Host 185.35.236.247
Sweden
Ember AB
  • CheckMK monitoring endpoint publicly available
    IP: 185.35.236.247
    Port: 6556
    First seen 2024-09-09 15:03
    Last seen 2024-12-22 00:59
    Open for 103 days

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df945ccb376

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,167772,12060,01:27:45/33-09:50:48,1) /sbin/init
(root,0,0,00:00:00/33-09:50:48,2) [kthreadd]
(root,0,0,00:00:00/33-09:50:48,3) [rcu_gp]
(root,0,0,00:00:00/33-09:50:48,4) [rcu_par_gp]
(root,0,0,00:00:00/33-09:50:48,5) [slub_flushwq]
(root,0,0,00:00:00/33-09:50:48,6) [netns]
(root,0,0,00:00:00/33-09:50:48,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/33-09:50:48,10) [mm_percpu_wq]
(root,0,0,00:00:00/33-09:50:48,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/33-09:50:48,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/33-09:50:48,13) [rcu_tasks_trace_kthread]
(root,0,0,00:09:24/33-09:50:48,14) [ksoftirqd/0]
(root,0,0,00:10:46/33-09:50:48,15) [rcu_preempt]
(root,0,0,00:00:16/33-09:50:48,16) [migration/0]
(root,0,0,00:00:00/33-09:50:48,18) [cpuhp/0]
(root,0,0,00:00:00/33-09:50:48,20) [kdevtmpfs]
(root,0,0,00:00:00/33-09:50:48,21) [inet_frag_wq]
(root,0,0,00:00:00/33-09:50:48,22) [kauditd]
(root,0,0,00:00:01/33-09:50:48,24) [khungtaskd]
(root,0,0,00:00:00/33-09:50:48,26) [oom_reaper]
(root,0,0,00:00:00/33-09:50:48,27) [writeback]
(root,0,0,00:02:06/33-09:50:48,29) [kcompactd0]
(root,0,0,00:00:00/33-09:50:48,30) [ksmd]
(root,0,0,00:00:53/33-09:50:48,31) [khugepaged]
(root,0,0,00:00:00/33-09:50:48,32) [kintegrityd]
(root,0,0,00:00:00/33-09:50:48,33) [kblockd]
(root,0,0,00:00:00/33-09:50:48,34) [blkcg_punt_bio]
(root,0,0,00:00:00/33-09:50:48,35) [tpm_dev_wq]
(root,0,0,00:00:00/33-09:50:48,36) [edac-poller]
(root,0,0,00:00:00/33-09:50:48,37) [devfreq_wq]
(root,0,0,00:01:47/33-09:50:48,38) [kworker/0:1H-kblockd]
(root,0,0,00:00:15/33-09:50:48,39) [kswapd0]
(root,0,0,00:00:00/33-09:50:48,45) [kthrotld]
(root,0,0,00:00:00/33-09:50:48,47) [acpi_thermal_pm]
(root,0,0,00:00:00/33-09:50:47,48) [mld]
(root,0,0,00:00:00/33-09:50:47,49) [ipv6_addrconf]
(root,0,0,00:00:00/33-09:50:47,54) [kstrp]
(root,0,0,00:00:00/33-09:50:47,59) [zswap-shrink]
(root,0,0,00:00:00/33-09:50:47,60) [kworker/u481:0]
(root,0,0,00:00:00/33-09:50:47,120) [hv_vmbus_con]
(root,0,0,00:00:00/33-09:50:47,123) [hv_vmbus_rescin]
(root,0,0,00:00:00/33-09:50:47,124) [hv_pri_chan]
(root,0,0,00:00:00/33-09:50:47,125) [hv_sub_chan]
(root,0,0,00:00:00/33-09:50:47,127) [scsi_eh_0]
(root,0,0,00:00:00/33-09:50:47,128) [scsi_tmf_0]
(root,0,0,00:01:15/33-09:50:47,166) [jbd2/sda2-8]
(root,0,0,00:00:00/33-09:50:47,167) [ext4-rsv-conver]
(root,164616,130052,00:28:04/33-09:50:46,211) /lib/systemd/systemd-journald
(root,26924,4328,00:00:04/33-09:50:46,234) /lib/systemd/systemd-udevd
(root,0,0,00:01:22/33-09:50:45,271) [hv_balloon]
(root,3108,1872,00:04:55/33-09:50:45,287) /usr/sbin/hv_kvp_daemon -n
(systemd-timesync,90084,6128,00:00:12/33-09:50:45,325) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00/33-09:50:45,338) [cryptd]
(messagebus,8160,4088,00:43:30/33-09:50:44,450) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,2460,892,00:00:00/33-09:50:44,454) /usr/sbin/hv_vss_daemon -n
(root,221788,3708,00:07:04/33-09:50:44,457) /usr/sbin/rsyslogd -n -iNONE
(root,17048,7792,00:23:00/33-09:50:44,458) /lib/systemd/systemd-logind
(root,1801080,17820,00:28:51/33-09:50:44,489) /usr/bin/containerd
(root,0,0,00:00:00/33-09:50:44,500) [cifsiod]
(root,0,0,00:00:00/33-09:50:44,502) [smb3decryptd]
(root,0,0,00:00:00/33-09:50:44,504) [cifsfileinfoput]
(root,0,0,00:00:00/33-09:50:44,505) [cifsoplockd]
(root,0,0,00:00:00/33-09:50:44,506) [deferredclose]
(root,0,0,00:00:00/33-09:50:44,508) [serverclose]
(root,0,0,00:19:38/33-09:50:44,514) [cifsd]
(root,15560,8004,00:06:54/33-09:50:44,538) sshd: /usr/sbin/sshd -D [listener] 1 of 10-100 startups
(root,6608,2644,00:00:05/33-09:50:44,554) /usr/sbin/cron -f
(root,5872,984,00:00:00/33-09:50:44,560) /sbin/agetty -o -p -- \u --noclear - linux
(root,9268,3888,00:00:06/33-09:50:44,570) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,1987252,36420,00:32:23/33-09:50:43,577) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(root,1238196,8692,00:47:28/33-09:41:32,1852) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 8c65228167aeacfff544f8cfed652e0642334c6c9cfed8a60f1d0565e5de1126 -address /run/containerd/containerd.sock
(root,1295248,178616,03:53:58/33-09:41:32,1873) minio server --console-address :9001 /data
(root,1670824,2404,00:00:01/33-09:41:05,1991) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,2372,00:00:01/33-09:41:05,1998) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,2280,00:00:01/33-09:41:05,2008) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,2360,00:00:01/33-09:41:05,2015) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,2384,00:00:03/33-09:41:05,2025) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1670824,4364,00:00:02/33-09:41:05,2033) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1597092,2376,00:00:01/33-09:41:05,2040) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1523360,2304,00:00:03/33-09:41:05,2046) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1238196,9172,00:28:43/33-09:41:05,2097) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 70e54421f4f3bc2d3295cca7ad834de18bab9f75d032a9568bacbfdbe10b6c40 -address /run/containerd/containerd.sock
(root,50572,916,00:00:00/33-09:41:05,2117) nginx: master process nginx -g daemon off;
(systemd-timesync,52584,4584,00:03:01/33-09:41:04,2168) nginx: worker process
(systemd-timesync,50876,564,00:00:18/33-09:41:04,2169) nginx: cache manager process
(root,0,0,00:00:03/03:52:57,1995298) [kworker/0:1-deferredclose]
(root,0,0,00:00:02/02:41:58,2004407) [kworker/0:4-deferredclose]
(root,0,0,00:00:01/02:07:03,2008756) [kworker/0:0-events]
(root,0,0,00:00:00/36:58,2020860) [kworker/0:2-events]
(root,0,0,00:00:00/31:35,2021564) [kworker/u480:3-flush-8:0]
(root,0,0,00:00:00/30:58,2021648) [kworker/0:3-rcu_gp]
(root,0,0,00:00:00/25:35,2022373) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/10:12,2024360) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/04:32,2025044) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/04:03,2025107) [kworker/0:5]
(root,15560,8776,00:00:00/00:04,2025622) sshd: [accepted]
(sshd,15560,5056,00:00:00/00:03,2025623) sshd: [net]
(root,7064,3456,00:00:00/00:00,2025646) /bin/bash /usr/bin/check_mk_agent
(root,7064,3472,00:00:00/00:00,2025683) /bin/bash /usr/bin/check_mk_agent
(root,8088,3880,00:00:00/00:00,2025713) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1052,00:00:00/00:00,2025714) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,7064,1764,00:00:00/00:00,2025719) /bin/bash /usr/bin/check_mk_agent

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:ee:21:7d:ea brd ff:ff:ff:ff:ff:ff
5: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:23:27:b8:c1 brd ff:ff:ff:ff:ff:ff
9: veth57beb38@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether ce:cf:c9:68:2f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
11: vethdba3fdc@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 82:f2:f7:52:f9:37 brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-12-22 00:59

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9581d7d8c

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,167896,12132,01:22:44/31-09:26:19,1) /sbin/init
(root,0,0,00:00:00/31-09:26:19,2) [kthreadd]
(root,0,0,00:00:00/31-09:26:19,3) [rcu_gp]
(root,0,0,00:00:00/31-09:26:19,4) [rcu_par_gp]
(root,0,0,00:00:00/31-09:26:19,5) [slub_flushwq]
(root,0,0,00:00:00/31-09:26:19,6) [netns]
(root,0,0,00:00:00/31-09:26:19,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/31-09:26:19,10) [mm_percpu_wq]
(root,0,0,00:00:00/31-09:26:19,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/31-09:26:19,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/31-09:26:19,13) [rcu_tasks_trace_kthread]
(root,0,0,00:08:52/31-09:26:19,14) [ksoftirqd/0]
(root,0,0,00:10:07/31-09:26:19,15) [rcu_preempt]
(root,0,0,00:00:15/31-09:26:19,16) [migration/0]
(root,0,0,00:00:00/31-09:26:19,18) [cpuhp/0]
(root,0,0,00:00:00/31-09:26:19,20) [kdevtmpfs]
(root,0,0,00:00:00/31-09:26:19,21) [inet_frag_wq]
(root,0,0,00:00:00/31-09:26:19,22) [kauditd]
(root,0,0,00:00:01/31-09:26:19,24) [khungtaskd]
(root,0,0,00:00:00/31-09:26:19,26) [oom_reaper]
(root,0,0,00:00:00/31-09:26:19,27) [writeback]
(root,0,0,00:01:59/31-09:26:19,29) [kcompactd0]
(root,0,0,00:00:00/31-09:26:19,30) [ksmd]
(root,0,0,00:00:50/31-09:26:19,31) [khugepaged]
(root,0,0,00:00:00/31-09:26:19,32) [kintegrityd]
(root,0,0,00:00:00/31-09:26:19,33) [kblockd]
(root,0,0,00:00:00/31-09:26:19,34) [blkcg_punt_bio]
(root,0,0,00:00:00/31-09:26:19,35) [tpm_dev_wq]
(root,0,0,00:00:00/31-09:26:19,36) [edac-poller]
(root,0,0,00:00:00/31-09:26:19,37) [devfreq_wq]
(root,0,0,00:01:41/31-09:26:19,38) [kworker/0:1H-kblockd]
(root,0,0,00:00:14/31-09:26:19,39) [kswapd0]
(root,0,0,00:00:00/31-09:26:19,45) [kthrotld]
(root,0,0,00:00:00/31-09:26:19,47) [acpi_thermal_pm]
(root,0,0,00:00:00/31-09:26:19,48) [mld]
(root,0,0,00:00:00/31-09:26:19,49) [ipv6_addrconf]
(root,0,0,00:00:00/31-09:26:19,54) [kstrp]
(root,0,0,00:00:00/31-09:26:19,59) [zswap-shrink]
(root,0,0,00:00:00/31-09:26:19,60) [kworker/u481:0]
(root,0,0,00:00:00/31-09:26:19,120) [hv_vmbus_con]
(root,0,0,00:00:00/31-09:26:19,123) [hv_vmbus_rescin]
(root,0,0,00:00:00/31-09:26:19,124) [hv_pri_chan]
(root,0,0,00:00:00/31-09:26:19,125) [hv_sub_chan]
(root,0,0,00:00:00/31-09:26:19,127) [scsi_eh_0]
(root,0,0,00:00:00/31-09:26:19,128) [scsi_tmf_0]
(root,0,0,00:01:11/31-09:26:18,166) [jbd2/sda2-8]
(root,0,0,00:00:00/31-09:26:18,167) [ext4-rsv-conver]
(root,209664,165616,00:26:29/31-09:26:17,211) /lib/systemd/systemd-journald
(root,26924,4404,00:00:04/31-09:26:17,234) /lib/systemd/systemd-udevd
(root,0,0,00:01:16/31-09:26:17,271) [hv_balloon]
(root,3108,1872,00:04:37/31-09:26:16,287) /usr/sbin/hv_kvp_daemon -n
(systemd-timesync,90084,6144,00:00:12/31-09:26:16,325) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00/31-09:26:16,338) [cryptd]
(messagebus,8160,4108,00:40:59/31-09:26:16,450) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,2460,892,00:00:00/31-09:26:16,454) /usr/sbin/hv_vss_daemon -n
(root,221788,3724,00:06:39/31-09:26:16,457) /usr/sbin/rsyslogd -n -iNONE
(root,17048,7844,00:21:40/31-09:26:16,458) /lib/systemd/systemd-logind
(root,1801080,17192,00:27:07/31-09:26:16,489) /usr/bin/containerd
(root,0,0,00:00:00/31-09:26:16,500) [cifsiod]
(root,0,0,00:00:00/31-09:26:16,502) [smb3decryptd]
(root,0,0,00:00:00/31-09:26:16,504) [cifsfileinfoput]
(root,0,0,00:00:00/31-09:26:16,505) [cifsoplockd]
(root,0,0,00:00:00/31-09:26:16,506) [deferredclose]
(root,0,0,00:00:00/31-09:26:16,508) [serverclose]
(root,0,0,00:18:27/31-09:26:16,514) [cifsd]
(root,15560,8004,00:06:29/31-09:26:16,538) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,6608,2644,00:00:05/31-09:26:15,554) /usr/sbin/cron -f
(root,5872,984,00:00:00/31-09:26:15,560) /sbin/agetty -o -p -- \u --noclear - linux
(root,9268,4068,00:00:06/31-09:26:15,570) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,1987252,32640,00:30:27/31-09:26:15,577) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(root,1238196,8892,00:44:22/31-09:17:04,1852) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 8c65228167aeacfff544f8cfed652e0642334c6c9cfed8a60f1d0565e5de1126 -address /run/containerd/containerd.sock
(root,1295248,179008,03:39:30/31-09:17:04,1873) minio server --console-address :9001 /data
(root,1670824,2404,00:00:01/31-09:16:37,1991) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,2372,00:00:01/31-09:16:37,1998) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,2280,00:00:01/31-09:16:37,2008) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,2360,00:00:01/31-09:16:37,2015) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,2384,00:00:03/31-09:16:37,2025) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1670824,4364,00:00:02/31-09:16:37,2033) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1597092,2376,00:00:01/31-09:16:37,2040) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1523360,2304,00:00:03/31-09:16:37,2046) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1238196,9176,00:27:01/31-09:16:36,2097) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 70e54421f4f3bc2d3295cca7ad834de18bab9f75d032a9568bacbfdbe10b6c40 -address /run/containerd/containerd.sock
(root,50572,916,00:00:00/31-09:16:36,2117) nginx: master process nginx -g daemon off;
(systemd-timesync,52584,4972,00:03:00/31-09:16:36,2168) nginx: worker process
(systemd-timesync,50876,564,00:00:17/31-09:16:36,2169) nginx: cache manager process
(root,0,0,00:00:01/01:34:15,1642698) [kworker/0:4-cgroup_destroy]
(root,0,0,00:00:01/01:07:06,1646236) [kworker/u480:1+events_unbound]
(root,0,0,00:00:00/01:04:29,1646550) [kworker/0:0-deferredclose]
(root,0,0,00:00:00/58:29,1647314) [kworker/0:1-rcu_par_gp]
(root,0,0,00:00:00/48:29,1648597) [kworker/0:2+events]
(root,0,0,00:00:00/41:29,1649521) [kworker/0:5-rcu_gp]
(root,0,0,00:00:00/14:43,1653018) [kworker/u480:2+events_unbound]
(root,0,0,00:00:00/05:23,1654172) [kworker/u480:4-events_unbound]
(root,0,0,00:00:00/00:37,1654743) [kworker/0:3]
(root,0,0,00:00:00/00:06,1654799) [kworker/u480:0-events_unbound]
(root,7064,3348,00:00:00/00:00,1654839) /bin/bash /usr/bin/check_mk_agent
(root,7064,3368,00:00:00/00:00,1654876) /bin/bash /usr/bin/check_mk_agent
(root,8088,3920,00:00:00/00:00,1654912) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1024,00:00:00/00:00,1654913) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:ee:21:7d:ea brd ff:ff:ff:ff:ff:ff
5: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:23:27:b8:c1 brd ff:ff:ff:ff:ff:ff
9: veth57beb38@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether ce:cf:c9:68:2f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
11: vethdba3fdc@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 82:f2:f7:52:f9:37 brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-12-20 00:35

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9b4790a43

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,167896,12188,01:17:53/29-10:39:03,1) /sbin/init
(root,0,0,00:00:00/29-10:39:03,2) [kthreadd]
(root,0,0,00:00:00/29-10:39:03,3) [rcu_gp]
(root,0,0,00:00:00/29-10:39:03,4) [rcu_par_gp]
(root,0,0,00:00:00/29-10:39:03,5) [slub_flushwq]
(root,0,0,00:00:00/29-10:39:03,6) [netns]
(root,0,0,00:00:00/29-10:39:03,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/29-10:39:03,10) [mm_percpu_wq]
(root,0,0,00:00:00/29-10:39:03,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/29-10:39:03,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/29-10:39:03,13) [rcu_tasks_trace_kthread]
(root,0,0,00:08:21/29-10:39:03,14) [ksoftirqd/0]
(root,0,0,00:09:31/29-10:39:03,15) [rcu_preempt]
(root,0,0,00:00:14/29-10:39:03,16) [migration/0]
(root,0,0,00:00:00/29-10:39:03,18) [cpuhp/0]
(root,0,0,00:00:00/29-10:39:03,20) [kdevtmpfs]
(root,0,0,00:00:00/29-10:39:03,21) [inet_frag_wq]
(root,0,0,00:00:00/29-10:39:03,22) [kauditd]
(root,0,0,00:00:01/29-10:39:03,24) [khungtaskd]
(root,0,0,00:00:00/29-10:39:03,26) [oom_reaper]
(root,0,0,00:00:00/29-10:39:03,27) [writeback]
(root,0,0,00:01:51/29-10:39:03,29) [kcompactd0]
(root,0,0,00:00:00/29-10:39:03,30) [ksmd]
(root,0,0,00:00:47/29-10:39:03,31) [khugepaged]
(root,0,0,00:00:00/29-10:39:03,32) [kintegrityd]
(root,0,0,00:00:00/29-10:39:03,33) [kblockd]
(root,0,0,00:00:00/29-10:39:03,34) [blkcg_punt_bio]
(root,0,0,00:00:00/29-10:39:03,35) [tpm_dev_wq]
(root,0,0,00:00:00/29-10:39:03,36) [edac-poller]
(root,0,0,00:00:00/29-10:39:03,37) [devfreq_wq]
(root,0,0,00:01:35/29-10:39:03,38) [kworker/0:1H-kblockd]
(root,0,0,00:00:13/29-10:39:03,39) [kswapd0]
(root,0,0,00:00:00/29-10:39:03,45) [kthrotld]
(root,0,0,00:00:00/29-10:39:03,47) [acpi_thermal_pm]
(root,0,0,00:00:00/29-10:39:03,48) [mld]
(root,0,0,00:00:00/29-10:39:03,49) [ipv6_addrconf]
(root,0,0,00:00:00/29-10:39:03,54) [kstrp]
(root,0,0,00:00:00/29-10:39:03,59) [zswap-shrink]
(root,0,0,00:00:00/29-10:39:03,60) [kworker/u481:0]
(root,0,0,00:00:00/29-10:39:03,120) [hv_vmbus_con]
(root,0,0,00:00:00/29-10:39:03,123) [hv_vmbus_rescin]
(root,0,0,00:00:00/29-10:39:03,124) [hv_pri_chan]
(root,0,0,00:00:00/29-10:39:03,125) [hv_sub_chan]
(root,0,0,00:00:00/29-10:39:03,127) [scsi_eh_0]
(root,0,0,00:00:00/29-10:39:03,128) [scsi_tmf_0]
(root,0,0,00:01:07/29-10:39:02,166) [jbd2/sda2-8]
(root,0,0,00:00:00/29-10:39:02,167) [ext4-rsv-conver]
(root,90904,64368,00:24:57/29-10:39:01,211) /lib/systemd/systemd-journald
(root,26924,4464,00:00:04/29-10:39:01,234) /lib/systemd/systemd-udevd
(root,0,0,00:01:11/29-10:39:01,271) [hv_balloon]
(root,3108,1872,00:04:20/29-10:39:00,287) /usr/sbin/hv_kvp_daemon -n
(systemd-timesync,90084,6160,00:00:11/29-10:39:00,325) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00/29-10:39:00,338) [cryptd]
(messagebus,8160,4124,00:38:33/29-10:39:00,450) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,2460,892,00:00:00/29-10:39:00,454) /usr/sbin/hv_vss_daemon -n
(root,221788,3756,00:06:17/29-10:39:00,457) /usr/sbin/rsyslogd -n -iNONE
(root,17048,7900,00:20:23/29-10:39:00,458) /lib/systemd/systemd-logind
(root,1801080,17892,00:25:26/29-10:39:00,489) /usr/bin/containerd
(root,0,0,00:00:00/29-10:39:00,500) [cifsiod]
(root,0,0,00:00:00/29-10:39:00,502) [smb3decryptd]
(root,0,0,00:00:00/29-10:39:00,504) [cifsfileinfoput]
(root,0,0,00:00:00/29-10:39:00,505) [cifsoplockd]
(root,0,0,00:00:00/29-10:39:00,506) [deferredclose]
(root,0,0,00:00:00/29-10:39:00,508) [serverclose]
(root,0,0,00:17:19/29-10:39:00,514) [cifsd]
(root,15560,8004,00:06:07/29-10:39:00,538) sshd: /usr/sbin/sshd -D [listener] 1 of 10-100 startups
(root,6608,2644,00:00:04/29-10:38:59,554) /usr/sbin/cron -f
(root,5872,984,00:00:00/29-10:38:59,560) /sbin/agetty -o -p -- \u --noclear - linux
(root,9268,4332,00:00:06/29-10:38:59,570) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,1987252,32136,00:28:34/29-10:38:59,577) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(root,1238196,9100,00:41:28/29-10:29:48,1852) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 8c65228167aeacfff544f8cfed652e0642334c6c9cfed8a60f1d0565e5de1126 -address /run/containerd/containerd.sock
(root,1294992,180632,03:25:31/29-10:29:48,1873) minio server --console-address :9001 /data
(root,1670824,2404,00:00:01/29-10:29:21,1991) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,2372,00:00:01/29-10:29:21,1998) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,2280,00:00:01/29-10:29:21,2008) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,2360,00:00:01/29-10:29:21,2015) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,2384,00:00:03/29-10:29:21,2025) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1670824,4364,00:00:02/29-10:29:21,2033) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1597092,2376,00:00:01/29-10:29:21,2040) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1523360,2304,00:00:03/29-10:29:21,2046) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1238196,9176,00:25:21/29-10:29:20,2097) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 70e54421f4f3bc2d3295cca7ad834de18bab9f75d032a9568bacbfdbe10b6c40 -address /run/containerd/containerd.sock
(root,50572,940,00:00:00/29-10:29:20,2117) nginx: master process nginx -g daemon off;
(systemd-timesync,52584,5300,00:02:58/29-10:29:20,2168) nginx: worker process
(systemd-timesync,50876,588,00:00:16/29-10:29:20,2169) nginx: cache manager process
(root,0,0,00:00:01/02:27:22,1283036) [kworker/0:4-events]
(root,0,0,00:00:01/02:21:22,1283780) [kworker/0:0-cgroup_destroy]
(root,0,0,00:00:00/01:00:22,1294118) [kworker/0:5-deferredclose]
(root,0,0,00:00:00/47:09,1295793) [kworker/0:1-cgroup_destroy]
(root,0,0,00:00:00/38:22,1296866) [kworker/0:3-events]
(root,0,0,00:00:01/34:22,1297355) [kworker/u480:0-events_unbound]
(root,0,0,00:00:01/29:22,1297950) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/08:50,1300474) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/02:27,1301283) [kworker/u480:1-events_unbound]
(root,15560,9148,00:00:00/01:25,1301403) sshd: [accepted]
(root,0,0,00:00:00/01:22,1301404) [kworker/0:2]
(root,19024,10668,00:00:00/00:22,1301526) /lib/systemd/systemd --user
(root,168636,3240,00:00:00/00:22,1301527) (sd-pam)
(root,7064,3452,00:00:00/00:00,1301600) /bin/bash /usr/bin/check_mk_agent
(root,7064,3400,00:00:00/00:00,1301641) /bin/bash /usr/bin/check_mk_agent
(root,8088,3876,00:00:00/00:00,1301677) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1012,00:00:00/00:00,1301678) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:ee:21:7d:ea brd ff:ff:ff:ff:ff:ff
5: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:23:27:b8:c1 brd ff:ff:ff:ff:ff:ff
9: veth57beb38@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether ce:cf:c9:68:2f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
11: vethdba3fdc@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 82:f2:f7:52:f9:37 brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-12-18 01:47

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df989910f69

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,167896,12188,01:17:15/29-04:34:18,1) /sbin/init
(root,0,0,00:00:00/29-04:34:18,2) [kthreadd]
(root,0,0,00:00:00/29-04:34:18,3) [rcu_gp]
(root,0,0,00:00:00/29-04:34:18,4) [rcu_par_gp]
(root,0,0,00:00:00/29-04:34:18,5) [slub_flushwq]
(root,0,0,00:00:00/29-04:34:18,6) [netns]
(root,0,0,00:00:00/29-04:34:18,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/29-04:34:18,10) [mm_percpu_wq]
(root,0,0,00:00:00/29-04:34:18,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/29-04:34:18,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/29-04:34:18,13) [rcu_tasks_trace_kthread]
(root,0,0,00:08:17/29-04:34:18,14) [ksoftirqd/0]
(root,0,0,00:09:26/29-04:34:18,15) [rcu_preempt]
(root,0,0,00:00:14/29-04:34:18,16) [migration/0]
(root,0,0,00:00:00/29-04:34:18,18) [cpuhp/0]
(root,0,0,00:00:00/29-04:34:18,20) [kdevtmpfs]
(root,0,0,00:00:00/29-04:34:18,21) [inet_frag_wq]
(root,0,0,00:00:00/29-04:34:18,22) [kauditd]
(root,0,0,00:00:01/29-04:34:18,24) [khungtaskd]
(root,0,0,00:00:00/29-04:34:18,26) [oom_reaper]
(root,0,0,00:00:00/29-04:34:18,27) [writeback]
(root,0,0,00:01:51/29-04:34:18,29) [kcompactd0]
(root,0,0,00:00:00/29-04:34:18,30) [ksmd]
(root,0,0,00:00:47/29-04:34:18,31) [khugepaged]
(root,0,0,00:00:00/29-04:34:18,32) [kintegrityd]
(root,0,0,00:00:00/29-04:34:18,33) [kblockd]
(root,0,0,00:00:00/29-04:34:18,34) [blkcg_punt_bio]
(root,0,0,00:00:00/29-04:34:18,35) [tpm_dev_wq]
(root,0,0,00:00:00/29-04:34:18,36) [edac-poller]
(root,0,0,00:00:00/29-04:34:18,37) [devfreq_wq]
(root,0,0,00:01:34/29-04:34:18,38) [kworker/0:1H-kblockd]
(root,0,0,00:00:13/29-04:34:18,39) [kswapd0]
(root,0,0,00:00:00/29-04:34:18,45) [kthrotld]
(root,0,0,00:00:00/29-04:34:18,47) [acpi_thermal_pm]
(root,0,0,00:00:00/29-04:34:18,48) [mld]
(root,0,0,00:00:00/29-04:34:18,49) [ipv6_addrconf]
(root,0,0,00:00:00/29-04:34:18,54) [kstrp]
(root,0,0,00:00:00/29-04:34:18,59) [zswap-shrink]
(root,0,0,00:00:00/29-04:34:18,60) [kworker/u481:0]
(root,0,0,00:00:00/29-04:34:17,120) [hv_vmbus_con]
(root,0,0,00:00:00/29-04:34:17,123) [hv_vmbus_rescin]
(root,0,0,00:00:00/29-04:34:17,124) [hv_pri_chan]
(root,0,0,00:00:00/29-04:34:17,125) [hv_sub_chan]
(root,0,0,00:00:00/29-04:34:17,127) [scsi_eh_0]
(root,0,0,00:00:00/29-04:34:17,128) [scsi_tmf_0]
(root,0,0,00:01:06/29-04:34:17,166) [jbd2/sda2-8]
(root,0,0,00:00:00/29-04:34:17,167) [ext4-rsv-conver]
(root,148216,110756,00:24:45/29-04:34:16,211) /lib/systemd/systemd-journald
(root,26924,4464,00:00:04/29-04:34:16,234) /lib/systemd/systemd-udevd
(root,0,0,00:01:10/29-04:34:15,271) [hv_balloon]
(root,3108,1872,00:04:18/29-04:34:15,287) /usr/sbin/hv_kvp_daemon -n
(systemd-timesync,90084,6160,00:00:11/29-04:34:15,325) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00/29-04:34:15,338) [cryptd]
(messagebus,8160,4124,00:38:14/29-04:34:15,450) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,2460,892,00:00:00/29-04:34:15,454) /usr/sbin/hv_vss_daemon -n
(root,221788,3756,00:06:14/29-04:34:15,457) /usr/sbin/rsyslogd -n -iNONE
(root,17048,7900,00:20:12/29-04:34:15,458) /lib/systemd/systemd-logind
(root,1801080,18164,00:25:13/29-04:34:15,489) /usr/bin/containerd
(root,0,0,00:00:00/29-04:34:14,500) [cifsiod]
(root,0,0,00:00:00/29-04:34:14,502) [smb3decryptd]
(root,0,0,00:00:00/29-04:34:14,504) [cifsfileinfoput]
(root,0,0,00:00:00/29-04:34:14,505) [cifsoplockd]
(root,0,0,00:00:00/29-04:34:14,506) [deferredclose]
(root,0,0,00:00:00/29-04:34:14,508) [serverclose]
(root,0,0,00:17:11/29-04:34:14,514) [cifsd]
(root,15560,8004,00:06:03/29-04:34:14,538) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,6608,2644,00:00:04/29-04:34:14,554) /usr/sbin/cron -f
(root,5872,984,00:00:00/29-04:34:14,560) /sbin/agetty -o -p -- \u --noclear - linux
(root,9268,4344,00:00:06/29-04:34:14,570) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,1987252,32148,00:28:19/29-04:34:14,577) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(root,1238196,8548,00:41:06/29-04:25:03,1852) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 8c65228167aeacfff544f8cfed652e0642334c6c9cfed8a60f1d0565e5de1126 -address /run/containerd/containerd.sock
(root,1294992,181124,03:23:42/29-04:25:02,1873) minio server --console-address :9001 /data
(root,1670824,2404,00:00:01/29-04:24:35,1991) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,2372,00:00:01/29-04:24:35,1998) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,2280,00:00:01/29-04:24:35,2008) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,2360,00:00:01/29-04:24:35,2015) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,2384,00:00:03/29-04:24:35,2025) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1670824,4364,00:00:02/29-04:24:35,2033) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1597092,2376,00:00:01/29-04:24:35,2040) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1523360,2304,00:00:03/29-04:24:35,2046) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1238196,9144,00:25:08/29-04:24:35,2097) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 70e54421f4f3bc2d3295cca7ad834de18bab9f75d032a9568bacbfdbe10b6c40 -address /run/containerd/containerd.sock
(root,50572,940,00:00:00/29-04:24:35,2117) nginx: master process nginx -g daemon off;
(systemd-timesync,52584,5344,00:02:58/29-04:24:35,2168) nginx: worker process
(systemd-timesync,50876,588,00:00:15/29-04:24:35,2169) nginx: cache manager process
(root,0,0,00:00:04/04:42:26,1219245) [kworker/0:1-cgroup_destroy]
(root,0,0,00:00:01/01:45:37,1241875) [kworker/0:5-events]
(root,0,0,00:00:00/27:37,1251799) [kworker/0:2-rcu_gp]
(root,0,0,00:00:01/23:27,1252337) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/16:36,1253130) [kworker/0:6-events]
(root,0,0,00:00:00/12:34,1253674) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/07:12,1254296) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/06:37,1254363) [kworker/0:3-deferredclose]
(root,0,0,00:00:00/01:42,1254951) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/00:37,1255083) [kworker/0:0-events]
(root,0,0,00:00:00/00:37,1255084) [kworker/0:4]
(root,7064,3356,00:00:00/00:00,1255180) /bin/bash /usr/bin/check_mk_agent
(root,7064,3376,00:00:00/00:00,1255224) /bin/bash /usr/bin/check_mk_agent
(root,8088,3884,00:00:00/00:00,1255253) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1032,00:00:00/00:00,1255254) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:ee:21:7d:ea brd ff:ff:ff:ff:ff:ff
5: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:23:27:b8:c1 brd ff:ff:ff:ff:ff:ff
9: veth57beb38@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether ce:cf:c9:68:2f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
11: vethdba3fdc@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 82:f2:f7:52:f9:37 brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-12-17 19:43

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9a98b2e45

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,167896,12208,01:12:40/27-08:34:14,1) /sbin/init
(root,0,0,00:00:00/27-08:34:14,2) [kthreadd]
(root,0,0,00:00:00/27-08:34:14,3) [rcu_gp]
(root,0,0,00:00:00/27-08:34:14,4) [rcu_par_gp]
(root,0,0,00:00:00/27-08:34:14,5) [slub_flushwq]
(root,0,0,00:00:00/27-08:34:14,6) [netns]
(root,0,0,00:00:00/27-08:34:14,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/27-08:34:14,10) [mm_percpu_wq]
(root,0,0,00:00:00/27-08:34:14,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/27-08:34:14,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/27-08:34:14,13) [rcu_tasks_trace_kthread]
(root,0,0,00:07:46/27-08:34:14,14) [ksoftirqd/0]
(root,0,0,00:08:51/27-08:34:14,15) [rcu_preempt]
(root,0,0,00:00:13/27-08:34:14,16) [migration/0]
(root,0,0,00:00:00/27-08:34:14,18) [cpuhp/0]
(root,0,0,00:00:00/27-08:34:14,20) [kdevtmpfs]
(root,0,0,00:00:00/27-08:34:14,21) [inet_frag_wq]
(root,0,0,00:00:00/27-08:34:14,22) [kauditd]
(root,0,0,00:00:00/27-08:34:14,24) [khungtaskd]
(root,0,0,00:00:00/27-08:34:14,26) [oom_reaper]
(root,0,0,00:00:00/27-08:34:14,27) [writeback]
(root,0,0,00:01:44/27-08:34:14,29) [kcompactd0]
(root,0,0,00:00:00/27-08:34:14,30) [ksmd]
(root,0,0,00:00:44/27-08:34:14,31) [khugepaged]
(root,0,0,00:00:00/27-08:34:14,32) [kintegrityd]
(root,0,0,00:00:00/27-08:34:14,33) [kblockd]
(root,0,0,00:00:00/27-08:34:14,34) [blkcg_punt_bio]
(root,0,0,00:00:00/27-08:34:14,35) [tpm_dev_wq]
(root,0,0,00:00:00/27-08:34:14,36) [edac-poller]
(root,0,0,00:00:00/27-08:34:14,37) [devfreq_wq]
(root,0,0,00:01:28/27-08:34:14,38) [kworker/0:1H-kblockd]
(root,0,0,00:00:12/27-08:34:14,39) [kswapd0]
(root,0,0,00:00:00/27-08:34:13,45) [kthrotld]
(root,0,0,00:00:00/27-08:34:13,47) [acpi_thermal_pm]
(root,0,0,00:00:00/27-08:34:13,48) [mld]
(root,0,0,00:00:00/27-08:34:13,49) [ipv6_addrconf]
(root,0,0,00:00:00/27-08:34:13,54) [kstrp]
(root,0,0,00:00:00/27-08:34:13,59) [zswap-shrink]
(root,0,0,00:00:00/27-08:34:13,60) [kworker/u481:0]
(root,0,0,00:00:00/27-08:34:13,120) [hv_vmbus_con]
(root,0,0,00:00:00/27-08:34:13,123) [hv_vmbus_rescin]
(root,0,0,00:00:00/27-08:34:13,124) [hv_pri_chan]
(root,0,0,00:00:00/27-08:34:13,125) [hv_sub_chan]
(root,0,0,00:00:00/27-08:34:13,127) [scsi_eh_0]
(root,0,0,00:00:00/27-08:34:13,128) [scsi_tmf_0]
(root,0,0,00:01:02/27-08:34:12,166) [jbd2/sda2-8]
(root,0,0,00:00:00/27-08:34:12,167) [ext4-rsv-conver]
(root,217992,164328,00:23:14/27-08:34:12,211) /lib/systemd/systemd-journald
(root,26924,4548,00:00:04/27-08:34:11,234) /lib/systemd/systemd-udevd
(root,0,0,00:01:05/27-08:34:11,271) [hv_balloon]
(root,3108,1872,00:04:01/27-08:34:11,287) /usr/sbin/hv_kvp_daemon -n
(systemd-timesync,90084,6160,00:00:10/27-08:34:10,325) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00/27-08:34:10,338) [cryptd]
(messagebus,8160,4124,00:35:58/27-08:34:10,450) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,2460,892,00:00:00/27-08:34:10,454) /usr/sbin/hv_vss_daemon -n
(root,221788,3840,00:05:51/27-08:34:10,457) /usr/sbin/rsyslogd -n -iNONE
(root,17048,7920,00:19:00/27-08:34:10,458) /lib/systemd/systemd-logind
(root,1801080,19208,00:23:37/27-08:34:10,489) /usr/bin/containerd
(root,0,0,00:00:00/27-08:34:10,500) [cifsiod]
(root,0,0,00:00:00/27-08:34:10,502) [smb3decryptd]
(root,0,0,00:00:00/27-08:34:10,504) [cifsfileinfoput]
(root,0,0,00:00:00/27-08:34:10,505) [cifsoplockd]
(root,0,0,00:00:00/27-08:34:10,506) [deferredclose]
(root,0,0,00:00:00/27-08:34:10,508) [serverclose]
(root,0,0,00:16:08/27-08:34:10,514) [cifsd]
(root,15560,8004,00:05:36/27-08:34:10,538) sshd: /usr/sbin/sshd -D [listener] 1 of 10-100 startups
(root,6608,2644,00:00:04/27-08:34:10,554) /usr/sbin/cron -f
(root,5872,984,00:00:00/27-08:34:10,560) /sbin/agetty -o -p -- \u --noclear - linux
(root,9268,4536,00:00:05/27-08:34:09,570) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,1987252,32324,00:26:33/27-08:34:09,577) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(root,1238196,8720,00:38:25/27-08:24:58,1852) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 8c65228167aeacfff544f8cfed652e0642334c6c9cfed8a60f1d0565e5de1126 -address /run/containerd/containerd.sock
(root,1294992,182428,03:10:33/27-08:24:58,1873) minio server --console-address :9001 /data
(root,1670824,2404,00:00:01/27-08:24:31,1991) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,2372,00:00:01/27-08:24:31,1998) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,2280,00:00:01/27-08:24:31,2008) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,2360,00:00:01/27-08:24:31,2015) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,2384,00:00:03/27-08:24:31,2025) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1670824,4364,00:00:02/27-08:24:31,2033) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1597092,2376,00:00:01/27-08:24:31,2040) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1523360,2304,00:00:03/27-08:24:31,2046) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1238196,9016,00:23:35/27-08:24:30,2097) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 70e54421f4f3bc2d3295cca7ad834de18bab9f75d032a9568bacbfdbe10b6c40 -address /run/containerd/containerd.sock
(root,50572,952,00:00:00/27-08:24:30,2117) nginx: master process nginx -g daemon off;
(systemd-timesync,52584,5736,00:02:57/27-08:24:30,2168) nginx: worker process
(systemd-timesync,50876,588,00:00:14/27-08:24:30,2169) nginx: cache manager process
(root,0,0,00:00:02/03:42:34,881783) [kworker/0:6-rcu_gp]
(root,0,0,00:00:02/02:16:32,893802) [kworker/0:1-rcu_gp]
(root,0,0,00:00:01/01:10:34,902448) [kworker/0:2-cgroup_destroy]
(root,0,0,00:00:00/32:28,907422) [kworker/u480:6-events_unbound]
(root,0,0,00:00:00/20:32,909079) [kworker/u480:1+events_unbound]
(root,0,0,00:00:00/15:32,909755) [kworker/0:0-cgroup_destroy]
(root,0,0,00:00:00/09:37,910562) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/04:08,911348) [kworker/u480:0+events_unbound]
(root,0,0,00:00:00/03:32,911428) [kworker/0:3-cgroup_destroy]
(root,15560,9176,00:00:00/00:00,911900) sshd: [accepted]
(sshd,15560,5116,00:00:00/00:00,911901) sshd: [net]
(root,7064,3348,00:00:00/00:00,911924) /bin/bash /usr/bin/check_mk_agent
(root,7064,3392,00:00:00/00:00,911960) /bin/bash /usr/bin/check_mk_agent
(root,8088,3948,00:00:00/00:00,911994) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1048,00:00:00/00:00,911995) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:ee:21:7d:ea brd ff:ff:ff:ff:ff:ff
5: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:23:27:b8:c1 brd ff:ff:ff:ff:ff:ff
9: veth57beb38@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether ce:cf:c9:68:2f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
11: vethdba3fdc@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 82:f2:f7:52:f9:37 brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-12-15 23:43

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df918e24a03

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,167896,12208,01:07:42/25-08:51:59,1) /sbin/init
(root,0,0,00:00:00/25-08:51:59,2) [kthreadd]
(root,0,0,00:00:00/25-08:51:59,3) [rcu_gp]
(root,0,0,00:00:00/25-08:51:59,4) [rcu_par_gp]
(root,0,0,00:00:00/25-08:51:59,5) [slub_flushwq]
(root,0,0,00:00:00/25-08:51:59,6) [netns]
(root,0,0,00:00:00/25-08:51:59,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/25-08:51:59,10) [mm_percpu_wq]
(root,0,0,00:00:00/25-08:51:59,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/25-08:51:59,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/25-08:51:59,13) [rcu_tasks_trace_kthread]
(root,0,0,00:07:14/25-08:51:59,14) [ksoftirqd/0]
(root,0,0,00:08:14/25-08:51:59,15) [rcu_preempt]
(root,0,0,00:00:12/25-08:51:59,16) [migration/0]
(root,0,0,00:00:00/25-08:51:59,18) [cpuhp/0]
(root,0,0,00:00:00/25-08:51:59,20) [kdevtmpfs]
(root,0,0,00:00:00/25-08:51:59,21) [inet_frag_wq]
(root,0,0,00:00:00/25-08:51:59,22) [kauditd]
(root,0,0,00:00:00/25-08:51:59,24) [khungtaskd]
(root,0,0,00:00:00/25-08:51:59,26) [oom_reaper]
(root,0,0,00:00:00/25-08:51:59,27) [writeback]
(root,0,0,00:01:36/25-08:51:59,29) [kcompactd0]
(root,0,0,00:00:00/25-08:51:59,30) [ksmd]
(root,0,0,00:00:41/25-08:51:59,31) [khugepaged]
(root,0,0,00:00:00/25-08:51:59,32) [kintegrityd]
(root,0,0,00:00:00/25-08:51:59,33) [kblockd]
(root,0,0,00:00:00/25-08:51:59,34) [blkcg_punt_bio]
(root,0,0,00:00:00/25-08:51:59,35) [tpm_dev_wq]
(root,0,0,00:00:00/25-08:51:59,36) [edac-poller]
(root,0,0,00:00:00/25-08:51:59,37) [devfreq_wq]
(root,0,0,00:01:22/25-08:51:59,38) [kworker/0:1H-kblockd]
(root,0,0,00:00:10/25-08:51:59,39) [kswapd0]
(root,0,0,00:00:00/25-08:51:59,45) [kthrotld]
(root,0,0,00:00:00/25-08:51:59,47) [acpi_thermal_pm]
(root,0,0,00:00:00/25-08:51:59,48) [mld]
(root,0,0,00:00:00/25-08:51:59,49) [ipv6_addrconf]
(root,0,0,00:00:00/25-08:51:59,54) [kstrp]
(root,0,0,00:00:00/25-08:51:59,59) [zswap-shrink]
(root,0,0,00:00:00/25-08:51:59,60) [kworker/u481:0]
(root,0,0,00:00:00/25-08:51:58,120) [hv_vmbus_con]
(root,0,0,00:00:00/25-08:51:58,123) [hv_vmbus_rescin]
(root,0,0,00:00:00/25-08:51:58,124) [hv_pri_chan]
(root,0,0,00:00:00/25-08:51:58,125) [hv_sub_chan]
(root,0,0,00:00:00/25-08:51:58,127) [scsi_eh_0]
(root,0,0,00:00:00/25-08:51:58,128) [scsi_tmf_0]
(root,0,0,00:00:58/25-08:51:58,166) [jbd2/sda2-8]
(root,0,0,00:00:00/25-08:51:58,167) [ext4-rsv-conver]
(root,144244,107432,00:21:38/25-08:51:57,211) /lib/systemd/systemd-journald
(root,26924,4620,00:00:03/25-08:51:57,234) /lib/systemd/systemd-udevd
(root,0,0,00:01:00/25-08:51:56,271) [hv_balloon]
(root,3108,1872,00:03:44/25-08:51:56,287) /usr/sbin/hv_kvp_daemon -n
(systemd-timesync,90084,6168,00:00:09/25-08:51:56,325) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00/25-08:51:56,338) [cryptd]
(messagebus,8160,4132,00:33:29/25-08:51:56,450) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,2460,892,00:00:00/25-08:51:56,454) /usr/sbin/hv_vss_daemon -n
(root,221788,3916,00:05:26/25-08:51:56,457) /usr/sbin/rsyslogd -n -iNONE
(root,17048,7940,00:17:41/25-08:51:56,458) /lib/systemd/systemd-logind
(root,1801080,19512,00:21:54/25-08:51:56,489) /usr/bin/containerd
(root,0,0,00:00:00/25-08:51:55,500) [cifsiod]
(root,0,0,00:00:00/25-08:51:55,502) [smb3decryptd]
(root,0,0,00:00:00/25-08:51:55,504) [cifsfileinfoput]
(root,0,0,00:00:00/25-08:51:55,505) [cifsoplockd]
(root,0,0,00:00:00/25-08:51:55,506) [deferredclose]
(root,0,0,00:00:00/25-08:51:55,508) [serverclose]
(root,0,0,00:14:58/25-08:51:55,514) [cifsd]
(root,15560,8004,00:05:11/25-08:51:55,538) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,6608,2644,00:00:04/25-08:51:55,554) /usr/sbin/cron -f
(root,5872,984,00:00:00/25-08:51:55,560) /sbin/agetty -o -p -- \u --noclear - linux
(root,9268,4752,00:00:05/25-08:51:55,570) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,1987252,32052,00:24:38/25-08:51:55,577) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(root,1238196,8132,00:35:30/25-08:42:44,1852) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 8c65228167aeacfff544f8cfed652e0642334c6c9cfed8a60f1d0565e5de1126 -address /run/containerd/containerd.sock
(root,1294992,183652,02:56:20/25-08:42:43,1873) minio server --console-address :9001 /data
(root,1670824,2404,00:00:01/25-08:42:16,1991) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,2372,00:00:01/25-08:42:16,1998) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,2280,00:00:01/25-08:42:16,2008) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,2360,00:00:01/25-08:42:16,2015) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,2384,00:00:02/25-08:42:16,2025) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1670824,4364,00:00:02/25-08:42:16,2033) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1597092,2376,00:00:01/25-08:42:16,2040) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1523360,2304,00:00:02/25-08:42:16,2046) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1238196,9060,00:21:53/25-08:42:16,2097) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 70e54421f4f3bc2d3295cca7ad834de18bab9f75d032a9568bacbfdbe10b6c40 -address /run/containerd/containerd.sock
(root,50572,1036,00:00:00/25-08:42:16,2117) nginx: master process nginx -g daemon off;
(systemd-timesync,52584,6036,00:02:56/25-08:42:16,2168) nginx: worker process
(systemd-timesync,50876,588,00:00:13/25-08:42:16,2169) nginx: cache manager process
(root,0,0,00:00:03/04:31:32,510652) [kworker/0:1-cgroup_destroy]
(root,0,0,00:00:01/02:33:32,526139) [kworker/0:3-cgroup_destroy]
(root,0,0,00:00:00/01:00:26,538376) [kworker/0:6-deferredclose]
(root,0,0,00:00:00/50:32,539610) [kworker/0:0-deferredclose]
(root,0,0,00:00:00/42:32,540605) [kworker/0:2-events]
(root,0,0,00:00:02/40:32,540859) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/21:53,543469) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/10:21,545012) [kworker/0:4-events]
(root,0,0,00:00:00/05:23,545706) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/03:21,545954) [kworker/0:5-events]
(root,19028,10696,00:00:00/00:32,546256) /lib/systemd/systemd --user
(root,168636,3260,00:00:00/00:32,546257) (sd-pam)
(root,0,0,00:00:00/00:00,546404) [kworker/u480:0-events_unbound]
(root,7064,3372,00:00:00/00:00,546452) /bin/bash /usr/bin/check_mk_agent
(root,8088,3936,00:00:00/00:00,546470) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1012,00:00:00/00:00,546471) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:ee:21:7d:ea brd ff:ff:ff:ff:ff:ff
5: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:23:27:b8:c1 brd ff:ff:ff:ff:ff:ff
9: veth57beb38@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether ce:cf:c9:68:2f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
11: vethdba3fdc@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 82:f2:f7:52:f9:37 brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-12-14 00:00

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df93b2ac8d0

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,167896,12208,01:02:46/23-09:44:21,1) /sbin/init
(root,0,0,00:00:00/23-09:44:21,2) [kthreadd]
(root,0,0,00:00:00/23-09:44:21,3) [rcu_gp]
(root,0,0,00:00:00/23-09:44:21,4) [rcu_par_gp]
(root,0,0,00:00:00/23-09:44:21,5) [slub_flushwq]
(root,0,0,00:00:00/23-09:44:21,6) [netns]
(root,0,0,00:00:00/23-09:44:21,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/23-09:44:21,10) [mm_percpu_wq]
(root,0,0,00:00:00/23-09:44:21,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/23-09:44:21,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/23-09:44:21,13) [rcu_tasks_trace_kthread]
(root,0,0,00:06:39/23-09:44:21,14) [ksoftirqd/0]
(root,0,0,00:07:34/23-09:44:21,15) [rcu_preempt]
(root,0,0,00:00:11/23-09:44:21,16) [migration/0]
(root,0,0,00:00:00/23-09:44:21,18) [cpuhp/0]
(root,0,0,00:00:00/23-09:44:21,20) [kdevtmpfs]
(root,0,0,00:00:00/23-09:44:21,21) [inet_frag_wq]
(root,0,0,00:00:00/23-09:44:21,22) [kauditd]
(root,0,0,00:00:00/23-09:44:21,24) [khungtaskd]
(root,0,0,00:00:00/23-09:44:21,26) [oom_reaper]
(root,0,0,00:00:00/23-09:44:21,27) [writeback]
(root,0,0,00:01:29/23-09:44:21,29) [kcompactd0]
(root,0,0,00:00:00/23-09:44:21,30) [ksmd]
(root,0,0,00:00:38/23-09:44:21,31) [khugepaged]
(root,0,0,00:00:00/23-09:44:21,32) [kintegrityd]
(root,0,0,00:00:00/23-09:44:21,33) [kblockd]
(root,0,0,00:00:00/23-09:44:21,34) [blkcg_punt_bio]
(root,0,0,00:00:00/23-09:44:21,35) [tpm_dev_wq]
(root,0,0,00:00:00/23-09:44:21,36) [edac-poller]
(root,0,0,00:00:00/23-09:44:21,37) [devfreq_wq]
(root,0,0,00:01:16/23-09:44:21,38) [kworker/0:1H-kblockd]
(root,0,0,00:00:09/23-09:44:21,39) [kswapd0]
(root,0,0,00:00:00/23-09:44:20,45) [kthrotld]
(root,0,0,00:00:00/23-09:44:20,47) [acpi_thermal_pm]
(root,0,0,00:00:00/23-09:44:20,48) [mld]
(root,0,0,00:00:00/23-09:44:20,49) [ipv6_addrconf]
(root,0,0,00:00:00/23-09:44:20,54) [kstrp]
(root,0,0,00:00:00/23-09:44:20,59) [zswap-shrink]
(root,0,0,00:00:00/23-09:44:20,60) [kworker/u481:0]
(root,0,0,00:00:00/23-09:44:20,120) [hv_vmbus_con]
(root,0,0,00:00:00/23-09:44:20,123) [hv_vmbus_rescin]
(root,0,0,00:00:00/23-09:44:20,124) [hv_pri_chan]
(root,0,0,00:00:00/23-09:44:20,125) [hv_sub_chan]
(root,0,0,00:00:00/23-09:44:20,127) [scsi_eh_0]
(root,0,0,00:00:00/23-09:44:20,128) [scsi_tmf_0]
(root,0,0,00:00:53/23-09:44:20,166) [jbd2/sda2-8]
(root,0,0,00:00:00/23-09:44:20,167) [ext4-rsv-conver]
(root,180936,135984,00:19:58/23-09:44:19,211) /lib/systemd/systemd-journald
(root,26924,4892,00:00:03/23-09:44:19,234) /lib/systemd/systemd-udevd
(root,0,0,00:00:55/23-09:44:18,271) [hv_balloon]
(root,3108,1872,00:03:26/23-09:44:18,287) /usr/sbin/hv_kvp_daemon -n
(systemd-timesync,90084,6208,00:00:09/23-09:44:18,325) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00/23-09:44:18,338) [cryptd]
(messagebus,8160,4156,00:31:02/23-09:44:17,450) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,2460,892,00:00:00/23-09:44:17,454) /usr/sbin/hv_vss_daemon -n
(root,221788,4104,00:05:01/23-09:44:17,457) /usr/sbin/rsyslogd -n -iNONE
(root,17048,8008,00:16:23/23-09:44:17,458) /lib/systemd/systemd-logind
(root,1801080,21144,00:20:12/23-09:44:17,489) /usr/bin/containerd
(root,0,0,00:00:00/23-09:44:17,500) [cifsiod]
(root,0,0,00:00:00/23-09:44:17,502) [smb3decryptd]
(root,0,0,00:00:00/23-09:44:17,504) [cifsfileinfoput]
(root,0,0,00:00:00/23-09:44:17,505) [cifsoplockd]
(root,0,0,00:00:00/23-09:44:17,506) [deferredclose]
(root,0,0,00:00:00/23-09:44:17,508) [serverclose]
(root,0,0,00:13:49/23-09:44:17,514) [cifsd]
(root,15560,8016,00:04:41/23-09:44:17,538) sshd: /usr/sbin/sshd -D [listener] 2 of 10-100 startups
(root,6608,2644,00:00:03/23-09:44:17,554) /usr/sbin/cron -f
(root,5872,984,00:00:00/23-09:44:17,560) /sbin/agetty -o -p -- \u --noclear - linux
(root,9268,5376,00:00:04/23-09:44:17,570) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,1987252,36504,00:22:33/23-09:44:16,577) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(root,1238196,9448,00:32:39/23-09:35:05,1852) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 8c65228167aeacfff544f8cfed652e0642334c6c9cfed8a60f1d0565e5de1126 -address /run/containerd/containerd.sock
(root,1156152,135520,02:41:30/23-09:35:05,1873) minio server --console-address :9001 /data
(root,1670824,2864,00:00:01/23-09:34:38,1991) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,2832,00:00:01/23-09:34:38,1998) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,2740,00:00:01/23-09:34:38,2008) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,2808,00:00:01/23-09:34:38,2015) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,2848,00:00:02/23-09:34:38,2025) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1670824,4820,00:00:02/23-09:34:38,2033) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1597092,2824,00:00:01/23-09:34:38,2040) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1523360,2752,00:00:02/23-09:34:38,2046) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1238196,9456,00:20:07/23-09:34:38,2097) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 70e54421f4f3bc2d3295cca7ad834de18bab9f75d032a9568bacbfdbe10b6c40 -address /run/containerd/containerd.sock
(root,50572,1184,00:00:00/23-09:34:38,2117) nginx: master process nginx -g daemon off;
(systemd-timesync,52568,6396,00:00:21/23-09:34:37,2168) nginx: worker process
(systemd-timesync,50876,864,00:00:12/23-09:34:37,2169) nginx: cache manager process
(root,0,0,00:00:01/01:56:40,161557) [kworker/0:2-rcu_gp]
(root,0,0,00:00:01/01:27:45,165211) [kworker/0:3-cgroup_destroy]
(root,0,0,00:00:00/01:05:45,168047) [kworker/0:0-rcu_gp]
(root,0,0,00:00:00/16:45,174505) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/14:41,174773) [kworker/0:1-deferredclose]
(root,0,0,00:00:00/06:41,175812) [kworker/0:4-events]
(root,0,0,00:00:00/05:45,175935) [kworker/u480:2+events_unbound]
(root,0,0,00:00:00/05:15,175998) [kworker/u480:3+events_unbound]
(root,0,0,00:00:00/04:45,176023) [kworker/0:5-events]
(root,0,0,00:00:00/01:45,176411) [kworker/0:6]
(root,15560,9308,00:00:00/01:38,176489) sshd: [accepted]
(root,15560,9224,00:00:00/00:00,176649) sshd: [accepted]
(sshd,15560,5100,00:00:00/00:00,176650) sshd: [net]
(root,7064,3368,00:00:00/00:00,176673) /bin/bash /usr/bin/check_mk_agent
(root,7064,3372,00:00:00/00:00,176705) /bin/bash /usr/bin/check_mk_agent
(root,8088,3924,00:00:00/00:00,176740) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1028,00:00:00/00:00,176741) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:ee:21:7d:ea brd ff:ff:ff:ff:ff:ff
5: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:23:27:b8:c1 brd ff:ff:ff:ff:ff:ff
9: veth57beb38@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether ce:cf:c9:68:2f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
11: vethdba3fdc@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 82:f2:f7:52:f9:37 brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-12-12 00:53

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9bec86e13

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,167896,12200,00:57:46/21-09:45:48,1) /sbin/init
(root,0,0,00:00:00/21-09:45:48,2) [kthreadd]
(root,0,0,00:00:00/21-09:45:48,3) [rcu_gp]
(root,0,0,00:00:00/21-09:45:48,4) [rcu_par_gp]
(root,0,0,00:00:00/21-09:45:48,5) [slub_flushwq]
(root,0,0,00:00:00/21-09:45:48,6) [netns]
(root,0,0,00:00:00/21-09:45:48,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/21-09:45:48,10) [mm_percpu_wq]
(root,0,0,00:00:00/21-09:45:48,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/21-09:45:48,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/21-09:45:48,13) [rcu_tasks_trace_kthread]
(root,0,0,00:06:06/21-09:45:48,14) [ksoftirqd/0]
(root,0,0,00:06:56/21-09:45:48,15) [rcu_preempt]
(root,0,0,00:00:10/21-09:45:48,16) [migration/0]
(root,0,0,00:00:00/21-09:45:48,18) [cpuhp/0]
(root,0,0,00:00:00/21-09:45:48,20) [kdevtmpfs]
(root,0,0,00:00:00/21-09:45:48,21) [inet_frag_wq]
(root,0,0,00:00:00/21-09:45:48,22) [kauditd]
(root,0,0,00:00:00/21-09:45:48,24) [khungtaskd]
(root,0,0,00:00:00/21-09:45:48,26) [oom_reaper]
(root,0,0,00:00:00/21-09:45:48,27) [writeback]
(root,0,0,00:01:21/21-09:45:48,29) [kcompactd0]
(root,0,0,00:00:00/21-09:45:48,30) [ksmd]
(root,0,0,00:00:35/21-09:45:48,31) [khugepaged]
(root,0,0,00:00:00/21-09:45:48,32) [kintegrityd]
(root,0,0,00:00:00/21-09:45:48,33) [kblockd]
(root,0,0,00:00:00/21-09:45:48,34) [blkcg_punt_bio]
(root,0,0,00:00:00/21-09:45:48,35) [tpm_dev_wq]
(root,0,0,00:00:00/21-09:45:48,36) [edac-poller]
(root,0,0,00:00:00/21-09:45:48,37) [devfreq_wq]
(root,0,0,00:01:09/21-09:45:48,38) [kworker/0:1H-kblockd]
(root,0,0,00:00:08/21-09:45:48,39) [kswapd0]
(root,0,0,00:00:00/21-09:45:47,45) [kthrotld]
(root,0,0,00:00:00/21-09:45:47,47) [acpi_thermal_pm]
(root,0,0,00:00:00/21-09:45:47,48) [mld]
(root,0,0,00:00:00/21-09:45:47,49) [ipv6_addrconf]
(root,0,0,00:00:00/21-09:45:47,54) [kstrp]
(root,0,0,00:00:00/21-09:45:47,59) [zswap-shrink]
(root,0,0,00:00:00/21-09:45:47,60) [kworker/u481:0]
(root,0,0,00:00:00/21-09:45:47,120) [hv_vmbus_con]
(root,0,0,00:00:00/21-09:45:47,123) [hv_vmbus_rescin]
(root,0,0,00:00:00/21-09:45:47,124) [hv_pri_chan]
(root,0,0,00:00:00/21-09:45:47,125) [hv_sub_chan]
(root,0,0,00:00:00/21-09:45:47,127) [scsi_eh_0]
(root,0,0,00:00:00/21-09:45:47,128) [scsi_tmf_0]
(root,0,0,00:00:49/21-09:45:46,166) [jbd2/sda2-8]
(root,0,0,00:00:00/21-09:45:46,167) [ext4-rsv-conver]
(root,213976,166732,00:18:17/21-09:45:46,211) /lib/systemd/systemd-journald
(root,26924,5020,00:00:03/21-09:45:45,234) /lib/systemd/systemd-udevd
(root,0,0,00:00:51/21-09:45:45,271) [hv_balloon]
(root,3108,1872,00:03:09/21-09:45:45,287) /usr/sbin/hv_kvp_daemon -n
(systemd-timesync,90084,6236,00:00:08/21-09:45:44,325) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00/21-09:45:44,338) [cryptd]
(messagebus,8160,4156,00:28:33/21-09:45:44,450) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,2460,892,00:00:00/21-09:45:44,454) /usr/sbin/hv_vss_daemon -n
(root,221788,4160,00:04:37/21-09:45:44,457) /usr/sbin/rsyslogd -n -iNONE
(root,17048,8036,00:15:03/21-09:45:44,458) /lib/systemd/systemd-logind
(root,1801080,22924,00:18:28/21-09:45:44,489) /usr/bin/containerd
(root,0,0,00:00:00/21-09:45:44,500) [cifsiod]
(root,0,0,00:00:00/21-09:45:44,502) [smb3decryptd]
(root,0,0,00:00:00/21-09:45:44,504) [cifsfileinfoput]
(root,0,0,00:00:00/21-09:45:44,505) [cifsoplockd]
(root,0,0,00:00:00/21-09:45:44,506) [deferredclose]
(root,0,0,00:00:00/21-09:45:44,508) [serverclose]
(root,0,0,00:12:38/21-09:45:44,514) [cifsd]
(root,15560,7972,00:04:12/21-09:45:44,538) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,6608,2644,00:00:03/21-09:45:44,554) /usr/sbin/cron -f
(root,5872,984,00:00:00/21-09:45:44,560) /sbin/agetty -o -p -- \u --noclear - linux
(root,9268,5656,00:00:04/21-09:45:43,570) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,1987252,40228,00:20:37/21-09:45:43,577) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(root,1238196,8612,00:29:44/21-09:36:32,1852) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 8c65228167aeacfff544f8cfed652e0642334c6c9cfed8a60f1d0565e5de1126 -address /run/containerd/containerd.sock
(root,1156152,135096,02:27:41/21-09:36:32,1873) minio server --console-address :9001 /data
(root,1670824,2864,00:00:01/21-09:36:05,1991) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,2832,00:00:01/21-09:36:05,1998) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,2740,00:00:01/21-09:36:05,2008) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,2808,00:00:01/21-09:36:05,2015) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,2848,00:00:02/21-09:36:05,2025) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1670824,4820,00:00:02/21-09:36:05,2033) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1597092,2824,00:00:01/21-09:36:05,2040) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1523360,2752,00:00:02/21-09:36:05,2046) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1238196,9328,00:18:24/21-09:36:04,2097) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 70e54421f4f3bc2d3295cca7ad834de18bab9f75d032a9568bacbfdbe10b6c40 -address /run/containerd/containerd.sock
(root,50572,1556,00:00:00/21-09:36:04,2117) nginx: master process nginx -g daemon off;
(systemd-timesync,52568,6840,00:00:20/21-09:36:04,2168) nginx: worker process
(systemd-timesync,50876,1200,00:00:11/21-09:36:04,2169) nginx: cache manager process
(root,0,0,00:00:01/01:19:20,3988881) [kworker/0:0-deferredclose]
(root,0,0,00:00:01/01:09:20,3990141) [kworker/0:3-cgroup_destroy]
(root,0,0,00:00:00/54:13,3992084) [kworker/0:2-deferredclose]
(root,0,0,00:00:00/32:20,3994846) [kworker/0:4-cgroup_destroy]
(root,0,0,00:00:01/26:15,3995676) [kworker/u480:4-events_unbound]
(root,0,0,00:00:00/15:20,3997037) [kworker/0:1-rcu_gp]
(root,0,0,00:00:00/15:11,3997121) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/09:41,3997774) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/04:41,3998398) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/01:13,3998816) [kworker/0:5-events_power_efficient]
(root,0,0,00:00:00/01:13,3998817) [kworker/0:6]
(root,19028,10748,00:00:00/00:20,3998916) /lib/systemd/systemd --user
(root,168636,3252,00:00:00/00:20,3998917) (sd-pam)
(root,7064,3376,00:00:00/00:00,3999033) /bin/bash /usr/bin/check_mk_agent
(root,7064,3328,00:00:00/00:00,3999070) /bin/bash /usr/bin/check_mk_agent
(root,8088,3876,00:00:00/00:00,3999110) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1012,00:00:00/00:00,3999111) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:ee:21:7d:ea brd ff:ff:ff:ff:ff:ff
5: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:23:27:b8:c1 brd ff:ff:ff:ff:ff:ff
9: veth57beb38@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether ce:cf:c9:68:2f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
11: vethdba3fdc@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 82:f2:f7:52:f9:37 brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-12-10 00:54

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9d5fe20bb

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,167896,12196,00:52:40/19-09:33:04,1) /sbin/init
(root,0,0,00:00:00/19-09:33:04,2) [kthreadd]
(root,0,0,00:00:00/19-09:33:04,3) [rcu_gp]
(root,0,0,00:00:00/19-09:33:04,4) [rcu_par_gp]
(root,0,0,00:00:00/19-09:33:04,5) [slub_flushwq]
(root,0,0,00:00:00/19-09:33:04,6) [netns]
(root,0,0,00:00:00/19-09:33:04,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/19-09:33:04,10) [mm_percpu_wq]
(root,0,0,00:00:00/19-09:33:04,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/19-09:33:04,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/19-09:33:04,13) [rcu_tasks_trace_kthread]
(root,0,0,00:05:32/19-09:33:04,14) [ksoftirqd/0]
(root,0,0,00:06:16/19-09:33:04,15) [rcu_preempt]
(root,0,0,00:00:09/19-09:33:04,16) [migration/0]
(root,0,0,00:00:00/19-09:33:04,18) [cpuhp/0]
(root,0,0,00:00:00/19-09:33:04,20) [kdevtmpfs]
(root,0,0,00:00:00/19-09:33:04,21) [inet_frag_wq]
(root,0,0,00:00:00/19-09:33:04,22) [kauditd]
(root,0,0,00:00:00/19-09:33:04,24) [khungtaskd]
(root,0,0,00:00:00/19-09:33:04,26) [oom_reaper]
(root,0,0,00:00:00/19-09:33:04,27) [writeback]
(root,0,0,00:01:14/19-09:33:04,29) [kcompactd0]
(root,0,0,00:00:00/19-09:33:04,30) [ksmd]
(root,0,0,00:00:33/19-09:33:04,31) [khugepaged]
(root,0,0,00:00:00/19-09:33:04,32) [kintegrityd]
(root,0,0,00:00:00/19-09:33:04,33) [kblockd]
(root,0,0,00:00:00/19-09:33:04,34) [blkcg_punt_bio]
(root,0,0,00:00:00/19-09:33:04,35) [tpm_dev_wq]
(root,0,0,00:00:00/19-09:33:04,36) [edac-poller]
(root,0,0,00:00:00/19-09:33:04,37) [devfreq_wq]
(root,0,0,00:01:03/19-09:33:04,38) [kworker/0:1H-kblockd]
(root,0,0,00:00:07/19-09:33:04,39) [kswapd0]
(root,0,0,00:00:00/19-09:33:04,45) [kthrotld]
(root,0,0,00:00:00/19-09:33:04,47) [acpi_thermal_pm]
(root,0,0,00:00:00/19-09:33:04,48) [mld]
(root,0,0,00:00:00/19-09:33:04,49) [ipv6_addrconf]
(root,0,0,00:00:00/19-09:33:04,54) [kstrp]
(root,0,0,00:00:00/19-09:33:04,59) [zswap-shrink]
(root,0,0,00:00:00/19-09:33:04,60) [kworker/u481:0]
(root,0,0,00:00:00/19-09:33:03,120) [hv_vmbus_con]
(root,0,0,00:00:00/19-09:33:03,123) [hv_vmbus_rescin]
(root,0,0,00:00:00/19-09:33:03,124) [hv_pri_chan]
(root,0,0,00:00:00/19-09:33:03,125) [hv_sub_chan]
(root,0,0,00:00:00/19-09:33:03,127) [scsi_eh_0]
(root,0,0,00:00:00/19-09:33:03,128) [scsi_tmf_0]
(root,0,0,00:00:44/19-09:33:03,166) [jbd2/sda2-8]
(root,0,0,00:00:00/19-09:33:03,167) [ext4-rsv-conver]
(root,144152,105284,00:16:37/19-09:33:02,211) /lib/systemd/systemd-journald
(root,26924,5228,00:00:03/19-09:33:02,234) /lib/systemd/systemd-udevd
(root,0,0,00:00:46/19-09:33:02,271) [hv_balloon]
(root,3108,1872,00:02:51/19-09:33:01,287) /usr/sbin/hv_kvp_daemon -n
(systemd-timesync,90084,6260,00:00:07/19-09:33:01,325) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00/19-09:33:01,338) [cryptd]
(messagebus,8160,4160,00:26:00/19-09:33:01,450) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,2460,892,00:00:00/19-09:33:01,454) /usr/sbin/hv_vss_daemon -n
(root,221788,4276,00:04:12/19-09:33:01,457) /usr/sbin/rsyslogd -n -iNONE
(root,17048,8060,00:13:42/19-09:33:01,458) /lib/systemd/systemd-logind
(root,1801080,24568,00:16:44/19-09:33:01,489) /usr/bin/containerd
(root,0,0,00:00:00/19-09:33:01,500) [cifsiod]
(root,0,0,00:00:00/19-09:33:01,502) [smb3decryptd]
(root,0,0,00:00:00/19-09:33:00,504) [cifsfileinfoput]
(root,0,0,00:00:00/19-09:33:00,505) [cifsoplockd]
(root,0,0,00:00:00/19-09:33:00,506) [deferredclose]
(root,0,0,00:00:00/19-09:33:00,508) [serverclose]
(root,0,0,00:11:27/19-09:33:00,514) [cifsd]
(root,15560,7972,00:03:44/19-09:33:00,538) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,6608,2644,00:00:03/19-09:33:00,554) /usr/sbin/cron -f
(root,5872,992,00:00:00/19-09:33:00,560) /sbin/agetty -o -p -- \u --noclear - linux
(root,9268,5980,00:00:03/19-09:33:00,570) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,1987252,43576,00:18:41/19-09:33:00,577) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(root,1238196,9888,00:26:50/19-09:23:49,1852) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 8c65228167aeacfff544f8cfed652e0642334c6c9cfed8a60f1d0565e5de1126 -address /run/containerd/containerd.sock
(root,1156152,134976,02:13:48/19-09:23:49,1873) minio server --console-address :9001 /data
(root,1670824,2864,00:00:01/19-09:23:22,1991) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,2832,00:00:01/19-09:23:22,1998) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,2740,00:00:01/19-09:23:22,2008) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,2808,00:00:00/19-09:23:21,2015) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,2848,00:00:02/19-09:23:21,2025) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1670824,4820,00:00:01/19-09:23:21,2033) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1597092,2824,00:00:00/19-09:23:21,2040) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1523360,2752,00:00:02/19-09:23:21,2046) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1238196,10216,00:16:39/19-09:23:21,2097) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 70e54421f4f3bc2d3295cca7ad834de18bab9f75d032a9568bacbfdbe10b6c40 -address /run/containerd/containerd.sock
(root,50572,1888,00:00:00/19-09:23:21,2117) nginx: master process nginx -g daemon off;
(systemd-timesync,52568,7316,00:00:19/19-09:23:21,2168) nginx: worker process
(systemd-timesync,50876,1528,00:00:10/19-09:23:21,2169) nginx: cache manager process
(root,0,0,00:00:02/02:23:31,3609211) [kworker/0:2-events]
(root,0,0,00:00:01/01:25:23,3616936) [kworker/0:4-deferredclose]
(root,0,0,00:00:00/01:12:31,3618550) [kworker/0:1-cgroup_destroy]
(root,0,0,00:00:00/39:23,3622798) [kworker/0:0-cgroup_destroy]
(root,0,0,00:00:00/22:28,3624907) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/17:23,3625534) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/06:27,3626892) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/05:23,3627027) [kworker/0:3-deferredclose]
(root,0,0,00:00:00/02:02,3627451) [kworker/0:5]
(root,0,0,00:00:00/00:58,3627580) [kworker/u480:0-events_unbound]
(root,19024,10720,00:00:00/00:24,3627653) /lib/systemd/systemd --user
(root,168636,3248,00:00:00/00:23,3627654) (sd-pam)
(root,7064,3380,00:00:00/00:00,3627801) /bin/bash /usr/bin/check_mk_agent
(root,8088,3912,00:00:00/00:00,3627819) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1004,00:00:00/00:00,3627820) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:ee:21:7d:ea brd ff:ff:ff:ff:ff:ff
5: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:23:27:b8:c1 brd ff:ff:ff:ff:ff:ff
9: veth57beb38@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether ce:cf:c9:68:2f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
11: vethdba3fdc@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 82:f2:f7:52:f9:37 brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-12-08 00:41

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9a9a347f4

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,167896,12200,00:47:29/17-09:17:50,1) /sbin/init
(root,0,0,00:00:00/17-09:17:50,2) [kthreadd]
(root,0,0,00:00:00/17-09:17:50,3) [rcu_gp]
(root,0,0,00:00:00/17-09:17:50,4) [rcu_par_gp]
(root,0,0,00:00:00/17-09:17:50,5) [slub_flushwq]
(root,0,0,00:00:00/17-09:17:50,6) [netns]
(root,0,0,00:00:00/17-09:17:50,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/17-09:17:50,10) [mm_percpu_wq]
(root,0,0,00:00:00/17-09:17:50,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/17-09:17:50,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/17-09:17:50,13) [rcu_tasks_trace_kthread]
(root,0,0,00:04:59/17-09:17:50,14) [ksoftirqd/0]
(root,0,0,00:05:37/17-09:17:50,15) [rcu_preempt]
(root,0,0,00:00:08/17-09:17:50,16) [migration/0]
(root,0,0,00:00:00/17-09:17:50,18) [cpuhp/0]
(root,0,0,00:00:00/17-09:17:50,20) [kdevtmpfs]
(root,0,0,00:00:00/17-09:17:50,21) [inet_frag_wq]
(root,0,0,00:00:00/17-09:17:50,22) [kauditd]
(root,0,0,00:00:00/17-09:17:50,24) [khungtaskd]
(root,0,0,00:00:00/17-09:17:50,26) [oom_reaper]
(root,0,0,00:00:00/17-09:17:50,27) [writeback]
(root,0,0,00:01:06/17-09:17:50,29) [kcompactd0]
(root,0,0,00:00:00/17-09:17:50,30) [ksmd]
(root,0,0,00:00:30/17-09:17:50,31) [khugepaged]
(root,0,0,00:00:00/17-09:17:50,32) [kintegrityd]
(root,0,0,00:00:00/17-09:17:50,33) [kblockd]
(root,0,0,00:00:00/17-09:17:50,34) [blkcg_punt_bio]
(root,0,0,00:00:00/17-09:17:50,35) [tpm_dev_wq]
(root,0,0,00:00:00/17-09:17:50,36) [edac-poller]
(root,0,0,00:00:00/17-09:17:50,37) [devfreq_wq]
(root,0,0,00:00:57/17-09:17:50,38) [kworker/0:1H-kblockd]
(root,0,0,00:00:06/17-09:17:50,39) [kswapd0]
(root,0,0,00:00:00/17-09:17:49,45) [kthrotld]
(root,0,0,00:00:00/17-09:17:49,47) [acpi_thermal_pm]
(root,0,0,00:00:00/17-09:17:49,48) [mld]
(root,0,0,00:00:00/17-09:17:49,49) [ipv6_addrconf]
(root,0,0,00:00:00/17-09:17:49,54) [kstrp]
(root,0,0,00:00:00/17-09:17:49,59) [zswap-shrink]
(root,0,0,00:00:00/17-09:17:49,60) [kworker/u481:0]
(root,0,0,00:00:00/17-09:17:49,120) [hv_vmbus_con]
(root,0,0,00:00:00/17-09:17:49,123) [hv_vmbus_rescin]
(root,0,0,00:00:00/17-09:17:49,124) [hv_pri_chan]
(root,0,0,00:00:00/17-09:17:49,125) [hv_sub_chan]
(root,0,0,00:00:00/17-09:17:49,127) [scsi_eh_0]
(root,0,0,00:00:00/17-09:17:49,128) [scsi_tmf_0]
(root,0,0,00:00:40/17-09:17:48,166) [jbd2/sda2-8]
(root,0,0,00:00:00/17-09:17:48,167) [ext4-rsv-conver]
(root,193204,146364,00:14:56/17-09:17:48,211) /lib/systemd/systemd-journald
(root,26924,5356,00:00:02/17-09:17:47,234) /lib/systemd/systemd-udevd
(root,0,0,00:00:41/17-09:17:47,271) [hv_balloon]
(root,3108,1880,00:02:33/17-09:17:47,287) /usr/sbin/hv_kvp_daemon -n
(systemd-timesync,90084,6276,00:00:06/17-09:17:47,325) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00/17-09:17:47,338) [cryptd]
(messagebus,8160,4200,00:23:25/17-09:17:46,450) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,2460,892,00:00:00/17-09:17:46,454) /usr/sbin/hv_vss_daemon -n
(root,221788,4372,00:03:47/17-09:17:46,457) /usr/sbin/rsyslogd -n -iNONE
(root,17048,8080,00:12:19/17-09:17:46,458) /lib/systemd/systemd-logind
(root,1801080,29204,00:14:59/17-09:17:46,489) /usr/bin/containerd
(root,0,0,00:00:00/17-09:17:46,500) [cifsiod]
(root,0,0,00:00:00/17-09:17:46,502) [smb3decryptd]
(root,0,0,00:00:00/17-09:17:46,504) [cifsfileinfoput]
(root,0,0,00:00:00/17-09:17:46,505) [cifsoplockd]
(root,0,0,00:00:00/17-09:17:46,506) [deferredclose]
(root,0,0,00:00:00/17-09:17:46,508) [serverclose]
(root,0,0,00:10:15/17-09:17:46,514) [cifsd]
(root,15560,7972,00:03:19/17-09:17:46,538) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,6608,2644,00:00:02/17-09:17:46,554) /usr/sbin/cron -f
(root,5872,1000,00:00:00/17-09:17:46,560) /sbin/agetty -o -p -- \u --noclear - linux
(root,9268,6296,00:00:03/17-09:17:46,570) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,1987252,49164,00:16:44/17-09:17:45,577) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(root,1238196,9604,00:23:59/17-09:08:34,1852) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 8c65228167aeacfff544f8cfed652e0642334c6c9cfed8a60f1d0565e5de1126 -address /run/containerd/containerd.sock
(root,1156152,140436,01:59:52/17-09:08:34,1873) minio server --console-address :9001 /data
(root,1670824,2864,00:00:01/17-09:08:07,1991) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,2832,00:00:01/17-09:08:07,1998) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,2740,00:00:00/17-09:08:07,2008) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,2808,00:00:00/17-09:08:07,2015) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,2848,00:00:01/17-09:08:07,2025) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1670824,4820,00:00:01/17-09:08:07,2033) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1597092,2824,00:00:00/17-09:08:07,2040) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1523360,2752,00:00:01/17-09:08:07,2046) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1238196,10444,00:14:56/17-09:08:07,2097) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 70e54421f4f3bc2d3295cca7ad834de18bab9f75d032a9568bacbfdbe10b6c40 -address /run/containerd/containerd.sock
(root,50572,1968,00:00:00/17-09:08:07,2117) nginx: master process nginx -g daemon off;
(systemd-timesync,52568,7460,00:00:17/17-09:08:06,2168) nginx: worker process
(systemd-timesync,50876,1604,00:00:09/17-09:08:06,2169) nginx: cache manager process
(root,0,0,00:00:02/03:06:59,3237275) [kworker/0:5-cgroup_destroy]
(root,0,0,00:00:02/02:19:09,3243218) [kworker/0:1-events]
(root,0,0,00:00:01/42:43,3255254) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/21:09,3257940) [kworker/0:3-rcu_gp]
(root,0,0,00:00:00/21:09,3257941) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/15:43,3258610) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/11:09,3259171) [kworker/0:0-cgroup_destroy]
(root,0,0,00:00:00/10:13,3259290) [kworker/u480:1-ext4-rsv-conversion]
(root,0,0,00:00:00/04:48,3259943) [kworker/u480:4]
(root,0,0,00:00:00/01:09,3260400) [kworker/0:2-cgroup_destroy]
(root,19028,10756,00:00:00/00:09,3260521) /lib/systemd/systemd --user
(root,168636,3252,00:00:00/00:09,3260522) (sd-pam)
(root,7064,3368,00:00:00/00:00,3260644) /bin/bash /usr/bin/check_mk_agent
(root,8088,3924,00:00:00/00:00,3260662) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1040,00:00:00/00:00,3260663) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:ee:21:7d:ea brd ff:ff:ff:ff:ff:ff
5: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:23:27:b8:c1 brd ff:ff:ff:ff:ff:ff
9: veth57beb38@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether ce:cf:c9:68:2f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
11: vethdba3fdc@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 82:f2:f7:52:f9:37 brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-12-06 00:26

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9430c0d5c

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,167896,12204,00:42:15/15-08:04:31,1) /sbin/init
(root,0,0,00:00:00/15-08:04:31,2) [kthreadd]
(root,0,0,00:00:00/15-08:04:31,3) [rcu_gp]
(root,0,0,00:00:00/15-08:04:31,4) [rcu_par_gp]
(root,0,0,00:00:00/15-08:04:31,5) [slub_flushwq]
(root,0,0,00:00:00/15-08:04:31,6) [netns]
(root,0,0,00:00:00/15-08:04:31,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/15-08:04:31,10) [mm_percpu_wq]
(root,0,0,00:00:00/15-08:04:31,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/15-08:04:31,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/15-08:04:31,13) [rcu_tasks_trace_kthread]
(root,0,0,00:04:25/15-08:04:31,14) [ksoftirqd/0]
(root,0,0,00:04:57/15-08:04:31,15) [rcu_preempt]
(root,0,0,00:00:07/15-08:04:31,16) [migration/0]
(root,0,0,00:00:00/15-08:04:31,18) [cpuhp/0]
(root,0,0,00:00:00/15-08:04:31,20) [kdevtmpfs]
(root,0,0,00:00:00/15-08:04:31,21) [inet_frag_wq]
(root,0,0,00:00:00/15-08:04:31,22) [kauditd]
(root,0,0,00:00:00/15-08:04:31,24) [khungtaskd]
(root,0,0,00:00:00/15-08:04:31,26) [oom_reaper]
(root,0,0,00:00:00/15-08:04:31,27) [writeback]
(root,0,0,00:00:59/15-08:04:31,29) [kcompactd0]
(root,0,0,00:00:00/15-08:04:31,30) [ksmd]
(root,0,0,00:00:27/15-08:04:31,31) [khugepaged]
(root,0,0,00:00:00/15-08:04:31,32) [kintegrityd]
(root,0,0,00:00:00/15-08:04:31,33) [kblockd]
(root,0,0,00:00:00/15-08:04:31,34) [blkcg_punt_bio]
(root,0,0,00:00:00/15-08:04:31,35) [tpm_dev_wq]
(root,0,0,00:00:00/15-08:04:31,36) [edac-poller]
(root,0,0,00:00:00/15-08:04:31,37) [devfreq_wq]
(root,0,0,00:00:50/15-08:04:31,38) [kworker/0:1H-kblockd]
(root,0,0,00:00:04/15-08:04:31,39) [kswapd0]
(root,0,0,00:00:00/15-08:04:31,45) [kthrotld]
(root,0,0,00:00:00/15-08:04:31,47) [acpi_thermal_pm]
(root,0,0,00:00:00/15-08:04:31,48) [mld]
(root,0,0,00:00:00/15-08:04:31,49) [ipv6_addrconf]
(root,0,0,00:00:00/15-08:04:31,54) [kstrp]
(root,0,0,00:00:00/15-08:04:31,59) [zswap-shrink]
(root,0,0,00:00:00/15-08:04:31,60) [kworker/u481:0]
(root,0,0,00:00:00/15-08:04:31,120) [hv_vmbus_con]
(root,0,0,00:00:00/15-08:04:31,123) [hv_vmbus_rescin]
(root,0,0,00:00:00/15-08:04:31,124) [hv_pri_chan]
(root,0,0,00:00:00/15-08:04:31,125) [hv_sub_chan]
(root,0,0,00:00:00/15-08:04:30,127) [scsi_eh_0]
(root,0,0,00:00:00/15-08:04:30,128) [scsi_tmf_0]
(root,0,0,00:00:35/15-08:04:30,166) [jbd2/sda2-8]
(root,0,0,00:00:00/15-08:04:30,167) [ext4-rsv-conver]
(root,230264,182096,00:13:15/15-08:04:29,211) /lib/systemd/systemd-journald
(root,26924,5372,00:00:02/15-08:04:29,234) /lib/systemd/systemd-udevd
(root,0,0,00:00:36/15-08:04:29,271) [hv_balloon]
(root,3108,1880,00:02:15/15-08:04:28,287) /usr/sbin/hv_kvp_daemon -n
(systemd-timesync,90084,6300,00:00:05/15-08:04:28,325) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00/15-08:04:28,338) [cryptd]
(messagebus,8160,4212,00:20:48/15-08:04:28,450) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,2460,892,00:00:00/15-08:04:28,454) /usr/sbin/hv_vss_daemon -n
(root,221788,4436,00:03:22/15-08:04:28,457) /usr/sbin/rsyslogd -n -iNONE
(root,17048,8112,00:10:56/15-08:04:28,458) /lib/systemd/systemd-logind
(root,1800824,31400,00:13:13/15-08:04:28,489) /usr/bin/containerd
(root,0,0,00:00:00/15-08:04:28,500) [cifsiod]
(root,0,0,00:00:00/15-08:04:28,502) [smb3decryptd]
(root,0,0,00:00:00/15-08:04:28,504) [cifsfileinfoput]
(root,0,0,00:00:00/15-08:04:28,505) [cifsoplockd]
(root,0,0,00:00:00/15-08:04:28,506) [deferredclose]
(root,0,0,00:00:00/15-08:04:28,508) [serverclose]
(root,0,0,00:09:02/15-08:04:28,514) [cifsd]
(root,15560,8000,00:02:54/15-08:04:27,538) sshd: /usr/sbin/sshd -D [listener] 2 of 10-100 startups
(root,6608,2644,00:00:02/15-08:04:27,554) /usr/sbin/cron -f
(root,5872,1000,00:00:00/15-08:04:27,560) /sbin/agetty -o -p -- \u --noclear - linux
(root,9268,6412,00:00:03/15-08:04:27,570) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,1987252,56672,00:14:46/15-08:04:27,577) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(root,1238196,12500,00:21:04/15-07:55:16,1852) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 8c65228167aeacfff544f8cfed652e0642334c6c9cfed8a60f1d0565e5de1126 -address /run/containerd/containerd.sock
(root,1156152,149324,01:45:40/15-07:55:16,1873) minio server --console-address :9001 /data
(root,1670824,3360,00:00:00/15-07:54:49,1991) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,3328,00:00:00/15-07:54:49,1998) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,3236,00:00:00/15-07:54:49,2008) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,3304,00:00:00/15-07:54:49,2015) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,3344,00:00:01/15-07:54:49,2025) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1670824,5316,00:00:01/15-07:54:49,2033) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1597092,3320,00:00:00/15-07:54:49,2040) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1523360,3248,00:00:01/15-07:54:48,2046) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1238196,12868,00:13:11/15-07:54:48,2097) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 70e54421f4f3bc2d3295cca7ad834de18bab9f75d032a9568bacbfdbe10b6c40 -address /run/containerd/containerd.sock
(root,50572,1968,00:00:00/15-07:54:48,2117) nginx: master process nginx -g daemon off;
(systemd-timesync,52568,7552,00:00:16/15-07:54:48,2168) nginx: worker process
(systemd-timesync,50876,1604,00:00:08/15-07:54:48,2169) nginx: cache manager process
(root,0,0,00:00:01/02:27:50,2868756) [kworker/0:0-cgroup_destroy]
(root,0,0,00:00:02/01:58:02,2872322) [kworker/0:2-deferredclose]
(root,0,0,00:00:01/01:48:02,2873590) [kworker/0:4-mm_percpu_wq]
(root,0,0,00:00:01/01:34:02,2875491) [kworker/0:1-events]
(root,0,0,00:00:01/01:04:50,2879522) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/21:54,2884994) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/08:50,2886753) [kworker/0:3-events]
(root,0,0,00:00:00/05:50,2887168) [kworker/u480:1-flush-8:0]
(root,15560,9252,00:00:00/00:47,2887853) sshd: [accepted]
(root,0,0,00:00:00/00:17,2887899) [kworker/u480:3-events_unbound]
(root,15560,9188,00:00:00/00:14,2887900) sshd: [accepted]
(root,7064,3504,00:00:00/00:00,2888014) /bin/bash /usr/bin/check_mk_agent
(root,8088,3896,00:00:00/00:00,2888032) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1016,00:00:00/00:00,2888033) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:ee:21:7d:ea brd ff:ff:ff:ff:ff:ff
5: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:23:27:b8:c1 brd ff:ff:ff:ff:ff:ff
9: veth57beb38@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether ce:cf:c9:68:2f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
11: vethdba3fdc@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 82:f2:f7:52:f9:37 brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-12-03 23:13

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df95117d572

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,167896,12196,00:37:25/13-09:45:47,1) /sbin/init
(root,0,0,00:00:00/13-09:45:47,2) [kthreadd]
(root,0,0,00:00:00/13-09:45:47,3) [rcu_gp]
(root,0,0,00:00:00/13-09:45:47,4) [rcu_par_gp]
(root,0,0,00:00:00/13-09:45:47,5) [slub_flushwq]
(root,0,0,00:00:00/13-09:45:47,6) [netns]
(root,0,0,00:00:00/13-09:45:47,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/13-09:45:47,10) [mm_percpu_wq]
(root,0,0,00:00:00/13-09:45:47,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/13-09:45:47,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/13-09:45:47,13) [rcu_tasks_trace_kthread]
(root,0,0,00:03:54/13-09:45:47,14) [ksoftirqd/0]
(root,0,0,00:04:20/13-09:45:47,15) [rcu_preempt]
(root,0,0,00:00:06/13-09:45:47,16) [migration/0]
(root,0,0,00:00:00/13-09:45:47,18) [cpuhp/0]
(root,0,0,00:00:00/13-09:45:47,20) [kdevtmpfs]
(root,0,0,00:00:00/13-09:45:47,21) [inet_frag_wq]
(root,0,0,00:00:00/13-09:45:47,22) [kauditd]
(root,0,0,00:00:00/13-09:45:47,24) [khungtaskd]
(root,0,0,00:00:00/13-09:45:47,26) [oom_reaper]
(root,0,0,00:00:00/13-09:45:47,27) [writeback]
(root,0,0,00:00:53/13-09:45:47,29) [kcompactd0]
(root,0,0,00:00:00/13-09:45:47,30) [ksmd]
(root,0,0,00:00:24/13-09:45:47,31) [khugepaged]
(root,0,0,00:00:00/13-09:45:47,32) [kintegrityd]
(root,0,0,00:00:00/13-09:45:47,33) [kblockd]
(root,0,0,00:00:00/13-09:45:47,34) [blkcg_punt_bio]
(root,0,0,00:00:00/13-09:45:47,35) [tpm_dev_wq]
(root,0,0,00:00:00/13-09:45:47,36) [edac-poller]
(root,0,0,00:00:00/13-09:45:47,37) [devfreq_wq]
(root,0,0,00:00:44/13-09:45:47,38) [kworker/0:1H-kblockd]
(root,0,0,00:00:03/13-09:45:47,39) [kswapd0]
(root,0,0,00:00:00/13-09:45:47,45) [kthrotld]
(root,0,0,00:00:00/13-09:45:47,47) [acpi_thermal_pm]
(root,0,0,00:00:00/13-09:45:47,48) [mld]
(root,0,0,00:00:00/13-09:45:47,49) [ipv6_addrconf]
(root,0,0,00:00:00/13-09:45:47,54) [kstrp]
(root,0,0,00:00:00/13-09:45:47,59) [zswap-shrink]
(root,0,0,00:00:00/13-09:45:47,60) [kworker/u481:0]
(root,0,0,00:00:00/13-09:45:46,120) [hv_vmbus_con]
(root,0,0,00:00:00/13-09:45:46,123) [hv_vmbus_rescin]
(root,0,0,00:00:00/13-09:45:46,124) [hv_pri_chan]
(root,0,0,00:00:00/13-09:45:46,125) [hv_sub_chan]
(root,0,0,00:00:00/13-09:45:46,127) [scsi_eh_0]
(root,0,0,00:00:00/13-09:45:46,128) [scsi_tmf_0]
(root,0,0,00:00:31/13-09:45:46,166) [jbd2/sda2-8]
(root,0,0,00:00:00/13-09:45:46,167) [ext4-rsv-conver]
(root,205592,164448,00:11:44/13-09:45:45,211) /lib/systemd/systemd-journald
(root,26924,5396,00:00:02/13-09:45:45,234) /lib/systemd/systemd-udevd
(root,0,0,00:00:31/13-09:45:44,271) [hv_balloon]
(root,3108,1880,00:01:58/13-09:45:44,287) /usr/sbin/hv_kvp_daemon -n
(systemd-timesync,90084,6324,00:00:05/13-09:45:44,325) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00/13-09:45:44,338) [cryptd]
(messagebus,8160,4228,00:18:23/13-09:45:44,450) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,2460,892,00:00:00/13-09:45:44,454) /usr/sbin/hv_vss_daemon -n
(root,221788,4468,00:03:00/13-09:45:44,457) /usr/sbin/rsyslogd -n -iNONE
(root,17048,8140,00:09:38/13-09:45:44,458) /lib/systemd/systemd-logind
(root,1800824,34100,00:11:32/13-09:45:44,489) /usr/bin/containerd
(root,0,0,00:00:00/13-09:45:43,500) [cifsiod]
(root,0,0,00:00:00/13-09:45:43,502) [smb3decryptd]
(root,0,0,00:00:00/13-09:45:43,504) [cifsfileinfoput]
(root,0,0,00:00:00/13-09:45:43,505) [cifsoplockd]
(root,0,0,00:00:00/13-09:45:43,506) [deferredclose]
(root,0,0,00:00:00/13-09:45:43,508) [serverclose]
(root,0,0,00:07:54/13-09:45:43,514) [cifsd]
(root,15560,8232,00:02:33/13-09:45:43,538) sshd: /usr/sbin/sshd -D [listener] 1 of 10-100 startups
(root,6608,2644,00:00:02/13-09:45:43,554) /usr/sbin/cron -f
(root,5872,1000,00:00:00/13-09:45:43,560) /sbin/agetty -o -p -- \u --noclear - linux
(root,9268,6448,00:00:03/13-09:45:43,570) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,1987252,60416,00:12:54/13-09:45:43,577) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(root,1238196,14172,00:18:20/13-09:36:32,1852) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 8c65228167aeacfff544f8cfed652e0642334c6c9cfed8a60f1d0565e5de1126 -address /run/containerd/containerd.sock
(root,1156152,152932,01:32:18/13-09:36:31,1873) minio server --console-address :9001 /data
(root,1670824,3360,00:00:00/13-09:36:05,1991) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,3328,00:00:00/13-09:36:04,1998) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,3236,00:00:00/13-09:36:04,2008) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,3304,00:00:00/13-09:36:04,2015) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,3480,00:00:01/13-09:36:04,2025) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1670824,5316,00:00:01/13-09:36:04,2033) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1597092,3320,00:00:00/13-09:36:04,2040) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1523360,3248,00:00:01/13-09:36:04,2046) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1238196,14884,00:11:32/13-09:36:04,2097) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 70e54421f4f3bc2d3295cca7ad834de18bab9f75d032a9568bacbfdbe10b6c40 -address /run/containerd/containerd.sock
(root,50572,1972,00:00:00/13-09:36:04,2117) nginx: master process nginx -g daemon off;
(systemd-timesync,52568,7672,00:00:15/13-09:36:04,2168) nginx: worker process
(systemd-timesync,50876,1604,00:00:07/13-09:36:04,2169) nginx: cache manager process
(root,0,0,00:00:01/01:05:17,2532054) [kworker/0:6-rcu_gp]
(root,0,0,00:00:00/46:19,2534368) [kworker/0:0-deferredclose]
(root,0,0,00:00:00/39:33,2535225) [kworker/u480:2-writeback]
(root,0,0,00:00:00/30:06,2536380) [kworker/0:2-cgroup_destroy]
(root,0,0,00:00:00/25:04,2537026) [kworker/u480:5-events_unbound]
(root,0,0,00:00:00/24:19,2537060) [kworker/0:3-events]
(root,0,0,00:00:00/07:58,2539085) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/05:19,2539359) [kworker/0:5-rcu_gp]
(root,0,0,00:00:00/02:33,2539701) [kworker/u480:0-events_unbound]
(root,15564,8852,00:00:00/00:34,2539941) sshd: [accepted]
(root,19024,10736,00:00:00/00:06,2540008) /lib/systemd/systemd --user
(root,168636,3248,00:00:00/00:06,2540009) (sd-pam)
(root,7064,3408,00:00:00/00:00,2540113) /bin/bash /usr/bin/check_mk_agent
(root,8088,3924,00:00:00/00:00,2540140) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1020,00:00:00/00:00,2540141) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:ee:21:7d:ea brd ff:ff:ff:ff:ff:ff
5: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:23:27:b8:c1 brd ff:ff:ff:ff:ff:ff
9: veth57beb38@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether ce:cf:c9:68:2f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
11: vethdba3fdc@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 82:f2:f7:52:f9:37 brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-12-02 00:54

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9289e4ff6

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,167896,12204,00:32:19/11-08:35:30,1) /sbin/init
(root,0,0,00:00:00/11-08:35:30,2) [kthreadd]
(root,0,0,00:00:00/11-08:35:30,3) [rcu_gp]
(root,0,0,00:00:00/11-08:35:30,4) [rcu_par_gp]
(root,0,0,00:00:00/11-08:35:30,5) [slub_flushwq]
(root,0,0,00:00:00/11-08:35:30,6) [netns]
(root,0,0,00:00:00/11-08:35:30,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/11-08:35:30,10) [mm_percpu_wq]
(root,0,0,00:00:00/11-08:35:30,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/11-08:35:30,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/11-08:35:30,13) [rcu_tasks_trace_kthread]
(root,0,0,00:03:21/11-08:35:30,14) [ksoftirqd/0]
(root,0,0,00:03:41/11-08:35:30,15) [rcu_preempt]
(root,0,0,00:00:05/11-08:35:30,16) [migration/0]
(root,0,0,00:00:00/11-08:35:30,18) [cpuhp/0]
(root,0,0,00:00:00/11-08:35:30,20) [kdevtmpfs]
(root,0,0,00:00:00/11-08:35:30,21) [inet_frag_wq]
(root,0,0,00:00:00/11-08:35:30,22) [kauditd]
(root,0,0,00:00:00/11-08:35:30,24) [khungtaskd]
(root,0,0,00:00:00/11-08:35:30,26) [oom_reaper]
(root,0,0,00:00:00/11-08:35:30,27) [writeback]
(root,0,0,00:00:46/11-08:35:30,29) [kcompactd0]
(root,0,0,00:00:00/11-08:35:30,30) [ksmd]
(root,0,0,00:00:21/11-08:35:30,31) [khugepaged]
(root,0,0,00:00:00/11-08:35:30,32) [kintegrityd]
(root,0,0,00:00:00/11-08:35:30,33) [kblockd]
(root,0,0,00:00:00/11-08:35:30,34) [blkcg_punt_bio]
(root,0,0,00:00:00/11-08:35:30,35) [tpm_dev_wq]
(root,0,0,00:00:00/11-08:35:30,36) [edac-poller]
(root,0,0,00:00:00/11-08:35:30,37) [devfreq_wq]
(root,0,0,00:00:38/11-08:35:30,38) [kworker/0:1H-kblockd]
(root,0,0,00:00:03/11-08:35:30,39) [kswapd0]
(root,0,0,00:00:00/11-08:35:30,45) [kthrotld]
(root,0,0,00:00:00/11-08:35:30,47) [acpi_thermal_pm]
(root,0,0,00:00:00/11-08:35:30,48) [mld]
(root,0,0,00:00:00/11-08:35:30,49) [ipv6_addrconf]
(root,0,0,00:00:00/11-08:35:30,54) [kstrp]
(root,0,0,00:00:00/11-08:35:30,59) [zswap-shrink]
(root,0,0,00:00:00/11-08:35:30,60) [kworker/u481:0]
(root,0,0,00:00:00/11-08:35:29,120) [hv_vmbus_con]
(root,0,0,00:00:00/11-08:35:29,123) [hv_vmbus_rescin]
(root,0,0,00:00:00/11-08:35:29,124) [hv_pri_chan]
(root,0,0,00:00:00/11-08:35:29,125) [hv_sub_chan]
(root,0,0,00:00:00/11-08:35:29,127) [scsi_eh_0]
(root,0,0,00:00:00/11-08:35:29,128) [scsi_tmf_0]
(root,0,0,00:00:26/11-08:35:29,166) [jbd2/sda2-8]
(root,0,0,00:00:00/11-08:35:29,167) [ext4-rsv-conver]
(root,144256,109976,00:10:06/11-08:35:28,211) /lib/systemd/systemd-journald
(root,26924,5396,00:00:02/11-08:35:28,234) /lib/systemd/systemd-udevd
(root,0,0,00:00:27/11-08:35:27,271) [hv_balloon]
(root,3108,1880,00:01:40/11-08:35:27,287) /usr/sbin/hv_kvp_daemon -n
(systemd-timesync,90084,6352,00:00:04/11-08:35:27,325) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00/11-08:35:27,338) [cryptd]
(messagebus,8160,4256,00:15:49/11-08:35:27,450) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,2460,892,00:00:00/11-08:35:27,454) /usr/sbin/hv_vss_daemon -n
(root,221788,4472,00:02:36/11-08:35:27,457) /usr/sbin/rsyslogd -n -iNONE
(root,17048,8172,00:08:16/11-08:35:27,458) /lib/systemd/systemd-logind
(root,1800824,39776,00:09:47/11-08:35:27,489) /usr/bin/containerd
(root,0,0,00:00:00/11-08:35:26,500) [cifsiod]
(root,0,0,00:00:00/11-08:35:26,502) [smb3decryptd]
(root,0,0,00:00:00/11-08:35:26,504) [cifsfileinfoput]
(root,0,0,00:00:00/11-08:35:26,505) [cifsoplockd]
(root,0,0,00:00:00/11-08:35:26,506) [deferredclose]
(root,0,0,00:00:00/11-08:35:26,508) [serverclose]
(root,0,0,00:06:41/11-08:35:26,514) [cifsd]
(root,15560,8532,00:02:07/11-08:35:26,538) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,6608,2644,00:00:01/11-08:35:26,554) /usr/sbin/cron -f
(root,5872,1000,00:00:00/11-08:35:26,560) /sbin/agetty -o -p -- \u --noclear - linux
(root,9268,6448,00:00:02/11-08:35:26,570) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,1987252,68580,00:10:56/11-08:35:26,577) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(root,1238196,15332,00:15:26/11-08:26:15,1852) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 8c65228167aeacfff544f8cfed652e0642334c6c9cfed8a60f1d0565e5de1126 -address /run/containerd/containerd.sock
(root,1156152,158932,01:18:11/11-08:26:14,1873) minio server --console-address :9001 /data
(root,1670824,3360,00:00:00/11-08:25:47,1991) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,3328,00:00:00/11-08:25:47,1998) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,5284,00:00:00/11-08:25:47,2008) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,3304,00:00:00/11-08:25:47,2015) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,3488,00:00:01/11-08:25:47,2025) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1670824,5316,00:00:01/11-08:25:47,2033) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1597092,3320,00:00:00/11-08:25:47,2040) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1523360,5376,00:00:01/11-08:25:47,2046) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1238196,16468,00:09:48/11-08:25:47,2097) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 70e54421f4f3bc2d3295cca7ad834de18bab9f75d032a9568bacbfdbe10b6c40 -address /run/containerd/containerd.sock
(root,50572,1976,00:00:00/11-08:25:47,2117) nginx: master process nginx -g daemon off;
(systemd-timesync,52440,7548,00:00:12/11-08:25:47,2168) nginx: worker process
(systemd-timesync,50876,1604,00:00:06/11-08:25:47,2169) nginx: cache manager process
(root,0,0,00:00:02/03:10:04,2140556) [kworker/0:4-events_power_efficient]
(root,0,0,00:00:02/02:19:03,2147063) [kworker/0:3-events]
(root,0,0,00:00:00/27:02,2161757) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/17:03,2163203) [kworker/0:0-rcu_gp]
(root,0,0,00:00:00/13:53,2163662) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/09:03,2164222) [kworker/0:1-events]
(root,0,0,00:00:00/08:26,2164326) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/03:26,2164959) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/00:03,2165347) [kworker/0:2]
(root,17680,11200,00:00:00/00:02,2165348) sshd: root@pts/0
(root,19024,10720,00:00:00/00:02,2165351) /lib/systemd/systemd --user
(root,168636,3256,00:00:00/00:02,2165352) (sd-pam)
(root,3200,1844,00:00:00/00:02,2165371) /bin/nc -w 5 miljogiraff-simapro 6556
(root,7064,3488,00:00:00/00:00,2165465) /bin/bash /usr/bin/check_mk_agent
(root,8088,3940,00:00:00/00:00,2165483) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1008,00:00:00/00:00,2165484) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:ee:21:7d:ea brd ff:ff:ff:ff:ff:ff
5: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:23:27:b8:c1 brd ff:ff:ff:ff:ff:ff
9: veth57beb38@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether ce:cf:c9:68:2f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
11: vethdba3fdc@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 82:f2:f7:52:f9:37 brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-11-29 23:44

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9750ef906

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,167896,12348,00:27:03/9-08:31:26,1) /sbin/init
(root,0,0,00:00:00/9-08:31:26,2) [kthreadd]
(root,0,0,00:00:00/9-08:31:26,3) [rcu_gp]
(root,0,0,00:00:00/9-08:31:26,4) [rcu_par_gp]
(root,0,0,00:00:00/9-08:31:26,5) [slub_flushwq]
(root,0,0,00:00:00/9-08:31:26,6) [netns]
(root,0,0,00:00:00/9-08:31:26,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/9-08:31:26,10) [mm_percpu_wq]
(root,0,0,00:00:00/9-08:31:26,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/9-08:31:26,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/9-08:31:26,13) [rcu_tasks_trace_kthread]
(root,0,0,00:02:47/9-08:31:26,14) [ksoftirqd/0]
(root,0,0,00:03:03/9-08:31:26,15) [rcu_preempt]
(root,0,0,00:00:04/9-08:31:26,16) [migration/0]
(root,0,0,00:00:00/9-08:31:26,18) [cpuhp/0]
(root,0,0,00:00:00/9-08:31:26,20) [kdevtmpfs]
(root,0,0,00:00:00/9-08:31:26,21) [inet_frag_wq]
(root,0,0,00:00:00/9-08:31:26,22) [kauditd]
(root,0,0,00:00:00/9-08:31:26,24) [khungtaskd]
(root,0,0,00:00:00/9-08:31:26,26) [oom_reaper]
(root,0,0,00:00:00/9-08:31:26,27) [writeback]
(root,0,0,00:00:38/9-08:31:26,29) [kcompactd0]
(root,0,0,00:00:00/9-08:31:26,30) [ksmd]
(root,0,0,00:00:17/9-08:31:26,31) [khugepaged]
(root,0,0,00:00:00/9-08:31:26,32) [kintegrityd]
(root,0,0,00:00:00/9-08:31:26,33) [kblockd]
(root,0,0,00:00:00/9-08:31:26,34) [blkcg_punt_bio]
(root,0,0,00:00:00/9-08:31:26,35) [tpm_dev_wq]
(root,0,0,00:00:00/9-08:31:26,36) [edac-poller]
(root,0,0,00:00:00/9-08:31:26,37) [devfreq_wq]
(root,0,0,00:00:31/9-08:31:26,38) [kworker/0:1H-kblockd]
(root,0,0,00:00:01/9-08:31:26,39) [kswapd0]
(root,0,0,00:00:00/9-08:31:25,45) [kthrotld]
(root,0,0,00:00:00/9-08:31:25,47) [acpi_thermal_pm]
(root,0,0,00:00:00/9-08:31:25,48) [mld]
(root,0,0,00:00:00/9-08:31:25,49) [ipv6_addrconf]
(root,0,0,00:00:00/9-08:31:25,54) [kstrp]
(root,0,0,00:00:00/9-08:31:25,59) [zswap-shrink]
(root,0,0,00:00:00/9-08:31:25,60) [kworker/u481:0]
(root,0,0,00:00:00/9-08:31:25,120) [hv_vmbus_con]
(root,0,0,00:00:00/9-08:31:25,123) [hv_vmbus_rescin]
(root,0,0,00:00:00/9-08:31:25,124) [hv_pri_chan]
(root,0,0,00:00:00/9-08:31:25,125) [hv_sub_chan]
(root,0,0,00:00:00/9-08:31:25,127) [scsi_eh_0]
(root,0,0,00:00:00/9-08:31:25,128) [scsi_tmf_0]
(root,0,0,00:00:21/9-08:31:24,166) [jbd2/sda2-8]
(root,0,0,00:00:00/9-08:31:24,167) [ext4-rsv-conver]
(root,185104,144716,00:08:25/9-08:31:24,211) /lib/systemd/systemd-journald
(root,26924,5396,00:00:01/9-08:31:23,234) /lib/systemd/systemd-udevd
(root,0,0,00:00:22/9-08:31:23,271) [hv_balloon]
(root,3108,1880,00:01:22/9-08:31:23,287) /usr/sbin/hv_kvp_daemon -n
(systemd-timesync,90084,6452,00:00:03/9-08:31:22,325) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00/9-08:31:22,338) [cryptd]
(messagebus,8160,4320,00:13:11/9-08:31:22,450) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,2460,892,00:00:00/9-08:31:22,454) /usr/sbin/hv_vss_daemon -n
(root,221788,4472,00:02:10/9-08:31:22,457) /usr/sbin/rsyslogd -n -iNONE
(root,17048,8180,00:06:53/9-08:31:22,458) /lib/systemd/systemd-logind
(root,1800824,46484,00:08:03/9-08:31:22,489) /usr/bin/containerd
(root,0,0,00:00:00/9-08:31:22,500) [cifsiod]
(root,0,0,00:00:00/9-08:31:22,502) [smb3decryptd]
(root,0,0,00:00:00/9-08:31:22,504) [cifsfileinfoput]
(root,0,0,00:00:00/9-08:31:22,505) [cifsoplockd]
(root,0,0,00:00:00/9-08:31:22,506) [deferredclose]
(root,0,0,00:00:00/9-08:31:22,508) [serverclose]
(root,0,0,00:05:31/9-08:31:22,514) [cifsd]
(root,15560,8836,00:01:44/9-08:31:22,538) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,6608,2644,00:00:01/9-08:31:22,554) /usr/sbin/cron -f
(root,5872,1000,00:00:00/9-08:31:22,560) /sbin/agetty -o -p -- \u --noclear - linux
(root,9268,6448,00:00:02/9-08:31:22,570) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,1987252,78784,00:09:01/9-08:31:21,577) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(root,1238196,15912,00:12:36/9-08:22:10,1852) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 8c65228167aeacfff544f8cfed652e0642334c6c9cfed8a60f1d0565e5de1126 -address /run/containerd/containerd.sock
(root,1156152,165980,01:04:25/9-08:22:10,1873) minio server --console-address :9001 /data
(root,1670824,3360,00:00:00/9-08:21:43,1991) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,3328,00:00:00/9-08:21:43,1998) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,7512,00:00:00/9-08:21:43,2008) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,3836,00:00:00/9-08:21:43,2015) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,3888,00:00:01/9-08:21:43,2025) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1670824,5848,00:00:00/9-08:21:43,2033) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1597092,5848,00:00:00/9-08:21:43,2040) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1523360,5800,00:00:01/9-08:21:43,2046) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1238196,16480,00:08:05/9-08:21:43,2097) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 70e54421f4f3bc2d3295cca7ad834de18bab9f75d032a9568bacbfdbe10b6c40 -address /run/containerd/containerd.sock
(root,50572,1976,00:00:00/9-08:21:42,2117) nginx: master process nginx -g daemon off;
(systemd-timesync,52568,7676,00:00:11/9-08:21:42,2168) nginx: worker process
(systemd-timesync,50876,1604,00:00:05/9-08:21:42,2169) nginx: cache manager process
(root,0,0,00:00:04/04:59:45,1758468) [kworker/0:4-deferredclose]
(root,0,0,00:00:02/02:45:45,1774916) [kworker/0:1-rcu_gp]
(root,0,0,00:00:00/01:22:45,1785836) [kworker/0:0-deferredclose]
(root,0,0,00:00:01/01:17:01,1786484) [kworker/0:2-cgroup_destroy]
(root,0,0,00:00:01/56:12,1788964) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/34:49,1791734) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/08:49,1794871) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/05:45,1795236) [kworker/0:3+events]
(root,0,0,00:00:00/05:01,1795290) [kworker/0:5-events_freezable_power_]
(root,0,0,00:00:00/03:12,1795532) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/01:16,1795772) [kworker/0:6]
(root,7064,3412,00:00:00/00:00,1795916) /bin/bash /usr/bin/check_mk_agent
(root,7064,3424,00:00:00/00:00,1795953) /bin/bash /usr/bin/check_mk_agent
(root,8088,3888,00:00:00/00:00,1795987) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1024,00:00:00/00:00,1795988) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:ee:21:7d:ea brd ff:ff:ff:ff:ff:ff
5: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:23:27:b8:c1 brd ff:ff:ff:ff:ff:ff
9: veth57beb38@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether ce:cf:c9:68:2f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
11: vethdba3fdc@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 82:f2:f7:52:f9:37 brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-11-27 23:40

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9a67ee987

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,167776,12352,00:20:33/7-09:19:20,1) /sbin/init
(root,0,0,00:00:00/7-09:19:20,2) [kthreadd]
(root,0,0,00:00:00/7-09:19:20,3) [rcu_gp]
(root,0,0,00:00:00/7-09:19:20,4) [rcu_par_gp]
(root,0,0,00:00:00/7-09:19:20,5) [slub_flushwq]
(root,0,0,00:00:00/7-09:19:20,6) [netns]
(root,0,0,00:00:00/7-09:19:20,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/7-09:19:20,10) [mm_percpu_wq]
(root,0,0,00:00:00/7-09:19:20,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/7-09:19:20,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/7-09:19:20,13) [rcu_tasks_trace_kthread]
(root,0,0,00:02:08/7-09:19:20,14) [ksoftirqd/0]
(root,0,0,00:02:22/7-09:19:20,15) [rcu_preempt]
(root,0,0,00:00:03/7-09:19:20,16) [migration/0]
(root,0,0,00:00:00/7-09:19:20,18) [cpuhp/0]
(root,0,0,00:00:00/7-09:19:20,20) [kdevtmpfs]
(root,0,0,00:00:00/7-09:19:20,21) [inet_frag_wq]
(root,0,0,00:00:00/7-09:19:20,22) [kauditd]
(root,0,0,00:00:00/7-09:19:20,24) [khungtaskd]
(root,0,0,00:00:00/7-09:19:20,26) [oom_reaper]
(root,0,0,00:00:00/7-09:19:20,27) [writeback]
(root,0,0,00:00:30/7-09:19:20,29) [kcompactd0]
(root,0,0,00:00:00/7-09:19:20,30) [ksmd]
(root,0,0,00:00:13/7-09:19:20,31) [khugepaged]
(root,0,0,00:00:00/7-09:19:20,32) [kintegrityd]
(root,0,0,00:00:00/7-09:19:20,33) [kblockd]
(root,0,0,00:00:00/7-09:19:20,34) [blkcg_punt_bio]
(root,0,0,00:00:00/7-09:19:20,35) [tpm_dev_wq]
(root,0,0,00:00:00/7-09:19:20,36) [edac-poller]
(root,0,0,00:00:00/7-09:19:20,37) [devfreq_wq]
(root,0,0,00:00:24/7-09:19:20,38) [kworker/0:1H-kblockd]
(root,0,0,00:00:01/7-09:19:20,39) [kswapd0]
(root,0,0,00:00:00/7-09:19:19,45) [kthrotld]
(root,0,0,00:00:00/7-09:19:19,47) [acpi_thermal_pm]
(root,0,0,00:00:00/7-09:19:19,48) [mld]
(root,0,0,00:00:00/7-09:19:19,49) [ipv6_addrconf]
(root,0,0,00:00:00/7-09:19:19,54) [kstrp]
(root,0,0,00:00:00/7-09:19:19,59) [zswap-shrink]
(root,0,0,00:00:00/7-09:19:19,60) [kworker/u481:0]
(root,0,0,00:00:00/7-09:19:19,120) [hv_vmbus_con]
(root,0,0,00:00:00/7-09:19:19,123) [hv_vmbus_rescin]
(root,0,0,00:00:00/7-09:19:19,124) [hv_pri_chan]
(root,0,0,00:00:00/7-09:19:19,125) [hv_sub_chan]
(root,0,0,00:00:00/7-09:19:19,127) [scsi_eh_0]
(root,0,0,00:00:00/7-09:19:19,128) [scsi_tmf_0]
(root,0,0,00:00:17/7-09:19:18,166) [jbd2/sda2-8]
(root,0,0,00:00:00/7-09:19:18,167) [ext4-rsv-conver]
(root,258772,201128,00:06:25/7-09:19:18,211) /lib/systemd/systemd-journald
(root,26924,5396,00:00:01/7-09:19:17,234) /lib/systemd/systemd-udevd
(root,0,0,00:00:17/7-09:19:17,271) [hv_balloon]
(root,3108,1880,00:01:05/7-09:19:17,287) /usr/sbin/hv_kvp_daemon -n
(systemd-timesync,90084,6488,00:00:02/7-09:19:16,325) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00/7-09:19:16,338) [cryptd]
(messagebus,8036,4216,00:10:04/7-09:19:16,450) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,2460,892,00:00:00/7-09:19:16,454) /usr/sbin/hv_vss_daemon -n
(root,221788,4700,00:01:38/7-09:19:16,457) /usr/sbin/rsyslogd -n -iNONE
(root,17048,8180,00:05:17/7-09:19:16,458) /lib/systemd/systemd-logind
(root,1800824,51572,00:06:20/7-09:19:16,489) /usr/bin/containerd
(root,0,0,00:00:00/7-09:19:16,500) [cifsiod]
(root,0,0,00:00:00/7-09:19:16,502) [smb3decryptd]
(root,0,0,00:00:00/7-09:19:16,504) [cifsfileinfoput]
(root,0,0,00:00:00/7-09:19:16,505) [cifsoplockd]
(root,0,0,00:00:00/7-09:19:16,506) [deferredclose]
(root,0,0,00:00:00/7-09:19:16,508) [serverclose]
(root,0,0,00:04:21/7-09:19:16,514) [cifsd]
(root,15560,9100,00:01:22/7-09:19:16,538) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,6608,2644,00:00:01/7-09:19:16,554) /usr/sbin/cron -f
(root,5872,1000,00:00:00/7-09:19:16,560) /sbin/agetty -o -p -- \u --noclear - linux
(root,9268,6448,00:00:02/7-09:19:15,570) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,1987252,87844,00:07:07/7-09:19:15,577) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(root,1238196,15280,00:09:51/7-09:10:04,1852) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 8c65228167aeacfff544f8cfed652e0642334c6c9cfed8a60f1d0565e5de1126 -address /run/containerd/containerd.sock
(root,1155896,168144,00:50:52/7-09:10:04,1873) minio server --console-address :9001 /data
(root,1670824,4672,00:00:00/7-09:09:37,1991) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,4648,00:00:00/7-09:09:37,1998) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,8656,00:00:00/7-09:09:37,2008) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,4632,00:00:00/7-09:09:37,2015) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,4732,00:00:00/7-09:09:37,2025) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1670824,6684,00:00:00/7-09:09:37,2033) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1597092,6644,00:00:00/7-09:09:37,2040) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1523360,6596,00:00:00/7-09:09:37,2046) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1238196,16384,00:06:20/7-09:09:36,2097) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 70e54421f4f3bc2d3295cca7ad834de18bab9f75d032a9568bacbfdbe10b6c40 -address /run/containerd/containerd.sock
(root,50572,1976,00:00:00/7-09:09:36,2117) nginx: master process nginx -g daemon off;
(systemd-timesync,52568,7628,00:00:10/7-09:09:36,2168) nginx: worker process
(systemd-timesync,50876,1604,00:00:04/7-09:09:36,2169) nginx: cache manager process
(root,0,0,00:00:01/01:34:07,1384688) [kworker/0:2-rcu_gp]
(root,0,0,00:00:00/01:24:06,1386193) [kworker/0:3-cgroup_destroy]
(root,0,0,00:00:01/01:14:07,1387571) [kworker/0:4-events]
(root,0,0,00:00:01/01:03:38,1389034) [kworker/0:1-cgroup_destroy]
(root,0,0,00:00:00/53:39,1390391) [kworker/0:0-deferredclose]
(root,0,0,00:00:00/34:50,1392974) [kworker/u480:2-events_unbound]
(root,0,0,00:00:01/29:28,1393765) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/12:50,1396018) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/04:50,1397101) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/00:56,1397649) [kworker/0:5]
(root,19028,10668,00:00:00/00:07,1397764) /lib/systemd/systemd --user
(root,168516,3312,00:00:00/00:07,1397765) (sd-pam)
(root,7064,3508,00:00:00/00:00,1397879) /bin/bash /usr/bin/check_mk_agent
(root,8088,3936,00:00:00/00:00,1397897) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1048,00:00:00/00:00,1397898) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:ee:21:7d:ea brd ff:ff:ff:ff:ff:ff
5: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:23:27:b8:c1 brd ff:ff:ff:ff:ff:ff
9: veth57beb38@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether ce:cf:c9:68:2f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
11: vethdba3fdc@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 82:f2:f7:52:f9:37 brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-11-26 00:28

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9375dc1f3

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,167776,12376,00:13:45/5-06:55:58,1) /sbin/init
(root,0,0,00:00:00/5-06:55:58,2) [kthreadd]
(root,0,0,00:00:00/5-06:55:58,3) [rcu_gp]
(root,0,0,00:00:00/5-06:55:58,4) [rcu_par_gp]
(root,0,0,00:00:00/5-06:55:58,5) [slub_flushwq]
(root,0,0,00:00:00/5-06:55:58,6) [netns]
(root,0,0,00:00:00/5-06:55:58,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/5-06:55:58,10) [mm_percpu_wq]
(root,0,0,00:00:00/5-06:55:58,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/5-06:55:58,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/5-06:55:58,13) [rcu_tasks_trace_kthread]
(root,0,0,00:01:27/5-06:55:58,14) [ksoftirqd/0]
(root,0,0,00:01:40/5-06:55:58,15) [rcu_preempt]
(root,0,0,00:00:02/5-06:55:58,16) [migration/0]
(root,0,0,00:00:00/5-06:55:58,18) [cpuhp/0]
(root,0,0,00:00:00/5-06:55:58,20) [kdevtmpfs]
(root,0,0,00:00:00/5-06:55:58,21) [inet_frag_wq]
(root,0,0,00:00:00/5-06:55:58,22) [kauditd]
(root,0,0,00:00:00/5-06:55:58,24) [khungtaskd]
(root,0,0,00:00:00/5-06:55:58,26) [oom_reaper]
(root,0,0,00:00:00/5-06:55:58,27) [writeback]
(root,0,0,00:00:20/5-06:55:58,29) [kcompactd0]
(root,0,0,00:00:00/5-06:55:58,30) [ksmd]
(root,0,0,00:00:08/5-06:55:58,31) [khugepaged]
(root,0,0,00:00:00/5-06:55:58,32) [kintegrityd]
(root,0,0,00:00:00/5-06:55:58,33) [kblockd]
(root,0,0,00:00:00/5-06:55:58,34) [blkcg_punt_bio]
(root,0,0,00:00:00/5-06:55:58,35) [tpm_dev_wq]
(root,0,0,00:00:00/5-06:55:58,36) [edac-poller]
(root,0,0,00:00:00/5-06:55:58,37) [devfreq_wq]
(root,0,0,00:00:16/5-06:55:58,38) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/5-06:55:58,39) [kswapd0]
(root,0,0,00:00:00/5-06:55:58,45) [kthrotld]
(root,0,0,00:00:00/5-06:55:58,47) [acpi_thermal_pm]
(root,0,0,00:00:00/5-06:55:58,48) [mld]
(root,0,0,00:00:00/5-06:55:58,49) [ipv6_addrconf]
(root,0,0,00:00:00/5-06:55:58,54) [kstrp]
(root,0,0,00:00:00/5-06:55:58,59) [zswap-shrink]
(root,0,0,00:00:00/5-06:55:58,60) [kworker/u481:0]
(root,0,0,00:00:00/5-06:55:57,120) [hv_vmbus_con]
(root,0,0,00:00:00/5-06:55:57,123) [hv_vmbus_rescin]
(root,0,0,00:00:00/5-06:55:57,124) [hv_pri_chan]
(root,0,0,00:00:00/5-06:55:57,125) [hv_sub_chan]
(root,0,0,00:00:00/5-06:55:57,127) [scsi_eh_0]
(root,0,0,00:00:00/5-06:55:57,128) [scsi_tmf_0]
(root,0,0,00:00:12/5-06:55:57,166) [jbd2/sda2-8]
(root,0,0,00:00:00/5-06:55:57,167) [ext4-rsv-conver]
(root,168672,130284,00:04:21/5-06:55:56,211) /lib/systemd/systemd-journald
(root,26924,5624,00:00:01/5-06:55:56,234) /lib/systemd/systemd-udevd
(root,0,0,00:00:12/5-06:55:55,271) [hv_balloon]
(root,3108,1880,00:00:46/5-06:55:55,287) /usr/sbin/hv_kvp_daemon -n
(systemd-timesync,90084,6492,00:00:02/5-06:55:55,325) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00/5-06:55:55,338) [cryptd]
(messagebus,8036,4216,00:06:49/5-06:55:55,450) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,2460,892,00:00:00/5-06:55:55,454) /usr/sbin/hv_vss_daemon -n
(root,221788,4700,00:01:05/5-06:55:55,457) /usr/sbin/rsyslogd -n -iNONE
(root,17048,8184,00:03:37/5-06:55:55,458) /lib/systemd/systemd-logind
(root,1800824,51572,00:04:32/5-06:55:55,489) /usr/bin/containerd
(root,0,0,00:00:00/5-06:55:54,500) [cifsiod]
(root,0,0,00:00:00/5-06:55:54,502) [smb3decryptd]
(root,0,0,00:00:00/5-06:55:54,504) [cifsfileinfoput]
(root,0,0,00:00:00/5-06:55:54,505) [cifsoplockd]
(root,0,0,00:00:00/5-06:55:54,506) [deferredclose]
(root,0,0,00:00:00/5-06:55:54,508) [serverclose]
(root,0,0,00:03:07/5-06:55:54,514) [cifsd]
(root,15560,9100,00:01:00/5-06:55:54,538) sshd: /usr/sbin/sshd -D [listener] 1 of 10-100 startups
(root,6608,2644,00:00:00/5-06:55:54,554) /usr/sbin/cron -f
(root,5872,1000,00:00:00/5-06:55:54,560) /sbin/agetty -o -p -- \u --noclear - linux
(root,9268,6472,00:00:01/5-06:55:54,570) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,1986996,88048,00:05:05/5-06:55:54,577) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(root,1238196,15696,00:07:01/5-06:46:43,1852) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 8c65228167aeacfff544f8cfed652e0642334c6c9cfed8a60f1d0565e5de1126 -address /run/containerd/containerd.sock
(root,1155896,175860,00:36:24/5-06:46:42,1873) minio server --console-address :9001 /data
(root,1670824,4680,00:00:00/5-06:46:15,1991) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,4648,00:00:00/5-06:46:15,1998) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,8668,00:00:00/5-06:46:15,2008) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,4640,00:00:00/5-06:46:15,2015) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,4748,00:00:00/5-06:46:15,2025) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1670824,6688,00:00:00/5-06:46:15,2033) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1597092,6684,00:00:00/5-06:46:15,2040) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1523360,6600,00:00:00/5-06:46:15,2046) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1238196,16480,00:04:29/5-06:46:15,2097) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 70e54421f4f3bc2d3295cca7ad834de18bab9f75d032a9568bacbfdbe10b6c40 -address /run/containerd/containerd.sock
(root,50572,1976,00:00:00/5-06:46:15,2117) nginx: master process nginx -g daemon off;
(systemd-timesync,52560,7572,00:00:07/5-06:46:14,2168) nginx: worker process
(systemd-timesync,50876,1604,00:00:02/5-06:46:14,2169) nginx: cache manager process
(root,0,0,00:00:03/04:11:17,945414) [kworker/0:3-cgroup_destroy]
(root,0,0,00:00:00/01:09:37,968370) [kworker/0:2-cgroup_destroy]
(root,0,0,00:00:00/48:17,971121) [kworker/0:4-rcu_gp]
(root,0,0,00:00:00/41:44,971900) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/22:09,974442) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/09:17,976048) [kworker/0:0-events]
(root,0,0,00:00:00/05:44,976474) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/03:17,976799) [kworker/0:1-events]
(root,15560,9168,00:00:00/01:24,976997) sshd: [accepted]
(root,19024,10668,00:00:00/00:17,977175) /lib/systemd/systemd --user
(root,168516,3312,00:00:00/00:17,977176) (sd-pam)
(root,17680,11004,00:00:00/00:00,977225) sshd: root@pts/0
(root,0,0,00:00:00/00:00,977275) [kworker/u480:0-events_unbound]
(root,3200,1884,00:00:00/00:00,977288) /bin/nc -w 5 miljogiraff-simapro 6556
(root,7064,3380,00:00:00/00:00,977320) /bin/bash /usr/bin/check_mk_agent
(root,8088,3932,00:00:00/00:00,977338) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,988,00:00:00/00:00,977339) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:ee:21:7d:ea brd ff:ff:ff:ff:ff:ff
5: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:23:27:b8:c1 brd ff:ff:ff:ff:ff:ff
9: veth57beb38@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether ce:cf:c9:68:2f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
11: vethdba3fdc@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 82:f2:f7:52:f9:37 brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-11-23 22:04

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9da91fd4b

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,167776,12372,00:08:46/3-06:50:54,1) /sbin/init
(root,0,0,00:00:00/3-06:50:54,2) [kthreadd]
(root,0,0,00:00:00/3-06:50:54,3) [rcu_gp]
(root,0,0,00:00:00/3-06:50:54,4) [rcu_par_gp]
(root,0,0,00:00:00/3-06:50:54,5) [slub_flushwq]
(root,0,0,00:00:00/3-06:50:54,6) [netns]
(root,0,0,00:00:00/3-06:50:54,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/3-06:50:54,10) [mm_percpu_wq]
(root,0,0,00:00:00/3-06:50:54,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/3-06:50:54,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/3-06:50:54,13) [rcu_tasks_trace_kthread]
(root,0,0,00:00:55/3-06:50:54,14) [ksoftirqd/0]
(root,0,0,00:01:02/3-06:50:54,15) [rcu_preempt]
(root,0,0,00:00:01/3-06:50:54,16) [migration/0]
(root,0,0,00:00:00/3-06:50:54,18) [cpuhp/0]
(root,0,0,00:00:00/3-06:50:54,20) [kdevtmpfs]
(root,0,0,00:00:00/3-06:50:54,21) [inet_frag_wq]
(root,0,0,00:00:00/3-06:50:54,22) [kauditd]
(root,0,0,00:00:00/3-06:50:54,24) [khungtaskd]
(root,0,0,00:00:00/3-06:50:54,26) [oom_reaper]
(root,0,0,00:00:00/3-06:50:54,27) [writeback]
(root,0,0,00:00:11/3-06:50:54,29) [kcompactd0]
(root,0,0,00:00:00/3-06:50:54,30) [ksmd]
(root,0,0,00:00:04/3-06:50:54,31) [khugepaged]
(root,0,0,00:00:00/3-06:50:54,32) [kintegrityd]
(root,0,0,00:00:00/3-06:50:54,33) [kblockd]
(root,0,0,00:00:00/3-06:50:54,34) [blkcg_punt_bio]
(root,0,0,00:00:00/3-06:50:54,35) [tpm_dev_wq]
(root,0,0,00:00:00/3-06:50:54,36) [edac-poller]
(root,0,0,00:00:00/3-06:50:54,37) [devfreq_wq]
(root,0,0,00:00:10/3-06:50:54,38) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/3-06:50:54,39) [kswapd0]
(root,0,0,00:00:00/3-06:50:53,45) [kthrotld]
(root,0,0,00:00:00/3-06:50:53,47) [acpi_thermal_pm]
(root,0,0,00:00:00/3-06:50:53,48) [mld]
(root,0,0,00:00:00/3-06:50:53,49) [ipv6_addrconf]
(root,0,0,00:00:00/3-06:50:53,54) [kstrp]
(root,0,0,00:00:00/3-06:50:53,59) [zswap-shrink]
(root,0,0,00:00:00/3-06:50:53,60) [kworker/u481:0]
(root,0,0,00:00:00/3-06:50:53,120) [hv_vmbus_con]
(root,0,0,00:00:00/3-06:50:53,123) [hv_vmbus_rescin]
(root,0,0,00:00:00/3-06:50:53,124) [hv_pri_chan]
(root,0,0,00:00:00/3-06:50:53,125) [hv_sub_chan]
(root,0,0,00:00:00/3-06:50:53,127) [scsi_eh_0]
(root,0,0,00:00:00/3-06:50:53,128) [scsi_tmf_0]
(root,0,0,00:00:07/3-06:50:52,166) [jbd2/sda2-8]
(root,0,0,00:00:00/3-06:50:52,167) [ext4-rsv-conver]
(root,217712,164676,00:02:43/3-06:50:52,211) /lib/systemd/systemd-journald
(root,26924,5624,00:00:00/3-06:50:51,234) /lib/systemd/systemd-udevd
(root,0,0,00:00:07/3-06:50:51,271) [hv_balloon]
(root,3108,1880,00:00:29/3-06:50:51,287) /usr/sbin/hv_kvp_daemon -n
(systemd-timesync,90084,6492,00:00:01/3-06:50:51,325) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00/3-06:50:51,338) [cryptd]
(messagebus,8036,4216,00:04:18/3-06:50:50,450) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,2460,892,00:00:00/3-06:50:50,454) /usr/sbin/hv_vss_daemon -n
(root,221788,4700,00:00:41/3-06:50:50,457) /usr/sbin/rsyslogd -n -iNONE
(root,17044,8184,00:02:16/3-06:50:50,458) /lib/systemd/systemd-logind
(root,1727092,51572,00:02:49/3-06:50:50,489) /usr/bin/containerd
(root,0,0,00:00:00/3-06:50:50,500) [cifsiod]
(root,0,0,00:00:00/3-06:50:50,502) [smb3decryptd]
(root,0,0,00:00:00/3-06:50:50,504) [cifsfileinfoput]
(root,0,0,00:00:00/3-06:50:50,505) [cifsoplockd]
(root,0,0,00:00:00/3-06:50:50,506) [deferredclose]
(root,0,0,00:00:00/3-06:50:50,508) [serverclose]
(root,0,0,00:01:56/3-06:50:50,514) [cifsd]
(root,15560,9100,00:00:36/3-06:50:50,538) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,6608,2644,00:00:00/3-06:50:50,554) /usr/sbin/cron -f
(root,5872,1000,00:00:00/3-06:50:50,560) /sbin/agetty -o -p -- \u --noclear - linux
(root,9268,6472,00:00:00/3-06:50:50,570) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,1986996,88048,00:03:10/3-06:50:49,577) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(root,1238196,14784,00:04:21/3-06:41:38,1852) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 8c65228167aeacfff544f8cfed652e0642334c6c9cfed8a60f1d0565e5de1126 -address /run/containerd/containerd.sock
(root,1155896,175492,00:22:35/3-06:41:38,1873) minio server --console-address :9001 /data
(root,1670824,4680,00:00:00/3-06:41:11,1991) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,4648,00:00:00/3-06:41:11,1998) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,8668,00:00:00/3-06:41:11,2008) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,4640,00:00:00/3-06:41:11,2015) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,4748,00:00:00/3-06:41:11,2025) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1670824,6688,00:00:00/3-06:41:11,2033) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1597092,6684,00:00:00/3-06:41:11,2040) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1523360,6600,00:00:00/3-06:41:11,2046) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1238196,16512,00:02:47/3-06:41:11,2097) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 70e54421f4f3bc2d3295cca7ad834de18bab9f75d032a9568bacbfdbe10b6c40 -address /run/containerd/containerd.sock
(root,50572,1976,00:00:00/3-06:41:11,2117) nginx: master process nginx -g daemon off;
(systemd-timesync,52572,7564,00:00:04/3-06:41:10,2168) nginx: worker process
(systemd-timesync,50876,1604,00:00:01/3-06:41:10,2169) nginx: cache manager process
(root,0,0,00:00:01/02:01:18,593862) [kworker/0:2-events]
(root,0,0,00:00:01/01:49:12,595414) [kworker/0:1-deferredclose]
(root,0,0,00:00:00/01:06:12,601145) [kworker/0:0-events]
(root,0,0,00:00:00/55:12,602659) [kworker/0:4-events]
(root,0,0,00:00:01/42:16,604321) [kworker/u480:0-flush-cifs-1]
(root,0,0,00:00:00/20:40,607079) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/16:12,607673) [kworker/0:3-cgroup_destroy]
(root,0,0,00:00:00/09:40,608456) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/04:16,609117) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/03:33,609190) [kworker/0:5]
(root,19024,10712,00:00:00/00:12,609608) /lib/systemd/systemd --user
(root,168516,3308,00:00:00/00:12,609609) (sd-pam)
(root,7064,3380,00:00:00/00:00,609657) /bin/bash /usr/bin/check_mk_agent
(root,7064,3360,00:00:00/00:00,609678) /bin/bash /usr/bin/check_mk_agent
(root,7064,3392,00:00:00/00:00,609713) /bin/bash /usr/bin/check_mk_agent
(root,8088,3896,00:00:00/00:00,609747) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1056,00:00:00/00:00,609748) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:ee:21:7d:ea brd ff:ff:ff:ff:ff:ff
5: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:23:27:b8:c1 brd ff:ff:ff:ff:ff:ff
9: veth57beb38@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether ce:cf:c9:68:2f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
11: vethdba3fdc@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 82:f2:f7:52:f9:37 brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-11-21 21:59

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9c6ca79c2

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,102308,12336,00:04:10/1-10:27:28,1) /sbin/init
(root,0,0,00:00:00/1-10:27:28,2) [kthreadd]
(root,0,0,00:00:00/1-10:27:28,3) [rcu_gp]
(root,0,0,00:00:00/1-10:27:28,4) [rcu_par_gp]
(root,0,0,00:00:00/1-10:27:28,5) [slub_flushwq]
(root,0,0,00:00:00/1-10:27:28,6) [netns]
(root,0,0,00:00:00/1-10:27:28,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/1-10:27:28,10) [mm_percpu_wq]
(root,0,0,00:00:00/1-10:27:28,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/1-10:27:28,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/1-10:27:28,13) [rcu_tasks_trace_kthread]
(root,0,0,00:00:25/1-10:27:28,14) [ksoftirqd/0]
(root,0,0,00:00:28/1-10:27:28,15) [rcu_preempt]
(root,0,0,00:00:00/1-10:27:28,16) [migration/0]
(root,0,0,00:00:00/1-10:27:28,18) [cpuhp/0]
(root,0,0,00:00:00/1-10:27:28,20) [kdevtmpfs]
(root,0,0,00:00:00/1-10:27:28,21) [inet_frag_wq]
(root,0,0,00:00:00/1-10:27:28,22) [kauditd]
(root,0,0,00:00:00/1-10:27:28,24) [khungtaskd]
(root,0,0,00:00:00/1-10:27:28,26) [oom_reaper]
(root,0,0,00:00:00/1-10:27:28,27) [writeback]
(root,0,0,00:00:05/1-10:27:28,29) [kcompactd0]
(root,0,0,00:00:00/1-10:27:28,30) [ksmd]
(root,0,0,00:00:02/1-10:27:28,31) [khugepaged]
(root,0,0,00:00:00/1-10:27:28,32) [kintegrityd]
(root,0,0,00:00:00/1-10:27:28,33) [kblockd]
(root,0,0,00:00:00/1-10:27:28,34) [blkcg_punt_bio]
(root,0,0,00:00:00/1-10:27:28,35) [tpm_dev_wq]
(root,0,0,00:00:00/1-10:27:28,36) [edac-poller]
(root,0,0,00:00:00/1-10:27:28,37) [devfreq_wq]
(root,0,0,00:00:04/1-10:27:28,38) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/1-10:27:28,39) [kswapd0]
(root,0,0,00:00:00/1-10:27:28,45) [kthrotld]
(root,0,0,00:00:00/1-10:27:28,47) [acpi_thermal_pm]
(root,0,0,00:00:00/1-10:27:28,48) [mld]
(root,0,0,00:00:00/1-10:27:28,49) [ipv6_addrconf]
(root,0,0,00:00:00/1-10:27:28,54) [kstrp]
(root,0,0,00:00:00/1-10:27:28,59) [zswap-shrink]
(root,0,0,00:00:00/1-10:27:28,60) [kworker/u481:0]
(root,0,0,00:00:00/1-10:27:27,120) [hv_vmbus_con]
(root,0,0,00:00:00/1-10:27:27,123) [hv_vmbus_rescin]
(root,0,0,00:00:00/1-10:27:27,124) [hv_pri_chan]
(root,0,0,00:00:00/1-10:27:27,125) [hv_sub_chan]
(root,0,0,00:00:00/1-10:27:27,127) [scsi_eh_0]
(root,0,0,00:00:00/1-10:27:27,128) [scsi_tmf_0]
(root,0,0,00:00:03/1-10:27:27,166) [jbd2/sda2-8]
(root,0,0,00:00:00/1-10:27:27,167) [ext4-rsv-conver]
(root,164392,127156,00:01:16/1-10:27:26,211) /lib/systemd/systemd-journald
(root,26924,6752,00:00:00/1-10:27:26,234) /lib/systemd/systemd-udevd
(root,0,0,00:00:03/1-10:27:25,271) [hv_balloon]
(root,3108,1936,00:00:12/1-10:27:25,287) /usr/sbin/hv_kvp_daemon -n
(systemd-timesync,90084,6588,00:00:00/1-10:27:25,325) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00/1-10:27:25,338) [cryptd]
(messagebus,8036,4272,00:02:00/1-10:27:25,450) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,2460,892,00:00:00/1-10:27:25,454) /usr/sbin/hv_vss_daemon -n
(root,221788,4872,00:00:19/1-10:27:25,457) /usr/sbin/rsyslogd -n -iNONE
(root,17036,8180,00:01:02/1-10:27:25,458) /lib/systemd/systemd-logind
(root,1727092,51268,00:01:14/1-10:27:24,489) /usr/bin/containerd
(root,0,0,00:00:00/1-10:27:24,500) [cifsiod]
(root,0,0,00:00:00/1-10:27:24,502) [smb3decryptd]
(root,0,0,00:00:00/1-10:27:24,504) [cifsfileinfoput]
(root,0,0,00:00:00/1-10:27:24,505) [cifsoplockd]
(root,0,0,00:00:00/1-10:27:24,506) [deferredclose]
(root,0,0,00:00:00/1-10:27:24,508) [serverclose]
(root,0,0,00:00:50/1-10:27:24,514) [cifsd]
(root,15560,9272,00:00:17/1-10:27:24,538) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,6608,2736,00:00:00/1-10:27:24,554) /usr/sbin/cron -f
(root,5872,1000,00:00:00/1-10:27:24,560) /sbin/agetty -o -p -- \u --noclear - linux
(root,9268,6568,00:00:00/1-10:27:24,570) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,1986996,87488,00:01:23/1-10:27:24,577) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(root,1238196,14952,00:01:53/1-10:18:12,1852) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 8c65228167aeacfff544f8cfed652e0642334c6c9cfed8a60f1d0565e5de1126 -address /run/containerd/containerd.sock
(root,1155640,175492,00:09:50/1-10:18:12,1873) minio server --console-address :9001 /data
(root,1670824,4680,00:00:00/1-10:17:45,1991) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,4648,00:00:00/1-10:17:45,1998) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.3 -container-port 80
(root,1670824,8668,00:00:00/1-10:17:45,2008) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,4640,00:00:00/1-10:17:45,2015) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.3 -container-port 443
(root,1670824,4748,00:00:00/1-10:17:45,2025) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1670824,6688,00:00:00/1-10:17:45,2033) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.3 -container-port 9000
(root,1597092,6684,00:00:00/1-10:17:45,2040) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1523360,6600,00:00:00/1-10:17:45,2046) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.3 -container-port 9001
(root,1238196,16512,00:01:12/1-10:17:45,2097) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 70e54421f4f3bc2d3295cca7ad834de18bab9f75d032a9568bacbfdbe10b6c40 -address /run/containerd/containerd.sock
(root,50572,6124,00:00:00/1-10:17:45,2117) nginx: master process nginx -g daemon off;
(systemd-timesync,52548,7740,00:00:00/1-10:17:44,2168) nginx: worker process
(systemd-timesync,50876,2216,00:00:00/1-10:17:44,2169) nginx: cache manager process
(root,0,0,00:00:03/04:31:46,240041) [kworker/0:4-deferredclose]
(root,0,0,00:00:02/02:02:47,260770) [kworker/0:2-rcu_gp]
(root,0,0,00:00:01/01:02:14,268433) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/43:47,270773) [kworker/0:3-events]
(root,0,0,00:00:00/30:51,272424) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/12:46,274688) [kworker/0:1-deferredclose]
(root,0,0,00:00:00/10:14,274992) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/04:14,275743) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/02:09,276009) [kworker/0:0-events]
(root,0,0,00:00:00/02:09,276010) [kworker/0:5-events]
(root,0,0,00:00:00/00:09,276244) [kworker/0:6]
(root,7064,3528,00:00:00/00:00,276297) /bin/bash /usr/bin/check_mk_agent
(root,7064,3460,00:00:00/00:00,276330) /bin/bash /usr/bin/check_mk_agent
(root,6940,3072,00:00:00/00:00,276367) pgrep crmd
(root,8088,3912,00:00:00/00:00,276368) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1032,00:00:00/00:00,276369) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:ee:21:7d:ea brd ff:ff:ff:ff:ff:ff
5: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:23:27:b8:c1 brd ff:ff:ff:ff:ff:ff
9: veth57beb38@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether ce:cf:c9:68:2f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
11: vethdba3fdc@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 82:f2:f7:52:f9:37 brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-11-20 01:36

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9adbfbf64

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9120,21:15:30/418-04:09:14,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:09/418-04:09:14,2) [kthreadd]
(root,0,0,00:00:00/418-04:09:14,3) [rcu_gp]
(root,0,0,00:00:00/418-04:09:14,4) [rcu_par_gp]
(root,0,0,00:00:00/418-04:09:14,5) [slub_flushwq]
(root,0,0,00:00:00/418-04:09:14,6) [netns]
(root,0,0,00:00:00/418-04:09:14,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/418-04:09:14,10) [mm_percpu_wq]
(root,0,0,00:00:00/418-04:09:14,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/418-04:09:14,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/418-04:09:14,13) [rcu_tasks_trace_kthread]
(root,0,0,02:16:25/418-04:09:14,14) [ksoftirqd/0]
(root,0,0,02:13:52/418-04:09:14,15) [rcu_preempt]
(root,0,0,00:03:44/418-04:09:14,16) [migration/0]
(root,0,0,00:00:00/418-04:09:14,18) [cpuhp/0]
(root,0,0,00:00:00/418-04:09:14,20) [kdevtmpfs]
(root,0,0,00:00:00/418-04:09:14,21) [inet_frag_wq]
(root,0,0,00:00:00/418-04:09:14,22) [kauditd]
(root,0,0,00:00:14/418-04:09:14,24) [khungtaskd]
(root,0,0,00:00:00/418-04:09:14,26) [oom_reaper]
(root,0,0,00:00:00/418-04:09:14,27) [writeback]
(root,0,0,01:04:40/418-04:09:14,29) [kcompactd0]
(root,0,0,00:00:00/418-04:09:14,30) [ksmd]
(root,0,0,00:09:48/418-04:09:14,31) [khugepaged]
(root,0,0,00:00:00/418-04:09:14,32) [kintegrityd]
(root,0,0,00:00:00/418-04:09:14,33) [kblockd]
(root,0,0,00:00:00/418-04:09:14,34) [blkcg_punt_bio]
(root,0,0,00:00:00/418-04:09:14,35) [tpm_dev_wq]
(root,0,0,00:00:00/418-04:09:14,36) [edac-poller]
(root,0,0,00:00:00/418-04:09:14,37) [devfreq_wq]
(root,0,0,00:24:28/418-04:09:14,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:39/418-04:09:14,39) [kswapd0]
(root,0,0,00:00:00/418-04:09:13,45) [kthrotld]
(root,0,0,00:00:00/418-04:09:13,47) [acpi_thermal_pm]
(root,0,0,00:00:00/418-04:09:13,48) [mld]
(root,0,0,00:00:00/418-04:09:13,49) [ipv6_addrconf]
(root,0,0,00:00:00/418-04:09:13,54) [kstrp]
(root,0,0,00:00:00/418-04:09:13,59) [zswap-shrink]
(root,0,0,00:00:00/418-04:09:13,60) [kworker/u481:0]
(root,0,0,00:00:00/418-04:09:12,120) [hv_vmbus_con]
(root,0,0,00:00:00/418-04:09:12,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/418-04:09:12,122) [hv_pri_chan]
(root,0,0,00:00:00/418-04:09:12,123) [hv_sub_chan]
(root,0,0,00:00:00/418-04:09:12,127) [scsi_eh_0]
(root,0,0,00:00:00/418-04:09:12,128) [scsi_tmf_0]
(root,0,0,00:17:07/418-04:09:12,167) [jbd2/sda2-8]
(root,0,0,00:00:00/418-04:09:12,168) [ext4-rsv-conver]
(root,0,0,00:19:33/418-04:09:10,276) [hv_balloon]
(root,0,0,00:00:00/418-04:09:09,330) [cryptd]
(messagebus,8260,2876,10:36:35/418-04:09:08,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3444,05:29:46/418-04:09:08,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/418-04:09:08,519) [cifsiod]
(root,0,0,00:00:00/418-04:09:08,520) [smb3decryptd]
(root,0,0,00:00:00/418-04:09:08,521) [cifsfileinfoput]
(root,0,0,00:00:00/418-04:09:08,522) [cifsoplockd]
(root,0,0,00:00:00/418-04:09:08,523) [deferredclose]
(root,0,0,02:54:54/418-04:09:08,527) [cifsd]
(root,6608,1904,00:01:07/418-04:09:08,543) /usr/sbin/cron -f
(root,9268,1176,00:04:53/418-04:09:08,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/418-03:47:31,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,0,0,00:00:01/01:26:16,143991) [kworker/0:1-deferredclose]
(root,0,0,00:00:01/01:15:54,145603) [kworker/0:5-deferredclose]
(root,0,0,00:00:01/42:55,150400) [kworker/u480:2-flush-8:0]
(root,0,0,00:00:00/40:15,150822) [kworker/0:3-cgroup_destroy]
(root,0,0,00:00:00/34:15,151710) [kworker/0:0-events]
(root,0,0,00:00:00/11:23,154997) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/10:15,155226) [kworker/0:2-events]
(root,0,0,00:00:00/06:07,155791) [kworker/u480:3-events_unbound]
(root,15540,8920,00:00:00/01:30,156434) sshd: [accepted]
(root,0,0,00:00:00/01:07,156522) [kworker/u480:0-events_unbound]
(root,15540,9148,00:00:00/00:54,156554) sshd: [accepted]
(root,0,0,00:00:00/00:44,156555) [kworker/u480:4-events_unbound]
(root,15540,9180,00:00:00/00:23,156599) sshd: [accepted]
(root,0,0,00:00:00/00:15,156627) [kworker/0:4-cgwb_release]
(root,7064,3320,00:00:00/00:00,156674) /bin/bash /usr/bin/check_mk_agent
(root,7064,3344,00:00:00/00:00,156695) /bin/bash /usr/bin/check_mk_agent
(root,7064,3272,00:00:00/00:00,156732) /bin/bash /usr/bin/check_mk_agent
(root,8088,3928,00:00:00/00:00,156765) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1024,00:00:00/00:00,156766) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,26628,3352,00:00:29/206-16:55:22,1010560) /lib/systemd/systemd-udevd
(root,1798892,20344,02:46:08/206-16:55:21,1010607) /usr/bin/containerd
(root,15540,3772,00:38:12/206-16:55:16,1010859) sshd: /usr/sbin/sshd -D [listener] 3 of 10-100 startups
(root,250732,188264,03:12:20/206-16:55:14,1010932) /lib/systemd/systemd-journald
(root,2003420,44080,03:05:41/206-16:55:11,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2156,00:01:21/206-16:55:08,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4396,00:53:19/206-16:52:09,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,4476,00:00:01/15-20:45:52,1142353) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,4492,00:00:01/15-20:45:52,1142358) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1597832,4588,00:00:01/15-20:45:52,1142373) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,4536,00:00:01/15-20:45:52,1142378) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,3520,00:00:01/15-20:45:52,1142392) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,2572,00:00:01/15-20:45:52,1142397) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,1624,00:00:01/15-20:45:52,1142412) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1671564,4600,00:00:01/15-20:45:52,1142417) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,12544,00:09:12/15-20:45:52,1142440) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,3856,00:00:00/15-20:45:52,1142462) nginx: master process nginx -g daemon off;
(systemd-timesync,52048,6640,00:00:11/15-20:45:51,1142513) nginx: worker process
(systemd-timesync,50340,1660,00:00:09/15-20:45:51,1142514) nginx: cache manager process
(root,0,0,00:00:00/375-01:39:13,2399694) [tls-strp]
(root,1236472,9800,02:31:37/136-16:18:12,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,130608,16:03:23/136-16:18:12,2912964) minio server --console-address :9001 /data

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
37: vethd0e66b0@if36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 0e:0f:5b:57:10:bb brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-11-18 00:45

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df958918914

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9116,21:08:24/416-04:58:31,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:09/416-04:58:31,2) [kthreadd]
(root,0,0,00:00:00/416-04:58:31,3) [rcu_gp]
(root,0,0,00:00:00/416-04:58:31,4) [rcu_par_gp]
(root,0,0,00:00:00/416-04:58:31,5) [slub_flushwq]
(root,0,0,00:00:00/416-04:58:31,6) [netns]
(root,0,0,00:00:00/416-04:58:31,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/416-04:58:31,10) [mm_percpu_wq]
(root,0,0,00:00:00/416-04:58:31,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/416-04:58:31,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/416-04:58:31,13) [rcu_tasks_trace_kthread]
(root,0,0,02:15:40/416-04:58:31,14) [ksoftirqd/0]
(root,0,0,02:13:00/416-04:58:31,15) [rcu_preempt]
(root,0,0,00:03:42/416-04:58:31,16) [migration/0]
(root,0,0,00:00:00/416-04:58:31,18) [cpuhp/0]
(root,0,0,00:00:00/416-04:58:31,20) [kdevtmpfs]
(root,0,0,00:00:00/416-04:58:31,21) [inet_frag_wq]
(root,0,0,00:00:00/416-04:58:31,22) [kauditd]
(root,0,0,00:00:14/416-04:58:31,24) [khungtaskd]
(root,0,0,00:00:00/416-04:58:31,26) [oom_reaper]
(root,0,0,00:00:00/416-04:58:31,27) [writeback]
(root,0,0,01:04:13/416-04:58:31,29) [kcompactd0]
(root,0,0,00:00:00/416-04:58:31,30) [ksmd]
(root,0,0,00:09:41/416-04:58:31,31) [khugepaged]
(root,0,0,00:00:00/416-04:58:31,32) [kintegrityd]
(root,0,0,00:00:00/416-04:58:31,33) [kblockd]
(root,0,0,00:00:00/416-04:58:31,34) [blkcg_punt_bio]
(root,0,0,00:00:00/416-04:58:31,35) [tpm_dev_wq]
(root,0,0,00:00:00/416-04:58:31,36) [edac-poller]
(root,0,0,00:00:00/416-04:58:31,37) [devfreq_wq]
(root,0,0,00:24:21/416-04:58:31,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:39/416-04:58:31,39) [kswapd0]
(root,0,0,00:00:00/416-04:58:31,45) [kthrotld]
(root,0,0,00:00:00/416-04:58:31,47) [acpi_thermal_pm]
(root,0,0,00:00:00/416-04:58:31,48) [mld]
(root,0,0,00:00:00/416-04:58:31,49) [ipv6_addrconf]
(root,0,0,00:00:00/416-04:58:31,54) [kstrp]
(root,0,0,00:00:00/416-04:58:31,59) [zswap-shrink]
(root,0,0,00:00:00/416-04:58:31,60) [kworker/u481:0]
(root,0,0,00:00:00/416-04:58:30,120) [hv_vmbus_con]
(root,0,0,00:00:00/416-04:58:30,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/416-04:58:30,122) [hv_pri_chan]
(root,0,0,00:00:00/416-04:58:30,123) [hv_sub_chan]
(root,0,0,00:00:00/416-04:58:30,127) [scsi_eh_0]
(root,0,0,00:00:00/416-04:58:30,128) [scsi_tmf_0]
(root,0,0,00:17:03/416-04:58:29,167) [jbd2/sda2-8]
(root,0,0,00:00:00/416-04:58:29,168) [ext4-rsv-conver]
(root,0,0,00:19:28/416-04:58:27,276) [hv_balloon]
(root,0,0,00:00:00/416-04:58:26,330) [cryptd]
(messagebus,8260,2876,10:33:12/416-04:58:26,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3444,05:28:04/416-04:58:26,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/416-04:58:25,519) [cifsiod]
(root,0,0,00:00:00/416-04:58:25,520) [smb3decryptd]
(root,0,0,00:00:00/416-04:58:25,521) [cifsfileinfoput]
(root,0,0,00:00:00/416-04:58:25,522) [cifsoplockd]
(root,0,0,00:00:00/416-04:58:25,523) [deferredclose]
(root,0,0,02:53:40/416-04:58:25,527) [cifsd]
(root,6608,1904,00:01:07/416-04:58:25,543) /usr/sbin/cron -f
(root,9268,1176,00:04:52/416-04:58:25,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/416-04:36:49,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3352,00:00:29/204-17:44:39,1010560) /lib/systemd/systemd-udevd
(root,1798892,20420,02:44:16/204-17:44:38,1010607) /usr/bin/containerd
(root,15540,3772,00:37:28/204-17:44:34,1010859) sshd: /usr/sbin/sshd -D [listener] 1 of 10-100 startups
(root,193252,140400,03:09:59/204-17:44:32,1010932) /lib/systemd/systemd-journald
(root,2003420,44640,03:03:19/204-17:44:29,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2160,00:01:20/204-17:44:26,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4396,00:52:41/204-17:41:27,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,4476,00:00:00/13-21:35:10,1142353) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,4492,00:00:00/13-21:35:10,1142358) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1597832,4692,00:00:01/13-21:35:10,1142373) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,4536,00:00:01/13-21:35:10,1142378) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,3520,00:00:01/13-21:35:10,1142392) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,2572,00:00:01/13-21:35:10,1142397) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,1624,00:00:01/13-21:35:10,1142412) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1671564,4600,00:00:01/13-21:35:10,1142417) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,12576,00:08:03/13-21:35:10,1142440) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,3952,00:00:00/13-21:35:09,1142462) nginx: master process nginx -g daemon off;
(systemd-timesync,52080,6880,00:00:09/13-21:35:09,1142513) nginx: worker process
(systemd-timesync,50340,1724,00:00:07/13-21:35:09,1142514) nginx: cache manager process
(root,0,0,00:00:00/373-02:28:31,2399694) [tls-strp]
(root,1236472,9460,02:29:24/134-17:07:30,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,130752,15:49:06/134-17:07:30,2912964) minio server --console-address :9001 /data
(root,0,0,00:00:01/01:28:34,3908394) [kworker/0:4-events]
(root,0,0,00:00:00/01:05:34,3911666) [kworker/0:6-cgroup_destroy]
(root,0,0,00:00:00/43:54,3914705) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/28:13,3916966) [kworker/0:0-rcu_gp]
(root,0,0,00:00:00/22:13,3917766) [kworker/0:1-cgroup_destroy]
(root,0,0,00:00:00/15:13,3918683) [kworker/u480:0-writeback]
(root,0,0,00:00:00/09:55,3919414) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/04:13,3920220) [kworker/u480:2-events_unbound]
(root,15540,9216,00:00:00/00:19,3920804) sshd: [accepted]
(sshd,15540,5156,00:00:00/00:19,3920805) sshd: [net]
(root,18952,10600,00:00:00/00:13,3920826) /lib/systemd/systemd --user
(root,0,0,00:00:00/00:13,3920827) [kworker/0:2-cgroup_destroy]
(root,169660,2644,00:00:00/00:13,3920828) (sd-pam)
(root,7064,3348,00:00:00/00:00,3920884) /bin/bash /usr/bin/check_mk_agent
(root,7064,3308,00:00:00/00:00,3920929) /bin/bash /usr/bin/check_mk_agent
(root,8088,3888,00:00:00/00:00,3920967) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1092,00:00:00/00:00,3920968) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,6940,3100,00:00:00/00:00,3920970) pgrep crmd

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
37: vethd0e66b0@if36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 0e:0f:5b:57:10:bb brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-11-16 01:34

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df96f4b921d

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9124,21:02:46/414-03:54:53,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:09/414-03:54:53,2) [kthreadd]
(root,0,0,00:00:00/414-03:54:53,3) [rcu_gp]
(root,0,0,00:00:00/414-03:54:53,4) [rcu_par_gp]
(root,0,0,00:00:00/414-03:54:53,5) [slub_flushwq]
(root,0,0,00:00:00/414-03:54:53,6) [netns]
(root,0,0,00:00:00/414-03:54:53,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/414-03:54:53,10) [mm_percpu_wq]
(root,0,0,00:00:00/414-03:54:53,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/414-03:54:53,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/414-03:54:53,13) [rcu_tasks_trace_kthread]
(root,0,0,02:14:59/414-03:54:53,14) [ksoftirqd/0]
(root,0,0,02:12:08/414-03:54:53,15) [rcu_preempt]
(root,0,0,00:03:41/414-03:54:53,16) [migration/0]
(root,0,0,00:00:00/414-03:54:53,18) [cpuhp/0]
(root,0,0,00:00:00/414-03:54:53,20) [kdevtmpfs]
(root,0,0,00:00:00/414-03:54:53,21) [inet_frag_wq]
(root,0,0,00:00:00/414-03:54:53,22) [kauditd]
(root,0,0,00:00:14/414-03:54:53,24) [khungtaskd]
(root,0,0,00:00:00/414-03:54:53,26) [oom_reaper]
(root,0,0,00:00:00/414-03:54:53,27) [writeback]
(root,0,0,01:03:44/414-03:54:53,29) [kcompactd0]
(root,0,0,00:00:00/414-03:54:53,30) [ksmd]
(root,0,0,00:09:35/414-03:54:53,31) [khugepaged]
(root,0,0,00:00:00/414-03:54:53,32) [kintegrityd]
(root,0,0,00:00:00/414-03:54:53,33) [kblockd]
(root,0,0,00:00:00/414-03:54:53,34) [blkcg_punt_bio]
(root,0,0,00:00:00/414-03:54:53,35) [tpm_dev_wq]
(root,0,0,00:00:00/414-03:54:53,36) [edac-poller]
(root,0,0,00:00:00/414-03:54:53,37) [devfreq_wq]
(root,0,0,00:24:14/414-03:54:53,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:38/414-03:54:53,39) [kswapd0]
(root,0,0,00:00:00/414-03:54:52,45) [kthrotld]
(root,0,0,00:00:00/414-03:54:52,47) [acpi_thermal_pm]
(root,0,0,00:00:00/414-03:54:52,48) [mld]
(root,0,0,00:00:00/414-03:54:52,49) [ipv6_addrconf]
(root,0,0,00:00:00/414-03:54:52,54) [kstrp]
(root,0,0,00:00:00/414-03:54:52,59) [zswap-shrink]
(root,0,0,00:00:00/414-03:54:52,60) [kworker/u481:0]
(root,0,0,00:00:00/414-03:54:51,120) [hv_vmbus_con]
(root,0,0,00:00:00/414-03:54:51,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/414-03:54:51,122) [hv_pri_chan]
(root,0,0,00:00:00/414-03:54:51,123) [hv_sub_chan]
(root,0,0,00:00:00/414-03:54:51,127) [scsi_eh_0]
(root,0,0,00:00:00/414-03:54:51,128) [scsi_tmf_0]
(root,0,0,00:16:58/414-03:54:51,167) [jbd2/sda2-8]
(root,0,0,00:00:00/414-03:54:51,168) [ext4-rsv-conver]
(root,0,0,00:19:22/414-03:54:49,276) [hv_balloon]
(root,0,0,00:00:00/414-03:54:48,330) [cryptd]
(messagebus,8260,2876,10:30:27/414-03:54:47,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3444,05:26:37/414-03:54:47,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/414-03:54:47,519) [cifsiod]
(root,0,0,00:00:00/414-03:54:47,520) [smb3decryptd]
(root,0,0,00:00:00/414-03:54:47,521) [cifsfileinfoput]
(root,0,0,00:00:00/414-03:54:47,522) [cifsoplockd]
(root,0,0,00:00:00/414-03:54:47,523) [deferredclose]
(root,0,0,02:52:24/414-03:54:47,527) [cifsd]
(root,6608,1904,00:01:06/414-03:54:47,543) /usr/sbin/cron -f
(root,9268,1176,00:04:52/414-03:54:46,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/414-03:33:10,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3352,00:00:29/202-16:41:01,1010560) /lib/systemd/systemd-udevd
(root,1798892,20464,02:42:19/202-16:41:00,1010607) /usr/bin/containerd
(root,15540,3772,00:36:35/202-16:40:55,1010859) sshd: /usr/sbin/sshd -D [listener] 1 of 10-100 startups
(root,181028,127560,03:07:56/202-16:40:53,1010932) /lib/systemd/systemd-journald
(root,2003420,45244,03:00:51/202-16:40:50,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2164,00:01:19/202-16:40:47,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4400,00:52:10/202-16:37:48,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,4476,00:00:00/11-20:31:31,1142353) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,4492,00:00:00/11-20:31:31,1142358) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1597832,4512,00:00:01/11-20:31:31,1142373) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,4536,00:00:00/11-20:31:31,1142378) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,3520,00:00:00/11-20:31:31,1142392) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,2572,00:00:00/11-20:31:31,1142397) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,1624,00:00:00/11-20:31:31,1142412) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1671564,4600,00:00:01/11-20:31:31,1142417) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,12616,00:06:50/11-20:31:31,1142440) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,4132,00:00:00/11-20:31:31,1142462) nginx: master process nginx -g daemon off;
(systemd-timesync,52056,7020,00:00:08/11-20:31:30,1142513) nginx: worker process
(systemd-timesync,50340,1820,00:00:06/11-20:31:30,1142514) nginx: cache manager process
(root,0,0,00:00:00/371-01:24:52,2399694) [tls-strp]
(root,1236472,9376,02:27:04/132-16:03:51,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,127784,15:34:14/132-16:03:51,2912964) minio server --console-address :9001 /data
(root,0,0,00:00:00/45:47,3497192) [kworker/0:4-events_power_efficient]
(root,0,0,00:00:00/43:57,3497431) [kworker/0:5-events]
(root,0,0,00:00:01/33:47,3498894) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/31:56,3499120) [kworker/0:3-cgroup_destroy]
(root,0,0,00:00:00/22:47,3500390) [kworker/u480:2-flush-8:0]
(root,0,0,00:00:00/15:57,3501331) [kworker/0:1-cgroup_destroy]
(root,0,0,00:00:00/05:18,3502773) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/04:57,3502775) [kworker/0:0-events]
(root,15544,8812,00:00:00/01:17,3503276) sshd: [accepted]
(sshd,15544,5124,00:00:00/01:17,3503277) sshd: [net]
(root,7064,3388,00:00:00/00:00,3503420) /bin/bash /usr/bin/check_mk_agent
(root,7064,3436,00:00:00/00:00,3503456) /bin/bash /usr/bin/check_mk_agent
(root,8088,3912,00:00:00/00:00,3503490) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1020,00:00:00/00:00,3503491) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
37: vethd0e66b0@if36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 0e:0f:5b:57:10:bb brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-11-14 00:31

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9ccdc5a52

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9120,20:57:15/412-03:41:25,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:09/412-03:41:25,2) [kthreadd]
(root,0,0,00:00:00/412-03:41:25,3) [rcu_gp]
(root,0,0,00:00:00/412-03:41:25,4) [rcu_par_gp]
(root,0,0,00:00:00/412-03:41:25,5) [slub_flushwq]
(root,0,0,00:00:00/412-03:41:25,6) [netns]
(root,0,0,00:00:00/412-03:41:25,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/412-03:41:25,10) [mm_percpu_wq]
(root,0,0,00:00:00/412-03:41:25,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/412-03:41:25,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/412-03:41:25,13) [rcu_tasks_trace_kthread]
(root,0,0,02:14:20/412-03:41:25,14) [ksoftirqd/0]
(root,0,0,02:11:19/412-03:41:25,15) [rcu_preempt]
(root,0,0,00:03:40/412-03:41:25,16) [migration/0]
(root,0,0,00:00:00/412-03:41:25,18) [cpuhp/0]
(root,0,0,00:00:00/412-03:41:25,20) [kdevtmpfs]
(root,0,0,00:00:00/412-03:41:25,21) [inet_frag_wq]
(root,0,0,00:00:00/412-03:41:25,22) [kauditd]
(root,0,0,00:00:14/412-03:41:25,24) [khungtaskd]
(root,0,0,00:00:00/412-03:41:25,26) [oom_reaper]
(root,0,0,00:00:00/412-03:41:25,27) [writeback]
(root,0,0,01:03:16/412-03:41:25,29) [kcompactd0]
(root,0,0,00:00:00/412-03:41:25,30) [ksmd]
(root,0,0,00:09:29/412-03:41:25,31) [khugepaged]
(root,0,0,00:00:00/412-03:41:25,32) [kintegrityd]
(root,0,0,00:00:00/412-03:41:25,33) [kblockd]
(root,0,0,00:00:00/412-03:41:25,34) [blkcg_punt_bio]
(root,0,0,00:00:00/412-03:41:25,35) [tpm_dev_wq]
(root,0,0,00:00:00/412-03:41:25,36) [edac-poller]
(root,0,0,00:00:00/412-03:41:25,37) [devfreq_wq]
(root,0,0,00:24:07/412-03:41:25,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:38/412-03:41:25,39) [kswapd0]
(root,0,0,00:00:00/412-03:41:25,45) [kthrotld]
(root,0,0,00:00:00/412-03:41:25,47) [acpi_thermal_pm]
(root,0,0,00:00:00/412-03:41:24,48) [mld]
(root,0,0,00:00:00/412-03:41:24,49) [ipv6_addrconf]
(root,0,0,00:00:00/412-03:41:24,54) [kstrp]
(root,0,0,00:00:00/412-03:41:24,59) [zswap-shrink]
(root,0,0,00:00:00/412-03:41:24,60) [kworker/u481:0]
(root,0,0,00:00:00/412-03:41:24,120) [hv_vmbus_con]
(root,0,0,00:00:00/412-03:41:24,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/412-03:41:24,122) [hv_pri_chan]
(root,0,0,00:00:00/412-03:41:24,123) [hv_sub_chan]
(root,0,0,00:00:00/412-03:41:23,127) [scsi_eh_0]
(root,0,0,00:00:00/412-03:41:23,128) [scsi_tmf_0]
(root,0,0,00:16:53/412-03:41:23,167) [jbd2/sda2-8]
(root,0,0,00:00:00/412-03:41:23,168) [ext4-rsv-conver]
(root,0,0,00:19:16/412-03:41:21,276) [hv_balloon]
(root,0,0,00:00:00/412-03:41:20,330) [cryptd]
(messagebus,8260,2876,10:27:44/412-03:41:19,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3444,05:25:11/412-03:41:19,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/412-03:41:19,519) [cifsiod]
(root,0,0,00:00:00/412-03:41:19,520) [smb3decryptd]
(root,0,0,00:00:00/412-03:41:19,521) [cifsfileinfoput]
(root,0,0,00:00:00/412-03:41:19,522) [cifsoplockd]
(root,0,0,00:00:00/412-03:41:19,523) [deferredclose]
(root,0,0,02:51:09/412-03:41:19,527) [cifsd]
(root,6608,1904,00:01:06/412-03:41:19,543) /usr/sbin/cron -f
(root,9268,1176,00:04:51/412-03:41:19,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/412-03:19:42,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3352,00:00:28/200-16:27:33,1010560) /lib/systemd/systemd-udevd
(root,1798892,20332,02:40:23/200-16:27:32,1010607) /usr/bin/containerd
(root,15540,3772,00:35:46/200-16:27:27,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,172820,123352,03:05:50/200-16:27:26,1010932) /lib/systemd/systemd-journald
(root,2003420,46656,02:58:25/200-16:27:22,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2168,00:01:18/200-16:27:20,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4432,00:51:38/200-16:24:21,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,4640,00:00:00/9-20:18:04,1142353) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,6704,00:00:00/9-20:18:04,1142358) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1597832,6724,00:00:01/9-20:18:04,1142373) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,4700,00:00:00/9-20:18:04,1142378) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,3684,00:00:00/9-20:18:04,1142392) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,2736,00:00:00/9-20:18:04,1142397) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,1788,00:00:00/9-20:18:03,1142412) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1671564,4764,00:00:01/9-20:18:03,1142417) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,12884,00:05:39/9-20:18:03,1142440) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,4216,00:00:00/9-20:18:03,1142462) nginx: master process nginx -g daemon off;
(systemd-timesync,52044,6972,00:00:07/9-20:18:02,1142513) nginx: worker process
(systemd-timesync,50340,1828,00:00:05/9-20:18:02,1142514) nginx: cache manager process
(root,0,0,00:00:00/369-01:11:25,2399694) [tls-strp]
(root,1236472,9540,02:24:46/130-15:50:24,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,129268,15:19:36/130-15:50:24,2912964) minio server --console-address :9001 /data
(root,0,0,00:00:04/02:10:56,3080979) [kworker/u480:3-events_unbound]
(root,0,0,00:00:01/02:03:31,3082157) [kworker/0:3-events]
(root,0,0,00:00:01/01:47:58,3084273) [kworker/0:0-cgroup_destroy]
(root,0,0,00:00:00/48:40,3092752) [kworker/0:4-cgroup_destroy]
(root,0,0,00:00:00/41:31,3093716) [kworker/0:2-events]
(root,0,0,00:00:00/32:31,3094954) [kworker/0:1-deferredclose]
(root,0,0,00:00:00/18:06,3096924) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/12:49,3097627) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/05:48,3098588) [kworker/u480:1-writeback]
(root,18952,10780,00:00:00/00:06,3099313) /lib/systemd/systemd --user
(root,169660,2648,00:00:00/00:06,3099314) (sd-pam)
(root,17660,11004,00:00:00/00:05,3099341) sshd: root@pts/2
(root,3200,1880,00:00:00/00:05,3099347) /bin/nc -w 5 miljogiraff-simapro 6556
(root,7064,3432,00:00:00/00:00,3099441) /bin/bash /usr/bin/check_mk_agent
(root,8088,3860,00:00:00/00:00,3099459) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1020,00:00:00/00:00,3099460) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
37: vethd0e66b0@if36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 0e:0f:5b:57:10:bb brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-11-12 00:17

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9548d0e35

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9116,20:51:59/410-04:21:45,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:09/410-04:21:45,2) [kthreadd]
(root,0,0,00:00:00/410-04:21:45,3) [rcu_gp]
(root,0,0,00:00:00/410-04:21:45,4) [rcu_par_gp]
(root,0,0,00:00:00/410-04:21:45,5) [slub_flushwq]
(root,0,0,00:00:00/410-04:21:45,6) [netns]
(root,0,0,00:00:00/410-04:21:45,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/410-04:21:45,10) [mm_percpu_wq]
(root,0,0,00:00:00/410-04:21:45,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/410-04:21:45,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/410-04:21:45,13) [rcu_tasks_trace_kthread]
(root,0,0,02:13:44/410-04:21:45,14) [ksoftirqd/0]
(root,0,0,02:10:34/410-04:21:45,15) [rcu_preempt]
(root,0,0,00:03:39/410-04:21:45,16) [migration/0]
(root,0,0,00:00:00/410-04:21:45,18) [cpuhp/0]
(root,0,0,00:00:00/410-04:21:45,20) [kdevtmpfs]
(root,0,0,00:00:00/410-04:21:45,21) [inet_frag_wq]
(root,0,0,00:00:00/410-04:21:45,22) [kauditd]
(root,0,0,00:00:14/410-04:21:45,24) [khungtaskd]
(root,0,0,00:00:00/410-04:21:45,26) [oom_reaper]
(root,0,0,00:00:00/410-04:21:45,27) [writeback]
(root,0,0,01:02:49/410-04:21:45,29) [kcompactd0]
(root,0,0,00:00:00/410-04:21:45,30) [ksmd]
(root,0,0,00:09:25/410-04:21:45,31) [khugepaged]
(root,0,0,00:00:00/410-04:21:45,32) [kintegrityd]
(root,0,0,00:00:00/410-04:21:45,33) [kblockd]
(root,0,0,00:00:00/410-04:21:45,34) [blkcg_punt_bio]
(root,0,0,00:00:00/410-04:21:45,35) [tpm_dev_wq]
(root,0,0,00:00:00/410-04:21:45,36) [edac-poller]
(root,0,0,00:00:00/410-04:21:45,37) [devfreq_wq]
(root,0,0,00:24:00/410-04:21:45,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:38/410-04:21:45,39) [kswapd0]
(root,0,0,00:00:00/410-04:21:44,45) [kthrotld]
(root,0,0,00:00:00/410-04:21:44,47) [acpi_thermal_pm]
(root,0,0,00:00:00/410-04:21:44,48) [mld]
(root,0,0,00:00:00/410-04:21:44,49) [ipv6_addrconf]
(root,0,0,00:00:00/410-04:21:44,54) [kstrp]
(root,0,0,00:00:00/410-04:21:44,59) [zswap-shrink]
(root,0,0,00:00:00/410-04:21:44,60) [kworker/u481:0]
(root,0,0,00:00:00/410-04:21:44,120) [hv_vmbus_con]
(root,0,0,00:00:00/410-04:21:44,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/410-04:21:43,122) [hv_pri_chan]
(root,0,0,00:00:00/410-04:21:43,123) [hv_sub_chan]
(root,0,0,00:00:00/410-04:21:43,127) [scsi_eh_0]
(root,0,0,00:00:00/410-04:21:43,128) [scsi_tmf_0]
(root,0,0,00:16:49/410-04:21:43,167) [jbd2/sda2-8]
(root,0,0,00:00:00/410-04:21:43,168) [ext4-rsv-conver]
(root,0,0,00:19:11/410-04:21:41,276) [hv_balloon]
(root,0,0,00:00:00/410-04:21:40,330) [cryptd]
(messagebus,8260,2876,10:25:07/410-04:21:39,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,05:23:48/410-04:21:39,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/410-04:21:39,519) [cifsiod]
(root,0,0,00:00:00/410-04:21:39,520) [smb3decryptd]
(root,0,0,00:00:00/410-04:21:39,521) [cifsfileinfoput]
(root,0,0,00:00:00/410-04:21:39,522) [cifsoplockd]
(root,0,0,00:00:00/410-04:21:39,523) [deferredclose]
(root,0,0,02:49:55/410-04:21:39,527) [cifsd]
(root,6608,1904,00:01:06/410-04:21:39,543) /usr/sbin/cron -f
(root,9268,1176,00:04:51/410-04:21:39,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/410-04:00:02,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3352,00:00:28/198-17:07:53,1010560) /lib/systemd/systemd-udevd
(root,1798892,20360,02:38:30/198-17:07:52,1010607) /usr/bin/containerd
(root,15540,3776,00:35:12/198-17:07:47,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,205656,148464,03:04:02/198-17:07:45,1010932) /lib/systemd/systemd-journald
(root,2003420,47048,02:56:03/198-17:07:42,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2168,00:01:17/198-17:07:40,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4432,00:51:09/198-17:04:40,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,5152,00:00:00/7-20:58:23,1142353) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,6868,00:00:00/7-20:58:23,1142358) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1597832,6724,00:00:00/7-20:58:23,1142373) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,4700,00:00:00/7-20:58:23,1142378) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,3684,00:00:00/7-20:58:23,1142392) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,2736,00:00:00/7-20:58:23,1142397) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,1788,00:00:00/7-20:58:23,1142412) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1671564,4764,00:00:00/7-20:58:23,1142417) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,12880,00:04:30/7-20:58:23,1142440) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,4216,00:00:00/7-20:58:23,1142462) nginx: master process nginx -g daemon off;
(systemd-timesync,52048,6940,00:00:05/7-20:58:22,1142513) nginx: worker process
(systemd-timesync,50340,1828,00:00:04/7-20:58:22,1142514) nginx: cache manager process
(root,0,0,00:00:00/367-01:51:44,2399694) [tls-strp]
(root,0,0,00:00:01/01:59:11,2710774) [kworker/0:3-cgroup_destroy]
(root,0,0,00:00:01/01:24:26,2715526) [kworker/0:2-deferredclose]
(root,0,0,00:00:00/01:00:26,2718419) [kworker/0:0-cgroup_destroy]
(root,0,0,00:00:01/47:46,2719945) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/22:26,2722988) [kworker/0:4-events]
(root,0,0,00:00:00/19:08,2723403) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/15:26,2724091) [kworker/0:1-deferredclose]
(root,0,0,00:00:00/13:26,2724468) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/08:08,2725343) [kworker/u480:0-writeback]
(root,0,0,00:00:00/02:53,2725945) [kworker/0:5]
(root,7064,3352,00:00:00/00:00,2726333) /bin/bash /usr/bin/check_mk_agent
(root,7064,3360,00:00:00/00:00,2726375) /bin/bash /usr/bin/check_mk_agent
(root,8088,4000,00:00:00/00:00,2726407) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1024,00:00:00/00:00,2726408) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,1236472,8996,02:22:31/128-16:30:44,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,128684,15:05:15/128-16:30:43,2912964) minio server --console-address :9001 /data

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
37: vethd0e66b0@if36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 0e:0f:5b:57:10:bb brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-11-10 00:58

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9cad0420f

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9112,20:45:42/408-04:32:45,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:09/408-04:32:45,2) [kthreadd]
(root,0,0,00:00:00/408-04:32:45,3) [rcu_gp]
(root,0,0,00:00:00/408-04:32:45,4) [rcu_par_gp]
(root,0,0,00:00:00/408-04:32:45,5) [slub_flushwq]
(root,0,0,00:00:00/408-04:32:45,6) [netns]
(root,0,0,00:00:00/408-04:32:45,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/408-04:32:45,10) [mm_percpu_wq]
(root,0,0,00:00:00/408-04:32:45,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/408-04:32:45,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/408-04:32:45,13) [rcu_tasks_trace_kthread]
(root,0,0,02:13:05/408-04:32:45,14) [ksoftirqd/0]
(root,0,0,02:09:49/408-04:32:45,15) [rcu_preempt]
(root,0,0,00:03:38/408-04:32:45,16) [migration/0]
(root,0,0,00:00:00/408-04:32:45,18) [cpuhp/0]
(root,0,0,00:00:00/408-04:32:45,20) [kdevtmpfs]
(root,0,0,00:00:00/408-04:32:45,21) [inet_frag_wq]
(root,0,0,00:00:00/408-04:32:45,22) [kauditd]
(root,0,0,00:00:14/408-04:32:45,24) [khungtaskd]
(root,0,0,00:00:00/408-04:32:45,26) [oom_reaper]
(root,0,0,00:00:00/408-04:32:45,27) [writeback]
(root,0,0,01:02:21/408-04:32:45,29) [kcompactd0]
(root,0,0,00:00:00/408-04:32:45,30) [ksmd]
(root,0,0,00:09:17/408-04:32:45,31) [khugepaged]
(root,0,0,00:00:00/408-04:32:45,32) [kintegrityd]
(root,0,0,00:00:00/408-04:32:45,33) [kblockd]
(root,0,0,00:00:00/408-04:32:45,34) [blkcg_punt_bio]
(root,0,0,00:00:00/408-04:32:45,35) [tpm_dev_wq]
(root,0,0,00:00:00/408-04:32:45,36) [edac-poller]
(root,0,0,00:00:00/408-04:32:45,37) [devfreq_wq]
(root,0,0,00:23:53/408-04:32:45,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:38/408-04:32:45,39) [kswapd0]
(root,0,0,00:00:00/408-04:32:45,45) [kthrotld]
(root,0,0,00:00:00/408-04:32:45,47) [acpi_thermal_pm]
(root,0,0,00:00:00/408-04:32:45,48) [mld]
(root,0,0,00:00:00/408-04:32:45,49) [ipv6_addrconf]
(root,0,0,00:00:00/408-04:32:45,54) [kstrp]
(root,0,0,00:00:00/408-04:32:45,59) [zswap-shrink]
(root,0,0,00:00:00/408-04:32:45,60) [kworker/u481:0]
(root,0,0,00:00:00/408-04:32:44,120) [hv_vmbus_con]
(root,0,0,00:00:00/408-04:32:44,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/408-04:32:44,122) [hv_pri_chan]
(root,0,0,00:00:00/408-04:32:44,123) [hv_sub_chan]
(root,0,0,00:00:00/408-04:32:44,127) [scsi_eh_0]
(root,0,0,00:00:00/408-04:32:44,128) [scsi_tmf_0]
(root,0,0,00:16:45/408-04:32:43,167) [jbd2/sda2-8]
(root,0,0,00:00:00/408-04:32:43,168) [ext4-rsv-conver]
(root,0,0,00:19:05/408-04:32:41,276) [hv_balloon]
(root,0,0,00:00:00/408-04:32:40,330) [cryptd]
(messagebus,8260,2876,10:22:01/408-04:32:40,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,05:22:13/408-04:32:40,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/408-04:32:39,519) [cifsiod]
(root,0,0,00:00:00/408-04:32:39,520) [smb3decryptd]
(root,0,0,00:00:00/408-04:32:39,521) [cifsfileinfoput]
(root,0,0,00:00:00/408-04:32:39,522) [cifsoplockd]
(root,0,0,00:00:00/408-04:32:39,523) [deferredclose]
(root,0,0,02:48:40/408-04:32:39,527) [cifsd]
(root,6608,1904,00:01:05/408-04:32:39,543) /usr/sbin/cron -f
(root,9268,1176,00:04:51/408-04:32:39,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/408-04:11:03,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3360,00:00:28/196-17:18:53,1010560) /lib/systemd/systemd-udevd
(root,1798892,20524,02:36:36/196-17:18:52,1010607) /usr/bin/containerd
(root,15540,3772,00:34:47/196-17:18:48,1010859) sshd: /usr/sbin/sshd -D [listener] 1 of 10-100 startups
(root,148228,103516,03:02:05/196-17:18:46,1010932) /lib/systemd/systemd-journald
(root,2003420,47076,02:53:39/196-17:18:43,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2172,00:01:17/196-17:18:40,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4476,00:50:36/196-17:15:41,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,5160,00:00:00/5-21:09:24,1142353) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,7220,00:00:00/5-21:09:24,1142358) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1597832,7228,00:00:00/5-21:09:24,1142373) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,5224,00:00:00/5-21:09:24,1142378) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,4020,00:00:00/5-21:09:24,1142392) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,2736,00:00:00/5-21:09:24,1142397) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,1788,00:00:00/5-21:09:24,1142412) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1671564,4764,00:00:00/5-21:09:24,1142417) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,11204,00:03:21/5-21:09:23,1142440) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,4216,00:00:00/5-21:09:23,1142462) nginx: master process nginx -g daemon off;
(systemd-timesync,52048,7032,00:00:04/5-21:09:23,1142513) nginx: worker process
(systemd-timesync,50340,1828,00:00:03/5-21:09:23,1142514) nginx: cache manager process
(root,0,0,00:00:02/02:11:54,2321079) [kworker/0:4-events]
(root,0,0,00:00:01/56:41,2331522) [kworker/0:2-events_power_efficient]
(root,0,0,00:00:00/24:54,2335706) [kworker/0:3-deferredclose]
(root,0,0,00:00:00/19:41,2336425) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/14:54,2337033) [kworker/0:1-rcu_gp]
(root,0,0,00:00:00/14:31,2337124) [kworker/u480:4-events_unbound]
(root,0,0,00:00:00/09:25,2337801) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/02:41,2338717) [kworker/0:0-deferredclose]
(root,0,0,00:00:00/02:41,2338718) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/01:54,2338807) [kworker/0:5]
(root,15540,9300,00:00:00/01:41,2338880) sshd: [accepted]
(root,7064,3264,00:00:00/00:00,2339186) /bin/bash /usr/bin/check_mk_agent
(root,8088,3888,00:00:00/00:00,2339204) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1040,00:00:00/00:00,2339205) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/365-02:02:45,2399694) [tls-strp]
(root,1236472,9300,02:20:14/126-16:41:44,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,129056,14:50:45/126-16:41:44,2912964) minio server --console-address :9001 /data

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
37: vethd0e66b0@if36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 0e:0f:5b:57:10:bb brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-11-08 01:09

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df99f6a1f6c

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9112,20:38:58/406-04:01:26,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:09/406-04:01:26,2) [kthreadd]
(root,0,0,00:00:00/406-04:01:26,3) [rcu_gp]
(root,0,0,00:00:00/406-04:01:26,4) [rcu_par_gp]
(root,0,0,00:00:00/406-04:01:26,5) [slub_flushwq]
(root,0,0,00:00:00/406-04:01:26,6) [netns]
(root,0,0,00:00:00/406-04:01:26,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/406-04:01:26,10) [mm_percpu_wq]
(root,0,0,00:00:00/406-04:01:26,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/406-04:01:26,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/406-04:01:26,13) [rcu_tasks_trace_kthread]
(root,0,0,02:12:22/406-04:01:26,14) [ksoftirqd/0]
(root,0,0,02:09:00/406-04:01:26,15) [rcu_preempt]
(root,0,0,00:03:37/406-04:01:26,16) [migration/0]
(root,0,0,00:00:00/406-04:01:26,18) [cpuhp/0]
(root,0,0,00:00:00/406-04:01:26,20) [kdevtmpfs]
(root,0,0,00:00:00/406-04:01:26,21) [inet_frag_wq]
(root,0,0,00:00:00/406-04:01:26,22) [kauditd]
(root,0,0,00:00:14/406-04:01:26,24) [khungtaskd]
(root,0,0,00:00:00/406-04:01:26,26) [oom_reaper]
(root,0,0,00:00:00/406-04:01:26,27) [writeback]
(root,0,0,01:01:51/406-04:01:26,29) [kcompactd0]
(root,0,0,00:00:00/406-04:01:26,30) [ksmd]
(root,0,0,00:09:09/406-04:01:26,31) [khugepaged]
(root,0,0,00:00:00/406-04:01:26,32) [kintegrityd]
(root,0,0,00:00:00/406-04:01:26,33) [kblockd]
(root,0,0,00:00:00/406-04:01:26,34) [blkcg_punt_bio]
(root,0,0,00:00:00/406-04:01:26,35) [tpm_dev_wq]
(root,0,0,00:00:00/406-04:01:26,36) [edac-poller]
(root,0,0,00:00:00/406-04:01:26,37) [devfreq_wq]
(root,0,0,00:23:46/406-04:01:26,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:38/406-04:01:26,39) [kswapd0]
(root,0,0,00:00:00/406-04:01:25,45) [kthrotld]
(root,0,0,00:00:00/406-04:01:25,47) [acpi_thermal_pm]
(root,0,0,00:00:00/406-04:01:25,48) [mld]
(root,0,0,00:00:00/406-04:01:25,49) [ipv6_addrconf]
(root,0,0,00:00:00/406-04:01:25,54) [kstrp]
(root,0,0,00:00:00/406-04:01:25,59) [zswap-shrink]
(root,0,0,00:00:00/406-04:01:25,60) [kworker/u481:0]
(root,0,0,00:00:00/406-04:01:24,120) [hv_vmbus_con]
(root,0,0,00:00:00/406-04:01:24,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/406-04:01:24,122) [hv_pri_chan]
(root,0,0,00:00:00/406-04:01:24,123) [hv_sub_chan]
(root,0,0,00:00:00/406-04:01:24,127) [scsi_eh_0]
(root,0,0,00:00:00/406-04:01:24,128) [scsi_tmf_0]
(root,0,0,00:16:40/406-04:01:24,167) [jbd2/sda2-8]
(root,0,0,00:00:00/406-04:01:24,168) [ext4-rsv-conver]
(root,0,0,00:18:59/406-04:01:21,276) [hv_balloon]
(root,0,0,00:00:00/406-04:01:20,330) [cryptd]
(messagebus,8260,2876,10:18:45/406-04:01:20,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,05:20:34/406-04:01:20,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/406-04:01:20,519) [cifsiod]
(root,0,0,00:00:00/406-04:01:20,520) [smb3decryptd]
(root,0,0,00:00:00/406-04:01:20,521) [cifsfileinfoput]
(root,0,0,00:00:00/406-04:01:20,522) [cifsoplockd]
(root,0,0,00:00:00/406-04:01:20,523) [deferredclose]
(root,0,0,02:47:24/406-04:01:19,527) [cifsd]
(root,6608,1904,00:01:05/406-04:01:19,543) /usr/sbin/cron -f
(root,9268,1176,00:04:51/406-04:01:19,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/406-03:39:43,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3372,00:00:27/194-16:47:34,1010560) /lib/systemd/systemd-udevd
(root,1798892,20524,02:34:40/194-16:47:32,1010607) /usr/bin/containerd
(root,15540,3776,00:34:15/194-16:47:28,1010859) sshd: /usr/sbin/sshd -D [listener] 1 of 10-100 startups
(root,172792,126420,02:59:49/194-16:47:26,1010932) /lib/systemd/systemd-journald
(root,2003420,47184,02:51:12/194-16:47:23,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2172,00:01:16/194-16:47:20,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4476,00:49:59/194-16:44:21,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,5160,00:00:00/3-20:38:04,1142353) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,7228,00:00:00/3-20:38:04,1142358) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1597832,7228,00:00:00/3-20:38:04,1142373) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,5240,00:00:00/3-20:38:04,1142378) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,4212,00:00:00/3-20:38:04,1142392) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,3484,00:00:00/3-20:38:04,1142397) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,1788,00:00:00/3-20:38:04,1142412) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1671564,4788,00:00:00/3-20:38:04,1142417) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,11044,00:02:11/3-20:38:04,1142440) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,4216,00:00:00/3-20:38:04,1142462) nginx: master process nginx -g daemon off;
(systemd-timesync,52044,6948,00:00:02/3-20:38:03,1142513) nginx: worker process
(systemd-timesync,50340,1828,00:00:02/3-20:38:03,1142514) nginx: cache manager process
(root,0,0,00:00:02/02:51:21,1903303) [kworker/0:2-events]
(root,0,0,00:00:02/02:33:05,1905842) [kworker/0:0-cgroup_destroy]
(root,0,0,00:00:00/43:21,1921935) [kworker/0:3-events]
(root,0,0,00:00:00/29:14,1923954) [kworker/0:5-rcu_gp]
(root,0,0,00:00:00/17:49,1925709) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/13:14,1926427) [kworker/u480:3-writeback]
(root,0,0,00:00:00/05:48,1927981) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/03:05,1928405) [kworker/0:1-deferredclose]
(root,0,0,00:00:00/00:36,1928743) [kworker/0:4-cifsiod]
(root,0,0,00:00:00/00:36,1928744) [kworker/0:6]
(root,0,0,00:00:00/00:21,1928816) [kworker/u480:2-events_unbound]
(root,17252,10416,00:00:00/00:14,1928838) sshd: unknown [priv]
(sshd,15540,5048,00:00:00/00:11,1928839) sshd: unknown [net]
(root,17660,11048,00:00:00/00:06,1928841) sshd: root@pts/0
(root,18952,10780,00:00:00/00:05,1928845) /lib/systemd/systemd --user
(root,169660,2640,00:00:00/00:05,1928846) (sd-pam)
(root,3200,1868,00:00:00/00:05,1928866) /bin/nc -w 5 miljogiraff-gw 6556
(root,17660,11120,00:00:00/00:05,1928867) sshd: root@pts/1
(root,3200,1948,00:00:00/00:04,1928873) /bin/nc -w 5 miljogiraff-simapro 6556
(root,7064,3376,00:00:00/00:00,1928983) /bin/bash /usr/bin/check_mk_agent
(root,8088,3884,00:00:00/441077234-00:18:40,1929001) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1036,00:00:00/441077234-00:18:40,1929002) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/363-01:31:25,2399694) [tls-strp]
(root,1236472,9100,02:17:55/124-16:10:24,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,129104,14:36:05/124-16:10:24,2912964) minio server --console-address :9001 /data

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
37: vethd0e66b0@if36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 0e:0f:5b:57:10:bb brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-11-06 00:37

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9c55f7343

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9108,19:59:12/395-02:33:25,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:09/395-02:33:25,2) [kthreadd]
(root,0,0,00:00:00/395-02:33:25,3) [rcu_gp]
(root,0,0,00:00:00/395-02:33:25,4) [rcu_par_gp]
(root,0,0,00:00:00/395-02:33:25,5) [slub_flushwq]
(root,0,0,00:00:00/395-02:33:25,6) [netns]
(root,0,0,00:00:00/395-02:33:25,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/395-02:33:25,10) [mm_percpu_wq]
(root,0,0,00:00:00/395-02:33:25,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/395-02:33:25,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/395-02:33:25,13) [rcu_tasks_trace_kthread]
(root,0,0,02:08:20/395-02:33:25,14) [ksoftirqd/0]
(root,0,0,02:04:42/395-02:33:25,15) [rcu_preempt]
(root,0,0,00:03:31/395-02:33:25,16) [migration/0]
(root,0,0,00:00:00/395-02:33:25,18) [cpuhp/0]
(root,0,0,00:00:00/395-02:33:25,20) [kdevtmpfs]
(root,0,0,00:00:00/395-02:33:25,21) [inet_frag_wq]
(root,0,0,00:00:00/395-02:33:25,22) [kauditd]
(root,0,0,00:00:13/395-02:33:25,24) [khungtaskd]
(root,0,0,00:00:00/395-02:33:25,26) [oom_reaper]
(root,0,0,00:00:00/395-02:33:25,27) [writeback]
(root,0,0,00:59:21/395-02:33:25,29) [kcompactd0]
(root,0,0,00:00:00/395-02:33:25,30) [ksmd]
(root,0,0,00:08:30/395-02:33:25,31) [khugepaged]
(root,0,0,00:00:00/395-02:33:25,32) [kintegrityd]
(root,0,0,00:00:00/395-02:33:25,33) [kblockd]
(root,0,0,00:00:00/395-02:33:25,34) [blkcg_punt_bio]
(root,0,0,00:00:00/395-02:33:25,35) [tpm_dev_wq]
(root,0,0,00:00:00/395-02:33:25,36) [edac-poller]
(root,0,0,00:00:00/395-02:33:25,37) [devfreq_wq]
(root,0,0,00:23:04/395-02:33:25,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:36/395-02:33:25,39) [kswapd0]
(root,0,0,00:00:00/395-02:33:24,45) [kthrotld]
(root,0,0,00:00:00/395-02:33:24,47) [acpi_thermal_pm]
(root,0,0,00:00:00/395-02:33:24,48) [mld]
(root,0,0,00:00:00/395-02:33:24,49) [ipv6_addrconf]
(root,0,0,00:00:00/395-02:33:24,54) [kstrp]
(root,0,0,00:00:00/395-02:33:24,59) [zswap-shrink]
(root,0,0,00:00:00/395-02:33:24,60) [kworker/u481:0]
(root,0,0,00:00:00/395-02:33:23,120) [hv_vmbus_con]
(root,0,0,00:00:00/395-02:33:23,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/395-02:33:23,122) [hv_pri_chan]
(root,0,0,00:00:00/395-02:33:23,123) [hv_sub_chan]
(root,0,0,00:00:00/395-02:33:23,127) [scsi_eh_0]
(root,0,0,00:00:00/395-02:33:23,128) [scsi_tmf_0]
(root,0,0,00:16:14/395-02:33:23,167) [jbd2/sda2-8]
(root,0,0,00:00:00/395-02:33:23,168) [ext4-rsv-conver]
(root,0,0,00:18:28/395-02:33:21,276) [hv_balloon]
(root,0,0,00:00:00/395-02:33:20,330) [cryptd]
(messagebus,8260,2876,09:59:31/395-02:33:19,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,05:10:52/395-02:33:19,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/395-02:33:19,519) [cifsiod]
(root,0,0,00:00:00/395-02:33:19,520) [smb3decryptd]
(root,0,0,00:00:00/395-02:33:19,521) [cifsfileinfoput]
(root,0,0,00:00:00/395-02:33:19,522) [cifsoplockd]
(root,0,0,00:00:00/395-02:33:19,523) [deferredclose]
(root,0,0,02:40:28/395-02:33:19,527) [cifsd]
(root,6608,1904,00:01:03/395-02:33:18,543) /usr/sbin/cron -f
(root,9268,1176,00:04:49/395-02:33:18,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/395-02:11:42,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3276,00:00:26/183-15:19:33,1010560) /lib/systemd/systemd-udevd
(root,1798892,16888,02:23:59/183-15:19:32,1010607) /usr/bin/containerd
(root,15540,3772,00:32:10/183-15:19:27,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,225896,165976,02:47:41/183-15:19:25,1010932) /lib/systemd/systemd-journald
(root,2003420,34324,02:37:52/183-15:19:22,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2196,00:01:11/183-15:19:19,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4512,00:46:32/183-15:16:20,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,3084,00:00:04/53-04:36:30,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,5128,00:00:04/53-04:36:30,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,2528,00:00:03/53-04:36:30,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,3036,00:00:03/53-04:36:30,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,2188,00:00:03/53-04:36:30,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,1076,00:00:05/53-04:36:30,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,2056,00:00:04/53-04:36:30,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,2096,00:00:04/53-04:36:30,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,5132,00:31:54/53-04:36:30,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,3392,00:00:00/53-04:36:30,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52056,5256,00:00:48/53-04:36:29,1860880) nginx: worker process
(systemd-timesync,50340,892,00:00:30/53-04:36:29,1860881) nginx: cache manager process
(root,0,0,00:00:00/352-00:03:24,2399694) [tls-strp]
(root,1236472,9756,02:05:18/113-14:42:23,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,127640,13:15:47/113-14:42:23,2912964) minio server --console-address :9001 /data
(root,0,0,00:00:02/01:48:43,3869860) [kworker/0:2-events]
(root,0,0,00:00:00/28:48,3881128) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/25:43,3881549) [kworker/0:1-deferredclose]
(root,0,0,00:00:00/18:26,3882565) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/17:04,3882734) [kworker/0:3-events]
(root,0,0,00:00:00/13:06,3883291) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/07:04,3884145) [kworker/0:4-cgroup_destroy]
(root,0,0,00:00:00/03:48,3884600) [kworker/u480:3-writeback]
(root,0,0,00:00:00/01:43,3884862) [kworker/0:0-cgroup_destroy]
(root,0,0,00:00:00/01:43,3884863) [kworker/0:5]
(root,17660,11152,00:00:00/00:04,3885119) sshd: root@pts/0
(root,18952,10700,00:00:00/00:04,3885122) /lib/systemd/systemd --user
(root,169660,2636,00:00:00/00:04,3885123) (sd-pam)
(root,3200,1920,00:00:00/00:04,3885142) /bin/nc -w 5 miljogiraff-gw 6556
(root,7064,3444,00:00:00/00:00,3885236) /bin/bash /usr/bin/check_mk_agent
(root,8088,4004,00:00:00/00:00,3885254) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1092,00:00:00/00:00,3885255) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-10-25 23:09

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9f5061867

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9112,19:51:55/393-03:08:48,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:08/393-03:08:48,2) [kthreadd]
(root,0,0,00:00:00/393-03:08:48,3) [rcu_gp]
(root,0,0,00:00:00/393-03:08:48,4) [rcu_par_gp]
(root,0,0,00:00:00/393-03:08:48,5) [slub_flushwq]
(root,0,0,00:00:00/393-03:08:48,6) [netns]
(root,0,0,00:00:00/393-03:08:48,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/393-03:08:48,10) [mm_percpu_wq]
(root,0,0,00:00:00/393-03:08:48,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/393-03:08:48,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/393-03:08:48,13) [rcu_tasks_trace_kthread]
(root,0,0,02:07:36/393-03:08:48,14) [ksoftirqd/0]
(root,0,0,02:03:55/393-03:08:48,15) [rcu_preempt]
(root,0,0,00:03:30/393-03:08:48,16) [migration/0]
(root,0,0,00:00:00/393-03:08:48,18) [cpuhp/0]
(root,0,0,00:00:00/393-03:08:48,20) [kdevtmpfs]
(root,0,0,00:00:00/393-03:08:48,21) [inet_frag_wq]
(root,0,0,00:00:00/393-03:08:48,22) [kauditd]
(root,0,0,00:00:13/393-03:08:48,24) [khungtaskd]
(root,0,0,00:00:00/393-03:08:48,26) [oom_reaper]
(root,0,0,00:00:00/393-03:08:48,27) [writeback]
(root,0,0,00:58:55/393-03:08:48,29) [kcompactd0]
(root,0,0,00:00:00/393-03:08:48,30) [ksmd]
(root,0,0,00:08:23/393-03:08:48,31) [khugepaged]
(root,0,0,00:00:00/393-03:08:48,32) [kintegrityd]
(root,0,0,00:00:00/393-03:08:48,33) [kblockd]
(root,0,0,00:00:00/393-03:08:48,34) [blkcg_punt_bio]
(root,0,0,00:00:00/393-03:08:48,35) [tpm_dev_wq]
(root,0,0,00:00:00/393-03:08:48,36) [edac-poller]
(root,0,0,00:00:00/393-03:08:48,37) [devfreq_wq]
(root,0,0,00:22:56/393-03:08:48,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:36/393-03:08:48,39) [kswapd0]
(root,0,0,00:00:00/393-03:08:48,45) [kthrotld]
(root,0,0,00:00:00/393-03:08:48,47) [acpi_thermal_pm]
(root,0,0,00:00:00/393-03:08:48,48) [mld]
(root,0,0,00:00:00/393-03:08:48,49) [ipv6_addrconf]
(root,0,0,00:00:00/393-03:08:48,54) [kstrp]
(root,0,0,00:00:00/393-03:08:47,59) [zswap-shrink]
(root,0,0,00:00:00/393-03:08:47,60) [kworker/u481:0]
(root,0,0,00:00:00/393-03:08:47,120) [hv_vmbus_con]
(root,0,0,00:00:00/393-03:08:47,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/393-03:08:47,122) [hv_pri_chan]
(root,0,0,00:00:00/393-03:08:47,123) [hv_sub_chan]
(root,0,0,00:00:00/393-03:08:47,127) [scsi_eh_0]
(root,0,0,00:00:00/393-03:08:47,128) [scsi_tmf_0]
(root,0,0,00:16:09/393-03:08:46,167) [jbd2/sda2-8]
(root,0,0,00:00:00/393-03:08:46,168) [ext4-rsv-conver]
(root,0,0,00:18:23/393-03:08:44,276) [hv_balloon]
(root,0,0,00:00:00/393-03:08:43,330) [cryptd]
(messagebus,8260,2876,09:56:01/393-03:08:43,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,05:09:06/393-03:08:42,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/393-03:08:42,519) [cifsiod]
(root,0,0,00:00:00/393-03:08:42,520) [smb3decryptd]
(root,0,0,00:00:00/393-03:08:42,521) [cifsfileinfoput]
(root,0,0,00:00:00/393-03:08:42,522) [cifsoplockd]
(root,0,0,00:00:00/393-03:08:42,523) [deferredclose]
(root,0,0,02:39:14/393-03:08:42,527) [cifsd]
(root,6608,1904,00:01:03/393-03:08:42,543) /usr/sbin/cron -f
(root,9268,1176,00:04:49/393-03:08:42,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/393-02:47:05,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3300,00:00:25/181-15:54:56,1010560) /lib/systemd/systemd-udevd
(root,1798892,16960,02:22:03/181-15:54:55,1010607) /usr/bin/containerd
(root,15540,3772,00:31:47/181-15:54:51,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,148228,105924,02:45:28/181-15:54:49,1010932) /lib/systemd/systemd-journald
(root,2003420,34516,02:35:29/181-15:54:46,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2196,00:01:11/181-15:54:43,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4516,00:45:54/181-15:51:44,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,3084,00:00:04/51-05:11:54,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,5128,00:00:04/51-05:11:54,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,2540,00:00:03/51-05:11:54,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,3036,00:00:03/51-05:11:54,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,2188,00:00:03/51-05:11:54,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,1076,00:00:04/51-05:11:54,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,2056,00:00:04/51-05:11:54,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,2096,00:00:04/51-05:11:53,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,5036,00:30:42/51-05:11:53,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,3496,00:00:00/51-05:11:53,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52056,5448,00:00:44/51-05:11:52,1860880) nginx: worker process
(systemd-timesync,50340,892,00:00:29/51-05:11:52,1860881) nginx: cache manager process
(root,0,0,00:00:00/350-00:38:48,2399694) [tls-strp]
(root,1236472,10116,02:03:04/111-15:17:47,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,128496,13:01:23/111-15:17:47,2912964) minio server --console-address :9001 /data
(root,0,0,00:00:00/41:27,3473662) [kworker/0:0-deferredclose]
(root,0,0,00:00:00/38:09,3474113) [kworker/0:2+events]
(root,0,0,00:00:00/31:57,3474950) [kworker/0:3-cgroup_destroy]
(root,0,0,00:00:00/30:29,3475161) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/25:29,3475857) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/08:28,3478272) [kworker/0:1-deferredclose]
(root,0,0,00:00:00/08:11,3478295) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/02:56,3479060) [kworker/0:4-events]
(root,0,0,00:00:00/02:56,3479061) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/01:09,3479320) [kworker/0:5]
(root,7064,3260,00:00:00/00:00,3479500) /bin/bash /usr/bin/check_mk_agent
(root,7064,3408,00:00:00/00:00,3479540) /bin/bash /usr/bin/check_mk_agent
(root,8088,3876,00:00:00/00:00,3479572) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1064,00:00:00/00:00,3479573) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-10-23 23:45

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9b5ac6f8d

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9112,19:44:31/391-02:55:22,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:08/391-02:55:22,2) [kthreadd]
(root,0,0,00:00:00/391-02:55:22,3) [rcu_gp]
(root,0,0,00:00:00/391-02:55:22,4) [rcu_par_gp]
(root,0,0,00:00:00/391-02:55:22,5) [slub_flushwq]
(root,0,0,00:00:00/391-02:55:22,6) [netns]
(root,0,0,00:00:00/391-02:55:22,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/391-02:55:22,10) [mm_percpu_wq]
(root,0,0,00:00:00/391-02:55:22,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/391-02:55:22,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/391-02:55:22,13) [rcu_tasks_trace_kthread]
(root,0,0,02:06:51/391-02:55:22,14) [ksoftirqd/0]
(root,0,0,02:03:06/391-02:55:22,15) [rcu_preempt]
(root,0,0,00:03:29/391-02:55:22,16) [migration/0]
(root,0,0,00:00:00/391-02:55:22,18) [cpuhp/0]
(root,0,0,00:00:00/391-02:55:22,20) [kdevtmpfs]
(root,0,0,00:00:00/391-02:55:22,21) [inet_frag_wq]
(root,0,0,00:00:00/391-02:55:22,22) [kauditd]
(root,0,0,00:00:13/391-02:55:22,24) [khungtaskd]
(root,0,0,00:00:00/391-02:55:22,26) [oom_reaper]
(root,0,0,00:00:00/391-02:55:22,27) [writeback]
(root,0,0,00:58:29/391-02:55:22,29) [kcompactd0]
(root,0,0,00:00:00/391-02:55:22,30) [ksmd]
(root,0,0,00:08:17/391-02:55:22,31) [khugepaged]
(root,0,0,00:00:00/391-02:55:22,32) [kintegrityd]
(root,0,0,00:00:00/391-02:55:22,33) [kblockd]
(root,0,0,00:00:00/391-02:55:22,34) [blkcg_punt_bio]
(root,0,0,00:00:00/391-02:55:22,35) [tpm_dev_wq]
(root,0,0,00:00:00/391-02:55:22,36) [edac-poller]
(root,0,0,00:00:00/391-02:55:22,37) [devfreq_wq]
(root,0,0,00:22:49/391-02:55:22,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:35/391-02:55:22,39) [kswapd0]
(root,0,0,00:00:00/391-02:55:21,45) [kthrotld]
(root,0,0,00:00:00/391-02:55:21,47) [acpi_thermal_pm]
(root,0,0,00:00:00/391-02:55:21,48) [mld]
(root,0,0,00:00:00/391-02:55:21,49) [ipv6_addrconf]
(root,0,0,00:00:00/391-02:55:21,54) [kstrp]
(root,0,0,00:00:00/391-02:55:21,59) [zswap-shrink]
(root,0,0,00:00:00/391-02:55:21,60) [kworker/u481:0]
(root,0,0,00:00:00/391-02:55:20,120) [hv_vmbus_con]
(root,0,0,00:00:00/391-02:55:20,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/391-02:55:20,122) [hv_pri_chan]
(root,0,0,00:00:00/391-02:55:20,123) [hv_sub_chan]
(root,0,0,00:00:00/391-02:55:20,127) [scsi_eh_0]
(root,0,0,00:00:00/391-02:55:20,128) [scsi_tmf_0]
(root,0,0,00:16:04/391-02:55:20,167) [jbd2/sda2-8]
(root,0,0,00:00:00/391-02:55:20,168) [ext4-rsv-conver]
(root,0,0,00:18:17/391-02:55:18,276) [hv_balloon]
(root,0,0,00:00:00/391-02:55:17,330) [cryptd]
(messagebus,8260,2884,09:52:26/391-02:55:16,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,05:07:18/391-02:55:16,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/391-02:55:16,519) [cifsiod]
(root,0,0,00:00:00/391-02:55:16,520) [smb3decryptd]
(root,0,0,00:00:00/391-02:55:16,521) [cifsfileinfoput]
(root,0,0,00:00:00/391-02:55:16,522) [cifsoplockd]
(root,0,0,00:00:00/391-02:55:16,523) [deferredclose]
(root,0,0,02:37:59/391-02:55:16,527) [cifsd]
(root,6608,1904,00:01:03/391-02:55:15,543) /usr/sbin/cron -f
(root,9268,1176,00:04:49/391-02:55:15,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/391-02:33:39,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3340,00:00:25/179-15:41:30,1010560) /lib/systemd/systemd-udevd
(root,1798892,17024,02:20:06/179-15:41:29,1010607) /usr/bin/containerd
(root,15540,3776,00:31:23/179-15:41:24,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,107268,71152,02:43:13/179-15:41:22,1010932) /lib/systemd/systemd-journald
(root,2003420,34948,02:33:03/179-15:41:19,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2204,00:01:10/179-15:41:16,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4516,00:45:16/179-15:38:17,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,3084,00:00:03/49-04:58:27,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,5128,00:00:03/49-04:58:27,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,2576,00:00:03/49-04:58:27,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,3036,00:00:03/49-04:58:27,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,2188,00:00:02/49-04:58:27,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,1076,00:00:04/49-04:58:27,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,2056,00:00:03/49-04:58:27,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,2096,00:00:04/49-04:58:27,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,5088,00:29:30/49-04:58:27,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,3664,00:00:00/49-04:58:27,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52056,5556,00:00:43/49-04:58:26,1860880) nginx: worker process
(systemd-timesync,50340,904,00:00:27/49-04:58:26,1860881) nginx: cache manager process
(root,0,0,00:00:00/348-00:25:21,2399694) [tls-strp]
(root,1236472,7520,02:00:47/109-15:04:20,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,129172,12:46:46/109-15:04:20,2912964) minio server --console-address :9001 /data
(root,0,0,00:00:00/39:30,3061582) [kworker/0:0-deferredclose]
(root,0,0,00:00:00/34:01,3062379) [kworker/0:3-events]
(root,0,0,00:00:00/29:19,3063073) [kworker/u480:4-events_unbound]
(root,0,0,00:00:00/13:42,3065232) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/13:30,3065238) [kworker/0:4-events]
(root,0,0,00:00:00/08:30,3065922) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/08:01,3066022) [kworker/0:2-rcu_gp]
(root,0,0,00:00:00/03:23,3066706) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/02:44,3066774) [kworker/0:1-events]
(root,0,0,00:00:00/02:44,3066775) [kworker/0:5]
(root,17660,11108,00:00:00/00:01,3067158) sshd: root@pts/0
(root,18952,10664,00:00:00/00:01,3067161) /lib/systemd/systemd --user
(root,169660,2640,00:00:00/00:01,3067162) (sd-pam)
(root,3200,1876,00:00:00/00:01,3067181) /bin/nc -w 5 miljogiraff-gw 6556
(root,7064,3408,00:00:00/00:00,3067275) /bin/bash /usr/bin/check_mk_agent
(root,8088,3876,00:00:00/00:00,3067293) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1036,00:00:00/00:00,3067294) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-10-21 23:31

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df94e3444aa

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9112,19:37:07/389-02:47:50,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:08/389-02:47:50,2) [kthreadd]
(root,0,0,00:00:00/389-02:47:50,3) [rcu_gp]
(root,0,0,00:00:00/389-02:47:50,4) [rcu_par_gp]
(root,0,0,00:00:00/389-02:47:50,5) [slub_flushwq]
(root,0,0,00:00:00/389-02:47:50,6) [netns]
(root,0,0,00:00:00/389-02:47:50,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/389-02:47:50,10) [mm_percpu_wq]
(root,0,0,00:00:00/389-02:47:50,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/389-02:47:50,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/389-02:47:50,13) [rcu_tasks_trace_kthread]
(root,0,0,02:06:07/389-02:47:50,14) [ksoftirqd/0]
(root,0,0,02:02:19/389-02:47:50,15) [rcu_preempt]
(root,0,0,00:03:28/389-02:47:50,16) [migration/0]
(root,0,0,00:00:00/389-02:47:50,18) [cpuhp/0]
(root,0,0,00:00:00/389-02:47:50,20) [kdevtmpfs]
(root,0,0,00:00:00/389-02:47:50,21) [inet_frag_wq]
(root,0,0,00:00:00/389-02:47:50,22) [kauditd]
(root,0,0,00:00:13/389-02:47:50,24) [khungtaskd]
(root,0,0,00:00:00/389-02:47:50,26) [oom_reaper]
(root,0,0,00:00:00/389-02:47:50,27) [writeback]
(root,0,0,00:58:03/389-02:47:50,29) [kcompactd0]
(root,0,0,00:00:00/389-02:47:50,30) [ksmd]
(root,0,0,00:08:12/389-02:47:50,31) [khugepaged]
(root,0,0,00:00:00/389-02:47:50,32) [kintegrityd]
(root,0,0,00:00:00/389-02:47:50,33) [kblockd]
(root,0,0,00:00:00/389-02:47:50,34) [blkcg_punt_bio]
(root,0,0,00:00:00/389-02:47:50,35) [tpm_dev_wq]
(root,0,0,00:00:00/389-02:47:50,36) [edac-poller]
(root,0,0,00:00:00/389-02:47:50,37) [devfreq_wq]
(root,0,0,00:22:41/389-02:47:50,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:35/389-02:47:50,39) [kswapd0]
(root,0,0,00:00:00/389-02:47:49,45) [kthrotld]
(root,0,0,00:00:00/389-02:47:49,47) [acpi_thermal_pm]
(root,0,0,00:00:00/389-02:47:49,48) [mld]
(root,0,0,00:00:00/389-02:47:49,49) [ipv6_addrconf]
(root,0,0,00:00:00/389-02:47:49,54) [kstrp]
(root,0,0,00:00:00/389-02:47:49,59) [zswap-shrink]
(root,0,0,00:00:00/389-02:47:49,60) [kworker/u481:0]
(root,0,0,00:00:00/389-02:47:48,120) [hv_vmbus_con]
(root,0,0,00:00:00/389-02:47:48,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/389-02:47:48,122) [hv_pri_chan]
(root,0,0,00:00:00/389-02:47:48,123) [hv_sub_chan]
(root,0,0,00:00:00/389-02:47:48,127) [scsi_eh_0]
(root,0,0,00:00:00/389-02:47:48,128) [scsi_tmf_0]
(root,0,0,00:16:00/389-02:47:48,167) [jbd2/sda2-8]
(root,0,0,00:00:00/389-02:47:48,168) [ext4-rsv-conver]
(root,0,0,00:18:12/389-02:47:46,276) [hv_balloon]
(root,0,0,00:00:00/389-02:47:45,330) [cryptd]
(messagebus,8260,2884,09:48:51/389-02:47:44,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,05:05:30/389-02:47:44,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/389-02:47:44,519) [cifsiod]
(root,0,0,00:00:00/389-02:47:44,520) [smb3decryptd]
(root,0,0,00:00:00/389-02:47:44,521) [cifsfileinfoput]
(root,0,0,00:00:00/389-02:47:44,522) [cifsoplockd]
(root,0,0,00:00:00/389-02:47:44,523) [deferredclose]
(root,0,0,02:36:43/389-02:47:44,527) [cifsd]
(root,6608,1904,00:01:02/389-02:47:44,543) /usr/sbin/cron -f
(root,9268,1176,00:04:48/389-02:47:43,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/389-02:26:07,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3368,00:00:25/177-15:33:58,1010560) /lib/systemd/systemd-udevd
(root,1798892,17080,02:18:10/177-15:33:57,1010607) /usr/bin/containerd
(root,15540,3776,00:31:03/177-15:33:52,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,152268,108068,02:41:01/177-15:33:50,1010932) /lib/systemd/systemd-journald
(root,2003420,34960,02:30:38/177-15:33:47,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2208,00:01:09/177-15:33:44,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4520,00:44:38/177-15:30:45,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,3084,00:00:03/47-04:50:55,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,5128,00:00:03/47-04:50:55,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,3632,00:00:03/47-04:50:55,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,3036,00:00:03/47-04:50:55,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,2188,00:00:02/47-04:50:55,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,1076,00:00:04/47-04:50:55,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,2056,00:00:03/47-04:50:55,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,2096,00:00:03/47-04:50:55,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,5204,00:28:17/47-04:50:55,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,3792,00:00:00/47-04:50:55,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52056,5844,00:00:39/47-04:50:54,1860880) nginx: worker process
(systemd-timesync,50340,916,00:00:26/47-04:50:54,1860881) nginx: cache manager process
(root,0,0,00:00:00/346-00:17:49,2399694) [tls-strp]
(root,0,0,00:00:03/03:09:30,2633999) [kworker/0:1-events]
(root,0,0,00:00:00/41:01,2654883) [kworker/0:0-cgroup_destroy]
(root,0,0,00:00:00/35:02,2655723) [kworker/0:4-cgroup_destroy]
(root,0,0,00:00:01/27:42,2656782) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/13:29,2658747) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/11:29,2659022) [kworker/0:2-deferredclose]
(root,0,0,00:00:00/09:29,2659300) [kworker/0:5-events]
(root,0,0,00:00:00/08:13,2659476) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/03:13,2660152) [kworker/0:3]
(root,0,0,00:00:00/03:01,2660174) [kworker/u480:0-events_unbound]
(root,17660,11044,00:00:00/00:02,2660588) sshd: root@pts/0
(root,18980,10732,00:00:00/00:01,2660591) /lib/systemd/systemd --user
(root,169660,2640,00:00:00/00:01,2660592) (sd-pam)
(root,3200,1900,00:00:00/00:01,2660611) /bin/nc -w 5 miljogiraff-ad 6556
(root,7064,3444,00:00:00/00:00,2660705) /bin/bash /usr/bin/check_mk_agent
(root,8088,3932,00:00:00/00:00,2660723) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1024,00:00:00/00:00,2660724) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,1236472,8192,01:58:31/107-14:56:48,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,129668,12:32:08/107-14:56:48,2912964) minio server --console-address :9001 /data

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-10-19 23:24

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df90d8990fb

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9112,19:29:41/387-03:07:05,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:08/387-03:07:05,2) [kthreadd]
(root,0,0,00:00:00/387-03:07:05,3) [rcu_gp]
(root,0,0,00:00:00/387-03:07:05,4) [rcu_par_gp]
(root,0,0,00:00:00/387-03:07:05,5) [slub_flushwq]
(root,0,0,00:00:00/387-03:07:05,6) [netns]
(root,0,0,00:00:00/387-03:07:05,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/387-03:07:05,10) [mm_percpu_wq]
(root,0,0,00:00:00/387-03:07:05,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/387-03:07:05,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/387-03:07:05,13) [rcu_tasks_trace_kthread]
(root,0,0,02:05:24/387-03:07:05,14) [ksoftirqd/0]
(root,0,0,02:01:31/387-03:07:05,15) [rcu_preempt]
(root,0,0,00:03:27/387-03:07:05,16) [migration/0]
(root,0,0,00:00:00/387-03:07:05,18) [cpuhp/0]
(root,0,0,00:00:00/387-03:07:05,20) [kdevtmpfs]
(root,0,0,00:00:00/387-03:07:05,21) [inet_frag_wq]
(root,0,0,00:00:00/387-03:07:05,22) [kauditd]
(root,0,0,00:00:13/387-03:07:05,24) [khungtaskd]
(root,0,0,00:00:00/387-03:07:05,26) [oom_reaper]
(root,0,0,00:00:00/387-03:07:05,27) [writeback]
(root,0,0,00:57:38/387-03:07:05,29) [kcompactd0]
(root,0,0,00:00:00/387-03:07:05,30) [ksmd]
(root,0,0,00:08:04/387-03:07:05,31) [khugepaged]
(root,0,0,00:00:00/387-03:07:05,32) [kintegrityd]
(root,0,0,00:00:00/387-03:07:05,33) [kblockd]
(root,0,0,00:00:00/387-03:07:05,34) [blkcg_punt_bio]
(root,0,0,00:00:00/387-03:07:05,35) [tpm_dev_wq]
(root,0,0,00:00:00/387-03:07:05,36) [edac-poller]
(root,0,0,00:00:00/387-03:07:05,37) [devfreq_wq]
(root,0,0,00:22:34/387-03:07:05,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:35/387-03:07:05,39) [kswapd0]
(root,0,0,00:00:00/387-03:07:04,45) [kthrotld]
(root,0,0,00:00:00/387-03:07:04,47) [acpi_thermal_pm]
(root,0,0,00:00:00/387-03:07:04,48) [mld]
(root,0,0,00:00:00/387-03:07:04,49) [ipv6_addrconf]
(root,0,0,00:00:00/387-03:07:04,54) [kstrp]
(root,0,0,00:00:00/387-03:07:04,59) [zswap-shrink]
(root,0,0,00:00:00/387-03:07:04,60) [kworker/u481:0]
(root,0,0,00:00:00/387-03:07:03,120) [hv_vmbus_con]
(root,0,0,00:00:00/387-03:07:03,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/387-03:07:03,122) [hv_pri_chan]
(root,0,0,00:00:00/387-03:07:03,123) [hv_sub_chan]
(root,0,0,00:00:00/387-03:07:03,127) [scsi_eh_0]
(root,0,0,00:00:00/387-03:07:03,128) [scsi_tmf_0]
(root,0,0,00:15:55/387-03:07:03,167) [jbd2/sda2-8]
(root,0,0,00:00:00/387-03:07:03,168) [ext4-rsv-conver]
(root,0,0,00:18:07/387-03:07:01,276) [hv_balloon]
(root,0,0,00:00:00/387-03:07:00,330) [cryptd]
(messagebus,8260,2884,09:45:16/387-03:06:59,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,05:03:42/387-03:06:59,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/387-03:06:59,519) [cifsiod]
(root,0,0,00:00:00/387-03:06:59,520) [smb3decryptd]
(root,0,0,00:00:00/387-03:06:59,521) [cifsfileinfoput]
(root,0,0,00:00:00/387-03:06:59,522) [cifsoplockd]
(root,0,0,00:00:00/387-03:06:59,523) [deferredclose]
(root,0,0,02:35:28/387-03:06:59,527) [cifsd]
(root,6608,1904,00:01:02/387-03:06:59,543) /usr/sbin/cron -f
(root,9268,1176,00:04:48/387-03:06:59,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/387-02:45:22,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3380,00:00:25/175-15:53:13,1010560) /lib/systemd/systemd-udevd
(root,1798892,17176,02:16:14/175-15:53:12,1010607) /usr/bin/containerd
(root,15540,3776,00:30:42/175-15:53:07,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,189184,142748,02:38:47/175-15:53:05,1010932) /lib/systemd/systemd-journald
(root,2003420,35252,02:28:15/175-15:53:02,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2212,00:01:08/175-15:53:00,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4524,00:44:00/175-15:50:00,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,3084,00:00:03/45-05:10:10,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,5128,00:00:03/45-05:10:10,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,3632,00:00:03/45-05:10:10,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,3036,00:00:03/45-05:10:10,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,2188,00:00:02/45-05:10:10,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,1076,00:00:04/45-05:10:10,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,2056,00:00:03/45-05:10:10,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,2096,00:00:03/45-05:10:10,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,5868,00:27:04/45-05:10:10,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,3976,00:00:00/45-05:10:10,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52184,6132,00:00:37/45-05:10:09,1860880) nginx: worker process
(systemd-timesync,50340,920,00:00:25/45-05:10:09,1860881) nginx: cache manager process
(root,0,0,00:00:01/01:55:17,2238788) [kworker/0:2-cgroup_destroy]
(root,0,0,00:00:01/01:41:16,2240735) [kworker/0:1-deferredclose]
(root,0,0,00:00:00/01:01:16,2246285) [kworker/0:0+events]
(root,0,0,00:00:01/48:28,2248059) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/43:17,2248750) [kworker/u480:3+events_unbound]
(root,0,0,00:00:00/21:16,2251953) [kworker/0:4-events]
(root,0,0,00:00:00/09:45,2253613) [kworker/0:3-events]
(root,0,0,00:00:00/07:11,2253979) [kworker/u480:0+events_unbound]
(root,0,0,00:00:00/01:58,2254760) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/01:30,2254806) [kworker/0:5]
(root,18952,10604,00:00:00/00:17,2254978) /lib/systemd/systemd --user
(root,169660,2640,00:00:00/00:17,2254979) (sd-pam)
(root,7064,3404,00:00:00/00:00,2255075) /bin/bash /usr/bin/check_mk_agent
(root,7064,3388,00:00:00/00:00,2255114) /bin/bash /usr/bin/check_mk_agent
(root,8088,3888,00:00:00/00:00,2255146) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1036,00:00:00/00:00,2255147) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/344-00:37:04,2399694) [tls-strp]
(root,1236472,8336,01:56:15/105-15:16:04,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,131164,12:17:38/105-15:16:03,2912964) minio server --console-address :9001 /data

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-10-17 23:43

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df971071db6

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9112,19:22:56/385-04:33:04,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:08/385-04:33:04,2) [kthreadd]
(root,0,0,00:00:00/385-04:33:04,3) [rcu_gp]
(root,0,0,00:00:00/385-04:33:04,4) [rcu_par_gp]
(root,0,0,00:00:00/385-04:33:04,5) [slub_flushwq]
(root,0,0,00:00:00/385-04:33:04,6) [netns]
(root,0,0,00:00:00/385-04:33:04,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/385-04:33:04,10) [mm_percpu_wq]
(root,0,0,00:00:00/385-04:33:04,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/385-04:33:04,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/385-04:33:04,13) [rcu_tasks_trace_kthread]
(root,0,0,02:04:43/385-04:33:04,14) [ksoftirqd/0]
(root,0,0,02:00:46/385-04:33:04,15) [rcu_preempt]
(root,0,0,00:03:26/385-04:33:04,16) [migration/0]
(root,0,0,00:00:00/385-04:33:04,18) [cpuhp/0]
(root,0,0,00:00:00/385-04:33:04,20) [kdevtmpfs]
(root,0,0,00:00:00/385-04:33:04,21) [inet_frag_wq]
(root,0,0,00:00:00/385-04:33:04,22) [kauditd]
(root,0,0,00:00:13/385-04:33:04,24) [khungtaskd]
(root,0,0,00:00:00/385-04:33:04,26) [oom_reaper]
(root,0,0,00:00:00/385-04:33:04,27) [writeback]
(root,0,0,00:57:13/385-04:33:04,29) [kcompactd0]
(root,0,0,00:00:00/385-04:33:04,30) [ksmd]
(root,0,0,00:07:59/385-04:33:04,31) [khugepaged]
(root,0,0,00:00:00/385-04:33:04,32) [kintegrityd]
(root,0,0,00:00:00/385-04:33:04,33) [kblockd]
(root,0,0,00:00:00/385-04:33:04,34) [blkcg_punt_bio]
(root,0,0,00:00:00/385-04:33:04,35) [tpm_dev_wq]
(root,0,0,00:00:00/385-04:33:04,36) [edac-poller]
(root,0,0,00:00:00/385-04:33:04,37) [devfreq_wq]
(root,0,0,00:22:26/385-04:33:04,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:34/385-04:33:04,39) [kswapd0]
(root,0,0,00:00:00/385-04:33:04,45) [kthrotld]
(root,0,0,00:00:00/385-04:33:04,47) [acpi_thermal_pm]
(root,0,0,00:00:00/385-04:33:04,48) [mld]
(root,0,0,00:00:00/385-04:33:04,49) [ipv6_addrconf]
(root,0,0,00:00:00/385-04:33:04,54) [kstrp]
(root,0,0,00:00:00/385-04:33:03,59) [zswap-shrink]
(root,0,0,00:00:00/385-04:33:03,60) [kworker/u481:0]
(root,0,0,00:00:00/385-04:33:03,120) [hv_vmbus_con]
(root,0,0,00:00:00/385-04:33:03,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/385-04:33:03,122) [hv_pri_chan]
(root,0,0,00:00:00/385-04:33:03,123) [hv_sub_chan]
(root,0,0,00:00:00/385-04:33:03,127) [scsi_eh_0]
(root,0,0,00:00:00/385-04:33:03,128) [scsi_tmf_0]
(root,0,0,00:15:51/385-04:33:02,167) [jbd2/sda2-8]
(root,0,0,00:00:00/385-04:33:02,168) [ext4-rsv-conver]
(root,0,0,00:18:02/385-04:33:00,276) [hv_balloon]
(root,0,0,00:00:00/385-04:32:59,330) [cryptd]
(messagebus,8260,2884,09:41:59/385-04:32:59,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,05:02:02/385-04:32:59,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/385-04:32:58,519) [cifsiod]
(root,0,0,00:00:00/385-04:32:58,520) [smb3decryptd]
(root,0,0,00:00:00/385-04:32:58,521) [cifsfileinfoput]
(root,0,0,00:00:00/385-04:32:58,522) [cifsoplockd]
(root,0,0,00:00:00/385-04:32:58,523) [deferredclose]
(root,0,0,02:34:15/385-04:32:58,527) [cifsd]
(root,6608,1904,00:01:02/385-04:32:58,543) /usr/sbin/cron -f
(root,9268,1176,00:04:48/385-04:32:58,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/385-04:11:21,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3380,00:00:24/173-17:19:12,1010560) /lib/systemd/systemd-udevd
(root,1798892,17180,02:14:21/173-17:19:11,1010607) /usr/bin/containerd
(root,15540,3776,00:30:20/173-17:19:07,1010859) sshd: /usr/sbin/sshd -D [listener] 1 of 10-100 startups
(root,168700,120556,02:36:44/173-17:19:05,1010932) /lib/systemd/systemd-journald
(root,2003420,35496,02:25:55/173-17:19:02,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2212,00:01:07/173-17:18:59,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4524,00:43:26/173-17:16:00,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,0,0,00:00:02/03:07:44,1842685) [kworker/0:1-events]
(root,0,0,00:00:01/02:07:31,1851005) [kworker/0:3-events]
(root,0,0,00:00:01/01:41:16,1854598) [kworker/0:0-cgroup_destroy]
(root,0,0,00:00:01/01:27:16,1856563) [kworker/0:4-deferredclose]
(root,0,0,00:00:01/01:17:44,1857886) [kworker/0:2-cgroup_destroy]
(root,1671564,3084,00:00:03/43-06:36:10,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,5128,00:00:03/43-06:36:10,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,3632,00:00:02/43-06:36:10,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,3036,00:00:03/43-06:36:10,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,2188,00:00:02/43-06:36:10,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,1076,00:00:04/43-06:36:10,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,2056,00:00:03/43-06:36:10,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,2096,00:00:03/43-06:36:10,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,6464,00:25:54/43-06:36:09,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,4060,00:00:00/43-06:36:09,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52184,6180,00:00:36/43-06:36:08,1860880) nginx: worker process
(systemd-timesync,50340,968,00:00:24/43-06:36:08,1860881) nginx: cache manager process
(root,0,0,00:00:01/24:06,1865336) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/10:16,1867185) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/05:06,1867938) [kworker/u480:0-events_unbound]
(root,15540,9308,00:00:00/01:00,1868498) sshd: [accepted]
(root,0,0,00:00:00/00:00,1868691) [kworker/u480:2-events_unbound]
(root,7064,3512,00:00:00/00:00,1868738) /bin/bash /usr/bin/check_mk_agent
(root,8088,3984,00:00:00/00:00,1868756) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1052,00:00:00/00:00,1868757) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/342-02:03:04,2399694) [tls-strp]
(root,1236472,7604,01:54:03/103-16:42:03,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,131596,12:03:29/103-16:42:03,2912964) minio server --console-address :9001 /data

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-10-16 01:09

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9ed2a5636

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9116,19:15:07/383-03:10:22,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:08/383-03:10:22,2) [kthreadd]
(root,0,0,00:00:00/383-03:10:22,3) [rcu_gp]
(root,0,0,00:00:00/383-03:10:22,4) [rcu_par_gp]
(root,0,0,00:00:00/383-03:10:22,5) [slub_flushwq]
(root,0,0,00:00:00/383-03:10:22,6) [netns]
(root,0,0,00:00:00/383-03:10:22,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/383-03:10:22,10) [mm_percpu_wq]
(root,0,0,00:00:00/383-03:10:22,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/383-03:10:22,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/383-03:10:22,13) [rcu_tasks_trace_kthread]
(root,0,0,02:03:53/383-03:10:22,14) [ksoftirqd/0]
(root,0,0,01:59:57/383-03:10:22,15) [rcu_preempt]
(root,0,0,00:03:25/383-03:10:22,16) [migration/0]
(root,0,0,00:00:00/383-03:10:22,18) [cpuhp/0]
(root,0,0,00:00:00/383-03:10:22,20) [kdevtmpfs]
(root,0,0,00:00:00/383-03:10:22,21) [inet_frag_wq]
(root,0,0,00:00:00/383-03:10:22,22) [kauditd]
(root,0,0,00:00:13/383-03:10:22,24) [khungtaskd]
(root,0,0,00:00:00/383-03:10:22,26) [oom_reaper]
(root,0,0,00:00:00/383-03:10:22,27) [writeback]
(root,0,0,00:56:46/383-03:10:22,29) [kcompactd0]
(root,0,0,00:00:00/383-03:10:22,30) [ksmd]
(root,0,0,00:07:52/383-03:10:22,31) [khugepaged]
(root,0,0,00:00:00/383-03:10:22,32) [kintegrityd]
(root,0,0,00:00:00/383-03:10:22,33) [kblockd]
(root,0,0,00:00:00/383-03:10:22,34) [blkcg_punt_bio]
(root,0,0,00:00:00/383-03:10:22,35) [tpm_dev_wq]
(root,0,0,00:00:00/383-03:10:22,36) [edac-poller]
(root,0,0,00:00:00/383-03:10:22,37) [devfreq_wq]
(root,0,0,00:22:19/383-03:10:22,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:34/383-03:10:22,39) [kswapd0]
(root,0,0,00:00:00/383-03:10:21,45) [kthrotld]
(root,0,0,00:00:00/383-03:10:21,47) [acpi_thermal_pm]
(root,0,0,00:00:00/383-03:10:21,48) [mld]
(root,0,0,00:00:00/383-03:10:21,49) [ipv6_addrconf]
(root,0,0,00:00:00/383-03:10:21,54) [kstrp]
(root,0,0,00:00:00/383-03:10:21,59) [zswap-shrink]
(root,0,0,00:00:00/383-03:10:21,60) [kworker/u481:0]
(root,0,0,00:00:00/383-03:10:20,120) [hv_vmbus_con]
(root,0,0,00:00:00/383-03:10:20,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/383-03:10:20,122) [hv_pri_chan]
(root,0,0,00:00:00/383-03:10:20,123) [hv_sub_chan]
(root,0,0,00:00:00/383-03:10:20,127) [scsi_eh_0]
(root,0,0,00:00:00/383-03:10:20,128) [scsi_tmf_0]
(root,0,0,00:15:46/383-03:10:20,167) [jbd2/sda2-8]
(root,0,0,00:00:00/383-03:10:20,168) [ext4-rsv-conver]
(root,0,0,00:17:56/383-03:10:18,276) [hv_balloon]
(root,0,0,00:00:00/383-03:10:17,330) [cryptd]
(messagebus,8260,2884,09:38:14/383-03:10:16,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,05:00:09/383-03:10:16,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/383-03:10:16,519) [cifsiod]
(root,0,0,00:00:00/383-03:10:16,520) [smb3decryptd]
(root,0,0,00:00:00/383-03:10:16,521) [cifsfileinfoput]
(root,0,0,00:00:00/383-03:10:16,522) [cifsoplockd]
(root,0,0,00:00:00/383-03:10:16,523) [deferredclose]
(root,0,0,02:33:01/383-03:10:16,527) [cifsd]
(root,6608,1904,00:01:01/383-03:10:16,543) /usr/sbin/cron -f
(root,9268,1176,00:04:47/383-03:10:16,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/383-02:48:39,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3380,00:00:24/171-15:56:30,1010560) /lib/systemd/systemd-udevd
(root,1798892,17224,02:12:20/171-15:56:29,1010607) /usr/bin/containerd
(root,15540,3776,00:29:59/171-15:56:24,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,180972,135428,02:34:25/171-15:56:22,1010932) /lib/systemd/systemd-journald
(root,2003420,35740,02:23:25/171-15:56:19,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2216,00:01:06/171-15:56:16,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4524,00:42:46/171-15:53:17,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,0,0,00:00:01/02:03:18,1429158) [kworker/0:2-events]
(root,0,0,00:00:00/53:50,1438847) [kworker/0:0-cgroup_destroy]
(root,0,0,00:00:00/35:18,1441456) [kworker/0:3-cgroup_destroy]
(root,0,0,00:00:05/28:02,1442445) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/23:18,1443107) [kworker/0:4-deferredclose]
(root,0,0,00:00:01/17:33,1443910) [kworker/u480:1-ext4-rsv-conversion]
(root,0,0,00:00:02/12:18,1444595) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/04:18,1445687) [kworker/0:1-events]
(root,0,0,00:00:00/00:33,1446228) [kworker/u480:0-ext4-rsv-conversion]
(root,0,0,00:00:00/00:26,1446229) [kworker/0:5-events]
(root,0,0,00:00:00/00:26,1446230) [kworker/0:6]
(root,17660,11048,00:00:00/00:00,1446273) sshd: root
(root,18952,10772,00:00:00/00:00,1446312) /lib/systemd/systemd --user
(root,7064,3416,00:00:00/00:00,1446316) /bin/bash /usr/bin/check_mk_agent
(root,169660,2644,00:00:00/00:00,1446317) (sd-pam)
(root,7064,3380,00:00:00/00:00,1446373) /bin/bash /usr/bin/check_mk_agent
(root,8088,3996,00:00:00/00:00,1446399) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1020,00:00:00/00:00,1446400) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,1671564,3084,00:00:03/41-05:13:27,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,5128,00:00:03/41-05:13:27,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,3632,00:00:02/41-05:13:27,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,3036,00:00:02/41-05:13:27,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,2188,00:00:02/41-05:13:27,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,1076,00:00:03/41-05:13:27,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,2056,00:00:02/41-05:13:27,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,2096,00:00:03/41-05:13:27,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,7148,00:24:39/41-05:13:27,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,4188,00:00:00/41-05:13:27,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52052,6344,00:00:35/41-05:13:26,1860880) nginx: worker process
(systemd-timesync,50340,1076,00:00:23/41-05:13:26,1860881) nginx: cache manager process
(root,0,0,00:00:00/340-00:40:21,2399694) [tls-strp]
(root,1236472,8204,01:51:44/101-15:19:20,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,132740,11:48:36/101-15:19:20,2912964) minio server --console-address :9001 /data

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-10-13 23:46

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9b87906cf

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9108,19:07:30/381-02:30:55,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:08/381-02:30:55,2) [kthreadd]
(root,0,0,00:00:00/381-02:30:55,3) [rcu_gp]
(root,0,0,00:00:00/381-02:30:55,4) [rcu_par_gp]
(root,0,0,00:00:00/381-02:30:55,5) [slub_flushwq]
(root,0,0,00:00:00/381-02:30:55,6) [netns]
(root,0,0,00:00:00/381-02:30:55,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/381-02:30:55,10) [mm_percpu_wq]
(root,0,0,00:00:00/381-02:30:55,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/381-02:30:55,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/381-02:30:55,13) [rcu_tasks_trace_kthread]
(root,0,0,02:03:07/381-02:30:55,14) [ksoftirqd/0]
(root,0,0,01:59:11/381-02:30:55,15) [rcu_preempt]
(root,0,0,00:03:23/381-02:30:55,16) [migration/0]
(root,0,0,00:00:00/381-02:30:55,18) [cpuhp/0]
(root,0,0,00:00:00/381-02:30:55,20) [kdevtmpfs]
(root,0,0,00:00:00/381-02:30:55,21) [inet_frag_wq]
(root,0,0,00:00:00/381-02:30:55,22) [kauditd]
(root,0,0,00:00:13/381-02:30:55,24) [khungtaskd]
(root,0,0,00:00:00/381-02:30:55,26) [oom_reaper]
(root,0,0,00:00:00/381-02:30:55,27) [writeback]
(root,0,0,00:56:20/381-02:30:55,29) [kcompactd0]
(root,0,0,00:00:00/381-02:30:55,30) [ksmd]
(root,0,0,00:07:45/381-02:30:55,31) [khugepaged]
(root,0,0,00:00:00/381-02:30:55,32) [kintegrityd]
(root,0,0,00:00:00/381-02:30:55,33) [kblockd]
(root,0,0,00:00:00/381-02:30:55,34) [blkcg_punt_bio]
(root,0,0,00:00:00/381-02:30:55,35) [tpm_dev_wq]
(root,0,0,00:00:00/381-02:30:55,36) [edac-poller]
(root,0,0,00:00:00/381-02:30:55,37) [devfreq_wq]
(root,0,0,00:22:11/381-02:30:55,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:34/381-02:30:55,39) [kswapd0]
(root,0,0,00:00:00/381-02:30:54,45) [kthrotld]
(root,0,0,00:00:00/381-02:30:54,47) [acpi_thermal_pm]
(root,0,0,00:00:00/381-02:30:54,48) [mld]
(root,0,0,00:00:00/381-02:30:54,49) [ipv6_addrconf]
(root,0,0,00:00:00/381-02:30:54,54) [kstrp]
(root,0,0,00:00:00/381-02:30:54,59) [zswap-shrink]
(root,0,0,00:00:00/381-02:30:54,60) [kworker/u481:0]
(root,0,0,00:00:00/381-02:30:53,120) [hv_vmbus_con]
(root,0,0,00:00:00/381-02:30:53,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/381-02:30:53,122) [hv_pri_chan]
(root,0,0,00:00:00/381-02:30:53,123) [hv_sub_chan]
(root,0,0,00:00:00/381-02:30:53,127) [scsi_eh_0]
(root,0,0,00:00:00/381-02:30:53,128) [scsi_tmf_0]
(root,0,0,00:15:41/381-02:30:53,167) [jbd2/sda2-8]
(root,0,0,00:00:00/381-02:30:53,168) [ext4-rsv-conver]
(root,0,0,00:17:51/381-02:30:50,276) [hv_balloon]
(root,0,0,00:00:00/381-02:30:49,330) [cryptd]
(messagebus,8260,2884,09:34:32/381-02:30:49,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,04:58:18/381-02:30:49,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/381-02:30:49,519) [cifsiod]
(root,0,0,00:00:00/381-02:30:48,520) [smb3decryptd]
(root,0,0,00:00:00/381-02:30:48,521) [cifsfileinfoput]
(root,0,0,00:00:00/381-02:30:48,522) [cifsoplockd]
(root,0,0,00:00:00/381-02:30:48,523) [deferredclose]
(root,0,0,02:31:47/381-02:30:48,527) [cifsd]
(root,6608,1904,00:01:01/381-02:30:48,543) /usr/sbin/cron -f
(root,9268,1176,00:04:47/381-02:30:48,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/381-02:09:12,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3408,00:00:24/169-15:17:03,1010560) /lib/systemd/systemd-udevd
(root,1798892,17264,02:10:22/169-15:17:01,1010607) /usr/bin/containerd
(root,15540,3776,00:29:41/169-15:16:57,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,230220,170176,02:32:10/169-15:16:55,1010932) /lib/systemd/systemd-journald
(root,2003420,37004,02:20:59/169-15:16:52,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2216,00:01:06/169-15:16:49,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4524,00:42:07/169-15:13:50,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,0,0,00:00:01/01:24:50,1025419) [kworker/0:1-deferredclose]
(root,0,0,00:00:01/01:05:50,1028034) [kworker/0:0-cgroup_destroy]
(root,0,0,00:00:00/47:51,1030506) [kworker/0:3-events]
(root,0,0,00:00:00/38:04,1031900) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/35:50,1032178) [kworker/0:4-events]
(root,0,0,00:00:01/32:50,1032590) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/25:50,1033563) [kworker/0:2-events]
(root,0,0,00:00:00/08:50,1036209) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/07:24,1036479) [kworker/0:5-events]
(root,0,0,00:00:00/03:35,1037003) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/03:24,1037075) [kworker/0:6-events]
(root,7064,3304,00:00:00/00:00,1037553) /bin/bash /usr/bin/check_mk_agent
(root,7064,3416,00:00:00/00:00,1037586) /bin/bash /usr/bin/check_mk_agent
(root,8088,3956,00:00:00/00:00,1037618) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1020,00:00:00/00:00,1037619) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,1671564,3112,00:00:03/39-04:34:00,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,5156,00:00:03/39-04:34:00,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,3676,00:00:02/39-04:34:00,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,3064,00:00:02/39-04:34:00,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,2216,00:00:02/39-04:34:00,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,1104,00:00:03/39-04:34:00,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,2084,00:00:02/39-04:34:00,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,2124,00:00:03/39-04:34:00,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,7668,00:23:26/39-04:34:00,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,4228,00:00:00/39-04:34:00,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52052,6384,00:00:34/39-04:33:59,1860880) nginx: worker process
(systemd-timesync,50340,1108,00:00:22/39-04:33:59,1860881) nginx: cache manager process
(root,0,0,00:00:00/338-00:00:54,2399694) [tls-strp]
(root,1236472,7432,01:49:26/99-14:39:53,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,133776,11:33:57/99-14:39:53,2912964) minio server --console-address :9001 /data

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-10-11 23:07

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9508ac75d

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9108,19:01:54/379-02:40:50,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:08/379-02:40:50,2) [kthreadd]
(root,0,0,00:00:00/379-02:40:50,3) [rcu_gp]
(root,0,0,00:00:00/379-02:40:50,4) [rcu_par_gp]
(root,0,0,00:00:00/379-02:40:50,5) [slub_flushwq]
(root,0,0,00:00:00/379-02:40:50,6) [netns]
(root,0,0,00:00:00/379-02:40:50,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/379-02:40:50,10) [mm_percpu_wq]
(root,0,0,00:00:00/379-02:40:50,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/379-02:40:50,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/379-02:40:50,13) [rcu_tasks_trace_kthread]
(root,0,0,02:02:31/379-02:40:50,14) [ksoftirqd/0]
(root,0,0,01:58:30/379-02:40:50,15) [rcu_preempt]
(root,0,0,00:03:22/379-02:40:50,16) [migration/0]
(root,0,0,00:00:00/379-02:40:50,18) [cpuhp/0]
(root,0,0,00:00:00/379-02:40:50,20) [kdevtmpfs]
(root,0,0,00:00:00/379-02:40:50,21) [inet_frag_wq]
(root,0,0,00:00:00/379-02:40:50,22) [kauditd]
(root,0,0,00:00:13/379-02:40:50,24) [khungtaskd]
(root,0,0,00:00:00/379-02:40:50,26) [oom_reaper]
(root,0,0,00:00:00/379-02:40:50,27) [writeback]
(root,0,0,00:55:54/379-02:40:50,29) [kcompactd0]
(root,0,0,00:00:00/379-02:40:50,30) [ksmd]
(root,0,0,00:07:40/379-02:40:50,31) [khugepaged]
(root,0,0,00:00:00/379-02:40:50,32) [kintegrityd]
(root,0,0,00:00:00/379-02:40:50,33) [kblockd]
(root,0,0,00:00:00/379-02:40:50,34) [blkcg_punt_bio]
(root,0,0,00:00:00/379-02:40:50,35) [tpm_dev_wq]
(root,0,0,00:00:00/379-02:40:50,36) [edac-poller]
(root,0,0,00:00:00/379-02:40:50,37) [devfreq_wq]
(root,0,0,00:22:04/379-02:40:50,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:34/379-02:40:50,39) [kswapd0]
(root,0,0,00:00:00/379-02:40:50,45) [kthrotld]
(root,0,0,00:00:00/379-02:40:50,47) [acpi_thermal_pm]
(root,0,0,00:00:00/379-02:40:49,48) [mld]
(root,0,0,00:00:00/379-02:40:49,49) [ipv6_addrconf]
(root,0,0,00:00:00/379-02:40:49,54) [kstrp]
(root,0,0,00:00:00/379-02:40:49,59) [zswap-shrink]
(root,0,0,00:00:00/379-02:40:49,60) [kworker/u481:0]
(root,0,0,00:00:00/379-02:40:49,120) [hv_vmbus_con]
(root,0,0,00:00:00/379-02:40:49,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/379-02:40:49,122) [hv_pri_chan]
(root,0,0,00:00:00/379-02:40:49,123) [hv_sub_chan]
(root,0,0,00:00:00/379-02:40:49,127) [scsi_eh_0]
(root,0,0,00:00:00/379-02:40:49,128) [scsi_tmf_0]
(root,0,0,00:15:37/379-02:40:48,167) [jbd2/sda2-8]
(root,0,0,00:00:00/379-02:40:48,168) [ext4-rsv-conver]
(root,0,0,00:17:46/379-02:40:46,276) [hv_balloon]
(root,0,0,00:00:00/379-02:40:45,330) [cryptd]
(messagebus,8260,2884,09:31:40/379-02:40:44,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,04:56:48/379-02:40:44,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/379-02:40:44,519) [cifsiod]
(root,0,0,00:00:00/379-02:40:44,520) [smb3decryptd]
(root,0,0,00:00:00/379-02:40:44,521) [cifsfileinfoput]
(root,0,0,00:00:00/379-02:40:44,522) [cifsoplockd]
(root,0,0,00:00:00/379-02:40:44,523) [deferredclose]
(root,0,0,02:30:33/379-02:40:44,527) [cifsd]
(root,6608,1904,00:01:01/379-02:40:44,543) /usr/sbin/cron -f
(root,9268,1176,00:04:47/379-02:40:44,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/379-02:19:07,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,0,0,00:00:02/02:31:18,657798) [kworker/0:3-cgroup_destroy]
(root,0,0,00:00:02/02:20:05,659226) [kworker/0:0-cgroup_destroy]
(root,0,0,00:00:00/36:05,672527) [kworker/0:1-events]
(root,0,0,00:00:02/33:28,672822) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/30:22,673185) [kworker/0:4-deferredclose]
(root,0,0,00:00:00/24:05,673956) [kworker/0:2-events]
(root,0,0,00:00:01/23:05,674077) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/07:05,675990) [kworker/u480:0-writeback]
(root,0,0,00:00:00/05:22,676180) [kworker/0:5-events]
(root,0,0,00:00:00/03:22,676419) [kworker/0:6]
(root,0,0,00:00:00/01:05,676708) [kworker/u480:2-flush-8:0]
(root,17660,11044,00:00:00/00:05,676826) sshd: root@pts/0
(root,18952,10684,00:00:00/00:05,676829) /lib/systemd/systemd --user
(root,169660,2636,00:00:00/00:05,676830) (sd-pam)
(root,3200,1876,00:00:00/00:05,676849) /bin/nc -w 5 miljogiraff-ad 6556
(root,7064,3400,00:00:00/00:00,676851) /bin/bash /usr/bin/check_mk_agent
(root,7064,3372,00:00:00/00:00,676872) /bin/bash /usr/bin/check_mk_agent
(root,7064,3336,00:00:00/00:00,676909) /bin/bash /usr/bin/check_mk_agent
(root,8088,3892,00:00:00/00:00,676944) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1056,00:00:00/00:00,676945) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,26628,3444,00:00:23/167-15:26:58,1010560) /lib/systemd/systemd-udevd
(root,1798892,17536,02:08:25/167-15:26:57,1010607) /usr/bin/containerd
(root,15540,3776,00:29:23/167-15:26:53,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,168712,118928,02:30:27/167-15:26:51,1010932) /lib/systemd/systemd-journald
(root,2003420,37092,02:18:34/167-15:26:47,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2216,00:01:05/167-15:26:45,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4528,00:41:40/167-15:23:46,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,3116,00:00:03/37-04:43:56,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,5164,00:00:03/37-04:43:56,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,3848,00:00:02/37-04:43:56,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,3072,00:00:02/37-04:43:56,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,2224,00:00:02/37-04:43:56,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,1112,00:00:03/37-04:43:56,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,2092,00:00:02/37-04:43:55,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,2132,00:00:02/37-04:43:55,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,7832,00:22:13/37-04:43:55,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,4284,00:00:00/37-04:43:55,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52052,6460,00:00:31/37-04:43:54,1860880) nginx: worker process
(systemd-timesync,50340,1292,00:00:21/37-04:43:54,1860881) nginx: cache manager process
(root,0,0,00:00:00/336-00:10:50,2399694) [tls-strp]
(root,1236472,7932,01:47:11/97-14:49:49,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,132744,11:19:32/97-14:49:49,2912964) minio server --console-address :9001 /data

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-10-09 23:17

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df95b920222

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9112,18:54:54/377-03:15:13,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:08/377-03:15:13,2) [kthreadd]
(root,0,0,00:00:00/377-03:15:13,3) [rcu_gp]
(root,0,0,00:00:00/377-03:15:13,4) [rcu_par_gp]
(root,0,0,00:00:00/377-03:15:13,5) [slub_flushwq]
(root,0,0,00:00:00/377-03:15:13,6) [netns]
(root,0,0,00:00:00/377-03:15:13,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/377-03:15:13,10) [mm_percpu_wq]
(root,0,0,00:00:00/377-03:15:13,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/377-03:15:13,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/377-03:15:13,13) [rcu_tasks_trace_kthread]
(root,0,0,02:01:48/377-03:15:13,14) [ksoftirqd/0]
(root,0,0,01:57:44/377-03:15:13,15) [rcu_preempt]
(root,0,0,00:03:21/377-03:15:13,16) [migration/0]
(root,0,0,00:00:00/377-03:15:13,18) [cpuhp/0]
(root,0,0,00:00:00/377-03:15:13,20) [kdevtmpfs]
(root,0,0,00:00:00/377-03:15:13,21) [inet_frag_wq]
(root,0,0,00:00:00/377-03:15:13,22) [kauditd]
(root,0,0,00:00:13/377-03:15:13,24) [khungtaskd]
(root,0,0,00:00:00/377-03:15:13,26) [oom_reaper]
(root,0,0,00:00:00/377-03:15:13,27) [writeback]
(root,0,0,00:55:28/377-03:15:13,29) [kcompactd0]
(root,0,0,00:00:00/377-03:15:13,30) [ksmd]
(root,0,0,00:07:34/377-03:15:13,31) [khugepaged]
(root,0,0,00:00:00/377-03:15:13,32) [kintegrityd]
(root,0,0,00:00:00/377-03:15:13,33) [kblockd]
(root,0,0,00:00:00/377-03:15:13,34) [blkcg_punt_bio]
(root,0,0,00:00:00/377-03:15:13,35) [tpm_dev_wq]
(root,0,0,00:00:00/377-03:15:13,36) [edac-poller]
(root,0,0,00:00:00/377-03:15:13,37) [devfreq_wq]
(root,0,0,00:21:57/377-03:15:13,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:33/377-03:15:13,39) [kswapd0]
(root,0,0,00:00:00/377-03:15:13,45) [kthrotld]
(root,0,0,00:00:00/377-03:15:13,47) [acpi_thermal_pm]
(root,0,0,00:00:00/377-03:15:13,48) [mld]
(root,0,0,00:00:00/377-03:15:13,49) [ipv6_addrconf]
(root,0,0,00:00:00/377-03:15:13,54) [kstrp]
(root,0,0,00:00:00/377-03:15:12,59) [zswap-shrink]
(root,0,0,00:00:00/377-03:15:12,60) [kworker/u481:0]
(root,0,0,00:00:00/377-03:15:12,120) [hv_vmbus_con]
(root,0,0,00:00:00/377-03:15:12,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/377-03:15:12,122) [hv_pri_chan]
(root,0,0,00:00:00/377-03:15:12,123) [hv_sub_chan]
(root,0,0,00:00:00/377-03:15:12,127) [scsi_eh_0]
(root,0,0,00:00:00/377-03:15:12,128) [scsi_tmf_0]
(root,0,0,00:15:32/377-03:15:11,167) [jbd2/sda2-8]
(root,0,0,00:00:00/377-03:15:11,168) [ext4-rsv-conver]
(root,0,0,00:17:42/377-03:15:09,276) [hv_balloon]
(root,0,0,00:00:00/377-03:15:08,330) [cryptd]
(messagebus,8260,2884,09:28:17/377-03:15:08,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,04:55:06/377-03:15:08,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/377-03:15:07,519) [cifsiod]
(root,0,0,00:00:00/377-03:15:07,520) [smb3decryptd]
(root,0,0,00:00:00/377-03:15:07,521) [cifsfileinfoput]
(root,0,0,00:00:00/377-03:15:07,522) [cifsoplockd]
(root,0,0,00:00:00/377-03:15:07,523) [deferredclose]
(root,0,0,02:29:19/377-03:15:07,527) [cifsd]
(root,6608,1904,00:01:00/377-03:15:07,543) /usr/sbin/cron -f
(root,9268,1176,00:04:46/377-03:15:07,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/377-02:53:30,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,0,0,00:00:01/52:44,282200) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/38:46,283858) [kworker/0:0-cgroup_destroy]
(root,0,0,00:00:00/37:46,283977) [kworker/0:5-cgroup_destroy]
(root,0,0,00:00:00/25:52,285392) [kworker/0:1+events]
(root,0,0,00:00:00/15:06,286702) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/09:44,287296) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/08:44,287415) [kworker/0:3-cgroup_destroy]
(root,0,0,00:00:00/04:36,287978) [kworker/u480:3-events_unbound]
(root,7064,3408,00:00:00/00:00,288561) /bin/bash /usr/bin/check_mk_agent
(root,7064,3356,00:00:00/00:00,288599) /bin/bash /usr/bin/check_mk_agent
(root,8088,3984,00:00:00/00:00,288632) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1016,00:00:00/00:00,288633) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,26628,3484,00:00:23/165-16:01:21,1010560) /lib/systemd/systemd-udevd
(root,1798892,18400,02:06:29/165-16:01:20,1010607) /usr/bin/containerd
(root,15540,3772,00:29:04/165-16:01:16,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,242280,182104,02:28:22/165-16:01:14,1010932) /lib/systemd/systemd-journald
(root,2003420,37892,02:16:11/165-16:01:11,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2216,00:01:04/165-16:01:08,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4544,00:41:04/165-15:58:09,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,3116,00:00:02/35-05:18:19,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,5164,00:00:02/35-05:18:19,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,3000,00:00:01/35-05:18:19,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,3072,00:00:02/35-05:18:19,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,2224,00:00:01/35-05:18:19,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,1112,00:00:03/35-05:18:19,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,2092,00:00:02/35-05:18:19,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,2132,00:00:02/35-05:18:19,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,8124,00:21:02/35-05:18:18,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,4368,00:00:00/35-05:18:18,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52044,6444,00:00:29/35-05:18:17,1860880) nginx: worker process
(systemd-timesync,50340,1448,00:00:19/35-05:18:17,1860881) nginx: cache manager process
(root,0,0,00:00:00/334-00:45:13,2399694) [tls-strp]
(root,1236472,7892,01:44:57/95-15:24:12,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,128712,11:05:11/95-15:24:12,2912964) minio server --console-address :9001 /data

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-10-07 23:51

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df949368713

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9116,18:49:05/375-02:58:34,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:08/375-02:58:34,2) [kthreadd]
(root,0,0,00:00:00/375-02:58:34,3) [rcu_gp]
(root,0,0,00:00:00/375-02:58:34,4) [rcu_par_gp]
(root,0,0,00:00:00/375-02:58:34,5) [slub_flushwq]
(root,0,0,00:00:00/375-02:58:34,6) [netns]
(root,0,0,00:00:00/375-02:58:34,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/375-02:58:34,10) [mm_percpu_wq]
(root,0,0,00:00:00/375-02:58:34,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/375-02:58:34,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/375-02:58:34,13) [rcu_tasks_trace_kthread]
(root,0,0,02:01:12/375-02:58:34,14) [ksoftirqd/0]
(root,0,0,01:57:04/375-02:58:34,15) [rcu_preempt]
(root,0,0,00:03:20/375-02:58:34,16) [migration/0]
(root,0,0,00:00:00/375-02:58:34,18) [cpuhp/0]
(root,0,0,00:00:00/375-02:58:34,20) [kdevtmpfs]
(root,0,0,00:00:00/375-02:58:34,21) [inet_frag_wq]
(root,0,0,00:00:00/375-02:58:34,22) [kauditd]
(root,0,0,00:00:13/375-02:58:34,24) [khungtaskd]
(root,0,0,00:00:00/375-02:58:34,26) [oom_reaper]
(root,0,0,00:00:00/375-02:58:34,27) [writeback]
(root,0,0,00:55:02/375-02:58:34,29) [kcompactd0]
(root,0,0,00:00:00/375-02:58:34,30) [ksmd]
(root,0,0,00:07:29/375-02:58:34,31) [khugepaged]
(root,0,0,00:00:00/375-02:58:34,32) [kintegrityd]
(root,0,0,00:00:00/375-02:58:34,33) [kblockd]
(root,0,0,00:00:00/375-02:58:34,34) [blkcg_punt_bio]
(root,0,0,00:00:00/375-02:58:34,35) [tpm_dev_wq]
(root,0,0,00:00:00/375-02:58:34,36) [edac-poller]
(root,0,0,00:00:00/375-02:58:34,37) [devfreq_wq]
(root,0,0,00:21:51/375-02:58:34,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:33/375-02:58:34,39) [kswapd0]
(root,0,0,00:00:00/375-02:58:33,45) [kthrotld]
(root,0,0,00:00:00/375-02:58:33,47) [acpi_thermal_pm]
(root,0,0,00:00:00/375-02:58:33,48) [mld]
(root,0,0,00:00:00/375-02:58:33,49) [ipv6_addrconf]
(root,0,0,00:00:00/375-02:58:33,54) [kstrp]
(root,0,0,00:00:00/375-02:58:33,59) [zswap-shrink]
(root,0,0,00:00:00/375-02:58:33,60) [kworker/u481:0]
(root,0,0,00:00:00/375-02:58:33,120) [hv_vmbus_con]
(root,0,0,00:00:00/375-02:58:33,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/375-02:58:33,122) [hv_pri_chan]
(root,0,0,00:00:00/375-02:58:33,123) [hv_sub_chan]
(root,0,0,00:00:00/375-02:58:32,127) [scsi_eh_0]
(root,0,0,00:00:00/375-02:58:32,128) [scsi_tmf_0]
(root,0,0,00:15:28/375-02:58:32,167) [jbd2/sda2-8]
(root,0,0,00:00:00/375-02:58:32,168) [ext4-rsv-conver]
(root,0,0,00:17:37/375-02:58:30,276) [hv_balloon]
(root,0,0,00:00:00/375-02:58:29,330) [cryptd]
(messagebus,8260,2888,09:25:23/375-02:58:28,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,04:53:35/375-02:58:28,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/375-02:58:28,519) [cifsiod]
(root,0,0,00:00:00/375-02:58:28,520) [smb3decryptd]
(root,0,0,00:00:00/375-02:58:28,521) [cifsfileinfoput]
(root,0,0,00:00:00/375-02:58:28,522) [cifsoplockd]
(root,0,0,00:00:00/375-02:58:28,523) [deferredclose]
(root,0,0,02:28:04/375-02:58:28,527) [cifsd]
(root,6608,1904,00:01:00/375-02:58:28,543) /usr/sbin/cron -f
(root,9268,1180,00:04:46/375-02:58:28,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/375-02:36:51,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3496,00:00:23/163-15:44:42,1010560) /lib/systemd/systemd-udevd
(root,1798892,18876,02:04:32/163-15:44:41,1010607) /usr/bin/containerd
(root,15540,3776,00:28:46/163-15:44:36,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,189188,141312,02:26:37/163-15:44:34,1010932) /lib/systemd/systemd-journald
(root,2003420,38536,02:13:46/163-15:44:31,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2232,00:01:03/163-15:44:29,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4552,00:40:36/163-15:41:29,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,3116,00:00:02/33-05:01:40,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,5164,00:00:02/33-05:01:40,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,3000,00:00:01/33-05:01:39,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,3072,00:00:02/33-05:01:39,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,2224,00:00:01/33-05:01:39,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,1112,00:00:03/33-05:01:39,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,2092,00:00:02/33-05:01:39,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,2132,00:00:02/33-05:01:39,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,8164,00:19:49/33-05:01:39,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,4652,00:00:00/33-05:01:39,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52052,6568,00:00:27/33-05:01:38,1860880) nginx: worker process
(systemd-timesync,50340,1612,00:00:18/33-05:01:38,1860881) nginx: cache manager process
(root,0,0,00:00:00/332-00:28:34,2399694) [tls-strp]
(root,1236472,8300,01:42:40/93-15:07:33,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,126916,10:50:35/93-15:07:32,2912964) minio server --console-address :9001 /data
(root,0,0,00:00:00/57:08,4108516) [kworker/0:4-events]
(root,0,0,00:00:00/51:51,4109467) [kworker/0:1-deferredclose]
(root,0,0,00:00:00/40:20,4111311) [kworker/0:3-events]
(root,0,0,00:00:02/31:45,4112529) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/30:08,4112732) [kworker/0:5-rcu_gp]
(root,0,0,00:00:00/20:08,4114078) [kworker/0:0-cgroup_destroy]
(root,0,0,00:00:00/15:04,4114781) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/09:51,4115516) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/08:08,4115723) [kworker/0:2-events]
(root,0,0,00:00:00/04:27,4116245) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/03:08,4116407) [kworker/0:6]
(root,7064,3372,00:00:00/00:00,4116931) /bin/bash /usr/bin/check_mk_agent
(root,8088,3988,00:00:00/00:00,4116949) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1040,00:00:00/00:00,4116950) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-10-05 23:34

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9c557b912

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9112,18:42:13/373-03:05:08,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:08/373-03:05:08,2) [kthreadd]
(root,0,0,00:00:00/373-03:05:08,3) [rcu_gp]
(root,0,0,00:00:00/373-03:05:08,4) [rcu_par_gp]
(root,0,0,00:00:00/373-03:05:08,5) [slub_flushwq]
(root,0,0,00:00:00/373-03:05:08,6) [netns]
(root,0,0,00:00:00/373-03:05:08,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/373-03:05:08,10) [mm_percpu_wq]
(root,0,0,00:00:00/373-03:05:08,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/373-03:05:08,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/373-03:05:08,13) [rcu_tasks_trace_kthread]
(root,0,0,02:00:30/373-03:05:08,14) [ksoftirqd/0]
(root,0,0,01:56:19/373-03:05:08,15) [rcu_preempt]
(root,0,0,00:03:19/373-03:05:08,16) [migration/0]
(root,0,0,00:00:00/373-03:05:08,18) [cpuhp/0]
(root,0,0,00:00:00/373-03:05:08,20) [kdevtmpfs]
(root,0,0,00:00:00/373-03:05:08,21) [inet_frag_wq]
(root,0,0,00:00:00/373-03:05:08,22) [kauditd]
(root,0,0,00:00:12/373-03:05:08,24) [khungtaskd]
(root,0,0,00:00:00/373-03:05:08,26) [oom_reaper]
(root,0,0,00:00:00/373-03:05:08,27) [writeback]
(root,0,0,00:54:35/373-03:05:08,29) [kcompactd0]
(root,0,0,00:00:00/373-03:05:08,30) [ksmd]
(root,0,0,00:07:22/373-03:05:08,31) [khugepaged]
(root,0,0,00:00:00/373-03:05:08,32) [kintegrityd]
(root,0,0,00:00:00/373-03:05:08,33) [kblockd]
(root,0,0,00:00:00/373-03:05:08,34) [blkcg_punt_bio]
(root,0,0,00:00:00/373-03:05:08,35) [tpm_dev_wq]
(root,0,0,00:00:00/373-03:05:08,36) [edac-poller]
(root,0,0,00:00:00/373-03:05:08,37) [devfreq_wq]
(root,0,0,00:21:44/373-03:05:07,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:33/373-03:05:07,39) [kswapd0]
(root,0,0,00:00:00/373-03:05:07,45) [kthrotld]
(root,0,0,00:00:00/373-03:05:07,47) [acpi_thermal_pm]
(root,0,0,00:00:00/373-03:05:07,48) [mld]
(root,0,0,00:00:00/373-03:05:07,49) [ipv6_addrconf]
(root,0,0,00:00:00/373-03:05:07,54) [kstrp]
(root,0,0,00:00:00/373-03:05:07,59) [zswap-shrink]
(root,0,0,00:00:00/373-03:05:07,60) [kworker/u481:0]
(root,0,0,00:00:00/373-03:05:06,120) [hv_vmbus_con]
(root,0,0,00:00:00/373-03:05:06,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/373-03:05:06,122) [hv_pri_chan]
(root,0,0,00:00:00/373-03:05:06,123) [hv_sub_chan]
(root,0,0,00:00:00/373-03:05:06,127) [scsi_eh_0]
(root,0,0,00:00:00/373-03:05:06,128) [scsi_tmf_0]
(root,0,0,00:15:24/373-03:05:05,167) [jbd2/sda2-8]
(root,0,0,00:00:00/373-03:05:05,168) [ext4-rsv-conver]
(root,0,0,00:17:32/373-03:05:03,276) [hv_balloon]
(root,0,0,00:00:00/373-03:05:02,330) [cryptd]
(messagebus,8260,2888,09:22:01/373-03:05:02,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,04:51:53/373-03:05:02,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/373-03:05:01,519) [cifsiod]
(root,0,0,00:00:00/373-03:05:01,520) [smb3decryptd]
(root,0,0,00:00:00/373-03:05:01,521) [cifsfileinfoput]
(root,0,0,00:00:00/373-03:05:01,522) [cifsoplockd]
(root,0,0,00:00:00/373-03:05:01,523) [deferredclose]
(root,0,0,02:26:49/373-03:05:01,527) [cifsd]
(root,6608,1904,00:01:00/373-03:05:01,543) /usr/sbin/cron -f
(root,9268,1180,00:04:46/373-03:05:01,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/373-02:43:25,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3520,00:00:22/161-15:51:16,1010560) /lib/systemd/systemd-udevd
(root,1798892,18948,02:02:35/161-15:51:14,1010607) /usr/bin/containerd
(root,15540,3776,00:28:28/161-15:51:10,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,226040,173612,02:24:37/161-15:51:08,1010932) /lib/systemd/systemd-journald
(root,2003420,39900,02:11:21/161-15:51:05,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2232,00:01:02/161-15:51:02,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4568,00:40:01/161-15:48:03,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,3116,00:00:02/31-05:08:13,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,5164,00:00:02/31-05:08:13,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,3000,00:00:01/31-05:08:13,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,3072,00:00:02/31-05:08:13,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,2224,00:00:01/31-05:08:13,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,1112,00:00:02/31-05:08:13,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,2092,00:00:02/31-05:08:13,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,2132,00:00:02/31-05:08:13,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,8612,00:18:41/31-05:08:13,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,4764,00:00:00/31-05:08:13,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52052,6672,00:00:26/31-05:08:12,1860880) nginx: worker process
(systemd-timesync,50340,1656,00:00:17/31-05:08:12,1860881) nginx: cache manager process
(root,0,0,00:00:00/330-00:35:07,2399694) [tls-strp]
(root,1236472,7732,01:40:24/91-15:14:06,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,129024,10:36:01/91-15:14:06,2912964) minio server --console-address :9001 /data
(root,0,0,00:00:03/03:40:24,3697289) [kworker/0:2-deferredclose]
(root,0,0,00:00:02/02:17:24,3708697) [kworker/0:4-cgroup_destroy]
(root,0,0,00:00:00/38:30,3722361) [kworker/0:1-deferredclose]
(root,0,0,00:00:01/28:23,3723791) [kworker/u480:4-events_unbound]
(root,0,0,00:00:00/26:24,3724047) [kworker/0:0-events]
(root,0,0,00:00:00/18:24,3725178) [kworker/0:3-cgroup_destroy]
(root,0,0,00:00:00/17:24,3725316) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/12:06,3726045) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/04:43,3727034) [kworker/0:5]
(root,0,0,00:00:00/04:01,3727149) [kworker/u480:2-events_unbound]
(root,17660,11076,00:00:00/00:01,3727699) sshd: root@pts/0
(root,18952,10672,00:00:00/00:01,3727702) /lib/systemd/systemd --user
(root,169660,2644,00:00:00/00:01,3727703) (sd-pam)
(root,3200,1884,00:00:00/00:01,3727722) /bin/nc -w 5 miljogiraff-ad 6556
(root,7064,3416,00:00:00/00:00,3727745) /bin/bash /usr/bin/check_mk_agent
(root,7064,3412,00:00:00/00:00,3727787) /bin/bash /usr/bin/check_mk_agent
(root,8088,3976,00:00:00/00:00,3727822) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1048,00:00:00/00:00,3727823) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-10-03 23:41

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9270d1fc6

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9104,18:35:33/371-03:10:14,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:08/371-03:10:14,2) [kthreadd]
(root,0,0,00:00:00/371-03:10:14,3) [rcu_gp]
(root,0,0,00:00:00/371-03:10:14,4) [rcu_par_gp]
(root,0,0,00:00:00/371-03:10:14,5) [slub_flushwq]
(root,0,0,00:00:00/371-03:10:14,6) [netns]
(root,0,0,00:00:00/371-03:10:14,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/371-03:10:14,10) [mm_percpu_wq]
(root,0,0,00:00:00/371-03:10:14,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/371-03:10:14,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/371-03:10:14,13) [rcu_tasks_trace_kthread]
(root,0,0,01:59:49/371-03:10:14,14) [ksoftirqd/0]
(root,0,0,01:55:34/371-03:10:14,15) [rcu_preempt]
(root,0,0,00:03:18/371-03:10:14,16) [migration/0]
(root,0,0,00:00:00/371-03:10:14,18) [cpuhp/0]
(root,0,0,00:00:00/371-03:10:14,20) [kdevtmpfs]
(root,0,0,00:00:00/371-03:10:14,21) [inet_frag_wq]
(root,0,0,00:00:00/371-03:10:14,22) [kauditd]
(root,0,0,00:00:12/371-03:10:14,24) [khungtaskd]
(root,0,0,00:00:00/371-03:10:14,26) [oom_reaper]
(root,0,0,00:00:00/371-03:10:14,27) [writeback]
(root,0,0,00:54:08/371-03:10:14,29) [kcompactd0]
(root,0,0,00:00:00/371-03:10:14,30) [ksmd]
(root,0,0,00:07:16/371-03:10:14,31) [khugepaged]
(root,0,0,00:00:00/371-03:10:14,32) [kintegrityd]
(root,0,0,00:00:00/371-03:10:14,33) [kblockd]
(root,0,0,00:00:00/371-03:10:14,34) [blkcg_punt_bio]
(root,0,0,00:00:00/371-03:10:14,35) [tpm_dev_wq]
(root,0,0,00:00:00/371-03:10:14,36) [edac-poller]
(root,0,0,00:00:00/371-03:10:14,37) [devfreq_wq]
(root,0,0,00:21:36/371-03:10:14,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:33/371-03:10:14,39) [kswapd0]
(root,0,0,00:00:00/371-03:10:13,45) [kthrotld]
(root,0,0,00:00:00/371-03:10:13,47) [acpi_thermal_pm]
(root,0,0,00:00:00/371-03:10:13,48) [mld]
(root,0,0,00:00:00/371-03:10:13,49) [ipv6_addrconf]
(root,0,0,00:00:00/371-03:10:13,54) [kstrp]
(root,0,0,00:00:00/371-03:10:13,59) [zswap-shrink]
(root,0,0,00:00:00/371-03:10:13,60) [kworker/u481:0]
(root,0,0,00:00:00/371-03:10:12,120) [hv_vmbus_con]
(root,0,0,00:00:00/371-03:10:12,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/371-03:10:12,122) [hv_pri_chan]
(root,0,0,00:00:00/371-03:10:12,123) [hv_sub_chan]
(root,0,0,00:00:00/371-03:10:12,127) [scsi_eh_0]
(root,0,0,00:00:00/371-03:10:12,128) [scsi_tmf_0]
(root,0,0,00:15:19/371-03:10:12,167) [jbd2/sda2-8]
(root,0,0,00:00:00/371-03:10:12,168) [ext4-rsv-conver]
(root,0,0,00:17:27/371-03:10:10,276) [hv_balloon]
(root,0,0,00:00:00/371-03:10:09,330) [cryptd]
(messagebus,8260,2888,09:18:44/371-03:10:08,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,04:50:13/371-03:10:08,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/371-03:10:08,519) [cifsiod]
(root,0,0,00:00:00/371-03:10:08,520) [smb3decryptd]
(root,0,0,00:00:00/371-03:10:08,521) [cifsfileinfoput]
(root,0,0,00:00:00/371-03:10:08,522) [cifsoplockd]
(root,0,0,00:00:00/371-03:10:08,523) [deferredclose]
(root,0,0,02:25:34/371-03:10:08,527) [cifsd]
(root,6608,1904,00:00:59/371-03:10:08,543) /usr/sbin/cron -f
(root,9268,1180,00:04:45/371-03:10:07,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/371-02:48:31,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3544,00:00:22/159-15:56:22,1010560) /lib/systemd/systemd-udevd
(root,1798892,19180,02:00:39/159-15:56:21,1010607) /usr/bin/containerd
(root,15540,3776,00:28:08/159-15:56:16,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,205568,152928,02:22:38/159-15:56:14,1010932) /lib/systemd/systemd-journald
(root,2003420,40912,02:08:58/159-15:56:11,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2236,00:01:01/159-15:56:08,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4580,00:39:28/159-15:53:09,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,3116,00:00:02/29-05:13:19,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,5164,00:00:02/29-05:13:19,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,3000,00:00:01/29-05:13:19,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,3072,00:00:02/29-05:13:19,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,2224,00:00:01/29-05:13:19,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,1112,00:00:02/29-05:13:19,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,2092,00:00:02/29-05:13:19,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,2132,00:00:02/29-05:13:19,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,8748,00:17:33/29-05:13:19,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,4936,00:00:00/29-05:13:19,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52048,6772,00:00:25/29-05:13:18,1860880) nginx: worker process
(systemd-timesync,50340,1792,00:00:16/29-05:13:18,1860881) nginx: cache manager process
(root,0,0,00:00:00/328-00:40:13,2399694) [tls-strp]
(root,1236472,7612,01:38:08/89-15:19:12,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,129040,10:21:28/89-15:19:12,2912964) minio server --console-address :9001 /data
(root,0,0,00:00:03/04:33:52,3306310) [kworker/0:3-events]
(root,0,0,00:00:01/02:02:37,3325565) [kworker/0:0-events]
(root,0,0,00:00:01/01:51:37,3326921) [kworker/0:2-deferredclose]
(root,0,0,00:00:00/41:17,3335835) [kworker/u480:2-writeback]
(root,0,0,00:00:00/25:37,3337727) [kworker/0:4-events]
(root,0,0,00:00:00/14:51,3339062) [kworker/0:1-cgroup_destroy]
(root,0,0,00:00:00/11:59,3339485) [kworker/u480:0-writeback]
(root,0,0,00:00:00/06:37,3340125) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/02:51,3340592) [kworker/0:5]
(root,0,0,00:00:00/00:59,3340834) [kworker/u480:1-events_unbound]
(root,7064,3368,00:00:00/00:00,3341051) /bin/bash /usr/bin/check_mk_agent
(root,8088,3888,00:00:00/00:00,3341070) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1032,00:00:00/00:00,3341071) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-10-01 23:46

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9623834bf

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9112,18:30:15/369-03:11:18,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:08/369-03:11:18,2) [kthreadd]
(root,0,0,00:00:00/369-03:11:18,3) [rcu_gp]
(root,0,0,00:00:00/369-03:11:18,4) [rcu_par_gp]
(root,0,0,00:00:00/369-03:11:18,5) [slub_flushwq]
(root,0,0,00:00:00/369-03:11:18,6) [netns]
(root,0,0,00:00:00/369-03:11:18,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/369-03:11:18,10) [mm_percpu_wq]
(root,0,0,00:00:00/369-03:11:18,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/369-03:11:18,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/369-03:11:18,13) [rcu_tasks_trace_kthread]
(root,0,0,01:59:14/369-03:11:18,14) [ksoftirqd/0]
(root,0,0,01:54:53/369-03:11:18,15) [rcu_preempt]
(root,0,0,00:03:17/369-03:11:18,16) [migration/0]
(root,0,0,00:00:00/369-03:11:18,18) [cpuhp/0]
(root,0,0,00:00:00/369-03:11:18,20) [kdevtmpfs]
(root,0,0,00:00:00/369-03:11:18,21) [inet_frag_wq]
(root,0,0,00:00:00/369-03:11:18,22) [kauditd]
(root,0,0,00:00:12/369-03:11:18,24) [khungtaskd]
(root,0,0,00:00:00/369-03:11:18,26) [oom_reaper]
(root,0,0,00:00:00/369-03:11:18,27) [writeback]
(root,0,0,00:53:42/369-03:11:18,29) [kcompactd0]
(root,0,0,00:00:00/369-03:11:18,30) [ksmd]
(root,0,0,00:07:11/369-03:11:18,31) [khugepaged]
(root,0,0,00:00:00/369-03:11:18,32) [kintegrityd]
(root,0,0,00:00:00/369-03:11:17,33) [kblockd]
(root,0,0,00:00:00/369-03:11:17,34) [blkcg_punt_bio]
(root,0,0,00:00:00/369-03:11:17,35) [tpm_dev_wq]
(root,0,0,00:00:00/369-03:11:17,36) [edac-poller]
(root,0,0,00:00:00/369-03:11:17,37) [devfreq_wq]
(root,0,0,00:21:30/369-03:11:17,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:33/369-03:11:17,39) [kswapd0]
(root,0,0,00:00:00/369-03:11:17,45) [kthrotld]
(root,0,0,00:00:00/369-03:11:17,47) [acpi_thermal_pm]
(root,0,0,00:00:00/369-03:11:17,48) [mld]
(root,0,0,00:00:00/369-03:11:17,49) [ipv6_addrconf]
(root,0,0,00:00:00/369-03:11:17,54) [kstrp]
(root,0,0,00:00:00/369-03:11:17,59) [zswap-shrink]
(root,0,0,00:00:00/369-03:11:17,60) [kworker/u481:0]
(root,0,0,00:00:00/369-03:11:16,120) [hv_vmbus_con]
(root,0,0,00:00:00/369-03:11:16,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/369-03:11:16,122) [hv_pri_chan]
(root,0,0,00:00:00/369-03:11:16,123) [hv_sub_chan]
(root,0,0,00:00:00/369-03:11:16,127) [scsi_eh_0]
(root,0,0,00:00:00/369-03:11:16,128) [scsi_tmf_0]
(root,0,0,00:15:15/369-03:11:15,167) [jbd2/sda2-8]
(root,0,0,00:00:00/369-03:11:15,168) [ext4-rsv-conver]
(root,0,0,00:17:22/369-03:11:13,276) [hv_balloon]
(root,0,0,00:00:00/369-03:11:12,330) [cryptd]
(messagebus,8260,2888,09:16:01/369-03:11:12,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,04:48:46/369-03:11:12,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/369-03:11:11,519) [cifsiod]
(root,0,0,00:00:00/369-03:11:11,520) [smb3decryptd]
(root,0,0,00:00:00/369-03:11:11,521) [cifsfileinfoput]
(root,0,0,00:00:00/369-03:11:11,522) [cifsoplockd]
(root,0,0,00:00:00/369-03:11:11,523) [deferredclose]
(root,0,0,02:24:18/369-03:11:11,527) [cifsd]
(root,6608,1904,00:00:59/369-03:11:11,543) /usr/sbin/cron -f
(root,9268,1180,00:04:45/369-03:11:11,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/369-02:49:35,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3568,00:00:22/157-15:57:26,1010560) /lib/systemd/systemd-udevd
(root,1798892,19288,01:58:42/157-15:57:24,1010607) /usr/bin/containerd
(root,15540,3776,00:27:48/157-15:57:20,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,172724,118748,02:20:59/157-15:57:18,1010932) /lib/systemd/systemd-journald
(root,2003420,41664,02:06:34/157-15:57:15,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2236,00:01:01/157-15:57:12,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4592,00:39:02/157-15:54:13,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,3116,00:00:02/27-05:14:23,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,5164,00:00:02/27-05:14:23,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,3000,00:00:01/27-05:14:23,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,3072,00:00:01/27-05:14:23,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,2224,00:00:01/27-05:14:23,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,1112,00:00:02/27-05:14:23,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,2092,00:00:01/27-05:14:23,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,2132,00:00:01/27-05:14:23,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,8788,00:16:27/27-05:14:23,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,5140,00:00:00/27-05:14:23,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52176,6992,00:00:24/27-05:14:22,1860880) nginx: worker process
(systemd-timesync,50340,1932,00:00:15/27-05:14:22,1860881) nginx: cache manager process
(root,0,0,00:00:00/326-00:41:17,2399694) [tls-strp]
(root,0,0,00:00:09/11:06:57,2903796) [kworker/0:0-cgroup_destroy]
(root,1236472,7704,01:35:52/87-15:20:16,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,126900,10:06:53/87-15:20:16,2912964) minio server --console-address :9001 /data
(root,0,0,00:00:01/49:41,2979023) [kworker/u480:3-writeback]
(root,0,0,00:00:00/41:41,2980069) [kworker/0:1-events]
(root,0,0,00:00:00/28:41,2981818) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/27:56,2981921) [kworker/0:3-deferredclose]
(root,0,0,00:00:00/22:42,2982588) [kworker/0:2-cgroup_destroy]
(root,0,0,00:00:00/16:41,2983340) [kworker/0:4-deferredclose]
(root,0,0,00:00:00/12:03,2983928) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/06:41,2984605) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/02:42,2985066) [kworker/0:5]
(root,7064,3392,00:00:00/00:00,2985522) /bin/bash /usr/bin/check_mk_agent
(root,8088,3936,00:00:00/00:00,2985540) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1044,00:00:00/00:00,2985541) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-09-29 23:47

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df93f4ddc90

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9112,18:24:29/367-03:11:26,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:08/367-03:11:26,2) [kthreadd]
(root,0,0,00:00:00/367-03:11:26,3) [rcu_gp]
(root,0,0,00:00:00/367-03:11:26,4) [rcu_par_gp]
(root,0,0,00:00:00/367-03:11:26,5) [slub_flushwq]
(root,0,0,00:00:00/367-03:11:26,6) [netns]
(root,0,0,00:00:00/367-03:11:26,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/367-03:11:26,10) [mm_percpu_wq]
(root,0,0,00:00:00/367-03:11:26,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/367-03:11:26,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/367-03:11:26,13) [rcu_tasks_trace_kthread]
(root,0,0,01:58:38/367-03:11:26,14) [ksoftirqd/0]
(root,0,0,01:54:12/367-03:11:26,15) [rcu_preempt]
(root,0,0,00:03:16/367-03:11:26,16) [migration/0]
(root,0,0,00:00:00/367-03:11:26,18) [cpuhp/0]
(root,0,0,00:00:00/367-03:11:26,20) [kdevtmpfs]
(root,0,0,00:00:00/367-03:11:26,21) [inet_frag_wq]
(root,0,0,00:00:00/367-03:11:26,22) [kauditd]
(root,0,0,00:00:12/367-03:11:26,24) [khungtaskd]
(root,0,0,00:00:00/367-03:11:26,26) [oom_reaper]
(root,0,0,00:00:00/367-03:11:26,27) [writeback]
(root,0,0,00:53:16/367-03:11:26,29) [kcompactd0]
(root,0,0,00:00:00/367-03:11:26,30) [ksmd]
(root,0,0,00:07:06/367-03:11:26,31) [khugepaged]
(root,0,0,00:00:00/367-03:11:26,32) [kintegrityd]
(root,0,0,00:00:00/367-03:11:26,33) [kblockd]
(root,0,0,00:00:00/367-03:11:26,34) [blkcg_punt_bio]
(root,0,0,00:00:00/367-03:11:26,35) [tpm_dev_wq]
(root,0,0,00:00:00/367-03:11:26,36) [edac-poller]
(root,0,0,00:00:00/367-03:11:26,37) [devfreq_wq]
(root,0,0,00:21:23/367-03:11:26,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:32/367-03:11:26,39) [kswapd0]
(root,0,0,00:00:00/367-03:11:25,45) [kthrotld]
(root,0,0,00:00:00/367-03:11:25,47) [acpi_thermal_pm]
(root,0,0,00:00:00/367-03:11:25,48) [mld]
(root,0,0,00:00:00/367-03:11:25,49) [ipv6_addrconf]
(root,0,0,00:00:00/367-03:11:25,54) [kstrp]
(root,0,0,00:00:00/367-03:11:25,59) [zswap-shrink]
(root,0,0,00:00:00/367-03:11:25,60) [kworker/u481:0]
(root,0,0,00:00:00/367-03:11:25,120) [hv_vmbus_con]
(root,0,0,00:00:00/367-03:11:25,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/367-03:11:25,122) [hv_pri_chan]
(root,0,0,00:00:00/367-03:11:25,123) [hv_sub_chan]
(root,0,0,00:00:00/367-03:11:24,127) [scsi_eh_0]
(root,0,0,00:00:00/367-03:11:24,128) [scsi_tmf_0]
(root,0,0,00:15:10/367-03:11:24,167) [jbd2/sda2-8]
(root,0,0,00:00:00/367-03:11:24,168) [ext4-rsv-conver]
(root,0,0,00:17:17/367-03:11:22,276) [hv_balloon]
(root,0,0,00:00:00/367-03:11:21,330) [cryptd]
(messagebus,8260,2888,09:13:07/367-03:11:20,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,04:47:16/367-03:11:20,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/367-03:11:20,519) [cifsiod]
(root,0,0,00:00:00/367-03:11:20,520) [smb3decryptd]
(root,0,0,00:00:00/367-03:11:20,521) [cifsfileinfoput]
(root,0,0,00:00:00/367-03:11:20,522) [cifsoplockd]
(root,0,0,00:00:00/367-03:11:20,523) [deferredclose]
(root,0,0,02:23:03/367-03:11:20,527) [cifsd]
(root,6608,1904,00:00:59/367-03:11:20,543) /usr/sbin/cron -f
(root,9268,1180,00:04:44/367-03:11:20,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/367-02:49:43,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3612,00:00:22/155-15:57:34,1010560) /lib/systemd/systemd-udevd
(root,1798892,19348,01:56:46/155-15:57:33,1010607) /usr/bin/containerd
(root,15540,3776,00:27:30/155-15:57:28,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,230260,167172,02:19:14/155-15:57:27,1010932) /lib/systemd/systemd-journald
(root,2003420,41836,02:04:09/155-15:57:23,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2240,00:01:00/155-15:57:21,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4600,00:38:34/155-15:54:22,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,3116,00:00:02/25-05:14:32,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,5164,00:00:02/25-05:14:32,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,3000,00:00:01/25-05:14:32,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,3072,00:00:01/25-05:14:32,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,2224,00:00:01/25-05:14:31,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,1112,00:00:02/25-05:14:31,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,2092,00:00:01/25-05:14:31,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,2132,00:00:01/25-05:14:31,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,9468,00:15:15/25-05:14:31,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,5436,00:00:00/25-05:14:31,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52180,7108,00:00:21/25-05:14:30,1860880) nginx: worker process
(systemd-timesync,50340,2068,00:00:14/25-05:14:30,1860881) nginx: cache manager process
(root,0,0,00:00:00/324-00:41:26,2399694) [tls-strp]
(root,0,0,00:00:01/02:13:04,2604071) [kworker/0:5-events]
(root,0,0,00:00:01/02:05:04,2605170) [kworker/0:2-events]
(root,0,0,00:00:01/01:54:04,2606682) [kworker/0:3-events]
(root,0,0,00:00:00/56:04,2614859) [kworker/0:1-events]
(root,0,0,00:00:01/30:11,2618539) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/24:48,2619315) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/24:34,2619321) [kworker/0:0-deferredclose]
(root,0,0,00:00:00/07:48,2621705) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/04:07,2622168) [kworker/0:4]
(root,0,0,00:00:00/02:48,2622376) [kworker/u480:2-writeback]
(root,17660,11144,00:00:00/00:04,2622716) sshd: root@pts/0
(root,18952,10640,00:00:00/00:04,2622719) /lib/systemd/systemd --user
(root,169660,2640,00:00:00/00:04,2622720) (sd-pam)
(root,3200,1844,00:00:00/00:04,2622739) /bin/nc -w 5 miljogiraff-simapro 6556
(root,7064,3392,00:00:00/00:00,2622741) /bin/bash /usr/bin/check_mk_agent
(root,7064,3340,00:00:00/00:00,2622762) /bin/bash /usr/bin/check_mk_agent
(root,7064,3416,00:00:00/00:00,2622798) /bin/bash /usr/bin/check_mk_agent
(root,8088,3888,00:00:00/00:00,2622831) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1040,00:00:00/00:00,2622832) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,1236472,7720,01:33:35/85-15:20:25,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,127008,09:52:19/85-15:20:24,2912964) minio server --console-address :9001 /data

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-09-27 23:47

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9c75a9b38

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9112,18:17:25/365-03:16:13,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:08/365-03:16:13,2) [kthreadd]
(root,0,0,00:00:00/365-03:16:13,3) [rcu_gp]
(root,0,0,00:00:00/365-03:16:13,4) [rcu_par_gp]
(root,0,0,00:00:00/365-03:16:13,5) [slub_flushwq]
(root,0,0,00:00:00/365-03:16:13,6) [netns]
(root,0,0,00:00:00/365-03:16:13,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/365-03:16:13,10) [mm_percpu_wq]
(root,0,0,00:00:00/365-03:16:13,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/365-03:16:13,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/365-03:16:13,13) [rcu_tasks_trace_kthread]
(root,0,0,01:57:55/365-03:16:13,14) [ksoftirqd/0]
(root,0,0,01:53:26/365-03:16:13,15) [rcu_preempt]
(root,0,0,00:03:15/365-03:16:13,16) [migration/0]
(root,0,0,00:00:00/365-03:16:13,18) [cpuhp/0]
(root,0,0,00:00:00/365-03:16:13,20) [kdevtmpfs]
(root,0,0,00:00:00/365-03:16:13,21) [inet_frag_wq]
(root,0,0,00:00:00/365-03:16:13,22) [kauditd]
(root,0,0,00:00:12/365-03:16:13,24) [khungtaskd]
(root,0,0,00:00:00/365-03:16:13,26) [oom_reaper]
(root,0,0,00:00:00/365-03:16:13,27) [writeback]
(root,0,0,00:52:49/365-03:16:12,29) [kcompactd0]
(root,0,0,00:00:00/365-03:16:12,30) [ksmd]
(root,0,0,00:07:00/365-03:16:12,31) [khugepaged]
(root,0,0,00:00:00/365-03:16:12,32) [kintegrityd]
(root,0,0,00:00:00/365-03:16:12,33) [kblockd]
(root,0,0,00:00:00/365-03:16:12,34) [blkcg_punt_bio]
(root,0,0,00:00:00/365-03:16:12,35) [tpm_dev_wq]
(root,0,0,00:00:00/365-03:16:12,36) [edac-poller]
(root,0,0,00:00:00/365-03:16:12,37) [devfreq_wq]
(root,0,0,00:21:16/365-03:16:12,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:32/365-03:16:12,39) [kswapd0]
(root,0,0,00:00:00/365-03:16:12,45) [kthrotld]
(root,0,0,00:00:00/365-03:16:12,47) [acpi_thermal_pm]
(root,0,0,00:00:00/365-03:16:12,48) [mld]
(root,0,0,00:00:00/365-03:16:12,49) [ipv6_addrconf]
(root,0,0,00:00:00/365-03:16:12,54) [kstrp]
(root,0,0,00:00:00/365-03:16:12,59) [zswap-shrink]
(root,0,0,00:00:00/365-03:16:12,60) [kworker/u481:0]
(root,0,0,00:00:00/365-03:16:11,120) [hv_vmbus_con]
(root,0,0,00:00:00/365-03:16:11,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/365-03:16:11,122) [hv_pri_chan]
(root,0,0,00:00:00/365-03:16:11,123) [hv_sub_chan]
(root,0,0,00:00:00/365-03:16:11,127) [scsi_eh_0]
(root,0,0,00:00:00/365-03:16:11,128) [scsi_tmf_0]
(root,0,0,00:15:06/365-03:16:10,167) [jbd2/sda2-8]
(root,0,0,00:00:00/365-03:16:10,168) [ext4-rsv-conver]
(root,0,0,00:17:12/365-03:16:08,276) [hv_balloon]
(root,0,0,00:00:00/365-03:16:07,330) [cryptd]
(messagebus,8260,2888,09:09:42/365-03:16:07,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,04:45:33/365-03:16:07,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/365-03:16:06,519) [cifsiod]
(root,0,0,00:00:00/365-03:16:06,520) [smb3decryptd]
(root,0,0,00:00:00/365-03:16:06,521) [cifsfileinfoput]
(root,0,0,00:00:00/365-03:16:06,522) [cifsoplockd]
(root,0,0,00:00:00/365-03:16:06,523) [deferredclose]
(root,0,0,02:21:49/365-03:16:06,527) [cifsd]
(root,6608,1904,00:00:58/365-03:16:06,543) /usr/sbin/cron -f
(root,9268,1180,00:04:44/365-03:16:06,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/365-02:54:30,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3640,00:00:21/153-16:02:21,1010560) /lib/systemd/systemd-udevd
(root,1798892,18428,01:54:49/153-16:02:19,1010607) /usr/bin/containerd
(root,15540,3776,00:27:08/153-16:02:15,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,160532,113664,02:17:06/153-16:02:13,1010932) /lib/systemd/systemd-journald
(root,2003420,42016,02:01:45/153-16:02:10,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2240,00:00:59/153-16:02:07,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4616,00:37:58/153-15:59:08,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,4276,00:00:02/23-05:19:18,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,6320,00:00:02/23-05:19:18,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,4104,00:00:01/23-05:19:18,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,4220,00:00:01/23-05:19:18,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,3356,00:00:01/23-05:19:18,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,2260,00:00:02/23-05:19:18,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,3248,00:00:01/23-05:19:18,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,3280,00:00:01/23-05:19:18,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,10248,00:14:03/23-05:19:18,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,5576,00:00:00/23-05:19:18,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52180,7104,00:00:20/23-05:19:17,1860880) nginx: worker process
(systemd-timesync,50340,2144,00:00:13/23-05:19:17,1860881) nginx: cache manager process
(root,0,0,00:00:02/03:15:58,2199761) [kworker/0:2-deferredclose]
(root,0,0,00:00:02/02:30:58,2205104) [kworker/0:4-cgroup_destroy]
(root,0,0,00:00:02/58:34,2216644) [kworker/u480:0-writeback]
(root,0,0,00:00:00/36:52,2219182) [kworker/0:1-events]
(root,0,0,00:00:00/23:55,2220732) [kworker/0:0-events]
(root,0,0,00:00:00/22:58,2220831) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/12:58,2222023) [kworker/0:3-cgroup_destroy]
(root,0,0,00:00:00/09:58,2222379) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/04:58,2222973) [kworker/u480:3-events_unbound]
(root,7064,3272,00:00:00/00:00,2223665) /bin/bash /usr/bin/check_mk_agent
(root,8088,3980,00:00:00/00:00,2223683) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1024,00:00:00/00:00,2223684) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/322-00:46:12,2399694) [tls-strp]
(root,1236472,8456,01:31:19/83-15:25:11,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,127236,09:37:46/83-15:25:11,2912964) minio server --console-address :9001 /data

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-09-25 23:52

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df90ec7ca46

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9112,18:12:18/363-03:15:59,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:08/363-03:15:59,2) [kthreadd]
(root,0,0,00:00:00/363-03:15:59,3) [rcu_gp]
(root,0,0,00:00:00/363-03:15:59,4) [rcu_par_gp]
(root,0,0,00:00:00/363-03:15:59,5) [slub_flushwq]
(root,0,0,00:00:00/363-03:15:59,6) [netns]
(root,0,0,00:00:00/363-03:15:59,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/363-03:15:59,10) [mm_percpu_wq]
(root,0,0,00:00:00/363-03:15:59,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/363-03:15:59,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/363-03:15:59,13) [rcu_tasks_trace_kthread]
(root,0,0,01:57:21/363-03:15:59,14) [ksoftirqd/0]
(root,0,0,01:52:46/363-03:15:59,15) [rcu_preempt]
(root,0,0,00:03:14/363-03:15:59,16) [migration/0]
(root,0,0,00:00:00/363-03:15:59,18) [cpuhp/0]
(root,0,0,00:00:00/363-03:15:59,20) [kdevtmpfs]
(root,0,0,00:00:00/363-03:15:59,21) [inet_frag_wq]
(root,0,0,00:00:00/363-03:15:59,22) [kauditd]
(root,0,0,00:00:12/363-03:15:59,24) [khungtaskd]
(root,0,0,00:00:00/363-03:15:59,26) [oom_reaper]
(root,0,0,00:00:00/363-03:15:59,27) [writeback]
(root,0,0,00:52:23/363-03:15:59,29) [kcompactd0]
(root,0,0,00:00:00/363-03:15:59,30) [ksmd]
(root,0,0,00:06:54/363-03:15:59,31) [khugepaged]
(root,0,0,00:00:00/363-03:15:59,32) [kintegrityd]
(root,0,0,00:00:00/363-03:15:59,33) [kblockd]
(root,0,0,00:00:00/363-03:15:59,34) [blkcg_punt_bio]
(root,0,0,00:00:00/363-03:15:59,35) [tpm_dev_wq]
(root,0,0,00:00:00/363-03:15:59,36) [edac-poller]
(root,0,0,00:00:00/363-03:15:59,37) [devfreq_wq]
(root,0,0,00:21:10/363-03:15:59,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:32/363-03:15:59,39) [kswapd0]
(root,0,0,00:00:00/363-03:15:59,45) [kthrotld]
(root,0,0,00:00:00/363-03:15:59,47) [acpi_thermal_pm]
(root,0,0,00:00:00/363-03:15:58,48) [mld]
(root,0,0,00:00:00/363-03:15:58,49) [ipv6_addrconf]
(root,0,0,00:00:00/363-03:15:58,54) [kstrp]
(root,0,0,00:00:00/363-03:15:58,59) [zswap-shrink]
(root,0,0,00:00:00/363-03:15:58,60) [kworker/u481:0]
(root,0,0,00:00:00/363-03:15:58,120) [hv_vmbus_con]
(root,0,0,00:00:00/363-03:15:58,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/363-03:15:58,122) [hv_pri_chan]
(root,0,0,00:00:00/363-03:15:58,123) [hv_sub_chan]
(root,0,0,00:00:00/363-03:15:57,127) [scsi_eh_0]
(root,0,0,00:00:00/363-03:15:57,128) [scsi_tmf_0]
(root,0,0,00:15:02/363-03:15:57,167) [jbd2/sda2-8]
(root,0,0,00:00:00/363-03:15:57,168) [ext4-rsv-conver]
(root,0,0,00:17:07/363-03:15:55,276) [hv_balloon]
(root,0,0,00:00:00/363-03:15:54,330) [cryptd]
(messagebus,8260,2888,09:07:03/363-03:15:53,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,04:44:08/363-03:15:53,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/363-03:15:53,519) [cifsiod]
(root,0,0,00:00:00/363-03:15:53,520) [smb3decryptd]
(root,0,0,00:00:00/363-03:15:53,521) [cifsfileinfoput]
(root,0,0,00:00:00/363-03:15:53,522) [cifsoplockd]
(root,0,0,00:00:00/363-03:15:53,523) [deferredclose]
(root,0,0,02:20:32/363-03:15:53,527) [cifsd]
(root,6608,1904,00:00:58/363-03:15:53,543) /usr/sbin/cron -f
(root,9268,1180,00:04:44/363-03:15:53,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/363-02:54:16,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3656,00:00:21/151-16:02:07,1010560) /lib/systemd/systemd-udevd
(root,1798892,18556,01:52:52/151-16:02:06,1010607) /usr/bin/containerd
(root,15540,3776,00:26:47/151-16:02:01,1010859) sshd: /usr/sbin/sshd -D [listener] 1 of 10-100 startups
(root,225952,169620,02:15:28/151-16:02:00,1010932) /lib/systemd/systemd-journald
(root,2003420,41316,01:59:21/151-16:01:56,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2240,00:00:58/151-16:01:54,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4624,00:37:33/151-15:58:55,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,0,0,00:00:03/04:09:43,1839153) [kworker/0:3-cgroup_destroy]
(root,0,0,00:00:02/01:21:44,1860564) [kworker/u480:3-events_unbound]
(root,1671564,4276,00:00:01/21-05:19:05,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,6320,00:00:01/21-05:19:05,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,4104,00:00:01/21-05:19:05,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,4220,00:00:01/21-05:19:05,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,3356,00:00:01/21-05:19:04,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,2260,00:00:02/21-05:19:04,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,3248,00:00:01/21-05:19:04,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,3280,00:00:01/21-05:19:04,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,10292,00:12:50/21-05:19:04,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,5588,00:00:00/21-05:19:04,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52176,7204,00:00:19/21-05:19:03,1860880) nginx: worker process
(systemd-timesync,50340,2152,00:00:11/21-05:19:03,1860881) nginx: cache manager process
(root,0,0,00:00:00/01:12:43,1861706) [kworker/0:4-cgroup_destroy]
(root,0,0,00:00:02/01:10:44,1861927) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/20:22,1867914) [kworker/0:0-deferredclose]
(root,0,0,00:00:00/11:22,1869188) [kworker/0:1-events]
(root,0,0,00:00:00/07:21,1869799) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/01:42,1870516) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/01:22,1870530) [kworker/0:2-events]
(root,18960,10804,00:00:00/00:22,1870665) /lib/systemd/systemd --user
(root,169660,2640,00:00:00/00:22,1870666) (sd-pam)
(root,17660,11032,00:00:00/00:00,1870761) sshd: root@pts/0
(root,15544,8876,00:00:00/00:00,1870762) sshd: [accepted]
(sshd,15544,5152,00:00:00/00:00,1870764) sshd: [net]
(root,3200,1872,00:00:00/00:00,1870769) /bin/nc -w 5 miljogiraff-gw 6556
(root,7064,3464,00:00:00/00:00,1870771) /bin/bash /usr/bin/check_mk_agent
(root,7064,3372,00:00:00/00:00,1870792) /bin/bash /usr/bin/check_mk_agent
(root,7064,3376,00:00:00/00:00,1870822) /bin/bash /usr/bin/check_mk_agent
(root,6940,3168,00:00:00/00:00,1870850) pgrep crmd
(root,8088,3900,00:00:00/00:00,1870855) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1020,00:00:00/00:00,1870856) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/320-00:45:59,2399694) [tls-strp]
(root,1236472,8168,01:29:02/81-15:24:58,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,127000,09:23:00/81-15:24:58,2912964) minio server --console-address :9001 /data

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-09-23 23:52

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df93f0abdec

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9112,18:06:01/361-03:01:11,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:08/361-03:01:11,2) [kthreadd]
(root,0,0,00:00:00/361-03:01:11,3) [rcu_gp]
(root,0,0,00:00:00/361-03:01:11,4) [rcu_par_gp]
(root,0,0,00:00:00/361-03:01:11,5) [slub_flushwq]
(root,0,0,00:00:00/361-03:01:11,6) [netns]
(root,0,0,00:00:00/361-03:01:11,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/361-03:01:11,10) [mm_percpu_wq]
(root,0,0,00:00:00/361-03:01:11,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/361-03:01:11,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/361-03:01:11,13) [rcu_tasks_trace_kthread]
(root,0,0,01:56:42/361-03:01:11,14) [ksoftirqd/0]
(root,0,0,01:52:01/361-03:01:11,15) [rcu_preempt]
(root,0,0,00:03:13/361-03:01:11,16) [migration/0]
(root,0,0,00:00:00/361-03:01:11,18) [cpuhp/0]
(root,0,0,00:00:00/361-03:01:11,20) [kdevtmpfs]
(root,0,0,00:00:00/361-03:01:11,21) [inet_frag_wq]
(root,0,0,00:00:00/361-03:01:11,22) [kauditd]
(root,0,0,00:00:12/361-03:01:11,24) [khungtaskd]
(root,0,0,00:00:00/361-03:01:11,26) [oom_reaper]
(root,0,0,00:00:00/361-03:01:11,27) [writeback]
(root,0,0,00:51:58/361-03:01:11,29) [kcompactd0]
(root,0,0,00:00:00/361-03:01:11,30) [ksmd]
(root,0,0,00:06:49/361-03:01:11,31) [khugepaged]
(root,0,0,00:00:00/361-03:01:11,32) [kintegrityd]
(root,0,0,00:00:00/361-03:01:11,33) [kblockd]
(root,0,0,00:00:00/361-03:01:11,34) [blkcg_punt_bio]
(root,0,0,00:00:00/361-03:01:11,35) [tpm_dev_wq]
(root,0,0,00:00:00/361-03:01:11,36) [edac-poller]
(root,0,0,00:00:00/361-03:01:11,37) [devfreq_wq]
(root,0,0,00:21:03/361-03:01:11,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:32/361-03:01:11,39) [kswapd0]
(root,0,0,00:00:00/361-03:01:10,45) [kthrotld]
(root,0,0,00:00:00/361-03:01:10,47) [acpi_thermal_pm]
(root,0,0,00:00:00/361-03:01:10,48) [mld]
(root,0,0,00:00:00/361-03:01:10,49) [ipv6_addrconf]
(root,0,0,00:00:00/361-03:01:10,54) [kstrp]
(root,0,0,00:00:00/361-03:01:10,59) [zswap-shrink]
(root,0,0,00:00:00/361-03:01:10,60) [kworker/u481:0]
(root,0,0,00:00:00/361-03:01:09,120) [hv_vmbus_con]
(root,0,0,00:00:00/361-03:01:09,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/361-03:01:09,122) [hv_pri_chan]
(root,0,0,00:00:00/361-03:01:09,123) [hv_sub_chan]
(root,0,0,00:00:00/361-03:01:09,127) [scsi_eh_0]
(root,0,0,00:00:00/361-03:01:09,128) [scsi_tmf_0]
(root,0,0,00:14:57/361-03:01:09,167) [jbd2/sda2-8]
(root,0,0,00:00:00/361-03:01:09,168) [ext4-rsv-conver]
(root,0,0,00:17:02/361-03:01:07,276) [hv_balloon]
(root,0,0,00:00:00/361-03:01:06,330) [cryptd]
(messagebus,8260,2888,09:03:57/361-03:01:05,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,04:42:32/361-03:01:05,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/361-03:01:05,519) [cifsiod]
(root,0,0,00:00:00/361-03:01:05,520) [smb3decryptd]
(root,0,0,00:00:00/361-03:01:05,521) [cifsfileinfoput]
(root,0,0,00:00:00/361-03:01:05,522) [cifsoplockd]
(root,0,0,00:00:00/361-03:01:05,523) [deferredclose]
(root,0,0,02:19:16/361-03:01:05,527) [cifsd]
(root,6608,1904,00:00:58/361-03:01:04,543) /usr/sbin/cron -f
(root,9268,1180,00:04:44/361-03:01:04,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/361-02:39:28,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3664,00:00:21/149-15:47:19,1010560) /lib/systemd/systemd-udevd
(root,1798892,18692,01:50:55/149-15:47:18,1010607) /usr/bin/containerd
(root,15540,3776,00:26:28/149-15:47:13,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,250792,188640,02:13:34/149-15:47:11,1010932) /lib/systemd/systemd-journald
(root,2003420,41516,01:56:55/149-15:47:08,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2244,00:00:57/149-15:47:05,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4632,00:37:02/149-15:44:06,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,0,0,00:00:01/01:38:12,1475235) [kworker/0:1-rcu_gp]
(root,0,0,00:00:01/01:26:56,1476777) [kworker/0:3-deferredclose]
(root,0,0,00:00:00/38:12,1485118) [kworker/0:2-deferredclose]
(root,0,0,00:00:00/32:49,1486120) [kworker/0:4+events]
(root,0,0,00:00:00/27:49,1486808) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/22:33,1488164) [kworker/u480:2+events_unbound]
(root,0,0,00:00:00/18:12,1488738) [kworker/0:0-events]
(root,0,0,00:00:00/08:25,1490088) [kworker/u480:1+events_unbound]
(root,0,0,00:00:00/03:18,1490771) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/01:56,1491020) [kworker/0:5]
(root,18980,10796,00:00:00/00:12,1491257) /lib/systemd/systemd --user
(root,169660,2640,00:00:00/00:12,1491258) (sd-pam)
(root,7064,3288,00:00:00/00:00,1491316) /bin/bash /usr/bin/check_mk_agent
(root,7064,3300,00:00:00/00:00,1491354) /bin/bash /usr/bin/check_mk_agent
(root,8088,3940,00:00:00/00:00,1491386) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1020,00:00:00/00:00,1491387) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,7064,1824,00:00:00/00:00,1491390) /bin/bash /usr/bin/check_mk_agent
(root,1671564,4456,00:00:01/19-05:04:16,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,6500,00:00:01/19-05:04:16,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,4276,00:00:01/19-05:04:16,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,4400,00:00:01/19-05:04:16,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,3512,00:00:01/19-05:04:16,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,2440,00:00:01/19-05:04:16,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,3428,00:00:01/19-05:04:16,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,3460,00:00:01/19-05:04:16,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,10356,00:11:37/19-05:04:16,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,5616,00:00:00/19-05:04:16,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52176,7164,00:00:17/19-05:04:15,1860880) nginx: worker process
(systemd-timesync,50340,2176,00:00:10/19-05:04:15,1860881) nginx: cache manager process
(root,0,0,00:00:00/318-00:31:10,2399694) [tls-strp]
(root,1236472,8072,01:26:45/79-15:10:09,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,127464,09:08:13/79-15:10:09,2912964) minio server --console-address :9001 /data

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-09-21 23:37

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df90381413f

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9108,17:59:05/359-00:04:07,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:08/359-00:04:07,2) [kthreadd]
(root,0,0,00:00:00/359-00:04:07,3) [rcu_gp]
(root,0,0,00:00:00/359-00:04:07,4) [rcu_par_gp]
(root,0,0,00:00:00/359-00:04:07,5) [slub_flushwq]
(root,0,0,00:00:00/359-00:04:07,6) [netns]
(root,0,0,00:00:00/359-00:04:07,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/359-00:04:07,10) [mm_percpu_wq]
(root,0,0,00:00:00/359-00:04:07,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/359-00:04:07,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/359-00:04:07,13) [rcu_tasks_trace_kthread]
(root,0,0,01:55:59/359-00:04:07,14) [ksoftirqd/0]
(root,0,0,01:51:14/359-00:04:07,15) [rcu_preempt]
(root,0,0,00:03:11/359-00:04:07,16) [migration/0]
(root,0,0,00:00:00/359-00:04:07,18) [cpuhp/0]
(root,0,0,00:00:00/359-00:04:07,20) [kdevtmpfs]
(root,0,0,00:00:00/359-00:04:07,21) [inet_frag_wq]
(root,0,0,00:00:00/359-00:04:07,22) [kauditd]
(root,0,0,00:00:12/359-00:04:07,24) [khungtaskd]
(root,0,0,00:00:00/359-00:04:07,26) [oom_reaper]
(root,0,0,00:00:00/359-00:04:07,27) [writeback]
(root,0,0,00:51:30/359-00:04:07,29) [kcompactd0]
(root,0,0,00:00:00/359-00:04:07,30) [ksmd]
(root,0,0,00:06:42/359-00:04:07,31) [khugepaged]
(root,0,0,00:00:00/359-00:04:07,32) [kintegrityd]
(root,0,0,00:00:00/359-00:04:07,33) [kblockd]
(root,0,0,00:00:00/359-00:04:07,34) [blkcg_punt_bio]
(root,0,0,00:00:00/359-00:04:07,35) [tpm_dev_wq]
(root,0,0,00:00:00/359-00:04:07,36) [edac-poller]
(root,0,0,00:00:00/359-00:04:07,37) [devfreq_wq]
(root,0,0,00:20:55/359-00:04:07,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:31/359-00:04:07,39) [kswapd0]
(root,0,0,00:00:00/359-00:04:07,45) [kthrotld]
(root,0,0,00:00:00/359-00:04:07,47) [acpi_thermal_pm]
(root,0,0,00:00:00/359-00:04:07,48) [mld]
(root,0,0,00:00:00/359-00:04:07,49) [ipv6_addrconf]
(root,0,0,00:00:00/359-00:04:07,54) [kstrp]
(root,0,0,00:00:00/359-00:04:06,59) [zswap-shrink]
(root,0,0,00:00:00/359-00:04:06,60) [kworker/u481:0]
(root,0,0,00:00:00/359-00:04:06,120) [hv_vmbus_con]
(root,0,0,00:00:00/359-00:04:06,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/359-00:04:06,122) [hv_pri_chan]
(root,0,0,00:00:00/359-00:04:06,123) [hv_sub_chan]
(root,0,0,00:00:00/359-00:04:06,127) [scsi_eh_0]
(root,0,0,00:00:00/359-00:04:06,128) [scsi_tmf_0]
(root,0,0,00:14:53/359-00:04:05,167) [jbd2/sda2-8]
(root,0,0,00:00:00/359-00:04:05,168) [ext4-rsv-conver]
(root,0,0,00:16:56/359-00:04:03,276) [hv_balloon]
(root,0,0,00:00:00/359-00:04:02,330) [cryptd]
(messagebus,8260,2888,09:00:32/359-00:04:02,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,04:40:47/359-00:04:01,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/359-00:04:01,519) [cifsiod]
(root,0,0,00:00:00/359-00:04:01,520) [smb3decryptd]
(root,0,0,00:00:00/359-00:04:01,521) [cifsfileinfoput]
(root,0,0,00:00:00/359-00:04:01,522) [cifsoplockd]
(root,0,0,00:00:00/359-00:04:01,523) [deferredclose]
(root,0,0,02:17:55/359-00:04:01,527) [cifsd]
(root,6608,1904,00:00:57/359-00:04:01,543) /usr/sbin/cron -f
(root,9268,1180,00:04:43/359-00:04:01,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/358-23:42:24,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3664,00:00:20/147-12:50:15,1010560) /lib/systemd/systemd-udevd
(root,1798892,19488,01:48:52/147-12:50:14,1010607) /usr/bin/containerd
(root,15540,3776,00:26:08/147-12:50:10,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,197348,147948,02:11:30/147-12:50:08,1010932) /lib/systemd/systemd-journald
(root,2003420,42472,01:54:22/147-12:50:05,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2244,00:00:56/147-12:50:02,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4680,00:36:27/147-12:47:03,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,0,0,00:00:03/03:58:30,1050310) [kworker/0:2-cgroup_destroy]
(root,0,0,00:00:00/01:29:30,1071049) [kworker/0:1-rcu_gp]
(root,0,0,00:00:00/53:54,1075378) [kworker/0:5-cgroup_destroy]
(root,0,0,00:00:00/19:07,1079566) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/11:23,1080549) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/06:07,1081214) [kworker/u480:0+events_unbound]
(root,0,0,00:00:00/01:07,1081793) [kworker/0:0-events_power_efficient]
(root,0,0,00:00:00/00:30,1081832) [kworker/u480:1+events_unbound]
(root,7064,3504,00:00:00/00:00,1081955) /bin/bash /usr/bin/check_mk_agent
(root,7064,3464,00:00:00/00:00,1081991) /bin/bash /usr/bin/check_mk_agent
(root,8088,3884,00:00:00/00:00,1082028) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1048,00:00:00/00:00,1082029) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,1671564,4456,00:00:01/17-02:07:13,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,6500,00:00:01/17-02:07:13,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,4276,00:00:00/17-02:07:13,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,4400,00:00:01/17-02:07:13,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,3512,00:00:00/17-02:07:13,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,2440,00:00:01/17-02:07:13,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,3428,00:00:01/17-02:07:13,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,3460,00:00:01/17-02:07:13,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,10492,00:10:20/17-02:07:12,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,5760,00:00:00/17-02:07:12,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52052,7156,00:00:13/17-02:07:11,1860880) nginx: worker process
(systemd-timesync,50340,2176,00:00:09/17-02:07:11,1860881) nginx: cache manager process
(root,0,0,00:00:00/315-21:34:07,2399694) [tls-strp]
(root,1236472,7824,01:24:21/77-12:13:06,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,127704,08:52:43/77-12:13:06,2912964) minio server --console-address :9001 /data

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-09-19 20:40

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df989ed1728

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9116,17:53:58/357-01:12:39,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:08/357-01:12:39,2) [kthreadd]
(root,0,0,00:00:00/357-01:12:39,3) [rcu_gp]
(root,0,0,00:00:00/357-01:12:39,4) [rcu_par_gp]
(root,0,0,00:00:00/357-01:12:39,5) [slub_flushwq]
(root,0,0,00:00:00/357-01:12:39,6) [netns]
(root,0,0,00:00:00/357-01:12:39,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/357-01:12:39,10) [mm_percpu_wq]
(root,0,0,00:00:00/357-01:12:39,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/357-01:12:39,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/357-01:12:39,13) [rcu_tasks_trace_kthread]
(root,0,0,01:55:26/357-01:12:39,14) [ksoftirqd/0]
(root,0,0,01:50:35/357-01:12:39,15) [rcu_preempt]
(root,0,0,00:03:10/357-01:12:39,16) [migration/0]
(root,0,0,00:00:00/357-01:12:39,18) [cpuhp/0]
(root,0,0,00:00:00/357-01:12:39,20) [kdevtmpfs]
(root,0,0,00:00:00/357-01:12:39,21) [inet_frag_wq]
(root,0,0,00:00:00/357-01:12:39,22) [kauditd]
(root,0,0,00:00:12/357-01:12:39,24) [khungtaskd]
(root,0,0,00:00:00/357-01:12:39,26) [oom_reaper]
(root,0,0,00:00:00/357-01:12:39,27) [writeback]
(root,0,0,00:51:04/357-01:12:39,29) [kcompactd0]
(root,0,0,00:00:00/357-01:12:39,30) [ksmd]
(root,0,0,00:06:37/357-01:12:39,31) [khugepaged]
(root,0,0,00:00:00/357-01:12:39,32) [kintegrityd]
(root,0,0,00:00:00/357-01:12:39,33) [kblockd]
(root,0,0,00:00:00/357-01:12:39,34) [blkcg_punt_bio]
(root,0,0,00:00:00/357-01:12:39,35) [tpm_dev_wq]
(root,0,0,00:00:00/357-01:12:39,36) [edac-poller]
(root,0,0,00:00:00/357-01:12:39,37) [devfreq_wq]
(root,0,0,00:20:49/357-01:12:39,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:31/357-01:12:39,39) [kswapd0]
(root,0,0,00:00:00/357-01:12:39,45) [kthrotld]
(root,0,0,00:00:00/357-01:12:39,47) [acpi_thermal_pm]
(root,0,0,00:00:00/357-01:12:38,48) [mld]
(root,0,0,00:00:00/357-01:12:38,49) [ipv6_addrconf]
(root,0,0,00:00:00/357-01:12:38,54) [kstrp]
(root,0,0,00:00:00/357-01:12:38,59) [zswap-shrink]
(root,0,0,00:00:00/357-01:12:38,60) [kworker/u481:0]
(root,0,0,00:00:00/357-01:12:38,120) [hv_vmbus_con]
(root,0,0,00:00:00/357-01:12:38,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/357-01:12:38,122) [hv_pri_chan]
(root,0,0,00:00:00/357-01:12:38,123) [hv_sub_chan]
(root,0,0,00:00:00/357-01:12:37,127) [scsi_eh_0]
(root,0,0,00:00:00/357-01:12:37,128) [scsi_tmf_0]
(root,0,0,00:14:49/357-01:12:37,167) [jbd2/sda2-8]
(root,0,0,00:00:00/357-01:12:37,168) [ext4-rsv-conver]
(root,0,0,00:16:50/357-01:12:35,276) [hv_balloon]
(root,0,0,00:00:00/357-01:12:34,330) [cryptd]
(messagebus,8260,2888,08:57:53/357-01:12:33,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,04:39:23/357-01:12:33,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/357-01:12:33,519) [cifsiod]
(root,0,0,00:00:00/357-01:12:33,520) [smb3decryptd]
(root,0,0,00:00:00/357-01:12:33,521) [cifsfileinfoput]
(root,0,0,00:00:00/357-01:12:33,522) [cifsoplockd]
(root,0,0,00:00:00/357-01:12:33,523) [deferredclose]
(root,0,0,02:16:42/357-01:12:33,527) [cifsd]
(root,6608,1904,00:00:57/357-01:12:33,543) /usr/sbin/cron -f
(root,9268,1180,00:04:43/357-01:12:33,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/357-00:50:56,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,0,0,00:00:01/01:18:49,727403) [kworker/0:0-events]
(root,0,0,00:00:01/01:12:39,728148) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/01:09:02,728585) [kworker/0:2-events]
(root,0,0,00:00:01/55:54,730434) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/50:02,731095) [kworker/0:3-deferredclose]
(root,0,0,00:00:00/44:02,731813) [kworker/0:4-cgroup_destroy]
(root,0,0,00:00:00/27:02,733891) [kworker/0:1-deferredclose]
(root,0,0,00:00:00/11:39,735767) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/05:47,736527) [kworker/u480:2-writeback]
(root,17660,11040,00:00:00/00:02,737250) sshd: root@pts/0
(root,17660,11048,00:00:00/00:02,737251) sshd: root@pts/1
(root,18952,10756,00:00:00/00:02,737255) /lib/systemd/systemd --user
(root,169660,2644,00:00:00/00:02,737256) (sd-pam)
(root,3200,1864,00:00:00/00:02,737279) /bin/nc -w 5 miljogiraff-ad 6556
(root,3200,1888,00:00:00/00:02,737280) /bin/nc -w 5 miljogiraff-simapro 6556
(root,7064,3420,00:00:00/00:00,737367) /bin/bash /usr/bin/check_mk_agent
(root,7064,3504,00:00:00/00:00,737408) /bin/bash /usr/bin/check_mk_agent
(root,8088,3980,00:00:00/00:00,737439) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1056,00:00:00/00:00,737440) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,26628,3664,00:00:20/145-13:58:47,1010560) /lib/systemd/systemd-udevd
(root,1798892,19488,01:46:57/145-13:58:46,1010607) /usr/bin/containerd
(root,15540,3776,00:25:51/145-13:58:41,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,172804,125172,02:10:00/145-13:58:40,1010932) /lib/systemd/systemd-journald
(root,2003420,42696,01:52:01/145-13:58:36,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2244,00:00:56/145-13:58:34,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4688,00:36:02/145-13:55:35,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,4456,00:00:01/15-03:15:45,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,6500,00:00:01/15-03:15:45,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,4276,00:00:00/15-03:15:45,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,4400,00:00:01/15-03:15:45,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,3512,00:00:00/15-03:15:44,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,2440,00:00:01/15-03:15:44,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,3428,00:00:01/15-03:15:44,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,3460,00:00:00/15-03:15:44,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,10428,00:09:09/15-03:15:44,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,5772,00:00:00/15-03:15:44,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52048,7160,00:00:12/15-03:15:43,1860880) nginx: worker process
(systemd-timesync,50340,2184,00:00:08/15-03:15:43,1860881) nginx: cache manager process
(root,0,0,00:00:00/313-22:42:39,2399694) [tls-strp]
(root,1236472,8116,01:22:08/75-13:21:38,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,129336,08:38:28/75-13:21:38,2912964) minio server --console-address :9001 /data

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-09-17 21:49

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df983a17cdb

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9120,17:48:54/355-02:53:07,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:08/355-02:53:07,2) [kthreadd]
(root,0,0,00:00:00/355-02:53:07,3) [rcu_gp]
(root,0,0,00:00:00/355-02:53:07,4) [rcu_par_gp]
(root,0,0,00:00:00/355-02:53:07,5) [slub_flushwq]
(root,0,0,00:00:00/355-02:53:07,6) [netns]
(root,0,0,00:00:00/355-02:53:07,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/355-02:53:07,10) [mm_percpu_wq]
(root,0,0,00:00:00/355-02:53:07,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/355-02:53:07,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/355-02:53:07,13) [rcu_tasks_trace_kthread]
(root,0,0,01:54:53/355-02:53:07,14) [ksoftirqd/0]
(root,0,0,01:49:56/355-02:53:07,15) [rcu_preempt]
(root,0,0,00:03:09/355-02:53:07,16) [migration/0]
(root,0,0,00:00:00/355-02:53:07,18) [cpuhp/0]
(root,0,0,00:00:00/355-02:53:07,20) [kdevtmpfs]
(root,0,0,00:00:00/355-02:53:07,21) [inet_frag_wq]
(root,0,0,00:00:00/355-02:53:07,22) [kauditd]
(root,0,0,00:00:12/355-02:53:07,24) [khungtaskd]
(root,0,0,00:00:00/355-02:53:07,26) [oom_reaper]
(root,0,0,00:00:00/355-02:53:07,27) [writeback]
(root,0,0,00:50:39/355-02:53:07,29) [kcompactd0]
(root,0,0,00:00:00/355-02:53:07,30) [ksmd]
(root,0,0,00:06:32/355-02:53:07,31) [khugepaged]
(root,0,0,00:00:00/355-02:53:07,32) [kintegrityd]
(root,0,0,00:00:00/355-02:53:07,33) [kblockd]
(root,0,0,00:00:00/355-02:53:07,34) [blkcg_punt_bio]
(root,0,0,00:00:00/355-02:53:07,35) [tpm_dev_wq]
(root,0,0,00:00:00/355-02:53:07,36) [edac-poller]
(root,0,0,00:00:00/355-02:53:07,37) [devfreq_wq]
(root,0,0,00:20:43/355-02:53:06,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:31/355-02:53:06,39) [kswapd0]
(root,0,0,00:00:00/355-02:53:06,45) [kthrotld]
(root,0,0,00:00:00/355-02:53:06,47) [acpi_thermal_pm]
(root,0,0,00:00:00/355-02:53:06,48) [mld]
(root,0,0,00:00:00/355-02:53:06,49) [ipv6_addrconf]
(root,0,0,00:00:00/355-02:53:06,54) [kstrp]
(root,0,0,00:00:00/355-02:53:06,59) [zswap-shrink]
(root,0,0,00:00:00/355-02:53:06,60) [kworker/u481:0]
(root,0,0,00:00:00/355-02:53:05,120) [hv_vmbus_con]
(root,0,0,00:00:00/355-02:53:05,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/355-02:53:05,122) [hv_pri_chan]
(root,0,0,00:00:00/355-02:53:05,123) [hv_sub_chan]
(root,0,0,00:00:00/355-02:53:05,127) [scsi_eh_0]
(root,0,0,00:00:00/355-02:53:05,128) [scsi_tmf_0]
(root,0,0,00:14:45/355-02:53:04,167) [jbd2/sda2-8]
(root,0,0,00:00:00/355-02:53:04,168) [ext4-rsv-conver]
(root,0,0,00:16:44/355-02:53:02,276) [hv_balloon]
(root,0,0,00:00:00/355-02:53:01,330) [cryptd]
(messagebus,8260,2892,08:55:17/355-02:53:01,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,04:38:00/355-02:53:01,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/355-02:53:00,519) [cifsiod]
(root,0,0,00:00:00/355-02:53:00,520) [smb3decryptd]
(root,0,0,00:00:00/355-02:53:00,521) [cifsfileinfoput]
(root,0,0,00:00:00/355-02:53:00,522) [cifsoplockd]
(root,0,0,00:00:00/355-02:53:00,523) [deferredclose]
(root,0,0,02:15:28/355-02:53:00,527) [cifsd]
(root,6608,1904,00:00:57/355-02:53:00,543) /usr/sbin/cron -f
(root,9268,1192,00:04:43/355-02:53:00,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/355-02:31:24,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,0,0,00:00:01/01:56:56,380063) [kworker/0:5-events]
(root,0,0,00:00:01/01:45:55,381423) [kworker/0:4-events]
(root,0,0,00:00:01/01:05:44,387141) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/54:44,388577) [kworker/0:0-deferredclose]
(root,0,0,00:00:00/29:56,391544) [kworker/0:1-events]
(root,0,0,00:00:00/25:06,392138) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/15:54,393213) [kworker/0:2-deferredclose]
(root,0,0,00:00:00/09:06,394047) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/08:56,394049) [kworker/0:3-cgroup_destroy]
(root,0,0,00:00:00/03:06,394762) [kworker/u480:3-events_unbound]
(root,7064,3380,00:00:00/00:00,395210) /bin/bash /usr/bin/check_mk_agent
(root,8088,3964,00:00:00/00:00,395228) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1076,00:00:00/00:00,395229) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,26628,3664,00:00:20/143-15:39:15,1010560) /lib/systemd/systemd-udevd
(root,1798892,19580,01:45:04/143-15:39:13,1010607) /usr/bin/containerd
(root,15540,3776,00:25:32/143-15:39:09,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,148124,101100,02:08:29/143-15:39:07,1010932) /lib/systemd/systemd-journald
(root,2003420,43588,01:49:42/143-15:39:04,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2260,00:00:55/143-15:39:01,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4700,00:35:37/143-15:36:02,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,4456,00:00:01/13-04:56:12,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,6500,00:00:01/13-04:56:12,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,4276,00:00:00/13-04:56:12,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,4400,00:00:01/13-04:56:12,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,5560,00:00:00/13-04:56:12,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,2440,00:00:01/13-04:56:12,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,3428,00:00:01/13-04:56:12,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,3460,00:00:00/13-04:56:12,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,10536,00:07:59/13-04:56:12,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,5848,00:00:00/13-04:56:12,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52048,7244,00:00:11/13-04:56:11,1860880) nginx: worker process
(systemd-timesync,50340,2192,00:00:07/13-04:56:11,1860881) nginx: cache manager process
(root,0,0,00:00:00/312-00:23:06,2399694) [tls-strp]
(root,1236472,7624,01:19:56/73-15:02:05,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,129672,08:24:23/73-15:02:05,2912964) minio server --console-address :9001 /data

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-09-15 23:29

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df9542d57e2

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9108,17:43:19/353-02:05:10,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:07/353-02:05:10,2) [kthreadd]
(root,0,0,00:00:00/353-02:05:10,3) [rcu_gp]
(root,0,0,00:00:00/353-02:05:10,4) [rcu_par_gp]
(root,0,0,00:00:00/353-02:05:10,5) [slub_flushwq]
(root,0,0,00:00:00/353-02:05:10,6) [netns]
(root,0,0,00:00:00/353-02:05:10,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/353-02:05:10,10) [mm_percpu_wq]
(root,0,0,00:00:00/353-02:05:10,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/353-02:05:10,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/353-02:05:10,13) [rcu_tasks_trace_kthread]
(root,0,0,01:54:18/353-02:05:10,14) [ksoftirqd/0]
(root,0,0,01:49:14/353-02:05:10,15) [rcu_preempt]
(root,0,0,00:03:08/353-02:05:10,16) [migration/0]
(root,0,0,00:00:00/353-02:05:10,18) [cpuhp/0]
(root,0,0,00:00:00/353-02:05:10,20) [kdevtmpfs]
(root,0,0,00:00:00/353-02:05:10,21) [inet_frag_wq]
(root,0,0,00:00:00/353-02:05:10,22) [kauditd]
(root,0,0,00:00:12/353-02:05:10,24) [khungtaskd]
(root,0,0,00:00:00/353-02:05:10,26) [oom_reaper]
(root,0,0,00:00:00/353-02:05:10,27) [writeback]
(root,0,0,00:50:11/353-02:05:10,29) [kcompactd0]
(root,0,0,00:00:00/353-02:05:10,30) [ksmd]
(root,0,0,00:06:28/353-02:05:10,31) [khugepaged]
(root,0,0,00:00:00/353-02:05:10,32) [kintegrityd]
(root,0,0,00:00:00/353-02:05:10,33) [kblockd]
(root,0,0,00:00:00/353-02:05:10,34) [blkcg_punt_bio]
(root,0,0,00:00:00/353-02:05:10,35) [tpm_dev_wq]
(root,0,0,00:00:00/353-02:05:10,36) [edac-poller]
(root,0,0,00:00:00/353-02:05:10,37) [devfreq_wq]
(root,0,0,00:20:37/353-02:05:10,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:31/353-02:05:10,39) [kswapd0]
(root,0,0,00:00:00/353-02:05:10,45) [kthrotld]
(root,0,0,00:00:00/353-02:05:10,47) [acpi_thermal_pm]
(root,0,0,00:00:00/353-02:05:09,48) [mld]
(root,0,0,00:00:00/353-02:05:09,49) [ipv6_addrconf]
(root,0,0,00:00:00/353-02:05:09,54) [kstrp]
(root,0,0,00:00:00/353-02:05:09,59) [zswap-shrink]
(root,0,0,00:00:00/353-02:05:09,60) [kworker/u481:0]
(root,0,0,00:00:00/353-02:05:09,120) [hv_vmbus_con]
(root,0,0,00:00:00/353-02:05:09,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/353-02:05:09,122) [hv_pri_chan]
(root,0,0,00:00:00/353-02:05:09,123) [hv_sub_chan]
(root,0,0,00:00:00/353-02:05:09,127) [scsi_eh_0]
(root,0,0,00:00:00/353-02:05:09,128) [scsi_tmf_0]
(root,0,0,00:14:41/353-02:05:08,167) [jbd2/sda2-8]
(root,0,0,00:00:00/353-02:05:08,168) [ext4-rsv-conver]
(root,0,0,00:16:39/353-02:05:06,276) [hv_balloon]
(root,0,0,00:00:00/353-02:05:05,330) [cryptd]
(messagebus,8260,2892,08:52:27/353-02:05:04,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,04:36:31/353-02:05:04,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/353-02:05:04,519) [cifsiod]
(root,0,0,00:00:00/353-02:05:04,520) [smb3decryptd]
(root,0,0,00:00:00/353-02:05:04,521) [cifsfileinfoput]
(root,0,0,00:00:00/353-02:05:04,522) [cifsoplockd]
(root,0,0,00:00:00/353-02:05:04,523) [deferredclose]
(root,0,0,02:14:11/353-02:05:04,527) [cifsd]
(root,6608,1904,00:00:56/353-02:05:04,543) /usr/sbin/cron -f
(root,9268,1192,00:04:43/353-02:05:04,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/353-01:43:27,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,0,0,00:00:03/03:02:56,5226) [kworker/0:1-cgroup_destroy]
(root,0,0,00:00:01/01:04:56,22792) [kworker/u480:3-events_unbound]
(root,0,0,00:00:01/01:02:56,23073) [kworker/0:3-deferredclose]
(root,0,0,00:00:00/48:56,25007) [kworker/0:4-events]
(root,0,0,00:00:00/18:02,29975) [kworker/u480:0-ext4-rsv-conversion]
(root,0,0,00:00:00/09:32,31282) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/08:56,31385) [kworker/0:0-deferredclose]
(root,0,0,00:00:00/06:48,31724) [kworker/u480:4-writeback]
(root,0,0,00:00:00/01:56,32445) [kworker/0:2-events]
(root,15540,9140,00:00:00/01:16,32569) sshd: [accepted]
(root,7064,3420,00:00:00/00:00,32736) /bin/bash /usr/bin/check_mk_agent
(root,7064,3416,00:00:00/00:00,32757) /bin/bash /usr/bin/check_mk_agent
(root,7064,3372,00:00:00/00:00,32792) /bin/bash /usr/bin/check_mk_agent
(root,8088,3900,00:00:00/00:00,32825) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1096,00:00:00/00:00,32826) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,7064,1724,00:00:00/00:00,32828) /bin/bash /usr/bin/check_mk_agent
(root,26628,3664,00:00:19/141-14:51:18,1010560) /lib/systemd/systemd-udevd
(root,1798892,19732,01:43:06/141-14:51:17,1010607) /usr/bin/containerd
(root,15540,3772,00:25:14/141-14:51:13,1010859) sshd: /usr/sbin/sshd -D [listener] 1 of 10-100 startups
(root,217880,160052,02:06:47/141-14:51:11,1010932) /lib/systemd/systemd-journald
(root,2003420,44528,01:47:15/141-14:51:07,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2264,00:00:54/141-14:51:05,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4464,00:35:10/141-14:48:06,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,4548,00:00:01/11-04:08:16,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,6592,00:00:01/11-04:08:16,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,4368,00:00:00/11-04:08:16,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,4492,00:00:01/11-04:08:16,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,5652,00:00:00/11-04:08:16,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,2532,00:00:01/11-04:08:16,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,3520,00:00:01/11-04:08:15,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,3552,00:00:00/11-04:08:15,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,10532,00:06:45/11-04:08:15,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,5868,00:00:00/11-04:08:15,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52048,7184,00:00:08/11-04:08:14,1860880) nginx: worker process
(systemd-timesync,50340,2192,00:00:06/11-04:08:14,1860881) nginx: cache manager process
(root,0,0,00:00:00/309-23:35:10,2399694) [tls-strp]
(root,1236472,6940,01:17:37/71-14:14:09,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,126268,08:09:34/71-14:14:09,2912964) minio server --console-address :9001 /data

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-09-13 22:41

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df93a94ff3b

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9112,17:35:46/351-02:16:29,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:07/351-02:16:29,2) [kthreadd]
(root,0,0,00:00:00/351-02:16:29,3) [rcu_gp]
(root,0,0,00:00:00/351-02:16:29,4) [rcu_par_gp]
(root,0,0,00:00:00/351-02:16:29,5) [slub_flushwq]
(root,0,0,00:00:00/351-02:16:29,6) [netns]
(root,0,0,00:00:00/351-02:16:29,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/351-02:16:29,10) [mm_percpu_wq]
(root,0,0,00:00:00/351-02:16:29,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/351-02:16:29,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/351-02:16:29,13) [rcu_tasks_trace_kthread]
(root,0,0,01:53:31/351-02:16:29,14) [ksoftirqd/0]
(root,0,0,01:48:21/351-02:16:29,15) [rcu_preempt]
(root,0,0,00:03:07/351-02:16:29,16) [migration/0]
(root,0,0,00:00:00/351-02:16:29,18) [cpuhp/0]
(root,0,0,00:00:00/351-02:16:29,20) [kdevtmpfs]
(root,0,0,00:00:00/351-02:16:29,21) [inet_frag_wq]
(root,0,0,00:00:00/351-02:16:29,22) [kauditd]
(root,0,0,00:00:12/351-02:16:29,24) [khungtaskd]
(root,0,0,00:00:00/351-02:16:29,26) [oom_reaper]
(root,0,0,00:00:00/351-02:16:29,27) [writeback]
(root,0,0,00:49:44/351-02:16:29,29) [kcompactd0]
(root,0,0,00:00:00/351-02:16:29,30) [ksmd]
(root,0,0,00:06:20/351-02:16:29,31) [khugepaged]
(root,0,0,00:00:00/351-02:16:29,32) [kintegrityd]
(root,0,0,00:00:00/351-02:16:29,33) [kblockd]
(root,0,0,00:00:00/351-02:16:29,34) [blkcg_punt_bio]
(root,0,0,00:00:00/351-02:16:29,35) [tpm_dev_wq]
(root,0,0,00:00:00/351-02:16:29,36) [edac-poller]
(root,0,0,00:00:00/351-02:16:29,37) [devfreq_wq]
(root,0,0,00:20:29/351-02:16:29,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:30/351-02:16:29,39) [kswapd0]
(root,0,0,00:00:00/351-02:16:28,45) [kthrotld]
(root,0,0,00:00:00/351-02:16:28,47) [acpi_thermal_pm]
(root,0,0,00:00:00/351-02:16:28,48) [mld]
(root,0,0,00:00:00/351-02:16:28,49) [ipv6_addrconf]
(root,0,0,00:00:00/351-02:16:28,54) [kstrp]
(root,0,0,00:00:00/351-02:16:28,59) [zswap-shrink]
(root,0,0,00:00:00/351-02:16:28,60) [kworker/u481:0]
(root,0,0,00:00:00/351-02:16:27,120) [hv_vmbus_con]
(root,0,0,00:00:00/351-02:16:27,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/351-02:16:27,122) [hv_pri_chan]
(root,0,0,00:00:00/351-02:16:27,123) [hv_sub_chan]
(root,0,0,00:00:00/351-02:16:27,127) [scsi_eh_0]
(root,0,0,00:00:00/351-02:16:27,128) [scsi_tmf_0]
(root,0,0,00:14:36/351-02:16:27,167) [jbd2/sda2-8]
(root,0,0,00:00:00/351-02:16:27,168) [ext4-rsv-conver]
(root,0,0,00:16:33/351-02:16:24,276) [hv_balloon]
(root,0,0,00:00:00/351-02:16:23,330) [cryptd]
(messagebus,8260,2892,08:48:52/351-02:16:23,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,04:34:43/351-02:16:23,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/351-02:16:22,519) [cifsiod]
(root,0,0,00:00:00/351-02:16:22,520) [smb3decryptd]
(root,0,0,00:00:00/351-02:16:22,521) [cifsfileinfoput]
(root,0,0,00:00:00/351-02:16:22,522) [cifsoplockd]
(root,0,0,00:00:00/351-02:16:22,523) [deferredclose]
(root,0,0,02:12:57/351-02:16:22,527) [cifsd]
(root,6608,1904,00:00:56/351-02:16:22,543) /usr/sbin/cron -f
(root,9268,1192,00:04:42/351-02:16:22,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/351-01:54:46,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3664,00:00:19/139-15:02:37,1010560) /lib/systemd/systemd-udevd
(root,1798892,19764,01:41:09/139-15:02:35,1010607) /usr/bin/containerd
(root,15540,3772,00:24:36/139-15:02:31,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,205592,149752,02:04:21/139-15:02:29,1010932) /lib/systemd/systemd-journald
(root,2003420,44616,01:44:51/139-15:02:26,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2264,00:00:53/139-15:02:23,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4480,00:34:29/139-14:59:24,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,4716,00:00:00/9-04:19:34,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,6760,00:00:00/9-04:19:34,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,4536,00:00:00/9-04:19:34,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,4660,00:00:00/9-04:19:34,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,5920,00:00:00/9-04:19:34,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,2700,00:00:00/9-04:19:34,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,3692,00:00:00/9-04:19:34,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,3720,00:00:00/9-04:19:34,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,10620,00:05:32/9-04:19:34,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,5884,00:00:00/9-04:19:34,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52052,7084,00:00:06/9-04:19:33,1860880) nginx: worker process
(systemd-timesync,50340,2192,00:00:05/9-04:19:33,1860881) nginx: cache manager process
(root,0,0,00:00:00/307-23:46:28,2399694) [tls-strp]
(root,1236472,6880,01:15:20/69-14:25:27,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,126948,07:55:03/69-14:25:27,2912964) minio server --console-address :9001 /data
(root,0,0,00:00:02/02:23:36,3769672) [kworker/0:4-cgroup_destroy]
(root,0,0,00:00:01/01:49:40,3774705) [kworker/0:2-cgroup_destroy]
(root,0,0,00:00:01/01:22:15,3778791) [kworker/0:1-events]
(root,0,0,00:00:01/01:14:20,3779968) [kworker/0:3-cgroup_destroy]
(root,0,0,00:00:00/22:18,3787915) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/21:11,3788091) [kworker/u480:4-events_unbound]
(root,0,0,00:00:00/10:52,3789692) [kworker/u480:0-flush-cifs-1]
(root,0,0,00:00:00/04:15,3790645) [kworker/0:0-events]
(root,0,0,00:00:00/03:58,3790670) [kworker/u480:1-events_unbound]
(root,18952,10596,00:00:00/00:14,3791242) /lib/systemd/systemd --user
(root,169660,2640,00:00:00/00:14,3791243) (sd-pam)
(root,7064,3460,00:00:00/00:00,3791358) /bin/bash /usr/bin/check_mk_agent
(root,8088,3952,00:00:00/00:00,3791376) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1056,00:00:00/00:00,3791377) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-09-11 22:52

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df953489656

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9120,17:28:45/349-03:37:35,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:07/349-03:37:35,2) [kthreadd]
(root,0,0,00:00:00/349-03:37:35,3) [rcu_gp]
(root,0,0,00:00:00/349-03:37:35,4) [rcu_par_gp]
(root,0,0,00:00:00/349-03:37:35,5) [slub_flushwq]
(root,0,0,00:00:00/349-03:37:35,6) [netns]
(root,0,0,00:00:00/349-03:37:35,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/349-03:37:35,10) [mm_percpu_wq]
(root,0,0,00:00:00/349-03:37:35,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/349-03:37:35,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/349-03:37:35,13) [rcu_tasks_trace_kthread]
(root,0,0,01:52:47/349-03:37:35,14) [ksoftirqd/0]
(root,0,0,01:47:31/349-03:37:35,15) [rcu_preempt]
(root,0,0,00:03:06/349-03:37:35,16) [migration/0]
(root,0,0,00:00:00/349-03:37:35,18) [cpuhp/0]
(root,0,0,00:00:00/349-03:37:35,20) [kdevtmpfs]
(root,0,0,00:00:00/349-03:37:35,21) [inet_frag_wq]
(root,0,0,00:00:00/349-03:37:35,22) [kauditd]
(root,0,0,00:00:12/349-03:37:35,24) [khungtaskd]
(root,0,0,00:00:00/349-03:37:35,26) [oom_reaper]
(root,0,0,00:00:00/349-03:37:35,27) [writeback]
(root,0,0,00:49:17/349-03:37:35,29) [kcompactd0]
(root,0,0,00:00:00/349-03:37:35,30) [ksmd]
(root,0,0,00:06:13/349-03:37:35,31) [khugepaged]
(root,0,0,00:00:00/349-03:37:35,32) [kintegrityd]
(root,0,0,00:00:00/349-03:37:35,33) [kblockd]
(root,0,0,00:00:00/349-03:37:35,34) [blkcg_punt_bio]
(root,0,0,00:00:00/349-03:37:35,35) [tpm_dev_wq]
(root,0,0,00:00:00/349-03:37:35,36) [edac-poller]
(root,0,0,00:00:00/349-03:37:35,37) [devfreq_wq]
(root,0,0,00:20:21/349-03:37:34,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:30/349-03:37:34,39) [kswapd0]
(root,0,0,00:00:00/349-03:37:34,45) [kthrotld]
(root,0,0,00:00:00/349-03:37:34,47) [acpi_thermal_pm]
(root,0,0,00:00:00/349-03:37:34,48) [mld]
(root,0,0,00:00:00/349-03:37:34,49) [ipv6_addrconf]
(root,0,0,00:00:00/349-03:37:34,54) [kstrp]
(root,0,0,00:00:00/349-03:37:34,59) [zswap-shrink]
(root,0,0,00:00:00/349-03:37:34,60) [kworker/u481:0]
(root,0,0,00:00:00/349-03:37:33,120) [hv_vmbus_con]
(root,0,0,00:00:00/349-03:37:33,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/349-03:37:33,122) [hv_pri_chan]
(root,0,0,00:00:00/349-03:37:33,123) [hv_sub_chan]
(root,0,0,00:00:00/349-03:37:33,127) [scsi_eh_0]
(root,0,0,00:00:00/349-03:37:33,128) [scsi_tmf_0]
(root,0,0,00:14:31/349-03:37:32,167) [jbd2/sda2-8]
(root,0,0,00:00:00/349-03:37:32,168) [ext4-rsv-conver]
(root,0,0,00:16:27/349-03:37:30,276) [hv_balloon]
(root,0,0,00:00:00/349-03:37:29,330) [cryptd]
(messagebus,8260,2892,08:45:31/349-03:37:29,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,04:33:02/349-03:37:29,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/349-03:37:28,519) [cifsiod]
(root,0,0,00:00:00/349-03:37:28,520) [smb3decryptd]
(root,0,0,00:00:00/349-03:37:28,521) [cifsfileinfoput]
(root,0,0,00:00:00/349-03:37:28,522) [cifsoplockd]
(root,0,0,00:00:00/349-03:37:28,523) [deferredclose]
(root,0,0,02:11:43/349-03:37:28,527) [cifsd]
(root,6608,1904,00:00:56/349-03:37:28,543) /usr/sbin/cron -f
(root,9268,1192,00:04:42/349-03:37:28,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/349-03:15:52,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3664,00:00:19/137-16:23:43,1010560) /lib/systemd/systemd-udevd
(root,1798892,19888,01:39:16/137-16:23:41,1010607) /usr/bin/containerd
(root,15540,3776,00:24:01/137-16:23:37,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,226008,173184,02:02:06/137-16:23:35,1010932) /lib/systemd/systemd-journald
(root,2003420,44900,01:42:30/137-16:23:32,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2264,00:00:52/137-16:23:29,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4552,00:33:52/137-16:20:30,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,4716,00:00:00/7-05:40:40,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,6760,00:00:00/7-05:40:40,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,4536,00:00:00/7-05:40:40,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,4732,00:00:00/7-05:40:40,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,6300,00:00:00/7-05:40:40,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,2720,00:00:00/7-05:40:40,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,4080,00:00:00/7-05:40:40,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,4228,00:00:00/7-05:40:40,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,10820,00:04:22/7-05:40:40,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,5884,00:00:00/7-05:40:40,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52048,7156,00:00:05/7-05:40:39,1860880) nginx: worker process
(systemd-timesync,50340,2192,00:00:03/7-05:40:39,1860881) nginx: cache manager process
(root,0,0,00:00:00/306-01:07:34,2399694) [tls-strp]
(root,1236472,6684,01:13:07/67-15:46:33,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155960,127772,07:40:54/67-15:46:33,2912964) minio server --console-address :9001 /data
(root,0,0,00:00:02/02:30:57,3354155) [kworker/0:3-events]
(root,0,0,00:00:02/46:42,3369294) [kworker/u480:1-events_unbound]
(root,0,0,00:00:00/40:57,3370128) [kworker/0:4-deferredclose]
(root,0,0,00:00:00/30:57,3371504) [kworker/0:5-deferredclose]
(root,0,0,00:00:01/27:25,3371963) [kworker/u480:3-events_unbound]
(root,0,0,00:00:00/24:42,3372351) [kworker/0:0-cgroup_destroy]
(root,0,0,00:00:00/06:20,3374909) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/01:20,3375592) [kworker/u480:2-writeback]
(root,0,0,00:00:00/00:57,3375679) [kworker/0:1-cgroup_destroy]
(root,0,0,00:00:00/00:57,3375680) [kworker/0:2]
(root,7064,3396,00:00:00/00:00,3375806) /bin/bash /usr/bin/check_mk_agent
(root,7064,3392,00:00:00/00:00,3375845) /bin/bash /usr/bin/check_mk_agent
(root,6940,3164,00:00:00/00:00,3375876) pgrep crmd
(root,8088,3892,00:00:00/00:00,3375877) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1044,00:00:00/00:00,3375878) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-09-10 00:13

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb32628cb0513c648bb7e17a52f2d05df993ec5be3

      Found public CheckMk agent:
Version: 1.2.8p20
AgentOS: linux
Hostname: proxy
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,168920,9120,17:27:20/348-18:27:07,1) /lib/systemd/systemd --system --deserialize=36
(root,0,0,00:00:07/348-18:27:07,2) [kthreadd]
(root,0,0,00:00:00/348-18:27:07,3) [rcu_gp]
(root,0,0,00:00:00/348-18:27:07,4) [rcu_par_gp]
(root,0,0,00:00:00/348-18:27:07,5) [slub_flushwq]
(root,0,0,00:00:00/348-18:27:07,6) [netns]
(root,0,0,00:00:00/348-18:27:07,8) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/348-18:27:07,10) [mm_percpu_wq]
(root,0,0,00:00:00/348-18:27:07,11) [rcu_tasks_kthread]
(root,0,0,00:00:00/348-18:27:07,12) [rcu_tasks_rude_kthread]
(root,0,0,00:00:00/348-18:27:07,13) [rcu_tasks_trace_kthread]
(root,0,0,01:52:39/348-18:27:07,14) [ksoftirqd/0]
(root,0,0,01:47:23/348-18:27:07,15) [rcu_preempt]
(root,0,0,00:03:06/348-18:27:07,16) [migration/0]
(root,0,0,00:00:00/348-18:27:07,18) [cpuhp/0]
(root,0,0,00:00:00/348-18:27:07,20) [kdevtmpfs]
(root,0,0,00:00:00/348-18:27:07,21) [inet_frag_wq]
(root,0,0,00:00:00/348-18:27:07,22) [kauditd]
(root,0,0,00:00:11/348-18:27:07,24) [khungtaskd]
(root,0,0,00:00:00/348-18:27:07,26) [oom_reaper]
(root,0,0,00:00:00/348-18:27:07,27) [writeback]
(root,0,0,00:49:12/348-18:27:07,29) [kcompactd0]
(root,0,0,00:00:00/348-18:27:07,30) [ksmd]
(root,0,0,00:06:13/348-18:27:07,31) [khugepaged]
(root,0,0,00:00:00/348-18:27:07,32) [kintegrityd]
(root,0,0,00:00:00/348-18:27:07,33) [kblockd]
(root,0,0,00:00:00/348-18:27:07,34) [blkcg_punt_bio]
(root,0,0,00:00:00/348-18:27:07,35) [tpm_dev_wq]
(root,0,0,00:00:00/348-18:27:07,36) [edac-poller]
(root,0,0,00:00:00/348-18:27:07,37) [devfreq_wq]
(root,0,0,00:20:20/348-18:27:06,38) [kworker/0:1H-kblockd]
(root,0,0,00:02:30/348-18:27:06,39) [kswapd0]
(root,0,0,00:00:00/348-18:27:06,45) [kthrotld]
(root,0,0,00:00:00/348-18:27:06,47) [acpi_thermal_pm]
(root,0,0,00:00:00/348-18:27:06,48) [mld]
(root,0,0,00:00:00/348-18:27:06,49) [ipv6_addrconf]
(root,0,0,00:00:00/348-18:27:06,54) [kstrp]
(root,0,0,00:00:00/348-18:27:06,59) [zswap-shrink]
(root,0,0,00:00:00/348-18:27:06,60) [kworker/u481:0]
(root,0,0,00:00:00/348-18:27:05,120) [hv_vmbus_con]
(root,0,0,00:00:00/348-18:27:05,121) [hv_vmbus_rescin]
(root,0,0,00:00:00/348-18:27:05,122) [hv_pri_chan]
(root,0,0,00:00:00/348-18:27:05,123) [hv_sub_chan]
(root,0,0,00:00:00/348-18:27:05,127) [scsi_eh_0]
(root,0,0,00:00:00/348-18:27:05,128) [scsi_tmf_0]
(root,0,0,00:14:30/348-18:27:04,167) [jbd2/sda2-8]
(root,0,0,00:00:00/348-18:27:04,168) [ext4-rsv-conver]
(root,0,0,00:16:26/348-18:27:02,276) [hv_balloon]
(root,0,0,00:00:00/348-18:27:01,330) [cryptd]
(messagebus,8260,2892,08:44:50/348-18:27:01,469) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,17004,3448,04:32:42/348-18:27:01,476) /lib/systemd/systemd-logind
(root,0,0,00:00:00/348-18:27:00,519) [cifsiod]
(root,0,0,00:00:00/348-18:27:00,520) [smb3decryptd]
(root,0,0,00:00:00/348-18:27:00,521) [cifsfileinfoput]
(root,0,0,00:00:00/348-18:27:00,522) [cifsoplockd]
(root,0,0,00:00:00/348-18:27:00,523) [deferredclose]
(root,0,0,02:11:29/348-18:27:00,527) [cifsd]
(root,6608,1904,00:00:56/348-18:27:00,543) /usr/sbin/cron -f
(root,9268,1192,00:04:42/348-18:27:00,558) /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth1
(root,5872,164,00:00:00/348-18:05:24,2798) /sbin/agetty -o -p -- \u --noclear - linux
(root,26628,3680,00:00:19/137-07:13:15,1010560) /lib/systemd/systemd-udevd
(root,1798892,20024,01:38:53/137-07:13:13,1010607) /usr/bin/containerd
(root,15540,3776,00:23:57/137-07:13:09,1010859) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(root,246524,188496,02:01:42/137-07:13:07,1010932) /lib/systemd/systemd-journald
(root,2003420,44900,01:42:03/137-07:13:04,1011108) /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
(systemd-timesync,90056,2268,00:00:52/137-07:13:01,1011355) /lib/systemd/systemd-timesyncd
(root,221776,4564,00:33:44/137-07:10:02,1015597) /usr/sbin/rsyslogd -n -iNONE
(root,1671564,4716,00:00:00/6-20:30:12,1860717) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,6760,00:00:00/6-20:30:12,1860723) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9001 -container-ip 172.18.0.2 -container-port 9001
(root,1671564,4536,00:00:00/6-20:30:12,1860745) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1671564,6780,00:00:00/6-20:30:12,1860750) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 9000 -container-ip 172.18.0.2 -container-port 9000
(root,1597832,6300,00:00:00/6-20:30:12,1860771) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1671564,2720,00:00:00/6-20:30:12,1860775) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.18.0.2 -container-port 443
(root,1597832,4080,00:00:00/6-20:30:12,1860792) /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1597832,4228,00:00:00/6-20:30:12,1860796) /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 80
(root,1236472,10936,00:04:08/6-20:30:12,1860813) /usr/bin/containerd-shim-runc-v2 -namespace moby -id 0d7dae810178d26f915c561d0efb23da01b9279ec2e2a8beb1bbbf4778b1dac9 -address /run/containerd/containerd.sock
(root,50036,5884,00:00:00/6-20:30:12,1860833) nginx: master process nginx -g daemon off;
(systemd-timesync,52048,7080,00:00:05/6-20:30:11,1860880) nginx: worker process
(systemd-timesync,50340,2192,00:00:03/6-20:30:11,1860881) nginx: cache manager process
(root,0,0,00:00:00/305-15:57:06,2399694) [tls-strp]
(root,1236472,7032,01:12:41/67-06:36:05,2912909) /usr/bin/containerd-shim-runc-v2 -namespace moby -id aae076912294ab94cbebb74df3eca2f5dcc0edcdc7071246939e19d5964483de -address /run/containerd/containerd.sock
(root,1155704,127688,07:38:07/67-06:36:05,2912964) minio server --console-address :9001 /data
(root,0,0,00:00:06/06:55:14,3238403) [kworker/0:4-cgroup_destroy]
(root,0,0,00:00:03/04:23:52,3260336) [kworker/0:0-deferredclose]
(root,0,0,00:00:01/01:23:01,3286602) [kworker/0:3-deferredclose]
(root,0,0,00:00:01/01:19:41,3287058) [kworker/u480:4-events_unbound]
(root,0,0,00:00:00/30:52,3293918) [kworker/0:1-deferredclose]
(root,0,0,00:00:00/25:14,3294706) [kworker/0:2-events]
(root,0,0,00:00:00/24:52,3294757) [kworker/u480:2-events_unbound]
(root,0,0,00:00:00/05:30,3297447) [kworker/u480:0-events_unbound]
(root,0,0,00:00:00/01:01,3298045) [kworker/0:5]
(root,18952,10692,00:00:00/00:14,3298158) /lib/systemd/systemd --user
(root,169660,2648,00:00:00/00:14,3298159) (sd-pam)
(root,0,0,00:00:00/00:00,3298276) [kworker/u480:1]
(root,7064,3356,00:00:00/00:00,3298278) /bin/bash /usr/bin/check_mk_agent
(root,8088,3944,00:00:00/00:00,3298296) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,3404,1052,00:00:00/00:00,3298297) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:05 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:01:91:07 brd ff:ff:ff:ff:ff:ff
4: br-4ef93377daf7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:e3:03:52:ef brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:11:eb:ee:3c brd ff:ff:ff:ff:ff:ff
31: veth79e12d4@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether c6:38:ba:75:2c:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
35: vethff12e0b@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ef93377daf7 state UP mode DEFAULT group default 
    link/ether 9e:79:16:00:8c:3f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[end_iplink]
      Found on 2024-09-09 15:03
    Create report
  • SSH is potenitally vulnerable
    IP: 185.35.236.247
    Port: 22
    First seen 2024-07-03 20:07
    Last seen 2024-11-17 23:53
    Open for 137 days
    Create report
Domain summary
No record

© 2024 LeakIX
About LeakIX - Credits - Take-down and blacklist requests - Security issues - Terms and conditions - Cookie policy - Legal notice