 2624 01:13:34 92-12:38:51 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 92-12:38:50 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 92-12:37:18 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 372220 13216 00:00:00 02:33:25 21427 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 16-08:04:05 23423 [kworker/1:0]
- root 0 0 00:00:00 33-23:33:46 24186 [kworker/u5:0]
2:name=systemd:/user/5028.user/2.session www-data 377528 21028 00:00:00 1-01:31:40 24998 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377460 22860 00:00:00 1-01:31:40 24999 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376748 23092 00:00:00 1-01:31:40 25000 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377176 22692 00:00:00 1-01:31:24 25015 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377016 20848 00:00:00 1-01:29:43 25313 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 91-23:20:20 25875 [kworker/u5:1]
2:name=systemd:/user/5028.user/2.session www-data 376736 19896 00:00:00 1-01:22:58 26178 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session root 369908 17588 00:01:50 45-11:29:14 29938 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-10-05 23:38

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ce504e3b10

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1727997952
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2540 00:00:10 90-12:26:59 1 /sbin/init
- root 0 0 00:00:00 90-12:26:59 2 [kthreadd]
- root 0 0 00:00:09 90-12:26:59 3 [ksoftirqd/0]
- root 0 0 00:00:00 90-12:26:59 4 [kworker/0:0]
- root 0 0 00:00:00 90-12:26:59 5 [kworker/0:0H]
- root 0 0 00:04:35 90-12:26:59 7 [rcu_sched]
- root 0 0 00:04:10 90-12:26:59 8 [rcuos/0]
- root 0 0 00:04:02 90-12:26:59 9 [rcuos/1]
- root 0 0 00:00:00 90-12:26:59 10 [rcu_bh]
- root 0 0 00:00:00 90-12:26:59 11 [rcuob/0]
- root 0 0 00:00:00 90-12:26:59 12 [rcuob/1]
- root 0 0 00:00:49 90-12:26:59 13 [migration/0]
- root 0 0 00:00:25 90-12:26:59 14 [watchdog/0]
- root 0 0 00:00:22 90-12:26:59 15 [watchdog/1]
- root 0 0 00:00:51 90-12:26:59 16 [migration/1]
- root 0 0 00:00:05 90-12:26:59 17 [ksoftirqd/1]
- root 0 0 00:00:00 90-12:26:59 19 [kworker/1:0H]
- root 0 0 00:00:00 90-12:26:59 20 [khelper]
- root 0 0 00:00:00 90-12:26:59 21 [kdevtmpfs]
- root 0 0 00:00:00 90-12:26:59 22 [netns]
- root 0 0 00:00:00 90-12:26:59 23 [writeback]
- root 0 0 00:00:00 90-12:26:59 24 [kintegrityd]
- root 0 0 00:00:00 90-12:26:59 25 [bioset]
- root 0 0 00:00:00 90-12:26:59 27 [kblockd]
- root 0 0 00:00:00 90-12:26:59 28 [ata_sff]
- root 0 0 00:00:00 90-12:26:59 29 [khubd]
- root 0 0 00:00:00 90-12:26:59 30 [md]
- root 0 0 00:00:00 90-12:26:59 31 [devfreq_wq]
- root 0 0 00:02:41 90-12:26:59 32 [kworker/0:1]
- root 0 0 00:04:42 90-12:26:59 33 [kworker/1:1]
- root 0 0 00:00:03 90-12:26:59 35 [khungtaskd]
- root 0 0 00:08:01 90-12:26:59 36 [kswapd0]
- root 0 0 00:00:00 90-12:26:59 37 [vmstat]
- root 0 0 00:00:00 90-12:26:59 38 [ksmd]
- root 0 0 00:00:37 90-12:26:59 39 [khugepaged]
- root 0 0 00:00:00 90-12:26:59 40 [fsnotify_mark]
- root 0 0 00:00:00 90-12:26:59 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 90-12:26:59 42 [crypto]
- root 0 0 00:00:00 90-12:26:59 54 [kthrotld]
- root 0 0 00:00:00 90-12:26:59 56 [scsi_eh_0]
- root 0 0 00:00:00 90-12:26:59 57 [scsi_eh_1]
- root 0 0 00:00:00 90-12:26:59 78 [deferwq]
- root 0 0 00:00:00 90-12:26:59 79 [charger_manager]
- root 0 0 00:00:00 90-12:26:59 124 [kpsmoused]
- root 0 0 00:00:00 90-12:26:59 125 [mpt_poll_0]
- root 0 0 00:00:00 90-12:26:59 126 [mpt/0]
- root 0 0 00:00:00 90-12:26:58 127 [scsi_eh_2]
- root 0 0 00:00:00 90-12:26:58 128 [ttm_swap]
- root 0 0 00:02:30 90-12:26:53 178 [jbd2/sda1-8]
- root 0 0 00:00:00 90-12:26:53 179 [ext4-rsv-conver]
- root 28808 968 00:00:00 90-12:26:53 216 mountall --daemon
- root 19608 744 00:00:00 90-12:26:53 307 upstart-udev-bridge --daemon
- root 58416 1172 00:00:00 90-12:26:53 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1144 00:00:00 90-12:26:53 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 90-12:26:53 432 /lib/systemd/systemd-logind
- syslog 269660 1260 00:00:34 90-12:26:53 435 rsyslogd
- root 15804 944 00:00:00 90-12:26:52 671 upstart-file-bridge --daemon
- root 165340 2396 00:02:41 90-12:26:52 687 sssd -i -f
- root 15260 572 00:00:00 90-12:26:52 697 upstart-socket-bridge --daemon
- root 180020 7368 00:29:30 90-12:26:52 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150800 2956 00:09:02 90-12:26:52 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 136876 2804 00:01:32 90-12:26:52 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2240 00:01:23 90-12:26:52 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 860 00:00:00 90-12:26:52 749 /sbin/getty -8 38400 tty4
- root 25156 852 00:00:00 90-12:26:52 754 /sbin/getty -8 38400 tty5
- root 25156 852 00:00:00 90-12:26:52 760 /sbin/getty -8 38400 tty2
- root 25156 852 00:00:00 90-12:26:52 761 /sbin/getty -8 38400 tty3
- root 25156 852 00:00:00 90-12:26:52 796 /sbin/getty -8 38400 tty6
- root 70112 1556 00:01:11 90-12:26:52 845 /usr/sbin/sshd -D
- root 25896 908 00:00:34 90-12:26:52 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:11 90-12:26:52 851 cron
- daemon 35128 276 00:00:00 90-12:26:52 853 atd
- whoopsie 344444 2076 00:00:17 90-12:26:51 860 whoopsie
- root 4368 520 00:00:00 90-12:26:51 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
2:name=systemd:/user/5028.user/2.session www-data 371188 12216 00:00:00 11:26:25 882 /usr/sbin/apache2 -k start
- root 19292 712 00:08:22 90-12:26:51 883 /usr/sbin/irqbalance
- mysql 632796 174036 02:45:35 90-12:26:51 1063 /usr/sbin/mysqld
- Debian-exim 63920 932 00:00:01 90-12:26:51 1335 /usr/sbin/exim4 -bd -q30m
- root 495044 4172 00:00:12 90-12:26:49 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 255440 02:22:17 90-12:26:49 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 188100 11836 01:36:29 90-12:26:49 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 848 00:00:00 90-12:26:48 1728 /sbin/getty -8 38400 tty1
- root 0 0 00:00:00 02:29:16 9404 [kworker/u4:1]
- root 91792 2624 01:11:58 90-12:26:27 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 90-12:26:26 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 90-12:24:54 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 371232 12148 00:00:00 01:27:01 17777 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371188 12044 00:00:00 01:27:00 17783 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372080 14252 00:00:00 4-18:32:06 19308 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 14-07:51:41 23423 [kworker/1:0]
- root 0 0 00:00:00 31-23:21:22 24186 [kworker/u5:0]
2:name=systemd:/user/5028.user/2.session www-data 377964 19012 00:00:00 34:43 24966 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 377948 18984 00:00:00 34:43 24967 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371188 11900 00:00:00 34:42 24969 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371044 11240 00:00:00 34:41 24974 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 369092 10476 00:00:00 34:41 24977 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 369092 10476 00:00:00 34:41 24979 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 89-23:07:56 25875 [kworker/u5:1]
- root 0 0 00:00:00 17:57 27280 [kworker/u4:2]
- root 34636 3052 00:00:00 00:00 29932 /bin/bash /usr/bin/check_mk_agent
2:name=systemd:/user/5028.user/2.session root 368892 16152 00:01:45 43-11:16:50 29938 /usr/sbin/apache2 -k start
- root 34736 2408 00:00:00 00:00 29955 /bin/bash /usr/bin/check_mk_agent
- root 34644 1888 00:00:00 00:00 29956 /bin/bash /usr/bin/check_mk_agent
- root 8904 584 00:00:00 00:00 29958 cat
- root 34708 1928 00:00:00 00:00 29999 /bin/bash /usr/bin/check_mk_agent
- root 31008 1452 00:00:00 00:00 30000 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 592 00:00:00 00:00 30001 tr -s 

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-10-03 23:25

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169cefccd1a62

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1727826009
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2456 00:00:10 88-12:41:16 1 /sbin/init
- root 0 0 00:00:00 88-12:41:16 2 [kthreadd]
- root 0 0 00:00:09 88-12:41:16 3 [ksoftirqd/0]
- root 0 0 00:00:00 88-12:41:16 4 [kworker/0:0]
- root 0 0 00:00:00 88-12:41:16 5 [kworker/0:0H]
- root 0 0 00:04:29 88-12:41:16 7 [rcu_sched]
- root 0 0 00:04:05 88-12:41:16 8 [rcuos/0]
- root 0 0 00:03:57 88-12:41:16 9 [rcuos/1]
- root 0 0 00:00:00 88-12:41:16 10 [rcu_bh]
- root 0 0 00:00:00 88-12:41:16 11 [rcuob/0]
- root 0 0 00:00:00 88-12:41:16 12 [rcuob/1]
- root 0 0 00:00:48 88-12:41:16 13 [migration/0]
- root 0 0 00:00:25 88-12:41:16 14 [watchdog/0]
- root 0 0 00:00:21 88-12:41:16 15 [watchdog/1]
- root 0 0 00:00:50 88-12:41:16 16 [migration/1]
- root 0 0 00:00:05 88-12:41:16 17 [ksoftirqd/1]
- root 0 0 00:00:00 88-12:41:16 19 [kworker/1:0H]
- root 0 0 00:00:00 88-12:41:16 20 [khelper]
- root 0 0 00:00:00 88-12:41:16 21 [kdevtmpfs]
- root 0 0 00:00:00 88-12:41:16 22 [netns]
- root 0 0 00:00:00 88-12:41:16 23 [writeback]
- root 0 0 00:00:00 88-12:41:16 24 [kintegrityd]
- root 0 0 00:00:00 88-12:41:16 25 [bioset]
- root 0 0 00:00:00 88-12:41:16 27 [kblockd]
- root 0 0 00:00:00 88-12:41:16 28 [ata_sff]
- root 0 0 00:00:00 88-12:41:16 29 [khubd]
- root 0 0 00:00:00 88-12:41:16 30 [md]
- root 0 0 00:00:00 88-12:41:16 31 [devfreq_wq]
- root 0 0 00:02:37 88-12:41:16 32 [kworker/0:1]
- root 0 0 00:04:36 88-12:41:16 33 [kworker/1:1]
- root 0 0 00:00:03 88-12:41:16 35 [khungtaskd]
- root 0 0 00:07:50 88-12:41:16 36 [kswapd0]
- root 0 0 00:00:00 88-12:41:16 37 [vmstat]
- root 0 0 00:00:00 88-12:41:16 38 [ksmd]
- root 0 0 00:00:37 88-12:41:16 39 [khugepaged]
- root 0 0 00:00:00 88-12:41:16 40 [fsnotify_mark]
- root 0 0 00:00:00 88-12:41:16 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 88-12:41:16 42 [crypto]
- root 0 0 00:00:00 88-12:41:16 54 [kthrotld]
- root 0 0 00:00:00 88-12:41:16 56 [scsi_eh_0]
- root 0 0 00:00:00 88-12:41:16 57 [scsi_eh_1]
- root 0 0 00:00:00 88-12:41:16 78 [deferwq]
- root 0 0 00:00:00 88-12:41:16 79 [charger_manager]
- root 0 0 00:00:00 88-12:41:16 124 [kpsmoused]
- root 0 0 00:00:00 88-12:41:16 125 [mpt_poll_0]
- root 0 0 00:00:00 88-12:41:16 126 [mpt/0]
- root 0 0 00:00:00 88-12:41:15 127 [scsi_eh_2]
- root 0 0 00:00:00 88-12:41:15 128 [ttm_swap]
- root 0 0 00:02:27 88-12:41:10 178 [jbd2/sda1-8]
- root 0 0 00:00:00 88-12:41:10 179 [ext4-rsv-conver]
- root 28808 1020 00:00:00 88-12:41:10 216 mountall --daemon
- root 19608 788 00:00:00 88-12:41:10 307 upstart-udev-bridge --daemon
- root 58416 1172 00:00:00 88-12:41:10 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1268 00:00:00 88-12:41:10 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 88-12:41:10 432 /lib/systemd/systemd-logind
- syslog 269660 1292 00:00:34 88-12:41:10 435 rsyslogd
- root 15804 1012 00:00:00 88-12:41:09 671 upstart-file-bridge --daemon
- root 165340 2396 00:02:37 88-12:41:09 687 sssd -i -f
- root 15260 648 00:00:00 88-12:41:09 697 upstart-socket-bridge --daemon
- root 180020 7492 00:29:04 88-12:41:09 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150800 3024 00:08:51 88-12:41:09 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 136876 2820 00:01:30 88-12:41:09 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2268 00:01:21 88-12:41:09 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 860 00:00:00 88-12:41:09 749 /sbin/getty -8 38400 tty4
- root 25156 852 00:00:00 88-12:41:09 754 /sbin/getty -8 38400 tty5
- root 25156 852 00:00:00 88-12:41:09 760 /sbin/getty -8 38400 tty2
- root 25156 852 00:00:00 88-12:41:09 761 /sbin/getty -8 38400 tty3
- root 25156 852 00:00:00 88-12:41:09 796 /sbin/getty -8 38400 tty6
- root 70112 1556 00:01:10 88-12:41:09 845 /usr/sbin/sshd -D
- root 25896 908 00:00:33 88-12:41:09 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:11 88-12:41:09 851 cron
- daemon 35128 300 00:00:00 88-12:41:09 853 atd
- whoopsie 344444 2108 00:00:16 88-12:41:08 860 whoopsie
- root 4368 520 00:00:00 88-12:41:08 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:08:11 88-12:41:08 883 /usr/sbin/irqbalance
2:name=systemd:/user/5028.user/2.session www-data 372016 14196 00:00:00 1-21:37:48 915 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371368 12060 00:00:00 1-21:37:43 916 /usr/sbin/apache2 -k start
- mysql 632796 173744 02:41:58 88-12:41:08 1063 /usr/sbin/mysqld
- Debian-exim 63920 932 00:00:01 88-12:41:08 1335 /usr/sbin/exim4 -bd -q30m
- root 495044 4156 00:00:12 88-12:41:06 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 254556 02:19:11 88-12:41:06 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 187844 11668 01:32:50 88-12:41:06 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 848 00:00:00 88-12:41:05 1728 /sbin/getty -8 38400 tty1
2:name=systemd:/user/5028.user/2.session www-data 371212 12172 00:00:00 10:11:54 2644 /usr/sbin/apache2 -k start
- root 91792 2624 01:10:24 88-12:40:44 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 88-12:40:43 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 88-12:39:11 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 372032 14100 00:00:00 2-15:31:43 13258 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 37:15 16676 [kworker/u4:1]
2:name=systemd:/user/5028.user/2.session www-data 372036 14200 00:00:00 2-18:50:43 18588 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376356 23616 00:00:00 2-18:50:43 18591 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372080 15376 00:00:00 2-18:46:23 19308 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 10:13 20339 [kworker/u4:0]
2:name=systemd:/user/5028.user/2.session www-data 371368 12004 00:00:00 2-10:39:08 21433 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372016 14076 00:00:00 2-10:39:01 21435 /usr/sbin/apache2 -k start
- root 34636 3060 00:00:00 00:01 21830 /bin/bash /usr/bin/check_mk_agent
- root 34736 2416 00:00:00 00:00 21852 /bin/bash /usr/bin/check_mk_agent
- root 34644 1896 00:00:00 00:00 21853 /bin/bash /usr/bin/check_mk_agent
- root 8904 584 00:00:00 00:00 21855 cat
- root 34708 1936 00:00:00 00:00 21888 /bin/bash /usr/bin/check_mk_agent
- root 31008 1452 00:00:00 00:00 21889 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 592 00:00:00 00:00 21890 tr -s 
- root 0 0 00:00:00 12-08:05:58 23423 [kworker/1:0]
- root 0 0 00:00:00 29-23:35:39 24186 [kworker/u5:0]
- root 0 0 00:00:00 87-23:22:13 25875 [kworker/u5:1]
2:name=systemd:/user/5028.user/2.session root 368892 16252 00:01:40 41-11:31:07 29938 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372040 14188 00:00:00 2-17:23:05 30535 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-10-01 23:40

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ceb8008c15

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1727649499
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2604 00:00:10 86-11:39:26 1 /sbin/init
- root 0 0 00:00:00 86-11:39:26 2 [kthreadd]
- root 0 0 00:00:09 86-11:39:26 3 [ksoftirqd/0]
- root 0 0 00:00:00 86-11:39:26 4 [kworker/0:0]
- root 0 0 00:00:00 86-11:39:26 5 [kworker/0:0H]
- root 0 0 00:04:23 86-11:39:26 7 [rcu_sched]
- root 0 0 00:03:59 86-11:39:26 8 [rcuos/0]
- root 0 0 00:03:52 86-11:39:26 9 [rcuos/1]
- root 0 0 00:00:00 86-11:39:26 10 [rcu_bh]
- root 0 0 00:00:00 86-11:39:26 11 [rcuob/0]
- root 0 0 00:00:00 86-11:39:26 12 [rcuob/1]
- root 0 0 00:00:47 86-11:39:26 13 [migration/0]
- root 0 0 00:00:24 86-11:39:26 14 [watchdog/0]
- root 0 0 00:00:21 86-11:39:26 15 [watchdog/1]
- root 0 0 00:00:49 86-11:39:26 16 [migration/1]
- root 0 0 00:00:05 86-11:39:26 17 [ksoftirqd/1]
- root 0 0 00:00:00 86-11:39:26 19 [kworker/1:0H]
- root 0 0 00:00:00 86-11:39:26 20 [khelper]
- root 0 0 00:00:00 86-11:39:26 21 [kdevtmpfs]
- root 0 0 00:00:00 86-11:39:26 22 [netns]
- root 0 0 00:00:00 86-11:39:26 23 [writeback]
- root 0 0 00:00:00 86-11:39:26 24 [kintegrityd]
- root 0 0 00:00:00 86-11:39:26 25 [bioset]
- root 0 0 00:00:00 86-11:39:26 27 [kblockd]
- root 0 0 00:00:00 86-11:39:26 28 [ata_sff]
- root 0 0 00:00:00 86-11:39:26 29 [khubd]
- root 0 0 00:00:00 86-11:39:26 30 [md]
- root 0 0 00:00:00 86-11:39:26 31 [devfreq_wq]
- root 0 0 00:02:34 86-11:39:26 32 [kworker/0:1]
- root 0 0 00:04:29 86-11:39:26 33 [kworker/1:1]
- root 0 0 00:00:03 86-11:39:26 35 [khungtaskd]
- root 0 0 00:07:39 86-11:39:26 36 [kswapd0]
- root 0 0 00:00:00 86-11:39:26 37 [vmstat]
- root 0 0 00:00:00 86-11:39:26 38 [ksmd]
- root 0 0 00:00:36 86-11:39:26 39 [khugepaged]
- root 0 0 00:00:00 86-11:39:26 40 [fsnotify_mark]
- root 0 0 00:00:00 86-11:39:26 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 86-11:39:26 42 [crypto]
- root 0 0 00:00:00 86-11:39:26 54 [kthrotld]
- root 0 0 00:00:00 86-11:39:26 56 [scsi_eh_0]
- root 0 0 00:00:00 86-11:39:26 57 [scsi_eh_1]
- root 0 0 00:00:00 86-11:39:26 78 [deferwq]
- root 0 0 00:00:00 86-11:39:26 79 [charger_manager]
- root 0 0 00:00:00 86-11:39:26 124 [kpsmoused]
- root 0 0 00:00:00 86-11:39:26 125 [mpt_poll_0]
- root 0 0 00:00:00 86-11:39:26 126 [mpt/0]
- root 0 0 00:00:00 86-11:39:25 127 [scsi_eh_2]
- root 0 0 00:00:00 86-11:39:25 128 [ttm_swap]
- root 0 0 00:02:23 86-11:39:20 178 [jbd2/sda1-8]
- root 0 0 00:00:00 86-11:39:20 179 [ext4-rsv-conver]
- root 28808 1072 00:00:00 86-11:39:20 216 mountall --daemon
- root 19608 832 00:00:00 86-11:39:20 307 upstart-udev-bridge --daemon
- root 58416 1172 00:00:00 86-11:39:20 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1132 00:00:00 86-11:39:20 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 86-11:39:20 432 /lib/systemd/systemd-logind
- syslog 269660 1328 00:00:33 86-11:39:20 435 rsyslogd
- root 15804 1080 00:00:00 86-11:39:19 671 upstart-file-bridge --daemon
- root 165340 2396 00:02:33 86-11:39:19 687 sssd -i -f
- root 15260 484 00:00:00 86-11:39:19 697 upstart-socket-bridge --daemon
- root 180020 7368 00:28:37 86-11:39:19 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150800 3012 00:08:39 86-11:39:19 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 136876 2820 00:01:28 86-11:39:19 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2324 00:01:19 86-11:39:19 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 860 00:00:00 86-11:39:19 749 /sbin/getty -8 38400 tty4
- root 25156 852 00:00:00 86-11:39:19 754 /sbin/getty -8 38400 tty5
- root 25156 852 00:00:00 86-11:39:19 760 /sbin/getty -8 38400 tty2
- root 25156 852 00:00:00 86-11:39:19 761 /sbin/getty -8 38400 tty3
- root 25156 852 00:00:00 86-11:39:19 796 /sbin/getty -8 38400 tty6
- root 70112 1556 00:01:08 86-11:39:19 845 /usr/sbin/sshd -D
- root 25896 908 00:00:32 86-11:39:19 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:11 86-11:39:19 851 cron
- daemon 35128 324 00:00:00 86-11:39:19 853 atd
- whoopsie 344444 2148 00:00:16 86-11:39:18 860 whoopsie
- root 4368 520 00:00:00 86-11:39:18 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:08:00 86-11:39:18 883 /usr/sbin/irqbalance
- mysql 632796 174036 02:38:21 86-11:39:18 1063 /usr/sbin/mysqld
- root 0 0 00:00:00 10:20 1250 [kworker/u4:0]
- Debian-exim 63920 932 00:00:01 86-11:39:18 1335 /usr/sbin/exim4 -bd -q30m
- root 495044 4160 00:00:12 86-11:39:16 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 253632 02:15:58 86-11:39:16 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 187844 11672 01:29:10 86-11:39:16 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 848 00:00:00 86-11:39:15 1728 /sbin/getty -8 38400 tty1
- root 34636 3052 00:00:00 00:00 2764 /bin/bash /usr/bin/check_mk_agent
- root 34736 2408 00:00:00 00:00 2786 /bin/bash /usr/bin/check_mk_agent
- root 34644 1888 00:00:00 00:00 2787 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 2789 cat
- root 34708 1928 00:00:00 00:00 2822 /bin/bash /usr/bin/check_mk_agent
- root 31008 1452 00:00:00 00:00 2823 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 592 00:00:00 00:00 2824 tr -s 
- root 34636 3056 00:00:00 00:00 2825 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:00 2857 /bin/bash /usr/bin/check_mk_agent
- root 34644 1892 00:00:00 00:00 2858 /bin/bash /usr/bin/check_mk_agent
- root 8904 584 00:00:00 00:00 2862 cat
- root 34708 1932 00:00:00 00:00 2894 /bin/bash /usr/bin/check_mk_agent
- root 31008 1452 00:00:00 00:00 2895 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 2896 tr -s 
- root 91792 2624 01:08:46 86-11:38:54 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 86-11:38:53 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 86-11:37:21 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 371232 12192 00:00:00 14:29:53 13258 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371200 12264 00:00:00 17:48:53 18588 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371188 12220 00:00:00 17:48:53 18589 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371204 12304 00:00:00 17:48:53 18590 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371188 12244 00:00:00 17:48:53 18591 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371188 12232 00:00:00 17:44:33 19308 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371188 12132 00:00:00 09:37:18 21433 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371188 12128 00:00:00 09:37:17 21434 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371200 12120 00:00:00 09:37:11 21435 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 10-07:04:08 23423 [kworker/1:0]
- root 0 0 00:00:00 27-22:33:49 24186 [kworker/u5:0]
- root 0 0 00:00:00 85-22:20:23 25875 [kworker/u5:1]
- root 0 0 00:00:00 43:29 29139 [kworker/u4:2]
2:name=systemd:/user/5028.user/2.session root 368892 22296 00:01:35 39-10:29:17 29938 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371188 12152 00:00:00 16:21:15 30535 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-09-29 22:38

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ce9bf22abb

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1727476961
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2580 00:00:09 84-11:43:48 1 /sbin/init
- root 0 0 00:00:00 84-11:43:48 2 [kthreadd]
- root 0 0 00:00:08 84-11:43:48 3 [ksoftirqd/0]
- root 0 0 00:00:00 84-11:43:48 4 [kworker/0:0]
- root 0 0 00:00:00 84-11:43:48 5 [kworker/0:0H]
- root 0 0 00:04:17 84-11:43:48 7 [rcu_sched]
- root 0 0 00:03:54 84-11:43:48 8 [rcuos/0]
- root 0 0 00:03:47 84-11:43:48 9 [rcuos/1]
- root 0 0 00:00:00 84-11:43:48 10 [rcu_bh]
- root 0 0 00:00:00 84-11:43:48 11 [rcuob/0]
- root 0 0 00:00:00 84-11:43:48 12 [rcuob/1]
- root 0 0 00:00:46 84-11:43:48 13 [migration/0]
- root 0 0 00:00:24 84-11:43:48 14 [watchdog/0]
- root 0 0 00:00:20 84-11:43:48 15 [watchdog/1]
- root 0 0 00:00:48 84-11:43:48 16 [migration/1]
- root 0 0 00:00:05 84-11:43:48 17 [ksoftirqd/1]
- root 0 0 00:00:00 84-11:43:48 19 [kworker/1:0H]
- root 0 0 00:00:00 84-11:43:48 20 [khelper]
- root 0 0 00:00:00 84-11:43:48 21 [kdevtmpfs]
- root 0 0 00:00:00 84-11:43:48 22 [netns]
- root 0 0 00:00:00 84-11:43:48 23 [writeback]
- root 0 0 00:00:00 84-11:43:48 24 [kintegrityd]
- root 0 0 00:00:00 84-11:43:48 25 [bioset]
- root 0 0 00:00:00 84-11:43:48 27 [kblockd]
- root 0 0 00:00:00 84-11:43:48 28 [ata_sff]
- root 0 0 00:00:00 84-11:43:48 29 [khubd]
- root 0 0 00:00:00 84-11:43:48 30 [md]
- root 0 0 00:00:00 84-11:43:48 31 [devfreq_wq]
- root 0 0 00:02:30 84-11:43:48 32 [kworker/0:1]
- root 0 0 00:04:23 84-11:43:48 33 [kworker/1:1]
- root 0 0 00:00:02 84-11:43:48 35 [khungtaskd]
- root 0 0 00:07:29 84-11:43:48 36 [kswapd0]
- root 0 0 00:00:00 84-11:43:48 37 [vmstat]
- root 0 0 00:00:00 84-11:43:48 38 [ksmd]
- root 0 0 00:00:35 84-11:43:48 39 [khugepaged]
- root 0 0 00:00:00 84-11:43:48 40 [fsnotify_mark]
- root 0 0 00:00:00 84-11:43:48 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 84-11:43:48 42 [crypto]
- root 0 0 00:00:00 84-11:43:48 54 [kthrotld]
- root 0 0 00:00:00 84-11:43:48 56 [scsi_eh_0]
- root 0 0 00:00:00 84-11:43:48 57 [scsi_eh_1]
- root 0 0 00:00:00 84-11:43:48 78 [deferwq]
- root 0 0 00:00:00 84-11:43:48 79 [charger_manager]
- root 0 0 00:00:00 84-11:43:48 124 [kpsmoused]
- root 0 0 00:00:00 84-11:43:48 125 [mpt_poll_0]
- root 0 0 00:00:00 84-11:43:48 126 [mpt/0]
- root 0 0 00:00:00 84-11:43:47 127 [scsi_eh_2]
- root 0 0 00:00:00 84-11:43:47 128 [ttm_swap]
- root 0 0 00:02:20 84-11:43:42 178 [jbd2/sda1-8]
- root 0 0 00:00:00 84-11:43:42 179 [ext4-rsv-conver]
- root 28808 1160 00:00:00 84-11:43:42 216 mountall --daemon
- root 19608 648 00:00:00 84-11:43:42 307 upstart-udev-bridge --daemon
- root 58416 1172 00:00:00 84-11:43:42 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1248 00:00:00 84-11:43:42 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 84-11:43:42 432 /lib/systemd/systemd-logind
- syslog 269660 1360 00:00:32 84-11:43:42 435 rsyslogd
- root 15804 944 00:00:00 84-11:43:41 671 upstart-file-bridge --daemon
- root 165340 2396 00:02:30 84-11:43:41 687 sssd -i -f
- root 15260 596 00:00:00 84-11:43:41 697 upstart-socket-bridge --daemon
- root 180020 7552 00:28:11 84-11:43:41 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150800 3224 00:08:27 84-11:43:41 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 136876 2684 00:01:26 84-11:43:41 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2324 00:01:17 84-11:43:41 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 860 00:00:00 84-11:43:41 749 /sbin/getty -8 38400 tty4
- root 25156 852 00:00:00 84-11:43:41 754 /sbin/getty -8 38400 tty5
- root 25156 852 00:00:00 84-11:43:41 760 /sbin/getty -8 38400 tty2
- root 25156 852 00:00:00 84-11:43:41 761 /sbin/getty -8 38400 tty3
- root 25156 852 00:00:00 84-11:43:41 796 /sbin/getty -8 38400 tty6
- root 70112 1556 00:01:07 84-11:43:41 845 /usr/sbin/sshd -D
- root 25896 908 00:00:31 84-11:43:41 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:10 84-11:43:41 851 cron
- daemon 35128 348 00:00:00 84-11:43:41 853 atd
- whoopsie 344444 1996 00:00:16 84-11:43:40 860 whoopsie
- root 4368 520 00:00:00 84-11:43:40 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:07:50 84-11:43:40 883 /usr/sbin/irqbalance
- mysql 632796 173912 02:34:41 84-11:43:40 1063 /usr/sbin/mysqld
- Debian-exim 63920 932 00:00:01 84-11:43:40 1335 /usr/sbin/exim4 -bd -q30m
- root 495044 3960 00:00:12 84-11:43:38 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 253184 02:12:51 84-11:43:38 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 187844 11536 01:25:40 84-11:43:38 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 848 00:00:00 84-11:43:37 1728 /sbin/getty -8 38400 tty1
2:name=systemd:/user/5028.user/2.session www-data 375084 17756 00:00:00 4-00:02:35 5554 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 02:24:08 6312 [kworker/u4:0]
2:name=systemd:/user/5028.user/2.session www-data 371896 15828 00:00:00 3-04:19:43 7356 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 01:49:22 10895 [kworker/u4:1]
- root 91792 2624 01:07:11 84-11:43:16 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 84-11:43:15 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 84-11:41:43 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 375584 18380 00:00:00 5-18:04:47 13822 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375368 17880 00:00:00 5-18:04:47 13823 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372976 17564 00:00:00 5-18:04:47 13824 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375016 15860 00:00:00 5-18:04:47 13825 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372440 15728 00:00:00 5-18:04:47 13826 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375408 16096 00:00:00 5-17:47:49 16250 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375444 20700 00:00:00 5-17:31:19 18417 /usr/sbin/apache2 -k start
- root 99204 2116 00:00:00 42:40 19962 CRON
- root 4444 648 00:00:00 42:40 19964 /bin/sh -c test -x /usr/bin/certbot && perl -e 'sleep int(rand(3600))' && certbot -q renew
- root 20544 1740 00:00:00 42:40 19966 perl -e sleep int(rand(3600))
- root 0 0 00:00:00 8-07:08:30 23423 [kworker/1:0]
- root 0 0 00:00:00 25-22:38:11 24186 [kworker/u5:0]
- root 0 0 00:00:00 83-22:24:45 25875 [kworker/u5:1]
- root 72184 3216 00:00:00 00:08 25937 sshd: [accepted] 
- sshd 72184 1136 00:00:00 00:06 25938 sshd: [net] 
- root 34636 3060 00:00:00 00:00 26049 /bin/bash /usr/bin/check_mk_agent
- root 34736 2416 00:00:00 00:00 26075 /bin/bash /usr/bin/check_mk_agent
- root 34644 1896 00:00:00 00:00 26076 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 26078 cat
- root 34708 1936 00:00:00 00:00 26111 /bin/bash /usr/bin/check_mk_agent
- root 31008 1460 00:00:00 00:00 26112 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 592 00:00:00 00:00 26113 tr -s 
2:name=systemd:/user/5028.user/2.session root 368752 15972 00:01:30 37-10:33:39 29938 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-09-27 22:42

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169cec6c13f3f

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1727296115
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2484 00:00:09 82-09:29:41 1 /sbin/init
- root 0 0 00:00:00 82-09:29:41 2 [kthreadd]
- root 0 0 00:00:08 82-09:29:41 3 [ksoftirqd/0]
- root 0 0 00:00:00 82-09:29:41 4 [kworker/0:0]
- root 0 0 00:00:00 82-09:29:41 5 [kworker/0:0H]
- root 0 0 00:04:11 82-09:29:41 7 [rcu_sched]
- root 0 0 00:03:48 82-09:29:41 8 [rcuos/0]
- root 0 0 00:03:41 82-09:29:41 9 [rcuos/1]
- root 0 0 00:00:00 82-09:29:41 10 [rcu_bh]
- root 0 0 00:00:00 82-09:29:41 11 [rcuob/0]
- root 0 0 00:00:00 82-09:29:41 12 [rcuob/1]
- root 0 0 00:00:45 82-09:29:41 13 [migration/0]
- root 0 0 00:00:23 82-09:29:41 14 [watchdog/0]
- root 0 0 00:00:20 82-09:29:41 15 [watchdog/1]
- root 0 0 00:00:47 82-09:29:41 16 [migration/1]
- root 0 0 00:00:05 82-09:29:41 17 [ksoftirqd/1]
- root 0 0 00:00:00 82-09:29:41 19 [kworker/1:0H]
- root 0 0 00:00:00 82-09:29:41 20 [khelper]
- root 0 0 00:00:00 82-09:29:41 21 [kdevtmpfs]
- root 0 0 00:00:00 82-09:29:41 22 [netns]
- root 0 0 00:00:00 82-09:29:41 23 [writeback]
- root 0 0 00:00:00 82-09:29:41 24 [kintegrityd]
- root 0 0 00:00:00 82-09:29:41 25 [bioset]
- root 0 0 00:00:00 82-09:29:41 27 [kblockd]
- root 0 0 00:00:00 82-09:29:41 28 [ata_sff]
- root 0 0 00:00:00 82-09:29:41 29 [khubd]
- root 0 0 00:00:00 82-09:29:41 30 [md]
- root 0 0 00:00:00 82-09:29:41 31 [devfreq_wq]
- root 0 0 00:02:26 82-09:29:41 32 [kworker/0:1]
- root 0 0 00:04:17 82-09:29:41 33 [kworker/1:1]
- root 0 0 00:00:02 82-09:29:41 35 [khungtaskd]
- root 0 0 00:07:18 82-09:29:41 36 [kswapd0]
- root 0 0 00:00:00 82-09:29:41 37 [vmstat]
- root 0 0 00:00:00 82-09:29:41 38 [ksmd]
- root 0 0 00:00:34 82-09:29:41 39 [khugepaged]
- root 0 0 00:00:00 82-09:29:41 40 [fsnotify_mark]
- root 0 0 00:00:00 82-09:29:41 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 82-09:29:41 42 [crypto]
- root 0 0 00:00:00 82-09:29:41 54 [kthrotld]
- root 0 0 00:00:00 82-09:29:41 56 [scsi_eh_0]
- root 0 0 00:00:00 82-09:29:41 57 [scsi_eh_1]
- root 0 0 00:00:00 82-09:29:41 78 [deferwq]
- root 0 0 00:00:00 82-09:29:41 79 [charger_manager]
- root 0 0 00:00:00 82-09:29:41 124 [kpsmoused]
- root 0 0 00:00:00 82-09:29:41 125 [mpt_poll_0]
- root 0 0 00:00:00 82-09:29:41 126 [mpt/0]
- root 0 0 00:00:00 82-09:29:40 127 [scsi_eh_2]
- root 0 0 00:00:00 82-09:29:40 128 [ttm_swap]
- root 0 0 00:02:17 82-09:29:35 178 [jbd2/sda1-8]
- root 0 0 00:00:00 82-09:29:35 179 [ext4-rsv-conver]
- root 28808 976 00:00:00 82-09:29:35 216 mountall --daemon
- root 19608 680 00:00:00 82-09:29:35 307 upstart-udev-bridge --daemon
- root 58416 1172 00:00:00 82-09:29:35 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1116 00:00:00 82-09:29:35 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 82-09:29:35 432 /lib/systemd/systemd-logind
- syslog 269660 1392 00:00:32 82-09:29:35 435 rsyslogd
- root 15804 1000 00:00:00 82-09:29:34 671 upstart-file-bridge --daemon
- root 165340 2396 00:02:26 82-09:29:34 687 sssd -i -f
- root 15260 660 00:00:00 82-09:29:34 697 upstart-socket-bridge --daemon
- root 179888 7468 00:27:31 82-09:29:34 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150800 2992 00:08:15 82-09:29:34 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 136876 2716 00:01:23 82-09:29:34 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2324 00:01:15 82-09:29:34 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 860 00:00:00 82-09:29:34 749 /sbin/getty -8 38400 tty4
- root 25156 852 00:00:00 82-09:29:34 754 /sbin/getty -8 38400 tty5
- root 25156 852 00:00:00 82-09:29:34 760 /sbin/getty -8 38400 tty2
- root 25156 852 00:00:00 82-09:29:34 761 /sbin/getty -8 38400 tty3
- root 25156 852 00:00:00 82-09:29:34 796 /sbin/getty -8 38400 tty6
- root 70112 1556 00:01:06 82-09:29:34 845 /usr/sbin/sshd -D
- root 25896 908 00:00:31 82-09:29:34 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:10 82-09:29:34 851 cron
- daemon 35128 188 00:00:00 82-09:29:34 853 atd
- whoopsie 344444 2032 00:00:15 82-09:29:33 860 whoopsie
- root 4368 520 00:00:00 82-09:29:33 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:07:38 82-09:29:33 883 /usr/sbin/irqbalance
- mysql 632796 174036 02:30:56 82-09:29:33 1063 /usr/sbin/mysqld
- Debian-exim 63920 932 00:00:01 82-09:29:33 1335 /usr/sbin/exim4 -bd -q30m
- root 495044 4160 00:00:11 82-09:29:31 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 255780 02:09:35 82-09:29:31 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 187588 11460 01:22:02 82-09:29:31 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 848 00:00:00 82-09:29:30 1728 /sbin/getty -8 38400 tty1
2:name=systemd:/user/5028.user/2.session www-data 371192 11748 00:00:00 1-21:48:28 5554 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371896 15196 00:00:00 1-02:05:36 7356 /usr/sbin/apache2 -k start
- root 91792 2624 01:05:32 82-09:29:09 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 82-09:29:08 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 82-09:27:36 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 372304 15476 00:00:00 3-15:50:40 13822 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375368 18196 00:00:00 3-15:50:40 13823 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372976 18756 00:00:00 3-15:50:40 13824 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375016 15876 00:00:00 3-15:50:40 13825 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372440 15716 00:00:00 3-15:50:40 13826 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375408 16032 00:00:00 3-15:33:42 16250 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375444 17984 00:00:00 3-15:17:12 18417 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 47:40 23373 [kworker/u4:2]
- root 0 0 00:00:00 6-04:54:23 23423 [kworker/1:0]
- root 0 0 00:00:00 23-20:24:04 24186 [kworker/u5:0]
- root 0 0 00:00:00 81-20:10:38 25875 [kworker/u5:1]
- root 0 0 00:00:00 16:06 27698 [kworker/u4:1]
2:name=systemd:/user/5028.user/2.session root 368752 16024 00:01:25 35-08:19:32 29938 /usr/sbin/apache2 -k start
- root 34636 3056 00:00:00 00:00 30139 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:00 30161 /bin/bash /usr/bin/check_mk_agent
- root 34644 1892 00:00:00 00:00 30162 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 30163 cat
- root 34708 1932 00:00:00 00:00 30197 /bin/bash /usr/bin/check_mk_agent
- root 31008 1452 00:00:00 00:00 30198 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 30199 tr -s 

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-09-25 20:28

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169cec74698f7

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1727130042
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2624 00:00:09 80-11:21:49 1 /sbin/init
- root 0 0 00:00:00 80-11:21:49 2 [kthreadd]
- root 0 0 00:00:08 80-11:21:49 3 [ksoftirqd/0]
- root 0 0 00:00:00 80-11:21:49 4 [kworker/0:0]
- root 0 0 00:00:00 80-11:21:49 5 [kworker/0:0H]
- root 0 0 00:04:05 80-11:21:49 7 [rcu_sched]
- root 0 0 00:03:42 80-11:21:49 8 [rcuos/0]
- root 0 0 00:03:36 80-11:21:49 9 [rcuos/1]
- root 0 0 00:00:00 80-11:21:49 10 [rcu_bh]
- root 0 0 00:00:00 80-11:21:49 11 [rcuob/0]
- root 0 0 00:00:00 80-11:21:49 12 [rcuob/1]
- root 0 0 00:00:44 80-11:21:49 13 [migration/0]
- root 0 0 00:00:22 80-11:21:49 14 [watchdog/0]
- root 0 0 00:00:19 80-11:21:49 15 [watchdog/1]
- root 0 0 00:00:46 80-11:21:49 16 [migration/1]
- root 0 0 00:00:04 80-11:21:49 17 [ksoftirqd/1]
- root 0 0 00:00:00 80-11:21:49 19 [kworker/1:0H]
- root 0 0 00:00:00 80-11:21:49 20 [khelper]
- root 0 0 00:00:00 80-11:21:49 21 [kdevtmpfs]
- root 0 0 00:00:00 80-11:21:49 22 [netns]
- root 0 0 00:00:00 80-11:21:49 23 [writeback]
- root 0 0 00:00:00 80-11:21:49 24 [kintegrityd]
- root 0 0 00:00:00 80-11:21:49 25 [bioset]
- root 0 0 00:00:00 80-11:21:49 27 [kblockd]
- root 0 0 00:00:00 80-11:21:49 28 [ata_sff]
- root 0 0 00:00:00 80-11:21:49 29 [khubd]
- root 0 0 00:00:00 80-11:21:49 30 [md]
- root 0 0 00:00:00 80-11:21:49 31 [devfreq_wq]
- root 0 0 00:02:23 80-11:21:49 32 [kworker/0:1]
- root 0 0 00:04:11 80-11:21:49 33 [kworker/1:1]
- root 0 0 00:00:02 80-11:21:49 35 [khungtaskd]
- root 0 0 00:07:08 80-11:21:49 36 [kswapd0]
- root 0 0 00:00:00 80-11:21:49 37 [vmstat]
- root 0 0 00:00:00 80-11:21:49 38 [ksmd]
- root 0 0 00:00:33 80-11:21:49 39 [khugepaged]
- root 0 0 00:00:00 80-11:21:49 40 [fsnotify_mark]
- root 0 0 00:00:00 80-11:21:49 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 80-11:21:49 42 [crypto]
- root 0 0 00:00:00 80-11:21:49 54 [kthrotld]
- root 0 0 00:00:00 80-11:21:49 56 [scsi_eh_0]
- root 0 0 00:00:00 80-11:21:49 57 [scsi_eh_1]
- root 0 0 00:00:00 80-11:21:49 78 [deferwq]
- root 0 0 00:00:00 80-11:21:49 79 [charger_manager]
- root 0 0 00:00:00 80-11:21:49 124 [kpsmoused]
- root 0 0 00:00:00 80-11:21:49 125 [mpt_poll_0]
- root 0 0 00:00:00 80-11:21:49 126 [mpt/0]
- root 0 0 00:00:00 80-11:21:48 127 [scsi_eh_2]
- root 0 0 00:00:00 80-11:21:48 128 [ttm_swap]
- root 0 0 00:02:13 80-11:21:43 178 [jbd2/sda1-8]
- root 0 0 00:00:00 80-11:21:43 179 [ext4-rsv-conver]
- root 28808 1024 00:00:00 80-11:21:43 216 mountall --daemon
- root 19608 720 00:00:00 80-11:21:43 307 upstart-udev-bridge --daemon
- root 58416 1172 00:00:00 80-11:21:43 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1240 00:00:00 80-11:21:43 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 80-11:21:43 432 /lib/systemd/systemd-logind
- syslog 269660 1420 00:00:31 80-11:21:43 435 rsyslogd
- root 15804 1064 00:00:00 80-11:21:42 671 upstart-file-bridge --daemon
- root 165340 2396 00:02:23 80-11:21:42 687 sssd -i -f
- root 15260 492 00:00:00 80-11:21:42 697 upstart-socket-bridge --daemon
- root 179888 7476 00:26:40 80-11:21:42 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150800 3140 00:08:03 80-11:21:42 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 136876 2804 00:01:21 80-11:21:42 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2352 00:01:14 80-11:21:42 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 860 00:00:00 80-11:21:42 749 /sbin/getty -8 38400 tty4
- root 25156 852 00:00:00 80-11:21:42 754 /sbin/getty -8 38400 tty5
- root 25156 852 00:00:00 80-11:21:42 760 /sbin/getty -8 38400 tty2
- root 25156 852 00:00:00 80-11:21:42 761 /sbin/getty -8 38400 tty3
- root 25156 852 00:00:00 80-11:21:42 796 /sbin/getty -8 38400 tty6
- root 70112 1556 00:01:05 80-11:21:42 845 /usr/sbin/sshd -D
- root 25896 908 00:00:30 80-11:21:42 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:10 80-11:21:42 851 cron
- daemon 35128 196 00:00:00 80-11:21:42 853 atd
- whoopsie 344444 2072 00:00:15 80-11:21:41 860 whoopsie
- root 4368 520 00:00:00 80-11:21:41 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:07:27 80-11:21:41 883 /usr/sbin/irqbalance
- mysql 632796 173924 02:27:17 80-11:21:41 1063 /usr/sbin/mysqld
- Debian-exim 63920 932 00:00:01 80-11:21:41 1335 /usr/sbin/exim4 -bd -q30m
- root 495044 4172 00:00:11 80-11:21:39 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 258680 02:06:34 80-11:21:39 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 187588 11384 01:18:44 80-11:21:39 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 848 00:00:00 80-11:21:38 1728 /sbin/getty -8 38400 tty1
- root 34636 3052 00:00:00 00:00 2758 /bin/bash /usr/bin/check_mk_agent
- root 34736 2408 00:00:00 00:00 2780 /bin/bash /usr/bin/check_mk_agent
- root 34644 1888 00:00:00 00:00 2781 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 2782 cat
- root 34708 1928 00:00:00 00:00 2816 /bin/bash /usr/bin/check_mk_agent
- root 31008 1448 00:00:00 00:00 2817 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 2818 tr -s 
- root 91792 2624 01:04:01 80-11:21:17 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 80-11:21:16 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 80-11:19:44 11727 [kauditd]
- root 0 0 00:00:00 02:41:04 12937 [kworker/u4:0]
2:name=systemd:/user/5028.user/2.session www-data 371204 11836 00:00:00 1-17:42:48 13822 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371064 11820 00:00:00 1-17:42:48 13823 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371064 11800 00:00:00 1-17:42:48 13824 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371188 11944 00:00:00 1-17:42:48 13825 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371064 11848 00:00:00 1-17:42:48 13826 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371064 11820 00:00:00 1-17:25:50 16250 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375444 20116 00:00:00 1-17:09:20 18417 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 4-06:46:31 23423 [kworker/1:0]
- root 0 0 00:00:00 21-22:16:12 24186 [kworker/u5:0]
- root 0 0 00:00:00 79-22:02:46 25875 [kworker/u5:1]
- root 0 0 00:00:00 50:10 27898 [kworker/u4:2]
2:name=systemd:/user/5028.user/2.session root 368752 16196 00:01:21 33-10:11:40 29938 /usr/sbin/apache2 -k start
- root 99204 2116 00:00:00 20:41 31962 CRON
- root 4444 644 00:00:00 20:41 31964 /bin/sh -c test -x /usr/bin/certbot && perl -e 'sleep int(rand(3600))' && certbot -q renew
- root 20544 1744 00:00:00 20:41 31966 perl -e sleep int(rand(3600))

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-09-23 22:20

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169cedef33638

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1726957762
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2536 00:00:09 78-11:30:28 1 /sbin/init
- root 0 0 00:00:00 78-11:30:28 2 [kthreadd]
- root 0 0 00:00:08 78-11:30:28 3 [ksoftirqd/0]
- root 0 0 00:00:00 78-11:30:28 4 [kworker/0:0]
- root 0 0 00:00:00 78-11:30:28 5 [kworker/0:0H]
- root 0 0 00:03:59 78-11:30:28 7 [rcu_sched]
- root 0 0 00:03:37 78-11:30:28 8 [rcuos/0]
- root 0 0 00:03:31 78-11:30:28 9 [rcuos/1]
- root 0 0 00:00:00 78-11:30:28 10 [rcu_bh]
- root 0 0 00:00:00 78-11:30:28 11 [rcuob/0]
- root 0 0 00:00:00 78-11:30:28 12 [rcuob/1]
- root 0 0 00:00:43 78-11:30:28 13 [migration/0]
- root 0 0 00:00:22 78-11:30:28 14 [watchdog/0]
- root 0 0 00:00:19 78-11:30:28 15 [watchdog/1]
- root 0 0 00:00:44 78-11:30:28 16 [migration/1]
- root 0 0 00:00:04 78-11:30:28 17 [ksoftirqd/1]
- root 0 0 00:00:00 78-11:30:28 19 [kworker/1:0H]
- root 0 0 00:00:00 78-11:30:28 20 [khelper]
- root 0 0 00:00:00 78-11:30:28 21 [kdevtmpfs]
- root 0 0 00:00:00 78-11:30:28 22 [netns]
- root 0 0 00:00:00 78-11:30:28 23 [writeback]
- root 0 0 00:00:00 78-11:30:28 24 [kintegrityd]
- root 0 0 00:00:00 78-11:30:28 25 [bioset]
- root 0 0 00:00:00 78-11:30:28 27 [kblockd]
- root 0 0 00:00:00 78-11:30:28 28 [ata_sff]
- root 0 0 00:00:00 78-11:30:28 29 [khubd]
- root 0 0 00:00:00 78-11:30:28 30 [md]
- root 0 0 00:00:00 78-11:30:28 31 [devfreq_wq]
- root 0 0 00:02:19 78-11:30:28 32 [kworker/0:1]
- root 0 0 00:04:05 78-11:30:28 33 [kworker/1:1]
- root 0 0 00:00:02 78-11:30:28 35 [khungtaskd]
- root 0 0 00:06:57 78-11:30:28 36 [kswapd0]
- root 0 0 00:00:00 78-11:30:28 37 [vmstat]
- root 0 0 00:00:00 78-11:30:28 38 [ksmd]
- root 0 0 00:00:32 78-11:30:28 39 [khugepaged]
- root 0 0 00:00:00 78-11:30:28 40 [fsnotify_mark]
- root 0 0 00:00:00 78-11:30:28 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 78-11:30:28 42 [crypto]
- root 0 0 00:00:00 78-11:30:28 54 [kthrotld]
- root 0 0 00:00:00 78-11:30:28 56 [scsi_eh_0]
- root 0 0 00:00:00 78-11:30:28 57 [scsi_eh_1]
- root 0 0 00:00:00 78-11:30:28 78 [deferwq]
- root 0 0 00:00:00 78-11:30:28 79 [charger_manager]
- root 0 0 00:00:00 78-11:30:28 124 [kpsmoused]
- root 0 0 00:00:00 78-11:30:28 125 [mpt_poll_0]
- root 0 0 00:00:00 78-11:30:28 126 [mpt/0]
- root 0 0 00:00:00 78-11:30:27 127 [scsi_eh_2]
- root 0 0 00:00:00 78-11:30:27 128 [ttm_swap]
- root 0 0 00:02:10 78-11:30:22 178 [jbd2/sda1-8]
- root 0 0 00:00:00 78-11:30:22 179 [ext4-rsv-conver]
- root 28808 1076 00:00:00 78-11:30:22 216 mountall --daemon
- root 19608 764 00:00:00 78-11:30:22 307 upstart-udev-bridge --daemon
- root 58416 1172 00:00:00 78-11:30:22 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1108 00:00:00 78-11:30:22 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 78-11:30:22 432 /lib/systemd/systemd-logind
- syslog 269660 1452 00:00:30 78-11:30:22 435 rsyslogd
- root 15804 896 00:00:00 78-11:30:21 671 upstart-file-bridge --daemon
- root 165340 2396 00:02:19 78-11:30:21 687 sssd -i -f
- root 15260 568 00:00:00 78-11:30:21 697 upstart-socket-bridge --daemon
- root 179888 7448 00:25:51 78-11:30:21 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150800 3156 00:07:52 78-11:30:21 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 136876 2668 00:01:19 78-11:30:21 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2352 00:01:12 78-11:30:21 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 860 00:00:00 78-11:30:21 749 /sbin/getty -8 38400 tty4
- root 25156 852 00:00:00 78-11:30:21 754 /sbin/getty -8 38400 tty5
- root 25156 852 00:00:00 78-11:30:21 760 /sbin/getty -8 38400 tty2
- root 25156 852 00:00:00 78-11:30:21 761 /sbin/getty -8 38400 tty3
- root 25156 852 00:00:00 78-11:30:21 796 /sbin/getty -8 38400 tty6
- root 70112 1556 00:01:03 78-11:30:21 845 /usr/sbin/sshd -D
- root 25896 908 00:00:29 78-11:30:21 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:10 78-11:30:21 851 cron
- daemon 35128 220 00:00:00 78-11:30:21 853 atd
- whoopsie 344444 2112 00:00:15 78-11:30:20 860 whoopsie
- root 4368 520 00:00:00 78-11:30:20 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:07:15 78-11:30:20 883 /usr/sbin/irqbalance
- mysql 632796 174044 02:23:40 78-11:30:20 1063 /usr/sbin/mysqld
- Debian-exim 63920 932 00:00:01 78-11:30:20 1335 /usr/sbin/exim4 -bd -q30m
- root 495044 2216 00:00:11 78-11:30:18 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 259700 02:03:28 78-11:30:18 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 187588 11300 01:15:22 78-11:30:18 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 848 00:00:00 78-11:30:17 1728 /sbin/getty -8 38400 tty1
- root 91792 2624 01:02:26 78-11:29:56 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 78-11:29:55 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 78-11:28:23 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 373168 18832 00:00:00 5-17:34:59 15314 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373008 17488 00:00:00 5-17:34:59 15315 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372112 15880 00:00:00 5-17:34:59 15317 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372040 14516 00:00:00 5-17:34:59 15318 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375276 19100 00:00:00 5-17:29:15 16173 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375804 20568 00:00:00 5-17:20:14 17394 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 41:33 19451 [kworker/u4:0]
- root 99204 2116 00:00:00 29:20 21064 CRON
- root 4444 648 00:00:00 29:20 21065 /bin/sh -c test -x /usr/bin/certbot && perl -e 'sleep int(rand(3600))' && certbot -q renew
- root 20544 1744 00:00:00 29:20 21067 perl -e sleep int(rand(3600))
- root 0 0 00:00:00 21:31 22152 [kworker/u4:2]
- root 0 0 00:00:00 2-06:55:10 23423 [kworker/1:0]
- root 0 0 00:00:00 19-22:24:51 24186 [kworker/u5:0]
- root 0 0 00:00:00 02:14 24748 [kworker/u4:1]
- root 34636 3056 00:00:00 00:00 25220 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:00 25242 /bin/bash /usr/bin/check_mk_agent
- root 34644 1892 00:00:00 00:00 25243 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 25244 cat
- root 34708 1932 00:00:00 00:00 25278 /bin/bash /usr/bin/check_mk_agent
- root 31008 1456 00:00:00 00:00 25279 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 592 00:00:00 00:00 25280 tr -s 
- root 0 0 00:00:00 77-22:11:25 25875 [kworker/u5:1]
2:name=systemd:/user/5028.user/2.session www-data 372088 15752 00:00:00 2-06:32:45 26721 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376296 21424 00:00:00 5-00:11:19 28295 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373128 17968 00:00:00 5-15:57:46 28622 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375424 19268 00:00:00 5-00:08:53 28700 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session root 368612 15856 00:01:16 31-10:20:19 29938 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-09-21 22:29

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ceb08f3d5a

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1726788167
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2680 00:00:09 76-12:23:54 1 /sbin/init
- root 0 0 00:00:00 76-12:23:54 2 [kthreadd]
- root 0 0 00:00:07 76-12:23:54 3 [ksoftirqd/0]
- root 0 0 00:00:00 76-12:23:54 4 [kworker/0:0]
- root 0 0 00:00:00 76-12:23:54 5 [kworker/0:0H]
- root 0 0 00:03:53 76-12:23:54 7 [rcu_sched]
- root 0 0 00:03:32 76-12:23:54 8 [rcuos/0]
- root 0 0 00:03:25 76-12:23:54 9 [rcuos/1]
- root 0 0 00:00:00 76-12:23:54 10 [rcu_bh]
- root 0 0 00:00:00 76-12:23:54 11 [rcuob/0]
- root 0 0 00:00:00 76-12:23:54 12 [rcuob/1]
- root 0 0 00:00:42 76-12:23:54 13 [migration/0]
- root 0 0 00:00:21 76-12:23:54 14 [watchdog/0]
- root 0 0 00:00:18 76-12:23:54 15 [watchdog/1]
- root 0 0 00:00:43 76-12:23:54 16 [migration/1]
- root 0 0 00:00:04 76-12:23:54 17 [ksoftirqd/1]
- root 0 0 00:00:00 76-12:23:54 19 [kworker/1:0H]
- root 0 0 00:00:00 76-12:23:54 20 [khelper]
- root 0 0 00:00:00 76-12:23:54 21 [kdevtmpfs]
- root 0 0 00:00:00 76-12:23:54 22 [netns]
- root 0 0 00:00:00 76-12:23:54 23 [writeback]
- root 0 0 00:00:00 76-12:23:54 24 [kintegrityd]
- root 0 0 00:00:00 76-12:23:54 25 [bioset]
- root 0 0 00:00:00 76-12:23:54 27 [kblockd]
- root 0 0 00:00:00 76-12:23:54 28 [ata_sff]
- root 0 0 00:00:00 76-12:23:54 29 [khubd]
- root 0 0 00:00:00 76-12:23:54 30 [md]
- root 0 0 00:00:00 76-12:23:54 31 [devfreq_wq]
- root 0 0 00:02:16 76-12:23:54 32 [kworker/0:1]
- root 0 0 00:03:59 76-12:23:54 33 [kworker/1:1]
- root 0 0 00:00:02 76-12:23:54 35 [khungtaskd]
- root 0 0 00:06:46 76-12:23:54 36 [kswapd0]
- root 0 0 00:00:00 76-12:23:54 37 [vmstat]
- root 0 0 00:00:00 76-12:23:54 38 [ksmd]
- root 0 0 00:00:31 76-12:23:54 39 [khugepaged]
- root 0 0 00:00:00 76-12:23:54 40 [fsnotify_mark]
- root 0 0 00:00:00 76-12:23:54 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 76-12:23:54 42 [crypto]
- root 0 0 00:00:00 76-12:23:54 54 [kthrotld]
- root 0 0 00:00:00 76-12:23:54 56 [scsi_eh_0]
- root 0 0 00:00:00 76-12:23:54 57 [scsi_eh_1]
- root 0 0 00:00:00 76-12:23:54 78 [deferwq]
- root 0 0 00:00:00 76-12:23:54 79 [charger_manager]
- root 0 0 00:00:00 76-12:23:54 124 [kpsmoused]
- root 0 0 00:00:00 76-12:23:54 125 [mpt_poll_0]
- root 0 0 00:00:00 76-12:23:54 126 [mpt/0]
- root 0 0 00:00:00 76-12:23:53 127 [scsi_eh_2]
- root 0 0 00:00:00 76-12:23:53 128 [ttm_swap]
- root 0 0 00:02:07 76-12:23:48 178 [jbd2/sda1-8]
- root 0 0 00:00:00 76-12:23:48 179 [ext4-rsv-conver]
- root 28808 1120 00:00:00 76-12:23:48 216 mountall --daemon
- root 19608 800 00:00:00 76-12:23:48 307 upstart-udev-bridge --daemon
- root 58416 1172 00:00:00 76-12:23:48 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1248 00:00:00 76-12:23:48 414 dbus-daemon --system --fork
- root 43756 1472 00:00:00 76-12:23:48 432 /lib/systemd/systemd-logind
- syslog 269660 1480 00:00:30 76-12:23:48 435 rsyslogd
- root 15804 956 00:00:00 76-12:23:47 671 upstart-file-bridge --daemon
- root 165340 2396 00:02:16 76-12:23:47 687 sssd -i -f
- root 15260 636 00:00:00 76-12:23:47 697 upstart-socket-bridge --daemon
- root 179888 7620 00:25:03 76-12:23:47 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150800 3304 00:07:41 76-12:23:47 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 136876 2812 00:01:17 76-12:23:47 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2456 00:01:10 76-12:23:47 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 860 00:00:00 76-12:23:47 749 /sbin/getty -8 38400 tty4
- root 25156 852 00:00:00 76-12:23:47 754 /sbin/getty -8 38400 tty5
- root 25156 852 00:00:00 76-12:23:47 760 /sbin/getty -8 38400 tty2
- root 25156 852 00:00:00 76-12:23:47 761 /sbin/getty -8 38400 tty3
- root 25156 852 00:00:00 76-12:23:47 796 /sbin/getty -8 38400 tty6
- root 70112 1556 00:01:02 76-12:23:47 845 /usr/sbin/sshd -D
- root 25896 908 00:00:28 76-12:23:47 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:09 76-12:23:47 851 cron
- daemon 35128 244 00:00:00 76-12:23:47 853 atd
- whoopsie 344444 2144 00:00:14 76-12:23:46 860 whoopsie
- root 4368 520 00:00:00 76-12:23:46 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:07:04 76-12:23:46 883 /usr/sbin/irqbalance
- mysql 632796 173924 02:20:06 76-12:23:46 1063 /usr/sbin/mysqld
- Debian-exim 63920 932 00:00:01 76-12:23:46 1335 /usr/sbin/exim4 -bd -q30m
- root 363972 2112 00:00:10 76-12:23:44 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 256780 02:00:25 76-12:23:44 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 187588 11324 01:12:08 76-12:23:44 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 848 00:00:00 76-12:23:43 1728 /sbin/getty -8 38400 tty1
- root 0 0 00:00:00 02:11:12 4837 [kworker/u4:1]
- root 91792 2624 01:00:53 76-12:23:22 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 76-12:23:21 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 76-12:21:49 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 373168 18916 00:00:00 3-18:28:25 15314 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373008 17668 00:00:00 3-18:28:25 15315 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372104 15908 00:00:00 3-18:28:25 15317 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372040 14456 00:00:00 3-18:28:25 15318 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372220 16052 00:00:00 3-18:22:41 16173 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372944 16392 00:00:00 3-18:13:40 17394 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 18:31 20287 [kworker/u4:2]
- root 34636 3056 00:00:00 00:00 22965 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:00 22991 /bin/bash /usr/bin/check_mk_agent
- root 34644 1892 00:00:00 00:00 22992 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 22994 cat
- root 34708 1932 00:00:00 00:00 23027 /bin/bash /usr/bin/check_mk_agent
- root 31008 1456 00:00:00 00:00 23028 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 23029 tr -s 
- root 0 0 00:00:00 07:48:36 23423 [kworker/1:0]
- root 0 0 00:00:00 17-23:18:17 24186 [kworker/u5:0]
- root 0 0 00:00:00 75-23:04:51 25875 [kworker/u5:1]
2:name=systemd:/user/5028.user/2.session www-data 370928 11816 00:00:00 07:26:11 26721 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 376296 22668 00:00:00 3-01:04:45 28295 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371896 13784 00:00:00 3-16:51:12 28622 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375424 17996 00:00:00 3-01:02:19 28700 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session root 368612 16392 00:01:11 29-11:13:45 29938 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-09-19 23:22

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ce4f221f61

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1726614245
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2624 00:00:09 74-12:05:12 1 /sbin/init
- root 0 0 00:00:00 74-12:05:12 2 [kthreadd]
- root 0 0 00:00:07 74-12:05:12 3 [ksoftirqd/0]
- root 0 0 00:00:00 74-12:05:12 4 [kworker/0:0]
- root 0 0 00:00:00 74-12:05:12 5 [kworker/0:0H]
- root 0 0 00:03:47 74-12:05:12 7 [rcu_sched]
- root 0 0 00:03:26 74-12:05:12 8 [rcuos/0]
- root 0 0 00:03:20 74-12:05:12 9 [rcuos/1]
- root 0 0 00:00:00 74-12:05:12 10 [rcu_bh]
- root 0 0 00:00:00 74-12:05:12 11 [rcuob/0]
- root 0 0 00:00:00 74-12:05:12 12 [rcuob/1]
- root 0 0 00:00:40 74-12:05:12 13 [migration/0]
- root 0 0 00:00:21 74-12:05:12 14 [watchdog/0]
- root 0 0 00:00:18 74-12:05:12 15 [watchdog/1]
- root 0 0 00:00:42 74-12:05:12 16 [migration/1]
- root 0 0 00:00:04 74-12:05:12 17 [ksoftirqd/1]
- root 0 0 00:00:00 74-12:05:12 19 [kworker/1:0H]
- root 0 0 00:00:00 74-12:05:12 20 [khelper]
- root 0 0 00:00:00 74-12:05:12 21 [kdevtmpfs]
- root 0 0 00:00:00 74-12:05:12 22 [netns]
- root 0 0 00:00:00 74-12:05:12 23 [writeback]
- root 0 0 00:00:00 74-12:05:12 24 [kintegrityd]
- root 0 0 00:00:00 74-12:05:12 25 [bioset]
- root 0 0 00:00:00 74-12:05:12 27 [kblockd]
- root 0 0 00:00:00 74-12:05:12 28 [ata_sff]
- root 0 0 00:00:00 74-12:05:12 29 [khubd]
- root 0 0 00:00:00 74-12:05:12 30 [md]
- root 0 0 00:00:00 74-12:05:12 31 [devfreq_wq]
- root 0 0 00:02:12 74-12:05:12 32 [kworker/0:1]
- root 0 0 00:03:53 74-12:05:12 33 [kworker/1:1]
- root 0 0 00:00:02 74-12:05:12 35 [khungtaskd]
- root 0 0 00:06:36 74-12:05:12 36 [kswapd0]
- root 0 0 00:00:00 74-12:05:12 37 [vmstat]
- root 0 0 00:00:00 74-12:05:12 38 [ksmd]
- root 0 0 00:00:30 74-12:05:12 39 [khugepaged]
- root 0 0 00:00:00 74-12:05:12 40 [fsnotify_mark]
- root 0 0 00:00:00 74-12:05:12 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 74-12:05:12 42 [crypto]
- root 0 0 00:00:00 74-12:05:12 54 [kthrotld]
- root 0 0 00:00:00 74-12:05:12 56 [scsi_eh_0]
- root 0 0 00:00:00 74-12:05:12 57 [scsi_eh_1]
- root 0 0 00:00:00 74-12:05:12 78 [deferwq]
- root 0 0 00:00:00 74-12:05:12 79 [charger_manager]
- root 0 0 00:00:00 74-12:05:12 124 [kpsmoused]
- root 0 0 00:00:00 74-12:05:12 125 [mpt_poll_0]
- root 0 0 00:00:00 74-12:05:12 126 [mpt/0]
- root 0 0 00:00:00 74-12:05:11 127 [scsi_eh_2]
- root 0 0 00:00:00 74-12:05:11 128 [ttm_swap]
- root 0 0 00:02:03 74-12:05:06 178 [jbd2/sda1-8]
- root 0 0 00:00:00 74-12:05:06 179 [ext4-rsv-conver]
- root 28808 1180 00:00:00 74-12:05:06 216 mountall --daemon
- root 19608 852 00:00:00 74-12:05:06 307 upstart-udev-bridge --daemon
- root 58416 1172 00:00:00 74-12:05:06 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1116 00:00:00 74-12:05:06 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 74-12:05:06 432 /lib/systemd/systemd-logind
- syslog 269660 1512 00:00:29 74-12:05:06 435 rsyslogd
- root 15804 1032 00:00:00 74-12:05:05 671 upstart-file-bridge --daemon
- root 165340 2396 00:02:12 74-12:05:05 687 sssd -i -f
- root 15260 496 00:00:00 74-12:05:05 697 upstart-socket-bridge --daemon
- root 179888 7256 00:24:13 74-12:05:05 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150748 3012 00:07:29 74-12:05:05 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 136876 2684 00:01:15 74-12:05:05 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2216 00:01:08 74-12:05:05 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 860 00:00:00 74-12:05:05 749 /sbin/getty -8 38400 tty4
- root 25156 852 00:00:00 74-12:05:05 754 /sbin/getty -8 38400 tty5
- root 25156 852 00:00:00 74-12:05:05 760 /sbin/getty -8 38400 tty2
- root 25156 852 00:00:00 74-12:05:05 761 /sbin/getty -8 38400 tty3
- root 25156 852 00:00:00 74-12:05:05 796 /sbin/getty -8 38400 tty6
- root 70112 1556 00:01:00 74-12:05:05 845 /usr/sbin/sshd -D
- root 25896 908 00:00:28 74-12:05:05 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:09 74-12:05:05 851 cron
- daemon 35128 268 00:00:00 74-12:05:05 853 atd
- whoopsie 344444 2004 00:00:14 74-12:05:04 860 whoopsie
- root 4368 520 00:00:00 74-12:05:04 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:06:54 74-12:05:04 883 /usr/sbin/irqbalance
- mysql 632796 173520 02:16:29 74-12:05:04 1063 /usr/sbin/mysqld
- Debian-exim 63920 932 00:00:01 74-12:05:04 1335 /usr/sbin/exim4 -bd -q30m
- root 363972 2084 00:00:10 74-12:05:02 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 253492 01:57:19 74-12:05:02 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 187332 11188 01:08:53 74-12:05:02 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 848 00:00:00 74-12:05:01 1728 /sbin/getty -8 38400 tty1
- root 0 0 00:00:00 08:34 7264 [kworker/u4:0]
- root 34636 3060 00:00:00 00:01 8464 /bin/bash /usr/bin/check_mk_agent
- root 34736 2416 00:00:00 00:00 8490 /bin/bash /usr/bin/check_mk_agent
- root 34644 1896 00:00:00 00:00 8491 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 8493 cat
- root 34708 1936 00:00:00 00:00 8526 /bin/bash /usr/bin/check_mk_agent
- root 31008 1444 00:00:00 00:00 8527 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 592 00:00:00 00:00 8528 tr -s 
- root 91792 2624 00:59:18 74-12:04:40 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 74-12:04:39 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 74-12:03:07 11727 [kauditd]
2:name=systemd:/user/5028.user/2.session www-data 372824 18268 00:00:00 1-18:09:43 15314 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 373008 17832 00:00:00 1-18:09:43 15315 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371856 14868 00:00:00 1-18:09:43 15316 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 370928 11696 00:00:00 1-18:09:43 15317 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372032 15944 00:00:00 1-18:09:43 15318 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371832 15236 00:00:00 1-18:03:59 16173 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372944 18044 00:00:00 1-17:54:58 17394 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 15-22:59:35 24186 [kworker/u5:0]
- root 0 0 00:00:00 73-22:46:09 25875 [kworker/u5:1]
- root 0 0 00:00:00 22-14:52:58 26246 [kworker/1:2]
2:name=systemd:/user/5028.user/2.session www-data 375528 20368 00:00:00 1-00:46:03 28295 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371880 15244 00:00:00 1-16:32:30 28622 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375176 19240 00:00:00 1-00:43:37 28700 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 01:17:31 29855 [kworker/u4:2]
2:name=systemd:/user/5028.user/2.session root 368612 17052 00:01:06 27-10:55:03 29938 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-09-17 23:04

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169cee9a9968c

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1726437181
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2516 00:00:08 72-10:54:08 1 /sbin/init
- root 0 0 00:00:00 72-10:54:08 2 [kthreadd]
- root 0 0 00:00:07 72-10:54:08 3 [ksoftirqd/0]
- root 0 0 00:00:00 72-10:54:08 4 [kworker/0:0]
- root 0 0 00:00:00 72-10:54:08 5 [kworker/0:0H]
- root 0 0 00:03:41 72-10:54:08 7 [rcu_sched]
- root 0 0 00:03:20 72-10:54:08 8 [rcuos/0]
- root 0 0 00:03:15 72-10:54:08 9 [rcuos/1]
- root 0 0 00:00:00 72-10:54:08 10 [rcu_bh]
- root 0 0 00:00:00 72-10:54:08 11 [rcuob/0]
- root 0 0 00:00:00 72-10:54:08 12 [rcuob/1]
- root 0 0 00:00:39 72-10:54:08 13 [migration/0]
- root 0 0 00:00:20 72-10:54:08 14 [watchdog/0]
- root 0 0 00:00:17 72-10:54:08 15 [watchdog/1]
- root 0 0 00:00:41 72-10:54:08 16 [migration/1]
- root 0 0 00:00:04 72-10:54:08 17 [ksoftirqd/1]
- root 0 0 00:00:00 72-10:54:08 19 [kworker/1:0H]
- root 0 0 00:00:00 72-10:54:08 20 [khelper]
- root 0 0 00:00:00 72-10:54:08 21 [kdevtmpfs]
- root 0 0 00:00:00 72-10:54:08 22 [netns]
- root 0 0 00:00:00 72-10:54:08 23 [writeback]
- root 0 0 00:00:00 72-10:54:08 24 [kintegrityd]
- root 0 0 00:00:00 72-10:54:08 25 [bioset]
- root 0 0 00:00:00 72-10:54:08 27 [kblockd]
- root 0 0 00:00:00 72-10:54:08 28 [ata_sff]
- root 0 0 00:00:00 72-10:54:08 29 [khubd]
- root 0 0 00:00:00 72-10:54:08 30 [md]
- root 0 0 00:00:00 72-10:54:08 31 [devfreq_wq]
- root 0 0 00:02:08 72-10:54:08 32 [kworker/0:1]
- root 0 0 00:03:47 72-10:54:08 33 [kworker/1:1]
- root 0 0 00:00:02 72-10:54:08 35 [khungtaskd]
- root 0 0 00:06:25 72-10:54:08 36 [kswapd0]
- root 0 0 00:00:00 72-10:54:08 37 [vmstat]
- root 0 0 00:00:00 72-10:54:08 38 [ksmd]
- root 0 0 00:00:29 72-10:54:08 39 [khugepaged]
- root 0 0 00:00:00 72-10:54:08 40 [fsnotify_mark]
- root 0 0 00:00:00 72-10:54:08 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 72-10:54:08 42 [crypto]
- root 0 0 00:00:00 72-10:54:08 54 [kthrotld]
- root 0 0 00:00:00 72-10:54:08 56 [scsi_eh_0]
- root 0 0 00:00:00 72-10:54:08 57 [scsi_eh_1]
- root 0 0 00:00:00 72-10:54:08 78 [deferwq]
- root 0 0 00:00:00 72-10:54:08 79 [charger_manager]
- root 0 0 00:00:00 72-10:54:08 124 [kpsmoused]
- root 0 0 00:00:00 72-10:54:08 125 [mpt_poll_0]
- root 0 0 00:00:00 72-10:54:08 126 [mpt/0]
- root 0 0 00:00:00 72-10:54:07 127 [scsi_eh_2]
- root 0 0 00:00:00 72-10:54:07 128 [ttm_swap]
- root 0 0 00:02:00 72-10:54:02 178 [jbd2/sda1-8]
- root 0 0 00:00:00 72-10:54:02 179 [ext4-rsv-conver]
- root 28808 1004 00:00:00 72-10:54:02 216 mountall --daemon
- root 19608 620 00:00:00 72-10:54:02 307 upstart-udev-bridge --daemon
- root 58416 1172 00:00:00 72-10:54:02 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1236 00:00:00 72-10:54:02 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 72-10:54:02 432 /lib/systemd/systemd-logind
- syslog 269660 1324 00:00:28 72-10:54:02 435 rsyslogd
- root 15804 1088 00:00:00 72-10:54:01 671 upstart-file-bridge --daemon
- root 165340 2396 00:02:08 72-10:54:01 687 sssd -i -f
- root 15260 560 00:00:00 72-10:54:01 697 upstart-socket-bridge --daemon
- root 179888 7320 00:23:24 72-10:54:01 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150748 2904 00:07:17 72-10:54:01 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 136876 2752 00:01:13 72-10:54:01 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2216 00:01:06 72-10:54:01 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 860 00:00:00 72-10:54:01 749 /sbin/getty -8 38400 tty4
- root 25156 852 00:00:00 72-10:54:01 754 /sbin/getty -8 38400 tty5
- root 25156 852 00:00:00 72-10:54:01 760 /sbin/getty -8 38400 tty2
- root 25156 852 00:00:00 72-10:54:01 761 /sbin/getty -8 38400 tty3
- root 25156 852 00:00:00 72-10:54:01 796 /sbin/getty -8 38400 tty6
- root 70112 1556 00:00:59 72-10:54:01 845 /usr/sbin/sshd -D
- root 25896 908 00:00:27 72-10:54:01 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:09 72-10:54:01 851 cron
- daemon 35128 292 00:00:00 72-10:54:01 853 atd
- whoopsie 344444 2036 00:00:13 72-10:54:00 860 whoopsie
- root 4368 520 00:00:00 72-10:54:00 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:06:42 72-10:54:00 883 /usr/sbin/irqbalance
- mysql 632796 173952 02:12:48 72-10:54:00 1063 /usr/sbin/mysqld
- Debian-exim 63920 932 00:00:01 72-10:54:00 1335 /usr/sbin/exim4 -bd -q30m
- root 363972 2108 00:00:10 72-10:53:58 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 253432 01:54:09 72-10:53:58 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 187332 10992 01:05:41 72-10:53:58 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 848 00:00:00 72-10:53:57 1728 /sbin/getty -8 38400 tty1
2:name=systemd:/user/5028.user/2.session www-data 393308 24068 00:00:01 6-09:37:58 1941 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 375960 21148 00:00:00 3-11:03:38 7979 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372952 17476 00:00:00 3-10:53:07 9501 /usr/sbin/apache2 -k start
- root 91792 2624 00:57:41 72-10:53:36 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 72-10:53:35 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 72-10:52:03 11727 [kauditd]
- root 0 0 00:00:00 44:10 13434 [kworker/u4:1]
- root 0 0 00:00:00 10:41 17894 [kworker/u4:0]
- root 34636 3056 00:00:00 00:00 19473 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:00 19499 /bin/bash /usr/bin/check_mk_agent
- root 34644 1892 00:00:00 00:00 19500 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 19502 cat
- root 34708 1932 00:00:00 00:00 19535 /bin/bash /usr/bin/check_mk_agent
- root 31008 1452 00:00:00 00:00 19536 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 19537 tr -s 
- root 0 0 00:00:00 13-21:48:31 24186 [kworker/u5:0]
- root 0 0 00:00:00 71-21:35:05 25875 [kworker/u5:1]
- root 0 0 00:00:00 20-13:41:54 26246 [kworker/1:2]
2:name=systemd:/user/5028.user/2.session www-data 393636 25804 00:00:01 6-18:24:11 26783 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 392956 26528 00:00:01 6-18:24:10 26784 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session root 368604 15260 00:01:01 25-09:43:59 29938 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 392352 22280 00:00:01 7-17:18:59 30658 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 392092 21740 00:00:01 7-17:18:59 30659 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 392816 23168 00:00:01 7-17:18:59 30660 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 392828 26144 00:00:01 7-17:18:59 30661 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372800 15892 00:00:00 4-07:21:02 32084 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-09-15 21:53

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169cef3c0e3b6

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1726269061
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2584 00:00:08 70-12:12:07 1 /sbin/init
- root 0 0 00:00:00 70-12:12:07 2 [kthreadd]
- root 0 0 00:00:07 70-12:12:07 3 [ksoftirqd/0]
- root 0 0 00:00:00 70-12:12:07 4 [kworker/0:0]
- root 0 0 00:00:00 70-12:12:07 5 [kworker/0:0H]
- root 0 0 00:03:35 70-12:12:07 7 [rcu_sched]
- root 0 0 00:03:15 70-12:12:07 8 [rcuos/0]
- root 0 0 00:03:09 70-12:12:07 9 [rcuos/1]
- root 0 0 00:00:00 70-12:12:07 10 [rcu_bh]
- root 0 0 00:00:00 70-12:12:07 11 [rcuob/0]
- root 0 0 00:00:00 70-12:12:07 12 [rcuob/1]
- root 0 0 00:00:38 70-12:12:07 13 [migration/0]
- root 0 0 00:00:20 70-12:12:07 14 [watchdog/0]
- root 0 0 00:00:17 70-12:12:07 15 [watchdog/1]
- root 0 0 00:00:40 70-12:12:07 16 [migration/1]
- root 0 0 00:00:04 70-12:12:07 17 [ksoftirqd/1]
- root 0 0 00:00:00 70-12:12:07 19 [kworker/1:0H]
- root 0 0 00:00:00 70-12:12:07 20 [khelper]
- root 0 0 00:00:00 70-12:12:07 21 [kdevtmpfs]
- root 0 0 00:00:00 70-12:12:07 22 [netns]
- root 0 0 00:00:00 70-12:12:07 23 [writeback]
- root 0 0 00:00:00 70-12:12:07 24 [kintegrityd]
- root 0 0 00:00:00 70-12:12:07 25 [bioset]
- root 0 0 00:00:00 70-12:12:07 27 [kblockd]
- root 0 0 00:00:00 70-12:12:07 28 [ata_sff]
- root 0 0 00:00:00 70-12:12:07 29 [khubd]
- root 0 0 00:00:00 70-12:12:07 30 [md]
- root 0 0 00:00:00 70-12:12:07 31 [devfreq_wq]
- root 0 0 00:02:05 70-12:12:07 32 [kworker/0:1]
- root 0 0 00:03:41 70-12:12:07 33 [kworker/1:1]
- root 0 0 00:00:02 70-12:12:07 35 [khungtaskd]
- root 0 0 00:06:15 70-12:12:07 36 [kswapd0]
- root 0 0 00:00:00 70-12:12:07 37 [vmstat]
- root 0 0 00:00:00 70-12:12:07 38 [ksmd]
- root 0 0 00:00:28 70-12:12:07 39 [khugepaged]
- root 0 0 00:00:00 70-12:12:07 40 [fsnotify_mark]
- root 0 0 00:00:00 70-12:12:07 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 70-12:12:07 42 [crypto]
- root 0 0 00:00:00 70-12:12:07 54 [kthrotld]
- root 0 0 00:00:00 70-12:12:07 56 [scsi_eh_0]
- root 0 0 00:00:00 70-12:12:07 57 [scsi_eh_1]
- root 0 0 00:00:00 70-12:12:07 78 [deferwq]
- root 0 0 00:00:00 70-12:12:07 79 [charger_manager]
- root 0 0 00:00:00 70-12:12:07 124 [kpsmoused]
- root 0 0 00:00:00 70-12:12:07 125 [mpt_poll_0]
- root 0 0 00:00:00 70-12:12:07 126 [mpt/0]
- root 0 0 00:00:00 70-12:12:06 127 [scsi_eh_2]
- root 0 0 00:00:00 70-12:12:06 128 [ttm_swap]
- root 0 0 00:01:57 70-12:12:01 178 [jbd2/sda1-8]
- root 0 0 00:00:00 70-12:12:01 179 [ext4-rsv-conver]
- root 28808 1024 00:00:00 70-12:12:01 216 mountall --daemon
- root 19608 632 00:00:00 70-12:12:01 307 upstart-udev-bridge --daemon
- root 58416 1172 00:00:00 70-12:12:01 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1100 00:00:00 70-12:12:01 414 dbus-daemon --system --fork
- root 43756 1208 00:00:00 70-12:12:01 432 /lib/systemd/systemd-logind
- syslog 269660 1356 00:00:27 70-12:12:01 435 rsyslogd
- root 15804 900 00:00:00 70-12:12:00 671 upstart-file-bridge --daemon
- root 165340 2396 00:02:05 70-12:12:00 687 sssd -i -f
- root 15260 604 00:00:00 70-12:12:00 697 upstart-socket-bridge --daemon
- root 179888 7328 00:22:38 70-12:12:00 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150748 3080 00:07:06 70-12:12:00 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 136876 2796 00:01:11 70-12:12:00 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2272 00:01:04 70-12:12:00 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 860 00:00:00 70-12:12:00 749 /sbin/getty -8 38400 tty4
- root 25156 852 00:00:00 70-12:12:00 754 /sbin/getty -8 38400 tty5
- root 25156 852 00:00:00 70-12:12:00 760 /sbin/getty -8 38400 tty2
- root 25156 852 00:00:00 70-12:12:00 761 /sbin/getty -8 38400 tty3
- root 25156 852 00:00:00 70-12:12:00 796 /sbin/getty -8 38400 tty6
- root 70112 1556 00:00:57 70-12:12:00 845 /usr/sbin/sshd -D
- root 25896 908 00:00:26 70-12:12:00 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:09 70-12:12:00 851 cron
- daemon 35128 316 00:00:00 70-12:12:00 853 atd
- whoopsie 344444 2068 00:00:13 70-12:11:59 860 whoopsie
- root 4368 520 00:00:00 70-12:11:59 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:06:31 70-12:11:59 883 /usr/sbin/irqbalance
- mysql 632796 173984 02:09:11 70-12:11:59 1063 /usr/sbin/mysqld
- Debian-exim 63920 932 00:00:01 70-12:11:59 1335 /usr/sbin/exim4 -bd -q30m
- root 363972 4124 00:00:09 70-12:11:57 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 253192 01:51:08 70-12:11:57 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 187076 10904 01:02:46 70-12:11:57 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 848 00:00:00 70-12:11:56 1728 /sbin/getty -8 38400 tty1
2:name=systemd:/user/5028.user/2.session www-data 389552 18516 00:00:00 4-10:55:57 1941 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 01:27:22 6253 [kworker/u4:1]
2:name=systemd:/user/5028.user/2.session www-data 370924 11620 00:00:00 1-12:21:37 7979 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 371672 14940 00:00:00 1-12:11:06 9501 /usr/sbin/apache2 -k start
- root 91792 2624 00:56:09 70-12:11:35 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 70-12:11:34 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 70-12:10:02 11727 [kauditd]
- root 0 0 00:00:00 08:58 16860 [kworker/u4:2]
- root 34636 3060 00:00:00 00:00 18283 /bin/bash /usr/bin/check_mk_agent
- root 34736 2416 00:00:00 00:00 18305 /bin/bash /usr/bin/check_mk_agent
- root 34644 1896 00:00:00 00:00 18306 /bin/bash /usr/bin/check_mk_agent
- root 8904 584 00:00:00 00:00 18307 cat
- root 34708 1936 00:00:00 00:00 18341 /bin/bash /usr/bin/check_mk_agent
- root 31008 1452 00:00:00 00:00 18342 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 18343 tr -s 
- root 0 0 00:00:00 11-23:06:30 24186 [kworker/u5:0]
- root 0 0 00:00:00 69-22:53:04 25875 [kworker/u5:1]
- root 0 0 00:00:00 18-14:59:53 26246 [kworker/1:2]
2:name=systemd:/user/5028.user/2.session www-data 392612 23220 00:00:00 4-19:42:10 26783 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 392956 25692 00:00:00 4-19:42:09 26784 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session root 368604 15264 00:00:57 23-11:01:58 29938 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 392352 23780 00:00:00 5-18:36:58 30658 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 392092 21708 00:00:00 5-18:36:58 30659 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 389964 20340 00:00:00 5-18:36:58 30660 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 392828 24280 00:00:00 5-18:36:58 30661 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372800 15980 00:00:00 2-08:39:01 32084 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-09-13 23:10

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ce3ad3325b

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1726098175
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2624 00:00:08 68-12:44:02 1 /sbin/init
- root 0 0 00:00:00 68-12:44:02 2 [kthreadd]
- root 0 0 00:00:07 68-12:44:02 3 [ksoftirqd/0]
- root 0 0 00:00:00 68-12:44:02 4 [kworker/0:0]
- root 0 0 00:00:00 68-12:44:02 5 [kworker/0:0H]
- root 0 0 00:03:29 68-12:44:02 7 [rcu_sched]
- root 0 0 00:03:10 68-12:44:02 8 [rcuos/0]
- root 0 0 00:03:03 68-12:44:02 9 [rcuos/1]
- root 0 0 00:00:00 68-12:44:02 10 [rcu_bh]
- root 0 0 00:00:00 68-12:44:02 11 [rcuob/0]
- root 0 0 00:00:00 68-12:44:02 12 [rcuob/1]
- root 0 0 00:00:37 68-12:44:02 13 [migration/0]
- root 0 0 00:00:19 68-12:44:02 14 [watchdog/0]
- root 0 0 00:00:16 68-12:44:02 15 [watchdog/1]
- root 0 0 00:00:39 68-12:44:02 16 [migration/1]
- root 0 0 00:00:04 68-12:44:02 17 [ksoftirqd/1]
- root 0 0 00:00:00 68-12:44:02 19 [kworker/1:0H]
- root 0 0 00:00:00 68-12:44:02 20 [khelper]
- root 0 0 00:00:00 68-12:44:02 21 [kdevtmpfs]
- root 0 0 00:00:00 68-12:44:02 22 [netns]
- root 0 0 00:00:00 68-12:44:02 23 [writeback]
- root 0 0 00:00:00 68-12:44:02 24 [kintegrityd]
- root 0 0 00:00:00 68-12:44:02 25 [bioset]
- root 0 0 00:00:00 68-12:44:02 27 [kblockd]
- root 0 0 00:00:00 68-12:44:02 28 [ata_sff]
- root 0 0 00:00:00 68-12:44:02 29 [khubd]
- root 0 0 00:00:00 68-12:44:02 30 [md]
- root 0 0 00:00:00 68-12:44:02 31 [devfreq_wq]
- root 0 0 00:02:01 68-12:44:02 32 [kworker/0:1]
- root 0 0 00:03:35 68-12:44:02 33 [kworker/1:1]
- root 0 0 00:00:02 68-12:44:02 35 [khungtaskd]
- root 0 0 00:06:04 68-12:44:02 36 [kswapd0]
- root 0 0 00:00:00 68-12:44:02 37 [vmstat]
- root 0 0 00:00:00 68-12:44:02 38 [ksmd]
- root 0 0 00:00:27 68-12:44:02 39 [khugepaged]
- root 0 0 00:00:00 68-12:44:02 40 [fsnotify_mark]
- root 0 0 00:00:00 68-12:44:02 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 68-12:44:02 42 [crypto]
- root 0 0 00:00:00 68-12:44:02 54 [kthrotld]
- root 0 0 00:00:00 68-12:44:02 56 [scsi_eh_0]
- root 0 0 00:00:00 68-12:44:02 57 [scsi_eh_1]
- root 0 0 00:00:00 68-12:44:02 78 [deferwq]
- root 0 0 00:00:00 68-12:44:02 79 [charger_manager]
- root 0 0 00:00:00 68-12:44:02 124 [kpsmoused]
- root 0 0 00:00:00 68-12:44:02 125 [mpt_poll_0]
- root 0 0 00:00:00 68-12:44:02 126 [mpt/0]
- root 0 0 00:00:00 68-12:44:01 127 [scsi_eh_2]
- root 0 0 00:00:00 68-12:44:01 128 [ttm_swap]
- root 0 0 00:01:54 68-12:43:56 178 [jbd2/sda1-8]
- root 0 0 00:00:00 68-12:43:56 179 [ext4-rsv-conver]
- root 28808 1032 00:00:00 68-12:43:56 216 mountall --daemon
- root 19608 632 00:00:00 68-12:43:56 307 upstart-udev-bridge --daemon
- root 58416 1172 00:00:00 68-12:43:56 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 1224 00:00:00 68-12:43:56 414 dbus-daemon --system --fork
- root 43756 1212 00:00:00 68-12:43:56 432 /lib/systemd/systemd-logind
- syslog 269660 1372 00:00:27 68-12:43:56 435 rsyslogd
- root 15804 924 00:00:00 68-12:43:55 671 upstart-file-bridge --daemon
- root 165340 2396 00:02:01 68-12:43:55 687 sssd -i -f
- root 15260 636 00:00:00 68-12:43:55 697 upstart-socket-bridge --daemon
- root 179888 7436 00:21:52 68-12:43:55 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150748 3292 00:06:54 68-12:43:55 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 136876 2696 00:01:09 68-12:43:55 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2272 00:01:02 68-12:43:55 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 860 00:00:00 68-12:43:55 749 /sbin/getty -8 38400 tty4
- root 25156 852 00:00:00 68-12:43:55 754 /sbin/getty -8 38400 tty5
- root 25156 852 00:00:00 68-12:43:55 760 /sbin/getty -8 38400 tty2
- root 25156 852 00:00:00 68-12:43:55 761 /sbin/getty -8 38400 tty3
- root 25156 852 00:00:00 68-12:43:55 796 /sbin/getty -8 38400 tty6
- root 70112 1556 00:00:55 68-12:43:55 845 /usr/sbin/sshd -D
- root 25896 908 00:00:25 68-12:43:55 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:08 68-12:43:55 851 cron
- daemon 35128 340 00:00:00 68-12:43:55 853 atd
- whoopsie 344444 2100 00:00:13 68-12:43:54 860 whoopsie
- root 4368 520 00:00:00 68-12:43:54 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:06:20 68-12:43:54 883 /usr/sbin/irqbalance
- mysql 632796 173956 02:05:30 68-12:43:54 1063 /usr/sbin/mysqld
- Debian-exim 63920 932 00:00:01 68-12:43:54 1335 /usr/sbin/exim4 -bd -q30m
- root 363972 4128 00:00:09 68-12:43:52 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 247264 01:48:00 68-12:43:52 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 187076 10788 00:59:50 68-12:43:52 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 848 00:00:00 68-12:43:51 1728 /sbin/getty -8 38400 tty1
2:name=systemd:/user/5028.user/2.session www-data 389552 19060 00:00:00 2-11:27:52 1941 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 388344 16976 00:00:00 2-11:27:49 1958 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 13:49 8818 [kworker/u4:0]
- root 34636 3056 00:00:00 00:00 10861 /bin/bash /usr/bin/check_mk_agent
- root 34736 2412 00:00:00 00:00 10887 /bin/bash /usr/bin/check_mk_agent
- root 34644 1892 00:00:00 00:00 10888 /bin/bash /usr/bin/check_mk_agent
- root 8904 584 00:00:00 00:00 10890 cat
- root 34708 1932 00:00:00 00:00 10923 /bin/bash /usr/bin/check_mk_agent
- root 31008 1452 00:00:00 00:00 10924 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 10925 tr -s 
- root 91792 2624 00:54:35 68-12:43:30 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 68-12:43:29 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 68-12:41:57 11727 [kauditd]
- root 0 0 00:00:00 9-23:38:25 24186 [kworker/u5:0]
- root 0 0 00:00:00 67-23:24:59 25875 [kworker/u5:1]
- root 0 0 00:00:00 16-15:31:48 26246 [kworker/1:2]
2:name=systemd:/user/5028.user/2.session www-data 392612 23744 00:00:00 2-20:14:05 26783 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 392956 25184 00:00:00 2-20:14:04 26784 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session root 368604 15804 00:00:52 21-11:33:53 29938 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 388408 17032 00:00:00 3-19:08:53 30658 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 392092 22276 00:00:00 3-19:08:53 30659 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 389964 22528 00:00:00 3-19:08:53 30660 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 392828 26812 00:00:00 3-19:08:53 30661 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 370916 11848 00:00:00 09:10:57 32082 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 372800 18192 00:00:00 09:10:56 32084 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 01:19:31 32143 [kworker/u4:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-09-11 23:42

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe633bb67df1fd918912127eb55f169ce253c7a69

Found public CheckMk agent:
Version: 2.2.0p6
AgentOS: linux
Hostname: la-prod-svn01
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
FailedPythonReason: 
SSHClient: 

Found linux process list through CheckMk:
[time]
1726018801
[processes]
[header] CGROUP USER VSZ RSS TIME ELAPSED PID COMMAND
- root 42452 2400 00:00:08 67-14:41:08 1 /sbin/init
- root 0 0 00:00:00 67-14:41:08 2 [kthreadd]
- root 0 0 00:00:07 67-14:41:08 3 [ksoftirqd/0]
- root 0 0 00:00:00 67-14:41:08 4 [kworker/0:0]
- root 0 0 00:00:00 67-14:41:08 5 [kworker/0:0H]
- root 0 0 00:03:27 67-14:41:08 7 [rcu_sched]
- root 0 0 00:03:08 67-14:41:08 8 [rcuos/0]
- root 0 0 00:03:01 67-14:41:08 9 [rcuos/1]
- root 0 0 00:00:00 67-14:41:08 10 [rcu_bh]
- root 0 0 00:00:00 67-14:41:08 11 [rcuob/0]
- root 0 0 00:00:00 67-14:41:08 12 [rcuob/1]
- root 0 0 00:00:37 67-14:41:08 13 [migration/0]
- root 0 0 00:00:19 67-14:41:08 14 [watchdog/0]
- root 0 0 00:00:16 67-14:41:08 15 [watchdog/1]
- root 0 0 00:00:38 67-14:41:08 16 [migration/1]
- root 0 0 00:00:04 67-14:41:08 17 [ksoftirqd/1]
- root 0 0 00:00:00 67-14:41:08 19 [kworker/1:0H]
- root 0 0 00:00:00 67-14:41:08 20 [khelper]
- root 0 0 00:00:00 67-14:41:08 21 [kdevtmpfs]
- root 0 0 00:00:00 67-14:41:08 22 [netns]
- root 0 0 00:00:00 67-14:41:08 23 [writeback]
- root 0 0 00:00:00 67-14:41:08 24 [kintegrityd]
- root 0 0 00:00:00 67-14:41:08 25 [bioset]
- root 0 0 00:00:00 67-14:41:08 27 [kblockd]
- root 0 0 00:00:00 67-14:41:08 28 [ata_sff]
- root 0 0 00:00:00 67-14:41:08 29 [khubd]
- root 0 0 00:00:00 67-14:41:08 30 [md]
- root 0 0 00:00:00 67-14:41:08 31 [devfreq_wq]
- root 0 0 00:01:59 67-14:41:08 32 [kworker/0:1]
- root 0 0 00:03:32 67-14:41:08 33 [kworker/1:1]
- root 0 0 00:00:02 67-14:41:08 35 [khungtaskd]
- root 0 0 00:06:03 67-14:41:08 36 [kswapd0]
- root 0 0 00:00:00 67-14:41:08 37 [vmstat]
- root 0 0 00:00:00 67-14:41:08 38 [ksmd]
- root 0 0 00:00:27 67-14:41:08 39 [khugepaged]
- root 0 0 00:00:00 67-14:41:08 40 [fsnotify_mark]
- root 0 0 00:00:00 67-14:41:08 41 [ecryptfs-kthrea]
- root 0 0 00:00:00 67-14:41:08 42 [crypto]
- root 0 0 00:00:00 67-14:41:08 54 [kthrotld]
- root 0 0 00:00:00 67-14:41:08 56 [scsi_eh_0]
- root 0 0 00:00:00 67-14:41:08 57 [scsi_eh_1]
- root 0 0 00:00:00 67-14:41:08 78 [deferwq]
- root 0 0 00:00:00 67-14:41:08 79 [charger_manager]
- root 0 0 00:00:00 67-14:41:08 124 [kpsmoused]
- root 0 0 00:00:00 67-14:41:08 125 [mpt_poll_0]
- root 0 0 00:00:00 67-14:41:08 126 [mpt/0]
- root 0 0 00:00:00 67-14:41:07 127 [scsi_eh_2]
- root 0 0 00:00:00 67-14:41:07 128 [ttm_swap]
- root 0 0 00:01:53 67-14:41:02 178 [jbd2/sda1-8]
- root 0 0 00:00:00 67-14:41:02 179 [ext4-rsv-conver]
- root 28808 1032 00:00:00 67-14:41:02 216 mountall --daemon
- root 19608 632 00:00:00 67-14:41:02 307 upstart-udev-bridge --daemon
- root 58416 1172 00:00:00 67-14:41:02 313 /lib/systemd/systemd-udevd --daemon
- messagebus 53060 980 00:00:00 67-14:41:02 414 dbus-daemon --system --fork
- root 43756 1212 00:00:00 67-14:41:02 432 /lib/systemd/systemd-logind
- syslog 269660 1352 00:00:26 67-14:41:02 435 rsyslogd
- root 15804 924 00:00:00 67-14:41:01 671 upstart-file-bridge --daemon
- root 165340 2396 00:02:00 67-14:41:01 687 sssd -i -f
- root 15260 636 00:00:00 67-14:41:01 697 upstart-socket-bridge --daemon
- root 179888 7300 00:21:32 67-14:41:01 743 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain jumpcloud --debug-to-files
- root 150748 2804 00:06:48 67-14:41:01 746 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --debug-to-files
- root 136876 2696 00:01:08 67-14:41:01 747 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files
- root 141320 2272 00:01:02 67-14:41:01 748 /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh --debug-to-files
- root 25156 860 00:00:00 67-14:41:01 749 /sbin/getty -8 38400 tty4
- root 25156 852 00:00:00 67-14:41:01 754 /sbin/getty -8 38400 tty5
- root 25156 852 00:00:00 67-14:41:01 760 /sbin/getty -8 38400 tty2
- root 25156 852 00:00:00 67-14:41:01 761 /sbin/getty -8 38400 tty3
- root 25156 852 00:00:00 67-14:41:01 796 /sbin/getty -8 38400 tty6
- root 70112 1556 00:00:54 67-14:41:01 845 /usr/sbin/sshd -D
- root 25896 908 00:00:25 67-14:41:01 846 /usr/sbin/xinetd -dontfork -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
- root 34552 880 00:00:08 67-14:41:01 851 cron
- daemon 35128 340 00:00:00 67-14:41:01 853 atd
- whoopsie 344444 2100 00:00:13 67-14:41:00 860 whoopsie
- root 4368 520 00:00:00 67-14:41:00 866 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- root 19292 712 00:06:15 67-14:41:00 883 /usr/sbin/irqbalance
- mysql 632796 212404 02:04:33 67-14:41:00 1063 /usr/sbin/mysqld
- Debian-exim 63920 932 00:00:01 67-14:41:00 1335 /usr/sbin/exim4 -bd -q30m
- root 363972 3956 00:00:09 67-14:40:58 1548 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
- root 3601096 252568 01:46:45 67-14:40:58 1589 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPlan -Xms20m -Xmx1024m -Dsun.net.inetaddr.ttl=300 -Dnetworkaddress.cache.ttl=300 -Dsun.net.inetaddr.negative.ttl=0 -Dnetworkaddress.cache.negative.ttl=0 -Dc42.native.md5.enabled=false -classpath /usr/local/crashplan/lib/com.backup42.desktop.jar:/usr/local/crashplan/lang com.backup42.service.CPService
- root 187076 10748 00:58:29 67-14:40:58 1647 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
- root 25156 848 00:00:00 67-14:40:57 1728 /sbin/getty -8 38400 tty1
2:name=systemd:/user/5028.user/2.session www-data 389552 17304 00:00:00 1-13:24:58 1941 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 391024 19244 00:00:00 1-13:24:57 1947 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 388460 15756 00:00:00 1-13:24:56 1952 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 388344 16092 00:00:00 1-13:24:55 1958 /usr/sbin/apache2 -k start
- root 0 0 00:00:00 01:13:04 11292 [kworker/u4:0]
- root 91792 2624 00:53:50 67-14:40:36 11507 /usr/sbin/vmtoolsd
- root 69336 2292 00:00:00 67-14:40:35 11526 /usr/lib/vmware-vgauth/VGAuthService -s
- root 0 0 00:00:00 67-14:39:03 11727 [kauditd]
- root 0 0 00:00:00 40:45 16720 [kworker/u4:2]
- root 99204 2116 00:00:00 40:00 16858 CRON
- root 4444 644 00:00:00 40:00 16862 /bin/sh -c /etc/backup/backup_auto_db.sh > /var/log/cron/backup_db.log
- root 12412 1344 00:00:00 40:00 16865 /bin/bash /etc/backup/backup_auto_db.sh
- root 134004 29016 00:01:37 40:00 16871 mysqldump --user=root --password=x xxxxxxx prod_ppsystem
- root 13772 6964 00:37:51 40:00 16872 bzip2
- root 34636 3052 00:00:00 00:00 22485 /bin/bash /usr/bin/check_mk_agent
- root 34736 2408 00:00:00 00:00 22511 /bin/bash /usr/bin/check_mk_agent
- root 34644 1880 00:00:00 00:00 22512 /bin/bash /usr/bin/check_mk_agent
- root 8904 588 00:00:00 00:00 22513 cat
- root 34708 1928 00:00:00 00:00 22547 /bin/bash /usr/bin/check_mk_agent
- root 31008 1456 00:00:00 00:00 22548 ps ax -ww -o cgroup:512,user:32,vsz,rss,cputime,etime,pid,command
- root 8912 596 00:00:00 00:00 22549 tr -s 
- root 0 0 00:00:00 9-01:35:31 24186 [kworker/u5:0]
- root 0 0 00:00:00 67-01:22:05 25875 [kworker/u5:1]
- root 0 0 00:00:00 15-17:28:54 26246 [kworker/1:2]
2:name=systemd:/user/5028.user/2.session www-data 392612 21036 00:00:00 1-22:11:11 26783 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 392956 21580 00:00:00 1-22:11:10 26784 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session root 368604 15756 00:00:50 20-13:30:59 29938 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 388408 14512 00:00:00 2-21:05:59 30658 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 392092 20416 00:00:00 2-21:05:59 30659 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 388272 14276 00:00:00 2-21:05:59 30660 /usr/sbin/apache2 -k start
2:name=systemd:/user/5028.user/2.session www-data 389976 19808 00:00:00 2-21:05:59 30661 /usr/sbin/apache2 -k start

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a3:73:18 brd ff:ff:ff:ff:ff:ff
    inet 176.31.202.83/27 brd 176.31.202.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea3:7318/64 scope link 
       valid_lft forever preferred_lft forever
[end_iplink]

Found on 2024-09-11 01:40

Create report

Open service 176.31.202.83:80

2024-11-20 09:51

HTTP/1.1 200 OK
Date: Wed, 20 Nov 2024 09:51:46 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Tue, 25 Jun 2013 09:09:34 GMT
ETag: "15-4dff6e340ab89"
Accept-Ranges: bytes
Content-Length: 21
Connection: close
Content-Type: text/html


It's works - default

Found 2024-11-20 by HttpPlugin

Create report

Domain summary

No record