Host 191.234.187.136
Brazil
MICROSOFT-CORP-MSN-AS-BLOCK
  • CheckMK monitoring endpoint publicly available
    IP: 191.234.187.136
    Port: 6556
    First seen 2022-09-14 19:41
    Last seen 2024-12-22 00:59
    Open for 829 days

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392bff77930

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28644,3960,01:44:23,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,3-00:27:51,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,1-00:15:27,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:19,9) [migration/0]
(root,0,0,00:11:12,10) [watchdog/0]
(root,0,0,00:06:20,11) [watchdog/1]
(root,0,0,00:01:09,12) [migration/1]
(root,0,0,2-12:25:20,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:07,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:56,120) [kworker/1:1H]
(root,0,0,00:08:23,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,550292,525128,00:52:43,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:08:09,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:37,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:01:10,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:04:02,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:20:17,362) /usr/sbin/nscd
(ntp,27072,2532,00:13:31,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:46:10,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:45:16,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:36:41,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:34:57,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:35:52,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2968,00:15:55,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:04:38,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,185012,22932,00:13:03,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:07,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:31:50,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:03:03,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:04:01,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:31:03,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,490172,75052,00:05:27,3029) /usr/sbin/rsyslogd -n
(root,20324,2800,00:00:46,3269) /opt/omi/bin/omiserver -d
(omi,20316,3132,00:01:14,3271) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8752,00:07:55,3333) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,315988,66844,00:21:22,3649) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7760,00:00:44,3703) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217948,21260,00:00:21,3721) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,0,0,00:00:00,3959) [kworker/u4:2]
(root,0,0,00:00:16,6900) [kworker/1:2]
(www-data,1393480,22164,00:00:36,6902) /usr/sbin/apache2 -k start
(www-data,1393640,22444,00:00:39,6903) /usr/sbin/apache2 -k start
(root,0,0,00:00:34,6959) [kworker/0:0]
(omsagent,18000,1868,00:00:00,9752) sh -c ((which python2 > /dev/null 2>&1 && python2 /opt/microsoft/omsconfig/Scripts/PerformInventory.py --InMOF /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof --OutXML /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml > /dev/null) || (which python3 > /dev/null 2>&1 && python3 /opt/microsoft/omsconfig/Scripts/python3/PerformInventory.py --InMOF /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof --OutXML /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml > /dev/null)) && cat /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml
(omsagent,18000,232,00:00:00,9753) sh -c ((which python2 > /dev/null 2>&1 && python2 /opt/microsoft/omsconfig/Scripts/PerformInventory.py --InMOF /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof --OutXML /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml > /dev/null) || (which python3 > /dev/null 2>&1 && python3 /opt/microsoft/omsconfig/Scripts/python3/PerformInventory.py --InMOF /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof --OutXML /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml > /dev/null)) && cat /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml
(omsagent,36676,10324,00:00:00,9754) python2 /opt/microsoft/omsconfig/Scripts/PerformInventory.py --InMOF /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof --OutXML /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml
(omsagent,112272,11232,00:00:00,9758) /opt/dsc/bin/dsc_host /opt/dsc/output PerformInventoryOOB /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof
(omsagent,68944,18252,00:00:00,9778) python2 /opt/microsoft/omsconfig/Scripts/client.py 10
(omsagent,0,0,00:00:00,9779) [sh] <defunct>
(omsagent,0,0,00:00:00,9781) [sh] <defunct>
(omsagent,18000,1732,00:00:00,9788) /bin/sh -c sudo /opt/microsoft/omsconfig/Scripts/OMSAptUpdates.sh
(root,53812,3388,00:00:00,9789) sudo /opt/microsoft/omsconfig/Scripts/OMSAptUpdates.sh
(root,11620,2272,00:00:00,9790) /bin/bash /opt/microsoft/omsconfig/Scripts/OMSAptUpdates.sh
(root,29228,4884,00:00:00,9791) apt-get -q update
(root,33136,4416,00:00:00,9795) /usr/lib/apt/methods/http
(root,164724,11852,00:00:00,9796) /usr/lib/apt/methods/https
(root,164856,12876,00:00:00,9797) /usr/lib/apt/methods/https
(root,33136,4460,00:00:00,9798) /usr/lib/apt/methods/http
(root,33136,4340,00:00:00,9799) /usr/lib/apt/methods/http
(root,33136,4492,00:00:00,9800) /usr/lib/apt/methods/http
(root,26688,3944,00:00:00,9804) /usr/lib/apt/methods/gpgv
(root,26680,3936,00:00:00,9814) /usr/lib/apt/methods/gzip
(root,26676,3852,00:00:00,9816) /usr/lib/apt/methods/copy
(omsagent,33604,8260,00:00:00,9896) /usr/bin/python /opt/microsoft/omsconfig/Scripts/TestDscConfiguration.py
(root,11680,2684,00:00:00,10348) /bin/bash /usr/bin/check_mk_agent
(root,9092,812,00:00:00,10367) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1548,00:00:00,10368) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,48912,1832,00:10:54,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,0,0,00:00:46,26272) [kworker/u4:0]
(root,372476,24492,05:08:29,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
(root,0,0,00:00:00,32311) [kworker/0:1]
(root,0,0,00:00:48,32327) [kworker/1:0]
      Found on 2024-12-22 00:59

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c57143926524c68a

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28588,3952,01:41:49,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-23:42:31,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,1-00:00:12,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:18,9) [migration/0]
(root,0,0,00:11:06,10) [watchdog/0]
(root,0,0,00:06:16,11) [watchdog/1]
(root,0,0,00:01:08,12) [migration/1]
(root,0,0,2-11:43:48,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:07,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:54,120) [kworker/1:1H]
(root,0,0,00:08:17,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,543824,516572,00:52:01,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:08:03,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:36,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:01:09,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:03:58,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:20:01,362) /usr/sbin/nscd
(ntp,27072,2532,00:13:22,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:45:26,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:44:44,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:36:15,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:34:32,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:35:27,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2968,00:15:44,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:04:35,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,184924,22848,00:12:54,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:07,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:31:48,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:03:01,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:03:59,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:31:00,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,0,0,00:00:00,2984) [kworker/0:0]
(root,490172,72400,00:03:48,3029) /usr/sbin/rsyslogd -n
(root,20324,2800,00:00:32,3269) /opt/omi/bin/omiserver -d
(omi,20316,3132,00:00:51,3271) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8740,00:05:29,3333) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,315988,65892,00:14:57,3649) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7760,00:00:31,3703) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217948,21260,00:00:14,3721) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,0,0,00:00:00,3959) [kworker/u4:2]
(root,0,0,00:00:00,5527) [kworker/1:1]
(root,0,0,00:00:24,5533) [kworker/0:2]
(www-data,1393860,22464,00:00:45,10794) /usr/sbin/apache2 -k start
(www-data,1394036,22976,00:00:51,10865) /usr/sbin/apache2 -k start
(root,0,0,00:03:09,11489) [kworker/1:0]
(root,48912,1832,00:10:42,20859) /usr/sbin/sshd -D
(omsagent,18000,1660,00:00:00,21093) sh -c ((which python2 > /dev/null 2>&1 && python2 /opt/microsoft/omsconfig/Scripts/PerformInventory.py --InMOF /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof --OutXML /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml > /dev/null) || (which python3 > /dev/null 2>&1 && python3 /opt/microsoft/omsconfig/Scripts/python3/PerformInventory.py --InMOF /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof --OutXML /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml > /dev/null)) && cat /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml
(omsagent,18000,236,00:00:00,21094) sh -c ((which python2 > /dev/null 2>&1 && python2 /opt/microsoft/omsconfig/Scripts/PerformInventory.py --InMOF /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof --OutXML /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml > /dev/null) || (which python3 > /dev/null 2>&1 && python3 /opt/microsoft/omsconfig/Scripts/python3/PerformInventory.py --InMOF /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof --OutXML /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml > /dev/null)) && cat /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml
(omsagent,36676,10352,00:00:00,21095) python2 /opt/microsoft/omsconfig/Scripts/PerformInventory.py --InMOF /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof --OutXML /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml
(omsagent,112272,11260,00:00:00,21099) /opt/dsc/bin/dsc_host /opt/dsc/output PerformInventoryOOB /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof
(omsagent,68944,18160,00:00:00,21119) python2 /opt/microsoft/omsconfig/Scripts/client.py 10
(omsagent,0,0,00:00:00,21120) [sh] <defunct>
(omsagent,0,0,00:00:00,21122) [sh] <defunct>
(omsagent,18000,1648,00:00:00,21129) /bin/sh -c sudo /opt/microsoft/omsconfig/Scripts/OMSAptUpdates.sh
(root,53812,3392,00:00:00,21130) sudo /opt/microsoft/omsconfig/Scripts/OMSAptUpdates.sh
(root,11620,2328,00:00:00,21132) /bin/bash /opt/microsoft/omsconfig/Scripts/OMSAptUpdates.sh
(root,29228,4728,00:00:00,21133) apt-get -q update
(root,33136,4440,00:00:00,21137) /usr/lib/apt/methods/http
(root,164724,11952,00:00:00,21138) /usr/lib/apt/methods/https
(root,164856,12908,00:00:00,21139) /usr/lib/apt/methods/https
(root,33136,4488,00:00:00,21140) /usr/lib/apt/methods/http
(root,33136,4340,00:00:00,21141) /usr/lib/apt/methods/http
(root,33136,4468,00:00:00,21142) /usr/lib/apt/methods/http
(root,26688,3948,00:00:00,21146) /usr/lib/apt/methods/gpgv
(root,26680,3820,00:00:00,21157) /usr/lib/apt/methods/gzip
(omsagent,33604,8296,00:00:00,21211) /usr/bin/python /opt/microsoft/omsconfig/Scripts/TestDscConfiguration.py
(root,26676,3772,00:00:00,21382) /usr/lib/apt/methods/copy
(root,51008,5244,00:00:00,21721) sshd: [accepted]    
(sshd,51008,3080,00:00:00,21726) sshd: [net]         
(root,11684,2612,00:00:00,21837) /bin/bash /usr/bin/check_mk_agent
(root,9092,816,00:00:00,21856) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1560,00:00:00,21857) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,0,0,00:00:42,26272) [kworker/u4:0]
(root,372476,24476,04:59:47,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
      Found on 2024-12-20 00:32

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392629af61b

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28588,3952,01:39:19,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-22:42:18,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,23:37:32,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:17,9) [migration/0]
(root,0,0,00:10:57,10) [watchdog/0]
(root,0,0,00:06:11,11) [watchdog/1]
(root,0,0,00:01:07,12) [migration/1]
(root,0,0,2-10:47:51,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:07,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:52,120) [kworker/1:1H]
(root,0,0,00:08:11,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,537220,506972,00:51:15,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:07:57,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:36,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:01:08,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:03:55,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:19:44,362) /usr/sbin/nscd
(ntp,27072,2532,00:13:13,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:44:42,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:44:13,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:35:51,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:34:09,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:35:03,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2968,00:15:33,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:04:32,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,184840,22764,00:12:45,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:07,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:31:46,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:02:59,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:03:56,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:30:58,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,90580,6160,00:00:00,1871) sshd: unknown [priv]
(sshd,51008,3112,00:00:00,1872) sshd: unknown [net] 
(root,11684,2664,00:00:00,1975) /bin/bash /usr/bin/check_mk_agent
(root,9092,856,00:00:00,1994) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1468,00:00:00,1995) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,490172,50116,00:02:07,3029) /usr/sbin/rsyslogd -n
(root,20324,2800,00:00:18,3269) /opt/omi/bin/omiserver -d
(omi,20316,3132,00:00:29,3271) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8736,00:03:05,3333) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,315988,65748,00:08:25,3649) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7760,00:00:17,3703) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217948,21260,00:00:08,3721) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,0,0,00:00:00,3959) [kworker/u4:2]
(root,0,0,00:00:01,9400) [kworker/1:2]
(root,0,0,00:00:46,11647) [kworker/0:2]
(root,0,0,00:01:13,11660) [kworker/1:0]
(root,0,0,00:00:00,14409) [kworker/0:1]
(www-data,1394016,23016,00:00:49,16593) /usr/sbin/apache2 -k start
(www-data,1393984,22940,00:00:54,16689) /usr/sbin/apache2 -k start
(root,48912,1832,00:10:29,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,0,0,00:00:39,26272) [kworker/u4:0]
(root,372476,24472,04:51:15,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
      Found on 2024-12-18 01:39

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392249bfe20

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28588,3952,01:36:40,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-21:40:39,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,23:14:56,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:17,9) [migration/0]
(root,0,0,00:10:48,10) [watchdog/0]
(root,0,0,00:06:05,11) [watchdog/1]
(root,0,0,00:01:06,12) [migration/1]
(root,0,0,2-09:49:52,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:07,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:49,120) [kworker/1:1H]
(root,0,0,00:08:05,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,537220,505132,00:50:30,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:07:50,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:36,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:01:07,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:03:52,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:19:26,362) /usr/sbin/nscd
(ntp,27072,2532,00:13:02,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:43:54,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:43:39,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:35:25,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:33:44,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:34:38,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2968,00:15:21,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:04:29,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,184756,22676,00:12:35,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:06,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:31:43,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:02:56,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:03:53,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:30:55,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,0,0,00:00:01,1385) [kworker/1:1]
(root,90808,6136,00:00:00,1398) sshd: unknown [priv]
(sshd,51008,3164,00:00:00,1399) sshd: unknown [net] 
(root,11684,2612,00:00:00,1517) /bin/bash /usr/bin/check_mk_agent
(root,9092,816,00:00:00,1536) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1548,00:00:00,1537) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:44,3016) [kworker/1:2]
(root,416440,9080,00:00:21,3029) /usr/sbin/rsyslogd -n
(root,0,0,00:00:00,3266) [kworker/0:1]
(root,20324,2800,00:00:03,3269) /opt/omi/bin/omiserver -d
(omi,20316,3132,00:00:05,3271) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8716,00:00:32,3333) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,307796,56532,00:01:26,3649) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7760,00:00:03,3703) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217948,21248,00:00:01,3721) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,0,0,00:00:00,3959) [kworker/u4:2]
(www-data,1393052,21460,00:00:30,11017) /usr/sbin/apache2 -k start
(www-data,1393132,22000,00:00:32,11019) /usr/sbin/apache2 -k start
(root,0,0,00:00:22,11020) [kworker/0:0]
(root,48912,1832,00:10:16,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,0,0,00:00:35,26272) [kworker/u4:0]
(root,372476,24472,04:42:06,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
      Found on 2024-12-15 23:20

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392fee264d1

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28592,3956,01:34:08,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-20:46:49,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,22:56:28,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:16,9) [migration/0]
(root,0,0,00:10:40,10) [watchdog/0]
(root,0,0,00:06:00,11) [watchdog/1]
(root,0,0,00:01:05,12) [migration/1]
(root,0,0,2-08:57:22,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:07,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:47,120) [kworker/1:1H]
(root,0,0,00:07:59,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,523668,495612,00:49:54,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:07:44,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:35,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:01:06,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:03:48,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:19:12,362) /usr/sbin/nscd
(ntp,27072,2532,00:12:52,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:43:09,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:43:07,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:34:59,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:33:19,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:34:12,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2968,00:15:09,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:04:26,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,184668,22592,00:12:26,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:06,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:31:41,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:02:54,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:03:50,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:30:52,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,0,0,00:01:53,6382) [kworker/1:1]
(root,90580,6072,00:00:00,19842) sshd: unknown [priv]
(sshd,51008,3220,00:00:00,19843) sshd: unknown [net] 
(root,11684,2660,00:00:00,19944) /bin/bash /usr/bin/check_mk_agent
(root,0,0,00:00:01,19962) [kworker/0:2]
(root,9092,832,00:00:00,19964) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1480,00:00:00,19965) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,48912,1832,00:10:07,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,0,0,00:00:42,22379) [kworker/1:2]
(root,0,0,00:00:19,22384) [kworker/0:1]
(root,0,0,00:00:32,26272) [kworker/u4:0]
(www-data,1393560,22336,00:00:39,27918) /usr/sbin/apache2 -k start
(www-data,1393712,22728,00:00:44,27919) /usr/sbin/apache2 -k start
(root,372476,24464,04:33:22,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
(root,490172,30708,00:04:27,30400) /usr/sbin/rsyslogd -n
(root,0,0,00:01:04,30438) [kworker/u4:1]
(root,20324,2596,00:00:39,30642) /opt/omi/bin/omiserver -d
(omi,20316,3196,00:01:00,30644) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8676,00:06:31,30702) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,322132,66984,00:17:35,31068) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7764,00:00:39,31129) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217940,21240,00:00:17,31130) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
      Found on 2024-12-13 22:58

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392668686d0

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28604,3960,01:31:39,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-19:51:04,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,22:37:27,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:15,9) [migration/0]
(root,0,0,00:10:32,10) [watchdog/0]
(root,0,0,00:05:54,11) [watchdog/1]
(root,0,0,00:01:05,12) [migration/1]
(root,0,0,2-08:03:05,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:07,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:45,120) [kworker/1:1H]
(root,0,0,00:07:53,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,520236,493028,00:49:29,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:07:39,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:35,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:01:05,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:03:45,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:19:00,362) /usr/sbin/nscd
(ntp,27072,2532,00:12:43,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:42:22,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:42:35,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:34:33,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:32:54,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:33:47,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2968,00:14:58,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:04:23,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,184584,22504,00:12:17,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:06,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:31:39,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:02:52,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:03:47,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:30:50,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,0,0,00:00:01,15861) [kworker/1:1]
(root,0,0,00:00:00,18739) [kworker/0:1]
(root,0,0,00:00:53,18743) [kworker/1:2]
(root,48912,1832,00:10:00,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(www-data,1393408,22420,00:00:44,24183) /usr/sbin/apache2 -k start
(www-data,1393676,22776,00:00:50,24184) /usr/sbin/apache2 -k start
(root,11684,2664,00:00:00,24473) /bin/bash /usr/bin/check_mk_agent
(root,9092,808,00:00:00,24492) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1500,00:00:00,24493) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:28,26272) [kworker/u4:0]
(root,372476,24464,04:24:42,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
(root,490172,27396,00:02:50,30400) /usr/sbin/rsyslogd -n
(root,0,0,00:01:04,30438) [kworker/u4:1]
(root,20324,2596,00:00:24,30642) /opt/omi/bin/omiserver -d
(omi,20316,3196,00:00:38,30644) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8676,00:04:08,30702) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,320084,65676,00:11:12,31068) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7764,00:00:25,31129) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217940,21240,00:00:11,31130) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,0,0,00:01:14,32521) [kworker/0:2]
      Found on 2024-12-11 23:23

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c57143922019353e

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28592,3956,01:29:09,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-18:55:33,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,22:18:08,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:14,9) [migration/0]
(root,0,0,00:10:24,10) [watchdog/0]
(root,0,0,00:05:49,11) [watchdog/1]
(root,0,0,00:01:04,12) [migration/1]
(root,0,0,2-07:08:48,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:07,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:43,120) [kworker/1:1H]
(root,0,0,00:07:47,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,520236,491036,00:48:57,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:07:33,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:34,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:01:04,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:03:42,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:18:47,362) /usr/sbin/nscd
(ntp,27072,2532,00:12:33,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:41:35,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:42:04,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:34:07,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:32:29,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:33:22,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2968,00:14:47,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:04:20,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,184496,22420,00:12:07,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:06,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:31:36,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:02:50,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:03:44,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:30:47,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,0,0,00:00:00,14638) [kworker/0:2]
(root,0,0,00:00:21,16571) [kworker/0:1]
(root,0,0,00:00:49,16574) [kworker/1:1]
(root,86408,6068,00:00:00,17707) sshd: unknown [priv]
(sshd,51008,3240,00:00:00,17709) sshd: unknown [net] 
(root,11684,2608,00:00:00,17804) /bin/bash /usr/bin/check_mk_agent
(root,9092,848,00:00:00,17823) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1468,00:00:00,17824) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,48912,1832,00:09:51,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(www-data,1393464,22264,00:00:45,22344) /usr/sbin/apache2 -k start
(www-data,1393396,22252,00:00:51,22346) /usr/sbin/apache2 -k start
(root,0,0,00:00:25,26272) [kworker/u4:0]
(root,0,0,00:01:47,28813) [kworker/1:2]
(root,372476,24460,04:16:02,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
(root,416440,30920,00:01:09,30400) /usr/sbin/rsyslogd -n
(root,0,0,00:01:04,30438) [kworker/u4:1]
(root,20324,2596,00:00:10,30642) /opt/omi/bin/omiserver -d
(omi,20316,3196,00:00:16,30644) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8680,00:01:45,30702) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,320084,65792,00:04:44,31068) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7764,00:00:10,31129) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217940,21228,00:00:04,31130) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
      Found on 2024-12-09 23:44

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c571439207e88198

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28620,3984,01:26:37,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-18:01:16,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,21:59:07,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:13,9) [migration/0]
(root,0,0,00:10:15,10) [watchdog/0]
(root,0,0,00:05:44,11) [watchdog/1]
(root,0,0,00:01:03,12) [migration/1]
(root,0,0,2-06:16:17,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:07,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:41,120) [kworker/1:1H]
(root,0,0,00:07:41,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,510488,479820,00:48:29,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:07:26,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:34,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:01:02,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:03:39,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:18:34,362) /usr/sbin/nscd
(ntp,27072,2532,00:12:24,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:40:48,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:41:32,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:33:40,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:32:04,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:32:56,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2968,00:14:36,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:04:17,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,184412,22336,00:11:58,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:06,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:31:34,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:02:48,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:03:41,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:30:44,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,0,0,00:00:01,12316) [kworker/0:1]
(root,0,0,00:00:48,15261) [kworker/1:2]
(root,0,0,00:00:21,15266) [kworker/0:2]
(root,90804,6308,00:00:00,15965) sshd: unknown [priv]
(sshd,51008,3244,00:00:00,15966) sshd: unknown [net] 
(root,90580,5996,00:00:00,16099) sshd: unknown [priv]
(sshd,51008,3076,00:00:00,16100) sshd: unknown [net] 
(root,11684,2688,00:00:00,16201) /bin/bash /usr/bin/check_mk_agent
(root,9092,808,00:00:00,16220) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1552,00:00:00,16221) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:02:59,16760) [kworker/1:0]
(www-data,1392904,21720,00:00:33,17786) /usr/sbin/apache2 -k start
(www-data,1392852,21744,00:00:35,17788) /usr/sbin/apache2 -k start
(root,490172,72436,00:05:17,18566) /usr/sbin/rsyslogd -n
(root,20324,2736,00:00:45,18809) /opt/omi/bin/omiserver -d
(omi,20316,3164,00:01:12,18811) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8816,00:07:51,18880) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,317008,66744,00:23:07,19205) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7668,00:00:44,19259) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217944,21128,00:00:20,19291) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,48912,1832,00:09:43,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,0,0,00:00:22,26272) [kworker/u4:0]
(root,372476,24448,04:07:17,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
(root,0,0,00:01:04,30438) [kworker/u4:1]
      Found on 2024-12-07 23:25

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392e2259004

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28620,3984,01:24:05,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-17:03:55,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,21:38:18,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:12,9) [migration/0]
(root,0,0,00:10:07,10) [watchdog/0]
(root,0,0,00:05:39,11) [watchdog/1]
(root,0,0,00:01:02,12) [migration/1]
(root,0,0,2-05:20:33,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:07,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:38,120) [kworker/1:1H]
(root,0,0,00:07:35,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,502956,474988,00:47:40,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:07:21,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:33,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:01:02,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:03:35,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:18:17,362) /usr/sbin/nscd
(ntp,27072,2532,00:12:14,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:40:02,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:41:00,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:33:15,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:31:39,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:32:31,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2968,00:14:24,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:04:14,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,184328,22248,00:11:49,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:06,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:31:32,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:02:45,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:03:39,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:30:42,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,0,0,00:00:00,910) [kworker/1:2]
(root,0,0,00:00:20,916) [kworker/0:0]
(root,90580,5968,00:00:00,997) sshd: unknown [priv]
(sshd,51008,3136,00:00:00,998) sshd: unknown [net] 
(root,11680,2620,00:00:00,1097) /bin/bash /usr/bin/check_mk_agent
(root,9092,804,00:00:00,1116) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1480,00:00:00,1117) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:09,7723) [kworker/0:2]
(www-data,1393472,22500,00:00:47,7726) /usr/sbin/apache2 -k start
(www-data,1393056,21840,00:00:42,7727) /usr/sbin/apache2 -k start
(root,0,0,00:02:24,16760) [kworker/1:0]
(root,490172,13264,00:03:38,18566) /usr/sbin/rsyslogd -n
(root,20324,2736,00:00:31,18809) /opt/omi/bin/omiserver -d
(omi,20316,3164,00:00:50,18811) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8616,00:05:26,18880) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,317008,64972,00:16:08,19205) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7668,00:00:30,19259) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217944,21128,00:00:14,19291) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,48912,1832,00:09:31,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,0,0,00:00:18,26272) [kworker/u4:0]
(root,372476,24448,03:58:40,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
(root,0,0,00:01:04,30438) [kworker/u4:1]
      Found on 2024-12-05 23:44

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c57143923b3cc461

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28620,3976,01:21:34,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-16:11:00,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,21:19:56,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:11,9) [migration/0]
(root,0,0,00:09:59,10) [watchdog/0]
(root,0,0,00:05:34,11) [watchdog/1]
(root,0,0,00:01:01,12) [migration/1]
(root,0,0,2-04:28:48,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:07,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:36,120) [kworker/1:1H]
(root,0,0,00:07:29,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,500052,473040,00:47:12,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:07:15,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:33,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:01:01,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:03:32,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:18:05,362) /usr/sbin/nscd
(ntp,27072,2532,00:12:05,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:39:16,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:40:29,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:32:50,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:31:15,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:32:06,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2968,00:14:13,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:04:11,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,184240,22164,00:11:40,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:06,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:31:30,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:02:43,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:03:36,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:30:40,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,11684,2612,00:00:00,3780) /bin/bash /usr/bin/check_mk_agent
(root,9092,852,00:00:00,3799) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1456,00:00:00,3800) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:01:04,6374) [kworker/1:1]
(www-data,1392932,21620,00:00:40,6376) /usr/sbin/apache2 -k start
(www-data,1393124,22336,00:00:45,6377) /usr/sbin/apache2 -k start
(root,0,0,00:00:06,6433) [kworker/0:1]
(root,0,0,00:00:01,12066) [kworker/1:0]
(root,490172,35012,00:02:00,18566) /usr/sbin/rsyslogd -n
(root,20324,2736,00:00:17,18809) /opt/omi/bin/omiserver -d
(omi,20316,3164,00:00:27,18811) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8616,00:03:01,18880) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,308816,58248,00:09:01,19205) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7668,00:00:16,19259) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217944,21128,00:00:07,19291) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,48912,1832,00:09:23,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,0,0,00:00:15,26272) [kworker/u4:0]
(root,372476,24448,03:50:04,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
(root,0,0,00:01:04,30438) [kworker/u4:1]
(root,0,0,00:00:19,32253) [kworker/0:0]
      Found on 2024-12-03 23:53

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c57143921a59f167

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28620,3976,01:18:59,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-15:14:36,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,21:00:10,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:11,9) [migration/0]
(root,0,0,00:09:51,10) [watchdog/0]
(root,0,0,00:05:29,11) [watchdog/1]
(root,0,0,00:01:00,12) [migration/1]
(root,0,0,2-03:34:00,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:07,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:34,120) [kworker/1:1H]
(root,0,0,00:07:23,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,500052,469152,00:46:31,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:07:09,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:32,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:00:59,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:03:29,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:17:50,362) /usr/sbin/nscd
(ntp,27072,2532,00:11:56,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:38:29,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:39:58,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:32:24,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:30:50,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:31:41,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2968,00:14:02,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:04:08,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,184156,22076,00:11:31,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:06,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:31:28,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:02:41,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:03:34,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:30:37,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,0,0,00:00:23,16069) [kworker/0:0]
(root,11684,2664,00:00:00,18121) /bin/bash /usr/bin/check_mk_agent
(root,9092,816,00:00:00,18140) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1568,00:00:00,18141) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,424636,11156,00:00:21,18566) /usr/sbin/rsyslogd -n
(root,0,0,00:00:51,18567) [kworker/1:1]
(root,20324,2736,00:00:03,18809) /opt/omi/bin/omiserver -d
(omi,20316,3164,00:00:05,18811) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8528,00:00:32,18880) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,304720,53788,00:01:37,19205) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7668,00:00:03,19259) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217944,21124,00:00:01,19291) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,0,0,00:00:00,19438) [kworker/0:3]
(root,48912,1832,00:09:12,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,0,0,00:02:02,24238) [kworker/1:2]
(www-data,1392492,20804,00:00:30,25082) /usr/sbin/apache2 -k start
(www-data,1392956,21732,00:00:31,25083) /usr/sbin/apache2 -k start
(root,0,0,00:00:12,26272) [kworker/u4:0]
(root,372476,24456,03:41:21,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
(root,0,0,00:01:04,30438) [kworker/u4:1]
      Found on 2024-12-01 23:20

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c57143929e89990d

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28636,3952,01:16:27,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-14:15:01,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,20:38:53,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:10,9) [migration/0]
(root,0,0,00:09:43,10) [watchdog/0]
(root,0,0,00:05:23,11) [watchdog/1]
(root,0,0,00:00:59,12) [migration/1]
(root,0,0,2-02:36:03,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:06,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:32,120) [kworker/1:1H]
(root,0,0,00:07:17,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,486500,458596,00:45:53,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:07:03,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:32,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:00:58,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:03:25,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:17:35,362) /usr/sbin/nscd
(ntp,27072,2532,00:11:47,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:37:42,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:39:26,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:31:58,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:30:26,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:31:16,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2968,00:13:51,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:04:05,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,184068,21992,00:11:22,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:06,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:31:26,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:02:39,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:03:31,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:30:35,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,0,0,00:00:00,3017) [kworker/0:0]
(root,490172,27804,00:04:32,4650) /usr/sbin/rsyslogd -n
(root,20324,2724,00:00:38,4896) /opt/omi/bin/omiserver -d
(omi,20316,3228,00:01:01,4900) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8676,00:06:37,4984) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,321104,69320,00:17:53,5281) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7796,00:00:38,5336) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217940,21152,00:00:17,5368) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,0,0,00:00:00,5462) [kworker/1:1]
(root,0,0,00:00:25,5466) [kworker/0:1]
(root,86408,5948,00:00:00,8278) sshd: unknown [priv]
(sshd,51008,3124,00:00:00,8279) sshd: unknown [net] 
(root,11684,2620,00:00:00,8380) /bin/bash /usr/bin/check_mk_agent
(root,9092,820,00:00:00,8399) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1424,00:00:00,8400) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(www-data,1393116,22044,00:00:41,12594) /usr/sbin/apache2 -k start
(www-data,1392956,22032,00:00:47,12595) /usr/sbin/apache2 -k start
(root,0,0,00:02:47,18951) [kworker/1:2]
(root,48912,1832,00:09:02,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,0,0,00:00:09,26272) [kworker/u4:0]
(root,372476,24440,03:32:42,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
(root,0,0,00:01:04,30438) [kworker/u4:1]
      Found on 2024-11-29 23:27

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c571439284d75c91

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28636,3952,01:13:56,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-13:18:42,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,20:18:52,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:09,9) [migration/0]
(root,0,0,00:09:34,10) [watchdog/0]
(root,0,0,00:05:18,11) [watchdog/1]
(root,0,0,00:00:59,12) [migration/1]
(root,0,0,2-01:40:47,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:06,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:30,120) [kworker/1:1H]
(root,0,0,00:07:12,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,481616,453468,00:45:21,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:06:58,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:32,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:00:57,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:03:22,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:17:23,362) /usr/sbin/nscd
(ntp,27072,2532,00:11:37,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:36:57,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:38:55,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:31:33,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:30:01,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:30:51,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2968,00:13:40,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:04:02,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,183984,21908,00:11:12,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:06,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:31:23,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:02:36,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:03:28,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:30:32,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,0,0,00:00:01,3854) [kworker/1:2]
(root,490172,26168,00:02:54,4650) /usr/sbin/rsyslogd -n
(root,20324,2724,00:00:24,4896) /opt/omi/bin/omiserver -d
(omi,20316,3228,00:00:39,4900) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8676,00:04:13,4984) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,314960,64476,00:11:21,5281) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7796,00:00:24,5336) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217940,21152,00:00:11,5368) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,0,0,00:00:22,5782) [kworker/0:0]
(root,0,0,00:00:48,5785) [kworker/1:0]
(root,51008,5252,00:00:00,8640) sshd: [accepted]    
(sshd,51008,3148,00:00:00,8641) sshd: [net]         
(root,11680,2624,00:00:00,8735) /bin/bash /usr/bin/check_mk_agent
(root,9092,860,00:00:00,8754) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1568,00:00:00,8755) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(www-data,1392560,21388,00:00:43,13877) /usr/sbin/apache2 -k start
(www-data,1392860,21624,00:00:49,13879) /usr/sbin/apache2 -k start
(root,0,0,00:00:47,19407) [kworker/0:2]
(root,48912,1832,00:08:53,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,0,0,00:00:05,26272) [kworker/u4:0]
(root,372476,24444,03:24:07,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
(root,0,0,00:01:04,30438) [kworker/u4:1]
      Found on 2024-11-27 23:57

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c57143925c73335e

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28636,3952,01:11:25,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-12:20:56,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,19:57:59,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:08,9) [migration/0]
(root,0,0,00:09:26,10) [watchdog/0]
(root,0,0,00:05:12,11) [watchdog/1]
(root,0,0,00:00:58,12) [migration/1]
(root,0,0,2-00:44:22,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:06,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:27,120) [kworker/1:1H]
(root,0,0,00:07:05,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,480424,451272,00:44:49,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:06:52,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:31,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:00:56,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:03:19,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:17:10,362) /usr/sbin/nscd
(ntp,27072,2532,00:11:28,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:36:11,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:38:23,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:31:08,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:29:37,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:30:26,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2968,00:13:29,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:03:59,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,183900,21820,00:11:03,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:06,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:31:21,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:02:34,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:03:25,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:30:30,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,0,0,00:00:47,2538) [kworker/0:1]
(root,0,0,00:01:20,4641) [kworker/0:2]
(root,490172,28668,00:01:14,4650) /usr/sbin/rsyslogd -n
(root,20324,2724,00:00:10,4896) /opt/omi/bin/omiserver -d
(omi,20316,3228,00:00:16,4900) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8608,00:01:49,4984) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,314960,63864,00:04:53,5281) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7796,00:00:11,5336) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217940,21152,00:00:04,5368) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,90804,6156,00:00:00,7169) sshd: unknown [priv]
(sshd,51008,3240,00:00:00,7170) sshd: unknown [net] 
(root,51008,5312,00:00:00,7274) sshd: [accepted]    
(root,11684,2568,00:00:00,7275) /bin/bash /usr/bin/check_mk_agent
(root,9092,856,00:00:00,7294) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1572,00:00:00,7295) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:01:16,9686) [kworker/1:0]
(www-data,1392892,21920,00:00:41,9687) /usr/sbin/apache2 -k start
(www-data,1392864,21740,00:00:47,9757) /usr/sbin/apache2 -k start
(root,0,0,00:00:21,11730) [kworker/1:2]
(root,48912,1832,00:08:45,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,0,0,00:00:02,26272) [kworker/u4:0]
(root,372476,24436,03:15:30,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
(root,0,0,00:01:04,30438) [kworker/u4:1]
      Found on 2024-11-26 00:12

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392289cc943

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28592,3956,01:08:50,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-11:20:47,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,19:35:52,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:07,9) [migration/0]
(root,0,0,00:09:17,10) [watchdog/0]
(root,0,0,00:05:07,11) [watchdog/1]
(root,0,0,00:00:57,12) [migration/1]
(root,0,0,1-23:48:28,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:06,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:25,120) [kworker/1:1H]
(root,0,0,00:06:59,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,470852,445620,00:44:12,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:06:46,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:31,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:00:55,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:03:16,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:16:56,362) /usr/sbin/nscd
(ntp,27072,2532,00:11:20,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:35:25,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:37:52,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:30:42,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:29:12,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:30:01,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2968,00:13:18,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:03:56,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,183812,21736,00:10:53,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:06,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:31:19,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:02:32,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:03:22,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:30:27,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,0,0,00:00:15,2727) [kworker/0:2]
(www-data,1392300,20916,00:00:32,2728) /usr/sbin/apache2 -k start
(www-data,1392500,21400,00:00:35,2729) /usr/sbin/apache2 -k start
(root,490172,24768,00:05:22,7268) /usr/sbin/rsyslogd -n
(root,20324,2616,00:00:45,7510) /opt/omi/bin/omiserver -d
(omi,20316,3168,00:01:13,7512) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8592,00:07:48,7594) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,325200,68888,00:22:11,7877) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7660,00:00:44,7933) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217944,21232,00:00:20,7963) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,0,0,00:02:11,16251) [kworker/1:0]
(root,48912,1832,00:08:34,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,11680,2688,00:00:00,24926) /bin/bash /usr/bin/check_mk_agent
(root,9092,816,00:00:00,24945) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1572,00:00:00,24946) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:55,25475) [kworker/1:1]
(root,0,0,00:00:00,26272) [kworker/u4:0]
(root,0,0,00:00:41,27638) [kworker/0:1]
(root,372476,24424,03:06:43,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
(root,0,0,00:01:03,30438) [kworker/u4:1]
      Found on 2024-11-23 23:25

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c57143920e6f3fe2

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28592,3956,01:06:21,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-10:21:39,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,19:15:10,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:07,9) [migration/0]
(root,0,0,00:09:08,10) [watchdog/0]
(root,0,0,00:05:01,11) [watchdog/1]
(root,0,0,00:00:56,12) [migration/1]
(root,0,0,1-22:51:24,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:06,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:23,120) [kworker/1:1H]
(root,0,0,00:06:53,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,467288,437096,00:43:48,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:06:40,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:30,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:00:54,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:03:12,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:16:45,362) /usr/sbin/nscd
(ntp,27072,2532,00:11:09,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:34:39,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:37:20,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:30:16,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:28:48,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:29:36,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2968,00:13:07,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:03:53,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,183728,21648,00:10:43,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:05,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:31:17,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:02:30,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:03:19,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:30:25,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,0,0,00:00:00,1634) [kworker/1:0]
(root,0,0,00:00:22,1638) [kworker/0:0]
(root,11684,2628,00:00:00,2474) /bin/bash /usr/bin/check_mk_agent
(root,9092,816,00:00:00,2493) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1504,00:00:00,2494) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:21,3552) [kworker/u4:2]
(root,490172,56148,00:03:42,7268) /usr/sbin/rsyslogd -n
(root,20324,2616,00:00:31,7510) /opt/omi/bin/omiserver -d
(omi,20316,3168,00:00:50,7512) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8584,00:05:25,7594) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,323152,69300,00:15:07,7877) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7660,00:00:31,7933) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217944,21232,00:00:14,7963) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(www-data,1392364,21104,00:00:42,9922) /usr/sbin/apache2 -k start
(www-data,1392728,21792,00:00:47,9923) /usr/sbin/apache2 -k start
(root,0,0,00:04:52,20284) [kworker/1:2]
(root,48912,1832,00:08:28,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,372476,24416,02:58:05,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
(root,0,0,00:01:01,30438) [kworker/u4:1]
(root,0,0,00:00:01,31896) [kworker/0:1]
      Found on 2024-11-21 23:43

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392d6b7b8d3

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28592,3956,01:03:49,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-09:23:00,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,18:54:01,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:06,9) [migration/0]
(root,0,0,00:08:59,10) [watchdog/0]
(root,0,0,00:04:56,11) [watchdog/1]
(root,0,0,00:00:55,12) [migration/1]
(root,0,0,1-21:52:38,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:06,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:21,120) [kworker/1:1H]
(root,0,0,00:06:48,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,462132,435348,00:43:05,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:06:34,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:30,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:00:53,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:03:09,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:16:30,362) /usr/sbin/nscd
(ntp,27072,2532,00:11:00,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:33:53,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:36:48,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:29:51,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:28:24,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:29:11,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2968,00:12:55,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:03:50,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,183640,21564,00:10:34,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:05,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:31:14,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:02:27,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:03:17,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:30:22,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,0,0,00:00:18,3552) [kworker/u4:2]
(root,490172,38840,00:02:02,7268) /usr/sbin/rsyslogd -n
(root,20324,2616,00:00:17,7510) /opt/omi/bin/omiserver -d
(omi,20316,3168,00:00:28,7512) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8620,00:03:00,7594) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,314960,64620,00:08:18,7877) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7660,00:00:17,7933) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217944,21232,00:00:07,7963) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,0,0,00:00:02,18255) [kworker/1:0]
(root,0,0,00:00:00,20278) [kworker/0:2]
(root,0,0,00:00:53,20284) [kworker/1:2]
(root,48912,1832,00:08:17,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,90580,5964,00:00:00,22429) sshd: unknown [priv]
(sshd,51008,3112,00:00:00,22430) sshd: unknown [net] 
(root,11684,2608,00:00:00,22532) /bin/bash /usr/bin/check_mk_agent
(root,9092,820,00:00:00,22551) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1572,00:00:00,22552) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:33,27885) [kworker/0:1]
(www-data,1392532,21360,00:00:42,27888) /usr/sbin/apache2 -k start
(www-data,1392732,21796,00:00:47,27889) /usr/sbin/apache2 -k start
(root,372476,24416,02:49:29,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
(root,0,0,00:01:01,30438) [kworker/u4:1]
      Found on 2024-11-20 00:04

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c571439276533378

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28592,3956,01:01:17,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-08:24:46,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,18:33:00,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:05,9) [migration/0]
(root,0,0,00:08:51,10) [watchdog/0]
(root,0,0,00:04:51,11) [watchdog/1]
(root,0,0,00:00:54,12) [migration/1]
(root,0,0,1-20:56:52,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:06,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:19,120) [kworker/1:1H]
(root,0,0,00:06:42,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,462132,428840,00:42:26,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:06:28,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:29,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:00:52,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:03:06,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:16:15,362) /usr/sbin/nscd
(ntp,27072,2532,00:10:50,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:33:07,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:36:17,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:29:26,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:27:59,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:28:47,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2936,00:12:44,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:03:47,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,183556,21480,00:10:25,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:05,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:31:12,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:02:25,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:03:14,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:30:20,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,0,0,00:00:14,3552) [kworker/u4:2]
(root,0,0,00:00:55,7255) [kworker/1:2]
(root,416440,13372,00:00:23,7268) /usr/sbin/rsyslogd -n
(root,0,0,00:00:37,7465) [kworker/0:0]
(root,20324,2616,00:00:03,7510) /opt/omi/bin/omiserver -d
(omi,20316,3168,00:00:05,7512) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8508,00:00:34,7594) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,302672,54560,00:01:44,7877) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7660,00:00:03,7933) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217944,21228,00:00:01,7963) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,11684,2644,00:00:00,11931) /bin/bash /usr/bin/check_mk_agent
(root,9092,816,00:00:00,11950) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1452,00:00:00,11951) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:19,15809) [kworker/1:0]
(www-data,1391860,20104,00:00:31,15811) /usr/sbin/apache2 -k start
(www-data,1391820,20532,00:00:32,15817) /usr/sbin/apache2 -k start
(root,48912,1832,00:08:05,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,0,0,00:01:10,26099) [kworker/0:2]
(root,372732,24492,02:40:47,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
(root,0,0,00:01:01,30438) [kworker/u4:1]
      Found on 2024-11-18 00:00

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392ddc2fb9a

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28592,3956,00:58:42,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-07:25:53,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,18:12:10,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:04,9) [migration/0]
(root,0,0,00:08:42,10) [watchdog/0]
(root,0,0,00:04:45,11) [watchdog/1]
(root,0,0,00:00:53,12) [migration/1]
(root,0,0,1-20:02:56,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:06,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:16,120) [kworker/1:1H]
(root,0,0,00:06:36,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,450040,424872,00:41:56,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:06:21,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:29,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:00:51,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:03:02,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:16:02,362) /usr/sbin/nscd
(ntp,27072,2532,00:10:40,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:32:20,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:35:44,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:28:59,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:27:34,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:28:21,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2936,00:12:33,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:03:44,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,183472,21392,00:10:15,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:05,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:31:09,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:02:23,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:03:11,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:30:17,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,51008,5252,00:00:00,1989) sshd: [accepted]    
(sshd,51008,3196,00:00:00,1990) sshd: [net]         
(root,86408,5980,00:00:00,2040) sshd: unknown [priv]
(sshd,51008,3124,00:00:00,2041) sshd: unknown [net] 
(root,11684,2660,00:00:00,2086) /bin/bash /usr/bin/check_mk_agent
(root,9092,856,00:00:00,2105) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1572,00:00:00,2106) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(www-data,1391920,20308,00:00:21,2184) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,2395) [kworker/1:0]
(root,0,0,00:00:12,2834) [kworker/0:2]
(www-data,1392560,21224,00:00:29,2836) /usr/sbin/apache2 -k start
(www-data,1392396,20788,00:00:30,2837) /usr/sbin/apache2 -k start
(root,0,0,00:00:11,3552) [kworker/u4:2]
(root,490172,57460,00:04:32,17324) /usr/sbin/rsyslogd -n
(root,20324,2732,00:00:38,17563) /opt/omi/bin/omiserver -d
(omi,20316,3080,00:01:01,17565) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8676,00:06:37,17646) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,312912,65164,00:18:16,17935) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7796,00:00:37,17989) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217944,21248,00:00:17,18023) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,48912,1832,00:07:57,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,0,0,00:03:02,29498) [kworker/1:2]
(root,372732,24468,02:31:49,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
(root,0,0,00:01:01,30438) [kworker/u4:1]
(root,0,0,00:00:31,31325) [kworker/0:0]
      Found on 2024-11-15 22:24

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392b46f8470

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28644,3964,00:56:09,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-06:24:50,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,17:49:13,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:03,9) [migration/0]
(root,0,0,00:08:33,10) [watchdog/0]
(root,0,0,00:04:40,11) [watchdog/1]
(root,0,0,00:00:53,12) [migration/1]
(root,0,0,1-19:06:31,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:06,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:14,120) [kworker/1:1H]
(root,0,0,00:06:30,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,442252,415792,00:41:07,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:06:15,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:29,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:00:50,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:02:59,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:15:44,362) /usr/sbin/nscd
(ntp,27072,2532,00:10:30,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:31:34,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:35:12,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:28:34,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:27:09,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:27:56,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2936,00:12:21,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:03:41,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,183300,21180,00:10:06,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:05,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:31:07,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:02:21,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:03:08,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:30:14,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,0,0,00:00:07,3552) [kworker/u4:2]
(omsagent,18000,1732,00:00:00,6452) sh -c ((which python2 > /dev/null 2>&1 && python2 /opt/microsoft/omsconfig/Scripts/PerformInventory.py --InMOF /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof --OutXML /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml > /dev/null) || (which python3 > /dev/null 2>&1 && python3 /opt/microsoft/omsconfig/Scripts/python3/PerformInventory.py --InMOF /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof --OutXML /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml > /dev/null)) && cat /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml
(omsagent,18000,232,00:00:00,6453) sh -c ((which python2 > /dev/null 2>&1 && python2 /opt/microsoft/omsconfig/Scripts/PerformInventory.py --InMOF /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof --OutXML /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml > /dev/null) || (which python3 > /dev/null 2>&1 && python3 /opt/microsoft/omsconfig/Scripts/python3/PerformInventory.py --InMOF /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof --OutXML /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml > /dev/null)) && cat /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml
(omsagent,36676,10320,00:00:00,6454) python2 /opt/microsoft/omsconfig/Scripts/PerformInventory.py --InMOF /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof --OutXML /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml
(omsagent,112272,11332,00:00:00,6458) /opt/dsc/bin/dsc_host /opt/dsc/output PerformInventoryOOB /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof
(omsagent,68944,18264,00:00:00,6478) python2 /opt/microsoft/omsconfig/Scripts/client.py 10
(omsagent,0,0,00:00:00,6479) [sh] <defunct>
(omsagent,0,0,00:00:00,6481) [sh] <defunct>
(omsagent,18000,1836,00:00:00,6488) /bin/sh -c sudo /opt/microsoft/omsconfig/Scripts/OMSAptUpdates.sh
(root,53812,3416,00:00:00,6489) sudo /opt/microsoft/omsconfig/Scripts/OMSAptUpdates.sh
(root,11620,2332,00:00:00,6490) /bin/bash /opt/microsoft/omsconfig/Scripts/OMSAptUpdates.sh
(root,29228,4920,00:00:00,6491) apt-get -q update
(root,33136,4240,00:00:00,6495) /usr/lib/apt/methods/http
(root,164724,12000,00:00:00,6496) /usr/lib/apt/methods/https
(root,164856,12932,00:00:00,6497) /usr/lib/apt/methods/https
(root,33136,4308,00:00:00,6498) /usr/lib/apt/methods/http
(root,33136,4352,00:00:00,6499) /usr/lib/apt/methods/http
(root,33136,4328,00:00:00,6500) /usr/lib/apt/methods/http
(root,26688,4008,00:00:00,6504) /usr/lib/apt/methods/gpgv
(root,26680,3884,00:00:00,6515) /usr/lib/apt/methods/gzip
(omsagent,33604,8296,00:00:00,6560) /usr/bin/python /opt/microsoft/omsconfig/Scripts/TestDscConfiguration.py
(root,26676,3868,00:00:00,6663) /usr/lib/apt/methods/copy
(root,51192,2704,00:00:00,6700) /usr/sbin/CRON -f
(omsagent,4336,712,00:00:00,6701) /bin/sh -c /opt/omi/bin/OMSConsistencyInvoker >/dev/null 2>&1
(omsagent,22176,1816,00:00:00,6702) /opt/omi/bin/OMSConsistencyInvoker
(omsagent,0,0,00:00:00,6703) [sh] <defunct>
(omsagent,4336,804,00:00:00,6705) sh -c python2 /opt/microsoft/omsconfig/Scripts/PerformRequiredConfigurationChecks.py
(omsagent,24164,7456,00:00:00,6706) python2 /opt/microsoft/omsconfig/Scripts/PerformRequiredConfigurationChecks.py
(root,11680,2652,00:00:00,7121) /bin/bash /usr/bin/check_mk_agent
(root,9092,804,00:00:00,7140) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1548,00:00:00,7141) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:01,9969) [kworker/0:2]
(root,0,0,00:00:00,12697) [kworker/1:2]
(root,0,0,00:00:30,12703) [kworker/0:1]
(root,490172,35360,00:02:49,17324) /usr/sbin/rsyslogd -n
(root,20324,2732,00:00:24,17563) /opt/omi/bin/omiserver -d
(omi,20316,3080,00:00:38,17565) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8684,00:04:07,17646) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,308816,59660,00:11:22,17935) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(root,0,0,00:01:12,17982) [kworker/1:0]
(www-data,1392212,21136,00:00:38,17986) /usr/sbin/apache2 -k start
(www-data,1392164,21220,00:00:43,17987) /usr/sbin/apache2 -k start
(omsagent,172476,7796,00:00:23,17989) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217944,21236,00:00:10,18023) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,48912,1832,00:07:44,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,372732,24464,02:23:07,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
(root,0,0,00:01:01,30438) [kworker/u4:1]
      Found on 2024-11-13 22:09

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392a7e34af9

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28592,3948,00:53:40,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-05:26:56,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,17:28:25,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:02,9) [migration/0]
(root,0,0,00:08:24,10) [watchdog/0]
(root,0,0,00:04:35,11) [watchdog/1]
(root,0,0,00:00:52,12) [migration/1]
(root,0,0,1-18:13:37,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:06,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:12,120) [kworker/1:1H]
(root,0,0,00:06:24,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,440932,409308,00:40:31,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:06:09,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:28,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:00:49,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:02:56,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:15:31,362) /usr/sbin/nscd
(ntp,27072,2532,00:10:22,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:30:49,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:34:41,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:28:09,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:26:45,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:27:31,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2936,00:12:10,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:03:38,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,183212,21092,00:09:57,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:05,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:31:05,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:02:18,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:03:06,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:30:12,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,0,0,00:00:04,3552) [kworker/u4:2]
(root,0,0,00:00:51,3699) [kworker/1:1]
(root,0,0,00:00:00,6206) [kworker/0:2]
(root,90580,6076,00:00:00,7929) sshd: unknown [priv]
(sshd,51008,3144,00:00:00,7930) sshd: unknown [net] 
(root,11684,2684,00:00:00,8056) /bin/bash /usr/bin/check_mk_agent
(root,9092,816,00:00:00,8075) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1504,00:00:00,8076) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:32,13032) [kworker/0:1]
(www-data,1391908,20944,00:00:39,13034) /usr/sbin/apache2 -k start
(www-data,1392152,21236,00:00:43,13035) /usr/sbin/apache2 -k start
(root,0,0,00:00:19,13091) [kworker/1:0]
(root,490172,35436,00:01:10,17324) /usr/sbin/rsyslogd -n
(root,20324,2732,00:00:10,17563) /opt/omi/bin/omiserver -d
(omi,20316,3080,00:00:15,17565) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8720,00:01:44,17646) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,306768,58540,00:04:54,17935) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7796,00:00:09,17989) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217944,21236,00:00:04,18023) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,48912,1832,00:07:34,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,372732,24468,02:14:33,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
(root,0,0,00:01:01,30438) [kworker/u4:1]
      Found on 2024-11-11 23:00

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392bc6c5fa6

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28576,3940,00:51:08,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-04:29:34,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,17:06:54,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:01,9) [migration/0]
(root,0,0,00:08:16,10) [watchdog/0]
(root,0,0,00:04:30,11) [watchdog/1]
(root,0,0,00:00:51,12) [migration/1]
(root,0,0,1-17:19:34,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:06,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:10,120) [kworker/1:1H]
(root,0,0,00:06:18,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,430100,405336,00:39:47,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:06:03,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:28,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:00:48,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:02:53,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:15:14,362) /usr/sbin/nscd
(ntp,27072,2532,00:10:12,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:30:03,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:34:09,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:27:43,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:26:20,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:27:06,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2936,00:11:59,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:03:35,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,183128,21008,00:09:48,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:05,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:31:03,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:02:16,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:03:03,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:30:09,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,0,0,00:00:01,3552) [kworker/u4:2]
(root,490172,86868,00:05:29,11635) /usr/sbin/rsyslogd -n
(root,20324,2576,00:00:46,11875) /opt/omi/bin/omiserver -d
(omi,20316,3092,00:01:13,11877) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8812,00:07:53,11950) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,315988,66216,00:21:36,12396) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7800,00:00:46,12450) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217944,21288,00:00:20,12483) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,0,0,00:00:00,16339) [kworker/0:0]
(www-data,1391564,20176,00:00:34,17869) /usr/sbin/apache2 -k start
(www-data,1391640,20372,00:00:38,17870) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,19894) [kworker/1:0]
(root,0,0,00:00:29,19899) [kworker/0:1]
(root,48912,1832,00:07:23,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,51008,5200,00:00:00,24098) sshd: [accepted]    
(sshd,51008,3164,00:00:00,24099) sshd: [net]         
(root,51008,5280,00:00:00,24143) sshd: [accepted]    
(sshd,51008,3200,00:00:00,24144) sshd: [net]         
(root,11684,2660,00:00:00,24145) /bin/bash /usr/bin/check_mk_agent
(root,9092,828,00:00:00,24164) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1508,00:00:00,24165) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:05:29,26449) [kworker/1:2]
(root,372576,24452,02:05:51,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
(root,0,0,00:01:00,30438) [kworker/u4:1]
      Found on 2024-11-09 22:56

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392bb9f9f8e

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28576,3940,00:48:36,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-03:26:40,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,16:42:57,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:00,9) [migration/0]
(root,0,0,00:08:07,10) [watchdog/0]
(root,0,0,00:04:24,11) [watchdog/1]
(root,0,0,00:00:50,12) [migration/1]
(root,0,0,1-16:19:12,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:05,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:08,120) [kworker/1:1H]
(root,0,0,00:06:12,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,421368,395880,00:38:53,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:05:57,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:27,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:00:47,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:02:49,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:14:55,362) /usr/sbin/nscd
(ntp,27072,2532,00:10:02,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:29:17,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:33:37,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:27:18,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:25:56,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:26:41,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2936,00:11:48,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:03:32,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,183044,20924,00:09:38,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:05,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:31:00,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:02:14,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:03:00,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:30:07,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,0,0,00:01:08,1122) [kworker/0:1]
(root,0,0,00:02:04,1126) [kworker/1:0]
(root,0,0,00:00:01,3552) [kworker/u4:2]
(root,490172,75692,00:03:47,11635) /usr/sbin/rsyslogd -n
(root,20324,2576,00:00:31,11875) /opt/omi/bin/omiserver -d
(omi,20316,3092,00:00:50,11877) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8716,00:05:26,11950) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,315988,66588,00:14:59,12396) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7800,00:00:31,12450) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217944,21288,00:00:14,12483) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,48912,1832,00:07:08,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,0,0,00:00:28,26433) [kworker/0:2]
(root,0,0,00:00:57,26449) [kworker/1:2]
(root,90804,6088,00:00:00,27193) sshd: unknown [priv]
(sshd,51008,3148,00:00:00,27194) sshd: unknown [net] 
(root,51008,5348,00:00:00,27195) sshd: [accepted]    
(sshd,51008,3136,00:00:00,27196) sshd: [net]         
(root,11684,2592,00:00:00,27291) /bin/bash /usr/bin/check_mk_agent
(root,9092,820,00:00:00,27310) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1572,00:00:00,27311) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,372576,24440,01:57:10,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
(root,0,0,00:00:57,30438) [kworker/u4:1]
(www-data,1391932,20536,00:00:40,30891) /usr/sbin/apache2 -k start
(www-data,1392160,21112,00:00:45,30892) /usr/sbin/apache2 -k start
      Found on 2024-11-07 23:09

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c571439276e049ef

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28576,3904,00:46:01,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-02:27:43,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,16:21:04,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:59,9) [migration/0]
(root,0,0,00:07:58,10) [watchdog/0]
(root,0,0,00:04:19,11) [watchdog/1]
(root,0,0,00:00:49,12) [migration/1]
(root,0,0,1-15:24:16,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:05,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:05,120) [kworker/1:1H]
(root,0,0,00:06:06,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,415164,389520,00:38:13,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:05:51,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:27,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:00:46,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:02:46,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:14:38,362) /usr/sbin/nscd
(ntp,27072,2532,00:09:53,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:28:31,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:33:05,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:26:52,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:25:31,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:26:16,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2936,00:11:36,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:03:29,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,182956,20836,00:09:29,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:05,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:30:58,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:02:11,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:02:57,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:30:04,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,0,0,00:00:13,3547) [kworker/0:1]
(root,0,0,00:00:01,3552) [kworker/u4:2]
(root,53080,5528,00:00:00,4482) sshd: [accepted]    
(sshd,51008,3116,00:00:00,4483) sshd: [net]         
(root,11680,2620,00:00:00,4577) /bin/bash /usr/bin/check_mk_agent
(root,9092,852,00:00:00,4596) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1552,00:00:00,4597) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:01,6759) [kworker/1:0]
(root,0,0,00:00:29,9185) [kworker/0:0]
(root,0,0,00:00:45,9194) [kworker/1:1]
(root,490172,73076,00:02:04,11635) /usr/sbin/rsyslogd -n
(root,20324,2576,00:00:17,11875) /opt/omi/bin/omiserver -d
(omi,20316,3092,00:00:27,11877) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8716,00:02:57,11950) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,315988,64260,00:08:08,12396) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7800,00:00:16,12450) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217944,21288,00:00:07,12483) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(www-data,1391800,20596,00:00:39,12786) /usr/sbin/apache2 -k start
(www-data,1391992,20652,00:00:43,12857) /usr/sbin/apache2 -k start
(root,48912,1832,00:06:57,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,372576,24452,01:48:16,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
(root,0,0,00:00:53,30438) [kworker/u4:1]
      Found on 2024-11-05 22:03

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c57143922317b7f3

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28640,3916,00:43:38,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-01:32:12,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,15:59:38,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:58,9) [migration/0]
(root,0,0,00:07:50,10) [watchdog/0]
(root,0,0,00:04:14,11) [watchdog/1]
(root,0,0,00:00:48,12) [migration/1]
(root,0,0,1-14:32:17,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:05,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:09:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:07,119) [kworker/0:1H]
(root,0,0,05:10:03,120) [kworker/1:1H]
(root,0,0,00:06:00,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,411328,380696,00:37:21,177) /lib/systemd/systemd-journald
(root,41312,1044,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:05:45,245) [hv_balloon]
(root,0,0,00:03:13,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6904,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1012,00:00:26,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1944,00:00:45,336) /lib/systemd/systemd-logind
(message+,33828,1860,00:02:43,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,728,00:14:18,362) /usr/sbin/nscd
(ntp,27072,2532,00:09:44,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,116,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,108,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,948,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104388,3312,01:27:49,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2608,00:32:36,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3196,00:26:29,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3196,00:25:08,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3196,00:25:53,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,2936,00:11:26,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,768,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,13676,00:03:26,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,182872,20752,00:09:20,482) /usr/sbin/apache2 -k start
(postgres,225176,1440,00:00:05,544) postgres: checkpointer process                                                                                              
(postgres,225176,1696,00:30:56,545) postgres: writer process                                                                                                    
(postgres,225176,1568,00:02:09,546) postgres: wal writer process                                                                                                
(postgres,225608,48408,00:02:54,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3124,00:30:02,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(root,0,0,00:00:01,3552) [kworker/u4:2]
(root,0,0,00:00:01,9002) [kworker/1:0]
(root,0,0,00:00:34,11622) [kworker/0:0]
(root,490172,42268,00:00:28,11635) /usr/sbin/rsyslogd -n
(root,20324,2576,00:00:03,11875) /opt/omi/bin/omiserver -d
(omi,20316,3092,00:00:06,11877) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8708,00:00:39,11950) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,0,0,00:01:13,12388) [kworker/1:1]
(omsagent,307796,56228,00:01:46,12396) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7800,00:00:03,12450) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217944,21284,00:00:01,12483) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,11684,2680,00:00:00,13382) /bin/bash /usr/bin/check_mk_agent
(root,9092,796,00:00:00,13401) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1552,00:00:00,13402) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:12,16859) [kworker/0:2]
(www-data,1391084,19476,00:00:35,16861) /usr/sbin/apache2 -k start
(www-data,1391280,19836,00:00:38,16932) /usr/sbin/apache2 -k start
(root,48912,1832,00:06:42,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,372576,24436,01:40:10,30113) python -u bin/WALinuxAgent-2.12.0.2-py3.9.egg -run-exthandlers
(root,0,0,00:00:50,30438) [kworker/u4:1]
      Found on 2024-11-04 01:19

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c57143922485fb29

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28580,3516,00:04:24,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,1-08:00:20,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,09:53:51,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:43,9) [migration/0]
(root,0,0,00:05:07,10) [watchdog/0]
(root,0,0,00:02:29,11) [watchdog/1]
(root,0,0,00:00:33,12) [migration/1]
(root,0,0,22:52:51,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:04,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:03:45,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:00,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:06,119) [kworker/0:1H]
(root,0,0,04:40:50,120) [kworker/1:1H]
(root,0,0,00:04:06,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,318568,291996,00:28:18,177) /lib/systemd/systemd-journald
(root,41312,2468,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:03:54,245) [hv_balloon]
(root,0,0,00:02:56,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6948,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1552,00:00:18,324) /usr/sbin/cron -f
(root,46364,11648,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1856,00:00:27,336) /lib/systemd/systemd-logind
(message+,33828,2096,00:01:43,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,720,00:10:24,362) /usr/sbin/nscd
(ntp,27072,2764,00:06:44,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,1292,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,1276,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,2016,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104404,1756,01:09:38,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2296,00:22:26,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3732,00:18:18,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3736,00:17:16,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3736,00:17:52,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,3520,00:07:50,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,1460,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,15220,00:02:26,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,181156,16328,00:06:22,482) /usr/sbin/apache2 -k start
(postgres,225176,3192,00:00:03,544) postgres: checkpointer process                                                                                              
(postgres,225176,3268,00:27:43,545) postgres: writer process                                                                                                    
(postgres,225176,2572,00:01:27,546) postgres: wal writer process                                                                                                
(postgres,225608,45348,00:01:59,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,2992,00:26:50,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(osm,1508080,243168,02:03:26,752) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,253780,146600,18:31:33,793) postgres: osm gis [local] SELECT                                                                                            
(postgres,267044,160544,12:08:29,1620) postgres: osm gis [local] SELECT                                                                                            
(postgres,262528,153000,08:34:17,1898) postgres: osm gis [local] SELECT                                                                                            
(postgres,258396,151656,07:39:45,1900) postgres: osm gis [local] SELECT                                                                                            
(root,0,0,00:00:00,1908) [kworker/1:0]
(root,0,0,00:00:06,1916) [kworker/0:0]
(root,490172,47268,00:02:31,5640) /usr/sbin/rsyslogd -n
(root,20324,1932,00:00:22,5881) /opt/omi/bin/omiserver -d
(omi,20316,2388,00:00:36,5883) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,4920,00:04:15,5947) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,314960,60980,00:10:05,6182) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,3928,00:00:21,6237) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217940,18196,00:00:10,6269) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,0,0,00:00:00,7053) [kworker/u4:0]
(root,0,0,00:00:00,9188) [kworker/u4:1]
(root,11680,2608,00:00:00,11223) /bin/bash /usr/bin/check_mk_agent
(root,9092,828,00:00:00,11242) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1552,00:00:00,11243) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,371292,20300,02:02:15,16596) python -u bin/WALinuxAgent-2.11.1.12-py3.9.egg -run-exthandlers
(www-data,1390320,17272,00:00:28,20323) /usr/sbin/apache2 -k start
(www-data,1390236,16684,00:00:25,20325) /usr/sbin/apache2 -k start
(root,48912,2748,00:04:13,20859) /usr/sbin/sshd -D
(root,0,0,00:00:40,21906) [kworker/1:2]
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,0,0,00:00:27,23784) [kworker/0:2]
      Found on 2024-09-25 22:13

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c571439207544184

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28580,3588,00:04:19,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,1-07:31:01,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,09:49:07,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:43,9) [migration/0]
(root,0,0,00:05:02,10) [watchdog/0]
(root,0,0,00:02:28,11) [watchdog/1]
(root,0,0,00:00:32,12) [migration/1]
(root,0,0,22:46:00,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:03,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:01:29,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:00,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:06,119) [kworker/0:1H]
(root,0,0,04:28:43,120) [kworker/1:1H]
(root,0,0,00:04:01,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,315592,284716,00:27:48,177) /lib/systemd/systemd-journald
(root,41312,2540,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:03:50,245) [hv_balloon]
(root,0,0,00:02:48,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6952,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1624,00:00:18,324) /usr/sbin/cron -f
(root,46364,11720,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1928,00:00:26,336) /lib/systemd/systemd-logind
(message+,33828,2140,00:01:40,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,796,00:10:15,362) /usr/sbin/nscd
(ntp,27072,2712,00:06:36,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,1356,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,1340,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,2036,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104404,1828,01:08:08,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2316,00:21:58,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3788,00:17:54,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3708,00:16:54,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3776,00:17:29,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,3572,00:07:40,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,1276,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,15292,00:02:23,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,181072,15012,00:06:14,482) /usr/sbin/apache2 -k start
(postgres,225176,3244,00:00:03,544) postgres: checkpointer process                                                                                              
(postgres,225176,3312,00:26:34,545) postgres: writer process                                                                                                    
(postgres,225176,2608,00:01:26,546) postgres: wal writer process                                                                                                
(postgres,225608,43892,00:01:57,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3028,00:25:44,548) postgres: stats collector process                                                                                           
(www-data,1389548,15544,00:00:26,602) /usr/sbin/apache2 -k start
(www-data,1389588,15880,00:00:27,604) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(osm,1508080,227744,01:59:47,752) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,263884,154756,18:08:25,793) postgres: osm gis [local] SELECT                                                                                            
(postgres,258444,151640,11:48:08,1620) postgres: osm gis [local] SELECT                                                                                            
(postgres,270952,163148,08:11:31,1898) postgres: osm gis [local] SELECT                                                                                            
(postgres,261968,151044,06:59:25,1900) postgres: osm gis [local] SELECT                                                                                            
(root,0,0,00:01:56,5630) [kworker/1:0]
(root,416440,12908,00:01:07,5640) /usr/sbin/rsyslogd -n
(root,0,0,00:00:46,5854) [kworker/0:2]
(root,20324,2004,00:00:10,5881) /opt/omi/bin/omiserver -d
(omi,20316,2460,00:00:16,5883) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,4800,00:01:49,5947) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,308816,52708,00:04:23,6182) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,4008,00:00:09,6237) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217940,18280,00:00:04,6269) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,0,0,00:00:00,14071) [kworker/0:1]
(root,0,0,00:00:24,14078) [kworker/1:1]
(root,371292,20408,01:54:29,16596) python -u bin/WALinuxAgent-2.11.1.12-py3.9.egg -run-exthandlers
(root,48912,3144,00:04:09,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,0,0,00:00:00,22437) [kworker/u4:0]
(root,0,0,00:00:03,26038) [kworker/u4:1]
(root,86408,5876,00:00:00,30331) sshd: unknown [priv]
(sshd,51008,3180,00:00:00,30332) sshd: unknown [net] 
(root,86408,5912,00:00:00,30333) sshd: unknown [priv]
(sshd,51008,3104,00:00:00,30334) sshd: unknown [net] 
(root,11684,2624,00:00:00,30428) /bin/bash /usr/bin/check_mk_agent
(root,9092,820,00:00:00,30447) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1548,00:00:00,30448) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
      Found on 2024-09-23 23:37

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392a0753417

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28580,4116,00:04:15,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,1-06:45:13,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,09:35:13,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:42,9) [migration/0]
(root,0,0,00:04:55,10) [watchdog/0]
(root,0,0,00:02:24,11) [watchdog/1]
(root,0,0,00:00:32,12) [migration/1]
(root,0,0,22:03:52,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:03,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:00:26,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:00,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:06,119) [kworker/0:1H]
(root,0,0,04:26:17,120) [kworker/1:1H]
(root,0,0,00:03:55,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,310772,279776,00:27:34,177) /lib/systemd/systemd-journald
(root,41312,2684,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:03:44,245) [hv_balloon]
(root,0,0,00:02:45,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6952,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1804,00:00:17,324) /usr/sbin/cron -f
(root,46364,11828,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,2336,00:00:26,336) /lib/systemd/systemd-logind
(message+,33828,2448,00:01:38,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,860,00:10:08,362) /usr/sbin/nscd
(ntp,27072,2952,00:06:26,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,1476,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,1460,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,2112,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104404,1948,01:06:33,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2408,00:21:27,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3968,00:17:29,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3940,00:16:29,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3940,00:17:04,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,3752,00:07:29,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,1624,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,15404,00:02:20,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,180984,18716,00:06:05,482) /usr/sbin/apache2 -k start
(postgres,225176,3276,00:00:03,544) postgres: checkpointer process                                                                                              
(postgres,225176,3328,00:26:17,545) postgres: writer process                                                                                                    
(postgres,225176,2624,00:01:24,546) postgres: wal writer process                                                                                                
(postgres,225608,43624,00:01:54,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3028,00:25:28,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(osm,1508080,188820,01:57:55,752) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,269032,162468,17:54:59,793) postgres: osm gis [local] idle                                                                                              
(postgres,265040,156176,11:38:10,1620) postgres: osm gis [local] idle                                                                                              
(postgres,269144,162444,08:06:40,1898) postgres: osm gis [local] idle                                                                                              
(postgres,262648,155760,06:52:31,1900) postgres: osm gis [local] idle                                                                                              
(root,0,0,00:01:07,4312) [kworker/0:2]
(root,0,0,00:00:00,10990) [kworker/1:1]
(root,0,0,00:00:00,10999) [kworker/0:1]
(root,416440,26344,00:02:10,13577) /usr/sbin/rsyslogd -n
(root,11684,2588,00:00:00,13629) /bin/bash /usr/bin/check_mk_agent
(root,9092,828,00:00:00,13648) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1552,00:00:00,13649) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,20324,2144,00:00:19,13826) /opt/omi/bin/omiserver -d
(omi,20316,2744,00:00:31,13828) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,5440,00:03:47,13902) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,312912,60208,00:09:10,14144) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,4916,00:00:19,14198) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217944,18676,00:00:09,14230) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,0,0,00:00:00,14637) [kworker/u4:0]
(www-data,1389080,17096,00:00:22,16527) /usr/sbin/apache2 -k start
(www-data,1389316,17660,00:00:23,16529) /usr/sbin/apache2 -k start
(root,371036,20240,01:46:02,16596) python -u bin/WALinuxAgent-2.11.1.12-py3.9.egg -run-exthandlers
(root,48912,3004,00:04:05,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,0,0,00:00:02,27538) [kworker/u4:2]
(root,0,0,00:00:31,29122) [kworker/1:2]
      Found on 2024-09-21 23:01

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392ce154e73

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28580,4188,00:04:10,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,1-06:03:35,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,09:22:20,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:42,9) [migration/0]
(root,0,0,00:04:49,10) [watchdog/0]
(root,0,0,00:02:21,11) [watchdog/1]
(root,0,0,00:00:31,12) [migration/1]
(root,0,0,21:30:18,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:03,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,00:59:18,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:00,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:05,119) [kworker/0:1H]
(root,0,0,04:21:21,120) [kworker/1:1H]
(root,0,0,00:03:50,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,310772,276988,00:27:16,177) /lib/systemd/systemd-journald
(root,41312,2684,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:03:39,245) [hv_balloon]
(root,0,0,00:02:42,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6952,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1804,00:00:17,324) /usr/sbin/cron -f
(root,46364,11832,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,2328,00:00:25,336) /lib/systemd/systemd-logind
(message+,33828,2420,00:01:36,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,860,00:09:58,362) /usr/sbin/nscd
(ntp,27072,2880,00:06:17,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,1476,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,1460,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,2112,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104404,1948,01:04:59,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2408,00:20:56,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3968,00:17:04,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3972,00:16:06,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3952,00:16:40,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,3756,00:07:19,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,1500,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,15408,00:02:17,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,180900,14168,00:05:56,482) /usr/sbin/apache2 -k start
(postgres,225176,3336,00:00:03,544) postgres: checkpointer process                                                                                              
(postgres,225176,3360,00:25:47,545) postgres: writer process                                                                                                    
(postgres,225176,2624,00:01:21,546) postgres: wal writer process                                                                                                
(postgres,225608,43096,00:01:52,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3028,00:24:59,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(osm,1508080,188896,01:56:04,752) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,268272,161264,17:21:08,793) postgres: osm gis [local] idle                                                                                              
(postgres,266824,159852,11:26:45,1620) postgres: osm gis [local] idle                                                                                              
(postgres,266852,160328,08:02:35,1898) postgres: osm gis [local] idle                                                                                              
(postgres,257624,151976,06:51:13,1900) postgres: osm gis [local] idle                                                                                              
(root,0,0,00:00:00,7639) [kworker/1:1]
(root,0,0,00:00:08,7640) [kworker/0:1]
(root,0,0,00:00:00,8197) [kworker/u4:1]
(root,0,0,00:00:00,12954) [kworker/u4:0]
(root,416440,8172,00:00:41,13577) /usr/sbin/rsyslogd -n
(root,20324,2172,00:00:06,13826) /opt/omi/bin/omiserver -d
(omi,20316,2780,00:00:10,13828) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,5576,00:01:15,13902) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,306768,52144,00:02:55,14144) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,4944,00:00:06,14198) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217944,18820,00:00:03,14230) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,371036,20552,01:37:44,16596) python -u bin/WALinuxAgent-2.11.1.12-py3.9.egg -run-exthandlers
(root,48912,3004,00:04:00,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,20944) [kworker/0:0]
(root,0,0,00:00:00,20953) [kworker/1:0]
(omsagent,18000,1808,00:00:00,21450) sh -c ((which python2 > /dev/null 2>&1 && python2 /opt/microsoft/omsconfig/Scripts/PerformInventory.py --InMOF /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof --OutXML /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml > /dev/null) || (which python3 > /dev/null 2>&1 && python3 /opt/microsoft/omsconfig/Scripts/python3/PerformInventory.py --InMOF /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof --OutXML /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml > /dev/null)) && cat /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml
(omsagent,18000,232,00:00:00,21452) sh -c ((which python2 > /dev/null 2>&1 && python2 /opt/microsoft/omsconfig/Scripts/PerformInventory.py --InMOF /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof --OutXML /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml > /dev/null) || (which python3 > /dev/null 2>&1 && python3 /opt/microsoft/omsconfig/Scripts/python3/PerformInventory.py --InMOF /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof --OutXML /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml > /dev/null)) && cat /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml
(omsagent,36676,10212,00:00:00,21454) python2 /opt/microsoft/omsconfig/Scripts/PerformInventory.py --InMOF /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof --OutXML /etc/opt/omi/conf/omsconfig/configuration/CompletePackageInventory.xml
(omsagent,109852,10340,00:00:00,21469) /opt/dsc/bin/dsc_host /opt/dsc/output PerformInventoryOOB /etc/opt/microsoft/omsagent/conf/omsagent.d/patch_management_inventory.mof
(root,11684,2576,00:00:00,21534) /bin/bash /usr/bin/check_mk_agent
(root,9092,800,00:00:00,21553) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1604,00:00:00,21554) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(www-data,1389512,15332,00:00:24,28637) /usr/sbin/apache2 -k start
(www-data,1389468,15168,00:00:25,28639) /usr/sbin/apache2 -k start
      Found on 2024-09-19 22:35

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c57143922ed2f2af

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28592,3756,00:04:06,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,1-05:32:49,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,09:16:01,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:41,9) [migration/0]
(root,0,0,00:04:43,10) [watchdog/0]
(root,0,0,00:02:19,11) [watchdog/1]
(root,0,0,00:00:31,12) [migration/1]
(root,0,0,21:17:01,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:03,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,00:56:57,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:00,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:05,119) [kworker/0:1H]
(root,0,0,04:11:16,120) [kworker/1:1H]
(root,0,0,00:03:45,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,307164,276888,00:27:04,177) /lib/systemd/systemd-journald
(root,41312,2684,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:03:35,245) [hv_balloon]
(root,0,0,00:02:38,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6952,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1804,00:00:17,324) /usr/sbin/cron -f
(root,46364,11832,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,2104,00:00:24,336) /lib/systemd/systemd-logind
(message+,33828,2348,00:01:34,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,860,00:09:51,362) /usr/sbin/nscd
(ntp,27072,2956,00:06:08,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,1476,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,1460,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,2112,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104404,1948,01:03:28,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2408,00:20:28,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3932,00:16:40,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3972,00:15:43,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3932,00:16:17,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,3756,00:07:09,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,1624,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,15408,00:02:13,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,180812,13852,00:05:49,482) /usr/sbin/apache2 -k start
(postgres,225176,3336,00:00:03,544) postgres: checkpointer process                                                                                              
(postgres,225176,3428,00:24:51,545) postgres: writer process                                                                                                    
(postgres,225176,2624,00:01:20,546) postgres: wal writer process                                                                                                
(postgres,225608,42072,00:01:49,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3028,00:24:05,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(osm,1508080,203952,01:52:14,752) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,269136,162536,16:32:46,793) postgres: osm gis [local] SELECT                                                                                            
(postgres,269520,162068,11:07:20,1620) postgres: osm gis [local] SELECT                                                                                            
(postgres,266172,157724,07:49:00,1898) postgres: osm gis [local] SELECT                                                                                            
(postgres,253528,147392,06:37:10,1900) postgres: osm gis [local] SELECT                                                                                            
(root,0,0,00:00:00,6075) [kworker/u4:0]
(root,0,0,00:00:00,8678) [kworker/u4:2]
(root,11684,2572,00:00:00,8833) /bin/bash /usr/bin/check_mk_agent
(root,9092,840,00:00:00,8852) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1556,00:00:00,8853) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:18,12933) [kworker/0:2]
(www-data,1389280,14428,00:00:22,12934) /usr/sbin/apache2 -k start
(www-data,1389432,14680,00:00:23,12936) /usr/sbin/apache2 -k start
(root,371040,20492,01:29:44,16596) python -u bin/WALinuxAgent-2.11.1.12-py3.9.egg -run-exthandlers
(root,416440,15900,00:01:43,19116) /usr/sbin/rsyslogd -n
(root,20324,2104,00:00:15,19357) /opt/omi/bin/omiserver -d
(omi,20316,2692,00:00:25,19359) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,6024,00:03:01,19422) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,314960,60292,00:07:24,19661) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,4860,00:00:15,19718) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217960,18668,00:00:07,19747) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,48912,3004,00:03:57,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,0,0,00:00:01,24843) [kworker/u4:1]
(root,0,0,00:00:01,26682) [kworker/1:0]
(root,0,0,00:00:00,28966) [kworker/0:1]
(root,0,0,00:00:18,28977) [kworker/1:3]
      Found on 2024-09-17 22:19

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392e4413e37

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28576,3740,00:04:02,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,1-04:55:25,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,09:05:55,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:41,9) [migration/0]
(root,0,0,00:04:38,10) [watchdog/0]
(root,0,0,00:02:17,11) [watchdog/1]
(root,0,0,00:00:30,12) [migration/1]
(root,0,0,20:50:54,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:03,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,00:55:11,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:00,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:05,119) [kworker/0:1H]
(root,0,0,04:05:23,120) [kworker/1:1H]
(root,0,0,00:03:40,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,307164,276252,00:26:51,177) /lib/systemd/systemd-journald
(root,41312,2684,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:03:30,245) [hv_balloon]
(root,0,0,00:02:33,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6952,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1804,00:00:16,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,2104,00:00:24,336) /lib/systemd/systemd-logind
(message+,33828,2352,00:01:31,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,872,00:09:44,362) /usr/sbin/nscd
(ntp,27072,2876,00:06:00,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,1476,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,1460,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,2112,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104404,1952,01:01:58,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2408,00:19:59,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,4024,00:16:17,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,4016,00:15:21,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,4024,00:15:54,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,3808,00:06:59,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,1624,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,15488,00:02:10,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,180728,16116,00:05:41,482) /usr/sbin/apache2 -k start
(postgres,225176,3352,00:00:03,544) postgres: checkpointer process                                                                                              
(postgres,225176,3456,00:24:15,545) postgres: writer process                                                                                                    
(postgres,225176,2624,00:01:18,546) postgres: wal writer process                                                                                                
(postgres,225608,41828,00:01:47,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3028,00:23:31,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(osm,3080944,1848400,01:49:13,752) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,262564,152688,16:03:43,793) postgres: osm gis [local] SELECT                                                                                            
(postgres,272772,165488,10:46:52,1620) postgres: osm gis [local] SELECT                                                                                            
(postgres,266992,159008,07:36:18,1898) postgres: osm gis [local] idle                                                                                              
(postgres,268904,160160,06:30:53,1900) postgres: osm gis [local] idle                                                                                              
(root,0,0,00:01:25,3477) [kworker/0:2]
(www-data,1389760,16300,00:00:24,5038) /usr/sbin/apache2 -k start
(www-data,1389844,16996,00:00:24,5040) /usr/sbin/apache2 -k start
(root,0,0,00:00:01,8097) [kworker/u4:0]
(root,371040,20196,01:21:49,16596) python -u bin/WALinuxAgent-2.11.1.12-py3.9.egg -run-exthandlers
(root,0,0,00:00:02,16810) [kworker/1:1]
(root,0,0,00:00:00,17917) [kworker/u4:2]
(root,0,0,00:00:40,19107) [kworker/1:0]
(root,416440,3964,00:00:20,19116) /usr/sbin/rsyslogd -n
(root,0,0,00:00:17,19312) [kworker/0:1]
(root,20324,2192,00:00:03,19357) /opt/omi/bin/omiserver -d
(omi,20316,2796,00:00:05,19359) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,5928,00:00:32,19422) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,304720,53524,00:01:20,19661) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,4972,00:00:02,19718) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217960,19088,00:00:01,19747) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,48912,3056,00:03:54,20859) /usr/sbin/sshd -D
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,0,0,00:00:00,29663) [kworker/u4:1]
(root,11684,2588,00:00:00,30756) /bin/bash /usr/bin/check_mk_agent
(root,9092,820,00:00:00,30775) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1552,00:00:00,30776) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
      Found on 2024-09-15 23:02

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392bfd247e7

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28656,3680,00:03:58,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,1-04:20:23,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,08:58:51,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:40,9) [migration/0]
(root,0,0,00:04:32,10) [watchdog/0]
(root,0,0,00:02:14,11) [watchdog/1]
(root,0,0,00:00:30,12) [migration/1]
(root,0,0,20:34:55,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:03,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,00:54:19,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:00,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:05,119) [kworker/0:1H]
(root,0,0,03:53:07,120) [kworker/1:1H]
(root,0,0,00:03:34,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,298612,271556,00:26:41,177) /lib/systemd/systemd-journald
(root,41312,2684,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:03:25,245) [hv_balloon]
(root,0,0,00:02:30,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6952,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1820,00:00:16,324) /usr/sbin/cron -f
(root,46364,11860,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,2104,00:00:23,336) /lib/systemd/systemd-logind
(message+,33828,2352,00:01:29,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,872,00:09:37,362) /usr/sbin/nscd
(ntp,27072,2836,00:05:51,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,1476,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,1460,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,2112,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104404,1952,01:00:24,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2408,00:19:28,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,4024,00:15:52,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3976,00:14:57,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3984,00:15:30,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,3808,00:06:48,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,1624,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,15488,00:02:07,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,180548,12884,00:05:32,482) /usr/sbin/apache2 -k start
(postgres,225176,3352,00:00:03,544) postgres: checkpointer process                                                                                              
(postgres,225176,3456,00:23:19,545) postgres: writer process                                                                                                    
(postgres,225176,2624,00:01:16,546) postgres: wal writer process                                                                                                
(postgres,225608,41340,00:01:44,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3028,00:22:36,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(osm,1639152,299628,01:47:22,752) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,253940,147212,15:39:45,793) postgres: osm gis [local] SELECT                                                                                            
(postgres,263876,156660,10:24:21,1620) postgres: osm gis [local] SELECT                                                                                            
(postgres,253776,147640,07:23:34,1898) postgres: osm gis [local] SELECT                                                                                            
(postgres,253528,146580,06:18:46,1900) postgres: osm gis [local] SELECT                                                                                            
(root,0,0,00:00:03,3133) [kworker/u4:0]
(root,0,0,00:00:41,3477) [kworker/0:2]
(root,0,0,00:00:00,10420) [kworker/0:0]
(root,0,0,00:03:13,13423) [kworker/1:0]
(root,0,0,00:00:00,15705) [kworker/u4:1]
(root,371040,20632,01:13:28,16596) python -u bin/WALinuxAgent-2.11.1.12-py3.9.egg -run-exthandlers
(root,11684,2648,00:00:00,18104) /bin/bash /usr/bin/check_mk_agent
(root,9092,860,00:00:00,18123) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1552,00:00:00,18124) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,48912,3380,00:03:51,20859) /usr/sbin/sshd -D
(root,490172,13672,00:02:56,21933) /usr/sbin/rsyslogd -n
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,20324,2024,00:00:26,22184) /opt/omi/bin/omiserver -d
(omi,20316,2120,00:00:41,22186) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,172476,4460,00:04:51,22249) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,309836,55452,00:12:23,22519) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,3836,00:00:25,22572) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217948,18120,00:00:12,22584) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,0,0,00:01:03,27521) [kworker/1:2]
(www-data,1389012,14492,00:00:22,30707) /usr/sbin/apache2 -k start
(www-data,1389136,14472,00:00:24,30709) /usr/sbin/apache2 -k start
      Found on 2024-09-13 21:46

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392250032f6

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28656,3820,00:03:54,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,1-03:50:03,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,08:49:57,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:40,9) [migration/0]
(root,0,0,00:04:27,10) [watchdog/0]
(root,0,0,00:02:12,11) [watchdog/1]
(root,0,0,00:00:29,12) [migration/1]
(root,0,0,20:11:54,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:03,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,00:51:53,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:00,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:05,119) [kworker/0:1H]
(root,0,0,03:47:01,120) [kworker/1:1H]
(root,0,0,00:03:29,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,298612,266908,00:26:29,177) /lib/systemd/systemd-journald
(root,41312,2760,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:03:21,245) [hv_balloon]
(root,0,0,00:02:23,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6956,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1856,00:00:15,324) /usr/sbin/cron -f
(root,46364,12316,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,2188,00:00:23,336) /lib/systemd/systemd-logind
(message+,33828,2412,00:01:27,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,936,00:09:31,362) /usr/sbin/nscd
(ntp,27072,3416,00:05:42,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,1532,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,1520,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,2164,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104404,2092,00:58:59,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2444,00:19:00,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,4340,00:15:29,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,4344,00:14:35,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,4344,00:15:07,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,4184,00:06:38,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,1648,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,16008,00:02:04,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,180464,15672,00:05:25,482) /usr/sbin/apache2 -k start
(postgres,225176,2344,00:00:03,544) postgres: checkpointer process                                                                                              
(postgres,225176,3788,00:22:40,545) postgres: writer process                                                                                                    
(postgres,225176,2888,00:01:15,546) postgres: wal writer process                                                                                                
(postgres,225608,40920,00:01:42,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3260,00:22:00,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(osm,1508080,219904,01:43:26,752) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,263476,155208,14:52:54,793) postgres: osm gis [local] idle                                                                                              
(postgres,257508,151460,10:02:22,1620) postgres: osm gis [local] idle                                                                                              
(postgres,262840,153832,07:15:40,1898) postgres: osm gis [local] idle                                                                                              
(postgres,268976,160156,06:03:34,1900) postgres: osm gis [local] idle                                                                                              
(root,0,0,00:00:00,8659) [kworker/u4:0]
(root,0,0,00:00:00,10471) [kworker/1:2]
(root,0,0,00:03:12,13423) [kworker/1:0]
(root,371040,21504,01:05:51,16596) python -u bin/WALinuxAgent-2.11.1.12-py3.9.egg -run-exthandlers
(www-data,1389000,15824,00:00:31,17058) /usr/sbin/apache2 -k start
(www-data,1389112,15872,00:00:33,17060) /usr/sbin/apache2 -k start
(root,0,0,00:00:05,17115) [kworker/0:0]
(root,86408,6024,00:00:00,19717) sshd: unknown [priv]
(sshd,51008,3220,00:00:00,19718) sshd: unknown [net] 
(root,11684,2608,00:00:00,19823) /bin/bash /usr/bin/check_mk_agent
(root,9092,856,00:00:00,19842) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1624,00:00:00,19843) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,48912,3572,00:03:48,20859) /usr/sbin/sshd -D
(root,490172,23408,00:01:36,21933) /usr/sbin/rsyslogd -n
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,20324,2200,00:00:14,22184) /opt/omi/bin/omiserver -d
(omi,20316,2724,00:00:21,22186) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,172476,5920,00:02:32,22249) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,309836,58820,00:06:34,22519) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,5036,00:00:13,22572) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217948,18896,00:00:06,22584) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,0,0,00:00:03,23218) [kworker/u4:2]
(root,0,0,00:00:25,28970) [kworker/0:1]
      Found on 2024-09-12 00:52

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c57143924bf4af06

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28656,4276,00:03:53,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,1-03:39:39,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,08:46:28,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:40,9) [migration/0]
(root,0,0,00:04:25,10) [watchdog/0]
(root,0,0,00:02:11,11) [watchdog/1]
(root,0,0,00:00:29,12) [migration/1]
(root,0,0,20:01:22,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:03,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,00:51:39,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:00,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [ata_sff]
(root,0,0,00:00:00,78) [kpsmoused]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,95) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,98) [scsi_eh_0]
(root,0,0,00:00:00,99) [scsi_tmf_0]
(root,0,0,00:00:00,100) [scsi_eh_1]
(root,0,0,00:00:00,101) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,105) [scsi_tmf_2]
(root,0,0,00:00:00,106) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_eh_3]
(root,0,0,00:00:00,109) [scsi_tmf_3]
(root,0,0,00:00:00,110) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,112) [scsi_eh_5]
(root,0,0,00:00:00,113) [scsi_tmf_5]
(root,0,0,00:00:05,119) [kworker/0:1H]
(root,0,0,03:46:52,120) [kworker/1:1H]
(root,0,0,00:03:28,138) [jbd2/sda1-8]
(root,0,0,00:00:00,139) [ext4-rsv-conver]
(root,0,0,00:00:00,175) [kauditd]
(root,298612,264068,00:26:25,177) /lib/systemd/systemd-journald
(root,41312,2760,00:00:00,192) /lib/systemd/systemd-udevd
(root,0,0,00:03:19,245) [hv_balloon]
(root,0,0,00:02:23,251) [jbd2/sdc-8]
(root,0,0,00:00:00,252) [ext4-rsv-conver]
(root,25400,6956,00:00:00,303) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1856,00:00:15,324) /usr/sbin/cron -f
(root,46364,12316,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,2392,00:00:23,336) /lib/systemd/systemd-logind
(message+,33828,2512,00:01:26,342) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,936,00:09:29,362) /usr/sbin/nscd
(ntp,27072,3436,00:05:40,384) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,4432,1532,00:00:00,385) /sbin/agetty --noclear tty1 linux
(root,4252,1520,00:00:00,386) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(zabbix,77308,2164,00:00:00,388) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(root,104404,2092,00:58:39,392) /usr/bin/monit -c /etc/monit/monitrc
(zabbix,77308,2444,00:18:53,412) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,4340,00:15:24,413) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,4344,00:14:30,414) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,4344,00:15:02,415) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,4184,00:06:36,416) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,16044,1648,00:00:00,454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(postgres,225176,16008,00:02:03,468) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,180464,18280,00:05:23,482) /usr/sbin/apache2 -k start
(postgres,225176,2344,00:00:02,544) postgres: checkpointer process                                                                                              
(postgres,225176,3788,00:22:38,545) postgres: writer process                                                                                                    
(postgres,225176,2888,00:01:14,546) postgres: wal writer process                                                                                                
(postgres,225608,40808,00:01:41,547) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3260,00:21:58,548) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,671) [jbd2/sdb1-8]
(root,0,0,00:00:00,672) [ext4-rsv-conver]
(osm,1508080,200356,01:43:04,752) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,263476,157028,14:51:14,793) postgres: osm gis [local] idle                                                                                              
(postgres,266176,155324,09:59:06,1620) postgres: osm gis [local] idle                                                                                              
(postgres,258720,153844,07:15:33,1898) postgres: osm gis [local] idle                                                                                              
(postgres,268976,161948,06:03:32,1900) postgres: osm gis [local] idle                                                                                              
(root,53080,5376,00:00:00,7410) sshd: [accepted]    
(sshd,51008,3236,00:00:00,7412) sshd: [net]         
(root,11684,2612,00:00:00,7516) /bin/bash /usr/bin/check_mk_agent
(root,9092,804,00:00:00,7535) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1448,00:00:00,7536) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,10471) [kworker/1:2]
(root,0,0,00:00:00,11397) [kworker/u4:1]
(root,0,0,00:02:22,13423) [kworker/1:0]
(root,371040,21992,01:04:03,16596) python -u bin/WALinuxAgent-2.11.1.12-py3.9.egg -run-exthandlers
(www-data,1388944,16776,00:00:11,17058) /usr/sbin/apache2 -k start
(www-data,1388988,17224,00:00:11,17060) /usr/sbin/apache2 -k start
(root,0,0,00:00:05,17115) [kworker/0:0]
(root,48912,3572,00:03:47,20859) /usr/sbin/sshd -D
(root,490172,23868,00:01:16,21933) /usr/sbin/rsyslogd -n
(root,0,0,00:00:00,22183) [hv_vmbus_ctl]
(root,20324,2200,00:00:11,22184) /opt/omi/bin/omiserver -d
(omi,20316,2724,00:00:17,22186) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,0,0,00:00:00,22245) [hv_vmbus_ctl]
(root,172476,5936,00:01:59,22249) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,309836,59608,00:05:13,22519) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,5048,00:00:10,22572) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217948,19420,00:00:05,22584) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,0,0,00:00:02,23218) [kworker/u4:2]
(root,0,0,00:00:04,28970) [kworker/0:1]
      Found on 2024-09-11 14:34

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c571439298a3fb62

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28600,3296,00:06:14,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,2-03:34:04,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,15:53:17,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:43,9) [migration/0]
(root,0,0,00:14:29,10) [watchdog/0]
(root,0,0,00:01:00,11) [watchdog/1]
(root,0,0,00:00:59,12) [migration/1]
(root,0,0,1-11:56:17,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:06,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:25:46,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,82) [kpsmoused]
(root,0,0,00:00:00,84) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [ata_sff]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [scsi_eh_0]
(root,0,0,00:00:00,90) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [scsi_tmf_0]
(root,0,0,00:00:00,92) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,99) [hv_vmbus_ctl]
(root,0,0,00:00:00,100) [hv_vmbus_ctl]
(root,0,0,00:00:00,101) [scsi_eh_1]
(root,0,0,00:00:00,102) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,104) [scsi_tmf_2]
(root,0,0,00:00:00,105) [scsi_eh_3]
(root,0,0,00:00:00,107) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_tmf_3]
(root,0,0,00:00:00,109) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,115) [hv_vmbus_ctl]
(root,0,0,00:00:00,117) [scsi_eh_5]
(root,0,0,00:00:00,118) [scsi_tmf_5]
(root,0,0,00:00:09,124) [kworker/0:1H]
(root,0,0,06:00:39,125) [kworker/1:1H]
(root,0,0,00:06:45,143) [jbd2/sda1-8]
(root,0,0,00:00:00,144) [ext4-rsv-conver]
(root,0,0,00:00:00,187) [kauditd]
(root,357996,329588,00:29:35,195) /lib/systemd/systemd-journald
(root,41284,1832,00:00:00,197) /lib/systemd/systemd-udevd
(root,0,0,00:06:12,221) [hv_balloon]
(root,0,0,00:04:23,257) [jbd2/sdb-8]
(root,0,0,00:00:00,258) [ext4-rsv-conver]
(root,25400,6900,00:00:00,309) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1048,00:00:27,330) /usr/sbin/cron -f
(zabbix,77308,1700,00:00:00,335) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(zabbix,77308,2044,00:33:16,341) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3332,00:27:24,342) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3276,00:27:03,343) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3396,00:27:03,344) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,3084,00:11:18,345) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,46364,11172,00:00:00,350) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1288,00:00:43,352) /lib/systemd/systemd-logind
(message+,33836,1568,00:02:51,367) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,392,00:13:56,371) /usr/sbin/nscd
(root,104404,1180,01:40:49,380) /usr/bin/monit -c /etc/monit/monitrc
(root,48912,2420,00:08:38,389) /usr/sbin/sshd -D
(root,4432,760,00:00:00,409) /sbin/agetty --noclear tty1 linux
(root,72028,2396,00:00:00,410) /bin/login --         
(ntp,27072,2268,00:09:51,411) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,16044,1024,00:00:00,463) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,0,0,00:00:00,498) [jbd2/sdc1-8]
(root,0,0,00:00:00,501) [ext4-rsv-conver]
(root,183300,18500,00:09:17,507) /usr/sbin/apache2 -k start
(postgres,225176,14868,00:03:44,567) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(postgres,225312,4180,00:00:05,761) postgres: checkpointer process                                                                                              
(postgres,225176,3956,00:44:02,762) postgres: writer process                                                                                                    
(postgres,225176,6988,00:02:08,763) postgres: wal writer process                                                                                                
(postgres,225608,58544,00:03:05,764) postgres: autovacuum launcher process                                                                                       
(postgres,80464,2848,00:38:47,765) postgres: stats collector process                                                                                           
(osm,1647772,397716,03:07:48,800) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,257904,151304,18:46:25,807) postgres: osm gis [local] SELECT                                                                                            
(root,0,0,00:00:00,1252) [hv_vmbus_ctl]
(root,0,0,00:00:00,1255) [hv_vmbus_ctl]
(srekhomp,27240,2636,00:00:00,4005) /lib/systemd/systemd --user
(srekhomp,49920,1780,00:00:00,4008) (sd-pam)  
(srekhomp,4336,672,00:00:00,4011) -sh
(root,53964,2428,00:00:00,4027) sudo su
(root,53248,2116,00:00:00,4030) su
(root,11880,1920,00:00:00,4031) bash
(root,0,0,00:00:00,6859) [kworker/1:1]
(root,0,0,00:00:20,6870) [kworker/0:1]
(root,0,0,00:00:20,10990) [kworker/1:2]
(root,0,0,00:00:00,12204) [kworker/u4:2]
(postgres,262672,155872,14:04:26,14947) postgres: osm gis [local] SELECT                                                                                            
(postgres,253512,146268,11:29:35,14948) postgres: osm gis [local] SELECT                                                                                            
(postgres,266400,159204,11:13:42,14949) postgres: osm gis [local] SELECT                                                                                            
(root,372988,22220,06:24:13,19916) python -u bin/WALinuxAgent-2.9.0.4-py2.7.egg -run-exthandlers
(root,0,0,00:00:00,21159) [kworker/u4:1]
(root,490172,22656,00:03:59,22889) /usr/sbin/rsyslogd -n
(root,20324,2008,00:00:34,23141) /opt/omi/bin/omiserver -d
(omi,20316,2692,00:00:57,23143) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,5252,00:07:57,23207) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,0,0,00:00:07,23471) [kworker/0:2]
(www-data,1392072,16848,00:00:29,23474) /usr/sbin/apache2 -k start
(www-data,1391992,16768,00:00:30,23476) /usr/sbin/apache2 -k start
(omsagent,312912,60868,00:16:37,23505) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,4508,00:00:32,23561) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217940,18812,00:00:21,23591) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,11684,2628,00:00:00,31690) /bin/bash /usr/bin/check_mk_agent
(root,9092,856,00:00:00,31709) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1568,00:00:00,31710) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
      Found on 2023-03-18 00:40

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c571439266e91d6b

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28664,3276,00:05:36,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,1-22:51:53,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,14:52:25,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:39,9) [migration/0]
(root,0,0,00:13:07,10) [watchdog/0]
(root,0,0,00:00:54,11) [watchdog/1]
(root,0,0,00:00:54,12) [migration/1]
(root,0,0,1-10:01:38,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:05,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:15:25,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,82) [kpsmoused]
(root,0,0,00:00:00,84) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [ata_sff]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [scsi_eh_0]
(root,0,0,00:00:00,90) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [scsi_tmf_0]
(root,0,0,00:00:00,92) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,99) [hv_vmbus_ctl]
(root,0,0,00:00:00,100) [hv_vmbus_ctl]
(root,0,0,00:00:00,101) [scsi_eh_1]
(root,0,0,00:00:00,102) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,104) [scsi_tmf_2]
(root,0,0,00:00:00,105) [scsi_eh_3]
(root,0,0,00:00:00,107) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_tmf_3]
(root,0,0,00:00:00,109) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,115) [hv_vmbus_ctl]
(root,0,0,00:00:00,117) [scsi_eh_5]
(root,0,0,00:00:00,118) [scsi_tmf_5]
(root,0,0,00:00:07,124) [kworker/0:1H]
(root,0,0,04:49:53,125) [kworker/1:1H]
(root,0,0,00:06:03,143) [jbd2/sda1-8]
(root,0,0,00:00:00,144) [ext4-rsv-conver]
(root,0,0,00:00:00,187) [kauditd]
(root,322716,294968,00:26:37,195) /lib/systemd/systemd-journald
(root,41284,1832,00:00:00,197) /lib/systemd/systemd-udevd
(root,0,0,00:05:37,221) [hv_balloon]
(root,0,0,00:03:41,257) [jbd2/sdb-8]
(root,0,0,00:00:00,258) [ext4-rsv-conver]
(root,25400,6900,00:00:00,309) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1048,00:00:24,330) /usr/sbin/cron -f
(zabbix,77308,1700,00:00:00,335) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(zabbix,77308,2044,00:29:44,341) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3316,00:24:29,342) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3276,00:24:10,343) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3396,00:24:08,344) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,3084,00:10:06,345) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,46364,11172,00:00:00,350) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1288,00:00:38,352) /lib/systemd/systemd-logind
(message+,33836,1568,00:02:33,367) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,404,00:12:32,371) /usr/sbin/nscd
(root,104404,1180,01:30:03,380) /usr/bin/monit -c /etc/monit/monitrc
(root,48912,2420,00:07:49,389) /usr/sbin/sshd -D
(root,4432,760,00:00:00,409) /sbin/agetty --noclear tty1 linux
(root,72028,2404,00:00:00,410) /bin/login --         
(ntp,27072,2316,00:08:48,411) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,16044,776,00:00:00,463) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,0,0,00:00:00,498) [jbd2/sdc1-8]
(root,0,0,00:00:00,501) [ext4-rsv-conver]
(root,182704,15380,00:08:19,507) /usr/sbin/apache2 -k start
(postgres,225176,14872,00:03:20,567) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(postgres,225312,4348,00:00:04,761) postgres: checkpointer process                                                                                              
(postgres,225176,4156,00:35:59,762) postgres: writer process                                                                                                    
(postgres,225176,7016,00:01:56,763) postgres: wal writer process                                                                                                
(postgres,225608,52884,00:02:46,764) postgres: autovacuum launcher process                                                                                       
(postgres,80464,2848,00:31:40,765) postgres: stats collector process                                                                                           
(osm,1516700,268404,02:43:55,800) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,253532,146308,16:47:09,807) postgres: osm gis [local] SELECT                                                                                            
(root,0,0,00:00:00,1252) [hv_vmbus_ctl]
(root,0,0,00:00:00,1255) [hv_vmbus_ctl]
(root,0,0,00:00:00,1369) [kworker/0:1]
(root,0,0,00:00:27,1370) [kworker/1:0]
(srekhomp,27240,2244,00:00:00,4005) /lib/systemd/systemd --user
(srekhomp,49920,1780,00:00:00,4008) (sd-pam)  
(srekhomp,4336,696,00:00:00,4011) -sh
(root,53964,2436,00:00:00,4027) sudo su
(root,53248,2116,00:00:00,4030) su
(root,11880,1924,00:00:00,4031) bash
(root,0,0,00:00:00,5816) [kworker/u4:2]
(root,490172,31332,00:03:26,8696) /usr/sbin/rsyslogd -n
(root,20324,2092,00:00:31,8938) /opt/omi/bin/omiserver -d
(omi,20316,2768,00:00:53,8940) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,5916,00:06:53,9004) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,312912,61860,00:15:15,9306) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,4624,00:00:28,9363) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217944,18764,00:00:18,9393) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,11684,2628,00:00:00,11738) /bin/bash /usr/bin/check_mk_agent
(root,9092,820,00:00:00,11757) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1580,00:00:00,11758) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,12024) [kworker/u4:1]
(www-data,1391332,16568,00:00:42,13428) /usr/sbin/apache2 -k start
(www-data,1391492,14976,00:00:43,13430) /usr/sbin/apache2 -k start
(postgres,253568,146316,11:51:38,14947) postgres: osm gis [local] SELECT                                                                                            
(postgres,253708,146180,09:23:04,14948) postgres: osm gis [local] SELECT                                                                                            
(postgres,263144,155392,09:19:23,14949) postgres: osm gis [local] SELECT                                                                                            
(root,372988,22272,05:24:59,19916) python -u bin/WALinuxAgent-2.9.0.4-py2.7.egg -run-exthandlers
(root,0,0,00:00:34,27527) [kworker/0:0]
(root,0,0,00:00:21,27547) [kworker/1:1]
      Found on 2023-03-03 06:31

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392aaf551b4

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28636,3664,00:04:58,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,1-17:33:49,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,13:19:34,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:34,9) [migration/0]
(root,0,0,00:11:36,10) [watchdog/0]
(root,0,0,00:00:47,11) [watchdog/1]
(root,0,0,00:00:50,12) [migration/1]
(root,0,0,1-06:27:00,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:04,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:05:23,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,82) [kpsmoused]
(root,0,0,00:00:00,84) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [ata_sff]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [scsi_eh_0]
(root,0,0,00:00:00,90) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [scsi_tmf_0]
(root,0,0,00:00:00,92) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,99) [hv_vmbus_ctl]
(root,0,0,00:00:00,100) [hv_vmbus_ctl]
(root,0,0,00:00:00,101) [scsi_eh_1]
(root,0,0,00:00:00,102) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,104) [scsi_tmf_2]
(root,0,0,00:00:00,105) [scsi_eh_3]
(root,0,0,00:00:00,107) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_tmf_3]
(root,0,0,00:00:00,109) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,115) [hv_vmbus_ctl]
(root,0,0,00:00:00,117) [scsi_eh_5]
(root,0,0,00:00:00,118) [scsi_tmf_5]
(root,0,0,00:00:06,124) [kworker/0:1H]
(root,0,0,04:07:16,125) [kworker/1:1H]
(root,0,0,00:05:19,143) [jbd2/sda1-8]
(root,0,0,00:00:00,144) [ext4-rsv-conver]
(root,0,0,00:00:00,187) [kauditd]
(root,290072,260840,00:23:40,195) /lib/systemd/systemd-journald
(root,41284,1792,00:00:00,197) /lib/systemd/systemd-udevd
(root,0,0,00:04:57,221) [hv_balloon]
(root,0,0,00:03:10,257) [jbd2/sdb-8]
(root,0,0,00:00:00,258) [ext4-rsv-conver]
(root,25400,6900,00:00:00,309) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1052,00:00:21,330) /usr/sbin/cron -f
(zabbix,77308,1704,00:00:00,335) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(zabbix,77308,2048,00:26:09,341) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3532,00:21:32,342) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3556,00:21:16,343) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3676,00:21:13,344) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,3340,00:08:52,345) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,46364,11200,00:00:00,350) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1288,00:00:33,352) /lib/systemd/systemd-logind
(message+,33836,1528,00:02:14,367) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,404,00:11:07,371) /usr/sbin/nscd
(root,104404,1596,01:19:06,380) /usr/bin/monit -c /etc/monit/monitrc
(root,48912,2712,00:06:59,389) /usr/sbin/sshd -D
(root,4432,764,00:00:00,409) /sbin/agetty --noclear tty1 linux
(root,72028,2560,00:00:00,410) /bin/login --         
(ntp,27072,2312,00:07:44,411) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,16044,1028,00:00:00,463) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,0,0,00:00:00,498) [jbd2/sdc1-8]
(root,0,0,00:00:00,501) [ext4-rsv-conver]
(root,182016,17124,00:07:19,507) /usr/sbin/apache2 -k start
(postgres,225176,15172,00:02:56,567) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,0,0,00:00:04,666) [kworker/u4:2]
(postgres,225176,1844,00:00:04,761) postgres: checkpointer process                                                                                              
(postgres,225176,3008,00:30:50,762) postgres: writer process                                                                                                    
(postgres,225176,2536,00:01:42,763) postgres: wal writer process                                                                                                
(postgres,225608,47904,00:02:26,764) postgres: autovacuum launcher process                                                                                       
(postgres,80464,2848,00:27:08,765) postgres: stats collector process                                                                                           
(osm,1582236,285832,02:22:09,800) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,262568,156064,14:27:10,807) postgres: osm gis [local] SELECT                                                                                            
(root,0,0,00:00:00,1252) [hv_vmbus_ctl]
(root,0,0,00:00:00,1255) [hv_vmbus_ctl]
(root,490172,50452,00:02:01,3012) /usr/sbin/rsyslogd -n
(root,20324,2124,00:00:17,3255) /opt/omi/bin/omiserver -d
(omi,20316,2860,00:00:30,3257) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,5480,00:04:08,3315) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,317008,64308,00:08:54,3577) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,4664,00:00:16,3631) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217948,18856,00:00:10,3663) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(srekhomp,27240,2404,00:00:00,4005) /lib/systemd/systemd --user
(srekhomp,49920,1780,00:00:00,4008) (sd-pam)  
(srekhomp,4336,700,00:00:00,4011) -sh
(root,53964,2624,00:00:00,4027) sudo su
(root,53248,2260,00:00:00,4030) su
(root,11880,1940,00:00:00,4031) bash
(root,0,0,00:00:59,6745) [kworker/0:2]
(www-data,1390688,17736,00:00:50,6747) /usr/sbin/apache2 -k start
(www-data,1390944,15900,00:00:51,6749) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,11592) [kworker/0:0]
(root,0,0,00:00:04,11593) [kworker/1:0]
(postgres,257796,150736,10:12:25,14947) postgres: osm gis [local] idle                                                                                              
(postgres,261892,154380,08:08:49,14948) postgres: osm gis [local] idle                                                                                              
(postgres,268932,161280,07:52:27,14949) postgres: osm gis [local] idle                                                                                              
(root,0,0,00:00:00,17118) [kworker/u4:1]
(root,11684,2628,00:00:00,17413) /bin/bash /usr/bin/check_mk_agent
(root,9092,804,00:00:00,17432) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1500,00:00:00,17433) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,372988,22364,04:24:14,19916) python -u bin/WALinuxAgent-2.9.0.4-py2.7.egg -run-exthandlers
(root,0,0,00:01:13,30287) [kworker/1:1]
      Found on 2023-02-16 07:58

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c571439218c27b54

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28636,3304,00:04:52,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,1-16:53:09,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,13:05:58,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:34,9) [migration/0]
(root,0,0,00:11:23,10) [watchdog/0]
(root,0,0,00:00:46,11) [watchdog/1]
(root,0,0,00:00:49,12) [migration/1]
(root,0,0,1-05:57:50,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:04,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,01:04:35,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:01,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,82) [kpsmoused]
(root,0,0,00:00:00,84) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [ata_sff]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [scsi_eh_0]
(root,0,0,00:00:00,90) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [scsi_tmf_0]
(root,0,0,00:00:00,92) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,99) [hv_vmbus_ctl]
(root,0,0,00:00:00,100) [hv_vmbus_ctl]
(root,0,0,00:00:00,101) [scsi_eh_1]
(root,0,0,00:00:00,102) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,104) [scsi_tmf_2]
(root,0,0,00:00:00,105) [scsi_eh_3]
(root,0,0,00:00:00,107) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_tmf_3]
(root,0,0,00:00:00,109) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,115) [hv_vmbus_ctl]
(root,0,0,00:00:00,117) [scsi_eh_5]
(root,0,0,00:00:00,118) [scsi_tmf_5]
(root,0,0,00:00:06,124) [kworker/0:1H]
(root,0,0,04:03:15,125) [kworker/1:1H]
(root,0,0,00:05:14,143) [jbd2/sda1-8]
(root,0,0,00:00:00,144) [ext4-rsv-conver]
(root,0,0,00:00:00,187) [kauditd]
(root,289276,257708,00:23:02,195) /lib/systemd/systemd-journald
(root,41284,1792,00:00:00,197) /lib/systemd/systemd-udevd
(root,0,0,00:04:53,221) [hv_balloon]
(root,0,0,00:03:07,257) [jbd2/sdb-8]
(root,0,0,00:00:00,258) [ext4-rsv-conver]
(root,25400,6900,00:00:00,309) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1052,00:00:21,330) /usr/sbin/cron -f
(zabbix,77308,1704,00:00:00,335) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(zabbix,77308,2048,00:25:44,341) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3532,00:21:11,342) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3532,00:20:56,343) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3652,00:20:53,344) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,3340,00:08:44,345) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,46364,11200,00:00:00,350) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1288,00:00:33,352) /lib/systemd/systemd-logind
(message+,33836,1528,00:02:12,367) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,408,00:10:53,371) /usr/sbin/nscd
(root,104404,1596,01:17:45,380) /usr/bin/monit -c /etc/monit/monitrc
(root,48912,2712,00:06:48,389) /usr/sbin/sshd -D
(root,4432,764,00:00:00,409) /sbin/agetty --noclear tty1 linux
(root,72028,2560,00:00:00,410) /bin/login --         
(ntp,27072,2352,00:07:36,411) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,16044,904,00:00:00,463) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,0,0,00:00:00,498) [jbd2/sdc1-8]
(root,0,0,00:00:00,501) [ext4-rsv-conver]
(root,182016,17324,00:07:12,507) /usr/sbin/apache2 -k start
(postgres,225176,15172,00:02:53,567) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(postgres,225176,1848,00:00:04,761) postgres: checkpointer process                                                                                              
(postgres,225176,3008,00:30:20,762) postgres: writer process                                                                                                    
(postgres,225176,2536,00:01:40,763) postgres: wal writer process                                                                                                
(postgres,225608,47220,00:02:24,764) postgres: autovacuum launcher process                                                                                       
(postgres,80464,2848,00:26:42,765) postgres: stats collector process                                                                                           
(osm,1582236,273460,02:19:52,800) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,253532,146252,14:11:47,807) postgres: osm gis [local] SELECT                                                                                            
(root,0,0,00:00:00,1252) [hv_vmbus_ctl]
(root,0,0,00:00:00,1255) [hv_vmbus_ctl]
(root,424636,26200,00:00:44,3012) /usr/sbin/rsyslogd -n
(root,0,0,00:00:28,3210) [kworker/0:1]
(root,20324,2124,00:00:06,3255) /opt/omi/bin/omiserver -d
(omi,20316,2860,00:00:11,3257) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,5088,00:01:38,3315) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,312912,59828,00:03:14,3577) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,4664,00:00:06,3631) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217948,18956,00:00:04,3663) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(srekhomp,27240,2708,00:00:00,4005) /lib/systemd/systemd --user
(srekhomp,49920,1780,00:00:00,4008) (sd-pam)  
(srekhomp,4336,700,00:00:00,4011) -sh
(root,53964,2624,00:00:00,4027) sudo su
(root,53248,2260,00:00:00,4030) su
(root,11880,1940,00:00:00,4031) bash
(postgres,269076,162560,10:01:58,14947) postgres: osm gis [local] idle                                                                                              
(postgres,265028,157660,08:02:30,14948) postgres: osm gis [local] idle                                                                                              
(postgres,267048,158760,07:48:17,14949) postgres: osm gis [local] idle                                                                                              
(root,372988,22692,04:17:19,19916) python -u bin/WALinuxAgent-2.9.0.4-py2.7.egg -run-exthandlers
(root,0,0,00:00:00,20123) [kworker/0:2]
(root,0,0,00:00:02,20132) [kworker/1:0]
(root,0,0,00:00:08,23407) [kworker/1:2]
(root,0,0,00:00:00,28973) [kworker/u4:0]
(root,0,0,00:00:00,30397) [kworker/u4:1]
(root,11684,2628,00:00:00,31597) /bin/bash /usr/bin/check_mk_agent
(root,9092,836,00:00:00,31616) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1552,00:00:00,31617) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(www-data,1390552,17012,00:00:12,32678) /usr/sbin/apache2 -k start
(www-data,1390608,14984,00:00:13,32680) /usr/sbin/apache2 -k start
      Found on 2023-02-14 15:07

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c57143927176c72b

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28584,3736,00:04:29,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,1-13:53:25,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,12:14:26,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:31,9) [migration/0]
(root,0,0,00:10:32,10) [watchdog/0]
(root,0,0,00:00:43,11) [watchdog/1]
(root,0,0,00:00:47,12) [migration/1]
(root,0,0,1-04:01:26,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:04,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,00:58:27,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:00,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,82) [kpsmoused]
(root,0,0,00:00:00,84) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [ata_sff]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [scsi_eh_0]
(root,0,0,00:00:00,90) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [scsi_tmf_0]
(root,0,0,00:00:00,92) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,99) [hv_vmbus_ctl]
(root,0,0,00:00:00,100) [hv_vmbus_ctl]
(root,0,0,00:00:00,101) [scsi_eh_1]
(root,0,0,00:00:00,102) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,104) [scsi_tmf_2]
(root,0,0,00:00:00,105) [scsi_eh_3]
(root,0,0,00:00:00,107) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_tmf_3]
(root,0,0,00:00:00,109) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,115) [hv_vmbus_ctl]
(root,0,0,00:00:00,117) [scsi_eh_5]
(root,0,0,00:00:00,118) [scsi_tmf_5]
(root,0,0,00:00:05,124) [kworker/0:1H]
(root,0,0,03:37:26,125) [kworker/1:1H]
(root,0,0,00:04:49,143) [jbd2/sda1-8]
(root,0,0,00:00:00,144) [ext4-rsv-conver]
(root,0,0,00:00:00,187) [kauditd]
(root,271472,239648,00:21:15,195) /lib/systemd/systemd-journald
(root,41284,1816,00:00:00,197) /lib/systemd/systemd-udevd
(root,0,0,00:04:30,221) [hv_balloon]
(root,0,0,00:02:46,257) [jbd2/sdb-8]
(root,0,0,00:00:00,258) [ext4-rsv-conver]
(root,25400,6900,00:00:00,309) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1076,00:00:19,330) /usr/sbin/cron -f
(zabbix,77308,1704,00:00:00,335) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(zabbix,77308,2048,00:23:42,341) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3656,00:19:29,342) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3656,00:19:16,343) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3776,00:19:11,344) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,3432,00:08:03,345) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,46364,11468,00:00:00,350) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1480,00:00:30,352) /lib/systemd/systemd-logind
(message+,33712,1624,00:02:02,367) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,416,00:10:04,371) /usr/sbin/nscd
(root,104404,1620,01:11:21,380) /usr/bin/monit -c /etc/monit/monitrc
(root,48912,2968,00:06:17,389) /usr/sbin/sshd -D
(root,4432,788,00:00:00,409) /sbin/agetty --noclear tty1 linux
(root,4252,728,00:00:00,410) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(ntp,27072,2532,00:07:00,411) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,16044,1032,00:00:00,463) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,0,0,00:00:00,498) [jbd2/sdc1-8]
(root,0,0,00:00:00,501) [ext4-rsv-conver]
(root,181588,18976,00:06:39,507) /usr/sbin/apache2 -k start
(postgres,225176,15380,00:02:39,567) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(postgres,225176,2052,00:00:03,761) postgres: checkpointer process                                                                                              
(postgres,225176,3204,00:27:15,762) postgres: writer process                                                                                                    
(postgres,225176,2588,00:01:32,763) postgres: wal writer process                                                                                                
(postgres,225608,43616,00:02:12,764) postgres: autovacuum launcher process                                                                                       
(postgres,80464,2900,00:24:00,765) postgres: stats collector process                                                                                           
(osm,1451164,203068,02:05:25,800) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,265080,156488,12:56:46,807) postgres: osm gis [local] idle                                                                                              
(root,0,0,00:00:00,1252) [hv_vmbus_ctl]
(root,0,0,00:00:00,1255) [hv_vmbus_ctl]
(root,0,0,00:00:03,1317) [kworker/u4:1]
(root,0,0,00:01:08,3789) [kworker/1:0]
(root,416440,13280,00:00:26,3800) /usr/sbin/rsyslogd -n
(root,0,0,00:00:56,3997) [kworker/0:0]
(root,20324,2612,00:00:03,4042) /opt/omi/bin/omiserver -d
(omi,20316,3100,00:00:06,4044) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,8460,00:00:48,4108) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,321104,66624,00:01:56,4359) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,7736,00:00:03,4415) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217944,21212,00:00:02,4444) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,0,0,00:00:00,4619) [kworker/u4:0]
(root,11684,2624,00:00:00,7475) /bin/bash /usr/bin/check_mk_agent
(root,9092,804,00:00:00,7494) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1496,00:00:00,7495) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:27,9431) [kworker/1:2]
(postgres,268196,159656,08:59:26,14947) postgres: osm gis [local] idle                                                                                              
(postgres,266924,159476,07:03:26,14948) postgres: osm gis [local] idle                                                                                              
(postgres,268192,159076,06:52:14,14949) postgres: osm gis [local] idle                                                                                              
(root,0,0,00:00:00,17323) [kworker/0:2]
(www-data,1389712,15184,00:00:35,17326) /usr/sbin/apache2 -k start
(www-data,1389996,15412,00:00:36,17328) /usr/sbin/apache2 -k start
(root,372988,22992,03:42:50,19916) python -u bin/WALinuxAgent-2.9.0.4-py2.7.egg -run-exthandlers
      Found on 2023-02-06 02:56

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392b5f4d98c

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28584,3608,00:04:26,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,1-13:21:03,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,12:03:02,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:31,9) [migration/0]
(root,0,0,00:10:23,10) [watchdog/0]
(root,0,0,00:00:42,11) [watchdog/1]
(root,0,0,00:00:46,12) [migration/1]
(root,0,0,1-03:32:29,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:04,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,00:58:19,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:00,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,82) [kpsmoused]
(root,0,0,00:00:00,84) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [ata_sff]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [scsi_eh_0]
(root,0,0,00:00:00,90) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [scsi_tmf_0]
(root,0,0,00:00:00,92) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,99) [hv_vmbus_ctl]
(root,0,0,00:00:00,100) [hv_vmbus_ctl]
(root,0,0,00:00:00,101) [scsi_eh_1]
(root,0,0,00:00:00,102) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,104) [scsi_tmf_2]
(root,0,0,00:00:00,105) [scsi_eh_3]
(root,0,0,00:00:00,107) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_tmf_3]
(root,0,0,00:00:00,109) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,115) [hv_vmbus_ctl]
(root,0,0,00:00:00,117) [scsi_eh_5]
(root,0,0,00:00:00,118) [scsi_tmf_5]
(root,0,0,00:00:05,124) [kworker/0:1H]
(root,0,0,03:37:12,125) [kworker/1:1H]
(root,0,0,00:04:46,143) [jbd2/sda1-8]
(root,0,0,00:00:00,144) [ext4-rsv-conver]
(root,0,0,00:00:00,187) [kauditd]
(root,262264,235180,00:21:04,195) /lib/systemd/systemd-journald
(root,41284,1816,00:00:00,197) /lib/systemd/systemd-udevd
(root,0,0,00:04:27,221) [hv_balloon]
(root,0,0,00:02:46,257) [jbd2/sdb-8]
(root,0,0,00:00:00,258) [ext4-rsv-conver]
(root,25400,6900,00:00:00,309) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1076,00:00:19,330) /usr/sbin/cron -f
(zabbix,77308,1704,00:00:00,335) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(zabbix,77308,2048,00:23:25,341) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3628,00:19:16,342) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3668,00:19:03,343) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3748,00:18:57,344) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,3432,00:07:57,345) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,46364,11468,00:00:00,350) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1288,00:00:30,352) /lib/systemd/systemd-logind
(message+,33712,1520,00:02:00,367) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,416,00:09:58,371) /usr/sbin/nscd
(root,104404,1620,01:10:31,380) /usr/bin/monit -c /etc/monit/monitrc
(root,48912,2968,00:06:13,389) /usr/sbin/sshd -D
(root,4432,788,00:00:00,409) /sbin/agetty --noclear tty1 linux
(root,4252,728,00:00:00,410) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(ntp,27072,2420,00:06:55,411) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,16044,660,00:00:00,463) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,0,0,00:00:00,498) [jbd2/sdc1-8]
(root,0,0,00:00:00,501) [ext4-rsv-conver]
(root,181588,16816,00:06:34,507) /usr/sbin/apache2 -k start
(postgres,225176,15380,00:02:38,567) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(postgres,225176,2052,00:00:03,761) postgres: checkpointer process                                                                                              
(postgres,225176,3204,00:27:13,762) postgres: writer process                                                                                                    
(postgres,225176,2588,00:01:32,763) postgres: wal writer process                                                                                                
(postgres,225608,43548,00:02:11,764) postgres: autovacuum launcher process                                                                                       
(postgres,80464,2900,00:23:57,765) postgres: stats collector process                                                                                           
(osm,1451164,171128,02:05:10,800) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,268252,160796,12:53:14,807) postgres: osm gis [local] idle                                                                                              
(root,0,0,00:00:00,1252) [hv_vmbus_ctl]
(root,0,0,00:00:00,1255) [hv_vmbus_ctl]
(root,0,0,00:00:00,1317) [kworker/u4:1]
(www-data,1389980,14844,00:00:29,2615) /usr/sbin/apache2 -k start
(www-data,1390412,17200,00:00:29,2617) /usr/sbin/apache2 -k start
(root,490172,27972,00:04:34,10290) /usr/sbin/rsyslogd -n
(root,20324,2068,00:00:41,10531) /opt/omi/bin/omiserver -d
(omi,20316,2672,00:01:11,10533) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,4952,00:08:36,10599) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,321104,66352,00:20:08,10866) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,4232,00:00:37,10924) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217948,18528,00:00:25,10953) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,11684,2632,00:00:00,11450) /bin/bash /usr/bin/check_mk_agent
(root,9092,824,00:00:00,11469) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1548,00:00:00,11470) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(postgres,268196,159792,08:59:26,14947) postgres: osm gis [local] idle                                                                                              
(postgres,266924,159612,07:03:26,14948) postgres: osm gis [local] idle                                                                                              
(postgres,268192,159212,06:52:14,14949) postgres: osm gis [local] idle                                                                                              
(root,0,0,00:00:00,16142) [kworker/u4:2]
(root,372968,21556,03:38:15,19916) python -u bin/WALinuxAgent-2.9.0.4-py2.7.egg -run-exthandlers
(root,0,0,00:00:00,23963) [kworker/0:2]
(root,0,0,00:00:30,23975) [kworker/1:1]
(root,0,0,00:01:14,24813) [kworker/0:1]
(root,0,0,00:00:06,26885) [kworker/1:0]
      Found on 2023-02-04 23:42

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392b8ae0c36

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28584,3724,00:04:15,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,1-11:56:44,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,11:47:29,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:29,9) [migration/0]
(root,0,0,00:10:00,10) [watchdog/0]
(root,0,0,00:00:40,11) [watchdog/1]
(root,0,0,00:00:45,12) [migration/1]
(root,0,0,1-03:06:49,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:04,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,00:54:20,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:00,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,82) [kpsmoused]
(root,0,0,00:00:00,84) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [ata_sff]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [scsi_eh_0]
(root,0,0,00:00:00,90) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [scsi_tmf_0]
(root,0,0,00:00:00,92) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,99) [hv_vmbus_ctl]
(root,0,0,00:00:00,100) [hv_vmbus_ctl]
(root,0,0,00:00:00,101) [scsi_eh_1]
(root,0,0,00:00:00,102) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,104) [scsi_tmf_2]
(root,0,0,00:00:00,105) [scsi_eh_3]
(root,0,0,00:00:00,107) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_tmf_3]
(root,0,0,00:00:00,109) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,115) [hv_vmbus_ctl]
(root,0,0,00:00:00,117) [scsi_eh_5]
(root,0,0,00:00:00,118) [scsi_tmf_5]
(root,0,0,00:00:05,124) [kworker/0:1H]
(root,0,0,03:12:31,125) [kworker/1:1H]
(root,0,0,00:04:33,143) [jbd2/sda1-8]
(root,0,0,00:00:00,144) [ext4-rsv-conver]
(root,0,0,00:00:00,187) [kauditd]
(root,254104,219624,00:20:02,195) /lib/systemd/systemd-journald
(root,41284,1816,00:00:00,197) /lib/systemd/systemd-udevd
(root,0,0,00:04:16,221) [hv_balloon]
(root,0,0,00:02:32,257) [jbd2/sdb-8]
(root,0,0,00:00:00,258) [ext4-rsv-conver]
(root,25400,6900,00:00:00,309) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1076,00:00:18,330) /usr/sbin/cron -f
(zabbix,77308,1704,00:00:00,335) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(zabbix,77308,2048,00:22:20,341) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3684,00:18:21,342) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3684,00:18:08,343) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3804,00:18:02,344) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,3464,00:07:35,345) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,46364,11468,00:00:00,350) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1288,00:00:29,352) /lib/systemd/systemd-logind
(message+,33712,1516,00:01:55,367) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,416,00:09:33,371) /usr/sbin/nscd
(root,104404,1620,01:07:07,380) /usr/bin/monit -c /etc/monit/monitrc
(root,48912,3000,00:05:58,389) /usr/sbin/sshd -D
(root,4432,788,00:00:00,409) /sbin/agetty --noclear tty1 linux
(root,4252,728,00:00:00,410) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(ntp,27072,2404,00:06:36,411) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,16044,1032,00:00:00,463) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,0,0,00:00:00,498) [jbd2/sdc1-8]
(root,0,0,00:00:00,501) [ext4-rsv-conver]
(root,181416,18852,00:06:16,507) /usr/sbin/apache2 -k start
(postgres,225176,15412,00:02:30,567) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(postgres,225176,2052,00:00:03,761) postgres: checkpointer process                                                                                              
(postgres,225176,3280,00:24:29,762) postgres: writer process                                                                                                    
(postgres,225176,2588,00:01:27,763) postgres: wal writer process                                                                                                
(postgres,225608,41084,00:02:05,764) postgres: autovacuum launcher process                                                                                       
(postgres,80464,2900,00:21:33,765) postgres: stats collector process                                                                                           
(osm,1516700,230512,01:56:52,800) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,279892,170592,12:00:15,807) postgres: osm gis [local] SELECT                                                                                            
(root,0,0,00:00:00,1252) [hv_vmbus_ctl]
(root,0,0,00:00:00,1255) [hv_vmbus_ctl]
(root,0,0,00:00:00,6378) [kworker/0:1]
(root,0,0,00:00:02,6379) [kworker/1:1]
(root,416440,23692,00:01:18,10290) /usr/sbin/rsyslogd -n
(root,20324,2144,00:00:12,10531) /opt/omi/bin/omiserver -d
(omi,20316,2828,00:00:21,10533) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,5608,00:02:26,10599) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,0,0,00:00:00,10785) [kworker/u4:1]
(omsagent,319056,63968,00:06:01,10866) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,5036,00:00:10,10924) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217948,18936,00:00:07,10953) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,0,0,00:00:01,14604) [kworker/0:2]
(www-data,1388376,15708,00:00:00,14606) /usr/sbin/apache2 -k start
(www-data,1389372,16132,00:00:01,14608) /usr/sbin/apache2 -k start
(postgres,268196,161160,08:13:56,14947) postgres: osm gis [local] SELECT                                                                                            
(postgres,274304,168172,06:19:37,14948) postgres: osm gis [local] SELECT                                                                                            
(postgres,266180,159296,06:13:00,14949) postgres: osm gis [local] SELECT                                                                                            
(root,0,0,00:00:00,16194) [kworker/u4:0]
(root,11684,2608,00:00:00,16811) /bin/bash /usr/bin/check_mk_agent
(root,9092,804,00:00:00,16830) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1544,00:00:00,16831) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,372968,21620,03:19:39,19916) python -u bin/WALinuxAgent-2.9.0.4-py2.7.egg -run-exthandlers
(root,0,0,00:00:20,21435) [kworker/1:0]
(root,0,0,00:00:00,25599) [kworker/u4:2]
      Found on 2023-01-31 08:51

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c57143922d4cc62a

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28588,3292,00:03:48,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,1-07:55:12,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,10:34:45,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:26,9) [migration/0]
(root,0,0,00:08:50,10) [watchdog/0]
(root,0,0,00:00:35,11) [watchdog/1]
(root,0,0,00:00:42,12) [migration/1]
(root,0,0,1-00:17:03,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:03,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,00:48:50,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:00,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,82) [kpsmoused]
(root,0,0,00:00:00,84) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [ata_sff]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [scsi_eh_0]
(root,0,0,00:00:00,90) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [scsi_tmf_0]
(root,0,0,00:00:00,92) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,99) [hv_vmbus_ctl]
(root,0,0,00:00:00,100) [hv_vmbus_ctl]
(root,0,0,00:00:00,101) [scsi_eh_1]
(root,0,0,00:00:00,102) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,104) [scsi_tmf_2]
(root,0,0,00:00:00,105) [scsi_eh_3]
(root,0,0,00:00:00,107) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_tmf_3]
(root,0,0,00:00:00,109) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,115) [hv_vmbus_ctl]
(root,0,0,00:00:00,117) [scsi_eh_5]
(root,0,0,00:00:00,118) [scsi_tmf_5]
(root,0,0,00:00:04,124) [kworker/0:1H]
(root,0,0,02:45:08,125) [kworker/1:1H]
(root,0,0,00:04:01,143) [jbd2/sda1-8]
(root,0,0,00:00:00,144) [ext4-rsv-conver]
(root,0,0,00:00:00,187) [kauditd]
(root,228228,201964,00:18:05,195) /lib/systemd/systemd-journald
(root,41284,1816,00:00:00,197) /lib/systemd/systemd-udevd
(root,0,0,00:03:47,221) [hv_balloon]
(root,0,0,00:02:12,257) [jbd2/sdb-8]
(root,0,0,00:00:00,258) [ext4-rsv-conver]
(root,25400,6900,00:00:00,309) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1076,00:00:16,330) /usr/sbin/cron -f
(zabbix,77308,1704,00:00:00,335) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(zabbix,77308,2048,00:19:45,341) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3716,00:16:12,342) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3700,00:16:02,343) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,3836,00:15:54,344) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,3456,00:06:42,345) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,46364,11468,00:00:00,350) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1288,00:00:25,352) /lib/systemd/systemd-logind
(message+,33712,1516,00:01:42,367) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,416,00:08:34,371) /usr/sbin/nscd
(root,104404,1616,00:59:23,380) /usr/bin/monit -c /etc/monit/monitrc
(root,48912,3000,00:05:23,389) /usr/sbin/sshd -D
(root,4432,788,00:00:00,409) /sbin/agetty --noclear tty1 linux
(root,4252,728,00:00:00,410) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(ntp,27072,2400,00:05:50,411) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,16044,1032,00:00:00,463) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,0,0,00:00:00,498) [jbd2/sdc1-8]
(root,0,0,00:00:00,501) [ext4-rsv-conver]
(root,180812,15872,00:05:32,507) /usr/sbin/apache2 -k start
(postgres,225176,15412,00:02:13,567) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(postgres,225176,2184,00:00:03,761) postgres: checkpointer process                                                                                              
(postgres,225176,3400,00:21:11,762) postgres: writer process                                                                                                    
(postgres,225176,2588,00:01:17,763) postgres: wal writer process                                                                                                
(postgres,225608,38264,00:01:50,764) postgres: autovacuum launcher process                                                                                       
(postgres,80464,2900,00:18:36,765) postgres: stats collector process                                                                                           
(osm,3744924,2490568,01:43:23,800) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,273004,165320,10:38:04,807) postgres: osm gis [local] SELECT                                                                                            
(root,0,0,00:00:00,1252) [hv_vmbus_ctl]
(root,0,0,00:00:00,1255) [hv_vmbus_ctl]
(root,0,0,00:00:00,2032) [kworker/0:0]
(root,0,0,00:00:00,2042) [kworker/1:2]
(root,0,0,00:00:26,13188) [kworker/1:1]
(www-data,1389232,15824,00:00:17,13190) /usr/sbin/apache2 -k start
(www-data,1389448,16232,00:00:18,13192) /usr/sbin/apache2 -k start
(postgres,266992,156960,07:25:17,14947) postgres: osm gis [local] SELECT                                                                                            
(postgres,265176,154264,05:29:31,14948) postgres: osm gis [local] SELECT                                                                                            
(postgres,266892,156028,05:25:23,14949) postgres: osm gis [local] SELECT                                                                                            
(root,0,0,00:00:00,15485) [kworker/u4:2]
(root,490172,38328,00:03:46,19136) /usr/sbin/rsyslogd -n
(root,20324,2008,00:00:33,19379) /opt/omi/bin/omiserver -d
(omi,20316,2576,00:00:55,19381) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,5588,00:06:54,19440) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,308816,59196,00:16:55,19785) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,4848,00:00:31,19838) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217940,19108,00:00:20,19870) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,372104,20668,02:36:19,19916) python -u bin/WALinuxAgent-2.9.0.4-py2.7.egg -run-exthandlers
(root,0,0,00:01:30,20615) [kworker/0:1]
(root,0,0,00:00:00,21301) [kworker/u4:3]
(root,51008,5284,00:00:00,22429) sshd: [accepted]    
(sshd,51008,3244,00:00:00,22430) sshd: [net]         
(root,11684,2616,00:00:00,22524) /bin/bash /usr/bin/check_mk_agent
(root,9092,848,00:00:00,22543) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1420,00:00:00,22544) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:02,24494) [kworker/u4:0]
      Found on 2023-01-20 16:22

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c571439221a00d73

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28588,3652,00:02:42,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,22:33:45,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,07:41:40,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:18,9) [migration/0]
(root,0,0,00:06:04,10) [watchdog/0]
(root,0,0,00:00:24,11) [watchdog/1]
(root,0,0,00:00:34,12) [migration/1]
(root,0,0,17:40:53,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:02,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,00:33:38,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:00,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,82) [kpsmoused]
(root,0,0,00:00:00,84) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [ata_sff]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [scsi_eh_0]
(root,0,0,00:00:00,90) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [scsi_tmf_0]
(root,0,0,00:00:00,92) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,99) [hv_vmbus_ctl]
(root,0,0,00:00:00,100) [hv_vmbus_ctl]
(root,0,0,00:00:00,101) [scsi_eh_1]
(root,0,0,00:00:00,102) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,104) [scsi_tmf_2]
(root,0,0,00:00:00,105) [scsi_eh_3]
(root,0,0,00:00:00,107) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_tmf_3]
(root,0,0,00:00:00,109) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,115) [hv_vmbus_ctl]
(root,0,0,00:00:00,117) [scsi_eh_5]
(root,0,0,00:00:00,118) [scsi_tmf_5]
(root,0,0,00:00:03,124) [kworker/0:1H]
(root,0,0,01:41:46,125) [kworker/1:1H]
(root,0,0,00:02:47,143) [jbd2/sda1-8]
(root,0,0,00:00:00,144) [ext4-rsv-conver]
(root,0,0,00:00:00,187) [kauditd]
(root,178936,144860,00:12:56,195) /lib/systemd/systemd-journald
(root,41284,1860,00:00:00,197) /lib/systemd/systemd-udevd
(root,0,0,00:02:40,221) [hv_balloon]
(root,0,0,00:01:26,257) [jbd2/sdb-8]
(root,0,0,00:00:00,258) [ext4-rsv-conver]
(root,25400,6900,00:00:00,309) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1168,00:00:11,330) /usr/sbin/cron -f
(zabbix,77308,1704,00:00:00,335) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(zabbix,77308,2048,00:13:42,341) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3892,00:11:15,342) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3836,00:11:07,343) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,4032,00:10:56,344) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,3632,00:04:39,345) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,46364,11616,00:00:00,350) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1428,00:00:17,352) /lib/systemd/systemd-logind
(message+,33712,1640,00:01:11,367) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,452,00:06:06,371) /usr/sbin/nscd
(root,104404,1776,00:41:45,380) /usr/bin/monit -c /etc/monit/monitrc
(root,48912,3132,00:03:55,389) /usr/sbin/sshd -D
(root,4432,804,00:00:00,409) /sbin/agetty --noclear tty1 linux
(root,4252,744,00:00:00,410) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(ntp,27072,2488,00:04:04,411) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,16044,1060,00:00:00,463) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,0,0,00:00:00,498) [jbd2/sdc1-8]
(root,0,0,00:00:00,501) [ext4-rsv-conver]
(root,179696,17092,00:03:50,507) /usr/sbin/apache2 -k start
(postgres,225176,15644,00:01:32,567) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(postgres,225176,2256,00:00:02,761) postgres: checkpointer process                                                                                              
(postgres,225176,3676,00:13:20,762) postgres: writer process                                                                                                    
(postgres,225176,2660,00:00:54,763) postgres: wal writer process                                                                                                
(postgres,225608,30892,00:01:16,764) postgres: autovacuum launcher process                                                                                       
(postgres,80464,2972,00:11:40,765) postgres: stats collector process                                                                                           
(osm,1451164,171848,01:09:58,800) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,263200,154384,07:05:56,807) postgres: osm gis [local] idle                                                                                              
(root,0,0,00:00:10,868) [kworker/0:2]
(www-data,1387892,15192,00:00:05,870) /usr/sbin/apache2 -k start
(www-data,1387676,14840,00:00:04,872) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,1252) [hv_vmbus_ctl]
(root,0,0,00:00:00,1255) [hv_vmbus_ctl]
(root,0,0,00:00:04,2311) [kworker/u4:1]
(root,416440,18800,00:00:40,4323) /usr/sbin/rsyslogd -n
(root,0,0,00:01:43,4521) [kworker/1:0]
(root,20324,2596,00:00:06,4566) /opt/omi/bin/omiserver -d
(omi,20316,2720,00:00:10,4568) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,5968,00:01:13,4625) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,310864,59244,00:02:57,4992) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,5240,00:00:06,5053) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217948,20588,00:00:03,5078) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,11680,2644,00:00:00,12388) /bin/bash /usr/bin/check_mk_agent
(root,9092,804,00:00:00,12407) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1568,00:00:00,12408) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,14029) [kworker/u4:0]
(root,0,0,00:00:15,14099) [kworker/0:1]
(postgres,266120,157344,05:03:29,14947) postgres: osm gis [local] idle                                                                                              
(postgres,265228,158440,03:34:06,14948) postgres: osm gis [local] idle                                                                                              
(postgres,257568,151180,03:40:03,14949) postgres: osm gis [local] idle                                                                                              
(root,370764,21256,00:53:50,19916) python -u bin/WALinuxAgent-2.9.0.4-py2.7.egg -run-exthandlers
(root,0,0,00:00:00,24989) [kworker/1:1]
      Found on 2022-12-26 10:59

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c57143920671b4b7

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28620,3740,00:02:09,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,17:48:29,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,06:04:26,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:15,9) [migration/0]
(root,0,0,00:05:19,10) [watchdog/0]
(root,0,0,00:00:19,11) [watchdog/1]
(root,0,0,00:00:31,12) [migration/1]
(root,0,0,13:54:16,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:02,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,00:27:48,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:00,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,82) [kpsmoused]
(root,0,0,00:00:00,84) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [ata_sff]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [scsi_eh_0]
(root,0,0,00:00:00,90) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [scsi_tmf_0]
(root,0,0,00:00:00,92) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,99) [hv_vmbus_ctl]
(root,0,0,00:00:00,100) [hv_vmbus_ctl]
(root,0,0,00:00:00,101) [scsi_eh_1]
(root,0,0,00:00:00,102) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,104) [scsi_tmf_2]
(root,0,0,00:00:00,105) [scsi_eh_3]
(root,0,0,00:00:00,107) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_tmf_3]
(root,0,0,00:00:00,109) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,115) [hv_vmbus_ctl]
(root,0,0,00:00:00,117) [scsi_eh_5]
(root,0,0,00:00:00,118) [scsi_tmf_5]
(root,0,0,00:00:02,124) [kworker/0:1H]
(root,0,0,01:21:59,125) [kworker/1:1H]
(root,0,0,00:02:12,143) [jbd2/sda1-8]
(root,0,0,00:00:00,144) [ext4-rsv-conver]
(root,0,0,00:00:00,187) [kauditd]
(root,148544,115272,00:10:09,195) /lib/systemd/systemd-journald
(root,41284,1860,00:00:00,197) /lib/systemd/systemd-udevd
(root,0,0,00:02:06,221) [hv_balloon]
(root,0,0,00:01:11,257) [jbd2/sdb-8]
(root,0,0,00:00:00,258) [ext4-rsv-conver]
(root,25400,6900,00:00:00,309) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1168,00:00:09,330) /usr/sbin/cron -f
(zabbix,77308,1704,00:00:00,335) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(zabbix,77308,2048,00:10:53,341) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3864,00:08:53,342) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3836,00:08:48,343) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,4032,00:08:37,344) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,3632,00:03:42,345) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,46364,11656,00:00:00,350) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1460,00:00:14,352) /lib/systemd/systemd-logind
(message+,33712,1672,00:00:57,367) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,464,00:04:52,371) /usr/sbin/nscd
(root,104404,1776,00:33:02,380) /usr/bin/monit -c /etc/monit/monitrc
(root,48912,3132,00:03:05,389) /usr/sbin/sshd -D
(root,4432,804,00:00:00,409) /sbin/agetty --noclear tty1 linux
(root,4252,744,00:00:00,410) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(ntp,27072,2488,00:03:14,411) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,16044,812,00:00:00,463) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,0,0,00:00:00,498) [jbd2/sdc1-8]
(root,0,0,00:00:00,501) [ext4-rsv-conver]
(root,179180,16648,00:03:02,507) /usr/sbin/apache2 -k start
(postgres,225176,15644,00:01:13,567) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(postgres,225176,2256,00:00:01,761) postgres: checkpointer process                                                                                              
(postgres,225176,3676,00:10:49,762) postgres: writer process                                                                                                    
(postgres,225176,2660,00:00:42,763) postgres: wal writer process                                                                                                
(postgres,225608,27424,00:01:01,764) postgres: autovacuum launcher process                                                                                       
(postgres,80464,2972,00:09:28,765) postgres: stats collector process                                                                                           
(osm,1451164,193648,00:56:40,800) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,266332,156732,05:46:52,807) postgres: osm gis [local] idle                                                                                              
(root,0,0,00:00:00,1252) [hv_vmbus_ctl]
(root,0,0,00:00:00,1255) [hv_vmbus_ctl]
(root,0,0,00:00:00,4143) [kworker/1:0]
(root,0,0,00:00:33,13265) [kworker/0:2]
(www-data,1387588,15688,00:00:22,13267) /usr/sbin/apache2 -k start
(www-data,1387872,13836,00:00:23,13269) /usr/sbin/apache2 -k start
(postgres,255688,148612,04:13:53,14947) postgres: osm gis [local] idle                                                                                              
(postgres,250192,143896,02:53:43,14948) postgres: osm gis [local] idle                                                                                              
(postgres,266688,159716,03:02:28,14949) postgres: osm gis [local] idle                                                                                              
(root,0,0,00:00:00,15514) [kworker/u4:0]
(root,370424,20876,00:05:57,19916) python -u bin/WALinuxAgent-2.9.0.4-py2.7.egg -run-exthandlers
(root,416440,22040,00:01:01,20041) /usr/sbin/rsyslogd -n
(root,20324,2156,00:00:09,20293) /opt/omi/bin/omiserver -d
(omi,20316,2816,00:00:15,20296) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,5692,00:02:00,20374) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,312912,59876,00:04:41,20639) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,5056,00:00:08,20693) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217944,19180,00:00:05,20725) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,0,0,00:00:00,22091) [kworker/0:1]
(root,51008,5284,00:00:00,22846) sshd: [accepted]    
(sshd,51008,3192,00:00:00,22847) sshd: [net]         
(root,11684,2620,00:00:00,22848) /bin/bash /usr/bin/check_mk_agent
(root,9092,856,00:00:00,22867) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1564,00:00:00,22868) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:01:44,31435) [kworker/1:2]
(root,0,0,00:00:00,32283) [kworker/u4:2]
      Found on 2022-12-14 17:38

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c57143925506e33f

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28576,3276,00:01:54,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,15:50:53,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,05:25:07,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:13,9) [migration/0]
(root,0,0,00:04:45,10) [watchdog/0]
(root,0,0,00:00:17,11) [watchdog/1]
(root,0,0,00:00:29,12) [migration/1]
(root,0,0,12:26:00,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:01,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,00:24:25,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:00,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,82) [kpsmoused]
(root,0,0,00:00:00,84) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [ata_sff]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [scsi_eh_0]
(root,0,0,00:00:00,90) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [scsi_tmf_0]
(root,0,0,00:00:00,92) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,99) [hv_vmbus_ctl]
(root,0,0,00:00:00,100) [hv_vmbus_ctl]
(root,0,0,00:00:00,101) [scsi_eh_1]
(root,0,0,00:00:00,102) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,104) [scsi_tmf_2]
(root,0,0,00:00:00,105) [scsi_eh_3]
(root,0,0,00:00:00,107) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_tmf_3]
(root,0,0,00:00:00,109) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,115) [hv_vmbus_ctl]
(root,0,0,00:00:00,117) [scsi_eh_5]
(root,0,0,00:00:00,118) [scsi_tmf_5]
(root,0,0,00:00:02,124) [kworker/0:1H]
(root,0,0,01:10:06,125) [kworker/1:1H]
(root,0,0,00:01:57,143) [jbd2/sda1-8]
(root,0,0,00:00:00,144) [ext4-rsv-conver]
(root,0,0,00:00:00,187) [kauditd]
(root,129844,102596,00:08:57,195) /lib/systemd/systemd-journald
(root,41284,1860,00:00:00,197) /lib/systemd/systemd-udevd
(root,0,0,00:01:52,221) [hv_balloon]
(root,0,0,00:01:01,257) [jbd2/sdb-8]
(root,0,0,00:00:00,258) [ext4-rsv-conver]
(root,25400,6900,00:00:00,309) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1168,00:00:08,330) /usr/sbin/cron -f
(zabbix,77308,1704,00:00:00,335) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(zabbix,77308,2048,00:09:38,341) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3832,00:07:50,342) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3860,00:07:45,343) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,4000,00:07:36,344) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,3656,00:03:16,345) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,46364,11636,00:00:00,350) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1152,00:00:12,352) /lib/systemd/systemd-logind
(message+,33712,1568,00:00:50,367) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,464,00:04:18,371) /usr/sbin/nscd
(root,104404,1776,00:29:09,380) /usr/bin/monit -c /etc/monit/monitrc
(root,48912,3156,00:02:43,389) /usr/sbin/sshd -D
(root,4432,804,00:00:00,409) /sbin/agetty --noclear tty1 linux
(root,4252,744,00:00:00,410) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(ntp,27072,2568,00:02:51,411) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,16044,936,00:00:00,463) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,0,0,00:00:00,498) [jbd2/sdc1-8]
(root,0,0,00:00:00,501) [ext4-rsv-conver]
(root,179008,14724,00:02:41,507) /usr/sbin/apache2 -k start
(postgres,225176,15684,00:01:05,567) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,371220,20380,02:41:51,568) python -u bin/WALinuxAgent-2.8.0.11-py2.7.egg -run-exthandlers
(postgres,225176,2264,00:00:01,761) postgres: checkpointer process                                                                                              
(postgres,225176,3704,00:09:19,762) postgres: writer process                                                                                                    
(postgres,225176,2668,00:00:37,763) postgres: wal writer process                                                                                                
(postgres,225608,25088,00:00:54,764) postgres: autovacuum launcher process                                                                                       
(postgres,80464,2980,00:08:09,765) postgres: stats collector process                                                                                           
(osm,1451164,176388,00:49:22,800) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,263200,154568,04:51:57,807) postgres: osm gis [local] idle                                                                                              
(root,0,0,00:00:06,1130) [kworker/1:2]
(root,0,0,00:00:00,1252) [hv_vmbus_ctl]
(root,0,0,00:00:00,1255) [hv_vmbus_ctl]
(root,0,0,00:00:00,9927) [kworker/u4:2]
(root,0,0,00:00:11,10274) [kworker/1:0]
(root,0,0,00:00:08,10276) [kworker/0:2]
(www-data,1387124,11256,00:00:06,10277) /usr/sbin/apache2 -k start
(www-data,1387560,12064,00:00:06,10279) /usr/sbin/apache2 -k start
(root,0,0,00:02:40,11399) [kworker/0:0]
(root,0,0,00:00:06,11777) [kworker/u4:0]
(postgres,266868,159948,03:48:20,14947) postgres: osm gis [local] idle                                                                                              
(postgres,266904,160548,02:31:53,14948) postgres: osm gis [local] idle                                                                                              
(postgres,262104,154584,02:38:48,14949) postgres: osm gis [local] idle                                                                                              
(root,490172,31856,00:03:36,20023) /usr/sbin/rsyslogd -n
(root,20324,2140,00:00:31,20265) /opt/omi/bin/omiserver -d
(omi,20316,2724,00:00:52,20267) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,5572,00:06:50,20359) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,323152,66652,00:15:31,20760) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,4984,00:00:29,20813) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217940,19216,00:00:19,20845) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,11684,2640,00:00:00,23665) /bin/bash /usr/bin/check_mk_agent
(root,9092,856,00:00:00,23684) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1572,00:00:00,23685) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
      Found on 2022-12-09 11:26

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c57143928c9ab567

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28588,3724,00:01:39,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,13:26:22,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,04:32:35,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:11,9) [migration/0]
(root,0,0,00:04:00,10) [watchdog/0]
(root,0,0,00:00:14,11) [watchdog/1]
(root,0,0,00:00:27,12) [migration/1]
(root,0,0,10:22:42,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:01,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,00:21:34,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:00,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,82) [kpsmoused]
(root,0,0,00:00:00,84) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [ata_sff]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [scsi_eh_0]
(root,0,0,00:00:00,90) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [scsi_tmf_0]
(root,0,0,00:00:00,92) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,99) [hv_vmbus_ctl]
(root,0,0,00:00:00,100) [hv_vmbus_ctl]
(root,0,0,00:00:00,101) [scsi_eh_1]
(root,0,0,00:00:00,102) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,104) [scsi_tmf_2]
(root,0,0,00:00:00,105) [scsi_eh_3]
(root,0,0,00:00:00,107) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_tmf_3]
(root,0,0,00:00:00,109) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,115) [hv_vmbus_ctl]
(root,0,0,00:00:00,117) [scsi_eh_5]
(root,0,0,00:00:00,118) [scsi_tmf_5]
(root,0,0,00:00:02,124) [kworker/0:1H]
(root,0,0,01:04:07,125) [kworker/1:1H]
(root,0,0,00:01:40,143) [jbd2/sda1-8]
(root,0,0,00:00:00,144) [ext4-rsv-conver]
(root,0,0,00:00:00,187) [kauditd]
(root,118476,90760,00:07:53,195) /lib/systemd/systemd-journald
(root,41284,1860,00:00:00,197) /lib/systemd/systemd-udevd
(root,0,0,00:01:34,221) [hv_balloon]
(root,0,0,00:00:54,257) [jbd2/sdb-8]
(root,0,0,00:00:00,258) [ext4-rsv-conver]
(root,25400,6900,00:00:00,309) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1168,00:00:06,330) /usr/sbin/cron -f
(zabbix,77308,1704,00:00:00,335) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(zabbix,77308,2048,00:08:13,341) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3872,00:06:40,342) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3860,00:06:35,343) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,4028,00:06:28,344) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,3656,00:02:47,345) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,46364,11636,00:00:00,350) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1476,00:00:10,352) /lib/systemd/systemd-logind
(message+,33712,1672,00:00:43,367) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,464,00:03:45,371) /usr/sbin/nscd
(root,104404,1776,00:24:48,380) /usr/bin/monit -c /etc/monit/monitrc
(root,48912,3156,00:02:24,389) /usr/sbin/sshd -D
(root,4432,804,00:00:00,409) /sbin/agetty --noclear tty1 linux
(root,4252,744,00:00:00,410) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(ntp,27072,2520,00:02:25,411) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,16044,688,00:00:00,463) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,0,0,00:00:00,498) [jbd2/sdc1-8]
(root,0,0,00:00:00,501) [ext4-rsv-conver]
(root,178752,16100,00:02:17,507) /usr/sbin/apache2 -k start
(postgres,225176,15688,00:00:55,567) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,371084,20272,02:18:10,568) python -u bin/WALinuxAgent-2.8.0.11-py2.7.egg -run-exthandlers
(postgres,225176,2264,00:00:01,761) postgres: checkpointer process                                                                                              
(postgres,225176,3864,00:08:24,762) postgres: writer process                                                                                                    
(postgres,225176,2668,00:00:32,763) postgres: wal writer process                                                                                                
(postgres,225608,22708,00:00:46,764) postgres: autovacuum launcher process                                                                                       
(postgres,80464,2984,00:07:20,765) postgres: stats collector process                                                                                           
(osm,1451164,180064,00:43:22,800) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,263200,155852,04:20:12,807) postgres: osm gis [local] idle                                                                                              
(root,0,0,00:00:00,1252) [hv_vmbus_ctl]
(root,0,0,00:00:00,1255) [hv_vmbus_ctl]
(root,490172,50768,00:04:20,6130) /usr/sbin/rsyslogd -n
(root,20324,2092,00:00:38,6373) /opt/omi/bin/omiserver -d
(omi,20316,2712,00:01:06,6375) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,5204,00:08:08,6437) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,317008,69084,00:18:26,6776) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,4288,00:00:37,6837) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217940,18748,00:00:24,6862) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,0,0,00:00:00,7031) [kworker/u4:2]
(root,0,0,00:00:00,8489) [kworker/0:2]
(root,0,0,00:00:03,8498) [kworker/1:1]
(root,86408,5836,00:00:00,11109) sshd: unknown [priv]
(sshd,51008,3176,00:00:00,11110) sshd: unknown [net] 
(root,11684,2592,00:00:00,11209) /bin/bash /usr/bin/check_mk_agent
(root,9092,856,00:00:00,11228) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1472,00:00:00,11229) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(postgres,258204,152984,03:25:30,14947) postgres: osm gis [local] idle                                                                                              
(postgres,268964,161792,02:20:48,14948) postgres: osm gis [local] idle                                                                                              
(postgres,267048,159612,02:18:16,14949) postgres: osm gis [local] idle                                                                                              
(root,0,0,00:00:02,21387) [kworker/u4:0]
(root,0,0,00:00:16,21468) [kworker/0:1]
(www-data,1386884,14136,00:00:12,21470) /usr/sbin/apache2 -k start
(www-data,1386984,12308,00:00:12,21472) /usr/sbin/apache2 -k start
(root,0,0,00:01:01,29255) [kworker/1:0]
      Found on 2022-12-03 13:19

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392d94276e3

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28576,3692,00:01:08,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,09:26:27,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,03:05:46,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:08,9) [migration/0]
(root,0,0,00:02:48,10) [watchdog/0]
(root,0,0,00:00:10,11) [watchdog/1]
(root,0,0,00:00:24,12) [migration/1]
(root,0,0,07:09:40,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:01,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,00:16:30,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:00,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,82) [kpsmoused]
(root,0,0,00:00:00,84) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [ata_sff]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [scsi_eh_0]
(root,0,0,00:00:00,90) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [scsi_tmf_0]
(root,0,0,00:00:00,92) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,99) [hv_vmbus_ctl]
(root,0,0,00:00:00,100) [hv_vmbus_ctl]
(root,0,0,00:00:00,101) [scsi_eh_1]
(root,0,0,00:00:00,102) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,104) [scsi_tmf_2]
(root,0,0,00:00:00,105) [scsi_eh_3]
(root,0,0,00:00:00,107) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_tmf_3]
(root,0,0,00:00:00,109) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,115) [hv_vmbus_ctl]
(root,0,0,00:00:00,117) [scsi_eh_5]
(root,0,0,00:00:00,118) [scsi_tmf_5]
(root,0,0,00:00:01,124) [kworker/0:1H]
(root,0,0,00:49:53,125) [kworker/1:1H]
(root,0,0,00:01:12,143) [jbd2/sda1-8]
(root,0,0,00:00:00,144) [ext4-rsv-conver]
(root,0,0,00:00:00,187) [kauditd]
(root,84420,52792,00:04:43,195) /lib/systemd/systemd-journald
(root,41284,1868,00:00:00,197) /lib/systemd/systemd-udevd
(root,0,0,00:01:07,221) [hv_balloon]
(root,0,0,00:00:42,257) [jbd2/sdb-8]
(root,0,0,00:00:00,258) [ext4-rsv-conver]
(root,25400,6900,00:00:00,309) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1180,00:00:05,330) /usr/sbin/cron -f
(zabbix,77308,1712,00:00:00,335) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(zabbix,77308,2056,00:05:58,341) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3900,00:04:48,342) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3900,00:04:43,343) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,4048,00:04:40,344) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,3704,00:02:01,345) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,46364,11712,00:00:00,350) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1456,00:00:07,352) /lib/systemd/systemd-logind
(message+,33712,1676,00:00:31,367) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,492,00:02:22,371) /usr/sbin/nscd
(root,104388,1796,00:17:51,380) /usr/bin/monit -c /etc/monit/monitrc
(root,48912,3204,00:01:28,389) /usr/sbin/sshd -D
(root,4432,836,00:00:00,409) /sbin/agetty --noclear tty1 linux
(root,4252,744,00:00:00,410) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(ntp,27072,2664,00:01:46,411) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,16044,944,00:00:00,463) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,0,0,00:00:00,498) [jbd2/sdc1-8]
(root,0,0,00:00:00,501) [ext4-rsv-conver]
(root,178104,15500,00:01:39,507) /usr/sbin/apache2 -k start
(postgres,225176,15792,00:00:40,567) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,371132,20348,01:40:24,568) python -u bin/WALinuxAgent-2.8.0.11-py2.7.egg -run-exthandlers
(postgres,225176,2440,00:00:00,761) postgres: checkpointer process                                                                                              
(postgres,225176,4064,00:06:31,762) postgres: writer process                                                                                                    
(postgres,225176,2720,00:00:23,763) postgres: wal writer process                                                                                                
(postgres,225608,19496,00:00:33,764) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3044,00:05:42,765) postgres: stats collector process                                                                                           
(osm,1451164,190288,00:32:16,800) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,265080,159248,03:09:50,807) postgres: osm gis [local] idle                                                                                              
(root,0,0,00:00:00,1252) [hv_vmbus_ctl]
(root,0,0,00:00:00,1255) [hv_vmbus_ctl]
(root,0,0,00:00:04,3227) [kworker/u4:0]
(www-data,1386620,14708,00:00:37,4299) /usr/sbin/apache2 -k start
(www-data,1386756,14908,00:00:37,4301) /usr/sbin/apache2 -k start
(root,0,0,00:00:53,4302) [kworker/0:0]
(root,490172,24688,00:02:21,8220) /usr/sbin/rsyslogd -n
(root,20324,2192,00:00:21,8464) /opt/omi/bin/omiserver -d
(omi,20316,2760,00:00:37,8466) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,5876,00:04:45,8528) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,312912,60760,00:10:36,8784) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,4992,00:00:20,8838) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217948,19068,00:00:13,8870) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,11684,2620,00:00:00,12683) /bin/bash /usr/bin/check_mk_agent
(root,9092,828,00:00:00,12702) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1576,00:00:00,12703) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(postgres,263036,156924,02:43:28,14947) postgres: osm gis [local] idle                                                                                              
(postgres,268196,160788,01:55:19,14948) postgres: osm gis [local] idle                                                                                              
(postgres,267048,160776,01:49:25,14949) postgres: osm gis [local] idle                                                                                              
(root,0,0,00:00:00,19644) [kworker/u4:1]
(root,0,0,00:00:00,24700) [kworker/0:1]
(root,0,0,00:00:00,24708) [kworker/1:2]
(root,0,0,00:01:11,27879) [kworker/1:1]
      Found on 2022-11-23 22:46

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392add51d58

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28576,3296,00:01:05,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,08:58:28,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,02:56:28,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:07,9) [migration/0]
(root,0,0,00:02:40,10) [watchdog/0]
(root,0,0,00:00:10,11) [watchdog/1]
(root,0,0,00:00:23,12) [migration/1]
(root,0,0,06:48:26,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:01,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,00:16:23,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:00,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,82) [kpsmoused]
(root,0,0,00:00:00,84) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [ata_sff]
(root,0,0,00:00:00,87) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [scsi_eh_0]
(root,0,0,00:00:00,90) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [scsi_tmf_0]
(root,0,0,00:00:00,92) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,94) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [hv_vmbus_ctl]
(root,0,0,00:00:00,97) [hv_vmbus_ctl]
(root,0,0,00:00:00,99) [hv_vmbus_ctl]
(root,0,0,00:00:00,100) [hv_vmbus_ctl]
(root,0,0,00:00:00,101) [scsi_eh_1]
(root,0,0,00:00:00,102) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,104) [scsi_tmf_2]
(root,0,0,00:00:00,105) [scsi_eh_3]
(root,0,0,00:00:00,107) [hv_vmbus_ctl]
(root,0,0,00:00:00,108) [scsi_tmf_3]
(root,0,0,00:00:00,109) [scsi_eh_4]
(root,0,0,00:00:00,111) [scsi_tmf_4]
(root,0,0,00:00:00,115) [hv_vmbus_ctl]
(root,0,0,00:00:00,117) [scsi_eh_5]
(root,0,0,00:00:00,118) [scsi_tmf_5]
(root,0,0,00:00:01,124) [kworker/0:1H]
(root,0,0,00:47:50,125) [kworker/1:1H]
(root,0,0,00:01:10,143) [jbd2/sda1-8]
(root,0,0,00:00:00,144) [ext4-rsv-conver]
(root,0,0,00:00:00,187) [kauditd]
(root,84420,52940,00:04:27,195) /lib/systemd/systemd-journald
(root,41284,1868,00:00:00,197) /lib/systemd/systemd-udevd
(root,0,0,00:01:04,221) [hv_balloon]
(root,0,0,00:00:42,257) [jbd2/sdb-8]
(root,0,0,00:00:00,258) [ext4-rsv-conver]
(root,25400,6900,00:00:00,309) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1180,00:00:04,330) /usr/sbin/cron -f
(zabbix,77308,1712,00:00:00,335) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(zabbix,77308,2056,00:05:43,341) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,3900,00:04:36,342) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,3900,00:04:31,343) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,4048,00:04:28,344) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,3704,00:01:56,345) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(root,46364,11712,00:00:00,350) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1284,00:00:07,352) /lib/systemd/systemd-logind
(message+,33712,1572,00:00:30,367) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,492,00:02:15,371) /usr/sbin/nscd
(root,104388,1796,00:17:05,380) /usr/bin/monit -c /etc/monit/monitrc
(root,48912,3204,00:01:23,389) /usr/sbin/sshd -D
(root,4432,836,00:00:00,409) /sbin/agetty --noclear tty1 linux
(root,4252,744,00:00:00,410) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(ntp,27072,2632,00:01:41,411) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,16044,820,00:00:00,463) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,0,0,00:00:00,498) [jbd2/sdc1-8]
(root,0,0,00:00:00,501) [ext4-rsv-conver]
(root,178104,13280,00:01:35,507) /usr/sbin/apache2 -k start
(postgres,225176,15792,00:00:39,567) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,371132,20396,01:36:08,568) python -u bin/WALinuxAgent-2.8.0.11-py2.7.egg -run-exthandlers
(postgres,225176,2440,00:00:00,761) postgres: checkpointer process                                                                                              
(postgres,225176,4064,00:06:18,762) postgres: writer process                                                                                                    
(postgres,225176,2720,00:00:22,763) postgres: wal writer process                                                                                                
(postgres,225608,19352,00:00:32,764) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3044,00:05:30,765) postgres: stats collector process                                                                                           
(osm,1449456,204872,00:31:36,800) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,269244,162420,03:06:07,807) postgres: osm gis [local] SELECT                                                                                            
(root,0,0,00:00:00,1252) [hv_vmbus_ctl]
(root,0,0,00:00:00,1255) [hv_vmbus_ctl]
(root,0,0,00:00:02,3227) [kworker/u4:0]
(root,0,0,00:00:00,7134) [kworker/0:0]
(root,0,0,00:00:07,7148) [kworker/1:0]
(root,490172,31808,00:01:35,8220) /usr/sbin/rsyslogd -n
(root,0,0,00:02:03,8419) [kworker/0:2]
(root,20324,2192,00:00:14,8464) /opt/omi/bin/omiserver -d
(omi,20316,2760,00:00:25,8466) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,172476,5480,00:03:16,8528) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(omsagent,310864,59016,00:07:08,8784) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(omsagent,172476,4992,00:00:14,8838) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,217948,19068,00:00:09,8870) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,0,0,00:00:00,14460) [kworker/u4:2]
(postgres,261624,153548,02:41:13,14947) postgres: osm gis [local] SELECT                                                                                            
(postgres,263948,154152,01:52:31,14948) postgres: osm gis [local] SELECT                                                                                            
(postgres,267048,160020,01:47:39,14949) postgres: osm gis [local] SELECT                                                                                            
(root,0,0,00:00:00,16618) [kworker/u4:1]
(root,11684,2584,00:00:00,16870) /bin/bash /usr/bin/check_mk_agent
(root,9092,800,00:00:00,16889) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1628,00:00:00,16890) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(www-data,1386836,11384,00:00:24,20532) /usr/sbin/apache2 -k start
(www-data,1386680,11352,00:00:22,20534) /usr/sbin/apache2 -k start
(root,0,0,00:00:04,20589) [kworker/1:2]
      Found on 2022-11-22 21:25

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392cfa6610e

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28580,3584,00:02:07,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,13:26:02,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,05:30:00,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:26,9) [migration/0]
(root,0,0,00:03:11,10) [watchdog/0]
(root,0,0,00:01:23,11) [watchdog/1]
(root,0,0,00:00:33,12) [migration/1]
(root,0,0,10:05:18,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:02,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,00:29:21,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:00,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [hv_vmbus_ctl]
(root,0,0,00:00:00,78) [hv_vmbus_ctl]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,80) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,82) [hv_vmbus_ctl]
(root,0,0,00:00:00,83) [hv_vmbus_ctl]
(root,0,0,00:00:00,84) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,92) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [ata_sff]
(root,0,0,00:00:00,97) [kpsmoused]
(root,0,0,00:00:00,99) [scsi_eh_0]
(root,0,0,00:00:00,100) [scsi_tmf_0]
(root,0,0,00:00:00,101) [scsi_eh_1]
(root,0,0,00:00:00,102) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,104) [scsi_tmf_2]
(root,0,0,00:00:00,107) [scsi_eh_3]
(root,0,0,00:00:00,108) [scsi_tmf_3]
(root,0,0,00:00:00,110) [hv_vmbus_ctl]
(root,0,0,00:00:00,112) [scsi_eh_4]
(root,0,0,00:00:00,113) [scsi_tmf_4]
(root,0,0,00:00:00,114) [scsi_eh_5]
(root,0,0,00:00:00,115) [scsi_tmf_5]
(root,0,0,00:00:02,121) [kworker/0:1H]
(root,0,0,02:03:17,122) [kworker/1:1H]
(root,0,0,00:02:35,140) [jbd2/sda1-8]
(root,0,0,00:00:00,141) [ext4-rsv-conver]
(root,0,0,00:00:00,176) [kauditd]
(root,112856,83108,00:07:21,178) /lib/systemd/systemd-journald
(root,40804,1992,00:00:00,193) /lib/systemd/systemd-udevd
(root,0,0,00:02:20,217) [hv_balloon]
(root,0,0,00:01:28,254) [jbd2/sdc-8]
(root,0,0,00:00:00,255) [ext4-rsv-conver]
(root,25400,6932,00:00:00,306) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,1692,00:00:10,327) /usr/sbin/cron -f
(root,46364,12204,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,1952,00:00:16,339) /lib/systemd/systemd-logind
(message+,33832,2212,00:01:03,348) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,1040,00:04:37,365) /usr/sbin/nscd
(root,16044,1204,00:00:00,392) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,4432,1308,00:00:00,416) /sbin/agetty --noclear tty1 linux
(root,71804,1796,00:00:00,417) /bin/login --         
(ntp,27072,3136,00:03:30,422) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(zabbix,77308,2152,00:00:00,437) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(zabbix,77308,2392,00:12:29,438) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,4124,00:10:41,439) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,4100,00:10:23,440) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,4076,00:10:36,441) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,3864,00:04:17,442) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(postgres,225176,15712,00:01:22,471) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,0,0,00:00:00,561) [jbd2/sdb1-8]
(root,0,0,00:00:00,562) [ext4-rsv-conver]
(root,104404,1824,00:38:06,568) /usr/bin/monit -c /etc/monit/monitrc
(postgres,225176,2680,00:00:02,656) postgres: checkpointer process                                                                                              
(postgres,225176,4244,00:14:21,657) postgres: writer process                                                                                                    
(postgres,225176,2824,00:00:45,658) postgres: wal writer process                                                                                                
(postgres,225584,29220,00:01:09,659) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3240,00:12:46,660) postgres: stats collector process                                                                                           
(root,0,0,00:00:00,688) [kworker/u4:0]
(root,123624,14116,00:06:46,825) python /var/lib/waagent/Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9029/diagnostic.py -daemon
(osm,1448404,210400,01:05:14,833) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,268252,162848,06:35:00,843) postgres: osm gis [local] idle                                                                                              
(root,481976,1664,00:03:12,895) /usr/sbin/rsyslogd -n
(root,179352,14544,00:03:26,1162) /usr/sbin/apache2 -k start
(root,20324,1860,00:06:17,1297) /opt/omi/bin/omiserver -d
(omi,20316,2264,00:12:01,1298) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,369924,5792,01:18:13,1303) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,1417360,36856,00:45:03,1358) /var/lib/waagent/Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9029/bin/mdsd -A -C -c /var/lib/waagent/Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9029/./xmlCfg.xml -p 29131 -R -r lad_mdsd -e /var/log/azure/Microsoft.OSTCExtensions.LinuxDiagnostic/mdsd.err -w /var/log/azure/Microsoft.OSTCExtensions.LinuxDiagnostic/mdsd.warn -o /var/log/azure/Microsoft.OSTCExtensions.LinuxDiagnostic/mdsd.info
(omsagent,172476,4308,00:05:27,1591) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,0,0,00:00:00,1731) [hv_vmbus_ctl]
(root,0,0,00:00:00,1732) [hv_vmbus_ctl]
(root,90580,5980,00:00:00,2258) sshd: unknown [priv]
(sshd,51008,3156,00:00:00,2260) sshd: unknown [net] 
(root,11684,2580,00:00:00,2360) /bin/bash /usr/bin/check_mk_agent
(root,9092,848,00:00:00,2379) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1536,00:00:00,2380) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(postgres,272244,166288,05:00:11,2454) postgres: osm gis [local] idle                                                                                              
(srekhomp,27240,1216,00:00:00,2470) /lib/systemd/systemd --user
(srekhomp,49856,1668,00:00:00,2473) (sd-pam)  
(srekhomp,4336,452,00:00:00,2476) -sh
(root,53964,2144,00:00:00,2480) sudo su
(root,53248,1764,00:00:00,2505) su
(root,11880,1684,00:00:00,2506) bash
(postgres,267016,160336,03:43:39,2842) postgres: osm gis [local] idle                                                                                              
(postgres,269456,163528,03:38:09,2847) postgres: osm gis [local] idle                                                                                              
(root,0,0,00:00:00,6504) [kworker/0:2]
(www-data,1387736,14504,00:00:26,6506) /usr/sbin/apache2 -k start
(www-data,1387624,14744,00:00:26,6508) /usr/sbin/apache2 -k start
(root,0,0,00:00:37,9876) [kworker/1:0]
(root,0,0,00:00:00,16559) [kworker/u4:2]
(omsagent,323152,65296,00:20:53,18647) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(root,217940,18884,00:00:26,18730) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(root,372596,21424,03:06:37,24283) python -u bin/WALinuxAgent-2.8.0.11-py2.7.egg -run-exthandlers
(root,0,0,00:00:37,24651) [kworker/0:0]
(root,0,0,00:00:33,24660) [kworker/1:1]
(root,48912,3544,00:02:07,32660) /usr/sbin/sshd -D
      Found on 2022-10-16 02:05

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c9316f11784debf67c3c5714392c50345af

      Found public CheckMk agent:
Version: 1.2.6b1
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,28572,3864,00:00:43,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,04:53:18,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,01:59:41,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:08,9) [migration/0]
(root,0,0,00:01:14,10) [watchdog/0]
(root,0,0,00:00:30,11) [watchdog/1]
(root,0,0,00:00:07,12) [migration/1]
(root,0,0,03:27:45,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [khelper]
(root,0,0,00:00:00,17) [kdevtmpfs]
(root,0,0,00:00:00,18) [netns]
(root,0,0,00:00:00,19) [khungtaskd]
(root,0,0,00:00:00,20) [writeback]
(root,0,0,00:00:00,21) [ksmd]
(root,0,0,00:00:00,22) [khugepaged]
(root,0,0,00:00:00,23) [crypto]
(root,0,0,00:00:00,24) [kintegrityd]
(root,0,0,00:00:00,25) [bioset]
(root,0,0,00:00:00,26) [kblockd]
(root,0,0,00:11:14,29) [kswapd0]
(root,0,0,00:00:00,30) [vmstat]
(root,0,0,00:00:00,31) [fsnotify_mark]
(root,0,0,00:00:00,37) [kthrotld]
(root,0,0,00:00:00,38) [ipv6_addrconf]
(root,0,0,00:00:00,39) [deferwq]
(root,0,0,00:00:00,76) [hv_vmbus_con]
(root,0,0,00:00:00,77) [hv_vmbus_ctl]
(root,0,0,00:00:00,78) [hv_vmbus_ctl]
(root,0,0,00:00:00,79) [hv_vmbus_ctl]
(root,0,0,00:00:00,80) [hv_vmbus_ctl]
(root,0,0,00:00:00,81) [hv_vmbus_ctl]
(root,0,0,00:00:00,82) [hv_vmbus_ctl]
(root,0,0,00:00:00,83) [hv_vmbus_ctl]
(root,0,0,00:00:00,84) [hv_vmbus_ctl]
(root,0,0,00:00:00,85) [hv_vmbus_ctl]
(root,0,0,00:00:00,86) [hv_vmbus_ctl]
(root,0,0,00:00:00,88) [hv_vmbus_ctl]
(root,0,0,00:00:00,89) [hv_vmbus_ctl]
(root,0,0,00:00:00,91) [hv_vmbus_ctl]
(root,0,0,00:00:00,92) [hv_vmbus_ctl]
(root,0,0,00:00:00,93) [hv_vmbus_ctl]
(root,0,0,00:00:00,96) [ata_sff]
(root,0,0,00:00:00,97) [kpsmoused]
(root,0,0,00:00:00,99) [scsi_eh_0]
(root,0,0,00:00:00,100) [scsi_tmf_0]
(root,0,0,00:00:00,101) [scsi_eh_1]
(root,0,0,00:00:00,102) [scsi_tmf_1]
(root,0,0,00:00:00,103) [scsi_eh_2]
(root,0,0,00:00:00,104) [scsi_tmf_2]
(root,0,0,00:00:00,107) [scsi_eh_3]
(root,0,0,00:00:00,108) [scsi_tmf_3]
(root,0,0,00:00:00,110) [hv_vmbus_ctl]
(root,0,0,00:00:00,112) [scsi_eh_4]
(root,0,0,00:00:00,113) [scsi_tmf_4]
(root,0,0,00:00:00,114) [scsi_eh_5]
(root,0,0,00:00:00,115) [scsi_tmf_5]
(root,0,0,00:00:01,121) [kworker/0:1H]
(root,0,0,00:50:06,122) [kworker/1:1H]
(root,0,0,00:01:00,140) [jbd2/sda1-8]
(root,0,0,00:00:00,141) [ext4-rsv-conver]
(root,0,0,00:00:00,176) [kauditd]
(root,52708,20784,00:01:09,178) /lib/systemd/systemd-journald
(root,40804,2292,00:00:00,193) /lib/systemd/systemd-udevd
(root,0,0,00:00:52,217) [hv_balloon]
(root,0,0,00:00:36,254) [jbd2/sdc-8]
(root,0,0,00:00:00,255) [ext4-rsv-conver]
(root,25400,7032,00:00:00,306) dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
(root,25904,2000,00:00:04,327) /usr/sbin/cron -f
(root,46364,12760,00:00:00,334) /usr/bin/python /usr/sbin/waagent -daemon
(root,19944,2224,00:00:06,339) /lib/systemd/systemd-logind
(message+,33712,2576,00:00:24,348) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(unscd,14772,1148,00:01:16,365) /usr/sbin/nscd
(root,16044,1724,00:00:00,392) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,4432,1476,00:00:00,416) /sbin/agetty --noclear tty1 linux
(root,4252,1532,00:00:00,417) /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt102
(ntp,27072,3452,00:01:21,422) /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:110
(root,48912,3696,00:00:30,426) /usr/sbin/sshd -D
(zabbix,77308,2352,00:00:00,437) /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
(zabbix,77308,2580,00:04:48,438) /usr/sbin/zabbix_agentd: collector [idle 1 sec]          
(zabbix,81572,4640,00:04:03,439) /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
(zabbix,81572,4604,00:03:52,440) /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
(zabbix,81572,4540,00:04:00,441) /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
(zabbix,81584,4364,00:01:39,442) /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]   
(postgres,225176,16520,00:00:32,471) /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
(root,0,0,00:00:00,561) [jbd2/sdb1-8]
(root,0,0,00:00:00,562) [ext4-rsv-conver]
(root,104388,2592,00:13:42,568) /usr/bin/monit -c /etc/monit/monitrc
(postgres,225176,3000,00:00:00,656) postgres: checkpointer process                                                                                              
(postgres,225176,4700,00:05:42,657) postgres: writer process                                                                                                    
(postgres,225176,3124,00:00:17,658) postgres: wal writer process                                                                                                
(postgres,225584,16696,00:00:27,659) postgres: autovacuum launcher process                                                                                       
(postgres,80464,3508,00:05:04,660) postgres: stats collector process                                                                                           
(root,123624,14636,00:02:35,825) python /var/lib/waagent/Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9029/diagnostic.py -daemon
(osm,1579436,278684,00:25:43,833) /usr/local/bin/renderd -c /usr/local/etc/renderd.conf
(postgres,258360,153760,02:14:29,843) postgres: osm gis [local] idle                                                                                              
(root,481976,2140,00:00:29,895) /usr/sbin/rsyslogd -n
(root,177836,12808,00:01:18,1162) /usr/sbin/apache2 -k start
(root,20324,2200,00:02:25,1297) /opt/omi/bin/omiserver -d
(omi,20316,2808,00:04:37,1298) /opt/omi/bin/omiengine -d --logfilefd 3 --socketpair 9
(root,369924,6320,00:28:23,1303) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,1417324,16204,00:16:05,1358) /var/lib/waagent/Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9029/bin/mdsd -A -C -c /var/lib/waagent/Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9029/./xmlCfg.xml -p 29131 -R -r lad_mdsd -e /var/log/azure/Microsoft.OSTCExtensions.LinuxDiagnostic/mdsd.err -w /var/log/azure/Microsoft.OSTCExtensions.LinuxDiagnostic/mdsd.warn -o /var/log/azure/Microsoft.OSTCExtensions.LinuxDiagnostic/mdsd.info
(omsagent,172476,4952,00:02:04,1591) /opt/omi/bin/omiagent 9 10 --destdir / --providerdir /opt/omi/lib --loglevel WARNING
(root,0,0,00:00:00,1731) [hv_vmbus_ctl]
(root,0,0,00:00:00,1732) [hv_vmbus_ctl]
(postgres,270100,162472,02:01:48,2454) postgres: osm gis [local] SELECT                                                                                            
(postgres,268996,163832,01:27:40,2842) postgres: osm gis [local] idle                                                                                              
(postgres,251476,146768,01:37:50,2847) postgres: osm gis [local] idle                                                                                              
(omsagent,312912,60484,00:10:27,6701) /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/run/omsagent.pid -o /var/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/log/omsagent.log -c /etc/opt/microsoft/omsagent/0406e431-71ee-4e83-be74-2a2751827946/conf/omsagent.conf --no-supervisor
(root,217944,19044,00:00:12,6789) python2 /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent.py -telemetry
(www-data,1386480,13228,00:00:19,9424) /usr/sbin/apache2 -k start
(www-data,1386348,12972,00:00:18,9426) /usr/sbin/apache2 -k start
(root,0,0,00:00:04,12784) [kworker/u4:2]
(root,0,0,00:00:44,15757) [kworker/0:0]
(root,0,0,00:00:00,22034) [kworker/u4:0]
(root,370516,20648,01:01:22,24283) python -u bin/WALinuxAgent-2.8.0.11-py2.7.egg -run-exthandlers
(root,0,0,00:00:00,26044) [kworker/1:3]
(root,0,0,00:00:04,26050) [kworker/0:1]
(root,11684,2608,00:00:00,30354) /bin/bash /usr/bin/check_mk_agent
(root,9092,824,00:00:00,30373) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13232,1564,00:00:00,30374) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:01:00,32019) [kworker/1:2]
      Found on 2022-09-14 19:41
    Create report
Domain summary
No record

© 2024 LeakIX
About LeakIX - Credits - Take-down and blacklist requests - Security issues - Terms and conditions - Cookie policy - Legal notice