Host 194.94.128.1
Germany
Verein zur Foerderung eines Deutschen Forschungsnetzes e.V.
-
CheckMK monitoring endpoint publicly available
An open CheckMK agent is publicly available.
This could leak sensitive information such as :
- Process list ( maybe credentials )
- Network interfaces
- Running services
- Firewall rules
- Internal OS configuration
https://docs.checkmk.com/latest/en/wato_monitoringagents.html
First seen 2024-09-11 18:40
Last seen 2024-12-22 01:00
Open for 101 days-
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d1e0c436Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12584,00:01:36/39-14:37:55,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-14:37:55,2) [kthreadd] (root,0,0,00:00:00/39-14:37:55,3) [rcu_gp] (root,0,0,00:00:00/39-14:37:55,4) [rcu_par_gp] (root,0,0,00:00:00/39-14:37:55,5) [slub_flushwq] (root,0,0,00:00:00/39-14:37:55,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-14:37:55,9) [mm_percpu_wq] (root,0,0,00:00:00/39-14:37:55,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-14:37:55,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-14:37:55,12) [rcu_tasks_trace] (root,0,0,00:01:15/39-14:37:55,13) [ksoftirqd/0] (root,0,0,01:45:18/39-14:37:55,14) [rcu_preempt] (root,0,0,00:00:15/39-14:37:55,15) [migration/0] (root,0,0,00:00:00/39-14:37:55,16) [idle_inject/0] (root,0,0,00:00:00/39-14:37:55,18) [cpuhp/0] (root,0,0,00:00:00/39-14:37:55,19) [cpuhp/1] (root,0,0,00:00:00/39-14:37:55,20) [idle_inject/1] (root,0,0,00:00:15/39-14:37:55,21) [migration/1] (root,0,0,00:01:05/39-14:37:55,22) [ksoftirqd/1] (root,0,0,00:00:00/39-14:37:55,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-14:37:55,25) [cpuhp/2] (root,0,0,00:00:00/39-14:37:55,26) [idle_inject/2] (root,0,0,00:00:12/39-14:37:55,27) [migration/2] (root,0,0,01:14:07/39-14:37:55,28) [ksoftirqd/2] (root,0,0,00:00:00/39-14:37:55,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-14:37:55,31) [cpuhp/3] (root,0,0,00:00:00/39-14:37:55,32) [idle_inject/3] (root,0,0,00:00:14/39-14:37:55,33) [migration/3] (root,0,0,00:03:31/39-14:37:55,34) [ksoftirqd/3] (root,0,0,00:00:00/39-14:37:55,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-14:37:55,39) [kdevtmpfs] (root,0,0,00:00:00/39-14:37:55,40) [netns] (root,0,0,00:00:00/39-14:37:55,41) [inet_frag_wq] (root,0,0,00:00:09/39-14:37:55,42) [kauditd] (root,0,0,00:00:00/39-14:37:55,43) [khungtaskd] (root,0,0,00:00:00/39-14:37:55,44) [oom_reaper] (root,0,0,00:00:00/39-14:37:55,45) [writeback] (root,0,0,00:01:56/39-14:37:55,46) [kcompactd0] (root,0,0,00:00:00/39-14:37:55,47) [ksmd] (root,0,0,00:01:57/39-14:37:55,48) [khugepaged] (root,0,0,00:00:00/39-14:37:55,74) [kintegrityd] (root,0,0,00:00:00/39-14:37:55,75) [kblockd] (root,0,0,00:00:00/39-14:37:55,76) [blkcg_punt_bio] (root,0,0,00:00:00/39-14:37:55,78) [tpm_dev_wq] (root,0,0,00:00:00/39-14:37:55,79) [edac-poller] (root,0,0,00:00:00/39-14:37:55,80) [devfreq_wq] (root,0,0,00:00:00/39-14:37:55,110) [watchdogd] (root,0,0,00:00:08/39-14:37:55,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/39-14:37:55,112) [kswapd0] (root,0,0,00:00:00/39-14:37:54,114) [kthrotld] (root,0,0,00:00:00/39-14:37:54,115) [mld] (root,0,0,00:00:00/39-14:37:54,116) [ipv6_addrconf] (root,0,0,00:00:17/39-14:37:54,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/39-14:37:54,122) [kstrp] (root,0,0,00:00:00/39-14:37:54,123) [zswap-shrink] (root,0,0,00:00:00/39-14:37:54,124) [kworker/u9:0] (root,0,0,00:00:00/39-14:37:54,129) [charger_manager] (root,0,0,00:00:08/39-14:37:53,172) [kworker/3:1H-kblockd] (root,0,0,00:00:09/39-14:37:53,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-14:37:53,205) [kaluad] (root,0,0,00:00:00/39-14:37:53,250) [kmpath_rdacd] (root,0,0,00:00:00/39-14:37:53,293) [kmpathd] (root,0,0,00:00:00/39-14:37:53,294) [kmpath_handlerd] (root,0,0,00:00:00/39-14:37:53,342) [ata_sff] (root,0,0,00:00:00/39-14:37:52,343) [scsi_eh_0] (root,0,0,00:00:00/39-14:37:52,344) [scsi_tmf_0] (root,0,0,00:00:00/39-14:37:52,345) [scsi_eh_1] (root,0,0,00:00:00/39-14:37:52,346) [scsi_tmf_1] (root,0,0,00:01:05/39-14:37:50,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-14:37:50,367) [ext4-rsv-conver] (root,38604,7788,00:00:54/39-14:37:38,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/39-14:37:37,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:59/39-14:37:35,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:19/39-14:37:01,512) /sbin/auditd (messagebus,22936,5548,00:01:45/39-14:37:01,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:01:01/39-14:37:01,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/39-14:37:01,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/39-14:37:00,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/39-14:37:00,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:44/39-14:36:46,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/39-14:36:46,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:45/39-14:36:45,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/39-14:36:45,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/39-14:36:45,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/39-14:36:45,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/39-14:36:45,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:50/39-14:36:45,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:23/39-14:36:45,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/39-14:36:45,1206) bpfilter_umh (root,26204,8212,00:00:16/39-14:36:45,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/39-14:36:45,1215) ntpd: asynchronous dns resolver (spot,299536,183108,2-02:58:49/39-14:36:45,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/39-14:36:44,1228) (sd-pam) (checkmk,48532,3192,00:00:00/39-14:36:44,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/39-14:36:44,1245) (sd-pam) (root,24216,5344,00:00:13/39-14:36:43,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/39-14:36:43,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/39-14:36:42,1354) /usr/sbin/cron -n (root,698484,82656,00:51:44/39-14:36:36,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,66924,00:17:03/39-14:36:22,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/02:00:44,2674) [kworker/0:2-events] (root,0,0,00:00:00/41:25,5528) [kworker/1:2-events] (root,0,0,00:00:00/07:12,7221) [kworker/3:0-events] (root,0,0,00:00:00/01:35:00,9266) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/03:13,10883) [kworker/0:1] (root,0,0,00:00:00/26:13,12385) [kworker/0:0-cgroup_destroy] (postfix,24244,8292,00:00:00/05:14,13685) pickup -l -t fifo -u (root,6764,3608,00:00:00/00:00,14999) /bin/bash /usr/bin/check_mk_agent (root,6292,3124,00:00:00/00:00,15218) /bin/bash ././mk_inventory.linux (root,43084,22912,00:00:00/00:00,15222) rpm -qa --qf %{NAME}\t%{VERSION}\t%{ARCH}\trpm\t%{RELEASE}\t%{SUMMARY}\t-\n (root,6764,3608,00:00:00/00:00,15254) /bin/bash /usr/bin/check_mk_agent (root,0,0,00:00:00/02:08:46,15256) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/33-12:27:38,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:51/33-12:27:37,15391) sshd: cm-ssh (root,6656,3484,00:00:00/00:00,15516) /bin/bash /usr/bin/check_mk_agent (root,16140,10736,00:00:00/00:00,15519) python ././remotecheck (root,13744,3504,00:00:00/00:00,15537) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,15538) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/05:06,15706) [kworker/1:1-ata_sff] (root,35308,10072,00:00:00/23-13:56:16,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:22/23-13:56:15,16977) sshd: syslogtunnel (root,0,0,00:00:00/46:14,19043) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/13:36,24965) [kworker/2:0-events] (root,0,0,00:00:00/22:07,29419) [kworker/2:2-cgroup_destroy] (postfix,44628,9272,00:00:01/33-19:13:23,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/10:19,31013) [kworker/1:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-22 01:00 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633d85082dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:26/37-14:09:17,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-14:09:17,2) [kthreadd] (root,0,0,00:00:00/37-14:09:17,3) [rcu_gp] (root,0,0,00:00:00/37-14:09:17,4) [rcu_par_gp] (root,0,0,00:00:00/37-14:09:17,5) [slub_flushwq] (root,0,0,00:00:00/37-14:09:17,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-14:09:17,9) [mm_percpu_wq] (root,0,0,00:00:00/37-14:09:17,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-14:09:17,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-14:09:17,12) [rcu_tasks_trace] (root,0,0,00:01:09/37-14:09:17,13) [ksoftirqd/0] (root,0,0,01:39:43/37-14:09:17,14) [rcu_preempt] (root,0,0,00:00:14/37-14:09:17,15) [migration/0] (root,0,0,00:00:00/37-14:09:17,16) [idle_inject/0] (root,0,0,00:00:00/37-14:09:17,18) [cpuhp/0] (root,0,0,00:00:00/37-14:09:17,19) [cpuhp/1] (root,0,0,00:00:00/37-14:09:17,20) [idle_inject/1] (root,0,0,00:00:14/37-14:09:17,21) [migration/1] (root,0,0,00:01:00/37-14:09:17,22) [ksoftirqd/1] (root,0,0,00:00:00/37-14:09:17,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-14:09:17,25) [cpuhp/2] (root,0,0,00:00:00/37-14:09:17,26) [idle_inject/2] (root,0,0,00:00:11/37-14:09:17,27) [migration/2] (root,0,0,01:10:40/37-14:09:17,28) [ksoftirqd/2] (root,0,0,00:00:00/37-14:09:17,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-14:09:17,31) [cpuhp/3] (root,0,0,00:00:00/37-14:09:17,32) [idle_inject/3] (root,0,0,00:00:14/37-14:09:17,33) [migration/3] (root,0,0,00:03:20/37-14:09:17,34) [ksoftirqd/3] (root,0,0,00:00:00/37-14:09:17,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-14:09:17,39) [kdevtmpfs] (root,0,0,00:00:00/37-14:09:17,40) [netns] (root,0,0,00:00:00/37-14:09:17,41) [inet_frag_wq] (root,0,0,00:00:08/37-14:09:17,42) [kauditd] (root,0,0,00:00:00/37-14:09:17,43) [khungtaskd] (root,0,0,00:00:00/37-14:09:17,44) [oom_reaper] (root,0,0,00:00:00/37-14:09:17,45) [writeback] (root,0,0,00:01:50/37-14:09:17,46) [kcompactd0] (root,0,0,00:00:00/37-14:09:17,47) [ksmd] (root,0,0,00:01:50/37-14:09:17,48) [khugepaged] (root,0,0,00:00:00/37-14:09:17,74) [kintegrityd] (root,0,0,00:00:00/37-14:09:17,75) [kblockd] (root,0,0,00:00:00/37-14:09:17,76) [blkcg_punt_bio] (root,0,0,00:00:00/37-14:09:17,78) [tpm_dev_wq] (root,0,0,00:00:00/37-14:09:17,79) [edac-poller] (root,0,0,00:00:00/37-14:09:17,80) [devfreq_wq] (root,0,0,00:00:00/37-14:09:17,110) [watchdogd] (root,0,0,00:00:07/37-14:09:17,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/37-14:09:17,112) [kswapd0] (root,0,0,00:00:00/37-14:09:16,114) [kthrotld] (root,0,0,00:00:00/37-14:09:16,115) [mld] (root,0,0,00:00:00/37-14:09:16,116) [ipv6_addrconf] (root,0,0,00:00:16/37-14:09:16,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/37-14:09:16,122) [kstrp] (root,0,0,00:00:00/37-14:09:16,123) [zswap-shrink] (root,0,0,00:00:00/37-14:09:16,124) [kworker/u9:0] (root,0,0,00:00:00/37-14:09:16,129) [charger_manager] (root,0,0,00:00:08/37-14:09:15,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/37-14:09:15,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-14:09:15,205) [kaluad] (root,0,0,00:00:00/37-14:09:15,250) [kmpath_rdacd] (root,0,0,00:00:00/37-14:09:15,293) [kmpathd] (root,0,0,00:00:00/37-14:09:15,294) [kmpath_handlerd] (root,0,0,00:00:00/37-14:09:15,342) [ata_sff] (root,0,0,00:00:00/37-14:09:14,343) [scsi_eh_0] (root,0,0,00:00:00/37-14:09:14,344) [scsi_tmf_0] (root,0,0,00:00:00/37-14:09:14,345) [scsi_eh_1] (root,0,0,00:00:00/37-14:09:14,346) [scsi_tmf_1] (root,0,0,00:01:01/37-14:09:12,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-14:09:12,367) [ext4-rsv-conver] (root,38604,7788,00:00:48/37-14:09:00,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/37-14:08:59,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:56/37-14:08:57,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:17/37-14:08:23,512) /sbin/auditd (messagebus,22936,5548,00:01:32/37-14:08:23,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:54/37-14:08:23,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/37-14:08:23,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/37-14:08:22,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/37-14:08:22,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:42/37-14:08:08,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/37-14:08:08,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:32/37-14:08:07,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/37-14:08:07,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/37-14:08:07,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/37-14:08:07,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/37-14:08:07,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:46/37-14:08:07,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:06/37-14:08:07,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/37-14:08:07,1206) bpfilter_umh (root,26204,8212,00:00:14/37-14:08:07,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/37-14:08:07,1215) ntpd: asynchronous dns resolver (spot,296464,182160,1-23:14:14/37-14:08:07,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/37-14:08:06,1228) (sd-pam) (checkmk,48532,3192,00:00:00/37-14:08:06,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/37-14:08:06,1245) (sd-pam) (root,24216,5344,00:00:12/37-14:08:05,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/37-14:08:05,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/37-14:08:04,1354) /usr/sbin/cron -n (root,698484,82412,00:49:06/37-14:07:58,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66044,00:16:08/37-14:07:44,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/08:53,2838) [kworker/3:1-mm_percpu_wq] (root,0,0,00:00:00/08:18,4583) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/07:56,6208) [kworker/1:2-ata_sff] (root,0,0,00:00:00/06:47,10180) [kworker/2:2-events] (root,35308,10012,00:00:00/31-11:59:00,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:44/31-11:58:59,15391) sshd: cm-ssh (root,0,0,00:00:00/15:59,16397) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10072,00:00:00/21-13:27:38,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:14/21-13:27:37,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:51:19,17446) [kworker/0:2-events] (root,0,0,00:00:00/15:00,18386) [kworker/3:2-events] (root,0,0,00:00:00/59:49,21022) [kworker/1:1-events] (root,0,0,00:00:00/02:44,21821) [kworker/1:0-ata_sff] (postfix,24244,8204,00:00:00/01:38:39,22497) pickup -l -t fifo -u (root,0,0,00:00:00/25:13,26953) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/00:58,27235) [kworker/u8:2-writeback] (root,6656,3484,00:00:00/00:00,30071) /bin/bash /usr/bin/check_mk_agent (root,13744,3436,00:00:00/00:00,30089) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,30090) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,44628,9272,00:00:01/31-18:44:45,30472) tlsmgr -l -t unix -u (root,0,0,00:00:02/01:55:19,32596) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-20 00:31 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b78b5afbFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:22/35-15:19:09,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/35-15:19:09,2) [kthreadd] (root,0,0,00:00:00/35-15:19:09,3) [rcu_gp] (root,0,0,00:00:00/35-15:19:09,4) [rcu_par_gp] (root,0,0,00:00:00/35-15:19:09,5) [slub_flushwq] (root,0,0,00:00:00/35-15:19:09,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-15:19:09,9) [mm_percpu_wq] (root,0,0,00:00:00/35-15:19:09,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-15:19:09,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-15:19:09,12) [rcu_tasks_trace] (root,0,0,00:01:05/35-15:19:09,13) [ksoftirqd/0] (root,0,0,01:34:30/35-15:19:09,14) [rcu_preempt] (root,0,0,00:00:13/35-15:19:09,15) [migration/0] (root,0,0,00:00:00/35-15:19:09,16) [idle_inject/0] (root,0,0,00:00:00/35-15:19:09,18) [cpuhp/0] (root,0,0,00:00:00/35-15:19:09,19) [cpuhp/1] (root,0,0,00:00:00/35-15:19:09,20) [idle_inject/1] (root,0,0,00:00:14/35-15:19:09,21) [migration/1] (root,0,0,00:00:57/35-15:19:09,22) [ksoftirqd/1] (root,0,0,00:00:00/35-15:19:09,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-15:19:09,25) [cpuhp/2] (root,0,0,00:00:00/35-15:19:09,26) [idle_inject/2] (root,0,0,00:00:11/35-15:19:09,27) [migration/2] (root,0,0,01:07:42/35-15:19:09,28) [ksoftirqd/2] (root,0,0,00:00:00/35-15:19:09,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-15:19:09,31) [cpuhp/3] (root,0,0,00:00:00/35-15:19:09,32) [idle_inject/3] (root,0,0,00:00:13/35-15:19:09,33) [migration/3] (root,0,0,00:03:11/35-15:19:09,34) [ksoftirqd/3] (root,0,0,00:00:00/35-15:19:09,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-15:19:09,39) [kdevtmpfs] (root,0,0,00:00:00/35-15:19:09,40) [netns] (root,0,0,00:00:00/35-15:19:09,41) [inet_frag_wq] (root,0,0,00:00:07/35-15:19:09,42) [kauditd] (root,0,0,00:00:00/35-15:19:09,43) [khungtaskd] (root,0,0,00:00:00/35-15:19:09,44) [oom_reaper] (root,0,0,00:00:00/35-15:19:09,45) [writeback] (root,0,0,00:01:45/35-15:19:09,46) [kcompactd0] (root,0,0,00:00:00/35-15:19:09,47) [ksmd] (root,0,0,00:01:43/35-15:19:09,48) [khugepaged] (root,0,0,00:00:00/35-15:19:09,74) [kintegrityd] (root,0,0,00:00:00/35-15:19:09,75) [kblockd] (root,0,0,00:00:00/35-15:19:09,76) [blkcg_punt_bio] (root,0,0,00:00:00/35-15:19:09,78) [tpm_dev_wq] (root,0,0,00:00:00/35-15:19:09,79) [edac-poller] (root,0,0,00:00:00/35-15:19:09,80) [devfreq_wq] (root,0,0,00:00:00/35-15:19:09,110) [watchdogd] (root,0,0,00:00:07/35-15:19:09,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/35-15:19:09,112) [kswapd0] (root,0,0,00:00:00/35-15:19:08,114) [kthrotld] (root,0,0,00:00:00/35-15:19:08,115) [mld] (root,0,0,00:00:00/35-15:19:08,116) [ipv6_addrconf] (root,0,0,00:00:15/35-15:19:08,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/35-15:19:08,122) [kstrp] (root,0,0,00:00:00/35-15:19:08,123) [zswap-shrink] (root,0,0,00:00:00/35-15:19:08,124) [kworker/u9:0] (root,0,0,00:00:00/35-15:19:08,129) [charger_manager] (root,0,0,00:00:07/35-15:19:07,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/35-15:19:07,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-15:19:07,205) [kaluad] (root,0,0,00:00:00/35-15:19:07,250) [kmpath_rdacd] (root,0,0,00:00:00/35-15:19:07,293) [kmpathd] (root,0,0,00:00:00/35-15:19:07,294) [kmpath_handlerd] (root,0,0,00:00:00/35-15:19:07,342) [ata_sff] (root,0,0,00:00:00/35-15:19:06,343) [scsi_eh_0] (root,0,0,00:00:00/35-15:19:06,344) [scsi_tmf_0] (root,0,0,00:00:00/35-15:19:06,345) [scsi_eh_1] (root,0,0,00:00:00/35-15:19:06,346) [scsi_tmf_1] (root,0,0,00:00:58/35-15:19:04,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-15:19:04,367) [ext4-rsv-conver] (root,38604,7788,00:00:46/35-15:18:52,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/35-15:18:51,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:53/35-15:18:49,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/35-15:18:15,512) /sbin/auditd (messagebus,22936,5548,00:01:28/35-15:18:15,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:51/35-15:18:15,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/35-15:18:15,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/35-15:18:14,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/35-15:18:14,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32960,00:00:40/35-15:18:00,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/35-15:18:00,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:21/35-15:17:59,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/35-15:17:59,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/35-15:17:59,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/35-15:17:59,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/35-15:17:59,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:44/35-15:17:59,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:50/35-15:17:59,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/35-15:17:59,1206) bpfilter_umh (root,26204,8212,00:00:13/35-15:17:59,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/35-15:17:59,1215) ntpd: asynchronous dns resolver (spot,293816,180088,1-20:13:16/35-15:17:59,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/35-15:17:58,1228) (sd-pam) (checkmk,48532,3192,00:00:00/35-15:17:58,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/35-15:17:58,1245) (sd-pam) (root,24216,5344,00:00:11/35-15:17:57,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/35-15:17:57,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/35-15:17:56,1354) /usr/sbin/cron -n (root,698228,81996,00:46:34/35-15:17:50,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,223680,64164,00:15:16/35-15:17:36,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/04:38,4297) [kworker/1:2-events] (root,0,0,00:00:00/01:01:43,7081) [kworker/1:1-ata_sff] (root,0,0,00:00:00/01:10:51,10630) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/29-13:08:52,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:38/29-13:08:51,15391) sshd: cm-ssh (root,0,0,00:00:00/04:54:25,15974) [kworker/u8:1-writeback] (postfix,24244,8228,00:00:00/01:30:17,16513) pickup -l -t fifo -u (root,35308,10072,00:00:00/19-14:37:30,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:07/19-14:37:29,16977) sshd: syslogtunnel (root,0,0,00:00:00/09:50,17230) [kworker/1:0-ata_sff] (root,6656,3488,00:00:00/00:00,18737) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,18755) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,18756) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/55:50,19051) [kworker/0:0-events] (root,0,0,00:00:00/02:12:42,25943) [kworker/3:1] (root,0,0,00:00:00/07:22,27958) [kworker/2:0-events] (root,0,0,00:00:00/02:41:11,29889) [kworker/3:0-events] (postfix,44628,9272,00:00:01/29-19:54:37,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:49:40,31877) [kworker/0:1-events] (root,0,0,00:00:00/32:37,32365) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-18 01:41 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d481d518Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:18/33-12:54:30,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/33-12:54:30,2) [kthreadd] (root,0,0,00:00:00/33-12:54:30,3) [rcu_gp] (root,0,0,00:00:00/33-12:54:30,4) [rcu_par_gp] (root,0,0,00:00:00/33-12:54:30,5) [slub_flushwq] (root,0,0,00:00:00/33-12:54:30,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-12:54:30,9) [mm_percpu_wq] (root,0,0,00:00:00/33-12:54:30,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-12:54:30,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-12:54:30,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-12:54:30,13) [ksoftirqd/0] (root,0,0,01:29:04/33-12:54:30,14) [rcu_preempt] (root,0,0,00:00:12/33-12:54:30,15) [migration/0] (root,0,0,00:00:00/33-12:54:30,16) [idle_inject/0] (root,0,0,00:00:00/33-12:54:30,18) [cpuhp/0] (root,0,0,00:00:00/33-12:54:30,19) [cpuhp/1] (root,0,0,00:00:00/33-12:54:30,20) [idle_inject/1] (root,0,0,00:00:13/33-12:54:30,21) [migration/1] (root,0,0,00:00:53/33-12:54:30,22) [ksoftirqd/1] (root,0,0,00:00:00/33-12:54:30,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-12:54:30,25) [cpuhp/2] (root,0,0,00:00:00/33-12:54:30,26) [idle_inject/2] (root,0,0,00:00:10/33-12:54:30,27) [migration/2] (root,0,0,01:04:48/33-12:54:30,28) [ksoftirqd/2] (root,0,0,00:00:00/33-12:54:30,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-12:54:30,31) [cpuhp/3] (root,0,0,00:00:00/33-12:54:30,32) [idle_inject/3] (root,0,0,00:00:12/33-12:54:30,33) [migration/3] (root,0,0,00:03:01/33-12:54:30,34) [ksoftirqd/3] (root,0,0,00:00:00/33-12:54:30,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-12:54:30,39) [kdevtmpfs] (root,0,0,00:00:00/33-12:54:30,40) [netns] (root,0,0,00:00:00/33-12:54:30,41) [inet_frag_wq] (root,0,0,00:00:07/33-12:54:30,42) [kauditd] (root,0,0,00:00:00/33-12:54:30,43) [khungtaskd] (root,0,0,00:00:00/33-12:54:30,44) [oom_reaper] (root,0,0,00:00:00/33-12:54:30,45) [writeback] (root,0,0,00:01:38/33-12:54:30,46) [kcompactd0] (root,0,0,00:00:00/33-12:54:30,47) [ksmd] (root,0,0,00:01:37/33-12:54:30,48) [khugepaged] (root,0,0,00:00:00/33-12:54:30,74) [kintegrityd] (root,0,0,00:00:00/33-12:54:30,75) [kblockd] (root,0,0,00:00:00/33-12:54:30,76) [blkcg_punt_bio] (root,0,0,00:00:00/33-12:54:30,78) [tpm_dev_wq] (root,0,0,00:00:00/33-12:54:30,79) [edac-poller] (root,0,0,00:00:00/33-12:54:30,80) [devfreq_wq] (root,0,0,00:00:00/33-12:54:30,110) [watchdogd] (root,0,0,00:00:07/33-12:54:30,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/33-12:54:30,112) [kswapd0] (root,0,0,00:00:00/33-12:54:29,114) [kthrotld] (root,0,0,00:00:00/33-12:54:29,115) [mld] (root,0,0,00:00:00/33-12:54:29,116) [ipv6_addrconf] (root,0,0,00:00:14/33-12:54:29,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/33-12:54:29,122) [kstrp] (root,0,0,00:00:00/33-12:54:29,123) [zswap-shrink] (root,0,0,00:00:00/33-12:54:29,124) [kworker/u9:0] (root,0,0,00:00:00/33-12:54:29,129) [charger_manager] (root,0,0,00:00:07/33-12:54:28,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/33-12:54:28,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-12:54:28,205) [kaluad] (root,0,0,00:00:00/33-12:54:28,250) [kmpath_rdacd] (root,0,0,00:00:00/33-12:54:28,293) [kmpathd] (root,0,0,00:00:00/33-12:54:28,294) [kmpath_handlerd] (root,0,0,00:00:00/33-12:54:28,342) [ata_sff] (root,0,0,00:00:00/33-12:54:27,343) [scsi_eh_0] (root,0,0,00:00:00/33-12:54:27,344) [scsi_tmf_0] (root,0,0,00:00:00/33-12:54:27,345) [scsi_eh_1] (root,0,0,00:00:00/33-12:54:27,346) [scsi_tmf_1] (root,0,0,00:00:54/33-12:54:25,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-12:54:25,367) [ext4-rsv-conver] (root,38604,7788,00:00:44/33-12:54:13,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/33-12:54:12,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:50/33-12:54:10,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/33-12:53:36,512) /sbin/auditd (messagebus,22936,5548,00:01:25/33-12:53:36,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:49/33-12:53:36,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/33-12:53:36,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/33-12:53:35,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/33-12:53:35,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:46:09,727) [kworker/u8:2-ext4-rsv-conversion] (root,548360,32524,00:00:38/33-12:53:21,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/33-12:53:21,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:08/33-12:53:20,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/33-12:53:20,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/33-12:53:20,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/33-12:53:20,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/33-12:53:20,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:42/33-12:53:20,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:34/33-12:53:20,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/33-12:53:20,1206) bpfilter_umh (root,26204,8212,00:00:13/33-12:53:20,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/33-12:53:20,1215) ntpd: asynchronous dns resolver (spot,293240,179988,1-17:43:34/33-12:53:20,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/33-12:53:19,1228) (sd-pam) (checkmk,48532,3192,00:00:00/33-12:53:19,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/33-12:53:19,1245) (sd-pam) (root,24216,5344,00:00:11/33-12:53:18,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/33-12:53:18,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/33-12:53:17,1354) /usr/sbin/cron -n (root,697972,81828,00:43:51/33-12:53:11,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,222656,63272,00:14:25/33-12:52:57,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/47:52,3524) [kworker/2:2-events] (root,0,0,00:00:00/01:29,3850) [kworker/1:1-ata_sff] (root,0,0,00:00:00/01:09,7073) [kworker/u8:1-writeback] (root,0,0,00:00:00/27:25,7957) [kworker/1:0-events] (postfix,24244,8272,00:00:00/01:06:33,13877) pickup -l -t fifo -u (root,0,0,00:00:00/16:32,14111) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10012,00:00:00/27-10:44:13,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:31/27-10:44:12,15391) sshd: cm-ssh (root,0,0,00:00:00/06:39,16673) [kworker/1:2-ata_sff] (root,35308,10072,00:00:00/17-12:12:51,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:00/17-12:12:50,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:24:47,18088) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/18:11,19428) [kworker/0:2-events] (root,0,0,00:00:03/01:54:27,24863) [kworker/2:1-events] (root,6656,3480,00:00:00/00:00,26333) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,26351) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,26352) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/02:16:45,29457) [kworker/3:0-events] (postfix,44628,9316,00:00:01/27-17:29:58,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/25:38,31017) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-15 23:16 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ca6d3fe4Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:15/31-12:41:42,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-12:41:42,2) [kthreadd] (root,0,0,00:00:00/31-12:41:42,3) [rcu_gp] (root,0,0,00:00:00/31-12:41:42,4) [rcu_par_gp] (root,0,0,00:00:00/31-12:41:42,5) [slub_flushwq] (root,0,0,00:00:00/31-12:41:42,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-12:41:42,9) [mm_percpu_wq] (root,0,0,00:00:00/31-12:41:42,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-12:41:42,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-12:41:42,12) [rcu_tasks_trace] (root,0,0,00:00:57/31-12:41:42,13) [ksoftirqd/0] (root,0,0,01:23:50/31-12:41:42,14) [rcu_preempt] (root,0,0,00:00:11/31-12:41:42,15) [migration/0] (root,0,0,00:00:00/31-12:41:42,16) [idle_inject/0] (root,0,0,00:00:00/31-12:41:42,18) [cpuhp/0] (root,0,0,00:00:00/31-12:41:42,19) [cpuhp/1] (root,0,0,00:00:00/31-12:41:42,20) [idle_inject/1] (root,0,0,00:00:12/31-12:41:42,21) [migration/1] (root,0,0,00:00:50/31-12:41:42,22) [ksoftirqd/1] (root,0,0,00:00:00/31-12:41:42,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-12:41:42,25) [cpuhp/2] (root,0,0,00:00:00/31-12:41:42,26) [idle_inject/2] (root,0,0,00:00:09/31-12:41:42,27) [migration/2] (root,0,0,01:01:42/31-12:41:42,28) [ksoftirqd/2] (root,0,0,00:00:00/31-12:41:42,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-12:41:42,31) [cpuhp/3] (root,0,0,00:00:00/31-12:41:42,32) [idle_inject/3] (root,0,0,00:00:11/31-12:41:42,33) [migration/3] (root,0,0,00:02:51/31-12:41:42,34) [ksoftirqd/3] (root,0,0,00:00:00/31-12:41:42,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-12:41:42,39) [kdevtmpfs] (root,0,0,00:00:00/31-12:41:42,40) [netns] (root,0,0,00:00:00/31-12:41:42,41) [inet_frag_wq] (root,0,0,00:00:07/31-12:41:42,42) [kauditd] (root,0,0,00:00:00/31-12:41:42,43) [khungtaskd] (root,0,0,00:00:00/31-12:41:42,44) [oom_reaper] (root,0,0,00:00:00/31-12:41:42,45) [writeback] (root,0,0,00:01:32/31-12:41:42,46) [kcompactd0] (root,0,0,00:00:00/31-12:41:42,47) [ksmd] (root,0,0,00:01:31/31-12:41:42,48) [khugepaged] (root,0,0,00:00:00/31-12:41:42,74) [kintegrityd] (root,0,0,00:00:00/31-12:41:42,75) [kblockd] (root,0,0,00:00:00/31-12:41:42,76) [blkcg_punt_bio] (root,0,0,00:00:00/31-12:41:42,78) [tpm_dev_wq] (root,0,0,00:00:00/31-12:41:42,79) [edac-poller] (root,0,0,00:00:00/31-12:41:42,80) [devfreq_wq] (root,0,0,00:00:00/31-12:41:42,110) [watchdogd] (root,0,0,00:00:06/31-12:41:42,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/31-12:41:42,112) [kswapd0] (root,0,0,00:00:00/31-12:41:41,114) [kthrotld] (root,0,0,00:00:00/31-12:41:41,115) [mld] (root,0,0,00:00:00/31-12:41:41,116) [ipv6_addrconf] (root,0,0,00:00:13/31-12:41:41,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/31-12:41:41,122) [kstrp] (root,0,0,00:00:00/31-12:41:41,123) [zswap-shrink] (root,0,0,00:00:00/31-12:41:41,124) [kworker/u9:0] (root,0,0,00:00:00/31-12:41:41,129) [charger_manager] (root,0,0,00:00:07/31-12:41:40,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/31-12:41:40,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-12:41:40,205) [kaluad] (root,0,0,00:00:00/31-12:41:40,250) [kmpath_rdacd] (root,0,0,00:00:00/31-12:41:40,293) [kmpathd] (root,0,0,00:00:00/31-12:41:40,294) [kmpath_handlerd] (root,0,0,00:00:00/31-12:41:40,342) [ata_sff] (root,0,0,00:00:00/31-12:41:39,343) [scsi_eh_0] (root,0,0,00:00:00/31-12:41:39,344) [scsi_tmf_0] (root,0,0,00:00:00/31-12:41:39,345) [scsi_eh_1] (root,0,0,00:00:00/31-12:41:39,346) [scsi_tmf_1] (root,0,0,00:00:51/31-12:41:37,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-12:41:37,367) [ext4-rsv-conver] (root,38604,7788,00:00:42/31-12:41:25,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/31-12:41:24,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:47/31-12:41:22,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:15/31-12:40:48,512) /sbin/auditd (messagebus,22936,5548,00:01:21/31-12:40:48,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:47/31-12:40:48,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/31-12:40:48,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/31-12:40:47,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/31-12:40:47,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/58:22,843) [kworker/u8:2-ext4-rsv-conversion] (root,548360,31484,00:00:35/31-12:40:33,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/31-12:40:33,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:02:55/31-12:40:32,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/31-12:40:32,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/31-12:40:32,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/31-12:40:32,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/31-12:40:32,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:40/31-12:40:32,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:17/31-12:40:32,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/31-12:40:32,1206) bpfilter_umh (root,26204,8212,00:00:12/31-12:40:32,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/31-12:40:32,1215) ntpd: asynchronous dns resolver (spot,286552,173744,1-15:26:44/31-12:40:32,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/31-12:40:31,1228) (sd-pam) (checkmk,48532,3192,00:00:00/31-12:40:31,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/31-12:40:31,1245) (sd-pam) (root,24216,5344,00:00:10/31-12:40:30,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/31-12:40:30,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/31-12:40:29,1354) /usr/sbin/cron -n (root,697972,81512,00:41:14/31-12:40:23,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,221632,61380,00:13:37/31-12:40:09,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/03:01,2013) [kworker/u8:1] (root,0,0,00:00:02/03:55:04,5886) [kworker/3:1-events] (root,0,0,00:00:02/03:32:33,8787) [kworker/0:2-cgroup_destroy] (root,0,0,00:00:01/57:28,11542) [kworker/2:0-events] (root,6656,3488,00:00:00/00:00,15076) /bin/bash /usr/bin/check_mk_agent (root,13744,3380,00:00:00/00:00,15094) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,15095) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10012,00:00:00/25-10:31:25,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:24/25-10:31:24,15391) sshd: cm-ssh (root,0,0,00:00:00/01:08:20,16327) [kworker/u8:0-writeback] (root,35308,10072,00:00:00/15-12:00:03,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:53/15-12:00:02,16977) sshd: syslogtunnel (root,0,0,00:00:00/03:44,22377) [kworker/0:1-events] (root,0,0,00:00:00/03:43,23196) [kworker/1:2-events] (postfix,24244,8232,00:00:00/01:15:42,25164) pickup -l -t fifo -u (root,0,0,00:00:00/05:36,27074) [kworker/3:2-events] (root,0,0,00:00:00/35:05,29649) [kworker/2:2-events] (root,0,0,00:00:00/08:56,29982) [kworker/1:1-ata_sff] (postfix,44628,9316,00:00:01/25-17:17:10,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/34:52,31543) [kworker/1:0-ata_sff] (root,0,0,00:00:00/04:47:01,31966) [kworker/0:0-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-13 23:03 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363175e5eeaFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:12/29-12:49:26,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-12:49:26,2) [kthreadd] (root,0,0,00:00:00/29-12:49:26,3) [rcu_gp] (root,0,0,00:00:00/29-12:49:26,4) [rcu_par_gp] (root,0,0,00:00:00/29-12:49:26,5) [slub_flushwq] (root,0,0,00:00:00/29-12:49:26,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-12:49:26,9) [mm_percpu_wq] (root,0,0,00:00:00/29-12:49:26,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-12:49:26,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-12:49:26,12) [rcu_tasks_trace] (root,0,0,00:00:52/29-12:49:26,13) [ksoftirqd/0] (root,0,0,01:18:40/29-12:49:26,14) [rcu_preempt] (root,0,0,00:00:11/29-12:49:26,15) [migration/0] (root,0,0,00:00:00/29-12:49:26,16) [idle_inject/0] (root,0,0,00:00:00/29-12:49:26,18) [cpuhp/0] (root,0,0,00:00:00/29-12:49:26,19) [cpuhp/1] (root,0,0,00:00:00/29-12:49:26,20) [idle_inject/1] (root,0,0,00:00:11/29-12:49:26,21) [migration/1] (root,0,0,00:00:46/29-12:49:26,22) [ksoftirqd/1] (root,0,0,00:00:00/29-12:49:26,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-12:49:26,25) [cpuhp/2] (root,0,0,00:00:00/29-12:49:26,26) [idle_inject/2] (root,0,0,00:00:09/29-12:49:26,27) [migration/2] (root,0,0,00:58:01/29-12:49:26,28) [ksoftirqd/2] (root,0,0,00:00:00/29-12:49:26,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-12:49:26,31) [cpuhp/3] (root,0,0,00:00:00/29-12:49:26,32) [idle_inject/3] (root,0,0,00:00:11/29-12:49:26,33) [migration/3] (root,0,0,00:02:40/29-12:49:26,34) [ksoftirqd/3] (root,0,0,00:00:00/29-12:49:26,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-12:49:26,39) [kdevtmpfs] (root,0,0,00:00:00/29-12:49:26,40) [netns] (root,0,0,00:00:00/29-12:49:26,41) [inet_frag_wq] (root,0,0,00:00:06/29-12:49:26,42) [kauditd] (root,0,0,00:00:00/29-12:49:26,43) [khungtaskd] (root,0,0,00:00:00/29-12:49:26,44) [oom_reaper] (root,0,0,00:00:00/29-12:49:26,45) [writeback] (root,0,0,00:01:26/29-12:49:26,46) [kcompactd0] (root,0,0,00:00:00/29-12:49:26,47) [ksmd] (root,0,0,00:01:25/29-12:49:26,48) [khugepaged] (root,0,0,00:00:00/29-12:49:26,74) [kintegrityd] (root,0,0,00:00:00/29-12:49:26,75) [kblockd] (root,0,0,00:00:00/29-12:49:26,76) [blkcg_punt_bio] (root,0,0,00:00:00/29-12:49:26,78) [tpm_dev_wq] (root,0,0,00:00:00/29-12:49:26,79) [edac-poller] (root,0,0,00:00:00/29-12:49:26,80) [devfreq_wq] (root,0,0,00:00:00/29-12:49:26,110) [watchdogd] (root,0,0,00:00:06/29-12:49:26,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/29-12:49:26,112) [kswapd0] (root,0,0,00:00:00/29-12:49:25,114) [kthrotld] (root,0,0,00:00:00/29-12:49:25,115) [mld] (root,0,0,00:00:00/29-12:49:25,116) [ipv6_addrconf] (root,0,0,00:00:12/29-12:49:25,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/29-12:49:25,122) [kstrp] (root,0,0,00:00:00/29-12:49:25,123) [zswap-shrink] (root,0,0,00:00:00/29-12:49:25,124) [kworker/u9:0] (root,0,0,00:00:00/29-12:49:25,129) [charger_manager] (root,0,0,00:00:06/29-12:49:24,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/29-12:49:24,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-12:49:24,205) [kaluad] (root,0,0,00:00:00/29-12:49:24,250) [kmpath_rdacd] (root,0,0,00:00:00/29-12:49:24,293) [kmpathd] (root,0,0,00:00:00/29-12:49:24,294) [kmpath_handlerd] (root,0,0,00:00:00/29-12:49:24,342) [ata_sff] (root,0,0,00:00:00/29-12:49:23,343) [scsi_eh_0] (root,0,0,00:00:00/29-12:49:23,344) [scsi_tmf_0] (root,0,0,00:00:00/29-12:49:23,345) [scsi_eh_1] (root,0,0,00:00:00/29-12:49:23,346) [scsi_tmf_1] (root,0,0,00:00:48/29-12:49:21,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-12:49:21,367) [ext4-rsv-conver] (root,38604,7788,00:00:40/29-12:49:09,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/29-12:49:08,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:44/29-12:49:06,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/29-12:48:32,512) /sbin/auditd (messagebus,22936,5548,00:01:18/29-12:48:32,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:45/29-12:48:32,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/29-12:48:32,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/29-12:48:31,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/29-12:48:31,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:33/29-12:48:17,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/29-12:48:17,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:40/29-12:48:16,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/29-12:48:16,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/29-12:48:16,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/29-12:48:16,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/29-12:48:16,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:38/29-12:48:16,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:01/29-12:48:16,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/29-12:48:16,1206) bpfilter_umh (root,26204,8212,00:00:12/29-12:48:16,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/29-12:48:16,1215) ntpd: asynchronous dns resolver (spot,291564,178804,1-12:55:52/29-12:48:16,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/29-12:48:15,1228) (sd-pam) (checkmk,48532,3192,00:00:00/29-12:48:15,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/29-12:48:15,1245) (sd-pam) (root,24216,5344,00:00:09/29-12:48:14,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/29-12:48:14,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/29-12:48:13,1354) /usr/sbin/cron -n (root,697576,81132,00:38:38/29-12:48:07,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,220608,60496,00:12:52/29-12:47:53,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/10:03:40,6101) [kworker/0:2-events] (root,0,0,00:00:00/01:56:33,8802) [kworker/u8:0] (root,0,0,00:00:00/00:35,9637) [kworker/1:2-ata_sff] (root,6656,3480,00:00:00/00:00,11737) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,11755) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,11756) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/13:14,12543) [kworker/3:2-events] (root,0,0,00:00:00/11:38,13387) [kworker/2:0-events] (root,0,0,00:00:00/01:16:27,14764) [kworker/3:0-events] (root,35308,10012,00:00:00/23-10:39:09,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:18/23-10:39:08,15391) sshd: cm-ssh (root,35308,10072,00:00:00/13-12:07:47,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:46/13-12:07:46,16977) sshd: syslogtunnel (root,0,0,00:00:01/05:31:59,20264) [kworker/0:1-events] (root,0,0,00:00:00/05:45,27561) [kworker/1:1-ata_sff] (postfix,24244,8172,00:00:00/05:12,28504) pickup -l -t fifo -u (root,0,0,00:00:07/15:08:32,29407) [kworker/1:0-events] (postfix,44628,9316,00:00:01/23-17:24:54,30472) tlsmgr -l -t unix -u (root,0,0,00:00:02/02:35:10,31583) [kworker/2:2-rcu_gp] (root,0,0,00:00:00/02:21:08,32428) [kworker/u8:2-writeback] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-11 23:11 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ad7e559bFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:08/27-13:47:30,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-13:47:30,2) [kthreadd] (root,0,0,00:00:00/27-13:47:30,3) [rcu_gp] (root,0,0,00:00:00/27-13:47:30,4) [rcu_par_gp] (root,0,0,00:00:00/27-13:47:30,5) [slub_flushwq] (root,0,0,00:00:00/27-13:47:30,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-13:47:30,9) [mm_percpu_wq] (root,0,0,00:00:00/27-13:47:30,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-13:47:30,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-13:47:30,12) [rcu_tasks_trace] (root,0,0,00:00:50/27-13:47:30,13) [ksoftirqd/0] (root,0,0,01:13:39/27-13:47:30,14) [rcu_preempt] (root,0,0,00:00:10/27-13:47:30,15) [migration/0] (root,0,0,00:00:00/27-13:47:30,16) [idle_inject/0] (root,0,0,00:00:00/27-13:47:30,18) [cpuhp/0] (root,0,0,00:00:00/27-13:47:30,19) [cpuhp/1] (root,0,0,00:00:00/27-13:47:30,20) [idle_inject/1] (root,0,0,00:00:10/27-13:47:30,21) [migration/1] (root,0,0,00:00:43/27-13:47:30,22) [ksoftirqd/1] (root,0,0,00:00:00/27-13:47:30,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-13:47:30,25) [cpuhp/2] (root,0,0,00:00:00/27-13:47:30,26) [idle_inject/2] (root,0,0,00:00:08/27-13:47:30,27) [migration/2] (root,0,0,00:55:24/27-13:47:30,28) [ksoftirqd/2] (root,0,0,00:00:00/27-13:47:30,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-13:47:30,31) [cpuhp/3] (root,0,0,00:00:00/27-13:47:30,32) [idle_inject/3] (root,0,0,00:00:10/27-13:47:30,33) [migration/3] (root,0,0,00:02:32/27-13:47:30,34) [ksoftirqd/3] (root,0,0,00:00:00/27-13:47:30,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-13:47:30,39) [kdevtmpfs] (root,0,0,00:00:00/27-13:47:30,40) [netns] (root,0,0,00:00:00/27-13:47:30,41) [inet_frag_wq] (root,0,0,00:00:06/27-13:47:30,42) [kauditd] (root,0,0,00:00:00/27-13:47:30,43) [khungtaskd] (root,0,0,00:00:00/27-13:47:30,44) [oom_reaper] (root,0,0,00:00:00/27-13:47:30,45) [writeback] (root,0,0,00:01:21/27-13:47:30,46) [kcompactd0] (root,0,0,00:00:00/27-13:47:30,47) [ksmd] (root,0,0,00:01:19/27-13:47:30,48) [khugepaged] (root,0,0,00:00:00/27-13:47:30,74) [kintegrityd] (root,0,0,00:00:00/27-13:47:30,75) [kblockd] (root,0,0,00:00:00/27-13:47:30,76) [blkcg_punt_bio] (root,0,0,00:00:00/27-13:47:30,78) [tpm_dev_wq] (root,0,0,00:00:00/27-13:47:30,79) [edac-poller] (root,0,0,00:00:00/27-13:47:30,80) [devfreq_wq] (root,0,0,00:00:00/27-13:47:30,110) [watchdogd] (root,0,0,00:00:05/27-13:47:30,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/27-13:47:30,112) [kswapd0] (root,0,0,00:00:00/27-13:47:29,114) [kthrotld] (root,0,0,00:00:00/27-13:47:29,115) [mld] (root,0,0,00:00:00/27-13:47:29,116) [ipv6_addrconf] (root,0,0,00:00:11/27-13:47:29,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/27-13:47:29,122) [kstrp] (root,0,0,00:00:00/27-13:47:29,123) [zswap-shrink] (root,0,0,00:00:00/27-13:47:29,124) [kworker/u9:0] (root,0,0,00:00:00/27-13:47:29,129) [charger_manager] (root,0,0,00:00:06/27-13:47:28,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/27-13:47:28,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-13:47:28,205) [kaluad] (root,0,0,00:00:00/27-13:47:28,250) [kmpath_rdacd] (root,0,0,00:00:00/27-13:47:28,293) [kmpathd] (root,0,0,00:00:00/27-13:47:28,294) [kmpath_handlerd] (root,0,0,00:00:00/27-13:47:28,342) [ata_sff] (root,0,0,00:00:00/27-13:47:27,343) [scsi_eh_0] (root,0,0,00:00:00/27-13:47:27,344) [scsi_tmf_0] (root,0,0,00:00:00/27-13:47:27,345) [scsi_eh_1] (root,0,0,00:00:00/27-13:47:27,346) [scsi_tmf_1] (root,0,0,00:00:44/27-13:47:25,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-13:47:25,367) [ext4-rsv-conver] (root,38604,7788,00:00:38/27-13:47:13,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/27-13:47:12,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:41/27-13:47:10,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/27-13:46:36,512) /sbin/auditd (messagebus,22936,5548,00:01:14/27-13:46:36,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8520,00:00:43/27-13:46:36,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/27-13:46:36,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/27-13:46:35,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/27-13:46:35,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:31/27-13:46:21,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/27-13:46:21,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:33/27-13:46:20,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/27-13:46:20,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/27-13:46:20,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/27-13:46:20,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/27-13:46:20,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:36/27-13:46:20,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:03:45/27-13:46:20,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/27-13:46:20,1206) bpfilter_umh (root,26204,8212,00:00:11/27-13:46:20,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/27-13:46:20,1215) ntpd: asynchronous dns resolver (spot,289656,176568,1-10:38:06/27-13:46:20,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/27-13:46:19,1228) (sd-pam) (checkmk,48532,3192,00:00:00/27-13:46:19,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/27-13:46:19,1245) (sd-pam) (root,24216,5344,00:00:09/27-13:46:18,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/27-13:46:18,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/27-13:46:17,1354) /usr/sbin/cron -n (root,697064,80568,00:36:05/27-13:46:11,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,219584,58620,00:11:35/27-13:45:57,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/03:01:02,1639) [kworker/3:1-events] (root,0,0,00:00:00/34:37,8451) [kworker/u8:2-writeback] (root,0,0,00:00:00/31:56,13512) [kworker/1:3-events] (postfix,24244,8148,00:00:00/01:25:16,14566) pickup -l -t fifo -u (root,35308,10012,00:00:00/21-11:37:13,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:11/21-11:37:12,15391) sshd: cm-ssh (root,0,0,00:00:00/01:24:12,16439) [kworker/u8:1-ext4-rsv-conversion] (root,35308,10072,00:00:00/11-13:05:51,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:40/11-13:05:50,16977) sshd: syslogtunnel (root,0,0,00:00:00/10:15,18552) [kworker/0:2] (root,0,0,00:00:01/05:57:37,18730) [kworker/0:0-events] (root,0,0,00:00:00/01:03,19273) [kworker/1:1-ata_sff] (root,0,0,00:00:00/01:00:40,20552) [kworker/2:1] (root,6656,3488,00:00:00/00:00,23733) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,23751) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,23752) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/01:09:32,27932) [kworker/2:2-events] (root,0,0,00:00:00/06:14,29890) [kworker/1:0-ata_sff] (postfix,44628,9316,00:00:00/21-18:22:58,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:53:57,32261) [kworker/3:0-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-10 00:09 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ce5f2c05Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12816,00:01:04/25-11:47:11,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-11:47:11,2) [kthreadd] (root,0,0,00:00:00/25-11:47:11,3) [rcu_gp] (root,0,0,00:00:00/25-11:47:11,4) [rcu_par_gp] (root,0,0,00:00:00/25-11:47:11,5) [slub_flushwq] (root,0,0,00:00:00/25-11:47:11,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-11:47:11,9) [mm_percpu_wq] (root,0,0,00:00:00/25-11:47:11,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-11:47:11,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-11:47:11,12) [rcu_tasks_trace] (root,0,0,00:00:46/25-11:47:11,13) [ksoftirqd/0] (root,0,0,01:08:07/25-11:47:11,14) [rcu_preempt] (root,0,0,00:00:09/25-11:47:11,15) [migration/0] (root,0,0,00:00:00/25-11:47:11,16) [idle_inject/0] (root,0,0,00:00:00/25-11:47:11,18) [cpuhp/0] (root,0,0,00:00:00/25-11:47:11,19) [cpuhp/1] (root,0,0,00:00:00/25-11:47:11,20) [idle_inject/1] (root,0,0,00:00:10/25-11:47:11,21) [migration/1] (root,0,0,00:00:40/25-11:47:11,22) [ksoftirqd/1] (root,0,0,00:00:00/25-11:47:11,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-11:47:11,25) [cpuhp/2] (root,0,0,00:00:00/25-11:47:11,26) [idle_inject/2] (root,0,0,00:00:08/25-11:47:11,27) [migration/2] (root,0,0,00:51:56/25-11:47:11,28) [ksoftirqd/2] (root,0,0,00:00:00/25-11:47:11,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-11:47:11,31) [cpuhp/3] (root,0,0,00:00:00/25-11:47:11,32) [idle_inject/3] (root,0,0,00:00:09/25-11:47:11,33) [migration/3] (root,0,0,00:02:20/25-11:47:11,34) [ksoftirqd/3] (root,0,0,00:00:00/25-11:47:11,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-11:47:11,39) [kdevtmpfs] (root,0,0,00:00:00/25-11:47:11,40) [netns] (root,0,0,00:00:00/25-11:47:11,41) [inet_frag_wq] (root,0,0,00:00:06/25-11:47:11,42) [kauditd] (root,0,0,00:00:00/25-11:47:11,43) [khungtaskd] (root,0,0,00:00:00/25-11:47:11,44) [oom_reaper] (root,0,0,00:00:00/25-11:47:11,45) [writeback] (root,0,0,00:01:14/25-11:47:11,46) [kcompactd0] (root,0,0,00:00:00/25-11:47:11,47) [ksmd] (root,0,0,00:01:13/25-11:47:11,48) [khugepaged] (root,0,0,00:00:00/25-11:47:11,74) [kintegrityd] (root,0,0,00:00:00/25-11:47:11,75) [kblockd] (root,0,0,00:00:00/25-11:47:11,76) [blkcg_punt_bio] (root,0,0,00:00:00/25-11:47:11,78) [tpm_dev_wq] (root,0,0,00:00:00/25-11:47:11,79) [edac-poller] (root,0,0,00:00:00/25-11:47:11,80) [devfreq_wq] (root,0,0,00:00:00/25-11:47:11,110) [watchdogd] (root,0,0,00:00:05/25-11:47:11,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/25-11:47:11,112) [kswapd0] (root,0,0,00:00:00/25-11:47:10,114) [kthrotld] (root,0,0,00:00:00/25-11:47:10,115) [mld] (root,0,0,00:00:00/25-11:47:10,116) [ipv6_addrconf] (root,0,0,00:00:10/25-11:47:10,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/25-11:47:10,122) [kstrp] (root,0,0,00:00:00/25-11:47:10,123) [zswap-shrink] (root,0,0,00:00:00/25-11:47:10,124) [kworker/u9:0] (root,0,0,00:00:00/25-11:47:10,129) [charger_manager] (root,0,0,00:00:05/25-11:47:09,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/25-11:47:09,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-11:47:09,205) [kaluad] (root,0,0,00:00:00/25-11:47:09,250) [kmpath_rdacd] (root,0,0,00:00:00/25-11:47:09,293) [kmpathd] (root,0,0,00:00:00/25-11:47:09,294) [kmpath_handlerd] (root,0,0,00:00:00/25-11:47:09,342) [ata_sff] (root,0,0,00:00:00/25-11:47:08,343) [scsi_eh_0] (root,0,0,00:00:00/25-11:47:08,344) [scsi_tmf_0] (root,0,0,00:00:00/25-11:47:08,345) [scsi_eh_1] (root,0,0,00:00:00/25-11:47:08,346) [scsi_tmf_1] (root,0,0,00:00:40/25-11:47:06,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-11:47:06,367) [ext4-rsv-conver] (root,38604,7876,00:00:36/25-11:46:54,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:03/25-11:46:53,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:38/25-11:46:51,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:13/25-11:46:17,512) /sbin/auditd (messagebus,22936,5640,00:01:10/25-11:46:17,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:40/25-11:46:17,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/25-11:46:17,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/25-11:46:16,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/25-11:46:16,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,6656,3488,00:00:00/00:00,736) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,754) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,755) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,548104,30844,00:00:29/25-11:46:02,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/25-11:46:02,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:18/25-11:46:01,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/25-11:46:01,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/25-11:46:01,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/25-11:46:01,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/25-11:46:01,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:34/25-11:46:01,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:28/25-11:46:01,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/25-11:46:01,1206) bpfilter_umh (root,26204,8300,00:00:11/25-11:46:01,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/25-11:46:01,1215) ntpd: asynchronous dns resolver (spot,301904,188380,1-07:58:08/25-11:46:01,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/25-11:46:00,1228) (sd-pam) (checkmk,48532,3192,00:00:00/25-11:46:00,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/25-11:46:00,1245) (sd-pam) (root,24216,5348,00:00:08/25-11:45:59,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/25-11:45:59,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/25-11:45:58,1354) /usr/sbin/cron -n (root,694116,77804,00:33:20/25-11:45:52,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,218560,57720,00:10:06/25-11:45:38,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/58:58,1652) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/07:29,2650) [kworker/1:0-ata_sff] (root,0,0,00:00:00/01:39:08,6276) [kworker/3:1-cgroup_destroy] (postfix,24244,8216,00:00:00/01:25:55,9556) pickup -l -t fifo -u (root,0,0,00:00:00/04:15,14894) [kworker/3:0] (root,0,0,00:00:00/01:05:26,15018) [kworker/0:2-events] (root,35308,10012,00:00:00/19-09:36:54,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:04/19-09:36:53,15391) sshd: cm-ssh (root,35308,10072,00:00:00/9-11:05:32,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:33/9-11:05:31,16977) sshd: syslogtunnel (root,0,0,00:00:00/07:39:22,17512) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/06:04:12,18263) [kworker/3:2-events] (root,0,0,00:00:00/31:41,19596) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:04/04:49:46,21123) [kworker/2:1-events] (root,0,0,00:00:00/10:55,22566) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/02:16,24196) [kworker/1:2-ata_sff] (postfix,44628,9372,00:00:00/19-16:22:39,30472) tlsmgr -l -t unix -u (root,0,0,00:00:01/02:06:48,31732) [kworker/1:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-07 22:09 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683635d259d82Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12808,00:01:00/23-11:33:27,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-11:33:27,2) [kthreadd] (root,0,0,00:00:00/23-11:33:27,3) [rcu_gp] (root,0,0,00:00:00/23-11:33:27,4) [rcu_par_gp] (root,0,0,00:00:00/23-11:33:27,5) [slub_flushwq] (root,0,0,00:00:00/23-11:33:27,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-11:33:27,9) [mm_percpu_wq] (root,0,0,00:00:00/23-11:33:27,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-11:33:27,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-11:33:27,12) [rcu_tasks_trace] (root,0,0,00:00:42/23-11:33:27,13) [ksoftirqd/0] (root,0,0,01:02:30/23-11:33:27,14) [rcu_preempt] (root,0,0,00:00:08/23-11:33:27,15) [migration/0] (root,0,0,00:00:00/23-11:33:27,16) [idle_inject/0] (root,0,0,00:00:00/23-11:33:27,18) [cpuhp/0] (root,0,0,00:00:00/23-11:33:27,19) [cpuhp/1] (root,0,0,00:00:00/23-11:33:27,20) [idle_inject/1] (root,0,0,00:00:09/23-11:33:27,21) [migration/1] (root,0,0,00:00:36/23-11:33:27,22) [ksoftirqd/1] (root,0,0,00:00:00/23-11:33:27,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-11:33:27,25) [cpuhp/2] (root,0,0,00:00:00/23-11:33:27,26) [idle_inject/2] (root,0,0,00:00:07/23-11:33:27,27) [migration/2] (root,0,0,00:47:16/23-11:33:27,28) [ksoftirqd/2] (root,0,0,00:00:00/23-11:33:27,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-11:33:27,31) [cpuhp/3] (root,0,0,00:00:00/23-11:33:27,32) [idle_inject/3] (root,0,0,00:00:08/23-11:33:27,33) [migration/3] (root,0,0,00:02:09/23-11:33:27,34) [ksoftirqd/3] (root,0,0,00:00:00/23-11:33:27,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-11:33:27,39) [kdevtmpfs] (root,0,0,00:00:00/23-11:33:27,40) [netns] (root,0,0,00:00:00/23-11:33:27,41) [inet_frag_wq] (root,0,0,00:00:05/23-11:33:27,42) [kauditd] (root,0,0,00:00:00/23-11:33:27,43) [khungtaskd] (root,0,0,00:00:00/23-11:33:27,44) [oom_reaper] (root,0,0,00:00:00/23-11:33:27,45) [writeback] (root,0,0,00:01:08/23-11:33:27,46) [kcompactd0] (root,0,0,00:00:00/23-11:33:27,47) [ksmd] (root,0,0,00:01:07/23-11:33:27,48) [khugepaged] (root,0,0,00:00:00/23-11:33:27,74) [kintegrityd] (root,0,0,00:00:00/23-11:33:27,75) [kblockd] (root,0,0,00:00:00/23-11:33:27,76) [blkcg_punt_bio] (root,0,0,00:00:00/23-11:33:27,78) [tpm_dev_wq] (root,0,0,00:00:00/23-11:33:27,79) [edac-poller] (root,0,0,00:00:00/23-11:33:27,80) [devfreq_wq] (root,0,0,00:00:00/23-11:33:27,110) [watchdogd] (root,0,0,00:00:04/23-11:33:27,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/23-11:33:27,112) [kswapd0] (root,0,0,00:00:00/23-11:33:26,114) [kthrotld] (root,0,0,00:00:00/23-11:33:26,115) [mld] (root,0,0,00:00:00/23-11:33:26,116) [ipv6_addrconf] (root,0,0,00:00:09/23-11:33:26,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/23-11:33:26,122) [kstrp] (root,0,0,00:00:00/23-11:33:26,123) [zswap-shrink] (root,0,0,00:00:00/23-11:33:26,124) [kworker/u9:0] (root,0,0,00:00:00/23-11:33:26,129) [charger_manager] (root,0,0,00:00:05/23-11:33:25,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/23-11:33:25,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-11:33:25,205) [kaluad] (root,0,0,00:00:00/23-11:33:25,250) [kmpath_rdacd] (root,0,0,00:00:00/23-11:33:25,293) [kmpathd] (root,0,0,00:00:00/23-11:33:25,294) [kmpath_handlerd] (root,0,0,00:00:00/23-11:33:25,342) [ata_sff] (root,0,0,00:00:00/23-11:33:24,343) [scsi_eh_0] (root,0,0,00:00:00/23-11:33:24,344) [scsi_tmf_0] (root,0,0,00:00:00/23-11:33:24,345) [scsi_eh_1] (root,0,0,00:00:00/23-11:33:24,346) [scsi_tmf_1] (root,0,0,00:00:36/23-11:33:22,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-11:33:22,367) [ext4-rsv-conver] (root,38604,7876,00:00:33/23-11:33:10,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/23-11:33:09,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:35/23-11:33:07,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:12/23-11:32:33,512) /sbin/auditd (messagebus,22936,5640,00:01:06/23-11:32:33,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:38/23-11:32:33,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/23-11:32:33,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/23-11:32:32,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/23-11:32:32,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,6764,3608,00:00:00/00:00,678) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,817) /bin/bash /usr/bin/check_mk_agent (root,8032,5648,00:00:00/00:00,845) python ././remotecheck (root,13744,3360,00:00:00/00:00,847) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,848) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,548104,30324,00:00:26/23-11:32:18,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/23-11:32:18,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:06/23-11:32:17,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/23-11:32:17,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/23-11:32:17,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/23-11:32:17,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/23-11:32:17,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:32/23-11:32:17,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:11/23-11:32:17,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/23-11:32:17,1206) bpfilter_umh (root,26204,8300,00:00:10/23-11:32:17,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/23-11:32:17,1215) ntpd: asynchronous dns resolver (spot,285436,172716,1-05:31:40/23-11:32:17,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/23-11:32:16,1228) (sd-pam) (checkmk,48532,3192,00:00:00/23-11:32:16,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/23-11:32:16,1245) (sd-pam) (root,24216,5348,00:00:07/23-11:32:15,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/23-11:32:15,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/23-11:32:14,1354) /usr/sbin/cron -n (root,693860,77148,00:30:37/23-11:32:08,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,55840,00:08:39/23-11:31:54,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/03:24:39,2229) [kworker/0:2-events] (root,0,0,00:00:00/03:01:09,6466) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/23:52,7973) [kworker/0:1-events] (root,0,0,00:00:00/35:06,8120) [kworker/u8:1-flush-253:0] (postfix,24244,8256,00:00:00/01:33:59,9788) pickup -l -t fifo -u (root,0,0,00:00:00/44:01,10323) [kworker/3:1-cgroup_destroy] (root,35308,10012,00:00:00/17-09:23:10,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:58/17-09:23:09,15391) sshd: cm-ssh (root,0,0,00:00:00/03:30,15454) [kworker/3:0] (root,0,0,00:00:00/02:17:30,16672) [kworker/3:2-events] (root,35308,10072,00:00:00/7-10:51:48,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:25/7-10:51:47,16977) sshd: syslogtunnel (root,0,0,00:00:00/30:39,21182) [kworker/2:2-events] (root,0,0,00:00:02/02:04:09,21755) [kworker/2:0-mm_percpu_wq] (root,0,0,00:00:00/01:41,22939) [kworker/1:0-ata_sff] (root,0,0,00:00:00/38:01,30106) [kworker/1:2-events] (postfix,44628,9372,00:00:00/17-16:08:55,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/06:54,31212) [kworker/1:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-05 21:55 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f8720193Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12808,00:00:57/21-14:25:07,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-14:25:07,2) [kthreadd] (root,0,0,00:00:00/21-14:25:07,3) [rcu_gp] (root,0,0,00:00:00/21-14:25:07,4) [rcu_par_gp] (root,0,0,00:00:00/21-14:25:07,5) [slub_flushwq] (root,0,0,00:00:00/21-14:25:07,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-14:25:07,9) [mm_percpu_wq] (root,0,0,00:00:00/21-14:25:07,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-14:25:07,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-14:25:07,12) [rcu_tasks_trace] (root,0,0,00:00:39/21-14:25:07,13) [ksoftirqd/0] (root,0,0,00:57:30/21-14:25:07,14) [rcu_preempt] (root,0,0,00:00:08/21-14:25:07,15) [migration/0] (root,0,0,00:00:00/21-14:25:07,16) [idle_inject/0] (root,0,0,00:00:00/21-14:25:07,18) [cpuhp/0] (root,0,0,00:00:00/21-14:25:07,19) [cpuhp/1] (root,0,0,00:00:00/21-14:25:07,20) [idle_inject/1] (root,0,0,00:00:08/21-14:25:07,21) [migration/1] (root,0,0,00:00:34/21-14:25:07,22) [ksoftirqd/1] (root,0,0,00:00:00/21-14:25:07,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-14:25:07,25) [cpuhp/2] (root,0,0,00:00:00/21-14:25:07,26) [idle_inject/2] (root,0,0,00:00:06/21-14:25:07,27) [migration/2] (root,0,0,00:43:40/21-14:25:07,28) [ksoftirqd/2] (root,0,0,00:00:00/21-14:25:07,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-14:25:07,31) [cpuhp/3] (root,0,0,00:00:00/21-14:25:07,32) [idle_inject/3] (root,0,0,00:00:08/21-14:25:07,33) [migration/3] (root,0,0,00:02:00/21-14:25:07,34) [ksoftirqd/3] (root,0,0,00:00:00/21-14:25:07,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-14:25:07,39) [kdevtmpfs] (root,0,0,00:00:00/21-14:25:07,40) [netns] (root,0,0,00:00:00/21-14:25:07,41) [inet_frag_wq] (root,0,0,00:00:05/21-14:25:07,42) [kauditd] (root,0,0,00:00:00/21-14:25:07,43) [khungtaskd] (root,0,0,00:00:00/21-14:25:07,44) [oom_reaper] (root,0,0,00:00:00/21-14:25:07,45) [writeback] (root,0,0,00:01:03/21-14:25:07,46) [kcompactd0] (root,0,0,00:00:00/21-14:25:07,47) [ksmd] (root,0,0,00:01:02/21-14:25:07,48) [khugepaged] (root,0,0,00:00:00/21-14:25:07,74) [kintegrityd] (root,0,0,00:00:00/21-14:25:07,75) [kblockd] (root,0,0,00:00:00/21-14:25:07,76) [blkcg_punt_bio] (root,0,0,00:00:00/21-14:25:07,78) [tpm_dev_wq] (root,0,0,00:00:00/21-14:25:07,79) [edac-poller] (root,0,0,00:00:00/21-14:25:07,80) [devfreq_wq] (root,0,0,00:00:00/21-14:25:07,110) [watchdogd] (root,0,0,00:00:04/21-14:25:07,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/21-14:25:07,112) [kswapd0] (root,0,0,00:00:00/21-14:25:06,114) [kthrotld] (root,0,0,00:00:00/21-14:25:06,115) [mld] (root,0,0,00:00:00/21-14:25:06,116) [ipv6_addrconf] (root,0,0,00:00:09/21-14:25:06,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/21-14:25:06,122) [kstrp] (root,0,0,00:00:00/21-14:25:06,123) [zswap-shrink] (root,0,0,00:00:00/21-14:25:06,124) [kworker/u9:0] (root,0,0,00:00:00/21-14:25:06,129) [charger_manager] (root,0,0,00:00:04/21-14:25:05,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/21-14:25:05,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-14:25:05,205) [kaluad] (root,0,0,00:00:00/21-14:25:05,250) [kmpath_rdacd] (root,0,0,00:00:00/21-14:25:05,293) [kmpathd] (root,0,0,00:00:00/21-14:25:05,294) [kmpath_handlerd] (root,0,0,00:00:00/21-14:25:05,342) [ata_sff] (root,0,0,00:00:00/21-14:25:04,343) [scsi_eh_0] (root,0,0,00:00:00/21-14:25:04,344) [scsi_tmf_0] (root,0,0,00:00:00/21-14:25:04,345) [scsi_eh_1] (root,0,0,00:00:00/21-14:25:04,346) [scsi_tmf_1] (root,0,0,00:00:33/21-14:25:02,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-14:25:02,367) [ext4-rsv-conver] (root,38604,7876,00:00:31/21-14:24:50,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/21-14:24:49,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:32/21-14:24:47,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:11/21-14:24:13,512) /sbin/auditd (messagebus,22936,5640,00:01:03/21-14:24:13,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:36/21-14:24:13,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/21-14:24:13,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/21-14:24:12,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/21-14:24:12,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29804,00:00:24/21-14:23:58,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/21-14:23:58,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:00/21-14:23:57,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/21-14:23:57,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/21-14:23:57,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/21-14:23:57,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/21-14:23:57,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:30/21-14:23:57,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:02:56/21-14:23:57,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/21-14:23:57,1206) bpfilter_umh (root,26204,8300,00:00:09/21-14:23:57,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/21-14:23:57,1215) ntpd: asynchronous dns resolver (spot,285116,171856,1-03:19:23/21-14:23:57,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/21-14:23:56,1228) (sd-pam) (checkmk,48532,3192,00:00:00/21-14:23:56,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/21-14:23:56,1245) (sd-pam) (root,24216,5348,00:00:07/21-14:23:55,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/21-14:23:55,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/21-14:23:54,1354) /usr/sbin/cron -n (root,693604,76796,00:28:07/21-14:23:48,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,216512,54956,00:07:24/21-14:23:34,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:03/03:05:50,1511) [kworker/2:0-events] (root,0,0,00:00:00/47:14,1699) [kworker/u8:1] (root,0,0,00:00:01/01:38:33,3242) [kworker/1:2-events_freezable_power_] (root,0,0,00:00:00/01:03:51,3967) [kworker/0:1-events] (postfix,24244,8180,00:00:00/01:27:25,7480) pickup -l -t fifo -u (root,0,0,00:00:00/38:21,8023) [kworker/3:0] (root,0,0,00:00:00/12:52,10807) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/00:12,14577) [kworker/2:1-events] (root,0,0,00:00:00/00:00,15330) [kworker/1:1] (root,6656,3492,00:00:00/00:00,15372) /bin/bash /usr/bin/check_mk_agent (root,35308,10012,00:00:00/15-12:14:50,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:51/15-12:14:49,15391) sshd: cm-ssh (root,13744,3420,00:00:00/00:00,15392) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,15393) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/44:43,15465) [kworker/2:2-cgroup_destroy] (root,35308,10072,00:00:00/5-13:43:28,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:19/5-13:43:27,16977) sshd: syslogtunnel (root,0,0,00:00:00/19:18,20907) [kworker/0:2] (root,0,0,00:00:02/08:56:24,30433) [kworker/3:1-events] (postfix,44628,9372,00:00:00/15-19:00:35,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/05:11,30889) [kworker/1:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-04 00:47 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683634cd0ea74Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12828,00:00:53/19-15:04:10,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-15:04:10,2) [kthreadd] (root,0,0,00:00:00/19-15:04:10,3) [rcu_gp] (root,0,0,00:00:00/19-15:04:10,4) [rcu_par_gp] (root,0,0,00:00:00/19-15:04:10,5) [slub_flushwq] (root,0,0,00:00:00/19-15:04:10,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-15:04:10,9) [mm_percpu_wq] (root,0,0,00:00:00/19-15:04:10,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-15:04:10,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-15:04:10,12) [rcu_tasks_trace] (root,0,0,00:00:36/19-15:04:10,13) [ksoftirqd/0] (root,0,0,00:52:20/19-15:04:10,14) [rcu_preempt] (root,0,0,00:00:07/19-15:04:10,15) [migration/0] (root,0,0,00:00:00/19-15:04:10,16) [idle_inject/0] (root,0,0,00:00:00/19-15:04:10,18) [cpuhp/0] (root,0,0,00:00:00/19-15:04:10,19) [cpuhp/1] (root,0,0,00:00:00/19-15:04:10,20) [idle_inject/1] (root,0,0,00:00:07/19-15:04:10,21) [migration/1] (root,0,0,00:00:31/19-15:04:10,22) [ksoftirqd/1] (root,0,0,00:00:00/19-15:04:10,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-15:04:10,25) [cpuhp/2] (root,0,0,00:00:00/19-15:04:10,26) [idle_inject/2] (root,0,0,00:00:06/19-15:04:10,27) [migration/2] (root,0,0,00:39:11/19-15:04:10,28) [ksoftirqd/2] (root,0,0,00:00:00/19-15:04:10,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-15:04:10,31) [cpuhp/3] (root,0,0,00:00:00/19-15:04:10,32) [idle_inject/3] (root,0,0,00:00:07/19-15:04:10,33) [migration/3] (root,0,0,00:01:49/19-15:04:10,34) [ksoftirqd/3] (root,0,0,00:00:00/19-15:04:10,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-15:04:10,39) [kdevtmpfs] (root,0,0,00:00:00/19-15:04:10,40) [netns] (root,0,0,00:00:00/19-15:04:10,41) [inet_frag_wq] (root,0,0,00:00:05/19-15:04:10,42) [kauditd] (root,0,0,00:00:00/19-15:04:10,43) [khungtaskd] (root,0,0,00:00:00/19-15:04:10,44) [oom_reaper] (root,0,0,00:00:00/19-15:04:10,45) [writeback] (root,0,0,00:00:57/19-15:04:10,46) [kcompactd0] (root,0,0,00:00:00/19-15:04:10,47) [ksmd] (root,0,0,00:00:57/19-15:04:10,48) [khugepaged] (root,0,0,00:00:00/19-15:04:10,74) [kintegrityd] (root,0,0,00:00:00/19-15:04:10,75) [kblockd] (root,0,0,00:00:00/19-15:04:10,76) [blkcg_punt_bio] (root,0,0,00:00:00/19-15:04:10,78) [tpm_dev_wq] (root,0,0,00:00:00/19-15:04:10,79) [edac-poller] (root,0,0,00:00:00/19-15:04:10,80) [devfreq_wq] (root,0,0,00:00:00/19-15:04:10,110) [watchdogd] (root,0,0,00:00:03/19-15:04:10,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/19-15:04:10,112) [kswapd0] (root,0,0,00:00:00/19-15:04:09,114) [kthrotld] (root,0,0,00:00:00/19-15:04:09,115) [mld] (root,0,0,00:00:00/19-15:04:09,116) [ipv6_addrconf] (root,0,0,00:00:08/19-15:04:09,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/19-15:04:09,122) [kstrp] (root,0,0,00:00:00/19-15:04:09,123) [zswap-shrink] (root,0,0,00:00:00/19-15:04:09,124) [kworker/u9:0] (root,0,0,00:00:00/19-15:04:09,129) [charger_manager] (root,0,0,00:00:04/19-15:04:08,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/19-15:04:08,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-15:04:08,205) [kaluad] (root,0,0,00:00:00/19-15:04:08,250) [kmpath_rdacd] (root,0,0,00:00:00/19-15:04:08,293) [kmpathd] (root,0,0,00:00:00/19-15:04:08,294) [kmpath_handlerd] (root,0,0,00:00:00/19-15:04:08,342) [ata_sff] (root,0,0,00:00:00/19-15:04:07,343) [scsi_eh_0] (root,0,0,00:00:00/19-15:04:07,344) [scsi_tmf_0] (root,0,0,00:00:00/19-15:04:07,345) [scsi_eh_1] (root,0,0,00:00:00/19-15:04:07,346) [scsi_tmf_1] (root,0,0,00:00:29/19-15:04:05,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-15:04:05,367) [ext4-rsv-conver] (root,38604,7876,00:00:29/19-15:03:53,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/19-15:03:52,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:29/19-15:03:50,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:11/19-15:03:16,512) /sbin/auditd (messagebus,22936,5672,00:00:58/19-15:03:16,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:33/19-15:03:16,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/19-15:03:16,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/19-15:03:15,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/19-15:03:15,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29812,00:00:22/19-15:03:01,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/19-15:03:01,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:49/19-15:03:00,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/19-15:03:00,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/19-15:03:00,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/19-15:03:00,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/19-15:03:00,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:28/19-15:03:00,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:40/19-15:03:00,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/19-15:03:00,1206) bpfilter_umh (root,26204,8300,00:00:09/19-15:03:00,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/19-15:03:00,1215) ntpd: asynchronous dns resolver (spot,284684,171748,1-01:06:14/19-15:03:00,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/19-15:02:59,1228) (sd-pam) (checkmk,48532,3192,00:00:00/19-15:02:59,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/19-15:02:59,1245) (sd-pam) (root,24216,5348,00:00:06/19-15:02:58,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/19-15:02:58,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/19-15:02:57,1354) /usr/sbin/cron -n (root,692836,75760,00:25:30/19-15:02:51,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,215488,53056,00:06:35/19-15:02:37,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/07:05:34,3898) [kworker/3:2-events] (root,0,0,00:00:00/02:05:48,4121) [kworker/u8:0-writeback] (postfix,24244,8224,00:00:00/47:21,8017) pickup -l -t fifo -u (root,0,0,00:00:00/24:55,12709) [kworker/2:1-events] (root,0,0,00:00:00/13:25,14635) [kworker/1:0-events] (root,0,0,00:00:00/03:02,14902) [kworker/1:1-ata_sff] (root,35308,10012,00:00:00/13-12:53:53,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:45/13-12:53:52,15391) sshd: cm-ssh (root,35308,10072,00:00:00/3-14:22:31,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:12/3-14:22:30,16977) sshd: syslogtunnel (root,0,0,00:00:00/56:18,20923) [kworker/u8:2-ext4-rsv-conversion] (root,6656,3488,00:00:00/00:00,21285) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,21303) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,21304) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:33:15,22032) [kworker/3:0-cgroup_destroy] (root,0,0,00:00:00/01:20:46,22794) [kworker/0:1] (root,0,0,00:00:01/01:33:03,23007) [kworker/2:2-mm_percpu_wq] (root,0,0,00:00:01/03:30:12,26126) [kworker/0:2-events] (root,0,0,00:00:00/08:13,30422) [kworker/1:2-ata_sff] (postfix,44628,9416,00:00:00/13-19:39:38,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-02 01:26 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ba3b530bFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:49/17-14:16:30,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-14:16:30,2) [kthreadd] (root,0,0,00:00:00/17-14:16:30,3) [rcu_gp] (root,0,0,00:00:00/17-14:16:30,4) [rcu_par_gp] (root,0,0,00:00:00/17-14:16:30,5) [slub_flushwq] (root,0,0,00:00:00/17-14:16:30,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-14:16:30,9) [mm_percpu_wq] (root,0,0,00:00:00/17-14:16:30,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-14:16:30,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-14:16:30,12) [rcu_tasks_trace] (root,0,0,00:00:33/17-14:16:30,13) [ksoftirqd/0] (root,0,0,00:47:07/17-14:16:30,14) [rcu_preempt] (root,0,0,00:00:06/17-14:16:30,15) [migration/0] (root,0,0,00:00:00/17-14:16:30,16) [idle_inject/0] (root,0,0,00:00:00/17-14:16:30,18) [cpuhp/0] (root,0,0,00:00:00/17-14:16:30,19) [cpuhp/1] (root,0,0,00:00:00/17-14:16:30,20) [idle_inject/1] (root,0,0,00:00:07/17-14:16:30,21) [migration/1] (root,0,0,00:00:28/17-14:16:30,22) [ksoftirqd/1] (root,0,0,00:00:00/17-14:16:30,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-14:16:30,25) [cpuhp/2] (root,0,0,00:00:00/17-14:16:30,26) [idle_inject/2] (root,0,0,00:00:05/17-14:16:30,27) [migration/2] (root,0,0,00:35:57/17-14:16:30,28) [ksoftirqd/2] (root,0,0,00:00:00/17-14:16:30,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-14:16:30,31) [cpuhp/3] (root,0,0,00:00:00/17-14:16:30,32) [idle_inject/3] (root,0,0,00:00:06/17-14:16:30,33) [migration/3] (root,0,0,00:01:40/17-14:16:30,34) [ksoftirqd/3] (root,0,0,00:00:00/17-14:16:30,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-14:16:30,39) [kdevtmpfs] (root,0,0,00:00:00/17-14:16:30,40) [netns] (root,0,0,00:00:00/17-14:16:30,41) [inet_frag_wq] (root,0,0,00:00:04/17-14:16:30,42) [kauditd] (root,0,0,00:00:00/17-14:16:30,43) [khungtaskd] (root,0,0,00:00:00/17-14:16:30,44) [oom_reaper] (root,0,0,00:00:00/17-14:16:30,45) [writeback] (root,0,0,00:00:51/17-14:16:30,46) [kcompactd0] (root,0,0,00:00:00/17-14:16:30,47) [ksmd] (root,0,0,00:00:51/17-14:16:30,48) [khugepaged] (root,0,0,00:00:00/17-14:16:30,74) [kintegrityd] (root,0,0,00:00:00/17-14:16:30,75) [kblockd] (root,0,0,00:00:00/17-14:16:30,76) [blkcg_punt_bio] (root,0,0,00:00:00/17-14:16:30,78) [tpm_dev_wq] (root,0,0,00:00:00/17-14:16:30,79) [edac-poller] (root,0,0,00:00:00/17-14:16:30,80) [devfreq_wq] (root,0,0,00:00:00/17-14:16:30,110) [watchdogd] (root,0,0,00:00:03/17-14:16:30,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/17-14:16:30,112) [kswapd0] (root,0,0,00:00:00/17-14:16:29,114) [kthrotld] (root,0,0,00:00:00/17-14:16:29,115) [mld] (root,0,0,00:00:00/17-14:16:29,116) [ipv6_addrconf] (root,0,0,00:00:07/17-14:16:29,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/17-14:16:29,122) [kstrp] (root,0,0,00:00:00/17-14:16:29,123) [zswap-shrink] (root,0,0,00:00:00/17-14:16:29,124) [kworker/u9:0] (root,0,0,00:00:00/17-14:16:29,129) [charger_manager] (root,0,0,00:00:03/17-14:16:28,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/17-14:16:28,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-14:16:28,205) [kaluad] (root,0,0,00:00:00/17-14:16:28,250) [kmpath_rdacd] (root,0,0,00:00:00/17-14:16:28,293) [kmpathd] (root,0,0,00:00:00/17-14:16:28,294) [kmpath_handlerd] (root,0,0,00:00:00/17-14:16:28,342) [ata_sff] (root,0,0,00:00:00/17-14:16:27,343) [scsi_eh_0] (root,0,0,00:00:00/17-14:16:27,344) [scsi_tmf_0] (root,0,0,00:00:00/17-14:16:27,345) [scsi_eh_1] (root,0,0,00:00:00/17-14:16:27,346) [scsi_tmf_1] (root,0,0,00:00:26/17-14:16:25,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-14:16:25,367) [ext4-rsv-conver] (root,38604,7876,00:00:27/17-14:16:13,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/17-14:16:12,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:26/17-14:16:10,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:10/17-14:15:36,512) /sbin/auditd (messagebus,22936,5672,00:00:54/17-14:15:36,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:31/17-14:15:36,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/17-14:15:36,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/17-14:15:35,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/17-14:15:35,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,29016,00:00:19/17-14:15:21,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/17-14:15:21,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:38/17-14:15:20,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/17-14:15:20,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/17-14:15:20,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/17-14:15:20,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/17-14:15:20,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:26/17-14:15:20,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:23/17-14:15:20,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/17-14:15:20,1206) bpfilter_umh (root,26204,8300,00:00:08/17-14:15:20,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/17-14:15:20,1215) ntpd: asynchronous dns resolver (spot,284780,171772,23:07:50/17-14:15:20,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/17-14:15:19,1228) (sd-pam) (checkmk,48532,3192,00:00:00/17-14:15:19,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/17-14:15:19,1245) (sd-pam) (root,24216,5348,00:00:05/17-14:15:18,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/17-14:15:18,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/17-14:15:17,1354) /usr/sbin/cron -n (root,692236,75412,00:22:51/17-14:15:11,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,214464,51284,00:05:53/17-14:14:57,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:42:42,6422) [kworker/0:2-events] (root,6656,3488,00:00:00/00:01,12083) /bin/bash /usr/bin/check_mk_agent (root,6656,3480,00:00:00/00:01,12086) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,12121) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,12122) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/35:03,14661) [kworker/2:2-events] (root,35308,10012,00:00:00/11-12:06:13,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:38/11-12:06:12,15391) sshd: cm-ssh (root,35308,10072,00:00:00/1-13:34:51,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:05/1-13:34:50,16977) sshd: syslogtunnel (postfix,24244,8200,00:00:00/21:33,18919) pickup -l -t fifo -u (root,0,0,00:00:00/53:34,22787) [kworker/3:0-events] (root,0,0,00:00:02/05:17:49,24312) [kworker/0:0-events] (root,0,0,00:00:00/53:08,26541) [kworker/u8:2-writeback] (root,0,0,00:00:00/43:35,28099) [kworker/1:0-events_freezable_power_] (root,0,0,00:00:00/08:21:36,28658) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/02:05,30079) [kworker/1:2-ata_sff] (postfix,44628,9416,00:00:00/11-18:51:58,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/07:18,30688) [kworker/1:1-ata_sff] (root,0,0,00:00:00/28:43,32239) [kworker/2:1] (root,0,0,00:00:01/04:03:39,32305) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-30 00:38 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683631cac0606Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:45/15-13:57:27,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-13:57:27,2) [kthreadd] (root,0,0,00:00:00/15-13:57:27,3) [rcu_gp] (root,0,0,00:00:00/15-13:57:27,4) [rcu_par_gp] (root,0,0,00:00:00/15-13:57:27,5) [slub_flushwq] (root,0,0,00:00:00/15-13:57:27,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-13:57:27,9) [mm_percpu_wq] (root,0,0,00:00:00/15-13:57:27,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-13:57:27,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-13:57:27,12) [rcu_tasks_trace] (root,0,0,00:00:29/15-13:57:27,13) [ksoftirqd/0] (root,0,0,00:41:49/15-13:57:27,14) [rcu_preempt] (root,0,0,00:00:05/15-13:57:27,15) [migration/0] (root,0,0,00:00:00/15-13:57:27,16) [idle_inject/0] (root,0,0,00:00:00/15-13:57:27,18) [cpuhp/0] (root,0,0,00:00:00/15-13:57:27,19) [cpuhp/1] (root,0,0,00:00:00/15-13:57:27,20) [idle_inject/1] (root,0,0,00:00:06/15-13:57:27,21) [migration/1] (root,0,0,00:00:25/15-13:57:27,22) [ksoftirqd/1] (root,0,0,00:00:00/15-13:57:27,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-13:57:27,25) [cpuhp/2] (root,0,0,00:00:00/15-13:57:27,26) [idle_inject/2] (root,0,0,00:00:05/15-13:57:27,27) [migration/2] (root,0,0,00:32:22/15-13:57:27,28) [ksoftirqd/2] (root,0,0,00:00:00/15-13:57:27,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-13:57:27,31) [cpuhp/3] (root,0,0,00:00:00/15-13:57:27,32) [idle_inject/3] (root,0,0,00:00:05/15-13:57:27,33) [migration/3] (root,0,0,00:01:29/15-13:57:27,34) [ksoftirqd/3] (root,0,0,00:00:00/15-13:57:27,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-13:57:27,39) [kdevtmpfs] (root,0,0,00:00:00/15-13:57:27,40) [netns] (root,0,0,00:00:00/15-13:57:27,41) [inet_frag_wq] (root,0,0,00:00:04/15-13:57:27,42) [kauditd] (root,0,0,00:00:00/15-13:57:27,43) [khungtaskd] (root,0,0,00:00:00/15-13:57:27,44) [oom_reaper] (root,0,0,00:00:00/15-13:57:27,45) [writeback] (root,0,0,00:00:46/15-13:57:27,46) [kcompactd0] (root,0,0,00:00:00/15-13:57:27,47) [ksmd] (root,0,0,00:00:46/15-13:57:27,48) [khugepaged] (root,0,0,00:00:00/15-13:57:27,74) [kintegrityd] (root,0,0,00:00:00/15-13:57:27,75) [kblockd] (root,0,0,00:00:00/15-13:57:27,76) [blkcg_punt_bio] (root,0,0,00:00:00/15-13:57:27,78) [tpm_dev_wq] (root,0,0,00:00:00/15-13:57:27,79) [edac-poller] (root,0,0,00:00:00/15-13:57:27,80) [devfreq_wq] (root,0,0,00:00:00/15-13:57:27,110) [watchdogd] (root,0,0,00:00:03/15-13:57:27,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/15-13:57:27,112) [kswapd0] (root,0,0,00:00:00/15-13:57:26,114) [kthrotld] (root,0,0,00:00:00/15-13:57:26,115) [mld] (root,0,0,00:00:00/15-13:57:26,116) [ipv6_addrconf] (root,0,0,00:00:06/15-13:57:26,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/15-13:57:26,122) [kstrp] (root,0,0,00:00:00/15-13:57:26,123) [zswap-shrink] (root,0,0,00:00:00/15-13:57:26,124) [kworker/u9:0] (root,0,0,00:00:00/15-13:57:26,129) [charger_manager] (root,0,0,00:00:03/15-13:57:25,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/15-13:57:25,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-13:57:25,205) [kaluad] (root,0,0,00:00:00/15-13:57:25,250) [kmpath_rdacd] (root,0,0,00:00:00/15-13:57:25,293) [kmpathd] (root,0,0,00:00:00/15-13:57:25,294) [kmpath_handlerd] (root,0,0,00:00:00/15-13:57:25,342) [ata_sff] (root,0,0,00:00:00/15-13:57:24,343) [scsi_eh_0] (root,0,0,00:00:00/15-13:57:24,344) [scsi_tmf_0] (root,0,0,00:00:00/15-13:57:24,345) [scsi_eh_1] (root,0,0,00:00:00/15-13:57:24,346) [scsi_tmf_1] (root,0,0,00:00:23/15-13:57:22,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-13:57:22,367) [ext4-rsv-conver] (root,38604,7876,00:00:24/15-13:57:10,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/15-13:57:09,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:23/15-13:57:07,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:09/15-13:56:33,512) /sbin/auditd (messagebus,22936,5672,00:00:49/15-13:56:33,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:28/15-13:56:33,531) /usr/lib/systemd/systemd-logind (root,0,0,00:00:00/01:01:04,539) [kworker/0:2] (root,20556,5140,00:00:00/15-13:56:33,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/15-13:56:32,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/15-13:56:32,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27976,00:00:17/15-13:56:18,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/15-13:56:18,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:24/15-13:56:17,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/15-13:56:17,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/15-13:56:17,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/15-13:56:17,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/15-13:56:17,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:24/15-13:56:17,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:06/15-13:56:17,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/15-13:56:17,1206) bpfilter_umh (root,26204,8300,00:00:07/15-13:56:17,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/15-13:56:17,1215) ntpd: asynchronous dns resolver (spot,285236,171328,20:57:26/15-13:56:17,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/15-13:56:16,1228) (sd-pam) (checkmk,48532,3192,00:00:00/15-13:56:16,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/15-13:56:16,1245) (sd-pam) (root,24216,5348,00:00:05/15-13:56:15,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/15-13:56:15,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/15-13:56:14,1354) /usr/sbin/cron -n (root,691980,74872,00:20:10/15-13:56:08,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,213440,49188,00:05:10/15-13:55:54,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:56,2813) [kworker/1:0-ata_sff] (postfix,24244,8144,00:00:00/24:35,7227) pickup -l -t fifo -u (root,35308,10012,00:00:00/8-05:52:21,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:29/8-05:52:21,8749) sshd: syslogtunnel (root,0,0,00:00:00/49:45,10498) [kworker/3:0-events] (root,0,0,00:00:01/01:12:23,10640) [kworker/2:2-events] (root,6656,3484,00:00:00/00:00,10773) /bin/bash /usr/bin/check_mk_agent (root,13744,3412,00:00:00/00:00,10791) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,10792) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:06,11645) [kworker/1:2-ata_sff] (root,35308,10012,00:00:00/9-11:47:10,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:31/9-11:47:09,15391) sshd: cm-ssh (root,0,0,00:00:00/48:38,16028) [kworker/1:1-events] (root,0,0,00:00:00/10:29,25460) [kworker/2:0] (root,0,0,00:00:00/01:23:33,26890) [kworker/0:1-events] (root,0,0,00:00:00/26:43,28652) [kworker/u8:0-writeback] (postfix,44628,9416,00:00:00/9-18:32:55,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:18:44,30764) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:01/05:46:45,31041) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-28 00:19 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363739b3244Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:40/13-13:36:01,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-13:36:01,2) [kthreadd] (root,0,0,00:00:00/13-13:36:01,3) [rcu_gp] (root,0,0,00:00:00/13-13:36:01,4) [rcu_par_gp] (root,0,0,00:00:00/13-13:36:01,5) [slub_flushwq] (root,0,0,00:00:00/13-13:36:01,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-13:36:01,9) [mm_percpu_wq] (root,0,0,00:00:00/13-13:36:01,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-13:36:01,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-13:36:01,12) [rcu_tasks_trace] (root,0,0,00:00:25/13-13:36:01,13) [ksoftirqd/0] (root,0,0,00:36:33/13-13:36:01,14) [rcu_preempt] (root,0,0,00:00:05/13-13:36:01,15) [migration/0] (root,0,0,00:00:00/13-13:36:01,16) [idle_inject/0] (root,0,0,00:00:00/13-13:36:01,18) [cpuhp/0] (root,0,0,00:00:00/13-13:36:01,19) [cpuhp/1] (root,0,0,00:00:00/13-13:36:01,20) [idle_inject/1] (root,0,0,00:00:05/13-13:36:01,21) [migration/1] (root,0,0,00:00:22/13-13:36:01,22) [ksoftirqd/1] (root,0,0,00:00:00/13-13:36:01,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-13:36:01,25) [cpuhp/2] (root,0,0,00:00:00/13-13:36:01,26) [idle_inject/2] (root,0,0,00:00:04/13-13:36:01,27) [migration/2] (root,0,0,00:28:49/13-13:36:01,28) [ksoftirqd/2] (root,0,0,00:00:00/13-13:36:01,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-13:36:01,31) [cpuhp/3] (root,0,0,00:00:00/13-13:36:01,32) [idle_inject/3] (root,0,0,00:00:05/13-13:36:01,33) [migration/3] (root,0,0,00:01:19/13-13:36:01,34) [ksoftirqd/3] (root,0,0,00:00:00/13-13:36:01,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-13:36:01,39) [kdevtmpfs] (root,0,0,00:00:00/13-13:36:01,40) [netns] (root,0,0,00:00:00/13-13:36:01,41) [inet_frag_wq] (root,0,0,00:00:04/13-13:36:01,42) [kauditd] (root,0,0,00:00:00/13-13:36:01,43) [khungtaskd] (root,0,0,00:00:00/13-13:36:01,44) [oom_reaper] (root,0,0,00:00:00/13-13:36:01,45) [writeback] (root,0,0,00:00:40/13-13:36:01,46) [kcompactd0] (root,0,0,00:00:00/13-13:36:01,47) [ksmd] (root,0,0,00:00:40/13-13:36:01,48) [khugepaged] (root,0,0,00:00:00/13-13:36:01,74) [kintegrityd] (root,0,0,00:00:00/13-13:36:01,75) [kblockd] (root,0,0,00:00:00/13-13:36:01,76) [blkcg_punt_bio] (root,0,0,00:00:00/13-13:36:01,78) [tpm_dev_wq] (root,0,0,00:00:00/13-13:36:01,79) [edac-poller] (root,0,0,00:00:00/13-13:36:01,80) [devfreq_wq] (root,0,0,00:00:00/13-13:36:01,110) [watchdogd] (root,0,0,00:00:02/13-13:36:01,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/13-13:36:01,112) [kswapd0] (root,0,0,00:00:00/13-13:36:00,114) [kthrotld] (root,0,0,00:00:00/13-13:36:00,115) [mld] (root,0,0,00:00:00/13-13:36:00,116) [ipv6_addrconf] (root,0,0,00:00:05/13-13:36:00,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/13-13:36:00,122) [kstrp] (root,0,0,00:00:00/13-13:36:00,123) [zswap-shrink] (root,0,0,00:00:00/13-13:36:00,124) [kworker/u9:0] (root,0,0,00:00:00/13-13:36:00,129) [charger_manager] (root,0,0,00:00:02/13-13:35:59,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/13-13:35:59,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-13:35:59,205) [kaluad] (root,0,0,00:00:00/13-13:35:59,250) [kmpath_rdacd] (root,0,0,00:00:00/13-13:35:59,293) [kmpathd] (root,0,0,00:00:00/13-13:35:59,294) [kmpath_handlerd] (root,0,0,00:00:00/13-13:35:59,342) [ata_sff] (root,0,0,00:00:00/13-13:35:58,343) [scsi_eh_0] (root,0,0,00:00:00/13-13:35:58,344) [scsi_tmf_0] (root,0,0,00:00:00/13-13:35:58,345) [scsi_eh_1] (root,0,0,00:00:00/13-13:35:58,346) [scsi_tmf_1] (root,0,0,00:00:20/13-13:35:56,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-13:35:56,367) [ext4-rsv-conver] (root,38604,7876,00:00:22/13-13:35:44,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/13-13:35:43,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:20/13-13:35:41,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:08/13-13:35:07,512) /sbin/auditd (messagebus,22936,5672,00:00:45/13-13:35:07,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8536,00:00:25/13-13:35:07,531) /usr/lib/systemd/systemd-logind (root,0,0,00:00:00/05:39,536) [kworker/1:1-ata_sff] (root,20556,5140,00:00:00/13-13:35:07,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/13-13:35:06,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/13-13:35:06,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27716,00:00:15/13-13:34:52,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/13-13:34:52,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:12/13-13:34:51,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/13-13:34:51,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/13-13:34:51,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/13-13:34:51,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/13-13:34:51,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:21/13-13:34:51,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:01:50/13-13:34:51,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/13-13:34:51,1206) bpfilter_umh (root,26204,8300,00:00:07/13-13:34:51,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/13-13:34:51,1215) ntpd: asynchronous dns resolver (spot,287124,171728,18:12:39/13-13:34:51,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/13-13:34:50,1228) (sd-pam) (checkmk,48532,3192,00:00:00/13-13:34:50,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/13-13:34:50,1245) (sd-pam) (root,24216,5348,00:00:04/13-13:34:49,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/13-13:34:49,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/13-13:34:48,1354) /usr/sbin/cron -n (root,691980,74552,00:17:32/13-13:34:42,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,47904,00:04:29/13-13:34:28,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/14:02,2659) [kworker/2:0-events] (root,0,0,00:00:04/03:32:39,4939) [kworker/2:2-events] (root,0,0,00:00:00/21:13,6937) [kworker/1:0-events] (root,0,0,00:00:00/03:19,7321) [kworker/u8:0-flush-253:0] (root,35308,10012,00:00:00/6-05:30:55,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:22/6-05:30:55,8749) sshd: syslogtunnel (root,0,0,00:00:00/19:02,13988) [kworker/0:0-events] (root,0,0,00:00:00/02:45:37,15360) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/7-11:25:44,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:25/7-11:25:43,15391) sshd: cm-ssh (postfix,24244,8212,00:00:00/25:03,19097) pickup -l -t fifo -u (root,0,0,00:00:00/00:27,20955) [kworker/1:2-ata_sff] (root,6656,3488,00:00:00/00:00,22551) /bin/bash /usr/bin/check_mk_agent (root,13744,3424,00:00:00/00:00,22569) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,22570) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/39:29,23451) [kworker/3:1-events] (root,0,0,00:00:00/01:09:49,24348) [kworker/u8:1-ext4-rsv-conversion] (postfix,44628,9416,00:00:00/7-18:11:29,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/29:16,31001) [kworker/0:2-events] (root,0,0,00:00:01/04:03:19,31777) [kworker/3:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-25 23:58 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836368d8b923Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:35/11-13:17:36,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-13:17:36,2) [kthreadd] (root,0,0,00:00:00/11-13:17:36,3) [rcu_gp] (root,0,0,00:00:00/11-13:17:36,4) [rcu_par_gp] (root,0,0,00:00:00/11-13:17:36,5) [slub_flushwq] (root,0,0,00:00:00/11-13:17:36,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-13:17:36,9) [mm_percpu_wq] (root,0,0,00:00:00/11-13:17:36,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-13:17:36,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-13:17:36,12) [rcu_tasks_trace] (root,0,0,00:00:20/11-13:17:36,13) [ksoftirqd/0] (root,0,0,00:30:45/11-13:17:36,14) [rcu_preempt] (root,0,0,00:00:04/11-13:17:36,15) [migration/0] (root,0,0,00:00:00/11-13:17:36,16) [idle_inject/0] (root,0,0,00:00:00/11-13:17:36,18) [cpuhp/0] (root,0,0,00:00:00/11-13:17:36,19) [cpuhp/1] (root,0,0,00:00:00/11-13:17:36,20) [idle_inject/1] (root,0,0,00:00:04/11-13:17:36,21) [migration/1] (root,0,0,00:00:17/11-13:17:36,22) [ksoftirqd/1] (root,0,0,00:00:00/11-13:17:36,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-13:17:36,25) [cpuhp/2] (root,0,0,00:00:00/11-13:17:36,26) [idle_inject/2] (root,0,0,00:00:03/11-13:17:36,27) [migration/2] (root,0,0,00:24:13/11-13:17:36,28) [ksoftirqd/2] (root,0,0,00:00:00/11-13:17:36,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-13:17:36,31) [cpuhp/3] (root,0,0,00:00:00/11-13:17:36,32) [idle_inject/3] (root,0,0,00:00:04/11-13:17:36,33) [migration/3] (root,0,0,00:01:05/11-13:17:36,34) [ksoftirqd/3] (root,0,0,00:00:00/11-13:17:36,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-13:17:36,39) [kdevtmpfs] (root,0,0,00:00:00/11-13:17:36,40) [netns] (root,0,0,00:00:00/11-13:17:36,41) [inet_frag_wq] (root,0,0,00:00:03/11-13:17:36,42) [kauditd] (root,0,0,00:00:00/11-13:17:36,43) [khungtaskd] (root,0,0,00:00:00/11-13:17:36,44) [oom_reaper] (root,0,0,00:00:00/11-13:17:36,45) [writeback] (root,0,0,00:00:33/11-13:17:36,46) [kcompactd0] (root,0,0,00:00:00/11-13:17:36,47) [ksmd] (root,0,0,00:00:34/11-13:17:36,48) [khugepaged] (root,0,0,00:00:00/11-13:17:36,74) [kintegrityd] (root,0,0,00:00:00/11-13:17:36,75) [kblockd] (root,0,0,00:00:00/11-13:17:36,76) [blkcg_punt_bio] (root,0,0,00:00:00/11-13:17:36,78) [tpm_dev_wq] (root,0,0,00:00:00/11-13:17:36,79) [edac-poller] (root,0,0,00:00:00/11-13:17:36,80) [devfreq_wq] (root,0,0,00:00:00/11-13:17:36,110) [watchdogd] (root,0,0,00:00:02/11-13:17:36,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-13:17:36,112) [kswapd0] (root,0,0,00:00:00/11-13:17:35,114) [kthrotld] (root,0,0,00:00:00/11-13:17:35,115) [mld] (root,0,0,00:00:00/11-13:17:35,116) [ipv6_addrconf] (root,0,0,00:00:04/11-13:17:35,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/11-13:17:35,122) [kstrp] (root,0,0,00:00:00/11-13:17:35,123) [zswap-shrink] (root,0,0,00:00:00/11-13:17:35,124) [kworker/u9:0] (root,0,0,00:00:00/11-13:17:35,129) [charger_manager] (root,0,0,00:00:02/11-13:17:34,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/11-13:17:34,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-13:17:34,205) [kaluad] (root,0,0,00:00:00/11-13:17:34,250) [kmpath_rdacd] (root,0,0,00:00:00/11-13:17:34,293) [kmpathd] (root,0,0,00:00:00/11-13:17:34,294) [kmpath_handlerd] (root,0,0,00:00:00/11-13:17:34,342) [ata_sff] (root,0,0,00:00:00/11-13:17:33,343) [scsi_eh_0] (root,0,0,00:00:00/11-13:17:33,344) [scsi_tmf_0] (root,0,0,00:00:00/11-13:17:33,345) [scsi_eh_1] (root,0,0,00:00:00/11-13:17:33,346) [scsi_tmf_1] (root,0,0,00:00:17/11-13:17:31,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-13:17:31,367) [ext4-rsv-conver] (root,38604,7900,00:00:19/11-13:17:19,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/11-13:17:18,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:17/11-13:17:16,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:07/11-13:16:42,512) /sbin/auditd (messagebus,22936,5672,00:00:39/11-13:16:42,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8548,00:00:22/11-13:16:42,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/11-13:16:42,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/11-13:16:41,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/11-13:16:41,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27724,00:00:13/11-13:16:27,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/11-13:16:27,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:01/11-13:16:26,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/11-13:16:26,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/11-13:16:26,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/11-13:16:26,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/11-13:16:26,1201) /usr/lib/systemd/systemd --user (root,448968,9084,00:00:18/11-13:16:26,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:33/11-13:16:26,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/11-13:16:26,1206) bpfilter_umh (root,26204,8300,00:00:06/11-13:16:26,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/11-13:16:26,1215) ntpd: asynchronous dns resolver (spot,285444,171304,14:19:53/11-13:16:26,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/11-13:16:25,1228) (sd-pam) (checkmk,48532,3192,00:00:00/11-13:16:25,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/11-13:16:25,1245) (sd-pam) (root,24216,5348,00:00:03/11-13:16:24,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/11-13:16:24,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/11-13:16:23,1354) /usr/sbin/cron -n (root,691724,74148,00:14:52/11-13:16:17,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,211392,46612,00:03:46/11-13:16:03,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/08:16,4176) [kworker/1:2-ata_sff] (root,0,0,00:00:00/10:39:45,4619) [kworker/u8:0-ext4-rsv-conversion] (postfix,24244,8200,00:00:00/27:18,7853) pickup -l -t fifo -u (root,35308,10012,00:00:00/4-05:12:30,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:15/4-05:12:30,8749) sshd: syslogtunnel (root,0,0,00:00:00/01:49:31,9247) [kworker/0:1-events] (root,0,0,00:00:00/03:06,15274) [kworker/1:0-ata_sff] (root,35308,10012,00:00:00/5-11:07:19,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:18/5-11:07:18,15391) sshd: cm-ssh (root,0,0,00:00:00/02:42:49,16718) [kworker/2:2-events] (root,0,0,00:00:00/16:58,17431) [kworker/3:0-cgroup_destroy] (root,0,0,00:00:00/02:21:55,18633) [kworker/3:2-events] (root,0,0,00:00:02/03:25:26,21671) [kworker/1:1-events] (root,6656,3484,00:00:00/00:00,26075) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,26076) /bin/bash /usr/bin/check_mk_agent (root,13744,3372,00:00:00/00:00,26111) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,26112) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,13744,3440,00:00:00/00:00,26113) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,26114) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/21:12,27030) [kworker/2:0-events] (root,0,0,00:00:00/52:13,30297) [kworker/0:2-events] (postfix,44628,9464,00:00:00/5-17:53:04,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:58:42,31970) [kworker/u8:2-flush-253:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-23 23:39 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c8c43b67Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:30/9-12:18:07,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-12:18:07,2) [kthreadd] (root,0,0,00:00:00/9-12:18:07,3) [rcu_gp] (root,0,0,00:00:00/9-12:18:07,4) [rcu_par_gp] (root,0,0,00:00:00/9-12:18:07,5) [slub_flushwq] (root,0,0,00:00:00/9-12:18:07,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-12:18:07,9) [mm_percpu_wq] (root,0,0,00:00:00/9-12:18:07,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-12:18:07,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-12:18:07,12) [rcu_tasks_trace] (root,0,0,00:00:16/9-12:18:07,13) [ksoftirqd/0] (root,0,0,00:25:10/9-12:18:07,14) [rcu_preempt] (root,0,0,00:00:03/9-12:18:07,15) [migration/0] (root,0,0,00:00:00/9-12:18:07,16) [idle_inject/0] (root,0,0,00:00:00/9-12:18:07,18) [cpuhp/0] (root,0,0,00:00:00/9-12:18:07,19) [cpuhp/1] (root,0,0,00:00:00/9-12:18:07,20) [idle_inject/1] (root,0,0,00:00:03/9-12:18:07,21) [migration/1] (root,0,0,00:00:14/9-12:18:07,22) [ksoftirqd/1] (root,0,0,00:00:00/9-12:18:07,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-12:18:07,25) [cpuhp/2] (root,0,0,00:00:00/9-12:18:07,26) [idle_inject/2] (root,0,0,00:00:03/9-12:18:07,27) [migration/2] (root,0,0,00:20:12/9-12:18:07,28) [ksoftirqd/2] (root,0,0,00:00:00/9-12:18:07,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-12:18:07,31) [cpuhp/3] (root,0,0,00:00:00/9-12:18:07,32) [idle_inject/3] (root,0,0,00:00:03/9-12:18:07,33) [migration/3] (root,0,0,00:00:53/9-12:18:07,34) [ksoftirqd/3] (root,0,0,00:00:00/9-12:18:07,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-12:18:07,39) [kdevtmpfs] (root,0,0,00:00:00/9-12:18:07,40) [netns] (root,0,0,00:00:00/9-12:18:07,41) [inet_frag_wq] (root,0,0,00:00:03/9-12:18:07,42) [kauditd] (root,0,0,00:00:00/9-12:18:07,43) [khungtaskd] (root,0,0,00:00:00/9-12:18:07,44) [oom_reaper] (root,0,0,00:00:00/9-12:18:07,45) [writeback] (root,0,0,00:00:27/9-12:18:07,46) [kcompactd0] (root,0,0,00:00:00/9-12:18:07,47) [ksmd] (root,0,0,00:00:28/9-12:18:07,48) [khugepaged] (root,0,0,00:00:00/9-12:18:07,74) [kintegrityd] (root,0,0,00:00:00/9-12:18:07,75) [kblockd] (root,0,0,00:00:00/9-12:18:07,76) [blkcg_punt_bio] (root,0,0,00:00:00/9-12:18:07,78) [tpm_dev_wq] (root,0,0,00:00:00/9-12:18:07,79) [edac-poller] (root,0,0,00:00:00/9-12:18:07,80) [devfreq_wq] (root,0,0,00:00:00/9-12:18:07,110) [watchdogd] (root,0,0,00:00:01/9-12:18:07,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-12:18:07,112) [kswapd0] (root,0,0,00:00:00/9-12:18:06,114) [kthrotld] (root,0,0,00:00:00/9-12:18:06,115) [mld] (root,0,0,00:00:00/9-12:18:06,116) [ipv6_addrconf] (root,0,0,00:00:04/9-12:18:06,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/9-12:18:06,122) [kstrp] (root,0,0,00:00:00/9-12:18:06,123) [zswap-shrink] (root,0,0,00:00:00/9-12:18:06,124) [kworker/u9:0] (root,0,0,00:00:00/9-12:18:06,129) [charger_manager] (root,0,0,00:00:02/9-12:18:05,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/9-12:18:05,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-12:18:05,205) [kaluad] (root,0,0,00:00:00/9-12:18:05,250) [kmpath_rdacd] (root,0,0,00:00:00/9-12:18:05,293) [kmpathd] (root,0,0,00:00:00/9-12:18:05,294) [kmpath_handlerd] (root,0,0,00:00:00/9-12:18:05,342) [ata_sff] (root,0,0,00:00:00/9-12:18:04,343) [scsi_eh_0] (root,0,0,00:00:00/9-12:18:04,344) [scsi_tmf_0] (root,0,0,00:00:00/9-12:18:04,345) [scsi_eh_1] (root,0,0,00:00:00/9-12:18:04,346) [scsi_tmf_1] (root,0,0,00:00:14/9-12:18:02,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-12:18:02,367) [ext4-rsv-conver] (root,38604,7900,00:00:16/9-12:17:50,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/9-12:17:49,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:14/9-12:17:47,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:06/9-12:17:13,512) /sbin/auditd (messagebus,22936,5672,00:00:33/9-12:17:13,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:19/9-12:17:13,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/9-12:17:13,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/9-12:17:12,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/9-12:17:12,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,26656,00:00:11/9-12:16:58,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/9-12:16:58,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:49/9-12:16:57,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/9-12:16:57,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/9-12:16:57,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/9-12:16:57,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/9-12:16:57,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:16/9-12:16:57,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:16/9-12:16:57,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/9-12:16:57,1206) bpfilter_umh (root,26204,8300,00:00:05/9-12:16:57,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/9-12:16:57,1215) ntpd: asynchronous dns resolver (spot,283060,169268,11:07:27/9-12:16:57,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/9-12:16:56,1228) (sd-pam) (checkmk,48532,3192,00:00:00/9-12:16:56,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/9-12:16:56,1245) (sd-pam) (root,24216,5348,00:00:02/9-12:16:55,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/9-12:16:55,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/9-12:16:54,1354) /usr/sbin/cron -n (root,691336,73768,00:12:14/9-12:16:48,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,210368,45328,00:03:05/9-12:16:34,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/04:04:11,1575) [kworker/u8:1-writeback] (root,0,0,00:00:03/03:45:14,2819) [kworker/2:2-events] (root,0,0,00:00:00/07:16,8610) [kworker/1:2-events] (root,35308,10012,00:00:00/2-04:13:01,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:07/2-04:13:01,8749) sshd: syslogtunnel (root,0,0,00:00:00/01:52:42,13880) [kworker/2:1-events] (root,35308,10012,00:00:00/3-10:07:50,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:11/3-10:07:49,15391) sshd: cm-ssh (root,0,0,00:00:00/48:49,17809) [kworker/3:1-events] (root,0,0,00:00:00/01:33:12,22141) [kworker/3:0-events] (postfix,24244,8192,00:00:00/01:29:46,22236) pickup -l -t fifo -u (root,0,0,00:00:00/02:05,23528) [kworker/1:1-ata_sff] (root,0,0,00:00:00/29:08,25498) [kworker/0:1-events] (root,0,0,00:00:00/19:25,28962) [kworker/0:0-events] (postfix,44628,9464,00:00:00/3-16:53:35,30472) tlsmgr -l -t unix -u (root,6656,3488,00:00:00/00:00,30606) /bin/bash /usr/bin/check_mk_agent (root,13744,3524,00:00:00/00:00,30624) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,30625) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:02/04:42:15,30834) [kworker/1:0-ata_sff] (root,0,0,00:00:00/10:14,30993) [kworker/u8:2-ext4-rsv-conversion] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-21 22:40 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ae041f5dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:24/7-11:50:58,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-11:50:58,2) [kthreadd] (root,0,0,00:00:00/7-11:50:58,3) [rcu_gp] (root,0,0,00:00:00/7-11:50:58,4) [rcu_par_gp] (root,0,0,00:00:00/7-11:50:58,5) [slub_flushwq] (root,0,0,00:00:00/7-11:50:58,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-11:50:58,9) [mm_percpu_wq] (root,0,0,00:00:00/7-11:50:58,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-11:50:58,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-11:50:58,12) [rcu_tasks_trace] (root,0,0,00:00:12/7-11:50:58,13) [ksoftirqd/0] (root,0,0,00:19:41/7-11:50:58,14) [rcu_preempt] (root,0,0,00:00:02/7-11:50:58,15) [migration/0] (root,0,0,00:00:00/7-11:50:58,16) [idle_inject/0] (root,0,0,00:00:00/7-11:50:58,18) [cpuhp/0] (root,0,0,00:00:00/7-11:50:58,19) [cpuhp/1] (root,0,0,00:00:00/7-11:50:58,20) [idle_inject/1] (root,0,0,00:00:03/7-11:50:58,21) [migration/1] (root,0,0,00:00:11/7-11:50:58,22) [ksoftirqd/1] (root,0,0,00:00:00/7-11:50:58,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-11:50:58,25) [cpuhp/2] (root,0,0,00:00:00/7-11:50:58,26) [idle_inject/2] (root,0,0,00:00:02/7-11:50:58,27) [migration/2] (root,0,0,00:15:48/7-11:50:58,28) [ksoftirqd/2] (root,0,0,00:00:00/7-11:50:58,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-11:50:58,31) [cpuhp/3] (root,0,0,00:00:00/7-11:50:58,32) [idle_inject/3] (root,0,0,00:00:03/7-11:50:58,33) [migration/3] (root,0,0,00:00:42/7-11:50:58,34) [ksoftirqd/3] (root,0,0,00:00:00/7-11:50:58,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-11:50:58,39) [kdevtmpfs] (root,0,0,00:00:00/7-11:50:58,40) [netns] (root,0,0,00:00:00/7-11:50:58,41) [inet_frag_wq] (root,0,0,00:00:02/7-11:50:58,42) [kauditd] (root,0,0,00:00:00/7-11:50:58,43) [khungtaskd] (root,0,0,00:00:00/7-11:50:58,44) [oom_reaper] (root,0,0,00:00:00/7-11:50:58,45) [writeback] (root,0,0,00:00:21/7-11:50:58,46) [kcompactd0] (root,0,0,00:00:00/7-11:50:58,47) [ksmd] (root,0,0,00:00:22/7-11:50:58,48) [khugepaged] (root,0,0,00:00:00/7-11:50:58,74) [kintegrityd] (root,0,0,00:00:00/7-11:50:58,75) [kblockd] (root,0,0,00:00:00/7-11:50:58,76) [blkcg_punt_bio] (root,0,0,00:00:00/7-11:50:58,78) [tpm_dev_wq] (root,0,0,00:00:00/7-11:50:58,79) [edac-poller] (root,0,0,00:00:00/7-11:50:58,80) [devfreq_wq] (root,0,0,00:00:00/7-11:50:58,110) [watchdogd] (root,0,0,00:00:01/7-11:50:58,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-11:50:58,112) [kswapd0] (root,0,0,00:00:00/7-11:50:57,114) [kthrotld] (root,0,0,00:00:00/7-11:50:57,115) [mld] (root,0,0,00:00:00/7-11:50:57,116) [ipv6_addrconf] (root,0,0,00:00:03/7-11:50:57,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/7-11:50:57,122) [kstrp] (root,0,0,00:00:00/7-11:50:57,123) [zswap-shrink] (root,0,0,00:00:00/7-11:50:57,124) [kworker/u9:0] (root,0,0,00:00:00/7-11:50:57,129) [charger_manager] (root,0,0,00:00:01/7-11:50:56,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/7-11:50:56,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-11:50:56,205) [kaluad] (root,0,0,00:00:00/7-11:50:56,250) [kmpath_rdacd] (root,0,0,00:00:00/7-11:50:56,293) [kmpathd] (root,0,0,00:00:00/7-11:50:56,294) [kmpath_handlerd] (root,0,0,00:00:00/7-11:50:56,342) [ata_sff] (root,0,0,00:00:00/7-11:50:55,343) [scsi_eh_0] (root,0,0,00:00:00/7-11:50:55,344) [scsi_tmf_0] (root,0,0,00:00:00/7-11:50:55,345) [scsi_eh_1] (root,0,0,00:00:00/7-11:50:55,346) [scsi_tmf_1] (root,0,0,00:00:11/7-11:50:53,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-11:50:53,367) [ext4-rsv-conver] (root,38604,7900,00:00:13/7-11:50:41,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/7-11:50:40,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:11/7-11:50:38,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:04/7-11:50:04,512) /sbin/auditd (messagebus,22936,5672,00:00:26/7-11:50:04,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:15/7-11:50:04,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/7-11:50:04,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/7-11:50:03,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/7-11:50:03,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25356,00:00:08/7-11:49:49,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/7-11:49:49,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:38/7-11:49:48,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/7-11:49:48,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/7-11:49:48,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/7-11:49:48,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/7-11:49:48,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:13/7-11:49:48,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:00:59/7-11:49:48,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/7-11:49:48,1206) bpfilter_umh (root,0,0,00:00:00/02:07:24,1213) [kworker/u8:2-writeback] (root,26204,8300,00:00:04/7-11:49:48,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/7-11:49:48,1215) ntpd: asynchronous dns resolver (spot,284740,169688,08:28:38/7-11:49:48,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/7-11:49:47,1228) (sd-pam) (checkmk,48532,3192,00:00:00/7-11:49:47,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/7-11:49:47,1245) (sd-pam) (root,24216,5348,00:00:02/7-11:49:46,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/7-11:49:46,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/7-11:49:45,1354) /usr/sbin/cron -n (root,691080,73620,00:09:36/7-11:49:39,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,43780,00:02:24/7-11:49:25,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/00:37,1729) [kworker/0:2-events] (root,0,0,00:00:00/09:39,1917) [kworker/1:1-ata_sff] (root,0,0,00:00:00/37:11,2644) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/21:23,3663) [kworker/u8:0-ext4-rsv-conversion] (root,6656,3484,00:00:00/00:00,3678) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,3696) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,3697) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/29:53,7055) [kworker/3:2-events] (root,0,0,00:00:00/07:59,8300) [kworker/3:1-events] (root,35308,10012,00:00:00/03:45:52,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:00/03:45:52,8749) sshd: syslogtunnel (root,0,0,00:00:00/20:02,9490) [kworker/1:2-events] (root,0,0,00:00:01/05:09:25,12759) [kworker/0:1-events] (postfix,24244,8268,00:00:00/01:24:25,14291) pickup -l -t fifo -u (root,35308,10012,00:00:00/1-09:40:41,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:04/1-09:40:40,15391) sshd: cm-ssh (root,0,0,00:00:00/04:28,21988) [kworker/1:0-ata_sff] (root,0,0,00:00:00/04:10,22393) [kworker/2:2-events] (root,0,0,00:00:00/15:10,27141) [kworker/0:0-cgroup_destroy] (postfix,44628,9464,00:00:00/1-16:26:26,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/51:35,31914) [kworker/2:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-19 22:13 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836354d33b5bFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:18/5-12:09:01,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-12:09:01,2) [kthreadd] (root,0,0,00:00:00/5-12:09:01,3) [rcu_gp] (root,0,0,00:00:00/5-12:09:01,4) [rcu_par_gp] (root,0,0,00:00:00/5-12:09:01,5) [slub_flushwq] (root,0,0,00:00:00/5-12:09:01,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-12:09:01,9) [mm_percpu_wq] (root,0,0,00:00:00/5-12:09:01,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-12:09:01,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-12:09:01,12) [rcu_tasks_trace] (root,0,0,00:00:08/5-12:09:01,13) [ksoftirqd/0] (root,0,0,00:14:19/5-12:09:01,14) [rcu_preempt] (root,0,0,00:00:02/5-12:09:01,15) [migration/0] (root,0,0,00:00:00/5-12:09:01,16) [idle_inject/0] (root,0,0,00:00:00/5-12:09:01,18) [cpuhp/0] (root,0,0,00:00:00/5-12:09:01,19) [cpuhp/1] (root,0,0,00:00:00/5-12:09:01,20) [idle_inject/1] (root,0,0,00:00:02/5-12:09:01,21) [migration/1] (root,0,0,00:00:07/5-12:09:01,22) [ksoftirqd/1] (root,0,0,00:00:00/5-12:09:01,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-12:09:01,25) [cpuhp/2] (root,0,0,00:00:00/5-12:09:01,26) [idle_inject/2] (root,0,0,00:00:01/5-12:09:01,27) [migration/2] (root,0,0,00:11:49/5-12:09:01,28) [ksoftirqd/2] (root,0,0,00:00:00/5-12:09:01,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-12:09:01,31) [cpuhp/3] (root,0,0,00:00:00/5-12:09:01,32) [idle_inject/3] (root,0,0,00:00:02/5-12:09:01,33) [migration/3] (root,0,0,00:00:30/5-12:09:01,34) [ksoftirqd/3] (root,0,0,00:00:00/5-12:09:01,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-12:09:01,39) [kdevtmpfs] (root,0,0,00:00:00/5-12:09:01,40) [netns] (root,0,0,00:00:00/5-12:09:01,41) [inet_frag_wq] (root,0,0,00:00:01/5-12:09:01,42) [kauditd] (root,0,0,00:00:00/5-12:09:01,43) [khungtaskd] (root,0,0,00:00:00/5-12:09:01,44) [oom_reaper] (root,0,0,00:00:00/5-12:09:01,45) [writeback] (root,0,0,00:00:14/5-12:09:01,46) [kcompactd0] (root,0,0,00:00:00/5-12:09:01,47) [ksmd] (root,0,0,00:00:15/5-12:09:01,48) [khugepaged] (root,0,0,00:00:00/5-12:09:01,74) [kintegrityd] (root,0,0,00:00:00/5-12:09:01,75) [kblockd] (root,0,0,00:00:00/5-12:09:01,76) [blkcg_punt_bio] (root,0,0,00:00:00/5-12:09:01,78) [tpm_dev_wq] (root,0,0,00:00:00/5-12:09:01,79) [edac-poller] (root,0,0,00:00:00/5-12:09:01,80) [devfreq_wq] (root,0,0,00:00:00/5-12:09:01,110) [watchdogd] (root,0,0,00:00:01/5-12:09:01,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-12:09:01,112) [kswapd0] (root,0,0,00:00:00/5-12:09:00,114) [kthrotld] (root,0,0,00:00:00/5-12:09:00,115) [mld] (root,0,0,00:00:00/5-12:09:00,116) [ipv6_addrconf] (root,0,0,00:00:02/5-12:09:00,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/5-12:09:00,122) [kstrp] (root,0,0,00:00:00/5-12:09:00,123) [zswap-shrink] (root,0,0,00:00:00/5-12:09:00,124) [kworker/u9:0] (root,0,0,00:00:00/5-12:09:00,129) [charger_manager] (root,0,0,00:00:01/5-12:08:59,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/5-12:08:59,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-12:08:59,205) [kaluad] (root,0,0,00:00:00/5-12:08:59,250) [kmpath_rdacd] (root,0,0,00:00:00/5-12:08:59,293) [kmpathd] (root,0,0,00:00:00/5-12:08:59,294) [kmpath_handlerd] (root,0,0,00:00:00/5-12:08:59,342) [ata_sff] (root,0,0,00:00:00/5-12:08:58,343) [scsi_eh_0] (root,0,0,00:00:00/5-12:08:58,344) [scsi_tmf_0] (root,0,0,00:00:00/5-12:08:58,345) [scsi_eh_1] (root,0,0,00:00:00/5-12:08:58,346) [scsi_tmf_1] (root,0,0,00:00:08/5-12:08:56,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-12:08:56,367) [ext4-rsv-conver] (root,38604,7544,00:00:09/5-12:08:44,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/5-12:08:43,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:08/5-12:08:41,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/5-12:08:07,512) /sbin/auditd (messagebus,22936,5824,00:00:20/5-12:08:07,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:11/5-12:08:07,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/5-12:08:07,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/5-12:08:06,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/5-12:08:06,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25572,00:00:06/5-12:07:52,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/5-12:07:52,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:28/5-12:07:51,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/5-12:07:51,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/5-12:07:51,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/5-12:07:51,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/5-12:07:51,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:10/5-12:07:51,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:43/5-12:07:51,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/5-12:07:51,1206) bpfilter_umh (root,26204,8340,00:00:03/5-12:07:51,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/5-12:07:51,1215) ntpd: asynchronous dns resolver (spot,275960,163688,06:01:50/5-12:07:51,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/5-12:07:50,1228) (sd-pam) (checkmk,48532,3192,00:00:00/5-12:07:50,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/5-12:07:50,1245) (sd-pam) (root,24216,5348,00:00:01/5-12:07:49,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/5-12:07:49,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/5-12:07:48,1354) /usr/sbin/cron -n (root,691080,73452,00:06:59/5-12:07:42,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,42484,00:01:44/5-12:07:28,1380) /usr/bin/python3.11 /usr/bin/spot (root,35308,10024,00:00:00/3-14:00:37,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:12/3-14:00:37,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/3-14:00:22,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:10/3-14:00:22,4688) sshd: cm-ssh (root,0,0,00:00:00/17:33,7001) [kworker/2:1] (root,0,0,00:00:00/08:55,7157) [kworker/1:0-ata_sff] (root,6656,3476,00:00:00/00:00,7747) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,7765) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,7766) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8244,00:00:00/23:16,12637) pickup -l -t fifo -u (root,0,0,00:00:00/13:23,19563) [kworker/0:0-events] (root,0,0,00:00:02/02:29:27,22417) [kworker/2:2-events] (root,0,0,00:00:00/04:00:40,26136) [kworker/u8:1-writeback] (root,0,0,00:00:00/03:42,26513) [kworker/1:1-ata_sff] (root,0,0,00:00:00/05:40:36,27907) [kworker/3:1-cgroup_destroy] (root,0,0,00:00:00/40:02,28062) [kworker/1:2-events] (root,0,0,00:00:00/01:46:53,28891) [kworker/3:2-events] (root,0,0,00:00:00/10:40,30976) [kworker/u8:0-writeback] (root,0,0,00:00:00/01:17:00,31879) [kworker/0:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-17 22:31 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c3a07e9bFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:13/3-14:32:23,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-14:32:23,2) [kthreadd] (root,0,0,00:00:00/3-14:32:23,3) [rcu_gp] (root,0,0,00:00:00/3-14:32:23,4) [rcu_par_gp] (root,0,0,00:00:00/3-14:32:23,5) [slub_flushwq] (root,0,0,00:00:00/3-14:32:23,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-14:32:23,9) [mm_percpu_wq] (root,0,0,00:00:00/3-14:32:23,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-14:32:23,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-14:32:23,12) [rcu_tasks_trace] (root,0,0,00:00:05/3-14:32:23,13) [ksoftirqd/0] (root,0,0,00:09:25/3-14:32:23,14) [rcu_preempt] (root,0,0,00:00:01/3-14:32:23,15) [migration/0] (root,0,0,00:00:00/3-14:32:23,16) [idle_inject/0] (root,0,0,00:00:00/3-14:32:23,18) [cpuhp/0] (root,0,0,00:00:00/3-14:32:23,19) [cpuhp/1] (root,0,0,00:00:00/3-14:32:23,20) [idle_inject/1] (root,0,0,00:00:01/3-14:32:23,21) [migration/1] (root,0,0,00:00:05/3-14:32:23,22) [ksoftirqd/1] (root,0,0,00:00:00/3-14:32:23,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-14:32:23,25) [cpuhp/2] (root,0,0,00:00:00/3-14:32:23,26) [idle_inject/2] (root,0,0,00:00:01/3-14:32:23,27) [migration/2] (root,0,0,00:07:55/3-14:32:23,28) [ksoftirqd/2] (root,0,0,00:00:00/3-14:32:23,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-14:32:23,31) [cpuhp/3] (root,0,0,00:00:00/3-14:32:23,32) [idle_inject/3] (root,0,0,00:00:01/3-14:32:23,33) [migration/3] (root,0,0,00:00:20/3-14:32:23,34) [ksoftirqd/3] (root,0,0,00:00:00/3-14:32:23,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-14:32:23,39) [kdevtmpfs] (root,0,0,00:00:00/3-14:32:23,40) [netns] (root,0,0,00:00:00/3-14:32:23,41) [inet_frag_wq] (root,0,0,00:00:01/3-14:32:23,42) [kauditd] (root,0,0,00:00:00/3-14:32:23,43) [khungtaskd] (root,0,0,00:00:00/3-14:32:23,44) [oom_reaper] (root,0,0,00:00:00/3-14:32:23,45) [writeback] (root,0,0,00:00:09/3-14:32:23,46) [kcompactd0] (root,0,0,00:00:00/3-14:32:23,47) [ksmd] (root,0,0,00:00:10/3-14:32:23,48) [khugepaged] (root,0,0,00:00:00/3-14:32:23,74) [kintegrityd] (root,0,0,00:00:00/3-14:32:23,75) [kblockd] (root,0,0,00:00:00/3-14:32:23,76) [blkcg_punt_bio] (root,0,0,00:00:00/3-14:32:23,78) [tpm_dev_wq] (root,0,0,00:00:00/3-14:32:23,79) [edac-poller] (root,0,0,00:00:00/3-14:32:23,80) [devfreq_wq] (root,0,0,00:00:00/3-14:32:23,110) [watchdogd] (root,0,0,00:00:00/3-14:32:23,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-14:32:23,112) [kswapd0] (root,0,0,00:00:00/3-14:32:22,114) [kthrotld] (root,0,0,00:00:00/3-14:32:22,115) [mld] (root,0,0,00:00:00/3-14:32:22,116) [ipv6_addrconf] (root,0,0,00:00:01/3-14:32:22,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-14:32:22,122) [kstrp] (root,0,0,00:00:00/3-14:32:22,123) [zswap-shrink] (root,0,0,00:00:00/3-14:32:22,124) [kworker/u9:0] (root,0,0,00:00:00/3-14:32:22,129) [charger_manager] (root,0,0,00:00:00/3-14:32:21,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-14:32:21,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-14:32:21,205) [kaluad] (root,0,0,00:00:00/3-14:32:21,250) [kmpath_rdacd] (root,0,0,00:00:00/3-14:32:21,293) [kmpathd] (root,0,0,00:00:00/3-14:32:21,294) [kmpath_handlerd] (root,0,0,00:00:00/3-14:32:21,342) [ata_sff] (root,0,0,00:00:00/3-14:32:20,343) [scsi_eh_0] (root,0,0,00:00:00/3-14:32:20,344) [scsi_tmf_0] (root,0,0,00:00:00/3-14:32:20,345) [scsi_eh_1] (root,0,0,00:00:00/3-14:32:20,346) [scsi_tmf_1] (root,0,0,00:00:05/3-14:32:18,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-14:32:18,367) [ext4-rsv-conver] (root,38604,7544,00:00:07/3-14:32:06,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/3-14:32:05,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:05/3-14:32:03,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/3-14:31:29,512) /sbin/auditd (messagebus,22936,5824,00:00:14/3-14:31:29,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:08/3-14:31:29,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/3-14:31:29,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/3-14:31:28,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/3-14:31:28,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24748,00:00:04/3-14:31:14,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/3-14:31:14,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:17/3-14:31:13,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/3-14:31:13,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/3-14:31:13,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/3-14:31:13,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/3-14:31:13,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:07/3-14:31:13,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:28/3-14:31:13,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/3-14:31:13,1206) bpfilter_umh (root,26204,8340,00:00:02/3-14:31:13,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/3-14:31:13,1215) ntpd: asynchronous dns resolver (spot,274700,163276,04:10:41/3-14:31:13,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/3-14:31:12,1228) (sd-pam) (checkmk,48532,3192,00:00:00/3-14:31:12,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/3-14:31:12,1245) (sd-pam) (root,24216,5348,00:00:01/3-14:31:11,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-14:31:11,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/3-14:31:10,1354) /usr/sbin/cron -n (root,689544,71904,00:04:37/3-14:31:04,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,207296,41148,00:01:10/3-14:30:50,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/09:12,1466) [kworker/1:2-ata_sff] (root,0,0,00:00:00/28:25,1655) [kworker/0:1-events] (root,0,0,00:00:03/03:03:45,3235) [kworker/2:0-events] (root,35308,10024,00:00:00/1-16:23:59,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:05/1-16:23:59,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/1-16:23:44,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:05/1-16:23:44,4688) sshd: cm-ssh (root,0,0,00:00:00/01:41:33,4707) [kworker/0:2-events] (postfix,24244,8236,00:00:00/01:28:38,11348) pickup -l -t fifo -u (root,0,0,00:00:00/58:33,13597) [kworker/2:2] (root,0,0,00:00:01/02:29:24,13813) [kworker/3:2-events] (root,0,0,00:00:00/36:57,14038) [kworker/3:0-cgroup_destroy] (root,6656,3488,00:00:00/00:00,16548) /bin/bash /usr/bin/check_mk_agent (root,13744,3448,00:00:00/00:00,16566) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,16567) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/50:42,19322) [kworker/1:1-events] (root,0,0,00:00:00/04:02,23421) [kworker/1:0-ata_sff] (root,0,0,00:00:00/49:02,25346) [kworker/u8:0-writeback] (root,0,0,00:00:00/04:39:00,30146) [kworker/u8:2] (root,0,0,00:00:00/02:35,30663) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-16 00:54 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683638db50024Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12668,00:00:07/1-12:21:55,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-12:21:55,2) [kthreadd] (root,0,0,00:00:00/1-12:21:55,3) [rcu_gp] (root,0,0,00:00:00/1-12:21:55,4) [rcu_par_gp] (root,0,0,00:00:00/1-12:21:55,5) [slub_flushwq] (root,0,0,00:00:00/1-12:21:55,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-12:21:55,9) [mm_percpu_wq] (root,0,0,00:00:00/1-12:21:55,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-12:21:55,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-12:21:55,12) [rcu_tasks_trace] (root,0,0,00:00:02/1-12:21:55,13) [ksoftirqd/0] (root,0,0,00:03:53/1-12:21:55,14) [rcu_preempt] (root,0,0,00:00:00/1-12:21:55,15) [migration/0] (root,0,0,00:00:00/1-12:21:55,16) [idle_inject/0] (root,0,0,00:00:00/1-12:21:55,18) [cpuhp/0] (root,0,0,00:00:00/1-12:21:55,19) [cpuhp/1] (root,0,0,00:00:00/1-12:21:55,20) [idle_inject/1] (root,0,0,00:00:00/1-12:21:55,21) [migration/1] (root,0,0,00:00:01/1-12:21:55,22) [ksoftirqd/1] (root,0,0,00:00:00/1-12:21:55,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-12:21:55,25) [cpuhp/2] (root,0,0,00:00:00/1-12:21:55,26) [idle_inject/2] (root,0,0,00:00:00/1-12:21:55,27) [migration/2] (root,0,0,00:03:10/1-12:21:55,28) [ksoftirqd/2] (root,0,0,00:00:00/1-12:21:55,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-12:21:55,31) [cpuhp/3] (root,0,0,00:00:00/1-12:21:55,32) [idle_inject/3] (root,0,0,00:00:00/1-12:21:55,33) [migration/3] (root,0,0,00:00:08/1-12:21:55,34) [ksoftirqd/3] (root,0,0,00:00:00/1-12:21:55,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-12:21:55,39) [kdevtmpfs] (root,0,0,00:00:00/1-12:21:55,40) [netns] (root,0,0,00:00:00/1-12:21:55,41) [inet_frag_wq] (root,0,0,00:00:00/1-12:21:55,42) [kauditd] (root,0,0,00:00:00/1-12:21:55,43) [khungtaskd] (root,0,0,00:00:00/1-12:21:55,44) [oom_reaper] (root,0,0,00:00:00/1-12:21:55,45) [writeback] (root,0,0,00:00:04/1-12:21:55,46) [kcompactd0] (root,0,0,00:00:00/1-12:21:55,47) [ksmd] (root,0,0,00:00:04/1-12:21:55,48) [khugepaged] (root,0,0,00:00:00/1-12:21:55,74) [kintegrityd] (root,0,0,00:00:00/1-12:21:55,75) [kblockd] (root,0,0,00:00:00/1-12:21:55,76) [blkcg_punt_bio] (root,0,0,00:00:00/1-12:21:55,78) [tpm_dev_wq] (root,0,0,00:00:00/1-12:21:55,79) [edac-poller] (root,0,0,00:00:00/1-12:21:55,80) [devfreq_wq] (root,0,0,00:00:00/1-12:21:55,110) [watchdogd] (root,0,0,00:00:00/1-12:21:55,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-12:21:55,112) [kswapd0] (root,0,0,00:00:00/1-12:21:54,114) [kthrotld] (root,0,0,00:00:00/1-12:21:54,115) [mld] (root,0,0,00:00:00/1-12:21:54,116) [ipv6_addrconf] (root,0,0,00:00:00/1-12:21:54,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-12:21:54,122) [kstrp] (root,0,0,00:00:00/1-12:21:54,123) [zswap-shrink] (root,0,0,00:00:00/1-12:21:54,124) [kworker/u9:0] (root,0,0,00:00:00/1-12:21:54,129) [charger_manager] (root,0,0,00:00:00/1-12:21:53,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-12:21:53,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-12:21:53,205) [kaluad] (root,0,0,00:00:00/1-12:21:53,250) [kmpath_rdacd] (root,0,0,00:00:00/1-12:21:53,293) [kmpathd] (root,0,0,00:00:00/1-12:21:53,294) [kmpath_handlerd] (root,0,0,00:00:00/1-12:21:53,342) [ata_sff] (root,0,0,00:00:00/1-12:21:52,343) [scsi_eh_0] (root,0,0,00:00:00/1-12:21:52,344) [scsi_tmf_0] (root,0,0,00:00:00/1-12:21:52,345) [scsi_eh_1] (root,0,0,00:00:00/1-12:21:52,346) [scsi_tmf_1] (root,0,0,00:00:02/1-12:21:50,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-12:21:50,367) [ext4-rsv-conver] (root,38604,7544,00:00:03/1-12:21:38,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/1-12:21:37,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:02/1-12:21:35,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/1-12:21:01,512) /sbin/auditd (messagebus,22936,5824,00:00:06/1-12:21:01,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8504,00:00:03/1-12:21:01,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/1-12:21:01,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/1-12:21:00,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/1-12:21:00,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24220,00:00:01/1-12:20:46,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/1-12:20:46,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:05/1-12:20:45,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/1-12:20:45,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/1-12:20:45,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/1-12:20:45,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/1-12:20:45,1201) /usr/lib/systemd/systemd --user (root,448724,7840,00:00:03/1-12:20:45,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:11/1-12:20:45,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/1-12:20:45,1206) bpfilter_umh (root,26204,8340,00:00:01/1-12:20:45,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/1-12:20:45,1215) ntpd: asynchronous dns resolver (spot,198884,161656,01:42:15/1-12:20:45,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/1-12:20:44,1228) (sd-pam) (checkmk,48532,3192,00:00:00/1-12:20:44,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/1-12:20:44,1245) (sd-pam) (root,24216,5348,00:00:00/1-12:20:43,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/1-12:20:43,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/1-12:20:42,1354) /usr/sbin/cron -n (root,35308,9992,00:00:00/1-12:20:38,1368) sshd: syslogtunnel [priv] (syslogtunnel,35308,5400,00:00:05/1-12:20:38,1371) sshd: syslogtunnel (root,689288,71280,00:01:58/1-12:20:36,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,40780,00:00:31/1-12:20:22,1380) /usr/bin/python3.11 /usr/bin/spot (root,35308,9976,00:00:00/1-12:20:03,1434) sshd: cm-ssh [priv] (cm-ssh,35308,5468,00:00:04/1-12:20:03,1436) sshd: cm-ssh (root,0,0,00:00:00/01:01:02,1742) [kworker/0:0-events] (root,0,0,00:00:03/06:46:20,3139) [kworker/1:0-events] (root,0,0,00:00:01/04:10:14,3220) [kworker/3:2-mm_percpu_wq] (root,0,0,00:00:00/02:29,10968) [kworker/1:1-ata_sff] (postfix,24244,8272,00:00:00/01:20:11,11816) pickup -l -t fifo -u (root,0,0,00:00:00/09:37,12592) [kworker/3:1-events] (root,0,0,00:00:00/23:34,16792) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/22:55,18915) [kworker/2:2-events] (root,0,0,00:00:00/07:40,22361) [kworker/1:2-ata_sff] (root,0,0,00:00:00/01:07:37,22827) [kworker/0:2-events] (root,0,0,00:00:00/03:13:37,23925) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/12:58,26820) [kworker/2:1-cgroup_destroy] (root,6656,3480,00:00:00/00:00,26987) /bin/bash /usr/bin/check_mk_agent (root,13744,3412,00:00:00/00:00,27005) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,27006) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-13 22:44 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f229b5daFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12368,00:03:06/62-11:30:30,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/62-11:30:30,2) [kthreadd] (root,0,0,00:00:00/62-11:30:30,3) [rcu_gp] (root,0,0,00:00:00/62-11:30:30,4) [rcu_par_gp] (root,0,0,00:00:00/62-11:30:30,5) [slub_flushwq] (root,0,0,00:00:00/62-11:30:30,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/62-11:30:30,9) [mm_percpu_wq] (root,0,0,00:00:00/62-11:30:30,10) [rcu_tasks_kthre] (root,0,0,00:00:00/62-11:30:30,11) [rcu_tasks_rude_] (root,0,0,00:00:00/62-11:30:30,12) [rcu_tasks_trace] (root,0,0,00:01:52/62-11:30:30,13) [ksoftirqd/0] (root,0,0,02:53:55/62-11:30:30,14) [rcu_preempt] (root,0,0,00:00:23/62-11:30:30,15) [migration/0] (root,0,0,00:00:00/62-11:30:30,16) [idle_inject/0] (root,0,0,00:00:00/62-11:30:30,18) [cpuhp/0] (root,0,0,00:00:00/62-11:30:30,19) [cpuhp/1] (root,0,0,00:00:00/62-11:30:30,20) [idle_inject/1] (root,0,0,00:00:23/62-11:30:30,21) [migration/1] (root,0,0,00:01:32/62-11:30:30,22) [ksoftirqd/1] (root,0,0,00:00:00/62-11:30:30,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/62-11:30:30,25) [cpuhp/2] (root,0,0,00:00:00/62-11:30:30,26) [idle_inject/2] (root,0,0,00:00:17/62-11:30:30,27) [migration/2] (root,0,0,01:53:13/62-11:30:30,28) [ksoftirqd/2] (root,0,0,00:00:00/62-11:30:30,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/62-11:30:30,31) [cpuhp/3] (root,0,0,00:00:00/62-11:30:30,32) [idle_inject/3] (root,0,0,00:00:22/62-11:30:30,33) [migration/3] (root,0,0,00:05:42/62-11:30:30,34) [ksoftirqd/3] (root,0,0,00:00:00/62-11:30:30,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/62-11:30:30,40) [kdevtmpfs] (root,0,0,00:00:00/62-11:30:30,41) [netns] (root,0,0,00:00:00/62-11:30:30,42) [inet_frag_wq] (root,0,0,00:00:22/62-11:30:30,43) [kauditd] (root,0,0,00:00:00/62-11:30:30,44) [khungtaskd] (root,0,0,00:00:00/62-11:30:30,45) [oom_reaper] (root,0,0,00:00:00/62-11:30:30,46) [writeback] (root,0,0,00:03:10/62-11:30:30,47) [kcompactd0] (root,0,0,00:00:00/62-11:30:30,48) [ksmd] (root,0,0,00:03:27/62-11:30:30,49) [khugepaged] (root,0,0,00:00:00/62-11:30:30,75) [kintegrityd] (root,0,0,00:00:00/62-11:30:30,76) [kblockd] (root,0,0,00:00:00/62-11:30:30,77) [blkcg_punt_bio] (root,0,0,00:00:00/62-11:30:30,79) [tpm_dev_wq] (root,0,0,00:00:00/62-11:30:30,80) [edac-poller] (root,0,0,00:00:00/62-11:30:30,81) [devfreq_wq] (root,0,0,00:00:00/62-11:30:30,110) [watchdogd] (root,0,0,00:00:05/62-11:30:30,111) [kswapd0] (root,0,0,00:00:15/62-11:30:30,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/62-11:30:28,115) [kthrotld] (root,0,0,00:00:00/62-11:30:28,116) [mld] (root,0,0,00:00:00/62-11:30:28,117) [ipv6_addrconf] (root,0,0,00:00:16/62-11:30:28,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/62-11:30:28,123) [kstrp] (root,0,0,00:00:00/62-11:30:28,124) [zswap-shrink] (root,0,0,00:00:00/62-11:30:28,125) [kworker/u9:0] (root,0,0,00:00:00/62-11:30:28,130) [charger_manager] (root,0,0,00:00:18/62-11:30:28,172) [kworker/1:1H-kblockd] (root,0,0,00:00:27/62-11:30:28,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/62-11:30:27,239) [kaluad] (root,0,0,00:00:00/62-11:30:27,258) [kmpath_rdacd] (root,0,0,00:00:00/62-11:30:27,304) [kmpathd] (root,0,0,00:00:00/62-11:30:27,305) [kmpath_handlerd] (root,0,0,00:00:00/62-11:30:26,342) [ata_sff] (root,0,0,00:00:00/62-11:30:26,343) [scsi_eh_0] (root,0,0,00:00:00/62-11:30:26,344) [scsi_tmf_0] (root,0,0,00:00:00/62-11:30:26,345) [scsi_eh_1] (root,0,0,00:00:00/62-11:30:26,346) [scsi_tmf_1] (root,0,0,00:01:59/62-11:30:23,366) [jbd2/vda1-8] (root,0,0,00:00:00/62-11:30:23,367) [ext4-rsv-conver] (root,38604,7852,00:01:47/62-11:30:11,440) /usr/lib/systemd/systemd-journald (root,53296,9324,00:00:07/62-11:30:10,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:36/62-11:30:08,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1584,00:00:39/62-11:29:37,511) /sbin/auditd (messagebus,22932,5400,00:03:34/62-11:29:36,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38880,8288,00:02:00/62-11:29:36,530) /usr/lib/systemd/systemd-logind (root,20556,4152,00:00:00/62-11:29:36,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15472,00:00:03/62-11:29:34,611) /usr/sbin/wickedd --systemd --foreground (root,31900,15904,00:00:00/62-11:29:34,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/08:39,1067) [kworker/u8:0-writeback] (root,549384,31628,00:01:13/62-11:29:20,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/62-11:29:20,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:06:02/62-11:29:20,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/62-11:29:20,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/62-11:29:20,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/62-11:29:20,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/62-11:29:20,1343) /usr/lib/systemd/systemd --user (root,449060,7988,00:01:55/62-11:29:20,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:51/62-11:29:20,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/62-11:29:20,1352) bpfilter_umh (root,26204,8096,00:00:33/62-11:29:20,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/62-11:29:20,1359) ntpd: asynchronous dns resolver (spot,362528,213524,3-10:57:03/62-11:29:19,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/62-11:29:19,1371) (sd-pam) (checkmk,48528,3180,00:00:00/62-11:29:19,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/62-11:29:19,1373) (sd-pam) (root,24216,5256,00:00:22/62-11:29:17,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/62-11:29:17,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/62-11:29:17,1485) /usr/sbin/cron -n (root,699464,78272,01:26:19/62-11:29:11,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,236992,82952,00:31:52/62-11:28:59,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9104,00:00:02/56-17:04:34,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/14:14,5452) [kworker/1:1-events] (root,0,0,00:00:00/14:11,5909) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/01:34:48,7773) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/01:32:24,8027) [kworker/0:1-mm_percpu_wq] (root,0,0,00:00:00/07:29,9108) [kworker/3:1-ata_sff] (root,35304,10040,00:00:00/24-11:57:29,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:31/24-11:57:28,10514) sshd: syslogtunnel (postfix,24244,8240,00:00:00/20:06,10568) pickup -l -t fifo -u (root,0,0,00:00:00/26:19,17828) [kworker/0:0-events] (root,0,0,00:00:00/31:08,19079) [kworker/2:2-events] (root,0,0,00:00:00/12:42,21606) [kworker/3:2-ata_sff] (root,0,0,00:00:00/03:17:05,22955) [kworker/2:1-events] (root,6656,3480,00:00:00/00:00,25999) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,26017) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,26018) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:19,30091) [kworker/3:0-events] (root,35308,10028,00:00:00/24-12:43:42,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:21/24-12:43:41,30947) sshd: cm-ssh (root,0,0,00:00:00/02:03,32761) [kworker/1:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-11 22:19 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d124f97eFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:58/60-13:04:56,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/60-13:04:56,2) [kthreadd] (root,0,0,00:00:00/60-13:04:56,3) [rcu_gp] (root,0,0,00:00:00/60-13:04:56,4) [rcu_par_gp] (root,0,0,00:00:00/60-13:04:56,5) [slub_flushwq] (root,0,0,00:00:00/60-13:04:56,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/60-13:04:56,9) [mm_percpu_wq] (root,0,0,00:00:00/60-13:04:56,10) [rcu_tasks_kthre] (root,0,0,00:00:00/60-13:04:56,11) [rcu_tasks_rude_] (root,0,0,00:00:00/60-13:04:56,12) [rcu_tasks_trace] (root,0,0,00:01:48/60-13:04:56,13) [ksoftirqd/0] (root,0,0,02:48:59/60-13:04:56,14) [rcu_preempt] (root,0,0,00:00:23/60-13:04:56,15) [migration/0] (root,0,0,00:00:00/60-13:04:56,16) [idle_inject/0] (root,0,0,00:00:00/60-13:04:56,18) [cpuhp/0] (root,0,0,00:00:00/60-13:04:56,19) [cpuhp/1] (root,0,0,00:00:00/60-13:04:56,20) [idle_inject/1] (root,0,0,00:00:23/60-13:04:56,21) [migration/1] (root,0,0,00:01:29/60-13:04:56,22) [ksoftirqd/1] (root,0,0,00:00:00/60-13:04:56,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/60-13:04:56,25) [cpuhp/2] (root,0,0,00:00:00/60-13:04:56,26) [idle_inject/2] (root,0,0,00:00:17/60-13:04:56,27) [migration/2] (root,0,0,01:49:30/60-13:04:56,28) [ksoftirqd/2] (root,0,0,00:00:00/60-13:04:56,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/60-13:04:56,31) [cpuhp/3] (root,0,0,00:00:00/60-13:04:56,32) [idle_inject/3] (root,0,0,00:00:21/60-13:04:56,33) [migration/3] (root,0,0,00:05:32/60-13:04:56,34) [ksoftirqd/3] (root,0,0,00:00:00/60-13:04:56,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/60-13:04:56,40) [kdevtmpfs] (root,0,0,00:00:00/60-13:04:56,41) [netns] (root,0,0,00:00:00/60-13:04:56,42) [inet_frag_wq] (root,0,0,00:00:21/60-13:04:56,43) [kauditd] (root,0,0,00:00:00/60-13:04:56,44) [khungtaskd] (root,0,0,00:00:00/60-13:04:56,45) [oom_reaper] (root,0,0,00:00:00/60-13:04:56,46) [writeback] (root,0,0,00:03:04/60-13:04:56,47) [kcompactd0] (root,0,0,00:00:00/60-13:04:56,48) [ksmd] (root,0,0,00:03:20/60-13:04:56,49) [khugepaged] (root,0,0,00:00:00/60-13:04:56,75) [kintegrityd] (root,0,0,00:00:00/60-13:04:56,76) [kblockd] (root,0,0,00:00:00/60-13:04:56,77) [blkcg_punt_bio] (root,0,0,00:00:00/60-13:04:56,79) [tpm_dev_wq] (root,0,0,00:00:00/60-13:04:56,80) [edac-poller] (root,0,0,00:00:00/60-13:04:56,81) [devfreq_wq] (root,0,0,00:00:00/60-13:04:56,110) [watchdogd] (root,0,0,00:00:04/60-13:04:56,111) [kswapd0] (root,0,0,00:00:15/60-13:04:56,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/60-13:04:54,115) [kthrotld] (root,0,0,00:00:00/60-13:04:54,116) [mld] (root,0,0,00:00:00/60-13:04:54,117) [ipv6_addrconf] (root,0,0,00:00:16/60-13:04:54,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/60-13:04:54,123) [kstrp] (root,0,0,00:00:00/60-13:04:54,124) [zswap-shrink] (root,0,0,00:00:00/60-13:04:54,125) [kworker/u9:0] (root,0,0,00:00:00/60-13:04:54,130) [charger_manager] (root,0,0,00:00:18/60-13:04:54,172) [kworker/1:1H-kblockd] (root,0,0,00:00:26/60-13:04:54,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/60-13:04:53,239) [kaluad] (root,0,0,00:00:00/60-13:04:53,258) [kmpath_rdacd] (root,0,0,00:00:00/60-13:04:53,304) [kmpathd] (root,0,0,00:00:00/60-13:04:53,305) [kmpath_handlerd] (root,0,0,00:00:00/60-13:04:52,342) [ata_sff] (root,0,0,00:00:00/60-13:04:52,343) [scsi_eh_0] (root,0,0,00:00:00/60-13:04:52,344) [scsi_tmf_0] (root,0,0,00:00:00/60-13:04:52,345) [scsi_eh_1] (root,0,0,00:00:00/60-13:04:52,346) [scsi_tmf_1] (root,0,0,00:01:56/60-13:04:49,366) [jbd2/vda1-8] (root,0,0,00:00:00/60-13:04:49,367) [ext4-rsv-conver] (root,38604,7852,00:01:43/60-13:04:37,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/60-13:04:36,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:33/60-13:04:34,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:37/60-13:04:03,511) /sbin/auditd (messagebus,22932,5400,00:03:23/60-13:04:02,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8268,00:01:55/60-13:04:02,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/60-13:04:02,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/60-13:04:00,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/60-13:04:00,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549384,31636,00:01:11/60-13:03:46,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/60-13:03:46,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:53/60-13:03:46,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/60-13:03:46,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/60-13:03:46,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/60-13:03:46,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/60-13:03:46,1343) /usr/lib/systemd/systemd --user (root,449060,8208,00:01:51/60-13:03:46,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:36/60-13:03:46,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/60-13:03:46,1352) bpfilter_umh (root,26204,8096,00:00:31/60-13:03:46,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/60-13:03:46,1359) ntpd: asynchronous dns resolver (spot,362304,213480,3-08:26:04/60-13:03:45,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/60-13:03:45,1371) (sd-pam) (checkmk,48528,3180,00:00:00/60-13:03:45,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/60-13:03:45,1373) (sd-pam) (root,24216,5260,00:00:21/60-13:03:43,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/60-13:03:43,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/60-13:03:43,1485) /usr/sbin/cron -n (root,699208,80092,01:23:42/60-13:03:37,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,235968,82040,00:31:04/60-13:03:25,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/54-18:39:00,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/36:36,4682) [kworker/2:2] (postfix,24244,8152,00:00:00/35:28,8849) pickup -l -t fifo -u (root,35304,10040,00:00:00/22-13:31:55,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:24/22-13:31:54,10514) sshd: syslogtunnel (root,0,0,00:00:00/01:23:36,12806) [kworker/u8:1-writeback] (root,0,0,00:00:00/01:01:00,13124) [kworker/3:2-events] (root,0,0,00:00:00/31:50,14648) [kworker/1:1-cgroup_destroy] (root,0,0,00:00:00/44:00,15347) [kworker/2:0-events] (root,0,0,00:00:00/03:57,17426) [kworker/3:1-ata_sff] (root,0,0,00:00:00/53:34,18201) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/53:24,18483) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:05:34,22406) [kworker/1:2-events] (root,0,0,00:00:00/01:05,24113) [kworker/0:2-events] (root,0,0,00:00:00/09:07,25099) [kworker/3:0-ata_sff] (root,6656,3492,00:00:00/00:00,28720) /bin/bash /usr/bin/check_mk_agent (root,13744,3448,00:00:00/00:00,28738) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,28739) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/08:14,28903) [kworker/0:1-events] (root,35308,10028,00:00:00/22-14:18:08,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:15/22-14:18:07,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-09 23:53 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d3b8f5dcFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,14416,00:02:49/58-14:16:04,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/58-14:16:04,2) [kthreadd] (root,0,0,00:00:00/58-14:16:04,3) [rcu_gp] (root,0,0,00:00:00/58-14:16:04,4) [rcu_par_gp] (root,0,0,00:00:00/58-14:16:04,5) [slub_flushwq] (root,0,0,00:00:00/58-14:16:04,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/58-14:16:04,9) [mm_percpu_wq] (root,0,0,00:00:00/58-14:16:04,10) [rcu_tasks_kthre] (root,0,0,00:00:00/58-14:16:04,11) [rcu_tasks_rude_] (root,0,0,00:00:00/58-14:16:04,12) [rcu_tasks_trace] (root,0,0,00:01:44/58-14:16:04,13) [ksoftirqd/0] (root,0,0,02:43:55/58-14:16:04,14) [rcu_preempt] (root,0,0,00:00:22/58-14:16:04,15) [migration/0] (root,0,0,00:00:00/58-14:16:04,16) [idle_inject/0] (root,0,0,00:00:00/58-14:16:04,18) [cpuhp/0] (root,0,0,00:00:00/58-14:16:04,19) [cpuhp/1] (root,0,0,00:00:00/58-14:16:04,20) [idle_inject/1] (root,0,0,00:00:22/58-14:16:04,21) [migration/1] (root,0,0,00:01:26/58-14:16:04,22) [ksoftirqd/1] (root,0,0,00:00:00/58-14:16:04,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/58-14:16:04,25) [cpuhp/2] (root,0,0,00:00:00/58-14:16:04,26) [idle_inject/2] (root,0,0,00:00:16/58-14:16:04,27) [migration/2] (root,0,0,01:44:49/58-14:16:04,28) [ksoftirqd/2] (root,0,0,00:00:00/58-14:16:04,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/58-14:16:04,31) [cpuhp/3] (root,0,0,00:00:00/58-14:16:04,32) [idle_inject/3] (root,0,0,00:00:20/58-14:16:04,33) [migration/3] (root,0,0,00:05:21/58-14:16:04,34) [ksoftirqd/3] (root,0,0,00:00:00/58-14:16:04,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/58-14:16:04,40) [kdevtmpfs] (root,0,0,00:00:00/58-14:16:04,41) [netns] (root,0,0,00:00:00/58-14:16:04,42) [inet_frag_wq] (root,0,0,00:00:20/58-14:16:04,43) [kauditd] (root,0,0,00:00:00/58-14:16:04,44) [khungtaskd] (root,0,0,00:00:00/58-14:16:04,45) [oom_reaper] (root,0,0,00:00:00/58-14:16:04,46) [writeback] (root,0,0,00:02:59/58-14:16:04,47) [kcompactd0] (root,0,0,00:00:00/58-14:16:04,48) [ksmd] (root,0,0,00:03:14/58-14:16:04,49) [khugepaged] (root,0,0,00:00:00/58-14:16:04,75) [kintegrityd] (root,0,0,00:00:00/58-14:16:04,76) [kblockd] (root,0,0,00:00:00/58-14:16:04,77) [blkcg_punt_bio] (root,0,0,00:00:00/58-14:16:04,79) [tpm_dev_wq] (root,0,0,00:00:00/58-14:16:04,80) [edac-poller] (root,0,0,00:00:00/58-14:16:04,81) [devfreq_wq] (root,0,0,00:00:00/58-14:16:04,110) [watchdogd] (root,0,0,00:00:04/58-14:16:04,111) [kswapd0] (root,0,0,00:00:15/58-14:16:04,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/58-14:16:02,115) [kthrotld] (root,0,0,00:00:00/58-14:16:02,116) [mld] (root,0,0,00:00:00/58-14:16:02,117) [ipv6_addrconf] (root,0,0,00:00:16/58-14:16:02,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/58-14:16:02,123) [kstrp] (root,0,0,00:00:00/58-14:16:02,124) [zswap-shrink] (root,0,0,00:00:00/58-14:16:02,125) [kworker/u9:0] (root,0,0,00:00:00/58-14:16:02,130) [charger_manager] (root,0,0,00:00:17/58-14:16:02,172) [kworker/1:1H-kblockd] (root,0,0,00:00:25/58-14:16:02,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/58-14:16:01,239) [kaluad] (root,0,0,00:00:00/58-14:16:01,258) [kmpath_rdacd] (root,0,0,00:00:00/58-14:16:01,304) [kmpathd] (root,0,0,00:00:00/58-14:16:01,305) [kmpath_handlerd] (root,0,0,00:00:00/58-14:16:00,342) [ata_sff] (root,0,0,00:00:00/58-14:16:00,343) [scsi_eh_0] (root,0,0,00:00:00/58-14:16:00,344) [scsi_tmf_0] (root,0,0,00:00:00/58-14:16:00,345) [scsi_eh_1] (root,0,0,00:00:00/58-14:16:00,346) [scsi_tmf_1] (root,0,0,00:01:52/58-14:15:57,366) [jbd2/vda1-8] (root,0,0,00:00:00/58-14:15:57,367) [ext4-rsv-conver] (root,38604,7852,00:01:38/58-14:15:45,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/58-14:15:44,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:30/58-14:15:42,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:35/58-14:15:11,511) /sbin/auditd (messagebus,22932,5400,00:03:12/58-14:15:10,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:49/58-14:15:10,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/58-14:15:10,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/58-14:15:08,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/58-14:15:08,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549128,31272,00:01:09/58-14:14:54,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/58-14:14:54,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:44/58-14:14:54,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/58-14:14:54,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/58-14:14:54,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/58-14:14:54,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/58-14:14:54,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:47/58-14:14:54,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:21/58-14:14:54,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/58-14:14:54,1352) bpfilter_umh (root,26204,8096,00:00:30/58-14:14:54,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/58-14:14:54,1359) ntpd: asynchronous dns resolver (spot,363840,214624,3-05:26:12/58-14:14:53,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/58-14:14:53,1371) (sd-pam) (checkmk,48528,3180,00:00:00/58-14:14:53,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/58-14:14:53,1373) (sd-pam) (root,24216,5260,00:00:20/58-14:14:51,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/58-14:14:51,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/58-14:14:51,1485) /usr/sbin/cron -n (root,698952,79684,01:21:03/58-14:14:45,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,234944,80364,00:30:17/58-14:14:33,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/52-19:50:08,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/03:16,10165) [kworker/3:0-ata_sff] (root,35304,10040,00:00:00/20-14:43:03,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:17/20-14:43:02,10514) sshd: syslogtunnel (root,0,0,00:00:00/42:26,10521) [kworker/u8:0-writeback] (postfix,24244,8144,00:00:00/28:22,12925) pickup -l -t fifo -u (root,0,0,00:00:00/33:34,18745) [kworker/0:1-events] (root,0,0,00:00:00/26:41,19023) [kworker/1:0-events] (root,0,0,00:00:00/13:39,19227) [kworker/3:1-events] (root,0,0,00:00:00/47:25,21124) [kworker/2:1-events] (root,6656,3488,00:00:00/00:00,22940) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,22958) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,22959) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/03:18:02,26097) [kworker/0:2-events] (root,0,0,00:00:00/08:29,27860) [kworker/3:2-ata_sff] (root,0,0,00:00:00/08:13,28268) [kworker/1:1-events] (root,0,0,00:00:00/08:05,28459) [kworker/u8:1-flush-253:0] (root,35308,10028,00:00:00/20-15:29:16,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:09/20-15:29:15,30947) sshd: cm-ssh (root,0,0,00:00:00/31:16,31568) [kworker/2:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-08 01:04 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363cc609934Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:39/56-13:18:56,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/56-13:18:56,2) [kthreadd] (root,0,0,00:00:00/56-13:18:56,3) [rcu_gp] (root,0,0,00:00:00/56-13:18:56,4) [rcu_par_gp] (root,0,0,00:00:00/56-13:18:56,5) [slub_flushwq] (root,0,0,00:00:00/56-13:18:56,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/56-13:18:56,9) [mm_percpu_wq] (root,0,0,00:00:00/56-13:18:56,10) [rcu_tasks_kthre] (root,0,0,00:00:00/56-13:18:56,11) [rcu_tasks_rude_] (root,0,0,00:00:00/56-13:18:56,12) [rcu_tasks_trace] (root,0,0,00:01:41/56-13:18:56,13) [ksoftirqd/0] (root,0,0,02:38:30/56-13:18:56,14) [rcu_preempt] (root,0,0,00:00:21/56-13:18:56,15) [migration/0] (root,0,0,00:00:00/56-13:18:56,16) [idle_inject/0] (root,0,0,00:00:00/56-13:18:56,18) [cpuhp/0] (root,0,0,00:00:00/56-13:18:56,19) [cpuhp/1] (root,0,0,00:00:00/56-13:18:56,20) [idle_inject/1] (root,0,0,00:00:21/56-13:18:56,21) [migration/1] (root,0,0,00:01:23/56-13:18:56,22) [ksoftirqd/1] (root,0,0,00:00:00/56-13:18:56,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/56-13:18:56,25) [cpuhp/2] (root,0,0,00:00:00/56-13:18:56,26) [idle_inject/2] (root,0,0,00:00:16/56-13:18:56,27) [migration/2] (root,0,0,01:40:17/56-13:18:56,28) [ksoftirqd/2] (root,0,0,00:00:00/56-13:18:56,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/56-13:18:56,31) [cpuhp/3] (root,0,0,00:00:00/56-13:18:56,32) [idle_inject/3] (root,0,0,00:00:20/56-13:18:56,33) [migration/3] (root,0,0,00:05:09/56-13:18:56,34) [ksoftirqd/3] (root,0,0,00:00:00/56-13:18:56,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/56-13:18:56,40) [kdevtmpfs] (root,0,0,00:00:00/56-13:18:56,41) [netns] (root,0,0,00:00:00/56-13:18:56,42) [inet_frag_wq] (root,0,0,00:00:19/56-13:18:56,43) [kauditd] (root,0,0,00:00:00/56-13:18:56,44) [khungtaskd] (root,0,0,00:00:00/56-13:18:56,45) [oom_reaper] (root,0,0,00:00:00/56-13:18:56,46) [writeback] (root,0,0,00:02:53/56-13:18:56,47) [kcompactd0] (root,0,0,00:00:00/56-13:18:56,48) [ksmd] (root,0,0,00:03:07/56-13:18:56,49) [khugepaged] (root,0,0,00:00:00/56-13:18:56,75) [kintegrityd] (root,0,0,00:00:00/56-13:18:56,76) [kblockd] (root,0,0,00:00:00/56-13:18:56,77) [blkcg_punt_bio] (root,0,0,00:00:00/56-13:18:56,79) [tpm_dev_wq] (root,0,0,00:00:00/56-13:18:56,80) [edac-poller] (root,0,0,00:00:00/56-13:18:56,81) [devfreq_wq] (root,0,0,00:00:00/56-13:18:56,110) [watchdogd] (root,0,0,00:00:04/56-13:18:56,111) [kswapd0] (root,0,0,00:00:14/56-13:18:56,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/56-13:18:54,115) [kthrotld] (root,0,0,00:00:00/56-13:18:54,116) [mld] (root,0,0,00:00:00/56-13:18:54,117) [ipv6_addrconf] (root,0,0,00:00:15/56-13:18:54,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/56-13:18:54,123) [kstrp] (root,0,0,00:00:00/56-13:18:54,124) [zswap-shrink] (root,0,0,00:00:00/56-13:18:54,125) [kworker/u9:0] (root,0,0,00:00:00/56-13:18:54,130) [charger_manager] (root,0,0,00:00:17/56-13:18:54,172) [kworker/1:1H-kblockd] (root,0,0,00:00:25/56-13:18:54,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/56-13:18:53,239) [kaluad] (root,0,0,00:00:00/56-13:18:53,258) [kmpath_rdacd] (root,0,0,00:00:00/56-13:18:53,304) [kmpathd] (root,0,0,00:00:00/56-13:18:53,305) [kmpath_handlerd] (root,0,0,00:00:00/56-13:18:52,342) [ata_sff] (root,0,0,00:00:00/56-13:18:52,343) [scsi_eh_0] (root,0,0,00:00:00/56-13:18:52,344) [scsi_tmf_0] (root,0,0,00:00:00/56-13:18:52,345) [scsi_eh_1] (root,0,0,00:00:00/56-13:18:52,346) [scsi_tmf_1] (root,0,0,00:01:49/56-13:18:49,366) [jbd2/vda1-8] (root,0,0,00:00:00/56-13:18:49,367) [ext4-rsv-conver] (root,38604,7852,00:01:33/56-13:18:37,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/56-13:18:36,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:27/56-13:18:34,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:32/56-13:18:03,511) /sbin/auditd (messagebus,22932,5400,00:03:00/56-13:18:02,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:42/56-13:18:02,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/56-13:18:02,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/56-13:18:00,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/56-13:18:00,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/27:00,734) [kworker/3:1-ata_sff] (root,549128,31272,00:01:07/56-13:17:46,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/56-13:17:46,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:34/56-13:17:46,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/56-13:17:46,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/56-13:17:46,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/56-13:17:46,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/56-13:17:46,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:42/56-13:17:46,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:04/56-13:17:46,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/56-13:17:46,1352) bpfilter_umh (root,26204,8096,00:00:28/56-13:17:46,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/56-13:17:46,1359) ntpd: asynchronous dns resolver (spot,364864,215660,3-02:27:01/56-13:17:45,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/56-13:17:45,1371) (sd-pam) (checkmk,48528,3180,00:00:00/56-13:17:45,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/56-13:17:45,1373) (sd-pam) (root,24216,5260,00:00:20/56-13:17:43,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/56-13:17:43,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:07/56-13:17:43,1485) /usr/sbin/cron -n (root,698412,79180,01:18:13/56-13:17:37,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,233920,79172,00:29:29/56-13:17:25,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/50-18:53:00,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/06:16,5803) [kworker/3:2-events] (root,0,0,00:00:00/06:07,6586) [kworker/1:2-events] (root,0,0,00:00:00/01:09:18,8106) [kworker/2:2-events] (root,35304,10040,00:00:00/18-13:45:55,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:09/18-13:45:54,10514) sshd: syslogtunnel (root,0,0,00:00:00/03:55,11848) [kworker/0:2-events] (root,0,0,00:00:00/32:24,19547) [kworker/2:0] (root,0,0,00:00:00/47:20,22117) [kworker/u8:2-events_unbound] (root,0,0,00:00:00/01:04,23074) [kworker/3:0-ata_sff] (root,6656,3480,00:00:00/00:00,26716) /bin/bash /usr/bin/check_mk_agent (root,6656,1828,00:00:00/00:00,26757) /bin/bash /usr/bin/check_mk_agent (root,6656,2020,00:00:00/00:00,26758) /bin/bash /usr/bin/check_mk_agent (root,4480,1160,00:00:00/00:00,26759) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,776,00:00:00/00:00,26760) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2676,1388,00:00:00/00:00,26761) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3488,00:00:00/00:00,26762) /bin/bash /usr/bin/check_mk_agent (root,6656,3476,00:00:00/00:00,26776) /bin/bash /usr/bin/check_mk_agent (root,6656,1948,00:00:00/00:00,26811) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,26812) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,26813) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,6656,480,00:00:00/00:00,26818) /bin/bash /usr/bin/check_mk_agent (root,0,0,00:00:00/01:04:32,26920) [kworker/0:1-events] (postfix,24244,8200,00:00:00/01:33:10,30136) pickup -l -t fifo -u (root,0,0,00:00:00/55:55,30502) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/04:05:56,30582) [kworker/u8:1-flush-253:0] (root,35308,10028,00:00:00/18-14:32:08,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:02/18-14:32:07,30947) sshd: cm-ssh (root,0,0,00:00:00/28:06,31168) [kworker/1:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-06 00:07 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b7555e85Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:34/54-12:59:16,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/54-12:59:16,2) [kthreadd] (root,0,0,00:00:00/54-12:59:16,3) [rcu_gp] (root,0,0,00:00:00/54-12:59:16,4) [rcu_par_gp] (root,0,0,00:00:00/54-12:59:16,5) [slub_flushwq] (root,0,0,00:00:00/54-12:59:16,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/54-12:59:16,9) [mm_percpu_wq] (root,0,0,00:00:00/54-12:59:16,10) [rcu_tasks_kthre] (root,0,0,00:00:00/54-12:59:16,11) [rcu_tasks_rude_] (root,0,0,00:00:00/54-12:59:16,12) [rcu_tasks_trace] (root,0,0,00:01:37/54-12:59:16,13) [ksoftirqd/0] (root,0,0,02:33:17/54-12:59:16,14) [rcu_preempt] (root,0,0,00:00:21/54-12:59:16,15) [migration/0] (root,0,0,00:00:00/54-12:59:16,16) [idle_inject/0] (root,0,0,00:00:00/54-12:59:16,18) [cpuhp/0] (root,0,0,00:00:00/54-12:59:16,19) [cpuhp/1] (root,0,0,00:00:00/54-12:59:16,20) [idle_inject/1] (root,0,0,00:00:21/54-12:59:16,21) [migration/1] (root,0,0,00:01:20/54-12:59:16,22) [ksoftirqd/1] (root,0,0,00:00:00/54-12:59:16,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/54-12:59:16,25) [cpuhp/2] (root,0,0,00:00:00/54-12:59:16,26) [idle_inject/2] (root,0,0,00:00:15/54-12:59:16,27) [migration/2] (root,0,0,01:36:36/54-12:59:16,28) [ksoftirqd/2] (root,0,0,00:00:00/54-12:59:16,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/54-12:59:16,31) [cpuhp/3] (root,0,0,00:00:00/54-12:59:16,32) [idle_inject/3] (root,0,0,00:00:19/54-12:59:16,33) [migration/3] (root,0,0,00:04:59/54-12:59:16,34) [ksoftirqd/3] (root,0,0,00:00:00/54-12:59:16,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/54-12:59:16,40) [kdevtmpfs] (root,0,0,00:00:00/54-12:59:16,41) [netns] (root,0,0,00:00:00/54-12:59:16,42) [inet_frag_wq] (root,0,0,00:00:18/54-12:59:16,43) [kauditd] (root,0,0,00:00:00/54-12:59:16,44) [khungtaskd] (root,0,0,00:00:00/54-12:59:16,45) [oom_reaper] (root,0,0,00:00:00/54-12:59:16,46) [writeback] (root,0,0,00:02:47/54-12:59:16,47) [kcompactd0] (root,0,0,00:00:00/54-12:59:16,48) [ksmd] (root,0,0,00:03:01/54-12:59:16,49) [khugepaged] (root,0,0,00:00:00/54-12:59:16,75) [kintegrityd] (root,0,0,00:00:00/54-12:59:16,76) [kblockd] (root,0,0,00:00:00/54-12:59:16,77) [blkcg_punt_bio] (root,0,0,00:00:00/54-12:59:16,79) [tpm_dev_wq] (root,0,0,00:00:00/54-12:59:16,80) [edac-poller] (root,0,0,00:00:00/54-12:59:16,81) [devfreq_wq] (root,0,0,00:00:00/54-12:59:16,110) [watchdogd] (root,0,0,00:00:04/54-12:59:16,111) [kswapd0] (root,0,0,00:00:14/54-12:59:16,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/54-12:59:14,115) [kthrotld] (root,0,0,00:00:00/54-12:59:14,116) [mld] (root,0,0,00:00:00/54-12:59:14,117) [ipv6_addrconf] (root,0,0,00:00:15/54-12:59:14,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/54-12:59:14,123) [kstrp] (root,0,0,00:00:00/54-12:59:14,124) [zswap-shrink] (root,0,0,00:00:00/54-12:59:14,125) [kworker/u9:0] (root,0,0,00:00:00/54-12:59:14,130) [charger_manager] (root,0,0,00:00:16/54-12:59:14,172) [kworker/1:1H-kblockd] (root,0,0,00:00:24/54-12:59:14,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/54-12:59:13,239) [kaluad] (root,0,0,00:00:00/54-12:59:13,258) [kmpath_rdacd] (root,0,0,00:00:00/54-12:59:13,304) [kmpathd] (root,0,0,00:00:00/54-12:59:13,305) [kmpath_handlerd] (root,0,0,00:00:00/54-12:59:12,342) [ata_sff] (root,0,0,00:00:00/54-12:59:12,343) [scsi_eh_0] (root,0,0,00:00:00/54-12:59:12,344) [scsi_tmf_0] (root,0,0,00:00:00/54-12:59:12,345) [scsi_eh_1] (root,0,0,00:00:00/54-12:59:12,346) [scsi_tmf_1] (root,0,0,00:01:46/54-12:59:09,366) [jbd2/vda1-8] (root,0,0,00:00:00/54-12:59:09,367) [ext4-rsv-conver] (root,38604,7852,00:01:30/54-12:58:57,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/54-12:58:56,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:24/54-12:58:54,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:31/54-12:58:23,511) /sbin/auditd (messagebus,22932,5400,00:02:53/54-12:58:22,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:38/54-12:58:22,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/54-12:58:22,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/54-12:58:20,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/54-12:58:20,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/08:12,855) [kworker/3:2-ata_sff] (root,549128,31272,00:01:04/54-12:58:06,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/54-12:58:06,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:23/54-12:58:06,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/54-12:58:06,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/54-12:58:06,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/54-12:58:06,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/54-12:58:06,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:39/54-12:58:06,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:07:48/54-12:58:06,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/54-12:58:06,1352) bpfilter_umh (root,26204,8096,00:00:27/54-12:58:06,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/54-12:58:06,1359) ntpd: asynchronous dns resolver (spot,364864,215708,2-23:35:31/54-12:58:05,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/54-12:58:05,1371) (sd-pam) (checkmk,48528,3180,00:00:00/54-12:58:05,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/54-12:58:05,1373) (sd-pam) (postfix,24244,8204,00:00:00/01:34:31,1411) pickup -l -t fifo -u (root,24216,5260,00:00:19/54-12:58:03,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/54-12:58:03,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:07/54-12:58:03,1485) /usr/sbin/cron -n (root,698412,79068,01:15:29/54-12:57:57,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,232896,77752,00:28:43/54-12:57:45,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9160,00:00:02/48-18:33:20,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:17:56,7540) [kworker/u8:2-flush-253:0] (root,35304,10040,00:00:00/16-13:26:15,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:02/16-13:26:14,10514) sshd: syslogtunnel (root,0,0,00:00:00/01:28:34,12007) [kworker/2:2] (root,0,0,00:00:01/03:02:58,13020) [kworker/0:1-events] (root,0,0,00:00:00/03:00,17984) [kworker/3:1-ata_sff] (root,0,0,00:00:00/46:52,20021) [kworker/0:2-events] (root,0,0,00:00:00/02:15:44,25166) [kworker/2:1-events] (root,0,0,00:00:00/23:46,27289) [kworker/3:0-events] (root,0,0,00:00:00/23:02,27549) [kworker/u8:0-writeback] (root,0,0,00:00:00/23:02,27550) [kworker/1:0-events] (root,6656,3480,00:00:00/00:00,29301) /bin/bash /usr/bin/check_mk_agent (root,13744,3428,00:00:00/00:00,29319) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,29320) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:00:12,29849) [kworker/1:2-events] (root,35308,10028,00:00:00/16-14:12:28,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:56/16-14:12:27,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-03 23:48 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683637a1042eaFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12464,00:02:18/47-12:01:01,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/47-12:01:01,2) [kthreadd] (root,0,0,00:00:00/47-12:01:01,3) [rcu_gp] (root,0,0,00:00:00/47-12:01:01,4) [rcu_par_gp] (root,0,0,00:00:00/47-12:01:01,5) [slub_flushwq] (root,0,0,00:00:00/47-12:01:01,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/47-12:01:01,9) [mm_percpu_wq] (root,0,0,00:00:00/47-12:01:01,10) [rcu_tasks_kthre] (root,0,0,00:00:00/47-12:01:01,11) [rcu_tasks_rude_] (root,0,0,00:00:00/47-12:01:01,12) [rcu_tasks_trace] (root,0,0,00:01:26/47-12:01:01,13) [ksoftirqd/0] (root,0,0,02:15:40/47-12:01:01,14) [rcu_preempt] (root,0,0,00:00:18/47-12:01:01,15) [migration/0] (root,0,0,00:00:00/47-12:01:01,16) [idle_inject/0] (root,0,0,00:00:00/47-12:01:01,18) [cpuhp/0] (root,0,0,00:00:00/47-12:01:01,19) [cpuhp/1] (root,0,0,00:00:00/47-12:01:01,20) [idle_inject/1] (root,0,0,00:00:18/47-12:01:01,21) [migration/1] (root,0,0,00:01:10/47-12:01:01,22) [ksoftirqd/1] (root,0,0,00:00:00/47-12:01:01,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/47-12:01:01,25) [cpuhp/2] (root,0,0,00:00:00/47-12:01:01,26) [idle_inject/2] (root,0,0,00:00:13/47-12:01:01,27) [migration/2] (root,0,0,01:27:34/47-12:01:01,28) [ksoftirqd/2] (root,0,0,00:00:00/47-12:01:01,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/47-12:01:01,31) [cpuhp/3] (root,0,0,00:00:00/47-12:01:01,32) [idle_inject/3] (root,0,0,00:00:17/47-12:01:01,33) [migration/3] (root,0,0,00:04:30/47-12:01:01,34) [ksoftirqd/3] (root,0,0,00:00:00/47-12:01:01,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/47-12:01:01,40) [kdevtmpfs] (root,0,0,00:00:00/47-12:01:01,41) [netns] (root,0,0,00:00:00/47-12:01:01,42) [inet_frag_wq] (root,0,0,00:00:16/47-12:01:01,43) [kauditd] (root,0,0,00:00:00/47-12:01:01,44) [khungtaskd] (root,0,0,00:00:00/47-12:01:01,45) [oom_reaper] (root,0,0,00:00:00/47-12:01:01,46) [writeback] (root,0,0,00:02:28/47-12:01:01,47) [kcompactd0] (root,0,0,00:00:00/47-12:01:01,48) [ksmd] (root,0,0,00:02:37/47-12:01:01,49) [khugepaged] (root,0,0,00:00:00/47-12:01:01,75) [kintegrityd] (root,0,0,00:00:00/47-12:01:01,76) [kblockd] (root,0,0,00:00:00/47-12:01:01,77) [blkcg_punt_bio] (root,0,0,00:00:00/47-12:01:01,79) [tpm_dev_wq] (root,0,0,00:00:00/47-12:01:01,80) [edac-poller] (root,0,0,00:00:00/47-12:01:01,81) [devfreq_wq] (root,0,0,00:00:00/47-12:01:01,110) [watchdogd] (root,0,0,00:00:03/47-12:01:01,111) [kswapd0] (root,0,0,00:00:12/47-12:01:01,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/47-12:00:59,115) [kthrotld] (root,0,0,00:00:00/47-12:00:59,116) [mld] (root,0,0,00:00:00/47-12:00:59,117) [ipv6_addrconf] (root,0,0,00:00:13/47-12:00:59,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/47-12:00:59,123) [kstrp] (root,0,0,00:00:00/47-12:00:59,124) [zswap-shrink] (root,0,0,00:00:00/47-12:00:59,125) [kworker/u9:0] (root,0,0,00:00:00/47-12:00:59,130) [charger_manager] (root,0,0,00:00:14/47-12:00:59,172) [kworker/1:1H-kblockd] (root,0,0,00:00:21/47-12:00:59,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/47-12:00:58,239) [kaluad] (root,0,0,00:00:00/47-12:00:58,258) [kmpath_rdacd] (root,0,0,00:00:00/47-12:00:58,304) [kmpathd] (root,0,0,00:00:00/47-12:00:58,305) [kmpath_handlerd] (root,0,0,00:00:00/47-12:00:57,342) [ata_sff] (root,0,0,00:00:00/47-12:00:57,343) [scsi_eh_0] (root,0,0,00:00:00/47-12:00:57,344) [scsi_tmf_0] (root,0,0,00:00:00/47-12:00:57,345) [scsi_eh_1] (root,0,0,00:00:00/47-12:00:57,346) [scsi_tmf_1] (root,0,0,00:01:34/47-12:00:54,366) [jbd2/vda1-8] (root,0,0,00:00:00/47-12:00:54,367) [ext4-rsv-conver] (root,38604,7856,00:01:20/47-12:00:42,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/47-12:00:41,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:14/47-12:00:39,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:28/47-12:00:08,511) /sbin/auditd (messagebus,22932,5408,00:02:36/47-12:00:07,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:28/47-12:00:07,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/47-12:00:07,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/47-12:00:05,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/47-12:00:05,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:56/47-11:59:51,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/47-11:59:51,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:43/47-11:59:51,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/47-11:59:51,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/47-11:59:51,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/47-11:59:51,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/47-11:59:51,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:30/47-11:59:51,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:52/47-11:59:51,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/47-11:59:51,1352) bpfilter_umh (root,26204,8096,00:00:24/47-11:59:51,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/47-11:59:51,1359) ntpd: asynchronous dns resolver (spot,361536,212116,2-16:37:38/47-11:59:50,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/47-11:59:50,1371) (sd-pam) (checkmk,48528,3180,00:00:00/47-11:59:50,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/47-11:59:50,1373) (sd-pam) (root,24216,5260,00:00:16/47-11:59:48,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/47-11:59:48,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/47-11:59:48,1485) /usr/sbin/cron -n (root,697508,79208,01:06:03/47-11:59:42,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,229824,73028,00:25:44/47-11:59:30,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/41-17:35:05,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/15:21,3464) [kworker/2:2-events] (root,35304,10040,00:00:00/9-12:28:00,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:37/9-12:27:59,10514) sshd: syslogtunnel (root,0,0,00:00:00/01:17:43,11812) [kworker/3:0-events] (root,0,0,00:00:00/02:38:36,14515) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/02:28:52,15451) [kworker/1:1-events] (root,0,0,00:00:00/02:19:01,15985) [kworker/2:1-events] (root,0,0,00:00:00/10:17,16875) [kworker/3:1-ata_sff] (root,0,0,00:00:00/01:54:18,18521) [kworker/1:0] (root,0,0,00:00:00/19:42,18614) [kworker/u8:1-writeback] (root,6656,3484,00:00:00/00:00,21892) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,21910) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,21911) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/06:11:20,29068) [kworker/0:0-events] (root,0,0,00:00:00/05:28,30428) [kworker/0:2-events] (root,35308,10028,00:00:00/9-13:14:13,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:34/9-13:14:12,30947) sshd: cm-ssh (root,0,0,00:00:00/05:06,31528) [kworker/3:2-ata_sff] (postfix,24244,8200,00:00:00/01:01:58,32130) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-27 22:49 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363aa0c3593Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12460,00:02:13/45-12:19:14,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/45-12:19:14,2) [kthreadd] (root,0,0,00:00:00/45-12:19:14,3) [rcu_gp] (root,0,0,00:00:00/45-12:19:14,4) [rcu_par_gp] (root,0,0,00:00:00/45-12:19:14,5) [slub_flushwq] (root,0,0,00:00:00/45-12:19:14,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/45-12:19:14,9) [mm_percpu_wq] (root,0,0,00:00:00/45-12:19:14,10) [rcu_tasks_kthre] (root,0,0,00:00:00/45-12:19:14,11) [rcu_tasks_rude_] (root,0,0,00:00:00/45-12:19:14,12) [rcu_tasks_trace] (root,0,0,00:01:23/45-12:19:14,13) [ksoftirqd/0] (root,0,0,02:10:32/45-12:19:14,14) [rcu_preempt] (root,0,0,00:00:17/45-12:19:14,15) [migration/0] (root,0,0,00:00:00/45-12:19:14,16) [idle_inject/0] (root,0,0,00:00:00/45-12:19:14,18) [cpuhp/0] (root,0,0,00:00:00/45-12:19:14,19) [cpuhp/1] (root,0,0,00:00:00/45-12:19:14,20) [idle_inject/1] (root,0,0,00:00:17/45-12:19:14,21) [migration/1] (root,0,0,00:01:08/45-12:19:14,22) [ksoftirqd/1] (root,0,0,00:00:00/45-12:19:14,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/45-12:19:14,25) [cpuhp/2] (root,0,0,00:00:00/45-12:19:14,26) [idle_inject/2] (root,0,0,00:00:13/45-12:19:14,27) [migration/2] (root,0,0,01:25:12/45-12:19:14,28) [ksoftirqd/2] (root,0,0,00:00:00/45-12:19:14,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/45-12:19:14,31) [cpuhp/3] (root,0,0,00:00:00/45-12:19:14,32) [idle_inject/3] (root,0,0,00:00:16/45-12:19:14,33) [migration/3] (root,0,0,00:04:21/45-12:19:14,34) [ksoftirqd/3] (root,0,0,00:00:00/45-12:19:14,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/45-12:19:14,40) [kdevtmpfs] (root,0,0,00:00:00/45-12:19:14,41) [netns] (root,0,0,00:00:00/45-12:19:14,42) [inet_frag_wq] (root,0,0,00:00:16/45-12:19:14,43) [kauditd] (root,0,0,00:00:00/45-12:19:14,44) [khungtaskd] (root,0,0,00:00:00/45-12:19:14,45) [oom_reaper] (root,0,0,00:00:00/45-12:19:14,46) [writeback] (root,0,0,00:02:23/45-12:19:14,47) [kcompactd0] (root,0,0,00:00:00/45-12:19:14,48) [ksmd] (root,0,0,00:02:30/45-12:19:14,49) [khugepaged] (root,0,0,00:00:00/45-12:19:14,75) [kintegrityd] (root,0,0,00:00:00/45-12:19:14,76) [kblockd] (root,0,0,00:00:00/45-12:19:14,77) [blkcg_punt_bio] (root,0,0,00:00:00/45-12:19:14,79) [tpm_dev_wq] (root,0,0,00:00:00/45-12:19:14,80) [edac-poller] (root,0,0,00:00:00/45-12:19:14,81) [devfreq_wq] (root,0,0,00:00:00/45-12:19:14,110) [watchdogd] (root,0,0,00:00:03/45-12:19:14,111) [kswapd0] (root,0,0,00:00:12/45-12:19:14,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/45-12:19:12,115) [kthrotld] (root,0,0,00:00:00/45-12:19:12,116) [mld] (root,0,0,00:00:00/45-12:19:12,117) [ipv6_addrconf] (root,0,0,00:00:12/45-12:19:12,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/45-12:19:12,123) [kstrp] (root,0,0,00:00:00/45-12:19:12,124) [zswap-shrink] (root,0,0,00:00:00/45-12:19:12,125) [kworker/u9:0] (root,0,0,00:00:00/45-12:19:12,130) [charger_manager] (root,0,0,00:00:14/45-12:19:12,172) [kworker/1:1H-kblockd] (root,0,0,00:00:20/45-12:19:12,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/45-12:19:11,239) [kaluad] (root,0,0,00:00:00/45-12:19:11,258) [kmpath_rdacd] (root,0,0,00:00:00/45-12:19:11,304) [kmpathd] (root,0,0,00:00:00/45-12:19:11,305) [kmpath_handlerd] (root,0,0,00:00:00/45-12:19:10,342) [ata_sff] (root,0,0,00:00:00/45-12:19:10,343) [scsi_eh_0] (root,0,0,00:00:00/45-12:19:10,344) [scsi_tmf_0] (root,0,0,00:00:00/45-12:19:10,345) [scsi_eh_1] (root,0,0,00:00:00/45-12:19:10,346) [scsi_tmf_1] (root,0,0,00:01:30/45-12:19:07,366) [jbd2/vda1-8] (root,0,0,00:00:00/45-12:19:07,367) [ext4-rsv-conver] (root,38604,7856,00:01:17/45-12:18:55,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/45-12:18:54,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:11/45-12:18:52,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:27/45-12:18:21,511) /sbin/auditd (messagebus,22932,5408,00:02:30/45-12:18:20,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:25/45-12:18:20,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/45-12:18:20,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/45-12:18:18,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/45-12:18:18,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:54/45-12:18:04,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/45-12:18:04,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:33/45-12:18:04,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/45-12:18:04,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/45-12:18:04,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/45-12:18:04,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/45-12:18:04,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:28/45-12:18:04,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:36/45-12:18:04,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/45-12:18:04,1352) bpfilter_umh (root,26204,8096,00:00:23/45-12:18:04,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/45-12:18:04,1359) ntpd: asynchronous dns resolver (spot,361968,206172,2-14:31:14/45-12:18:03,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/45-12:18:03,1371) (sd-pam) (checkmk,48528,3180,00:00:00/45-12:18:03,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/45-12:18:03,1373) (sd-pam) (root,24216,5260,00:00:16/45-12:18:01,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/45-12:18:01,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/45-12:18:01,1485) /usr/sbin/cron -n (root,697508,78836,01:03:19/45-12:17:55,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,228800,71512,00:24:47/45-12:17:43,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/17:25,2530) [kworker/u8:2-ext4-rsv-conversion] (postfix,44628,9184,00:00:01/39-17:53:18,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/17:14,3883) [kworker/2:0-events] (root,0,0,00:00:00/03:08,3893) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:32:50,7467) [kworker/1:1-events] (postfix,24244,8216,00:00:00/02:03,9742) pickup -l -t fifo -u (root,0,0,00:00:00/32:22,9975) [kworker/2:2-events] (root,35304,10040,00:00:00/7-12:46:13,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:30/7-12:46:12,10514) sshd: syslogtunnel (root,0,0,00:00:00/47:25,13466) [kworker/1:2] (root,0,0,00:00:00/08:19,14103) [kworker/3:1-mm_percpu_wq] (root,0,0,00:00:00/22:19,16113) [kworker/0:1] (root,6656,3480,00:00:00/00:00,20202) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,20220) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,20221) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/03:08:30,23049) [kworker/0:2-events] (root,35308,10028,00:00:00/7-13:32:26,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:27/7-13:32:25,30947) sshd: cm-ssh (root,0,0,00:00:00/01:05:24,31141) [kworker/3:0-events] (root,0,0,00:00:00/02:18:00,32405) [kworker/u8:1-writeback] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-25 23:07 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683638c6f9e9aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:08/43-12:58:01,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/43-12:58:01,2) [kthreadd] (root,0,0,00:00:00/43-12:58:01,3) [rcu_gp] (root,0,0,00:00:00/43-12:58:01,4) [rcu_par_gp] (root,0,0,00:00:00/43-12:58:01,5) [slub_flushwq] (root,0,0,00:00:00/43-12:58:01,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/43-12:58:01,9) [mm_percpu_wq] (root,0,0,00:00:00/43-12:58:01,10) [rcu_tasks_kthre] (root,0,0,00:00:00/43-12:58:01,11) [rcu_tasks_rude_] (root,0,0,00:00:00/43-12:58:01,12) [rcu_tasks_trace] (root,0,0,00:01:20/43-12:58:01,13) [ksoftirqd/0] (root,0,0,02:05:07/43-12:58:01,14) [rcu_preempt] (root,0,0,00:00:16/43-12:58:01,15) [migration/0] (root,0,0,00:00:00/43-12:58:01,16) [idle_inject/0] (root,0,0,00:00:00/43-12:58:01,18) [cpuhp/0] (root,0,0,00:00:00/43-12:58:01,19) [cpuhp/1] (root,0,0,00:00:00/43-12:58:01,20) [idle_inject/1] (root,0,0,00:00:16/43-12:58:01,21) [migration/1] (root,0,0,00:01:05/43-12:58:01,22) [ksoftirqd/1] (root,0,0,00:00:00/43-12:58:01,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/43-12:58:01,25) [cpuhp/2] (root,0,0,00:00:00/43-12:58:01,26) [idle_inject/2] (root,0,0,00:00:12/43-12:58:01,27) [migration/2] (root,0,0,01:22:27/43-12:58:01,28) [ksoftirqd/2] (root,0,0,00:00:00/43-12:58:01,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/43-12:58:01,31) [cpuhp/3] (root,0,0,00:00:00/43-12:58:01,32) [idle_inject/3] (root,0,0,00:00:15/43-12:58:01,33) [migration/3] (root,0,0,00:04:12/43-12:58:01,34) [ksoftirqd/3] (root,0,0,00:00:00/43-12:58:01,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/43-12:58:01,40) [kdevtmpfs] (root,0,0,00:00:00/43-12:58:01,41) [netns] (root,0,0,00:00:00/43-12:58:01,42) [inet_frag_wq] (root,0,0,00:00:15/43-12:58:01,43) [kauditd] (root,0,0,00:00:00/43-12:58:01,44) [khungtaskd] (root,0,0,00:00:00/43-12:58:01,45) [oom_reaper] (root,0,0,00:00:00/43-12:58:01,46) [writeback] (root,0,0,00:02:17/43-12:58:01,47) [kcompactd0] (root,0,0,00:00:00/43-12:58:01,48) [ksmd] (root,0,0,00:02:24/43-12:58:01,49) [khugepaged] (root,0,0,00:00:00/43-12:58:01,75) [kintegrityd] (root,0,0,00:00:00/43-12:58:01,76) [kblockd] (root,0,0,00:00:00/43-12:58:01,77) [blkcg_punt_bio] (root,0,0,00:00:00/43-12:58:01,79) [tpm_dev_wq] (root,0,0,00:00:00/43-12:58:01,80) [edac-poller] (root,0,0,00:00:00/43-12:58:01,81) [devfreq_wq] (root,0,0,00:00:00/43-12:58:01,110) [watchdogd] (root,0,0,00:00:03/43-12:58:01,111) [kswapd0] (root,0,0,00:00:11/43-12:58:01,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/43-12:57:59,115) [kthrotld] (root,0,0,00:00:00/43-12:57:59,116) [mld] (root,0,0,00:00:00/43-12:57:59,117) [ipv6_addrconf] (root,0,0,00:00:12/43-12:57:59,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/43-12:57:59,123) [kstrp] (root,0,0,00:00:00/43-12:57:59,124) [zswap-shrink] (root,0,0,00:00:00/43-12:57:59,125) [kworker/u9:0] (root,0,0,00:00:00/43-12:57:59,130) [charger_manager] (root,0,0,00:00:13/43-12:57:59,172) [kworker/1:1H-kblockd] (root,0,0,00:00:19/43-12:57:59,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/43-12:57:58,239) [kaluad] (root,0,0,00:00:00/43-12:57:58,258) [kmpath_rdacd] (root,0,0,00:00:00/43-12:57:58,304) [kmpathd] (root,0,0,00:00:00/43-12:57:58,305) [kmpath_handlerd] (root,0,0,00:00:00/43-12:57:57,342) [ata_sff] (root,0,0,00:00:00/43-12:57:57,343) [scsi_eh_0] (root,0,0,00:00:00/43-12:57:57,344) [scsi_tmf_0] (root,0,0,00:00:00/43-12:57:57,345) [scsi_eh_1] (root,0,0,00:00:00/43-12:57:57,346) [scsi_tmf_1] (root,0,0,00:01:27/43-12:57:54,366) [jbd2/vda1-8] (root,0,0,00:00:00/43-12:57:54,367) [ext4-rsv-conver] (root,38604,7856,00:01:15/43-12:57:42,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/43-12:57:41,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:08/43-12:57:39,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:26/43-12:57:08,511) /sbin/auditd (messagebus,22932,5408,00:02:24/43-12:57:07,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:22/43-12:57:07,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/43-12:57:07,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/43-12:57:05,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/43-12:57:05,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/30:27,883) [kworker/2:0-events] (root,548872,30852,00:00:52/43-12:56:51,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/43-12:56:51,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:21/43-12:56:51,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/43-12:56:51,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/43-12:56:51,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/43-12:56:51,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/43-12:56:51,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:25/43-12:56:51,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:19/43-12:56:51,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/43-12:56:51,1352) bpfilter_umh (root,26204,8096,00:00:22/43-12:56:51,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/43-12:56:51,1359) ntpd: asynchronous dns resolver (spot,362112,206208,2-12:17:47/43-12:56:50,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/43-12:56:50,1371) (sd-pam) (checkmk,48528,3180,00:00:00/43-12:56:50,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/43-12:56:50,1373) (sd-pam) (root,24216,5260,00:00:15/43-12:56:48,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/43-12:56:48,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/43-12:56:48,1485) /usr/sbin/cron -n (root,697508,76764,01:00:34/43-12:56:42,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,227776,70172,00:23:49/43-12:56:30,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/37-18:32:05,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/10:54,3115) [kworker/0:0-events] (root,0,0,00:00:00/10:16,5878) [kworker/3:1-events] (root,6656,3492,00:00:00/00:00,7272) /bin/bash /usr/bin/check_mk_agent (root,6656,1828,00:00:00/00:00,7313) /bin/bash /usr/bin/check_mk_agent (root,6656,2020,00:00:00/00:00,7314) /bin/bash /usr/bin/check_mk_agent (root,4480,1152,00:00:00/00:00,7315) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,816,00:00:00/00:00,7316) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2676,1308,00:00:00/00:00,7317) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3488,00:00:00/00:00,7318) /bin/bash /usr/bin/check_mk_agent (root,13744,3504,00:00:00/00:00,7336) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,7337) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35304,10040,00:00:00/5-13:25:00,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:23/5-13:24:59,10514) sshd: syslogtunnel (root,0,0,00:00:00/02:48:48,12041) [kworker/1:0-events] (root,0,0,00:00:01/03:52:14,13819) [kworker/0:2-events] (root,0,0,00:00:00/15:46,14385) [kworker/2:2-events] (root,0,0,00:00:00/06:05,16743) [kworker/1:2-events] (root,0,0,00:00:00/46:13,19317) [kworker/u8:2-writeback] (root,0,0,00:00:00/05:06,20288) [kworker/3:2-ata_sff] (postfix,24244,8252,00:00:00/01:02:33,22335) pickup -l -t fifo -u (root,0,0,00:00:00/01:01:40,23914) [kworker/u8:0-flush-253:0] (root,0,0,00:00:01/01:59:15,30519) [kworker/3:0-ata_sff] (root,35308,10028,00:00:00/5-14:11:13,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:21/5-14:11:12,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-23 23:46 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683632bd0a6c9Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:03/41-12:37:17,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/41-12:37:17,2) [kthreadd] (root,0,0,00:00:00/41-12:37:17,3) [rcu_gp] (root,0,0,00:00:00/41-12:37:17,4) [rcu_par_gp] (root,0,0,00:00:00/41-12:37:17,5) [slub_flushwq] (root,0,0,00:00:00/41-12:37:17,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/41-12:37:17,9) [mm_percpu_wq] (root,0,0,00:00:00/41-12:37:17,10) [rcu_tasks_kthre] (root,0,0,00:00:00/41-12:37:17,11) [rcu_tasks_rude_] (root,0,0,00:00:00/41-12:37:17,12) [rcu_tasks_trace] (root,0,0,00:01:16/41-12:37:17,13) [ksoftirqd/0] (root,0,0,01:59:12/41-12:37:17,14) [rcu_preempt] (root,0,0,00:00:15/41-12:37:17,15) [migration/0] (root,0,0,00:00:00/41-12:37:17,16) [idle_inject/0] (root,0,0,00:00:00/41-12:37:17,18) [cpuhp/0] (root,0,0,00:00:00/41-12:37:17,19) [cpuhp/1] (root,0,0,00:00:00/41-12:37:17,20) [idle_inject/1] (root,0,0,00:00:16/41-12:37:17,21) [migration/1] (root,0,0,00:01:02/41-12:37:17,22) [ksoftirqd/1] (root,0,0,00:00:00/41-12:37:17,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/41-12:37:17,25) [cpuhp/2] (root,0,0,00:00:00/41-12:37:17,26) [idle_inject/2] (root,0,0,00:00:12/41-12:37:17,27) [migration/2] (root,0,0,01:18:26/41-12:37:17,28) [ksoftirqd/2] (root,0,0,00:00:00/41-12:37:17,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/41-12:37:17,31) [cpuhp/3] (root,0,0,00:00:00/41-12:37:17,32) [idle_inject/3] (root,0,0,00:00:15/41-12:37:17,33) [migration/3] (root,0,0,00:03:59/41-12:37:17,34) [ksoftirqd/3] (root,0,0,00:00:00/41-12:37:17,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/41-12:37:17,40) [kdevtmpfs] (root,0,0,00:00:00/41-12:37:17,41) [netns] (root,0,0,00:00:00/41-12:37:17,42) [inet_frag_wq] (root,0,0,00:00:14/41-12:37:17,43) [kauditd] (root,0,0,00:00:00/41-12:37:17,44) [khungtaskd] (root,0,0,00:00:00/41-12:37:17,45) [oom_reaper] (root,0,0,00:00:00/41-12:37:17,46) [writeback] (root,0,0,00:02:11/41-12:37:17,47) [kcompactd0] (root,0,0,00:00:00/41-12:37:17,48) [ksmd] (root,0,0,00:02:16/41-12:37:17,49) [khugepaged] (root,0,0,00:00:00/41-12:37:17,75) [kintegrityd] (root,0,0,00:00:00/41-12:37:17,76) [kblockd] (root,0,0,00:00:00/41-12:37:17,77) [blkcg_punt_bio] (root,0,0,00:00:00/41-12:37:17,79) [tpm_dev_wq] (root,0,0,00:00:00/41-12:37:17,80) [edac-poller] (root,0,0,00:00:00/41-12:37:17,81) [devfreq_wq] (root,0,0,00:00:00/41-12:37:17,110) [watchdogd] (root,0,0,00:00:03/41-12:37:17,111) [kswapd0] (root,0,0,00:00:11/41-12:37:17,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/41-12:37:15,115) [kthrotld] (root,0,0,00:00:00/41-12:37:15,116) [mld] (root,0,0,00:00:00/41-12:37:15,117) [ipv6_addrconf] (root,0,0,00:00:11/41-12:37:15,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/41-12:37:15,123) [kstrp] (root,0,0,00:00:00/41-12:37:15,124) [zswap-shrink] (root,0,0,00:00:00/41-12:37:15,125) [kworker/u9:0] (root,0,0,00:00:00/41-12:37:15,130) [charger_manager] (root,0,0,00:00:13/41-12:37:15,172) [kworker/1:1H-kblockd] (root,0,0,00:00:18/41-12:37:15,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/41-12:37:14,239) [kaluad] (root,0,0,00:00:00/41-12:37:14,258) [kmpath_rdacd] (root,0,0,00:00:00/41-12:37:14,304) [kmpathd] (root,0,0,00:00:00/41-12:37:14,305) [kmpath_handlerd] (root,0,0,00:00:00/41-12:37:13,342) [ata_sff] (root,0,0,00:00:00/41-12:37:13,343) [scsi_eh_0] (root,0,0,00:00:00/41-12:37:13,344) [scsi_tmf_0] (root,0,0,00:00:00/41-12:37:13,345) [scsi_eh_1] (root,0,0,00:00:00/41-12:37:13,346) [scsi_tmf_1] (root,0,0,00:01:23/41-12:37:10,366) [jbd2/vda1-8] (root,0,0,00:00:00/41-12:37:10,367) [ext4-rsv-conver] (root,38604,7856,00:01:12/41-12:36:58,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:04/41-12:36:57,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:05/41-12:36:55,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:25/41-12:36:24,511) /sbin/auditd (messagebus,22932,5408,00:02:18/41-12:36:23,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:18/41-12:36:23,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/41-12:36:23,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/41-12:36:21,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/41-12:36:21,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30208,00:00:49/41-12:36:07,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/41-12:36:07,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:09/41-12:36:07,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/41-12:36:07,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/41-12:36:07,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/41-12:36:07,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/41-12:36:07,1343) /usr/lib/systemd/systemd --user (root,449060,8448,00:01:22/41-12:36:07,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:01/41-12:36:07,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/41-12:36:07,1352) bpfilter_umh (root,26204,8096,00:00:21/41-12:36:07,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/41-12:36:07,1359) ntpd: asynchronous dns resolver (spot,361936,206164,2-09:29:39/41-12:36:06,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/41-12:36:06,1371) (sd-pam) (checkmk,48528,3180,00:00:00/41-12:36:06,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/41-12:36:06,1373) (sd-pam) (root,24216,5260,00:00:14/41-12:36:04,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/41-12:36:04,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/41-12:36:04,1485) /usr/sbin/cron -n (root,697108,76384,00:57:42/41-12:35:58,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,226752,68932,00:22:48/41-12:35:46,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/11:58,2017) [kworker/0:1-cgroup_destroy] (postfix,44628,9184,00:00:01/35-18:11:21,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:24:53,3309) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/02:30,4186) [kworker/0:0] (root,0,0,00:00:00/21:40,8459) [kworker/1:0] (root,35304,10040,00:00:00/3-13:04:16,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:15/3-13:04:15,10514) sshd: syslogtunnel (root,0,0,00:00:00/09:48,10544) [kworker/3:0-ata_sff] (postfix,24244,8308,00:00:00/01:03:46,11997) pickup -l -t fifo -u (root,0,0,00:00:00/45:38,15424) [kworker/0:2-events] (root,6656,3488,00:00:00/00:00,15578) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,15596) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,15597) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/10:01:57,16954) [kworker/2:1-events] (root,0,0,00:00:01/02:40:59,18031) [kworker/1:2-events] (root,0,0,00:00:00/07:14,21069) [kworker/2:2] (root,0,0,00:00:00/14:59,23469) [kworker/3:2-mm_percpu_wq] (root,0,0,00:00:00/05:30,25841) [kworker/u8:1-writeback] (root,0,0,00:00:00/04:36,30386) [kworker/3:1-ata_sff] (root,35308,10028,00:00:00/3-13:50:29,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:14/3-13:50:28,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-21 23:26 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a529a492Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:57/39-12:41:15,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-12:41:15,2) [kthreadd] (root,0,0,00:00:00/39-12:41:15,3) [rcu_gp] (root,0,0,00:00:00/39-12:41:15,4) [rcu_par_gp] (root,0,0,00:00:00/39-12:41:15,5) [slub_flushwq] (root,0,0,00:00:00/39-12:41:15,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-12:41:15,9) [mm_percpu_wq] (root,0,0,00:00:00/39-12:41:15,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-12:41:15,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-12:41:15,12) [rcu_tasks_trace] (root,0,0,00:01:12/39-12:41:15,13) [ksoftirqd/0] (root,0,0,01:53:27/39-12:41:15,14) [rcu_preempt] (root,0,0,00:00:15/39-12:41:15,15) [migration/0] (root,0,0,00:00:00/39-12:41:15,16) [idle_inject/0] (root,0,0,00:00:00/39-12:41:15,18) [cpuhp/0] (root,0,0,00:00:00/39-12:41:15,19) [cpuhp/1] (root,0,0,00:00:00/39-12:41:15,20) [idle_inject/1] (root,0,0,00:00:15/39-12:41:15,21) [migration/1] (root,0,0,00:00:59/39-12:41:15,22) [ksoftirqd/1] (root,0,0,00:00:00/39-12:41:15,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-12:41:15,25) [cpuhp/2] (root,0,0,00:00:00/39-12:41:15,26) [idle_inject/2] (root,0,0,00:00:11/39-12:41:15,27) [migration/2] (root,0,0,01:13:46/39-12:41:15,28) [ksoftirqd/2] (root,0,0,00:00:00/39-12:41:15,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-12:41:15,31) [cpuhp/3] (root,0,0,00:00:00/39-12:41:15,32) [idle_inject/3] (root,0,0,00:00:14/39-12:41:15,33) [migration/3] (root,0,0,00:03:46/39-12:41:15,34) [ksoftirqd/3] (root,0,0,00:00:00/39-12:41:15,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-12:41:15,40) [kdevtmpfs] (root,0,0,00:00:00/39-12:41:15,41) [netns] (root,0,0,00:00:00/39-12:41:15,42) [inet_frag_wq] (root,0,0,00:00:14/39-12:41:15,43) [kauditd] (root,0,0,00:00:00/39-12:41:15,44) [khungtaskd] (root,0,0,00:00:00/39-12:41:15,45) [oom_reaper] (root,0,0,00:00:00/39-12:41:15,46) [writeback] (root,0,0,00:02:04/39-12:41:15,47) [kcompactd0] (root,0,0,00:00:00/39-12:41:15,48) [ksmd] (root,0,0,00:02:09/39-12:41:15,49) [khugepaged] (root,0,0,00:00:00/39-12:41:15,75) [kintegrityd] (root,0,0,00:00:00/39-12:41:15,76) [kblockd] (root,0,0,00:00:00/39-12:41:15,77) [blkcg_punt_bio] (root,0,0,00:00:00/39-12:41:15,79) [tpm_dev_wq] (root,0,0,00:00:00/39-12:41:15,80) [edac-poller] (root,0,0,00:00:00/39-12:41:15,81) [devfreq_wq] (root,0,0,00:00:00/39-12:41:15,110) [watchdogd] (root,0,0,00:00:02/39-12:41:15,111) [kswapd0] (root,0,0,00:00:10/39-12:41:15,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/39-12:41:13,115) [kthrotld] (root,0,0,00:00:00/39-12:41:13,116) [mld] (root,0,0,00:00:00/39-12:41:13,117) [ipv6_addrconf] (root,0,0,00:00:11/39-12:41:13,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-12:41:13,123) [kstrp] (root,0,0,00:00:00/39-12:41:13,124) [zswap-shrink] (root,0,0,00:00:00/39-12:41:13,125) [kworker/u9:0] (root,0,0,00:00:00/39-12:41:13,130) [charger_manager] (root,0,0,00:00:12/39-12:41:13,172) [kworker/1:1H-kblockd] (root,0,0,00:00:17/39-12:41:13,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/39-12:41:12,239) [kaluad] (root,0,0,00:00:00/39-12:41:12,258) [kmpath_rdacd] (root,0,0,00:00:00/39-12:41:12,304) [kmpathd] (root,0,0,00:00:00/39-12:41:12,305) [kmpath_handlerd] (root,0,0,00:00:00/39-12:41:11,342) [ata_sff] (root,0,0,00:00:00/39-12:41:11,343) [scsi_eh_0] (root,0,0,00:00:00/39-12:41:11,344) [scsi_tmf_0] (root,0,0,00:00:00/39-12:41:11,345) [scsi_eh_1] (root,0,0,00:00:00/39-12:41:11,346) [scsi_tmf_1] (root,0,0,00:01:19/39-12:41:08,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-12:41:08,367) [ext4-rsv-conver] (root,38604,7924,00:01:09/39-12:40:56,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/39-12:40:55,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:01:02/39-12:40:53,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:24/39-12:40:22,511) /sbin/auditd (messagebus,22932,5436,00:02:12/39-12:40:21,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:15/39-12:40:21,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/39-12:40:21,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/39-12:40:19,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/39-12:40:19,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30300,00:00:47/39-12:40:05,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/39-12:40:05,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:56/39-12:40:05,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/39-12:40:05,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/39-12:40:05,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/39-12:40:05,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/39-12:40:05,1343) /usr/lib/systemd/systemd --user (root,449060,8596,00:01:19/39-12:40:05,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:43/39-12:40:05,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/39-12:40:05,1352) bpfilter_umh (root,26204,8116,00:00:20/39-12:40:05,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/39-12:40:05,1359) ntpd: asynchronous dns resolver (spot,361408,198352,2-07:20:36/39-12:40:04,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/39-12:40:04,1371) (sd-pam) (checkmk,48528,3192,00:00:00/39-12:40:04,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/39-12:40:04,1373) (sd-pam) (root,24216,5260,00:00:14/39-12:40:02,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/39-12:40:02,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/39-12:40:02,1485) /usr/sbin/cron -n (root,697108,78496,00:54:50/39-12:39:56,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,67436,00:21:45/39-12:39:44,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/33-18:15:19,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:44:12,3019) [kworker/1:2-events] (root,0,0,00:00:00/57:16,8710) [kworker/0:2-events] (root,0,0,00:00:00/04:46,10085) [kworker/3:0-events] (root,35304,10040,00:00:00/1-13:08:14,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:07/1-13:08:13,10514) sshd: syslogtunnel (root,0,0,00:00:00/48:01,11697) [kworker/2:0-events] (root,0,0,00:00:00/02:29:28,12444) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/01:29:42,15998) [kworker/2:1-events] (root,0,0,00:00:00/10:34,16860) [kworker/0:0-events] (root,0,0,00:00:00/54:25,18830) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/09:59,20733) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:17,21979) [kworker/0:1-events] (root,6656,3480,00:00:00/00:00,27110) /bin/bash /usr/bin/check_mk_agent (root,13744,3440,00:00:00/00:00,27128) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,27129) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/20:20,27828) [kworker/3:1-ata_sff] (root,35308,10028,00:00:00/1-13:54:27,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:07/1-13:54:26,30947) sshd: cm-ssh (root,0,0,00:00:00/43:24,31080) [kworker/1:0] (postfix,24244,8232,00:00:00/01:28:36,31794) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-19 23:29 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836325b7faf8Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:52/37-13:14:34,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-13:14:34,2) [kthreadd] (root,0,0,00:00:00/37-13:14:34,3) [rcu_gp] (root,0,0,00:00:00/37-13:14:34,4) [rcu_par_gp] (root,0,0,00:00:00/37-13:14:34,5) [slub_flushwq] (root,0,0,00:00:00/37-13:14:34,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-13:14:34,9) [mm_percpu_wq] (root,0,0,00:00:00/37-13:14:34,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-13:14:34,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-13:14:34,12) [rcu_tasks_trace] (root,0,0,00:01:07/37-13:14:34,13) [ksoftirqd/0] (root,0,0,01:47:26/37-13:14:34,14) [rcu_preempt] (root,0,0,00:00:14/37-13:14:34,15) [migration/0] (root,0,0,00:00:00/37-13:14:34,16) [idle_inject/0] (root,0,0,00:00:00/37-13:14:34,18) [cpuhp/0] (root,0,0,00:00:00/37-13:14:34,19) [cpuhp/1] (root,0,0,00:00:00/37-13:14:34,20) [idle_inject/1] (root,0,0,00:00:14/37-13:14:34,21) [migration/1] (root,0,0,00:00:55/37-13:14:34,22) [ksoftirqd/1] (root,0,0,00:00:00/37-13:14:34,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-13:14:34,25) [cpuhp/2] (root,0,0,00:00:00/37-13:14:34,26) [idle_inject/2] (root,0,0,00:00:10/37-13:14:34,27) [migration/2] (root,0,0,01:07:57/37-13:14:34,28) [ksoftirqd/2] (root,0,0,00:00:00/37-13:14:34,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-13:14:34,31) [cpuhp/3] (root,0,0,00:00:00/37-13:14:34,32) [idle_inject/3] (root,0,0,00:00:13/37-13:14:34,33) [migration/3] (root,0,0,00:03:30/37-13:14:34,34) [ksoftirqd/3] (root,0,0,00:00:00/37-13:14:34,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-13:14:34,40) [kdevtmpfs] (root,0,0,00:00:00/37-13:14:34,41) [netns] (root,0,0,00:00:00/37-13:14:34,42) [inet_frag_wq] (root,0,0,00:00:13/37-13:14:34,43) [kauditd] (root,0,0,00:00:00/37-13:14:34,44) [khungtaskd] (root,0,0,00:00:00/37-13:14:34,45) [oom_reaper] (root,0,0,00:00:00/37-13:14:34,46) [writeback] (root,0,0,00:01:58/37-13:14:34,47) [kcompactd0] (root,0,0,00:00:00/37-13:14:34,48) [ksmd] (root,0,0,00:02:02/37-13:14:34,49) [khugepaged] (root,0,0,00:00:00/37-13:14:34,75) [kintegrityd] (root,0,0,00:00:00/37-13:14:34,76) [kblockd] (root,0,0,00:00:00/37-13:14:34,77) [blkcg_punt_bio] (root,0,0,00:00:00/37-13:14:34,79) [tpm_dev_wq] (root,0,0,00:00:00/37-13:14:34,80) [edac-poller] (root,0,0,00:00:00/37-13:14:34,81) [devfreq_wq] (root,0,0,00:00:00/37-13:14:34,110) [watchdogd] (root,0,0,00:00:02/37-13:14:34,111) [kswapd0] (root,0,0,00:00:10/37-13:14:34,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/37-13:14:32,115) [kthrotld] (root,0,0,00:00:00/37-13:14:32,116) [mld] (root,0,0,00:00:00/37-13:14:32,117) [ipv6_addrconf] (root,0,0,00:00:10/37-13:14:32,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-13:14:32,123) [kstrp] (root,0,0,00:00:00/37-13:14:32,124) [zswap-shrink] (root,0,0,00:00:00/37-13:14:32,125) [kworker/u9:0] (root,0,0,00:00:00/37-13:14:32,130) [charger_manager] (root,0,0,00:00:11/37-13:14:32,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/37-13:14:32,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/37-13:14:31,239) [kaluad] (root,0,0,00:00:00/37-13:14:31,258) [kmpath_rdacd] (root,0,0,00:00:00/37-13:14:31,304) [kmpathd] (root,0,0,00:00:00/37-13:14:31,305) [kmpath_handlerd] (root,0,0,00:00:00/37-13:14:30,342) [ata_sff] (root,0,0,00:00:00/37-13:14:30,343) [scsi_eh_0] (root,0,0,00:00:00/37-13:14:30,344) [scsi_tmf_0] (root,0,0,00:00:00/37-13:14:30,345) [scsi_eh_1] (root,0,0,00:00:00/37-13:14:30,346) [scsi_tmf_1] (root,0,0,00:01:15/37-13:14:27,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-13:14:27,367) [ext4-rsv-conver] (root,38604,7924,00:01:01/37-13:14:15,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/37-13:14:14,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:00:59/37-13:14:12,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:22/37-13:13:41,511) /sbin/auditd (messagebus,22932,5436,00:02:06/37-13:13:40,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:11/37-13:13:40,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/37-13:13:40,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/37-13:13:38,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/37-13:13:38,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30292,00:00:44/37-13:13:24,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/37-13:13:24,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:45/37-13:13:24,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/37-13:13:24,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/37-13:13:24,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/37-13:13:24,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/37-13:13:24,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:58/37-13:13:24,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:25/37-13:13:24,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/37-13:13:24,1352) bpfilter_umh (root,26204,8116,00:00:19/37-13:13:24,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/37-13:13:24,1359) ntpd: asynchronous dns resolver (spot,362112,198528,2-04:24:24/37-13:13:23,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/37-13:13:23,1371) (sd-pam) (checkmk,48528,3192,00:00:00/37-13:13:23,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/37-13:13:23,1373) (sd-pam) (root,24216,5260,00:00:13/37-13:13:21,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/37-13:13:21,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/37-13:13:21,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/37-13:13:18,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:19/37-13:13:17,1527) sshd: syslogtunnel (root,696596,75960,00:51:58/37-13:13:15,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66208,00:20:42/37-13:13:03,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/31-18:48:38,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/37-13:12:38,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:02:04/37-13:12:38,3218) sshd: cm-ssh (root,0,0,00:00:00/54:53,10083) [kworker/1:2-events] (root,0,0,00:00:00/04:18,10093) [kworker/1:1-events] (root,0,0,00:00:00/13:30,10889) [kworker/0:1-events] (root,0,0,00:00:00/02:21,16257) [kworker/3:1-ata_sff] (root,0,0,00:00:00/02:38:13,18233) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:01/03:11:56,19177) [kworker/0:2-cgroup_destroy] (root,0,0,00:00:00/01:54:19,24321) [kworker/2:1-events] (root,6656,3488,00:00:00/00:00,24608) /bin/bash /usr/bin/check_mk_agent (root,13744,3372,00:00:00/00:00,24626) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,24627) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/08:21,25431) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/02:17:34,26865) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/45:37,27095) [kworker/2:0-events] (root,0,0,00:00:00/07:32,27959) [kworker/3:0-ata_sff] (postfix,24244,8148,00:00:00/43:44,28767) pickup -l -t fifo -u (root,0,0,00:00:03/04:52:54,32737) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-18 00:03 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683636b97d771Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12620,00:01:46/35-14:30:04,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/35-14:30:04,2) [kthreadd] (root,0,0,00:00:00/35-14:30:04,3) [rcu_gp] (root,0,0,00:00:00/35-14:30:04,4) [rcu_par_gp] (root,0,0,00:00:00/35-14:30:04,5) [slub_flushwq] (root,0,0,00:00:00/35-14:30:04,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-14:30:04,9) [mm_percpu_wq] (root,0,0,00:00:00/35-14:30:04,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-14:30:04,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-14:30:04,12) [rcu_tasks_trace] (root,0,0,00:01:04/35-14:30:04,13) [ksoftirqd/0] (root,0,0,01:42:18/35-14:30:04,14) [rcu_preempt] (root,0,0,00:00:13/35-14:30:04,15) [migration/0] (root,0,0,00:00:00/35-14:30:04,16) [idle_inject/0] (root,0,0,00:00:00/35-14:30:04,18) [cpuhp/0] (root,0,0,00:00:00/35-14:30:04,19) [cpuhp/1] (root,0,0,00:00:00/35-14:30:04,20) [idle_inject/1] (root,0,0,00:00:13/35-14:30:04,21) [migration/1] (root,0,0,00:00:52/35-14:30:04,22) [ksoftirqd/1] (root,0,0,00:00:00/35-14:30:04,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-14:30:04,25) [cpuhp/2] (root,0,0,00:00:00/35-14:30:04,26) [idle_inject/2] (root,0,0,00:00:10/35-14:30:04,27) [migration/2] (root,0,0,01:05:12/35-14:30:04,28) [ksoftirqd/2] (root,0,0,00:00:00/35-14:30:04,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-14:30:04,31) [cpuhp/3] (root,0,0,00:00:00/35-14:30:04,32) [idle_inject/3] (root,0,0,00:00:12/35-14:30:04,33) [migration/3] (root,0,0,00:03:21/35-14:30:04,34) [ksoftirqd/3] (root,0,0,00:00:00/35-14:30:04,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-14:30:04,40) [kdevtmpfs] (root,0,0,00:00:00/35-14:30:04,41) [netns] (root,0,0,00:00:00/35-14:30:04,42) [inet_frag_wq] (root,0,0,00:00:12/35-14:30:04,43) [kauditd] (root,0,0,00:00:00/35-14:30:04,44) [khungtaskd] (root,0,0,00:00:00/35-14:30:04,45) [oom_reaper] (root,0,0,00:00:00/35-14:30:04,46) [writeback] (root,0,0,00:01:52/35-14:30:04,47) [kcompactd0] (root,0,0,00:00:00/35-14:30:04,48) [ksmd] (root,0,0,00:01:56/35-14:30:04,49) [khugepaged] (root,0,0,00:00:00/35-14:30:04,75) [kintegrityd] (root,0,0,00:00:00/35-14:30:04,76) [kblockd] (root,0,0,00:00:00/35-14:30:04,77) [blkcg_punt_bio] (root,0,0,00:00:00/35-14:30:04,79) [tpm_dev_wq] (root,0,0,00:00:00/35-14:30:04,80) [edac-poller] (root,0,0,00:00:00/35-14:30:04,81) [devfreq_wq] (root,0,0,00:00:00/35-14:30:04,110) [watchdogd] (root,0,0,00:00:02/35-14:30:04,111) [kswapd0] (root,0,0,00:00:09/35-14:30:04,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/35-14:30:02,115) [kthrotld] (root,0,0,00:00:00/35-14:30:02,116) [mld] (root,0,0,00:00:00/35-14:30:02,117) [ipv6_addrconf] (root,0,0,00:00:10/35-14:30:02,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-14:30:02,123) [kstrp] (root,0,0,00:00:00/35-14:30:02,124) [zswap-shrink] (root,0,0,00:00:00/35-14:30:02,125) [kworker/u9:0] (root,0,0,00:00:00/35-14:30:02,130) [charger_manager] (root,0,0,00:00:10/35-14:30:02,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/35-14:30:02,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/35-14:30:01,239) [kaluad] (root,0,0,00:00:00/35-14:30:01,258) [kmpath_rdacd] (root,0,0,00:00:00/35-14:30:01,304) [kmpathd] (root,0,0,00:00:00/35-14:30:01,305) [kmpath_handlerd] (root,0,0,00:00:00/35-14:30:00,342) [ata_sff] (root,0,0,00:00:00/35-14:30:00,343) [scsi_eh_0] (root,0,0,00:00:00/35-14:30:00,344) [scsi_tmf_0] (root,0,0,00:00:00/35-14:30:00,345) [scsi_eh_1] (root,0,0,00:00:00/35-14:30:00,346) [scsi_tmf_1] (root,0,0,00:01:11/35-14:29:57,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-14:29:57,367) [ext4-rsv-conver] (root,38604,7924,00:00:58/35-14:29:45,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/35-14:29:44,454) /usr/lib/systemd/systemd-udevd (root,0,0,00:00:00/09:18,485) [kworker/0:2-events] (root,8624,6172,00:00:56/35-14:29:42,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:21/35-14:29:11,511) /sbin/auditd (messagebus,22932,5436,00:01:59/35-14:29:10,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:07/35-14:29:10,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/35-14:29:10,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/35-14:29:08,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/35-14:29:08,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:03:16,633) [kworker/u8:1-writeback] (root,548616,30252,00:00:42/35-14:28:54,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/35-14:28:54,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:35/35-14:28:54,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/35-14:28:54,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/35-14:28:54,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/35-14:28:54,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/35-14:28:54,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:55/35-14:28:54,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:09/35-14:28:54,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/35-14:28:54,1352) bpfilter_umh (root,26204,8116,00:00:18/35-14:28:54,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/35-14:28:54,1359) ntpd: asynchronous dns resolver (spot,361040,198256,2-02:20:03/35-14:28:53,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/35-14:28:53,1371) (sd-pam) (checkmk,48528,3192,00:00:00/35-14:28:53,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/35-14:28:53,1373) (sd-pam) (root,24216,5260,00:00:12/35-14:28:51,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/35-14:28:51,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/35-14:28:51,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/35-14:28:48,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:13/35-14:28:47,1527) sshd: syslogtunnel (root,696596,77900,00:49:18/35-14:28:45,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:01/02:38:16,1719) [kworker/2:2-events] (root,6656,3484,00:00:00/00:00,1990) /bin/bash /usr/bin/check_mk_agent (spot,223680,64864,00:19:43/35-14:28:33,1995) /usr/bin/python3.11 /usr/bin/spot (root,13744,3364,00:00:00/00:00,2010) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,2011) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,44628,9244,00:00:01/29-20:04:08,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/35-14:28:08,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:58/35-14:28:08,3218) sshd: cm-ssh (root,0,0,00:00:00/01:35:27,11281) [kworker/0:1-events] (root,0,0,00:00:00/15:21,15127) [kworker/3:1-ata_sff] (root,0,0,00:00:00/04:59,16037) [kworker/3:0-events] (root,0,0,00:00:00/34:02,16207) [kworker/1:2-events] (postfix,24244,8160,00:00:00/41:00,18195) pickup -l -t fifo -u (root,0,0,00:00:00/03:45:58,19269) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:48:03,20934) [kworker/1:1-events] (root,0,0,00:00:00/13:53,21129) [kworker/2:0-events] (root,0,0,00:00:03/10:11,31160) [kworker/3:2-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-16 01:18 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363aeaa2f11Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:39/33-13:04:23,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/33-13:04:23,2) [kthreadd] (root,0,0,00:00:00/33-13:04:23,3) [rcu_gp] (root,0,0,00:00:00/33-13:04:23,4) [rcu_par_gp] (root,0,0,00:00:00/33-13:04:23,5) [slub_flushwq] (root,0,0,00:00:00/33-13:04:23,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-13:04:23,9) [mm_percpu_wq] (root,0,0,00:00:00/33-13:04:23,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-13:04:23,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-13:04:23,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-13:04:23,13) [ksoftirqd/0] (root,0,0,01:36:47/33-13:04:23,14) [rcu_preempt] (root,0,0,00:00:12/33-13:04:23,15) [migration/0] (root,0,0,00:00:00/33-13:04:23,16) [idle_inject/0] (root,0,0,00:00:00/33-13:04:23,18) [cpuhp/0] (root,0,0,00:00:00/33-13:04:23,19) [cpuhp/1] (root,0,0,00:00:00/33-13:04:23,20) [idle_inject/1] (root,0,0,00:00:12/33-13:04:23,21) [migration/1] (root,0,0,00:00:50/33-13:04:23,22) [ksoftirqd/1] (root,0,0,00:00:00/33-13:04:23,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-13:04:23,25) [cpuhp/2] (root,0,0,00:00:00/33-13:04:23,26) [idle_inject/2] (root,0,0,00:00:09/33-13:04:23,27) [migration/2] (root,0,0,01:01:58/33-13:04:23,28) [ksoftirqd/2] (root,0,0,00:00:00/33-13:04:23,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-13:04:23,31) [cpuhp/3] (root,0,0,00:00:00/33-13:04:23,32) [idle_inject/3] (root,0,0,00:00:12/33-13:04:23,33) [migration/3] (root,0,0,00:03:12/33-13:04:23,34) [ksoftirqd/3] (root,0,0,00:00:00/33-13:04:23,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-13:04:23,40) [kdevtmpfs] (root,0,0,00:00:00/33-13:04:23,41) [netns] (root,0,0,00:00:00/33-13:04:23,42) [inet_frag_wq] (root,0,0,00:00:12/33-13:04:23,43) [kauditd] (root,0,0,00:00:00/33-13:04:23,44) [khungtaskd] (root,0,0,00:00:00/33-13:04:23,45) [oom_reaper] (root,0,0,00:00:00/33-13:04:23,46) [writeback] (root,0,0,00:01:46/33-13:04:23,47) [kcompactd0] (root,0,0,00:00:00/33-13:04:23,48) [ksmd] (root,0,0,00:01:49/33-13:04:23,49) [khugepaged] (root,0,0,00:00:00/33-13:04:23,75) [kintegrityd] (root,0,0,00:00:00/33-13:04:23,76) [kblockd] (root,0,0,00:00:00/33-13:04:23,77) [blkcg_punt_bio] (root,0,0,00:00:00/33-13:04:23,79) [tpm_dev_wq] (root,0,0,00:00:00/33-13:04:23,80) [edac-poller] (root,0,0,00:00:00/33-13:04:23,81) [devfreq_wq] (root,0,0,00:00:00/33-13:04:23,110) [watchdogd] (root,0,0,00:00:02/33-13:04:23,111) [kswapd0] (root,0,0,00:00:09/33-13:04:23,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/33-13:04:21,115) [kthrotld] (root,0,0,00:00:00/33-13:04:21,116) [mld] (root,0,0,00:00:00/33-13:04:21,117) [ipv6_addrconf] (root,0,0,00:00:09/33-13:04:21,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-13:04:21,123) [kstrp] (root,0,0,00:00:00/33-13:04:21,124) [zswap-shrink] (root,0,0,00:00:00/33-13:04:21,125) [kworker/u9:0] (root,0,0,00:00:00/33-13:04:21,130) [charger_manager] (root,0,0,00:00:10/33-13:04:21,172) [kworker/1:1H-kblockd] (root,0,0,00:00:15/33-13:04:21,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/33-13:04:20,239) [kaluad] (root,0,0,00:00:00/33-13:04:20,258) [kmpath_rdacd] (root,0,0,00:00:00/33-13:04:20,304) [kmpathd] (root,0,0,00:00:00/33-13:04:20,305) [kmpath_handlerd] (root,0,0,00:00:00/33-13:04:19,342) [ata_sff] (root,0,0,00:00:00/33-13:04:19,343) [scsi_eh_0] (root,0,0,00:00:00/33-13:04:19,344) [scsi_tmf_0] (root,0,0,00:00:00/33-13:04:19,345) [scsi_eh_1] (root,0,0,00:00:00/33-13:04:19,346) [scsi_tmf_1] (root,0,0,00:01:07/33-13:04:16,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-13:04:16,367) [ext4-rsv-conver] (root,38604,7944,00:00:54/33-13:04:04,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/33-13:04:03,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:53/33-13:04:01,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:20/33-13:03:30,511) /sbin/auditd (messagebus,22932,5632,00:01:52/33-13:03:29,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:01:03/33-13:03:29,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/33-13:03:29,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/33-13:03:27,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/33-13:03:27,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:39/33-13:03:13,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/33-13:03:13,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:23/33-13:03:13,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/33-13:03:13,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/33-13:03:13,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/33-13:03:13,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/33-13:03:13,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:52/33-13:03:13,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:51/33-13:03:13,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/33-13:03:13,1352) bpfilter_umh (root,26204,8128,00:00:17/33-13:03:13,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/33-13:03:13,1359) ntpd: asynchronous dns resolver (spot,361408,200084,2-00:18:55/33-13:03:12,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/33-13:03:12,1371) (sd-pam) (checkmk,48528,3192,00:00:00/33-13:03:12,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/33-13:03:12,1373) (sd-pam) (root,24216,5260,00:00:11/33-13:03:10,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/33-13:03:10,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/33-13:03:10,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/33-13:03:07,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:05/33-13:03:06,1527) sshd: syslogtunnel (root,694036,73228,00:46:26/33-13:03:04,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/17:05,1600) [kworker/3:0-events] (spot,222656,63352,00:18:42/33-13:02:52,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/27-18:38:27,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/33-13:02:27,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:51/33-13:02:27,3218) sshd: cm-ssh (root,0,0,00:00:00/29:22,4095) [kworker/2:0] (root,0,0,00:00:00/23:02,7631) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/01:32,8286) [kworker/3:2-ata_sff] (root,0,0,00:00:02/04:49:46,15620) [kworker/2:2-mm_percpu_wq] (root,0,0,00:00:00/06:42,16144) [kworker/3:1-ata_sff] (root,6656,3484,00:00:00/00:00,16826) /bin/bash /usr/bin/check_mk_agent (root,13744,3440,00:00:00/00:00,16844) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,16845) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/13:50,16920) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/06:08,18362) [kworker/0:2-cgroup_destroy] (root,0,0,00:00:00/01:29:27,21273) [kworker/0:1-events] (root,0,0,00:00:00/19:26,22988) [kworker/1:2-cgroup_destroy] (postfix,24244,8228,00:00:00/01:16:18,25034) pickup -l -t fifo -u (root,0,0,00:00:00/01:16:06,25667) [kworker/1:0-mm_percpu_wq] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-13 23:53 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836317536f85Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:33/31-13:00:45,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-13:00:45,2) [kthreadd] (root,0,0,00:00:00/31-13:00:45,3) [rcu_gp] (root,0,0,00:00:00/31-13:00:45,4) [rcu_par_gp] (root,0,0,00:00:00/31-13:00:45,5) [slub_flushwq] (root,0,0,00:00:00/31-13:00:45,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-13:00:45,9) [mm_percpu_wq] (root,0,0,00:00:00/31-13:00:45,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-13:00:45,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-13:00:45,12) [rcu_tasks_trace] (root,0,0,00:00:58/31-13:00:45,13) [ksoftirqd/0] (root,0,0,01:31:27/31-13:00:45,14) [rcu_preempt] (root,0,0,00:00:12/31-13:00:45,15) [migration/0] (root,0,0,00:00:00/31-13:00:45,16) [idle_inject/0] (root,0,0,00:00:00/31-13:00:45,18) [cpuhp/0] (root,0,0,00:00:00/31-13:00:45,19) [cpuhp/1] (root,0,0,00:00:00/31-13:00:45,20) [idle_inject/1] (root,0,0,00:00:12/31-13:00:45,21) [migration/1] (root,0,0,00:00:47/31-13:00:45,22) [ksoftirqd/1] (root,0,0,00:00:00/31-13:00:45,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-13:00:45,25) [cpuhp/2] (root,0,0,00:00:00/31-13:00:45,26) [idle_inject/2] (root,0,0,00:00:09/31-13:00:45,27) [migration/2] (root,0,0,00:58:55/31-13:00:45,28) [ksoftirqd/2] (root,0,0,00:00:00/31-13:00:45,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-13:00:45,31) [cpuhp/3] (root,0,0,00:00:00/31-13:00:45,32) [idle_inject/3] (root,0,0,00:00:11/31-13:00:45,33) [migration/3] (root,0,0,00:03:03/31-13:00:45,34) [ksoftirqd/3] (root,0,0,00:00:00/31-13:00:45,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-13:00:45,40) [kdevtmpfs] (root,0,0,00:00:00/31-13:00:45,41) [netns] (root,0,0,00:00:00/31-13:00:45,42) [inet_frag_wq] (root,0,0,00:00:11/31-13:00:45,43) [kauditd] (root,0,0,00:00:00/31-13:00:45,44) [khungtaskd] (root,0,0,00:00:00/31-13:00:45,45) [oom_reaper] (root,0,0,00:00:00/31-13:00:45,46) [writeback] (root,0,0,00:01:40/31-13:00:45,47) [kcompactd0] (root,0,0,00:00:00/31-13:00:45,48) [ksmd] (root,0,0,00:01:43/31-13:00:45,49) [khugepaged] (root,0,0,00:00:00/31-13:00:45,75) [kintegrityd] (root,0,0,00:00:00/31-13:00:45,76) [kblockd] (root,0,0,00:00:00/31-13:00:45,77) [blkcg_punt_bio] (root,0,0,00:00:00/31-13:00:45,79) [tpm_dev_wq] (root,0,0,00:00:00/31-13:00:45,80) [edac-poller] (root,0,0,00:00:00/31-13:00:45,81) [devfreq_wq] (root,0,0,00:00:00/31-13:00:45,110) [watchdogd] (root,0,0,00:00:02/31-13:00:45,111) [kswapd0] (root,0,0,00:00:08/31-13:00:45,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/31-13:00:43,115) [kthrotld] (root,0,0,00:00:00/31-13:00:43,116) [mld] (root,0,0,00:00:00/31-13:00:43,117) [ipv6_addrconf] (root,0,0,00:00:09/31-13:00:43,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-13:00:43,123) [kstrp] (root,0,0,00:00:00/31-13:00:43,124) [zswap-shrink] (root,0,0,00:00:00/31-13:00:43,125) [kworker/u9:0] (root,0,0,00:00:00/31-13:00:43,130) [charger_manager] (root,0,0,00:00:09/31-13:00:43,172) [kworker/1:1H-kblockd] (root,0,0,00:00:14/31-13:00:43,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/31-13:00:42,239) [kaluad] (root,0,0,00:00:00/31-13:00:42,258) [kmpath_rdacd] (root,0,0,00:00:00/31-13:00:42,304) [kmpathd] (root,0,0,00:00:00/31-13:00:42,305) [kmpath_handlerd] (root,0,0,00:00:00/31-13:00:41,342) [ata_sff] (root,0,0,00:00:00/31-13:00:41,343) [scsi_eh_0] (root,0,0,00:00:00/31-13:00:41,344) [scsi_tmf_0] (root,0,0,00:00:00/31-13:00:41,345) [scsi_eh_1] (root,0,0,00:00:00/31-13:00:41,346) [scsi_tmf_1] (root,0,0,00:01:03/31-13:00:38,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-13:00:38,367) [ext4-rsv-conver] (root,38604,7944,00:00:51/31-13:00:26,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/31-13:00:25,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:49/31-13:00:23,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:18/31-12:59:52,511) /sbin/auditd (messagebus,22932,5632,00:01:44/31-12:59:51,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:59/31-12:59:51,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/31-12:59:51,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/31-12:59:49,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/31-12:59:49,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:37/31-12:59:35,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/31-12:59:35,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:12/31-12:59:35,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/31-12:59:35,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/31-12:59:35,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/31-12:59:35,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/31-12:59:35,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:48/31-12:59:35,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:35/31-12:59:35,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/31-12:59:35,1352) bpfilter_umh (root,26204,8128,00:00:16/31-12:59:35,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/31-12:59:35,1359) ntpd: asynchronous dns resolver (spot,362256,200308,1-22:10:16/31-12:59:34,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/31-12:59:34,1371) (sd-pam) (checkmk,48528,3192,00:00:00/31-12:59:34,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/31-12:59:34,1373) (sd-pam) (root,24216,5260,00:00:11/31-12:59:32,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/31-12:59:32,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/31-12:59:32,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/31-12:59:29,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:58/31-12:59:28,1527) sshd: syslogtunnel (root,693780,74896,00:43:42/31-12:59:26,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,221632,61988,00:17:41/31-12:59:14,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/25-18:34:49,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/05:09,2865) [kworker/u8:2-flush-253:0] (root,35308,10108,00:00:00/31-12:58:49,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:45/31-12:58:49,3218) sshd: cm-ssh (root,0,0,00:00:00/04:13,6836) [kworker/3:2-ata_sff] (root,0,0,00:00:00/18:09:21,11736) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/09:23,13725) [kworker/3:0-ata_sff] (root,0,0,00:00:00/02:44,15172) [kworker/0:2] (root,0,0,00:00:00/16:08,18883) [kworker/1:1-events] (root,0,0,00:00:01/03:21:17,22602) [kworker/2:1-events] (root,0,0,00:00:00/01:48:46,23881) [kworker/1:2-events] (postfix,24244,8268,00:00:00/01:34:37,25794) pickup -l -t fifo -u (root,6764,3512,00:00:00/00:00,26834) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,26943) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,26977) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,26979) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/29:29,27419) [kworker/2:2-events] (root,0,0,00:00:00/01:43:04,27771) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:01/02:23:54,28641) [kworker/0:1-events] (root,0,0,00:00:00/19:46,31518) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-11 23:49 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363aeb52cd8Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:25/29-13:02:37,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-13:02:37,2) [kthreadd] (root,0,0,00:00:00/29-13:02:37,3) [rcu_gp] (root,0,0,00:00:00/29-13:02:37,4) [rcu_par_gp] (root,0,0,00:00:00/29-13:02:37,5) [slub_flushwq] (root,0,0,00:00:00/29-13:02:37,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-13:02:37,9) [mm_percpu_wq] (root,0,0,00:00:00/29-13:02:37,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-13:02:37,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-13:02:37,12) [rcu_tasks_trace] (root,0,0,00:00:55/29-13:02:37,13) [ksoftirqd/0] (root,0,0,01:25:38/29-13:02:37,14) [rcu_preempt] (root,0,0,00:00:11/29-13:02:37,15) [migration/0] (root,0,0,00:00:00/29-13:02:37,16) [idle_inject/0] (root,0,0,00:00:00/29-13:02:37,18) [cpuhp/0] (root,0,0,00:00:00/29-13:02:37,19) [cpuhp/1] (root,0,0,00:00:00/29-13:02:37,20) [idle_inject/1] (root,0,0,00:00:11/29-13:02:37,21) [migration/1] (root,0,0,00:00:45/29-13:02:37,22) [ksoftirqd/1] (root,0,0,00:00:00/29-13:02:37,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-13:02:37,25) [cpuhp/2] (root,0,0,00:00:00/29-13:02:37,26) [idle_inject/2] (root,0,0,00:00:08/29-13:02:37,27) [migration/2] (root,0,0,00:54:42/29-13:02:37,28) [ksoftirqd/2] (root,0,0,00:00:00/29-13:02:37,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-13:02:37,31) [cpuhp/3] (root,0,0,00:00:00/29-13:02:37,32) [idle_inject/3] (root,0,0,00:00:10/29-13:02:37,33) [migration/3] (root,0,0,00:02:50/29-13:02:37,34) [ksoftirqd/3] (root,0,0,00:00:00/29-13:02:37,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-13:02:37,40) [kdevtmpfs] (root,0,0,00:00:00/29-13:02:37,41) [netns] (root,0,0,00:00:00/29-13:02:37,42) [inet_frag_wq] (root,0,0,00:00:10/29-13:02:37,43) [kauditd] (root,0,0,00:00:00/29-13:02:37,44) [khungtaskd] (root,0,0,00:00:00/29-13:02:37,45) [oom_reaper] (root,0,0,00:00:00/29-13:02:37,46) [writeback] (root,0,0,00:01:34/29-13:02:37,47) [kcompactd0] (root,0,0,00:00:00/29-13:02:37,48) [ksmd] (root,0,0,00:01:36/29-13:02:37,49) [khugepaged] (root,0,0,00:00:00/29-13:02:37,75) [kintegrityd] (root,0,0,00:00:00/29-13:02:37,76) [kblockd] (root,0,0,00:00:00/29-13:02:37,77) [blkcg_punt_bio] (root,0,0,00:00:00/29-13:02:37,79) [tpm_dev_wq] (root,0,0,00:00:00/29-13:02:37,80) [edac-poller] (root,0,0,00:00:00/29-13:02:37,81) [devfreq_wq] (root,0,0,00:00:00/29-13:02:37,110) [watchdogd] (root,0,0,00:00:02/29-13:02:37,111) [kswapd0] (root,0,0,00:00:08/29-13:02:37,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/29-13:02:35,115) [kthrotld] (root,0,0,00:00:00/29-13:02:35,116) [mld] (root,0,0,00:00:00/29-13:02:35,117) [ipv6_addrconf] (root,0,0,00:00:08/29-13:02:35,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-13:02:35,123) [kstrp] (root,0,0,00:00:00/29-13:02:35,124) [zswap-shrink] (root,0,0,00:00:00/29-13:02:35,125) [kworker/u9:0] (root,0,0,00:00:00/29-13:02:35,130) [charger_manager] (root,0,0,00:00:09/29-13:02:35,172) [kworker/1:1H-kblockd] (root,0,0,00:00:13/29-13:02:35,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/29-13:02:34,239) [kaluad] (root,0,0,00:00:00/29-13:02:34,258) [kmpath_rdacd] (root,0,0,00:00:00/29-13:02:34,304) [kmpathd] (root,0,0,00:00:00/29-13:02:34,305) [kmpath_handlerd] (root,0,0,00:00:00/29-13:02:33,342) [ata_sff] (root,0,0,00:00:00/29-13:02:33,343) [scsi_eh_0] (root,0,0,00:00:00/29-13:02:33,344) [scsi_tmf_0] (root,0,0,00:00:00/29-13:02:33,345) [scsi_eh_1] (root,0,0,00:00:00/29-13:02:33,346) [scsi_tmf_1] (root,0,0,00:00:59/29-13:02:30,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-13:02:30,367) [ext4-rsv-conver] (root,38604,7944,00:00:47/29-13:02:18,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/29-13:02:17,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:46/29-13:02:15,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:17/29-13:01:44,511) /sbin/auditd (messagebus,22932,5632,00:01:35/29-13:01:43,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:54/29-13:01:43,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/29-13:01:43,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/29-13:01:41,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/29-13:01:41,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:35/29-13:01:27,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/29-13:01:27,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:01/29-13:01:27,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/29-13:01:27,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/29-13:01:27,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/29-13:01:27,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/29-13:01:27,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:45/29-13:01:27,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:17/29-13:01:27,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/29-13:01:27,1352) bpfilter_umh (root,26204,8128,00:00:14/29-13:01:27,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/29-13:01:27,1359) ntpd: asynchronous dns resolver (spot,361120,199996,1-19:48:06/29-13:01:26,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/29-13:01:26,1371) (sd-pam) (checkmk,48528,3192,00:00:00/29-13:01:26,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/29-13:01:26,1373) (sd-pam) (root,24216,5260,00:00:10/29-13:01:24,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/29-13:01:24,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/29-13:01:24,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/29-13:01:21,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:50/29-13:01:20,1527) sshd: syslogtunnel (root,693524,72428,00:40:50/29-13:01:18,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,220608,60744,00:16:37/29-13:01:06,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/23-18:36:41,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/25:45,2706) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10108,00:00:00/29-13:00:41,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:38/29-13:00:41,3218) sshd: cm-ssh (root,0,0,00:00:00/04:18,3972) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/03:55,4803) [kworker/3:0-ata_sff] (postfix,24244,8232,00:00:00/18:25,5297) pickup -l -t fifo -u (root,0,0,00:00:01/01:26:55,11915) [kworker/3:2-events] (root,0,0,00:00:00/00:36,13161) [kworker/1:0-events] (root,0,0,00:00:00/16:37,14664) [kworker/0:0] (root,0,0,00:00:00/09:06,15553) [kworker/3:1-ata_sff] (root,6656,3488,00:00:00/00:00,15836) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,15854) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,15855) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/02:26:40,22291) [kworker/0:1-events] (root,0,0,00:00:00/01:17:35,25049) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/35:58,25890) [kworker/2:0] (root,0,0,00:00:00/58:56,28994) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/01:15:06,29505) [kworker/2:1-events] (root,0,0,00:00:00/13:26,30310) [kworker/1:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-09 23:51 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ba68b396Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:18/27-13:05:00,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-13:05:00,2) [kthreadd] (root,0,0,00:00:00/27-13:05:00,3) [rcu_gp] (root,0,0,00:00:00/27-13:05:00,4) [rcu_par_gp] (root,0,0,00:00:00/27-13:05:00,5) [slub_flushwq] (root,0,0,00:00:00/27-13:05:00,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-13:05:00,9) [mm_percpu_wq] (root,0,0,00:00:00/27-13:05:00,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-13:05:00,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-13:05:00,12) [rcu_tasks_trace] (root,0,0,00:00:51/27-13:05:00,13) [ksoftirqd/0] (root,0,0,01:20:09/27-13:05:00,14) [rcu_preempt] (root,0,0,00:00:10/27-13:05:00,15) [migration/0] (root,0,0,00:00:00/27-13:05:00,16) [idle_inject/0] (root,0,0,00:00:00/27-13:05:00,18) [cpuhp/0] (root,0,0,00:00:00/27-13:05:00,19) [cpuhp/1] (root,0,0,00:00:00/27-13:05:00,20) [idle_inject/1] (root,0,0,00:00:10/27-13:05:00,21) [migration/1] (root,0,0,00:00:42/27-13:05:00,22) [ksoftirqd/1] (root,0,0,00:00:00/27-13:05:00,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-13:05:00,25) [cpuhp/2] (root,0,0,00:00:00/27-13:05:00,26) [idle_inject/2] (root,0,0,00:00:08/27-13:05:00,27) [migration/2] (root,0,0,00:51:33/27-13:05:00,28) [ksoftirqd/2] (root,0,0,00:00:00/27-13:05:00,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-13:05:00,31) [cpuhp/3] (root,0,0,00:00:00/27-13:05:00,32) [idle_inject/3] (root,0,0,00:00:10/27-13:05:00,33) [migration/3] (root,0,0,00:02:41/27-13:05:00,34) [ksoftirqd/3] (root,0,0,00:00:00/27-13:05:00,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-13:05:00,40) [kdevtmpfs] (root,0,0,00:00:00/27-13:05:00,41) [netns] (root,0,0,00:00:00/27-13:05:00,42) [inet_frag_wq] (root,0,0,00:00:09/27-13:05:00,43) [kauditd] (root,0,0,00:00:00/27-13:05:00,44) [khungtaskd] (root,0,0,00:00:00/27-13:05:00,45) [oom_reaper] (root,0,0,00:00:00/27-13:05:00,46) [writeback] (root,0,0,00:01:28/27-13:05:00,47) [kcompactd0] (root,0,0,00:00:00/27-13:05:00,48) [ksmd] (root,0,0,00:01:29/27-13:05:00,49) [khugepaged] (root,0,0,00:00:00/27-13:05:00,75) [kintegrityd] (root,0,0,00:00:00/27-13:05:00,76) [kblockd] (root,0,0,00:00:00/27-13:05:00,77) [blkcg_punt_bio] (root,0,0,00:00:00/27-13:05:00,79) [tpm_dev_wq] (root,0,0,00:00:00/27-13:05:00,80) [edac-poller] (root,0,0,00:00:00/27-13:05:00,81) [devfreq_wq] (root,0,0,00:00:00/27-13:05:00,110) [watchdogd] (root,0,0,00:00:02/27-13:05:00,111) [kswapd0] (root,0,0,00:00:07/27-13:05:00,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/27-13:04:58,115) [kthrotld] (root,0,0,00:00:00/27-13:04:58,116) [mld] (root,0,0,00:00:00/27-13:04:58,117) [ipv6_addrconf] (root,0,0,00:00:07/27-13:04:58,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-13:04:58,123) [kstrp] (root,0,0,00:00:00/27-13:04:58,124) [zswap-shrink] (root,0,0,00:00:00/27-13:04:58,125) [kworker/u9:0] (root,0,0,00:00:00/27-13:04:58,130) [charger_manager] (root,0,0,00:00:08/27-13:04:58,172) [kworker/1:1H-kblockd] (root,0,0,00:00:12/27-13:04:58,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/27-13:04:57,239) [kaluad] (root,0,0,00:00:00/27-13:04:57,258) [kmpath_rdacd] (root,0,0,00:00:00/27-13:04:57,304) [kmpathd] (root,0,0,00:00:00/27-13:04:57,305) [kmpath_handlerd] (root,0,0,00:00:00/27-13:04:56,342) [ata_sff] (root,0,0,00:00:00/27-13:04:56,343) [scsi_eh_0] (root,0,0,00:00:00/27-13:04:56,344) [scsi_tmf_0] (root,0,0,00:00:00/27-13:04:56,345) [scsi_eh_1] (root,0,0,00:00:00/27-13:04:56,346) [scsi_tmf_1] (root,0,0,00:00:55/27-13:04:53,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-13:04:53,367) [ext4-rsv-conver] (root,38604,7944,00:00:43/27-13:04:41,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/27-13:04:40,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:43/27-13:04:38,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:15/27-13:04:07,511) /sbin/auditd (messagebus,22932,5632,00:01:26/27-13:04:06,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8328,00:00:49/27-13:04:06,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/27-13:04:06,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/27-13:04:04,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/27-13:04:04,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28776,00:00:32/27-13:03:50,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/27-13:03:50,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:49/27-13:03:50,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/27-13:03:50,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/27-13:03:50,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/27-13:03:50,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/27-13:03:50,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:41/27-13:03:50,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:00/27-13:03:50,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/27-13:03:50,1352) bpfilter_umh (root,26204,8128,00:00:13/27-13:03:50,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/27-13:03:50,1359) ntpd: asynchronous dns resolver (spot,296160,195032,1-17:12:22/27-13:03:49,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/27-13:03:49,1371) (sd-pam) (checkmk,48528,3192,00:00:00/27-13:03:49,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/27-13:03:49,1373) (sd-pam) (root,24216,5260,00:00:09/27-13:03:47,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:01/27-13:03:47,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/27-13:03:47,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/27-13:03:44,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:42/27-13:03:43,1527) sshd: syslogtunnel (root,693268,74064,00:38:05/27-13:03:41,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,219584,59132,00:15:34/27-13:03:29,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:00/21-18:39:04,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/27-13:03:04,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:31/27-13:03:04,3218) sshd: cm-ssh (root,0,0,00:00:00/01:33:09,4690) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/03:47,4886) [kworker/1:0-events] (root,0,0,00:00:00/03:04,8133) [kworker/3:1-ata_sff] (postfix,24244,8176,00:00:00/42:34,10198) pickup -l -t fifo -u (root,0,0,00:00:00/10:02,14310) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/08:15,18691) [kworker/3:2-ata_sff] (root,6656,3480,00:00:00/00:00,21062) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,21080) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,932,00:00:00/00:00,21081) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:52:45,21505) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/01:27:36,22103) [kworker/0:1-events] (root,0,0,00:00:00/25:37,23590) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/01:09:07,24824) [kworker/2:1-events] (root,0,0,00:00:00/06:54,24846) [kworker/2:0-events] (root,0,0,00:00:01/01:26:05,28201) [kworker/3:0-events] (root,0,0,00:00:00/38:05,28567) [kworker/1:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-07 23:53 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836337e2e2a6Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:11/25-12:50:22,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-12:50:22,2) [kthreadd] (root,0,0,00:00:00/25-12:50:22,3) [rcu_gp] (root,0,0,00:00:00/25-12:50:22,4) [rcu_par_gp] (root,0,0,00:00:00/25-12:50:22,5) [slub_flushwq] (root,0,0,00:00:00/25-12:50:22,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-12:50:22,9) [mm_percpu_wq] (root,0,0,00:00:00/25-12:50:22,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-12:50:22,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-12:50:22,12) [rcu_tasks_trace] (root,0,0,00:00:48/25-12:50:22,13) [ksoftirqd/0] (root,0,0,01:14:43/25-12:50:22,14) [rcu_preempt] (root,0,0,00:00:09/25-12:50:22,15) [migration/0] (root,0,0,00:00:00/25-12:50:22,16) [idle_inject/0] (root,0,0,00:00:00/25-12:50:22,18) [cpuhp/0] (root,0,0,00:00:00/25-12:50:22,19) [cpuhp/1] (root,0,0,00:00:00/25-12:50:22,20) [idle_inject/1] (root,0,0,00:00:09/25-12:50:22,21) [migration/1] (root,0,0,00:00:39/25-12:50:22,22) [ksoftirqd/1] (root,0,0,00:00:00/25-12:50:22,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-12:50:22,25) [cpuhp/2] (root,0,0,00:00:00/25-12:50:22,26) [idle_inject/2] (root,0,0,00:00:07/25-12:50:22,27) [migration/2] (root,0,0,00:48:50/25-12:50:22,28) [ksoftirqd/2] (root,0,0,00:00:00/25-12:50:22,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-12:50:22,31) [cpuhp/3] (root,0,0,00:00:00/25-12:50:22,32) [idle_inject/3] (root,0,0,00:00:09/25-12:50:22,33) [migration/3] (root,0,0,00:02:31/25-12:50:22,34) [ksoftirqd/3] (root,0,0,00:00:00/25-12:50:22,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-12:50:22,40) [kdevtmpfs] (root,0,0,00:00:00/25-12:50:22,41) [netns] (root,0,0,00:00:00/25-12:50:22,42) [inet_frag_wq] (root,0,0,00:00:08/25-12:50:22,43) [kauditd] (root,0,0,00:00:00/25-12:50:22,44) [khungtaskd] (root,0,0,00:00:00/25-12:50:22,45) [oom_reaper] (root,0,0,00:00:00/25-12:50:22,46) [writeback] (root,0,0,00:01:21/25-12:50:22,47) [kcompactd0] (root,0,0,00:00:00/25-12:50:22,48) [ksmd] (root,0,0,00:01:23/25-12:50:22,49) [khugepaged] (root,0,0,00:00:00/25-12:50:22,75) [kintegrityd] (root,0,0,00:00:00/25-12:50:22,76) [kblockd] (root,0,0,00:00:00/25-12:50:22,77) [blkcg_punt_bio] (root,0,0,00:00:00/25-12:50:22,79) [tpm_dev_wq] (root,0,0,00:00:00/25-12:50:22,80) [edac-poller] (root,0,0,00:00:00/25-12:50:22,81) [devfreq_wq] (root,0,0,00:00:00/25-12:50:22,110) [watchdogd] (root,0,0,00:00:01/25-12:50:22,111) [kswapd0] (root,0,0,00:00:07/25-12:50:22,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/25-12:50:20,115) [kthrotld] (root,0,0,00:00:00/25-12:50:20,116) [mld] (root,0,0,00:00:00/25-12:50:20,117) [ipv6_addrconf] (root,0,0,00:00:07/25-12:50:20,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-12:50:20,123) [kstrp] (root,0,0,00:00:00/25-12:50:20,124) [zswap-shrink] (root,0,0,00:00:00/25-12:50:20,125) [kworker/u9:0] (root,0,0,00:00:00/25-12:50:20,130) [charger_manager] (root,0,0,00:00:07/25-12:50:20,172) [kworker/1:1H-kblockd] (root,0,0,00:00:11/25-12:50:20,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/25-12:50:19,239) [kaluad] (root,0,0,00:00:00/25-12:50:19,258) [kmpath_rdacd] (root,0,0,00:00:00/25-12:50:19,304) [kmpathd] (root,0,0,00:00:00/25-12:50:19,305) [kmpath_handlerd] (root,0,0,00:00:00/25-12:50:18,342) [ata_sff] (root,0,0,00:00:00/25-12:50:18,343) [scsi_eh_0] (root,0,0,00:00:00/25-12:50:18,344) [scsi_tmf_0] (root,0,0,00:00:00/25-12:50:18,345) [scsi_eh_1] (root,0,0,00:00:00/25-12:50:18,346) [scsi_tmf_1] (root,0,0,00:00:51/25-12:50:15,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-12:50:15,367) [ext4-rsv-conver] (root,38604,7992,00:00:39/25-12:50:03,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:03/25-12:50:02,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:40/25-12:50:00,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:14/25-12:49:29,511) /sbin/auditd (messagebus,22932,5912,00:01:17/25-12:49:28,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:44/25-12:49:28,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/25-12:49:28,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/25-12:49:26,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/25-12:49:26,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29508,00:00:30/25-12:49:12,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/25-12:49:12,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:37/25-12:49:12,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/25-12:49:12,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/25-12:49:12,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/25-12:49:12,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/25-12:49:12,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:37/25-12:49:12,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:42/25-12:49:12,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/25-12:49:12,1352) bpfilter_umh (root,26204,8212,00:00:12/25-12:49:12,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/25-12:49:12,1359) ntpd: asynchronous dns resolver (spot,296128,191504,1-14:57:59/25-12:49:11,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/25-12:49:11,1371) (sd-pam) (checkmk,48528,3192,00:00:00/25-12:49:11,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/25-12:49:11,1373) (sd-pam) (root,24216,5268,00:00:09/25-12:49:09,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/25-12:49:09,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/25-12:49:09,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/25-12:49:06,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:35/25-12:49:05,1527) sshd: syslogtunnel (root,693268,73792,00:35:20/25-12:49:03,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,218560,57872,00:14:36/25-12:48:51,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/19-18:24:26,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/25-12:48:26,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:25/25-12:48:26,3218) sshd: cm-ssh (root,0,0,00:00:00/08:25,3732) [kworker/3:1-ata_sff] (root,0,0,00:00:00/01:11:54,11861) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/05:05,15928) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/45:14,16699) [kworker/2:2-events] (root,0,0,00:00:00/36:15,17398) [kworker/2:1-events] (root,0,0,00:00:00/11:10,20983) [kworker/0:1-events] (root,0,0,00:00:00/01:49:02,21873) [kworker/1:0-events] (root,0,0,00:00:00/03:12,22152) [kworker/3:0-ata_sff] (root,0,0,00:00:00/58:35,22713) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/17:03,23862) [kworker/1:1-cgroup_destroy] (root,0,0,00:00:01/01:31:25,27643) [kworker/3:2-events] (root,0,0,00:00:00/57:17,28674) [kworker/0:2-events] (root,6656,3484,00:00:00/00:00,30032) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,30050) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,30051) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8204,00:00:00/49:01,32576) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-05 23:39 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a7461426Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:03/23-12:30:49,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-12:30:49,2) [kthreadd] (root,0,0,00:00:00/23-12:30:49,3) [rcu_gp] (root,0,0,00:00:00/23-12:30:49,4) [rcu_par_gp] (root,0,0,00:00:00/23-12:30:49,5) [slub_flushwq] (root,0,0,00:00:00/23-12:30:49,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-12:30:49,9) [mm_percpu_wq] (root,0,0,00:00:00/23-12:30:49,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-12:30:49,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-12:30:49,12) [rcu_tasks_trace] (root,0,0,00:00:45/23-12:30:49,13) [ksoftirqd/0] (root,0,0,01:09:04/23-12:30:49,14) [rcu_preempt] (root,0,0,00:00:09/23-12:30:49,15) [migration/0] (root,0,0,00:00:00/23-12:30:49,16) [idle_inject/0] (root,0,0,00:00:00/23-12:30:49,18) [cpuhp/0] (root,0,0,00:00:00/23-12:30:49,19) [cpuhp/1] (root,0,0,00:00:00/23-12:30:49,20) [idle_inject/1] (root,0,0,00:00:09/23-12:30:49,21) [migration/1] (root,0,0,00:00:37/23-12:30:49,22) [ksoftirqd/1] (root,0,0,00:00:00/23-12:30:49,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-12:30:49,25) [cpuhp/2] (root,0,0,00:00:00/23-12:30:49,26) [idle_inject/2] (root,0,0,00:00:07/23-12:30:49,27) [migration/2] (root,0,0,00:45:30/23-12:30:49,28) [ksoftirqd/2] (root,0,0,00:00:00/23-12:30:49,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-12:30:49,31) [cpuhp/3] (root,0,0,00:00:00/23-12:30:49,32) [idle_inject/3] (root,0,0,00:00:08/23-12:30:49,33) [migration/3] (root,0,0,00:02:21/23-12:30:49,34) [ksoftirqd/3] (root,0,0,00:00:00/23-12:30:49,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-12:30:49,40) [kdevtmpfs] (root,0,0,00:00:00/23-12:30:49,41) [netns] (root,0,0,00:00:00/23-12:30:49,42) [inet_frag_wq] (root,0,0,00:00:07/23-12:30:49,43) [kauditd] (root,0,0,00:00:00/23-12:30:49,44) [khungtaskd] (root,0,0,00:00:00/23-12:30:49,45) [oom_reaper] (root,0,0,00:00:00/23-12:30:49,46) [writeback] (root,0,0,00:01:15/23-12:30:49,47) [kcompactd0] (root,0,0,00:00:00/23-12:30:49,48) [ksmd] (root,0,0,00:01:17/23-12:30:49,49) [khugepaged] (root,0,0,00:00:00/23-12:30:49,75) [kintegrityd] (root,0,0,00:00:00/23-12:30:49,76) [kblockd] (root,0,0,00:00:00/23-12:30:49,77) [blkcg_punt_bio] (root,0,0,00:00:00/23-12:30:49,79) [tpm_dev_wq] (root,0,0,00:00:00/23-12:30:49,80) [edac-poller] (root,0,0,00:00:00/23-12:30:49,81) [devfreq_wq] (root,0,0,00:00:00/23-12:30:49,110) [watchdogd] (root,0,0,00:00:01/23-12:30:49,111) [kswapd0] (root,0,0,00:00:06/23-12:30:49,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/23-12:30:47,115) [kthrotld] (root,0,0,00:00:00/23-12:30:47,116) [mld] (root,0,0,00:00:00/23-12:30:47,117) [ipv6_addrconf] (root,0,0,00:00:06/23-12:30:47,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-12:30:47,123) [kstrp] (root,0,0,00:00:00/23-12:30:47,124) [zswap-shrink] (root,0,0,00:00:00/23-12:30:47,125) [kworker/u9:0] (root,0,0,00:00:00/23-12:30:47,130) [charger_manager] (root,0,0,00:00:07/23-12:30:47,172) [kworker/1:1H-kblockd] (root,0,0,00:00:10/23-12:30:47,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/23-12:30:46,239) [kaluad] (root,0,0,00:00:00/23-12:30:46,258) [kmpath_rdacd] (root,0,0,00:00:00/23-12:30:46,304) [kmpathd] (root,0,0,00:00:00/23-12:30:46,305) [kmpath_handlerd] (root,0,0,00:00:00/23-12:30:45,342) [ata_sff] (root,0,0,00:00:00/23-12:30:45,343) [scsi_eh_0] (root,0,0,00:00:00/23-12:30:45,344) [scsi_tmf_0] (root,0,0,00:00:00/23-12:30:45,345) [scsi_eh_1] (root,0,0,00:00:00/23-12:30:45,346) [scsi_tmf_1] (root,0,0,00:00:47/23-12:30:42,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-12:30:42,367) [ext4-rsv-conver] (root,38604,7992,00:00:35/23-12:30:30,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/23-12:30:29,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:37/23-12:30:27,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:12/23-12:29:56,511) /sbin/auditd (messagebus,22932,5912,00:01:08/23-12:29:55,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:39/23-12:29:55,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/23-12:29:55,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/23-12:29:53,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/23-12:29:53,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/05:48,941) [kworker/3:2-ata_sff] (root,548104,28468,00:00:27/23-12:29:39,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/23-12:29:39,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:26/23-12:29:39,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/23-12:29:39,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/23-12:29:39,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/23-12:29:39,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/23-12:29:39,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:33/23-12:29:39,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:25/23-12:29:39,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/23-12:29:39,1352) bpfilter_umh (root,26204,8212,00:00:10/23-12:29:39,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/23-12:29:39,1359) ntpd: asynchronous dns resolver (spot,291680,178016,1-12:31:04/23-12:29:38,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/23-12:29:38,1371) (sd-pam) (checkmk,48528,3192,00:00:00/23-12:29:38,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/23-12:29:38,1373) (sd-pam) (root,24216,5268,00:00:08/23-12:29:36,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/23-12:29:36,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/23-12:29:36,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/23-12:29:33,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:27/23-12:29:32,1527) sshd: syslogtunnel (root,692644,75248,00:32:33/23-12:29:30,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,56548,00:13:35/23-12:29:18,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/17-18:04:53,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/23-12:28:53,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:18/23-12:28:53,3218) sshd: cm-ssh (root,0,0,00:00:00/38:47,3867) [kworker/0:0-events] (root,0,0,00:00:00/04:18,3961) [kworker/1:2-events] (root,0,0,00:00:00/47:13,4103) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/05:12:24,4562) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/26:31,6194) [kworker/1:0-events] (root,0,0,00:00:00/23:24,14029) [kworker/2:1-events] (root,0,0,00:00:00/10:57,15545) [kworker/0:1] (root,0,0,00:00:00/01:00:44,18134) [kworker/2:2-events] (root,0,0,00:00:00/21:22,18665) [kworker/3:1-events] (postfix,24244,8168,00:00:00/51:18,18770) pickup -l -t fifo -u (root,0,0,00:00:00/00:38,19362) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:32:10,20947) [kworker/1:1-cgroup_destroy] (root,6656,3488,00:00:00/00:00,22089) /bin/bash /usr/bin/check_mk_agent (root,13744,3364,00:00:00/00:00,22107) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,22108) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-03 23:19 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639a9c523aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:54/21-12:21:21,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-12:21:21,2) [kthreadd] (root,0,0,00:00:00/21-12:21:21,3) [rcu_gp] (root,0,0,00:00:00/21-12:21:21,4) [rcu_par_gp] (root,0,0,00:00:00/21-12:21:21,5) [slub_flushwq] (root,0,0,00:00:00/21-12:21:21,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-12:21:21,9) [mm_percpu_wq] (root,0,0,00:00:00/21-12:21:21,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-12:21:21,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-12:21:21,12) [rcu_tasks_trace] (root,0,0,00:00:41/21-12:21:21,13) [ksoftirqd/0] (root,0,0,01:03:22/21-12:21:21,14) [rcu_preempt] (root,0,0,00:00:08/21-12:21:21,15) [migration/0] (root,0,0,00:00:00/21-12:21:21,16) [idle_inject/0] (root,0,0,00:00:00/21-12:21:21,18) [cpuhp/0] (root,0,0,00:00:00/21-12:21:21,19) [cpuhp/1] (root,0,0,00:00:00/21-12:21:21,20) [idle_inject/1] (root,0,0,00:00:08/21-12:21:21,21) [migration/1] (root,0,0,00:00:34/21-12:21:21,22) [ksoftirqd/1] (root,0,0,00:00:00/21-12:21:21,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-12:21:21,25) [cpuhp/2] (root,0,0,00:00:00/21-12:21:21,26) [idle_inject/2] (root,0,0,00:00:06/21-12:21:21,27) [migration/2] (root,0,0,00:42:41/21-12:21:21,28) [ksoftirqd/2] (root,0,0,00:00:00/21-12:21:21,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-12:21:21,31) [cpuhp/3] (root,0,0,00:00:00/21-12:21:21,32) [idle_inject/3] (root,0,0,00:00:08/21-12:21:21,33) [migration/3] (root,0,0,00:02:11/21-12:21:21,34) [ksoftirqd/3] (root,0,0,00:00:00/21-12:21:21,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-12:21:21,40) [kdevtmpfs] (root,0,0,00:00:00/21-12:21:21,41) [netns] (root,0,0,00:00:00/21-12:21:21,42) [inet_frag_wq] (root,0,0,00:00:06/21-12:21:21,43) [kauditd] (root,0,0,00:00:00/21-12:21:21,44) [khungtaskd] (root,0,0,00:00:00/21-12:21:21,45) [oom_reaper] (root,0,0,00:00:00/21-12:21:21,46) [writeback] (root,0,0,00:01:09/21-12:21:21,47) [kcompactd0] (root,0,0,00:00:00/21-12:21:21,48) [ksmd] (root,0,0,00:01:10/21-12:21:21,49) [khugepaged] (root,0,0,00:00:00/21-12:21:21,75) [kintegrityd] (root,0,0,00:00:00/21-12:21:21,76) [kblockd] (root,0,0,00:00:00/21-12:21:21,77) [blkcg_punt_bio] (root,0,0,00:00:00/21-12:21:21,79) [tpm_dev_wq] (root,0,0,00:00:00/21-12:21:21,80) [edac-poller] (root,0,0,00:00:00/21-12:21:21,81) [devfreq_wq] (root,0,0,00:00:00/21-12:21:21,110) [watchdogd] (root,0,0,00:00:01/21-12:21:21,111) [kswapd0] (root,0,0,00:00:05/21-12:21:21,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/21-12:21:19,115) [kthrotld] (root,0,0,00:00:00/21-12:21:19,116) [mld] (root,0,0,00:00:00/21-12:21:19,117) [ipv6_addrconf] (root,0,0,00:00:06/21-12:21:19,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-12:21:19,123) [kstrp] (root,0,0,00:00:00/21-12:21:19,124) [zswap-shrink] (root,0,0,00:00:00/21-12:21:19,125) [kworker/u9:0] (root,0,0,00:00:00/21-12:21:19,130) [charger_manager] (root,0,0,00:00:06/21-12:21:19,172) [kworker/1:1H-kblockd] (root,0,0,00:00:09/21-12:21:19,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/21-12:21:18,239) [kaluad] (root,0,0,00:00:00/21-12:21:18,258) [kmpath_rdacd] (root,0,0,00:00:00/21-12:21:18,304) [kmpathd] (root,0,0,00:00:00/21-12:21:18,305) [kmpath_handlerd] (root,0,0,00:00:00/21-12:21:17,342) [ata_sff] (root,0,0,00:00:00/21-12:21:17,343) [scsi_eh_0] (root,0,0,00:00:00/21-12:21:17,344) [scsi_tmf_0] (root,0,0,00:00:00/21-12:21:17,345) [scsi_eh_1] (root,0,0,00:00:00/21-12:21:17,346) [scsi_tmf_1] (root,0,0,00:00:43/21-12:21:14,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-12:21:14,367) [ext4-rsv-conver] (root,38604,7992,00:00:30/21-12:21:02,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/21-12:21:01,454) /usr/lib/systemd/systemd-udevd (root,0,0,00:00:01/01:24:02,461) [kworker/3:0-events] (root,8624,6244,00:00:34/21-12:20:59,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:10/21-12:20:28,511) /sbin/auditd (messagebus,22932,5912,00:00:57/21-12:20:27,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:33/21-12:20:27,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/21-12:20:27,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/21-12:20:25,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/21-12:20:25,616) /usr/sbin/wickedd-nanny --systemd --foreground (postfix,24244,8220,00:00:00/01:03:42,1289) pickup -l -t fifo -u (root,548104,28468,00:00:25/21-12:20:11,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/21-12:20:11,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:15/21-12:20:11,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/21-12:20:11,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/21-12:20:11,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/21-12:20:11,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/21-12:20:11,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:29/21-12:20:11,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:07/21-12:20:11,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/21-12:20:11,1352) bpfilter_umh (root,26204,8212,00:00:09/21-12:20:11,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/21-12:20:11,1359) ntpd: asynchronous dns resolver (spot,313580,199444,1-09:53:18/21-12:20:10,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/21-12:20:10,1371) (sd-pam) (checkmk,48528,3192,00:00:00/21-12:20:10,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/21-12:20:10,1373) (sd-pam) (root,24216,5268,00:00:07/21-12:20:08,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/21-12:20:08,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/21-12:20:08,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/21-12:20:05,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:19/21-12:20:04,1527) sshd: syslogtunnel (root,692388,74908,00:29:45/21-12:20:02,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,216512,55044,00:12:32/21-12:19:50,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/15-17:55:25,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/21-12:19:25,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:11/21-12:19:25,3218) sshd: cm-ssh (root,0,0,00:00:00/01:03:10,5347) [kworker/1:2-events] (root,0,0,00:00:00/20:23,6922) [kworker/0:2-events] (root,0,0,00:00:00/02:47,8000) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/01:39:58,9313) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/43:11,14476) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/01:01,14491) [kworker/3:2-ata_sff] (root,6656,3488,00:00:00/00:00,16326) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,16344) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,16345) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/51:47,17661) [kworker/1:1-events] (root,0,0,00:00:00/01:35:02,22368) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:01/03:59:56,29790) [kworker/2:2-events] (root,0,0,00:00:00/06:13,30144) [kworker/3:1-ata_sff] (root,0,0,00:00:00/14:27,30992) [kworker/0:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-01 23:10 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e2893eafFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12684,00:00:43/19-09:23:39,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-09:23:39,2) [kthreadd] (root,0,0,00:00:00/19-09:23:39,3) [rcu_gp] (root,0,0,00:00:00/19-09:23:39,4) [rcu_par_gp] (root,0,0,00:00:00/19-09:23:39,5) [slub_flushwq] (root,0,0,00:00:00/19-09:23:39,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-09:23:39,9) [mm_percpu_wq] (root,0,0,00:00:00/19-09:23:39,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-09:23:39,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-09:23:39,12) [rcu_tasks_trace] (root,0,0,00:00:37/19-09:23:39,13) [ksoftirqd/0] (root,0,0,00:56:42/19-09:23:39,14) [rcu_preempt] (root,0,0,00:00:07/19-09:23:39,15) [migration/0] (root,0,0,00:00:00/19-09:23:39,16) [idle_inject/0] (root,0,0,00:00:00/19-09:23:39,18) [cpuhp/0] (root,0,0,00:00:00/19-09:23:39,19) [cpuhp/1] (root,0,0,00:00:00/19-09:23:39,20) [idle_inject/1] (root,0,0,00:00:07/19-09:23:39,21) [migration/1] (root,0,0,00:00:30/19-09:23:39,22) [ksoftirqd/1] (root,0,0,00:00:00/19-09:23:39,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-09:23:39,25) [cpuhp/2] (root,0,0,00:00:00/19-09:23:39,26) [idle_inject/2] (root,0,0,00:00:05/19-09:23:39,27) [migration/2] (root,0,0,00:38:31/19-09:23:39,28) [ksoftirqd/2] (root,0,0,00:00:00/19-09:23:39,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-09:23:39,31) [cpuhp/3] (root,0,0,00:00:00/19-09:23:39,32) [idle_inject/3] (root,0,0,00:00:07/19-09:23:39,33) [migration/3] (root,0,0,00:01:56/19-09:23:39,34) [ksoftirqd/3] (root,0,0,00:00:00/19-09:23:39,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-09:23:39,40) [kdevtmpfs] (root,0,0,00:00:00/19-09:23:39,41) [netns] (root,0,0,00:00:00/19-09:23:39,42) [inet_frag_wq] (root,0,0,00:00:05/19-09:23:39,43) [kauditd] (root,0,0,00:00:00/19-09:23:39,44) [khungtaskd] (root,0,0,00:00:00/19-09:23:39,45) [oom_reaper] (root,0,0,00:00:00/19-09:23:39,46) [writeback] (root,0,0,00:01:01/19-09:23:39,47) [kcompactd0] (root,0,0,00:00:00/19-09:23:39,48) [ksmd] (root,0,0,00:01:02/19-09:23:39,49) [khugepaged] (root,0,0,00:00:00/19-09:23:39,75) [kintegrityd] (root,0,0,00:00:00/19-09:23:39,76) [kblockd] (root,0,0,00:00:00/19-09:23:39,77) [blkcg_punt_bio] (root,0,0,00:00:00/19-09:23:39,79) [tpm_dev_wq] (root,0,0,00:00:00/19-09:23:39,80) [edac-poller] (root,0,0,00:00:00/19-09:23:39,81) [devfreq_wq] (root,0,0,00:00:00/19-09:23:39,110) [watchdogd] (root,0,0,00:00:01/19-09:23:39,111) [kswapd0] (root,0,0,00:00:05/19-09:23:39,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/19-09:23:37,115) [kthrotld] (root,0,0,00:00:00/19-09:23:37,116) [mld] (root,0,0,00:00:00/19-09:23:37,117) [ipv6_addrconf] (root,0,0,00:00:05/19-09:23:37,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-09:23:37,123) [kstrp] (root,0,0,00:00:00/19-09:23:37,124) [zswap-shrink] (root,0,0,00:00:00/19-09:23:37,125) [kworker/u9:0] (root,0,0,00:00:00/19-09:23:37,130) [charger_manager] (root,0,0,00:00:05/19-09:23:37,172) [kworker/1:1H-kblockd] (root,0,0,00:00:08/19-09:23:37,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/19-09:23:36,239) [kaluad] (root,0,0,00:00:00/19-09:23:36,258) [kmpath_rdacd] (root,0,0,00:00:00/19-09:23:36,304) [kmpathd] (root,0,0,00:00:00/19-09:23:36,305) [kmpath_handlerd] (root,0,0,00:00:00/19-09:23:35,342) [ata_sff] (root,0,0,00:00:00/19-09:23:35,343) [scsi_eh_0] (root,0,0,00:00:00/19-09:23:35,344) [scsi_tmf_0] (root,0,0,00:00:00/19-09:23:35,345) [scsi_eh_1] (root,0,0,00:00:00/19-09:23:35,346) [scsi_tmf_1] (root,0,0,00:00:38/19-09:23:32,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-09:23:32,367) [ext4-rsv-conver] (root,38604,7616,00:00:24/19-09:23:20,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/19-09:23:19,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:30/19-09:23:17,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:08/19-09:22:46,511) /sbin/auditd (messagebus,22932,5912,00:00:44/19-09:22:45,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:25/19-09:22:45,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/19-09:22:45,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/19-09:22:43,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/19-09:22:43,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:22/19-09:22:29,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/19-09:22:29,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:01/19-09:22:29,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/19-09:22:29,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/19-09:22:29,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/19-09:22:29,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/19-09:22:29,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:24/19-09:22:29,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:48/19-09:22:29,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/19-09:22:29,1352) bpfilter_umh (root,26204,8212,00:00:06/19-09:22:29,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/19-09:22:29,1359) ntpd: asynchronous dns resolver (spot,313548,199436,1-06:45:36/19-09:22:28,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/19-09:22:28,1371) (sd-pam) (checkmk,48528,3192,00:00:00/19-09:22:28,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/19-09:22:28,1373) (sd-pam) (root,24216,5268,00:00:06/19-09:22:26,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/19-09:22:26,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/19-09:22:26,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/19-09:22:23,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:10/19-09:22:22,1527) sshd: syslogtunnel (root,618656,71492,00:26:41/19-09:22:20,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,214464,52944,00:11:13/19-09:22:08,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/13-14:57:43,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/19-09:21:43,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:04/19-09:21:43,3218) sshd: cm-ssh (postfix,24244,8184,00:00:00/07:00,3315) pickup -l -t fifo -u (root,0,0,00:00:00/05:58,4405) [kworker/1:2] (root,0,0,00:00:00/04:24,4520) [kworker/3:1-ata_sff] (root,0,0,00:00:00/01:09:52,4612) [kworker/1:1-events] (root,0,0,00:00:00/01:07:34,4941) [kworker/2:2-events] (root,0,0,00:00:00/04:12:18,5852) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/29:22,9622) [kworker/0:0-cgroup_destroy] (root,6656,3488,00:00:00/00:00,11171) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,11189) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,11190) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/08:26:51,11535) [kworker/u8:0-writeback] (root,0,0,00:00:00/19:58,14380) [kworker/3:0-events] (root,0,0,00:00:00/16:23,26154) [kworker/2:1] (root,0,0,00:00:00/12:13,27616) [kworker/0:2-events] (root,0,0,00:00:00/09:35,27986) [kworker/3:2-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-29 20:12 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c1ecdaf2Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:32/17-10:43:51,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-10:43:51,2) [kthreadd] (root,0,0,00:00:00/17-10:43:51,3) [rcu_gp] (root,0,0,00:00:00/17-10:43:51,4) [rcu_par_gp] (root,0,0,00:00:00/17-10:43:51,5) [slub_flushwq] (root,0,0,00:00:00/17-10:43:51,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-10:43:51,9) [mm_percpu_wq] (root,0,0,00:00:00/17-10:43:51,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-10:43:51,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-10:43:51,12) [rcu_tasks_trace] (root,0,0,00:00:32/17-10:43:51,13) [ksoftirqd/0] (root,0,0,00:50:04/17-10:43:51,14) [rcu_preempt] (root,0,0,00:00:06/17-10:43:51,15) [migration/0] (root,0,0,00:00:00/17-10:43:51,16) [idle_inject/0] (root,0,0,00:00:00/17-10:43:51,18) [cpuhp/0] (root,0,0,00:00:00/17-10:43:51,19) [cpuhp/1] (root,0,0,00:00:00/17-10:43:51,20) [idle_inject/1] (root,0,0,00:00:06/17-10:43:51,21) [migration/1] (root,0,0,00:00:27/17-10:43:51,22) [ksoftirqd/1] (root,0,0,00:00:00/17-10:43:51,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-10:43:51,25) [cpuhp/2] (root,0,0,00:00:00/17-10:43:51,26) [idle_inject/2] (root,0,0,00:00:05/17-10:43:51,27) [migration/2] (root,0,0,00:33:24/17-10:43:51,28) [ksoftirqd/2] (root,0,0,00:00:00/17-10:43:51,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-10:43:51,31) [cpuhp/3] (root,0,0,00:00:00/17-10:43:51,32) [idle_inject/3] (root,0,0,00:00:06/17-10:43:51,33) [migration/3] (root,0,0,00:01:39/17-10:43:51,34) [ksoftirqd/3] (root,0,0,00:00:00/17-10:43:51,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-10:43:51,40) [kdevtmpfs] (root,0,0,00:00:00/17-10:43:51,41) [netns] (root,0,0,00:00:00/17-10:43:51,42) [inet_frag_wq] (root,0,0,00:00:03/17-10:43:51,43) [kauditd] (root,0,0,00:00:00/17-10:43:51,44) [khungtaskd] (root,0,0,00:00:00/17-10:43:51,45) [oom_reaper] (root,0,0,00:00:00/17-10:43:51,46) [writeback] (root,0,0,00:00:54/17-10:43:51,47) [kcompactd0] (root,0,0,00:00:00/17-10:43:51,48) [ksmd] (root,0,0,00:00:56/17-10:43:51,49) [khugepaged] (root,0,0,00:00:00/17-10:43:51,75) [kintegrityd] (root,0,0,00:00:00/17-10:43:51,76) [kblockd] (root,0,0,00:00:00/17-10:43:51,77) [blkcg_punt_bio] (root,0,0,00:00:00/17-10:43:51,79) [tpm_dev_wq] (root,0,0,00:00:00/17-10:43:51,80) [edac-poller] (root,0,0,00:00:00/17-10:43:51,81) [devfreq_wq] (root,0,0,00:00:00/17-10:43:51,110) [watchdogd] (root,0,0,00:00:01/17-10:43:51,111) [kswapd0] (root,0,0,00:00:04/17-10:43:51,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/17-10:43:49,115) [kthrotld] (root,0,0,00:00:00/17-10:43:49,116) [mld] (root,0,0,00:00:00/17-10:43:49,117) [ipv6_addrconf] (root,0,0,00:00:04/17-10:43:49,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-10:43:49,123) [kstrp] (root,0,0,00:00:00/17-10:43:49,124) [zswap-shrink] (root,0,0,00:00:00/17-10:43:49,125) [kworker/u9:0] (root,0,0,00:00:00/17-10:43:49,130) [charger_manager] (root,0,0,00:00:05/17-10:43:49,172) [kworker/1:1H-kblockd] (root,0,0,00:00:07/17-10:43:49,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/17-10:43:48,239) [kaluad] (root,0,0,00:00:00/17-10:43:48,258) [kmpath_rdacd] (root,0,0,00:00:00/17-10:43:48,304) [kmpathd] (root,0,0,00:00:00/17-10:43:48,305) [kmpath_handlerd] (root,0,0,00:00:00/17-10:43:47,342) [ata_sff] (root,0,0,00:00:00/17-10:43:47,343) [scsi_eh_0] (root,0,0,00:00:00/17-10:43:47,344) [scsi_tmf_0] (root,0,0,00:00:00/17-10:43:47,345) [scsi_eh_1] (root,0,0,00:00:00/17-10:43:47,346) [scsi_tmf_1] (root,0,0,00:00:34/17-10:43:44,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-10:43:44,367) [ext4-rsv-conver] (root,38604,7616,00:00:18/17-10:43:32,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/17-10:43:31,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:27/17-10:43:29,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:06/17-10:42:58,511) /sbin/auditd (messagebus,22932,5912,00:00:31/17-10:42:57,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:18/17-10:42:57,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/17-10:42:57,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/17-10:42:55,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/17-10:42:55,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:20/17-10:42:41,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/17-10:42:41,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:48/17-10:42:41,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/17-10:42:41,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/17-10:42:41,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/17-10:42:41,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/17-10:42:41,1343) /usr/lib/systemd/systemd --user (root,448964,9120,00:00:19/17-10:42:41,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:29/17-10:42:41,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/17-10:42:41,1352) bpfilter_umh (root,26204,8212,00:00:04/17-10:42:41,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/17-10:42:41,1359) ntpd: asynchronous dns resolver (spot,315452,199912,1-02:50:34/17-10:42:40,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/17-10:42:40,1371) (sd-pam) (checkmk,48528,3192,00:00:00/17-10:42:40,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/17-10:42:40,1373) (sd-pam) (root,24216,5268,00:00:06/17-10:42:38,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/17-10:42:38,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/17-10:42:38,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/17-10:42:35,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:01/17-10:42:34,1527) sshd: syslogtunnel (root,618256,73104,00:23:50/17-10:42:32,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,213440,51668,00:09:58/17-10:42:20,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/11-16:17:55,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/17-10:41:55,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:57/17-10:41:55,3218) sshd: cm-ssh (root,0,0,00:00:00/32:31,5497) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/12:10,8974) [kworker/0:2] (root,0,0,00:00:00/02:03,12175) [kworker/u8:2-writeback] (root,0,0,00:00:00/01:06:34,15458) [kworker/0:1-events] (root,0,0,00:00:00/09:38,16384) [kworker/1:2-events] (root,0,0,00:00:00/00:29,17945) [kworker/1:1] (postfix,24244,8324,00:00:00/09:04,18468) pickup -l -t fifo -u (root,0,0,00:00:00/00:16,19248) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:04:25,19474) [kworker/2:0-events] (root,6656,3488,00:00:00/00:00,20130) /bin/bash /usr/bin/check_mk_agent (root,13744,3364,00:00:00/00:00,20148) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,20149) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:23,24745) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/16:44,27061) [kworker/2:1] (root,0,0,00:00:00/03:04:51,27733) [kworker/1:0-events] (root,0,0,00:00:00/05:27,29544) [kworker/3:0-events] (root,0,0,00:00:01/01:52:12,31779) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-27 21:32 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836314e77d50Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:23/15-12:42:28,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-12:42:28,2) [kthreadd] (root,0,0,00:00:00/15-12:42:28,3) [rcu_gp] (root,0,0,00:00:00/15-12:42:28,4) [rcu_par_gp] (root,0,0,00:00:00/15-12:42:28,5) [slub_flushwq] (root,0,0,00:00:00/15-12:42:28,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-12:42:28,9) [mm_percpu_wq] (root,0,0,00:00:00/15-12:42:28,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-12:42:28,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-12:42:28,12) [rcu_tasks_trace] (root,0,0,00:00:28/15-12:42:28,13) [ksoftirqd/0] (root,0,0,00:43:32/15-12:42:28,14) [rcu_preempt] (root,0,0,00:00:05/15-12:42:28,15) [migration/0] (root,0,0,00:00:00/15-12:42:28,16) [idle_inject/0] (root,0,0,00:00:00/15-12:42:28,18) [cpuhp/0] (root,0,0,00:00:00/15-12:42:28,19) [cpuhp/1] (root,0,0,00:00:00/15-12:42:28,20) [idle_inject/1] (root,0,0,00:00:06/15-12:42:28,21) [migration/1] (root,0,0,00:00:23/15-12:42:28,22) [ksoftirqd/1] (root,0,0,00:00:00/15-12:42:28,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-12:42:28,25) [cpuhp/2] (root,0,0,00:00:00/15-12:42:28,26) [idle_inject/2] (root,0,0,00:00:04/15-12:42:28,27) [migration/2] (root,0,0,00:28:28/15-12:42:28,28) [ksoftirqd/2] (root,0,0,00:00:00/15-12:42:28,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-12:42:28,31) [cpuhp/3] (root,0,0,00:00:00/15-12:42:28,32) [idle_inject/3] (root,0,0,00:00:05/15-12:42:28,33) [migration/3] (root,0,0,00:01:24/15-12:42:28,34) [ksoftirqd/3] (root,0,0,00:00:00/15-12:42:28,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-12:42:28,40) [kdevtmpfs] (root,0,0,00:00:00/15-12:42:28,41) [netns] (root,0,0,00:00:00/15-12:42:28,42) [inet_frag_wq] (root,0,0,00:00:01/15-12:42:28,43) [kauditd] (root,0,0,00:00:00/15-12:42:28,44) [khungtaskd] (root,0,0,00:00:00/15-12:42:28,45) [oom_reaper] (root,0,0,00:00:00/15-12:42:28,46) [writeback] (root,0,0,00:00:48/15-12:42:28,47) [kcompactd0] (root,0,0,00:00:00/15-12:42:28,48) [ksmd] (root,0,0,00:00:50/15-12:42:28,49) [khugepaged] (root,0,0,00:00:00/15-12:42:28,75) [kintegrityd] (root,0,0,00:00:00/15-12:42:28,76) [kblockd] (root,0,0,00:00:00/15-12:42:28,77) [blkcg_punt_bio] (root,0,0,00:00:00/15-12:42:28,79) [tpm_dev_wq] (root,0,0,00:00:00/15-12:42:28,80) [edac-poller] (root,0,0,00:00:00/15-12:42:28,81) [devfreq_wq] (root,0,0,00:00:00/15-12:42:28,110) [watchdogd] (root,0,0,00:00:01/15-12:42:28,111) [kswapd0] (root,0,0,00:00:04/15-12:42:28,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/15-12:42:26,115) [kthrotld] (root,0,0,00:00:00/15-12:42:26,116) [mld] (root,0,0,00:00:00/15-12:42:26,117) [ipv6_addrconf] (root,0,0,00:00:04/15-12:42:26,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-12:42:26,123) [kstrp] (root,0,0,00:00:00/15-12:42:26,124) [zswap-shrink] (root,0,0,00:00:00/15-12:42:26,125) [kworker/u9:0] (root,0,0,00:00:00/15-12:42:26,130) [charger_manager] (root,0,0,00:00:04/15-12:42:26,172) [kworker/1:1H-kblockd] (root,0,0,00:00:06/15-12:42:26,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/15-12:42:25,239) [kaluad] (root,0,0,00:00:00/15-12:42:25,258) [kmpath_rdacd] (root,0,0,00:00:00/15-12:42:25,304) [kmpathd] (root,0,0,00:00:00/15-12:42:25,305) [kmpath_handlerd] (root,0,0,00:00:00/15-12:42:24,342) [ata_sff] (root,0,0,00:00:00/15-12:42:24,343) [scsi_eh_0] (root,0,0,00:00:00/15-12:42:24,344) [scsi_tmf_0] (root,0,0,00:00:00/15-12:42:24,345) [scsi_eh_1] (root,0,0,00:00:00/15-12:42:24,346) [scsi_tmf_1] (root,0,0,00:00:29/15-12:42:21,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-12:42:21,367) [ext4-rsv-conver] (root,38604,7616,00:00:14/15-12:42:09,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/15-12:42:08,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:24/15-12:42:06,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:04/15-12:41:35,511) /sbin/auditd (messagebus,22932,5912,00:00:19/15-12:41:34,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:12/15-12:41:34,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/15-12:41:34,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/15-12:41:32,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/15-12:41:32,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26432,00:00:18/15-12:41:18,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/15-12:41:18,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:38/15-12:41:18,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/15-12:41:18,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/15-12:41:18,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/15-12:41:18,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/15-12:41:18,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:14/15-12:41:18,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:12/15-12:41:18,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/15-12:41:18,1352) bpfilter_umh (root,26204,8212,00:00:03/15-12:41:18,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/15-12:41:18,1359) ntpd: asynchronous dns resolver (spot,313756,199488,22:22:13/15-12:41:17,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/15-12:41:17,1371) (sd-pam) (checkmk,48528,3192,00:00:00/15-12:41:17,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/15-12:41:17,1373) (sd-pam) (root,24216,5268,00:00:05/15-12:41:15,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/15-12:41:15,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/15-12:41:15,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/15-12:41:12,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:53/15-12:41:11,1527) sshd: syslogtunnel (root,617868,70916,00:21:03/15-12:41:09,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,49868,00:08:44/15-12:40:57,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:59:13,2076) [kworker/2:0-events] (postfix,44628,9336,00:00:00/9-18:16:32,2557) tlsmgr -l -t unix -u (root,0,0,00:00:02/05:06:05,2845) [kworker/0:2-events] (root,35308,10108,00:00:00/15-12:40:32,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:50/15-12:40:32,3218) sshd: cm-ssh (root,0,0,00:00:00/10:32,3630) [kworker/2:1-events] (root,6656,3488,00:00:00/00:00,8654) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,8672) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,8673) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/28:15,8954) [kworker/3:2-events] (root,0,0,00:00:00/01:45:42,9961) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:30:04,11304) [kworker/1:1-events] (root,0,0,00:00:00/07:31,15163) [kworker/3:1-ata_sff] (root,0,0,00:00:00/33:19,15580) [kworker/1:0] (root,0,0,00:00:00/08:49:35,21313) [kworker/0:0-events] (root,0,0,00:00:00/01:00:04,26431) [kworker/u8:1-writeback] (postfix,24244,8212,00:00:00/49:27,28252) pickup -l -t fifo -u (root,0,0,00:00:00/02:18,32757) [kworker/3:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-25 23:31 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ac8b223eFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:20/13-12:53:41,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-12:53:41,2) [kthreadd] (root,0,0,00:00:00/13-12:53:41,3) [rcu_gp] (root,0,0,00:00:00/13-12:53:41,4) [rcu_par_gp] (root,0,0,00:00:00/13-12:53:41,5) [slub_flushwq] (root,0,0,00:00:00/13-12:53:41,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-12:53:41,9) [mm_percpu_wq] (root,0,0,00:00:00/13-12:53:41,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-12:53:41,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-12:53:41,12) [rcu_tasks_trace] (root,0,0,00:00:24/13-12:53:41,13) [ksoftirqd/0] (root,0,0,00:37:17/13-12:53:41,14) [rcu_preempt] (root,0,0,00:00:05/13-12:53:41,15) [migration/0] (root,0,0,00:00:00/13-12:53:41,16) [idle_inject/0] (root,0,0,00:00:00/13-12:53:41,18) [cpuhp/0] (root,0,0,00:00:00/13-12:53:41,19) [cpuhp/1] (root,0,0,00:00:00/13-12:53:41,20) [idle_inject/1] (root,0,0,00:00:05/13-12:53:41,21) [migration/1] (root,0,0,00:00:20/13-12:53:41,22) [ksoftirqd/1] (root,0,0,00:00:00/13-12:53:41,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-12:53:41,25) [cpuhp/2] (root,0,0,00:00:00/13-12:53:41,26) [idle_inject/2] (root,0,0,00:00:03/13-12:53:41,27) [migration/2] (root,0,0,00:24:37/13-12:53:41,28) [ksoftirqd/2] (root,0,0,00:00:00/13-12:53:41,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-12:53:41,31) [cpuhp/3] (root,0,0,00:00:00/13-12:53:41,32) [idle_inject/3] (root,0,0,00:00:05/13-12:53:41,33) [migration/3] (root,0,0,00:01:11/13-12:53:41,34) [ksoftirqd/3] (root,0,0,00:00:00/13-12:53:41,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-12:53:41,40) [kdevtmpfs] (root,0,0,00:00:00/13-12:53:41,41) [netns] (root,0,0,00:00:00/13-12:53:41,42) [inet_frag_wq] (root,0,0,00:00:01/13-12:53:41,43) [kauditd] (root,0,0,00:00:00/13-12:53:41,44) [khungtaskd] (root,0,0,00:00:00/13-12:53:41,45) [oom_reaper] (root,0,0,00:00:00/13-12:53:41,46) [writeback] (root,0,0,00:00:41/13-12:53:41,47) [kcompactd0] (root,0,0,00:00:00/13-12:53:41,48) [ksmd] (root,0,0,00:00:44/13-12:53:41,49) [khugepaged] (root,0,0,00:00:00/13-12:53:41,75) [kintegrityd] (root,0,0,00:00:00/13-12:53:41,76) [kblockd] (root,0,0,00:00:00/13-12:53:41,77) [blkcg_punt_bio] (root,0,0,00:00:00/13-12:53:41,79) [tpm_dev_wq] (root,0,0,00:00:00/13-12:53:41,80) [edac-poller] (root,0,0,00:00:00/13-12:53:41,81) [devfreq_wq] (root,0,0,00:00:00/13-12:53:41,110) [watchdogd] (root,0,0,00:00:01/13-12:53:41,111) [kswapd0] (root,0,0,00:00:03/13-12:53:41,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/13-12:53:39,115) [kthrotld] (root,0,0,00:00:00/13-12:53:39,116) [mld] (root,0,0,00:00:00/13-12:53:39,117) [ipv6_addrconf] (root,0,0,00:00:03/13-12:53:39,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-12:53:39,123) [kstrp] (root,0,0,00:00:00/13-12:53:39,124) [zswap-shrink] (root,0,0,00:00:00/13-12:53:39,125) [kworker/u9:0] (root,0,0,00:00:00/13-12:53:39,130) [charger_manager] (root,0,0,00:00:04/13-12:53:39,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/13-12:53:39,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/13-12:53:38,239) [kaluad] (root,0,0,00:00:00/13-12:53:38,258) [kmpath_rdacd] (root,0,0,00:00:00/13-12:53:38,304) [kmpathd] (root,0,0,00:00:00/13-12:53:38,305) [kmpath_handlerd] (root,0,0,00:00:00/13-12:53:37,342) [ata_sff] (root,0,0,00:00:00/13-12:53:37,343) [scsi_eh_0] (root,0,0,00:00:00/13-12:53:37,344) [scsi_tmf_0] (root,0,0,00:00:00/13-12:53:37,345) [scsi_eh_1] (root,0,0,00:00:00/13-12:53:37,346) [scsi_tmf_1] (root,0,0,00:00:25/13-12:53:34,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-12:53:34,367) [ext4-rsv-conver] (root,38604,7616,00:00:12/13-12:53:22,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/13-12:53:21,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:20/13-12:53:19,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/13-12:52:48,511) /sbin/auditd (messagebus,22932,5912,00:00:16/13-12:52:47,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:10/13-12:52:47,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/13-12:52:47,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/13-12:52:45,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/13-12:52:45,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26172,00:00:15/13-12:52:31,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/13-12:52:31,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:25/13-12:52:31,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/13-12:52:31,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/13-12:52:31,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/13-12:52:31,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/13-12:52:31,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:13/13-12:52:31,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:54/13-12:52:31,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/13-12:52:31,1352) bpfilter_umh (root,26204,8212,00:00:02/13-12:52:31,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/13-12:52:31,1359) ntpd: asynchronous dns resolver (spot,305516,189748,18:42:45/13-12:52:30,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/13-12:52:30,1371) (sd-pam) (checkmk,48528,3192,00:00:00/13-12:52:30,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/13-12:52:30,1373) (sd-pam) (root,24216,5268,00:00:04/13-12:52:28,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/13-12:52:28,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/13-12:52:28,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/13-12:52:25,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:46/13-12:52:24,1527) sshd: syslogtunnel (root,617868,72668,00:18:14/13-12:52:22,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,48316,00:07:29/13-12:52:10,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/7-18:27:45,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/13-12:51:45,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:43/13-12:51:45,3218) sshd: cm-ssh (root,0,0,00:00:00/01:35:23,5639) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/02:39,6795) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:52,14475) [kworker/u8:2] (root,0,0,00:00:00/09:05,14597) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:01/01:59:56,14919) [kworker/1:0-events] (root,0,0,00:00:00/23:23,15998) [kworker/3:2-events] (root,0,0,00:00:00/02:48:34,16390) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/07:50,18365) [kworker/3:1-ata_sff] (root,6656,3484,00:00:00/00:00,21465) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,21483) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,21484) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:47:47,21914) [kworker/1:1-cgroup_destroy] (root,0,0,00:00:00/31:53,22455) [kworker/u8:0-ext4-rsv-conversion] (postfix,24244,8228,00:00:00/01:22:37,24772) pickup -l -t fifo -u (root,0,0,00:00:01/02:36:55,25621) [kworker/2:0-events] (root,0,0,00:00:00/01:11:07,29874) [kworker/0:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-23 23:42 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f1c208eeFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:18/11-12:53:05,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-12:53:05,2) [kthreadd] (root,0,0,00:00:00/11-12:53:05,3) [rcu_gp] (root,0,0,00:00:00/11-12:53:05,4) [rcu_par_gp] (root,0,0,00:00:00/11-12:53:05,5) [slub_flushwq] (root,0,0,00:00:00/11-12:53:05,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-12:53:05,9) [mm_percpu_wq] (root,0,0,00:00:00/11-12:53:05,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-12:53:05,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-12:53:05,12) [rcu_tasks_trace] (root,0,0,00:00:20/11-12:53:05,13) [ksoftirqd/0] (root,0,0,00:31:43/11-12:53:05,14) [rcu_preempt] (root,0,0,00:00:04/11-12:53:05,15) [migration/0] (root,0,0,00:00:00/11-12:53:05,16) [idle_inject/0] (root,0,0,00:00:00/11-12:53:05,18) [cpuhp/0] (root,0,0,00:00:00/11-12:53:05,19) [cpuhp/1] (root,0,0,00:00:00/11-12:53:05,20) [idle_inject/1] (root,0,0,00:00:04/11-12:53:05,21) [migration/1] (root,0,0,00:00:17/11-12:53:05,22) [ksoftirqd/1] (root,0,0,00:00:00/11-12:53:05,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-12:53:05,25) [cpuhp/2] (root,0,0,00:00:00/11-12:53:05,26) [idle_inject/2] (root,0,0,00:00:03/11-12:53:05,27) [migration/2] (root,0,0,00:21:10/11-12:53:05,28) [ksoftirqd/2] (root,0,0,00:00:00/11-12:53:05,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-12:53:05,31) [cpuhp/3] (root,0,0,00:00:00/11-12:53:05,32) [idle_inject/3] (root,0,0,00:00:04/11-12:53:05,33) [migration/3] (root,0,0,00:01:01/11-12:53:05,34) [ksoftirqd/3] (root,0,0,00:00:00/11-12:53:05,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-12:53:05,40) [kdevtmpfs] (root,0,0,00:00:00/11-12:53:05,41) [netns] (root,0,0,00:00:00/11-12:53:05,42) [inet_frag_wq] (root,0,0,00:00:01/11-12:53:05,43) [kauditd] (root,0,0,00:00:00/11-12:53:05,44) [khungtaskd] (root,0,0,00:00:00/11-12:53:05,45) [oom_reaper] (root,0,0,00:00:00/11-12:53:05,46) [writeback] (root,0,0,00:00:34/11-12:53:05,47) [kcompactd0] (root,0,0,00:00:00/11-12:53:05,48) [ksmd] (root,0,0,00:00:37/11-12:53:05,49) [khugepaged] (root,0,0,00:00:00/11-12:53:05,75) [kintegrityd] (root,0,0,00:00:00/11-12:53:05,76) [kblockd] (root,0,0,00:00:00/11-12:53:05,77) [blkcg_punt_bio] (root,0,0,00:00:00/11-12:53:05,79) [tpm_dev_wq] (root,0,0,00:00:00/11-12:53:05,80) [edac-poller] (root,0,0,00:00:00/11-12:53:05,81) [devfreq_wq] (root,0,0,00:00:00/11-12:53:05,110) [watchdogd] (root,0,0,00:00:00/11-12:53:05,111) [kswapd0] (root,0,0,00:00:02/11-12:53:05,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-12:53:03,115) [kthrotld] (root,0,0,00:00:00/11-12:53:03,116) [mld] (root,0,0,00:00:00/11-12:53:03,117) [ipv6_addrconf] (root,0,0,00:00:03/11-12:53:03,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-12:53:03,123) [kstrp] (root,0,0,00:00:00/11-12:53:03,124) [zswap-shrink] (root,0,0,00:00:00/11-12:53:03,125) [kworker/u9:0] (root,0,0,00:00:00/11-12:53:03,130) [charger_manager] (root,0,0,00:00:03/11-12:53:03,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/11-12:53:03,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/11-12:53:02,239) [kaluad] (root,0,0,00:00:00/11-12:53:02,258) [kmpath_rdacd] (root,0,0,00:00:00/11-12:53:02,304) [kmpathd] (root,0,0,00:00:00/11-12:53:02,305) [kmpath_handlerd] (root,0,0,00:00:00/11-12:53:01,342) [ata_sff] (root,0,0,00:00:00/11-12:53:01,343) [scsi_eh_0] (root,0,0,00:00:00/11-12:53:01,344) [scsi_tmf_0] (root,0,0,00:00:00/11-12:53:01,345) [scsi_eh_1] (root,0,0,00:00:00/11-12:53:01,346) [scsi_tmf_1] (root,0,0,00:00:21/11-12:52:58,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-12:52:58,367) [ext4-rsv-conver] (root,38604,7616,00:00:10/11-12:52:46,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/11-12:52:45,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:17/11-12:52:43,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/11-12:52:12,511) /sbin/auditd (messagebus,22932,5912,00:00:14/11-12:52:11,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8380,00:00:08/11-12:52:11,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/11-12:52:11,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/11-12:52:09,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/11-12:52:09,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25104,00:00:13/11-12:51:55,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/11-12:51:55,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:13/11-12:51:55,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/11-12:51:55,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/11-12:51:55,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/11-12:51:55,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/11-12:51:55,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:11/11-12:51:55,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:38/11-12:51:55,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/11-12:51:55,1352) bpfilter_umh (root,26204,8212,00:00:02/11-12:51:55,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/11-12:51:55,1359) ntpd: asynchronous dns resolver (spot,292588,178996,15:31:51/11-12:51:54,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/11-12:51:54,1371) (sd-pam) (checkmk,48528,3192,00:00:00/11-12:51:54,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/11-12:51:54,1373) (sd-pam) (root,24216,5268,00:00:03/11-12:51:52,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/11-12:51:52,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/11-12:51:52,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/11-12:51:49,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:39/11-12:51:48,1527) sshd: syslogtunnel (root,617612,72248,00:15:31/11-12:51:46,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,211392,47288,00:06:18/11-12:51:34,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/5-18:27:09,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/11-12:51:09,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:36/11-12:51:09,3218) sshd: cm-ssh (root,0,0,00:00:00/46:17,5235) [kworker/2:2-events] (root,0,0,00:00:03/23:01:38,7785) [kworker/2:1-events] (postfix,24244,8284,00:00:00/02:51,12836) pickup -l -t fifo -u (root,0,0,00:00:00/25:44,14236) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/02:04,17823) [kworker/3:2-ata_sff] (root,0,0,00:00:00/05:50:12,19628) [kworker/0:1-events] (root,0,0,00:00:00/05:25:45,20763) [kworker/1:0-events] (root,0,0,00:00:00/07:15,23666) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:11:16,24598) [kworker/u8:1-flush-253:0] (root,6656,3488,00:00:00/00:00,26374) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,26392) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,26393) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/04:25:28,28099) [kworker/1:2-events] (root,0,0,00:00:00/59:08,28318) [kworker/3:1-events] (root,0,0,00:00:01/04:01:19,29792) [kworker/0:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-21 23:41 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c9133bebFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:15/9-09:37:29,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-09:37:29,2) [kthreadd] (root,0,0,00:00:00/9-09:37:29,3) [rcu_gp] (root,0,0,00:00:00/9-09:37:29,4) [rcu_par_gp] (root,0,0,00:00:00/9-09:37:29,5) [slub_flushwq] (root,0,0,00:00:00/9-09:37:29,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-09:37:29,9) [mm_percpu_wq] (root,0,0,00:00:00/9-09:37:29,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-09:37:29,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-09:37:29,12) [rcu_tasks_trace] (root,0,0,00:00:16/9-09:37:29,13) [ksoftirqd/0] (root,0,0,00:25:29/9-09:37:29,14) [rcu_preempt] (root,0,0,00:00:03/9-09:37:29,15) [migration/0] (root,0,0,00:00:00/9-09:37:29,16) [idle_inject/0] (root,0,0,00:00:00/9-09:37:29,18) [cpuhp/0] (root,0,0,00:00:00/9-09:37:29,19) [cpuhp/1] (root,0,0,00:00:00/9-09:37:29,20) [idle_inject/1] (root,0,0,00:00:03/9-09:37:29,21) [migration/1] (root,0,0,00:00:13/9-09:37:29,22) [ksoftirqd/1] (root,0,0,00:00:00/9-09:37:29,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-09:37:29,25) [cpuhp/2] (root,0,0,00:00:00/9-09:37:29,26) [idle_inject/2] (root,0,0,00:00:02/9-09:37:29,27) [migration/2] (root,0,0,00:17:05/9-09:37:29,28) [ksoftirqd/2] (root,0,0,00:00:00/9-09:37:29,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-09:37:29,31) [cpuhp/3] (root,0,0,00:00:00/9-09:37:29,32) [idle_inject/3] (root,0,0,00:00:03/9-09:37:29,33) [migration/3] (root,0,0,00:00:48/9-09:37:29,34) [ksoftirqd/3] (root,0,0,00:00:00/9-09:37:29,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-09:37:29,40) [kdevtmpfs] (root,0,0,00:00:00/9-09:37:29,41) [netns] (root,0,0,00:00:00/9-09:37:29,42) [inet_frag_wq] (root,0,0,00:00:01/9-09:37:29,43) [kauditd] (root,0,0,00:00:00/9-09:37:29,44) [khungtaskd] (root,0,0,00:00:00/9-09:37:29,45) [oom_reaper] (root,0,0,00:00:00/9-09:37:29,46) [writeback] (root,0,0,00:00:28/9-09:37:29,47) [kcompactd0] (root,0,0,00:00:00/9-09:37:29,48) [ksmd] (root,0,0,00:00:31/9-09:37:29,49) [khugepaged] (root,0,0,00:00:00/9-09:37:29,75) [kintegrityd] (root,0,0,00:00:00/9-09:37:29,76) [kblockd] (root,0,0,00:00:00/9-09:37:29,77) [blkcg_punt_bio] (root,0,0,00:00:00/9-09:37:29,79) [tpm_dev_wq] (root,0,0,00:00:00/9-09:37:29,80) [edac-poller] (root,0,0,00:00:00/9-09:37:29,81) [devfreq_wq] (root,0,0,00:00:00/9-09:37:29,110) [watchdogd] (root,0,0,00:00:00/9-09:37:29,111) [kswapd0] (root,0,0,00:00:02/9-09:37:29,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-09:37:27,115) [kthrotld] (root,0,0,00:00:00/9-09:37:27,116) [mld] (root,0,0,00:00:00/9-09:37:27,117) [ipv6_addrconf] (root,0,0,00:00:02/9-09:37:27,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-09:37:27,123) [kstrp] (root,0,0,00:00:00/9-09:37:27,124) [zswap-shrink] (root,0,0,00:00:00/9-09:37:27,125) [kworker/u9:0] (root,0,0,00:00:00/9-09:37:27,130) [charger_manager] (root,0,0,00:00:02/9-09:37:27,172) [kworker/1:1H-kblockd] (root,0,0,00:00:04/9-09:37:27,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/9-09:37:26,239) [kaluad] (root,0,0,00:00:00/9-09:37:26,258) [kmpath_rdacd] (root,0,0,00:00:00/9-09:37:26,304) [kmpathd] (root,0,0,00:00:00/9-09:37:26,305) [kmpath_handlerd] (root,0,0,00:00:00/9-09:37:25,342) [ata_sff] (root,0,0,00:00:00/9-09:37:25,343) [scsi_eh_0] (root,0,0,00:00:00/9-09:37:25,344) [scsi_tmf_0] (root,0,0,00:00:00/9-09:37:25,345) [scsi_eh_1] (root,0,0,00:00:00/9-09:37:25,346) [scsi_tmf_1] (root,0,0,00:00:17/9-09:37:22,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-09:37:22,367) [ext4-rsv-conver] (root,38604,7616,00:00:08/9-09:37:10,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/9-09:37:09,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:14/9-09:37:07,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/9-09:36:36,511) /sbin/auditd (messagebus,22932,5912,00:00:11/9-09:36:35,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8368,00:00:07/9-09:36:35,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/9-09:36:35,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/9-09:36:33,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/9-09:36:33,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,24840,00:00:10/9-09:36:19,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/9-09:36:19,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:59/9-09:36:19,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/9-09:36:19,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/9-09:36:19,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/9-09:36:19,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/9-09:36:19,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:09/9-09:36:19,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:19/9-09:36:19,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/9-09:36:19,1352) bpfilter_umh (root,26204,8212,00:00:01/9-09:36:19,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/9-09:36:19,1359) ntpd: asynchronous dns resolver (spot,294032,180216,12:09:45/9-09:36:18,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/9-09:36:18,1371) (sd-pam) (checkmk,48528,3192,00:00:00/9-09:36:18,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/9-09:36:18,1373) (sd-pam) (root,24216,5268,00:00:03/9-09:36:16,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/9-09:36:16,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/9-09:36:16,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/9-09:36:13,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:31/9-09:36:12,1527) sshd: syslogtunnel (root,617356,69948,00:12:35/9-09:36:10,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,6656,3508,00:00:00/00:00,1604) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,1720) /bin/bash /usr/bin/check_mk_agent (root,6656,1908,00:00:00/00:00,1728) /bin/bash /usr/bin/check_mk_agent (root,25440,8848,00:00:00/00:00,1731) postconf -h queue_directory (root,13744,3452,00:00:00/00:00,1740) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,1741) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (spot,209344,45712,00:05:04/9-09:35:58,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/3-15:11:33,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/9-09:35:33,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:30/9-09:35:33,3218) sshd: cm-ssh (root,0,0,00:00:00/04:31:19,8172) [kworker/2:2-events] (root,0,0,00:00:00/08:17,10860) [kworker/3:1-events] (root,0,0,00:00:00/30:03,11212) [kworker/2:0-events] (root,0,0,00:00:00/02:55:42,14431) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/01:55:39,14915) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/05:45,15432) [kworker/0:2-events] (root,0,0,00:00:00/01:42:06,15893) [kworker/0:0-events] (postfix,24244,8200,00:00:00/29:11,19776) pickup -l -t fifo -u (root,0,0,00:00:00/29:03,21062) [kworker/3:0-ata_sff] (root,0,0,00:00:00/42:00,22079) [kworker/1:1] (root,0,0,00:00:00/03:06,22203) [kworker/3:2-ata_sff] (root,0,0,00:00:01/04:55:33,26887) [kworker/1:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-19 20:26 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683630617459aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:12/7-11:25:33,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-11:25:33,2) [kthreadd] (root,0,0,00:00:00/7-11:25:33,3) [rcu_gp] (root,0,0,00:00:00/7-11:25:33,4) [rcu_par_gp] (root,0,0,00:00:00/7-11:25:33,5) [slub_flushwq] (root,0,0,00:00:00/7-11:25:33,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-11:25:33,9) [mm_percpu_wq] (root,0,0,00:00:00/7-11:25:33,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-11:25:33,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-11:25:33,12) [rcu_tasks_trace] (root,0,0,00:00:12/7-11:25:33,13) [ksoftirqd/0] (root,0,0,00:19:52/7-11:25:33,14) [rcu_preempt] (root,0,0,00:00:02/7-11:25:33,15) [migration/0] (root,0,0,00:00:00/7-11:25:33,16) [idle_inject/0] (root,0,0,00:00:00/7-11:25:33,18) [cpuhp/0] (root,0,0,00:00:00/7-11:25:33,19) [cpuhp/1] (root,0,0,00:00:00/7-11:25:33,20) [idle_inject/1] (root,0,0,00:00:03/7-11:25:33,21) [migration/1] (root,0,0,00:00:10/7-11:25:33,22) [ksoftirqd/1] (root,0,0,00:00:00/7-11:25:33,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-11:25:33,25) [cpuhp/2] (root,0,0,00:00:00/7-11:25:33,26) [idle_inject/2] (root,0,0,00:00:02/7-11:25:33,27) [migration/2] (root,0,0,00:13:04/7-11:25:33,28) [ksoftirqd/2] (root,0,0,00:00:00/7-11:25:33,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-11:25:33,31) [cpuhp/3] (root,0,0,00:00:00/7-11:25:33,32) [idle_inject/3] (root,0,0,00:00:02/7-11:25:33,33) [migration/3] (root,0,0,00:00:36/7-11:25:33,34) [ksoftirqd/3] (root,0,0,00:00:00/7-11:25:33,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-11:25:33,40) [kdevtmpfs] (root,0,0,00:00:00/7-11:25:33,41) [netns] (root,0,0,00:00:00/7-11:25:33,42) [inet_frag_wq] (root,0,0,00:00:00/7-11:25:33,43) [kauditd] (root,0,0,00:00:00/7-11:25:33,44) [khungtaskd] (root,0,0,00:00:00/7-11:25:33,45) [oom_reaper] (root,0,0,00:00:00/7-11:25:33,46) [writeback] (root,0,0,00:00:22/7-11:25:33,47) [kcompactd0] (root,0,0,00:00:00/7-11:25:33,48) [ksmd] (root,0,0,00:00:24/7-11:25:33,49) [khugepaged] (root,0,0,00:00:00/7-11:25:33,75) [kintegrityd] (root,0,0,00:00:00/7-11:25:33,76) [kblockd] (root,0,0,00:00:00/7-11:25:33,77) [blkcg_punt_bio] (root,0,0,00:00:00/7-11:25:33,79) [tpm_dev_wq] (root,0,0,00:00:00/7-11:25:33,80) [edac-poller] (root,0,0,00:00:00/7-11:25:33,81) [devfreq_wq] (root,0,0,00:00:00/7-11:25:33,110) [watchdogd] (root,0,0,00:00:00/7-11:25:33,111) [kswapd0] (root,0,0,00:00:01/7-11:25:33,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-11:25:31,115) [kthrotld] (root,0,0,00:00:00/7-11:25:31,116) [mld] (root,0,0,00:00:00/7-11:25:31,117) [ipv6_addrconf] (root,0,0,00:00:01/7-11:25:31,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-11:25:31,123) [kstrp] (root,0,0,00:00:00/7-11:25:31,124) [zswap-shrink] (root,0,0,00:00:00/7-11:25:31,125) [kworker/u9:0] (root,0,0,00:00:00/7-11:25:31,130) [charger_manager] (root,0,0,00:00:02/7-11:25:31,172) [kworker/1:1H-kblockd] (root,0,0,00:00:03/7-11:25:31,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/7-11:25:30,239) [kaluad] (root,0,0,00:00:00/7-11:25:30,258) [kmpath_rdacd] (root,0,0,00:00:00/7-11:25:30,304) [kmpathd] (root,0,0,00:00:00/7-11:25:30,305) [kmpath_handlerd] (root,0,0,00:00:00/7-11:25:29,342) [ata_sff] (root,0,0,00:00:00/7-11:25:29,343) [scsi_eh_0] (root,0,0,00:00:00/7-11:25:29,344) [scsi_tmf_0] (root,0,0,00:00:00/7-11:25:29,345) [scsi_eh_1] (root,0,0,00:00:00/7-11:25:29,346) [scsi_tmf_1] (root,0,0,00:00:13/7-11:25:26,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-11:25:26,367) [ext4-rsv-conver] (root,38604,7616,00:00:07/7-11:25:14,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/7-11:25:13,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:11/7-11:25:11,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/7-11:24:40,511) /sbin/auditd (messagebus,22932,5912,00:00:09/7-11:24:39,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:05/7-11:24:39,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/7-11:24:39,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/7-11:24:37,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/7-11:24:37,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,23800,00:00:08/7-11:24:23,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/7-11:24:23,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:46/7-11:24:23,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/7-11:24:23,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/7-11:24:23,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/7-11:24:23,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/7-11:24:23,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:07/7-11:24:23,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:02/7-11:24:23,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/7-11:24:23,1352) bpfilter_umh (root,26204,8212,00:00:01/7-11:24:23,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/7-11:24:23,1359) ntpd: asynchronous dns resolver (spot,290796,176900,09:08:44/7-11:24:22,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/7-11:24:22,1371) (sd-pam) (checkmk,48528,3192,00:00:00/7-11:24:22,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/7-11:24:22,1373) (sd-pam) (root,24216,5268,00:00:02/7-11:24:20,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/7-11:24:20,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/7-11:24:20,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/7-11:24:17,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:25/7-11:24:16,1527) sshd: syslogtunnel (root,617356,71808,00:09:55/7-11:24:14,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,44428,00:03:53/7-11:24:02,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/1-16:59:37,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/7-11:23:37,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:23/7-11:23:37,3218) sshd: cm-ssh (root,0,0,00:00:01/08:10:46,6969) [kworker/0:2-events] (root,0,0,00:00:00/01:42,8388) [kworker/3:0-ata_sff] (root,0,0,00:00:00/03:13:42,8452) [kworker/1:2-events] (root,0,0,00:00:00/55:21,12808) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/06:31:24,14219) [kworker/0:1] (root,6656,3488,00:00:00/00:01,16597) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,16615) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,16616) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:02:25,17990) [kworker/2:0-events] (root,0,0,00:00:01/05:35:44,18376) [kworker/2:2-mm_percpu_wq] (root,0,0,00:00:00/13:43,20009) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/27:39,22475) [kworker/3:2-events] (root,0,0,00:00:00/07:40,27803) [kworker/1:1-events] (postfix,24244,8296,00:00:00/59:15,29149) pickup -l -t fifo -u (root,0,0,00:00:00/06:55,30114) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-17 22:14 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836393cce8fbFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:09/5-12:19:30,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-12:19:30,2) [kthreadd] (root,0,0,00:00:00/5-12:19:30,3) [rcu_gp] (root,0,0,00:00:00/5-12:19:30,4) [rcu_par_gp] (root,0,0,00:00:00/5-12:19:30,5) [slub_flushwq] (root,0,0,00:00:00/5-12:19:30,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-12:19:30,9) [mm_percpu_wq] (root,0,0,00:00:00/5-12:19:30,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-12:19:30,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-12:19:30,12) [rcu_tasks_trace] (root,0,0,00:00:09/5-12:19:30,13) [ksoftirqd/0] (root,0,0,00:14:13/5-12:19:30,14) [rcu_preempt] (root,0,0,00:00:02/5-12:19:30,15) [migration/0] (root,0,0,00:00:00/5-12:19:30,16) [idle_inject/0] (root,0,0,00:00:00/5-12:19:30,18) [cpuhp/0] (root,0,0,00:00:00/5-12:19:30,19) [cpuhp/1] (root,0,0,00:00:00/5-12:19:30,20) [idle_inject/1] (root,0,0,00:00:02/5-12:19:30,21) [migration/1] (root,0,0,00:00:07/5-12:19:30,22) [ksoftirqd/1] (root,0,0,00:00:00/5-12:19:30,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-12:19:30,25) [cpuhp/2] (root,0,0,00:00:00/5-12:19:30,26) [idle_inject/2] (root,0,0,00:00:01/5-12:19:30,27) [migration/2] (root,0,0,00:09:18/5-12:19:30,28) [ksoftirqd/2] (root,0,0,00:00:00/5-12:19:30,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-12:19:30,31) [cpuhp/3] (root,0,0,00:00:00/5-12:19:30,32) [idle_inject/3] (root,0,0,00:00:02/5-12:19:30,33) [migration/3] (root,0,0,00:00:25/5-12:19:30,34) [ksoftirqd/3] (root,0,0,00:00:00/5-12:19:30,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-12:19:30,40) [kdevtmpfs] (root,0,0,00:00:00/5-12:19:30,41) [netns] (root,0,0,00:00:00/5-12:19:30,42) [inet_frag_wq] (root,0,0,00:00:00/5-12:19:30,43) [kauditd] (root,0,0,00:00:00/5-12:19:30,44) [khungtaskd] (root,0,0,00:00:00/5-12:19:30,45) [oom_reaper] (root,0,0,00:00:00/5-12:19:30,46) [writeback] (root,0,0,00:00:15/5-12:19:30,47) [kcompactd0] (root,0,0,00:00:00/5-12:19:30,48) [ksmd] (root,0,0,00:00:16/5-12:19:30,49) [khugepaged] (root,0,0,00:00:00/5-12:19:30,75) [kintegrityd] (root,0,0,00:00:00/5-12:19:30,76) [kblockd] (root,0,0,00:00:00/5-12:19:30,77) [blkcg_punt_bio] (root,0,0,00:00:00/5-12:19:30,79) [tpm_dev_wq] (root,0,0,00:00:00/5-12:19:30,80) [edac-poller] (root,0,0,00:00:00/5-12:19:30,81) [devfreq_wq] (root,0,0,00:00:00/5-12:19:30,110) [watchdogd] (root,0,0,00:00:00/5-12:19:30,111) [kswapd0] (root,0,0,00:00:01/5-12:19:30,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-12:19:28,115) [kthrotld] (root,0,0,00:00:00/5-12:19:28,116) [mld] (root,0,0,00:00:00/5-12:19:28,117) [ipv6_addrconf] (root,0,0,00:00:01/5-12:19:28,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-12:19:28,123) [kstrp] (root,0,0,00:00:00/5-12:19:28,124) [zswap-shrink] (root,0,0,00:00:00/5-12:19:28,125) [kworker/u9:0] (root,0,0,00:00:00/5-12:19:28,130) [charger_manager] (root,0,0,00:00:01/5-12:19:28,172) [kworker/1:1H-kblockd] (root,0,0,00:00:02/5-12:19:28,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/5-12:19:27,239) [kaluad] (root,0,0,00:00:00/5-12:19:27,258) [kmpath_rdacd] (root,0,0,00:00:00/5-12:19:27,304) [kmpathd] (root,0,0,00:00:00/5-12:19:27,305) [kmpath_handlerd] (root,0,0,00:00:00/5-12:19:26,342) [ata_sff] (root,0,0,00:00:00/5-12:19:26,343) [scsi_eh_0] (root,0,0,00:00:00/5-12:19:26,344) [scsi_tmf_0] (root,0,0,00:00:00/5-12:19:26,345) [scsi_eh_1] (root,0,0,00:00:00/5-12:19:26,346) [scsi_tmf_1] (root,0,0,00:00:09/5-12:19:23,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-12:19:23,367) [ext4-rsv-conver] (root,38604,7616,00:00:05/5-12:19:11,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/5-12:19:10,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:08/5-12:19:08,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/5-12:18:37,511) /sbin/auditd (messagebus,22932,5912,00:00:07/5-12:18:36,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:04/5-12:18:36,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/5-12:18:36,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/5-12:18:34,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/5-12:18:34,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,23628,00:00:06/5-12:18:20,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/5-12:18:20,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:34/5-12:18:20,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/5-12:18:20,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/5-12:18:20,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/5-12:18:20,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/5-12:18:20,1343) /usr/lib/systemd/systemd --user (root,448964,8616,00:00:06/5-12:18:20,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:44/5-12:18:20,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/5-12:18:20,1352) bpfilter_umh (root,26204,8212,00:00:01/5-12:18:20,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/5-12:18:20,1359) ntpd: asynchronous dns resolver (spot,212044,174596,06:17:19/5-12:18:19,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/5-12:18:19,1371) (sd-pam) (checkmk,48528,3192,00:00:00/5-12:18:19,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/5-12:18:19,1373) (sd-pam) (root,24216,5268,00:00:01/5-12:18:17,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/5-12:18:17,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/5-12:18:17,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/5-12:18:14,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:18/5-12:18:13,1527) sshd: syslogtunnel (root,617100,71504,00:07:10/5-12:18:11,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,43148,00:02:46/5-12:17:59,1995) /usr/bin/python3.11 /usr/bin/spot (root,6656,3484,00:00:00/00:00,2811) /bin/bash /usr/bin/check_mk_agent (root,13744,3356,00:00:00/00:00,2829) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,2830) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10108,00:00:00/5-12:17:34,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:17/5-12:17:34,3218) sshd: cm-ssh (root,0,0,00:00:00/08:10,3337) [kworker/3:1-ata_sff] (root,0,0,00:00:00/07:43,4816) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/24:13,12853) [kworker/1:0-events] (postfix,24244,8228,00:00:00/34:03,15243) pickup -l -t fifo -u (root,0,0,00:00:00/01:52:57,18842) [kworker/0:0-events] (root,0,0,00:00:00/54:52,19687) [kworker/3:0-events] (root,0,0,00:00:01/04:38:06,20908) [kworker/2:1-events] (root,0,0,00:00:00/03:00,23268) [kworker/3:2-ata_sff] (root,0,0,00:00:00/13:10,24590) [kworker/0:2-events] (root,0,0,00:00:01/03:20:55,25521) [kworker/1:2-events] (root,0,0,00:00:00/09:12:43,28908) [kworker/u8:2-writeback] (root,0,0,00:00:00/01:20:05,31575) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-15 23:08 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683636f31f7daFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:07/3-10:48:52,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-10:48:52,2) [kthreadd] (root,0,0,00:00:00/3-10:48:52,3) [rcu_gp] (root,0,0,00:00:00/3-10:48:52,4) [rcu_par_gp] (root,0,0,00:00:00/3-10:48:52,5) [slub_flushwq] (root,0,0,00:00:00/3-10:48:52,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-10:48:52,9) [mm_percpu_wq] (root,0,0,00:00:00/3-10:48:52,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-10:48:52,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-10:48:52,12) [rcu_tasks_trace] (root,0,0,00:00:05/3-10:48:52,13) [ksoftirqd/0] (root,0,0,00:08:50/3-10:48:52,14) [rcu_preempt] (root,0,0,00:00:01/3-10:48:52,15) [migration/0] (root,0,0,00:00:00/3-10:48:52,16) [idle_inject/0] (root,0,0,00:00:00/3-10:48:52,18) [cpuhp/0] (root,0,0,00:00:00/3-10:48:52,19) [cpuhp/1] (root,0,0,00:00:00/3-10:48:52,20) [idle_inject/1] (root,0,0,00:00:01/3-10:48:52,21) [migration/1] (root,0,0,00:00:04/3-10:48:52,22) [ksoftirqd/1] (root,0,0,00:00:00/3-10:48:52,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-10:48:52,25) [cpuhp/2] (root,0,0,00:00:00/3-10:48:52,26) [idle_inject/2] (root,0,0,00:00:01/3-10:48:52,27) [migration/2] (root,0,0,00:05:58/3-10:48:52,28) [ksoftirqd/2] (root,0,0,00:00:00/3-10:48:52,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-10:48:52,31) [cpuhp/3] (root,0,0,00:00:00/3-10:48:52,32) [idle_inject/3] (root,0,0,00:00:01/3-10:48:52,33) [migration/3] (root,0,0,00:00:16/3-10:48:52,34) [ksoftirqd/3] (root,0,0,00:00:00/3-10:48:52,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-10:48:52,40) [kdevtmpfs] (root,0,0,00:00:00/3-10:48:52,41) [netns] (root,0,0,00:00:00/3-10:48:52,42) [inet_frag_wq] (root,0,0,00:00:00/3-10:48:52,43) [kauditd] (root,0,0,00:00:00/3-10:48:52,44) [khungtaskd] (root,0,0,00:00:00/3-10:48:52,45) [oom_reaper] (root,0,0,00:00:00/3-10:48:52,46) [writeback] (root,0,0,00:00:09/3-10:48:52,47) [kcompactd0] (root,0,0,00:00:00/3-10:48:52,48) [ksmd] (root,0,0,00:00:10/3-10:48:52,49) [khugepaged] (root,0,0,00:00:00/3-10:48:52,75) [kintegrityd] (root,0,0,00:00:00/3-10:48:52,76) [kblockd] (root,0,0,00:00:00/3-10:48:52,77) [blkcg_punt_bio] (root,0,0,00:00:00/3-10:48:52,79) [tpm_dev_wq] (root,0,0,00:00:00/3-10:48:52,80) [edac-poller] (root,0,0,00:00:00/3-10:48:52,81) [devfreq_wq] (root,0,0,00:00:00/3-10:48:52,110) [watchdogd] (root,0,0,00:00:00/3-10:48:52,111) [kswapd0] (root,0,0,00:00:00/3-10:48:52,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-10:48:50,115) [kthrotld] (root,0,0,00:00:00/3-10:48:50,116) [mld] (root,0,0,00:00:00/3-10:48:50,117) [ipv6_addrconf] (root,0,0,00:00:00/3-10:48:50,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-10:48:50,123) [kstrp] (root,0,0,00:00:00/3-10:48:50,124) [zswap-shrink] (root,0,0,00:00:00/3-10:48:50,125) [kworker/u9:0] (root,0,0,00:00:00/3-10:48:50,130) [charger_manager] (root,0,0,00:00:00/3-10:48:50,172) [kworker/1:1H-kblockd] (root,0,0,00:00:01/3-10:48:50,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-10:48:49,239) [kaluad] (root,0,0,00:00:00/3-10:48:49,258) [kmpath_rdacd] (root,0,0,00:00:00/3-10:48:49,304) [kmpathd] (root,0,0,00:00:00/3-10:48:49,305) [kmpath_handlerd] (root,0,0,00:00:00/3-10:48:48,342) [ata_sff] (root,0,0,00:00:00/3-10:48:48,343) [scsi_eh_0] (root,0,0,00:00:00/3-10:48:48,344) [scsi_tmf_0] (root,0,0,00:00:00/3-10:48:48,345) [scsi_eh_1] (root,0,0,00:00:00/3-10:48:48,346) [scsi_tmf_1] (root,0,0,00:00:05/3-10:48:45,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-10:48:45,367) [ext4-rsv-conver] (root,38604,7616,00:00:03/3-10:48:33,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/3-10:48:32,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:05/3-10:48:30,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/3-10:47:59,511) /sbin/auditd (messagebus,22932,5912,00:00:04/3-10:47:58,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8356,00:00:02/3-10:47:58,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/3-10:47:58,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/3-10:47:56,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/3-10:47:56,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22784,00:00:04/3-10:47:42,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/3-10:47:42,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:21/3-10:47:42,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/3-10:47:42,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/3-10:47:42,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/3-10:47:42,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/3-10:47:42,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:04/3-10:47:42,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:27/3-10:47:42,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/3-10:47:42,1352) bpfilter_umh (root,26204,8212,00:00:00/3-10:47:42,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/3-10:47:42,1359) ntpd: asynchronous dns resolver (spot,206032,169212,04:00:03/3-10:47:41,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/3-10:47:41,1371) (sd-pam) (checkmk,48528,3192,00:00:00/3-10:47:41,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/3-10:47:41,1373) (sd-pam) (root,24216,5268,00:00:01/3-10:47:39,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/3-10:47:39,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/3-10:47:39,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/3-10:47:36,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:11/3-10:47:35,1527) sshd: syslogtunnel (root,615564,67928,00:04:31/3-10:47:33,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41868,00:01:47/3-10:47:21,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/06:15:33,2276) [kworker/1:2-events] (root,35308,10108,00:00:00/3-10:46:56,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:10/3-10:46:56,3218) sshd: cm-ssh (root,0,0,00:00:01/05:59:30,5266) [kworker/2:1-events] (root,0,0,00:00:00/02:47,7755) [kworker/3:1-ata_sff] (postfix,24244,8264,00:00:00/01:05:25,8312) pickup -l -t fifo -u (root,0,0,00:00:00/01:13:12,11441) [kworker/0:2-events] (root,0,0,00:00:00/02:08:11,13615) [kworker/2:2] (root,0,0,00:00:00/07:58,15073) [kworker/3:0-events] (root,0,0,00:00:00/07:30,16927) [kworker/u8:2-flush-253:0] (root,6656,3484,00:00:00/00:00,20786) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,20804) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,20805) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/14:26,22015) [kworker/u8:1-flush-253:0] (root,0,0,00:00:02/15:52:46,28478) [kworker/0:0-events] (root,0,0,00:00:00/02:41:21,29026) [kworker/1:0] (root,0,0,00:00:00/59:50,31162) [kworker/3:2-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-13 21:37 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363cbdb6c23Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:04/1-14:17:46,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-14:17:46,2) [kthreadd] (root,0,0,00:00:00/1-14:17:46,3) [rcu_gp] (root,0,0,00:00:00/1-14:17:46,4) [rcu_par_gp] (root,0,0,00:00:00/1-14:17:46,5) [slub_flushwq] (root,0,0,00:00:00/1-14:17:46,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-14:17:46,9) [mm_percpu_wq] (root,0,0,00:00:00/1-14:17:46,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-14:17:46,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-14:17:46,12) [rcu_tasks_trace] (root,0,0,00:00:03/1-14:17:46,13) [ksoftirqd/0] (root,0,0,00:04:13/1-14:17:46,14) [rcu_preempt] (root,0,0,00:00:00/1-14:17:46,15) [migration/0] (root,0,0,00:00:00/1-14:17:46,16) [idle_inject/0] (root,0,0,00:00:00/1-14:17:46,18) [cpuhp/0] (root,0,0,00:00:00/1-14:17:46,19) [cpuhp/1] (root,0,0,00:00:00/1-14:17:46,20) [idle_inject/1] (root,0,0,00:00:00/1-14:17:46,21) [migration/1] (root,0,0,00:00:02/1-14:17:46,22) [ksoftirqd/1] (root,0,0,00:00:00/1-14:17:46,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-14:17:46,25) [cpuhp/2] (root,0,0,00:00:00/1-14:17:46,26) [idle_inject/2] (root,0,0,00:00:00/1-14:17:46,27) [migration/2] (root,0,0,00:02:47/1-14:17:46,28) [ksoftirqd/2] (root,0,0,00:00:00/1-14:17:46,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-14:17:46,31) [cpuhp/3] (root,0,0,00:00:00/1-14:17:46,32) [idle_inject/3] (root,0,0,00:00:00/1-14:17:46,33) [migration/3] (root,0,0,00:00:08/1-14:17:46,34) [ksoftirqd/3] (root,0,0,00:00:00/1-14:17:46,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-14:17:46,40) [kdevtmpfs] (root,0,0,00:00:00/1-14:17:46,41) [netns] (root,0,0,00:00:00/1-14:17:46,42) [inet_frag_wq] (root,0,0,00:00:00/1-14:17:46,43) [kauditd] (root,0,0,00:00:00/1-14:17:46,44) [khungtaskd] (root,0,0,00:00:00/1-14:17:46,45) [oom_reaper] (root,0,0,00:00:00/1-14:17:46,46) [writeback] (root,0,0,00:00:04/1-14:17:46,47) [kcompactd0] (root,0,0,00:00:00/1-14:17:46,48) [ksmd] (root,0,0,00:00:05/1-14:17:46,49) [khugepaged] (root,0,0,00:00:00/1-14:17:46,75) [kintegrityd] (root,0,0,00:00:00/1-14:17:46,76) [kblockd] (root,0,0,00:00:00/1-14:17:46,77) [blkcg_punt_bio] (root,0,0,00:00:00/1-14:17:46,79) [tpm_dev_wq] (root,0,0,00:00:00/1-14:17:46,80) [edac-poller] (root,0,0,00:00:00/1-14:17:46,81) [devfreq_wq] (root,0,0,00:00:00/1-14:17:46,110) [watchdogd] (root,0,0,00:00:00/1-14:17:46,111) [kswapd0] (root,0,0,00:00:00/1-14:17:46,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-14:17:44,115) [kthrotld] (root,0,0,00:00:00/1-14:17:44,116) [mld] (root,0,0,00:00:00/1-14:17:44,117) [ipv6_addrconf] (root,0,0,00:00:00/1-14:17:44,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-14:17:44,123) [kstrp] (root,0,0,00:00:00/1-14:17:44,124) [zswap-shrink] (root,0,0,00:00:00/1-14:17:44,125) [kworker/u9:0] (root,0,0,00:00:00/1-14:17:44,130) [charger_manager] (root,0,0,00:00:00/1-14:17:44,172) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-14:17:44,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-14:17:43,239) [kaluad] (root,0,0,00:00:00/1-14:17:43,258) [kmpath_rdacd] (root,0,0,00:00:00/1-14:17:43,304) [kmpathd] (root,0,0,00:00:00/1-14:17:43,305) [kmpath_handlerd] (root,0,0,00:00:00/1-14:17:42,342) [ata_sff] (root,0,0,00:00:00/1-14:17:42,343) [scsi_eh_0] (root,0,0,00:00:00/1-14:17:42,344) [scsi_tmf_0] (root,0,0,00:00:00/1-14:17:42,345) [scsi_eh_1] (root,0,0,00:00:00/1-14:17:42,346) [scsi_tmf_1] (root,0,0,00:00:02/1-14:17:39,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-14:17:39,367) [ext4-rsv-conver] (root,38604,7616,00:00:01/1-14:17:27,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/1-14:17:26,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:02/1-14:17:24,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/1-14:16:53,511) /sbin/auditd (messagebus,22932,5912,00:00:02/1-14:16:52,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:01/1-14:16:52,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/1-14:16:52,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/1-14:16:50,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/1-14:16:50,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22256,00:00:02/1-14:16:36,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/1-14:16:36,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:10/1-14:16:36,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/1-14:16:36,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/1-14:16:36,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/1-14:16:36,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/1-14:16:36,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:02/1-14:16:36,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:13/1-14:16:36,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/1-14:16:36,1352) bpfilter_umh (root,26204,8212,00:00:00/1-14:16:36,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/1-14:16:36,1359) ntpd: asynchronous dns resolver (spot,205148,168008,02:03:31/1-14:16:35,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/1-14:16:35,1371) (sd-pam) (checkmk,48528,3192,00:00:00/1-14:16:35,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/1-14:16:35,1373) (sd-pam) (root,24216,5268,00:00:00/1-14:16:33,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/1-14:16:33,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/1-14:16:33,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/1-14:16:30,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:05/1-14:16:29,1527) sshd: syslogtunnel (root,615564,67636,00:02:10/1-14:16:27,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/02:10:56,1585) [kworker/u8:0-writeback] (root,0,0,00:00:00/19:12,1941) [kworker/3:0-events] (spot,206272,41356,00:00:51/1-14:16:15,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/1-14:15:50,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:05/1-14:15:50,3218) sshd: cm-ssh (root,0,0,00:00:00/03:39,5220) [kworker/3:2-ata_sff] (postfix,24244,8204,00:00:00/01:36:08,5964) pickup -l -t fifo -u (root,0,0,00:00:00/01:53:49,11820) [kworker/2:2-events] (root,0,0,00:00:00/02:27:08,17596) [kworker/0:0-events] (root,6656,3488,00:00:00/00:00,18037) /bin/bash /usr/bin/check_mk_agent (root,13744,3460,00:00:00/00:00,18055) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,924,00:00:00/00:00,18056) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/03:26:25,22963) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:08/08:17:08,25188) [kworker/1:2-events] (root,0,0,00:00:00/01:09:52,27435) [kworker/2:0-events] (root,0,0,00:00:00/46:23,27675) [kworker/1:1] (root,0,0,00:00:00/08:49,28397) [kworker/3:1-ata_sff] (root,0,0,00:00:01/05:33:37,31079) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-12 01:06 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683631988aa81Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12528,00:00:04/1-07:51:31,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-07:51:31,2) [kthreadd] (root,0,0,00:00:00/1-07:51:31,3) [rcu_gp] (root,0,0,00:00:00/1-07:51:31,4) [rcu_par_gp] (root,0,0,00:00:00/1-07:51:31,5) [slub_flushwq] (root,0,0,00:00:00/1-07:51:31,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-07:51:31,9) [mm_percpu_wq] (root,0,0,00:00:00/1-07:51:31,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-07:51:31,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-07:51:31,12) [rcu_tasks_trace] (root,0,0,00:00:02/1-07:51:31,13) [ksoftirqd/0] (root,0,0,00:03:33/1-07:51:31,14) [rcu_preempt] (root,0,0,00:00:00/1-07:51:31,15) [migration/0] (root,0,0,00:00:00/1-07:51:31,16) [idle_inject/0] (root,0,0,00:00:00/1-07:51:31,18) [cpuhp/0] (root,0,0,00:00:00/1-07:51:31,19) [cpuhp/1] (root,0,0,00:00:00/1-07:51:31,20) [idle_inject/1] (root,0,0,00:00:00/1-07:51:31,21) [migration/1] (root,0,0,00:00:01/1-07:51:31,22) [ksoftirqd/1] (root,0,0,00:00:00/1-07:51:31,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-07:51:31,25) [cpuhp/2] (root,0,0,00:00:00/1-07:51:31,26) [idle_inject/2] (root,0,0,00:00:00/1-07:51:31,27) [migration/2] (root,0,0,00:02:18/1-07:51:31,28) [ksoftirqd/2] (root,0,0,00:00:00/1-07:51:31,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-07:51:31,31) [cpuhp/3] (root,0,0,00:00:00/1-07:51:31,32) [idle_inject/3] (root,0,0,00:00:00/1-07:51:31,33) [migration/3] (root,0,0,00:00:07/1-07:51:31,34) [ksoftirqd/3] (root,0,0,00:00:00/1-07:51:31,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-07:51:31,40) [kdevtmpfs] (root,0,0,00:00:00/1-07:51:31,41) [netns] (root,0,0,00:00:00/1-07:51:31,42) [inet_frag_wq] (root,0,0,00:00:00/1-07:51:31,43) [kauditd] (root,0,0,00:00:00/1-07:51:31,44) [khungtaskd] (root,0,0,00:00:00/1-07:51:31,45) [oom_reaper] (root,0,0,00:00:00/1-07:51:31,46) [writeback] (root,0,0,00:00:03/1-07:51:31,47) [kcompactd0] (root,0,0,00:00:00/1-07:51:31,48) [ksmd] (root,0,0,00:00:04/1-07:51:31,49) [khugepaged] (root,0,0,00:00:00/1-07:51:31,75) [kintegrityd] (root,0,0,00:00:00/1-07:51:31,76) [kblockd] (root,0,0,00:00:00/1-07:51:31,77) [blkcg_punt_bio] (root,0,0,00:00:00/1-07:51:31,79) [tpm_dev_wq] (root,0,0,00:00:00/1-07:51:31,80) [edac-poller] (root,0,0,00:00:00/1-07:51:31,81) [devfreq_wq] (root,0,0,00:00:00/1-07:51:31,110) [watchdogd] (root,0,0,00:00:00/1-07:51:31,111) [kswapd0] (root,0,0,00:00:00/1-07:51:31,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-07:51:29,115) [kthrotld] (root,0,0,00:00:00/1-07:51:29,116) [mld] (root,0,0,00:00:00/1-07:51:29,117) [ipv6_addrconf] (root,0,0,00:00:00/1-07:51:29,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-07:51:29,123) [kstrp] (root,0,0,00:00:00/1-07:51:29,124) [zswap-shrink] (root,0,0,00:00:00/1-07:51:29,125) [kworker/u9:0] (root,0,0,00:00:00/1-07:51:29,130) [charger_manager] (root,0,0,00:00:00/1-07:51:29,172) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-07:51:29,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-07:51:28,239) [kaluad] (root,0,0,00:00:00/1-07:51:28,258) [kmpath_rdacd] (root,0,0,00:00:00/1-07:51:28,304) [kmpathd] (root,0,0,00:00:00/1-07:51:28,305) [kmpath_handlerd] (root,0,0,00:00:00/1-07:51:27,342) [ata_sff] (root,0,0,00:00:00/1-07:51:27,343) [scsi_eh_0] (root,0,0,00:00:00/1-07:51:27,344) [scsi_tmf_0] (root,0,0,00:00:00/1-07:51:27,345) [scsi_eh_1] (root,0,0,00:00:00/1-07:51:27,346) [scsi_tmf_1] (root,0,0,00:00:02/1-07:51:24,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-07:51:24,367) [ext4-rsv-conver] (root,38604,7616,00:00:01/1-07:51:12,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/1-07:51:11,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:02/1-07:51:09,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/1-07:50:38,511) /sbin/auditd (messagebus,22932,5912,00:00:01/1-07:50:37,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8328,00:00:01/1-07:50:37,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/1-07:50:37,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/1-07:50:35,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/1-07:50:35,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22256,00:00:01/1-07:50:21,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/1-07:50:21,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:07/1-07:50:21,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/1-07:50:21,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/1-07:50:21,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/1-07:50:21,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/1-07:50:21,1343) /usr/lib/systemd/systemd --user (root,448724,7512,00:00:01/1-07:50:21,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:10/1-07:50:21,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/1-07:50:21,1352) bpfilter_umh (root,26204,8212,00:00:00/1-07:50:21,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/1-07:50:21,1359) ntpd: asynchronous dns resolver (spot,204892,167904,01:52:51/1-07:50:20,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/1-07:50:20,1371) (sd-pam) (checkmk,48528,3192,00:00:00/1-07:50:20,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/1-07:50:20,1373) (sd-pam) (root,24216,5268,00:00:00/1-07:50:18,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/1-07:50:18,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/1-07:50:18,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/1-07:50:15,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:04/1-07:50:14,1527) sshd: syslogtunnel (root,615564,69604,00:01:49/1-07:50:12,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41328,00:00:46/1-07:50:00,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/1-07:49:35,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:04/1-07:49:35,3218) sshd: cm-ssh (root,0,0,00:00:00/01:17:18,9637) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/02:12:28,14644) [kworker/2:1-events] (root,0,0,00:00:01/08:01:44,16015) [kworker/0:0-events] (root,0,0,00:00:00/12:35,19762) [kworker/1:0-events] (postfix,24244,8176,00:00:00/10:01,20950) pickup -l -t fifo -u (root,0,0,00:00:00/06:31,22453) [kworker/3:2-ata_sff] (root,0,0,00:00:00/58:24,23424) [kworker/3:1-events] (root,0,0,00:00:01/01:50:53,25188) [kworker/1:2-events] (root,0,0,00:00:00/01:42,25538) [kworker/1:1] (root,0,0,00:00:00/01:19,25539) [kworker/3:0-ata_sff] (root,6656,3492,00:00:00/00:00,25807) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,25825) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,25826) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:39:58,30580) [kworker/2:0] (root,0,0,00:00:00/03:55:52,31401) [kworker/0:2-events] (root,0,0,00:00:00/44:40,32755) [kworker/u8:1-writeback] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-11 18:40
Domain summary
No record