LeakIX - Host 180.179.211.59

Host 180.179.211.59

India

NTT COMMUNICATIONS INDIA NETWORK SERVICES PRIVATE LIMITED

Ubuntu

Software information

nginx nginx 1.18.0

tcp/80

CheckMK monitoring endpoint publicly available

An open CheckMK agent is publicly available.

This could leak sensitive information such as :

Process list ( maybe credentials )
Network interfaces
Running services
Firewall rules
Internal OS configuration

https://docs.checkmk.com/latest/en/wato_monitoringagents.html

IP: 180.179.211.59
Port: 6556

First seen 2024-09-09 20:26
Last seen 2024-12-22 00:58
Open for 103 days

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca87bed456

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315532,13332,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,3756,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,9604,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,6568,0.0) /lib/systemd/systemd-logind
(root,7824,1560,0.0) /bin/login -p --
(root,109760,9700,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(infra.mg,17176,6176,0.0) /lib/systemd/systemd --user
(infra.mg,169944,1864,0.0) (sd-pam)
(infra.mg,2892,724,0.0) -sh
(root,11512,1876,0.0) sudo su -
(root,11512,796,0.0) sudo su -
(root,10232,984,0.0) su -
(root,8796,1952,0.0) -bash
(custadm+,17172,8352,0.0) /lib/systemd/systemd --user
(custadm+,318416,3424,0.0) (sd-pam)
(proxy,6068,1676,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/6:0-events]
(root,2356932,22024,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/5:0-cgroup_destroy]
(root,534976,519736,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,0.0) [kworker/7:3-events]
(root,0,0,0.0) [kworker/9:0-events]
(nobody,535284,520952,0.8) nginx: worker process
(nobody,535284,520980,0.0) nginx: worker process
(nobody,535284,520928,0.0) nginx: worker process
(nobody,535284,520884,0.0) nginx: worker process
(nobody,535284,520032,0.0) nginx: worker process
(nobody,535284,520860,0.0) nginx: worker process
(nobody,535284,520032,0.0) nginx: worker process
(nobody,535284,520032,0.0) nginx: worker process
(nobody,535284,519648,0.0) nginx: worker process
(nobody,535284,519648,0.0) nginx: worker process
(nobody,535284,519584,0.0) nginx: worker process
(nobody,535284,519648,0.0) nginx: worker process
(nobody,535284,516380,0.0) nginx: worker process
(nobody,535284,516380,0.0) nginx: worker process
(nobody,535284,516380,0.0) nginx: worker process
(nobody,535284,516380,0.0) nginx: worker process
(nobody,535284,516444,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/11:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/15:0-events]
(root,0,0,0.0) [kworker/2:1-events]
(root,0,0,0.0) [kworker/8:3-events]
(root,0,0,0.0) [kworker/0:2-events]
(root,0,0,0.0) [kworker/3:2-events]
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3560,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,6720,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,159376,79176,0.2) /lib/systemd/systemd-journald
(root,11440,1848,0.0) /sbin/auditd
(root,295608,10440,0.0) /usr/libexec/packagekitd
(root,239612,5384,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5620,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2360,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5356,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9604,0.0) /usr/libexec/udisks2/udisksd
(root,12088,5808,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,4224,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5464,0.0) /usr/sbin/ModemManager
(root,14032,7940,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8020,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12536,0.0) /lib/systemd/systemd-resolved
(root,15436,7268,0.1) sshd: /usr/sbin/sshd -D [listener] 9 of 4-100 startups
(root,210344,15560,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,8208,0.0) /usr/sbin/squid --foreground -sYC
(root,405440,29612,0.8) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(root,0,0,0.0) [kworker/13:2-events]
(root,0,0,0.0) [kworker/1:0-events]
(root,0,0,0.0) [kworker/4:2-events]
(root,0,0,0.0) [kworker/4:0-cgroup_destroy]
(root,0,0,0.0) [kworker/10:1-cgroup_destroy]
(root,0,0,0.0) [kworker/14:2-events]
(root,0,0,0.0) [kworker/5:1-events]
(root,0,0,0.0) [kworker/9:1-cgroup_destroy]
(proxy,6176,2124,0.0) (pinger)
(root,0,0,0.0) [kworker/8:2-cgroup_destroy]
(root,0,0,0.0) [kworker/14:3-cgroup_destroy]
(root,0,0,0.0) [kworker/13:1]
(root,0,0,0.0) [kworker/1:2-cgroup_destroy]
(root,0,0,0.0) [kworker/2:2-events]
(root,0,0,0.0) [kworker/11:2-cgroup_destroy]
(proxy,85344,37424,0.0) (squid-1) --kid squid-1 --foreground -sYC
(root,0,0,0.0) [kworker/7:1]
(root,0,0,0.0) [kworker/15:1-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:0-flush-253:0]
(root,0,0,0.0) [kworker/3:1-events]
(root,0,0,0.0) [kworker/0:1]
(root,0,0,0.0) [kworker/u32:3-events_unbound]
(root,0,0,0.0) [kworker/u32:2-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/12:0-events]
(root,0,0,0.0) [kworker/u32:1-flush-8:0]
(root,0,0,0.0) [kworker/6:2]
(root,0,0,0.0) [kworker/u32:4-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/u32:5-ext4-rsv-conversion]
(root,15432,8920,0.0) sshd: [accepted]
(root,15432,8868,0.0) sshd: [accepted]
(root,15432,8976,0.0) sshd: [accepted]
(root,16912,10168,0.0) sshd: unknown [priv]
(sshd,15432,5520,0.0) sshd: unknown [net]
(root,15432,9068,0.0) sshd: [accepted]
(sshd,15432,5420,0.0) sshd: [net]
(root,16912,10256,0.5) sshd: unknown [priv]
(sshd,15432,5408,0.0) sshd: unknown [net]
(root,16912,10088,0.0) sshd: unknown [priv]
(sshd,15432,5532,0.0) sshd: unknown [net]
(root,15432,9040,0.0) sshd: [accepted]
(sshd,15432,5568,0.0) sshd: [net]
(root,15432,8956,0.0) sshd: [accepted]
(sshd,15432,5348,0.0) sshd: [net]
(root,7372,3864,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1596,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1116,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(root,0,0,0.0) [kworker/12:2-events]
(root,0,0,0.0) [kworker/10:0-events]

Found on 2024-12-22 00:58

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320caed407eca

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315696,13364,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,3756,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,9604,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,6568,0.0) /lib/systemd/systemd-logind
(root,7824,1560,0.0) /bin/login -p --
(root,109760,9700,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,533632,518200,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(infra.mg,17176,6176,0.0) /lib/systemd/systemd --user
(infra.mg,169944,1864,0.0) (sd-pam)
(infra.mg,2892,724,0.0) -sh
(root,11512,1876,0.0) sudo su -
(root,11512,796,0.0) sudo su -
(root,10232,984,0.0) su -
(root,8796,1952,0.0) -bash
(root,0,0,0.0) [kworker/5:1-cgroup_destroy]
(custadm+,17172,8352,0.0) /lib/systemd/systemd --user
(custadm+,318416,3424,0.0) (sd-pam)
(root,0,0,0.0) [kworker/13:0-mm_percpu_wq]
(proxy,6068,1676,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/7:0-events]
(root,0,0,0.0) [kworker/7:2-events]
(root,0,0,0.0) [kworker/12:0]
(root,0,0,0.0) [kworker/2:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/2:0-cgroup_destroy]
(nobody,533940,519524,0.5) nginx: worker process
(nobody,533940,519576,0.0) nginx: worker process
(nobody,533940,519556,0.0) nginx: worker process
(nobody,533940,519428,0.0) nginx: worker process
(nobody,533940,517968,0.0) nginx: worker process
(nobody,533940,517968,0.0) nginx: worker process
(nobody,533940,517784,0.0) nginx: worker process
(nobody,533940,515116,0.0) nginx: worker process
(nobody,533940,515116,0.0) nginx: worker process
(nobody,533940,515116,0.0) nginx: worker process
(nobody,533940,515116,0.0) nginx: worker process
(nobody,533940,515116,0.0) nginx: worker process
(nobody,533940,515116,0.0) nginx: worker process
(nobody,533940,515116,0.0) nginx: worker process
(nobody,533940,515116,0.0) nginx: worker process
(nobody,533940,515116,0.0) nginx: worker process
(nobody,533940,515244,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/3:1-cgroup_destroy]
(proxy,6176,2104,0.0) (pinger)
(root,0,0,0.0) [kworker/14:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/0:1-events]
(root,0,0,0.0) [kworker/9:0-cgroup_destroy]
(root,0,0,0.0) [kworker/1:2-cgroup_destroy]
(root,0,0,0.0) [kworker/8:2-events]
(root,0,0,0.0) [kworker/0:2]
(root,0,0,0.0) [kworker/15:2-cgroup_destroy]
(root,0,0,0.0) [kworker/6:0-events]
(root,0,0,0.0) [kworker/u32:1-events_power_efficient]
(root,0,0,0.0) [kworker/4:0-cgroup_destroy]
(root,0,0,0.0) [kworker/13:1]
(root,0,0,0.0) [kworker/11:0-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:2-flush-8:0]
(root,0,0,0.0) [kworker/14:0-events]
(root,0,0,0.0) [kworker/u32:0-flush-8:0]
(root,2356932,21900,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/u32:4-flush-253:0]
(root,0,0,0.0) [kworker/u32:5-events_unbound]
(root,15432,9036,0.0) sshd: [accepted]
(root,15432,9016,0.0) sshd: [accepted]
(root,15432,8792,0.0) sshd: [accepted]
(root,15432,8900,0.0) sshd: [accepted]
(root,15432,8972,0.0) sshd: [accepted]
(root,15432,9036,0.0) sshd: [accepted]
(root,15432,9008,0.0) sshd: [accepted]
(root,15432,9056,0.0) sshd: [accepted]
(root,15432,8884,0.0) sshd: [accepted]
(root,15432,8956,0.0) sshd: [accepted]
(root,15432,9028,0.0) sshd: [accepted]
(root,15432,8780,0.0) sshd: [accepted]
(sshd,15432,5612,0.0) sshd: [net]
(root,15432,9004,0.0) sshd: [accepted]
(root,15432,8856,0.0) sshd: [accepted]
(root,16440,10172,1.4) sshd: root [priv]
(root,16440,10152,1.2) sshd: root [priv]
(root,16440,10236,0.6) sshd: root [priv]
(root,15432,8860,0.0) sshd: [accepted]
(root,15432,8892,0.0) sshd: [accepted]
(root,15432,8784,0.0) sshd: [accepted]
(root,16440,10120,1.3) sshd: root [priv]
(root,15432,8884,0.0) sshd: [accepted]
(root,16440,10152,1.4) sshd: root [priv]
(root,16440,10144,0.5) sshd: root [priv]
(root,15432,8972,0.0) sshd: [accepted]
(root,15432,8820,0.0) sshd: [accepted]
(root,16440,10176,1.4) sshd: root [priv]
(root,15432,9008,0.0) sshd: [accepted]
(root,15432,8848,0.0) sshd: [accepted]
(root,15432,8836,0.0) sshd: [accepted]
(root,15432,8900,0.0) sshd: [accepted]
(root,16440,10316,0.8) sshd: root [priv]
(root,15432,9048,0.0) sshd: [accepted]
(root,16440,10188,1.4) sshd: root [priv]
(root,16440,10224,1.4) sshd: root [priv]
(root,15432,8904,0.0) sshd: [accepted]
(sshd,15432,5504,0.0) sshd: root [net]
(root,15432,9076,0.0) sshd: [accepted]
(root,16440,10196,1.2) sshd: root [priv]
(sshd,15432,5464,0.0) sshd: root [net]
(root,15432,9044,0.0) sshd: [accepted]
(root,16440,10232,1.6) sshd: root [priv]
(root,15432,8852,0.0) sshd: [accepted]
(root,16440,10208,1.5) sshd: root [priv]
(root,16440,10196,1.5) sshd: root [priv]
(root,16440,10128,1.4) sshd: root [priv]
(sshd,15432,5596,0.0) sshd: root [net]
(sshd,15432,5508,0.0) sshd: root [net]
(sshd,15432,5532,0.0) sshd: root [net]
(sshd,15432,5440,0.0) sshd: root [net]
(sshd,15432,5420,0.0) sshd: root [net]
(sshd,15432,5572,0.0) sshd: root [net]
(sshd,15432,5388,0.0) sshd: root [net]
(sshd,15432,5568,0.0) sshd: root [net]
(sshd,15432,5532,0.0) sshd: root [net]
(sshd,15432,5432,0.0) sshd: root [net]
(sshd,15432,5476,0.0) sshd: root [net]
(sshd,15432,5508,0.0) sshd: root [net]
(sshd,15432,5592,0.0) sshd: root [net]
(root,15432,9080,0.0) sshd: [accepted]
(root,16440,10068,0.6) sshd: root [priv]
(sshd,15432,5568,0.0) sshd: root [net]
(root,15432,8816,0.0) sshd: [accepted]
(sshd,15432,5456,0.0) sshd: [net]
(root,4364,3292,0.0) bash
(root,16748,4928,0.0) ipmitool sensor list
(root,3472,1644,0.0) grep -v command failed
(root,3688,1084,0.0) sed -e s/ *| */|/g -e s/ /_/g -e s/_*$// -e s/|/ /g
(root,3472,1600,0.0) grep -E -v ^[^ ]+ na 
(root,3472,1692,0.0) grep -v  discrete 
(root,7372,3836,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1592,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1080,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,517464,492860,0.0) nginx: cache manager process
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3560,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,6720,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,212432,122568,0.2) /lib/systemd/systemd-journald
(root,11440,1848,0.0) /sbin/auditd
(root,295608,10440,0.0) /usr/libexec/packagekitd
(root,239612,5384,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5584,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2360,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5356,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9604,0.0) /usr/libexec/udisks2/udisksd
(root,12088,5808,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,4224,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5464,0.0) /usr/sbin/ModemManager
(root,14032,7940,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8020,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12536,0.0) /lib/systemd/systemd-resolved
(root,15436,7268,0.1) sshd: /usr/sbin/sshd -D [listener] 47 of 4-100 startups
(root,210344,15560,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,8208,0.0) /usr/sbin/squid --foreground -sYC
(root,405440,29156,0.8) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(proxy,85344,37312,0.0) (squid-1) --kid squid-1 --foreground -sYC
(root,0,0,0.0) [kworker/4:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/1:1-events]
(nobody,517664,488936,0.0) nginx: cache manager process
(nobody,517668,496020,0.0) nginx: cache manager process
(nobody,517668,496120,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/9:2-mm_percpu_wq]
(nobody,517772,498276,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/6:3-cgroup_destroy]
(root,0,0,0.0) [kworker/3:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/10:2-events]
(root,0,0,0.0) [kworker/12:2-events]
(root,0,0,0.0) [kworker/10:0-events]
(root,0,0,0.0) [kworker/15:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/5:2-events]
(root,0,0,0.0) [kworker/11:1-events]
(root,0,0,0.0) [kworker/8:1-mm_percpu_wq]

Found on 2024-12-20 00:28

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320cad6234d2f

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315568,13344,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,3756,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,9624,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,6592,0.0) /lib/systemd/systemd-logind
(root,7824,1560,0.0) /bin/login -p --
(root,109760,9700,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(infra.mg,17176,6180,0.0) /lib/systemd/systemd --user
(infra.mg,169944,1864,0.0) (sd-pam)
(infra.mg,2892,724,0.0) -sh
(root,11512,1876,0.0) sudo su -
(root,11512,796,0.0) sudo su -
(root,10232,984,0.0) su -
(root,8796,1952,0.0) -bash
(custadm+,17172,8356,0.0) /lib/systemd/systemd --user
(custadm+,318416,3424,0.0) (sd-pam)
(root,2356932,23332,0.0) /usr/lib/snapd/snapd
(nobody,517464,493400,0.0) nginx: cache manager process
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3560,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,6720,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,188012,112660,0.2) /lib/systemd/systemd-journald
(root,11440,1848,0.0) /sbin/auditd
(root,295608,10456,0.0) /usr/libexec/packagekitd
(root,239612,5388,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5684,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2360,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5356,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9616,0.0) /usr/libexec/udisks2/udisksd
(root,12088,5808,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,4244,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5480,0.0) /usr/sbin/ModemManager
(root,14032,7940,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8028,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12536,0.0) /lib/systemd/systemd-resolved
(root,15436,7268,0.1) sshd: /usr/sbin/sshd -D [listener] 36 of 4-100 startups
(root,210344,15560,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,8208,0.0) /usr/sbin/squid --foreground -sYC
(root,405440,30212,0.8) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(root,0,0,0.0) [kworker/3:1-events]
(proxy,85344,37020,0.0) (squid-1) --kid squid-1 --foreground -sYC
(root,0,0,0.0) [kworker/7:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/15:1-events]
(root,0,0,0.0) [kworker/11:0-events]
(root,0,0,0.0) [kworker/15:2-cgroup_destroy]
(root,0,0,0.0) [kworker/13:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/4:2-events]
(root,0,0,0.0) [kworker/1:1-events]
(root,0,0,0.0) [kworker/2:1-cgroup_destroy]
(nobody,517664,489584,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/14:1-events]
(nobody,517668,496740,0.0) nginx: cache manager process
(root,517360,500048,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,517668,501616,1.3) nginx: worker process
(nobody,517668,501308,0.1) nginx: worker process
(nobody,517668,501304,0.0) nginx: worker process
(nobody,517668,501252,0.0) nginx: worker process
(nobody,517668,501212,0.0) nginx: worker process
(nobody,517668,500376,0.0) nginx: worker process
(nobody,517668,499904,0.0) nginx: worker process
(nobody,517668,496760,0.0) nginx: worker process
(nobody,517668,496760,0.0) nginx: worker process
(nobody,517668,496760,0.0) nginx: worker process
(nobody,517668,496760,0.0) nginx: worker process
(nobody,517668,496760,0.0) nginx: worker process
(nobody,517668,496760,0.0) nginx: worker process
(nobody,517668,496760,0.0) nginx: worker process
(nobody,517668,496760,0.0) nginx: worker process
(nobody,517668,496760,0.0) nginx: worker process
(nobody,517668,496852,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/12:2-cgroup_destroy]
(proxy,6068,1528,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/0:1-events]
(root,0,0,0.0) [kworker/9:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/11:2-cgroup_destroy]
(root,0,0,0.0) [kworker/2:2-events]
(root,0,0,0.0) [kworker/10:1-events]
(root,0,0,0.0) [kworker/12:0-events]
(root,0,0,0.0) [kworker/4:1-events]
(root,0,0,0.0) [kworker/6:1-events]
(root,0,0,0.0) [kworker/5:1-events]
(root,0,0,0.0) [kworker/0:2-cgroup_destroy]
(proxy,6176,2152,0.0) (pinger)
(root,0,0,0.0) [kworker/6:0-events]
(root,0,0,0.0) [kworker/13:1-cgroup_destroy]
(root,0,0,0.0) [kworker/5:0-events]
(root,0,0,0.0) [kworker/8:1-events]
(root,0,0,0.0) [kworker/1:0]
(root,0,0,0.0) [kworker/8:0-cgroup_destroy]
(root,0,0,0.0) [kworker/14:0]
(root,0,0,0.0) [kworker/7:2-cgroup_destroy]
(root,0,0,0.0) [kworker/9:1-cgroup_destroy]
(root,0,0,0.0) [kworker/10:3-events]
(root,0,0,0.0) [kworker/3:3-events]
(root,0,0,0.0) [kworker/u32:4-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/u32:2-events_power_efficient]
(root,0,0,0.0) [kworker/u32:6-events_power_efficient]
(root,0,0,0.0) [kworker/u32:0-events_power_efficient]
(root,0,0,0.0) [kworker/u32:1-flush-8:0]
(root,15432,8920,0.0) sshd: [accepted]
(sshd,15432,5404,0.0) sshd: [net]
(root,15432,8848,0.0) sshd: [accepted]
(sshd,15432,5612,0.0) sshd: [net]
(root,15432,8860,0.0) sshd: [accepted]
(root,15432,8844,0.0) sshd: [accepted]
(root,15432,8804,0.0) sshd: [accepted]
(root,15432,8892,0.0) sshd: [accepted]
(root,15432,9016,0.0) sshd: [accepted]
(root,15432,8900,0.0) sshd: [accepted]
(root,16440,10100,1.4) sshd: root [priv]
(root,16440,10100,1.2) sshd: root [priv]
(sshd,15432,5400,0.0) sshd: root [net]
(sshd,15432,5320,0.0) sshd: root [net]
(root,16440,10356,1.4) sshd: root [priv]
(sshd,15432,5588,0.0) sshd: root [net]
(root,16440,10084,1.2) sshd: root [priv]
(sshd,15432,5540,0.0) sshd: root [net]
(root,16440,10088,1.0) sshd: root [priv]
(sshd,15432,5596,0.0) sshd: root [net]
(root,16440,10176,2.2) sshd: root [priv]
(sshd,15432,5536,0.0) sshd: root [net]
(root,16440,10168,1.8) sshd: root [priv]
(sshd,15432,5464,0.0) sshd: root [net]
(root,16440,10140,2.1) sshd: root [priv]
(sshd,15432,5600,0.0) sshd: root [net]
(root,16440,10084,1.4) sshd: root [priv]
(sshd,15432,5628,0.0) sshd: root [net]
(root,16440,10232,2.1) sshd: root [priv]
(root,16440,10304,1.7) sshd: root [priv]
(sshd,15432,5564,0.0) sshd: root [net]
(sshd,15432,5536,0.0) sshd: root [net]
(root,16440,10176,1.8) sshd: root [priv]
(sshd,15432,5540,0.0) sshd: root [net]
(root,16440,10184,1.8) sshd: root [priv]
(sshd,15432,5444,0.0) sshd: root [net]
(root,16440,10244,2.1) sshd: root [priv]
(sshd,15432,5524,0.0) sshd: root [net]
(root,16440,10324,1.6) sshd: root [priv]
(sshd,15432,5472,0.0) sshd: root [net]
(root,16440,10300,2.1) sshd: root [priv]
(sshd,15432,5504,0.0) sshd: root [net]
(root,16440,10136,1.3) sshd: root [priv]
(sshd,15432,5540,0.0) sshd: root [net]
(root,16440,10060,1.2) sshd: root [priv]
(sshd,15432,5424,0.0) sshd: root [net]
(root,16440,10116,1.5) sshd: root [priv]
(sshd,15432,5604,0.0) sshd: root [net]
(root,16440,10024,1.7) sshd: root [priv]
(sshd,15432,5416,0.0) sshd: root [net]
(root,16440,10120,1.5) sshd: root [priv]
(sshd,15432,5428,0.0) sshd: root [net]
(root,16440,9888,1.6) sshd: root [priv]
(sshd,15432,5528,0.0) sshd: root [net]
(root,16440,9864,1.3) sshd: root [priv]
(sshd,15432,5496,0.0) sshd: root [net]
(root,16440,9964,2.6) sshd: root [priv]
(sshd,15432,5572,0.0) sshd: root [net]
(root,16440,10180,3.5) sshd: root [priv]
(sshd,15432,5476,0.0) sshd: root [net]
(root,15432,8764,0.0) sshd: [accepted]
(sshd,15432,5564,0.0) sshd: [net]
(root,16440,10240,1.5) sshd: root [priv]
(sshd,15432,5456,0.0) sshd: root [net]
(root,16912,10108,0.0) sshd: unknown [priv]
(sshd,15432,5576,0.0) sshd: unknown [net]
(root,7372,3736,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1564,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1084,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /

Found on 2024-12-18 01:39

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca6f33c430

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315568,13344,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,3792,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,9692,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,6628,0.0) /lib/systemd/systemd-logind
(root,7824,1596,0.0) /bin/login -p --
(root,109760,9736,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(infra.mg,17176,6216,0.0) /lib/systemd/systemd --user
(infra.mg,169944,1864,0.0) (sd-pam)
(infra.mg,2892,748,0.0) -sh
(root,11512,1912,0.0) sudo su -
(root,11512,796,0.0) sudo su -
(root,10232,1020,0.0) su -
(root,8796,1988,0.0) -bash
(custadm+,17172,8356,0.0) /lib/systemd/systemd --user
(custadm+,318416,3424,0.0) (sd-pam)
(root,2356676,25148,0.0) /usr/lib/snapd/snapd
(nobody,517464,498448,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/13:2-events]
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3560,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,6720,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,155068,79164,0.2) /lib/systemd/systemd-journald
(root,11440,1848,0.0) /sbin/auditd
(root,295608,10508,0.0) /usr/libexec/packagekitd
(root,239612,5412,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5692,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2360,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5356,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9672,0.0) /usr/libexec/udisks2/udisksd
(root,12088,5808,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,4280,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5580,0.0) /usr/sbin/ModemManager
(root,14032,7940,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8040,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12536,0.0) /lib/systemd/systemd-resolved
(root,15436,7268,0.1) sshd: /usr/sbin/sshd -D [listener] 8 of 4-100 startups
(root,210344,15776,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,8208,0.0) /usr/sbin/squid --foreground -sYC
(root,405440,30208,0.8) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(root,0,0,0.0) [kworker/3:1-events]
(proxy,85344,37084,0.0) (squid-1) --kid squid-1 --foreground -sYC
(root,0,0,0.0) [kworker/6:0-events]
(root,0,0,0.0) [kworker/1:0-events]
(root,0,0,0.0) [kworker/9:0-events]
(root,0,0,0.0) [kworker/8:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/1:2-cgroup_destroy]
(root,0,0,0.0) [kworker/7:0-events]
(root,0,0,0.0) [kworker/0:0-events]
(root,0,0,0.0) [kworker/3:0-events]
(root,0,0,0.0) [kworker/10:0-cgroup_destroy]
(root,278924,258676,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,279776,266716,0.8) nginx: worker process
(nobody,279620,266636,0.1) nginx: worker process
(nobody,279620,266476,0.0) nginx: worker process
(nobody,279232,266168,0.0) nginx: worker process
(nobody,279232,266108,0.0) nginx: worker process
(nobody,279232,264844,0.0) nginx: worker process
(nobody,279232,264540,0.0) nginx: worker process
(nobody,279232,264540,0.0) nginx: worker process
(nobody,279232,264540,0.0) nginx: worker process
(nobody,279232,261656,0.0) nginx: worker process
(nobody,279232,261656,0.0) nginx: worker process
(nobody,279232,261656,0.0) nginx: worker process
(nobody,279232,261656,0.0) nginx: worker process
(nobody,279232,261656,0.0) nginx: worker process
(nobody,279232,261656,0.0) nginx: worker process
(nobody,279232,261656,0.0) nginx: worker process
(nobody,279232,260608,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/2:0-events]
(root,0,0,0.0) [kworker/5:0-cgroup_destroy]
(root,0,0,0.0) [kworker/8:0-cgroup_destroy]
(root,0,0,0.0) [kworker/15:1-events]
(root,0,0,0.0) [kworker/14:2-events]
(root,0,0,0.0) [kworker/6:2-cgroup_destroy]
(root,0,0,0.0) [kworker/10:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/11:1-cgroup_destroy]
(proxy,6176,2204,0.0) (pinger)
(root,0,0,0.0) [kworker/12:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/11:0-events]
(root,0,0,0.0) [kworker/4:1-cgroup_destroy]
(root,0,0,0.0) [kworker/2:1-cgroup_destroy]
(root,0,0,0.0) [kworker/9:2-cgroup_destroy]
(root,0,0,0.0) [kworker/14:1-events]
(root,0,0,0.0) [kworker/15:2-events]
(root,0,0,0.0) [kworker/7:2-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:2-flush-253:0]
(root,0,0,0.0) [kworker/0:2]
(root,0,0,0.0) [kworker/5:2-events]
(root,0,0,0.0) [kworker/12:0-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:1-flush-253:0]
(root,0,0,0.0) [kworker/13:0]
(root,0,0,0.0) [kworker/u32:4-writeback]
(root,0,0,0.0) [kworker/9:1]
(root,0,0,0.0) [kworker/u32:0-events_power_efficient]
(root,0,0,0.0) [kworker/u32:3-events_unbound]
(root,15432,8872,0.0) sshd: [accepted]
(root,16440,9952,1.7) sshd: root [priv]
(sshd,15432,5416,0.0) sshd: root [net]
(root,16912,10292,0.0) sshd: unknown [priv]
(sshd,15432,5612,0.0) sshd: unknown [net]
(root,16912,10400,0.0) sshd: unknown [priv]
(root,16912,10076,0.0) sshd: unknown [priv]
(sshd,15432,5596,0.0) sshd: unknown [net]
(sshd,15432,5508,0.0) sshd: unknown [net]
(root,16912,10176,0.0) sshd: unknown [priv]
(sshd,15432,5628,0.0) sshd: unknown [net]
(root,16912,10148,0.0) sshd: unknown [priv]
(sshd,15432,5588,0.0) sshd: unknown [net]
(root,16752,10412,0.0) sshd: unknown [priv]
(sshd,15432,5284,0.0) sshd: unknown [net]
(root,7372,3832,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1644,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1096,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(proxy,6068,1528,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/4:0-events]

Found on 2024-12-15 23:21

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320caa7950b71

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315568,13344,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,3792,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,9692,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,6652,0.0) /lib/systemd/systemd-logind
(root,7824,1596,0.0) /bin/login -p --
(root,109760,9736,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(infra.mg,17176,6216,0.0) /lib/systemd/systemd --user
(infra.mg,169944,1864,0.0) (sd-pam)
(infra.mg,2892,748,0.0) -sh
(root,11512,1912,0.0) sudo su -
(root,11512,796,0.0) sudo su -
(root,10232,1020,0.0) su -
(root,8796,1988,0.0) -bash
(custadm+,17172,8356,0.0) /lib/systemd/systemd --user
(custadm+,318416,3424,0.0) (sd-pam)
(root,0,0,0.0) [kworker/10:2-events]
(root,0,0,0.0) [kworker/1:1-events]
(root,2356676,25028,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/9:0-events]
(root,0,0,0.0) [kworker/8:3-events]
(root,0,0,0.0) [kworker/2:1-events]
(root,517156,501968,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,0.0) [kworker/2:0-cgroup_destroy]
(root,0,0,0.0) [kworker/7:3-events]
(root,0,0,0.0) [kworker/6:0-events]
(root,0,0,0.0) [kworker/10:1-cgroup_destroy]
(nobody,517464,503056,0.8) nginx: worker process
(nobody,517464,502992,0.0) nginx: worker process
(nobody,517464,503036,0.0) nginx: worker process
(nobody,517464,502944,0.0) nginx: worker process
(nobody,517464,501824,0.0) nginx: worker process
(nobody,517464,501504,0.0) nginx: worker process
(nobody,517464,501504,0.0) nginx: worker process
(nobody,517464,498816,0.0) nginx: worker process
(nobody,517464,498816,0.0) nginx: worker process
(nobody,517464,498816,0.0) nginx: worker process
(nobody,517464,498816,0.0) nginx: worker process
(nobody,517464,498816,0.0) nginx: worker process
(nobody,517464,498816,0.0) nginx: worker process
(nobody,517464,498816,0.0) nginx: worker process
(nobody,517464,498816,0.0) nginx: worker process
(nobody,517464,498816,0.0) nginx: worker process
(nobody,517464,498948,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/14:0-cgroup_destroy]
(root,0,0,0.0) [kworker/11:3-events]
(root,0,0,0.0) [kworker/12:1-events]
(root,0,0,0.0) [kworker/0:1-cgroup_destroy]
(root,0,0,0.0) [kworker/0:2-events]
(root,0,0,0.0) [kworker/13:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/6:2-events]
(root,0,0,0.0) [kworker/8:0-cgroup_destroy]
(root,0,0,0.0) [kworker/3:3]
(root,0,0,0.0) [kworker/9:1-cgroup_destroy]
(proxy,6176,2116,0.0) (pinger)
(root,0,0,0.0) [kworker/11:2-events]
(root,0,0,0.0) [kworker/13:0-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:0-flush-253:0]
(root,0,0,0.0) [kworker/7:1-events]
(root,0,0,0.0) [kworker/5:3-events]
(root,0,0,0.0) [kworker/u32:1-flush-253:0]
(root,0,0,0.0) [kworker/u32:3-writeback]
(root,0,0,0.0) [kworker/15:2]
(root,0,0,0.0) [kworker/4:1-cgroup_destroy]
(root,0,0,0.0) [kworker/1:0-events]
(root,0,0,0.0) [kworker/u32:2-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/u32:4-events_unbound]
(root,15432,9124,0.0) sshd: [accepted]
(root,15432,8956,0.0) sshd: [accepted]
(root,15432,8992,0.0) sshd: [accepted]
(root,15432,9068,0.0) sshd: [accepted]
(root,15432,8824,0.0) sshd: [accepted]
(root,15432,9072,0.0) sshd: [accepted]
(root,16912,10392,0.0) sshd: unknown [priv]
(root,16912,10308,0.0) sshd: unknown [priv]
(sshd,15432,5528,0.0) sshd: unknown [net]
(sshd,15432,5432,0.0) sshd: unknown [net]
(root,16912,10228,0.0) sshd: unknown [priv]
(sshd,15432,5432,0.0) sshd: unknown [net]
(root,16912,10124,0.0) sshd: unknown [priv]
(sshd,15432,5416,0.0) sshd: unknown [net]
(root,16440,10000,2.3) sshd: root [priv]
(sshd,15432,5392,0.0) sshd: root [net]
(root,16752,10216,0.0) sshd: unknown [priv]
(sshd,15432,5412,0.0) sshd: unknown [net]
(root,15432,8960,0.0) sshd: [accepted]
(sshd,15432,5464,0.0) sshd: [net]
(root,16440,10152,3.5) sshd: root [priv]
(sshd,15432,5412,0.0) sshd: root [net]
(root,7372,3792,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1572,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1164,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3560,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,6720,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,106116,44668,0.2) /lib/systemd/systemd-journald
(root,11440,1848,0.0) /sbin/auditd
(root,295608,10508,0.0) /usr/libexec/packagekitd
(root,239612,5412,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5700,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2360,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5356,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9672,0.0) /usr/libexec/udisks2/udisksd
(root,12088,5808,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,4280,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5580,0.0) /usr/sbin/ModemManager
(root,14032,7940,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8040,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12536,0.0) /lib/systemd/systemd-resolved
(root,15436,7268,0.1) sshd: /usr/sbin/sshd -D [listener] 14 of 4-100 startups
(root,210344,15776,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,8208,0.0) /usr/sbin/squid --foreground -sYC
(root,405440,30208,0.7) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(proxy,85344,37136,0.0) (squid-1) --kid squid-1 --foreground -sYC
(root,0,0,0.0) [kworker/12:3-cgroup_destroy]
(root,0,0,0.0) [kworker/3:0-events]
(proxy,6068,1528,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/14:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/5:0-events]
(root,0,0,0.0) [kworker/4:0-events]
(root,0,0,0.0) [kworker/15:1-mm_percpu_wq]

Found on 2024-12-13 22:57

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320caa9d20815

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315568,13344,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,3792,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,9692,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,6652,0.0) /lib/systemd/systemd-logind
(root,7824,1596,0.0) /bin/login -p --
(root,109760,9736,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,0,0,0.0) [kworker/0:2]
(root,0,0,0.0) [kworker/7:2-events]
(root,0,0,0.0) [kworker/6:0]
(root,0,0,0.0) [kworker/u32:2-events_power_efficient]
(root,0,0,0.0) [kworker/u32:3-events_power_efficient]
(root,0,0,0.0) [kworker/u32:0-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/u32:4-events_power_efficient]
(root,15432,9068,0.0) sshd: [accepted]
(root,15432,9052,0.0) sshd: [accepted]
(root,15432,9076,0.0) sshd: [accepted]
(root,15432,8996,0.0) sshd: [accepted]
(root,15432,8952,0.0) sshd: [accepted]
(root,15432,8808,0.0) sshd: [accepted]
(root,15432,8876,0.0) sshd: [accepted]
(root,15432,8856,0.0) sshd: [accepted]
(root,15432,8944,0.0) sshd: [accepted]
(root,15432,8788,0.0) sshd: [accepted]
(root,15432,8936,0.0) sshd: [accepted]
(root,15432,8964,0.0) sshd: [accepted]
(root,15432,8836,0.0) sshd: [accepted]
(root,15432,9016,0.0) sshd: [accepted]
(root,15432,8872,0.0) sshd: [accepted]
(root,15432,8896,0.0) sshd: [accepted]
(sshd,15432,5260,0.0) sshd: [net]
(root,15432,8900,0.0) sshd: [accepted]
(sshd,15432,5544,0.0) sshd: [net]
(root,15432,9012,0.0) sshd: [accepted]
(sshd,15432,5356,0.0) sshd: [net]
(root,15432,8816,0.0) sshd: [accepted]
(sshd,15432,5592,0.0) sshd: [net]
(root,15432,9068,0.0) sshd: [accepted]
(sshd,15432,5496,0.0) sshd: [net]
(root,15432,9020,0.0) sshd: [accepted]
(root,15432,8800,0.0) sshd: [accepted]
(sshd,15432,5504,0.0) sshd: [net]
(sshd,15432,5464,0.0) sshd: [net]
(root,16440,9944,1.4) sshd: root [priv]
(sshd,15432,5404,0.0) sshd: root [net]
(root,15432,8844,0.0) sshd: [accepted]
(sshd,15432,5348,0.0) sshd: [net]
(root,16440,9888,2.5) sshd: root [priv]
(sshd,15432,5420,0.0) sshd: root [net]
(root,15432,8884,0.0) sshd: [accepted]
(sshd,15432,5608,0.0) sshd: [net]
(root,16912,10224,0.0) sshd: unknown [priv]
(sshd,15432,5560,0.0) sshd: unknown [net]
(root,16912,10116,0.0) sshd: unknown [priv]
(sshd,15432,5616,0.0) sshd: unknown [net]
(root,15432,8952,0.0) sshd: [accepted]
(sshd,15432,5504,0.0) sshd: [net]
(root,16440,9912,4.0) sshd: root [priv]
(sshd,15432,5500,0.0) sshd: root [net]
(root,16912,10148,0.0) sshd: unknown [priv]
(sshd,15432,5448,0.0) sshd: unknown [net]
(root,15432,8932,0.0) sshd: [accepted]
(sshd,15432,5440,0.0) sshd: [net]
(root,7372,3864,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1608,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1088,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(infra.mg,17176,6216,0.0) /lib/systemd/systemd --user
(infra.mg,169944,1864,0.0) (sd-pam)
(infra.mg,2892,748,0.0) -sh
(root,11512,1912,0.0) sudo su -
(root,11512,796,0.0) sudo su -
(root,10232,1020,0.0) su -
(root,8796,1988,0.0) -bash
(custadm+,17172,8356,0.0) /lib/systemd/systemd --user
(custadm+,318416,3424,0.0) (sd-pam)
(root,2356676,25184,0.0) /usr/lib/snapd/snapd
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3560,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,6720,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,192340,94812,0.2) /lib/systemd/systemd-journald
(root,11440,1848,0.0) /sbin/auditd
(root,295608,10508,0.0) /usr/libexec/packagekitd
(root,239612,5412,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5700,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2360,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5356,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9672,0.0) /usr/libexec/udisks2/udisksd
(root,12088,5808,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,4280,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5580,0.0) /usr/sbin/ModemManager
(root,14032,7940,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8040,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12536,0.0) /lib/systemd/systemd-resolved
(root,15436,7268,0.1) sshd: /usr/sbin/sshd -D [listener] 32 of 4-100 startups
(root,210344,15776,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,8208,0.0) /usr/sbin/squid --foreground -sYC
(root,405440,29620,0.7) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(proxy,85344,36908,0.0) (squid-1) --kid squid-1 --foreground -sYC
(root,0,0,0.0) [kworker/15:2-events]
(root,0,0,0.0) [kworker/7:1-events]
(root,0,0,0.0) [kworker/5:1-cgroup_destroy]
(root,0,0,0.0) [kworker/14:3-cgroup_destroy]
(root,0,0,0.0) [kworker/12:3-events]
(root,0,0,0.0) [kworker/2:2-events]
(root,0,0,0.0) [kworker/3:0-events]
(proxy,6068,1528,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/10:0-events]
(root,0,0,0.0) [kworker/6:3-events]
(root,0,0,0.0) [kworker/14:1-events]
(root,0,0,0.0) [kworker/13:0-events]
(root,0,0,0.0) [kworker/11:2-events]
(root,0,0,0.0) [kworker/9:1-events]
(root,0,0,0.0) [kworker/4:1-events]
(root,0,0,0.0) [kworker/3:1-cgroup_destroy]
(root,278720,258524,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,279144,266056,1.5) nginx: worker process
(nobody,279164,266008,0.1) nginx: worker process
(nobody,279028,265856,0.0) nginx: worker process
(nobody,279028,265856,0.0) nginx: worker process
(nobody,279028,265856,0.0) nginx: worker process
(nobody,279028,264816,0.0) nginx: worker process
(nobody,279028,264880,0.0) nginx: worker process
(nobody,279028,261528,0.0) nginx: worker process
(nobody,279028,261528,0.0) nginx: worker process
(nobody,279028,261528,0.0) nginx: worker process
(nobody,279028,261528,0.0) nginx: worker process
(nobody,279028,261528,0.0) nginx: worker process
(nobody,279028,261528,0.0) nginx: worker process
(nobody,279028,261528,0.0) nginx: worker process
(nobody,279028,261528,0.0) nginx: worker process
(nobody,279028,261528,0.0) nginx: worker process
(nobody,279028,260500,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/11:3-events]
(root,0,0,0.0) [kworker/8:2-events]
(root,0,0,0.0) [kworker/9:0-cgroup_destroy]
(root,0,0,0.0) [kworker/5:0-events]
(root,0,0,0.0) [kworker/1:0-events]
(root,0,0,0.0) [kworker/2:1]
(root,0,0,0.0) [kworker/0:1-events]
(proxy,6176,2148,0.0) (pinger)
(root,0,0,0.0) [kworker/12:0]
(root,0,0,0.0) [kworker/4:0-cgroup_destroy]
(root,0,0,0.0) [kworker/15:1]
(root,0,0,0.0) [kworker/13:2-events]
(root,0,0,0.0) [kworker/1:2-cgroup_destroy]
(root,0,0,0.0) [kworker/10:1-events]
(root,0,0,0.0) [kworker/8:0-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:1-flush-253:0]

Found on 2024-12-11 23:27

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca12a4bf21

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315568,13344,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,3792,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,9692,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,6652,0.0) /lib/systemd/systemd-logind
(root,7824,1596,0.0) /bin/login -p --
(root,109760,9736,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(infra.mg,17176,6216,0.0) /lib/systemd/systemd --user
(infra.mg,169944,1864,0.0) (sd-pam)
(infra.mg,2892,748,0.0) -sh
(root,11512,1912,0.0) sudo su -
(root,11512,796,0.0) sudo su -
(root,10232,1020,0.0) su -
(root,8796,1988,0.0) -bash
(custadm+,17172,8356,0.0) /lib/systemd/systemd --user
(custadm+,318416,3424,0.0) (sd-pam)
(root,2356676,24928,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/2:0-events]
(root,0,0,0.0) [kworker/13:2-cgroup_destroy]
(root,0,0,0.0) [kworker/1:2-events]
(root,0,0,0.0) [kworker/12:0-mm_percpu_wq]
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3560,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,6720,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,200584,119140,0.2) /lib/systemd/systemd-journald
(root,11440,1848,0.0) /sbin/auditd
(root,295608,10508,0.0) /usr/libexec/packagekitd
(root,239612,5412,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5700,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2360,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5356,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9672,0.0) /usr/libexec/udisks2/udisksd
(root,12088,5808,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,4280,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5580,0.0) /usr/sbin/ModemManager
(root,14032,7940,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8040,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12536,0.0) /lib/systemd/systemd-resolved
(root,15436,7268,0.1) sshd: /usr/sbin/sshd -D [listener] 12 of 4-100 startups
(root,210344,15776,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,8208,0.0) /usr/sbin/squid --foreground -sYC
(root,405440,28764,0.7) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(proxy,84300,35760,0.0) (squid-1) --kid squid-1 --foreground -sYC
(root,0,0,0.0) [kworker/15:2-events]
(root,0,0,0.0) [kworker/0:1-cgroup_destroy]
(nobody,512516,493712,0.0) nginx: cache manager process
(root,514048,498780,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,0.0) [kworker/7:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/6:0-events]
(root,0,0,0.0) [kworker/5:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/9:0-events]
(root,0,0,0.0) [kworker/15:0-cgroup_destroy]
(root,0,0,0.0) [kworker/13:0-events]
(nobody,514356,499964,1.0) nginx: worker process
(nobody,514356,499964,0.1) nginx: worker process
(nobody,514356,499912,0.0) nginx: worker process
(nobody,514356,499912,0.0) nginx: worker process
(nobody,514356,498936,0.0) nginx: worker process
(nobody,514356,498936,0.0) nginx: worker process
(nobody,514356,495420,0.0) nginx: worker process
(nobody,514356,495420,0.0) nginx: worker process
(nobody,514356,495420,0.0) nginx: worker process
(nobody,514356,495420,0.0) nginx: worker process
(nobody,514356,495420,0.0) nginx: worker process
(nobody,514356,495420,0.0) nginx: worker process
(nobody,514356,495420,0.0) nginx: worker process
(nobody,514356,495420,0.0) nginx: worker process
(nobody,514356,495420,0.0) nginx: worker process
(nobody,514356,495420,0.0) nginx: worker process
(nobody,514356,495484,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/14:3-mm_percpu_wq]
(root,0,0,0.0) [kworker/1:1-cgroup_destroy]
(root,0,0,0.0) [kworker/4:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/12:3-cgroup_destroy]
(root,0,0,0.0) [kworker/4:2-cgroup_destroy]
(root,0,0,0.0) [kworker/2:2-cgroup_destroy]
(root,0,0,0.0) [kworker/11:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/8:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/9:1]
(root,0,0,0.0) [kworker/3:0-events]
(proxy,6068,1528,0.0) (logfile-daemon) /var/log/squid/access.log
(proxy,6176,2196,0.0) (pinger)
(root,0,0,0.0) [kworker/7:2-cgroup_destroy]
(root,0,0,0.0) [kworker/0:2-events]
(root,0,0,0.0) [kworker/14:0-cgroup_destroy]
(root,0,0,0.0) [kworker/10:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/5:0]
(root,0,0,0.0) [kworker/3:2-events]
(root,0,0,0.0) [kworker/11:3-cgroup_destroy]
(root,0,0,0.0) [kworker/8:2-events]
(root,0,0,0.0) [kworker/6:2]
(root,0,0,0.0) [kworker/u32:0-flush-253:0]
(root,0,0,0.0) [kworker/u32:2-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/10:1]
(root,0,0,0.0) [kworker/u32:4-events_power_efficient]
(root,15432,8736,0.0) sshd: [accepted]
(root,15432,8860,0.0) sshd: [accepted]
(root,15432,8980,0.0) sshd: [accepted]
(root,0,0,0.0) [kworker/u32:1-writeback]
(root,15432,8968,0.0) sshd: [accepted]
(root,0,0,0.0) [kworker/u32:3]
(root,15432,9060,0.0) sshd: [accepted]
(root,15432,9120,0.0) sshd: [accepted]
(root,15432,8832,0.0) sshd: [accepted]
(root,15432,8952,0.0) sshd: [accepted]
(sshd,15432,5556,0.0) sshd: [net]
(root,15432,8848,0.0) sshd: [accepted]
(root,16912,10068,0.0) sshd: unknown [priv]
(sshd,15432,5460,0.0) sshd: unknown [net]
(root,15432,8848,0.0) sshd: [accepted]
(sshd,15432,5492,0.0) sshd: [net]
(root,16912,10068,0.0) sshd: unknown [priv]
(sshd,15432,5492,0.0) sshd: unknown [net]
(root,4364,3304,0.0) bash
(root,16748,5036,0.0) ipmitool sensor list
(root,3472,1624,0.0) grep -v command failed
(root,3688,1164,0.0) sed -e s/ *| */|/g -e s/ /_/g -e s/_*$// -e s/|/ /g
(root,3472,1716,0.0) grep -E -v ^[^ ]+ na 
(root,3472,1620,0.0) grep -v  discrete 
(root,7372,3724,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1608,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1108,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /

Found on 2024-12-09 23:39

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca90108b3c

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315568,13344,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,3792,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,9692,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,6652,0.0) /lib/systemd/systemd-logind
(root,7824,1596,0.0) /bin/login -p --
(root,109760,9736,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(infra.mg,17176,6216,0.0) /lib/systemd/systemd --user
(infra.mg,169944,1864,0.0) (sd-pam)
(infra.mg,2892,748,0.0) -sh
(root,11512,1912,0.0) sudo su -
(root,11512,796,0.0) sudo su -
(root,10232,1020,0.0) su -
(root,8796,1988,0.0) -bash
(custadm+,17172,8356,0.0) /lib/systemd/systemd --user
(custadm+,318416,3424,0.0) (sd-pam)
(root,0,0,0.0) [kworker/5:1-events]
(root,2356612,24096,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/3:3-events]
(root,0,0,0.0) [kworker/2:0-events]
(root,0,0,0.0) [kworker/13:2-events]
(root,0,0,0.0) [kworker/7:2-events]
(root,0,0,0.0) [kworker/6:2-events]
(root,276024,255856,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,276460,263288,1.0) nginx: worker process
(nobody,276732,263620,0.1) nginx: worker process
(nobody,276332,263200,0.0) nginx: worker process
(nobody,276468,263356,0.0) nginx: worker process
(nobody,276332,263192,0.0) nginx: worker process
(nobody,276332,262144,0.0) nginx: worker process
(nobody,276332,262144,0.0) nginx: worker process
(nobody,276332,262144,0.0) nginx: worker process
(nobody,276332,262144,0.0) nginx: worker process
(nobody,276332,258672,0.0) nginx: worker process
(nobody,276332,258672,0.0) nginx: worker process
(nobody,276332,258672,0.0) nginx: worker process
(nobody,276332,258672,0.0) nginx: worker process
(nobody,276332,258672,0.0) nginx: worker process
(nobody,276332,258672,0.0) nginx: worker process
(nobody,276332,258672,0.0) nginx: worker process
(nobody,276332,257628,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/4:0-events]
(root,0,0,0.0) [kworker/1:2-events]
(root,0,0,0.0) [kworker/8:2-events]
(root,0,0,0.0) [kworker/0:2-events]
(root,0,0,0.0) [kworker/2:2-cgroup_destroy]
(root,0,0,0.0) [kworker/12:0-mm_percpu_wq]
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3560,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,6720,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,97980,29360,0.2) /lib/systemd/systemd-journald
(root,11440,1848,0.0) /sbin/auditd
(root,295608,10508,0.0) /usr/libexec/packagekitd
(root,239612,5412,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5700,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2360,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5356,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9672,0.0) /usr/libexec/udisks2/udisksd
(root,12088,5808,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,4280,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5580,0.0) /usr/sbin/ModemManager
(root,14032,7940,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8040,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12536,0.0) /lib/systemd/systemd-resolved
(root,15436,7268,0.1) sshd: /usr/sbin/sshd -D [listener] 45 of 4-100 startups
(root,210344,15776,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,8208,0.0) /usr/sbin/squid --foreground -sYC
(root,0,0,0.0) [kworker/13:1-cgroup_destroy]
(root,0,0,0.0) [kworker/10:0-events]
(root,0,0,0.0) [kworker/11:0-events]
(root,0,0,0.0) [kworker/14:2-events]
(root,0,0,0.0) [kworker/9:0-events]
(root,0,0,0.0) [kworker/15:0-cgroup_destroy]
(root,405440,30172,0.7) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(root,0,0,0.0) [kworker/0:0-events]
(root,0,0,0.0) [kworker/4:2-cgroup_destroy]
(root,0,0,0.0) [kworker/14:1-cgroup_destroy]
(root,0,0,0.0) [kworker/9:2-events]
(root,0,0,0.0) [kworker/12:2-events]
(proxy,84300,35760,0.0) (squid-1) --kid squid-1 --foreground -sYC
(root,0,0,0.0) [kworker/6:0-cgroup_destroy]
(proxy,6176,2176,0.0) (pinger)
(root,0,0,0.0) [kworker/15:2-events]
(root,0,0,0.0) [kworker/11:3-cgroup_destroy]
(root,0,0,0.0) [kworker/7:0-events]
(root,0,0,0.0) [kworker/u32:3-writeback]
(root,0,0,0.0) [kworker/8:0]
(root,0,0,0.0) [kworker/5:3-events]
(root,0,0,0.0) [kworker/3:0-cgroup_destroy]
(root,0,0,0.0) [kworker/10:1-events]
(root,441164,83144,0.0) /usr/libexec/fwupd/fwupd
(root,0,0,0.0) [kworker/1:0-events]
(root,0,0,0.0) [kworker/u32:1-events_unbound]
(root,0,0,0.0) [kworker/u32:2-events_power_efficient]
(root,0,0,0.0) [kworker/u32:0]
(root,15432,8740,0.0) sshd: [accepted]
(sshd,15432,5432,0.0) sshd: [net]
(root,15432,8952,0.0) sshd: [accepted]
(root,15432,8888,0.0) sshd: [accepted]
(root,15432,8868,0.0) sshd: [accepted]
(sshd,15432,5336,0.0) sshd: [net]
(root,15432,9028,0.0) sshd: [accepted]
(root,15432,8852,0.0) sshd: [accepted]
(sshd,15432,5600,0.0) sshd: [net]
(root,15432,8752,0.0) sshd: [accepted]
(sshd,15432,5564,0.0) sshd: [net]
(root,15432,9108,0.0) sshd: [accepted]
(sshd,15432,5588,0.0) sshd: [net]
(root,15432,8932,0.0) sshd: [accepted]
(sshd,15432,5548,0.0) sshd: [net]
(root,15432,8952,0.0) sshd: [accepted]
(sshd,15432,5596,0.0) sshd: [net]
(root,16440,10188,0.5) sshd: root [priv]
(sshd,15432,5412,0.0) sshd: root [net]
(root,15432,8852,0.0) sshd: [accepted]
(sshd,15432,5528,0.0) sshd: [net]
(root,16440,10156,1.1) sshd: root [priv]
(sshd,15432,5440,0.0) sshd: root [net]
(root,16440,10192,1.8) sshd: root [priv]
(sshd,15432,5412,0.0) sshd: root [net]
(root,16440,10016,1.6) sshd: root [priv]
(root,16440,10128,2.0) sshd: root [priv]
(sshd,15432,5344,0.0) sshd: root [net]
(sshd,15432,5584,0.0) sshd: root [net]
(root,16440,10124,1.3) sshd: root [priv]
(root,16440,10148,1.6) sshd: root [priv]
(root,16440,9996,1.1) sshd: root [priv]
(sshd,15432,5552,0.0) sshd: root [net]
(sshd,15432,5572,0.0) sshd: root [net]
(sshd,15432,5600,0.0) sshd: root [net]
(root,16440,10012,1.1) sshd: root [priv]
(sshd,15432,5540,0.0) sshd: root [net]
(root,16440,10068,1.3) sshd: root [priv]
(root,16440,10024,1.0) sshd: root [priv]
(sshd,15432,5464,0.0) sshd: root [net]
(sshd,15432,5536,0.0) sshd: root [net]
(root,16440,10184,1.3) sshd: root [priv]
(sshd,15432,5624,0.0) sshd: root [net]
(root,16440,10328,1.6) sshd: root [priv]
(sshd,15432,5424,0.0) sshd: root [net]
(root,32852,15640,1.8) sshd: root [priv]
(sshd,15432,5404,0.0) sshd: root [net]
(root,16440,9968,1.1) sshd: root [priv]
(sshd,15432,5520,0.0) sshd: root [net]
(root,16440,10364,1.3) sshd: root [priv]
(root,16440,9888,1.3) sshd: root [priv]
(sshd,15432,5500,0.0) sshd: root [net]
(sshd,15432,5412,0.0) sshd: root [net]
(root,16440,9944,1.1) sshd: root [priv]
(sshd,15432,5476,0.0) sshd: root [net]
(root,16440,10044,0.8) sshd: root [priv]
(sshd,15432,5492,0.0) sshd: root [net]
(root,16440,10200,0.8) sshd: root [priv]
(sshd,15432,5576,0.0) sshd: root [net]
(root,16440,10056,0.6) sshd: root [priv]
(sshd,15432,5604,0.0) sshd: root [net]
(root,16440,9996,0.8) sshd: root [priv]
(sshd,15432,5532,0.0) sshd: root [net]
(root,16440,10040,1.1) sshd: root [priv]
(sshd,15432,5624,0.0) sshd: root [net]
(root,16440,10192,1.6) sshd: root [priv]
(sshd,15432,5640,0.0) sshd: root [net]
(root,16440,10192,1.4) sshd: root [priv]
(sshd,15432,5552,0.0) sshd: root [net]
(root,16440,10012,1.4) sshd: root [priv]
(sshd,15432,5516,0.0) sshd: root [net]
(root,16440,10236,1.4) sshd: root [priv]
(sshd,15432,5616,0.0) sshd: root [net]
(root,16440,10016,1.4) sshd: root [priv]
(sshd,15432,5424,0.0) sshd: root [net]
(root,16440,10132,1.6) sshd: root [priv]
(sshd,15432,5444,0.0) sshd: root [net]
(root,16440,10168,1.4) sshd: root [priv]
(sshd,15432,5368,0.0) sshd: root [net]
(root,16440,9932,2.3) sshd: root [priv]
(sshd,15432,5512,0.0) sshd: root [net]
(root,16440,10168,3.5) sshd: root [priv]
(sshd,15432,5576,0.0) sshd: root [net]
(root,16912,10320,0.0) sshd: unknown [priv]
(sshd,15432,5396,0.0) sshd: unknown [net]
(root,15432,8960,0.0) sshd: [accepted]
(sshd,15432,5636,0.0) sshd: [net]
(root,7372,3772,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1556,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1180,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(proxy,6068,1528,0.0) (logfile-daemon) /var/log/squid/access.log

Found on 2024-12-07 23:29

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320caa5a8a373

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315568,13336,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,3792,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,9692,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,6652,0.0) /lib/systemd/systemd-logind
(root,7824,1596,0.0) /bin/login -p --
(root,109760,9736,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,0,0,0.0) [kworker/0:0-events]
(nobody,259476,145996,0.0) nginx: cache manager process
(root,500556,436868,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,0.0) [kworker/7:1-cgroup_destroy]
(infra.mg,17176,6216,0.0) /lib/systemd/systemd --user
(infra.mg,169944,1864,0.0) (sd-pam)
(infra.mg,2892,748,0.0) -sh
(root,11512,1912,0.0) sudo su -
(root,11512,796,0.0) sudo su -
(root,10232,1020,0.0) su -
(root,8796,1988,0.0) -bash
(root,0,0,0.0) [kworker/9:3-cgroup_destroy]
(nobody,482400,338800,0.0) nginx: cache manager process
(nobody,500864,438928,1.0) nginx: worker process
(nobody,500864,438548,0.1) nginx: worker process
(nobody,500864,438328,0.0) nginx: worker process
(nobody,500864,438332,0.0) nginx: worker process
(nobody,500864,438196,0.0) nginx: worker process
(nobody,500864,437440,0.0) nginx: worker process
(nobody,500864,436904,0.0) nginx: worker process
(nobody,500864,433916,0.0) nginx: worker process
(nobody,500864,433916,0.0) nginx: worker process
(nobody,500864,433916,0.0) nginx: worker process
(nobody,500864,433916,0.0) nginx: worker process
(nobody,500864,433916,0.0) nginx: worker process
(nobody,500864,433916,0.0) nginx: worker process
(nobody,500864,433916,0.0) nginx: worker process
(nobody,500864,433916,0.0) nginx: worker process
(nobody,500864,433916,0.0) nginx: worker process
(nobody,500864,433516,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/15:2-events]
(root,0,0,0.0) [kworker/14:3-cgroup_destroy]
(root,0,0,0.0) [kworker/14:1-mm_percpu_wq]
(nobody,259476,141992,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/9:0-events]
(root,0,0,0.0) [kworker/7:0-events]
(nobody,263792,203108,0.0) nginx: cache manager process
(custadm+,17172,8356,0.0) /lib/systemd/systemd --user
(custadm+,318416,3424,0.0) (sd-pam)
(root,0,0,0.0) [kworker/1:0-cgroup_destroy]
(root,0,0,0.0) [kworker/1:2-events]
(root,0,0,0.0) [kworker/13:1-cgroup_destroy]
(nobody,260628,160872,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/4:3-events]
(root,0,0,0.0) [kworker/5:0-cgroup_destroy]
(nobody,486528,358840,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/11:0-events]
(root,0,0,0.0) [kworker/10:3-events]
(root,0,0,0.0) [kworker/5:1-events]
(proxy,6176,2212,0.0) (pinger)
(root,0,0,0.0) [kworker/6:3-cgroup_destroy]
(root,0,0,0.0) [kworker/8:3-events]
(root,0,0,0.0) [kworker/3:2-events]
(root,0,0,0.0) [kworker/10:2-events]
(root,0,0,0.0) [kworker/u32:1-flush-8:0]
(root,2356612,24368,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/u32:7-flush-253:0]
(root,0,0,0.0) [kworker/u32:3-flush-253:0]
(root,0,0,0.0) [kworker/u32:4-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/4:2]
(root,0,0,0.0) [kworker/11:2-cgroup_destroy]
(root,0,0,0.0) [kworker/12:3]
(root,0,0,0.0) [kworker/2:3]
(nobody,259476,146748,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/u32:2-flush-8:0]
(root,0,0,0.0) [kworker/u32:0-flush-8:0]
(root,0,0,0.0) [kworker/15:0]
(root,0,0,0.0) [kworker/3:1]
(root,15432,9048,0.0) sshd: [accepted]
(root,15432,8940,0.0) sshd: [accepted]
(root,15432,8956,0.0) sshd: [accepted]
(root,15432,9056,0.0) sshd: [accepted]
(root,0,0,0.0) [kworker/u32:5-ext4-rsv-conversion]
(root,15432,8984,0.0) sshd: [accepted]
(root,15432,8780,0.0) sshd: [accepted]
(root,15432,8940,0.0) sshd: [accepted]
(root,15432,8792,0.0) sshd: [accepted]
(root,15432,8744,0.0) sshd: [accepted]
(root,15432,8916,0.0) sshd: [accepted]
(root,15432,8796,0.0) sshd: [accepted]
(root,15432,8764,0.0) sshd: [accepted]
(root,15432,8948,0.0) sshd: [accepted]
(root,15432,8832,0.0) sshd: [accepted]
(root,15432,8932,0.0) sshd: [accepted]
(root,15432,8820,0.0) sshd: [accepted]
(root,15432,9084,0.0) sshd: [accepted]
(root,15432,9020,0.0) sshd: [accepted]
(root,15432,8976,0.0) sshd: [accepted]
(root,15432,8856,0.0) sshd: [accepted]
(root,15432,9072,0.0) sshd: [accepted]
(root,15432,8800,0.0) sshd: [accepted]
(root,15432,8776,0.0) sshd: [accepted]
(root,15432,8972,0.0) sshd: [accepted]
(root,16440,9868,1.0) sshd: root [priv]
(sshd,15432,5440,0.0) sshd: root [net]
(root,16912,10552,0.0) sshd: unknown [priv]
(sshd,15432,5364,0.0) sshd: unknown [net]
(root,15432,8744,0.0) sshd: [accepted]
(sshd,15432,5420,0.0) sshd: [net]
(root,16912,10308,0.2) sshd: unknown [priv]
(sshd,15432,5400,0.0) sshd: unknown [net]
(root,16440,10048,2.3) sshd: root [priv]
(sshd,15432,5476,0.0) sshd: root [net]
(root,15432,9028,0.0) sshd: [accepted]
(sshd,15432,5496,0.0) sshd: [net]
(root,16912,10300,0.0) sshd: unknown [priv]
(sshd,15432,5376,0.0) sshd: unknown [net]
(root,16912,10176,0.3) sshd: unknown [priv]
(sshd,15432,5480,0.0) sshd: unknown [net]
(root,16440,9912,2.0) sshd: root [priv]
(sshd,15432,5392,0.0) sshd: root [net]
(root,16440,9976,7.0) sshd: root [priv]
(sshd,15432,5588,0.0) sshd: root [net]
(root,15432,8872,0.0) sshd: [accepted]
(sshd,15432,5508,0.0) sshd: [net]
(root,7372,3796,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1588,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1168,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,259476,142296,0.0) nginx: cache manager process
(nobody,265392,204680,0.0) nginx: cache manager process
(nobody,260628,161108,0.0) nginx: cache manager process
(nobody,263792,189892,0.0) nginx: cache manager process
(nobody,258552,140648,0.0) nginx: cache manager process
(nobody,259476,147484,0.0) nginx: cache manager process
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3560,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,6720,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,192116,113844,0.2) /lib/systemd/systemd-journald
(root,11440,1848,0.0) /sbin/auditd
(root,295608,10508,0.0) /usr/libexec/packagekitd
(root,239612,5412,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5080,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2360,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5356,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9672,0.0) /usr/libexec/udisks2/udisksd
(root,12088,5808,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,4280,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5580,0.0) /usr/sbin/ModemManager
(root,14032,7940,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8040,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12536,0.0) /lib/systemd/systemd-resolved
(root,15436,7268,0.1) sshd: /usr/sbin/sshd -D [listener] 35 of 4-100 startups
(root,210344,15776,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,8208,0.0) /usr/sbin/squid --foreground -sYC
(nobody,480048,270756,0.0) nginx: cache manager process
(root,405440,30096,0.7) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(nobody,260628,164152,0.0) nginx: cache manager process
(nobody,263792,189840,0.0) nginx: cache manager process
(nobody,258552,140696,0.0) nginx: cache manager process
(nobody,259476,143620,0.0) nginx: cache manager process
(proxy,84300,35760,0.0) (squid-1) --kid squid-1 --foreground -sYC
(nobody,265392,214456,0.0) nginx: cache manager process
(nobody,258552,140676,0.0) nginx: cache manager process
(nobody,260624,166216,0.0) nginx: cache manager process
(nobody,480356,288132,0.0) nginx: cache manager process
(nobody,265392,215180,0.0) nginx: cache manager process
(nobody,259476,143940,0.0) nginx: cache manager process
(nobody,263792,190948,0.0) nginx: cache manager process
(nobody,477800,264044,0.0) nginx: cache manager process
(proxy,6068,1528,0.0) (logfile-daemon) /var/log/squid/access.log
(nobody,259476,141424,0.0) nginx: cache manager process
(nobody,480312,289940,0.0) nginx: cache manager process
(nobody,265520,217292,0.0) nginx: cache manager process
(nobody,258716,140824,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/13:0-events]
(nobody,488188,346260,0.0) nginx: cache manager process
(nobody,486828,345540,0.0) nginx: cache manager process
(nobody,259476,141296,0.0) nginx: cache manager process
(nobody,259704,150272,0.0) nginx: cache manager process
(nobody,260792,179268,0.0) nginx: cache manager process
(nobody,259476,144624,0.0) nginx: cache manager process
(nobody,477948,263556,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/12:1-events]
(nobody,265520,221932,0.0) nginx: cache manager process
(nobody,263792,202028,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/8:1-events]
(root,0,0,0.0) [kworker/2:1-events]
(root,0,0,0.0) [kworker/6:1-events]
(root,0,0,0.0) [kworker/0:2-cgroup_destroy]
(nobody,258548,140636,0.0) nginx: cache manager process

Found on 2024-12-05 23:39

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca85c3d656

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315568,13544,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,3812,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,10468,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,6828,0.0) /lib/systemd/systemd-logind
(root,7824,1652,0.0) /bin/login -p --
(root,109760,10260,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(nobody,259476,161708,0.0) nginx: cache manager process
(infra.mg,17176,6292,0.0) /lib/systemd/systemd --user
(infra.mg,169944,1984,0.0) (sd-pam)
(infra.mg,2892,752,0.0) -sh
(root,11512,1940,0.0) sudo su -
(root,11512,824,0.0) sudo su -
(root,10232,1060,0.0) su -
(root,8796,2112,0.0) -bash
(nobody,482400,378672,0.0) nginx: cache manager process
(nobody,259476,157580,0.0) nginx: cache manager process
(nobody,263792,226380,0.0) nginx: cache manager process
(custadm+,17172,8520,0.0) /lib/systemd/systemd --user
(custadm+,318416,4096,0.0) (sd-pam)
(nobody,260628,178232,0.0) nginx: cache manager process
(nobody,486528,400896,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/11:0-events]
(root,2356612,24564,0.0) /usr/lib/snapd/snapd
(nobody,259476,162808,0.0) nginx: cache manager process
(nobody,259476,158100,0.0) nginx: cache manager process
(nobody,265392,227936,0.0) nginx: cache manager process
(nobody,260628,178136,0.0) nginx: cache manager process
(nobody,263792,210988,0.0) nginx: cache manager process
(nobody,258552,156572,0.0) nginx: cache manager process
(nobody,259476,163732,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/5:0-cgroup_destroy]
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3576,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,6720,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,138904,60528,0.2) /lib/systemd/systemd-journald
(root,11440,1868,0.0) /sbin/auditd
(root,295608,10832,0.0) /usr/libexec/packagekitd
(root,239612,5616,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5084,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2376,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5440,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9792,0.0) /usr/libexec/udisks2/udisksd
(root,12088,5808,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,4408,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5860,0.0) /usr/sbin/ModemManager
(root,14032,8264,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8116,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12572,0.0) /lib/systemd/systemd-resolved
(root,15436,7260,0.1) sshd: /usr/sbin/sshd -D [listener] 14 of 4-100 startups
(root,210344,15976,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,8208,0.0) /usr/sbin/squid --foreground -sYC
(nobody,480048,302732,0.0) nginx: cache manager process
(root,405440,30932,0.7) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(nobody,260628,181812,0.0) nginx: cache manager process
(nobody,263792,210664,0.0) nginx: cache manager process
(nobody,258552,156496,0.0) nginx: cache manager process
(nobody,259476,159608,0.0) nginx: cache manager process
(proxy,84300,35752,0.0) (squid-1) --kid squid-1 --foreground -sYC
(nobody,265392,238736,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/1:0-events]
(nobody,258552,156544,0.0) nginx: cache manager process
(nobody,260624,184384,0.0) nginx: cache manager process
(nobody,480356,321176,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/6:1-events]
(root,0,0,0.0) [kworker/15:3-events]
(nobody,265392,239324,0.0) nginx: cache manager process
(nobody,259476,159784,0.0) nginx: cache manager process
(nobody,263792,212240,0.0) nginx: cache manager process
(nobody,477800,294804,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/7:3-events]
(root,0,0,0.0) [kworker/10:0-events]
(root,0,0,0.0) [kworker/12:0-events]
(root,0,0,0.0) [kworker/3:2-events]
(proxy,6068,1528,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/8:3-events]
(nobody,259476,157348,0.0) nginx: cache manager process
(nobody,480312,323704,0.0) nginx: cache manager process
(root,265212,239848,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,265924,247884,1.1) nginx: worker process
(nobody,265652,247612,0.1) nginx: worker process
(nobody,265520,247404,0.0) nginx: worker process
(nobody,265520,247408,0.0) nginx: worker process
(nobody,265520,247204,0.0) nginx: worker process
(nobody,265520,245416,0.0) nginx: worker process
(nobody,265520,246896,0.0) nginx: worker process
(nobody,265520,245480,0.0) nginx: worker process
(nobody,265520,242728,0.0) nginx: worker process
(nobody,265520,242728,0.0) nginx: worker process
(nobody,265520,242728,0.0) nginx: worker process
(nobody,265520,242728,0.0) nginx: worker process
(nobody,265520,242728,0.0) nginx: worker process
(nobody,265520,242728,0.0) nginx: worker process
(nobody,265520,242728,0.0) nginx: worker process
(nobody,265520,242728,0.0) nginx: worker process
(nobody,265520,241676,0.0) nginx: cache manager process
(nobody,258716,156728,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/13:0-events]
(root,0,0,0.0) [kworker/14:1-events]
(nobody,488188,386880,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/0:0-events]
(root,0,0,0.0) [kworker/5:2-events]
(nobody,486828,386008,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/9:3-events]
(root,0,0,0.0) [kworker/13:1-cgroup_destroy]
(root,0,0,0.0) [kworker/4:3-events]
(nobody,259476,157308,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/15:0]
(root,0,0,0.0) [kworker/3:1-events]
(root,0,0,0.0) [kworker/9:0]
(nobody,259704,166392,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/2:0-events]
(proxy,6176,2160,0.0) (pinger)
(root,0,0,0.0) [kworker/7:0-events]
(root,0,0,0.0) [kworker/4:2-events]
(nobody,260792,199100,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/12:2]
(root,0,0,0.0) [kworker/u32:4-flush-8:0]
(root,0,0,0.0) [kworker/11:3-events]
(root,0,0,0.0) [kworker/0:1-cgroup_destroy]
(root,0,0,0.0) [kworker/10:2]
(root,0,0,0.0) [kworker/u32:0-flush-253:0]
(root,0,0,0.0) [kworker/u32:1-flush-253:0]
(root,0,0,0.0) [kworker/6:0]
(root,0,0,0.0) [kworker/1:1-cgroup_destroy]
(root,0,0,0.0) [kworker/8:0]
(root,0,0,0.0) [kworker/2:1]
(root,0,0,0.0) [kworker/u32:6-flush-253:0]
(root,0,0,0.0) [kworker/u32:3-flush-253:0]
(root,0,0,0.0) [kworker/u32:2-flush-253:0]
(root,0,0,0.0) [kworker/14:0]
(root,0,0,0.0) [kworker/u32:5-flush-253:0]
(root,15432,9056,0.0) sshd: [accepted]
(root,15432,8844,0.0) sshd: [accepted]
(root,440976,82812,1.5) /usr/libexec/fwupd/fwupd
(root,0,0,0.0) [kworker/2:2-events]
(root,0,0,0.0) [kworker/0:2-events]
(root,15432,8792,0.0) sshd: [accepted]
(root,15432,8852,0.0) sshd: [accepted]
(root,16440,10040,0.3) sshd: root [priv]
(sshd,15432,5456,0.0) sshd: root [net]
(root,15432,8908,0.0) sshd: [accepted]
(root,16440,10072,0.8) sshd: root [priv]
(sshd,15432,5512,0.0) sshd: root [net]
(root,16912,10356,0.0) sshd: unknown [priv]
(sshd,15432,5440,0.0) sshd: unknown [net]
(root,16440,9948,2.5) sshd: root [priv]
(sshd,15432,5448,0.0) sshd: root [net]
(root,16912,10160,0.0) sshd: unknown [priv]
(sshd,15432,5388,0.0) sshd: unknown [net]
(root,16440,10088,3.0) sshd: root [priv]
(sshd,15432,5408,0.0) sshd: root [net]
(root,16912,10236,1.0) sshd: unknown [priv]
(sshd,15432,5440,0.0) sshd: unknown [net]
(root,15432,9064,0.0) sshd: [accepted]
(sshd,15432,5468,0.0) sshd: [net]
(root,15432,8924,0.0) sshd: [accepted]
(sshd,15432,5540,0.0) sshd: [net]
(root,7372,3796,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1564,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1108,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,259476,160484,0.0) nginx: cache manager process
(nobody,477948,294688,0.0) nginx: cache manager process
(nobody,263792,225212,0.0) nginx: cache manager process
(nobody,258548,156560,0.0) nginx: cache manager process

Found on 2024-12-03 23:57

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca4bad3826

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315568,13572,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,3820,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,10520,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,6864,0.0) /lib/systemd/systemd-logind
(root,7824,1652,0.0) /bin/login -p --
(root,109760,10272,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(nobody,259476,166672,0.0) nginx: cache manager process
(infra.mg,17176,6292,0.0) /lib/systemd/systemd --user
(infra.mg,169944,1984,0.0) (sd-pam)
(infra.mg,2892,752,0.0) -sh
(root,11512,1940,0.0) sudo su -
(root,11512,824,0.0) sudo su -
(root,10232,1060,0.0) su -
(root,8796,2112,0.0) -bash
(nobody,482400,390572,0.0) nginx: cache manager process
(nobody,259476,162384,0.0) nginx: cache manager process
(nobody,263792,233364,0.0) nginx: cache manager process
(custadm+,17172,8532,0.0) /lib/systemd/systemd --user
(custadm+,318416,4148,0.0) (sd-pam)
(nobody,260628,183596,0.0) nginx: cache manager process
(nobody,486528,413696,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/11:0-events]
(root,0,0,0.0) [kworker/14:1-cgroup_destroy]
(root,2356612,24184,0.0) /usr/lib/snapd/snapd
(nobody,259476,167880,0.0) nginx: cache manager process
(nobody,259476,163024,0.0) nginx: cache manager process
(nobody,265392,234920,0.0) nginx: cache manager process
(nobody,260628,183384,0.0) nginx: cache manager process
(nobody,263792,217692,0.0) nginx: cache manager process
(nobody,258552,161476,0.0) nginx: cache manager process
(nobody,259476,168836,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/3:1-cgroup_destroy]
(root,0,0,0.0) [kworker/5:0-events]
(root,0,0,0.0) [kworker/7:2-cgroup_destroy]
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3588,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,6720,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,188088,113380,0.2) /lib/systemd/systemd-journald
(root,11440,1872,0.0) /sbin/auditd
(root,295608,10864,0.0) /usr/libexec/packagekitd
(root,239612,5620,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5092,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2376,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5448,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9796,0.0) /usr/libexec/udisks2/udisksd
(root,12088,5816,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,4424,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,6128,0.0) /usr/sbin/ModemManager
(root,14032,8356,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8120,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12576,0.0) /lib/systemd/systemd-resolved
(root,15436,7256,0.1) sshd: /usr/sbin/sshd -D [listener] 16 of 4-100 startups
(root,210344,16124,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,8208,0.0) /usr/sbin/squid --foreground -sYC
(nobody,480048,312372,0.0) nginx: cache manager process
(root,405440,31408,0.7) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(root,0,0,0.0) [kworker/1:2-events]
(nobody,260628,187624,0.0) nginx: cache manager process
(nobody,263792,217316,0.0) nginx: cache manager process
(nobody,258552,161408,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/15:2-events]
(root,0,0,0.0) [kworker/13:1-cgroup_destroy]
(nobody,259476,164612,0.0) nginx: cache manager process
(proxy,84300,35752,0.0) (squid-1) --kid squid-1 --foreground -sYC
(root,0,0,0.0) [kworker/12:2-events]
(root,0,0,0.0) [kworker/2:1-events]
(root,0,0,0.0) [kworker/10:3-events]
(root,0,0,0.0) [kworker/7:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/6:2-events]
(root,0,0,0.0) [kworker/4:3-events]
(root,0,0,0.0) [kworker/5:1-cgroup_destroy]
(root,265084,244076,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,265784,252044,0.6) nginx: worker process
(nobody,265776,251996,0.0) nginx: worker process
(nobody,265776,251984,0.0) nginx: worker process
(nobody,265392,251600,0.0) nginx: worker process
(nobody,265392,251076,0.0) nginx: worker process
(nobody,265392,249636,0.0) nginx: worker process
(nobody,265392,249648,0.0) nginx: worker process
(nobody,265392,249648,0.0) nginx: worker process
(nobody,265392,247096,0.0) nginx: worker process
(nobody,265392,247096,0.0) nginx: worker process
(nobody,265392,247096,0.0) nginx: worker process
(nobody,265392,247096,0.0) nginx: worker process
(nobody,265392,247096,0.0) nginx: worker process
(nobody,265392,247096,0.0) nginx: worker process
(nobody,265392,247096,0.0) nginx: worker process
(nobody,265392,247096,0.0) nginx: worker process
(nobody,265392,246052,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/1:0-cgroup_destroy]
(nobody,258552,161400,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/9:0-events]
(nobody,260624,190264,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/0:2-cgroup_destroy]
(nobody,480356,331320,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/13:0-events]
(root,0,0,0.0) [kworker/8:2-events]
(root,0,0,0.0) [kworker/15:0-cgroup_destroy]
(root,0,0,0.0) [kworker/9:2-cgroup_destroy]
(root,0,0,0.0) [kworker/11:2-events]
(root,0,0,0.0) [kworker/10:0-cgroup_destroy]
(root,0,0,0.0) [kworker/4:0-events]
(proxy,6176,2124,0.0) (pinger)
(root,0,0,0.0) [kworker/3:2-events]
(root,0,0,0.0) [kworker/0:1-events]
(root,0,0,0.0) [kworker/12:1-cgroup_destroy]
(root,0,0,0.0) [kworker/8:0-cgroup_destroy]
(root,0,0,0.0) [kworker/14:2-events]
(root,0,0,0.0) [kworker/2:3]
(root,0,0,0.0) [kworker/u32:0-flush-253:0]
(root,0,0,0.0) [kworker/u32:2-flush-253:0]
(root,0,0,0.0) [kworker/u32:4-flush-253:0]
(root,0,0,0.0) [kworker/u32:5-flush-8:0]
(root,0,0,0.0) [kworker/6:1-events]
(root,0,0,0.0) [kworker/u32:3-flush-253:0]
(root,0,0,0.0) [kworker/u32:6-flush-253:0]
(root,0,0,0.0) [kworker/10:1-cgroup_destroy]
(root,0,0,0.0) [kworker/10:2]
(root,0,0,0.0) [kworker/u32:1-writeback]
(root,0,0,0.0) [kworker/u32:7-events_power_efficient]
(root,15432,8964,0.0) sshd: [accepted]
(root,15432,9092,0.0) sshd: [accepted]
(root,15432,8952,0.0) sshd: [accepted]
(root,15432,8864,0.0) sshd: [accepted]
(root,15432,8888,0.0) sshd: [accepted]
(root,15432,8792,0.0) sshd: [accepted]
(root,16440,10020,1.2) sshd: root [priv]
(root,16440,10132,1.2) sshd: root [priv]
(sshd,15432,5608,0.0) sshd: root [net]
(sshd,15432,5400,0.0) sshd: root [net]
(root,16440,10140,1.5) sshd: root [priv]
(sshd,15432,5484,0.0) sshd: root [net]
(root,16440,10104,2.0) sshd: root [priv]
(sshd,15432,5596,0.0) sshd: root [net]
(root,16912,10300,0.5) sshd: unknown [priv]
(sshd,15432,5512,0.0) sshd: unknown [net]
(root,16912,10104,1.0) sshd: unknown [priv]
(sshd,15432,5552,0.0) sshd: unknown [net]
(root,16912,10452,0.0) sshd: unknown [priv]
(sshd,15432,5480,0.0) sshd: unknown [net]
(root,15432,8956,0.0) sshd: [accepted]
(root,15432,8956,0.0) sshd: [accepted]
(sshd,15432,5536,0.0) sshd: [net]
(root,15432,9108,0.0) sshd: [accepted]
(sshd,15432,5508,0.0) sshd: [net]
(root,7372,3780,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1584,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1088,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,259476,164768,0.0) nginx: cache manager process
(nobody,263792,218936,0.0) nginx: cache manager process
(nobody,477800,304248,0.0) nginx: cache manager process
(proxy,6068,1536,0.0) (logfile-daemon) /var/log/squid/access.log
(nobody,259476,162288,0.0) nginx: cache manager process
(nobody,480312,334004,0.0) nginx: cache manager process
(nobody,258716,161652,0.0) nginx: cache manager process
(nobody,488188,399188,0.0) nginx: cache manager process
(nobody,486828,398312,0.0) nginx: cache manager process
(nobody,259476,162188,0.0) nginx: cache manager process
(nobody,259704,171476,0.0) nginx: cache manager process
(nobody,260792,205288,0.0) nginx: cache manager process
(nobody,259476,165512,0.0) nginx: cache manager process
(nobody,477948,304372,0.0) nginx: cache manager process
(nobody,263792,232200,0.0) nginx: cache manager process
(nobody,258548,161456,0.0) nginx: cache manager process

Found on 2024-12-01 23:13

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca9d1577a6

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315568,13596,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,3832,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,10608,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,6872,0.0) /lib/systemd/systemd-logind
(root,7824,1652,0.0) /bin/login -p --
(root,109760,10356,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(nobody,259476,171400,0.0) nginx: cache manager process
(infra.mg,17176,6292,0.0) /lib/systemd/systemd --user
(infra.mg,169944,1984,0.0) (sd-pam)
(infra.mg,2892,752,0.0) -sh
(root,11512,1940,0.0) sudo su -
(root,11512,824,0.0) sudo su -
(root,10232,1060,0.0) su -
(root,8796,2112,0.0) -bash
(nobody,482400,402620,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/6:1-events]
(nobody,259476,166992,0.0) nginx: cache manager process
(nobody,263792,240720,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/9:3-events]
(custadm+,17172,8556,0.0) /lib/systemd/systemd --user
(custadm+,318416,4248,0.0) (sd-pam)
(root,0,0,0.0) [kworker/9:1-cgwb_release]
(nobody,260628,189396,0.0) nginx: cache manager process
(nobody,486528,427012,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/11:0-events]
(root,0,0,0.0) [kworker/14:1-events]
(root,0,0,0.0) [kworker/13:2-mm_percpu_wq]
(root,2356612,27488,0.0) /usr/lib/snapd/snapd
(nobody,259476,172632,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/8:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/7:1-cgroup_destroy]
(root,0,0,0.0) [kworker/12:1-events]
(root,0,0,0.0) [kworker/4:0-events]
(nobody,259476,167688,0.0) nginx: cache manager process
(root,265084,243020,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,265792,251156,1.4) nginx: worker process
(nobody,265520,250676,0.1) nginx: worker process
(nobody,265392,250624,0.0) nginx: worker process
(nobody,265392,250624,0.0) nginx: worker process
(nobody,265392,249556,0.0) nginx: worker process
(nobody,265392,249828,0.0) nginx: worker process
(nobody,265392,245828,0.0) nginx: worker process
(nobody,265392,245860,0.0) nginx: worker process
(nobody,265392,245900,0.0) nginx: worker process
(nobody,265392,245900,0.0) nginx: worker process
(nobody,265392,245900,0.0) nginx: worker process
(nobody,265392,245900,0.0) nginx: worker process
(nobody,265392,245900,0.0) nginx: worker process
(nobody,265392,245900,0.0) nginx: worker process
(nobody,265392,245900,0.0) nginx: worker process
(nobody,265392,245900,0.0) nginx: worker process
(nobody,265392,244856,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/14:0-cgroup_destroy]
(root,0,0,0.0) [kworker/10:2-events]
(nobody,260628,188992,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/12:2-cgroup_destroy]
(nobody,263792,224200,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/4:1-cgroup_destroy]
(root,0,0,0.0) [kworker/15:2-cgroup_destroy]
(root,0,0,0.0) [kworker/13:1-cgroup_destroy]
(root,0,0,0.0) [kworker/8:2-cgroup_destroy]
(nobody,258552,166132,0.0) nginx: cache manager process
(nobody,259476,173628,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/6:2-events]
(root,0,0,0.0) [kworker/11:1]
(proxy,6176,2196,0.0) (pinger)
(root,0,0,0.0) [kworker/3:0-cgroup_destroy]
(root,0,0,0.0) [kworker/1:1-events]
(root,0,0,0.0) [kworker/10:1-cgroup_destroy]
(root,0,0,0.0) [kworker/0:2-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:2-flush-253:0]
(root,0,0,0.0) [kworker/2:1-events]
(root,0,0,0.0) [kworker/1:0]
(root,0,0,0.0) [kworker/3:1-events]
(root,0,0,0.0) [kworker/5:0-events]
(root,0,0,0.0) [kworker/5:3-events]
(root,0,0,0.0) [kworker/u32:4-flush-8:0]
(root,0,0,0.0) [kworker/u32:5-flush-8:0]
(root,0,0,0.0) [kworker/0:1-events]
(root,0,0,0.0) [kworker/u32:3-flush-253:0]
(root,0,0,0.0) [kworker/u32:7-events_power_efficient]
(root,0,0,0.0) [kworker/7:2-events]
(root,0,0,0.0) [kworker/u32:1-flush-253:0]
(root,0,0,0.0) [kworker/u32:0-events_unbound]
(root,0,0,0.0) [kworker/13:0-cgroup_destroy]
(root,0,0,0.0) [kworker/13:3]
(root,15432,8900,0.0) sshd: [accepted]
(sshd,15432,5480,0.0) sshd: [net]
(root,15432,8760,0.0) sshd: [accepted]
(root,15432,8876,0.0) sshd: [accepted]
(root,15432,8756,0.0) sshd: [accepted]
(sshd,15432,5448,0.0) sshd: [net]
(root,16912,10460,0.3) sshd: unknown [priv]
(sshd,15432,5352,0.0) sshd: unknown [net]
(root,16440,9892,1.6) sshd: root [priv]
(sshd,15432,5352,0.0) sshd: root [net]
(root,16912,10220,0.0) sshd: unknown [priv]
(sshd,15432,5592,0.0) sshd: unknown [net]
(root,16912,10512,0.0) sshd: unknown [priv]
(sshd,15432,5452,0.0) sshd: unknown [net]
(root,16912,10100,0.0) sshd: unknown [priv]
(sshd,15432,5488,0.0) sshd: unknown [net]
(root,16440,9840,5.0) sshd: root [priv]
(sshd,15432,5544,0.0) sshd: root [net]
(root,15432,8916,0.0) sshd: [accepted]
(sshd,15432,5524,0.0) sshd: [net]
(root,16912,10268,0.0) sshd: unknown [priv]
(sshd,15432,5564,0.0) sshd: unknown [net]
(root,15432,9120,0.0) sshd: [accepted]
(root,15432,8840,0.0) sshd: [accepted]
(root,15432,8780,0.0) sshd: [accepted]
(sshd,15432,5544,0.0) sshd: [net]
(sshd,15432,5572,0.0) sshd: [net]
(sshd,15432,5488,0.0) sshd: [net]
(root,15432,8932,0.0) sshd: [accepted]
(sshd,15432,5480,0.0) sshd: [net]
(root,15432,8908,0.0) sshd: [accepted]
(sshd,15432,5548,0.0) sshd: [net]
(root,15432,8896,0.0) sshd: [accepted]
(sshd,15432,5580,0.0) sshd: [net]
(root,15432,9068,0.0) sshd: [accepted]
(sshd,15432,5536,0.0) sshd: [net]
(root,4364,3216,0.0) bash
(root,16748,4952,0.0) ipmitool sensor list
(root,3472,1604,0.0) grep -v command failed
(root,3688,1088,0.0) sed -e s/ *| */|/g -e s/ /_/g -e s/_*$// -e s/|/ /g
(root,3472,1652,0.0) grep -E -v ^[^ ]+ na 
(root,3472,1720,0.0) grep -v  discrete 
(root,15432,9040,0.0) sshd: [accepted]
(sshd,15432,5508,0.0) sshd: [net]
(root,15432,8964,0.0) sshd: [accepted]
(sshd,15432,5412,0.0) sshd: [net]
(root,15432,8884,0.0) sshd: [accepted]
(sshd,15432,5484,0.0) sshd: [net]
(root,15432,8988,0.0) sshd: [accepted]
(sshd,15432,5532,0.0) sshd: [net]
(root,15432,8880,0.0) sshd: [accepted]
(sshd,15432,5504,0.0) sshd: [net]
(root,15432,8820,0.0) sshd: [accepted]
(sshd,15432,5516,0.0) sshd: [net]
(root,7372,3712,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1596,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1092,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3664,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,6720,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,171672,76676,0.2) /lib/systemd/systemd-journald
(root,11440,1884,0.0) /sbin/auditd
(root,295608,11012,0.0) /usr/libexec/packagekitd
(root,239612,5732,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5100,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2380,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5452,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9908,0.0) /usr/libexec/udisks2/udisksd
(root,12088,5828,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,4536,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,6480,0.0) /usr/sbin/ModemManager
(root,14032,8504,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8120,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12592,0.0) /lib/systemd/systemd-resolved
(root,15436,7260,0.1) sshd: /usr/sbin/sshd -D [listener] 25 of 4-100 startups
(root,210344,16196,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,8208,0.0) /usr/sbin/squid --foreground -sYC
(nobody,480048,322232,0.0) nginx: cache manager process
(root,405440,30724,0.7) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(nobody,260628,193472,0.0) nginx: cache manager process
(nobody,263792,223784,0.0) nginx: cache manager process
(nobody,258552,166064,0.0) nginx: cache manager process
(nobody,259476,169328,0.0) nginx: cache manager process
(proxy,84300,35784,0.0) (squid-1) --kid squid-1 --foreground -sYC
(nobody,258552,166060,0.0) nginx: cache manager process
(nobody,260624,196168,0.0) nginx: cache manager process
(nobody,480356,341544,0.0) nginx: cache manager process
(nobody,259476,169472,0.0) nginx: cache manager process
(nobody,263792,225444,0.0) nginx: cache manager process
(nobody,477800,313724,0.0) nginx: cache manager process
(proxy,6068,1548,0.0) (logfile-daemon) /var/log/squid/access.log
(nobody,259476,166968,0.0) nginx: cache manager process
(nobody,480312,344320,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/2:3-events]
(nobody,258716,166308,0.0) nginx: cache manager process
(nobody,488188,411508,0.0) nginx: cache manager process
(nobody,486828,410452,0.0) nginx: cache manager process
(nobody,259476,166864,0.0) nginx: cache manager process
(nobody,259704,176256,0.0) nginx: cache manager process
(nobody,260792,211532,0.0) nginx: cache manager process
(nobody,259476,170228,0.0) nginx: cache manager process
(nobody,477948,314052,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/15:1-events]
(nobody,263792,239548,0.0) nginx: cache manager process
(nobody,258548,166112,0.0) nginx: cache manager process

Found on 2024-11-29 23:32

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca456e435c

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315544,13576,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,3904,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,8904,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,6912,0.0) /lib/systemd/systemd-logind
(root,7824,1796,0.0) /bin/login -p --
(root,109760,10728,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(nobody,259476,174172,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/1:0-events]
(proxy,6176,2152,0.0) (pinger)
(root,0,0,0.0) [kworker/9:0-events]
(root,0,0,0.0) [kworker/15:2]
(root,0,0,0.0) [kworker/14:0-events]
(infra.mg,17176,6404,0.0) /lib/systemd/systemd --user
(infra.mg,169944,1984,0.0) (sd-pam)
(infra.mg,2892,892,0.0) -sh
(root,11512,2084,0.0) sudo su -
(root,11512,824,0.0) sudo su -
(root,10232,1204,0.0) su -
(root,8796,2228,0.0) -bash
(nobody,482400,409240,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/u32:0-flush-253:0]
(root,0,0,0.0) [kworker/5:2-events]
(root,0,0,0.0) [kworker/6:1-events]
(root,0,0,0.0) [kworker/0:2-events]
(root,0,0,0.0) [kworker/8:0-events]
(root,0,0,0.0) [kworker/14:1-cgroup_destroy]
(root,0,0,0.0) [kworker/7:2]
(root,0,0,0.0) [kworker/4:0-events]
(root,0,0,0.0) [kworker/u32:1-flush-253:0]
(root,0,0,0.0) [kworker/u32:4-events_power_efficient]
(root,0,0,0.0) [kworker/u32:6-flush-253:0]
(root,0,0,0.0) [kworker/u32:5-flush-253:0]
(root,0,0,0.0) [kworker/9:1]
(root,440916,82848,0.0) /usr/libexec/fwupd/fwupd
(root,0,0,0.0) [kworker/10:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/12:2]
(root,0,0,0.0) [kworker/u32:2-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/10:2]
(root,0,0,0.0) [kworker/u32:7-writeback]
(root,0,0,0.0) [kworker/u32:3-flush-8:0]
(root,15432,8968,0.0) sshd: [accepted]
(root,15432,8868,0.0) sshd: [accepted]
(sshd,15432,5564,0.0) sshd: [net]
(root,15432,8832,0.0) sshd: [accepted]
(root,0,0,0.0) [kworker/11:2-cgroup_destroy]
(root,0,0,0.0) [kworker/11:3]
(root,15432,8872,0.0) sshd: [accepted]
(root,15432,9068,0.0) sshd: [accepted]
(root,15432,8956,0.0) sshd: [accepted]
(sshd,15432,5540,0.0) sshd: [net]
(root,15432,8792,0.0) sshd: [accepted]
(sshd,15432,5468,0.0) sshd: [net]
(root,15432,8916,0.0) sshd: [accepted]
(root,15432,8812,0.0) sshd: [accepted]
(root,15432,9124,0.0) sshd: [accepted]
(root,15432,8760,0.0) sshd: [accepted]
(root,16440,10040,0.7) sshd: root [priv]
(root,16912,10268,0.1) sshd: unknown [priv]
(sshd,15432,5444,0.0) sshd: root [net]
(root,15432,8848,0.0) sshd: [accepted]
(sshd,15432,5532,0.0) sshd: unknown [net]
(root,16912,10456,0.0) sshd: unknown [priv]
(root,16912,10300,0.1) sshd: unknown [priv]
(root,16912,10408,0.0) sshd: unknown [priv]
(sshd,15432,5596,0.0) sshd: unknown [net]
(sshd,15432,5484,0.0) sshd: unknown [net]
(sshd,15432,5636,0.0) sshd: unknown [net]
(root,16440,10040,1.0) sshd: root [priv]
(sshd,15432,5592,0.0) sshd: root [net]
(root,16440,10140,1.0) sshd: root [priv]
(sshd,15432,5496,0.0) sshd: root [net]
(root,32852,11596,1.3) sshd: root [priv]
(sshd,15432,5528,0.0) sshd: root [net]
(root,16440,10352,0.5) sshd: root [priv]
(sshd,15432,5468,0.0) sshd: root [net]
(root,16440,10140,1.1) sshd: root [priv]
(sshd,15432,5552,0.0) sshd: root [net]
(root,16440,10040,1.1) sshd: root [priv]
(sshd,15432,5468,0.0) sshd: root [net]
(root,16312,9764,0.1) sshd: root [priv]
(sshd,15432,5400,0.0) sshd: root [net]
(root,16440,10076,0.8) sshd: root [priv]
(sshd,15432,5472,0.0) sshd: root [net]
(root,16440,9972,0.8) sshd: root [priv]
(sshd,15432,5580,0.0) sshd: root [net]
(root,16440,9976,1.1) sshd: root [priv]
(sshd,15432,5464,0.0) sshd: root [net]
(root,16440,9944,1.1) sshd: root [priv]
(sshd,15432,5480,0.0) sshd: root [net]
(root,15432,8920,0.0) sshd: [accepted]
(root,16440,10140,1.1) sshd: root [priv]
(sshd,15432,5484,0.0) sshd: root [net]
(root,15432,8996,0.0) sshd: [accepted]
(sshd,15432,5428,0.0) sshd: [net]
(root,16312,9944,0.2) sshd: root [priv]
(sshd,15432,5460,0.0) sshd: root [net]
(root,16440,10072,1.4) sshd: root [priv]
(sshd,15432,5632,0.0) sshd: root [net]
(root,16440,10060,1.0) sshd: root [priv]
(sshd,15432,5408,0.0) sshd: root [net]
(root,16440,9976,0.8) sshd: root [priv]
(root,15432,8972,0.0) sshd: [accepted]
(root,16912,10188,0.0) sshd: unknown [priv]
(sshd,15432,5368,0.0) sshd: unknown [net]
(root,16440,9968,1.4) sshd: root [priv]
(sshd,15432,5560,0.0) sshd: root [net]
(root,15432,8932,0.0) sshd: [accepted]
(root,16312,9732,0.0) sshd: root [priv]
(sshd,15432,5484,0.0) sshd: root [net]
(root,16440,10008,1.7) sshd: root [priv]
(sshd,15432,5520,0.0) sshd: root [net]
(root,16752,10292,0.2) sshd: unknown [priv]
(root,15432,9016,0.0) sshd: [accepted]
(root,16440,10360,1.7) sshd: root [priv]
(sshd,15432,5532,0.0) sshd: root [net]
(root,16912,10268,0.0) sshd: unknown [priv]
(sshd,15432,5600,0.0) sshd: unknown [net]
(root,15432,8932,0.0) sshd: [accepted]
(sshd,15432,5508,0.0) sshd: [net]
(sshd,15432,5452,0.0) sshd: [net]
(sshd,15432,5548,0.0) sshd: root [net]
(sshd,15432,5552,0.0) sshd: [net]
(sshd,15432,5440,0.0) sshd: unknown [net]
(root,16440,9920,1.6) sshd: root [priv]
(sshd,15432,5436,0.0) sshd: root [net]
(sshd,15432,5400,0.0) sshd: [net]
(root,16440,10228,1.5) sshd: root [priv]
(sshd,15432,5400,0.0) sshd: root [net]
(root,15432,8868,0.5) sshd: [accepted]
(sshd,15432,5516,0.0) sshd: [net]
(root,16912,10276,1.0) sshd: unknown [priv]
(sshd,15432,5596,0.0) sshd: unknown [net]
(sshd,15432,5564,0.0) sshd: [net]
(root,16752,10228,0.0) sshd: unknown [priv]
(sshd,15432,5404,0.0) sshd: unknown [net]
(root,15432,8940,0.0) sshd: [accepted]
(root,7372,3744,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1568,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1164,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,259476,169744,0.0) nginx: cache manager process
(custadm+,17172,8536,0.0) /lib/systemd/systemd --user
(custadm+,318416,4248,0.0) (sd-pam)
(nobody,260628,192928,0.0) nginx: cache manager process
(nobody,486528,435292,0.0) nginx: cache manager process
(nobody,259476,175400,0.0) nginx: cache manager process
(nobody,259476,170448,0.0) nginx: cache manager process
(nobody,260628,192508,0.0) nginx: cache manager process
(nobody,263792,228116,0.0) nginx: cache manager process
(nobody,258552,168876,0.0) nginx: cache manager process
(nobody,259476,176464,0.0) nginx: cache manager process
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3664,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,6720,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,130684,63712,0.2) /lib/systemd/systemd-journald
(root,11440,1888,0.0) /sbin/auditd
(root,295608,11028,0.0) /usr/libexec/packagekitd
(root,239612,5808,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5148,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2380,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5452,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9800,0.0) /usr/libexec/udisks2/udisksd
(root,12088,5828,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,4608,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,3400,0.0) /usr/sbin/ModemManager
(root,11800,6588,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8132,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12600,0.0) /lib/systemd/systemd-resolved
(root,15436,7268,0.1) sshd: /usr/sbin/sshd -D [listener] 52 of 4-100 startups
(root,210344,16280,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,8208,0.0) /usr/sbin/squid --foreground -sYC
(nobody,480048,328356,0.0) nginx: cache manager process
(root,405440,31492,0.7) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(nobody,260628,197068,0.0) nginx: cache manager process
(nobody,263792,227692,0.0) nginx: cache manager process
(nobody,258552,168804,0.0) nginx: cache manager process
(nobody,259476,172092,0.0) nginx: cache manager process
(proxy,84300,35788,0.0) (squid-1) --kid squid-1 --foreground -sYC
(nobody,258552,168800,0.0) nginx: cache manager process
(root,2355860,25960,0.0) /usr/lib/snapd/snapd
(nobody,260624,199760,0.0) nginx: cache manager process
(nobody,480356,347840,0.0) nginx: cache manager process
(nobody,259476,172232,0.0) nginx: cache manager process
(nobody,263792,229368,0.0) nginx: cache manager process
(nobody,477800,319580,0.0) nginx: cache manager process
(proxy,6068,1608,0.0) (logfile-daemon) /var/log/squid/access.log
(nobody,259476,169724,0.0) nginx: cache manager process
(nobody,480312,347232,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/13:0-events]
(root,0,0,0.0) [kworker/0:1-events]
(root,0,0,0.0) [kworker/2:3-events]
(nobody,258716,169036,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/12:0-events]
(root,0,0,0.0) [kworker/3:1-mm_percpu_wq]
(nobody,488188,419620,0.0) nginx: cache manager process
(nobody,486828,418344,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/4:1-events]
(nobody,259476,169620,0.0) nginx: cache manager process
(nobody,259704,179092,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/1:2-events]
(root,0,0,0.0) [kworker/7:0-events]
(nobody,260792,215316,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/8:1-events]
(nobody,259476,173000,0.0) nginx: cache manager process
(nobody,477948,319952,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/15:1-events]
(root,0,0,0.0) [kworker/5:1-events]
(root,263484,242412,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,264196,250240,1.3) nginx: worker process
(nobody,264180,250492,0.1) nginx: worker process
(nobody,264088,250244,0.0) nginx: worker process
(nobody,263792,249944,0.0) nginx: worker process
(nobody,263792,249944,0.0) nginx: worker process
(nobody,263792,249048,0.0) nginx: worker process
(nobody,263792,249856,0.0) nginx: worker process
(nobody,263792,245232,0.0) nginx: worker process
(nobody,263792,245232,0.0) nginx: worker process
(nobody,263792,245232,0.0) nginx: worker process
(nobody,263792,245232,0.0) nginx: worker process
(nobody,263792,245232,0.0) nginx: worker process
(nobody,263792,245232,0.0) nginx: worker process
(nobody,263792,245232,0.0) nginx: worker process
(nobody,263792,245232,0.0) nginx: worker process
(nobody,263792,245232,0.0) nginx: worker process
(nobody,263792,244212,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/11:0-cgroup_destroy]
(root,0,0,0.0) [kworker/13:1]
(root,0,0,0.0) [kworker/6:2-cgwb_release]
(root,0,0,0.0) [kworker/11:1-events]
(root,0,0,0.0) [kworker/3:0-cgroup_destroy]
(root,0,0,0.0) [kworker/2:1-cgroup_destroy]
(nobody,258548,168848,0.0) nginx: cache manager process

Found on 2024-11-27 23:51

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320cad943c222

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315568,13548,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,3912,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,9304,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,7016,0.0) /lib/systemd/systemd-logind
(root,7824,1852,0.0) /bin/login -p --
(root,109760,11204,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(nobody,259476,183388,0.0) nginx: cache manager process
(infra.mg,17176,6464,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2132,0.0) (sd-pam)
(infra.mg,2892,896,0.0) -sh
(root,11512,2112,0.0) sudo su -
(root,11512,852,0.0) sudo su -
(root,10232,1248,0.0) su -
(root,8796,2364,0.0) -bash
(nobody,482400,433868,0.0) nginx: cache manager process
(nobody,259476,178864,0.0) nginx: cache manager process
(custadm+,17172,8600,0.0) /lib/systemd/systemd --user
(custadm+,318416,4816,0.0) (sd-pam)
(nobody,260628,204212,0.0) nginx: cache manager process
(nobody,486528,461332,0.0) nginx: cache manager process
(nobody,259476,185004,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/15:2-mm_percpu_wq]
(nobody,259476,179552,0.0) nginx: cache manager process
(nobody,260628,203668,0.0) nginx: cache manager process
(nobody,263792,241648,0.0) nginx: cache manager process
(nobody,258552,177972,0.0) nginx: cache manager process
(nobody,259476,186916,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/6:2-events]
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3664,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,6720,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,196000,117572,0.2) /lib/systemd/systemd-journald
(root,11440,1908,0.0) /sbin/auditd
(root,295608,11084,0.0) /usr/libexec/packagekitd
(root,239612,5904,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5116,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2384,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5508,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9548,0.0) /usr/libexec/udisks2/udisksd
(root,12088,5880,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,4712,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,3928,0.0) /usr/sbin/ModemManager
(root,11800,6452,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8164,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12660,0.0) /lib/systemd/systemd-resolved
(root,15436,7256,0.1) sshd: /usr/sbin/sshd -D [listener] 37 of 4-100 startups
(root,210344,16676,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,8328,0.0) /usr/sbin/squid --foreground -sYC
(nobody,480048,347548,0.0) nginx: cache manager process
(root,405440,31752,0.7) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(root,0,0,0.0) [kworker/10:0-events]
(nobody,260628,208464,0.0) nginx: cache manager process
(nobody,263792,241196,0.0) nginx: cache manager process
(nobody,258552,177912,0.0) nginx: cache manager process
(nobody,259476,181276,0.0) nginx: cache manager process
(proxy,84300,35900,0.0) (squid-1) --kid squid-1 --foreground -sYC
(root,0,0,0.0) [kworker/8:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/4:3-events]
(root,0,0,0.0) [kworker/0:0-cgroup_destroy]
(nobody,258552,177900,0.0) nginx: cache manager process
(root,2355860,27160,0.0) /usr/lib/snapd/snapd
(nobody,260624,211252,0.0) nginx: cache manager process
(nobody,480356,368556,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/12:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/11:0-mm_percpu_wq]
(nobody,259476,181388,0.0) nginx: cache manager process
(root,263484,240932,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,264008,248740,1.7) nginx: worker process
(nobody,264192,249004,0.2) nginx: worker process
(nobody,263792,248656,0.0) nginx: worker process
(nobody,263792,248652,0.0) nginx: worker process
(nobody,263792,247244,0.0) nginx: worker process
(nobody,263792,248596,0.0) nginx: worker process
(nobody,263792,247296,0.0) nginx: worker process
(nobody,263792,246864,0.0) nginx: worker process
(nobody,263792,243988,0.0) nginx: worker process
(nobody,263792,243988,0.0) nginx: worker process
(nobody,263792,243988,0.0) nginx: worker process
(nobody,263792,243988,0.0) nginx: worker process
(nobody,263792,243988,0.0) nginx: worker process
(nobody,263792,243988,0.0) nginx: worker process
(nobody,263792,243988,0.0) nginx: worker process
(nobody,263792,243988,0.0) nginx: worker process
(nobody,263792,242948,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/9:3-mm_percpu_wq]
(root,0,0,0.0) [kworker/3:0-events]
(nobody,477800,338248,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/14:1-cgroup_destroy]
(root,0,0,0.0) [kworker/1:1-events]
(root,0,0,0.0) [kworker/7:1-events]
(root,0,0,0.0) [kworker/10:1-cgroup_destroy]
(proxy,6068,1624,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/11:1-cgroup_destroy]
(root,0,0,0.0) [kworker/8:1-cgroup_destroy]
(root,0,0,0.0) [kworker/5:1-mm_percpu_wq]
(nobody,259476,178860,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/7:2-cgroup_destroy]
(root,0,0,0.0) [kworker/2:0-events]
(root,0,0,0.0) [kworker/4:0-cgroup_destroy]
(nobody,480312,367952,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/6:0-cgroup_destroy]
(root,0,0,0.0) [kworker/9:1-cgroup_destroy]
(root,0,0,0.0) [kworker/13:2-cgroup_destroy]
(proxy,6176,1856,0.0) (pinger)
(root,0,0,0.0) [kworker/15:3-cgroup_destroy]
(root,0,0,0.0) [kworker/13:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/0:1-events]
(root,0,0,0.0) [kworker/5:2-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:7-flush-253:0]
(root,0,0,0.0) [kworker/3:2-events]
(root,0,0,0.0) [kworker/14:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/2:3-mm_percpu_wq]
(nobody,258716,178148,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/u32:0-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/12:0]
(root,0,0,0.0) [kworker/u32:4-flush-253:0]
(root,0,0,0.0) [kworker/1:2]
(root,0,0,0.0) [kworker/u32:3-flush-253:0]
(root,0,0,0.0) [kworker/u32:5-flush-8:0]
(root,0,0,0.0) [kworker/u32:1-flush-253:0]
(root,15432,8900,0.0) sshd: [accepted]
(root,15432,8860,0.0) sshd: [accepted]
(root,15432,9064,0.0) sshd: [accepted]
(sshd,15432,5376,0.0) sshd: [net]
(root,15432,9044,0.0) sshd: [accepted]
(root,16440,10028,1.1) sshd: root [priv]
(sshd,15432,5488,0.0) sshd: root [net]
(root,16440,10408,1.3) sshd: root [priv]
(sshd,15432,5624,0.0) sshd: root [net]
(root,16440,10324,1.2) sshd: root [priv]
(sshd,15432,5484,0.0) sshd: root [net]
(root,16440,10104,1.0) sshd: root [priv]
(sshd,15432,5404,0.0) sshd: root [net]
(root,16440,10184,1.2) sshd: root [priv]
(sshd,15432,5504,0.0) sshd: root [net]
(root,16440,10180,1.3) sshd: root [priv]
(sshd,15432,5328,0.0) sshd: root [net]
(root,16440,10196,1.3) sshd: root [priv]
(sshd,15432,5516,0.0) sshd: root [net]
(root,16440,10352,1.5) sshd: root [priv]
(sshd,15432,5556,0.0) sshd: root [net]
(root,16440,10204,1.4) sshd: root [priv]
(sshd,15432,5528,0.0) sshd: root [net]
(root,16440,10236,1.5) sshd: root [priv]
(sshd,15432,5528,0.0) sshd: root [net]
(root,16440,10272,1.2) sshd: root [priv]
(sshd,15432,5384,0.0) sshd: root [net]
(root,16440,10100,1.3) sshd: root [priv]
(sshd,15432,5328,0.0) sshd: root [net]
(root,16440,10300,1.2) sshd: root [priv]
(sshd,15432,5452,0.0) sshd: root [net]
(root,16440,10048,1.2) sshd: root [priv]
(sshd,15432,5436,0.0) sshd: root [net]
(root,16440,10320,1.4) sshd: root [priv]
(sshd,15432,5540,0.0) sshd: root [net]
(root,16440,10124,1.4) sshd: root [priv]
(sshd,15432,5472,0.0) sshd: root [net]
(root,16440,10124,1.0) sshd: root [priv]
(sshd,15432,5628,0.0) sshd: root [net]
(root,16440,10108,1.3) sshd: root [priv]
(sshd,15432,5480,0.0) sshd: root [net]
(root,16440,10008,1.3) sshd: root [priv]
(root,16440,10024,1.7) sshd: root [priv]
(sshd,15432,5472,0.0) sshd: root [net]
(root,16440,10056,1.4) sshd: root [priv]
(sshd,15432,5336,0.0) sshd: root [net]
(root,16440,10324,1.2) sshd: root [priv]
(sshd,15432,5512,0.0) sshd: root [net]
(sshd,15432,5428,0.0) sshd: root [net]
(root,15432,8904,0.0) sshd: [accepted]
(root,16440,10104,1.3) sshd: root [priv]
(sshd,15432,5584,0.0) sshd: root [net]
(root,16440,10168,0.8) sshd: root [priv]
(sshd,15432,5576,0.0) sshd: root [net]
(root,16912,10244,0.0) sshd: unknown [priv]
(sshd,15432,5428,0.0) sshd: unknown [net]
(root,16912,10088,0.2) sshd: unknown [priv]
(sshd,15432,5512,0.0) sshd: unknown [net]
(root,16912,10112,0.3) sshd: unknown [priv]
(sshd,15432,5560,0.0) sshd: unknown [net]
(root,16440,9940,3.0) sshd: root [priv]
(sshd,15432,5336,0.0) sshd: root [net]
(root,15432,8940,0.0) sshd: [accepted]
(root,16440,9980,2.0) sshd: root [priv]
(sshd,15432,5568,0.0) sshd: root [net]
(root,15432,9020,0.0) sshd: [accepted]
(sshd,15432,5444,0.0) sshd: [net]
(root,15432,8792,0.0) sshd: [accepted]
(root,7372,3736,0.0) /bin/bash /usr/bin/check_mk_agent
(sshd,15432,5424,0.0) sshd: [net]
(root,7064,1608,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1100,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,486828,442812,0.0) nginx: cache manager process
(nobody,259476,178764,0.0) nginx: cache manager process
(nobody,259704,189476,0.0) nginx: cache manager process
(nobody,260792,227496,0.0) nginx: cache manager process
(nobody,259476,182196,0.0) nginx: cache manager process
(nobody,477948,338824,0.0) nginx: cache manager process
(nobody,258548,177996,0.0) nginx: cache manager process

Found on 2024-11-26 00:15

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca6ca6fb6b

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315568,13548,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,3912,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,9304,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,7056,0.0) /lib/systemd/systemd-logind
(root,7824,1852,0.0) /bin/login -p --
(root,109760,11212,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(nobody,259476,185416,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/12:2-mm_percpu_wq]
(infra.mg,17176,6464,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2132,0.0) (sd-pam)
(infra.mg,2892,896,0.0) -sh
(root,11512,2112,0.0) sudo su -
(root,11512,852,0.0) sudo su -
(root,10232,1248,0.0) su -
(root,8796,2368,0.0) -bash
(nobody,482400,438996,0.0) nginx: cache manager process
(nobody,259476,180688,0.0) nginx: cache manager process
(custadm+,17172,8600,0.0) /lib/systemd/systemd --user
(custadm+,318416,4816,0.0) (sd-pam)
(nobody,260628,206468,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/7:1-events]
(proxy,6068,1984,0.0) (logfile-daemon) /var/log/squid/access.log
(nobody,486528,466180,0.0) nginx: cache manager process
(nobody,259476,187152,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/15:2-mm_percpu_wq]
(nobody,259476,181372,0.0) nginx: cache manager process
(nobody,260628,205920,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/14:0-events]
(nobody,263792,244540,0.0) nginx: cache manager process
(nobody,258552,179788,0.0) nginx: cache manager process
(nobody,259476,189068,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/6:2-events]
(root,0,0,0.0) [kworker/3:2-events]
(root,0,0,0.0) [kworker/5:1-events]
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3664,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,6720,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,163436,82544,0.2) /lib/systemd/systemd-journald
(root,11440,1908,0.0) /sbin/auditd
(root,295608,11084,0.0) /usr/libexec/packagekitd
(root,239612,5908,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5116,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2384,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5508,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9552,0.0) /usr/libexec/udisks2/udisksd
(root,12088,5880,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,4716,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,4200,0.0) /usr/sbin/ModemManager
(root,11800,6452,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8164,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12660,0.0) /lib/systemd/systemd-resolved
(root,15436,7268,0.1) sshd: /usr/sbin/sshd -D [listener] 12 of 4-100 startups
(root,210344,16676,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,8328,0.0) /usr/sbin/squid --foreground -sYC
(nobody,480048,351832,0.0) nginx: cache manager process
(root,405440,31756,0.7) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(root,0,0,0.0) [kworker/9:0-events]
(root,0,0,0.0) [kworker/12:0-cgroup_destroy]
(root,0,0,0.0) [kworker/10:0-events]
(root,0,0,0.0) [kworker/13:2-events]
(nobody,260628,210792,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/9:1-cgroup_destroy]
(root,0,0,0.0) [kworker/14:2-cgroup_destroy]
(root,263484,242320,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,264476,250792,1.2) nginx: worker process
(nobody,264176,250520,0.1) nginx: worker process
(nobody,263792,250116,0.0) nginx: worker process
(nobody,263792,250096,0.0) nginx: worker process
(nobody,263792,250096,0.0) nginx: worker process
(nobody,263792,248152,0.0) nginx: worker process
(nobody,263792,245356,0.0) nginx: worker process
(nobody,263792,245356,0.0) nginx: worker process
(nobody,263792,245356,0.0) nginx: worker process
(nobody,263792,245356,0.0) nginx: worker process
(nobody,263792,245356,0.0) nginx: worker process
(nobody,263792,245356,0.0) nginx: worker process
(nobody,263792,245356,0.0) nginx: worker process
(nobody,263792,245356,0.0) nginx: worker process
(nobody,263792,245356,0.0) nginx: worker process
(nobody,263792,245356,0.0) nginx: worker process
(nobody,263792,244320,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/11:0-cgroup_destroy]
(nobody,258552,179736,0.0) nginx: cache manager process
(nobody,259476,183184,0.0) nginx: cache manager process
(proxy,84300,35844,0.0) (squid-1) --kid squid-1 --foreground -sYC
(root,0,0,0.0) [kworker/8:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/4:3-events]
(root,0,0,0.0) [kworker/0:0-events]
(root,0,0,0.0) [kworker/10:1-events]
(root,0,0,0.0) [kworker/4:2-cgroup_destroy]
(root,0,0,0.0) [kworker/7:0]
(root,0,0,0.0) [kworker/5:0-cgroup_destroy]
(root,0,0,0.0) [kworker/1:1-cgroup_destroy]
(proxy,6176,2200,0.0) (pinger)
(root,0,0,0.0) [kworker/2:2-events]
(root,0,0,0.0) [kworker/8:1-cgroup_destroy]
(root,0,0,0.0) [kworker/2:0-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:5-events_power_efficient]
(root,0,0,0.0) [kworker/0:1-cgroup_destroy]
(root,0,0,0.0) [kworker/1:0-events]
(root,0,0,0.0) [kworker/3:0-cgroup_destroy]
(root,0,0,0.0) [kworker/6:0-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:0-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/u32:2-flush-253:0]
(root,0,0,0.0) [kworker/11:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/15:1-cgroup_destroy]
(root,0,0,0.0) [kworker/13:1]
(root,0,0,0.0) [kworker/u32:3-flush-8:0]
(root,0,0,0.0) [kworker/u32:4-flush-253:0]
(root,0,0,0.0) [kworker/u32:6-flush-253:0]
(root,15432,8864,0.0) sshd: [accepted]
(sshd,15432,5408,0.0) sshd: [net]
(root,15432,8996,0.0) sshd: [accepted]
(sshd,15432,5508,0.0) sshd: [net]
(root,16752,10172,0.2) sshd: unknown [priv]
(root,16440,10148,1.7) sshd: root [priv]
(sshd,15432,5592,0.0) sshd: root [net]
(sshd,15432,5544,0.0) sshd: unknown [net]
(root,16912,10240,0.0) sshd: unknown [priv]
(sshd,15432,5476,0.0) sshd: unknown [net]
(root,16912,10112,0.0) sshd: unknown [priv]
(sshd,15432,5376,0.0) sshd: unknown [net]
(root,15432,8996,0.0) sshd: [accepted]
(root,16912,10408,0.5) sshd: unknown [priv]
(sshd,15432,5448,0.0) sshd: unknown [net]
(root,15432,9120,0.0) sshd: [accepted]
(root,15432,8900,0.0) sshd: [accepted]
(root,15432,8844,0.0) sshd: [accepted]
(sshd,15432,5560,0.0) sshd: [net]
(root,15432,8980,0.0) sshd: [accepted]
(sshd,15432,5620,0.0) sshd: [net]
(sshd,15432,5376,0.0) sshd: [net]
(sshd,15432,5364,0.0) sshd: [net]
(sshd,15432,5496,0.0) sshd: [net]
(root,7372,3892,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1568,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1184,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,258552,179708,0.0) nginx: cache manager process
(root,2355860,27156,0.0) /usr/lib/snapd/snapd
(nobody,260624,213580,0.0) nginx: cache manager process
(nobody,480356,372900,0.0) nginx: cache manager process
(nobody,259476,183224,0.0) nginx: cache manager process
(nobody,477800,342100,0.0) nginx: cache manager process
(nobody,259476,180672,0.0) nginx: cache manager process
(nobody,480312,372296,0.0) nginx: cache manager process
(nobody,258716,179956,0.0) nginx: cache manager process
(nobody,486828,447868,0.0) nginx: cache manager process
(nobody,259476,180592,0.0) nginx: cache manager process
(nobody,259704,191620,0.0) nginx: cache manager process
(nobody,260792,229916,0.0) nginx: cache manager process
(nobody,259476,184108,0.0) nginx: cache manager process
(nobody,477948,342664,0.0) nginx: cache manager process
(nobody,258548,179808,0.0) nginx: cache manager process

Found on 2024-11-23 23:19

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca1857d165

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315568,13548,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,3912,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,9304,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,7064,0.0) /lib/systemd/systemd-logind
(root,7824,1852,0.0) /bin/login -p --
(root,109760,11212,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(nobody,259476,185784,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/12:2-events]
(infra.mg,17176,6464,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2132,0.0) (sd-pam)
(infra.mg,2892,896,0.0) -sh
(root,11512,2112,0.0) sudo su -
(root,11512,852,0.0) sudo su -
(root,10232,1248,0.0) su -
(root,8796,2368,0.0) -bash
(nobody,482400,440376,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/8:0-mm_percpu_wq]
(nobody,259476,181084,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/12:0-cgroup_destroy]
(custadm+,17172,8600,0.0) /lib/systemd/systemd --user
(custadm+,318416,4816,0.0) (sd-pam)
(root,0,0,0.0) [kworker/10:0-events]
(nobody,260628,207056,0.0) nginx: cache manager process
(root,486220,470712,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,0.0) [kworker/3:2-cgroup_destroy]
(root,0,0,0.0) [kworker/14:0-cgroup_destroy]
(root,0,0,0.0) [kworker/7:1-events]
(proxy,6068,1984,0.0) (logfile-daemon) /var/log/squid/access.log
(nobody,486528,472084,1.7) nginx: worker process
(nobody,486528,472012,0.2) nginx: worker process
(nobody,486528,471948,0.0) nginx: worker process
(nobody,486528,471892,0.0) nginx: worker process
(nobody,486528,471828,0.0) nginx: worker process
(nobody,486528,470772,0.0) nginx: worker process
(nobody,486528,467484,0.0) nginx: worker process
(nobody,486528,467484,0.0) nginx: worker process
(nobody,486528,467484,0.0) nginx: worker process
(nobody,486528,467484,0.0) nginx: worker process
(nobody,486528,467484,0.0) nginx: worker process
(nobody,486528,467484,0.0) nginx: worker process
(nobody,486528,467484,0.0) nginx: worker process
(nobody,486528,467484,0.0) nginx: worker process
(nobody,486528,467484,0.0) nginx: worker process
(nobody,486528,467484,0.0) nginx: worker process
(nobody,486528,467548,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/2:0-cgroup_destroy]
(root,0,0,0.0) [kworker/10:2-cgroup_destroy]
(root,0,0,0.0) [kworker/13:2-events]
(root,0,0,0.0) [kworker/5:2-events]
(nobody,259476,187484,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/4:0-events]
(root,0,0,0.0) [kworker/0:0-events]
(root,0,0,0.0) [kworker/15:2-events]
(root,0,0,0.0) [kworker/1:3-events]
(root,0,0,0.0) [kworker/4:2-cgroup_destroy]
(nobody,259476,181816,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/0:2-events]
(root,0,0,0.0) [kworker/2:1-events]
(root,0,0,0.0) [kworker/6:1-events]
(proxy,6176,2156,0.0) (pinger)
(root,0,0,0.0) [kworker/5:0-cgroup_destroy]
(root,0,0,0.0) [kworker/7:0-cgwb_release]
(root,0,0,0.0) [kworker/11:1-cgroup_destroy]
(root,0,0,0.0) [kworker/1:0-events]
(root,0,0,0.0) [kworker/9:1-events]
(root,0,0,0.0) [kworker/8:1]
(root,0,0,0.0) [kworker/11:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/u32:0-events_power_efficient]
(root,0,0,0.0) [kworker/6:0-events]
(root,0,0,0.0) [kworker/u32:3-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/15:0]
(root,0,0,0.0) [kworker/u32:1-events_power_efficient]
(root,0,0,0.0) [kworker/u32:4-flush-253:0]
(nobody,260628,206448,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/u32:6-events_unbound]
(root,0,0,0.0) [kworker/9:0]
(root,0,0,0.0) [kworker/7:2-events]
(root,0,0,0.0) [kworker/7:3]
(root,0,0,0.0) [kworker/u32:2-ext4-rsv-conversion]
(root,15432,8884,0.0) sshd: [accepted]
(root,15432,8892,0.0) sshd: [accepted]
(sshd,15432,5432,0.0) sshd: [net]
(root,15432,9060,0.0) sshd: [accepted]
(root,15432,8944,0.0) sshd: [accepted]
(sshd,15432,5504,0.0) sshd: [net]
(root,15432,8948,0.0) sshd: [accepted]
(root,16440,9956,2.2) sshd: root [priv]
(root,16440,10256,1.2) sshd: root [priv]
(sshd,15432,5556,0.0) sshd: root [net]
(root,16912,10160,0.2) sshd: unknown [priv]
(sshd,15432,5448,0.0) sshd: unknown [net]
(sshd,15432,5416,0.0) sshd: root [net]
(root,15432,8796,0.0) sshd: [accepted]
(root,15432,8864,0.0) sshd: [accepted]
(root,15432,8876,0.5) sshd: [accepted]
(root,16912,10112,0.0) sshd: unknown [priv]
(sshd,15432,5400,0.0) sshd: unknown [net]
(root,16912,10148,0.0) sshd: unknown [priv]
(sshd,15432,5448,0.0) sshd: unknown [net]
(sshd,15432,5416,0.0) sshd: [net]
(root,16912,10556,1.0) sshd: unknown [priv]
(sshd,15432,5404,0.0) sshd: unknown [net]
(sshd,15432,5636,0.0) sshd: [net]
(root,15432,8784,0.0) sshd: [accepted]
(root,7372,3772,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1660,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1076,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,258552,180212,0.0) nginx: cache manager process
(nobody,259476,189484,0.0) nginx: cache manager process
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3664,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,6720,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,220660,144392,0.2) /lib/systemd/systemd-journald
(root,11440,1908,0.0) /sbin/auditd
(root,295608,11084,0.0) /usr/libexec/packagekitd
(root,239612,5908,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5124,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2384,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5508,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9560,0.0) /usr/libexec/udisks2/udisksd
(root,12088,5880,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,4716,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,4200,0.0) /usr/sbin/ModemManager
(root,11800,6636,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8164,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12660,0.0) /lib/systemd/systemd-resolved
(root,15436,7268,0.1) sshd: /usr/sbin/sshd -D [listener] 15 of 4-100 startups
(root,210344,16676,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,8332,0.0) /usr/sbin/squid --foreground -sYC
(nobody,480048,352976,0.0) nginx: cache manager process
(root,405440,31756,0.7) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(nobody,260628,211212,0.0) nginx: cache manager process
(nobody,258552,180148,0.0) nginx: cache manager process
(nobody,259476,183576,0.0) nginx: cache manager process
(proxy,84300,35848,0.0) (squid-1) --kid squid-1 --foreground -sYC
(nobody,258552,180120,0.0) nginx: cache manager process
(root,2355860,27072,0.0) /usr/lib/snapd/snapd
(nobody,260624,213956,0.0) nginx: cache manager process
(nobody,480356,374028,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/3:1-events]
(nobody,259476,183652,0.0) nginx: cache manager process
(nobody,477800,343080,0.0) nginx: cache manager process
(nobody,259476,181060,0.0) nginx: cache manager process
(nobody,480312,373296,0.0) nginx: cache manager process
(nobody,258716,180368,0.0) nginx: cache manager process
(nobody,486828,449184,0.0) nginx: cache manager process
(nobody,259476,180992,0.0) nginx: cache manager process
(nobody,259704,192036,0.0) nginx: cache manager process
(nobody,260792,230472,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/14:1-events]
(nobody,259476,184500,0.0) nginx: cache manager process
(nobody,477948,343616,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/13:0-cgroup_destroy]
(nobody,258548,180212,0.0) nginx: cache manager process

Found on 2024-11-21 23:54

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320cab6ceae63

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315568,13544,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,3932,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,9468,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,7156,0.0) /lib/systemd/systemd-logind
(root,7824,1860,0.0) /bin/login -p --
(root,109760,11224,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(nobody,259476,194720,0.0) nginx: cache manager process
(infra.mg,17176,6472,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2152,0.0) (sd-pam)
(infra.mg,2892,896,0.0) -sh
(root,11512,2112,0.0) sudo su -
(root,11512,852,0.0) sudo su -
(root,10232,1248,0.0) su -
(root,8796,2368,0.0) -bash
(nobody,259476,189752,0.0) nginx: cache manager process
(custadm+,17172,8600,0.0) /lib/systemd/systemd --user
(custadm+,318416,5120,0.0) (sd-pam)
(nobody,260628,216696,0.0) nginx: cache manager process
(nobody,259476,196704,0.0) nginx: cache manager process
(nobody,259476,190372,0.0) nginx: cache manager process
(nobody,260628,216172,0.0) nginx: cache manager process
(nobody,258552,188808,0.0) nginx: cache manager process
(nobody,259476,198492,0.0) nginx: cache manager process
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3676,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,6720,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,184132,107148,0.2) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,11144,0.0) /usr/libexec/packagekitd
(root,239612,5944,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5188,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2396,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5512,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9612,0.0) /usr/libexec/udisks2/udisksd
(root,12088,5972,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,4748,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,4520,0.0) /usr/sbin/ModemManager
(root,11800,6640,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8164,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12660,0.0) /lib/systemd/systemd-resolved
(root,15436,7268,0.1) sshd: /usr/sbin/sshd -D [listener] 34 of 4-100 startups
(root,210344,16788,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,8348,0.0) /usr/sbin/squid --foreground -sYC
(nobody,480048,367036,0.0) nginx: cache manager process
(root,405440,31448,0.7) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(nobody,260628,219748,0.0) nginx: cache manager process
(nobody,258552,188780,0.0) nginx: cache manager process
(nobody,259476,192380,0.0) nginx: cache manager process
(proxy,84300,35744,0.0) (squid-1) --kid squid-1 --foreground -sYC
(proxy,6068,804,0.0) (logfile-daemon) /var/log/squid/access.log
(nobody,258552,188788,0.0) nginx: cache manager process
(root,2355860,27220,0.0) /usr/lib/snapd/snapd
(nobody,260624,224328,0.0) nginx: cache manager process
(nobody,480356,392072,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/3:1-events]
(root,0,0,0.0) [kworker/10:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/15:0-mm_percpu_wq]
(nobody,259476,192468,0.0) nginx: cache manager process
(nobody,477800,359944,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/6:2-events]
(nobody,259476,189708,0.0) nginx: cache manager process
(nobody,480312,391528,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/9:2-events]
(nobody,258716,189012,0.0) nginx: cache manager process
(nobody,486828,469184,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/12:0-events]
(root,0,0,0.0) [kworker/1:2-events]
(nobody,259476,189540,0.0) nginx: cache manager process
(nobody,259704,201256,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/7:2-events]
(root,0,0,0.0) [kworker/13:1-mm_percpu_wq]
(root,260484,240292,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,261060,248280,2.3) nginx: worker process
(nobody,261192,248160,0.3) nginx: worker process
(nobody,261176,248196,0.0) nginx: worker process
(nobody,260792,247848,0.0) nginx: worker process
(nobody,260792,246840,0.0) nginx: worker process
(nobody,260792,246772,0.0) nginx: worker process
(nobody,260792,246772,0.0) nginx: worker process
(nobody,260792,243048,0.0) nginx: worker process
(nobody,260792,243048,0.0) nginx: worker process
(nobody,260792,243048,0.0) nginx: worker process
(nobody,260792,243048,0.0) nginx: worker process
(nobody,260792,243048,0.0) nginx: worker process
(nobody,260792,243048,0.0) nginx: worker process
(nobody,260792,243048,0.0) nginx: worker process
(nobody,260792,243048,0.0) nginx: worker process
(nobody,260792,243048,0.0) nginx: worker process
(nobody,260792,242020,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/14:1-events]
(root,0,0,0.0) [kworker/11:2-events]
(root,0,0,0.0) [kworker/5:0-events]
(root,0,0,0.0) [kworker/15:1-cgroup_destroy]
(nobody,259476,193556,0.0) nginx: cache manager process
(nobody,477948,360496,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/2:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/9:1-cgroup_destroy]
(root,0,0,0.0) [kworker/11:0]
(root,0,0,0.0) [kworker/7:0-events]
(root,0,0,0.0) [kworker/8:2-events]
(root,0,0,0.0) [kworker/5:1]
(root,0,0,0.0) [kworker/0:1-events]
(root,0,0,0.0) [kworker/1:0]
(root,0,0,0.0) [kworker/4:2-cgroup_destroy]
(root,0,0,0.0) [kworker/4:1-events]
(root,0,0,0.0) [kworker/6:3-events]
(proxy,6176,2148,0.0) (pinger)
(root,0,0,0.0) [kworker/14:2-cgroup_destroy]
(root,0,0,0.0) [kworker/0:2-cgroup_destroy]
(root,0,0,0.0) [kworker/10:2-cgroup_destroy]
(root,0,0,0.0) [kworker/2:3-events]
(root,0,0,0.0) [kworker/12:2-cgroup_destroy]
(root,0,0,0.0) [kworker/13:2]
(root,0,0,0.0) [kworker/u32:6-events_power_efficient]
(root,0,0,0.0) [kworker/u32:4-flush-8:0]
(root,0,0,0.0) [kworker/8:0-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:0-flush-253:0]
(root,0,0,0.0) [kworker/u32:5-writeback]
(root,0,0,0.0) [kworker/3:2]
(root,0,0,0.0) [kworker/u32:2-flush-253:0]
(root,15432,8900,0.0) sshd: [accepted]
(root,15432,9008,0.0) sshd: [accepted]
(root,15432,9048,0.0) sshd: [accepted]
(root,15432,9032,0.0) sshd: [accepted]
(root,15432,8824,0.0) sshd: [accepted]
(root,15432,8872,0.0) sshd: [accepted]
(root,15432,8884,0.0) sshd: [accepted]
(root,15432,8888,0.0) sshd: [accepted]
(root,15432,8884,0.0) sshd: [accepted]
(root,15432,8884,0.0) sshd: [accepted]
(sshd,15432,5420,0.0) sshd: [net]
(root,15432,8736,0.0) sshd: [accepted]
(root,15432,8936,0.0) sshd: [accepted]
(root,15432,8888,0.0) sshd: [accepted]
(root,15432,8940,0.0) sshd: [accepted]
(root,15432,8728,0.0) sshd: [accepted]
(root,15432,8740,0.0) sshd: [accepted]
(root,15432,9008,0.0) sshd: [accepted]
(root,15432,8912,0.0) sshd: [accepted]
(root,15432,8768,0.0) sshd: [accepted]
(root,15432,8828,0.0) sshd: [accepted]
(root,15432,8772,0.0) sshd: [accepted]
(root,15432,8928,0.0) sshd: [accepted]
(root,15432,8888,0.0) sshd: [accepted]
(root,15432,9024,0.0) sshd: [accepted]
(root,15432,9032,0.0) sshd: [accepted]
(root,15432,8744,0.0) sshd: [accepted]
(root,15432,8920,0.0) sshd: [accepted]
(root,15432,8820,0.0) sshd: [accepted]
(root,15432,9032,0.0) sshd: [accepted]
(root,15432,9464,0.0) sshd: [accepted]
(sshd,15432,5540,0.0) sshd: [net]
(root,16912,10084,0.3) sshd: unknown [priv]
(sshd,15432,5516,0.0) sshd: unknown [net]
(root,0,0,0.0) [kworker/u32:1-ext4-rsv-conversion]
(root,16440,10236,3.5) sshd: root [priv]
(sshd,15432,5556,0.0) sshd: root [net]
(root,15432,9000,0.0) sshd: [accepted]
(root,15432,8788,0.0) sshd: [accepted]
(sshd,15432,5444,0.0) sshd: [net]
(sshd,15432,5588,0.0) sshd: [net]
(root,7372,3784,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1592,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1060,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,258548,188920,0.0) nginx: cache manager process

Found on 2024-11-19 22:49

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca6172550e

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315568,13564,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5144,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,11548,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9432,0.0) /lib/systemd/systemd-logind
(root,7824,3204,0.0) /bin/login -p --
(root,109760,13452,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(nobody,259476,206196,0.0) nginx: cache manager process
(infra.mg,17176,8660,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2316,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,884,0.0) sudo su -
(root,10232,2548,0.0) su -
(root,8796,3776,0.0) -bash
(nobody,259476,201028,0.0) nginx: cache manager process
(custadm+,17172,8620,0.0) /lib/systemd/systemd --user
(custadm+,318416,5508,0.0) (sd-pam)
(nobody,260628,229876,0.0) nginx: cache manager process
(nobody,259476,208080,0.0) nginx: cache manager process
(nobody,259476,201712,0.0) nginx: cache manager process
(nobody,260628,229144,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/0:1-events]
(root,0,0,0.0) [kworker/7:0-events]
(nobody,258552,200088,0.0) nginx: cache manager process
(nobody,259476,210268,0.0) nginx: cache manager process
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3676,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,6720,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,212636,138260,0.2) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,11204,0.0) /usr/libexec/packagekitd
(root,239612,5996,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5212,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2396,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5532,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9652,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6016,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,4748,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5112,0.0) /usr/sbin/ModemManager
(root,11800,6640,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8180,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12676,0.0) /lib/systemd/systemd-resolved
(root,15436,7256,0.1) sshd: /usr/sbin/sshd -D [listener] 38 of 4-100 startups
(root,210344,16920,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,9256,0.0) /usr/sbin/squid --foreground -sYC
(nobody,480048,389368,0.0) nginx: cache manager process
(root,405440,31812,0.7) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(nobody,260628,233032,0.0) nginx: cache manager process
(nobody,258552,200068,0.0) nginx: cache manager process
(nobody,259476,203872,0.0) nginx: cache manager process
(proxy,84300,35636,0.0) (squid-1) --kid squid-1 --foreground -sYC
(proxy,6068,844,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/9:1-events]
(root,0,0,0.0) [kworker/1:1-events]
(nobody,258552,200024,0.0) nginx: cache manager process
(root,2355860,27700,0.0) /usr/lib/snapd/snapd
(root,260316,235624,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,261008,243864,1.6) nginx: worker process
(nobody,260624,243376,0.0) nginx: worker process
(nobody,261008,243700,0.2) nginx: worker process
(nobody,260624,243376,0.0) nginx: worker process
(nobody,260624,243320,0.0) nginx: worker process
(nobody,260624,238668,0.0) nginx: worker process
(nobody,260624,238668,0.0) nginx: worker process
(nobody,260624,238668,0.0) nginx: worker process
(nobody,260624,238668,0.0) nginx: worker process
(nobody,260624,238668,0.0) nginx: worker process
(nobody,260624,238668,0.0) nginx: worker process
(nobody,260624,238668,0.0) nginx: worker process
(nobody,260624,238668,0.0) nginx: worker process
(nobody,260624,238668,0.0) nginx: worker process
(nobody,260624,238668,0.0) nginx: worker process
(nobody,260624,238668,0.0) nginx: worker process
(nobody,260624,237664,0.0) nginx: cache manager process
(nobody,480356,415528,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/14:1-events]
(root,0,0,0.0) [kworker/6:1-events]
(root,0,0,0.0) [kworker/3:1-events]
(root,0,0,0.0) [kworker/2:1-events]
(root,0,0,0.0) [kworker/11:1-events]
(root,0,0,0.0) [kworker/4:1-events]
(root,0,0,0.0) [kworker/12:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/10:0-events]
(root,0,0,0.0) [kworker/15:0-cgroup_destroy]
(nobody,259476,203856,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/13:2-events]
(nobody,477800,381492,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/5:0-events]
(root,0,0,0.0) [kworker/8:0-events]
(root,0,0,0.0) [kworker/14:3-events]
(root,0,0,0.0) [kworker/11:2-cgroup_destroy]
(root,0,0,0.0) [kworker/15:2-events]
(root,0,0,0.0) [kworker/8:2-cgroup_destroy]
(root,0,0,0.0) [kworker/2:2-cgroup_destroy]
(root,0,0,0.0) [kworker/0:3-cgroup_destroy]
(root,0,0,0.0) [kworker/3:3-cgroup_destroy]
(root,0,0,0.0) [kworker/6:2]
(root,0,0,0.0) [kworker/12:2-cgroup_destroy]
(nobody,259476,201092,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/7:2-cgroup_destroy]
(proxy,6176,2160,0.0) (pinger)
(root,0,0,0.0) [kworker/10:2-cgroup_destroy]
(root,0,0,0.0) [kworker/4:0-cgroup_destroy]
(root,0,0,0.0) [kworker/13:0-events]
(root,0,0,0.0) [kworker/1:2-events]
(root,0,0,0.0) [kworker/5:2-cgroup_destroy]
(nobody,480312,414860,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/9:3-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:4-flush-253:0]
(root,0,0,0.0) [kworker/u32:5-flush-253:0]
(root,0,0,0.0) [kworker/u32:0-flush-8:0]
(root,0,0,0.0) [kworker/u32:3-flush-253:0]
(root,0,0,0.0) [kworker/u32:1-flush-8:0]
(root,0,0,0.0) [kworker/12:1-cgroup_destroy]
(root,0,0,0.0) [kworker/12:3]
(root,0,0,0.0) [kworker/u32:2-events_power_efficient]
(root,15432,8868,0.0) sshd: [accepted]
(root,15432,8896,0.0) sshd: [accepted]
(root,15432,9020,0.0) sshd: [accepted]
(root,15432,9096,0.0) sshd: [accepted]
(root,15432,8932,0.0) sshd: [accepted]
(root,15432,9000,0.0) sshd: [accepted]
(root,15432,8808,0.0) sshd: [accepted]
(root,15432,8916,0.0) sshd: [accepted]
(root,15432,8760,0.0) sshd: [accepted]
(root,15432,8892,0.0) sshd: [accepted]
(root,15432,8808,0.0) sshd: [accepted]
(root,15432,8972,0.0) sshd: [accepted]
(root,15432,8896,0.0) sshd: [accepted]
(root,15432,8808,0.0) sshd: [accepted]
(root,15432,8872,0.0) sshd: [accepted]
(root,15432,8908,0.0) sshd: [accepted]
(root,15432,8868,0.0) sshd: [accepted]
(sshd,15432,5600,0.0) sshd: [net]
(root,15432,8844,0.0) sshd: [accepted]
(root,15432,8748,0.0) sshd: [accepted]
(root,15432,9016,0.0) sshd: [accepted]
(root,15432,8812,0.0) sshd: [accepted]
(root,15432,9036,0.0) sshd: [accepted]
(root,15432,8964,0.0) sshd: [accepted]
(root,15432,8920,0.0) sshd: [accepted]
(root,15432,8984,0.0) sshd: [accepted]
(root,15432,8824,0.0) sshd: [accepted]
(root,15432,8828,0.0) sshd: [accepted]
(root,15432,9044,0.0) sshd: [accepted]
(root,15432,8924,0.0) sshd: [accepted]
(root,15432,8976,0.0) sshd: [accepted]
(root,15432,8960,0.0) sshd: [accepted]
(root,15432,8800,0.0) sshd: [accepted]
(root,15432,8752,0.0) sshd: [accepted]
(root,16912,10280,0.0) sshd: unknown [priv]
(sshd,15432,5416,0.0) sshd: unknown [net]
(root,16912,10288,0.0) sshd: unknown [priv]
(sshd,15432,5536,0.0) sshd: unknown [net]
(root,16912,10140,0.3) sshd: unknown [priv]
(sshd,15432,5328,0.0) sshd: unknown [net]
(root,16912,10284,0.5) sshd: unknown [priv]
(sshd,15432,5392,0.0) sshd: unknown [net]
(root,16912,10368,1.0) sshd: unknown [priv]
(sshd,15432,5512,0.0) sshd: unknown [net]
(root,7372,3896,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1588,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1060,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,258716,200264,0.0) nginx: cache manager process
(nobody,259476,200872,0.0) nginx: cache manager process
(nobody,259704,212720,0.0) nginx: cache manager process
(nobody,259476,204840,0.0) nginx: cache manager process
(nobody,477948,382200,0.0) nginx: cache manager process
(nobody,258548,200144,0.0) nginx: cache manager process

Found on 2024-11-17 21:54

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320cadf1d047d

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315568,13564,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5144,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,11564,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9432,0.0) /lib/systemd/systemd-logind
(root,7824,3204,0.0) /bin/login -p --
(root,109760,13468,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(nobody,259476,209068,0.0) nginx: cache manager process
(infra.mg,17176,8660,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2316,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,884,0.0) sudo su -
(root,10232,2548,0.0) su -
(root,8796,3776,0.0) -bash
(nobody,259476,203860,0.0) nginx: cache manager process
(custadm+,17172,8620,0.0) /lib/systemd/systemd --user
(custadm+,318416,5508,0.0) (sd-pam)
(nobody,260628,233108,0.0) nginx: cache manager process
(nobody,259476,210976,0.0) nginx: cache manager process
(nobody,259476,204540,0.0) nginx: cache manager process
(nobody,260628,232336,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/3:2-events]
(root,0,0,0.0) [kworker/0:1-events]
(root,0,0,0.0) [kworker/15:0-events]
(root,0,0,0.0) [kworker/7:0-cgroup_destroy]
(nobody,258552,202940,0.0) nginx: cache manager process
(nobody,259476,213172,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/10:0-events]
(root,0,0,0.0) [kworker/4:2-cgroup_destroy]
(root,0,0,0.0) [kworker/8:1-events]
(root,0,0,0.0) [kworker/6:2-cgroup_destroy]
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3676,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,6720,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,134904,70120,0.2) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,10552,0.0) /usr/libexec/packagekitd
(root,239612,6028,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5220,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2396,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5532,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9668,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6016,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,4756,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5384,0.0) /usr/sbin/ModemManager
(root,11800,6640,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8180,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12676,0.0) /lib/systemd/systemd-resolved
(root,15436,7268,0.1) sshd: /usr/sbin/sshd -D [listener] 12 of 4-100 startups
(root,210344,16956,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,9436,0.0) /usr/sbin/squid --foreground -sYC
(nobody,480048,395056,0.0) nginx: cache manager process
(root,405440,32428,0.7) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(root,0,0,0.0) [kworker/7:1-events]
(nobody,260628,236412,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/2:3-events]
(root,0,0,0.0) [kworker/13:0-events]
(nobody,258552,202900,0.0) nginx: cache manager process
(nobody,259476,206732,0.0) nginx: cache manager process
(proxy,84300,35400,0.0) (squid-1) --kid squid-1 --foreground -sYC
(root,0,0,0.0) [kworker/9:2-cgroup_destroy]
(proxy,6068,844,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/9:1-events]
(root,0,0,0.0) [kworker/3:0-cgroup_destroy]
(root,0,0,0.0) [kworker/1:0-cgroup_destroy]
(root,0,0,0.0) [kworker/5:1-cgroup_destroy]
(proxy,6176,2132,0.0) (pinger)
(root,0,0,0.0) [kworker/1:1-events]
(root,0,0,0.0) [kworker/5:2-events]
(root,0,0,0.0) [kworker/0:0-cgroup_destroy]
(root,0,0,0.0) [kworker/2:0-cgroup_destroy]
(root,0,0,0.0) [kworker/10:1-cgroup_destroy]
(root,0,0,0.0) [kworker/8:0-cgroup_destroy]
(root,0,0,0.0) [kworker/4:1-events]
(root,0,0,0.0) [kworker/11:3-events]
(root,0,0,0.0) [kworker/11:2]
(nobody,258552,202848,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/14:2-events]
(root,0,0,0.0) [kworker/u32:1-writeback]
(root,0,0,0.0) [kworker/u32:4-events_power_efficient]
(root,0,0,0.0) [kworker/u32:0-flush-8:0]
(root,2355860,27232,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/12:2]
(root,0,0,0.0) [kworker/u32:5-events_unbound]
(root,0,0,0.0) [kworker/14:3-events]
(root,0,0,0.0) [kworker/15:2]
(root,260316,240128,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,260624,247628,0.2) nginx: worker process
(nobody,260624,243128,0.0) nginx: worker process
(nobody,260624,247204,0.0) nginx: worker process
(nobody,260624,243128,0.0) nginx: worker process
(nobody,260624,243128,0.0) nginx: worker process
(nobody,260624,243128,0.0) nginx: worker process
(nobody,260624,243128,0.0) nginx: worker process
(nobody,260624,243128,0.0) nginx: worker process
(nobody,260624,243128,0.0) nginx: worker process
(nobody,260624,243128,0.0) nginx: worker process
(nobody,260624,243128,0.0) nginx: worker process
(nobody,260624,243128,0.0) nginx: worker process
(nobody,260624,243128,0.0) nginx: worker process
(nobody,260624,243128,0.0) nginx: worker process
(nobody,260624,243128,0.0) nginx: worker process
(nobody,260624,243128,0.0) nginx: worker process
(nobody,260624,242124,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/13:2]
(root,0,0,0.0) [kworker/u32:3-flush-253:0]
(root,0,0,0.0) [kworker/6:3-events]
(root,0,0,0.0) [kworker/6:0-cgroup_destroy]
(root,0,0,0.0) [kworker/6:1]
(root,15432,8920,0.0) sshd: [accepted]
(sshd,15432,5568,0.0) sshd: [net]
(root,15432,8772,0.0) sshd: [accepted]
(root,15432,9032,0.0) sshd: [accepted]
(sshd,15432,5468,0.0) sshd: [net]
(root,0,0,0.0) [kworker/u32:2-flush-8:0]
(root,15432,8844,0.0) sshd: [accepted]
(sshd,15432,5432,0.0) sshd: [net]
(root,15432,8988,0.0) sshd: [accepted]
(sshd,15432,5368,0.0) sshd: [net]
(root,16440,10012,0.3) sshd: root [priv]
(sshd,15432,5532,0.0) sshd: root [net]
(root,15432,8892,0.0) sshd: [accepted]
(sshd,15432,5424,0.0) sshd: [net]
(root,15432,8872,0.0) sshd: [accepted]
(sshd,15432,5572,0.0) sshd: [net]
(root,16440,10176,1.5) sshd: root [priv]
(sshd,15432,5500,0.0) sshd: root [net]
(root,16440,9964,2.0) sshd: root [priv]
(sshd,15432,5520,0.0) sshd: root [net]
(root,15432,8868,0.0) sshd: [accepted]
(root,16752,10324,0.5) sshd: unknown [priv]
(sshd,15432,5504,0.0) sshd: unknown [net]
(sshd,15432,5592,0.0) sshd: [net]
(root,7372,3896,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1588,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1092,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,480356,421528,0.0) nginx: cache manager process
(nobody,259476,206748,0.0) nginx: cache manager process
(nobody,477800,387212,0.0) nginx: cache manager process
(nobody,259476,203968,0.0) nginx: cache manager process
(nobody,480312,420968,0.0) nginx: cache manager process
(nobody,258716,203096,0.0) nginx: cache manager process
(nobody,259476,203748,0.0) nginx: cache manager process
(nobody,259704,215624,0.0) nginx: cache manager process
(nobody,259476,207712,0.0) nginx: cache manager process
(nobody,477948,387940,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/12:0-events]
(nobody,258548,202968,0.0) nginx: cache manager process

Found on 2024-11-16 01:32

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320cae1057529

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315568,13564,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5196,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,12316,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9432,0.0) /lib/systemd/systemd-logind
(root,7824,3204,0.0) /bin/login -p --
(root,109760,13524,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(nobody,259476,216660,0.0) nginx: cache manager process
(infra.mg,17176,8660,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2324,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2548,0.0) su -
(root,8796,3784,0.0) -bash
(nobody,259476,211372,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/8:0-events]
(custadm+,17172,8620,0.0) /lib/systemd/systemd --user
(custadm+,318416,5520,0.0) (sd-pam)
(root,0,0,0.0) [kworker/13:1-events]
(root,0,0,0.0) [kworker/10:1-events]
(root,0,0,0.0) [kworker/2:1-events]
(root,260320,240008,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,261044,247888,2.4) nginx: worker process
(nobody,261028,247816,0.3) nginx: worker process
(nobody,260876,247800,0.0) nginx: worker process
(nobody,260628,247548,0.0) nginx: worker process
(nobody,260628,247548,0.0) nginx: worker process
(nobody,260628,243008,0.0) nginx: worker process
(nobody,260628,245808,0.0) nginx: worker process
(nobody,260628,243008,0.0) nginx: worker process
(nobody,260628,243008,0.0) nginx: worker process
(nobody,260628,243008,0.0) nginx: worker process
(nobody,260628,243008,0.0) nginx: worker process
(nobody,260628,243008,0.0) nginx: worker process
(nobody,260628,243008,0.0) nginx: worker process
(nobody,260628,243008,0.0) nginx: worker process
(nobody,260628,243008,0.0) nginx: worker process
(nobody,260628,243008,0.0) nginx: worker process
(nobody,260628,241992,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/15:2-events]
(root,0,0,0.0) [kworker/13:2-cgroup_destroy]
(root,0,0,0.0) [kworker/4:2-cgroup_destroy]
(root,0,0,0.0) [kworker/5:2-events]
(root,0,0,0.0) [kworker/7:1-events]
(nobody,259476,218820,0.0) nginx: cache manager process
(nobody,259476,212052,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/12:1-cgroup_destroy]
(root,0,0,0.0) [kworker/0:2]
(root,0,0,0.0) [kworker/8:2-cgroup_destroy]
(root,0,0,0.0) [kworker/4:0-events]
(root,0,0,0.0) [kworker/3:1-events]
(proxy,6176,2140,0.0) (pinger)
(root,0,0,0.0) [kworker/9:1-events]
(root,0,0,0.0) [kworker/1:3-cgroup_destroy]
(root,0,0,0.0) [kworker/5:0]
(root,0,0,0.0) [kworker/6:1-cgroup_destroy]
(root,0,0,0.0) [kworker/11:1-cgroup_destroy]
(root,0,0,0.0) [kworker/14:1]
(root,0,0,0.0) [kworker/7:0-cgroup_destroy]
(root,0,0,0.0) [kworker/10:0]
(root,0,0,0.0) [kworker/u32:1-flush-253:0]
(root,0,0,0.0) [kworker/u32:4-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/u32:2-flush-253:0]
(root,0,0,0.0) [kworker/u32:5-flush-253:0]
(root,0,0,0.0) [kworker/u32:0-events_power_efficient]
(root,0,0,0.0) [kworker/1:1-events]
(root,0,0,0.0) [kworker/2:2]
(root,0,0,0.0) [kworker/u32:3-events_power_efficient]
(root,0,0,0.0) [kworker/7:2-cgroup_destroy]
(root,0,0,0.0) [kworker/7:3]
(root,15432,8756,0.0) sshd: [accepted]
(root,15432,8728,0.0) sshd: [accepted]
(sshd,15432,5432,0.0) sshd: [net]
(root,15432,8828,0.0) sshd: [accepted]
(root,15432,9032,0.0) sshd: [accepted]
(sshd,15432,5488,0.0) sshd: [net]
(root,15432,9096,0.0) sshd: [accepted]
(sshd,15432,5548,0.0) sshd: [net]
(root,15432,8744,0.0) sshd: [accepted]
(root,16440,10056,1.5) sshd: root [priv]
(root,16440,10312,1.5) sshd: root [priv]
(sshd,15432,5512,0.0) sshd: root [net]
(sshd,15432,5456,0.0) sshd: root [net]
(root,16440,10156,1.7) sshd: root [priv]
(sshd,15432,5472,0.0) sshd: root [net]
(root,16440,10196,1.4) sshd: root [priv]
(root,16440,10428,0.9) sshd: root [priv]
(sshd,15432,5488,0.0) sshd: root [net]
(root,16440,10380,1.9) sshd: root [priv]
(sshd,15432,5468,0.0) sshd: root [net]
(sshd,15432,5432,0.0) sshd: root [net]
(root,16440,10120,1.4) sshd: root [priv]
(root,16440,10280,1.7) sshd: root [priv]
(sshd,15432,5412,0.0) sshd: root [net]
(sshd,15432,5456,0.0) sshd: root [net]
(root,16440,10080,1.8) sshd: root [priv]
(sshd,15432,5512,0.0) sshd: root [net]
(root,16440,10344,1.3) sshd: root [priv]
(sshd,15432,5556,0.0) sshd: root [net]
(root,16440,10024,1.4) sshd: root [priv]
(root,16440,10312,1.8) sshd: root [priv]
(sshd,15432,5424,0.0) sshd: root [net]
(sshd,15432,5636,0.0) sshd: root [net]
(root,16440,10116,1.4) sshd: root [priv]
(sshd,15432,5384,0.0) sshd: root [net]
(root,16440,10084,2.1) sshd: root [priv]
(sshd,15432,5412,0.0) sshd: root [net]
(root,16440,10036,2.0) sshd: root [priv]
(sshd,15432,5556,0.0) sshd: root [net]
(root,16912,10176,0.0) sshd: unknown [priv]
(sshd,15432,5448,0.0) sshd: unknown [net]
(root,16912,10164,0.0) sshd: unknown [priv]
(sshd,15432,5548,0.0) sshd: unknown [net]
(root,16912,10420,0.0) sshd: unknown [priv]
(sshd,15432,5460,0.0) sshd: unknown [net]
(root,15432,8820,0.0) sshd: [accepted]
(sshd,15432,5552,0.0) sshd: [net]
(root,7372,3884,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1568,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1124,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,258552,210440,0.0) nginx: cache manager process
(nobody,259476,221200,0.0) nginx: cache manager process
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3676,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,208824,124820,0.2) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,10976,0.0) /usr/libexec/packagekitd
(root,239612,6032,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5220,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5532,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9720,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6020,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,4760,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5996,0.0) /usr/sbin/ModemManager
(root,11800,6648,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8180,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12676,0.0) /lib/systemd/systemd-resolved
(root,15436,7588,0.1) sshd: /usr/sbin/sshd -D [listener] 25 of 4-100 startups
(root,210344,17068,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,10300,0.0) /usr/sbin/squid --foreground -sYC
(nobody,480048,410168,0.0) nginx: cache manager process
(root,405440,32688,0.7) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(nobody,258552,210392,0.0) nginx: cache manager process
(nobody,259476,214284,0.0) nginx: cache manager process
(proxy,84300,35684,0.0) (squid-1) --kid squid-1 --foreground -sYC
(proxy,6068,868,0.0) (logfile-daemon) /var/log/squid/access.log
(nobody,258552,210344,0.0) nginx: cache manager process
(root,2355860,27472,0.0) /usr/lib/snapd/snapd
(nobody,480356,436820,0.0) nginx: cache manager process
(nobody,259476,214268,0.0) nginx: cache manager process
(nobody,477800,402208,0.0) nginx: cache manager process
(nobody,259476,211476,0.0) nginx: cache manager process
(nobody,480312,437244,0.0) nginx: cache manager process
(nobody,258716,210588,0.0) nginx: cache manager process
(nobody,259476,211256,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/14:2-events]
(nobody,259704,223580,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/15:1-events]
(nobody,259476,215276,0.0) nginx: cache manager process
(nobody,477948,401932,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/9:2-events]
(root,0,0,0.0) [kworker/11:0-events]
(root,0,0,0.0) [kworker/3:0-events]
(root,0,0,0.0) [kworker/6:2-events]
(root,0,0,0.0) [kworker/12:0-events]
(root,0,0,0.0) [kworker/0:3-events]
(nobody,258548,210468,0.0) nginx: cache manager process

Found on 2024-11-14 00:41

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca22935e1f

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315568,13564,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5264,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,12408,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9432,0.0) /lib/systemd/systemd-logind
(root,7824,3204,0.0) /bin/login -p --
(root,109760,13556,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(nobody,259476,218512,0.0) nginx: cache manager process
(infra.mg,17176,8660,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2324,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2548,0.0) su -
(root,8796,3784,0.0) -bash
(nobody,259476,213128,0.0) nginx: cache manager process
(custadm+,17172,8620,0.0) /lib/systemd/systemd --user
(custadm+,318416,5520,0.0) (sd-pam)
(nobody,259476,220684,0.0) nginx: cache manager process
(nobody,259476,213812,0.0) nginx: cache manager process
(nobody,258552,212192,0.0) nginx: cache manager process
(nobody,259476,223092,0.0) nginx: cache manager process
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3676,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,122512,58940,0.2) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,10992,0.0) /usr/libexec/packagekitd
(root,239612,6048,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5220,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5532,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9732,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6020,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,4840,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,6024,0.0) /usr/sbin/ModemManager
(root,11800,6648,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8180,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12676,0.0) /lib/systemd/systemd-resolved
(root,15436,7588,0.1) sshd: /usr/sbin/sshd -D [listener] 11 of 4-100 startups
(root,210344,17152,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,10560,0.0) /usr/sbin/squid --foreground -sYC
(nobody,480048,413544,0.0) nginx: cache manager process
(root,405440,32788,0.7) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(nobody,258552,212156,0.0) nginx: cache manager process
(nobody,259476,216108,0.0) nginx: cache manager process
(proxy,84300,35416,0.0) (squid-1) --kid squid-1 --foreground -sYC
(proxy,6068,892,0.0) (logfile-daemon) /var/log/squid/access.log
(nobody,258552,212108,0.0) nginx: cache manager process
(root,2355860,27632,0.0) /usr/lib/snapd/snapd
(nobody,480356,440592,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/11:1-events]
(nobody,259476,216048,0.0) nginx: cache manager process
(nobody,477800,405692,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/0:2-cgroup_destroy]
(nobody,259476,213236,0.0) nginx: cache manager process
(nobody,480312,441032,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/13:3-events]
(root,0,0,0.0) [kworker/1:1-events]
(nobody,258716,212348,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/4:0-events]
(root,0,0,0.0) [kworker/12:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/6:1-events]
(nobody,259476,213020,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/7:1-events]
(root,0,0,0.0) [kworker/14:2-events]
(root,0,0,0.0) [kworker/3:2-cgroup_destroy]
(root,259396,225080,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,259832,233364,2.7) nginx: worker process
(nobody,260096,233460,0.4) nginx: worker process
(nobody,260080,233476,0.0) nginx: worker process
(nobody,259704,232808,0.0) nginx: worker process
(nobody,259824,233124,0.0) nginx: worker process
(nobody,259704,230768,0.0) nginx: worker process
(nobody,259704,227988,0.0) nginx: worker process
(nobody,259704,227988,0.0) nginx: worker process
(nobody,259704,227988,0.0) nginx: worker process
(nobody,259704,227988,0.0) nginx: worker process
(nobody,259704,227988,0.0) nginx: worker process
(nobody,259704,227988,0.0) nginx: worker process
(nobody,259704,227988,0.0) nginx: worker process
(nobody,259704,227988,0.0) nginx: worker process
(nobody,259704,227988,0.0) nginx: worker process
(nobody,259704,227988,0.0) nginx: worker process
(nobody,259704,226984,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/0:1-events_freezable]
(root,0,0,0.0) [kworker/5:0-events]
(root,0,0,0.0) [kworker/15:1-events]
(root,0,0,0.0) [kworker/8:0-mm_percpu_wq]
(nobody,259476,217112,0.0) nginx: cache manager process
(nobody,477948,405420,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/12:1-cgroup_destroy]
(root,0,0,0.0) [kworker/9:2-events]
(root,0,0,0.0) [kworker/11:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/2:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/14:0-cgroup_destroy]
(root,0,0,0.0) [kworker/9:1-cgroup_destroy]
(root,0,0,0.0) [kworker/3:0-events]
(proxy,6176,2160,0.0) (pinger)
(root,0,0,0.0) [kworker/1:2-events]
(root,0,0,0.0) [kworker/15:2-cgroup_destroy]
(root,0,0,0.0) [kworker/5:2-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:0-flush-253:0]
(root,0,0,0.0) [kworker/8:2-events]
(root,0,0,0.0) [kworker/2:0-events]
(root,0,0,0.0) [kworker/4:1-cgroup_destroy]
(root,0,0,0.0) [kworker/6:2-cgroup_destroy]
(root,0,0,0.0) [kworker/10:0-events]
(root,0,0,0.0) [kworker/7:0-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:2-flush-253:0]
(root,0,0,0.0) [kworker/u32:1-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/u32:4-events_power_efficient]
(root,0,0,0.0) [kworker/u32:5-flush-253:0]
(root,0,0,0.0) [kworker/10:1]
(root,0,0,0.0) [kworker/13:0]
(root,0,0,0.0) [kworker/u32:3-flush-253:0]
(root,15432,8912,0.0) sshd: [accepted]
(root,15432,8852,0.0) sshd: [accepted]
(sshd,15432,5456,0.0) sshd: [net]
(root,15432,8788,0.0) sshd: [accepted]
(root,16912,10380,0.0) sshd: unknown [priv]
(sshd,15432,5488,0.0) sshd: unknown [net]
(root,15432,9008,0.0) sshd: [accepted]
(root,16440,10088,1.0) sshd: root [priv]
(sshd,15432,5500,0.0) sshd: root [net]
(root,16440,9972,1.0) sshd: root [priv]
(sshd,15432,5448,0.0) sshd: root [net]
(root,16912,10280,0.5) sshd: unknown [priv]
(sshd,15432,5432,0.0) sshd: unknown [net]
(root,16440,9836,2.5) sshd: root [priv]
(sshd,15432,5408,0.0) sshd: root [net]
(root,16912,10248,0.0) sshd: unknown [priv]
(sshd,15432,5592,0.0) sshd: unknown [net]
(root,15432,9060,0.0) sshd: [accepted]
(root,7372,3728,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1596,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1084,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,258548,212228,0.0) nginx: cache manager process

Found on 2024-11-11 23:16

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca939b9d17

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315568,13600,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5264,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13216,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9456,0.0) /lib/systemd/systemd-logind
(root,7824,3208,0.0) /bin/login -p --
(root,109760,13652,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(nobody,259476,228540,0.0) nginx: cache manager process
(infra.mg,17176,8668,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2488,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2548,0.0) su -
(root,8796,3800,0.0) -bash
(nobody,259476,222928,0.0) nginx: cache manager process
(custadm+,17172,8620,0.0) /lib/systemd/systemd --user
(custadm+,318416,5532,0.0) (sd-pam)
(root,0,0,0.0) [kworker/6:3-events]
(nobody,259476,230836,0.0) nginx: cache manager process
(nobody,259476,223600,0.0) nginx: cache manager process
(nobody,258552,221968,0.0) nginx: cache manager process
(nobody,259476,233304,0.0) nginx: cache manager process
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3676,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,126680,60936,0.2) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,11088,0.0) /usr/libexec/packagekitd
(root,239612,6124,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5220,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9788,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6036,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,4860,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,6300,0.0) /usr/sbin/ModemManager
(root,11800,6656,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8188,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12676,0.0) /lib/systemd/systemd-resolved
(root,15436,7580,0.1) sshd: /usr/sbin/sshd -D [listener] 27 of 4-100 startups
(root,210344,17260,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,11404,0.0) /usr/sbin/squid --foreground -sYC
(nobody,480048,432268,0.0) nginx: cache manager process
(root,405440,32852,0.7) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(root,0,0,0.0) [kworker/7:1-events]
(nobody,258552,221932,0.0) nginx: cache manager process
(nobody,259476,226092,0.0) nginx: cache manager process
(proxy,84300,35592,0.0) (squid-1) --kid squid-1 --foreground -sYC
(root,0,0,0.0) [kworker/15:1-events]
(root,480048,464664,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,0.0) [kworker/1:1-events]
(root,0,0,0.0) [kworker/8:1-mm_percpu_wq]
(proxy,6068,1556,0.0) (logfile-daemon) /var/log/squid/access.log
(nobody,258552,221888,0.0) nginx: cache manager process
(root,2355860,27140,0.0) /usr/lib/snapd/snapd
(nobody,480356,465732,1.5) nginx: worker process
(nobody,480356,465740,0.1) nginx: worker process
(nobody,480356,465652,0.0) nginx: worker process
(nobody,480356,465660,0.0) nginx: worker process
(nobody,480356,465304,0.0) nginx: worker process
(nobody,480356,464392,0.0) nginx: worker process
(nobody,480356,464392,0.0) nginx: worker process
(nobody,480356,464392,0.0) nginx: worker process
(nobody,480356,464392,0.0) nginx: worker process
(nobody,480356,464392,0.0) nginx: worker process
(nobody,480356,461148,0.0) nginx: worker process
(nobody,480356,461148,0.0) nginx: worker process
(nobody,480356,461148,0.0) nginx: worker process
(nobody,480356,461148,0.0) nginx: worker process
(nobody,480356,461148,0.0) nginx: worker process
(nobody,480356,461148,0.0) nginx: worker process
(nobody,480356,461188,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/14:1-events]
(root,0,0,0.0) [kworker/0:1-cgroup_destroy]
(root,0,0,0.0) [kworker/2:0-events]
(root,0,0,0.0) [kworker/12:2-cgroup_destroy]
(root,0,0,0.0) [kworker/10:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/11:1-events]
(nobody,259476,226012,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/5:2-events]
(nobody,477800,424152,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/8:2-cgroup_destroy]
(root,0,0,0.0) [kworker/4:2-events]
(root,0,0,0.0) [kworker/6:0-cgroup_destroy]
(root,0,0,0.0) [kworker/11:0-cgroup_destroy]
(root,0,0,0.0) [kworker/14:2-events]
(root,0,0,0.0) [kworker/13:2-events]
(root,0,0,0.0) [kworker/2:2-events]
(proxy,6176,2168,0.0) (pinger)
(root,0,0,0.0) [kworker/12:1-events]
(root,0,0,0.0) [kworker/1:0]
(root,0,0,0.0) [kworker/0:2-events]
(root,0,0,0.0) [kworker/3:0-events]
(root,0,0,0.0) [kworker/10:0-events]
(root,0,0,0.0) [kworker/15:0]
(root,0,0,0.0) [kworker/4:0-events]
(root,0,0,0.0) [kworker/u32:5-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/3:3-events]
(root,0,0,0.0) [kworker/u32:3-flush-253:0]
(root,0,0,0.0) [kworker/5:0-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:2-flush-253:0]
(root,0,0,0.0) [kworker/13:1-events]
(root,0,0,0.0) [kworker/9:0-events]
(root,0,0,0.0) [kworker/u32:6-events_power_efficient]
(root,0,0,0.0) [kworker/9:1-events]
(root,0,0,0.0) [kworker/7:0]
(root,0,0,0.0) [kworker/9:2-cgroup_destroy]
(root,0,0,0.0) [kworker/9:3]
(root,15432,8952,0.0) sshd: [accepted]
(root,15432,8972,0.0) sshd: [accepted]
(root,15432,9084,0.0) sshd: [accepted]
(root,15432,8792,0.0) sshd: [accepted]
(sshd,15432,5416,0.0) sshd: [net]
(root,15432,8884,0.0) sshd: [accepted]
(root,16440,9960,0.1) sshd: root [priv]
(sshd,15432,5524,0.0) sshd: root [net]
(root,15432,8908,0.0) sshd: [accepted]
(sshd,15432,5412,0.0) sshd: [net]
(root,15432,9100,0.0) sshd: [accepted]
(root,32852,22840,1.0) sshd: root [priv]
(sshd,15432,5388,0.0) sshd: root [net]
(root,16752,10256,0.0) sshd: unknown [priv]
(root,16912,10116,0.0) sshd: unknown [priv]
(root,16912,10256,0.1) sshd: unknown [priv]
(sshd,15432,5364,0.0) sshd: unknown [net]
(sshd,15432,5436,0.0) sshd: unknown [net]
(root,16440,10344,0.6) sshd: root [priv]
(root,16912,10172,0.0) sshd: unknown [priv]
(sshd,15432,5632,0.0) sshd: root [net]
(sshd,15432,5596,0.0) sshd: unknown [net]
(root,15432,8836,0.0) sshd: [accepted]
(sshd,15432,5552,0.0) sshd: [net]
(root,16440,9940,1.0) sshd: root [priv]
(sshd,15432,5552,0.0) sshd: root [net]
(sshd,15432,5388,0.0) sshd: unknown [net]
(root,16752,10160,0.2) sshd: unknown [priv]
(root,16440,10020,1.5) sshd: root [priv]
(sshd,15432,5416,0.0) sshd: root [net]
(sshd,15432,5452,0.0) sshd: unknown [net]
(root,16312,9840,0.3) sshd: root [priv]
(root,15432,8940,0.0) sshd: [accepted]
(root,15432,8964,0.0) sshd: [accepted]
(sshd,15432,5636,0.0) sshd: root [net]
(sshd,15432,5584,0.0) sshd: [net]
(root,16440,9976,3.0) sshd: root [priv]
(sshd,15432,5568,0.0) sshd: root [net]
(root,16912,10284,0.0) sshd: unknown [priv]
(sshd,15432,5568,0.0) sshd: unknown [net]
(root,16440,9860,2.5) sshd: root [priv]
(sshd,15432,5432,0.0) sshd: root [net]
(root,16912,10072,0.5) sshd: unknown [priv]
(sshd,15432,5436,0.0) sshd: unknown [net]
(root,15432,8740,0.0) sshd: [accepted]
(root,4364,3340,0.0) bash
(root,16748,4920,0.0) ipmitool sensor list
(root,3472,1652,0.0) grep -v command failed
(root,3688,1128,0.0) sed -e s/ *| */|/g -e s/ /_/g -e s/_*$// -e s/|/ /g
(root,3472,1720,0.0) grep -E -v ^[^ ]+ na 
(root,3472,1676,0.0) grep -v  discrete 
(root,15432,8936,0.0) sshd: [accepted]
(sshd,15432,5488,0.0) sshd: [net]
(root,7372,3876,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1568,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1092,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,259476,223084,0.0) nginx: cache manager process
(nobody,258716,222124,0.0) nginx: cache manager process
(nobody,259476,222860,0.0) nginx: cache manager process
(nobody,259476,227024,0.0) nginx: cache manager process
(nobody,477948,424432,0.0) nginx: cache manager process
(nobody,258548,222004,0.0) nginx: cache manager process

Found on 2024-11-09 22:35

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca1d53e776

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315568,13600,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5264,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13324,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9472,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13720,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(nobody,259476,234144,0.0) nginx: cache manager process
(infra.mg,17176,8668,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2596,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2548,0.0) su -
(root,8796,3800,0.0) -bash
(root,0,0,0.0) [kworker/3:1-events]
(nobody,259476,228536,0.0) nginx: cache manager process
(custadm+,17172,8620,0.0) /lib/systemd/systemd --user
(custadm+,318416,5532,0.0) (sd-pam)
(root,0,0,0.0) [kworker/14:3-cgroup_destroy]
(root,0,0,0.0) [kworker/6:3-events]
(root,0,0,0.0) [kworker/12:2-events]
(nobody,259476,236572,0.0) nginx: cache manager process
(nobody,259476,229112,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/4:0-events]
(root,0,0,0.0) [kworker/5:1-cgroup_destroy]
(root,0,0,0.0) [kworker/15:2-events]
(nobody,258552,227460,0.0) nginx: cache manager process
(root,259168,237276,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,259948,245484,2.7) nginx: worker process
(nobody,259876,245368,0.4) nginx: worker process
(nobody,259084,244684,0.0) nginx: worker process
(nobody,259476,244996,0.0) nginx: worker process
(nobody,259476,244848,0.0) nginx: worker process
(nobody,259476,244628,0.0) nginx: worker process
(nobody,259476,240064,0.0) nginx: worker process
(nobody,259476,240064,0.0) nginx: worker process
(nobody,259476,240064,0.0) nginx: worker process
(nobody,259476,240064,0.0) nginx: worker process
(nobody,259476,240064,0.0) nginx: worker process
(nobody,259476,240064,0.0) nginx: worker process
(nobody,259476,240064,0.0) nginx: worker process
(nobody,259476,240064,0.0) nginx: worker process
(nobody,259476,240064,0.0) nginx: worker process
(nobody,259476,240064,0.0) nginx: worker process
(nobody,259476,239056,0.0) nginx: cache manager process
(proxy,6068,1756,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/5:3-events]
(root,0,0,0.0) [kworker/10:2-events]
(root,0,0,0.0) [kworker/9:3-events]
(root,0,0,0.0) [kworker/13:1-events]
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3676,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,249388,154040,0.1) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,11396,0.0) /usr/libexec/packagekitd
(root,239612,6156,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5232,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9932,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6048,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,4868,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,6772,0.0) /usr/sbin/ModemManager
(root,11800,6656,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8188,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12676,0.0) /lib/systemd/systemd-resolved
(root,15436,7576,0.1) sshd: /usr/sbin/sshd -D [listener] 18 of 4-100 startups
(root,210344,17284,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,11404,0.0) /usr/sbin/squid --foreground -sYC
(root,0,0,0.0) [kworker/12:1-cgroup_destroy]
(nobody,480048,442988,0.0) nginx: cache manager process
(root,405440,32552,0.7) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(root,0,0,0.0) [kworker/7:1-events]
(root,0,0,0.0) [kworker/2:2-events]
(root,0,0,0.0) [kworker/13:0-cgroup_destroy]
(root,0,0,0.0) [kworker/11:1-events]
(nobody,258552,227424,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/3:0-cgroup_destroy]
(nobody,259476,231668,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/0:2-events]
(root,0,0,0.0) [kworker/14:1-events]
(root,0,0,0.0) [kworker/1:2-events]
(proxy,6176,2100,0.0) (pinger)
(root,0,0,0.0) [kworker/11:0-events]
(proxy,79756,32988,0.0) (squid-1) --kid squid-1 --foreground -sYC
(root,0,0,0.0) [kworker/0:0-events]
(root,0,0,0.0) [kworker/9:1-events]
(root,0,0,0.0) [kworker/7:2-cgroup_destroy]
(root,0,0,0.0) [kworker/2:1-events]
(root,0,0,0.0) [kworker/10:1]
(root,0,0,0.0) [kworker/15:1-events]
(root,0,0,0.0) [kworker/u32:1-events_power_efficient]
(root,0,0,0.0) [kworker/1:0]
(root,0,0,0.0) [kworker/8:0]
(root,0,0,0.0) [kworker/4:1]
(root,0,0,0.0) [kworker/u32:0-flush-253:0]
(root,0,0,0.0) [kworker/u32:3-flush-8:0]
(root,0,0,0.0) [kworker/u32:4-flush-253:0]
(root,0,0,0.0) [kworker/u32:2-flush-253:0]
(root,0,0,0.0) [kworker/6:2-events]
(root,0,0,0.0) [kworker/u32:5]
(root,15432,8796,0.0) sshd: [accepted]
(sshd,15432,5632,0.0) sshd: [net]
(root,15432,8820,0.0) sshd: [accepted]
(root,15432,8796,0.0) sshd: [accepted]
(sshd,15432,5468,0.0) sshd: [net]
(root,15432,8956,0.0) sshd: [accepted]
(sshd,15432,5576,0.0) sshd: [net]
(root,15432,8904,0.0) sshd: [accepted]
(root,15432,9000,0.0) sshd: [accepted]
(sshd,15432,5472,0.0) sshd: [net]
(root,16440,10120,1.2) sshd: root [priv]
(root,16440,10152,1.2) sshd: root [priv]
(sshd,15432,5468,0.0) sshd: root [net]
(root,16440,10252,1.2) sshd: root [priv]
(sshd,15432,5468,0.0) sshd: root [net]
(root,16440,10128,1.1) sshd: root [priv]
(sshd,15432,5436,0.0) sshd: root [net]
(root,16440,10020,1.1) sshd: root [priv]
(sshd,15432,5416,0.0) sshd: root [net]
(root,16440,10088,1.1) sshd: root [priv]
(sshd,15432,5472,0.0) sshd: root [net]
(root,16440,10288,1.5) sshd: root [priv]
(sshd,15432,5464,0.0) sshd: root [net]
(root,16440,10024,1.4) sshd: root [priv]
(sshd,15432,5480,0.0) sshd: root [net]
(root,16440,10012,1.3) sshd: root [priv]
(sshd,15432,5476,0.0) sshd: root [net]
(sshd,15432,5476,0.0) sshd: root [net]
(root,16440,9976,1.2) sshd: root [priv]
(sshd,15432,5616,0.0) sshd: root [net]
(root,15432,8804,0.0) sshd: [accepted]
(sshd,15432,5432,0.0) sshd: [net]
(root,16440,10032,0.0) sshd: root [priv]
(sshd,15432,5400,0.0) sshd: root [net]
(root,7372,3808,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1588,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1104,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,258552,227376,0.0) nginx: cache manager process
(root,2355860,28344,0.0) /usr/lib/snapd/snapd
(nobody,259476,231576,0.0) nginx: cache manager process
(nobody,477800,434744,0.0) nginx: cache manager process
(nobody,259476,228628,0.0) nginx: cache manager process
(nobody,258716,227620,0.0) nginx: cache manager process
(nobody,259476,228424,0.0) nginx: cache manager process
(nobody,259476,232608,0.0) nginx: cache manager process
(nobody,477948,435064,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/8:2-events]
(nobody,258548,227500,0.0) nginx: cache manager process

Found on 2024-11-08 00:08

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca3175f22d

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315568,13636,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5264,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13368,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9476,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13764,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,259168,235740,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,259640,243544,2.7) nginx: worker process
(nobody,259876,244036,0.4) nginx: worker process
(nobody,259476,243488,0.0) nginx: worker process
(nobody,259476,243460,0.0) nginx: worker process
(nobody,259476,243436,0.0) nginx: worker process
(nobody,259476,238756,0.0) nginx: worker process
(nobody,259476,238756,0.0) nginx: worker process
(nobody,259476,238756,0.0) nginx: worker process
(nobody,259476,238756,0.0) nginx: worker process
(nobody,259476,238756,0.0) nginx: worker process
(nobody,259476,238756,0.0) nginx: worker process
(nobody,259476,238756,0.0) nginx: worker process
(nobody,259476,238756,0.0) nginx: worker process
(nobody,259476,238756,0.0) nginx: worker process
(nobody,259476,238756,0.0) nginx: worker process
(nobody,259476,238756,0.0) nginx: worker process
(nobody,259476,237744,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/14:2-events]
(root,0,0,0.0) [kworker/4:1-cgroup_destroy]
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2656,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2556,0.0) su -
(root,8796,3808,0.0) -bash
(root,0,0,0.0) [kworker/3:1-events]
(root,0,0,0.0) [kworker/13:1-cgroup_destroy]
(nobody,259476,231964,0.0) nginx: cache manager process
(custadm+,17172,8660,0.0) /lib/systemd/systemd --user
(custadm+,318416,5544,0.0) (sd-pam)
(root,0,0,0.0) [kworker/9:1-events]
(root,0,0,0.0) [kworker/5:1-events]
(root,0,0,0.0) [kworker/8:0-cgroup_destroy]
(root,0,0,0.0) [kworker/15:1-events]
(proxy,6176,2012,0.0) (pinger)
(root,0,0,0.0) [kworker/7:3-events]
(root,0,0,0.0) [kworker/10:1-cgroup_destroy]
(root,0,0,0.0) [kworker/14:3-events]
(root,0,0,0.0) [kworker/0:1-events]
(root,0,0,0.0) [kworker/11:2]
(root,0,0,0.0) [kworker/0:2-cgroup_destroy]
(root,0,0,0.0) [kworker/2:0]
(root,0,0,0.0) [kworker/6:3-events]
(root,0,0,0.0) [kworker/12:0]
(root,0,0,0.0) [kworker/7:1]
(root,0,0,0.0) [kworker/5:0-cgroup_destroy]
(root,0,0,0.0) [kworker/15:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/12:2-events]
(root,0,0,0.0) [kworker/1:2]
(root,0,0,0.0) [kworker/u32:1-events_power_efficient]
(root,0,0,0.0) [kworker/9:0]
(root,0,0,0.0) [kworker/u32:2-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/u32:3-flush-253:0]
(root,0,0,0.0) [kworker/u32:0-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/u32:4-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/u32:5-poll_megasas2_status]
(root,0,0,0.0) [kworker/0:0]
(root,15432,8888,0.0) sshd: [accepted]
(sshd,15432,5324,0.0) sshd: [net]
(root,15432,8944,0.0) sshd: [accepted]
(root,15432,8724,0.0) sshd: [accepted]
(sshd,15432,5504,0.0) sshd: [net]
(root,15432,8924,0.0) sshd: [accepted]
(sshd,15432,5440,0.0) sshd: [net]
(root,15432,8828,0.0) sshd: [accepted]
(sshd,15432,5608,0.0) sshd: [net]
(root,16912,10436,0.0) sshd: unknown [priv]
(sshd,15432,5592,0.0) sshd: unknown [net]
(root,16752,10456,0.0) sshd: unknown [priv]
(sshd,15432,5420,0.0) sshd: unknown [net]
(root,15432,8792,0.0) sshd: [accepted]
(root,15432,9032,0.0) sshd: [accepted]
(sshd,15432,5540,0.0) sshd: [net]
(sshd,15432,5432,0.0) sshd: [net]
(root,16912,10228,0.0) sshd: unknown [priv]
(root,15432,9032,0.0) sshd: [accepted]
(sshd,15432,5380,0.0) sshd: unknown [net]
(root,15432,8916,0.0) sshd: [accepted]
(sshd,15432,5480,0.0) sshd: [net]
(root,15432,8852,0.0) sshd: [accepted]
(sshd,15432,5616,0.0) sshd: [net]
(root,15432,8880,0.0) sshd: [accepted]
(root,16912,10524,0.3) sshd: unknown [priv]
(sshd,15432,5552,0.0) sshd: unknown [net]
(root,16912,10296,0.0) sshd: unknown [priv]
(sshd,15432,5484,0.0) sshd: unknown [net]
(root,16912,10176,0.0) sshd: unknown [priv]
(sshd,15432,5432,0.0) sshd: unknown [net]
(root,16912,10272,0.0) sshd: unknown [priv]
(sshd,15432,5432,0.0) sshd: unknown [net]
(root,15432,9032,0.0) sshd: [accepted]
(sshd,15432,5400,0.0) sshd: [net]
(root,7372,3816,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1584,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1096,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,259476,232540,0.0) nginx: cache manager process
(nobody,258552,230888,0.0) nginx: cache manager process
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3692,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,122560,44236,0.1) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,11768,0.0) /usr/libexec/packagekitd
(root,239612,6376,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5228,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,10120,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6048,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5044,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,4020,0.0) /usr/sbin/ModemManager
(root,11800,6656,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8228,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12728,0.0) /lib/systemd/systemd-resolved
(root,15436,7588,0.1) sshd: /usr/sbin/sshd -D [listener] 19 of 4-100 startups
(root,210344,17284,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,11416,0.0) /usr/sbin/squid --foreground -sYC
(nobody,480048,449872,0.0) nginx: cache manager process
(root,405440,32144,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(nobody,258552,230852,0.0) nginx: cache manager process
(nobody,259476,235236,0.0) nginx: cache manager process
(proxy,79820,32900,0.0) (squid-1) --kid squid-1 --foreground -sYC
(proxy,6068,1396,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/2:3-events]
(nobody,258552,230800,0.0) nginx: cache manager process
(root,2355860,28444,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/11:0-mm_percpu_wq]
(nobody,259476,235080,0.0) nginx: cache manager process
(nobody,477800,441520,0.0) nginx: cache manager process
(nobody,259476,232092,0.0) nginx: cache manager process
(nobody,258716,231060,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/1:0-events]
(root,0,0,0.0) [kworker/10:2-events]
(nobody,259476,231884,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/3:0-cgroup_destroy]
(nobody,259476,236184,0.0) nginx: cache manager process
(nobody,477948,441880,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/6:1-cgroup_destroy]
(root,0,0,0.0) [kworker/4:2-events]
(root,0,0,0.0) [kworker/13:0-events]
(root,0,0,0.0) [kworker/8:2-events]
(nobody,258548,230924,0.0) nginx: cache manager process

Found on 2024-11-06 00:12

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320cadefb8c27

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315568,13636,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5264,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13388,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9476,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13772,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2708,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2556,0.0) su -
(root,8796,3808,0.0) -bash
(nobody,259476,236316,0.0) nginx: cache manager process
(custadm+,17172,8660,0.0) /lib/systemd/systemd --user
(custadm+,318416,5544,0.0) (sd-pam)
(nobody,259476,236904,0.0) nginx: cache manager process
(nobody,258552,235232,0.0) nginx: cache manager process
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3692,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,118500,49224,0.1) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,11952,0.0) /usr/libexec/packagekitd
(root,239612,6460,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5236,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,10228,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6048,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5088,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,4444,0.0) /usr/sbin/ModemManager
(root,11800,6656,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8228,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12728,0.0) /lib/systemd/systemd-resolved
(root,15436,7588,0.1) sshd: /usr/sbin/sshd -D [listener] 16 of 4-100 startups
(root,210344,17304,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,11432,0.0) /usr/sbin/squid --foreground -sYC
(nobody,480048,458372,0.0) nginx: cache manager process
(root,405440,33140,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(nobody,258552,235208,0.0) nginx: cache manager process
(nobody,259476,239612,0.0) nginx: cache manager process
(proxy,79756,32776,0.0) (squid-1) --kid squid-1 --foreground -sYC
(proxy,6068,1408,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/5:2-cgroup_destroy]
(root,0,0,0.0) [kworker/13:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/2:3-events]
(nobody,258552,235188,0.0) nginx: cache manager process
(root,2355860,31668,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/10:0-events]
(root,0,0,0.0) [kworker/15:2-events]
(root,0,0,0.0) [kworker/4:1-events]
(root,0,0,0.0) [kworker/11:0-events]
(root,0,0,0.0) [kworker/14:2-events]
(root,259168,237532,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,259860,245648,1.7) nginx: worker process
(nobody,259868,245584,0.2) nginx: worker process
(nobody,259728,245352,0.0) nginx: worker process
(nobody,259476,245124,0.0) nginx: worker process
(nobody,259476,242964,0.0) nginx: worker process
(nobody,259476,245072,0.0) nginx: worker process
(nobody,259476,245072,0.0) nginx: worker process
(nobody,259476,243804,0.0) nginx: worker process
(nobody,259476,243800,0.0) nginx: worker process
(nobody,259476,242780,0.0) nginx: worker process
(nobody,259476,242892,0.0) nginx: worker process
(nobody,259476,240472,0.0) nginx: worker process
(nobody,259476,240472,0.0) nginx: worker process
(nobody,259476,240472,0.0) nginx: worker process
(nobody,259476,240472,0.0) nginx: worker process
(nobody,259476,240472,0.0) nginx: worker process
(nobody,259476,239444,0.0) nginx: cache manager process
(nobody,477800,449892,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/8:2-cgroup_destroy]
(root,0,0,0.0) [kworker/3:1-cgroup_destroy]
(root,0,0,0.0) [kworker/7:3-events]
(root,0,0,0.0) [kworker/6:0-events]
(nobody,259476,236452,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/9:2-cgroup_destroy]
(root,0,0,0.0) [kworker/15:0-cgroup_destroy]
(nobody,258716,235412,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/9:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/13:1-cgroup_destroy]
(root,0,0,0.0) [kworker/1:0-events]
(root,0,0,0.0) [kworker/0:2-events_freezable]
(root,0,0,0.0) [kworker/10:2-events]
(root,0,0,0.0) [kworker/11:2]
(nobody,259476,236248,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/12:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/3:0-mm_percpu_wq]
(proxy,6176,2172,0.0) (pinger)
(root,0,0,0.0) [kworker/0:0-cgroup_destroy]
(root,0,0,0.0) [kworker/1:1-events]
(root,0,0,0.0) [kworker/7:1]
(root,0,0,0.0) [kworker/8:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/5:0-events]
(root,0,0,0.0) [kworker/12:1-cgroup_destroy]
(root,0,0,0.0) [kworker/4:0]
(root,0,0,0.0) [kworker/u32:5-flush-8:0]
(root,0,0,0.0) [kworker/u32:2-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/2:2-events]
(root,0,0,0.0) [kworker/14:3]
(root,0,0,0.0) [kworker/u32:1-events_power_efficient]
(root,0,0,0.0) [kworker/6:3-mm_percpu_wq]
(root,0,0,0.0) [kworker/u32:0-flush-8:0]
(root,0,0,0.0) [kworker/u32:3-events_power_efficient]
(root,0,0,0.0) [kworker/3:2-cgroup_destroy]
(root,0,0,0.0) [kworker/3:3]
(root,15432,8784,0.0) sshd: [accepted]
(sshd,15432,5568,0.0) sshd: [net]
(root,15432,8892,0.0) sshd: [accepted]
(root,16912,10272,0.0) sshd: unknown [priv]
(sshd,15432,5400,0.0) sshd: unknown [net]
(root,16912,10340,0.0) sshd: unknown [priv]
(sshd,15432,5376,0.0) sshd: unknown [net]
(root,15432,8900,0.0) sshd: [accepted]
(root,16440,10032,1.8) sshd: root [priv]
(sshd,15432,5388,0.0) sshd: root [net]
(root,16440,9972,1.8) sshd: root [priv]
(sshd,15432,5548,0.0) sshd: root [net]
(root,16440,10068,1.5) sshd: root [priv]
(sshd,15432,5512,0.0) sshd: root [net]
(root,15432,8920,0.0) sshd: [accepted]
(root,16440,10128,1.4) sshd: root [priv]
(sshd,15432,5484,0.0) sshd: root [net]
(sshd,15432,5368,0.0) sshd: [net]
(root,16440,10108,2.4) sshd: root [priv]
(sshd,15432,5416,0.0) sshd: root [net]
(root,15432,8804,0.0) sshd: [accepted]
(sshd,15432,5448,0.0) sshd: [net]
(root,16912,10196,0.0) sshd: unknown [priv]
(sshd,15432,5624,0.0) sshd: unknown [net]
(root,16912,10116,0.0) sshd: unknown [priv]
(sshd,15432,5496,0.0) sshd: unknown [net]
(root,15432,8896,0.0) sshd: [accepted]
(root,15432,8828,0.0) sshd: [accepted]
(sshd,15432,5412,0.0) sshd: [net]
(root,7372,3760,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1556,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1128,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,477948,450284,0.0) nginx: cache manager process
(nobody,258548,235276,0.0) nginx: cache manager process

Found on 2024-11-03 23:42

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca3bd78635

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315504,13632,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5264,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13392,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9476,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13780,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2728,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2556,0.0) su -
(root,8796,3808,0.0) -bash
(root,0,0,0.0) [kworker/12:3-events]
(nobody,259476,238008,0.0) nginx: cache manager process
(custadm+,17172,8660,0.0) /lib/systemd/systemd --user
(custadm+,318416,5544,0.0) (sd-pam)
(root,0,0,0.0) [kworker/13:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/14:0-events]
(root,0,0,0.0) [kworker/15:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/4:0-cgroup_destroy]
(root,0,0,0.0) [kworker/0:0-events]
(root,0,0,0.0) [kworker/12:0-cgroup_destroy]
(nobody,259476,238556,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/2:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/11:0-events]
(root,0,0,0.0) [kworker/8:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/5:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/10:0-events]
(root,0,0,0.0) [kworker/15:0-cgroup_destroy]
(root,0,0,0.0) [kworker/6:1-cgroup_destroy]
(root,0,0,0.0) [kworker/3:2-cgroup_destroy]
(root,0,0,0.0) [kworker/0:1-cgroup_destroy]
(root,0,0,0.0) [kworker/5:2-cgroup_destroy]
(root,0,0,0.0) [kworker/1:1-cgroup_destroy]
(root,0,0,0.0) [kworker/10:1-events]
(proxy,6176,1968,0.0) (pinger)
(root,0,0,0.0) [kworker/13:0-cgroup_destroy]
(root,0,0,0.0) [kworker/8:1-cgroup_destroy]
(nobody,258552,236896,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/7:0-cgroup_destroy]
(root,0,0,0.0) [kworker/2:2-events]
(root,0,0,0.0) [kworker/4:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/7:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/14:1]
(root,0,0,0.0) [kworker/u32:2-writeback]
(root,0,0,0.0) [kworker/u32:4-events_power_efficient]
(root,0,0,0.0) [kworker/11:1]
(root,259168,238944,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,259476,246424,0.1) nginx: worker process
(nobody,259476,245804,0.0) nginx: worker process
(nobody,259476,241748,0.0) nginx: worker process
(nobody,259476,241748,0.0) nginx: worker process
(nobody,259476,241748,0.0) nginx: worker process
(nobody,259476,241748,0.0) nginx: worker process
(nobody,259476,241748,0.0) nginx: worker process
(nobody,259476,241748,0.0) nginx: worker process
(nobody,259476,241748,0.0) nginx: worker process
(nobody,259476,241748,0.0) nginx: worker process
(nobody,259476,241748,0.0) nginx: worker process
(nobody,259476,241748,0.0) nginx: worker process
(nobody,259476,241748,0.0) nginx: worker process
(nobody,259476,241748,0.0) nginx: worker process
(nobody,259476,241748,0.0) nginx: worker process
(nobody,259476,241748,0.0) nginx: worker process
(nobody,259476,240748,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/u32:5-events_unbound]
(root,0,0,0.0) [kworker/9:0]
(root,0,0,0.0) [kworker/u32:0-ext4-rsv-conversion]
(root,15432,8992,0.0) sshd: [accepted]
(root,15432,8872,0.0) sshd: [accepted]
(root,15432,9000,0.0) sshd: [accepted]
(root,15432,8784,0.0) sshd: [accepted]
(root,15432,8896,0.0) sshd: [accepted]
(root,16912,10472,0.0) sshd: unknown [priv]
(sshd,15432,5524,0.0) sshd: unknown [net]
(root,16912,10188,0.2) sshd: unknown [priv]
(sshd,15432,5468,0.0) sshd: unknown [net]
(root,16912,10292,0.0) sshd: unknown [priv]
(sshd,15432,5524,0.0) sshd: unknown [net]
(root,16912,10292,0.3) sshd: unknown [priv]
(sshd,15432,5576,0.0) sshd: unknown [net]
(root,16440,10056,2.3) sshd: root [priv]
(sshd,15432,5560,0.0) sshd: root [net]
(root,16912,10120,0.0) sshd: unknown [priv]
(sshd,15432,5576,0.0) sshd: unknown [net]
(root,16912,10064,0.5) sshd: unknown [priv]
(sshd,15432,5588,0.0) sshd: unknown [net]
(root,15432,8964,0.5) sshd: [accepted]
(sshd,15432,5544,0.0) sshd: [net]
(root,16912,10052,1.0) sshd: unknown [priv]
(sshd,15432,5536,0.0) sshd: unknown [net]
(root,15432,8980,0.0) sshd: [accepted]
(sshd,15432,5564,0.0) sshd: [net]
(root,15432,8956,0.0) sshd: [accepted]
(sshd,15432,5468,0.0) sshd: [net]
(root,7372,3848,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1572,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1064,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3692,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,114360,50812,0.1) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,12108,0.0) /usr/libexec/packagekitd
(root,239612,6460,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5292,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,10256,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6048,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5088,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,4668,0.0) /usr/sbin/ModemManager
(root,11800,6668,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8228,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12728,0.0) /lib/systemd/systemd-resolved
(root,15436,7588,0.1) sshd: /usr/sbin/sshd -D [listener] 16 of 4-100 startups
(root,210344,17304,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,11432,0.0) /usr/sbin/squid --foreground -sYC
(root,405440,33140,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(nobody,258552,236876,0.0) nginx: cache manager process
(proxy,79756,32776,0.0) (squid-1) --kid squid-1 --foreground -sYC
(proxy,6068,1408,0.0) (logfile-daemon) /var/log/squid/access.log
(nobody,258552,236852,0.0) nginx: cache manager process
(root,2355860,30788,0.0) /usr/lib/snapd/snapd
(nobody,477800,453192,0.0) nginx: cache manager process
(nobody,259476,238132,0.0) nginx: cache manager process
(nobody,258716,237080,0.0) nginx: cache manager process
(nobody,259476,237948,0.0) nginx: cache manager process
(nobody,477948,453536,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/3:0-events]
(root,0,0,0.0) [kworker/9:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/1:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/6:0-events]
(nobody,258548,236940,0.0) nginx: cache manager process

Found on 2024-10-30 00:36

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca23514dda

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315504,13632,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5264,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13400,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9476,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13788,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,0,0,0.0) [kworker/1:3-cgroup_destroy]
(root,0,0,0.0) [kworker/4:1-cgroup_destroy]
(root,0,0,0.0) [kworker/8:2-cgroup_destroy]
(root,0,0,0.0) [kworker/5:1]
(root,0,0,0.0) [kworker/11:1-mm_percpu_wq]
(proxy,6176,2176,0.0) (pinger)
(root,0,0,0.0) [kworker/3:2-cgroup_destroy]
(root,0,0,0.0) [kworker/11:2-cgroup_destroy]
(root,0,0,0.0) [kworker/8:0-mm_percpu_wq]
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2744,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2556,0.0) su -
(root,8796,3808,0.0) -bash
(root,0,0,0.0) [kworker/10:2-events]
(root,0,0,0.0) [kworker/12:3-mm_percpu_wq]
(root,0,0,0.0) [kworker/2:1-events]
(root,0,0,0.0) [kworker/2:2-events]
(root,0,0,0.0) [kworker/7:0-events]
(root,0,0,0.0) [kworker/u32:3-flush-253:0]
(root,0,0,0.0) [kworker/u32:2-flush-253:0]
(root,0,0,0.0) [kworker/9:1-events]
(root,0,0,0.0) [kworker/13:2]
(root,0,0,0.0) [kworker/u32:0-flush-253:0]
(root,0,0,0.0) [kworker/u32:1-events_power_efficient]
(root,0,0,0.0) [kworker/3:1-cgroup_destroy]
(root,0,0,0.0) [kworker/3:3]
(root,15432,8684,0.0) sshd: [accepted]
(root,15432,8860,0.0) sshd: [accepted]
(root,16912,10384,0.0) sshd: unknown [priv]
(sshd,15432,5504,0.0) sshd: unknown [net]
(root,15432,9012,0.0) sshd: [accepted]
(sshd,15432,5568,0.0) sshd: [net]
(root,15432,8980,0.0) sshd: [accepted]
(root,15432,8860,0.0) sshd: [accepted]
(root,15432,8796,0.0) sshd: [accepted]
(sshd,15432,5588,0.0) sshd: [net]
(root,15432,8712,0.0) sshd: [accepted]
(root,15432,8876,0.0) sshd: [accepted]
(root,15432,8900,0.0) sshd: [accepted]
(root,15432,8784,0.0) sshd: [accepted]
(sshd,15432,5552,0.0) sshd: [net]
(sshd,15432,5344,0.0) sshd: [net]
(root,16912,10536,0.2) sshd: unknown [priv]
(root,16912,10320,0.2) sshd: unknown [priv]
(sshd,15432,5496,0.0) sshd: unknown [net]
(sshd,15432,5468,0.0) sshd: unknown [net]
(root,16912,10144,0.0) sshd: unknown [priv]
(sshd,15432,5432,0.0) sshd: unknown [net]
(root,15432,9024,0.0) sshd: [accepted]
(root,7372,3724,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1600,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1108,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(custadm+,17172,8660,0.0) /lib/systemd/systemd --user
(custadm+,318416,5544,0.0) (sd-pam)
(nobody,258552,239660,0.0) nginx: cache manager process
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3692,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,138944,59516,0.1) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,12120,0.0) /usr/libexec/packagekitd
(root,239612,6460,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5292,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,10276,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6048,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5088,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5004,0.0) /usr/sbin/ModemManager
(root,11800,6668,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8228,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12728,0.0) /lib/systemd/systemd-resolved
(root,15436,8312,0.1) sshd: /usr/sbin/sshd -D [listener] 15 of 4-100 startups
(root,210344,17308,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,11520,0.0) /usr/sbin/squid --foreground -sYC
(root,405440,32604,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(nobody,258552,239632,0.0) nginx: cache manager process
(proxy,79564,34200,0.0) (squid-1) --kid squid-1 --foreground -sYC
(proxy,6068,1696,0.0) (logfile-daemon) /var/log/squid/access.log
(nobody,258552,239612,0.0) nginx: cache manager process
(root,2355860,30848,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/14:1-events]
(nobody,477800,458160,0.0) nginx: cache manager process
(nobody,259476,240912,0.0) nginx: cache manager process
(nobody,258716,239856,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/0:1-events]
(root,0,0,0.0) [kworker/4:2-events]
(root,259168,239028,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,259612,246540,1.5) nginx: worker process
(nobody,259596,246676,0.2) nginx: worker process
(nobody,259876,246720,0.0) nginx: worker process
(nobody,259476,246476,0.0) nginx: worker process
(nobody,259476,245760,0.0) nginx: worker process
(nobody,259476,244628,0.0) nginx: worker process
(nobody,259476,245220,0.0) nginx: worker process
(nobody,259476,241836,0.0) nginx: worker process
(nobody,259476,241836,0.0) nginx: worker process
(nobody,259476,241836,0.0) nginx: worker process
(nobody,259476,241836,0.0) nginx: worker process
(nobody,259476,241836,0.0) nginx: worker process
(nobody,259476,241836,0.0) nginx: worker process
(nobody,259476,241836,0.0) nginx: worker process
(nobody,259476,241836,0.0) nginx: worker process
(nobody,259476,241836,0.0) nginx: worker process
(nobody,259476,240820,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/12:1-events]
(root,0,0,0.0) [kworker/5:0-mm_percpu_wq]
(nobody,477948,458672,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/14:2-cgroup_destroy]
(root,0,0,0.0) [kworker/6:3-cgroup_destroy]
(root,0,0,0.0) [kworker/0:0-events]
(root,0,0,0.0) [kworker/3:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/13:1-events]
(root,0,0,0.0) [kworker/9:2-events]
(root,0,0,0.0) [kworker/10:1-cgroup_destroy]
(root,0,0,0.0) [kworker/1:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/6:0-mm_percpu_wq]
(nobody,258548,239688,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/15:1-cgroup_destroy]
(root,0,0,0.0) [kworker/15:0-events]
(root,0,0,0.0) [kworker/7:3-events]

Found on 2024-10-27 22:14

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320cacc0f4e40

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315504,13632,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5264,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13400,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9476,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13788,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2744,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2556,0.0) su -
(root,8796,3808,0.0) -bash
(custadm+,17172,8660,0.0) /lib/systemd/systemd --user
(custadm+,318416,5544,0.0) (sd-pam)
(nobody,258552,239660,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/6:0-cgroup_destroy]
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3692,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,183824,87524,0.1) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,12120,0.0) /usr/libexec/packagekitd
(root,239612,6460,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5300,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,10276,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6048,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5088,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5004,0.0) /usr/sbin/ModemManager
(root,11800,6668,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8228,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12728,0.0) /lib/systemd/systemd-resolved
(root,15436,8312,0.1) sshd: /usr/sbin/sshd -D [listener] 18 of 4-100 startups
(root,210344,17308,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,11520,0.0) /usr/sbin/squid --foreground -sYC
(root,405440,32268,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(nobody,258552,239632,0.0) nginx: cache manager process
(proxy,79564,34180,0.0) (squid-1) --kid squid-1 --foreground -sYC
(proxy,6068,1696,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/10:2-events]
(nobody,258552,239612,0.0) nginx: cache manager process
(root,2355860,30924,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/14:1-events]
(root,0,0,0.0) [kworker/5:1-events]
(root,0,0,0.0) [kworker/3:2-events]
(root,0,0,0.0) [kworker/12:1-events]
(root,0,0,0.0) [kworker/11:0-events]
(nobody,477800,458160,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/4:0-events]
(root,0,0,0.0) [kworker/13:0-cgroup_destroy]
(root,0,0,0.0) [kworker/8:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/12:0-cgroup_destroy]
(root,0,0,0.0) [kworker/9:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/15:0-mm_percpu_wq]
(root,259168,238972,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,259604,246740,0.2) nginx: worker process
(nobody,260124,246948,1.8) nginx: worker process
(nobody,259476,246508,0.0) nginx: worker process
(nobody,259476,246508,0.0) nginx: worker process
(nobody,259476,246468,0.0) nginx: worker process
(nobody,259476,245180,0.0) nginx: worker process
(nobody,259476,245180,0.0) nginx: worker process
(nobody,259476,245180,0.0) nginx: worker process
(nobody,259476,244732,0.0) nginx: worker process
(nobody,259476,244732,0.0) nginx: worker process
(nobody,259476,244732,0.0) nginx: worker process
(nobody,259476,244732,0.0) nginx: worker process
(nobody,259476,244732,0.0) nginx: worker process
(nobody,259476,244732,0.0) nginx: worker process
(nobody,259476,241940,0.0) nginx: worker process
(nobody,259476,241940,0.0) nginx: worker process
(nobody,259476,240912,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/6:1-events]
(nobody,258716,239856,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/3:3-events]
(root,0,0,0.0) [kworker/0:1-events]
(root,0,0,0.0) [kworker/7:1-events]
(root,0,0,0.0) [kworker/5:0-cgroup_destroy]
(root,0,0,0.0) [kworker/9:3-events]
(proxy,6176,2160,0.0) (pinger)
(root,0,0,0.0) [kworker/11:2-events]
(root,0,0,0.0) [kworker/2:0-cgroup_destroy]
(root,0,0,0.0) [kworker/14:2-cgroup_destroy]
(root,0,0,0.0) [kworker/4:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/15:1]
(root,0,0,0.0) [kworker/13:2-events]
(root,0,0,0.0) [kworker/10:0-cgroup_destroy]
(root,0,0,0.0) [kworker/1:1-events]
(root,0,0,0.0) [kworker/2:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/1:0]
(root,0,0,0.0) [kworker/7:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/8:1-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:1-flush-253:0]
(root,0,0,0.0) [kworker/0:3-mm_percpu_wq]
(root,0,0,0.0) [kworker/u32:3-events_power_efficient]
(root,0,0,0.0) [kworker/u32:0-writeback]
(root,15432,9044,0.0) sshd: [accepted]
(root,15432,8780,0.0) sshd: [accepted]
(root,15432,8744,0.0) sshd: [accepted]
(root,15432,8912,0.0) sshd: [accepted]
(root,15432,8884,0.0) sshd: [accepted]
(root,15432,8912,0.0) sshd: [accepted]
(root,15432,8784,0.0) sshd: [accepted]
(sshd,15432,5496,0.0) sshd: [net]
(root,15432,8932,0.0) sshd: [accepted]
(root,15432,8888,0.0) sshd: [accepted]
(root,0,0,0.0) [kworker/u32:2-ext4-rsv-conversion]
(root,15432,8948,0.0) sshd: [accepted]
(root,15432,8912,0.0) sshd: [accepted]
(root,15432,8976,0.0) sshd: [accepted]
(root,15432,8856,0.0) sshd: [accepted]
(root,16912,10140,0.3) sshd: unknown [priv]
(sshd,15432,5596,0.0) sshd: unknown [net]
(root,16912,10120,0.5) sshd: unknown [priv]
(sshd,15432,5516,0.0) sshd: unknown [net]
(root,15432,9096,0.0) sshd: [accepted]
(sshd,15432,5428,0.0) sshd: [net]
(root,15432,8916,0.0) sshd: [accepted]
(sshd,15432,5420,0.0) sshd: [net]
(root,15432,8804,0.0) sshd: [accepted]
(sshd,15432,5584,0.0) sshd: [net]
(root,7372,3864,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1584,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1128,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,477948,458672,0.0) nginx: cache manager process
(nobody,258548,239688,0.0) nginx: cache manager process

Found on 2024-10-25 23:36

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca19b72a3a

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315504,13632,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5264,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13400,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9476,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13788,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2744,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2556,0.0) su -
(root,8796,3808,0.0) -bash
(custadm+,17172,8660,0.0) /lib/systemd/systemd --user
(custadm+,318416,5544,0.0) (sd-pam)
(nobody,258552,239968,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/6:0-events]
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3692,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,220632,140284,0.1) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,12160,0.0) /usr/libexec/packagekitd
(root,239612,6460,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5456,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,10296,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6048,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5088,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5176,0.0) /usr/sbin/ModemManager
(root,11800,6668,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8228,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12728,0.0) /lib/systemd/systemd-resolved
(root,15436,8312,0.1) sshd: /usr/sbin/sshd -D [listener] 14 of 4-100 startups
(root,210344,17308,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,11520,0.0) /usr/sbin/squid --foreground -sYC
(root,405440,32952,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(nobody,258552,239932,0.0) nginx: cache manager process
(proxy,79564,36176,0.0) (squid-1) --kid squid-1 --foreground -sYC
(proxy,6068,1936,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/2:0-events]
(root,0,0,0.0) [kworker/11:3-events]
(root,0,0,0.0) [kworker/5:0-events]
(root,0,0,0.0) [kworker/9:3-mm_percpu_wq]
(root,0,0,0.0) [kworker/10:2-events]
(root,0,0,0.0) [kworker/12:0-events]
(root,258244,238020,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,258952,245896,1.2) nginx: worker process
(nobody,258952,245984,1.0) nginx: worker process
(nobody,258552,245600,0.0) nginx: worker process
(nobody,258552,245564,0.0) nginx: worker process
(nobody,258552,244972,0.0) nginx: worker process
(nobody,258552,244972,0.0) nginx: worker process
(nobody,258552,244780,0.0) nginx: worker process
(nobody,258552,244780,0.0) nginx: worker process
(nobody,258552,244524,0.0) nginx: worker process
(nobody,258552,244524,0.0) nginx: worker process
(nobody,258552,244524,0.0) nginx: worker process
(nobody,258552,244524,0.0) nginx: worker process
(nobody,258552,244524,0.0) nginx: worker process
(nobody,258552,244524,0.0) nginx: worker process
(nobody,258552,241016,0.0) nginx: worker process
(nobody,258552,241016,0.0) nginx: worker process
(nobody,258552,239924,0.0) nginx: cache manager process
(root,2355860,31092,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/4:2-events]
(root,0,0,0.0) [kworker/13:2-events]
(root,0,0,0.0) [kworker/4:3-cgroup_destroy]
(root,0,0,0.0) [kworker/8:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/15:1-events]
(root,0,0,0.0) [kworker/0:2-events_freezable]
(root,0,0,0.0) [kworker/3:1-events]
(root,0,0,0.0) [kworker/14:1-events]
(root,0,0,0.0) [kworker/6:1-events]
(root,0,0,0.0) [kworker/15:3-cgroup_destroy]
(root,0,0,0.0) [kworker/13:1]
(root,0,0,0.0) [kworker/11:1-cgroup_destroy]
(proxy,6176,2172,0.0) (pinger)
(root,0,0,0.0) [kworker/2:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/14:0-cgroup_destroy]
(root,0,0,0.0) [kworker/7:1-events]
(root,0,0,0.0) [kworker/5:1-events]
(root,0,0,0.0) [kworker/1:1-events]
(root,0,0,0.0) [kworker/0:1-cgroup_destroy]
(root,0,0,0.0) [kworker/8:1-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:0-events_power_efficient]
(root,0,0,0.0) [kworker/10:1-cgroup_destroy]
(root,0,0,0.0) [kworker/7:2-events]
(root,0,0,0.0) [kworker/12:2]
(root,0,0,0.0) [kworker/9:0]
(root,0,0,0.0) [kworker/1:2-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:2-events_power_efficient]
(root,0,0,0.0) [kworker/3:2-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:1-events_power_efficient]
(root,0,0,0.0) [kworker/3:0-cgroup_destroy]
(root,0,0,0.0) [kworker/3:3]
(root,15432,8796,0.0) sshd: [accepted]
(root,15432,8904,0.0) sshd: [accepted]
(root,15432,8768,0.0) sshd: [accepted]
(root,15432,8900,0.0) sshd: [accepted]
(root,15432,8920,0.0) sshd: [accepted]
(root,15432,8680,0.0) sshd: [accepted]
(root,15432,8896,0.0) sshd: [accepted]
(root,15432,8836,0.0) sshd: [accepted]
(root,15432,8824,0.0) sshd: [accepted]
(root,15432,9004,0.0) sshd: [accepted]
(root,16912,10208,0.0) sshd: unknown [priv]
(root,15432,8924,0.0) sshd: [accepted]
(sshd,15432,5436,0.0) sshd: unknown [net]
(root,16912,10204,0.0) sshd: unknown [priv]
(sshd,15432,5372,0.0) sshd: unknown [net]
(root,16912,10236,0.0) sshd: unknown [priv]
(sshd,15432,5520,0.0) sshd: unknown [net]
(root,7372,3788,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1564,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1104,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,258716,240160,0.0) nginx: cache manager process
(nobody,477948,459240,0.0) nginx: cache manager process
(nobody,258548,239988,0.0) nginx: cache manager process

Found on 2024-10-23 23:43

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca0ad46766

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315480,13620,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5264,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13400,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9476,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13788,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,0,0,0.0) [kworker/9:2-mm_percpu_wq]
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2744,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2556,0.0) su -
(root,8796,3808,0.0) -bash
(root,0,0,0.0) [kworker/1:0-events]
(custadm+,17172,8660,0.0) /lib/systemd/systemd --user
(custadm+,318416,5544,0.0) (sd-pam)
(root,0,0,0.0) [kworker/7:2-events]
(root,0,0,0.0) [kworker/3:2-events]
(root,0,0,0.0) [kworker/13:0-events]
(root,0,0,0.0) [kworker/5:2-events]
(root,258244,238040,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,258952,246028,2.6) nginx: worker process
(nobody,258952,246112,0.3) nginx: worker process
(nobody,258552,245692,0.0) nginx: worker process
(nobody,258552,245692,0.0) nginx: worker process
(nobody,258552,244724,0.0) nginx: worker process
(nobody,258552,244724,0.0) nginx: worker process
(nobody,258552,244660,0.0) nginx: worker process
(nobody,258552,244660,0.0) nginx: worker process
(nobody,258552,243708,0.0) nginx: worker process
(nobody,258552,241052,0.0) nginx: worker process
(nobody,258552,241052,0.0) nginx: worker process
(nobody,258552,241052,0.0) nginx: worker process
(nobody,258552,241052,0.0) nginx: worker process
(nobody,258552,241052,0.0) nginx: worker process
(nobody,258552,241052,0.0) nginx: worker process
(nobody,258552,241052,0.0) nginx: worker process
(nobody,258552,239968,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/12:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/10:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/0:0-events]
(root,0,0,0.0) [kworker/8:0-events]
(root,0,0,0.0) [kworker/6:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/11:1-events]
(root,0,0,0.0) [kworker/13:2]
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3692,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,163268,89052,0.1) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,12160,0.0) /usr/libexec/packagekitd
(root,239612,6460,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5464,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,10296,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6048,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5088,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5176,0.0) /usr/sbin/ModemManager
(root,11800,6668,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8228,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12728,0.0) /lib/systemd/systemd-resolved
(root,15436,8312,0.1) sshd: /usr/sbin/sshd -D [listener] 15 of 4-100 startups
(root,210344,17308,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,11520,0.0) /usr/sbin/squid --foreground -sYC
(root,0,0,0.0) [kworker/2:2-events]
(root,404416,32288,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(root,0,0,0.0) [kworker/15:1-events]
(root,0,0,0.0) [kworker/14:2-events]
(root,0,0,0.0) [kworker/12:0-cgroup_destroy]
(root,0,0,0.0) [kworker/15:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/1:1]
(proxy,6176,2176,0.0) (pinger)
(root,0,0,0.0) [kworker/3:0-cgroup_destroy]
(root,0,0,0.0) [kworker/14:3-cgroup_destroy]
(root,0,0,0.0) [kworker/8:2-cgroup_destroy]
(root,0,0,0.0) [kworker/7:0-cgroup_destroy]
(root,0,0,0.0) [kworker/5:0-cgroup_destroy]
(root,0,0,0.0) [kworker/6:1-events]
(root,0,0,0.0) [kworker/10:0-cgroup_destroy]
(root,0,0,0.0) [kworker/4:2-events]
(root,0,0,0.0) [kworker/11:0]
(root,0,0,0.0) [kworker/9:1-events]
(root,0,0,0.0) [kworker/u32:3-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/4:1-events]
(root,0,0,0.0) [kworker/2:1-cgroup_destroy]
(root,0,0,0.0) [kworker/0:2-events_freezable]
(root,0,0,0.0) [kworker/u32:4-flush-253:0]
(root,0,0,0.0) [kworker/u32:1-events_power_efficient]
(root,0,0,0.0) [kworker/u32:5-flush-253:0]
(root,0,0,0.0) [kworker/u32:6-events_power_efficient]
(root,15432,9024,0.0) sshd: [accepted]
(root,15432,8860,0.0) sshd: [accepted]
(root,15432,8872,0.0) sshd: [accepted]
(root,15432,9016,0.0) sshd: [accepted]
(root,15432,8804,0.0) sshd: [accepted]
(sshd,15432,5516,0.0) sshd: [net]
(root,15432,8912,0.0) sshd: [accepted]
(root,15432,8804,0.0) sshd: [accepted]
(sshd,15432,5496,0.0) sshd: [net]
(root,15432,8892,0.0) sshd: [accepted]
(root,16912,10344,0.2) sshd: unknown [priv]
(sshd,15432,5532,0.0) sshd: unknown [net]
(root,16912,10088,0.2) sshd: unknown [priv]
(sshd,15432,5468,0.0) sshd: unknown [net]
(root,16912,10124,0.2) sshd: unknown [priv]
(sshd,15432,5396,0.0) sshd: unknown [net]
(root,16912,10104,0.0) sshd: unknown [priv]
(sshd,15432,5428,0.0) sshd: unknown [net]
(root,16912,10108,0.5) sshd: unknown [priv]
(sshd,15432,5440,0.0) sshd: unknown [net]
(root,16912,10228,0.0) sshd: unknown [priv]
(sshd,15432,5604,0.0) sshd: unknown [net]
(root,15432,8980,0.0) sshd: [accepted]
(sshd,15432,5452,0.0) sshd: [net]
(root,7372,3824,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1588,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1124,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(proxy,79564,36040,0.0) (squid-1) --kid squid-1 --foreground -sYC
(proxy,6068,1936,0.0) (logfile-daemon) /var/log/squid/access.log
(root,2355860,31352,0.0) /usr/lib/snapd/snapd
(nobody,258716,240160,0.0) nginx: cache manager process
(nobody,477948,459240,0.0) nginx: cache manager process
(nobody,258548,239988,0.0) nginx: cache manager process

Found on 2024-10-21 23:36

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca73c8d941

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315496,13620,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5264,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13400,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9476,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13788,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,0,0,0.0) [kworker/9:2-events]
(root,0,0,0.0) [kworker/3:1-events]
(root,0,0,0.0) [kworker/6:1-mm_percpu_wq]
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2744,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2556,0.0) su -
(root,8796,3808,0.0) -bash
(root,0,0,0.0) [kworker/1:0-events]
(root,0,0,0.0) [kworker/14:1-events]
(custadm+,17172,8660,0.0) /lib/systemd/systemd --user
(custadm+,318416,5544,0.0) (sd-pam)
(root,0,0,0.0) [kworker/0:2-events]
(root,0,0,0.0) [kworker/6:0-events]
(root,0,0,0.0) [kworker/8:2-events]
(root,0,0,0.0) [kworker/13:1-events]
(root,0,0,0.0) [kworker/5:0-events]
(root,0,0,0.0) [kworker/15:0-events]
(root,0,0,0.0) [kworker/7:0-events]
(root,0,0,0.0) [kworker/4:0-events]
(root,0,0,0.0) [kworker/10:0-cgroup_destroy]
(root,0,0,0.0) [kworker/13:0-cgroup_destroy]
(root,0,0,0.0) [kworker/2:1-events]
(root,0,0,0.0) [kworker/12:2-events]
(root,0,0,0.0) [kworker/9:0]
(root,0,0,0.0) [kworker/11:0-cgroup_destroy]
(root,0,0,0.0) [kworker/5:2-cgroup_destroy]
(proxy,6176,2120,0.0) (pinger)
(root,0,0,0.0) [kworker/8:3-cgroup_destroy]
(root,0,0,0.0) [kworker/0:1]
(root,0,0,0.0) [kworker/3:3-events]
(root,0,0,0.0) [kworker/14:0-cgroup_destroy]
(root,0,0,0.0) [kworker/1:1]
(root,0,0,0.0) [kworker/u32:4-flush-253:0]
(root,0,0,0.0) [kworker/u32:5-flush-253:0]
(root,0,0,0.0) [kworker/15:1-events]
(root,0,0,0.0) [kworker/u32:1-events_power_efficient]
(root,0,0,0.0) [kworker/4:2-events]
(root,0,0,0.0) [kworker/u32:2-events_power_efficient]
(root,0,0,0.0) [kworker/u32:0-flush-253:0]
(root,15432,8804,0.0) sshd: [accepted]
(root,15432,8980,0.0) sshd: [accepted]
(root,15432,8960,0.0) sshd: [accepted]
(root,15432,8976,0.0) sshd: [accepted]
(root,0,0,0.0) [kworker/11:2-cgroup_destroy]
(root,0,0,0.0) [kworker/11:3]
(root,16912,10244,0.3) sshd: unknown [priv]
(sshd,15432,5560,0.0) sshd: unknown [net]
(root,15432,8680,0.0) sshd: [accepted]
(root,16912,10408,0.0) sshd: unknown [priv]
(sshd,15432,5464,0.0) sshd: unknown [net]
(root,7372,3788,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1592,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1112,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3692,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,192300,125124,0.1) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,12160,0.0) /usr/libexec/packagekitd
(root,239612,6460,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5464,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,10276,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6048,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5088,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5176,0.0) /usr/sbin/ModemManager
(root,25932,6660,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8228,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12728,0.0) /lib/systemd/systemd-resolved
(root,15436,8312,0.1) sshd: /usr/sbin/sshd -D [listener] 7 of 4-100 startups
(root,210344,17308,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,11520,0.0) /usr/sbin/squid --foreground -sYC
(root,404416,32112,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(proxy,79564,35896,0.0) (squid-1) --kid squid-1 --foreground -sYC
(proxy,6068,1936,0.0) (logfile-daemon) /var/log/squid/access.log
(root,2355860,30336,0.0) /usr/lib/snapd/snapd
(nobody,258716,240160,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/2:0-events]
(root,0,0,0.0) [kworker/12:1-events]
(root,0,0,0.0) [kworker/7:1-events]
(nobody,477948,459240,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/11:1-events]
(root,0,0,0.0) [kworker/10:1-events]
(root,258240,238064,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,267192,254544,1.7) nginx: worker process
(nobody,262024,249360,0.2) nginx: worker process
(nobody,259620,246908,0.0) nginx: worker process
(nobody,259160,246420,0.0) nginx: worker process
(nobody,259032,246308,0.0) nginx: worker process
(nobody,258548,245008,0.0) nginx: worker process
(nobody,258548,245008,0.0) nginx: worker process
(nobody,258548,245196,0.0) nginx: worker process
(nobody,258548,245008,0.0) nginx: worker process
(nobody,258548,244740,0.0) nginx: worker process
(nobody,258548,244740,0.0) nginx: worker process
(nobody,258548,244928,0.0) nginx: worker process
(nobody,258548,244740,0.0) nginx: worker process
(nobody,258548,244676,0.0) nginx: worker process
(nobody,258548,244864,0.0) nginx: worker process
(nobody,258548,244740,0.0) nginx: worker process
(nobody,258548,239988,0.0) nginx: cache manager process

Found on 2024-10-19 22:50

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca28fdbb1c

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315496,13620,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5264,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13400,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9476,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13788,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2744,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2556,0.0) su -
(root,8796,3808,0.0) -bash
(custadm+,17172,8660,0.0) /lib/systemd/systemd --user
(custadm+,318416,5544,0.0) (sd-pam)
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3692,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,167744,91400,0.1) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,12160,0.0) /usr/libexec/packagekitd
(root,239612,6460,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5464,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,10276,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6048,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5088,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5176,0.0) /usr/sbin/ModemManager
(root,25932,6660,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8228,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12728,0.0) /lib/systemd/systemd-resolved
(root,15436,8312,0.1) sshd: /usr/sbin/sshd -D [listener] 11 of 4-100 startups
(root,210344,17308,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,11520,0.0) /usr/sbin/squid --foreground -sYC
(root,404416,31568,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(nobody,258256,239672,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/12:0-events]
(nobody,258260,239656,0.0) nginx: cache manager process
(nobody,258260,239700,0.0) nginx: cache manager process
(nobody,477260,458412,0.0) nginx: cache manager process
(nobody,257628,238956,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/1:0-events]
(root,0,0,0.0) [kworker/7:0-events]
(nobody,257652,239048,0.0) nginx: cache manager process
(proxy,79564,35872,0.0) (squid-1) --kid squid-1 --foreground -sYC
(proxy,6068,1936,0.0) (logfile-daemon) /var/log/squid/access.log
(nobody,257628,238996,0.0) nginx: cache manager process
(nobody,258256,239672,0.0) nginx: cache manager process
(nobody,258256,239480,0.0) nginx: cache manager process
(root,2355540,30192,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/9:2-events]
(root,0,0,0.0) [kworker/2:1-events]
(nobody,258256,239700,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/14:0-events]
(root,0,0,0.0) [kworker/13:1-events]
(root,0,0,0.0) [kworker/4:0-events]
(root,0,0,0.0) [kworker/6:3-events]
(root,258408,238144,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,259092,245932,1.6) nginx: worker process
(nobody,259092,246212,0.2) nginx: worker process
(nobody,258716,245796,0.0) nginx: worker process
(nobody,258716,245796,0.0) nginx: worker process
(nobody,258716,241212,0.0) nginx: worker process
(nobody,258716,245708,0.0) nginx: worker process
(nobody,258716,241212,0.0) nginx: worker process
(nobody,258716,241212,0.0) nginx: worker process
(nobody,258716,241212,0.0) nginx: worker process
(nobody,258716,241212,0.0) nginx: worker process
(nobody,258716,241212,0.0) nginx: worker process
(nobody,258716,241212,0.0) nginx: worker process
(nobody,258716,241212,0.0) nginx: worker process
(nobody,258716,241212,0.0) nginx: worker process
(nobody,258716,241212,0.0) nginx: worker process
(nobody,258716,241212,0.0) nginx: worker process
(nobody,258716,240116,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/8:2-events]
(root,0,0,0.0) [kworker/9:1-cgroup_destroy]
(root,0,0,0.0) [kworker/11:1-events]
(root,0,0,0.0) [kworker/10:0-events]
(root,0,0,0.0) [kworker/4:1-cgroup_destroy]
(root,0,0,0.0) [kworker/3:1-events]
(root,0,0,0.0) [kworker/3:3-cgroup_destroy]
(root,0,0,0.0) [kworker/6:0-cgroup_destroy]
(root,0,0,0.0) [kworker/15:1-events]
(proxy,6176,2196,0.0) (pinger)
(root,0,0,0.0) [kworker/0:0-events]
(root,0,0,0.0) [kworker/14:1-cgroup_destroy]
(root,0,0,0.0) [kworker/5:1-events]
(root,0,0,0.0) [kworker/5:0-events]
(root,0,0,0.0) [kworker/11:0-events]
(root,0,0,0.0) [kworker/8:0-cgroup_destroy]
(root,0,0,0.0) [kworker/0:2]
(root,0,0,0.0) [kworker/15:0-events]
(root,0,0,0.0) [kworker/u32:2-flush-253:0]
(root,0,0,0.0) [kworker/2:0]
(root,0,0,0.0) [kworker/10:1]
(root,0,0,0.0) [kworker/1:1-cgroup_destroy]
(root,0,0,0.0) [kworker/12:1]
(root,0,0,0.0) [kworker/u32:1-events_power_efficient]
(root,0,0,0.0) [kworker/13:0]
(root,0,0,0.0) [kworker/u32:4-writeback]
(root,0,0,0.0) [kworker/u32:3-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/7:2]
(root,0,0,0.0) [kworker/u32:0]
(root,15432,8864,0.0) sshd: [accepted]
(sshd,15432,5548,0.0) sshd: [net]
(root,15432,8800,0.0) sshd: [accepted]
(root,15432,8920,0.0) sshd: [accepted]
(sshd,15432,5472,0.0) sshd: [net]
(root,15432,8912,0.0) sshd: [accepted]
(root,15432,8936,0.0) sshd: [accepted]
(root,15432,8744,0.0) sshd: [accepted]
(sshd,15432,5596,0.0) sshd: [net]
(root,16912,10204,0.0) sshd: unknown [priv]
(sshd,15432,5592,0.0) sshd: unknown [net]
(root,16912,10172,0.3) sshd: unknown [priv]
(sshd,15432,5568,0.0) sshd: unknown [net]
(root,16912,10240,1.0) sshd: unknown [priv]
(sshd,15432,5560,0.0) sshd: unknown [net]
(root,15432,8796,0.0) sshd: [accepted]
(sshd,15432,5408,0.0) sshd: [net]
(root,15432,8980,0.0) sshd: [accepted]
(sshd,15432,5508,0.0) sshd: [net]
(root,7372,3768,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1588,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1112,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /

Found on 2024-10-16 00:19

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca5003f3cb

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315496,13620,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5264,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13400,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9476,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13788,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2744,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2556,0.0) su -
(root,8796,3808,0.0) -bash
(custadm+,17172,8660,0.0) /lib/systemd/systemd --user
(custadm+,318416,5544,0.0) (sd-pam)
(root,0,0,0.0) [kworker/11:1-events]
(root,0,0,0.0) [kworker/0:2-events_freezable]
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3692,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,184084,112404,0.1) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,12160,0.0) /usr/libexec/packagekitd
(root,239612,6460,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5472,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,10276,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6048,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5088,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5176,0.0) /usr/sbin/ModemManager
(root,25932,6660,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8228,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12728,0.0) /lib/systemd/systemd-resolved
(root,15436,8312,0.1) sshd: /usr/sbin/sshd -D [listener] 10 of 4-100 startups
(root,210344,17308,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,11520,0.0) /usr/sbin/squid --foreground -sYC
(root,404416,32400,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(nobody,258256,239672,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/12:0-mm_percpu_wq]
(nobody,258260,239656,0.0) nginx: cache manager process
(nobody,258260,239700,0.0) nginx: cache manager process
(nobody,477260,458412,0.0) nginx: cache manager process
(nobody,257628,238956,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/1:0-events]
(root,0,0,0.0) [kworker/7:0-events]
(nobody,257652,239048,0.0) nginx: cache manager process
(proxy,77292,33388,0.0) (squid-1) --kid squid-1 --foreground -sYC
(proxy,6068,1936,0.0) (logfile-daemon) /var/log/squid/access.log
(nobody,257628,238996,0.0) nginx: cache manager process
(nobody,258256,239672,0.0) nginx: cache manager process
(root,257948,237736,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,258376,245440,1.6) nginx: worker process
(nobody,258656,245776,0.2) nginx: worker process
(nobody,258256,245248,0.0) nginx: worker process
(nobody,258256,245232,0.0) nginx: worker process
(nobody,258256,245180,0.0) nginx: worker process
(nobody,258256,240576,0.0) nginx: worker process
(nobody,258256,240576,0.0) nginx: worker process
(nobody,258256,240576,0.0) nginx: worker process
(nobody,258256,240576,0.0) nginx: worker process
(nobody,258256,240576,0.0) nginx: worker process
(nobody,258256,240576,0.0) nginx: worker process
(nobody,258256,240576,0.0) nginx: worker process
(nobody,258256,240576,0.0) nginx: worker process
(nobody,258256,240576,0.0) nginx: worker process
(nobody,258256,240576,0.0) nginx: worker process
(nobody,258256,240576,0.0) nginx: worker process
(nobody,258256,239480,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/8:1-events]
(root,0,0,0.0) [kworker/5:0-events]
(root,0,0,0.0) [kworker/14:1-events]
(root,0,0,0.0) [kworker/2:2-events]
(root,0,0,0.0) [kworker/15:2-events]
(root,2355284,28668,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/9:2-events]
(root,0,0,0.0) [kworker/14:2-cgroup_destroy]
(root,0,0,0.0) [kworker/12:1-cgroup_destroy]
(root,0,0,0.0) [kworker/11:0-cgroup_destroy]
(root,0,0,0.0) [kworker/6:2-events]
(root,0,0,0.0) [kworker/9:3-events]
(root,0,0,0.0) [kworker/1:1-events]
(root,0,0,0.0) [kworker/4:0-events]
(root,0,0,0.0) [kworker/6:1-events]
(proxy,6176,2168,0.0) (pinger)
(root,0,0,0.0) [kworker/2:1-cgroup_destroy]
(root,0,0,0.0) [kworker/5:1-cgroup_destroy]
(root,0,0,0.0) [kworker/10:2-events]
(root,0,0,0.0) [kworker/3:1]
(root,0,0,0.0) [kworker/8:0-cgroup_destroy]
(root,0,0,0.0) [kworker/4:2]
(root,0,0,0.0) [kworker/3:2-events]
(root,0,0,0.0) [kworker/15:0-events]
(root,0,0,0.0) [kworker/7:1]
(root,0,0,0.0) [kworker/0:0]
(root,0,0,0.0) [kworker/u32:4-events_unbound]
(root,0,0,0.0) [kworker/u32:1-events_power_efficient]
(root,0,0,0.0) [kworker/13:0]
(root,0,0,0.0) [kworker/u32:6-events_power_efficient]
(root,0,0,0.0) [kworker/u32:0-flush-253:0]
(root,0,0,0.0) [kworker/8:2-cgroup_destroy]
(root,15432,8892,0.0) sshd: [accepted]
(root,15432,9028,0.0) sshd: [accepted]
(sshd,15432,5632,0.0) sshd: [net]
(root,15432,8788,0.0) sshd: [accepted]
(root,15432,8984,0.0) sshd: [accepted]
(root,15432,8936,0.0) sshd: [accepted]
(root,15432,9092,0.0) sshd: [accepted]
(root,15432,8804,0.0) sshd: [accepted]
(root,15432,8820,0.0) sshd: [accepted]
(root,16440,9972,0.5) sshd: root [priv]
(sshd,15432,5380,0.0) sshd: root [net]
(root,16440,10040,1.7) sshd: root [priv]
(sshd,15432,5464,0.0) sshd: root [net]
(root,7372,3816,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1668,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1096,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(root,0,0,0.0) [kworker/13:2-events]
(root,0,0,0.0) [kworker/10:0-mm_percpu_wq]

Found on 2024-10-13 23:42

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca14bc51ad

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315496,13620,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5264,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13400,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9476,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13788,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2744,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2556,0.0) su -
(root,8796,3808,0.0) -bash
(custadm+,17172,8660,0.0) /lib/systemd/systemd --user
(custadm+,318416,5544,0.0) (sd-pam)
(root,0,0,0.0) [kworker/2:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/1:3-mm_percpu_wq]
(root,0,0,0.0) [kworker/11:1-events]
(root,0,0,0.0) [kworker/14:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/5:0-events]
(root,0,0,0.0) [kworker/6:2-cgroup_destroy]
(root,0,0,0.0) [kworker/0:2-events]
(root,0,0,0.0) [kworker/8:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/4:1-mm_percpu_wq]
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3692,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,155208,85548,0.1) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,12160,0.0) /usr/libexec/packagekitd
(root,239612,6460,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5480,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,10276,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6048,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5088,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5176,0.0) /usr/sbin/ModemManager
(root,11800,6660,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8228,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12728,0.0) /lib/systemd/systemd-resolved
(root,15436,8312,0.1) sshd: /usr/sbin/sshd -D [listener] 11 of 4-100 startups
(root,210344,17308,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,11520,0.0) /usr/sbin/squid --foreground -sYC
(root,0,0,0.0) [kworker/10:1-cgroup_destroy]
(root,404416,32380,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(root,0,0,0.0) [kworker/3:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/0:0]
(root,0,0,0.0) [kworker/13:3-cgroup_destroy]
(root,0,0,0.0) [kworker/7:1-events]
(proxy,75364,30856,0.0) (squid-1) --kid squid-1 --foreground -sYC
(proxy,6068,1924,0.0) (logfile-daemon) /var/log/squid/access.log
(nobody,258256,239672,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/12:0-events]
(nobody,258260,239656,0.0) nginx: cache manager process
(nobody,258260,239700,0.0) nginx: cache manager process
(nobody,477260,458412,0.0) nginx: cache manager process
(root,257320,237064,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,257504,244504,1.0) nginx: worker process
(nobody,257628,244692,0.1) nginx: worker process
(nobody,257628,244628,0.0) nginx: worker process
(nobody,257628,244476,0.0) nginx: worker process
(nobody,257628,239968,0.0) nginx: worker process
(nobody,257628,239968,0.0) nginx: worker process
(nobody,257628,239968,0.0) nginx: worker process
(nobody,257628,239968,0.0) nginx: worker process
(nobody,257628,239968,0.0) nginx: worker process
(nobody,257628,239968,0.0) nginx: worker process
(nobody,257628,239968,0.0) nginx: worker process
(nobody,257628,239968,0.0) nginx: worker process
(nobody,257628,239968,0.0) nginx: worker process
(nobody,257628,239968,0.0) nginx: worker process
(nobody,257628,239968,0.0) nginx: worker process
(nobody,257628,239968,0.0) nginx: worker process
(nobody,257628,238956,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/9:0-events]
(root,0,0,0.0) [kworker/7:2-cgroup_destroy]
(proxy,6176,2196,0.0) (pinger)
(root,0,0,0.0) [kworker/12:3-cgroup_destroy]
(root,0,0,0.0) [kworker/6:0-events]
(root,0,0,0.0) [kworker/9:1]
(root,0,0,0.0) [kworker/11:0]
(root,0,0,0.0) [kworker/5:1-cgroup_destroy]
(root,0,0,0.0) [kworker/14:3-events]
(root,0,0,0.0) [kworker/u32:1-events_power_efficient]
(root,0,0,0.0) [kworker/4:2-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:3-flush-253:0]
(root,0,0,0.0) [kworker/3:2]
(root,0,0,0.0) [kworker/2:1-events]
(root,0,0,0.0) [kworker/u32:2-events_power_efficient]
(root,0,0,0.0) [kworker/15:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/1:0]
(root,0,0,0.0) [kworker/u32:0-writeback]
(root,0,0,0.0) [kworker/u32:4-writeback]
(root,0,0,0.0) [kworker/u32:5-flush-253:0]
(root,0,0,0.0) [kworker/6:1-cgroup_destroy]
(root,0,0,0.0) [kworker/6:3]
(root,0,0,0.0) [kworker/u32:6]
(root,15432,8904,0.0) sshd: [accepted]
(sshd,15432,5592,0.0) sshd: [net]
(root,15432,9016,0.0) sshd: [accepted]
(root,15432,9048,0.0) sshd: [accepted]
(root,15432,9040,0.0) sshd: [accepted]
(sshd,15432,5616,0.0) sshd: [net]
(root,15432,9080,0.0) sshd: [accepted]
(root,15432,8888,0.0) sshd: [accepted]
(root,15432,8904,0.0) sshd: [accepted]
(sshd,15432,5408,0.0) sshd: [net]
(root,16912,10320,0.0) sshd: unknown [priv]
(sshd,15432,5504,0.0) sshd: unknown [net]
(root,16912,10400,0.5) sshd: unknown [priv]
(sshd,15432,5396,0.0) sshd: unknown [net]
(root,15432,9084,0.0) sshd: [accepted]
(sshd,15432,5572,0.0) sshd: [net]
(root,15432,8944,0.0) sshd: [accepted]
(sshd,15432,5512,0.0) sshd: [net]
(root,7372,3840,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1612,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1072,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(root,0,0,0.0) [kworker/13:2-events]
(root,2356644,33524,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/8:2-cgroup_destroy]
(root,0,0,0.0) [kworker/15:2-cgroup_destroy]
(root,0,0,0.0) [kworker/10:0-mm_percpu_wq]

Found on 2024-10-11 23:42

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca520d20f5

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315496,13620,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5264,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13400,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9476,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13788,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,0,0,0.0) [kworker/7:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/1:2-events]
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2744,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2556,0.0) su -
(root,8796,3808,0.0) -bash
(root,0,0,0.0) [kworker/6:2-events]
(root,0,0,0.0) [kworker/5:0-cgroup_destroy]
(root,257948,237712,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,258676,245564,1.5) nginx: worker process
(nobody,258392,245444,0.2) nginx: worker process
(nobody,258392,245368,0.0) nginx: worker process
(nobody,258256,245252,0.0) nginx: worker process
(nobody,258256,240548,0.0) nginx: worker process
(nobody,258256,245216,0.0) nginx: worker process
(nobody,258256,240548,0.0) nginx: worker process
(nobody,258256,240548,0.0) nginx: worker process
(nobody,258256,240548,0.0) nginx: worker process
(nobody,258256,240548,0.0) nginx: worker process
(nobody,258256,240548,0.0) nginx: worker process
(nobody,258256,240548,0.0) nginx: worker process
(nobody,258256,240548,0.0) nginx: worker process
(nobody,258256,240548,0.0) nginx: worker process
(nobody,258256,240548,0.0) nginx: worker process
(nobody,258256,240548,0.0) nginx: worker process
(nobody,258256,239460,0.0) nginx: cache manager process
(custadm+,17172,8660,0.0) /lib/systemd/systemd --user
(custadm+,318416,5544,0.0) (sd-pam)
(root,0,0,0.0) [kworker/0:0-events]
(root,0,0,0.0) [kworker/12:0-cgroup_destroy]
(root,0,0,0.0) [kworker/10:2]
(root,0,0,0.0) [kworker/13:1-cgroup_destroy]
(root,0,0,0.0) [kworker/11:0-cgroup_destroy]
(root,0,0,0.0) [kworker/12:2-events]
(root,0,0,0.0) [kworker/3:1-cgroup_destroy]
(root,0,0,0.0) [kworker/14:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/0:1-events]
(proxy,6176,2104,0.0) (pinger)
(root,0,0,0.0) [kworker/4:0-cgroup_destroy]
(root,0,0,0.0) [kworker/2:2-events]
(root,0,0,0.0) [kworker/8:1]
(root,0,0,0.0) [kworker/6:0-cgroup_destroy]
(root,0,0,0.0) [kworker/7:3-events]
(root,0,0,0.0) [kworker/1:1-events]
(root,0,0,0.0) [kworker/u32:4-flush-253:0]
(root,0,0,0.0) [kworker/9:1-events]
(root,0,0,0.0) [kworker/2:1]
(root,0,0,0.0) [kworker/u32:0-events_power_efficient]
(root,440068,82228,0.0) /usr/libexec/fwupd/fwupd
(root,0,0,0.0) [kworker/15:1]
(root,0,0,0.0) [kworker/14:0]
(root,0,0,0.0) [kworker/u32:2-writeback]
(root,0,0,0.0) [kworker/1:0]
(root,15432,8976,0.0) sshd: [accepted]
(root,15432,8744,0.0) sshd: [accepted]
(root,0,0,0.0) [kworker/u32:1-flush-253:0]
(root,0,0,0.0) [kworker/u32:3-flush-253:0]
(root,16912,10436,0.0) sshd: unknown [priv]
(sshd,15432,5604,0.0) sshd: unknown [net]
(root,15432,8900,0.0) sshd: [accepted]
(root,16912,10212,0.2) sshd: unknown [priv]
(sshd,15432,5552,0.0) sshd: unknown [net]
(root,16912,10216,0.2) sshd: unknown [priv]
(root,16912,10180,0.2) sshd: unknown [priv]
(sshd,15432,5440,0.0) sshd: unknown [net]
(sshd,15432,5336,0.0) sshd: unknown [net]
(root,16440,10084,1.6) sshd: root [priv]
(sshd,15432,5452,0.0) sshd: root [net]
(root,16440,9964,2.0) sshd: root [priv]
(sshd,15432,5436,0.0) sshd: root [net]
(root,7372,3920,0.0) /bin/bash /usr/bin/check_mk_agent
(root,15432,9004,0.0) sshd: [accepted]
(sshd,15432,5464,0.0) sshd: [net]
(root,7064,1592,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1184,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3692,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,183924,111860,0.1) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,12160,0.0) /usr/libexec/packagekitd
(root,239612,6460,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5480,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,10276,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6048,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5088,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5176,0.0) /usr/sbin/ModemManager
(root,11800,6660,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8228,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12728,0.0) /lib/systemd/systemd-resolved
(root,15436,8312,0.1) sshd: /usr/sbin/sshd -D [listener] 10 of 4-100 startups
(root,210344,17308,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,10940,0.0) /usr/sbin/squid --foreground -sYC
(root,404416,32380,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(proxy,6068,1684,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/9:2-events]
(proxy,79092,33888,0.0) (squid-1) --kid squid-1 --foreground -sYC
(root,0,0,0.0) [kworker/3:2-events]
(nobody,258240,239380,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/13:2-events]
(root,0,0,0.0) [kworker/5:1-events]
(root,2356388,33292,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/8:2-events]
(root,0,0,0.0) [kworker/15:2-events]
(nobody,477284,458572,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/4:2-events]
(root,0,0,0.0) [kworker/11:2-events]
(root,0,0,0.0) [kworker/10:0-events]

Found on 2024-10-09 23:23

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca41b20be1

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315496,13608,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5264,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13400,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9476,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13788,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2744,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2556,0.0) su -
(root,8796,3808,0.0) -bash
(custadm+,17172,8660,0.0) /lib/systemd/systemd --user
(custadm+,318416,5544,0.0) (sd-pam)
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3692,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,81576,28824,0.1) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,12160,0.0) /usr/libexec/packagekitd
(root,239612,6460,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5488,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,10276,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6048,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5088,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5176,0.0) /usr/sbin/ModemManager
(root,11800,6660,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8228,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12728,0.0) /lib/systemd/systemd-resolved
(root,15436,8312,0.1) sshd: /usr/sbin/sshd -D [listener] 10 of 4-100 startups
(root,210344,17308,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,10940,0.0) /usr/sbin/squid --foreground -sYC
(root,404416,32380,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(proxy,6068,1684,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/9:2-events]
(proxy,79284,33888,0.0) (squid-1) --kid squid-1 --foreground -sYC
(root,0,0,0.0) [kworker/3:2-events]
(root,0,0,0.0) [kworker/14:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/11:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/12:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/5:2-cgroup_destroy]
(root,0,0,0.0) [kworker/6:1-events]
(root,0,0,0.0) [kworker/2:0-events]
(root,0,0,0.0) [kworker/7:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/4:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/15:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/10:3-cgroup_destroy]
(root,0,0,0.0) [kworker/10:1-mm_percpu_wq]
(root,257932,237608,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,264112,250916,1.3) nginx: worker process
(nobody,259604,246500,0.2) nginx: worker process
(nobody,260588,247656,0.0) nginx: worker process
(nobody,258740,245716,0.0) nginx: worker process
(nobody,258724,245496,0.0) nginx: worker process
(nobody,258544,245316,0.0) nginx: worker process
(nobody,258512,245400,0.0) nginx: worker process
(nobody,258640,245404,0.0) nginx: worker process
(nobody,258716,245396,0.0) nginx: worker process
(nobody,258576,245408,0.0) nginx: worker process
(nobody,258240,245116,0.0) nginx: worker process
(nobody,258688,245596,0.0) nginx: worker process
(nobody,258380,245144,0.0) nginx: worker process
(nobody,258240,245116,0.0) nginx: worker process
(nobody,258240,245116,0.0) nginx: worker process
(nobody,258240,245060,0.0) nginx: worker process
(nobody,258240,239380,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/1:1-events]
(root,0,0,0.0) [kworker/13:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/13:0]
(root,0,0,0.0) [kworker/8:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/0:2-events]
(root,0,0,0.0) [kworker/6:0-events]
(root,0,0,0.0) [kworker/12:0]
(proxy,6176,2204,0.0) (pinger)
(root,0,0,0.0) [kworker/2:1-events]
(root,0,0,0.0) [kworker/5:1-events]
(root,0,0,0.0) [kworker/11:0-cgroup_destroy]
(root,0,0,0.0) [kworker/9:0-cgroup_destroy]
(root,2356132,32148,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/7:2-cgroup_destroy]
(root,0,0,0.0) [kworker/1:2]
(root,0,0,0.0) [kworker/4:1]
(root,0,0,0.0) [kworker/u32:1-flush-253:0]
(root,0,0,0.0) [kworker/14:1]
(root,0,0,0.0) [kworker/3:1]
(root,0,0,0.0) [kworker/0:3-events]
(root,0,0,0.0) [kworker/8:2]
(root,0,0,0.0) [kworker/u32:5-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/15:0]
(root,0,0,0.0) [kworker/u32:4-flush-253:0]
(root,0,0,0.0) [kworker/u32:2-flush-253:0]
(root,0,0,0.0) [kworker/u32:0-writeback]
(root,15432,8944,0.0) sshd: [accepted]
(root,15432,8848,0.0) sshd: [accepted]
(root,15432,9000,0.0) sshd: [accepted]
(root,15432,8952,0.0) sshd: [accepted]
(sshd,15432,5532,0.0) sshd: [net]
(root,15432,9024,0.0) sshd: [accepted]
(sshd,15432,5420,0.0) sshd: [net]
(root,16440,9960,1.3) sshd: root [priv]
(sshd,15432,5460,0.0) sshd: root [net]
(root,16440,9936,1.6) sshd: root [priv]
(sshd,15432,5600,0.0) sshd: root [net]
(root,16912,10024,0.3) sshd: unknown [priv]
(sshd,15432,5552,0.0) sshd: unknown [net]
(root,15432,9024,0.0) sshd: [accepted]
(sshd,15432,5568,0.0) sshd: [net]
(root,15432,8932,0.0) sshd: [accepted]
(sshd,15432,5568,0.0) sshd: [net]
(root,7372,3796,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1592,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1080,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /

Found on 2024-10-07 23:45

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320cab1dc5aa4

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315504,13580,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5264,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13400,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9476,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13788,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(nobody,253744,230496,0.0) nginx: cache manager process
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2744,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2556,0.0) su -
(root,8796,3808,0.0) -bash
(custadm+,17172,8660,0.0) /lib/systemd/systemd --user
(custadm+,318416,5544,0.0) (sd-pam)
(root,0,0,0.0) [kworker/2:2-events]
(nobody,253744,230400,0.0) nginx: cache manager process
(nobody,490516,462816,0.0) nginx: cache manager process
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3692,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,208576,139992,0.1) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,12160,0.0) /usr/libexec/packagekitd
(root,239612,6460,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5488,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,10080,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6048,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5088,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5176,0.0) /usr/sbin/ModemManager
(root,11800,6568,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8228,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12728,0.0) /lib/systemd/systemd-resolved
(root,15436,8312,0.1) sshd: /usr/sbin/sshd -D [listener] 14 of 4-100 startups
(root,210344,17308,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,10940,0.0) /usr/sbin/squid --foreground -sYC
(root,404416,32380,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(nobody,468484,441052,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/7:2-events]
(proxy,6068,1684,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/5:1-events]
(root,0,0,0.0) [kworker/9:2-events]
(proxy,79284,33884,0.0) (squid-1) --kid squid-1 --foreground -sYC
(nobody,253748,230328,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/14:2-events]
(root,0,0,0.0) [kworker/1:1-events]
(root,0,0,0.0) [kworker/3:2-events]
(root,0,0,0.0) [kworker/0:1-events]
(root,0,0,0.0) [kworker/13:1-events]
(root,0,0,0.0) [kworker/15:1-events]
(root,0,0,0.0) [kworker/10:2-events]
(root,0,0,0.0) [kworker/4:1-events]
(nobody,482472,463596,0.0) nginx: cache manager process
(nobody,258484,239780,0.0) nginx: cache manager process
(root,257932,237708,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,258388,245464,1.2) nginx: worker process
(nobody,258632,245636,0.1) nginx: worker process
(nobody,258240,245180,0.0) nginx: worker process
(nobody,258240,245180,0.0) nginx: worker process
(nobody,258240,244176,0.0) nginx: worker process
(nobody,258240,244176,0.0) nginx: worker process
(nobody,258240,240480,0.0) nginx: worker process
(nobody,258240,240480,0.0) nginx: worker process
(nobody,258240,240480,0.0) nginx: worker process
(nobody,258240,240480,0.0) nginx: worker process
(nobody,258240,240480,0.0) nginx: worker process
(nobody,258240,240480,0.0) nginx: worker process
(nobody,258240,240480,0.0) nginx: worker process
(nobody,258240,240480,0.0) nginx: worker process
(nobody,258240,240480,0.0) nginx: worker process
(nobody,258240,240480,0.0) nginx: worker process
(nobody,258240,239388,0.0) nginx: cache manager process
(nobody,253748,230312,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/8:2-events]
(root,0,0,0.0) [kworker/12:0-events]
(root,0,0,0.0) [kworker/6:0-cgroup_destroy]
(root,0,0,0.0) [kworker/7:3-cgroup_destroy]
(root,0,0,0.0) [kworker/14:3-cgroup_destroy]
(root,2356116,25308,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/2:0-cgroup_destroy]
(root,0,0,0.0) [kworker/3:1-cgroup_destroy]
(root,0,0,0.0) [kworker/15:2-events]
(root,0,0,0.0) [kworker/13:2-cgroup_destroy]
(root,0,0,0.0) [kworker/0:2]
(root,0,0,0.0) [kworker/12:1]
(root,0,0,0.0) [kworker/9:1-cgroup_destroy]
(root,0,0,0.0) [kworker/10:0-events]
(root,0,0,0.0) [kworker/11:1-mm_percpu_wq]
(proxy,6176,2168,0.0) (pinger)
(root,0,0,0.0) [kworker/4:0-cgroup_destroy]
(root,0,0,0.0) [kworker/5:0]
(root,0,0,0.0) [kworker/1:3-cgroup_destroy]
(root,0,0,0.0) [kworker/6:1-events]
(root,0,0,0.0) [kworker/8:1-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:4-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/u32:2-events_power_efficient]
(root,0,0,0.0) [kworker/11:2-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:1-flush-8:0]
(root,0,0,0.0) [kworker/u32:0-writeback]
(root,0,0,0.0) [kworker/8:0]
(root,15432,9056,0.0) sshd: [accepted]
(root,15432,8872,0.0) sshd: [accepted]
(root,15432,8768,0.0) sshd: [accepted]
(root,15432,9012,0.0) sshd: [accepted]
(root,15432,8932,0.0) sshd: [accepted]
(root,15432,8792,0.0) sshd: [accepted]
(root,15432,8780,0.0) sshd: [accepted]
(root,16440,10080,3.0) sshd: root [priv]
(root,16912,10276,0.3) sshd: unknown [priv]
(sshd,15432,5532,0.0) sshd: unknown [net]
(sshd,15432,5412,0.0) sshd: root [net]
(root,16912,10120,0.3) sshd: unknown [priv]
(sshd,15432,5412,0.0) sshd: unknown [net]
(root,16912,10256,0.3) sshd: unknown [priv]
(sshd,15432,5540,0.0) sshd: unknown [net]
(root,15432,8912,0.0) sshd: [accepted]
(sshd,15432,5460,0.0) sshd: [net]
(root,16912,10340,1.0) sshd: unknown [priv]
(sshd,15432,5452,0.0) sshd: unknown [net]
(root,15432,8776,0.0) sshd: [accepted]
(sshd,15432,5488,0.0) sshd: [net]
(nagios,10568,6000,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,7372,3872,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1568,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1092,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,253736,230360,0.0) nginx: cache manager process
(nobody,276936,253500,0.0) nginx: cache manager process

Found on 2024-10-05 22:31

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca138110cd

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315504,13580,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5272,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13460,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9480,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13832,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(nobody,253744,235132,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/0:0-events]
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2852,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2556,0.0) su -
(root,8796,3808,0.0) -bash
(custadm+,17172,8820,0.0) /lib/systemd/systemd --user
(custadm+,318416,5568,0.0) (sd-pam)
(root,0,0,0.0) [kworker/9:1-events]
(root,0,0,0.0) [kworker/2:2-events]
(root,0,0,0.0) [kworker/8:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/1:2-events]
(root,0,0,0.0) [kworker/12:2-events]
(nobody,253744,235032,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/15:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/11:2-events]
(root,0,0,0.0) [kworker/6:1-events]
(nobody,490516,471760,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/14:0-events]
(root,0,0,0.0) [kworker/10:2-events]
(root,0,0,0.0) [kworker/4:0-events]
(root,0,0,0.0) [kworker/13:1-events]
(root,0,0,0.0) [kworker/14:1-cgroup_destroy]
(root,253436,233060,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,255692,242820,2.2) nginx: worker process
(nobody,255324,242260,0.3) nginx: worker process
(nobody,253884,240792,0.0) nginx: worker process
(nobody,253884,240820,0.0) nginx: worker process
(nobody,253776,240504,0.0) nginx: worker process
(nobody,253744,240660,0.0) nginx: worker process
(nobody,253744,240584,0.0) nginx: worker process
(nobody,253880,240680,0.0) nginx: worker process
(nobody,254032,240932,0.0) nginx: worker process
(nobody,253744,240592,0.0) nginx: worker process
(nobody,254248,240932,0.0) nginx: worker process
(nobody,253744,240592,0.0) nginx: worker process
(nobody,253744,240652,0.0) nginx: worker process
(nobody,253744,240592,0.0) nginx: worker process
(nobody,253744,240564,0.0) nginx: worker process
(nobody,253744,240592,0.0) nginx: worker process
(nobody,253744,235156,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/5:3-events]
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3696,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,114344,56616,0.1) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,12348,0.0) /usr/libexec/packagekitd
(root,239612,6492,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5608,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,10148,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6060,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5120,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5496,0.0) /usr/sbin/ModemManager
(root,11800,6568,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8228,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12728,0.0) /lib/systemd/systemd-resolved
(root,15436,8596,0.1) sshd: /usr/sbin/sshd -D [listener] 7 of 4-100 startups
(root,210344,17308,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,12200,0.0) /usr/sbin/squid --foreground -sYC
(root,0,0,0.0) [kworker/6:2-cgroup_destroy]
(root,404416,32504,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(nobody,468484,449604,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/8:1-cgroup_destroy]
(root,0,0,0.0) [kworker/7:2-events]
(root,0,0,0.0) [kworker/4:1-cgroup_destroy]
(root,0,0,0.0) [kworker/13:2-events]
(root,0,0,0.0) [kworker/7:1-cgroup_destroy]
(root,0,0,0.0) [kworker/3:2-cgroup_destroy]
(root,0,0,0.0) [kworker/3:0-events]
(proxy,6176,2196,0.0) (pinger)
(root,0,0,0.0) [kworker/1:1]
(root,0,0,0.0) [kworker/15:2]
(root,0,0,0.0) [kworker/2:1-events]
(root,0,0,0.0) [kworker/u32:3-events_power_efficient]
(root,0,0,0.0) [kworker/5:0]
(root,439936,81988,0.0) /usr/libexec/fwupd/fwupd
(root,0,0,0.0) [kworker/9:2-events]
(root,0,0,0.0) [kworker/12:3-events]
(root,0,0,0.0) [kworker/u32:0-events_power_efficient]
(root,0,0,0.0) [kworker/0:1]
(root,0,0,0.0) [kworker/u32:1-flush-253:0]
(root,0,0,0.0) [kworker/10:0]
(root,0,0,0.0) [kworker/u32:5-flush-253:0]
(root,0,0,0.0) [kworker/11:3]
(root,15432,8764,0.0) sshd: [accepted]
(root,15432,9060,0.0) sshd: [accepted]
(root,0,0,0.0) [kworker/u32:2-ext4-rsv-conversion]
(root,15432,8780,0.0) sshd: [accepted]
(root,15432,8896,0.0) sshd: [accepted]
(root,16912,10272,0.0) sshd: unknown [priv]
(sshd,15432,5532,0.0) sshd: unknown [net]
(root,15432,8828,0.0) sshd: [accepted]
(sshd,15432,5512,0.0) sshd: [net]
(root,15432,8932,0.0) sshd: [accepted]
(sshd,15432,5376,0.0) sshd: [net]
(root,7372,3676,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1564,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1088,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(proxy,79092,35752,0.0) (squid-1) --kid squid-1 --foreground -sYC
(proxy,6068,1976,0.0) (logfile-daemon) /var/log/squid/access.log
(nobody,253748,234980,0.0) nginx: cache manager process
(nobody,253748,234928,0.0) nginx: cache manager process
(root,2356116,26864,0.0) /usr/lib/snapd/snapd
(nobody,253736,234984,0.0) nginx: cache manager process
(nobody,276936,258348,0.0) nginx: cache manager process

Found on 2024-10-03 21:48

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca8226bc96

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315504,13580,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5272,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13460,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9480,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13832,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,253436,233268,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,255604,242744,1.7) nginx: worker process
(nobody,254136,241364,0.3) nginx: worker process
(nobody,253744,240892,0.0) nginx: worker process
(nobody,253744,240892,0.0) nginx: worker process
(nobody,253744,238984,0.0) nginx: worker process
(nobody,253744,240836,0.0) nginx: worker process
(nobody,253744,238984,0.0) nginx: worker process
(nobody,253744,236224,0.0) nginx: worker process
(nobody,253744,236224,0.0) nginx: worker process
(nobody,253744,236224,0.0) nginx: worker process
(nobody,253744,236224,0.0) nginx: worker process
(nobody,253744,236224,0.0) nginx: worker process
(nobody,253744,236224,0.0) nginx: worker process
(nobody,253744,236224,0.0) nginx: worker process
(nobody,253744,236224,0.0) nginx: worker process
(nobody,253744,236224,0.0) nginx: worker process
(nobody,253744,235132,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/0:0-events]
(root,0,0,0.0) [kworker/6:1-events]
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2852,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2556,0.0) su -
(root,8796,3808,0.0) -bash
(root,0,0,0.0) [kworker/3:2-events]
(custadm+,17172,8820,0.0) /lib/systemd/systemd --user
(custadm+,318416,5568,0.0) (sd-pam)
(root,0,0,0.0) [kworker/9:1-cgroup_destroy]
(root,0,0,0.0) [kworker/12:0-events]
(root,0,0,0.0) [kworker/2:2-cgroup_destroy]
(root,0,0,0.0) [kworker/4:2-cgroup_destroy]
(root,0,0,0.0) [kworker/10:1-events]
(root,0,0,0.0) [kworker/6:2-cgroup_destroy]
(root,0,0,0.0) [kworker/5:1]
(root,0,0,0.0) [kworker/3:0-events]
(root,0,0,0.0) [kworker/14:0-cgroup_destroy]
(proxy,6176,2204,0.0) (pinger)
(root,0,0,0.0) [kworker/10:3-events]
(root,0,0,0.0) [kworker/7:0-events]
(root,0,0,0.0) [kworker/11:0-events]
(root,0,0,0.0) [kworker/8:0-cgroup_destroy]
(root,0,0,0.0) [kworker/1:1-events]
(root,0,0,0.0) [kworker/u32:2-flush-253:0]
(root,0,0,0.0) [kworker/u32:5-events_unbound]
(root,0,0,0.0) [kworker/0:2]
(root,0,0,0.0) [kworker/13:2-events]
(root,0,0,0.0) [kworker/u32:1-flush-253:0]
(root,0,0,0.0) [kworker/15:0]
(root,0,0,0.0) [kworker/u32:4-events_power_efficient]
(root,15432,8912,0.0) sshd: [accepted]
(root,0,0,0.0) [kworker/u32:0]
(root,15432,9044,0.0) sshd: [accepted]
(root,16440,9860,0.8) sshd: root [priv]
(sshd,15432,5468,0.2) sshd: root [net]
(root,16912,10404,0.0) sshd: unknown [priv]
(sshd,15432,5448,0.0) sshd: unknown [net]
(root,16912,10284,0.0) sshd: unknown [priv]
(sshd,15432,5572,0.0) sshd: unknown [net]
(root,15432,8928,0.0) sshd: [accepted]
(sshd,15432,5416,0.0) sshd: [net]
(root,7372,3880,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1540,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1124,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,490516,471760,0.0) nginx: cache manager process
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3696,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,81576,24696,0.1) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,12348,0.0) /usr/libexec/packagekitd
(root,239612,6492,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5608,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,10148,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6060,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5120,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5496,0.0) /usr/sbin/ModemManager
(root,11800,6568,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8228,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12728,0.0) /lib/systemd/systemd-resolved
(root,15436,8596,0.1) sshd: /usr/sbin/sshd -D [listener] 6 of 4-100 startups
(root,210344,17308,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,12200,0.0) /usr/sbin/squid --foreground -sYC
(root,404416,31448,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(nobody,468484,449604,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/4:0-events]
(proxy,79124,35612,0.0) (squid-1) --kid squid-1 --foreground -sYC
(proxy,6068,1976,0.0) (logfile-daemon) /var/log/squid/access.log
(nobody,253748,234980,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/8:2-events]
(nobody,253748,234928,0.0) nginx: cache manager process
(root,2356116,27000,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/15:1-events]
(root,0,0,0.0) [kworker/2:0-events]
(root,0,0,0.0) [kworker/11:1-events]
(root,0,0,0.0) [kworker/9:2-events]
(root,0,0,0.0) [kworker/5:2-events]
(root,0,0,0.0) [kworker/1:0-events]
(root,0,0,0.0) [kworker/7:1-cgroup_destroy]
(nobody,253736,234984,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/13:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/12:1-cgroup_destroy]
(nobody,276936,258348,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/14:2-events]

Found on 2024-10-01 22:55

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320caabb69056

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315504,13580,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5272,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13460,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9480,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13832,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2852,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2556,0.0) su -
(root,8796,3808,0.0) -bash
(custadm+,17172,8820,0.0) /lib/systemd/systemd --user
(custadm+,318416,5568,0.0) (sd-pam)
(root,0,0,0.0) [kworker/12:2-events]
(nobody,490516,471760,0.0) nginx: cache manager process
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3696,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,89768,36232,0.1) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,12348,0.0) /usr/libexec/packagekitd
(root,239612,6492,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5608,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,10148,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6060,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5120,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5496,0.0) /usr/sbin/ModemManager
(root,11800,6568,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8228,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12728,0.0) /lib/systemd/systemd-resolved
(root,15436,8596,0.1) sshd: /usr/sbin/sshd -D [listener] 10 of 4-100 startups
(root,210344,17308,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,12200,0.0) /usr/sbin/squid --foreground -sYC
(root,404416,30904,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(nobody,468484,449604,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/4:0-events]
(proxy,79124,35180,0.0) (squid-1) --kid squid-1 --foreground -sYC
(proxy,6068,1976,0.0) (logfile-daemon) /var/log/squid/access.log
(nobody,253748,234980,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/1:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/10:1-cgroup_destroy]
(root,0,0,0.0) [kworker/8:2-mm_percpu_wq]
(root,253440,233216,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,259116,246256,1.9) nginx: worker process
(nobody,254704,241744,0.0) nginx: worker process
(nobody,255476,242488,0.2) nginx: worker process
(nobody,253760,240820,0.0) nginx: worker process
(nobody,253820,240824,0.0) nginx: worker process
(nobody,254196,240788,0.0) nginx: worker process
(nobody,254052,241020,0.0) nginx: worker process
(nobody,254052,240848,0.0) nginx: worker process
(nobody,254172,241240,0.0) nginx: worker process
(nobody,253748,240708,0.0) nginx: worker process
(nobody,253356,240440,0.0) nginx: worker process
(nobody,253748,240704,0.0) nginx: worker process
(nobody,253892,240976,0.0) nginx: worker process
(nobody,253620,240604,0.0) nginx: worker process
(nobody,254164,241196,0.0) nginx: worker process
(nobody,253644,240632,0.0) nginx: worker process
(nobody,253748,234928,0.0) nginx: cache manager process
(root,2356116,26432,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/13:2-events]
(root,0,0,0.0) [kworker/14:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/3:3-events]
(root,0,0,0.0) [kworker/15:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/2:0-events]
(root,0,0,0.0) [kworker/15:0]
(root,0,0,0.0) [kworker/11:1-events]
(root,0,0,0.0) [kworker/9:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/0:2-cgroup_destroy]
(root,0,0,0.0) [kworker/14:3-cgroup_destroy]
(root,0,0,0.0) [kworker/9:1-cgroup_destroy]
(root,0,0,0.0) [kworker/13:1-cgroup_destroy]
(root,0,0,0.0) [kworker/3:0-events]
(root,0,0,0.0) [kworker/6:3-events]
(root,0,0,0.0) [kworker/12:0-cgroup_destroy]
(root,0,0,0.0) [kworker/7:2-cgroup_destroy]
(root,0,0,0.0) [kworker/0:0-events]
(proxy,6176,2136,0.0) (pinger)
(root,0,0,0.0) [kworker/2:3-cgroup_destroy]
(root,0,0,0.0) [kworker/8:0]
(root,0,0,0.0) [kworker/4:1]
(root,0,0,0.0) [kworker/u32:3-flush-253:0]
(root,0,0,0.0) [kworker/10:0-events]
(root,0,0,0.0) [kworker/5:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/5:3-events]
(root,0,0,0.0) [kworker/7:0-events]
(root,0,0,0.0) [kworker/1:0]
(root,0,0,0.0) [kworker/6:2]
(root,0,0,0.0) [kworker/u32:0-writeback]
(root,0,0,0.0) [kworker/11:3]
(root,0,0,0.0) [kworker/u32:2-events_power_efficient]
(root,0,0,0.0) [kworker/u32:1-events_power_efficient]
(root,15432,8964,0.0) sshd: [accepted]
(sshd,15432,5468,0.0) sshd: [net]
(root,15432,8952,0.0) sshd: [accepted]
(sshd,15432,5408,0.0) sshd: [net]
(root,15432,8952,0.0) sshd: [accepted]
(sshd,15432,5532,0.0) sshd: [net]
(root,15432,8988,0.0) sshd: [accepted]
(root,15432,9012,0.0) sshd: [accepted]
(sshd,15432,5544,0.0) sshd: [net]
(root,16440,10132,0.5) sshd: root [priv]
(sshd,15432,5528,0.0) sshd: root [net]
(root,15432,8940,0.0) sshd: [accepted]
(root,16912,10116,0.0) sshd: unknown [priv]
(sshd,15432,5440,0.0) sshd: unknown [net]
(sshd,15432,5572,0.0) sshd: [net]
(root,16912,10240,0.0) sshd: unknown [priv]
(sshd,15432,5336,0.0) sshd: unknown [net]
(root,16912,10096,1.0) sshd: unknown [priv]
(sshd,15432,5528,0.0) sshd: unknown [net]
(root,7372,3752,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1608,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1124,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,276936,258348,0.0) nginx: cache manager process

Found on 2024-09-29 21:45

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca792ecbe9

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315504,13580,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5272,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13460,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9480,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13832,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2852,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2556,0.0) su -
(root,8796,3808,0.0) -bash
(custadm+,17172,8820,0.0) /lib/systemd/systemd --user
(custadm+,318416,5568,0.0) (sd-pam)
(root,0,0,0.0) [kworker/12:2-events]
(root,0,0,0.0) [kworker/10:3-events]
(nobody,490516,471760,0.0) nginx: cache manager process
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3696,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,97960,40488,0.1) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,12348,0.0) /usr/libexec/packagekitd
(root,239612,6492,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5616,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,10148,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6060,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5120,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5496,0.0) /usr/sbin/ModemManager
(root,11800,6568,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8228,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12728,0.0) /lib/systemd/systemd-resolved
(root,15436,8596,0.1) sshd: /usr/sbin/sshd -D [listener] 19 of 4-100 startups
(root,210344,17308,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,12200,0.0) /usr/sbin/squid --foreground -sYC
(root,404416,32492,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(nobody,468484,449604,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/9:0-cgroup_destroy]
(root,0,0,0.0) [kworker/3:3-events]
(root,0,0,0.0) [kworker/6:0-events]
(root,0,0,0.0) [kworker/11:2-events]
(root,0,0,0.0) [kworker/5:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/15:2-events]
(root,0,0,0.0) [kworker/4:0-events]
(root,0,0,0.0) [kworker/7:0-events]
(proxy,79124,34768,0.0) (squid-1) --kid squid-1 --foreground -sYC
(proxy,6068,1976,0.0) (logfile-daemon) /var/log/squid/access.log
(root,253440,233288,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,254124,241188,1.8) nginx: worker process
(nobody,253884,240944,0.2) nginx: worker process
(nobody,253748,240744,0.0) nginx: worker process
(nobody,253748,240712,0.0) nginx: worker process
(nobody,253748,240744,0.0) nginx: worker process
(nobody,253748,239820,0.0) nginx: worker process
(nobody,253748,239820,0.0) nginx: worker process
(nobody,253748,240496,0.0) nginx: worker process
(nobody,253748,236040,0.0) nginx: worker process
(nobody,253748,236040,0.0) nginx: worker process
(nobody,253748,236040,0.0) nginx: worker process
(nobody,253748,236040,0.0) nginx: worker process
(nobody,253748,236040,0.0) nginx: worker process
(nobody,253748,236040,0.0) nginx: worker process
(nobody,253748,236040,0.0) nginx: worker process
(nobody,253748,236040,0.0) nginx: worker process
(nobody,253748,234980,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/13:0-events]
(root,0,0,0.0) [kworker/14:1-events]
(root,0,0,0.0) [kworker/14:2-events]
(root,0,0,0.0) [kworker/4:1-cgwb_release]
(root,0,0,0.0) [kworker/8:0-cgroup_destroy]
(root,0,0,0.0) [kworker/1:2-events]
(root,0,0,0.0) [kworker/11:0-events]
(root,0,0,0.0) [kworker/12:0-cgroup_destroy]
(root,0,0,0.0) [kworker/7:1-events]
(root,0,0,0.0) [kworker/13:2-cgroup_destroy]
(root,0,0,0.0) [kworker/10:1-cgroup_destroy]
(proxy,6176,2208,0.0) (pinger)
(root,0,0,0.0) [kworker/15:1-cgroup_destroy]
(root,0,0,0.0) [kworker/0:0-cgroup_destroy]
(root,0,0,0.0) [kworker/9:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/6:1]
(root,0,0,0.0) [kworker/1:3-cgroup_destroy]
(root,0,0,0.0) [kworker/5:2]
(root,0,0,0.0) [kworker/u32:0-events_power_efficient]
(root,0,0,0.0) [kworker/3:1-events]
(root,0,0,0.0) [kworker/0:1-events]
(root,0,0,0.0) [kworker/u32:2-events_power_efficient]
(root,0,0,0.0) [kworker/8:2-events]
(root,0,0,0.0) [kworker/2:2]
(root,0,0,0.0) [kworker/u32:4-flush-8:0]
(root,0,0,0.0) [kworker/u32:1-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/u32:3-events_power_efficient]
(root,15432,8812,0.0) sshd: [accepted]
(root,0,0,0.0) [kworker/u32:5]
(root,15432,8896,0.0) sshd: [accepted]
(root,15432,8776,0.0) sshd: [accepted]
(sshd,15432,5424,0.0) sshd: [net]
(root,0,0,0.0) [kworker/12:1-cgroup_destroy]
(root,0,0,0.0) [kworker/12:3]
(root,15432,9036,0.0) sshd: [accepted]
(root,16912,10332,0.0) sshd: unknown [priv]
(sshd,15432,5444,0.0) sshd: unknown [net]
(root,16912,10200,0.0) sshd: unknown [priv]
(sshd,15432,5432,0.0) sshd: unknown [net]
(root,16440,9748,0.0) sshd: pollinate [priv]
(sshd,15432,5512,0.0) sshd: pollinate [net]
(root,16912,10108,0.0) sshd: unknown [priv]
(sshd,15432,5576,0.0) sshd: unknown [net]
(root,16440,9900,0.2) sshd: pollinate [priv]
(sshd,15432,5408,0.0) sshd: pollinate [net]
(root,16440,9692,0.2) sshd: pollinate [priv]
(sshd,15432,5608,0.0) sshd: pollinate [net]
(root,15432,8928,0.0) sshd: [accepted]
(sshd,15432,5464,0.0) sshd: [net]
(root,16912,10364,0.2) sshd: unknown [priv]
(sshd,15432,5552,0.0) sshd: unknown [net]
(root,16912,10380,0.0) sshd: unknown [priv]
(sshd,15432,5436,0.0) sshd: unknown [net]
(root,16912,10136,0.3) sshd: unknown [priv]
(sshd,15432,5528,0.0) sshd: unknown [net]
(root,16912,10104,0.0) sshd: unknown [priv]
(sshd,15432,5604,0.0) sshd: unknown [net]
(root,16440,9928,2.0) sshd: root [priv]
(sshd,15432,5392,0.0) sshd: root [net]
(root,15432,8988,0.0) sshd: [accepted]
(sshd,15432,5504,0.0) sshd: [net]
(root,15432,9024,0.0) sshd: [accepted]
(sshd,15432,5372,0.0) sshd: [net]
(root,15432,8924,0.0) sshd: [accepted]
(sshd,15432,5416,0.0) sshd: [net]
(root,7372,3808,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1608,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1112,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(root,2356116,26860,0.0) /usr/lib/snapd/snapd
(nobody,276936,258348,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/2:1-mm_percpu_wq]

Found on 2024-09-27 23:40

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320caee8609e0

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315504,13580,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5272,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13460,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9480,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13832,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2852,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2556,0.0) su -
(root,8796,3808,0.0) -bash
(custadm+,17172,8820,0.0) /lib/systemd/systemd --user
(custadm+,318416,5568,0.0) (sd-pam)
(root,0,0,0.0) [kworker/1:1-events]
(root,0,0,0.0) [kworker/0:1-events]
(root,0,0,0.0) [kworker/12:2-events]
(root,0,0,0.0) [kworker/3:2-events]
(root,0,0,0.0) [kworker/6:2-events]
(root,0,0,0.0) [kworker/10:3-events]
(root,0,0,0.0) [kworker/5:0-cgroup_destroy]
(root,490208,475036,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,0.0) [kworker/5:1-events]
(nobody,490516,476172,1.5) nginx: worker process
(nobody,490516,476108,0.2) nginx: worker process
(nobody,490516,476076,0.0) nginx: worker process
(nobody,490516,476068,0.0) nginx: worker process
(nobody,490516,476060,0.0) nginx: worker process
(nobody,490516,471696,0.0) nginx: worker process
(nobody,490516,471696,0.0) nginx: worker process
(nobody,490516,471696,0.0) nginx: worker process
(nobody,490516,471696,0.0) nginx: worker process
(nobody,490516,471696,0.0) nginx: worker process
(nobody,490516,471696,0.0) nginx: worker process
(nobody,490516,471696,0.0) nginx: worker process
(nobody,490516,471696,0.0) nginx: worker process
(nobody,490516,471696,0.0) nginx: worker process
(nobody,490516,471696,0.0) nginx: worker process
(nobody,490516,471696,0.0) nginx: worker process
(nobody,490516,471760,0.0) nginx: cache manager process
(proxy,6068,1912,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/8:1-events]
(root,0,0,0.0) [kworker/13:1-events]
(root,0,0,0.0) [kworker/15:1-cgroup_destroy]
(root,0,0,0.0) [kworker/2:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/10:0-events]
(root,0,0,0.0) [kworker/11:1-events]
(proxy,6176,2144,0.0) (pinger)
(root,0,0,0.0) [kworker/12:0-cgroup_destroy]
(root,0,0,0.0) [kworker/4:1-events]
(root,0,0,0.0) [kworker/11:3-cgroup_destroy]
(root,0,0,0.0) [kworker/8:2-cgroup_destroy]
(root,0,0,0.0) [kworker/9:2-events]
(root,0,0,0.0) [kworker/9:1-events]
(root,0,0,0.0) [kworker/13:2]
(root,0,0,0.0) [kworker/u32:0-writeback]
(root,0,0,0.0) [kworker/7:1]
(root,0,0,0.0) [kworker/0:0]
(root,0,0,0.0) [kworker/u32:1-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/u32:3-events_power_efficient]
(root,0,0,0.0) [kworker/6:3-events]
(root,0,0,0.0) [kworker/1:0]
(root,0,0,0.0) [kworker/14:2]
(root,0,0,0.0) [kworker/3:0-events]
(root,0,0,0.0) [kworker/u32:2-flush-253:0]
(root,0,0,0.0) [kworker/4:3]
(root,0,0,0.0) [kworker/u32:4]
(root,15432,8876,0.0) sshd: [accepted]
(root,15432,8836,0.0) sshd: [accepted]
(root,15432,8820,0.0) sshd: [accepted]
(root,15432,8768,0.0) sshd: [accepted]
(root,15432,8840,0.0) sshd: [accepted]
(sshd,15432,5472,0.0) sshd: [net]
(root,16440,9932,1.6) sshd: root [priv]
(sshd,15432,5428,0.0) sshd: root [net]
(root,16912,10432,0.3) sshd: unknown [priv]
(sshd,15432,5528,0.0) sshd: unknown [net]
(root,16440,9924,2.5) sshd: root [priv]
(sshd,15432,5460,0.0) sshd: root [net]
(root,16912,10236,0.0) sshd: unknown [priv]
(sshd,15432,5524,0.0) sshd: unknown [net]
(root,15432,8884,0.0) sshd: [accepted]
(sshd,15432,5440,0.0) sshd: [net]
(root,15432,8816,0.0) sshd: [accepted]
(sshd,15432,5384,0.0) sshd: [net]
(root,7372,3764,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1556,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1128,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3696,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,196316,124456,0.1) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,12348,0.0) /usr/libexec/packagekitd
(root,239612,6492,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5616,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,10148,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6060,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5120,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5496,0.0) /usr/sbin/ModemManager
(root,11800,6568,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8228,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12728,0.0) /lib/systemd/systemd-resolved
(root,15436,8596,0.1) sshd: /usr/sbin/sshd -D [listener] 11 of 4-100 startups
(root,210344,17308,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,11468,0.0) /usr/sbin/squid --foreground -sYC
(root,404416,32492,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(proxy,80316,33488,0.0) (squid-1) --kid squid-1 --foreground -sYC
(root,2356116,26812,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/14:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/7:3-events]
(root,0,0,0.0) [kworker/15:0-events]
(nobody,276936,258348,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/2:1-events]

Found on 2024-09-25 23:46

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320cabc7e8f51

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315504,13580,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5272,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13460,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9480,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13832,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,0,0,0.0) [kworker/10:2-cgroup_destroy]
(root,0,0,0.0) [kworker/5:0]
(root,0,0,0.0) [kworker/6:1-events]
(root,0,0,0.0) [kworker/7:0-cgroup_destroy]
(root,0,0,0.0) [kworker/1:1-events]
(root,0,0,0.0) [kworker/14:1-events]
(root,0,0,0.0) [kworker/2:0-cgroup_destroy]
(root,0,0,0.0) [kworker/3:2]
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2852,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3456,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2556,0.0) su -
(root,8796,3808,0.0) -bash
(root,0,0,0.0) [kworker/u32:4-flush-253:0]
(root,0,0,0.0) [kworker/u32:3-events_power_efficient]
(root,0,0,0.0) [kworker/u32:0-writeback]
(root,0,0,0.0) [kworker/11:0]
(root,15432,8804,0.0) sshd: [accepted]
(sshd,15432,5620,0.0) sshd: [net]
(root,15432,8808,0.0) sshd: [accepted]
(root,15432,8712,0.0) sshd: [accepted]
(root,15432,8988,0.0) sshd: [accepted]
(sshd,15432,5376,0.0) sshd: [net]
(root,15432,8896,0.0) sshd: [accepted]
(root,15432,8684,0.0) sshd: [accepted]
(sshd,15432,5528,0.0) sshd: [net]
(root,16440,10044,0.5) sshd: root [priv]
(sshd,15432,5408,0.0) sshd: root [net]
(root,16440,10004,1.6) sshd: root [priv]
(sshd,15432,5636,0.0) sshd: root [net]
(root,16912,10108,0.5) sshd: unknown [priv]
(sshd,15432,5332,0.0) sshd: unknown [net]
(root,15432,8816,0.0) sshd: [accepted]
(sshd,15432,5572,0.0) sshd: [net]
(root,15432,8968,0.0) sshd: [accepted]
(sshd,15432,5300,0.0) sshd: [net]
(root,15432,8808,0.0) sshd: [accepted]
(sshd,15432,5488,0.0) sshd: [net]
(root,7372,3780,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1572,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1164,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(custadm+,17172,8820,0.0) /lib/systemd/systemd --user
(custadm+,318416,5568,0.0) (sd-pam)
(root,6896,2576,0.0) /usr/sbin/cron -f -P
(root,82832,3696,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,97960,42560,0.1) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,12348,0.0) /usr/libexec/packagekitd
(root,239612,6492,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5624,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,10148,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6060,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5120,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5496,0.0) /usr/sbin/ModemManager
(root,11800,6568,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8228,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12728,0.0) /lib/systemd/systemd-resolved
(root,15436,8596,0.1) sshd: /usr/sbin/sshd -D [listener] 12 of 4-100 startups
(root,210344,17308,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,11468,0.0) /usr/sbin/squid --foreground -sYC
(root,404416,32492,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(proxy,79228,32984,0.0) (squid-1) --kid squid-1 --foreground -sYC
(root,0,0,0.0) [kworker/12:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/10:1-mm_percpu_wq]
(root,2356116,26468,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/14:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/9:0-events]
(root,0,0,0.0) [kworker/8:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/11:2-cgroup_destroy]
(root,0,0,0.0) [kworker/1:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/8:2-events]
(root,0,0,0.0) [kworker/6:2-events]
(root,0,0,0.0) [kworker/4:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/3:0-events]
(root,0,0,0.0) [kworker/7:3-events]
(root,0,0,0.0) [kworker/5:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/0:1-events]
(root,0,0,0.0) [kworker/15:0-mm_percpu_wq]
(proxy,6068,1952,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/11:1-events]
(root,276628,256408,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,277324,264272,1.1) nginx: worker process
(nobody,277076,264024,0.1) nginx: worker process
(nobody,276936,263856,0.0) nginx: worker process
(nobody,276936,263836,0.0) nginx: worker process
(nobody,276936,263836,0.0) nginx: worker process
(nobody,276936,263120,0.0) nginx: worker process
(nobody,276936,263104,0.0) nginx: worker process
(nobody,276936,263124,0.0) nginx: worker process
(nobody,276936,263124,0.0) nginx: worker process
(nobody,276936,263124,0.0) nginx: worker process
(nobody,276936,263124,0.0) nginx: worker process
(nobody,276936,263124,0.0) nginx: worker process
(nobody,276936,263124,0.0) nginx: worker process
(nobody,276936,263124,0.0) nginx: worker process
(nobody,276936,263124,0.0) nginx: worker process
(nobody,276936,259372,0.0) nginx: worker process
(nobody,276936,258348,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/13:0-events]
(root,0,0,0.0) [kworker/4:0-cgroup_destroy]
(root,0,0,0.0) [kworker/2:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/0:2-events]
(root,0,0,0.0) [kworker/13:3-cgroup_destroy]
(proxy,6176,2152,0.0) (pinger)
(root,0,0,0.0) [kworker/15:2-events]
(root,0,0,0.0) [kworker/9:3-cgroup_destroy]
(root,0,0,0.0) [kworker/12:1-cgroup_destroy]

Found on 2024-09-23 23:52

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca8469c0a2

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315504,13580,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5280,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13556,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9480,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13948,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2912,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3576,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2648,0.0) su -
(root,8796,3896,0.0) -bash
(custadm+,17172,8820,0.0) /lib/systemd/systemd --user
(custadm+,318416,5580,0.0) (sd-pam)
(nobody,276936,252100,0.0) nginx: cache manager process
(nobody,525272,493660,0.0) nginx: cache manager process
(nobody,276936,250748,0.0) nginx: cache manager process
(nobody,279652,252724,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/2:2-events]
(root,6896,2596,0.0) /usr/sbin/cron -f -P
(root,82832,3696,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7080,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,138920,72696,0.1) /lib/systemd/systemd-journald
(root,11440,1928,0.0) /sbin/auditd
(root,295608,12492,0.0) /usr/libexec/packagekitd
(root,239612,6492,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5628,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2484,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,10148,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6064,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5120,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5696,0.0) /usr/sbin/ModemManager
(root,11800,6568,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8228,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12728,0.0) /lib/systemd/systemd-resolved
(root,15436,8708,0.1) sshd: /usr/sbin/sshd -D [listener] 12 of 4-100 startups
(root,210344,17320,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,11588,0.0) /usr/sbin/squid --foreground -sYC
(root,404416,32516,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(root,0,0,0.0) [kworker/9:2-mm_percpu_wq]
(nobody,276936,255652,0.0) nginx: cache manager process
(proxy,79036,33000,0.0) (squid-1) --kid squid-1 --foreground -sYC
(root,0,0,0.0) [kworker/8:3-events]
(nobody,519140,480704,0.0) nginx: cache manager process
(nobody,276936,255168,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/7:0-events]
(proxy,6068,1976,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/3:1-events]
(root,0,0,0.0) [kworker/12:2-events]
(root,0,0,0.0) [kworker/10:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/11:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/1:1-events]
(root,276628,254808,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,277876,263496,1.0) nginx: worker process
(nobody,277332,262772,0.1) nginx: worker process
(nobody,277076,262552,0.0) nginx: worker process
(nobody,276936,262448,0.0) nginx: worker process
(nobody,276936,257804,0.0) nginx: worker process
(nobody,276936,262372,0.0) nginx: worker process
(nobody,276936,257804,0.0) nginx: worker process
(nobody,276936,257804,0.0) nginx: worker process
(nobody,276936,257804,0.0) nginx: worker process
(nobody,276936,257804,0.0) nginx: worker process
(nobody,276936,257804,0.0) nginx: worker process
(nobody,276936,257804,0.0) nginx: worker process
(nobody,276936,257804,0.0) nginx: worker process
(nobody,276936,257804,0.0) nginx: worker process
(nobody,276936,257804,0.0) nginx: worker process
(nobody,276936,257804,0.0) nginx: worker process
(nobody,276936,256820,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/6:1-cgroup_destroy]
(root,2356116,26644,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/5:2-events]
(root,0,0,0.0) [kworker/13:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/14:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/12:0-cgroup_destroy]
(nobody,513692,482864,0.0) nginx: cache manager process
(nobody,276792,251384,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/5:1-events]
(root,0,0,0.0) [kworker/6:2-events]
(root,0,0,0.0) [kworker/11:0-events]
(root,0,0,0.0) [kworker/7:1-mm_percpu_wq]
(proxy,6176,2172,0.0) (pinger)
(root,0,0,0.0) [kworker/4:1-events]
(root,0,0,0.0) [kworker/0:0-events]
(root,0,0,0.0) [kworker/2:1-cgroup_destroy]
(root,0,0,0.0) [kworker/0:1]
(root,0,0,0.0) [kworker/4:2-cgroup_destroy]
(root,0,0,0.0) [kworker/9:0-cgroup_destroy]
(root,0,0,0.0) [kworker/14:1]
(root,0,0,0.0) [kworker/1:2-cgroup_destroy]
(root,0,0,0.0) [kworker/15:0-cgroup_destroy]
(root,0,0,0.0) [kworker/13:0-cgroup_destroy]
(root,0,0,0.0) [kworker/15:1-events]
(root,0,0,0.0) [kworker/3:0-events]
(root,0,0,0.0) [kworker/8:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/u32:0-flush-253:0]
(root,0,0,0.0) [kworker/10:0]
(root,0,0,0.0) [kworker/u32:3-events_power_efficient]
(root,0,0,0.0) [kworker/u32:4-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/u32:1-flush-8:0]
(root,0,0,0.0) [kworker/u32:2-flush-8:0]
(root,15432,8900,0.0) sshd: [accepted]
(root,15432,9012,0.0) sshd: [accepted]
(root,15432,8880,0.0) sshd: [accepted]
(root,15432,8864,0.0) sshd: [accepted]
(root,15432,9016,0.0) sshd: [accepted]
(sshd,15432,5500,0.0) sshd: [net]
(root,16752,10060,0.0) sshd: unknown [priv]
(sshd,15432,5416,0.0) sshd: unknown [net]
(root,16912,10016,0.2) sshd: unknown [priv]
(sshd,15432,5516,0.0) sshd: unknown [net]
(root,16912,10328,0.2) sshd: unknown [priv]
(sshd,15432,5372,0.0) sshd: unknown [net]
(root,15432,8896,0.0) sshd: [accepted]
(root,15432,8796,0.0) sshd: [accepted]
(sshd,15432,5516,0.0) sshd: [net]
(root,15432,8916,0.0) sshd: [accepted]
(sshd,15432,5448,0.0) sshd: [net]
(sshd,15432,5516,0.0) sshd: [net]
(root,15432,8976,0.0) sshd: [accepted]
(sshd,15432,5332,0.0) sshd: [net]
(root,7372,3852,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1572,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1072,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,513452,481152,0.0) nginx: cache manager process
(c2s,17176,8932,0.0) /lib/systemd/systemd --user
(c2s,318416,5580,0.0) (sd-pam)
(nobody,280332,253404,0.0) nginx: cache manager process

Found on 2024-09-21 23:37

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca109df312

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315504,13576,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5280,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13620,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9480,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13948,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2928,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3576,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2648,0.0) su -
(root,8796,3896,0.0) -bash
(custadm+,17172,8820,0.0) /lib/systemd/systemd --user
(custadm+,318416,5580,0.0) (sd-pam)
(nobody,276936,254732,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/1:0-events]
(root,0,0,0.0) [kworker/10:2-events]
(root,0,0,0.0) [kworker/7:1-cgroup_destroy]
(nobody,525272,498348,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/13:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/12:3-cgroup_destroy]
(nobody,276936,253396,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/3:2-cgroup_destroy]
(nobody,279652,255360,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/15:3-events]
(root,0,0,0.0) [kworker/11:2-events]
(root,0,0,0.0) [kworker/2:2-events]
(root,6896,2596,0.0) /usr/sbin/cron -f -P
(root,82832,3696,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7140,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,171588,101680,0.1) /lib/systemd/systemd-journald
(root,11440,1948,0.0) /sbin/auditd
(root,295608,12552,0.0) /usr/libexec/packagekitd
(root,239612,6492,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5636,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2532,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,10148,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6064,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5120,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,5832,0.0) /usr/sbin/ModemManager
(root,11800,6568,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8228,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12728,0.0) /lib/systemd/systemd-resolved
(root,15436,9080,0.1) sshd: /usr/sbin/sshd -D [listener] 18 of 4-100 startups
(root,210344,17272,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,12236,0.0) /usr/sbin/squid --foreground -sYC
(root,0,0,0.0) [kworker/4:0-events]
(root,0,0,0.0) [kworker/5:0-cgroup_destroy]
(root,0,0,0.0) [kworker/12:0-events]
(root,404416,31360,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(root,0,0,0.0) [kworker/7:2-events]
(root,0,0,0.0) [kworker/9:2-events]
(root,0,0,0.0) [kworker/1:2-cgroup_destroy]
(root,276628,256492,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,277340,264308,1.8) nginx: worker process
(nobody,276812,263932,0.2) nginx: worker process
(nobody,277324,264184,0.0) nginx: worker process
(nobody,276936,263936,0.0) nginx: worker process
(nobody,276936,264004,0.0) nginx: worker process
(nobody,276936,261904,0.0) nginx: worker process
(nobody,276936,259244,0.0) nginx: worker process
(nobody,276936,259220,0.0) nginx: worker process
(nobody,276936,259364,0.0) nginx: worker process
(nobody,276936,259364,0.0) nginx: worker process
(nobody,276936,259364,0.0) nginx: worker process
(nobody,276936,259364,0.0) nginx: worker process
(nobody,276936,259364,0.0) nginx: worker process
(nobody,276936,259364,0.0) nginx: worker process
(nobody,276936,259364,0.0) nginx: worker process
(nobody,276936,259364,0.0) nginx: worker process
(nobody,276936,258364,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/10:1-events]
(root,0,0,0.0) [kworker/8:2-events]
(root,0,0,0.0) [kworker/0:2-events]
(root,0,0,0.0) [kworker/14:2-cgroup_destroy]
(proxy,78652,33700,0.0) (squid-1) --kid squid-1 --foreground -sYC
(root,0,0,0.0) [kworker/0:0-cgroup_destroy]
(root,0,0,0.0) [kworker/3:3-events]
(proxy,6068,1984,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/6:1-events]
(root,0,0,0.0) [kworker/5:2-events]
(root,0,0,0.0) [kworker/9:1-cgroup_destroy]
(root,0,0,0.0) [kworker/11:1-cgroup_destroy]
(root,0,0,0.0) [kworker/13:0-cgroup_destroy]
(root,0,0,0.0) [kworker/6:0-cgroup_destroy]
(proxy,6176,2144,0.0) (pinger)
(root,0,0,0.0) [kworker/2:1-events]
(root,0,0,0.0) [kworker/4:3]
(root,0,0,0.0) [kworker/15:0]
(root,0,0,0.0) [kworker/8:3-events]
(root,0,0,0.0) [kworker/u32:4-flush-8:0]
(root,0,0,0.0) [kworker/u32:2-flush-253:0]
(root,0,0,0.0) [kworker/u32:5-events_unbound]
(root,0,0,0.0) [kworker/u32:0-ext4-rsv-conversion]
(root,15432,8856,0.0) sshd: [accepted]
(root,0,0,0.0) [kworker/u32:1-flush-253:0]
(root,15432,8688,0.0) sshd: [accepted]
(sshd,15432,5436,0.0) sshd: [net]
(root,15432,8764,0.0) sshd: [accepted]
(root,15432,9032,0.0) sshd: [accepted]
(root,0,0,0.0) [kworker/14:1]
(root,0,0,0.0) [kworker/14:3-events]
(root,15432,9012,0.0) sshd: [accepted]
(root,15432,8820,0.0) sshd: [accepted]
(root,15432,9376,0.0) sshd: [accepted]
(sshd,15432,5504,0.0) sshd: [net]
(root,15432,9012,0.0) sshd: [accepted]
(sshd,15432,5512,0.0) sshd: [net]
(root,15432,8916,0.0) sshd: [accepted]
(root,0,0,0.0) [kworker/u32:3-events_power_efficient]
(root,15432,8980,0.0) sshd: [accepted]
(sshd,15432,5636,0.0) sshd: [net]
(root,15432,9388,0.1) sshd: [accepted]
(sshd,15432,5524,0.0) sshd: [net]
(root,15432,8796,0.0) sshd: [accepted]
(root,15432,9088,0.2) sshd: [accepted]
(sshd,15432,5436,0.0) sshd: [net]
(root,16912,10256,0.0) sshd: unknown [priv]
(sshd,15432,5480,0.0) sshd: unknown [net]
(root,16912,10248,0.3) sshd: unknown [priv]
(sshd,15432,5428,0.0) sshd: unknown [net]
(root,15432,8816,0.0) sshd: [accepted]
(root,15432,8976,0.0) sshd: [accepted]
(sshd,15432,5448,0.0) sshd: [net]
(root,15432,8736,0.0) sshd: [accepted]
(sshd,15432,5500,0.0) sshd: [net]
(root,7372,3780,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1556,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1104,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,519140,485828,0.0) nginx: cache manager process
(root,2356116,26952,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/14:0-events]
(nobody,513692,488048,0.0) nginx: cache manager process
(nobody,276792,254016,0.0) nginx: cache manager process
(nobody,513452,486296,0.0) nginx: cache manager process
(c2s,17176,8932,0.0) /lib/systemd/systemd --user
(c2s,318416,5580,0.0) (sd-pam)
(nobody,280332,256056,0.0) nginx: cache manager process

Found on 2024-09-19 20:40

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca3d7cf7d5

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315504,13608,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5280,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13620,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9480,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13948,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,0,0,0.0) [kworker/11:1-events]
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2944,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3576,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2648,0.0) su -
(root,8796,3896,0.0) -bash
(root,0,0,0.0) [kworker/4:2-mm_percpu_wq]
(custadm+,17172,9548,0.0) /lib/systemd/systemd --user
(custadm+,318416,5580,0.0) (sd-pam)
(root,276628,256396,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,277324,264372,1.7) nginx: worker process
(nobody,277340,264304,0.2) nginx: worker process
(nobody,276936,263876,0.0) nginx: worker process
(nobody,276936,263868,0.0) nginx: worker process
(nobody,276936,263808,0.0) nginx: worker process
(nobody,276936,259412,0.0) nginx: worker process
(nobody,276936,259412,0.0) nginx: worker process
(nobody,276936,259412,0.0) nginx: worker process
(nobody,276936,259412,0.0) nginx: worker process
(nobody,276936,259412,0.0) nginx: worker process
(nobody,276936,259412,0.0) nginx: worker process
(nobody,276936,259412,0.0) nginx: worker process
(nobody,276936,259412,0.0) nginx: worker process
(nobody,276936,259412,0.0) nginx: worker process
(nobody,276936,259412,0.0) nginx: worker process
(nobody,276936,259412,0.0) nginx: worker process
(nobody,276936,258428,0.0) nginx: cache manager process
(proxy,6068,1900,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/1:0-events]
(root,0,0,0.0) [kworker/0:0-events]
(root,0,0,0.0) [kworker/12:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/9:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/10:2-cgroup_destroy]
(root,0,0,0.0) [kworker/8:3-cgroup_destroy]
(root,0,0,0.0) [kworker/12:2-events]
(root,0,0,0.0) [kworker/3:0-events]
(root,0,0,0.0) [kworker/2:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/14:1]
(root,0,0,0.0) [kworker/9:2-cgroup_destroy]
(root,0,0,0.0) [kworker/5:1-cgroup_destroy]
(proxy,6176,2116,0.0) (pinger)
(root,0,0,0.0) [kworker/0:2-cgroup_destroy]
(root,0,0,0.0) [kworker/7:1-events]
(nobody,525272,504588,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/15:1-events]
(root,0,0,0.0) [kworker/1:2-cgroup_destroy]
(root,0,0,0.0) [kworker/2:1-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:0-events_power_efficient]
(root,0,0,0.0) [kworker/3:2]
(root,0,0,0.0) [kworker/6:0]
(root,0,0,0.0) [kworker/11:2-events]
(root,0,0,0.0) [kworker/7:0-events]
(root,0,0,0.0) [kworker/u32:2-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/8:0-events]
(root,0,0,0.0) [kworker/u32:1-writeback]
(root,0,0,0.0) [kworker/13:1-events]
(root,0,0,0.0) [kworker/u32:3-events_power_efficient]
(root,0,0,0.0) [kworker/u32:4]
(root,15432,8804,0.0) sshd: [accepted]
(sshd,15432,5468,0.0) sshd: [net]
(root,15432,9036,0.0) sshd: [accepted]
(root,15432,8944,0.0) sshd: [accepted]
(sshd,15432,5412,0.0) sshd: [net]
(root,16912,10376,0.1) sshd: unknown [priv]
(sshd,15432,5536,0.0) sshd: unknown [net]
(root,16912,10124,0.0) sshd: unknown [priv]
(sshd,15432,5304,0.0) sshd: unknown [net]
(root,16912,10356,0.0) sshd: unknown [priv]
(sshd,15432,5504,0.0) sshd: unknown [net]
(root,16440,10224,0.8) sshd: root [priv]
(sshd,15432,5484,0.0) sshd: root [net]
(root,16912,10256,0.2) sshd: unknown [priv]
(sshd,15432,5516,0.0) sshd: unknown [net]
(root,16912,10148,0.2) sshd: unknown [priv]
(sshd,15432,5528,0.0) sshd: unknown [net]
(root,16440,10068,1.8) sshd: root [priv]
(root,16440,10020,2.2) sshd: root [priv]
(sshd,15432,5572,0.0) sshd: root [net]
(sshd,15432,5452,0.0) sshd: root [net]
(root,16912,10304,0.3) sshd: unknown [priv]
(sshd,15432,5480,0.0) sshd: unknown [net]
(root,16440,9924,2.5) sshd: root [priv]
(sshd,15432,5460,0.0) sshd: root [net]
(root,16752,10284,0.0) sshd: unknown [priv]
(sshd,15432,5336,0.0) sshd: unknown [net]
(root,15432,9048,0.0) sshd: [accepted]
(sshd,15432,5556,0.0) sshd: [net]
(root,7372,3820,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1540,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1164,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(nobody,279652,259012,0.0) nginx: cache manager process
(root,6896,2596,0.0) /usr/sbin/cron -f -P
(root,82832,3696,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7140,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,73384,20468,0.1) /lib/systemd/systemd-journald
(root,11440,2176,0.0) /sbin/auditd
(root,295608,13240,0.0) /usr/libexec/packagekitd
(root,239612,6592,0.0) /usr/libexec/upowerd
(root,289480,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,5644,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2532,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,10300,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6064,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5160,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,6120,0.0) /usr/sbin/ModemManager
(root,11800,6588,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8228,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12728,0.0) /lib/systemd/systemd-resolved
(root,15436,9080,0.1) sshd: /usr/sbin/sshd -D [listener] 15 of 4-100 startups
(root,210344,17220,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,13916,0.0) /usr/sbin/squid --foreground -sYC
(root,404416,31988,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(proxy,78852,33288,0.0) (squid-1) --kid squid-1 --foreground -sYC
(nobody,519140,492700,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/15:2-cgroup_destroy]
(root,2356116,27780,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/14:0-mm_percpu_wq]
(nobody,513692,494536,0.0) nginx: cache manager process
(nobody,276792,257696,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/4:0-cgroup_destroy]
(root,0,0,0.0) [kworker/6:3-mm_percpu_wq]
(root,0,0,0.0) [kworker/10:0-mm_percpu_wq]
(nobody,513452,493456,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/13:0-events]
(c2s,17176,9632,0.0) /lib/systemd/systemd --user
(c2s,318416,5580,0.0) (sd-pam)
(nobody,280332,259668,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/5:2-mm_percpu_wq]

Found on 2024-09-17 21:48

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320caf10585cd

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315504,13652,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5280,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13620,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9504,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13948,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2944,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3576,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2648,0.0) su -
(root,8796,3896,0.0) -bash
(custadm+,17172,9796,0.0) /lib/systemd/systemd --user
(custadm+,318416,5580,0.0) (sd-pam)
(nobody,525272,505592,0.0) nginx: cache manager process
(nobody,279652,259604,0.0) nginx: cache manager process
(root,6896,2596,0.0) /usr/sbin/cron -f -P
(root,82832,3724,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7140,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,179680,113652,0.1) /lib/systemd/systemd-journald
(root,11440,2176,0.0) /sbin/auditd
(root,295608,14428,0.0) /usr/libexec/packagekitd
(root,239612,7032,0.0) /usr/libexec/upowerd
(root,223944,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,6036,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2532,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9656,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6064,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5680,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,6852,0.0) /usr/sbin/ModemManager
(root,11800,6556,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8304,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12784,0.0) /lib/systemd/systemd-resolved
(root,15436,9080,0.1) sshd: /usr/sbin/sshd -D [listener] 14 of 4-100 startups
(root,210344,17224,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,14612,0.0) /usr/sbin/squid --foreground -sYC
(root,404416,31664,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(root,0,0,0.0) [kworker/6:2-events]
(root,0,0,0.0) [kworker/10:0-events]
(proxy,78392,32824,0.0) (squid-1) --kid squid-1 --foreground -sYC
(nobody,519140,493776,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/15:2-events]
(proxy,6068,1900,0.0) (logfile-daemon) /var/log/squid/access.log
(root,2355796,25624,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/5:0-events]
(root,0,0,0.0) [kworker/14:0-mm_percpu_wq]
(nobody,513692,495604,0.0) nginx: cache manager process
(root,276484,256288,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,277232,264432,1.8) nginx: worker process
(nobody,276920,264096,0.2) nginx: worker process
(nobody,276792,263968,0.0) nginx: worker process
(nobody,276792,263816,0.0) nginx: worker process
(nobody,276792,263964,0.0) nginx: worker process
(nobody,276792,262680,0.0) nginx: worker process
(nobody,276792,262680,0.0) nginx: worker process
(nobody,276792,261912,0.0) nginx: worker process
(nobody,276792,261912,0.0) nginx: worker process
(nobody,276792,261912,0.0) nginx: worker process
(nobody,276792,259284,0.0) nginx: worker process
(nobody,276792,259284,0.0) nginx: worker process
(nobody,276792,259284,0.0) nginx: worker process
(nobody,276792,259284,0.0) nginx: worker process
(nobody,276792,259284,0.0) nginx: worker process
(nobody,276792,259284,0.0) nginx: worker process
(nobody,276792,258272,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/2:0-events]
(root,0,0,0.0) [kworker/8:2-events]
(root,0,0,0.0) [kworker/4:0-events]
(root,0,0,0.0) [kworker/9:3-events]
(root,0,0,0.0) [kworker/5:2-cgroup_destroy]
(root,0,0,0.0) [kworker/0:1-events]
(root,0,0,0.0) [kworker/3:0-events]
(root,0,0,0.0) [kworker/11:1-events]
(root,0,0,0.0) [kworker/13:1-cgroup_destroy]
(root,0,0,0.0) [kworker/7:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/12:2-cgroup_destroy]
(root,0,0,0.0) [kworker/13:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/2:1-cgroup_destroy]
(root,0,0,0.0) [kworker/1:0-events]
(root,0,0,0.0) [kworker/6:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/8:1-cgroup_destroy]
(root,0,0,0.0) [kworker/15:0-cgroup_destroy]
(root,0,0,0.0) [kworker/4:2-cgroup_destroy]
(proxy,6176,2196,0.0) (pinger)
(root,0,0,0.0) [kworker/0:2-cgroup_destroy]
(root,0,0,0.0) [kworker/11:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/10:2-events]
(root,0,0,0.0) [kworker/12:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/14:1]
(root,0,0,0.0) [kworker/1:1]
(root,0,0,0.0) [kworker/9:1]
(root,0,0,0.0) [kworker/3:1-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:2-flush-253:0]
(root,0,0,0.0) [kworker/u32:0-flush-253:0]
(root,0,0,0.0) [kworker/u32:3-events_power_efficient]
(root,0,0,0.0) [kworker/u32:4-flush-253:0]
(root,0,0,0.0) [kworker/7:2]
(root,15432,8988,0.0) sshd: [accepted]
(root,15432,8832,0.0) sshd: [accepted]
(root,15432,8968,0.0) sshd: [accepted]
(root,15432,9072,0.0) sshd: [accepted]
(sshd,15432,5476,0.0) sshd: [net]
(root,15432,8948,0.0) sshd: [accepted]
(sshd,15432,5332,0.0) sshd: [net]
(root,0,0,0.0) [kworker/u32:1-flush-253:0]
(root,15432,9036,0.0) sshd: [accepted]
(sshd,15432,5600,0.0) sshd: [net]
(root,15432,8988,0.0) sshd: [accepted]
(root,15432,8896,0.0) sshd: [accepted]
(root,16440,9980,1.6) sshd: root [priv]
(sshd,15432,5412,0.0) sshd: root [net]
(root,16912,10144,0.0) sshd: unknown [priv]
(root,16440,10040,1.6) sshd: root [priv]
(sshd,15432,5560,0.0) sshd: root [net]
(root,16440,10140,2.5) sshd: root [priv]
(sshd,15432,5400,0.0) sshd: root [net]
(sshd,15432,5488,0.0) sshd: unknown [net]
(root,15432,8840,0.0) sshd: [accepted]
(sshd,15432,5404,0.0) sshd: [net]
(root,15432,8876,0.0) sshd: [accepted]
(sshd,15432,5636,0.0) sshd: [net]
(root,7372,3868,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1576,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1112,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(c2s,17176,9916,0.0) /lib/systemd/systemd --user
(c2s,318416,5580,0.0) (sd-pam)
(nobody,280332,260288,0.0) nginx: cache manager process

Found on 2024-09-15 23:29

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca61a7c0cb

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315504,13652,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5280,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13620,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9504,0.0) /lib/systemd/systemd-logind
(root,7824,3212,0.0) /bin/login -p --
(root,109760,13948,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2944,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3576,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2648,0.0) su -
(root,8796,3896,0.0) -bash
(custadm+,17172,9816,0.0) /lib/systemd/systemd --user
(custadm+,318416,5580,0.0) (sd-pam)
(nobody,525272,505788,0.0) nginx: cache manager process
(nobody,279652,259704,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/12:3-cgroup_destroy]
(root,0,0,0.0) [kworker/9:0-mm_percpu_wq]
(root,6896,2596,0.0) /usr/sbin/cron -f -P
(root,82832,3724,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7140,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,138744,71928,0.1) /lib/systemd/systemd-journald
(root,11440,2176,0.0) /sbin/auditd
(root,295608,14500,0.0) /usr/libexec/packagekitd
(root,239612,7096,0.0) /usr/libexec/upowerd
(root,223944,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,6044,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2532,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9720,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6064,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5732,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,7024,0.0) /usr/sbin/ModemManager
(root,11800,6556,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8304,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12784,0.0) /lib/systemd/systemd-resolved
(root,15436,9080,0.1) sshd: /usr/sbin/sshd -D [listener] 10 of 4-100 startups
(root,210344,17232,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,14696,0.0) /usr/sbin/squid --foreground -sYC
(root,404416,31152,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(root,0,0,0.0) [kworker/11:1-events]
(root,0,0,0.0) [kworker/6:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/8:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/10:0-mm_percpu_wq]
(proxy,78392,32920,0.0) (squid-1) --kid squid-1 --foreground -sYC
(nobody,519140,493928,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/8:1-cgroup_destroy]
(root,0,0,0.0) [kworker/15:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/2:1-events]
(root,515956,499936,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,0.0) [kworker/7:1-events]
(proxy,6068,1900,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/1:2-mm_percpu_wq]
(root,0,0,0.0) [kworker/5:2-events]
(nobody,516264,501412,2.2) nginx: worker process
(nobody,516264,501264,0.3) nginx: worker process
(nobody,516264,501224,0.0) nginx: worker process
(nobody,516264,501196,0.0) nginx: worker process
(nobody,516264,496780,0.0) nginx: worker process
(nobody,516264,496780,0.0) nginx: worker process
(nobody,516264,496780,0.0) nginx: worker process
(nobody,516264,496780,0.0) nginx: worker process
(nobody,516264,496780,0.0) nginx: worker process
(nobody,516264,496780,0.0) nginx: worker process
(nobody,516264,496780,0.0) nginx: worker process
(nobody,516264,496780,0.0) nginx: worker process
(nobody,516264,496780,0.0) nginx: worker process
(nobody,516264,496780,0.0) nginx: worker process
(nobody,516264,496780,0.0) nginx: worker process
(nobody,516264,496780,0.0) nginx: worker process
(nobody,516264,496896,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/12:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/7:0-cgroup_destroy]
(root,0,0,0.0) [kworker/0:0-events]
(root,0,0,0.0) [kworker/3:2-events]
(root,0,0,0.0) [kworker/14:3-mm_percpu_wq]
(root,0,0,0.0) [kworker/4:1-events]
(root,0,0,0.0) [kworker/15:1-events]
(root,0,0,0.0) [kworker/1:1-cgroup_destroy]
(root,0,0,0.0) [kworker/0:2]
(root,0,0,0.0) [kworker/5:0-events]
(proxy,6176,2172,0.0) (pinger)
(root,0,0,0.0) [kworker/6:0-events]
(root,0,0,0.0) [kworker/9:2]
(root,0,0,0.0) [kworker/14:1]
(root,0,0,0.0) [kworker/2:2]
(root,0,0,0.0) [kworker/13:0-events]
(root,0,0,0.0) [kworker/11:3-cgroup_destroy]
(root,0,0,0.0) [kworker/3:0-events]
(root,2355796,25684,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/4:2]
(root,0,0,0.0) [kworker/13:1-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:3-ext4-rsv-conversion]
(root,0,0,0.0) [kworker/10:1-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:4-events_power_efficient]
(root,0,0,0.0) [kworker/u32:2-events_power_efficient]
(root,0,0,0.0) [kworker/u32:0-events_power_efficient]
(root,15432,8880,0.0) sshd: [accepted]
(root,15432,8888,0.0) sshd: [accepted]
(sshd,15432,5556,0.0) sshd: [net]
(root,16440,9968,1.8) sshd: root [priv]
(sshd,15432,5508,0.0) sshd: root [net]
(root,16440,10280,1.3) sshd: root [priv]
(sshd,15432,5512,0.0) sshd: root [net]
(root,16440,10212,1.3) sshd: root [priv]
(sshd,15432,5516,0.0) sshd: root [net]
(root,15432,8908,0.0) sshd: [accepted]
(root,16440,10016,2.5) sshd: root [priv]
(sshd,15432,5468,0.0) sshd: root [net]
(root,15432,9052,0.0) sshd: [accepted]
(root,15432,9032,0.0) sshd: [accepted]
(root,15432,8996,0.0) sshd: [accepted]
(sshd,15432,5448,0.0) sshd: [net]
(sshd,15432,5560,0.0) sshd: [net]
(root,7372,3728,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1604,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1084,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(c2s,17176,9936,0.0) /lib/systemd/systemd --user
(c2s,318416,5580,0.0) (sd-pam)
(nobody,280332,260288,0.0) nginx: cache manager process

Found on 2024-09-13 22:39

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320caef2fbd99

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315504,13720,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5280,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13620,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9504,0.0) /lib/systemd/systemd-logind
(root,7824,3216,0.0) /bin/login -p --
(root,109760,13948,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,0,0,0.0) [kworker/14:2-cgroup_destroy]
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2944,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3580,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2652,0.0) su -
(root,8796,3896,0.0) -bash
(custadm+,17172,9904,0.0) /lib/systemd/systemd --user
(custadm+,318416,5584,0.0) (sd-pam)
(root,0,0,0.0) [kworker/10:2-events]
(nobody,525272,508148,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/0:0-events]
(root,0,0,0.0) [kworker/15:1-events]
(root,0,0,0.0) [kworker/1:1-events]
(root,0,0,0.0) [kworker/4:3-events]
(root,0,0,0.0) [kworker/11:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/14:0-events]
(root,279344,259184,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,280052,266960,2.2) nginx: worker process
(nobody,280096,267140,0.3) nginx: worker process
(nobody,279652,266672,0.0) nginx: worker process
(nobody,279652,266672,0.0) nginx: worker process
(nobody,279652,266672,0.0) nginx: worker process
(nobody,279652,261924,0.0) nginx: worker process
(nobody,279652,261924,0.0) nginx: worker process
(nobody,279652,261924,0.0) nginx: worker process
(nobody,279652,261924,0.0) nginx: worker process
(nobody,279652,261924,0.0) nginx: worker process
(nobody,279652,261924,0.0) nginx: worker process
(nobody,279652,261924,0.0) nginx: worker process
(nobody,279652,261924,0.0) nginx: worker process
(nobody,279652,261924,0.0) nginx: worker process
(nobody,279652,261924,0.0) nginx: worker process
(nobody,279652,261924,0.0) nginx: worker process
(nobody,279652,260900,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/13:0-events]
(root,0,0,0.0) [kworker/12:3-events]
(root,0,0,0.0) [kworker/3:0-events]
(root,0,0,0.0) [kworker/7:2-events]
(root,0,0,0.0) [kworker/9:0-cgroup_destroy]
(root,0,0,0.0) [kworker/5:1-events]
(root,0,0,0.0) [kworker/7:0-events]
(root,6896,2672,0.0) /usr/sbin/cron -f -P
(root,82832,3724,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7140,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,187924,119196,0.1) /lib/systemd/systemd-journald
(root,11440,2176,0.0) /sbin/auditd
(root,295608,15164,0.0) /usr/libexec/packagekitd
(root,239612,7312,0.0) /usr/libexec/upowerd
(root,223944,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,6044,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2532,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9796,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6064,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5800,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,7148,0.0) /usr/sbin/ModemManager
(root,11800,6556,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8348,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12836,0.0) /lib/systemd/systemd-resolved
(root,15436,9080,0.1) sshd: /usr/sbin/sshd -D [listener] 11 of 4-100 startups
(root,210344,16796,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,15484,0.0) /usr/sbin/squid --foreground -sYC
(root,0,0,0.0) [kworker/2:3-cgroup_destroy]
(root,0,0,0.0) [kworker/5:2-cgroup_destroy]
(root,403392,31152,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(root,0,0,0.0) [kworker/13:1-cgroup_destroy]
(root,0,0,0.0) [kworker/8:2-events]
(root,0,0,0.0) [kworker/11:1-cgroup_destroy]
(root,0,0,0.0) [kworker/1:2-events]
(proxy,6176,2228,0.0) (pinger)
(root,0,0,0.0) [kworker/6:2-events]
(root,0,0,0.0) [kworker/8:0-events]
(root,0,0,0.0) [kworker/10:0]
(root,0,0,0.0) [kworker/12:2-events]
(root,0,0,0.0) [kworker/6:3-events]
(root,0,0,0.0) [kworker/15:3]
(root,0,0,0.0) [kworker/u32:0-flush-253:0]
(root,0,0,0.0) [kworker/3:2-cgroup_destroy]
(root,0,0,0.0) [kworker/u32:2-writeback]
(root,0,0,0.0) [kworker/0:2-events]
(root,0,0,0.0) [kworker/u32:4-flush-253:0]
(root,0,0,0.0) [kworker/u32:1-events_power_efficient]
(root,0,0,0.0) [kworker/u32:3]
(root,0,0,0.0) [kworker/u32:5-events_power_efficient]
(root,0,0,0.0) [kworker/u32:6-flush-253:0]
(root,15432,9048,0.0) sshd: [accepted]
(root,15432,9024,0.0) sshd: [accepted]
(sshd,15432,5516,0.0) sshd: [net]
(root,15432,9044,0.0) sshd: [accepted]
(root,15432,8840,0.0) sshd: [accepted]
(sshd,15432,5556,0.0) sshd: [net]
(root,16912,10136,0.2) sshd: unknown [priv]
(sshd,15432,5472,0.0) sshd: unknown [net]
(root,16440,9808,1.2) sshd: root [priv]
(sshd,15432,5472,0.0) sshd: root [net]
(root,16912,10368,0.0) sshd: unknown [priv]
(sshd,15432,5624,0.0) sshd: unknown [net]
(root,16912,10356,0.0) sshd: unknown [priv]
(sshd,15432,5396,0.0) sshd: unknown [net]
(root,16912,10212,0.5) sshd: unknown [priv]
(sshd,15432,5640,0.0) sshd: unknown [net]
(root,16912,10172,1.0) sshd: unknown [priv]
(sshd,15432,5376,0.0) sshd: unknown [net]
(root,15432,9036,0.0) sshd: [accepted]
(sshd,15432,5540,0.0) sshd: [net]
(root,7372,3816,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1664,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1160,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(proxy,81036,34164,0.0) (squid-1) --kid squid-1 --foreground -sYC
(root,0,0,0.0) [kworker/4:1-events]
(root,2355796,25216,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/9:1-events]
(proxy,6068,1464,0.0) (logfile-daemon) /var/log/squid/access.log
(c2s,17176,10032,0.0) /lib/systemd/systemd --user
(c2s,318416,5584,0.0) (sd-pam)
(nobody,280332,261584,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/2:0-events]

Found on 2024-09-11 22:59

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbe31b495f58941260098b33c3728320ca6352ca28

Found public CheckMk agent:
Version: 1.2.4b7
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,315504,13720,0.0) /lib/systemd/systemd --system --deserialize 44
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [rcu_gp]
(root,0,0,0.0) [rcu_par_gp]
(root,0,0,0.0) [slub_flushwq]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [kworker/0:0H-events_highpri]
(root,0,0,0.0) [mm_percpu_wq]
(root,0,0,0.0) [rcu_tasks_rude_]
(root,0,0,0.0) [rcu_tasks_trace]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [rcu_sched]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [idle_inject/0]
(root,0,0,0.0) [cpuhp/0]
(root,0,0,0.0) [cpuhp/1]
(root,0,0,0.0) [idle_inject/1]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [kworker/1:0H-kblockd]
(root,0,0,0.0) [cpuhp/2]
(root,0,0,0.0) [idle_inject/2]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [kworker/2:0H-events_highpri]
(root,0,0,0.0) [cpuhp/3]
(root,0,0,0.0) [idle_inject/3]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [kworker/3:0H-events_highpri]
(root,0,0,0.0) [cpuhp/4]
(root,0,0,0.0) [idle_inject/4]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kworker/4:0H-events_highpri]
(root,0,0,0.0) [cpuhp/5]
(root,0,0,0.0) [idle_inject/5]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kworker/5:0H-events_highpri]
(root,0,0,0.0) [cpuhp/6]
(root,0,0,0.0) [idle_inject/6]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kworker/6:0H-events_highpri]
(root,0,0,0.0) [cpuhp/7]
(root,0,0,0.0) [idle_inject/7]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kworker/7:0H-events_highpri]
(root,0,0,0.0) [cpuhp/8]
(root,0,0,0.0) [idle_inject/8]
(root,0,0,0.0) [migration/8]
(root,0,0,0.0) [ksoftirqd/8]
(root,0,0,0.0) [kworker/8:0H-events_highpri]
(root,0,0,0.0) [cpuhp/9]
(root,0,0,0.0) [idle_inject/9]
(root,0,0,0.0) [migration/9]
(root,0,0,0.0) [ksoftirqd/9]
(root,0,0,0.0) [kworker/9:0H-events_highpri]
(root,0,0,0.0) [cpuhp/10]
(root,0,0,0.0) [idle_inject/10]
(root,0,0,0.0) [migration/10]
(root,0,0,0.0) [ksoftirqd/10]
(root,0,0,0.0) [kworker/10:0H-events_highpri]
(root,0,0,0.0) [cpuhp/11]
(root,0,0,0.0) [idle_inject/11]
(root,0,0,0.0) [migration/11]
(root,0,0,0.0) [ksoftirqd/11]
(root,0,0,0.0) [kworker/11:0H-events_highpri]
(root,0,0,0.0) [cpuhp/12]
(root,0,0,0.0) [idle_inject/12]
(root,0,0,0.0) [migration/12]
(root,0,0,0.0) [ksoftirqd/12]
(root,0,0,0.0) [kworker/12:0H-events_highpri]
(root,0,0,0.0) [cpuhp/13]
(root,0,0,0.0) [idle_inject/13]
(root,0,0,0.0) [migration/13]
(root,0,0,0.0) [ksoftirqd/13]
(root,0,0,0.0) [kworker/13:0H-events_highpri]
(root,0,0,0.0) [cpuhp/14]
(root,0,0,0.0) [idle_inject/14]
(root,0,0,0.0) [migration/14]
(root,0,0,0.0) [ksoftirqd/14]
(root,0,0,0.0) [kworker/14:0H-events_highpri]
(root,0,0,0.0) [cpuhp/15]
(root,0,0,0.0) [idle_inject/15]
(root,0,0,0.0) [migration/15]
(root,0,0,0.0) [ksoftirqd/15]
(root,0,0,0.0) [kworker/15:0H-events_highpri]
(root,0,0,0.0) [kdevtmpfs]
(root,0,0,0.0) [inet_frag_wq]
(root,0,0,0.0) [kauditd]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [oom_reaper]
(root,0,0,0.0) [writeback]
(root,0,0,0.0) [kcompactd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [kintegrityd]
(root,0,0,0.0) [kblockd]
(root,0,0,0.0) [blkcg_punt_bio]
(root,0,0,0.0) [tpm_dev_wq]
(root,0,0,0.0) [ata_sff]
(root,0,0,0.0) [md]
(root,0,0,0.0) [edac-poller]
(root,0,0,0.0) [devfreq_wq]
(root,0,0,0.0) [watchdogd]
(root,0,0,0.0) [kworker/0:1H-kblockd]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ecryptfs-kthrea]
(root,0,0,0.0) [kthrotld]
(root,0,0,0.0) [acpi_thermal_pm]
(root,0,0,0.0) [vfio-irqfd-clea]
(root,0,0,0.0) [mld]
(root,0,0,0.0) [ipv6_addrconf]
(root,0,0,0.0) [kstrp]
(root,0,0,0.0) [zswap-shrink]
(root,0,0,0.0) [kworker/u33:0]
(root,0,0,0.0) [charger_manager]
(root,0,0,0.0) [kworker/15:1H-kblockd]
(root,0,0,0.0) [kworker/10:1H-kblockd]
(root,0,0,0.0) [cryptd]
(root,0,0,0.0) [kworker/13:1H-kblockd]
(root,0,0,0.0) [kworker/9:1H-kblockd]
(root,0,0,0.0) [kworker/3:1H-kblockd]
(root,0,0,0.0) [kworker/5:1H-kblockd]
(root,0,0,0.0) [kworker/11:1H-kblockd]
(root,0,0,0.0) [kworker/4:1H-kblockd]
(root,0,0,0.0) [kworker/7:1H-kblockd]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_tmf_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [scsi_tmf_1]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [scsi_tmf_2]
(root,0,0,0.0) [scsi_eh_3]
(root,0,0,0.0) [scsi_tmf_3]
(root,0,0,0.0) [scsi_eh_4]
(root,0,0,0.0) [scsi_tmf_4]
(root,0,0,0.0) [scsi_eh_5]
(root,0,0,0.0) [scsi_tmf_5]
(root,0,0,0.0) [scsi_eh_6]
(root,0,0,0.0) [scsi_tmf_6]
(root,0,0,0.0) [scsi_eh_7]
(root,0,0,0.0) [scsi_tmf_7]
(root,0,0,0.0) [scsi_eh_8]
(root,0,0,0.0) [scsi_tmf_8]
(root,0,0,0.0) [scsi_eh_9]
(root,0,0,0.0) [scsi_tmf_9]
(root,0,0,0.0) [scsi_eh_10]
(root,0,0,0.0) [scsi_tmf_10]
(root,0,0,0.0) [poll_megasas2_s]
(root,0,0,0.0) [kworker/2:1H-kblockd]
(root,0,0,0.0) [kworker/14:1H-kblockd]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kworker/12:1H-kblockd]
(root,0,0,0.0) [raid5wq]
(root,0,0,0.0) [kworker/8:1H-kblockd]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [kworker/1:1H-kblockd]
(root,0,0,0.0) [kworker/6:1H-kblockd]
(root,0,0,0.0) [kaluad]
(root,0,0,0.0) [kmpath_rdacd]
(root,0,0,0.0) [kmpathd]
(root,0,0,0.0) [kmpath_handlerd]
(root,0,0,0.0) [ipmi-msghandler]
(root,0,0,0.0) [nfit]
(root,0,0,0.0) [jbd2/dm-3-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/sda2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-2-8]
(root,0,0,0.0) [ext4-rsv-conver]
(root,0,0,0.0) [jbd2/dm-4-8]
(root,0,0,0.0) [ext4-rsv-conver]
(message+,9148,5280,0.0) @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,32740,13620,0.0) /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
(root,25552,9504,0.0) /lib/systemd/systemd-logind
(root,7824,3216,0.0) /bin/login -p --
(root,109760,13948,0.0) /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
(root,0,0,0.0) [kworker/14:2-mm_percpu_wq]
(proxy,6176,2152,0.0) (pinger)
(root,0,0,0.0) [kworker/11:3]
(root,0,0,0.0) [kworker/10:2]
(root,0,0,0.0) [kworker/13:2]
(root,0,0,0.0) [kworker/u32:1-flush-253:2]
(root,0,0,0.0) [kworker/0:2]
(root,0,0,0.0) [kworker/u32:3-flush-253:0]
(root,0,0,0.0) [kworker/u32:5-poll_megasas2_status]
(root,0,0,0.0) [kworker/u32:0-events_power_efficient]
(root,15432,9004,0.0) sshd: [accepted]
(sshd,15432,5596,0.0) sshd: [net]
(root,15432,8968,0.0) sshd: [accepted]
(sshd,15432,5312,0.0) sshd: [net]
(root,15432,8972,0.0) sshd: [accepted]
(root,15432,9036,0.0) sshd: [accepted]
(root,15432,8816,0.0) sshd: [accepted]
(root,15432,9024,0.0) sshd: [accepted]
(root,15432,8956,0.0) sshd: [accepted]
(root,16440,9928,0.1) sshd: root [priv]
(sshd,15432,5420,0.0) sshd: root [net]
(root,15432,8840,0.0) sshd: [accepted]
(sshd,15432,5488,0.0) sshd: [net]
(root,16912,10284,0.0) sshd: unknown [priv]
(sshd,15432,5464,0.0) sshd: unknown [net]
(root,16912,10228,0.2) sshd: unknown [priv]
(sshd,15432,5528,0.0) sshd: unknown [net]
(root,16440,9768,0.0) sshd: proxy [priv]
(sshd,15432,5428,0.0) sshd: proxy [net]
(root,16440,10240,1.3) sshd: root [priv]
(sshd,15432,5512,0.0) sshd: root [net]
(root,16912,10460,0.0) sshd: unknown [priv]
(sshd,15432,5480,0.0) sshd: unknown [net]
(root,15432,9084,0.0) sshd: [accepted]
(sshd,15432,5588,0.0) sshd: [net]
(root,7372,3860,0.0) /bin/bash /usr/bin/check_mk_agent
(root,7064,1560,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,3688,1076,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(infra.mg,17176,8672,0.0) /lib/systemd/systemd --user
(infra.mg,169944,2944,0.0) (sd-pam)
(infra.mg,2892,1944,0.0) -sh
(root,11512,3580,0.0) sudo su -
(root,11512,888,0.0) sudo su -
(root,10232,2652,0.0) su -
(root,8796,3896,0.0) -bash
(root,6896,2672,0.0) /usr/sbin/cron -f -P
(root,82832,3724,0.0) /usr/sbin/irqbalance --foreground
(nagios,10440,7140,0.0) /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
(root,138560,69636,0.1) /lib/systemd/systemd-journald
(root,11440,2176,0.0) /sbin/auditd
(root,295608,15164,0.0) /usr/libexec/packagekitd
(root,239612,7312,0.0) /usr/libexec/upowerd
(root,223944,27096,0.0) /sbin/multipathd -d -s
(syslog,222404,6044,0.0) /usr/sbin/rsyslogd -n -iNONE
(root,9688,2532,0.0) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(ntp,76240,5536,0.0) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 114:120
(root,392692,9792,0.0) /usr/libexec/udisks2/udisksd
(root,12088,6064,0.0) ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
(root,234504,5800,0.0) /usr/libexec/polkitd --no-debug
(root,14576,14544,0.0) ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
(root,317972,7148,0.0) /usr/sbin/ModemManager
(root,11800,6556,0.0) /lib/systemd/systemd-udevd
(systemd+,16392,8348,0.0) /lib/systemd/systemd-networkd
(systemd+,27144,12836,0.0) /lib/systemd/systemd-resolved
(root,15436,9080,0.1) sshd: /usr/sbin/sshd -D [listener] 15 of 4-100 startups
(root,210344,16796,0.0) /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/mcollectived --pid=/var/run/puppetlabs/mcollectived.pid --config=/etc/puppetlabs/mcollective/server.cfg --daemonize
(root,64208,15484,0.0) /usr/sbin/squid --foreground -sYC
(root,403972,30344,0.6) /usr/bin/python3 /usr/bin/fail2ban-server -xf start
(proxy,79396,31156,0.0) (squid-1) --kid squid-1 --foreground -sYC
(root,0,0,0.0) [kworker/8:1-events]
(root,0,0,0.0) [kworker/4:1-events]
(root,2355796,26064,0.0) /usr/lib/snapd/snapd
(root,0,0,0.0) [kworker/10:0-events]
(root,0,0,0.0) [kworker/7:1-events]
(root,0,0,0.0) [kworker/3:0-events]
(root,0,0,0.0) [kworker/2:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/9:1-mm_percpu_wq]
(root,0,0,0.0) [kworker/1:2-events]
(root,0,0,0.0) [kworker/6:1-cgroup_destroy]
(root,0,0,0.0) [kworker/3:1-cgroup_destroy]
(root,0,0,0.0) [kworker/6:0-events]
(root,0,0,0.0) [kworker/5:1-events]
(root,0,0,0.0) [kworker/15:2-mm_percpu_wq]
(proxy,6068,1464,0.0) (logfile-daemon) /var/log/squid/access.log
(root,0,0,0.0) [kworker/15:1-cgroup_destroy]
(root,0,0,0.0) [kworker/14:1-events]
(root,0,0,0.0) [kworker/12:2-events]
(root,0,0,0.0) [kworker/13:0-events]
(root,0,0,0.0) [kworker/0:1-mm_percpu_wq]
(root,16920,10996,0.0) sshd: c2s [priv]
(c2s,17176,10032,0.0) /lib/systemd/systemd --user
(c2s,318416,5584,0.0) (sd-pam)
(c2s,18304,9496,0.0) sshd: c2s@pts/1
(c2s,2892,1924,0.0) -sh
(root,0,0,0.0) [kworker/5:0-cgroup_destroy]
(root,0,0,0.0) [kworker/8:2-mm_percpu_wq]
(root,280024,259760,0.0) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(nobody,281636,268708,1.9) nginx: worker process
(nobody,280460,267440,0.2) nginx: worker process
(nobody,280332,267348,0.0) nginx: worker process
(nobody,280332,262600,0.0) nginx: worker process
(nobody,280332,267328,0.0) nginx: worker process
(nobody,280332,262600,0.0) nginx: worker process
(nobody,280332,262600,0.0) nginx: worker process
(nobody,280332,262600,0.0) nginx: worker process
(nobody,280332,262600,0.0) nginx: worker process
(nobody,280332,262600,0.0) nginx: worker process
(nobody,280332,262600,0.0) nginx: worker process
(nobody,280332,262600,0.0) nginx: worker process
(nobody,280332,262600,0.0) nginx: worker process
(nobody,280332,262600,0.0) nginx: worker process
(nobody,280332,262600,0.0) nginx: worker process
(nobody,280332,262600,0.0) nginx: worker process
(nobody,280332,261584,0.0) nginx: cache manager process
(root,0,0,0.0) [kworker/4:0-events]
(root,0,0,0.0) [kworker/1:1-cgroup_destroy]
(root,0,0,0.0) [kworker/11:0-mm_percpu_wq]
(root,0,0,0.0) [kworker/12:0-cgroup_destroy]
(root,0,0,0.0) [kworker/9:2]
(root,0,0,0.0) [kworker/2:0-cgroup_destroy]
(root,0,0,0.0) [kworker/7:0-cgroup_destroy]

Found on 2024-09-09 20:26

Create report

Open service 180.179.211.59:80

2024-11-20 13:20

HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 20 Nov 2024 13:20:55 GMT
Content-Type: text/html
Content-Length: 178
Connection: close
Location: https://180.179.211.59/

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.18.0 (Ubuntu)</center>
</body>
</html>

Found 2024-11-20 by HttpPlugin

Create report

Domain summary

No record