Host 195.37.11.76
Germany
Verein zur Foerderung eines Deutschen Forschungsnetzes e.V.
-
CheckMK monitoring endpoint publicly available
An open CheckMK agent is publicly available.
This could leak sensitive information such as :
- Process list ( maybe credentials )
- Network interfaces
- Running services
- Firewall rules
- Internal OS configuration
https://docs.checkmk.com/latest/en/wato_monitoringagents.html
First seen 2024-09-09 13:28
Last seen 2024-12-22 00:58
Open for 103 days-
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836360aff6bfFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12584,00:01:36/39-14:36:15,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-14:36:15,2) [kthreadd] (root,0,0,00:00:00/39-14:36:15,3) [rcu_gp] (root,0,0,00:00:00/39-14:36:15,4) [rcu_par_gp] (root,0,0,00:00:00/39-14:36:15,5) [slub_flushwq] (root,0,0,00:00:00/39-14:36:15,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-14:36:15,9) [mm_percpu_wq] (root,0,0,00:00:00/39-14:36:15,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-14:36:15,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-14:36:15,12) [rcu_tasks_trace] (root,0,0,00:01:15/39-14:36:15,13) [ksoftirqd/0] (root,0,0,01:45:18/39-14:36:15,14) [rcu_preempt] (root,0,0,00:00:15/39-14:36:15,15) [migration/0] (root,0,0,00:00:00/39-14:36:15,16) [idle_inject/0] (root,0,0,00:00:00/39-14:36:15,18) [cpuhp/0] (root,0,0,00:00:00/39-14:36:15,19) [cpuhp/1] (root,0,0,00:00:00/39-14:36:15,20) [idle_inject/1] (root,0,0,00:00:15/39-14:36:15,21) [migration/1] (root,0,0,00:01:05/39-14:36:15,22) [ksoftirqd/1] (root,0,0,00:00:00/39-14:36:15,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-14:36:15,25) [cpuhp/2] (root,0,0,00:00:00/39-14:36:15,26) [idle_inject/2] (root,0,0,00:00:12/39-14:36:15,27) [migration/2] (root,0,0,01:14:06/39-14:36:15,28) [ksoftirqd/2] (root,0,0,00:00:00/39-14:36:15,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-14:36:15,31) [cpuhp/3] (root,0,0,00:00:00/39-14:36:15,32) [idle_inject/3] (root,0,0,00:00:14/39-14:36:15,33) [migration/3] (root,0,0,00:03:31/39-14:36:15,34) [ksoftirqd/3] (root,0,0,00:00:00/39-14:36:15,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-14:36:15,39) [kdevtmpfs] (root,0,0,00:00:00/39-14:36:15,40) [netns] (root,0,0,00:00:00/39-14:36:15,41) [inet_frag_wq] (root,0,0,00:00:09/39-14:36:15,42) [kauditd] (root,0,0,00:00:00/39-14:36:15,43) [khungtaskd] (root,0,0,00:00:00/39-14:36:15,44) [oom_reaper] (root,0,0,00:00:00/39-14:36:15,45) [writeback] (root,0,0,00:01:56/39-14:36:15,46) [kcompactd0] (root,0,0,00:00:00/39-14:36:15,47) [ksmd] (root,0,0,00:01:57/39-14:36:15,48) [khugepaged] (root,0,0,00:00:00/39-14:36:15,74) [kintegrityd] (root,0,0,00:00:00/39-14:36:15,75) [kblockd] (root,0,0,00:00:00/39-14:36:15,76) [blkcg_punt_bio] (root,0,0,00:00:00/39-14:36:15,78) [tpm_dev_wq] (root,0,0,00:00:00/39-14:36:15,79) [edac-poller] (root,0,0,00:00:00/39-14:36:15,80) [devfreq_wq] (root,0,0,00:00:00/39-14:36:15,110) [watchdogd] (root,0,0,00:00:08/39-14:36:15,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/39-14:36:15,112) [kswapd0] (root,0,0,00:00:00/39-14:36:14,114) [kthrotld] (root,0,0,00:00:00/39-14:36:14,115) [mld] (root,0,0,00:00:00/39-14:36:14,116) [ipv6_addrconf] (root,0,0,00:00:17/39-14:36:14,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/39-14:36:14,122) [kstrp] (root,0,0,00:00:00/39-14:36:14,123) [zswap-shrink] (root,0,0,00:00:00/39-14:36:14,124) [kworker/u9:0] (root,0,0,00:00:00/39-14:36:14,129) [charger_manager] (root,0,0,00:00:08/39-14:36:13,172) [kworker/3:1H-kblockd] (root,0,0,00:00:09/39-14:36:13,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-14:36:13,205) [kaluad] (root,0,0,00:00:00/39-14:36:13,250) [kmpath_rdacd] (root,0,0,00:00:00/39-14:36:13,293) [kmpathd] (root,0,0,00:00:00/39-14:36:13,294) [kmpath_handlerd] (root,0,0,00:00:00/39-14:36:13,342) [ata_sff] (root,0,0,00:00:00/39-14:36:12,343) [scsi_eh_0] (root,0,0,00:00:00/39-14:36:12,344) [scsi_tmf_0] (root,0,0,00:00:00/39-14:36:12,345) [scsi_eh_1] (root,0,0,00:00:00/39-14:36:12,346) [scsi_tmf_1] (root,0,0,00:01:05/39-14:36:10,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-14:36:10,367) [ext4-rsv-conver] (root,38604,7788,00:00:54/39-14:35:58,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/39-14:35:57,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:59/39-14:35:55,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:19/39-14:35:21,512) /sbin/auditd (messagebus,22936,5548,00:01:45/39-14:35:21,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:01:01/39-14:35:21,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/39-14:35:21,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/39-14:35:20,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/39-14:35:20,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:44/39-14:35:06,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/39-14:35:06,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:45/39-14:35:05,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/39-14:35:05,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/39-14:35:05,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/39-14:35:05,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/39-14:35:05,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:50/39-14:35:05,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:23/39-14:35:05,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/39-14:35:05,1206) bpfilter_umh (root,26204,8212,00:00:16/39-14:35:05,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/39-14:35:05,1215) ntpd: asynchronous dns resolver (spot,299296,183048,2-02:58:39/39-14:35:05,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/39-14:35:04,1228) (sd-pam) (checkmk,48532,3192,00:00:00/39-14:35:04,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/39-14:35:04,1245) (sd-pam) (root,24216,5344,00:00:13/39-14:35:03,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/39-14:35:03,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/39-14:35:02,1354) /usr/sbin/cron -n (root,698484,82656,00:51:44/39-14:34:56,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,66924,00:17:03/39-14:34:42,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/01:59:04,2674) [kworker/0:2-events] (root,0,0,00:00:00/39:45,5528) [kworker/1:2-events] (root,0,0,00:00:00/05:32,7221) [kworker/3:0-events] (root,0,0,00:00:00/01:33:20,9266) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/01:33,10883) [kworker/0:1] (root,0,0,00:00:00/24:33,12385) [kworker/0:0-cgroup_destroy] (postfix,24244,8292,00:00:00/03:34,13685) pickup -l -t fifo -u (root,0,0,00:00:00/02:07:06,15256) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/33-12:25:58,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:51/33-12:25:57,15391) sshd: cm-ssh (root,0,0,00:00:00/03:26,15706) [kworker/1:1-ata_sff] (root,35308,10072,00:00:00/23-13:54:36,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:22/23-13:54:35,16977) sshd: syslogtunnel (root,0,0,00:00:00/44:34,19043) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/11:56,24965) [kworker/2:0-events] (root,0,0,00:00:00/20:27,29419) [kworker/2:2-cgroup_destroy] (root,6656,3488,00:00:00/00:00,30010) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,30028) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,30029) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,44628,9272,00:00:01/33-19:11:43,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/08:39,31013) [kworker/1:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-22 00:58 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363dabd7d9aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:26/37-14:08:18,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-14:08:18,2) [kthreadd] (root,0,0,00:00:00/37-14:08:18,3) [rcu_gp] (root,0,0,00:00:00/37-14:08:18,4) [rcu_par_gp] (root,0,0,00:00:00/37-14:08:18,5) [slub_flushwq] (root,0,0,00:00:00/37-14:08:18,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-14:08:18,9) [mm_percpu_wq] (root,0,0,00:00:00/37-14:08:18,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-14:08:18,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-14:08:18,12) [rcu_tasks_trace] (root,0,0,00:01:09/37-14:08:18,13) [ksoftirqd/0] (root,0,0,01:39:43/37-14:08:18,14) [rcu_preempt] (root,0,0,00:00:14/37-14:08:18,15) [migration/0] (root,0,0,00:00:00/37-14:08:18,16) [idle_inject/0] (root,0,0,00:00:00/37-14:08:18,18) [cpuhp/0] (root,0,0,00:00:00/37-14:08:18,19) [cpuhp/1] (root,0,0,00:00:00/37-14:08:18,20) [idle_inject/1] (root,0,0,00:00:14/37-14:08:18,21) [migration/1] (root,0,0,00:01:00/37-14:08:18,22) [ksoftirqd/1] (root,0,0,00:00:00/37-14:08:18,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-14:08:18,25) [cpuhp/2] (root,0,0,00:00:00/37-14:08:18,26) [idle_inject/2] (root,0,0,00:00:11/37-14:08:18,27) [migration/2] (root,0,0,01:10:40/37-14:08:18,28) [ksoftirqd/2] (root,0,0,00:00:00/37-14:08:18,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-14:08:18,31) [cpuhp/3] (root,0,0,00:00:00/37-14:08:18,32) [idle_inject/3] (root,0,0,00:00:14/37-14:08:18,33) [migration/3] (root,0,0,00:03:20/37-14:08:18,34) [ksoftirqd/3] (root,0,0,00:00:00/37-14:08:18,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-14:08:18,39) [kdevtmpfs] (root,0,0,00:00:00/37-14:08:18,40) [netns] (root,0,0,00:00:00/37-14:08:18,41) [inet_frag_wq] (root,0,0,00:00:08/37-14:08:18,42) [kauditd] (root,0,0,00:00:00/37-14:08:18,43) [khungtaskd] (root,0,0,00:00:00/37-14:08:18,44) [oom_reaper] (root,0,0,00:00:00/37-14:08:18,45) [writeback] (root,0,0,00:01:50/37-14:08:18,46) [kcompactd0] (root,0,0,00:00:00/37-14:08:18,47) [ksmd] (root,0,0,00:01:50/37-14:08:18,48) [khugepaged] (root,0,0,00:00:00/37-14:08:18,74) [kintegrityd] (root,0,0,00:00:00/37-14:08:18,75) [kblockd] (root,0,0,00:00:00/37-14:08:18,76) [blkcg_punt_bio] (root,0,0,00:00:00/37-14:08:18,78) [tpm_dev_wq] (root,0,0,00:00:00/37-14:08:18,79) [edac-poller] (root,0,0,00:00:00/37-14:08:18,80) [devfreq_wq] (root,0,0,00:00:00/37-14:08:18,110) [watchdogd] (root,0,0,00:00:07/37-14:08:18,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/37-14:08:18,112) [kswapd0] (root,0,0,00:00:00/37-14:08:17,114) [kthrotld] (root,0,0,00:00:00/37-14:08:17,115) [mld] (root,0,0,00:00:00/37-14:08:17,116) [ipv6_addrconf] (root,0,0,00:00:16/37-14:08:17,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/37-14:08:17,122) [kstrp] (root,0,0,00:00:00/37-14:08:17,123) [zswap-shrink] (root,0,0,00:00:00/37-14:08:17,124) [kworker/u9:0] (root,0,0,00:00:00/37-14:08:17,129) [charger_manager] (root,0,0,00:00:08/37-14:08:16,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/37-14:08:16,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-14:08:16,205) [kaluad] (root,0,0,00:00:00/37-14:08:16,250) [kmpath_rdacd] (root,0,0,00:00:00/37-14:08:16,293) [kmpathd] (root,0,0,00:00:00/37-14:08:16,294) [kmpath_handlerd] (root,0,0,00:00:00/37-14:08:16,342) [ata_sff] (root,0,0,00:00:00/37-14:08:15,343) [scsi_eh_0] (root,0,0,00:00:00/37-14:08:15,344) [scsi_tmf_0] (root,0,0,00:00:00/37-14:08:15,345) [scsi_eh_1] (root,0,0,00:00:00/37-14:08:15,346) [scsi_tmf_1] (root,0,0,00:01:01/37-14:08:13,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-14:08:13,367) [ext4-rsv-conver] (root,38604,7788,00:00:48/37-14:08:01,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/37-14:08:00,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:56/37-14:07:58,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:17/37-14:07:24,512) /sbin/auditd (messagebus,22936,5548,00:01:32/37-14:07:24,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:54/37-14:07:24,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/37-14:07:24,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/37-14:07:23,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/37-14:07:23,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:42/37-14:07:09,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/37-14:07:09,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:32/37-14:07:08,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/37-14:07:08,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/37-14:07:08,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/37-14:07:08,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/37-14:07:08,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:46/37-14:07:08,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:06/37-14:07:08,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/37-14:07:08,1206) bpfilter_umh (root,26204,8212,00:00:14/37-14:07:08,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/37-14:07:08,1215) ntpd: asynchronous dns resolver (spot,296368,182136,1-23:14:10/37-14:07:08,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/37-14:07:07,1228) (sd-pam) (checkmk,48532,3192,00:00:00/37-14:07:07,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/37-14:07:07,1245) (sd-pam) (root,24216,5344,00:00:12/37-14:07:06,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/37-14:07:06,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/37-14:07:05,1354) /usr/sbin/cron -n (root,698484,82412,00:49:06/37-14:06:59,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66044,00:16:08/37-14:06:45,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/07:54,2838) [kworker/3:1-events] (root,0,0,00:00:00/07:19,4583) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/06:57,6208) [kworker/1:2-ata_sff] (root,0,0,00:00:00/05:48,10180) [kworker/2:2-events] (root,35308,10012,00:00:00/31-11:58:01,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:44/31-11:58:00,15391) sshd: cm-ssh (root,0,0,00:00:00/15:00,16397) [kworker/u8:0-flush-253:0] (root,35308,10072,00:00:00/21-13:26:39,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:14/21-13:26:38,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:50:20,17446) [kworker/0:2-events] (root,0,0,00:00:00/14:01,18386) [kworker/3:2-events] (root,0,0,00:00:00/58:50,21022) [kworker/1:1-events] (root,0,0,00:00:00/01:45,21821) [kworker/1:0-ata_sff] (postfix,24244,8204,00:00:00/01:37:40,22497) pickup -l -t fifo -u (root,6656,3484,00:00:00/00:00,26950) /bin/bash /usr/bin/check_mk_agent (root,0,0,00:00:00/24:14,26953) [kworker/0:1-cgroup_destroy] (root,6656,3476,00:00:00/00:00,26965) /bin/bash /usr/bin/check_mk_agent (root,13744,3364,00:00:00/00:00,26971) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,26973) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,44628,9272,00:00:01/31-18:43:46,30472) tlsmgr -l -t unix -u (root,0,0,00:00:02/01:54:20,32596) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-20 00:30 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836321d87474Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:22/35-15:21:35,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/35-15:21:35,2) [kthreadd] (root,0,0,00:00:00/35-15:21:35,3) [rcu_gp] (root,0,0,00:00:00/35-15:21:35,4) [rcu_par_gp] (root,0,0,00:00:00/35-15:21:35,5) [slub_flushwq] (root,0,0,00:00:00/35-15:21:35,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-15:21:35,9) [mm_percpu_wq] (root,0,0,00:00:00/35-15:21:35,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-15:21:35,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-15:21:35,12) [rcu_tasks_trace] (root,0,0,00:01:05/35-15:21:35,13) [ksoftirqd/0] (root,0,0,01:34:30/35-15:21:35,14) [rcu_preempt] (root,0,0,00:00:13/35-15:21:35,15) [migration/0] (root,0,0,00:00:00/35-15:21:35,16) [idle_inject/0] (root,0,0,00:00:00/35-15:21:35,18) [cpuhp/0] (root,0,0,00:00:00/35-15:21:35,19) [cpuhp/1] (root,0,0,00:00:00/35-15:21:35,20) [idle_inject/1] (root,0,0,00:00:14/35-15:21:35,21) [migration/1] (root,0,0,00:00:57/35-15:21:35,22) [ksoftirqd/1] (root,0,0,00:00:00/35-15:21:35,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-15:21:35,25) [cpuhp/2] (root,0,0,00:00:00/35-15:21:35,26) [idle_inject/2] (root,0,0,00:00:11/35-15:21:35,27) [migration/2] (root,0,0,01:07:42/35-15:21:35,28) [ksoftirqd/2] (root,0,0,00:00:00/35-15:21:35,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-15:21:35,31) [cpuhp/3] (root,0,0,00:00:00/35-15:21:35,32) [idle_inject/3] (root,0,0,00:00:13/35-15:21:35,33) [migration/3] (root,0,0,00:03:11/35-15:21:35,34) [ksoftirqd/3] (root,0,0,00:00:00/35-15:21:35,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-15:21:35,39) [kdevtmpfs] (root,0,0,00:00:00/35-15:21:35,40) [netns] (root,0,0,00:00:00/35-15:21:35,41) [inet_frag_wq] (root,0,0,00:00:07/35-15:21:35,42) [kauditd] (root,0,0,00:00:00/35-15:21:35,43) [khungtaskd] (root,0,0,00:00:00/35-15:21:35,44) [oom_reaper] (root,0,0,00:00:00/35-15:21:35,45) [writeback] (root,0,0,00:01:45/35-15:21:35,46) [kcompactd0] (root,0,0,00:00:00/35-15:21:35,47) [ksmd] (root,0,0,00:01:43/35-15:21:35,48) [khugepaged] (root,0,0,00:00:00/35-15:21:35,74) [kintegrityd] (root,0,0,00:00:00/35-15:21:35,75) [kblockd] (root,0,0,00:00:00/35-15:21:35,76) [blkcg_punt_bio] (root,0,0,00:00:00/35-15:21:35,78) [tpm_dev_wq] (root,0,0,00:00:00/35-15:21:35,79) [edac-poller] (root,0,0,00:00:00/35-15:21:35,80) [devfreq_wq] (root,0,0,00:00:00/35-15:21:35,110) [watchdogd] (root,0,0,00:00:07/35-15:21:35,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/35-15:21:35,112) [kswapd0] (root,0,0,00:00:00/35-15:21:34,114) [kthrotld] (root,0,0,00:00:00/35-15:21:34,115) [mld] (root,0,0,00:00:00/35-15:21:34,116) [ipv6_addrconf] (root,0,0,00:00:15/35-15:21:34,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/35-15:21:34,122) [kstrp] (root,0,0,00:00:00/35-15:21:34,123) [zswap-shrink] (root,0,0,00:00:00/35-15:21:34,124) [kworker/u9:0] (root,0,0,00:00:00/35-15:21:34,129) [charger_manager] (root,0,0,00:00:07/35-15:21:33,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/35-15:21:33,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-15:21:33,205) [kaluad] (root,0,0,00:00:00/35-15:21:33,250) [kmpath_rdacd] (root,0,0,00:00:00/35-15:21:33,293) [kmpathd] (root,0,0,00:00:00/35-15:21:33,294) [kmpath_handlerd] (root,0,0,00:00:00/35-15:21:33,342) [ata_sff] (root,0,0,00:00:00/35-15:21:32,343) [scsi_eh_0] (root,0,0,00:00:00/35-15:21:32,344) [scsi_tmf_0] (root,0,0,00:00:00/35-15:21:32,345) [scsi_eh_1] (root,0,0,00:00:00/35-15:21:32,346) [scsi_tmf_1] (root,0,0,00:00:58/35-15:21:30,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-15:21:30,367) [ext4-rsv-conver] (root,38604,7788,00:00:46/35-15:21:18,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/35-15:21:17,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:53/35-15:21:15,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/35-15:20:41,512) /sbin/auditd (messagebus,22936,5548,00:01:28/35-15:20:41,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:51/35-15:20:41,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/35-15:20:41,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/35-15:20:40,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/35-15:20:40,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32960,00:00:40/35-15:20:26,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/35-15:20:26,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:21/35-15:20:25,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/35-15:20:25,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/35-15:20:25,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/35-15:20:25,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/35-15:20:25,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:44/35-15:20:25,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:50/35-15:20:25,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/35-15:20:25,1206) bpfilter_umh (root,26204,8212,00:00:13/35-15:20:25,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/35-15:20:25,1215) ntpd: asynchronous dns resolver (spot,293944,180120,1-20:13:23/35-15:20:25,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/35-15:20:24,1228) (sd-pam) (checkmk,48532,3192,00:00:00/35-15:20:24,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/35-15:20:24,1245) (sd-pam) (root,24216,5344,00:00:11/35-15:20:23,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/35-15:20:23,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/35-15:20:22,1354) /usr/sbin/cron -n (root,698228,81996,00:46:35/35-15:20:16,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,223680,64164,00:15:16/35-15:20:02,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/07:04,4297) [kworker/1:2-events_freezable_power_] (root,0,0,00:00:00/01:04:09,7081) [kworker/1:1-ata_sff] (root,0,0,00:00:00/01:13:17,10630) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/29-13:11:18,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:38/29-13:11:17,15391) sshd: cm-ssh (root,0,0,00:00:00/04:56:51,15974) [kworker/u8:1-writeback] (postfix,24244,8228,00:00:00/01:32:43,16513) pickup -l -t fifo -u (root,35308,10072,00:00:00/19-14:39:56,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:07/19-14:39:55,16977) sshd: syslogtunnel (root,0,0,00:00:00/58:16,19051) [kworker/0:0-events] (root,0,0,00:00:00/02:02,20339) [kworker/3:2-events] (root,0,0,00:00:00/01:53,20978) [kworker/1:0-ata_sff] (root,0,0,00:00:00/02:15:08,25943) [kworker/3:1-cgroup_destroy] (root,6656,3404,00:00:00/00:00,26324) /bin/bash /usr/bin/check_mk_agent (root,13744,3412,00:00:00/00:00,26342) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,26343) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/09:48,27958) [kworker/2:0-events] (root,0,0,00:00:00/02:43:37,29889) [kworker/3:0-events] (postfix,44628,9272,00:00:01/29-19:57:03,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:52:06,31877) [kworker/0:1-events] (root,0,0,00:00:00/35:03,32365) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-18 01:43 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836319aa9c57Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:18/33-13:28:17,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/33-13:28:17,2) [kthreadd] (root,0,0,00:00:00/33-13:28:17,3) [rcu_gp] (root,0,0,00:00:00/33-13:28:17,4) [rcu_par_gp] (root,0,0,00:00:00/33-13:28:17,5) [slub_flushwq] (root,0,0,00:00:00/33-13:28:17,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-13:28:17,9) [mm_percpu_wq] (root,0,0,00:00:00/33-13:28:17,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-13:28:17,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-13:28:17,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-13:28:17,13) [ksoftirqd/0] (root,0,0,01:29:08/33-13:28:17,14) [rcu_preempt] (root,0,0,00:00:12/33-13:28:17,15) [migration/0] (root,0,0,00:00:00/33-13:28:17,16) [idle_inject/0] (root,0,0,00:00:00/33-13:28:17,18) [cpuhp/0] (root,0,0,00:00:00/33-13:28:17,19) [cpuhp/1] (root,0,0,00:00:00/33-13:28:17,20) [idle_inject/1] (root,0,0,00:00:13/33-13:28:17,21) [migration/1] (root,0,0,00:00:54/33-13:28:17,22) [ksoftirqd/1] (root,0,0,00:00:00/33-13:28:17,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-13:28:17,25) [cpuhp/2] (root,0,0,00:00:00/33-13:28:17,26) [idle_inject/2] (root,0,0,00:00:10/33-13:28:17,27) [migration/2] (root,0,0,01:04:51/33-13:28:17,28) [ksoftirqd/2] (root,0,0,00:00:00/33-13:28:17,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-13:28:17,31) [cpuhp/3] (root,0,0,00:00:00/33-13:28:17,32) [idle_inject/3] (root,0,0,00:00:12/33-13:28:17,33) [migration/3] (root,0,0,00:03:01/33-13:28:17,34) [ksoftirqd/3] (root,0,0,00:00:00/33-13:28:17,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-13:28:17,39) [kdevtmpfs] (root,0,0,00:00:00/33-13:28:17,40) [netns] (root,0,0,00:00:00/33-13:28:17,41) [inet_frag_wq] (root,0,0,00:00:07/33-13:28:17,42) [kauditd] (root,0,0,00:00:00/33-13:28:17,43) [khungtaskd] (root,0,0,00:00:00/33-13:28:17,44) [oom_reaper] (root,0,0,00:00:00/33-13:28:17,45) [writeback] (root,0,0,00:01:38/33-13:28:17,46) [kcompactd0] (root,0,0,00:00:00/33-13:28:17,47) [ksmd] (root,0,0,00:01:37/33-13:28:17,48) [khugepaged] (root,0,0,00:00:00/33-13:28:17,74) [kintegrityd] (root,0,0,00:00:00/33-13:28:17,75) [kblockd] (root,0,0,00:00:00/33-13:28:17,76) [blkcg_punt_bio] (root,0,0,00:00:00/33-13:28:17,78) [tpm_dev_wq] (root,0,0,00:00:00/33-13:28:17,79) [edac-poller] (root,0,0,00:00:00/33-13:28:17,80) [devfreq_wq] (root,0,0,00:00:00/33-13:28:17,110) [watchdogd] (root,0,0,00:00:07/33-13:28:17,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/33-13:28:17,112) [kswapd0] (root,0,0,00:00:00/33-13:28:16,114) [kthrotld] (root,0,0,00:00:00/33-13:28:16,115) [mld] (root,0,0,00:00:00/33-13:28:16,116) [ipv6_addrconf] (root,0,0,00:00:14/33-13:28:16,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/33-13:28:16,122) [kstrp] (root,0,0,00:00:00/33-13:28:16,123) [zswap-shrink] (root,0,0,00:00:00/33-13:28:16,124) [kworker/u9:0] (root,0,0,00:00:00/33-13:28:16,129) [charger_manager] (root,0,0,00:00:07/33-13:28:15,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/33-13:28:15,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-13:28:15,205) [kaluad] (root,0,0,00:00:00/33-13:28:15,250) [kmpath_rdacd] (root,0,0,00:00:00/33-13:28:15,293) [kmpathd] (root,0,0,00:00:00/33-13:28:15,294) [kmpath_handlerd] (root,0,0,00:00:00/33-13:28:15,342) [ata_sff] (root,0,0,00:00:00/33-13:28:14,343) [scsi_eh_0] (root,0,0,00:00:00/33-13:28:14,344) [scsi_tmf_0] (root,0,0,00:00:00/33-13:28:14,345) [scsi_eh_1] (root,0,0,00:00:00/33-13:28:14,346) [scsi_tmf_1] (root,0,0,00:00:54/33-13:28:12,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-13:28:12,367) [ext4-rsv-conver] (root,38604,7788,00:00:44/33-13:28:00,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/33-13:27:59,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:50/33-13:27:57,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/33-13:27:23,512) /sbin/auditd (messagebus,22936,5548,00:01:25/33-13:27:23,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:49/33-13:27:23,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/33-13:27:23,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/33-13:27:22,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/33-13:27:22,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/02:19:56,727) [kworker/u8:2-events_unbound] (root,548360,32524,00:00:38/33-13:27:08,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/33-13:27:08,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:09/33-13:27:07,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/33-13:27:07,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/33-13:27:07,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/33-13:27:07,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/33-13:27:07,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:42/33-13:27:07,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:34/33-13:27:07,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/33-13:27:07,1206) bpfilter_umh (root,26204,8212,00:00:13/33-13:27:07,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/33-13:27:07,1215) ntpd: asynchronous dns resolver (spot,293272,179996,1-17:45:23/33-13:27:07,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/33-13:27:06,1228) (sd-pam) (checkmk,48532,3192,00:00:00/33-13:27:06,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/33-13:27:06,1245) (sd-pam) (root,24216,5344,00:00:11/33-13:27:05,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/33-13:27:05,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/33-13:27:04,1354) /usr/sbin/cron -n (root,697972,81832,00:43:53/33-13:26:58,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,222656,63536,00:14:26/33-13:26:44,1380) /usr/bin/python3.11 /usr/bin/spot (postfix,24244,8284,00:00:00/00:17,2257) pickup -l -t fifo -u (root,0,0,00:00:00/00:02,3835) [kworker/u8:0] (root,0,0,00:00:00/00:02,3836) [kworker/3:1-cgroup_destroy] (root,6656,3476,00:00:00/00:00,3882) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,3900) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,3901) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/34:56,7073) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/04:07,12958) [kworker/1:1-ata_sff] (root,35308,10012,00:00:00/27-11:18:00,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:31/27-11:17:59,15391) sshd: cm-ssh (root,35308,10072,00:00:00/17-12:46:38,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:00/17-12:46:37,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:58:34,18088) [kworker/3:2-inet_frag_wq] (root,0,0,00:00:00/51:58,19428) [kworker/0:2-events] (root,0,0,00:00:04/02:28:14,24863) [kworker/2:1-events] (root,0,0,00:00:00/09:19,24872) [kworker/1:0-ata_sff] (root,0,0,00:00:00/30:03,25067) [kworker/1:2-events] (root,0,0,00:00:02/02:50:32,29457) [kworker/3:0-events] (postfix,44628,9316,00:00:01/27-18:03:45,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/59:25,31017) [kworker/0:1-events] (root,0,0,00:00:00/28:36,31459) [kworker/2:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-15 23:50 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683635f54b5e9Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:15/31-13:41:47,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-13:41:47,2) [kthreadd] (root,0,0,00:00:00/31-13:41:47,3) [rcu_gp] (root,0,0,00:00:00/31-13:41:47,4) [rcu_par_gp] (root,0,0,00:00:00/31-13:41:47,5) [slub_flushwq] (root,0,0,00:00:00/31-13:41:47,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-13:41:47,9) [mm_percpu_wq] (root,0,0,00:00:00/31-13:41:47,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-13:41:47,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-13:41:47,12) [rcu_tasks_trace] (root,0,0,00:00:57/31-13:41:47,13) [ksoftirqd/0] (root,0,0,01:23:57/31-13:41:47,14) [rcu_preempt] (root,0,0,00:00:12/31-13:41:47,15) [migration/0] (root,0,0,00:00:00/31-13:41:47,16) [idle_inject/0] (root,0,0,00:00:00/31-13:41:47,18) [cpuhp/0] (root,0,0,00:00:00/31-13:41:47,19) [cpuhp/1] (root,0,0,00:00:00/31-13:41:47,20) [idle_inject/1] (root,0,0,00:00:12/31-13:41:47,21) [migration/1] (root,0,0,00:00:50/31-13:41:47,22) [ksoftirqd/1] (root,0,0,00:00:00/31-13:41:47,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-13:41:47,25) [cpuhp/2] (root,0,0,00:00:00/31-13:41:47,26) [idle_inject/2] (root,0,0,00:00:09/31-13:41:47,27) [migration/2] (root,0,0,01:01:48/31-13:41:47,28) [ksoftirqd/2] (root,0,0,00:00:00/31-13:41:47,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-13:41:47,31) [cpuhp/3] (root,0,0,00:00:00/31-13:41:47,32) [idle_inject/3] (root,0,0,00:00:11/31-13:41:47,33) [migration/3] (root,0,0,00:02:51/31-13:41:47,34) [ksoftirqd/3] (root,0,0,00:00:00/31-13:41:47,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-13:41:47,39) [kdevtmpfs] (root,0,0,00:00:00/31-13:41:47,40) [netns] (root,0,0,00:00:00/31-13:41:47,41) [inet_frag_wq] (root,0,0,00:00:07/31-13:41:47,42) [kauditd] (root,0,0,00:00:00/31-13:41:47,43) [khungtaskd] (root,0,0,00:00:00/31-13:41:47,44) [oom_reaper] (root,0,0,00:00:00/31-13:41:47,45) [writeback] (root,0,0,00:01:32/31-13:41:47,46) [kcompactd0] (root,0,0,00:00:00/31-13:41:47,47) [ksmd] (root,0,0,00:01:31/31-13:41:47,48) [khugepaged] (root,0,0,00:00:00/31-13:41:47,74) [kintegrityd] (root,0,0,00:00:00/31-13:41:47,75) [kblockd] (root,0,0,00:00:00/31-13:41:47,76) [blkcg_punt_bio] (root,0,0,00:00:00/31-13:41:47,78) [tpm_dev_wq] (root,0,0,00:00:00/31-13:41:47,79) [edac-poller] (root,0,0,00:00:00/31-13:41:47,80) [devfreq_wq] (root,0,0,00:00:00/31-13:41:47,110) [watchdogd] (root,0,0,00:00:06/31-13:41:47,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/31-13:41:47,112) [kswapd0] (root,0,0,00:00:00/31-13:41:46,114) [kthrotld] (root,0,0,00:00:00/31-13:41:46,115) [mld] (root,0,0,00:00:00/31-13:41:46,116) [ipv6_addrconf] (root,0,0,00:00:13/31-13:41:46,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/31-13:41:46,122) [kstrp] (root,0,0,00:00:00/31-13:41:46,123) [zswap-shrink] (root,0,0,00:00:00/31-13:41:46,124) [kworker/u9:0] (root,0,0,00:00:00/31-13:41:46,129) [charger_manager] (root,0,0,00:00:07/31-13:41:45,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/31-13:41:45,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-13:41:45,205) [kaluad] (root,0,0,00:00:00/31-13:41:45,250) [kmpath_rdacd] (root,0,0,00:00:00/31-13:41:45,293) [kmpathd] (root,0,0,00:00:00/31-13:41:45,294) [kmpath_handlerd] (root,0,0,00:00:00/31-13:41:45,342) [ata_sff] (root,0,0,00:00:00/31-13:41:44,343) [scsi_eh_0] (root,0,0,00:00:00/31-13:41:44,344) [scsi_tmf_0] (root,0,0,00:00:00/31-13:41:44,345) [scsi_eh_1] (root,0,0,00:00:00/31-13:41:44,346) [scsi_tmf_1] (root,0,0,00:00:51/31-13:41:42,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-13:41:42,367) [ext4-rsv-conver] (root,38604,7788,00:00:42/31-13:41:30,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/31-13:41:29,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:47/31-13:41:27,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:15/31-13:40:53,512) /sbin/auditd (messagebus,22936,5548,00:01:22/31-13:40:53,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:47/31-13:40:53,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/31-13:40:53,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/31-13:40:52,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/31-13:40:52,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:35/31-13:40:38,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/31-13:40:38,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:02:57/31-13:40:37,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/31-13:40:37,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/31-13:40:37,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/31-13:40:37,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/31-13:40:37,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:40/31-13:40:37,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:18/31-13:40:37,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/31-13:40:37,1206) bpfilter_umh (root,26204,8212,00:00:12/31-13:40:37,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/31-13:40:37,1215) ntpd: asynchronous dns resolver (spot,286456,173720,1-15:29:38/31-13:40:37,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/31-13:40:36,1228) (sd-pam) (checkmk,48532,3192,00:00:00/31-13:40:36,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/31-13:40:36,1245) (sd-pam) (root,24216,5344,00:00:10/31-13:40:35,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/31-13:40:35,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/31-13:40:34,1354) /usr/sbin/cron -n (root,697972,81512,00:41:18/31-13:40:28,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,221632,61380,00:13:37/31-13:40:14,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:32,9372) [kworker/1:0-ata_sff] (root,0,0,00:00:03/01:57:33,11542) [kworker/2:0-events] (root,35308,10012,00:00:00/25-11:31:30,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:24/25-11:31:29,15391) sshd: cm-ssh (root,0,0,00:00:00/02:08:25,16327) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10072,00:00:00/15-13:00:08,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:53/15-13:00:07,16977) sshd: syslogtunnel (root,0,0,00:00:00/06:44,20275) [kworker/1:2-events] (root,6656,3488,00:00:00/00:00,21267) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,21313) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,21338) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,21339) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,6656,1888,00:00:00/00:00,21340) /bin/bash /usr/bin/check_mk_agent (root,2728,824,00:00:00/00:00,21341) timeout 3 dmraid -r (root,0,0,00:00:00/01:03:49,22377) [kworker/0:1-events] (root,0,0,00:00:00/58:00,24430) [kworker/3:0-events] (root,0,0,00:00:00/28:18,25324) [kworker/3:1] (root,0,0,00:00:00/06:14,28354) [kworker/0:0-events] (postfix,24244,8252,00:00:00/35:42,28439) pickup -l -t fifo -u (root,0,0,00:00:00/01:35:10,29649) [kworker/2:2-events] (postfix,44628,9316,00:00:01/25-18:17:15,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/17:08,31624) [kworker/1:1-ata_sff] (root,0,0,00:00:00/48:58,31712) [kworker/u8:1-flush-253:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-14 00:03 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f58b9529Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:12/29-14:35:37,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-14:35:37,2) [kthreadd] (root,0,0,00:00:00/29-14:35:37,3) [rcu_gp] (root,0,0,00:00:00/29-14:35:37,4) [rcu_par_gp] (root,0,0,00:00:00/29-14:35:37,5) [slub_flushwq] (root,0,0,00:00:00/29-14:35:37,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-14:35:37,9) [mm_percpu_wq] (root,0,0,00:00:00/29-14:35:37,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-14:35:37,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-14:35:37,12) [rcu_tasks_trace] (root,0,0,00:00:53/29-14:35:37,13) [ksoftirqd/0] (root,0,0,01:18:53/29-14:35:37,14) [rcu_preempt] (root,0,0,00:00:11/29-14:35:37,15) [migration/0] (root,0,0,00:00:00/29-14:35:37,16) [idle_inject/0] (root,0,0,00:00:00/29-14:35:37,18) [cpuhp/0] (root,0,0,00:00:00/29-14:35:37,19) [cpuhp/1] (root,0,0,00:00:00/29-14:35:37,20) [idle_inject/1] (root,0,0,00:00:11/29-14:35:37,21) [migration/1] (root,0,0,00:00:46/29-14:35:37,22) [ksoftirqd/1] (root,0,0,00:00:00/29-14:35:37,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-14:35:37,25) [cpuhp/2] (root,0,0,00:00:00/29-14:35:37,26) [idle_inject/2] (root,0,0,00:00:09/29-14:35:37,27) [migration/2] (root,0,0,00:58:15/29-14:35:37,28) [ksoftirqd/2] (root,0,0,00:00:00/29-14:35:37,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-14:35:37,31) [cpuhp/3] (root,0,0,00:00:00/29-14:35:37,32) [idle_inject/3] (root,0,0,00:00:11/29-14:35:37,33) [migration/3] (root,0,0,00:02:40/29-14:35:37,34) [ksoftirqd/3] (root,0,0,00:00:00/29-14:35:37,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-14:35:37,39) [kdevtmpfs] (root,0,0,00:00:00/29-14:35:37,40) [netns] (root,0,0,00:00:00/29-14:35:37,41) [inet_frag_wq] (root,0,0,00:00:06/29-14:35:37,42) [kauditd] (root,0,0,00:00:00/29-14:35:37,43) [khungtaskd] (root,0,0,00:00:00/29-14:35:37,44) [oom_reaper] (root,0,0,00:00:00/29-14:35:37,45) [writeback] (root,0,0,00:01:26/29-14:35:37,46) [kcompactd0] (root,0,0,00:00:00/29-14:35:37,47) [ksmd] (root,0,0,00:01:25/29-14:35:37,48) [khugepaged] (root,0,0,00:00:00/29-14:35:37,74) [kintegrityd] (root,0,0,00:00:00/29-14:35:37,75) [kblockd] (root,0,0,00:00:00/29-14:35:37,76) [blkcg_punt_bio] (root,0,0,00:00:00/29-14:35:37,78) [tpm_dev_wq] (root,0,0,00:00:00/29-14:35:37,79) [edac-poller] (root,0,0,00:00:00/29-14:35:37,80) [devfreq_wq] (root,0,0,00:00:00/29-14:35:37,110) [watchdogd] (root,0,0,00:00:06/29-14:35:37,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/29-14:35:37,112) [kswapd0] (root,0,0,00:00:00/29-14:35:36,114) [kthrotld] (root,0,0,00:00:00/29-14:35:36,115) [mld] (root,0,0,00:00:00/29-14:35:36,116) [ipv6_addrconf] (root,0,0,00:00:12/29-14:35:36,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/29-14:35:36,122) [kstrp] (root,0,0,00:00:00/29-14:35:36,123) [zswap-shrink] (root,0,0,00:00:00/29-14:35:36,124) [kworker/u9:0] (root,0,0,00:00:00/29-14:35:36,129) [charger_manager] (root,0,0,00:00:06/29-14:35:35,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/29-14:35:35,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-14:35:35,205) [kaluad] (root,0,0,00:00:00/29-14:35:35,250) [kmpath_rdacd] (root,0,0,00:00:00/29-14:35:35,293) [kmpathd] (root,0,0,00:00:00/29-14:35:35,294) [kmpath_handlerd] (root,0,0,00:00:00/29-14:35:35,342) [ata_sff] (root,0,0,00:00:00/29-14:35:34,343) [scsi_eh_0] (root,0,0,00:00:00/29-14:35:34,344) [scsi_tmf_0] (root,0,0,00:00:00/29-14:35:34,345) [scsi_eh_1] (root,0,0,00:00:00/29-14:35:34,346) [scsi_tmf_1] (root,0,0,00:00:48/29-14:35:32,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-14:35:32,367) [ext4-rsv-conver] (root,38604,7788,00:00:40/29-14:35:20,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/29-14:35:19,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:44/29-14:35:17,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/29-14:34:43,512) /sbin/auditd (messagebus,22936,5548,00:01:18/29-14:34:43,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:45/29-14:34:43,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/29-14:34:43,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/29-14:34:42,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/29-14:34:42,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/33:02,931) [kworker/3:1-events] (root,548360,31484,00:00:33/29-14:34:28,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/29-14:34:28,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:42/29-14:34:27,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/29-14:34:27,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/29-14:34:27,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/29-14:34:27,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/29-14:34:27,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:38/29-14:34:27,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:02/29-14:34:27,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/29-14:34:27,1206) bpfilter_umh (root,26204,8212,00:00:12/29-14:34:27,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/29-14:34:27,1215) ntpd: asynchronous dns resolver (spot,291692,178836,1-13:00:45/29-14:34:27,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/29-14:34:26,1228) (sd-pam) (checkmk,48532,3192,00:00:00/29-14:34:26,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/29-14:34:26,1245) (sd-pam) (root,24216,5344,00:00:09/29-14:34:25,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/29-14:34:25,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/29-14:34:24,1354) /usr/sbin/cron -n (root,697576,81148,00:38:44/29-14:34:18,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,220608,60500,00:12:54/29-14:34:04,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/04:02,3903) [kworker/0:2-events] (root,0,0,00:00:00/01:37:24,3949) [kworker/u8:1-writeback] (root,0,0,00:00:00/01:08:14,4092) [kworker/3:0-events] (root,0,0,00:00:00/03:00,6756) [kworker/1:2-ata_sff] (root,0,0,00:00:00/03:42:44,8802) [kworker/u8:0] (root,0,0,00:00:00/01:23:03,10360) [kworker/2:2-events] (root,0,0,00:00:01/01:15:30,10395) [kworker/2:0-events] (postfix,24244,8204,00:00:00/11:18,14984) pickup -l -t fifo -u (root,35308,10012,00:00:00/23-12:25:20,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:18/23-12:25:19,15391) sshd: cm-ssh (root,35308,10072,00:00:00/13-13:53:58,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:47/13-13:53:57,16977) sshd: syslogtunnel (root,6656,3488,00:00:00/00:00,17760) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,17801) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,17802) /bin/bash /usr/bin/check_mk_agent (root,4480,1140,00:00:00/00:00,17803) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,768,00:00:00/00:00,17804) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2676,1200,00:00:00/00:00,17805) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3480,00:00:00/00:00,17806) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,17824) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,17825) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:02/07:18:10,20264) [kworker/0:1-events] (root,0,0,00:00:01/01:20:49,21615) [kworker/1:1-events] (root,0,0,00:00:00/25:50,23593) [kworker/0:0-events] (root,0,0,00:00:00/08:10,25066) [kworker/1:0-ata_sff] (postfix,44628,9316,00:00:01/23-19:11:05,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-12 00:57 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683636dd527d0Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:08/27-14:43:03,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-14:43:03,2) [kthreadd] (root,0,0,00:00:00/27-14:43:03,3) [rcu_gp] (root,0,0,00:00:00/27-14:43:03,4) [rcu_par_gp] (root,0,0,00:00:00/27-14:43:03,5) [slub_flushwq] (root,0,0,00:00:00/27-14:43:03,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-14:43:03,9) [mm_percpu_wq] (root,0,0,00:00:00/27-14:43:03,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-14:43:03,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-14:43:03,12) [rcu_tasks_trace] (root,0,0,00:00:50/27-14:43:03,13) [ksoftirqd/0] (root,0,0,01:13:45/27-14:43:03,14) [rcu_preempt] (root,0,0,00:00:10/27-14:43:03,15) [migration/0] (root,0,0,00:00:00/27-14:43:03,16) [idle_inject/0] (root,0,0,00:00:00/27-14:43:03,18) [cpuhp/0] (root,0,0,00:00:00/27-14:43:03,19) [cpuhp/1] (root,0,0,00:00:00/27-14:43:03,20) [idle_inject/1] (root,0,0,00:00:10/27-14:43:03,21) [migration/1] (root,0,0,00:00:44/27-14:43:03,22) [ksoftirqd/1] (root,0,0,00:00:00/27-14:43:03,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-14:43:03,25) [cpuhp/2] (root,0,0,00:00:00/27-14:43:03,26) [idle_inject/2] (root,0,0,00:00:08/27-14:43:03,27) [migration/2] (root,0,0,00:55:29/27-14:43:03,28) [ksoftirqd/2] (root,0,0,00:00:00/27-14:43:03,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-14:43:03,31) [cpuhp/3] (root,0,0,00:00:00/27-14:43:03,32) [idle_inject/3] (root,0,0,00:00:10/27-14:43:03,33) [migration/3] (root,0,0,00:02:32/27-14:43:03,34) [ksoftirqd/3] (root,0,0,00:00:00/27-14:43:03,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-14:43:03,39) [kdevtmpfs] (root,0,0,00:00:00/27-14:43:03,40) [netns] (root,0,0,00:00:00/27-14:43:03,41) [inet_frag_wq] (root,0,0,00:00:06/27-14:43:03,42) [kauditd] (root,0,0,00:00:00/27-14:43:03,43) [khungtaskd] (root,0,0,00:00:00/27-14:43:03,44) [oom_reaper] (root,0,0,00:00:00/27-14:43:03,45) [writeback] (root,0,0,00:01:21/27-14:43:03,46) [kcompactd0] (root,0,0,00:00:00/27-14:43:03,47) [ksmd] (root,0,0,00:01:19/27-14:43:03,48) [khugepaged] (root,0,0,00:00:00/27-14:43:03,74) [kintegrityd] (root,0,0,00:00:00/27-14:43:03,75) [kblockd] (root,0,0,00:00:00/27-14:43:03,76) [blkcg_punt_bio] (root,0,0,00:00:00/27-14:43:03,78) [tpm_dev_wq] (root,0,0,00:00:00/27-14:43:03,79) [edac-poller] (root,0,0,00:00:00/27-14:43:03,80) [devfreq_wq] (root,0,0,00:00:00/27-14:43:03,110) [watchdogd] (root,0,0,00:00:05/27-14:43:03,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/27-14:43:03,112) [kswapd0] (root,0,0,00:00:00/27-14:43:02,114) [kthrotld] (root,0,0,00:00:00/27-14:43:02,115) [mld] (root,0,0,00:00:00/27-14:43:02,116) [ipv6_addrconf] (root,0,0,00:00:11/27-14:43:02,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/27-14:43:02,122) [kstrp] (root,0,0,00:00:00/27-14:43:02,123) [zswap-shrink] (root,0,0,00:00:00/27-14:43:02,124) [kworker/u9:0] (root,0,0,00:00:00/27-14:43:02,129) [charger_manager] (root,0,0,00:00:06/27-14:43:01,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/27-14:43:01,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-14:43:01,205) [kaluad] (root,0,0,00:00:00/27-14:43:01,250) [kmpath_rdacd] (root,0,0,00:00:00/27-14:43:01,293) [kmpathd] (root,0,0,00:00:00/27-14:43:01,294) [kmpath_handlerd] (root,0,0,00:00:00/27-14:43:01,342) [ata_sff] (root,0,0,00:00:00/27-14:43:00,343) [scsi_eh_0] (root,0,0,00:00:00/27-14:43:00,344) [scsi_tmf_0] (root,0,0,00:00:00/27-14:43:00,345) [scsi_eh_1] (root,0,0,00:00:00/27-14:43:00,346) [scsi_tmf_1] (root,0,0,00:00:45/27-14:42:58,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-14:42:58,367) [ext4-rsv-conver] (root,38604,7788,00:00:38/27-14:42:46,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/27-14:42:45,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:41/27-14:42:43,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/27-14:42:09,512) /sbin/auditd (messagebus,22936,5548,00:01:14/27-14:42:09,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8520,00:00:43/27-14:42:09,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/27-14:42:09,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/27-14:42:08,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/27-14:42:08,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:31/27-14:41:54,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/27-14:41:54,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:34/27-14:41:53,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/27-14:41:53,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/27-14:41:53,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/27-14:41:53,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/27-14:41:53,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:36/27-14:41:53,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:03:46/27-14:41:53,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/27-14:41:53,1206) bpfilter_umh (root,26204,8212,00:00:11/27-14:41:53,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/27-14:41:53,1215) ntpd: asynchronous dns resolver (spot,289976,176648,1-10:40:52/27-14:41:53,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/27-14:41:52,1228) (sd-pam) (checkmk,48532,3192,00:00:00/27-14:41:52,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/27-14:41:52,1245) (sd-pam) (root,24216,5344,00:00:09/27-14:41:51,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/27-14:41:51,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/27-14:41:50,1354) /usr/sbin/cron -n (root,697064,80568,00:36:08/27-14:41:44,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,219584,58620,00:11:36/27-14:41:30,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/03:56:35,1639) [kworker/3:1-events] (root,0,0,00:00:00/09:54,2230) [kworker/1:0-ata_sff] (postfix,24244,8288,00:00:00/40:45,4237) pickup -l -t fifo -u (root,0,0,00:00:00/08:20,5127) [kworker/0:2] (root,0,0,00:00:00/51:35,7755) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/01:30:10,8451) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/04:43,12518) [kworker/1:2-ata_sff] (root,35308,10012,00:00:00/21-12:32:46,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:11/21-12:32:45,15391) sshd: cm-ssh (root,0,0,00:00:00/35:50,15445) [kworker/1:1-events] (root,0,0,00:00:00/15:48,16162) [kworker/0:1-events] (root,35308,10072,00:00:00/11-14:01:24,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:40/11-14:01:23,16977) sshd: syslogtunnel (root,0,0,00:00:00/24:41,19174) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/22:55,24768) [kworker/2:0-events] (root,0,0,00:00:00/01:14,27446) [kworker/3:0] (root,0,0,00:00:02/02:05:05,27932) [kworker/2:2-events] (postfix,44628,9316,00:00:00/21-19:18:31,30472) tlsmgr -l -t unix -u (root,6656,3488,00:00:00/00:00,31093) /bin/bash /usr/bin/check_mk_agent (root,6656,3476,00:00:00/00:00,31113) /bin/bash /usr/bin/check_mk_agent (root,6656,1948,00:00:00/00:00,31141) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,31143) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,31144) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-10 01:05 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b69b8447Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12816,00:01:04/25-14:29:56,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-14:29:56,2) [kthreadd] (root,0,0,00:00:00/25-14:29:56,3) [rcu_gp] (root,0,0,00:00:00/25-14:29:56,4) [rcu_par_gp] (root,0,0,00:00:00/25-14:29:56,5) [slub_flushwq] (root,0,0,00:00:00/25-14:29:56,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-14:29:56,9) [mm_percpu_wq] (root,0,0,00:00:00/25-14:29:56,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-14:29:56,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-14:29:56,12) [rcu_tasks_trace] (root,0,0,00:00:46/25-14:29:56,13) [ksoftirqd/0] (root,0,0,01:08:26/25-14:29:56,14) [rcu_preempt] (root,0,0,00:00:09/25-14:29:56,15) [migration/0] (root,0,0,00:00:00/25-14:29:56,16) [idle_inject/0] (root,0,0,00:00:00/25-14:29:56,18) [cpuhp/0] (root,0,0,00:00:00/25-14:29:56,19) [cpuhp/1] (root,0,0,00:00:00/25-14:29:56,20) [idle_inject/1] (root,0,0,00:00:10/25-14:29:56,21) [migration/1] (root,0,0,00:00:40/25-14:29:56,22) [ksoftirqd/1] (root,0,0,00:00:00/25-14:29:56,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-14:29:56,25) [cpuhp/2] (root,0,0,00:00:00/25-14:29:56,26) [idle_inject/2] (root,0,0,00:00:08/25-14:29:56,27) [migration/2] (root,0,0,00:52:18/25-14:29:56,28) [ksoftirqd/2] (root,0,0,00:00:00/25-14:29:56,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-14:29:56,31) [cpuhp/3] (root,0,0,00:00:00/25-14:29:56,32) [idle_inject/3] (root,0,0,00:00:09/25-14:29:56,33) [migration/3] (root,0,0,00:02:22/25-14:29:56,34) [ksoftirqd/3] (root,0,0,00:00:00/25-14:29:56,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-14:29:56,39) [kdevtmpfs] (root,0,0,00:00:00/25-14:29:56,40) [netns] (root,0,0,00:00:00/25-14:29:56,41) [inet_frag_wq] (root,0,0,00:00:06/25-14:29:56,42) [kauditd] (root,0,0,00:00:00/25-14:29:56,43) [khungtaskd] (root,0,0,00:00:00/25-14:29:56,44) [oom_reaper] (root,0,0,00:00:00/25-14:29:56,45) [writeback] (root,0,0,00:01:15/25-14:29:56,46) [kcompactd0] (root,0,0,00:00:00/25-14:29:56,47) [ksmd] (root,0,0,00:01:14/25-14:29:56,48) [khugepaged] (root,0,0,00:00:00/25-14:29:56,74) [kintegrityd] (root,0,0,00:00:00/25-14:29:56,75) [kblockd] (root,0,0,00:00:00/25-14:29:56,76) [blkcg_punt_bio] (root,0,0,00:00:00/25-14:29:56,78) [tpm_dev_wq] (root,0,0,00:00:00/25-14:29:56,79) [edac-poller] (root,0,0,00:00:00/25-14:29:56,80) [devfreq_wq] (root,0,0,00:00:00/25-14:29:56,110) [watchdogd] (root,0,0,00:00:05/25-14:29:56,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/25-14:29:56,112) [kswapd0] (root,0,0,00:00:00/25-14:29:55,114) [kthrotld] (root,0,0,00:00:00/25-14:29:55,115) [mld] (root,0,0,00:00:00/25-14:29:55,116) [ipv6_addrconf] (root,0,0,00:00:11/25-14:29:55,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/25-14:29:55,122) [kstrp] (root,0,0,00:00:00/25-14:29:55,123) [zswap-shrink] (root,0,0,00:00:00/25-14:29:55,124) [kworker/u9:0] (root,0,0,00:00:00/25-14:29:55,129) [charger_manager] (root,0,0,00:00:05/25-14:29:54,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/25-14:29:54,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-14:29:54,205) [kaluad] (root,0,0,00:00:00/25-14:29:54,250) [kmpath_rdacd] (root,0,0,00:00:00/25-14:29:54,293) [kmpathd] (root,0,0,00:00:00/25-14:29:54,294) [kmpath_handlerd] (root,0,0,00:00:00/25-14:29:54,342) [ata_sff] (root,0,0,00:00:00/25-14:29:53,343) [scsi_eh_0] (root,0,0,00:00:00/25-14:29:53,344) [scsi_tmf_0] (root,0,0,00:00:00/25-14:29:53,345) [scsi_eh_1] (root,0,0,00:00:00/25-14:29:53,346) [scsi_tmf_1] (root,0,0,00:00:41/25-14:29:51,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-14:29:51,367) [ext4-rsv-conver] (root,38604,7876,00:00:36/25-14:29:39,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:03/25-14:29:38,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:38/25-14:29:36,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:13/25-14:29:02,512) /sbin/auditd (messagebus,22936,5640,00:01:11/25-14:29:02,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:41/25-14:29:02,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/25-14:29:02,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/25-14:29:01,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/25-14:29:01,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,30844,00:00:29/25-14:28:47,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/25-14:28:47,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:22/25-14:28:46,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/25-14:28:46,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/25-14:28:46,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/25-14:28:46,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/25-14:28:46,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:34/25-14:28:46,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:29/25-14:28:46,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/25-14:28:46,1206) bpfilter_umh (root,26204,8300,00:00:11/25-14:28:46,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/25-14:28:46,1215) ntpd: asynchronous dns resolver (spot,301792,188352,1-08:06:30/25-14:28:46,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/25-14:28:45,1228) (sd-pam) (checkmk,48532,3192,00:00:00/25-14:28:45,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/25-14:28:45,1245) (sd-pam) (root,24216,5348,00:00:08/25-14:28:44,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/25-14:28:44,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/25-14:28:43,1354) /usr/sbin/cron -n (root,694116,77808,00:33:30/25-14:28:37,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,218560,57996,00:10:11/25-14:28:23,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/04:12,4602) [kworker/1:1-ata_sff] (root,0,0,00:00:00/35:19,6090) [kworker/1:0-events_freezable_power_] (root,0,0,00:00:00/37:02,6321) [kworker/u8:0-writeback] (root,0,0,00:00:00/03:48,6556) [kworker/0:0-events_power_efficient] (root,0,0,00:00:00/01:25:09,14356) [kworker/2:0-events] (root,35308,10012,00:00:00/19-12:19:39,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:05/19-12:19:38,15391) sshd: cm-ssh (root,0,0,00:00:01/01:52:43,16404) [kworker/0:1-events] (root,35308,10072,00:00:00/9-13:48:17,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:33/9-13:48:16,16977) sshd: syslogtunnel (root,0,0,00:00:00/10:22:07,17512) [kworker/u8:2-writeback] (postfix,24244,8240,00:00:00/48:32,17853) pickup -l -t fifo -u (root,0,0,00:00:00/10:35,18061) [kworker/3:0] (root,0,0,00:00:07/07:32:31,21123) [kworker/2:1-events] (root,0,0,00:00:00/09:22,22721) [kworker/1:2-events] (root,6656,3488,00:00:00/00:00,23642) /bin/bash /usr/bin/check_mk_agent (root,13744,3512,00:00:00/00:00,23660) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,23661) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,44628,9372,00:00:00/19-19:05:24,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/17:12,30755) [kworker/3:1-events] (root,0,0,00:00:00/23:53,31934) [kworker/0:2-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-08 00:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639f0d2fe2Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:01:01/23-14:37:35,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-14:37:35,2) [kthreadd] (root,0,0,00:00:00/23-14:37:35,3) [rcu_gp] (root,0,0,00:00:00/23-14:37:35,4) [rcu_par_gp] (root,0,0,00:00:00/23-14:37:35,5) [slub_flushwq] (root,0,0,00:00:00/23-14:37:35,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-14:37:35,9) [mm_percpu_wq] (root,0,0,00:00:00/23-14:37:35,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-14:37:35,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-14:37:35,12) [rcu_tasks_trace] (root,0,0,00:00:43/23-14:37:35,13) [ksoftirqd/0] (root,0,0,01:02:53/23-14:37:35,14) [rcu_preempt] (root,0,0,00:00:08/23-14:37:35,15) [migration/0] (root,0,0,00:00:00/23-14:37:35,16) [idle_inject/0] (root,0,0,00:00:00/23-14:37:35,18) [cpuhp/0] (root,0,0,00:00:00/23-14:37:35,19) [cpuhp/1] (root,0,0,00:00:00/23-14:37:35,20) [idle_inject/1] (root,0,0,00:00:09/23-14:37:35,21) [migration/1] (root,0,0,00:00:37/23-14:37:35,22) [ksoftirqd/1] (root,0,0,00:00:00/23-14:37:35,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-14:37:35,25) [cpuhp/2] (root,0,0,00:00:00/23-14:37:35,26) [idle_inject/2] (root,0,0,00:00:07/23-14:37:35,27) [migration/2] (root,0,0,00:47:39/23-14:37:35,28) [ksoftirqd/2] (root,0,0,00:00:00/23-14:37:35,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-14:37:35,31) [cpuhp/3] (root,0,0,00:00:00/23-14:37:35,32) [idle_inject/3] (root,0,0,00:00:08/23-14:37:35,33) [migration/3] (root,0,0,00:02:10/23-14:37:35,34) [ksoftirqd/3] (root,0,0,00:00:00/23-14:37:35,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-14:37:35,39) [kdevtmpfs] (root,0,0,00:00:00/23-14:37:35,40) [netns] (root,0,0,00:00:00/23-14:37:35,41) [inet_frag_wq] (root,0,0,00:00:05/23-14:37:35,42) [kauditd] (root,0,0,00:00:00/23-14:37:35,43) [khungtaskd] (root,0,0,00:00:00/23-14:37:35,44) [oom_reaper] (root,0,0,00:00:00/23-14:37:35,45) [writeback] (root,0,0,00:01:09/23-14:37:35,46) [kcompactd0] (root,0,0,00:00:00/23-14:37:35,47) [ksmd] (root,0,0,00:01:08/23-14:37:35,48) [khugepaged] (root,0,0,00:00:00/23-14:37:35,74) [kintegrityd] (root,0,0,00:00:00/23-14:37:35,75) [kblockd] (root,0,0,00:00:00/23-14:37:35,76) [blkcg_punt_bio] (root,0,0,00:00:00/23-14:37:35,78) [tpm_dev_wq] (root,0,0,00:00:00/23-14:37:35,79) [edac-poller] (root,0,0,00:00:00/23-14:37:35,80) [devfreq_wq] (root,0,0,00:00:00/23-14:37:35,110) [watchdogd] (root,0,0,00:00:04/23-14:37:35,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/23-14:37:35,112) [kswapd0] (root,0,0,00:00:00/23-14:37:34,114) [kthrotld] (root,0,0,00:00:00/23-14:37:34,115) [mld] (root,0,0,00:00:00/23-14:37:34,116) [ipv6_addrconf] (root,0,0,00:00:10/23-14:37:34,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/23-14:37:34,122) [kstrp] (root,0,0,00:00:00/23-14:37:34,123) [zswap-shrink] (root,0,0,00:00:00/23-14:37:34,124) [kworker/u9:0] (root,0,0,00:00:00/23-14:37:34,129) [charger_manager] (root,0,0,00:00:05/23-14:37:33,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/23-14:37:33,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-14:37:33,205) [kaluad] (root,0,0,00:00:00/23-14:37:33,250) [kmpath_rdacd] (root,0,0,00:00:00/23-14:37:33,293) [kmpathd] (root,0,0,00:00:00/23-14:37:33,294) [kmpath_handlerd] (root,0,0,00:00:00/23-14:37:33,342) [ata_sff] (root,0,0,00:00:00/23-14:37:32,343) [scsi_eh_0] (root,0,0,00:00:00/23-14:37:32,344) [scsi_tmf_0] (root,0,0,00:00:00/23-14:37:32,345) [scsi_eh_1] (root,0,0,00:00:00/23-14:37:32,346) [scsi_tmf_1] (root,0,0,00:00:37/23-14:37:30,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-14:37:30,367) [ext4-rsv-conver] (root,38604,7876,00:00:34/23-14:37:18,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/23-14:37:17,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:35/23-14:37:15,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:12/23-14:36:41,512) /sbin/auditd (messagebus,22936,5640,00:01:07/23-14:36:41,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:38/23-14:36:41,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/23-14:36:41,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/23-14:36:40,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/23-14:36:40,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,30324,00:00:26/23-14:36:26,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/23-14:36:26,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:09/23-14:36:25,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/23-14:36:25,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/23-14:36:25,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/23-14:36:25,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/23-14:36:25,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:32/23-14:36:25,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:12/23-14:36:25,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/23-14:36:25,1206) bpfilter_umh (root,26204,8300,00:00:10/23-14:36:25,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/23-14:36:25,1215) ntpd: asynchronous dns resolver (spot,285532,172740,1-05:41:13/23-14:36:25,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/23-14:36:24,1228) (sd-pam) (checkmk,48532,3192,00:00:00/23-14:36:24,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/23-14:36:24,1245) (sd-pam) (root,24216,5348,00:00:07/23-14:36:23,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/23-14:36:23,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/23-14:36:22,1354) /usr/sbin/cron -n (root,693860,77156,00:30:48/23-14:36:16,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,55852,00:08:45/23-14:36:02,1380) /usr/bin/python3.11 /usr/bin/spot (root,6656,3488,00:00:00/00:00,2747) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,2819) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,2820) /bin/bash /usr/bin/check_mk_agent (root,4480,1048,00:00:00/00:00,2821) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,864,00:00:00/00:00,2822) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,6656,3480,00:00:00/00:00,2823) /bin/bash /usr/bin/check_mk_agent (root,2680,756,00:00:00/00:00,2824) cat /proc/net/tcp /proc/net/tcp6 (root,13744,3372,00:00:00/00:00,2842) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,944,00:00:00/00:00,2843) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/13:28,4265) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/01:19:09,7327) [kworker/0:0-events] (root,0,0,00:00:00/03:28:00,7973) [kworker/0:1-events] (root,0,0,00:00:00/11:47,11498) [kworker/3:1-events] (root,0,0,00:00:00/19:13,13370) [kworker/u8:1-flush-253:0] (root,35308,10012,00:00:00/17-12:27:18,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:58/17-12:27:17,15391) sshd: cm-ssh (postfix,24244,8204,00:00:00/01:17:59,15690) pickup -l -t fifo -u (root,0,0,00:00:00/05:04,15975) [kworker/2:0-events] (root,0,0,00:00:01/05:21:38,16672) [kworker/3:2-events] (root,35308,10072,00:00:00/7-13:55:56,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:26/7-13:55:55,16977) sshd: syslogtunnel (root,0,0,00:00:01/01:25:54,19831) [kworker/2:1-events] (root,0,0,00:00:00/18:23,21438) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/04:15,24035) [kworker/1:0-ata_sff] (root,0,0,00:00:00/14:38,26077) [kworker/1:1-events] (root,0,0,00:00:00/09:25,26329) [kworker/1:2-ata_sff] (postfix,44628,9372,00:00:00/17-19:13:03,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-06 00:59 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363201cbd83Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12808,00:00:57/21-14:30:15,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-14:30:15,2) [kthreadd] (root,0,0,00:00:00/21-14:30:15,3) [rcu_gp] (root,0,0,00:00:00/21-14:30:15,4) [rcu_par_gp] (root,0,0,00:00:00/21-14:30:15,5) [slub_flushwq] (root,0,0,00:00:00/21-14:30:15,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-14:30:15,9) [mm_percpu_wq] (root,0,0,00:00:00/21-14:30:15,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-14:30:15,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-14:30:15,12) [rcu_tasks_trace] (root,0,0,00:00:39/21-14:30:15,13) [ksoftirqd/0] (root,0,0,00:57:31/21-14:30:15,14) [rcu_preempt] (root,0,0,00:00:08/21-14:30:15,15) [migration/0] (root,0,0,00:00:00/21-14:30:15,16) [idle_inject/0] (root,0,0,00:00:00/21-14:30:15,18) [cpuhp/0] (root,0,0,00:00:00/21-14:30:15,19) [cpuhp/1] (root,0,0,00:00:00/21-14:30:15,20) [idle_inject/1] (root,0,0,00:00:08/21-14:30:15,21) [migration/1] (root,0,0,00:00:34/21-14:30:15,22) [ksoftirqd/1] (root,0,0,00:00:00/21-14:30:15,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-14:30:15,25) [cpuhp/2] (root,0,0,00:00:00/21-14:30:15,26) [idle_inject/2] (root,0,0,00:00:06/21-14:30:15,27) [migration/2] (root,0,0,00:43:41/21-14:30:15,28) [ksoftirqd/2] (root,0,0,00:00:00/21-14:30:15,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-14:30:15,31) [cpuhp/3] (root,0,0,00:00:00/21-14:30:15,32) [idle_inject/3] (root,0,0,00:00:08/21-14:30:15,33) [migration/3] (root,0,0,00:02:00/21-14:30:15,34) [ksoftirqd/3] (root,0,0,00:00:00/21-14:30:15,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-14:30:15,39) [kdevtmpfs] (root,0,0,00:00:00/21-14:30:15,40) [netns] (root,0,0,00:00:00/21-14:30:15,41) [inet_frag_wq] (root,0,0,00:00:05/21-14:30:15,42) [kauditd] (root,0,0,00:00:00/21-14:30:15,43) [khungtaskd] (root,0,0,00:00:00/21-14:30:15,44) [oom_reaper] (root,0,0,00:00:00/21-14:30:15,45) [writeback] (root,0,0,00:01:03/21-14:30:15,46) [kcompactd0] (root,0,0,00:00:00/21-14:30:15,47) [ksmd] (root,0,0,00:01:02/21-14:30:15,48) [khugepaged] (root,0,0,00:00:00/21-14:30:15,74) [kintegrityd] (root,0,0,00:00:00/21-14:30:15,75) [kblockd] (root,0,0,00:00:00/21-14:30:15,76) [blkcg_punt_bio] (root,0,0,00:00:00/21-14:30:15,78) [tpm_dev_wq] (root,0,0,00:00:00/21-14:30:15,79) [edac-poller] (root,0,0,00:00:00/21-14:30:15,80) [devfreq_wq] (root,0,0,00:00:00/21-14:30:15,110) [watchdogd] (root,0,0,00:00:04/21-14:30:15,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/21-14:30:15,112) [kswapd0] (root,0,0,00:00:00/21-14:30:14,114) [kthrotld] (root,0,0,00:00:00/21-14:30:14,115) [mld] (root,0,0,00:00:00/21-14:30:14,116) [ipv6_addrconf] (root,0,0,00:00:09/21-14:30:14,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/21-14:30:14,122) [kstrp] (root,0,0,00:00:00/21-14:30:14,123) [zswap-shrink] (root,0,0,00:00:00/21-14:30:14,124) [kworker/u9:0] (root,0,0,00:00:00/21-14:30:14,129) [charger_manager] (root,0,0,00:00:04/21-14:30:13,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/21-14:30:13,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-14:30:13,205) [kaluad] (root,0,0,00:00:00/21-14:30:13,250) [kmpath_rdacd] (root,0,0,00:00:00/21-14:30:13,293) [kmpathd] (root,0,0,00:00:00/21-14:30:13,294) [kmpath_handlerd] (root,0,0,00:00:00/21-14:30:13,342) [ata_sff] (root,0,0,00:00:00/21-14:30:12,343) [scsi_eh_0] (root,0,0,00:00:00/21-14:30:12,344) [scsi_tmf_0] (root,0,0,00:00:00/21-14:30:12,345) [scsi_eh_1] (root,0,0,00:00:00/21-14:30:12,346) [scsi_tmf_1] (root,0,0,00:00:33/21-14:30:10,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-14:30:10,367) [ext4-rsv-conver] (root,38604,7876,00:00:31/21-14:29:58,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/21-14:29:57,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:32/21-14:29:55,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:11/21-14:29:21,512) /sbin/auditd (messagebus,22936,5640,00:01:03/21-14:29:21,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:36/21-14:29:21,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/21-14:29:21,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/21-14:29:20,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/21-14:29:20,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29804,00:00:24/21-14:29:06,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/21-14:29:06,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:00/21-14:29:05,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/21-14:29:05,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/21-14:29:05,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/21-14:29:05,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/21-14:29:05,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:30/21-14:29:05,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:02:56/21-14:29:05,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/21-14:29:05,1206) bpfilter_umh (root,26204,8300,00:00:09/21-14:29:05,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/21-14:29:05,1215) ntpd: asynchronous dns resolver (spot,285196,171876,1-03:19:40/21-14:29:05,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/21-14:29:04,1228) (sd-pam) (checkmk,48532,3192,00:00:00/21-14:29:04,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/21-14:29:04,1245) (sd-pam) (root,24216,5348,00:00:07/21-14:29:03,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/21-14:29:03,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/21-14:29:02,1354) /usr/sbin/cron -n (root,693604,76796,00:28:07/21-14:28:56,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,216512,54960,00:07:25/21-14:28:42,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:03/03:10:58,1511) [kworker/2:0-events] (root,0,0,00:00:00/52:22,1699) [kworker/u8:1-ext4-rsv-conversion] (root,6656,3488,00:00:00/00:00,3020) /bin/bash /usr/bin/check_mk_agent (root,6656,3476,00:00:00/00:00,3028) /bin/bash /usr/bin/check_mk_agent (root,6656,3492,00:00:00/00:00,3032) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,3050) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,3051) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,6656,3476,00:00:00/00:00,3054) /bin/bash /usr/bin/check_mk_agent (root,0,0,00:00:01/01:43:41,3242) [kworker/1:2-events] (root,0,0,00:00:00/01:08:59,3967) [kworker/0:1-events] (postfix,24244,8180,00:00:00/01:32:33,7480) pickup -l -t fifo -u (root,0,0,00:00:00/43:29,8023) [kworker/3:0] (root,0,0,00:00:00/18:00,10807) [kworker/u8:0-writeback] (root,0,0,00:00:00/05:20,14577) [kworker/2:1-events] (root,0,0,00:00:00/05:08,15330) [kworker/1:1-ata_sff] (root,35308,10012,00:00:00/15-12:19:58,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:51/15-12:19:57,15391) sshd: cm-ssh (root,35308,10072,00:00:00/5-13:48:36,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:19/5-13:48:35,16977) sshd: syslogtunnel (root,0,0,00:00:00/04:48,17643) [kworker/u8:2] (root,0,0,00:00:00/24:26,20907) [kworker/0:2] (root,0,0,00:00:02/09:01:32,30433) [kworker/3:1-events] (postfix,44628,9372,00:00:00/15-19:05:43,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/10:19,30889) [kworker/1:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-04 00:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836395b8954dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12828,00:00:53/19-15:11:55,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-15:11:55,2) [kthreadd] (root,0,0,00:00:00/19-15:11:55,3) [rcu_gp] (root,0,0,00:00:00/19-15:11:55,4) [rcu_par_gp] (root,0,0,00:00:00/19-15:11:55,5) [slub_flushwq] (root,0,0,00:00:00/19-15:11:55,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-15:11:55,9) [mm_percpu_wq] (root,0,0,00:00:00/19-15:11:55,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-15:11:55,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-15:11:55,12) [rcu_tasks_trace] (root,0,0,00:00:36/19-15:11:55,13) [ksoftirqd/0] (root,0,0,00:52:21/19-15:11:55,14) [rcu_preempt] (root,0,0,00:00:07/19-15:11:55,15) [migration/0] (root,0,0,00:00:00/19-15:11:55,16) [idle_inject/0] (root,0,0,00:00:00/19-15:11:55,18) [cpuhp/0] (root,0,0,00:00:00/19-15:11:55,19) [cpuhp/1] (root,0,0,00:00:00/19-15:11:55,20) [idle_inject/1] (root,0,0,00:00:07/19-15:11:55,21) [migration/1] (root,0,0,00:00:31/19-15:11:55,22) [ksoftirqd/1] (root,0,0,00:00:00/19-15:11:55,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-15:11:55,25) [cpuhp/2] (root,0,0,00:00:00/19-15:11:55,26) [idle_inject/2] (root,0,0,00:00:06/19-15:11:55,27) [migration/2] (root,0,0,00:39:11/19-15:11:55,28) [ksoftirqd/2] (root,0,0,00:00:00/19-15:11:55,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-15:11:55,31) [cpuhp/3] (root,0,0,00:00:00/19-15:11:55,32) [idle_inject/3] (root,0,0,00:00:07/19-15:11:55,33) [migration/3] (root,0,0,00:01:49/19-15:11:55,34) [ksoftirqd/3] (root,0,0,00:00:00/19-15:11:55,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-15:11:55,39) [kdevtmpfs] (root,0,0,00:00:00/19-15:11:55,40) [netns] (root,0,0,00:00:00/19-15:11:55,41) [inet_frag_wq] (root,0,0,00:00:05/19-15:11:55,42) [kauditd] (root,0,0,00:00:00/19-15:11:55,43) [khungtaskd] (root,0,0,00:00:00/19-15:11:55,44) [oom_reaper] (root,0,0,00:00:00/19-15:11:55,45) [writeback] (root,0,0,00:00:57/19-15:11:55,46) [kcompactd0] (root,0,0,00:00:00/19-15:11:55,47) [ksmd] (root,0,0,00:00:57/19-15:11:55,48) [khugepaged] (root,0,0,00:00:00/19-15:11:55,74) [kintegrityd] (root,0,0,00:00:00/19-15:11:55,75) [kblockd] (root,0,0,00:00:00/19-15:11:55,76) [blkcg_punt_bio] (root,0,0,00:00:00/19-15:11:55,78) [tpm_dev_wq] (root,0,0,00:00:00/19-15:11:55,79) [edac-poller] (root,0,0,00:00:00/19-15:11:55,80) [devfreq_wq] (root,0,0,00:00:00/19-15:11:55,110) [watchdogd] (root,0,0,00:00:03/19-15:11:55,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/19-15:11:55,112) [kswapd0] (root,0,0,00:00:00/19-15:11:54,114) [kthrotld] (root,0,0,00:00:00/19-15:11:54,115) [mld] (root,0,0,00:00:00/19-15:11:54,116) [ipv6_addrconf] (root,0,0,00:00:08/19-15:11:54,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/19-15:11:54,122) [kstrp] (root,0,0,00:00:00/19-15:11:54,123) [zswap-shrink] (root,0,0,00:00:00/19-15:11:54,124) [kworker/u9:0] (root,0,0,00:00:00/19-15:11:54,129) [charger_manager] (root,0,0,00:00:04/19-15:11:53,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/19-15:11:53,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-15:11:53,205) [kaluad] (root,0,0,00:00:00/19-15:11:53,250) [kmpath_rdacd] (root,0,0,00:00:00/19-15:11:53,293) [kmpathd] (root,0,0,00:00:00/19-15:11:53,294) [kmpath_handlerd] (root,0,0,00:00:00/19-15:11:53,342) [ata_sff] (root,0,0,00:00:00/19-15:11:52,343) [scsi_eh_0] (root,0,0,00:00:00/19-15:11:52,344) [scsi_tmf_0] (root,0,0,00:00:00/19-15:11:52,345) [scsi_eh_1] (root,0,0,00:00:00/19-15:11:52,346) [scsi_tmf_1] (root,0,0,00:00:29/19-15:11:50,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-15:11:50,367) [ext4-rsv-conver] (root,38604,7876,00:00:29/19-15:11:38,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/19-15:11:37,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:29/19-15:11:35,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:11/19-15:11:01,512) /sbin/auditd (messagebus,22936,5672,00:00:58/19-15:11:01,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:33/19-15:11:01,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/19-15:11:01,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/19-15:11:00,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/19-15:11:00,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29812,00:00:22/19-15:10:46,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/19-15:10:46,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:49/19-15:10:45,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/19-15:10:45,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/19-15:10:45,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/19-15:10:45,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/19-15:10:45,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:28/19-15:10:45,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:40/19-15:10:45,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/19-15:10:45,1206) bpfilter_umh (root,26204,8300,00:00:09/19-15:10:45,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/19-15:10:45,1215) ntpd: asynchronous dns resolver (spot,284716,171756,1-01:06:31/19-15:10:45,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/19-15:10:44,1228) (sd-pam) (checkmk,48532,3192,00:00:00/19-15:10:44,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/19-15:10:44,1245) (sd-pam) (root,24216,5348,00:00:06/19-15:10:43,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/19-15:10:43,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/19-15:10:42,1354) /usr/sbin/cron -n (root,692836,75760,00:25:30/19-15:10:36,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,215488,53056,00:06:35/19-15:10:22,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/07:13:19,3898) [kworker/3:2-events] (root,0,0,00:00:00/02:13:33,4121) [kworker/u8:0-writeback] (postfix,24244,8224,00:00:00/55:06,8017) pickup -l -t fifo -u (root,0,0,00:00:00/00:24,12244) [kworker/1:1-ata_sff] (root,0,0,00:00:00/32:40,12709) [kworker/2:1-events] (root,6656,3488,00:00:00/00:00,13456) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,13467) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,13500) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,13501) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/21:10,14635) [kworker/1:0-events] (root,35308,10012,00:00:00/13-13:01:38,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:45/13-13:01:37,15391) sshd: cm-ssh (root,35308,10072,00:00:00/3-14:30:16,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:12/3-14:30:15,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:04:03,20923) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:28:31,22794) [kworker/0:1] (root,0,0,00:00:01/01:40:48,23007) [kworker/2:2-events] (root,0,0,00:00:01/03:37:57,26126) [kworker/0:2-events] (root,0,0,00:00:00/05:41,26393) [kworker/3:1-events] (root,0,0,00:00:00/05:35,27444) [kworker/1:2-ata_sff] (postfix,44628,9416,00:00:00/13-19:47:23,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-02 01:34 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836336acbfc6Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:49/17-14:34:00,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-14:34:00,2) [kthreadd] (root,0,0,00:00:00/17-14:34:00,3) [rcu_gp] (root,0,0,00:00:00/17-14:34:00,4) [rcu_par_gp] (root,0,0,00:00:00/17-14:34:00,5) [slub_flushwq] (root,0,0,00:00:00/17-14:34:00,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-14:34:00,9) [mm_percpu_wq] (root,0,0,00:00:00/17-14:34:00,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-14:34:00,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-14:34:00,12) [rcu_tasks_trace] (root,0,0,00:00:33/17-14:34:00,13) [ksoftirqd/0] (root,0,0,00:47:09/17-14:34:00,14) [rcu_preempt] (root,0,0,00:00:06/17-14:34:00,15) [migration/0] (root,0,0,00:00:00/17-14:34:00,16) [idle_inject/0] (root,0,0,00:00:00/17-14:34:00,18) [cpuhp/0] (root,0,0,00:00:00/17-14:34:00,19) [cpuhp/1] (root,0,0,00:00:00/17-14:34:00,20) [idle_inject/1] (root,0,0,00:00:07/17-14:34:00,21) [migration/1] (root,0,0,00:00:28/17-14:34:00,22) [ksoftirqd/1] (root,0,0,00:00:00/17-14:34:00,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-14:34:00,25) [cpuhp/2] (root,0,0,00:00:00/17-14:34:00,26) [idle_inject/2] (root,0,0,00:00:05/17-14:34:00,27) [migration/2] (root,0,0,00:35:59/17-14:34:00,28) [ksoftirqd/2] (root,0,0,00:00:00/17-14:34:00,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-14:34:00,31) [cpuhp/3] (root,0,0,00:00:00/17-14:34:00,32) [idle_inject/3] (root,0,0,00:00:06/17-14:34:00,33) [migration/3] (root,0,0,00:01:40/17-14:34:00,34) [ksoftirqd/3] (root,0,0,00:00:00/17-14:34:00,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-14:34:00,39) [kdevtmpfs] (root,0,0,00:00:00/17-14:34:00,40) [netns] (root,0,0,00:00:00/17-14:34:00,41) [inet_frag_wq] (root,0,0,00:00:04/17-14:34:00,42) [kauditd] (root,0,0,00:00:00/17-14:34:00,43) [khungtaskd] (root,0,0,00:00:00/17-14:34:00,44) [oom_reaper] (root,0,0,00:00:00/17-14:34:00,45) [writeback] (root,0,0,00:00:51/17-14:34:00,46) [kcompactd0] (root,0,0,00:00:00/17-14:34:00,47) [ksmd] (root,0,0,00:00:51/17-14:34:00,48) [khugepaged] (root,0,0,00:00:00/17-14:34:00,74) [kintegrityd] (root,0,0,00:00:00/17-14:34:00,75) [kblockd] (root,0,0,00:00:00/17-14:34:00,76) [blkcg_punt_bio] (root,0,0,00:00:00/17-14:34:00,78) [tpm_dev_wq] (root,0,0,00:00:00/17-14:34:00,79) [edac-poller] (root,0,0,00:00:00/17-14:34:00,80) [devfreq_wq] (root,0,0,00:00:00/17-14:34:00,110) [watchdogd] (root,0,0,00:00:03/17-14:34:00,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/17-14:34:00,112) [kswapd0] (root,0,0,00:00:00/17-14:33:59,114) [kthrotld] (root,0,0,00:00:00/17-14:33:59,115) [mld] (root,0,0,00:00:00/17-14:33:59,116) [ipv6_addrconf] (root,0,0,00:00:07/17-14:33:59,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/17-14:33:59,122) [kstrp] (root,0,0,00:00:00/17-14:33:59,123) [zswap-shrink] (root,0,0,00:00:00/17-14:33:59,124) [kworker/u9:0] (root,0,0,00:00:00/17-14:33:59,129) [charger_manager] (root,0,0,00:00:03/17-14:33:58,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/17-14:33:58,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-14:33:58,205) [kaluad] (root,0,0,00:00:00/17-14:33:58,250) [kmpath_rdacd] (root,0,0,00:00:00/17-14:33:58,293) [kmpathd] (root,0,0,00:00:00/17-14:33:58,294) [kmpath_handlerd] (root,0,0,00:00:00/17-14:33:58,342) [ata_sff] (root,0,0,00:00:00/17-14:33:57,343) [scsi_eh_0] (root,0,0,00:00:00/17-14:33:57,344) [scsi_tmf_0] (root,0,0,00:00:00/17-14:33:57,345) [scsi_eh_1] (root,0,0,00:00:00/17-14:33:57,346) [scsi_tmf_1] (root,0,0,00:00:26/17-14:33:55,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-14:33:55,367) [ext4-rsv-conver] (root,38604,7876,00:00:27/17-14:33:43,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/17-14:33:42,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:26/17-14:33:40,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:10/17-14:33:06,512) /sbin/auditd (messagebus,22936,5672,00:00:54/17-14:33:06,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,0,0,00:00:00/09:13,521) [kworker/1:2-events] (root,38748,8556,00:00:31/17-14:33:06,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/17-14:33:06,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/17-14:33:05,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/17-14:33:05,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,29016,00:00:19/17-14:32:51,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/17-14:32:51,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:38/17-14:32:50,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/17-14:32:50,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/17-14:32:50,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/17-14:32:50,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/17-14:32:50,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:26/17-14:32:50,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:23/17-14:32:50,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/17-14:32:50,1206) bpfilter_umh (root,26204,8300,00:00:08/17-14:32:50,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/17-14:32:50,1215) ntpd: asynchronous dns resolver (spot,284780,171772,23:08:35/17-14:32:50,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/17-14:32:49,1228) (sd-pam) (checkmk,48532,3192,00:00:00/17-14:32:49,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/17-14:32:49,1245) (sd-pam) (root,24216,5348,00:00:05/17-14:32:48,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/17-14:32:48,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/17-14:32:47,1354) /usr/sbin/cron -n (root,692236,75412,00:22:52/17-14:32:41,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,214464,51284,00:05:53/17-14:32:27,1380) /usr/bin/python3.11 /usr/bin/spot (root,6764,3608,00:00:00/00:00,4470) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,4822) /bin/bash /usr/bin/check_mk_agent (root,13744,3364,00:00:00/00:00,4858) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,4859) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,8032,5336,00:00:00/00:00,4860) python ././remotecheck (root,0,0,00:00:00/02:00:12,6422) [kworker/0:2-events] (root,0,0,00:00:00/04:02,7955) [kworker/1:1-events] (root,0,0,00:00:01/52:33,14661) [kworker/2:2-events] (root,35308,10012,00:00:00/11-12:23:43,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:38/11-12:23:42,15391) sshd: cm-ssh (root,35308,10072,00:00:00/1-13:52:21,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:05/1-13:52:20,16977) sshd: syslogtunnel (postfix,24244,8200,00:00:00/39:03,18919) pickup -l -t fifo -u (root,0,0,00:00:00/01:11:04,22787) [kworker/3:0-events] (root,0,0,00:00:02/05:35:19,24312) [kworker/0:0-events] (root,0,0,00:00:00/01:10:38,26541) [kworker/u8:2-writeback] (root,0,0,00:00:01/01:01:05,28099) [kworker/1:0-ata_sff] (root,0,0,00:00:00/08:39:06,28658) [kworker/u8:1-flush-253:0] (postfix,44628,9416,00:00:00/11-19:09:28,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/46:13,32239) [kworker/2:1] (root,0,0,00:00:01/04:21:09,32305) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-30 00:56 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363bf21a21cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:45/15-14:35:39,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-14:35:39,2) [kthreadd] (root,0,0,00:00:00/15-14:35:39,3) [rcu_gp] (root,0,0,00:00:00/15-14:35:39,4) [rcu_par_gp] (root,0,0,00:00:00/15-14:35:39,5) [slub_flushwq] (root,0,0,00:00:00/15-14:35:39,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-14:35:39,9) [mm_percpu_wq] (root,0,0,00:00:00/15-14:35:39,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-14:35:39,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-14:35:39,12) [rcu_tasks_trace] (root,0,0,00:00:29/15-14:35:39,13) [ksoftirqd/0] (root,0,0,00:41:54/15-14:35:39,14) [rcu_preempt] (root,0,0,00:00:05/15-14:35:39,15) [migration/0] (root,0,0,00:00:00/15-14:35:39,16) [idle_inject/0] (root,0,0,00:00:00/15-14:35:39,18) [cpuhp/0] (root,0,0,00:00:00/15-14:35:39,19) [cpuhp/1] (root,0,0,00:00:00/15-14:35:39,20) [idle_inject/1] (root,0,0,00:00:06/15-14:35:39,21) [migration/1] (root,0,0,00:00:25/15-14:35:39,22) [ksoftirqd/1] (root,0,0,00:00:00/15-14:35:39,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-14:35:39,25) [cpuhp/2] (root,0,0,00:00:00/15-14:35:39,26) [idle_inject/2] (root,0,0,00:00:05/15-14:35:39,27) [migration/2] (root,0,0,00:32:26/15-14:35:39,28) [ksoftirqd/2] (root,0,0,00:00:00/15-14:35:39,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-14:35:39,31) [cpuhp/3] (root,0,0,00:00:00/15-14:35:39,32) [idle_inject/3] (root,0,0,00:00:06/15-14:35:39,33) [migration/3] (root,0,0,00:01:30/15-14:35:39,34) [ksoftirqd/3] (root,0,0,00:00:00/15-14:35:39,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-14:35:39,39) [kdevtmpfs] (root,0,0,00:00:00/15-14:35:39,40) [netns] (root,0,0,00:00:00/15-14:35:39,41) [inet_frag_wq] (root,0,0,00:00:04/15-14:35:39,42) [kauditd] (root,0,0,00:00:00/15-14:35:39,43) [khungtaskd] (root,0,0,00:00:00/15-14:35:39,44) [oom_reaper] (root,0,0,00:00:00/15-14:35:39,45) [writeback] (root,0,0,00:00:46/15-14:35:39,46) [kcompactd0] (root,0,0,00:00:00/15-14:35:39,47) [ksmd] (root,0,0,00:00:46/15-14:35:39,48) [khugepaged] (root,0,0,00:00:00/15-14:35:39,74) [kintegrityd] (root,0,0,00:00:00/15-14:35:39,75) [kblockd] (root,0,0,00:00:00/15-14:35:39,76) [blkcg_punt_bio] (root,0,0,00:00:00/15-14:35:39,78) [tpm_dev_wq] (root,0,0,00:00:00/15-14:35:39,79) [edac-poller] (root,0,0,00:00:00/15-14:35:39,80) [devfreq_wq] (root,0,0,00:00:00/15-14:35:39,110) [watchdogd] (root,0,0,00:00:03/15-14:35:39,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/15-14:35:39,112) [kswapd0] (root,0,0,00:00:00/15-14:35:38,114) [kthrotld] (root,0,0,00:00:00/15-14:35:38,115) [mld] (root,0,0,00:00:00/15-14:35:38,116) [ipv6_addrconf] (root,0,0,00:00:06/15-14:35:38,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/15-14:35:38,122) [kstrp] (root,0,0,00:00:00/15-14:35:38,123) [zswap-shrink] (root,0,0,00:00:00/15-14:35:38,124) [kworker/u9:0] (root,0,0,00:00:00/15-14:35:38,129) [charger_manager] (root,0,0,00:00:03/15-14:35:37,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/15-14:35:37,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-14:35:37,205) [kaluad] (root,0,0,00:00:00/15-14:35:37,250) [kmpath_rdacd] (root,0,0,00:00:00/15-14:35:37,293) [kmpathd] (root,0,0,00:00:00/15-14:35:37,294) [kmpath_handlerd] (root,0,0,00:00:00/15-14:35:37,342) [ata_sff] (root,0,0,00:00:00/15-14:35:36,343) [scsi_eh_0] (root,0,0,00:00:00/15-14:35:36,344) [scsi_tmf_0] (root,0,0,00:00:00/15-14:35:36,345) [scsi_eh_1] (root,0,0,00:00:00/15-14:35:36,346) [scsi_tmf_1] (root,0,0,00:00:23/15-14:35:34,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-14:35:34,367) [ext4-rsv-conver] (root,38604,7876,00:00:24/15-14:35:22,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/15-14:35:21,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:23/15-14:35:19,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:09/15-14:34:45,512) /sbin/auditd (messagebus,22936,5672,00:00:50/15-14:34:45,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:28/15-14:34:45,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/15-14:34:45,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/15-14:34:44,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/15-14:34:44,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27976,00:00:17/15-14:34:30,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/15-14:34:30,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:25/15-14:34:29,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/15-14:34:29,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/15-14:34:29,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/15-14:34:29,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/15-14:34:29,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:24/15-14:34:29,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:06/15-14:34:29,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/15-14:34:29,1206) bpfilter_umh (root,26204,8300,00:00:07/15-14:34:29,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/15-14:34:29,1215) ntpd: asynchronous dns resolver (spot,285364,171360,20:59:49/15-14:34:29,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/15-14:34:28,1228) (sd-pam) (checkmk,48532,3192,00:00:00/15-14:34:28,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/15-14:34:28,1245) (sd-pam) (root,24216,5348,00:00:05/15-14:34:27,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/15-14:34:27,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/15-14:34:26,1354) /usr/sbin/cron -n (root,691980,74872,00:20:13/15-14:34:20,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,213440,49188,00:05:10/15-14:34:06,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/14:52,3117) [kworker/2:1] (root,0,0,00:00:00/09:01,3436) [kworker/1:0-ata_sff] (postfix,24244,8144,00:00:00/01:02:47,7227) pickup -l -t fifo -u (root,0,0,00:00:00/20:30,8654) [kworker/0:2] (root,35308,10012,00:00:00/8-06:30:33,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:29/8-06:30:33,8749) sshd: syslogtunnel (root,0,0,00:00:00/07:48,9870) [kworker/u8:0-writeback] (root,0,0,00:00:00/01:27:57,10498) [kworker/3:0-events] (root,0,0,00:00:02/01:50:35,10640) [kworker/2:2-events] (root,0,0,00:00:00/37:46,13513) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/37:21,15321) [kworker/3:1-cgroup_destroy] (root,35308,10012,00:00:00/9-12:25:22,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:31/9-12:25:21,15391) sshd: cm-ssh (root,0,0,00:00:01/01:26:50,16028) [kworker/1:1-events] (root,6656,3492,00:00:00/00:00,19439) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,19440) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,19444) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,19454) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,19467) /bin/bash /usr/bin/check_mk_agent (root,13744,3452,00:00:00/00:00,19532) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,19533) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,13744,3508,00:00:00/00:00,19539) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,19540) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/03:48,26720) [kworker/1:2-ata_sff] (root,0,0,00:00:01/02:01:45,26890) [kworker/0:1-events] (postfix,44628,9416,00:00:00/9-19:11:07,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-28 00:57 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b6327ee9Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:40/13-14:01:33,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-14:01:33,2) [kthreadd] (root,0,0,00:00:00/13-14:01:33,3) [rcu_gp] (root,0,0,00:00:00/13-14:01:33,4) [rcu_par_gp] (root,0,0,00:00:00/13-14:01:33,5) [slub_flushwq] (root,0,0,00:00:00/13-14:01:33,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-14:01:33,9) [mm_percpu_wq] (root,0,0,00:00:00/13-14:01:33,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-14:01:33,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-14:01:33,12) [rcu_tasks_trace] (root,0,0,00:00:25/13-14:01:33,13) [ksoftirqd/0] (root,0,0,00:36:36/13-14:01:33,14) [rcu_preempt] (root,0,0,00:00:05/13-14:01:33,15) [migration/0] (root,0,0,00:00:00/13-14:01:33,16) [idle_inject/0] (root,0,0,00:00:00/13-14:01:33,18) [cpuhp/0] (root,0,0,00:00:00/13-14:01:33,19) [cpuhp/1] (root,0,0,00:00:00/13-14:01:33,20) [idle_inject/1] (root,0,0,00:00:05/13-14:01:33,21) [migration/1] (root,0,0,00:00:22/13-14:01:33,22) [ksoftirqd/1] (root,0,0,00:00:00/13-14:01:33,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-14:01:33,25) [cpuhp/2] (root,0,0,00:00:00/13-14:01:33,26) [idle_inject/2] (root,0,0,00:00:04/13-14:01:33,27) [migration/2] (root,0,0,00:28:51/13-14:01:33,28) [ksoftirqd/2] (root,0,0,00:00:00/13-14:01:33,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-14:01:33,31) [cpuhp/3] (root,0,0,00:00:00/13-14:01:33,32) [idle_inject/3] (root,0,0,00:00:05/13-14:01:33,33) [migration/3] (root,0,0,00:01:19/13-14:01:33,34) [ksoftirqd/3] (root,0,0,00:00:00/13-14:01:33,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-14:01:33,39) [kdevtmpfs] (root,0,0,00:00:00/13-14:01:33,40) [netns] (root,0,0,00:00:00/13-14:01:33,41) [inet_frag_wq] (root,0,0,00:00:04/13-14:01:33,42) [kauditd] (root,0,0,00:00:00/13-14:01:33,43) [khungtaskd] (root,0,0,00:00:00/13-14:01:33,44) [oom_reaper] (root,0,0,00:00:00/13-14:01:33,45) [writeback] (root,0,0,00:00:40/13-14:01:33,46) [kcompactd0] (root,0,0,00:00:00/13-14:01:33,47) [ksmd] (root,0,0,00:00:40/13-14:01:33,48) [khugepaged] (root,0,0,00:00:00/13-14:01:33,74) [kintegrityd] (root,0,0,00:00:00/13-14:01:33,75) [kblockd] (root,0,0,00:00:00/13-14:01:33,76) [blkcg_punt_bio] (root,0,0,00:00:00/13-14:01:33,78) [tpm_dev_wq] (root,0,0,00:00:00/13-14:01:33,79) [edac-poller] (root,0,0,00:00:00/13-14:01:33,80) [devfreq_wq] (root,0,0,00:00:00/13-14:01:33,110) [watchdogd] (root,0,0,00:00:02/13-14:01:33,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/13-14:01:33,112) [kswapd0] (root,0,0,00:00:00/13-14:01:32,114) [kthrotld] (root,0,0,00:00:00/13-14:01:32,115) [mld] (root,0,0,00:00:00/13-14:01:32,116) [ipv6_addrconf] (root,0,0,00:00:05/13-14:01:32,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/13-14:01:32,122) [kstrp] (root,0,0,00:00:00/13-14:01:32,123) [zswap-shrink] (root,0,0,00:00:00/13-14:01:32,124) [kworker/u9:0] (root,0,0,00:00:00/13-14:01:32,129) [charger_manager] (root,0,0,00:00:02/13-14:01:31,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/13-14:01:31,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-14:01:31,205) [kaluad] (root,0,0,00:00:00/13-14:01:31,250) [kmpath_rdacd] (root,0,0,00:00:00/13-14:01:31,293) [kmpathd] (root,0,0,00:00:00/13-14:01:31,294) [kmpath_handlerd] (root,0,0,00:00:00/13-14:01:31,342) [ata_sff] (root,0,0,00:00:00/13-14:01:30,343) [scsi_eh_0] (root,0,0,00:00:00/13-14:01:30,344) [scsi_tmf_0] (root,0,0,00:00:00/13-14:01:30,345) [scsi_eh_1] (root,0,0,00:00:00/13-14:01:30,346) [scsi_tmf_1] (root,0,0,00:00:20/13-14:01:28,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-14:01:28,367) [ext4-rsv-conver] (root,38604,7876,00:00:22/13-14:01:16,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/13-14:01:15,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:20/13-14:01:13,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:08/13-14:00:39,512) /sbin/auditd (messagebus,22936,5672,00:00:45/13-14:00:39,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8536,00:00:25/13-14:00:39,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/13-14:00:39,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/13-14:00:38,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/13-14:00:38,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27716,00:00:15/13-14:00:24,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/13-14:00:24,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:13/13-14:00:23,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/13-14:00:23,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/13-14:00:23,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/13-14:00:23,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/13-14:00:23,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:21/13-14:00:23,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:01:50/13-14:00:23,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/13-14:00:23,1206) bpfilter_umh (root,26204,8300,00:00:07/13-14:00:23,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/13-14:00:23,1215) ntpd: asynchronous dns resolver (spot,286692,171620,18:14:29/13-14:00:23,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/13-14:00:22,1228) (sd-pam) (checkmk,48532,3192,00:00:00/13-14:00:22,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/13-14:00:22,1245) (sd-pam) (root,24216,5348,00:00:04/13-14:00:21,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/13-14:00:21,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/13-14:00:20,1354) /usr/sbin/cron -n (root,691980,74552,00:17:34/13-14:00:14,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,47904,00:04:29/13-14:00:00,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/39:34,2659) [kworker/2:0-events] (root,0,0,00:00:00/20:48,3454) [kworker/1:1-ata_sff] (root,0,0,00:00:04/03:58:11,4939) [kworker/2:2-events] (root,35308,10012,00:00:00/6-05:56:27,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:22/6-05:56:27,8749) sshd: syslogtunnel (root,0,0,00:00:00/44:34,13988) [kworker/0:0-events] (root,35308,10012,00:00:00/7-11:51:16,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:25/7-11:51:15,15391) sshd: cm-ssh (root,0,0,00:00:00/00:02,17507) [kworker/1:0-ata_sff] (root,6656,3484,00:00:00/00:00,17626) /bin/bash /usr/bin/check_mk_agent (root,13744,3360,00:00:00/00:00,17644) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,17645) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8212,00:00:00/50:35,19097) pickup -l -t fifo -u (root,0,0,00:00:00/01:05:01,23451) [kworker/3:1-events] (root,0,0,00:00:00/01:35:21,24348) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/05:15,29549) [kworker/1:2-events] (postfix,44628,9416,00:00:00/7-18:37:01,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/54:48,31001) [kworker/0:2-events] (root,0,0,00:00:00/23:11,31497) [kworker/u8:2-writeback] (root,0,0,00:00:01/04:28:51,31777) [kworker/3:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-26 00:23 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363941f66f0Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:35/11-11:47:44,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-11:47:44,2) [kthreadd] (root,0,0,00:00:00/11-11:47:44,3) [rcu_gp] (root,0,0,00:00:00/11-11:47:44,4) [rcu_par_gp] (root,0,0,00:00:00/11-11:47:44,5) [slub_flushwq] (root,0,0,00:00:00/11-11:47:44,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-11:47:44,9) [mm_percpu_wq] (root,0,0,00:00:00/11-11:47:44,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-11:47:44,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-11:47:44,12) [rcu_tasks_trace] (root,0,0,00:00:20/11-11:47:44,13) [ksoftirqd/0] (root,0,0,00:30:34/11-11:47:44,14) [rcu_preempt] (root,0,0,00:00:04/11-11:47:44,15) [migration/0] (root,0,0,00:00:00/11-11:47:44,16) [idle_inject/0] (root,0,0,00:00:00/11-11:47:44,18) [cpuhp/0] (root,0,0,00:00:00/11-11:47:44,19) [cpuhp/1] (root,0,0,00:00:00/11-11:47:44,20) [idle_inject/1] (root,0,0,00:00:04/11-11:47:44,21) [migration/1] (root,0,0,00:00:17/11-11:47:44,22) [ksoftirqd/1] (root,0,0,00:00:00/11-11:47:44,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-11:47:44,25) [cpuhp/2] (root,0,0,00:00:00/11-11:47:44,26) [idle_inject/2] (root,0,0,00:00:03/11-11:47:44,27) [migration/2] (root,0,0,00:24:04/11-11:47:44,28) [ksoftirqd/2] (root,0,0,00:00:00/11-11:47:44,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-11:47:44,31) [cpuhp/3] (root,0,0,00:00:00/11-11:47:44,32) [idle_inject/3] (root,0,0,00:00:04/11-11:47:44,33) [migration/3] (root,0,0,00:01:05/11-11:47:44,34) [ksoftirqd/3] (root,0,0,00:00:00/11-11:47:44,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-11:47:44,39) [kdevtmpfs] (root,0,0,00:00:00/11-11:47:44,40) [netns] (root,0,0,00:00:00/11-11:47:44,41) [inet_frag_wq] (root,0,0,00:00:03/11-11:47:44,42) [kauditd] (root,0,0,00:00:00/11-11:47:44,43) [khungtaskd] (root,0,0,00:00:00/11-11:47:44,44) [oom_reaper] (root,0,0,00:00:00/11-11:47:44,45) [writeback] (root,0,0,00:00:33/11-11:47:44,46) [kcompactd0] (root,0,0,00:00:00/11-11:47:44,47) [ksmd] (root,0,0,00:00:34/11-11:47:44,48) [khugepaged] (root,0,0,00:00:00/11-11:47:44,74) [kintegrityd] (root,0,0,00:00:00/11-11:47:44,75) [kblockd] (root,0,0,00:00:00/11-11:47:44,76) [blkcg_punt_bio] (root,0,0,00:00:00/11-11:47:44,78) [tpm_dev_wq] (root,0,0,00:00:00/11-11:47:44,79) [edac-poller] (root,0,0,00:00:00/11-11:47:44,80) [devfreq_wq] (root,0,0,00:00:00/11-11:47:44,110) [watchdogd] (root,0,0,00:00:02/11-11:47:44,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-11:47:44,112) [kswapd0] (root,0,0,00:00:00/11-11:47:43,114) [kthrotld] (root,0,0,00:00:00/11-11:47:43,115) [mld] (root,0,0,00:00:00/11-11:47:43,116) [ipv6_addrconf] (root,0,0,00:00:04/11-11:47:43,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/11-11:47:43,122) [kstrp] (root,0,0,00:00:00/11-11:47:43,123) [zswap-shrink] (root,0,0,00:00:00/11-11:47:43,124) [kworker/u9:0] (root,0,0,00:00:00/11-11:47:43,129) [charger_manager] (root,0,0,00:00:02/11-11:47:42,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/11-11:47:42,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-11:47:42,205) [kaluad] (root,0,0,00:00:00/11-11:47:42,250) [kmpath_rdacd] (root,0,0,00:00:00/11-11:47:42,293) [kmpathd] (root,0,0,00:00:00/11-11:47:42,294) [kmpath_handlerd] (root,0,0,00:00:00/11-11:47:42,342) [ata_sff] (root,0,0,00:00:00/11-11:47:41,343) [scsi_eh_0] (root,0,0,00:00:00/11-11:47:41,344) [scsi_tmf_0] (root,0,0,00:00:00/11-11:47:41,345) [scsi_eh_1] (root,0,0,00:00:00/11-11:47:41,346) [scsi_tmf_1] (root,0,0,00:00:17/11-11:47:39,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-11:47:39,367) [ext4-rsv-conver] (root,38604,7900,00:00:19/11-11:47:27,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/11-11:47:26,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:17/11-11:47:24,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:07/11-11:46:50,512) /sbin/auditd (messagebus,22936,5672,00:00:39/11-11:46:50,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8548,00:00:22/11-11:46:50,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/11-11:46:50,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/11-11:46:49,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/11-11:46:49,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27724,00:00:13/11-11:46:35,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/11-11:46:35,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:00:59/11-11:46:34,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/11-11:46:34,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/11-11:46:34,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/11-11:46:34,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/11-11:46:34,1201) /usr/lib/systemd/systemd --user (root,448968,9084,00:00:18/11-11:46:34,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:32/11-11:46:34,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/11-11:46:34,1206) bpfilter_umh (root,26204,8300,00:00:06/11-11:46:34,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/11-11:46:34,1215) ntpd: asynchronous dns resolver (spot,285540,171328,14:13:53/11-11:46:34,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/11-11:46:33,1228) (sd-pam) (checkmk,48532,3192,00:00:00/11-11:46:33,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/11-11:46:33,1245) (sd-pam) (root,24216,5348,00:00:03/11-11:46:32,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/11-11:46:32,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/11-11:46:31,1354) /usr/sbin/cron -n (root,691724,74148,00:14:48/11-11:46:25,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,211392,46340,00:03:45/11-11:46:11,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:26,1535) [kworker/1:2-ata_sff] (root,0,0,00:00:01/56:14,1935) [kworker/2:0-events] (postfix,24244,8236,00:00:00/37:31,2309) pickup -l -t fifo -u (root,0,0,00:00:00/09:09:53,4619) [kworker/u8:0-ext4-rsv-conversion] (root,6656,3484,00:00:00/00:00,8184) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,8185) /bin/bash /usr/bin/check_mk_agent (root,6656,3480,00:00:00/00:00,8208) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,8219) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,8220) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10012,00:00:00/4-03:42:38,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:14/4-03:42:38,8749) sshd: syslogtunnel (root,0,0,00:00:00/19:39,9247) [kworker/0:1-events] (root,0,0,00:00:00/02:27:04,10972) [kworker/0:2-events] (root,0,0,00:00:00/06:36,13585) [kworker/1:0-ata_sff] (root,35308,10012,00:00:00/5-09:37:27,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:18/5-09:37:26,15391) sshd: cm-ssh (root,0,0,00:00:00/01:12:57,16718) [kworker/2:2-events] (root,0,0,00:00:00/52:03,18633) [kworker/3:2-events] (root,0,0,00:00:01/01:55:34,21671) [kworker/1:1-events] (root,0,0,00:00:00/03:20,26530) [kworker/3:0] (root,0,0,00:00:00/11:26,29635) [kworker/3:1-cgroup_destroy] (postfix,44628,9464,00:00:00/5-16:23:12,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:28:50,31970) [kworker/u8:2-writeback] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-23 22:09 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836382ce0578Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:30/9-11:31:38,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-11:31:38,2) [kthreadd] (root,0,0,00:00:00/9-11:31:38,3) [rcu_gp] (root,0,0,00:00:00/9-11:31:38,4) [rcu_par_gp] (root,0,0,00:00:00/9-11:31:38,5) [slub_flushwq] (root,0,0,00:00:00/9-11:31:38,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-11:31:38,9) [mm_percpu_wq] (root,0,0,00:00:00/9-11:31:38,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-11:31:38,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-11:31:38,12) [rcu_tasks_trace] (root,0,0,00:00:16/9-11:31:38,13) [ksoftirqd/0] (root,0,0,00:25:05/9-11:31:38,14) [rcu_preempt] (root,0,0,00:00:03/9-11:31:38,15) [migration/0] (root,0,0,00:00:00/9-11:31:38,16) [idle_inject/0] (root,0,0,00:00:00/9-11:31:38,18) [cpuhp/0] (root,0,0,00:00:00/9-11:31:38,19) [cpuhp/1] (root,0,0,00:00:00/9-11:31:38,20) [idle_inject/1] (root,0,0,00:00:03/9-11:31:38,21) [migration/1] (root,0,0,00:00:14/9-11:31:38,22) [ksoftirqd/1] (root,0,0,00:00:00/9-11:31:38,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-11:31:38,25) [cpuhp/2] (root,0,0,00:00:00/9-11:31:38,26) [idle_inject/2] (root,0,0,00:00:03/9-11:31:38,27) [migration/2] (root,0,0,00:20:06/9-11:31:38,28) [ksoftirqd/2] (root,0,0,00:00:00/9-11:31:38,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-11:31:38,31) [cpuhp/3] (root,0,0,00:00:00/9-11:31:38,32) [idle_inject/3] (root,0,0,00:00:03/9-11:31:38,33) [migration/3] (root,0,0,00:00:53/9-11:31:38,34) [ksoftirqd/3] (root,0,0,00:00:00/9-11:31:38,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-11:31:38,39) [kdevtmpfs] (root,0,0,00:00:00/9-11:31:38,40) [netns] (root,0,0,00:00:00/9-11:31:38,41) [inet_frag_wq] (root,0,0,00:00:03/9-11:31:38,42) [kauditd] (root,0,0,00:00:00/9-11:31:38,43) [khungtaskd] (root,0,0,00:00:00/9-11:31:38,44) [oom_reaper] (root,0,0,00:00:00/9-11:31:38,45) [writeback] (root,0,0,00:00:27/9-11:31:38,46) [kcompactd0] (root,0,0,00:00:00/9-11:31:38,47) [ksmd] (root,0,0,00:00:28/9-11:31:38,48) [khugepaged] (root,0,0,00:00:00/9-11:31:38,74) [kintegrityd] (root,0,0,00:00:00/9-11:31:38,75) [kblockd] (root,0,0,00:00:00/9-11:31:38,76) [blkcg_punt_bio] (root,0,0,00:00:00/9-11:31:38,78) [tpm_dev_wq] (root,0,0,00:00:00/9-11:31:38,79) [edac-poller] (root,0,0,00:00:00/9-11:31:38,80) [devfreq_wq] (root,0,0,00:00:00/9-11:31:38,110) [watchdogd] (root,0,0,00:00:01/9-11:31:38,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-11:31:38,112) [kswapd0] (root,0,0,00:00:00/9-11:31:37,114) [kthrotld] (root,0,0,00:00:00/9-11:31:37,115) [mld] (root,0,0,00:00:00/9-11:31:37,116) [ipv6_addrconf] (root,0,0,00:00:04/9-11:31:37,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/9-11:31:37,122) [kstrp] (root,0,0,00:00:00/9-11:31:37,123) [zswap-shrink] (root,0,0,00:00:00/9-11:31:37,124) [kworker/u9:0] (root,0,0,00:00:00/9-11:31:37,129) [charger_manager] (root,0,0,00:00:02/9-11:31:36,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/9-11:31:36,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-11:31:36,205) [kaluad] (root,0,0,00:00:00/9-11:31:36,250) [kmpath_rdacd] (root,0,0,00:00:00/9-11:31:36,293) [kmpathd] (root,0,0,00:00:00/9-11:31:36,294) [kmpath_handlerd] (root,0,0,00:00:00/9-11:31:36,342) [ata_sff] (root,0,0,00:00:00/9-11:31:35,343) [scsi_eh_0] (root,0,0,00:00:00/9-11:31:35,344) [scsi_tmf_0] (root,0,0,00:00:00/9-11:31:35,345) [scsi_eh_1] (root,0,0,00:00:00/9-11:31:35,346) [scsi_tmf_1] (root,0,0,00:00:14/9-11:31:33,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-11:31:33,367) [ext4-rsv-conver] (root,38604,7900,00:00:16/9-11:31:21,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/9-11:31:20,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:14/9-11:31:18,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:06/9-11:30:44,512) /sbin/auditd (messagebus,22936,5672,00:00:33/9-11:30:44,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:18/9-11:30:44,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/9-11:30:44,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/9-11:30:43,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/9-11:30:43,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,26656,00:00:10/9-11:30:29,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/9-11:30:29,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:49/9-11:30:28,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/9-11:30:28,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/9-11:30:28,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/9-11:30:28,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/9-11:30:28,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:16/9-11:30:28,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:15/9-11:30:28,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/9-11:30:28,1206) bpfilter_umh (root,26204,8300,00:00:05/9-11:30:28,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/9-11:30:28,1215) ntpd: asynchronous dns resolver (spot,282900,169228,11:04:42/9-11:30:28,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/9-11:30:27,1228) (sd-pam) (checkmk,48532,3192,00:00:00/9-11:30:27,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/9-11:30:27,1245) (sd-pam) (root,24216,5348,00:00:02/9-11:30:26,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/9-11:30:26,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/9-11:30:25,1354) /usr/sbin/cron -n (root,691336,73768,00:12:12/9-11:30:19,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,210368,45064,00:03:04/9-11:30:05,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/03:17:42,1575) [kworker/u8:1-writeback] (root,0,0,00:00:02/02:58:45,2819) [kworker/2:2-events] (root,0,0,00:00:00/02:49:04,3398) [kworker/0:2-events] (root,0,0,00:00:00/12:12,4249) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/07:29,5365) [kworker/1:1-ata_sff] (root,0,0,00:00:00/02:05:00,8580) [kworker/0:0] (root,35308,10012,00:00:00/2-03:26:32,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:07/2-03:26:32,8749) sshd: syslogtunnel (root,0,0,00:00:00/01:06:13,13880) [kworker/2:1-events] (root,35308,10012,00:00:00/3-09:21:21,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:11/3-09:21:20,15391) sshd: cm-ssh (root,0,0,00:00:00/02:20,17809) [kworker/3:1-events] (root,0,0,00:00:00/02:19,17830) [kworker/1:2-ata_sff] (root,0,0,00:00:00/46:43,22141) [kworker/3:0-events] (postfix,24244,8192,00:00:00/43:17,22236) pickup -l -t fifo -u (root,6656,3484,00:00:00/00:00,23407) /bin/bash /usr/bin/check_mk_agent (root,13744,3372,00:00:00/00:00,23425) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,23426) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/04:51:40,26857) [kworker/u8:0-writeback] (postfix,44628,9464,00:00:00/3-16:07:06,30472) tlsmgr -l -t unix -u (root,0,0,00:00:01/03:55:46,30834) [kworker/1:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-21 21:53 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363875cf0d0Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:24/7-15:30:58,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-15:30:58,2) [kthreadd] (root,0,0,00:00:00/7-15:30:58,3) [rcu_gp] (root,0,0,00:00:00/7-15:30:58,4) [rcu_par_gp] (root,0,0,00:00:00/7-15:30:58,5) [slub_flushwq] (root,0,0,00:00:00/7-15:30:58,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-15:30:58,9) [mm_percpu_wq] (root,0,0,00:00:00/7-15:30:58,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-15:30:58,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-15:30:58,12) [rcu_tasks_trace] (root,0,0,00:00:13/7-15:30:58,13) [ksoftirqd/0] (root,0,0,00:20:09/7-15:30:58,14) [rcu_preempt] (root,0,0,00:00:02/7-15:30:58,15) [migration/0] (root,0,0,00:00:00/7-15:30:58,16) [idle_inject/0] (root,0,0,00:00:00/7-15:30:58,18) [cpuhp/0] (root,0,0,00:00:00/7-15:30:58,19) [cpuhp/1] (root,0,0,00:00:00/7-15:30:58,20) [idle_inject/1] (root,0,0,00:00:03/7-15:30:58,21) [migration/1] (root,0,0,00:00:11/7-15:30:58,22) [ksoftirqd/1] (root,0,0,00:00:00/7-15:30:58,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-15:30:58,25) [cpuhp/2] (root,0,0,00:00:00/7-15:30:58,26) [idle_inject/2] (root,0,0,00:00:02/7-15:30:58,27) [migration/2] (root,0,0,00:16:16/7-15:30:58,28) [ksoftirqd/2] (root,0,0,00:00:00/7-15:30:58,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-15:30:58,31) [cpuhp/3] (root,0,0,00:00:00/7-15:30:58,32) [idle_inject/3] (root,0,0,00:00:03/7-15:30:58,33) [migration/3] (root,0,0,00:00:44/7-15:30:58,34) [ksoftirqd/3] (root,0,0,00:00:00/7-15:30:58,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-15:30:58,39) [kdevtmpfs] (root,0,0,00:00:00/7-15:30:58,40) [netns] (root,0,0,00:00:00/7-15:30:58,41) [inet_frag_wq] (root,0,0,00:00:02/7-15:30:58,42) [kauditd] (root,0,0,00:00:00/7-15:30:58,43) [khungtaskd] (root,0,0,00:00:00/7-15:30:58,44) [oom_reaper] (root,0,0,00:00:00/7-15:30:58,45) [writeback] (root,0,0,00:00:22/7-15:30:58,46) [kcompactd0] (root,0,0,00:00:00/7-15:30:58,47) [ksmd] (root,0,0,00:00:23/7-15:30:58,48) [khugepaged] (root,0,0,00:00:00/7-15:30:58,74) [kintegrityd] (root,0,0,00:00:00/7-15:30:58,75) [kblockd] (root,0,0,00:00:00/7-15:30:58,76) [blkcg_punt_bio] (root,0,0,00:00:00/7-15:30:58,78) [tpm_dev_wq] (root,0,0,00:00:00/7-15:30:58,79) [edac-poller] (root,0,0,00:00:00/7-15:30:58,80) [devfreq_wq] (root,0,0,00:00:00/7-15:30:58,110) [watchdogd] (root,0,0,00:00:01/7-15:30:58,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-15:30:58,112) [kswapd0] (root,0,0,00:00:00/7-15:30:57,114) [kthrotld] (root,0,0,00:00:00/7-15:30:57,115) [mld] (root,0,0,00:00:00/7-15:30:57,116) [ipv6_addrconf] (root,0,0,00:00:03/7-15:30:57,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/7-15:30:57,122) [kstrp] (root,0,0,00:00:00/7-15:30:57,123) [zswap-shrink] (root,0,0,00:00:00/7-15:30:57,124) [kworker/u9:0] (root,0,0,00:00:00/7-15:30:57,129) [charger_manager] (root,0,0,00:00:01/7-15:30:56,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/7-15:30:56,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-15:30:56,205) [kaluad] (root,0,0,00:00:00/7-15:30:56,250) [kmpath_rdacd] (root,0,0,00:00:00/7-15:30:56,293) [kmpathd] (root,0,0,00:00:00/7-15:30:56,294) [kmpath_handlerd] (root,0,0,00:00:00/7-15:30:56,342) [ata_sff] (root,0,0,00:00:00/7-15:30:55,343) [scsi_eh_0] (root,0,0,00:00:00/7-15:30:55,344) [scsi_tmf_0] (root,0,0,00:00:00/7-15:30:55,345) [scsi_eh_1] (root,0,0,00:00:00/7-15:30:55,346) [scsi_tmf_1] (root,0,0,00:00:11/7-15:30:53,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-15:30:53,367) [ext4-rsv-conver] (root,38604,7900,00:00:13/7-15:30:41,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/7-15:30:40,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:11/7-15:30:38,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:04/7-15:30:04,512) /sbin/auditd (messagebus,22936,5672,00:00:27/7-15:30:04,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:15/7-15:30:04,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/7-15:30:04,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/7-15:30:03,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/7-15:30:03,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:44:49,776) [kworker/3:0-events] (root,547592,25356,00:00:08/7-15:29:49,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/7-15:29:49,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:42/7-15:29:48,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/7-15:29:48,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/7-15:29:48,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/7-15:29:48,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/7-15:29:48,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:13/7-15:29:48,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:00/7-15:29:48,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/7-15:29:48,1206) bpfilter_umh (root,26204,8300,00:00:04/7-15:29:48,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/7-15:29:48,1215) ntpd: asynchronous dns resolver (spot,284948,169740,08:45:35/7-15:29:48,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/7-15:29:47,1228) (sd-pam) (checkmk,48532,3192,00:00:00/7-15:29:47,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/7-15:29:47,1245) (sd-pam) (root,24216,5348,00:00:02/7-15:29:46,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/7-15:29:46,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/7-15:29:45,1354) /usr/sbin/cron -n (root,691080,73620,00:09:48/7-15:29:39,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,43796,00:02:27/7-15:29:25,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/18:06,5380) [kworker/u8:2-writeback] (root,0,0,00:00:01/04:09:53,7055) [kworker/3:2-events] (root,0,0,00:00:00/01:17:37,7981) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10012,00:00:00/07:25:52,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:01/07:25:52,8749) sshd: syslogtunnel (root,0,0,00:00:00/09:03,15239) [kworker/0:1-cgroup_destroy] (root,35308,10012,00:00:00/1-13:20:41,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:05/1-13:20:40,15391) sshd: cm-ssh (root,0,0,00:00:00/06:34,23164) [kworker/1:0-ata_sff] (root,0,0,00:00:00/01:30:03,23924) [kworker/0:0-events] (root,0,0,00:00:00/01:03:37,24194) [kworker/1:1-events] (root,0,0,00:00:00/05:12,24728) [kworker/2:0] (postfix,24244,8268,00:00:00/04:12,24823) pickup -l -t fifo -u (root,0,0,00:00:00/01:21,25655) [kworker/1:2-ata_sff] (postfix,44628,9464,00:00:00/1-20:06:26,30472) tlsmgr -l -t unix -u (root,6656,3460,00:00:00/00:00,30903) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,30921) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,30922) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/53:14,31725) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-20 01:53 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c7bedbf5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:24/7-15:17:19,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-15:17:19,2) [kthreadd] (root,0,0,00:00:00/7-15:17:19,3) [rcu_gp] (root,0,0,00:00:00/7-15:17:19,4) [rcu_par_gp] (root,0,0,00:00:00/7-15:17:19,5) [slub_flushwq] (root,0,0,00:00:00/7-15:17:19,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-15:17:19,9) [mm_percpu_wq] (root,0,0,00:00:00/7-15:17:19,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-15:17:19,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-15:17:19,12) [rcu_tasks_trace] (root,0,0,00:00:13/7-15:17:19,13) [ksoftirqd/0] (root,0,0,00:20:08/7-15:17:19,14) [rcu_preempt] (root,0,0,00:00:02/7-15:17:19,15) [migration/0] (root,0,0,00:00:00/7-15:17:19,16) [idle_inject/0] (root,0,0,00:00:00/7-15:17:19,18) [cpuhp/0] (root,0,0,00:00:00/7-15:17:19,19) [cpuhp/1] (root,0,0,00:00:00/7-15:17:19,20) [idle_inject/1] (root,0,0,00:00:03/7-15:17:19,21) [migration/1] (root,0,0,00:00:11/7-15:17:19,22) [ksoftirqd/1] (root,0,0,00:00:00/7-15:17:19,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-15:17:19,25) [cpuhp/2] (root,0,0,00:00:00/7-15:17:19,26) [idle_inject/2] (root,0,0,00:00:02/7-15:17:19,27) [migration/2] (root,0,0,00:16:15/7-15:17:19,28) [ksoftirqd/2] (root,0,0,00:00:00/7-15:17:19,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-15:17:19,31) [cpuhp/3] (root,0,0,00:00:00/7-15:17:19,32) [idle_inject/3] (root,0,0,00:00:03/7-15:17:19,33) [migration/3] (root,0,0,00:00:44/7-15:17:19,34) [ksoftirqd/3] (root,0,0,00:00:00/7-15:17:19,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-15:17:19,39) [kdevtmpfs] (root,0,0,00:00:00/7-15:17:19,40) [netns] (root,0,0,00:00:00/7-15:17:19,41) [inet_frag_wq] (root,0,0,00:00:02/7-15:17:19,42) [kauditd] (root,0,0,00:00:00/7-15:17:19,43) [khungtaskd] (root,0,0,00:00:00/7-15:17:19,44) [oom_reaper] (root,0,0,00:00:00/7-15:17:19,45) [writeback] (root,0,0,00:00:22/7-15:17:19,46) [kcompactd0] (root,0,0,00:00:00/7-15:17:19,47) [ksmd] (root,0,0,00:00:23/7-15:17:19,48) [khugepaged] (root,0,0,00:00:00/7-15:17:19,74) [kintegrityd] (root,0,0,00:00:00/7-15:17:19,75) [kblockd] (root,0,0,00:00:00/7-15:17:19,76) [blkcg_punt_bio] (root,0,0,00:00:00/7-15:17:19,78) [tpm_dev_wq] (root,0,0,00:00:00/7-15:17:19,79) [edac-poller] (root,0,0,00:00:00/7-15:17:19,80) [devfreq_wq] (root,0,0,00:00:00/7-15:17:19,110) [watchdogd] (root,0,0,00:00:01/7-15:17:19,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-15:17:19,112) [kswapd0] (root,0,0,00:00:00/7-15:17:18,114) [kthrotld] (root,0,0,00:00:00/7-15:17:18,115) [mld] (root,0,0,00:00:00/7-15:17:18,116) [ipv6_addrconf] (root,0,0,00:00:03/7-15:17:18,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/7-15:17:18,122) [kstrp] (root,0,0,00:00:00/7-15:17:18,123) [zswap-shrink] (root,0,0,00:00:00/7-15:17:18,124) [kworker/u9:0] (root,0,0,00:00:00/7-15:17:18,129) [charger_manager] (root,0,0,00:00:01/7-15:17:17,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/7-15:17:17,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-15:17:17,205) [kaluad] (root,0,0,00:00:00/7-15:17:17,250) [kmpath_rdacd] (root,0,0,00:00:00/7-15:17:17,293) [kmpathd] (root,0,0,00:00:00/7-15:17:17,294) [kmpath_handlerd] (root,0,0,00:00:00/7-15:17:17,342) [ata_sff] (root,0,0,00:00:00/7-15:17:16,343) [scsi_eh_0] (root,0,0,00:00:00/7-15:17:16,344) [scsi_tmf_0] (root,0,0,00:00:00/7-15:17:16,345) [scsi_eh_1] (root,0,0,00:00:00/7-15:17:16,346) [scsi_tmf_1] (root,0,0,00:00:11/7-15:17:14,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-15:17:14,367) [ext4-rsv-conver] (root,38604,7900,00:00:13/7-15:17:02,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/7-15:17:01,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:11/7-15:16:59,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:04/7-15:16:25,512) /sbin/auditd (messagebus,22936,5672,00:00:27/7-15:16:25,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:15/7-15:16:25,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/7-15:16:25,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/7-15:16:24,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/7-15:16:24,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:31:10,776) [kworker/3:0-events] (root,547592,25356,00:00:08/7-15:16:10,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/7-15:16:10,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:42/7-15:16:09,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/7-15:16:09,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/7-15:16:09,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/7-15:16:09,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/7-15:16:09,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:13/7-15:16:09,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:00/7-15:16:09,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/7-15:16:09,1206) bpfilter_umh (root,26204,8300,00:00:04/7-15:16:09,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/7-15:16:09,1215) ntpd: asynchronous dns resolver (spot,284644,169664,08:44:30/7-15:16:09,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/7-15:16:08,1228) (sd-pam) (checkmk,48532,3192,00:00:00/7-15:16:08,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/7-15:16:08,1245) (sd-pam) (root,24216,5348,00:00:02/7-15:16:07,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/7-15:16:07,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/7-15:16:06,1354) /usr/sbin/cron -n (root,691080,73620,00:09:48/7-15:16:00,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,43792,00:02:27/7-15:15:46,1380) /usr/bin/python3.11 /usr/bin/spot (postfix,24244,8216,00:00:00/01:30:39,3178) pickup -l -t fifo -u (root,0,0,00:00:00/04:27,5380) [kworker/u8:2-writeback] (root,0,0,00:00:01/03:56:14,7055) [kworker/3:2-events] (root,0,0,00:00:00/01:03:58,7981) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/03:18,8681) [kworker/1:0-ata_sff] (root,35308,10012,00:00:00/07:12:13,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:01/07:12:13,8749) sshd: syslogtunnel (root,0,0,00:00:00/20:22,10528) [kworker/2:1-events] (root,0,0,00:00:00/20:21,10529) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/01:02:06,13261) [kworker/0:2] (root,35308,10012,00:00:00/1-13:07:02,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:05/1-13:07:01,15391) sshd: cm-ssh (root,0,0,00:00:00/08:28,20353) [kworker/1:2-ata_sff] (root,6656,3444,00:00:00/00:00,21508) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,21526) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,21527) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:16:24,23924) [kworker/0:0-mm_percpu_wq] (root,0,0,00:00:00/49:58,24194) [kworker/1:1-events] (postfix,44628,9464,00:00:00/1-19:52:47,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/39:35,31725) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-20 01:39 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836389535b96Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:18/5-14:23:25,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-14:23:25,2) [kthreadd] (root,0,0,00:00:00/5-14:23:25,3) [rcu_gp] (root,0,0,00:00:00/5-14:23:25,4) [rcu_par_gp] (root,0,0,00:00:00/5-14:23:25,5) [slub_flushwq] (root,0,0,00:00:00/5-14:23:25,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-14:23:25,9) [mm_percpu_wq] (root,0,0,00:00:00/5-14:23:25,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-14:23:25,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-14:23:25,12) [rcu_tasks_trace] (root,0,0,00:00:09/5-14:23:25,13) [ksoftirqd/0] (root,0,0,00:14:35/5-14:23:25,14) [rcu_preempt] (root,0,0,00:00:02/5-14:23:25,15) [migration/0] (root,0,0,00:00:00/5-14:23:25,16) [idle_inject/0] (root,0,0,00:00:00/5-14:23:25,18) [cpuhp/0] (root,0,0,00:00:00/5-14:23:25,19) [cpuhp/1] (root,0,0,00:00:00/5-14:23:25,20) [idle_inject/1] (root,0,0,00:00:02/5-14:23:25,21) [migration/1] (root,0,0,00:00:08/5-14:23:25,22) [ksoftirqd/1] (root,0,0,00:00:00/5-14:23:25,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-14:23:25,25) [cpuhp/2] (root,0,0,00:00:00/5-14:23:25,26) [idle_inject/2] (root,0,0,00:00:01/5-14:23:25,27) [migration/2] (root,0,0,00:12:06/5-14:23:25,28) [ksoftirqd/2] (root,0,0,00:00:00/5-14:23:25,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-14:23:25,31) [cpuhp/3] (root,0,0,00:00:00/5-14:23:25,32) [idle_inject/3] (root,0,0,00:00:02/5-14:23:25,33) [migration/3] (root,0,0,00:00:31/5-14:23:25,34) [ksoftirqd/3] (root,0,0,00:00:00/5-14:23:25,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-14:23:25,39) [kdevtmpfs] (root,0,0,00:00:00/5-14:23:25,40) [netns] (root,0,0,00:00:00/5-14:23:25,41) [inet_frag_wq] (root,0,0,00:00:01/5-14:23:25,42) [kauditd] (root,0,0,00:00:00/5-14:23:25,43) [khungtaskd] (root,0,0,00:00:00/5-14:23:25,44) [oom_reaper] (root,0,0,00:00:00/5-14:23:25,45) [writeback] (root,0,0,00:00:15/5-14:23:25,46) [kcompactd0] (root,0,0,00:00:00/5-14:23:25,47) [ksmd] (root,0,0,00:00:16/5-14:23:25,48) [khugepaged] (root,0,0,00:00:00/5-14:23:25,74) [kintegrityd] (root,0,0,00:00:00/5-14:23:25,75) [kblockd] (root,0,0,00:00:00/5-14:23:25,76) [blkcg_punt_bio] (root,0,0,00:00:00/5-14:23:25,78) [tpm_dev_wq] (root,0,0,00:00:00/5-14:23:25,79) [edac-poller] (root,0,0,00:00:00/5-14:23:25,80) [devfreq_wq] (root,0,0,00:00:00/5-14:23:25,110) [watchdogd] (root,0,0,00:00:01/5-14:23:25,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-14:23:25,112) [kswapd0] (root,0,0,00:00:00/5-14:23:24,114) [kthrotld] (root,0,0,00:00:00/5-14:23:24,115) [mld] (root,0,0,00:00:00/5-14:23:24,116) [ipv6_addrconf] (root,0,0,00:00:02/5-14:23:24,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/5-14:23:24,122) [kstrp] (root,0,0,00:00:00/5-14:23:24,123) [zswap-shrink] (root,0,0,00:00:00/5-14:23:24,124) [kworker/u9:0] (root,0,0,00:00:00/5-14:23:24,129) [charger_manager] (root,0,0,00:00:01/5-14:23:23,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/5-14:23:23,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-14:23:23,205) [kaluad] (root,0,0,00:00:00/5-14:23:23,250) [kmpath_rdacd] (root,0,0,00:00:00/5-14:23:23,293) [kmpathd] (root,0,0,00:00:00/5-14:23:23,294) [kmpath_handlerd] (root,0,0,00:00:00/5-14:23:23,342) [ata_sff] (root,0,0,00:00:00/5-14:23:22,343) [scsi_eh_0] (root,0,0,00:00:00/5-14:23:22,344) [scsi_tmf_0] (root,0,0,00:00:00/5-14:23:22,345) [scsi_eh_1] (root,0,0,00:00:00/5-14:23:22,346) [scsi_tmf_1] (root,0,0,00:00:08/5-14:23:20,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-14:23:20,367) [ext4-rsv-conver] (root,38604,7544,00:00:10/5-14:23:08,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/5-14:23:07,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:08/5-14:23:05,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/5-14:22:31,512) /sbin/auditd (messagebus,22936,5824,00:00:20/5-14:22:31,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:11/5-14:22:31,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/5-14:22:31,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/5-14:22:30,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/5-14:22:30,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25572,00:00:06/5-14:22:16,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/5-14:22:16,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:30/5-14:22:15,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/5-14:22:15,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/5-14:22:15,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/5-14:22:15,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/5-14:22:15,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:10/5-14:22:15,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:43/5-14:22:15,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/5-14:22:15,1206) bpfilter_umh (root,26204,8340,00:00:03/5-14:22:15,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/5-14:22:15,1215) ntpd: asynchronous dns resolver (spot,276008,163700,06:08:20/5-14:22:15,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/5-14:22:14,1228) (sd-pam) (checkmk,48532,3192,00:00:00/5-14:22:14,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/5-14:22:14,1245) (sd-pam) (root,24216,5348,00:00:01/5-14:22:13,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/5-14:22:13,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/5-14:22:12,1354) /usr/sbin/cron -n (root,691080,73464,00:07:06/5-14:22:06,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,42500,00:01:46/5-14:21:52,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/10:33,3243) [kworker/u8:1-writeback] (root,0,0,00:00:00/25:28,4281) [kworker/u8:2] (root,35308,10024,00:00:00/3-16:15:01,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:12/3-16:15:01,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/3-16:14:46,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:11/3-16:14:46,4688) sshd: cm-ssh (root,6656,3488,00:00:00/00:00,7204) /bin/bash /usr/bin/check_mk_agent (root,13744,3396,00:00:00/00:00,7222) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,7223) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/06:30,7623) [kworker/3:2-events] (postfix,24244,8216,00:00:00/57:37,11162) pickup -l -t fifo -u (root,0,0,00:00:00/03:12,11640) [kworker/1:2-ata_sff] (root,0,0,00:00:00/27:43,16093) [kworker/2:0-events] (root,0,0,00:00:00/01:49:30,17810) [kworker/3:1-events] (root,0,0,00:00:00/23:58,18198) [kworker/1:1-events] (root,0,0,00:00:00/08:24,24345) [kworker/1:0-ata_sff] (root,0,0,00:00:00/53:31,29441) [kworker/0:0-events] (root,0,0,00:00:01/03:31:24,31879) [kworker/0:2-events] (root,0,0,00:00:02/01:32:09,32749) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-18 00:45 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683638f73efdcFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:13/3-15:12:50,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-15:12:50,2) [kthreadd] (root,0,0,00:00:00/3-15:12:50,3) [rcu_gp] (root,0,0,00:00:00/3-15:12:50,4) [rcu_par_gp] (root,0,0,00:00:00/3-15:12:50,5) [slub_flushwq] (root,0,0,00:00:00/3-15:12:50,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-15:12:50,9) [mm_percpu_wq] (root,0,0,00:00:00/3-15:12:50,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-15:12:50,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-15:12:50,12) [rcu_tasks_trace] (root,0,0,00:00:05/3-15:12:50,13) [ksoftirqd/0] (root,0,0,00:09:30/3-15:12:50,14) [rcu_preempt] (root,0,0,00:00:01/3-15:12:50,15) [migration/0] (root,0,0,00:00:00/3-15:12:50,16) [idle_inject/0] (root,0,0,00:00:00/3-15:12:50,18) [cpuhp/0] (root,0,0,00:00:00/3-15:12:50,19) [cpuhp/1] (root,0,0,00:00:00/3-15:12:50,20) [idle_inject/1] (root,0,0,00:00:01/3-15:12:50,21) [migration/1] (root,0,0,00:00:05/3-15:12:50,22) [ksoftirqd/1] (root,0,0,00:00:00/3-15:12:50,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-15:12:50,25) [cpuhp/2] (root,0,0,00:00:00/3-15:12:50,26) [idle_inject/2] (root,0,0,00:00:01/3-15:12:50,27) [migration/2] (root,0,0,00:08:01/3-15:12:50,28) [ksoftirqd/2] (root,0,0,00:00:00/3-15:12:50,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-15:12:50,31) [cpuhp/3] (root,0,0,00:00:00/3-15:12:50,32) [idle_inject/3] (root,0,0,00:00:01/3-15:12:50,33) [migration/3] (root,0,0,00:00:20/3-15:12:50,34) [ksoftirqd/3] (root,0,0,00:00:00/3-15:12:50,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-15:12:50,39) [kdevtmpfs] (root,0,0,00:00:00/3-15:12:50,40) [netns] (root,0,0,00:00:00/3-15:12:50,41) [inet_frag_wq] (root,0,0,00:00:01/3-15:12:50,42) [kauditd] (root,0,0,00:00:00/3-15:12:50,43) [khungtaskd] (root,0,0,00:00:00/3-15:12:50,44) [oom_reaper] (root,0,0,00:00:00/3-15:12:50,45) [writeback] (root,0,0,00:00:09/3-15:12:50,46) [kcompactd0] (root,0,0,00:00:00/3-15:12:50,47) [ksmd] (root,0,0,00:00:10/3-15:12:50,48) [khugepaged] (root,0,0,00:00:00/3-15:12:50,74) [kintegrityd] (root,0,0,00:00:00/3-15:12:50,75) [kblockd] (root,0,0,00:00:00/3-15:12:50,76) [blkcg_punt_bio] (root,0,0,00:00:00/3-15:12:50,78) [tpm_dev_wq] (root,0,0,00:00:00/3-15:12:50,79) [edac-poller] (root,0,0,00:00:00/3-15:12:50,80) [devfreq_wq] (root,0,0,00:00:00/3-15:12:50,110) [watchdogd] (root,0,0,00:00:00/3-15:12:50,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-15:12:50,112) [kswapd0] (root,0,0,00:00:00/3-15:12:49,114) [kthrotld] (root,0,0,00:00:00/3-15:12:49,115) [mld] (root,0,0,00:00:00/3-15:12:49,116) [ipv6_addrconf] (root,0,0,00:00:01/3-15:12:49,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-15:12:49,122) [kstrp] (root,0,0,00:00:00/3-15:12:49,123) [zswap-shrink] (root,0,0,00:00:00/3-15:12:49,124) [kworker/u9:0] (root,0,0,00:00:00/3-15:12:49,129) [charger_manager] (root,0,0,00:00:00/3-15:12:48,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-15:12:48,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-15:12:48,205) [kaluad] (root,0,0,00:00:00/3-15:12:48,250) [kmpath_rdacd] (root,0,0,00:00:00/3-15:12:48,293) [kmpathd] (root,0,0,00:00:00/3-15:12:48,294) [kmpath_handlerd] (root,0,0,00:00:00/3-15:12:48,342) [ata_sff] (root,0,0,00:00:00/3-15:12:47,343) [scsi_eh_0] (root,0,0,00:00:00/3-15:12:47,344) [scsi_tmf_0] (root,0,0,00:00:00/3-15:12:47,345) [scsi_eh_1] (root,0,0,00:00:00/3-15:12:47,346) [scsi_tmf_1] (root,0,0,00:00:05/3-15:12:45,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-15:12:45,367) [ext4-rsv-conver] (root,38604,7544,00:00:07/3-15:12:33,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/3-15:12:32,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:05/3-15:12:30,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/3-15:11:56,512) /sbin/auditd (messagebus,22936,5824,00:00:14/3-15:11:56,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:08/3-15:11:56,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/3-15:11:56,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/3-15:11:55,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/3-15:11:55,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24748,00:00:04/3-15:11:41,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/3-15:11:41,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:18/3-15:11:40,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/3-15:11:40,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/3-15:11:40,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/3-15:11:40,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/3-15:11:40,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:07/3-15:11:40,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:28/3-15:11:40,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/3-15:11:40,1206) bpfilter_umh (root,26204,8340,00:00:02/3-15:11:40,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/3-15:11:40,1215) ntpd: asynchronous dns resolver (spot,274012,162336,04:12:19/3-15:11:40,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/3-15:11:39,1228) (sd-pam) (checkmk,48532,3192,00:00:00/3-15:11:39,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/3-15:11:39,1245) (sd-pam) (root,0,0,00:00:00/19:35,1284) [kworker/2:1] (root,24216,5348,00:00:01/3-15:11:38,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-15:11:38,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/3-15:11:37,1354) /usr/sbin/cron -n (root,689544,71904,00:04:39/3-15:11:31,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,207296,41156,00:01:10/3-15:11:17,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:08:52,1655) [kworker/0:1-events] (root,0,0,00:00:04/03:44:12,3235) [kworker/2:0-events] (root,35308,10024,00:00:00/1-17:04:26,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:05/1-17:04:26,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/1-17:04:11,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:05/1-17:04:11,4688) sshd: cm-ssh (root,0,0,00:00:00/02:22:00,4707) [kworker/0:2-events] (root,6656,3444,00:00:00/00:00,12438) /bin/bash /usr/bin/check_mk_agent (root,13744,3364,00:00:00/00:00,12456) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,12457) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8164,00:00:00/29:00,13818) pickup -l -t fifo -u (root,0,0,00:00:01/01:31:09,19322) [kworker/1:1-events] (root,0,0,00:00:00/01:29:29,25346) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/08:09,25518) [kworker/1:2-ata_sff] (root,0,0,00:00:00/07:48,26463) [kworker/3:0-events] (root,0,0,00:00:00/02:59,28129) [kworker/1:0-ata_sff] (root,0,0,00:00:00/05:19:27,30146) [kworker/u8:2] (root,0,0,00:00:00/43:02,30663) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-16 01:35 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363fa554127Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12672,00:00:07/1-14:08:53,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-14:08:53,2) [kthreadd] (root,0,0,00:00:00/1-14:08:53,3) [rcu_gp] (root,0,0,00:00:00/1-14:08:53,4) [rcu_par_gp] (root,0,0,00:00:00/1-14:08:53,5) [slub_flushwq] (root,0,0,00:00:00/1-14:08:53,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-14:08:53,9) [mm_percpu_wq] (root,0,0,00:00:00/1-14:08:53,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-14:08:53,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-14:08:53,12) [rcu_tasks_trace] (root,0,0,00:00:02/1-14:08:53,13) [ksoftirqd/0] (root,0,0,00:04:07/1-14:08:53,14) [rcu_preempt] (root,0,0,00:00:00/1-14:08:53,15) [migration/0] (root,0,0,00:00:00/1-14:08:53,16) [idle_inject/0] (root,0,0,00:00:00/1-14:08:53,18) [cpuhp/0] (root,0,0,00:00:00/1-14:08:53,19) [cpuhp/1] (root,0,0,00:00:00/1-14:08:53,20) [idle_inject/1] (root,0,0,00:00:00/1-14:08:53,21) [migration/1] (root,0,0,00:00:02/1-14:08:53,22) [ksoftirqd/1] (root,0,0,00:00:00/1-14:08:53,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-14:08:53,25) [cpuhp/2] (root,0,0,00:00:00/1-14:08:53,26) [idle_inject/2] (root,0,0,00:00:00/1-14:08:53,27) [migration/2] (root,0,0,00:03:23/1-14:08:53,28) [ksoftirqd/2] (root,0,0,00:00:00/1-14:08:53,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-14:08:53,31) [cpuhp/3] (root,0,0,00:00:00/1-14:08:53,32) [idle_inject/3] (root,0,0,00:00:00/1-14:08:53,33) [migration/3] (root,0,0,00:00:08/1-14:08:53,34) [ksoftirqd/3] (root,0,0,00:00:00/1-14:08:53,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-14:08:53,39) [kdevtmpfs] (root,0,0,00:00:00/1-14:08:53,40) [netns] (root,0,0,00:00:00/1-14:08:53,41) [inet_frag_wq] (root,0,0,00:00:00/1-14:08:53,42) [kauditd] (root,0,0,00:00:00/1-14:08:53,43) [khungtaskd] (root,0,0,00:00:00/1-14:08:53,44) [oom_reaper] (root,0,0,00:00:00/1-14:08:53,45) [writeback] (root,0,0,00:00:04/1-14:08:53,46) [kcompactd0] (root,0,0,00:00:00/1-14:08:53,47) [ksmd] (root,0,0,00:00:04/1-14:08:53,48) [khugepaged] (root,0,0,00:00:00/1-14:08:53,74) [kintegrityd] (root,0,0,00:00:00/1-14:08:53,75) [kblockd] (root,0,0,00:00:00/1-14:08:53,76) [blkcg_punt_bio] (root,0,0,00:00:00/1-14:08:53,78) [tpm_dev_wq] (root,0,0,00:00:00/1-14:08:53,79) [edac-poller] (root,0,0,00:00:00/1-14:08:53,80) [devfreq_wq] (root,0,0,00:00:00/1-14:08:53,110) [watchdogd] (root,0,0,00:00:00/1-14:08:53,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-14:08:53,112) [kswapd0] (root,0,0,00:00:00/1-14:08:52,114) [kthrotld] (root,0,0,00:00:00/1-14:08:52,115) [mld] (root,0,0,00:00:00/1-14:08:52,116) [ipv6_addrconf] (root,0,0,00:00:00/1-14:08:52,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-14:08:52,122) [kstrp] (root,0,0,00:00:00/1-14:08:52,123) [zswap-shrink] (root,0,0,00:00:00/1-14:08:52,124) [kworker/u9:0] (root,0,0,00:00:00/1-14:08:52,129) [charger_manager] (root,0,0,00:00:00/1-14:08:51,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-14:08:51,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-14:08:51,205) [kaluad] (root,0,0,00:00:00/1-14:08:51,250) [kmpath_rdacd] (root,0,0,00:00:00/1-14:08:51,293) [kmpathd] (root,0,0,00:00:00/1-14:08:51,294) [kmpath_handlerd] (root,0,0,00:00:00/1-14:08:51,342) [ata_sff] (root,0,0,00:00:00/1-14:08:50,343) [scsi_eh_0] (root,0,0,00:00:00/1-14:08:50,344) [scsi_tmf_0] (root,0,0,00:00:00/1-14:08:50,345) [scsi_eh_1] (root,0,0,00:00:00/1-14:08:50,346) [scsi_tmf_1] (root,0,0,00:00:02/1-14:08:48,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-14:08:48,367) [ext4-rsv-conver] (root,38604,7544,00:00:03/1-14:08:36,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/1-14:08:35,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:02/1-14:08:33,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/1-14:07:59,512) /sbin/auditd (messagebus,22936,5824,00:00:07/1-14:07:59,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8508,00:00:03/1-14:07:59,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/1-14:07:59,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/1-14:07:58,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/1-14:07:58,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24220,00:00:02/1-14:07:44,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/1-14:07:44,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:07/1-14:07:43,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/1-14:07:43,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/1-14:07:43,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/1-14:07:43,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/1-14:07:43,1201) /usr/lib/systemd/systemd --user (root,448724,7840,00:00:03/1-14:07:43,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:12/1-14:07:43,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/1-14:07:43,1206) bpfilter_umh (root,26204,8340,00:00:01/1-14:07:43,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/1-14:07:43,1215) ntpd: asynchronous dns resolver (spot,198964,161676,01:46:42/1-14:07:43,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/1-14:07:42,1228) (sd-pam) (checkmk,48532,3192,00:00:00/1-14:07:42,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/1-14:07:42,1245) (sd-pam) (root,24216,5348,00:00:00/1-14:07:41,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/1-14:07:41,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/1-14:07:40,1354) /usr/sbin/cron -n (root,35308,9992,00:00:00/1-14:07:36,1368) sshd: syslogtunnel [priv] (syslogtunnel,35308,5400,00:00:05/1-14:07:36,1371) sshd: syslogtunnel (root,689288,71288,00:02:03/1-14:07:34,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,40784,00:00:32/1-14:07:20,1380) /usr/bin/python3.11 /usr/bin/spot (root,35308,9976,00:00:00/1-14:07:01,1434) sshd: cm-ssh [priv] (cm-ssh,35308,5468,00:00:04/1-14:07:01,1436) sshd: cm-ssh (root,0,0,00:00:05/08:33:18,3139) [kworker/1:0-ata_sff] (root,0,0,00:00:00/15:46,4324) [kworker/3:1-events] (postfix,24244,8168,00:00:00/01:27:06,8239) pickup -l -t fifo -u (root,0,0,00:00:00/43:55,9251) [kworker/0:2-events] (root,0,0,00:00:00/05:40,10983) [kworker/1:1-events] (root,0,0,00:00:00/05:34,11248) [kworker/u8:0-writeback] (root,0,0,00:00:00/12:25,17764) [kworker/2:2] (root,0,0,00:00:00/01:06:27,27345) [kworker/3:0-events] (root,0,0,00:00:00/01:30:55,28896) [kworker/0:0-events] (root,0,0,00:00:00/01:30:35,29594) [kworker/u8:1] (root,0,0,00:00:00/00:29,29799) [kworker/1:2-ata_sff] (root,6656,3484,00:00:00/00:00,31263) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,31281) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,31282) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/47:32,32356) [kworker/2:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-14 00:31 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363156f0e66Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12368,00:03:07/62-13:29:36,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/62-13:29:36,2) [kthreadd] (root,0,0,00:00:00/62-13:29:36,3) [rcu_gp] (root,0,0,00:00:00/62-13:29:36,4) [rcu_par_gp] (root,0,0,00:00:00/62-13:29:36,5) [slub_flushwq] (root,0,0,00:00:00/62-13:29:36,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/62-13:29:36,9) [mm_percpu_wq] (root,0,0,00:00:00/62-13:29:36,10) [rcu_tasks_kthre] (root,0,0,00:00:00/62-13:29:36,11) [rcu_tasks_rude_] (root,0,0,00:00:00/62-13:29:36,12) [rcu_tasks_trace] (root,0,0,00:01:52/62-13:29:36,13) [ksoftirqd/0] (root,0,0,02:54:08/62-13:29:36,14) [rcu_preempt] (root,0,0,00:00:23/62-13:29:36,15) [migration/0] (root,0,0,00:00:00/62-13:29:36,16) [idle_inject/0] (root,0,0,00:00:00/62-13:29:36,18) [cpuhp/0] (root,0,0,00:00:00/62-13:29:36,19) [cpuhp/1] (root,0,0,00:00:00/62-13:29:36,20) [idle_inject/1] (root,0,0,00:00:23/62-13:29:36,21) [migration/1] (root,0,0,00:01:33/62-13:29:36,22) [ksoftirqd/1] (root,0,0,00:00:00/62-13:29:36,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/62-13:29:36,25) [cpuhp/2] (root,0,0,00:00:00/62-13:29:36,26) [idle_inject/2] (root,0,0,00:00:17/62-13:29:36,27) [migration/2] (root,0,0,01:53:29/62-13:29:36,28) [ksoftirqd/2] (root,0,0,00:00:00/62-13:29:36,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/62-13:29:36,31) [cpuhp/3] (root,0,0,00:00:00/62-13:29:36,32) [idle_inject/3] (root,0,0,00:00:22/62-13:29:36,33) [migration/3] (root,0,0,00:05:43/62-13:29:36,34) [ksoftirqd/3] (root,0,0,00:00:00/62-13:29:36,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/62-13:29:36,40) [kdevtmpfs] (root,0,0,00:00:00/62-13:29:36,41) [netns] (root,0,0,00:00:00/62-13:29:36,42) [inet_frag_wq] (root,0,0,00:00:22/62-13:29:36,43) [kauditd] (root,0,0,00:00:00/62-13:29:36,44) [khungtaskd] (root,0,0,00:00:00/62-13:29:36,45) [oom_reaper] (root,0,0,00:00:00/62-13:29:36,46) [writeback] (root,0,0,00:03:11/62-13:29:36,47) [kcompactd0] (root,0,0,00:00:00/62-13:29:36,48) [ksmd] (root,0,0,00:03:27/62-13:29:36,49) [khugepaged] (root,0,0,00:00:00/62-13:29:36,75) [kintegrityd] (root,0,0,00:00:00/62-13:29:36,76) [kblockd] (root,0,0,00:00:00/62-13:29:36,77) [blkcg_punt_bio] (root,0,0,00:00:00/62-13:29:36,79) [tpm_dev_wq] (root,0,0,00:00:00/62-13:29:36,80) [edac-poller] (root,0,0,00:00:00/62-13:29:36,81) [devfreq_wq] (root,0,0,00:00:00/62-13:29:36,110) [watchdogd] (root,0,0,00:00:05/62-13:29:36,111) [kswapd0] (root,0,0,00:00:16/62-13:29:36,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/62-13:29:34,115) [kthrotld] (root,0,0,00:00:00/62-13:29:34,116) [mld] (root,0,0,00:00:00/62-13:29:34,117) [ipv6_addrconf] (root,0,0,00:00:16/62-13:29:34,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/62-13:29:34,123) [kstrp] (root,0,0,00:00:00/62-13:29:34,124) [zswap-shrink] (root,0,0,00:00:00/62-13:29:34,125) [kworker/u9:0] (root,0,0,00:00:00/62-13:29:34,130) [charger_manager] (root,0,0,00:00:18/62-13:29:34,172) [kworker/1:1H-kblockd] (root,0,0,00:00:27/62-13:29:34,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/62-13:29:33,239) [kaluad] (root,0,0,00:00:00/62-13:29:33,258) [kmpath_rdacd] (root,0,0,00:00:00/62-13:29:33,304) [kmpathd] (root,0,0,00:00:00/62-13:29:33,305) [kmpath_handlerd] (root,0,0,00:00:00/62-13:29:32,342) [ata_sff] (root,0,0,00:00:00/62-13:29:32,343) [scsi_eh_0] (root,0,0,00:00:00/62-13:29:32,344) [scsi_tmf_0] (root,0,0,00:00:00/62-13:29:32,345) [scsi_eh_1] (root,0,0,00:00:00/62-13:29:32,346) [scsi_tmf_1] (root,0,0,00:01:59/62-13:29:29,366) [jbd2/vda1-8] (root,0,0,00:00:00/62-13:29:29,367) [ext4-rsv-conver] (root,38604,7852,00:01:47/62-13:29:17,440) /usr/lib/systemd/systemd-journald (root,53296,9324,00:00:07/62-13:29:16,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:36/62-13:29:14,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1584,00:00:39/62-13:28:43,511) /sbin/auditd (messagebus,22932,5400,00:03:34/62-13:28:42,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38880,8288,00:02:01/62-13:28:42,530) /usr/lib/systemd/systemd-logind (root,20556,4152,00:00:00/62-13:28:42,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15472,00:00:03/62-13:28:40,611) /usr/sbin/wickedd --systemd --foreground (root,31900,15904,00:00:00/62-13:28:40,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549384,31628,00:01:13/62-13:28:26,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/62-13:28:26,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:06:04/62-13:28:26,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/62-13:28:26,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/62-13:28:26,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/62-13:28:26,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/62-13:28:26,1343) /usr/lib/systemd/systemd --user (root,449060,7988,00:01:56/62-13:28:26,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:52/62-13:28:26,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/62-13:28:26,1352) bpfilter_umh (root,26204,8096,00:00:33/62-13:28:26,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/62-13:28:26,1359) ntpd: asynchronous dns resolver (spot,362704,213564,3-11:06:14/62-13:28:25,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/62-13:28:25,1371) (sd-pam) (checkmk,48528,3180,00:00:00/62-13:28:25,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/62-13:28:25,1373) (sd-pam) (root,24216,5256,00:00:22/62-13:28:23,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/62-13:28:23,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/62-13:28:23,1485) /usr/sbin/cron -n (root,699464,78300,01:26:25/62-13:28:17,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/01:04:11,1818) [kworker/1:0-events] (spot,236992,82964,00:31:54/62-13:28:05,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/19:31,2406) [kworker/u8:0-flush-253:0] (postfix,44628,9104,00:00:02/56-19:03:40,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/17:32,5538) [kworker/2:1-cgroup_destroy] (root,6656,3488,00:00:00/00:00,8948) /bin/bash /usr/bin/check_mk_agent (root,13744,3424,00:00:00/00:00,8966) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,8967) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:16,9287) [kworker/3:2-ata_sff] (root,0,0,00:00:00/15:03,9738) [kworker/0:2-cgroup_destroy] (root,35304,10040,00:00:00/24-13:56:35,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:32/24-13:56:34,10514) sshd: syslogtunnel (root,0,0,00:00:00/01:17:38,12427) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/27:21,14894) [kworker/1:1] (root,0,0,00:00:01/02:30:14,19079) [kworker/2:2-events] (postfix,24244,8252,00:00:00/39:07,21014) pickup -l -t fifo -u (root,0,0,00:00:00/48:46,25290) [kworker/3:1-events] (root,0,0,00:00:00/02:40,28169) [kworker/2:0-events] (root,0,0,00:00:00/02:06,30620) [kworker/3:0-ata_sff] (root,0,0,00:00:00/47:00,30822) [kworker/0:1-events] (root,35308,10028,00:00:00/24-14:42:48,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:22/24-14:42:47,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-12 00:18 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836311a75172Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:58/60-14:09:00,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/60-14:09:00,2) [kthreadd] (root,0,0,00:00:00/60-14:09:00,3) [rcu_gp] (root,0,0,00:00:00/60-14:09:00,4) [rcu_par_gp] (root,0,0,00:00:00/60-14:09:00,5) [slub_flushwq] (root,0,0,00:00:00/60-14:09:00,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/60-14:09:00,9) [mm_percpu_wq] (root,0,0,00:00:00/60-14:09:00,10) [rcu_tasks_kthre] (root,0,0,00:00:00/60-14:09:00,11) [rcu_tasks_rude_] (root,0,0,00:00:00/60-14:09:00,12) [rcu_tasks_trace] (root,0,0,00:01:48/60-14:09:00,13) [ksoftirqd/0] (root,0,0,02:49:06/60-14:09:00,14) [rcu_preempt] (root,0,0,00:00:23/60-14:09:00,15) [migration/0] (root,0,0,00:00:00/60-14:09:00,16) [idle_inject/0] (root,0,0,00:00:00/60-14:09:00,18) [cpuhp/0] (root,0,0,00:00:00/60-14:09:00,19) [cpuhp/1] (root,0,0,00:00:00/60-14:09:00,20) [idle_inject/1] (root,0,0,00:00:23/60-14:09:00,21) [migration/1] (root,0,0,00:01:30/60-14:09:00,22) [ksoftirqd/1] (root,0,0,00:00:00/60-14:09:00,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/60-14:09:00,25) [cpuhp/2] (root,0,0,00:00:00/60-14:09:00,26) [idle_inject/2] (root,0,0,00:00:17/60-14:09:00,27) [migration/2] (root,0,0,01:49:36/60-14:09:00,28) [ksoftirqd/2] (root,0,0,00:00:00/60-14:09:00,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/60-14:09:00,31) [cpuhp/3] (root,0,0,00:00:00/60-14:09:00,32) [idle_inject/3] (root,0,0,00:00:21/60-14:09:00,33) [migration/3] (root,0,0,00:05:33/60-14:09:00,34) [ksoftirqd/3] (root,0,0,00:00:00/60-14:09:00,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/60-14:09:00,40) [kdevtmpfs] (root,0,0,00:00:00/60-14:09:00,41) [netns] (root,0,0,00:00:00/60-14:09:00,42) [inet_frag_wq] (root,0,0,00:00:21/60-14:09:00,43) [kauditd] (root,0,0,00:00:00/60-14:09:00,44) [khungtaskd] (root,0,0,00:00:00/60-14:09:00,45) [oom_reaper] (root,0,0,00:00:00/60-14:09:00,46) [writeback] (root,0,0,00:03:05/60-14:09:00,47) [kcompactd0] (root,0,0,00:00:00/60-14:09:00,48) [ksmd] (root,0,0,00:03:20/60-14:09:00,49) [khugepaged] (root,0,0,00:00:00/60-14:09:00,75) [kintegrityd] (root,0,0,00:00:00/60-14:09:00,76) [kblockd] (root,0,0,00:00:00/60-14:09:00,77) [blkcg_punt_bio] (root,0,0,00:00:00/60-14:09:00,79) [tpm_dev_wq] (root,0,0,00:00:00/60-14:09:00,80) [edac-poller] (root,0,0,00:00:00/60-14:09:00,81) [devfreq_wq] (root,0,0,00:00:00/60-14:09:00,110) [watchdogd] (root,0,0,00:00:04/60-14:09:00,111) [kswapd0] (root,0,0,00:00:15/60-14:09:00,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/60-14:08:58,115) [kthrotld] (root,0,0,00:00:00/60-14:08:58,116) [mld] (root,0,0,00:00:00/60-14:08:58,117) [ipv6_addrconf] (root,0,0,00:00:16/60-14:08:58,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/60-14:08:58,123) [kstrp] (root,0,0,00:00:00/60-14:08:58,124) [zswap-shrink] (root,0,0,00:00:00/60-14:08:58,125) [kworker/u9:0] (root,0,0,00:00:00/60-14:08:58,130) [charger_manager] (root,0,0,00:00:18/60-14:08:58,172) [kworker/1:1H-kblockd] (root,0,0,00:00:26/60-14:08:58,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/60-14:08:57,239) [kaluad] (root,0,0,00:00:00/60-14:08:57,258) [kmpath_rdacd] (root,0,0,00:00:00/60-14:08:57,304) [kmpathd] (root,0,0,00:00:00/60-14:08:57,305) [kmpath_handlerd] (root,0,0,00:00:00/60-14:08:56,342) [ata_sff] (root,0,0,00:00:00/60-14:08:56,343) [scsi_eh_0] (root,0,0,00:00:00/60-14:08:56,344) [scsi_tmf_0] (root,0,0,00:00:00/60-14:08:56,345) [scsi_eh_1] (root,0,0,00:00:00/60-14:08:56,346) [scsi_tmf_1] (root,0,0,00:01:56/60-14:08:53,366) [jbd2/vda1-8] (root,0,0,00:00:00/60-14:08:53,367) [ext4-rsv-conver] (root,38604,7852,00:01:43/60-14:08:41,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/60-14:08:40,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:33/60-14:08:38,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:37/60-14:08:07,511) /sbin/auditd (messagebus,22932,5400,00:03:24/60-14:08:06,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8268,00:01:55/60-14:08:06,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/60-14:08:06,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/60-14:08:04,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/60-14:08:04,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549384,31636,00:01:11/60-14:07:50,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/60-14:07:50,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:54/60-14:07:50,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/60-14:07:50,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/60-14:07:50,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/60-14:07:50,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/60-14:07:50,1343) /usr/lib/systemd/systemd --user (root,449060,8208,00:01:51/60-14:07:50,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:36/60-14:07:50,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/60-14:07:50,1352) bpfilter_umh (root,26204,8096,00:00:31/60-14:07:50,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/60-14:07:50,1359) ntpd: asynchronous dns resolver (spot,362480,213528,3-08:29:24/60-14:07:49,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/60-14:07:49,1371) (sd-pam) (checkmk,48528,3180,00:00:00/60-14:07:49,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/60-14:07:49,1373) (sd-pam) (root,24216,5260,00:00:21/60-14:07:47,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/60-14:07:47,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/60-14:07:47,1485) /usr/sbin/cron -n (root,699208,78092,01:23:45/60-14:07:41,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,235968,82040,00:31:05/60-14:07:29,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/54-19:43:04,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/03:29,7686) [kworker/0:0] (root,0,0,00:00:00/22:21,9258) [kworker/2:2-events] (root,35304,10040,00:00:00/22-14:35:59,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:24/22-14:35:58,10514) sshd: syslogtunnel (root,0,0,00:00:00/02:27:40,12806) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:01/02:05:04,13124) [kworker/3:2-events] (root,0,0,00:00:00/00:01,14712) [kworker/3:0] (root,6656,3484,00:00:00/00:00,14755) /bin/bash /usr/bin/check_mk_agent (root,13744,3420,00:00:00/00:00,14773) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,14774) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:48:04,15347) [kworker/2:0-events] (root,0,0,00:00:00/31:35,17961) [kworker/u8:0-writeback] (root,0,0,00:00:00/38:59,20158) [kworker/1:1-events] (root,0,0,00:00:00/01:05:09,24113) [kworker/0:2-events] (root,0,0,00:00:00/15:15,25821) [kworker/1:0-events] (root,0,0,00:00:00/01:12:18,28903) [kworker/0:1-cgroup_destroy] (root,35308,10028,00:00:00/22-15:22:12,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:15/22-15:22:11,30947) sshd: cm-ssh (root,0,0,00:00:00/05:11,31426) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-10 00:57 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f412a783Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,14416,00:02:49/58-14:22:42,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/58-14:22:42,2) [kthreadd] (root,0,0,00:00:00/58-14:22:42,3) [rcu_gp] (root,0,0,00:00:00/58-14:22:42,4) [rcu_par_gp] (root,0,0,00:00:00/58-14:22:42,5) [slub_flushwq] (root,0,0,00:00:00/58-14:22:42,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/58-14:22:42,9) [mm_percpu_wq] (root,0,0,00:00:00/58-14:22:42,10) [rcu_tasks_kthre] (root,0,0,00:00:00/58-14:22:42,11) [rcu_tasks_rude_] (root,0,0,00:00:00/58-14:22:42,12) [rcu_tasks_trace] (root,0,0,00:01:44/58-14:22:42,13) [ksoftirqd/0] (root,0,0,02:43:56/58-14:22:42,14) [rcu_preempt] (root,0,0,00:00:22/58-14:22:42,15) [migration/0] (root,0,0,00:00:00/58-14:22:42,16) [idle_inject/0] (root,0,0,00:00:00/58-14:22:42,18) [cpuhp/0] (root,0,0,00:00:00/58-14:22:42,19) [cpuhp/1] (root,0,0,00:00:00/58-14:22:42,20) [idle_inject/1] (root,0,0,00:00:22/58-14:22:42,21) [migration/1] (root,0,0,00:01:26/58-14:22:42,22) [ksoftirqd/1] (root,0,0,00:00:00/58-14:22:42,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/58-14:22:42,25) [cpuhp/2] (root,0,0,00:00:00/58-14:22:42,26) [idle_inject/2] (root,0,0,00:00:16/58-14:22:42,27) [migration/2] (root,0,0,01:44:50/58-14:22:42,28) [ksoftirqd/2] (root,0,0,00:00:00/58-14:22:42,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/58-14:22:42,31) [cpuhp/3] (root,0,0,00:00:00/58-14:22:42,32) [idle_inject/3] (root,0,0,00:00:20/58-14:22:42,33) [migration/3] (root,0,0,00:05:21/58-14:22:42,34) [ksoftirqd/3] (root,0,0,00:00:00/58-14:22:42,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/58-14:22:42,40) [kdevtmpfs] (root,0,0,00:00:00/58-14:22:42,41) [netns] (root,0,0,00:00:00/58-14:22:42,42) [inet_frag_wq] (root,0,0,00:00:20/58-14:22:42,43) [kauditd] (root,0,0,00:00:00/58-14:22:42,44) [khungtaskd] (root,0,0,00:00:00/58-14:22:42,45) [oom_reaper] (root,0,0,00:00:00/58-14:22:42,46) [writeback] (root,0,0,00:02:59/58-14:22:42,47) [kcompactd0] (root,0,0,00:00:00/58-14:22:42,48) [ksmd] (root,0,0,00:03:14/58-14:22:42,49) [khugepaged] (root,0,0,00:00:00/58-14:22:42,75) [kintegrityd] (root,0,0,00:00:00/58-14:22:42,76) [kblockd] (root,0,0,00:00:00/58-14:22:42,77) [blkcg_punt_bio] (root,0,0,00:00:00/58-14:22:42,79) [tpm_dev_wq] (root,0,0,00:00:00/58-14:22:42,80) [edac-poller] (root,0,0,00:00:00/58-14:22:42,81) [devfreq_wq] (root,0,0,00:00:00/58-14:22:42,110) [watchdogd] (root,0,0,00:00:04/58-14:22:42,111) [kswapd0] (root,0,0,00:00:15/58-14:22:42,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/58-14:22:40,115) [kthrotld] (root,0,0,00:00:00/58-14:22:40,116) [mld] (root,0,0,00:00:00/58-14:22:40,117) [ipv6_addrconf] (root,0,0,00:00:16/58-14:22:40,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/58-14:22:40,123) [kstrp] (root,0,0,00:00:00/58-14:22:40,124) [zswap-shrink] (root,0,0,00:00:00/58-14:22:40,125) [kworker/u9:0] (root,0,0,00:00:00/58-14:22:40,130) [charger_manager] (root,0,0,00:00:17/58-14:22:40,172) [kworker/1:1H-kblockd] (root,0,0,00:00:25/58-14:22:40,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/58-14:22:39,239) [kaluad] (root,0,0,00:00:00/58-14:22:39,258) [kmpath_rdacd] (root,0,0,00:00:00/58-14:22:39,304) [kmpathd] (root,0,0,00:00:00/58-14:22:39,305) [kmpath_handlerd] (root,0,0,00:00:00/58-14:22:38,342) [ata_sff] (root,0,0,00:00:00/58-14:22:38,343) [scsi_eh_0] (root,0,0,00:00:00/58-14:22:38,344) [scsi_tmf_0] (root,0,0,00:00:00/58-14:22:38,345) [scsi_eh_1] (root,0,0,00:00:00/58-14:22:38,346) [scsi_tmf_1] (root,0,0,00:01:52/58-14:22:35,366) [jbd2/vda1-8] (root,0,0,00:00:00/58-14:22:35,367) [ext4-rsv-conver] (root,38604,7852,00:01:38/58-14:22:23,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/58-14:22:22,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:30/58-14:22:20,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:35/58-14:21:49,511) /sbin/auditd (messagebus,22932,5400,00:03:13/58-14:21:48,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:49/58-14:21:48,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/58-14:21:48,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/58-14:21:46,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/58-14:21:46,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549128,31272,00:01:09/58-14:21:32,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/58-14:21:32,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:44/58-14:21:32,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/58-14:21:32,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/58-14:21:32,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/58-14:21:32,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/58-14:21:32,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:47/58-14:21:32,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:21/58-14:21:32,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/58-14:21:32,1352) bpfilter_umh (root,26204,8096,00:00:30/58-14:21:32,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/58-14:21:32,1359) ntpd: asynchronous dns resolver (spot,363872,214644,3-05:26:45/58-14:21:31,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/58-14:21:31,1371) (sd-pam) (checkmk,48528,3180,00:00:00/58-14:21:31,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/58-14:21:31,1373) (sd-pam) (root,24216,5260,00:00:20/58-14:21:29,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/58-14:21:29,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/58-14:21:29,1485) /usr/sbin/cron -n (root,698952,77684,01:21:03/58-14:21:23,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,234944,80364,00:30:17/58-14:21:11,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/52-19:56:46,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/03:52,3048) [kworker/2:2-events] (root,0,0,00:00:00/09:54,10165) [kworker/3:0-ata_sff] (root,35304,10040,00:00:00/20-14:49:41,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:17/20-14:49:40,10514) sshd: syslogtunnel (postfix,24244,8144,00:00:00/35:00,12925) pickup -l -t fifo -u (root,0,0,00:00:00/40:12,18745) [kworker/0:1-events] (root,0,0,00:00:00/33:19,19023) [kworker/1:0-events] (root,0,0,00:00:00/20:17,19227) [kworker/3:1-events] (root,6656,3488,00:00:00/00:00,19878) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,19919) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,19920) /bin/bash /usr/bin/check_mk_agent (root,4480,1140,00:00:00/00:00,19921) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,800,00:00:00/00:00,19922) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,712,00:00:00/00:00,19923) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3476,00:00:00/00:00,19924) /bin/bash /usr/bin/check_mk_agent (root,13744,3428,00:00:00/00:00,19942) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,19943) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/54:03,21124) [kworker/2:1-events] (root,0,0,00:00:00/06:21,25238) [kworker/u8:2-flush-253:0] (root,0,0,00:00:01/03:24:40,26097) [kworker/0:2-events] (root,0,0,00:00:00/14:51,28268) [kworker/1:1-events] (root,0,0,00:00:00/14:43,28459) [kworker/u8:1-flush-253:0] (root,35308,10028,00:00:00/20-15:35:54,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:09/20-15:35:53,30947) sshd: cm-ssh (root,0,0,00:00:00/37:54,31568) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/04:44,31754) [kworker/3:2-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-08 01:11 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633c98d08aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:39/56-13:52:22,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/56-13:52:22,2) [kthreadd] (root,0,0,00:00:00/56-13:52:22,3) [rcu_gp] (root,0,0,00:00:00/56-13:52:22,4) [rcu_par_gp] (root,0,0,00:00:00/56-13:52:22,5) [slub_flushwq] (root,0,0,00:00:00/56-13:52:22,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/56-13:52:22,9) [mm_percpu_wq] (root,0,0,00:00:00/56-13:52:22,10) [rcu_tasks_kthre] (root,0,0,00:00:00/56-13:52:22,11) [rcu_tasks_rude_] (root,0,0,00:00:00/56-13:52:22,12) [rcu_tasks_trace] (root,0,0,00:01:41/56-13:52:22,13) [ksoftirqd/0] (root,0,0,02:38:34/56-13:52:22,14) [rcu_preempt] (root,0,0,00:00:21/56-13:52:22,15) [migration/0] (root,0,0,00:00:00/56-13:52:22,16) [idle_inject/0] (root,0,0,00:00:00/56-13:52:22,18) [cpuhp/0] (root,0,0,00:00:00/56-13:52:22,19) [cpuhp/1] (root,0,0,00:00:00/56-13:52:22,20) [idle_inject/1] (root,0,0,00:00:21/56-13:52:22,21) [migration/1] (root,0,0,00:01:23/56-13:52:22,22) [ksoftirqd/1] (root,0,0,00:00:00/56-13:52:22,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/56-13:52:22,25) [cpuhp/2] (root,0,0,00:00:00/56-13:52:22,26) [idle_inject/2] (root,0,0,00:00:16/56-13:52:22,27) [migration/2] (root,0,0,01:40:22/56-13:52:22,28) [ksoftirqd/2] (root,0,0,00:00:00/56-13:52:22,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/56-13:52:22,31) [cpuhp/3] (root,0,0,00:00:00/56-13:52:22,32) [idle_inject/3] (root,0,0,00:00:20/56-13:52:22,33) [migration/3] (root,0,0,00:05:09/56-13:52:22,34) [ksoftirqd/3] (root,0,0,00:00:00/56-13:52:22,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/56-13:52:22,40) [kdevtmpfs] (root,0,0,00:00:00/56-13:52:22,41) [netns] (root,0,0,00:00:00/56-13:52:22,42) [inet_frag_wq] (root,0,0,00:00:19/56-13:52:22,43) [kauditd] (root,0,0,00:00:00/56-13:52:22,44) [khungtaskd] (root,0,0,00:00:00/56-13:52:22,45) [oom_reaper] (root,0,0,00:00:00/56-13:52:22,46) [writeback] (root,0,0,00:02:53/56-13:52:22,47) [kcompactd0] (root,0,0,00:00:00/56-13:52:22,48) [ksmd] (root,0,0,00:03:08/56-13:52:22,49) [khugepaged] (root,0,0,00:00:00/56-13:52:22,75) [kintegrityd] (root,0,0,00:00:00/56-13:52:22,76) [kblockd] (root,0,0,00:00:00/56-13:52:22,77) [blkcg_punt_bio] (root,0,0,00:00:00/56-13:52:22,79) [tpm_dev_wq] (root,0,0,00:00:00/56-13:52:22,80) [edac-poller] (root,0,0,00:00:00/56-13:52:22,81) [devfreq_wq] (root,0,0,00:00:00/56-13:52:22,110) [watchdogd] (root,0,0,00:00:04/56-13:52:22,111) [kswapd0] (root,0,0,00:00:14/56-13:52:22,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/56-13:52:20,115) [kthrotld] (root,0,0,00:00:00/56-13:52:20,116) [mld] (root,0,0,00:00:00/56-13:52:20,117) [ipv6_addrconf] (root,0,0,00:00:15/56-13:52:20,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/56-13:52:20,123) [kstrp] (root,0,0,00:00:00/56-13:52:20,124) [zswap-shrink] (root,0,0,00:00:00/56-13:52:20,125) [kworker/u9:0] (root,0,0,00:00:00/56-13:52:20,130) [charger_manager] (root,0,0,00:00:17/56-13:52:20,172) [kworker/1:1H-kblockd] (root,0,0,00:00:25/56-13:52:20,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/56-13:52:19,239) [kaluad] (root,0,0,00:00:00/56-13:52:19,258) [kmpath_rdacd] (root,0,0,00:00:00/56-13:52:19,304) [kmpathd] (root,0,0,00:00:00/56-13:52:19,305) [kmpath_handlerd] (root,0,0,00:00:00/56-13:52:18,342) [ata_sff] (root,0,0,00:00:00/56-13:52:18,343) [scsi_eh_0] (root,0,0,00:00:00/56-13:52:18,344) [scsi_tmf_0] (root,0,0,00:00:00/56-13:52:18,345) [scsi_eh_1] (root,0,0,00:00:00/56-13:52:18,346) [scsi_tmf_1] (root,0,0,00:01:49/56-13:52:15,366) [jbd2/vda1-8] (root,0,0,00:00:00/56-13:52:15,367) [ext4-rsv-conver] (root,38604,7852,00:01:33/56-13:52:03,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/56-13:52:02,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:27/56-13:52:00,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:32/56-13:51:29,511) /sbin/auditd (messagebus,22932,5400,00:03:00/56-13:51:28,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:42/56-13:51:28,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/56-13:51:28,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/56-13:51:26,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/56-13:51:26,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549128,31272,00:01:07/56-13:51:12,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/56-13:51:12,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:35/56-13:51:12,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/56-13:51:12,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/56-13:51:12,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/56-13:51:12,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/56-13:51:12,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:42/56-13:51:12,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:04/56-13:51:12,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/56-13:51:12,1352) bpfilter_umh (root,26204,8096,00:00:28/56-13:51:12,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/56-13:51:12,1359) ntpd: asynchronous dns resolver (spot,364720,215624,3-02:29:35/56-13:51:11,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/56-13:51:11,1371) (sd-pam) (checkmk,48528,3180,00:00:00/56-13:51:11,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/56-13:51:11,1373) (sd-pam) (root,24216,5260,00:00:20/56-13:51:09,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/56-13:51:09,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:07/56-13:51:09,1485) /usr/sbin/cron -n (root,698412,77180,01:18:15/56-13:51:03,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,233920,79172,00:29:30/56-13:50:51,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/50-19:26:26,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/30:03,3798) [kworker/0:0-events] (root,0,0,00:00:00/00:19,4585) [kworker/1:1-events] (root,6656,3492,00:00:00/00:00,4746) /bin/bash /usr/bin/check_mk_agent (root,13744,3420,00:00:00/00:00,4764) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,4765) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/39:33,6586) [kworker/1:2-events] (root,0,0,00:00:00/15:08,9914) [kworker/2:0-events] (root,0,0,00:00:00/08:34,10401) [kworker/3:1-ata_sff] (root,35304,10040,00:00:00/18-14:19:21,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:09/18-14:19:20,10514) sshd: syslogtunnel (root,0,0,00:00:00/21:33,11111) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/37:21,11848) [kworker/0:2-events] (postfix,24244,8236,00:00:00/26:32,15810) pickup -l -t fifo -u (root,0,0,00:00:00/25:35,20853) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/25:34,21031) [kworker/2:1-events] (root,0,0,00:00:00/06:00,21048) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/03:23,28016) [kworker/3:2-ata_sff] (root,0,0,00:00:00/02:23,29432) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/24:07,29448) [kworker/3:0-events] (root,35308,10028,00:00:00/18-15:05:34,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:03/18-15:05:33,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-06 00:41 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683636f7dc90bFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12460,00:02:13/45-12:53:45,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/45-12:53:45,2) [kthreadd] (root,0,0,00:00:00/45-12:53:45,3) [rcu_gp] (root,0,0,00:00:00/45-12:53:45,4) [rcu_par_gp] (root,0,0,00:00:00/45-12:53:45,5) [slub_flushwq] (root,0,0,00:00:00/45-12:53:45,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/45-12:53:45,9) [mm_percpu_wq] (root,0,0,00:00:00/45-12:53:45,10) [rcu_tasks_kthre] (root,0,0,00:00:00/45-12:53:45,11) [rcu_tasks_rude_] (root,0,0,00:00:00/45-12:53:45,12) [rcu_tasks_trace] (root,0,0,00:01:23/45-12:53:45,13) [ksoftirqd/0] (root,0,0,02:10:36/45-12:53:45,14) [rcu_preempt] (root,0,0,00:00:17/45-12:53:45,15) [migration/0] (root,0,0,00:00:00/45-12:53:45,16) [idle_inject/0] (root,0,0,00:00:00/45-12:53:45,18) [cpuhp/0] (root,0,0,00:00:00/45-12:53:45,19) [cpuhp/1] (root,0,0,00:00:00/45-12:53:45,20) [idle_inject/1] (root,0,0,00:00:17/45-12:53:45,21) [migration/1] (root,0,0,00:01:08/45-12:53:45,22) [ksoftirqd/1] (root,0,0,00:00:00/45-12:53:45,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/45-12:53:45,25) [cpuhp/2] (root,0,0,00:00:00/45-12:53:45,26) [idle_inject/2] (root,0,0,00:00:13/45-12:53:45,27) [migration/2] (root,0,0,01:25:14/45-12:53:45,28) [ksoftirqd/2] (root,0,0,00:00:00/45-12:53:45,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/45-12:53:45,31) [cpuhp/3] (root,0,0,00:00:00/45-12:53:45,32) [idle_inject/3] (root,0,0,00:00:16/45-12:53:45,33) [migration/3] (root,0,0,00:04:22/45-12:53:45,34) [ksoftirqd/3] (root,0,0,00:00:00/45-12:53:45,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/45-12:53:45,40) [kdevtmpfs] (root,0,0,00:00:00/45-12:53:45,41) [netns] (root,0,0,00:00:00/45-12:53:45,42) [inet_frag_wq] (root,0,0,00:00:16/45-12:53:45,43) [kauditd] (root,0,0,00:00:00/45-12:53:45,44) [khungtaskd] (root,0,0,00:00:00/45-12:53:45,45) [oom_reaper] (root,0,0,00:00:00/45-12:53:45,46) [writeback] (root,0,0,00:02:23/45-12:53:45,47) [kcompactd0] (root,0,0,00:00:00/45-12:53:45,48) [ksmd] (root,0,0,00:02:30/45-12:53:45,49) [khugepaged] (root,0,0,00:00:00/45-12:53:45,75) [kintegrityd] (root,0,0,00:00:00/45-12:53:45,76) [kblockd] (root,0,0,00:00:00/45-12:53:45,77) [blkcg_punt_bio] (root,0,0,00:00:00/45-12:53:45,79) [tpm_dev_wq] (root,0,0,00:00:00/45-12:53:45,80) [edac-poller] (root,0,0,00:00:00/45-12:53:45,81) [devfreq_wq] (root,0,0,00:00:00/45-12:53:45,110) [watchdogd] (root,0,0,00:00:03/45-12:53:45,111) [kswapd0] (root,0,0,00:00:12/45-12:53:45,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/45-12:53:43,115) [kthrotld] (root,0,0,00:00:00/45-12:53:43,116) [mld] (root,0,0,00:00:00/45-12:53:43,117) [ipv6_addrconf] (root,0,0,00:00:12/45-12:53:43,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/45-12:53:43,123) [kstrp] (root,0,0,00:00:00/45-12:53:43,124) [zswap-shrink] (root,0,0,00:00:00/45-12:53:43,125) [kworker/u9:0] (root,0,0,00:00:00/45-12:53:43,130) [charger_manager] (root,0,0,00:00:14/45-12:53:43,172) [kworker/1:1H-kblockd] (root,0,0,00:00:20/45-12:53:43,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/45-12:53:42,239) [kaluad] (root,0,0,00:00:00/45-12:53:42,258) [kmpath_rdacd] (root,0,0,00:00:00/45-12:53:42,304) [kmpathd] (root,0,0,00:00:00/45-12:53:42,305) [kmpath_handlerd] (root,0,0,00:00:00/45-12:53:41,342) [ata_sff] (root,0,0,00:00:00/45-12:53:41,343) [scsi_eh_0] (root,0,0,00:00:00/45-12:53:41,344) [scsi_tmf_0] (root,0,0,00:00:00/45-12:53:41,345) [scsi_eh_1] (root,0,0,00:00:00/45-12:53:41,346) [scsi_tmf_1] (root,0,0,00:01:31/45-12:53:38,366) [jbd2/vda1-8] (root,0,0,00:00:00/45-12:53:38,367) [ext4-rsv-conver] (root,38604,7856,00:01:17/45-12:53:26,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/45-12:53:25,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:11/45-12:53:23,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:27/45-12:52:52,511) /sbin/auditd (messagebus,22932,5408,00:02:30/45-12:52:51,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:25/45-12:52:51,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/45-12:52:51,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/45-12:52:49,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/45-12:52:49,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:54/45-12:52:35,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/45-12:52:35,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:34/45-12:52:35,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/45-12:52:35,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/45-12:52:35,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/45-12:52:35,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/45-12:52:35,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:28/45-12:52:35,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:36/45-12:52:35,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/45-12:52:35,1352) bpfilter_umh (root,26204,8096,00:00:23/45-12:52:35,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/45-12:52:35,1359) ntpd: asynchronous dns resolver (spot,362096,206204,2-14:32:48/45-12:52:34,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/45-12:52:34,1371) (sd-pam) (checkmk,48528,3180,00:00:00/45-12:52:34,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/45-12:52:34,1373) (sd-pam) (root,24216,5260,00:00:16/45-12:52:32,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/45-12:52:32,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/45-12:52:32,1485) /usr/sbin/cron -n (root,697508,76836,01:03:22/45-12:52:26,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,228800,71512,00:24:48/45-12:52:14,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/51:56,2530) [kworker/u8:2-ext4-rsv-conversion] (postfix,44628,9184,00:00:01/39-18:27:49,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/21:40,2565) [kworker/0:0] (root,0,0,00:00:00/02:07:21,7467) [kworker/1:1-events] (root,0,0,00:00:00/11:43,8464) [kworker/3:1-events] (postfix,24244,8216,00:00:00/36:34,9742) pickup -l -t fifo -u (root,0,0,00:00:00/01:06:53,9975) [kworker/2:2-events] (root,35304,10040,00:00:00/7-13:20:44,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:30/7-13:20:43,10514) sshd: syslogtunnel (root,0,0,00:00:00/01:21:56,13466) [kworker/1:2] (root,0,0,00:00:01/03:43:01,23049) [kworker/0:2-events] (root,0,0,00:00:00/01:20,23330) [kworker/3:0-ata_sff] (root,6656,3492,00:00:00/00:00,27615) /bin/bash /usr/bin/check_mk_agent (root,13744,3444,00:00:00/00:00,27633) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,27634) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/31:34,30660) [kworker/2:1-events] (root,35308,10028,00:00:00/7-14:06:57,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:27/7-14:06:56,30947) sshd: cm-ssh (root,0,0,00:00:00/06:31,31385) [kworker/3:2-ata_sff] (root,0,0,00:00:00/02:52:31,32405) [kworker/u8:1-writeback] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-25 23:42 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836397cdee7eFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:08/43-12:42:56,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/43-12:42:56,2) [kthreadd] (root,0,0,00:00:00/43-12:42:56,3) [rcu_gp] (root,0,0,00:00:00/43-12:42:56,4) [rcu_par_gp] (root,0,0,00:00:00/43-12:42:56,5) [slub_flushwq] (root,0,0,00:00:00/43-12:42:56,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/43-12:42:56,9) [mm_percpu_wq] (root,0,0,00:00:00/43-12:42:56,10) [rcu_tasks_kthre] (root,0,0,00:00:00/43-12:42:56,11) [rcu_tasks_rude_] (root,0,0,00:00:00/43-12:42:56,12) [rcu_tasks_trace] (root,0,0,00:01:19/43-12:42:56,13) [ksoftirqd/0] (root,0,0,02:05:06/43-12:42:56,14) [rcu_preempt] (root,0,0,00:00:16/43-12:42:56,15) [migration/0] (root,0,0,00:00:00/43-12:42:56,16) [idle_inject/0] (root,0,0,00:00:00/43-12:42:56,18) [cpuhp/0] (root,0,0,00:00:00/43-12:42:56,19) [cpuhp/1] (root,0,0,00:00:00/43-12:42:56,20) [idle_inject/1] (root,0,0,00:00:16/43-12:42:56,21) [migration/1] (root,0,0,00:01:05/43-12:42:56,22) [ksoftirqd/1] (root,0,0,00:00:00/43-12:42:56,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/43-12:42:56,25) [cpuhp/2] (root,0,0,00:00:00/43-12:42:56,26) [idle_inject/2] (root,0,0,00:00:12/43-12:42:56,27) [migration/2] (root,0,0,01:22:25/43-12:42:56,28) [ksoftirqd/2] (root,0,0,00:00:00/43-12:42:56,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/43-12:42:56,31) [cpuhp/3] (root,0,0,00:00:00/43-12:42:56,32) [idle_inject/3] (root,0,0,00:00:15/43-12:42:56,33) [migration/3] (root,0,0,00:04:12/43-12:42:56,34) [ksoftirqd/3] (root,0,0,00:00:00/43-12:42:56,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/43-12:42:56,40) [kdevtmpfs] (root,0,0,00:00:00/43-12:42:56,41) [netns] (root,0,0,00:00:00/43-12:42:56,42) [inet_frag_wq] (root,0,0,00:00:15/43-12:42:56,43) [kauditd] (root,0,0,00:00:00/43-12:42:56,44) [khungtaskd] (root,0,0,00:00:00/43-12:42:56,45) [oom_reaper] (root,0,0,00:00:00/43-12:42:56,46) [writeback] (root,0,0,00:02:17/43-12:42:56,47) [kcompactd0] (root,0,0,00:00:00/43-12:42:56,48) [ksmd] (root,0,0,00:02:24/43-12:42:56,49) [khugepaged] (root,0,0,00:00:00/43-12:42:56,75) [kintegrityd] (root,0,0,00:00:00/43-12:42:56,76) [kblockd] (root,0,0,00:00:00/43-12:42:56,77) [blkcg_punt_bio] (root,0,0,00:00:00/43-12:42:56,79) [tpm_dev_wq] (root,0,0,00:00:00/43-12:42:56,80) [edac-poller] (root,0,0,00:00:00/43-12:42:56,81) [devfreq_wq] (root,0,0,00:00:00/43-12:42:56,110) [watchdogd] (root,0,0,00:00:03/43-12:42:56,111) [kswapd0] (root,0,0,00:00:11/43-12:42:56,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/43-12:42:54,115) [kthrotld] (root,0,0,00:00:00/43-12:42:54,116) [mld] (root,0,0,00:00:00/43-12:42:54,117) [ipv6_addrconf] (root,0,0,00:00:12/43-12:42:54,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/43-12:42:54,123) [kstrp] (root,0,0,00:00:00/43-12:42:54,124) [zswap-shrink] (root,0,0,00:00:00/43-12:42:54,125) [kworker/u9:0] (root,0,0,00:00:00/43-12:42:54,130) [charger_manager] (root,0,0,00:00:13/43-12:42:54,172) [kworker/1:1H-kblockd] (root,0,0,00:00:19/43-12:42:54,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/43-12:42:53,239) [kaluad] (root,0,0,00:00:00/43-12:42:53,258) [kmpath_rdacd] (root,0,0,00:00:00/43-12:42:53,304) [kmpathd] (root,0,0,00:00:00/43-12:42:53,305) [kmpath_handlerd] (root,0,0,00:00:00/43-12:42:52,342) [ata_sff] (root,0,0,00:00:00/43-12:42:52,343) [scsi_eh_0] (root,0,0,00:00:00/43-12:42:52,344) [scsi_tmf_0] (root,0,0,00:00:00/43-12:42:52,345) [scsi_eh_1] (root,0,0,00:00:00/43-12:42:52,346) [scsi_tmf_1] (root,0,0,00:01:27/43-12:42:49,366) [jbd2/vda1-8] (root,0,0,00:00:00/43-12:42:49,367) [ext4-rsv-conver] (root,38604,7856,00:01:15/43-12:42:37,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/43-12:42:36,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:08/43-12:42:34,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:26/43-12:42:03,511) /sbin/auditd (messagebus,22932,5408,00:02:24/43-12:42:02,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:22/43-12:42:02,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/43-12:42:02,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/43-12:42:00,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/43-12:42:00,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/15:22,883) [kworker/2:0-events] (root,548872,30852,00:00:51/43-12:41:46,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/43-12:41:46,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:21/43-12:41:46,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/43-12:41:46,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/43-12:41:46,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/43-12:41:46,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/43-12:41:46,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:25/43-12:41:46,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:19/43-12:41:46,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/43-12:41:46,1352) bpfilter_umh (root,26204,8096,00:00:22/43-12:41:46,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/43-12:41:46,1359) ntpd: asynchronous dns resolver (spot,361616,206084,2-12:17:01/43-12:41:45,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/43-12:41:45,1371) (sd-pam) (checkmk,48528,3180,00:00:00/43-12:41:45,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/43-12:41:45,1373) (sd-pam) (root,24216,5260,00:00:15/43-12:41:43,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/43-12:41:43,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/43-12:41:43,1485) /usr/sbin/cron -n (root,697508,76764,01:00:33/43-12:41:37,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,227776,70172,00:23:49/43-12:41:25,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/37-18:17:00,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:14:14,8260) [kworker/0:1] (root,35304,10040,00:00:00/5-13:09:55,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:22/5-13:09:54,10514) sshd: syslogtunnel (root,0,0,00:00:00/35:22,11196) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/02:33:43,12041) [kworker/1:0-events] (root,0,0,00:00:01/03:37:09,13819) [kworker/0:2-events] (root,0,0,00:00:00/00:41,14385) [kworker/2:2-events] (root,0,0,00:00:00/00:24,14991) [kworker/3:2-ata_sff] (root,6656,3484,00:00:00/00:00,18802) /bin/bash /usr/bin/check_mk_agent (root,13744,3420,00:00:00/00:00,18837) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,18838) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/31:08,19317) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/02:23:56,21552) [kworker/1:1] (postfix,24244,8252,00:00:00/47:28,22335) pickup -l -t fifo -u (root,0,0,00:00:00/46:35,23914) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/05:34,27607) [kworker/3:1-ata_sff] (root,0,0,00:00:01/01:44:10,30519) [kworker/3:0-events] (root,35308,10028,00:00:00/5-13:56:08,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:21/5-13:56:07,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-23 23:31 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363aa31d004Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:03/41-12:50:50,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/41-12:50:50,2) [kthreadd] (root,0,0,00:00:00/41-12:50:50,3) [rcu_gp] (root,0,0,00:00:00/41-12:50:50,4) [rcu_par_gp] (root,0,0,00:00:00/41-12:50:50,5) [slub_flushwq] (root,0,0,00:00:00/41-12:50:50,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/41-12:50:50,9) [mm_percpu_wq] (root,0,0,00:00:00/41-12:50:50,10) [rcu_tasks_kthre] (root,0,0,00:00:00/41-12:50:50,11) [rcu_tasks_rude_] (root,0,0,00:00:00/41-12:50:50,12) [rcu_tasks_trace] (root,0,0,00:01:16/41-12:50:50,13) [ksoftirqd/0] (root,0,0,01:59:13/41-12:50:50,14) [rcu_preempt] (root,0,0,00:00:15/41-12:50:50,15) [migration/0] (root,0,0,00:00:00/41-12:50:50,16) [idle_inject/0] (root,0,0,00:00:00/41-12:50:50,18) [cpuhp/0] (root,0,0,00:00:00/41-12:50:50,19) [cpuhp/1] (root,0,0,00:00:00/41-12:50:50,20) [idle_inject/1] (root,0,0,00:00:16/41-12:50:50,21) [migration/1] (root,0,0,00:01:02/41-12:50:50,22) [ksoftirqd/1] (root,0,0,00:00:00/41-12:50:50,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/41-12:50:50,25) [cpuhp/2] (root,0,0,00:00:00/41-12:50:50,26) [idle_inject/2] (root,0,0,00:00:12/41-12:50:50,27) [migration/2] (root,0,0,01:18:27/41-12:50:50,28) [ksoftirqd/2] (root,0,0,00:00:00/41-12:50:50,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/41-12:50:50,31) [cpuhp/3] (root,0,0,00:00:00/41-12:50:50,32) [idle_inject/3] (root,0,0,00:00:15/41-12:50:50,33) [migration/3] (root,0,0,00:03:59/41-12:50:50,34) [ksoftirqd/3] (root,0,0,00:00:00/41-12:50:50,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/41-12:50:50,40) [kdevtmpfs] (root,0,0,00:00:00/41-12:50:50,41) [netns] (root,0,0,00:00:00/41-12:50:50,42) [inet_frag_wq] (root,0,0,00:00:14/41-12:50:50,43) [kauditd] (root,0,0,00:00:00/41-12:50:50,44) [khungtaskd] (root,0,0,00:00:00/41-12:50:50,45) [oom_reaper] (root,0,0,00:00:00/41-12:50:50,46) [writeback] (root,0,0,00:02:11/41-12:50:50,47) [kcompactd0] (root,0,0,00:00:00/41-12:50:50,48) [ksmd] (root,0,0,00:02:17/41-12:50:50,49) [khugepaged] (root,0,0,00:00:00/41-12:50:50,75) [kintegrityd] (root,0,0,00:00:00/41-12:50:50,76) [kblockd] (root,0,0,00:00:00/41-12:50:50,77) [blkcg_punt_bio] (root,0,0,00:00:00/41-12:50:50,79) [tpm_dev_wq] (root,0,0,00:00:00/41-12:50:50,80) [edac-poller] (root,0,0,00:00:00/41-12:50:50,81) [devfreq_wq] (root,0,0,00:00:00/41-12:50:50,110) [watchdogd] (root,0,0,00:00:03/41-12:50:50,111) [kswapd0] (root,0,0,00:00:11/41-12:50:50,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/41-12:50:48,115) [kthrotld] (root,0,0,00:00:00/41-12:50:48,116) [mld] (root,0,0,00:00:00/41-12:50:48,117) [ipv6_addrconf] (root,0,0,00:00:11/41-12:50:48,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/41-12:50:48,123) [kstrp] (root,0,0,00:00:00/41-12:50:48,124) [zswap-shrink] (root,0,0,00:00:00/41-12:50:48,125) [kworker/u9:0] (root,0,0,00:00:00/41-12:50:48,130) [charger_manager] (root,0,0,00:00:13/41-12:50:48,172) [kworker/1:1H-kblockd] (root,0,0,00:00:18/41-12:50:48,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/41-12:50:47,239) [kaluad] (root,0,0,00:00:00/41-12:50:47,258) [kmpath_rdacd] (root,0,0,00:00:00/41-12:50:47,304) [kmpathd] (root,0,0,00:00:00/41-12:50:47,305) [kmpath_handlerd] (root,0,0,00:00:00/41-12:50:46,342) [ata_sff] (root,0,0,00:00:00/41-12:50:46,343) [scsi_eh_0] (root,0,0,00:00:00/41-12:50:46,344) [scsi_tmf_0] (root,0,0,00:00:00/41-12:50:46,345) [scsi_eh_1] (root,0,0,00:00:00/41-12:50:46,346) [scsi_tmf_1] (root,0,0,00:01:23/41-12:50:43,366) [jbd2/vda1-8] (root,0,0,00:00:00/41-12:50:43,367) [ext4-rsv-conver] (root,38604,7856,00:01:12/41-12:50:31,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:04/41-12:50:30,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:05/41-12:50:28,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:25/41-12:49:57,511) /sbin/auditd (messagebus,22932,5408,00:02:19/41-12:49:56,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:18/41-12:49:56,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/41-12:49:56,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/41-12:49:54,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/41-12:49:54,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30208,00:00:49/41-12:49:40,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/41-12:49:40,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:09/41-12:49:40,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/41-12:49:40,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/41-12:49:40,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/41-12:49:40,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/41-12:49:40,1343) /usr/lib/systemd/systemd --user (root,449060,8448,00:01:22/41-12:49:40,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:01/41-12:49:40,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/41-12:49:40,1352) bpfilter_umh (root,26204,8096,00:00:21/41-12:49:40,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/41-12:49:40,1359) ntpd: asynchronous dns resolver (spot,361952,206168,2-09:30:16/41-12:49:39,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/41-12:49:39,1371) (sd-pam) (checkmk,48528,3180,00:00:00/41-12:49:39,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/41-12:49:39,1373) (sd-pam) (root,24216,5260,00:00:14/41-12:49:37,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/41-12:49:37,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/41-12:49:37,1485) /usr/sbin/cron -n (root,697108,76396,00:57:42/41-12:49:31,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,226752,68932,00:22:48/41-12:49:19,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/35-18:24:54,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:38:26,3309) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/07:46,3749) [kworker/3:1-ata_sff] (root,0,0,00:00:00/16:03,4186) [kworker/0:0] (root,0,0,00:00:00/35:13,8459) [kworker/1:0-cgroup_destroy] (root,35304,10040,00:00:00/3-13:17:49,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:15/3-13:17:48,10514) sshd: syslogtunnel (postfix,24244,8308,00:00:00/01:17:19,11997) pickup -l -t fifo -u (root,0,0,00:00:00/59:11,15424) [kworker/0:2-events] (root,0,0,00:00:02/10:15:30,16954) [kworker/2:1-events] (root,0,0,00:00:01/02:54:32,18031) [kworker/1:2-events] (root,0,0,00:00:00/20:47,21069) [kworker/2:2] (root,0,0,00:00:00/02:35,21694) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:39,23332) [kworker/1:1-events] (root,0,0,00:00:00/28:32,23469) [kworker/3:2-events] (root,0,0,00:00:00/19:03,25841) [kworker/u8:1-writeback] (root,35308,10028,00:00:00/3-14:04:02,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:14/3-14:04:01,30947) sshd: cm-ssh (root,6656,3480,00:00:00/00:00,30953) /bin/bash /usr/bin/check_mk_agent (root,13744,3452,00:00:00/00:00,30971) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,30972) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-21 23:39 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836374244c77Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:57/39-11:37:33,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-11:37:33,2) [kthreadd] (root,0,0,00:00:00/39-11:37:33,3) [rcu_gp] (root,0,0,00:00:00/39-11:37:33,4) [rcu_par_gp] (root,0,0,00:00:00/39-11:37:33,5) [slub_flushwq] (root,0,0,00:00:00/39-11:37:33,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-11:37:33,9) [mm_percpu_wq] (root,0,0,00:00:00/39-11:37:33,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-11:37:33,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-11:37:33,12) [rcu_tasks_trace] (root,0,0,00:01:12/39-11:37:33,13) [ksoftirqd/0] (root,0,0,01:53:17/39-11:37:33,14) [rcu_preempt] (root,0,0,00:00:15/39-11:37:33,15) [migration/0] (root,0,0,00:00:00/39-11:37:33,16) [idle_inject/0] (root,0,0,00:00:00/39-11:37:33,18) [cpuhp/0] (root,0,0,00:00:00/39-11:37:33,19) [cpuhp/1] (root,0,0,00:00:00/39-11:37:33,20) [idle_inject/1] (root,0,0,00:00:15/39-11:37:33,21) [migration/1] (root,0,0,00:00:59/39-11:37:33,22) [ksoftirqd/1] (root,0,0,00:00:00/39-11:37:33,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-11:37:33,25) [cpuhp/2] (root,0,0,00:00:00/39-11:37:33,26) [idle_inject/2] (root,0,0,00:00:11/39-11:37:33,27) [migration/2] (root,0,0,01:13:34/39-11:37:33,28) [ksoftirqd/2] (root,0,0,00:00:00/39-11:37:33,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-11:37:33,31) [cpuhp/3] (root,0,0,00:00:00/39-11:37:33,32) [idle_inject/3] (root,0,0,00:00:14/39-11:37:33,33) [migration/3] (root,0,0,00:03:45/39-11:37:33,34) [ksoftirqd/3] (root,0,0,00:00:00/39-11:37:33,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-11:37:33,40) [kdevtmpfs] (root,0,0,00:00:00/39-11:37:33,41) [netns] (root,0,0,00:00:00/39-11:37:33,42) [inet_frag_wq] (root,0,0,00:00:14/39-11:37:33,43) [kauditd] (root,0,0,00:00:00/39-11:37:33,44) [khungtaskd] (root,0,0,00:00:00/39-11:37:33,45) [oom_reaper] (root,0,0,00:00:00/39-11:37:33,46) [writeback] (root,0,0,00:02:04/39-11:37:33,47) [kcompactd0] (root,0,0,00:00:00/39-11:37:33,48) [ksmd] (root,0,0,00:02:09/39-11:37:33,49) [khugepaged] (root,0,0,00:00:00/39-11:37:33,75) [kintegrityd] (root,0,0,00:00:00/39-11:37:33,76) [kblockd] (root,0,0,00:00:00/39-11:37:33,77) [blkcg_punt_bio] (root,0,0,00:00:00/39-11:37:33,79) [tpm_dev_wq] (root,0,0,00:00:00/39-11:37:33,80) [edac-poller] (root,0,0,00:00:00/39-11:37:33,81) [devfreq_wq] (root,0,0,00:00:00/39-11:37:33,110) [watchdogd] (root,0,0,00:00:02/39-11:37:33,111) [kswapd0] (root,0,0,00:00:10/39-11:37:33,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/39-11:37:31,115) [kthrotld] (root,0,0,00:00:00/39-11:37:31,116) [mld] (root,0,0,00:00:00/39-11:37:31,117) [ipv6_addrconf] (root,0,0,00:00:11/39-11:37:31,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-11:37:31,123) [kstrp] (root,0,0,00:00:00/39-11:37:31,124) [zswap-shrink] (root,0,0,00:00:00/39-11:37:31,125) [kworker/u9:0] (root,0,0,00:00:00/39-11:37:31,130) [charger_manager] (root,0,0,00:00:12/39-11:37:31,172) [kworker/1:1H-kblockd] (root,0,0,00:00:17/39-11:37:31,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/39-11:37:30,239) [kaluad] (root,0,0,00:00:00/39-11:37:30,258) [kmpath_rdacd] (root,0,0,00:00:00/39-11:37:30,304) [kmpathd] (root,0,0,00:00:00/39-11:37:30,305) [kmpath_handlerd] (root,0,0,00:00:00/39-11:37:29,342) [ata_sff] (root,0,0,00:00:00/39-11:37:29,343) [scsi_eh_0] (root,0,0,00:00:00/39-11:37:29,344) [scsi_tmf_0] (root,0,0,00:00:00/39-11:37:29,345) [scsi_eh_1] (root,0,0,00:00:00/39-11:37:29,346) [scsi_tmf_1] (root,0,0,00:01:18/39-11:37:26,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-11:37:26,367) [ext4-rsv-conver] (root,38604,7924,00:01:08/39-11:37:14,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/39-11:37:13,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:01:02/39-11:37:11,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:24/39-11:36:40,511) /sbin/auditd (messagebus,22932,5436,00:02:12/39-11:36:39,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:15/39-11:36:39,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/39-11:36:39,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/39-11:36:37,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/39-11:36:37,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30300,00:00:47/39-11:36:23,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/39-11:36:23,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:55/39-11:36:23,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/39-11:36:23,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/39-11:36:23,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/39-11:36:23,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/39-11:36:23,1343) /usr/lib/systemd/systemd --user (root,449060,8596,00:01:19/39-11:36:23,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:43/39-11:36:23,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/39-11:36:23,1352) bpfilter_umh (root,26204,8116,00:00:20/39-11:36:23,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/39-11:36:23,1359) ntpd: asynchronous dns resolver (spot,361552,198388,2-07:17:29/39-11:36:22,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/39-11:36:22,1371) (sd-pam) (checkmk,48528,3192,00:00:00/39-11:36:22,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/39-11:36:22,1373) (sd-pam) (root,24216,5260,00:00:14/39-11:36:20,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/39-11:36:20,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/39-11:36:20,1485) /usr/sbin/cron -n (root,697108,76496,00:54:46/39-11:36:14,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,67424,00:21:43/39-11:36:02,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/33-17:11:37,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/40:30,3019) [kworker/1:2-events] (root,6656,3488,00:00:00/00:00,7271) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,7289) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,7290) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/08:31,7299) [kworker/3:1-ata_sff] (root,35304,10040,00:00:00/1-12:04:32,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:07/1-12:04:31,10514) sshd: syslogtunnel (root,0,0,00:00:00/01:25:46,12444) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/54:29,15181) [kworker/0:1-events] (root,0,0,00:00:00/26:00,15955) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/26:00,15966) [kworker/1:0-events] (root,0,0,00:00:00/26:00,15998) [kworker/2:1-events] (root,0,0,00:00:01/02:27:51,16553) [kworker/0:0-events] (root,0,0,00:00:00/13:44,18227) [kworker/3:0-events] (root,0,0,00:00:00/03:21,26858) [kworker/3:2-ata_sff] (root,35308,10028,00:00:00/1-12:50:45,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:06/1-12:50:44,30947) sshd: cm-ssh (postfix,24244,8232,00:00:00/24:54,31794) pickup -l -t fifo -u (root,0,0,00:00:00/01:50:22,32470) [kworker/2:2-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-19 22:26 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363059b1215Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:51/37-10:34:35,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-10:34:35,2) [kthreadd] (root,0,0,00:00:00/37-10:34:35,3) [rcu_gp] (root,0,0,00:00:00/37-10:34:35,4) [rcu_par_gp] (root,0,0,00:00:00/37-10:34:35,5) [slub_flushwq] (root,0,0,00:00:00/37-10:34:35,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-10:34:35,9) [mm_percpu_wq] (root,0,0,00:00:00/37-10:34:35,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-10:34:35,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-10:34:35,12) [rcu_tasks_trace] (root,0,0,00:01:07/37-10:34:35,13) [ksoftirqd/0] (root,0,0,01:47:06/37-10:34:35,14) [rcu_preempt] (root,0,0,00:00:14/37-10:34:35,15) [migration/0] (root,0,0,00:00:00/37-10:34:35,16) [idle_inject/0] (root,0,0,00:00:00/37-10:34:35,18) [cpuhp/0] (root,0,0,00:00:00/37-10:34:35,19) [cpuhp/1] (root,0,0,00:00:00/37-10:34:35,20) [idle_inject/1] (root,0,0,00:00:14/37-10:34:35,21) [migration/1] (root,0,0,00:00:54/37-10:34:35,22) [ksoftirqd/1] (root,0,0,00:00:00/37-10:34:35,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-10:34:35,25) [cpuhp/2] (root,0,0,00:00:00/37-10:34:35,26) [idle_inject/2] (root,0,0,00:00:10/37-10:34:35,27) [migration/2] (root,0,0,01:07:41/37-10:34:35,28) [ksoftirqd/2] (root,0,0,00:00:00/37-10:34:35,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-10:34:35,31) [cpuhp/3] (root,0,0,00:00:00/37-10:34:35,32) [idle_inject/3] (root,0,0,00:00:13/37-10:34:35,33) [migration/3] (root,0,0,00:03:29/37-10:34:35,34) [ksoftirqd/3] (root,0,0,00:00:00/37-10:34:35,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-10:34:35,40) [kdevtmpfs] (root,0,0,00:00:00/37-10:34:35,41) [netns] (root,0,0,00:00:00/37-10:34:35,42) [inet_frag_wq] (root,0,0,00:00:13/37-10:34:35,43) [kauditd] (root,0,0,00:00:00/37-10:34:35,44) [khungtaskd] (root,0,0,00:00:00/37-10:34:35,45) [oom_reaper] (root,0,0,00:00:00/37-10:34:35,46) [writeback] (root,0,0,00:01:57/37-10:34:35,47) [kcompactd0] (root,0,0,00:00:00/37-10:34:35,48) [ksmd] (root,0,0,00:02:02/37-10:34:35,49) [khugepaged] (root,0,0,00:00:00/37-10:34:35,75) [kintegrityd] (root,0,0,00:00:00/37-10:34:35,76) [kblockd] (root,0,0,00:00:00/37-10:34:35,77) [blkcg_punt_bio] (root,0,0,00:00:00/37-10:34:35,79) [tpm_dev_wq] (root,0,0,00:00:00/37-10:34:35,80) [edac-poller] (root,0,0,00:00:00/37-10:34:35,81) [devfreq_wq] (root,0,0,00:00:00/37-10:34:35,110) [watchdogd] (root,0,0,00:00:02/37-10:34:35,111) [kswapd0] (root,0,0,00:00:10/37-10:34:35,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/37-10:34:33,115) [kthrotld] (root,0,0,00:00:00/37-10:34:33,116) [mld] (root,0,0,00:00:00/37-10:34:33,117) [ipv6_addrconf] (root,0,0,00:00:10/37-10:34:33,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-10:34:33,123) [kstrp] (root,0,0,00:00:00/37-10:34:33,124) [zswap-shrink] (root,0,0,00:00:00/37-10:34:33,125) [kworker/u9:0] (root,0,0,00:00:00/37-10:34:33,130) [charger_manager] (root,0,0,00:00:11/37-10:34:33,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/37-10:34:33,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/37-10:34:32,239) [kaluad] (root,0,0,00:00:00/37-10:34:32,258) [kmpath_rdacd] (root,0,0,00:00:00/37-10:34:32,304) [kmpathd] (root,0,0,00:00:00/37-10:34:32,305) [kmpath_handlerd] (root,0,0,00:00:00/37-10:34:31,342) [ata_sff] (root,0,0,00:00:00/37-10:34:31,343) [scsi_eh_0] (root,0,0,00:00:00/37-10:34:31,344) [scsi_tmf_0] (root,0,0,00:00:00/37-10:34:31,345) [scsi_eh_1] (root,0,0,00:00:00/37-10:34:31,346) [scsi_tmf_1] (root,0,0,00:01:14/37-10:34:28,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-10:34:28,367) [ext4-rsv-conver] (root,38604,7924,00:01:01/37-10:34:16,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/37-10:34:15,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:00:58/37-10:34:13,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:22/37-10:33:42,511) /sbin/auditd (messagebus,22932,5436,00:02:06/37-10:33:41,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:11/37-10:33:41,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/37-10:33:41,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/37-10:33:39,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/37-10:33:39,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/02:11:35,669) [kworker/2:0-events] (root,0,0,00:00:00/12:44,1287) [kworker/u8:1-writeback] (root,548616,30292,00:00:44/37-10:33:25,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/37-10:33:25,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:42/37-10:33:25,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/37-10:33:25,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/37-10:33:25,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/37-10:33:25,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/37-10:33:25,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:57/37-10:33:25,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:24/37-10:33:25,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/37-10:33:25,1352) bpfilter_umh (root,26204,8116,00:00:19/37-10:33:25,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/37-10:33:25,1359) ntpd: asynchronous dns resolver (spot,361856,198464,2-04:15:50/37-10:33:24,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/37-10:33:24,1371) (sd-pam) (checkmk,48528,3192,00:00:00/37-10:33:24,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/37-10:33:24,1373) (sd-pam) (root,24216,5260,00:00:13/37-10:33:22,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/37-10:33:22,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/37-10:33:22,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/37-10:33:19,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:19/37-10:33:18,1527) sshd: syslogtunnel (root,0,0,00:00:00/27:45,1530) [kworker/u8:2-ext4-rsv-conversion] (root,696596,77960,00:51:49/37-10:33:16,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66200,00:20:38/37-10:33:04,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/31-16:08:39,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/37-10:32:39,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:02:04/37-10:32:39,3218) sshd: cm-ssh (root,0,0,00:00:00/01:39:54,4224) [kworker/0:0-events] (root,0,0,00:00:00/08:24,8458) [kworker/3:1-ata_sff] (root,6656,3488,00:00:00/00:00,11059) /bin/bash /usr/bin/check_mk_agent (root,13744,3420,00:00:00/00:00,11077) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,11078) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8176,00:00:00/01:23:52,11352) pickup -l -t fifo -u (root,0,0,00:00:00/01:21:49,11965) [kworker/1:0-events] (root,0,0,00:00:00/31:57,19177) [kworker/0:2-events] (root,0,0,00:00:00/45:34,24929) [kworker/2:1-events] (root,0,0,00:00:00/03:13,28649) [kworker/3:0-ata_sff] (root,0,0,00:00:00/54:38,31156) [kworker/1:2-events] (root,0,0,00:00:01/02:12:55,32737) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-17 21:23 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c6f1283eFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12620,00:01:46/35-14:09:59,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/35-14:09:59,2) [kthreadd] (root,0,0,00:00:00/35-14:09:59,3) [rcu_gp] (root,0,0,00:00:00/35-14:09:59,4) [rcu_par_gp] (root,0,0,00:00:00/35-14:09:59,5) [slub_flushwq] (root,0,0,00:00:00/35-14:09:59,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-14:09:59,9) [mm_percpu_wq] (root,0,0,00:00:00/35-14:09:59,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-14:09:59,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-14:09:59,12) [rcu_tasks_trace] (root,0,0,00:01:04/35-14:09:59,13) [ksoftirqd/0] (root,0,0,01:42:13/35-14:09:59,14) [rcu_preempt] (root,0,0,00:00:13/35-14:09:59,15) [migration/0] (root,0,0,00:00:00/35-14:09:59,16) [idle_inject/0] (root,0,0,00:00:00/35-14:09:59,18) [cpuhp/0] (root,0,0,00:00:00/35-14:09:59,19) [cpuhp/1] (root,0,0,00:00:00/35-14:09:59,20) [idle_inject/1] (root,0,0,00:00:13/35-14:09:59,21) [migration/1] (root,0,0,00:00:52/35-14:09:59,22) [ksoftirqd/1] (root,0,0,00:00:00/35-14:09:59,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-14:09:59,25) [cpuhp/2] (root,0,0,00:00:00/35-14:09:59,26) [idle_inject/2] (root,0,0,00:00:10/35-14:09:59,27) [migration/2] (root,0,0,01:05:03/35-14:09:59,28) [ksoftirqd/2] (root,0,0,00:00:00/35-14:09:59,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-14:09:59,31) [cpuhp/3] (root,0,0,00:00:00/35-14:09:59,32) [idle_inject/3] (root,0,0,00:00:12/35-14:09:59,33) [migration/3] (root,0,0,00:03:21/35-14:09:59,34) [ksoftirqd/3] (root,0,0,00:00:00/35-14:09:59,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-14:09:59,40) [kdevtmpfs] (root,0,0,00:00:00/35-14:09:59,41) [netns] (root,0,0,00:00:00/35-14:09:59,42) [inet_frag_wq] (root,0,0,00:00:12/35-14:09:59,43) [kauditd] (root,0,0,00:00:00/35-14:09:59,44) [khungtaskd] (root,0,0,00:00:00/35-14:09:59,45) [oom_reaper] (root,0,0,00:00:00/35-14:09:59,46) [writeback] (root,0,0,00:01:52/35-14:09:59,47) [kcompactd0] (root,0,0,00:00:00/35-14:09:59,48) [ksmd] (root,0,0,00:01:56/35-14:09:59,49) [khugepaged] (root,0,0,00:00:00/35-14:09:59,75) [kintegrityd] (root,0,0,00:00:00/35-14:09:59,76) [kblockd] (root,0,0,00:00:00/35-14:09:59,77) [blkcg_punt_bio] (root,0,0,00:00:00/35-14:09:59,79) [tpm_dev_wq] (root,0,0,00:00:00/35-14:09:59,80) [edac-poller] (root,0,0,00:00:00/35-14:09:59,81) [devfreq_wq] (root,0,0,00:00:00/35-14:09:59,110) [watchdogd] (root,0,0,00:00:02/35-14:09:59,111) [kswapd0] (root,0,0,00:00:09/35-14:09:59,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/35-14:09:57,115) [kthrotld] (root,0,0,00:00:00/35-14:09:57,116) [mld] (root,0,0,00:00:00/35-14:09:57,117) [ipv6_addrconf] (root,0,0,00:00:10/35-14:09:57,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-14:09:57,123) [kstrp] (root,0,0,00:00:00/35-14:09:57,124) [zswap-shrink] (root,0,0,00:00:00/35-14:09:57,125) [kworker/u9:0] (root,0,0,00:00:00/35-14:09:57,130) [charger_manager] (root,0,0,00:00:10/35-14:09:57,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/35-14:09:57,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/35-14:09:56,239) [kaluad] (root,0,0,00:00:00/35-14:09:56,258) [kmpath_rdacd] (root,0,0,00:00:00/35-14:09:56,304) [kmpathd] (root,0,0,00:00:00/35-14:09:56,305) [kmpath_handlerd] (root,0,0,00:00:00/35-14:09:55,342) [ata_sff] (root,0,0,00:00:00/35-14:09:55,343) [scsi_eh_0] (root,0,0,00:00:00/35-14:09:55,344) [scsi_tmf_0] (root,0,0,00:00:00/35-14:09:55,345) [scsi_eh_1] (root,0,0,00:00:00/35-14:09:55,346) [scsi_tmf_1] (root,0,0,00:01:11/35-14:09:52,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-14:09:52,367) [ext4-rsv-conver] (root,38604,7924,00:00:58/35-14:09:40,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/35-14:09:39,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:00:56/35-14:09:37,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:21/35-14:09:06,511) /sbin/auditd (messagebus,22932,5436,00:01:59/35-14:09:05,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:07/35-14:09:05,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/35-14:09:05,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/35-14:09:03,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/35-14:09:03,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/43:11,633) [kworker/u8:1-writeback] (root,548616,30252,00:00:42/35-14:08:49,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/35-14:08:49,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:34/35-14:08:49,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/35-14:08:49,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/35-14:08:49,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/35-14:08:49,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/35-14:08:49,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:55/35-14:08:49,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:09/35-14:08:49,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/35-14:08:49,1352) bpfilter_umh (root,26204,8116,00:00:18/35-14:08:49,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/35-14:08:49,1359) ntpd: asynchronous dns resolver (spot,361488,198368,2-02:18:42/35-14:08:48,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/35-14:08:48,1371) (sd-pam) (checkmk,48528,3192,00:00:00/35-14:08:48,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/35-14:08:48,1373) (sd-pam) (root,24216,5260,00:00:12/35-14:08:46,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/35-14:08:46,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/35-14:08:46,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/35-14:08:43,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:12/35-14:08:42,1527) sshd: syslogtunnel (root,696596,77900,00:49:16/35-14:08:40,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:01/02:18:11,1719) [kworker/2:2-events] (spot,223680,64860,00:19:42/35-14:08:28,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/29-19:44:03,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/35-14:08:03,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:58/35-14:08:03,3218) sshd: cm-ssh (root,0,0,00:00:00/05:39,9309) [kworker/3:1-ata_sff] (root,0,0,00:00:00/01:15:22,11281) [kworker/0:1-events] (root,0,0,00:00:00/04:06,15632) [kworker/2:1] (root,0,0,00:00:00/13:57,16207) [kworker/1:2-events] (postfix,24244,8160,00:00:00/20:55,18195) pickup -l -t fifo -u (root,0,0,00:00:00/03:25:53,19269) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:27:58,20934) [kworker/1:1-events] (root,0,0,00:00:00/57:32,21127) [kworker/3:0-events] (root,0,0,00:00:00/27:42,25651) [kworker/2:0-events] (root,0,0,00:00:00/00:29,28505) [kworker/3:2-ata_sff] (root,0,0,00:00:00/18:26,29321) [kworker/0:0-events] (root,6656,3488,00:00:00/00:00,31733) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,31751) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,31752) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-16 00:58 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b631c507Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:39/33-12:37:40,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/33-12:37:40,2) [kthreadd] (root,0,0,00:00:00/33-12:37:40,3) [rcu_gp] (root,0,0,00:00:00/33-12:37:40,4) [rcu_par_gp] (root,0,0,00:00:00/33-12:37:40,5) [slub_flushwq] (root,0,0,00:00:00/33-12:37:40,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-12:37:40,9) [mm_percpu_wq] (root,0,0,00:00:00/33-12:37:40,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-12:37:40,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-12:37:40,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-12:37:40,13) [ksoftirqd/0] (root,0,0,01:36:44/33-12:37:40,14) [rcu_preempt] (root,0,0,00:00:12/33-12:37:40,15) [migration/0] (root,0,0,00:00:00/33-12:37:40,16) [idle_inject/0] (root,0,0,00:00:00/33-12:37:40,18) [cpuhp/0] (root,0,0,00:00:00/33-12:37:40,19) [cpuhp/1] (root,0,0,00:00:00/33-12:37:40,20) [idle_inject/1] (root,0,0,00:00:12/33-12:37:40,21) [migration/1] (root,0,0,00:00:50/33-12:37:40,22) [ksoftirqd/1] (root,0,0,00:00:00/33-12:37:40,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-12:37:40,25) [cpuhp/2] (root,0,0,00:00:00/33-12:37:40,26) [idle_inject/2] (root,0,0,00:00:09/33-12:37:40,27) [migration/2] (root,0,0,01:01:51/33-12:37:40,28) [ksoftirqd/2] (root,0,0,00:00:00/33-12:37:40,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-12:37:40,31) [cpuhp/3] (root,0,0,00:00:00/33-12:37:40,32) [idle_inject/3] (root,0,0,00:00:12/33-12:37:40,33) [migration/3] (root,0,0,00:03:11/33-12:37:40,34) [ksoftirqd/3] (root,0,0,00:00:00/33-12:37:40,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-12:37:40,40) [kdevtmpfs] (root,0,0,00:00:00/33-12:37:40,41) [netns] (root,0,0,00:00:00/33-12:37:40,42) [inet_frag_wq] (root,0,0,00:00:12/33-12:37:40,43) [kauditd] (root,0,0,00:00:00/33-12:37:40,44) [khungtaskd] (root,0,0,00:00:00/33-12:37:40,45) [oom_reaper] (root,0,0,00:00:00/33-12:37:40,46) [writeback] (root,0,0,00:01:46/33-12:37:40,47) [kcompactd0] (root,0,0,00:00:00/33-12:37:40,48) [ksmd] (root,0,0,00:01:49/33-12:37:40,49) [khugepaged] (root,0,0,00:00:00/33-12:37:40,75) [kintegrityd] (root,0,0,00:00:00/33-12:37:40,76) [kblockd] (root,0,0,00:00:00/33-12:37:40,77) [blkcg_punt_bio] (root,0,0,00:00:00/33-12:37:40,79) [tpm_dev_wq] (root,0,0,00:00:00/33-12:37:40,80) [edac-poller] (root,0,0,00:00:00/33-12:37:40,81) [devfreq_wq] (root,0,0,00:00:00/33-12:37:40,110) [watchdogd] (root,0,0,00:00:02/33-12:37:40,111) [kswapd0] (root,0,0,00:00:09/33-12:37:40,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/33-12:37:38,115) [kthrotld] (root,0,0,00:00:00/33-12:37:38,116) [mld] (root,0,0,00:00:00/33-12:37:38,117) [ipv6_addrconf] (root,0,0,00:00:09/33-12:37:38,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-12:37:38,123) [kstrp] (root,0,0,00:00:00/33-12:37:38,124) [zswap-shrink] (root,0,0,00:00:00/33-12:37:38,125) [kworker/u9:0] (root,0,0,00:00:00/33-12:37:38,130) [charger_manager] (root,0,0,00:00:10/33-12:37:38,172) [kworker/1:1H-kblockd] (root,0,0,00:00:15/33-12:37:38,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/33-12:37:37,239) [kaluad] (root,0,0,00:00:00/33-12:37:37,258) [kmpath_rdacd] (root,0,0,00:00:00/33-12:37:37,304) [kmpathd] (root,0,0,00:00:00/33-12:37:37,305) [kmpath_handlerd] (root,0,0,00:00:00/33-12:37:36,342) [ata_sff] (root,0,0,00:00:00/33-12:37:36,343) [scsi_eh_0] (root,0,0,00:00:00/33-12:37:36,344) [scsi_tmf_0] (root,0,0,00:00:00/33-12:37:36,345) [scsi_eh_1] (root,0,0,00:00:00/33-12:37:36,346) [scsi_tmf_1] (root,0,0,00:01:07/33-12:37:33,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-12:37:33,367) [ext4-rsv-conver] (root,38604,7944,00:00:54/33-12:37:21,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/33-12:37:20,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:52/33-12:37:18,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:20/33-12:36:47,511) /sbin/auditd (messagebus,22932,5632,00:01:52/33-12:36:46,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:01:03/33-12:36:46,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/33-12:36:46,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/33-12:36:44,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/33-12:36:44,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:39/33-12:36:30,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/33-12:36:30,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:23/33-12:36:30,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/33-12:36:30,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/33-12:36:30,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/33-12:36:30,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/33-12:36:30,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:51/33-12:36:30,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:51/33-12:36:30,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/33-12:36:30,1352) bpfilter_umh (root,26204,8128,00:00:17/33-12:36:30,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/33-12:36:30,1359) ntpd: asynchronous dns resolver (spot,361024,199972,2-00:17:40/33-12:36:29,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/33-12:36:29,1371) (sd-pam) (checkmk,48528,3192,00:00:00/33-12:36:29,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/33-12:36:29,1373) (sd-pam) (root,24216,5260,00:00:11/33-12:36:27,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/33-12:36:27,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/33-12:36:27,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/33-12:36:24,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:05/33-12:36:23,1527) sshd: syslogtunnel (root,694036,73228,00:46:24/33-12:36:21,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,222656,63352,00:18:42/33-12:36:09,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/09:46,2466) [kworker/3:1-events] (postfix,44628,9244,00:00:01/27-18:11:44,2557) tlsmgr -l -t unix -u (root,0,0,00:00:01/01:53:32,2925) [kworker/3:2-ata_sff] (root,35308,10108,00:00:00/33-12:35:44,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:51/33-12:35:44,3218) sshd: cm-ssh (root,0,0,00:00:00/02:39,4095) [kworker/2:0] (root,0,0,00:00:00/09:15,4794) [kworker/1:1] (root,0,0,00:00:00/25:53,7410) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/00:45,15619) [kworker/3:0-ata_sff] (root,0,0,00:00:01/04:23:03,15620) [kworker/2:2-events] (root,0,0,00:00:00/42:36,17463) [kworker/0:0] (root,6656,3496,00:00:00/00:00,19026) /bin/bash /usr/bin/check_mk_agent (root,6656,3480,00:00:00/00:00,19110) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,19128) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,19129) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:02:44,21273) [kworker/0:1-events] (root,0,0,00:00:00/01:36:19,22539) [kworker/u8:2-writeback] (postfix,24244,8228,00:00:00/49:35,25034) pickup -l -t fifo -u (root,0,0,00:00:00/49:23,25667) [kworker/1:0-events] (root,0,0,00:00:00/01:09:35,29580) [kworker/2:1-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-13 23:26 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683632957810eFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:33/31-12:38:58,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-12:38:58,2) [kthreadd] (root,0,0,00:00:00/31-12:38:58,3) [rcu_gp] (root,0,0,00:00:00/31-12:38:58,4) [rcu_par_gp] (root,0,0,00:00:00/31-12:38:58,5) [slub_flushwq] (root,0,0,00:00:00/31-12:38:58,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-12:38:58,9) [mm_percpu_wq] (root,0,0,00:00:00/31-12:38:58,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-12:38:58,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-12:38:58,12) [rcu_tasks_trace] (root,0,0,00:00:58/31-12:38:58,13) [ksoftirqd/0] (root,0,0,01:31:24/31-12:38:58,14) [rcu_preempt] (root,0,0,00:00:12/31-12:38:58,15) [migration/0] (root,0,0,00:00:00/31-12:38:58,16) [idle_inject/0] (root,0,0,00:00:00/31-12:38:58,18) [cpuhp/0] (root,0,0,00:00:00/31-12:38:58,19) [cpuhp/1] (root,0,0,00:00:00/31-12:38:58,20) [idle_inject/1] (root,0,0,00:00:12/31-12:38:58,21) [migration/1] (root,0,0,00:00:47/31-12:38:58,22) [ksoftirqd/1] (root,0,0,00:00:00/31-12:38:58,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-12:38:58,25) [cpuhp/2] (root,0,0,00:00:00/31-12:38:58,26) [idle_inject/2] (root,0,0,00:00:09/31-12:38:58,27) [migration/2] (root,0,0,00:58:49/31-12:38:58,28) [ksoftirqd/2] (root,0,0,00:00:00/31-12:38:58,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-12:38:58,31) [cpuhp/3] (root,0,0,00:00:00/31-12:38:58,32) [idle_inject/3] (root,0,0,00:00:11/31-12:38:58,33) [migration/3] (root,0,0,00:03:02/31-12:38:58,34) [ksoftirqd/3] (root,0,0,00:00:00/31-12:38:58,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-12:38:58,40) [kdevtmpfs] (root,0,0,00:00:00/31-12:38:58,41) [netns] (root,0,0,00:00:00/31-12:38:58,42) [inet_frag_wq] (root,0,0,00:00:11/31-12:38:58,43) [kauditd] (root,0,0,00:00:00/31-12:38:58,44) [khungtaskd] (root,0,0,00:00:00/31-12:38:58,45) [oom_reaper] (root,0,0,00:00:00/31-12:38:58,46) [writeback] (root,0,0,00:01:40/31-12:38:58,47) [kcompactd0] (root,0,0,00:00:00/31-12:38:58,48) [ksmd] (root,0,0,00:01:43/31-12:38:58,49) [khugepaged] (root,0,0,00:00:00/31-12:38:58,75) [kintegrityd] (root,0,0,00:00:00/31-12:38:58,76) [kblockd] (root,0,0,00:00:00/31-12:38:58,77) [blkcg_punt_bio] (root,0,0,00:00:00/31-12:38:58,79) [tpm_dev_wq] (root,0,0,00:00:00/31-12:38:58,80) [edac-poller] (root,0,0,00:00:00/31-12:38:58,81) [devfreq_wq] (root,0,0,00:00:00/31-12:38:58,110) [watchdogd] (root,0,0,00:00:02/31-12:38:58,111) [kswapd0] (root,0,0,00:00:08/31-12:38:58,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/31-12:38:56,115) [kthrotld] (root,0,0,00:00:00/31-12:38:56,116) [mld] (root,0,0,00:00:00/31-12:38:56,117) [ipv6_addrconf] (root,0,0,00:00:09/31-12:38:56,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-12:38:56,123) [kstrp] (root,0,0,00:00:00/31-12:38:56,124) [zswap-shrink] (root,0,0,00:00:00/31-12:38:56,125) [kworker/u9:0] (root,0,0,00:00:00/31-12:38:56,130) [charger_manager] (root,0,0,00:00:09/31-12:38:56,172) [kworker/1:1H-kblockd] (root,0,0,00:00:14/31-12:38:56,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/31-12:38:55,239) [kaluad] (root,0,0,00:00:00/31-12:38:55,258) [kmpath_rdacd] (root,0,0,00:00:00/31-12:38:55,304) [kmpathd] (root,0,0,00:00:00/31-12:38:55,305) [kmpath_handlerd] (root,0,0,00:00:00/31-12:38:54,342) [ata_sff] (root,0,0,00:00:00/31-12:38:54,343) [scsi_eh_0] (root,0,0,00:00:00/31-12:38:54,344) [scsi_tmf_0] (root,0,0,00:00:00/31-12:38:54,345) [scsi_eh_1] (root,0,0,00:00:00/31-12:38:54,346) [scsi_tmf_1] (root,0,0,00:01:03/31-12:38:51,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-12:38:51,367) [ext4-rsv-conver] (root,38604,7944,00:00:51/31-12:38:39,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/31-12:38:38,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:49/31-12:38:36,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:18/31-12:38:05,511) /sbin/auditd (messagebus,22932,5632,00:01:44/31-12:38:04,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:59/31-12:38:04,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/31-12:38:04,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/31-12:38:02,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/31-12:38:02,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:37/31-12:37:48,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/31-12:37:48,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:12/31-12:37:48,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/31-12:37:48,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/31-12:37:48,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/31-12:37:48,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/31-12:37:48,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:48/31-12:37:48,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:34/31-12:37:48,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/31-12:37:48,1352) bpfilter_umh (root,26204,8128,00:00:16/31-12:37:48,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/31-12:37:48,1359) ntpd: asynchronous dns resolver (spot,362160,200296,1-22:08:51/31-12:37:47,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/31-12:37:47,1371) (sd-pam) (checkmk,48528,3192,00:00:00/31-12:37:47,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/31-12:37:47,1373) (sd-pam) (root,24216,5260,00:00:11/31-12:37:45,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/31-12:37:45,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/31-12:37:45,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/31-12:37:42,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:58/31-12:37:41,1527) sshd: syslogtunnel (root,693780,74896,00:43:41/31-12:37:39,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,221632,61988,00:17:40/31-12:37:27,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:26:47,2437) [kworker/u8:2-flush-253:0] (postfix,44628,9244,00:00:01/25-18:13:02,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/31-12:37:02,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:45/31-12:37:02,3218) sshd: cm-ssh (root,0,0,00:00:00/13:33,6656) [kworker/3:0-events] (root,0,0,00:00:00/21:10,9918) [kworker/1:1-events] (root,0,0,00:00:00/03:10,10597) [kworker/3:2-ata_sff] (root,0,0,00:00:00/17:47:34,11736) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/00:58,16322) [kworker/1:0] (root,6656,3484,00:00:00/00:00,21887) /bin/bash /usr/bin/check_mk_agent (root,13744,3400,00:00:00/00:00,21905) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,21906) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/02:59:30,22602) [kworker/2:1-events] (root,0,0,00:00:00/01:26:59,23881) [kworker/1:2-events] (root,0,0,00:00:00/08:22,25261) [kworker/3:1-ata_sff] (postfix,24244,8268,00:00:00/01:12:50,25794) pickup -l -t fifo -u (root,0,0,00:00:00/07:42,27419) [kworker/2:2-events] (root,0,0,00:00:00/01:21:17,27771) [kworker/0:0] (root,0,0,00:00:01/02:02:07,28641) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-11 23:27 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f20efa0eFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:25/29-12:48:41,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-12:48:41,2) [kthreadd] (root,0,0,00:00:00/29-12:48:41,3) [rcu_gp] (root,0,0,00:00:00/29-12:48:41,4) [rcu_par_gp] (root,0,0,00:00:00/29-12:48:41,5) [slub_flushwq] (root,0,0,00:00:00/29-12:48:41,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-12:48:41,9) [mm_percpu_wq] (root,0,0,00:00:00/29-12:48:41,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-12:48:41,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-12:48:41,12) [rcu_tasks_trace] (root,0,0,00:00:55/29-12:48:41,13) [ksoftirqd/0] (root,0,0,01:25:36/29-12:48:41,14) [rcu_preempt] (root,0,0,00:00:11/29-12:48:41,15) [migration/0] (root,0,0,00:00:00/29-12:48:41,16) [idle_inject/0] (root,0,0,00:00:00/29-12:48:41,18) [cpuhp/0] (root,0,0,00:00:00/29-12:48:41,19) [cpuhp/1] (root,0,0,00:00:00/29-12:48:41,20) [idle_inject/1] (root,0,0,00:00:11/29-12:48:41,21) [migration/1] (root,0,0,00:00:45/29-12:48:41,22) [ksoftirqd/1] (root,0,0,00:00:00/29-12:48:41,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-12:48:41,25) [cpuhp/2] (root,0,0,00:00:00/29-12:48:41,26) [idle_inject/2] (root,0,0,00:00:08/29-12:48:41,27) [migration/2] (root,0,0,00:54:40/29-12:48:41,28) [ksoftirqd/2] (root,0,0,00:00:00/29-12:48:41,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-12:48:41,31) [cpuhp/3] (root,0,0,00:00:00/29-12:48:41,32) [idle_inject/3] (root,0,0,00:00:10/29-12:48:41,33) [migration/3] (root,0,0,00:02:50/29-12:48:41,34) [ksoftirqd/3] (root,0,0,00:00:00/29-12:48:41,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-12:48:41,40) [kdevtmpfs] (root,0,0,00:00:00/29-12:48:41,41) [netns] (root,0,0,00:00:00/29-12:48:41,42) [inet_frag_wq] (root,0,0,00:00:10/29-12:48:41,43) [kauditd] (root,0,0,00:00:00/29-12:48:41,44) [khungtaskd] (root,0,0,00:00:00/29-12:48:41,45) [oom_reaper] (root,0,0,00:00:00/29-12:48:41,46) [writeback] (root,0,0,00:01:34/29-12:48:41,47) [kcompactd0] (root,0,0,00:00:00/29-12:48:41,48) [ksmd] (root,0,0,00:01:36/29-12:48:41,49) [khugepaged] (root,0,0,00:00:00/29-12:48:41,75) [kintegrityd] (root,0,0,00:00:00/29-12:48:41,76) [kblockd] (root,0,0,00:00:00/29-12:48:41,77) [blkcg_punt_bio] (root,0,0,00:00:00/29-12:48:41,79) [tpm_dev_wq] (root,0,0,00:00:00/29-12:48:41,80) [edac-poller] (root,0,0,00:00:00/29-12:48:41,81) [devfreq_wq] (root,0,0,00:00:00/29-12:48:41,110) [watchdogd] (root,0,0,00:00:02/29-12:48:41,111) [kswapd0] (root,0,0,00:00:08/29-12:48:41,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/29-12:48:39,115) [kthrotld] (root,0,0,00:00:00/29-12:48:39,116) [mld] (root,0,0,00:00:00/29-12:48:39,117) [ipv6_addrconf] (root,0,0,00:00:08/29-12:48:39,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-12:48:39,123) [kstrp] (root,0,0,00:00:00/29-12:48:39,124) [zswap-shrink] (root,0,0,00:00:00/29-12:48:39,125) [kworker/u9:0] (root,0,0,00:00:00/29-12:48:39,130) [charger_manager] (root,0,0,00:00:09/29-12:48:39,172) [kworker/1:1H-kblockd] (root,0,0,00:00:13/29-12:48:39,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/29-12:48:38,239) [kaluad] (root,0,0,00:00:00/29-12:48:38,258) [kmpath_rdacd] (root,0,0,00:00:00/29-12:48:38,304) [kmpathd] (root,0,0,00:00:00/29-12:48:38,305) [kmpath_handlerd] (root,0,0,00:00:00/29-12:48:37,342) [ata_sff] (root,0,0,00:00:00/29-12:48:37,343) [scsi_eh_0] (root,0,0,00:00:00/29-12:48:37,344) [scsi_tmf_0] (root,0,0,00:00:00/29-12:48:37,345) [scsi_eh_1] (root,0,0,00:00:00/29-12:48:37,346) [scsi_tmf_1] (root,0,0,00:00:59/29-12:48:34,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-12:48:34,367) [ext4-rsv-conver] (root,38604,7944,00:00:47/29-12:48:22,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/29-12:48:21,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:46/29-12:48:19,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:17/29-12:47:48,511) /sbin/auditd (messagebus,22932,5632,00:01:35/29-12:47:47,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:54/29-12:47:47,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/29-12:47:47,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/29-12:47:45,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/29-12:47:45,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:35/29-12:47:31,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/29-12:47:31,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:01/29-12:47:31,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/29-12:47:31,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/29-12:47:31,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/29-12:47:31,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/29-12:47:31,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:45/29-12:47:31,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:17/29-12:47:31,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/29-12:47:31,1352) bpfilter_umh (root,26204,8128,00:00:14/29-12:47:31,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/29-12:47:31,1359) ntpd: asynchronous dns resolver (spot,361424,200100,1-19:47:31/29-12:47:30,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/29-12:47:30,1371) (sd-pam) (checkmk,48528,3192,00:00:00/29-12:47:30,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/29-12:47:30,1373) (sd-pam) (root,24216,5260,00:00:10/29-12:47:28,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/29-12:47:28,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/29-12:47:28,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/29-12:47:25,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:50/29-12:47:24,1527) sshd: syslogtunnel (root,693524,72428,00:40:49/29-12:47:22,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,220608,60744,00:16:37/29-12:47:10,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/23-18:22:45,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/11:49,2706) [kworker/u8:0-writeback] (root,35308,10108,00:00:00/29-12:46:45,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:38/29-12:46:45,3218) sshd: cm-ssh (postfix,24244,8232,00:00:00/04:29,5297) pickup -l -t fifo -u (root,0,0,00:00:00/01:30:22,9799) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/01:12:59,11915) [kworker/3:2-events] (root,0,0,00:00:00/02:41,14664) [kworker/0:0] (root,0,0,00:00:00/01:40:34,18169) [kworker/0:2-events] (root,0,0,00:00:01/02:12:44,22291) [kworker/0:1-events] (root,0,0,00:00:00/01:03:39,25049) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/00:22,25672) [kworker/3:0-ata_sff] (root,0,0,00:00:00/22:02,25890) [kworker/2:0] (root,6656,3484,00:00:00/00:00,27441) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,27459) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,27460) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/45:00,28994) [kworker/1:2-events] (root,0,0,00:00:00/01:01:10,29505) [kworker/2:1-events] (root,0,0,00:00:00/05:33,31385) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-09 23:37 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363700a253aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:17/27-11:11:10,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-11:11:10,2) [kthreadd] (root,0,0,00:00:00/27-11:11:10,3) [rcu_gp] (root,0,0,00:00:00/27-11:11:10,4) [rcu_par_gp] (root,0,0,00:00:00/27-11:11:10,5) [slub_flushwq] (root,0,0,00:00:00/27-11:11:10,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-11:11:10,9) [mm_percpu_wq] (root,0,0,00:00:00/27-11:11:10,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-11:11:10,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-11:11:10,12) [rcu_tasks_trace] (root,0,0,00:00:51/27-11:11:10,13) [ksoftirqd/0] (root,0,0,01:19:56/27-11:11:10,14) [rcu_preempt] (root,0,0,00:00:10/27-11:11:10,15) [migration/0] (root,0,0,00:00:00/27-11:11:10,16) [idle_inject/0] (root,0,0,00:00:00/27-11:11:10,18) [cpuhp/0] (root,0,0,00:00:00/27-11:11:10,19) [cpuhp/1] (root,0,0,00:00:00/27-11:11:10,20) [idle_inject/1] (root,0,0,00:00:10/27-11:11:10,21) [migration/1] (root,0,0,00:00:42/27-11:11:10,22) [ksoftirqd/1] (root,0,0,00:00:00/27-11:11:10,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-11:11:10,25) [cpuhp/2] (root,0,0,00:00:00/27-11:11:10,26) [idle_inject/2] (root,0,0,00:00:08/27-11:11:10,27) [migration/2] (root,0,0,00:51:23/27-11:11:10,28) [ksoftirqd/2] (root,0,0,00:00:00/27-11:11:10,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-11:11:10,31) [cpuhp/3] (root,0,0,00:00:00/27-11:11:10,32) [idle_inject/3] (root,0,0,00:00:10/27-11:11:10,33) [migration/3] (root,0,0,00:02:40/27-11:11:10,34) [ksoftirqd/3] (root,0,0,00:00:00/27-11:11:10,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-11:11:10,40) [kdevtmpfs] (root,0,0,00:00:00/27-11:11:10,41) [netns] (root,0,0,00:00:00/27-11:11:10,42) [inet_frag_wq] (root,0,0,00:00:09/27-11:11:10,43) [kauditd] (root,0,0,00:00:00/27-11:11:10,44) [khungtaskd] (root,0,0,00:00:00/27-11:11:10,45) [oom_reaper] (root,0,0,00:00:00/27-11:11:10,46) [writeback] (root,0,0,00:01:28/27-11:11:10,47) [kcompactd0] (root,0,0,00:00:00/27-11:11:10,48) [ksmd] (root,0,0,00:01:29/27-11:11:10,49) [khugepaged] (root,0,0,00:00:00/27-11:11:10,75) [kintegrityd] (root,0,0,00:00:00/27-11:11:10,76) [kblockd] (root,0,0,00:00:00/27-11:11:10,77) [blkcg_punt_bio] (root,0,0,00:00:00/27-11:11:10,79) [tpm_dev_wq] (root,0,0,00:00:00/27-11:11:10,80) [edac-poller] (root,0,0,00:00:00/27-11:11:10,81) [devfreq_wq] (root,0,0,00:00:00/27-11:11:10,110) [watchdogd] (root,0,0,00:00:02/27-11:11:10,111) [kswapd0] (root,0,0,00:00:07/27-11:11:10,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/27-11:11:08,115) [kthrotld] (root,0,0,00:00:00/27-11:11:08,116) [mld] (root,0,0,00:00:00/27-11:11:08,117) [ipv6_addrconf] (root,0,0,00:00:07/27-11:11:08,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-11:11:08,123) [kstrp] (root,0,0,00:00:00/27-11:11:08,124) [zswap-shrink] (root,0,0,00:00:00/27-11:11:08,125) [kworker/u9:0] (root,0,0,00:00:00/27-11:11:08,130) [charger_manager] (root,0,0,00:00:08/27-11:11:08,172) [kworker/1:1H-kblockd] (root,0,0,00:00:12/27-11:11:08,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/27-11:11:07,239) [kaluad] (root,0,0,00:00:00/27-11:11:07,258) [kmpath_rdacd] (root,0,0,00:00:00/27-11:11:07,304) [kmpathd] (root,0,0,00:00:00/27-11:11:07,305) [kmpath_handlerd] (root,0,0,00:00:00/27-11:11:06,342) [ata_sff] (root,0,0,00:00:00/27-11:11:06,343) [scsi_eh_0] (root,0,0,00:00:00/27-11:11:06,344) [scsi_tmf_0] (root,0,0,00:00:00/27-11:11:06,345) [scsi_eh_1] (root,0,0,00:00:00/27-11:11:06,346) [scsi_tmf_1] (root,0,0,00:00:55/27-11:11:03,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-11:11:03,367) [ext4-rsv-conver] (root,38604,7944,00:00:43/27-11:10:51,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/27-11:10:50,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:43/27-11:10:48,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:15/27-11:10:17,511) /sbin/auditd (messagebus,22932,5632,00:01:26/27-11:10:16,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8320,00:00:49/27-11:10:16,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/27-11:10:16,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/27-11:10:14,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/27-11:10:14,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/02:30:54,879) [kworker/u8:1-ext4-rsv-conversion] (root,548104,28512,00:00:32/27-11:10:00,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/27-11:10:00,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:47/27-11:10:00,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/27-11:10:00,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/27-11:10:00,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/27-11:10:00,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/27-11:10:00,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:41/27-11:10:00,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:03:59/27-11:10:00,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/27-11:10:00,1352) bpfilter_umh (root,26204,8128,00:00:13/27-11:10:00,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/27-11:10:00,1359) ntpd: asynchronous dns resolver (spot,296640,195176,1-17:06:46/27-11:09:59,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/27-11:09:59,1371) (sd-pam) (checkmk,48528,3192,00:00:00/27-11:09:59,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/27-11:09:59,1373) (sd-pam) (root,24216,5260,00:00:09/27-11:09:57,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:01/27-11:09:57,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/27-11:09:57,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/27-11:09:54,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:42/27-11:09:53,1527) sshd: syslogtunnel (root,693268,74056,00:37:58/27-11:09:51,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/17:00,1861) [kworker/0:2-events] (spot,219584,59116,00:15:32/27-11:09:39,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/26:17,2214) [kworker/2:2] (postfix,44628,9244,00:00:00/21-16:45:14,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/27-11:09:14,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:31/27-11:09:14,3218) sshd: cm-ssh (root,0,0,00:00:00/03:22,3983) [kworker/3:1-ata_sff] (root,0,0,00:00:00/38:26,6602) [kworker/2:0-events] (root,0,0,00:00:00/13:59,7994) [kworker/1:0-events] (root,0,0,00:00:00/37:06,8895) [kworker/u8:0-writeback] (root,6656,3484,00:00:00/00:00,16592) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,16610) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,16611) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/08:34,18000) [kworker/3:0-ata_sff] (root,0,0,00:00:00/07:54,20342) [kworker/0:1] (root,0,0,00:00:01/01:57:30,24222) [kworker/3:2-events] (postfix,24244,8264,00:00:00/28:49,28642) pickup -l -t fifo -u (root,0,0,00:00:00/47:42,30517) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/04:47,32123) [kworker/1:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-07 21:59 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363bbb42d52Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:10/25-12:07:57,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-12:07:57,2) [kthreadd] (root,0,0,00:00:00/25-12:07:57,3) [rcu_gp] (root,0,0,00:00:00/25-12:07:57,4) [rcu_par_gp] (root,0,0,00:00:00/25-12:07:57,5) [slub_flushwq] (root,0,0,00:00:00/25-12:07:57,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-12:07:57,9) [mm_percpu_wq] (root,0,0,00:00:00/25-12:07:57,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-12:07:57,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-12:07:57,12) [rcu_tasks_trace] (root,0,0,00:00:48/25-12:07:57,13) [ksoftirqd/0] (root,0,0,01:14:37/25-12:07:57,14) [rcu_preempt] (root,0,0,00:00:09/25-12:07:57,15) [migration/0] (root,0,0,00:00:00/25-12:07:57,16) [idle_inject/0] (root,0,0,00:00:00/25-12:07:57,18) [cpuhp/0] (root,0,0,00:00:00/25-12:07:57,19) [cpuhp/1] (root,0,0,00:00:00/25-12:07:57,20) [idle_inject/1] (root,0,0,00:00:09/25-12:07:57,21) [migration/1] (root,0,0,00:00:39/25-12:07:57,22) [ksoftirqd/1] (root,0,0,00:00:00/25-12:07:57,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-12:07:57,25) [cpuhp/2] (root,0,0,00:00:00/25-12:07:57,26) [idle_inject/2] (root,0,0,00:00:07/25-12:07:57,27) [migration/2] (root,0,0,00:48:45/25-12:07:57,28) [ksoftirqd/2] (root,0,0,00:00:00/25-12:07:57,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-12:07:57,31) [cpuhp/3] (root,0,0,00:00:00/25-12:07:57,32) [idle_inject/3] (root,0,0,00:00:09/25-12:07:57,33) [migration/3] (root,0,0,00:02:31/25-12:07:57,34) [ksoftirqd/3] (root,0,0,00:00:00/25-12:07:57,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-12:07:57,40) [kdevtmpfs] (root,0,0,00:00:00/25-12:07:57,41) [netns] (root,0,0,00:00:00/25-12:07:57,42) [inet_frag_wq] (root,0,0,00:00:08/25-12:07:57,43) [kauditd] (root,0,0,00:00:00/25-12:07:57,44) [khungtaskd] (root,0,0,00:00:00/25-12:07:57,45) [oom_reaper] (root,0,0,00:00:00/25-12:07:57,46) [writeback] (root,0,0,00:01:21/25-12:07:57,47) [kcompactd0] (root,0,0,00:00:00/25-12:07:57,48) [ksmd] (root,0,0,00:01:23/25-12:07:57,49) [khugepaged] (root,0,0,00:00:00/25-12:07:57,75) [kintegrityd] (root,0,0,00:00:00/25-12:07:57,76) [kblockd] (root,0,0,00:00:00/25-12:07:57,77) [blkcg_punt_bio] (root,0,0,00:00:00/25-12:07:57,79) [tpm_dev_wq] (root,0,0,00:00:00/25-12:07:57,80) [edac-poller] (root,0,0,00:00:00/25-12:07:57,81) [devfreq_wq] (root,0,0,00:00:00/25-12:07:57,110) [watchdogd] (root,0,0,00:00:01/25-12:07:57,111) [kswapd0] (root,0,0,00:00:07/25-12:07:57,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/25-12:07:55,115) [kthrotld] (root,0,0,00:00:00/25-12:07:55,116) [mld] (root,0,0,00:00:00/25-12:07:55,117) [ipv6_addrconf] (root,0,0,00:00:07/25-12:07:55,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-12:07:55,123) [kstrp] (root,0,0,00:00:00/25-12:07:55,124) [zswap-shrink] (root,0,0,00:00:00/25-12:07:55,125) [kworker/u9:0] (root,0,0,00:00:00/25-12:07:55,130) [charger_manager] (root,0,0,00:00:07/25-12:07:55,172) [kworker/1:1H-kblockd] (root,0,0,00:00:11/25-12:07:55,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/25-12:07:54,239) [kaluad] (root,0,0,00:00:00/25-12:07:54,258) [kmpath_rdacd] (root,0,0,00:00:00/25-12:07:54,304) [kmpathd] (root,0,0,00:00:00/25-12:07:54,305) [kmpath_handlerd] (root,0,0,00:00:00/25-12:07:53,342) [ata_sff] (root,0,0,00:00:00/25-12:07:53,343) [scsi_eh_0] (root,0,0,00:00:00/25-12:07:53,344) [scsi_tmf_0] (root,0,0,00:00:00/25-12:07:53,345) [scsi_eh_1] (root,0,0,00:00:00/25-12:07:53,346) [scsi_tmf_1] (root,0,0,00:00:51/25-12:07:50,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-12:07:50,367) [ext4-rsv-conver] (root,38604,7992,00:00:39/25-12:07:38,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:03/25-12:07:37,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:40/25-12:07:35,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:14/25-12:07:04,511) /sbin/auditd (messagebus,22932,5912,00:01:17/25-12:07:03,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:44/25-12:07:03,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/25-12:07:03,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/25-12:07:01,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/25-12:07:01,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29508,00:00:30/25-12:06:47,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/25-12:06:47,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:36/25-12:06:47,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/25-12:06:47,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/25-12:06:47,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/25-12:06:47,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/25-12:06:47,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:37/25-12:06:47,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:42/25-12:06:47,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/25-12:06:47,1352) bpfilter_umh (root,26204,8212,00:00:12/25-12:06:47,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/25-12:06:47,1359) ntpd: asynchronous dns resolver (spot,296480,191620,1-14:55:55/25-12:06:46,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/25-12:06:46,1371) (sd-pam) (checkmk,48528,3192,00:00:00/25-12:06:46,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/25-12:06:46,1373) (sd-pam) (root,24216,5268,00:00:09/25-12:06:44,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/25-12:06:44,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/25-12:06:44,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/25-12:06:41,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:34/25-12:06:40,1527) sshd: syslogtunnel (root,693268,73792,00:35:18/25-12:06:38,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,218560,57872,00:14:35/25-12:06:26,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/19-17:42:01,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/25-12:06:01,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:25/25-12:06:01,3218) sshd: cm-ssh (root,0,0,00:00:00/39:00,8745) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/29:29,11861) [kworker/u8:0] (root,0,0,00:00:00/02:49,16699) [kworker/2:2-events] (root,0,0,00:00:00/27:03,19952) [kworker/2:0-events] (root,0,0,00:00:00/51:03,20358) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/02:17,20657) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:06:37,21873) [kworker/1:0-events] (root,0,0,00:00:00/36:01,22480) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/16:10,22713) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/49:00,27643) [kworker/3:2-events] (root,0,0,00:00:00/07:30,28522) [kworker/3:1-ata_sff] (root,0,0,00:00:00/14:52,28674) [kworker/0:2-events] (root,6656,3492,00:00:00/00:00,30626) /bin/bash /usr/bin/check_mk_agent (root,13744,3364,00:00:00/00:00,30644) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,30645) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8204,00:00:00/06:36,32576) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-05 22:56 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d2d74c4cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12708,00:01:02/23-09:25:17,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-09:25:17,2) [kthreadd] (root,0,0,00:00:00/23-09:25:17,3) [rcu_gp] (root,0,0,00:00:00/23-09:25:17,4) [rcu_par_gp] (root,0,0,00:00:00/23-09:25:17,5) [slub_flushwq] (root,0,0,00:00:00/23-09:25:17,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-09:25:17,9) [mm_percpu_wq] (root,0,0,00:00:00/23-09:25:17,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-09:25:17,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-09:25:17,12) [rcu_tasks_trace] (root,0,0,00:00:44/23-09:25:17,13) [ksoftirqd/0] (root,0,0,01:08:40/23-09:25:17,14) [rcu_preempt] (root,0,0,00:00:08/23-09:25:17,15) [migration/0] (root,0,0,00:00:00/23-09:25:17,16) [idle_inject/0] (root,0,0,00:00:00/23-09:25:17,18) [cpuhp/0] (root,0,0,00:00:00/23-09:25:17,19) [cpuhp/1] (root,0,0,00:00:00/23-09:25:17,20) [idle_inject/1] (root,0,0,00:00:09/23-09:25:17,21) [migration/1] (root,0,0,00:00:36/23-09:25:17,22) [ksoftirqd/1] (root,0,0,00:00:00/23-09:25:17,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-09:25:17,25) [cpuhp/2] (root,0,0,00:00:00/23-09:25:17,26) [idle_inject/2] (root,0,0,00:00:06/23-09:25:17,27) [migration/2] (root,0,0,00:45:12/23-09:25:17,28) [ksoftirqd/2] (root,0,0,00:00:00/23-09:25:17,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-09:25:17,31) [cpuhp/3] (root,0,0,00:00:00/23-09:25:17,32) [idle_inject/3] (root,0,0,00:00:08/23-09:25:17,33) [migration/3] (root,0,0,00:02:20/23-09:25:17,34) [ksoftirqd/3] (root,0,0,00:00:00/23-09:25:17,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-09:25:17,40) [kdevtmpfs] (root,0,0,00:00:00/23-09:25:17,41) [netns] (root,0,0,00:00:00/23-09:25:17,42) [inet_frag_wq] (root,0,0,00:00:07/23-09:25:17,43) [kauditd] (root,0,0,00:00:00/23-09:25:17,44) [khungtaskd] (root,0,0,00:00:00/23-09:25:17,45) [oom_reaper] (root,0,0,00:00:00/23-09:25:17,46) [writeback] (root,0,0,00:01:15/23-09:25:17,47) [kcompactd0] (root,0,0,00:00:00/23-09:25:17,48) [ksmd] (root,0,0,00:01:16/23-09:25:17,49) [khugepaged] (root,0,0,00:00:00/23-09:25:17,75) [kintegrityd] (root,0,0,00:00:00/23-09:25:17,76) [kblockd] (root,0,0,00:00:00/23-09:25:17,77) [blkcg_punt_bio] (root,0,0,00:00:00/23-09:25:17,79) [tpm_dev_wq] (root,0,0,00:00:00/23-09:25:17,80) [edac-poller] (root,0,0,00:00:00/23-09:25:17,81) [devfreq_wq] (root,0,0,00:00:00/23-09:25:17,110) [watchdogd] (root,0,0,00:00:01/23-09:25:17,111) [kswapd0] (root,0,0,00:00:06/23-09:25:17,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/23-09:25:15,115) [kthrotld] (root,0,0,00:00:00/23-09:25:15,116) [mld] (root,0,0,00:00:00/23-09:25:15,117) [ipv6_addrconf] (root,0,0,00:00:06/23-09:25:15,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-09:25:15,123) [kstrp] (root,0,0,00:00:00/23-09:25:15,124) [zswap-shrink] (root,0,0,00:00:00/23-09:25:15,125) [kworker/u9:0] (root,0,0,00:00:00/23-09:25:15,130) [charger_manager] (root,0,0,00:00:07/23-09:25:15,172) [kworker/1:1H-kblockd] (root,0,0,00:00:10/23-09:25:15,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/23-09:25:14,239) [kaluad] (root,0,0,00:00:00/23-09:25:14,258) [kmpath_rdacd] (root,0,0,00:00:00/23-09:25:14,304) [kmpathd] (root,0,0,00:00:00/23-09:25:14,305) [kmpath_handlerd] (root,0,0,00:00:00/23-09:25:13,342) [ata_sff] (root,0,0,00:00:00/23-09:25:13,343) [scsi_eh_0] (root,0,0,00:00:00/23-09:25:13,344) [scsi_tmf_0] (root,0,0,00:00:00/23-09:25:13,345) [scsi_eh_1] (root,0,0,00:00:00/23-09:25:13,346) [scsi_tmf_1] (root,0,0,00:00:47/23-09:25:10,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-09:25:10,367) [ext4-rsv-conver] (root,38604,7992,00:00:34/23-09:24:58,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/23-09:24:57,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:37/23-09:24:55,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:12/23-09:24:24,511) /sbin/auditd (messagebus,22932,5912,00:01:07/23-09:24:23,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:38/23-09:24:23,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/23-09:24:23,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/23-09:24:21,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/23-09:24:21,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28468,00:00:27/23-09:24:07,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/23-09:24:07,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:23/23-09:24:07,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/23-09:24:07,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/23-09:24:07,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/23-09:24:07,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/23-09:24:07,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:33/23-09:24:07,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:23/23-09:24:07,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/23-09:24:07,1352) bpfilter_umh (root,26204,8212,00:00:10/23-09:24:07,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/23-09:24:07,1359) ntpd: asynchronous dns resolver (spot,291072,177864,1-12:20:39/23-09:24:06,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/23-09:24:06,1371) (sd-pam) (checkmk,48528,3192,00:00:00/23-09:24:06,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/23-09:24:06,1373) (sd-pam) (root,24216,5268,00:00:08/23-09:24:04,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/23-09:24:04,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/23-09:24:04,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/23-09:24:01,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:26/23-09:24:00,1527) sshd: syslogtunnel (root,692644,75216,00:32:21/23-09:23:58,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,56536,00:13:30/23-09:23:46,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/17-14:59:21,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/23-09:23:21,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:18/23-09:23:21,3218) sshd: cm-ssh (root,0,0,00:00:00/02:06:52,4562) [kworker/u8:0-writeback] (root,0,0,00:00:00/01:58:44,6029) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/01:35:41,10233) [kworker/2:2-events] (root,0,0,00:00:00/01:35:15,10234) [kworker/3:0-events] (root,0,0,00:00:00/07:03,10378) [kworker/3:2-ata_sff] (root,0,0,00:00:00/06:58,10556) [kworker/1:0-events] (postfix,24244,8252,00:00:00/01:05:53,14834) pickup -l -t fifo -u (root,0,0,00:00:00/03:07:47,16118) [kworker/0:0-events] (root,0,0,00:00:00/27:12,19667) [kworker/0:1-events] (root,0,0,00:00:00/15:37,22286) [kworker/2:0-events] (root,0,0,00:00:00/01:52,23794) [kworker/3:1-ata_sff] (root,0,0,00:00:00/12:45,25217) [kworker/1:2-cgroup_destroy] (root,6764,3604,00:00:00/00:00,30631) /bin/bash /usr/bin/check_mk_agent (root,6292,3124,00:00:00/00:00,30850) /bin/bash ././mk_inventory.linux (root,43084,22952,00:00:00/00:00,30854) rpm -qa --qf %{NAME}\t%{VERSION}\t%{ARCH}\trpm\t%{RELEASE}\t%{SUMMARY}\t-\n (root,6656,3488,00:00:00/00:00,31047) /bin/bash /usr/bin/check_mk_agent (root,13744,3496,00:00:00/00:00,31065) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,31066) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-03 20:14 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639cf3a596Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:54/21-10:47:44,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-10:47:44,2) [kthreadd] (root,0,0,00:00:00/21-10:47:44,3) [rcu_gp] (root,0,0,00:00:00/21-10:47:44,4) [rcu_par_gp] (root,0,0,00:00:00/21-10:47:44,5) [slub_flushwq] (root,0,0,00:00:00/21-10:47:44,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-10:47:44,9) [mm_percpu_wq] (root,0,0,00:00:00/21-10:47:44,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-10:47:44,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-10:47:44,12) [rcu_tasks_trace] (root,0,0,00:00:41/21-10:47:44,13) [ksoftirqd/0] (root,0,0,01:03:08/21-10:47:44,14) [rcu_preempt] (root,0,0,00:00:08/21-10:47:44,15) [migration/0] (root,0,0,00:00:00/21-10:47:44,16) [idle_inject/0] (root,0,0,00:00:00/21-10:47:44,18) [cpuhp/0] (root,0,0,00:00:00/21-10:47:44,19) [cpuhp/1] (root,0,0,00:00:00/21-10:47:44,20) [idle_inject/1] (root,0,0,00:00:08/21-10:47:44,21) [migration/1] (root,0,0,00:00:34/21-10:47:44,22) [ksoftirqd/1] (root,0,0,00:00:00/21-10:47:44,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-10:47:44,25) [cpuhp/2] (root,0,0,00:00:00/21-10:47:44,26) [idle_inject/2] (root,0,0,00:00:06/21-10:47:44,27) [migration/2] (root,0,0,00:42:26/21-10:47:44,28) [ksoftirqd/2] (root,0,0,00:00:00/21-10:47:44,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-10:47:44,31) [cpuhp/3] (root,0,0,00:00:00/21-10:47:44,32) [idle_inject/3] (root,0,0,00:00:07/21-10:47:44,33) [migration/3] (root,0,0,00:02:10/21-10:47:44,34) [ksoftirqd/3] (root,0,0,00:00:00/21-10:47:44,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-10:47:44,40) [kdevtmpfs] (root,0,0,00:00:00/21-10:47:44,41) [netns] (root,0,0,00:00:00/21-10:47:44,42) [inet_frag_wq] (root,0,0,00:00:06/21-10:47:44,43) [kauditd] (root,0,0,00:00:00/21-10:47:44,44) [khungtaskd] (root,0,0,00:00:00/21-10:47:44,45) [oom_reaper] (root,0,0,00:00:00/21-10:47:44,46) [writeback] (root,0,0,00:01:09/21-10:47:44,47) [kcompactd0] (root,0,0,00:00:00/21-10:47:44,48) [ksmd] (root,0,0,00:01:10/21-10:47:44,49) [khugepaged] (root,0,0,00:00:00/21-10:47:44,75) [kintegrityd] (root,0,0,00:00:00/21-10:47:44,76) [kblockd] (root,0,0,00:00:00/21-10:47:44,77) [blkcg_punt_bio] (root,0,0,00:00:00/21-10:47:44,79) [tpm_dev_wq] (root,0,0,00:00:00/21-10:47:44,80) [edac-poller] (root,0,0,00:00:00/21-10:47:44,81) [devfreq_wq] (root,0,0,00:00:00/21-10:47:44,110) [watchdogd] (root,0,0,00:00:01/21-10:47:44,111) [kswapd0] (root,0,0,00:00:05/21-10:47:44,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/21-10:47:42,115) [kthrotld] (root,0,0,00:00:00/21-10:47:42,116) [mld] (root,0,0,00:00:00/21-10:47:42,117) [ipv6_addrconf] (root,0,0,00:00:06/21-10:47:42,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-10:47:42,123) [kstrp] (root,0,0,00:00:00/21-10:47:42,124) [zswap-shrink] (root,0,0,00:00:00/21-10:47:42,125) [kworker/u9:0] (root,0,0,00:00:00/21-10:47:42,130) [charger_manager] (root,0,0,00:00:06/21-10:47:42,172) [kworker/1:1H-kblockd] (root,0,0,00:00:09/21-10:47:42,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/21-10:47:41,239) [kaluad] (root,0,0,00:00:00/21-10:47:41,258) [kmpath_rdacd] (root,0,0,00:00:00/21-10:47:41,304) [kmpathd] (root,0,0,00:00:00/21-10:47:41,305) [kmpath_handlerd] (root,0,0,00:00:00/21-10:47:40,342) [ata_sff] (root,0,0,00:00:00/21-10:47:40,343) [scsi_eh_0] (root,0,0,00:00:00/21-10:47:40,344) [scsi_tmf_0] (root,0,0,00:00:00/21-10:47:40,345) [scsi_eh_1] (root,0,0,00:00:00/21-10:47:40,346) [scsi_tmf_1] (root,0,0,00:00:43/21-10:47:37,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-10:47:37,367) [ext4-rsv-conver] (root,38604,7992,00:00:30/21-10:47:25,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/21-10:47:24,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:34/21-10:47:22,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:10/21-10:46:51,511) /sbin/auditd (messagebus,22932,5912,00:00:57/21-10:46:50,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:33/21-10:46:50,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/21-10:46:50,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/21-10:46:48,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/21-10:46:48,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28468,00:00:25/21-10:46:34,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/21-10:46:34,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:13/21-10:46:34,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/21-10:46:34,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/21-10:46:34,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/21-10:46:34,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/21-10:46:34,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:29/21-10:46:34,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:07/21-10:46:34,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/21-10:46:34,1352) bpfilter_umh (root,26204,8212,00:00:08/21-10:46:34,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/21-10:46:34,1359) ntpd: asynchronous dns resolver (spot,312620,199180,1-09:47:27/21-10:46:33,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/21-10:46:33,1371) (sd-pam) (checkmk,48528,3192,00:00:00/21-10:46:33,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/21-10:46:33,1373) (sd-pam) (root,24216,5268,00:00:07/21-10:46:31,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/21-10:46:31,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/21-10:46:31,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/21-10:46:28,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:19/21-10:46:27,1527) sshd: syslogtunnel (root,692388,72908,00:29:40/21-10:46:25,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,215488,54944,00:12:29/21-10:46:13,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/02:15:41,2406) [kworker/3:2-events] (postfix,44628,9292,00:00:00/15-16:21:48,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/21-10:45:48,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:11/21-10:45:48,3218) sshd: cm-ssh (root,0,0,00:00:00/01:04:03,3830) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/01:12:37,5153) [kworker/1:0-events] (root,0,0,00:00:00/52:45,6042) [kworker/1:2] (root,0,0,00:00:00/07:03,6565) [kworker/0:0] (root,0,0,00:00:00/06:21,9313) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/05:58,9708) [kworker/3:1-ata_sff] (postfix,24244,8172,00:00:00/01:10:10,11110) pickup -l -t fifo -u (root,0,0,00:00:00/01:18:14,17228) [kworker/0:1-events] (root,0,0,00:00:00/01:25,22368) [kworker/2:0-events] (root,0,0,00:00:00/00:48,24031) [kworker/3:0-ata_sff] (root,0,0,00:00:00/12:41,25836) [kworker/2:1-cgroup_destroy] (root,6656,3492,00:00:00/00:00,28316) /bin/bash /usr/bin/check_mk_agent (root,13744,3400,00:00:00/00:00,28334) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,28335) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:26:19,29790) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-01 21:36 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836346030c0fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:44/19-12:22:21,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-12:22:21,2) [kthreadd] (root,0,0,00:00:00/19-12:22:21,3) [rcu_gp] (root,0,0,00:00:00/19-12:22:21,4) [rcu_par_gp] (root,0,0,00:00:00/19-12:22:21,5) [slub_flushwq] (root,0,0,00:00:00/19-12:22:21,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-12:22:21,9) [mm_percpu_wq] (root,0,0,00:00:00/19-12:22:21,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-12:22:21,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-12:22:21,12) [rcu_tasks_trace] (root,0,0,00:00:37/19-12:22:21,13) [ksoftirqd/0] (root,0,0,00:57:15/19-12:22:21,14) [rcu_preempt] (root,0,0,00:00:07/19-12:22:21,15) [migration/0] (root,0,0,00:00:00/19-12:22:21,16) [idle_inject/0] (root,0,0,00:00:00/19-12:22:21,18) [cpuhp/0] (root,0,0,00:00:00/19-12:22:21,19) [cpuhp/1] (root,0,0,00:00:00/19-12:22:21,20) [idle_inject/1] (root,0,0,00:00:07/19-12:22:21,21) [migration/1] (root,0,0,00:00:31/19-12:22:21,22) [ksoftirqd/1] (root,0,0,00:00:00/19-12:22:21,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-12:22:21,25) [cpuhp/2] (root,0,0,00:00:00/19-12:22:21,26) [idle_inject/2] (root,0,0,00:00:05/19-12:22:21,27) [migration/2] (root,0,0,00:39:12/19-12:22:21,28) [ksoftirqd/2] (root,0,0,00:00:00/19-12:22:21,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-12:22:21,31) [cpuhp/3] (root,0,0,00:00:00/19-12:22:21,32) [idle_inject/3] (root,0,0,00:00:07/19-12:22:21,33) [migration/3] (root,0,0,00:01:59/19-12:22:21,34) [ksoftirqd/3] (root,0,0,00:00:00/19-12:22:21,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-12:22:21,40) [kdevtmpfs] (root,0,0,00:00:00/19-12:22:21,41) [netns] (root,0,0,00:00:00/19-12:22:21,42) [inet_frag_wq] (root,0,0,00:00:05/19-12:22:21,43) [kauditd] (root,0,0,00:00:00/19-12:22:21,44) [khungtaskd] (root,0,0,00:00:00/19-12:22:21,45) [oom_reaper] (root,0,0,00:00:00/19-12:22:21,46) [writeback] (root,0,0,00:01:02/19-12:22:21,47) [kcompactd0] (root,0,0,00:00:00/19-12:22:21,48) [ksmd] (root,0,0,00:01:03/19-12:22:21,49) [khugepaged] (root,0,0,00:00:00/19-12:22:21,75) [kintegrityd] (root,0,0,00:00:00/19-12:22:21,76) [kblockd] (root,0,0,00:00:00/19-12:22:21,77) [blkcg_punt_bio] (root,0,0,00:00:00/19-12:22:21,79) [tpm_dev_wq] (root,0,0,00:00:00/19-12:22:21,80) [edac-poller] (root,0,0,00:00:00/19-12:22:21,81) [devfreq_wq] (root,0,0,00:00:00/19-12:22:21,110) [watchdogd] (root,0,0,00:00:01/19-12:22:21,111) [kswapd0] (root,0,0,00:00:05/19-12:22:21,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/19-12:22:19,115) [kthrotld] (root,0,0,00:00:00/19-12:22:19,116) [mld] (root,0,0,00:00:00/19-12:22:19,117) [ipv6_addrconf] (root,0,0,00:00:05/19-12:22:19,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-12:22:19,123) [kstrp] (root,0,0,00:00:00/19-12:22:19,124) [zswap-shrink] (root,0,0,00:00:00/19-12:22:19,125) [kworker/u9:0] (root,0,0,00:00:00/19-12:22:19,130) [charger_manager] (root,0,0,00:00:05/19-12:22:19,172) [kworker/1:1H-kblockd] (root,0,0,00:00:09/19-12:22:19,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/19-12:22:18,239) [kaluad] (root,0,0,00:00:00/19-12:22:18,258) [kmpath_rdacd] (root,0,0,00:00:00/19-12:22:18,304) [kmpathd] (root,0,0,00:00:00/19-12:22:18,305) [kmpath_handlerd] (root,0,0,00:00:00/19-12:22:17,342) [ata_sff] (root,0,0,00:00:00/19-12:22:17,343) [scsi_eh_0] (root,0,0,00:00:00/19-12:22:17,344) [scsi_tmf_0] (root,0,0,00:00:00/19-12:22:17,345) [scsi_eh_1] (root,0,0,00:00:00/19-12:22:17,346) [scsi_tmf_1] (root,0,0,00:00:38/19-12:22:14,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-12:22:14,367) [ext4-rsv-conver] (root,38604,7616,00:00:25/19-12:22:02,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/19-12:22:01,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:31/19-12:21:59,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:08/19-12:21:28,511) /sbin/auditd (messagebus,22932,5912,00:00:45/19-12:21:27,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:26/19-12:21:27,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/19-12:21:27,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/19-12:21:25,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/19-12:21:25,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:23/19-12:21:11,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/19-12:21:11,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:04/19-12:21:11,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/19-12:21:11,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/19-12:21:11,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/19-12:21:11,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/19-12:21:11,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:25/19-12:21:11,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:49/19-12:21:11,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/19-12:21:11,1352) bpfilter_umh (root,26204,8212,00:00:07/19-12:21:11,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/19-12:21:11,1359) ntpd: asynchronous dns resolver (spot,314988,199796,1-07:03:47/19-12:21:10,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/19-12:21:10,1371) (sd-pam) (checkmk,48528,3192,00:00:00/19-12:21:10,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/19-12:21:10,1373) (sd-pam) (root,24216,5268,00:00:06/19-12:21:08,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/19-12:21:08,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/19-12:21:08,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/19-12:21:05,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:10/19-12:21:04,1527) sshd: syslogtunnel (root,618656,71492,00:26:54/19-12:21:02,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/32:38,1678) [kworker/3:1-events] (spot,215488,53708,00:11:19/19-12:20:50,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/13-17:56:25,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/19-12:20:25,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:04/19-12:20:25,3218) sshd: cm-ssh (root,0,0,00:00:00/15:03,4244) [kworker/0:0-events] (root,0,0,00:00:00/12:39,10508) [kworker/2:2-events] (root,0,0,00:00:01/02:33:05,12961) [kworker/2:0-events] (root,0,0,00:00:00/10:57,14005) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/02:04,15979) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/01:10:32,17258) [kworker/1:0-events] (root,0,0,00:00:00/01:31,17975) [kworker/3:0-ata_sff] (root,0,0,00:00:00/08:07,24912) [kworker/1:1-events] (root,6656,3504,00:00:00/00:00,25054) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,25072) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,25073) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:27:02,25296) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/06:41,28501) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:46:36,29670) [kworker/0:2-events] (postfix,24244,8268,00:00:00/01:25:37,29784) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-29 23:11 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d3f77591Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:32/17-11:07:26,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-11:07:26,2) [kthreadd] (root,0,0,00:00:00/17-11:07:26,3) [rcu_gp] (root,0,0,00:00:00/17-11:07:26,4) [rcu_par_gp] (root,0,0,00:00:00/17-11:07:26,5) [slub_flushwq] (root,0,0,00:00:00/17-11:07:26,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-11:07:26,9) [mm_percpu_wq] (root,0,0,00:00:00/17-11:07:26,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-11:07:26,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-11:07:26,12) [rcu_tasks_trace] (root,0,0,00:00:32/17-11:07:26,13) [ksoftirqd/0] (root,0,0,00:50:07/17-11:07:26,14) [rcu_preempt] (root,0,0,00:00:06/17-11:07:26,15) [migration/0] (root,0,0,00:00:00/17-11:07:26,16) [idle_inject/0] (root,0,0,00:00:00/17-11:07:26,18) [cpuhp/0] (root,0,0,00:00:00/17-11:07:26,19) [cpuhp/1] (root,0,0,00:00:00/17-11:07:26,20) [idle_inject/1] (root,0,0,00:00:06/17-11:07:26,21) [migration/1] (root,0,0,00:00:27/17-11:07:26,22) [ksoftirqd/1] (root,0,0,00:00:00/17-11:07:26,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-11:07:26,25) [cpuhp/2] (root,0,0,00:00:00/17-11:07:26,26) [idle_inject/2] (root,0,0,00:00:05/17-11:07:26,27) [migration/2] (root,0,0,00:33:28/17-11:07:26,28) [ksoftirqd/2] (root,0,0,00:00:00/17-11:07:26,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-11:07:26,31) [cpuhp/3] (root,0,0,00:00:00/17-11:07:26,32) [idle_inject/3] (root,0,0,00:00:06/17-11:07:26,33) [migration/3] (root,0,0,00:01:40/17-11:07:26,34) [ksoftirqd/3] (root,0,0,00:00:00/17-11:07:26,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-11:07:26,40) [kdevtmpfs] (root,0,0,00:00:00/17-11:07:26,41) [netns] (root,0,0,00:00:00/17-11:07:26,42) [inet_frag_wq] (root,0,0,00:00:03/17-11:07:26,43) [kauditd] (root,0,0,00:00:00/17-11:07:26,44) [khungtaskd] (root,0,0,00:00:00/17-11:07:26,45) [oom_reaper] (root,0,0,00:00:00/17-11:07:26,46) [writeback] (root,0,0,00:00:54/17-11:07:26,47) [kcompactd0] (root,0,0,00:00:00/17-11:07:26,48) [ksmd] (root,0,0,00:00:56/17-11:07:26,49) [khugepaged] (root,0,0,00:00:00/17-11:07:26,75) [kintegrityd] (root,0,0,00:00:00/17-11:07:26,76) [kblockd] (root,0,0,00:00:00/17-11:07:26,77) [blkcg_punt_bio] (root,0,0,00:00:00/17-11:07:26,79) [tpm_dev_wq] (root,0,0,00:00:00/17-11:07:26,80) [edac-poller] (root,0,0,00:00:00/17-11:07:26,81) [devfreq_wq] (root,0,0,00:00:00/17-11:07:26,110) [watchdogd] (root,0,0,00:00:01/17-11:07:26,111) [kswapd0] (root,0,0,00:00:04/17-11:07:26,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/17-11:07:24,115) [kthrotld] (root,0,0,00:00:00/17-11:07:24,116) [mld] (root,0,0,00:00:00/17-11:07:24,117) [ipv6_addrconf] (root,0,0,00:00:04/17-11:07:24,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-11:07:24,123) [kstrp] (root,0,0,00:00:00/17-11:07:24,124) [zswap-shrink] (root,0,0,00:00:00/17-11:07:24,125) [kworker/u9:0] (root,0,0,00:00:00/17-11:07:24,130) [charger_manager] (root,0,0,00:00:05/17-11:07:24,172) [kworker/1:1H-kblockd] (root,0,0,00:00:07/17-11:07:24,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/17-11:07:23,239) [kaluad] (root,0,0,00:00:00/17-11:07:23,258) [kmpath_rdacd] (root,0,0,00:00:00/17-11:07:23,304) [kmpathd] (root,0,0,00:00:00/17-11:07:23,305) [kmpath_handlerd] (root,0,0,00:00:00/17-11:07:22,342) [ata_sff] (root,0,0,00:00:00/17-11:07:22,343) [scsi_eh_0] (root,0,0,00:00:00/17-11:07:22,344) [scsi_tmf_0] (root,0,0,00:00:00/17-11:07:22,345) [scsi_eh_1] (root,0,0,00:00:00/17-11:07:22,346) [scsi_tmf_1] (root,0,0,00:00:34/17-11:07:19,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-11:07:19,367) [ext4-rsv-conver] (root,38604,7616,00:00:19/17-11:07:07,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/17-11:07:06,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:27/17-11:07:04,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:06/17-11:06:33,511) /sbin/auditd (messagebus,22932,5912,00:00:31/17-11:06:32,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:18/17-11:06:32,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/17-11:06:32,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/17-11:06:30,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/17-11:06:30,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:20/17-11:06:16,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/17-11:06:16,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:49/17-11:06:16,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/17-11:06:16,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/17-11:06:16,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/17-11:06:16,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/17-11:06:16,1343) /usr/lib/systemd/systemd --user (root,448964,9120,00:00:19/17-11:06:16,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:29/17-11:06:16,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/17-11:06:16,1352) bpfilter_umh (root,26204,8212,00:00:04/17-11:06:16,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/17-11:06:16,1359) ntpd: asynchronous dns resolver (spot,315308,199876,1-02:53:17/17-11:06:15,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/17-11:06:15,1371) (sd-pam) (checkmk,48528,3192,00:00:00/17-11:06:15,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/17-11:06:15,1373) (sd-pam) (root,24216,5268,00:00:06/17-11:06:13,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/17-11:06:13,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/17-11:06:13,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/17-11:06:10,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:01/17-11:06:09,1527) sshd: syslogtunnel (root,618256,71104,00:23:51/17-11:06:07,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,213440,51668,00:09:59/17-11:05:55,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/11-16:41:30,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/17-11:05:30,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:57/17-11:05:30,3218) sshd: cm-ssh (root,6656,3484,00:00:00/00:00,4119) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,4137) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,4138) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/10:08,5463) [kworker/2:2] (root,0,0,00:00:00/08:17,7798) [kworker/3:1-ata_sff] (root,0,0,00:00:00/35:45,8974) [kworker/0:2] (root,0,0,00:00:00/25:38,12175) [kworker/u8:2-writeback] (root,0,0,00:00:00/17:06,14908) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/17:06,14912) [kworker/1:2] (root,0,0,00:00:00/01:30:09,15458) [kworker/0:1-events] (postfix,24244,8324,00:00:00/32:39,18468) pickup -l -t fifo -u (root,0,0,00:00:00/01:28:00,19474) [kworker/2:0-events] (root,0,0,00:00:00/03:05,25591) [kworker/3:2-ata_sff] (root,0,0,00:00:01/03:28:26,27733) [kworker/1:0-events] (root,0,0,00:00:00/29:02,29544) [kworker/3:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-27 21:56 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836359244a1eFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:23/15-11:28:14,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-11:28:14,2) [kthreadd] (root,0,0,00:00:00/15-11:28:14,3) [rcu_gp] (root,0,0,00:00:00/15-11:28:14,4) [rcu_par_gp] (root,0,0,00:00:00/15-11:28:14,5) [slub_flushwq] (root,0,0,00:00:00/15-11:28:14,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-11:28:14,9) [mm_percpu_wq] (root,0,0,00:00:00/15-11:28:14,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-11:28:14,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-11:28:14,12) [rcu_tasks_trace] (root,0,0,00:00:27/15-11:28:14,13) [ksoftirqd/0] (root,0,0,00:43:21/15-11:28:14,14) [rcu_preempt] (root,0,0,00:00:05/15-11:28:14,15) [migration/0] (root,0,0,00:00:00/15-11:28:14,16) [idle_inject/0] (root,0,0,00:00:00/15-11:28:14,18) [cpuhp/0] (root,0,0,00:00:00/15-11:28:14,19) [cpuhp/1] (root,0,0,00:00:00/15-11:28:14,20) [idle_inject/1] (root,0,0,00:00:06/15-11:28:14,21) [migration/1] (root,0,0,00:00:23/15-11:28:14,22) [ksoftirqd/1] (root,0,0,00:00:00/15-11:28:14,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-11:28:14,25) [cpuhp/2] (root,0,0,00:00:00/15-11:28:14,26) [idle_inject/2] (root,0,0,00:00:04/15-11:28:14,27) [migration/2] (root,0,0,00:28:15/15-11:28:14,28) [ksoftirqd/2] (root,0,0,00:00:00/15-11:28:14,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-11:28:14,31) [cpuhp/3] (root,0,0,00:00:00/15-11:28:14,32) [idle_inject/3] (root,0,0,00:00:05/15-11:28:14,33) [migration/3] (root,0,0,00:01:23/15-11:28:14,34) [ksoftirqd/3] (root,0,0,00:00:00/15-11:28:14,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-11:28:14,40) [kdevtmpfs] (root,0,0,00:00:00/15-11:28:14,41) [netns] (root,0,0,00:00:00/15-11:28:14,42) [inet_frag_wq] (root,0,0,00:00:01/15-11:28:14,43) [kauditd] (root,0,0,00:00:00/15-11:28:14,44) [khungtaskd] (root,0,0,00:00:00/15-11:28:14,45) [oom_reaper] (root,0,0,00:00:00/15-11:28:14,46) [writeback] (root,0,0,00:00:47/15-11:28:14,47) [kcompactd0] (root,0,0,00:00:00/15-11:28:14,48) [ksmd] (root,0,0,00:00:50/15-11:28:14,49) [khugepaged] (root,0,0,00:00:00/15-11:28:14,75) [kintegrityd] (root,0,0,00:00:00/15-11:28:14,76) [kblockd] (root,0,0,00:00:00/15-11:28:14,77) [blkcg_punt_bio] (root,0,0,00:00:00/15-11:28:14,79) [tpm_dev_wq] (root,0,0,00:00:00/15-11:28:14,80) [edac-poller] (root,0,0,00:00:00/15-11:28:14,81) [devfreq_wq] (root,0,0,00:00:00/15-11:28:14,110) [watchdogd] (root,0,0,00:00:01/15-11:28:14,111) [kswapd0] (root,0,0,00:00:04/15-11:28:14,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/15-11:28:12,115) [kthrotld] (root,0,0,00:00:00/15-11:28:12,116) [mld] (root,0,0,00:00:00/15-11:28:12,117) [ipv6_addrconf] (root,0,0,00:00:04/15-11:28:12,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-11:28:12,123) [kstrp] (root,0,0,00:00:00/15-11:28:12,124) [zswap-shrink] (root,0,0,00:00:00/15-11:28:12,125) [kworker/u9:0] (root,0,0,00:00:00/15-11:28:12,130) [charger_manager] (root,0,0,00:00:04/15-11:28:12,172) [kworker/1:1H-kblockd] (root,0,0,00:00:06/15-11:28:12,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/15-11:28:11,239) [kaluad] (root,0,0,00:00:00/15-11:28:11,258) [kmpath_rdacd] (root,0,0,00:00:00/15-11:28:11,304) [kmpathd] (root,0,0,00:00:00/15-11:28:11,305) [kmpath_handlerd] (root,0,0,00:00:00/15-11:28:10,342) [ata_sff] (root,0,0,00:00:00/15-11:28:10,343) [scsi_eh_0] (root,0,0,00:00:00/15-11:28:10,344) [scsi_tmf_0] (root,0,0,00:00:00/15-11:28:10,345) [scsi_eh_1] (root,0,0,00:00:00/15-11:28:10,346) [scsi_tmf_1] (root,0,0,00:00:29/15-11:28:07,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-11:28:07,367) [ext4-rsv-conver] (root,38604,7616,00:00:14/15-11:27:55,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/15-11:27:54,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:24/15-11:27:52,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:04/15-11:27:21,511) /sbin/auditd (messagebus,22932,5912,00:00:18/15-11:27:20,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:11/15-11:27:20,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/15-11:27:20,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/15-11:27:18,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/15-11:27:18,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26432,00:00:18/15-11:27:04,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/15-11:27:04,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:36/15-11:27:04,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/15-11:27:04,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/15-11:27:04,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/15-11:27:04,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/15-11:27:04,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:14/15-11:27:04,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:11/15-11:27:04,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/15-11:27:04,1352) bpfilter_umh (root,26204,8212,00:00:03/15-11:27:04,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/15-11:27:04,1359) ntpd: asynchronous dns resolver (spot,314588,199696,22:16:36/15-11:27:03,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/15-11:27:03,1371) (sd-pam) (checkmk,48528,3192,00:00:00/15-11:27:03,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/15-11:27:03,1373) (sd-pam) (root,24216,5268,00:00:05/15-11:27:01,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/15-11:27:01,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/15-11:27:01,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/15-11:26:58,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:53/15-11:26:57,1527) sshd: syslogtunnel (root,617868,72916,00:20:59/15-11:26:55,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,49860,00:08:42/15-11:26:43,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/44:59,2076) [kworker/2:0-events] (postfix,44628,9336,00:00:00/9-17:02:18,2557) tlsmgr -l -t unix -u (root,0,0,00:00:01/03:51:51,2845) [kworker/0:2-events] (root,35308,10108,00:00:00/15-11:26:18,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:50/15-11:26:18,3218) sshd: cm-ssh (root,0,0,00:00:01/02:05:14,3282) [kworker/3:1-events] (root,0,0,00:00:00/03:26:57,6932) [kworker/2:2-events] (root,0,0,00:00:00/31:28,9961) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/15:50,11304) [kworker/1:1-events] (root,0,0,00:00:00/07:21,12292) [kworker/1:2] (postfix,24244,8228,00:00:00/01:15:17,16017) pickup -l -t fifo -u (root,0,0,00:00:00/05:54,17827) [kworker/3:2-ata_sff] (root,0,0,00:00:00/07:35:21,21313) [kworker/0:0-events] (root,0,0,00:00:00/39:09,22921) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/00:42,25054) [kworker/3:0-ata_sff] (root,6656,3480,00:00:00/00:00,26685) /bin/bash /usr/bin/check_mk_agent (root,13744,3512,00:00:00/00:00,26703) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,26704) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-25 22:16 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c053f3e5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:20/13-12:46:10,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-12:46:10,2) [kthreadd] (root,0,0,00:00:00/13-12:46:10,3) [rcu_gp] (root,0,0,00:00:00/13-12:46:10,4) [rcu_par_gp] (root,0,0,00:00:00/13-12:46:10,5) [slub_flushwq] (root,0,0,00:00:00/13-12:46:10,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-12:46:10,9) [mm_percpu_wq] (root,0,0,00:00:00/13-12:46:10,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-12:46:10,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-12:46:10,12) [rcu_tasks_trace] (root,0,0,00:00:24/13-12:46:10,13) [ksoftirqd/0] (root,0,0,00:37:16/13-12:46:10,14) [rcu_preempt] (root,0,0,00:00:05/13-12:46:10,15) [migration/0] (root,0,0,00:00:00/13-12:46:10,16) [idle_inject/0] (root,0,0,00:00:00/13-12:46:10,18) [cpuhp/0] (root,0,0,00:00:00/13-12:46:10,19) [cpuhp/1] (root,0,0,00:00:00/13-12:46:10,20) [idle_inject/1] (root,0,0,00:00:05/13-12:46:10,21) [migration/1] (root,0,0,00:00:20/13-12:46:10,22) [ksoftirqd/1] (root,0,0,00:00:00/13-12:46:10,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-12:46:10,25) [cpuhp/2] (root,0,0,00:00:00/13-12:46:10,26) [idle_inject/2] (root,0,0,00:00:03/13-12:46:10,27) [migration/2] (root,0,0,00:24:36/13-12:46:10,28) [ksoftirqd/2] (root,0,0,00:00:00/13-12:46:10,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-12:46:10,31) [cpuhp/3] (root,0,0,00:00:00/13-12:46:10,32) [idle_inject/3] (root,0,0,00:00:04/13-12:46:10,33) [migration/3] (root,0,0,00:01:11/13-12:46:10,34) [ksoftirqd/3] (root,0,0,00:00:00/13-12:46:10,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-12:46:10,40) [kdevtmpfs] (root,0,0,00:00:00/13-12:46:10,41) [netns] (root,0,0,00:00:00/13-12:46:10,42) [inet_frag_wq] (root,0,0,00:00:01/13-12:46:10,43) [kauditd] (root,0,0,00:00:00/13-12:46:10,44) [khungtaskd] (root,0,0,00:00:00/13-12:46:10,45) [oom_reaper] (root,0,0,00:00:00/13-12:46:10,46) [writeback] (root,0,0,00:00:41/13-12:46:10,47) [kcompactd0] (root,0,0,00:00:00/13-12:46:10,48) [ksmd] (root,0,0,00:00:44/13-12:46:10,49) [khugepaged] (root,0,0,00:00:00/13-12:46:10,75) [kintegrityd] (root,0,0,00:00:00/13-12:46:10,76) [kblockd] (root,0,0,00:00:00/13-12:46:10,77) [blkcg_punt_bio] (root,0,0,00:00:00/13-12:46:10,79) [tpm_dev_wq] (root,0,0,00:00:00/13-12:46:10,80) [edac-poller] (root,0,0,00:00:00/13-12:46:10,81) [devfreq_wq] (root,0,0,00:00:00/13-12:46:10,110) [watchdogd] (root,0,0,00:00:01/13-12:46:10,111) [kswapd0] (root,0,0,00:00:03/13-12:46:10,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/13-12:46:08,115) [kthrotld] (root,0,0,00:00:00/13-12:46:08,116) [mld] (root,0,0,00:00:00/13-12:46:08,117) [ipv6_addrconf] (root,0,0,00:00:03/13-12:46:08,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-12:46:08,123) [kstrp] (root,0,0,00:00:00/13-12:46:08,124) [zswap-shrink] (root,0,0,00:00:00/13-12:46:08,125) [kworker/u9:0] (root,0,0,00:00:00/13-12:46:08,130) [charger_manager] (root,0,0,00:00:04/13-12:46:08,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/13-12:46:08,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/13-12:46:07,239) [kaluad] (root,0,0,00:00:00/13-12:46:07,258) [kmpath_rdacd] (root,0,0,00:00:00/13-12:46:07,304) [kmpathd] (root,0,0,00:00:00/13-12:46:07,305) [kmpath_handlerd] (root,0,0,00:00:00/13-12:46:06,342) [ata_sff] (root,0,0,00:00:00/13-12:46:06,343) [scsi_eh_0] (root,0,0,00:00:00/13-12:46:06,344) [scsi_tmf_0] (root,0,0,00:00:00/13-12:46:06,345) [scsi_eh_1] (root,0,0,00:00:00/13-12:46:06,346) [scsi_tmf_1] (root,0,0,00:00:25/13-12:46:03,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-12:46:03,367) [ext4-rsv-conver] (root,38604,7616,00:00:12/13-12:45:51,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/13-12:45:50,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:20/13-12:45:48,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/13-12:45:17,511) /sbin/auditd (messagebus,22932,5912,00:00:16/13-12:45:16,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:10/13-12:45:16,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/13-12:45:16,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/13-12:45:14,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/13-12:45:14,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26172,00:00:15/13-12:45:00,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/13-12:45:00,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:25/13-12:45:00,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/13-12:45:00,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/13-12:45:00,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/13-12:45:00,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/13-12:45:00,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:13/13-12:45:00,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:54/13-12:45:00,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/13-12:45:00,1352) bpfilter_umh (root,26204,8212,00:00:02/13-12:45:00,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/13-12:45:00,1359) ntpd: asynchronous dns resolver (spot,305452,189732,18:42:05/13-12:44:59,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/13-12:44:59,1371) (sd-pam) (checkmk,48528,3192,00:00:00/13-12:44:59,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/13-12:44:59,1373) (sd-pam) (root,24216,5268,00:00:04/13-12:44:57,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/13-12:44:57,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/13-12:44:57,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/13-12:44:54,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:46/13-12:44:53,1527) sshd: syslogtunnel (root,617868,72668,00:18:14/13-12:44:51,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,48316,00:07:29/13-12:44:39,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/7-18:20:14,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/13-12:44:14,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:43/13-12:44:14,3218) sshd: cm-ssh (root,0,0,00:00:00/01:27:52,5639) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/01:34,14597) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:01/01:52:25,14919) [kworker/1:0-events] (root,0,0,00:00:00/26:30,15077) [kworker/0:0-events] (root,0,0,00:00:00/15:52,15998) [kworker/3:2-events] (root,0,0,00:00:00/02:41:03,16390) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/00:19,18365) [kworker/3:1-ata_sff] (root,6656,3488,00:00:00/00:00,19728) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,19746) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,19747) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:40:16,21914) [kworker/1:1-cgroup_destroy] (root,0,0,00:00:00/24:22,22455) [kworker/u8:0-ext4-rsv-conversion] (postfix,24244,8228,00:00:00/01:15:06,24772) pickup -l -t fifo -u (root,0,0,00:00:01/02:29:24,25621) [kworker/2:0-events] (root,0,0,00:00:00/05:29,28943) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:03:36,29874) [kworker/0:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-23 23:34 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836385a5ee34Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:18/11-12:25:18,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-12:25:18,2) [kthreadd] (root,0,0,00:00:00/11-12:25:18,3) [rcu_gp] (root,0,0,00:00:00/11-12:25:18,4) [rcu_par_gp] (root,0,0,00:00:00/11-12:25:18,5) [slub_flushwq] (root,0,0,00:00:00/11-12:25:18,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-12:25:18,9) [mm_percpu_wq] (root,0,0,00:00:00/11-12:25:18,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-12:25:18,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-12:25:18,12) [rcu_tasks_trace] (root,0,0,00:00:20/11-12:25:18,13) [ksoftirqd/0] (root,0,0,00:31:39/11-12:25:18,14) [rcu_preempt] (root,0,0,00:00:04/11-12:25:18,15) [migration/0] (root,0,0,00:00:00/11-12:25:18,16) [idle_inject/0] (root,0,0,00:00:00/11-12:25:18,18) [cpuhp/0] (root,0,0,00:00:00/11-12:25:18,19) [cpuhp/1] (root,0,0,00:00:00/11-12:25:18,20) [idle_inject/1] (root,0,0,00:00:04/11-12:25:18,21) [migration/1] (root,0,0,00:00:17/11-12:25:18,22) [ksoftirqd/1] (root,0,0,00:00:00/11-12:25:18,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-12:25:18,25) [cpuhp/2] (root,0,0,00:00:00/11-12:25:18,26) [idle_inject/2] (root,0,0,00:00:03/11-12:25:18,27) [migration/2] (root,0,0,00:21:05/11-12:25:18,28) [ksoftirqd/2] (root,0,0,00:00:00/11-12:25:18,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-12:25:18,31) [cpuhp/3] (root,0,0,00:00:00/11-12:25:18,32) [idle_inject/3] (root,0,0,00:00:04/11-12:25:18,33) [migration/3] (root,0,0,00:01:00/11-12:25:18,34) [ksoftirqd/3] (root,0,0,00:00:00/11-12:25:18,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-12:25:18,40) [kdevtmpfs] (root,0,0,00:00:00/11-12:25:18,41) [netns] (root,0,0,00:00:00/11-12:25:18,42) [inet_frag_wq] (root,0,0,00:00:01/11-12:25:18,43) [kauditd] (root,0,0,00:00:00/11-12:25:18,44) [khungtaskd] (root,0,0,00:00:00/11-12:25:18,45) [oom_reaper] (root,0,0,00:00:00/11-12:25:18,46) [writeback] (root,0,0,00:00:34/11-12:25:18,47) [kcompactd0] (root,0,0,00:00:00/11-12:25:18,48) [ksmd] (root,0,0,00:00:37/11-12:25:18,49) [khugepaged] (root,0,0,00:00:00/11-12:25:18,75) [kintegrityd] (root,0,0,00:00:00/11-12:25:18,76) [kblockd] (root,0,0,00:00:00/11-12:25:18,77) [blkcg_punt_bio] (root,0,0,00:00:00/11-12:25:18,79) [tpm_dev_wq] (root,0,0,00:00:00/11-12:25:18,80) [edac-poller] (root,0,0,00:00:00/11-12:25:18,81) [devfreq_wq] (root,0,0,00:00:00/11-12:25:18,110) [watchdogd] (root,0,0,00:00:00/11-12:25:18,111) [kswapd0] (root,0,0,00:00:02/11-12:25:18,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-12:25:16,115) [kthrotld] (root,0,0,00:00:00/11-12:25:16,116) [mld] (root,0,0,00:00:00/11-12:25:16,117) [ipv6_addrconf] (root,0,0,00:00:03/11-12:25:16,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-12:25:16,123) [kstrp] (root,0,0,00:00:00/11-12:25:16,124) [zswap-shrink] (root,0,0,00:00:00/11-12:25:16,125) [kworker/u9:0] (root,0,0,00:00:00/11-12:25:16,130) [charger_manager] (root,0,0,00:00:03/11-12:25:16,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/11-12:25:16,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/11-12:25:15,239) [kaluad] (root,0,0,00:00:00/11-12:25:15,258) [kmpath_rdacd] (root,0,0,00:00:00/11-12:25:15,304) [kmpathd] (root,0,0,00:00:00/11-12:25:15,305) [kmpath_handlerd] (root,0,0,00:00:00/11-12:25:14,342) [ata_sff] (root,0,0,00:00:00/11-12:25:14,343) [scsi_eh_0] (root,0,0,00:00:00/11-12:25:14,344) [scsi_tmf_0] (root,0,0,00:00:00/11-12:25:14,345) [scsi_eh_1] (root,0,0,00:00:00/11-12:25:14,346) [scsi_tmf_1] (root,0,0,00:00:21/11-12:25:11,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-12:25:11,367) [ext4-rsv-conver] (root,38604,7616,00:00:10/11-12:24:59,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/11-12:24:58,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:17/11-12:24:56,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/11-12:24:25,511) /sbin/auditd (messagebus,22932,5912,00:00:14/11-12:24:24,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8380,00:00:08/11-12:24:24,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/11-12:24:24,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/11-12:24:22,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/11-12:24:22,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25104,00:00:13/11-12:24:08,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/11-12:24:08,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:12/11-12:24:08,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/11-12:24:08,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/11-12:24:08,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/11-12:24:08,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/11-12:24:08,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:11/11-12:24:08,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:37/11-12:24:08,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/11-12:24:08,1352) bpfilter_umh (root,26204,8212,00:00:02/11-12:24:08,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/11-12:24:08,1359) ntpd: asynchronous dns resolver (spot,293084,179120,15:30:00/11-12:24:07,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/11-12:24:07,1371) (sd-pam) (checkmk,48528,3192,00:00:00/11-12:24:07,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/11-12:24:07,1373) (sd-pam) (root,24216,5268,00:00:03/11-12:24:05,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/11-12:24:05,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/11-12:24:05,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/11-12:24:02,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:39/11-12:24:01,1527) sshd: syslogtunnel (root,617612,72248,00:15:29/11-12:23:59,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,211392,47284,00:06:18/11-12:23:47,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/00:14,2364) [kworker/3:0-ata_sff] (postfix,44628,9380,00:00:00/5-17:59:22,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/11-12:23:22,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:36/11-12:23:22,3218) sshd: cm-ssh (root,6656,3476,00:00:00/00:00,3395) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,3413) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,3414) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/18:30,5235) [kworker/2:2-events] (root,0,0,00:00:03/22:33:51,7785) [kworker/2:1-events] (root,0,0,00:00:00/02:46:40,12699) [kworker/u8:0-writeback] (postfix,24244,8224,00:00:00/01:15:09,13066) pickup -l -t fifo -u (root,0,0,00:00:00/05:24,13099) [kworker/3:2-ata_sff] (root,0,0,00:00:00/05:22:25,19628) [kworker/0:1-events] (root,0,0,00:00:00/04:57:58,20763) [kworker/1:0-events] (root,0,0,00:00:00/43:29,24598) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:01/03:57:41,28099) [kworker/1:2-events] (root,0,0,00:00:00/31:21,28318) [kworker/3:1-events] (root,0,0,00:00:01/03:33:32,29792) [kworker/0:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-21 23:14 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836354eebf85Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:15/9-11:34:38,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-11:34:38,2) [kthreadd] (root,0,0,00:00:00/9-11:34:38,3) [rcu_gp] (root,0,0,00:00:00/9-11:34:38,4) [rcu_par_gp] (root,0,0,00:00:00/9-11:34:38,5) [slub_flushwq] (root,0,0,00:00:00/9-11:34:38,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-11:34:38,9) [mm_percpu_wq] (root,0,0,00:00:00/9-11:34:38,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-11:34:38,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-11:34:38,12) [rcu_tasks_trace] (root,0,0,00:00:17/9-11:34:38,13) [ksoftirqd/0] (root,0,0,00:25:46/9-11:34:38,14) [rcu_preempt] (root,0,0,00:00:03/9-11:34:38,15) [migration/0] (root,0,0,00:00:00/9-11:34:38,16) [idle_inject/0] (root,0,0,00:00:00/9-11:34:38,18) [cpuhp/0] (root,0,0,00:00:00/9-11:34:38,19) [cpuhp/1] (root,0,0,00:00:00/9-11:34:38,20) [idle_inject/1] (root,0,0,00:00:03/9-11:34:38,21) [migration/1] (root,0,0,00:00:14/9-11:34:38,22) [ksoftirqd/1] (root,0,0,00:00:00/9-11:34:38,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-11:34:38,25) [cpuhp/2] (root,0,0,00:00:00/9-11:34:38,26) [idle_inject/2] (root,0,0,00:00:02/9-11:34:38,27) [migration/2] (root,0,0,00:17:24/9-11:34:38,28) [ksoftirqd/2] (root,0,0,00:00:00/9-11:34:38,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-11:34:38,31) [cpuhp/3] (root,0,0,00:00:00/9-11:34:38,32) [idle_inject/3] (root,0,0,00:00:03/9-11:34:38,33) [migration/3] (root,0,0,00:00:49/9-11:34:38,34) [ksoftirqd/3] (root,0,0,00:00:00/9-11:34:38,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-11:34:38,40) [kdevtmpfs] (root,0,0,00:00:00/9-11:34:38,41) [netns] (root,0,0,00:00:00/9-11:34:38,42) [inet_frag_wq] (root,0,0,00:00:01/9-11:34:38,43) [kauditd] (root,0,0,00:00:00/9-11:34:38,44) [khungtaskd] (root,0,0,00:00:00/9-11:34:38,45) [oom_reaper] (root,0,0,00:00:00/9-11:34:38,46) [writeback] (root,0,0,00:00:28/9-11:34:38,47) [kcompactd0] (root,0,0,00:00:00/9-11:34:38,48) [ksmd] (root,0,0,00:00:31/9-11:34:38,49) [khugepaged] (root,0,0,00:00:00/9-11:34:38,75) [kintegrityd] (root,0,0,00:00:00/9-11:34:38,76) [kblockd] (root,0,0,00:00:00/9-11:34:38,77) [blkcg_punt_bio] (root,0,0,00:00:00/9-11:34:38,79) [tpm_dev_wq] (root,0,0,00:00:00/9-11:34:38,80) [edac-poller] (root,0,0,00:00:00/9-11:34:38,81) [devfreq_wq] (root,0,0,00:00:00/9-11:34:38,110) [watchdogd] (root,0,0,00:00:00/9-11:34:38,111) [kswapd0] (root,0,0,00:00:02/9-11:34:38,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-11:34:36,115) [kthrotld] (root,0,0,00:00:00/9-11:34:36,116) [mld] (root,0,0,00:00:00/9-11:34:36,117) [ipv6_addrconf] (root,0,0,00:00:02/9-11:34:36,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-11:34:36,123) [kstrp] (root,0,0,00:00:00/9-11:34:36,124) [zswap-shrink] (root,0,0,00:00:00/9-11:34:36,125) [kworker/u9:0] (root,0,0,00:00:00/9-11:34:36,130) [charger_manager] (root,0,0,00:00:02/9-11:34:36,172) [kworker/1:1H-kblockd] (root,0,0,00:00:04/9-11:34:36,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/9-11:34:35,239) [kaluad] (root,0,0,00:00:00/9-11:34:35,258) [kmpath_rdacd] (root,0,0,00:00:00/9-11:34:35,304) [kmpathd] (root,0,0,00:00:00/9-11:34:35,305) [kmpath_handlerd] (root,0,0,00:00:00/9-11:34:34,342) [ata_sff] (root,0,0,00:00:00/9-11:34:34,343) [scsi_eh_0] (root,0,0,00:00:00/9-11:34:34,344) [scsi_tmf_0] (root,0,0,00:00:00/9-11:34:34,345) [scsi_eh_1] (root,0,0,00:00:00/9-11:34:34,346) [scsi_tmf_1] (root,0,0,00:00:17/9-11:34:31,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-11:34:31,367) [ext4-rsv-conver] (root,6656,3484,00:00:00/00:00,428) /bin/bash /usr/bin/check_mk_agent (root,38604,7616,00:00:08/9-11:34:19,440) /usr/lib/systemd/systemd-journald (root,13744,3520,00:00:00/00:00,447) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,448) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,53296,9772,00:00:01/9-11:34:18,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:14/9-11:34:16,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/9-11:33:45,511) /sbin/auditd (messagebus,22932,5912,00:00:12/9-11:33:44,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8368,00:00:07/9-11:33:44,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/9-11:33:44,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/9-11:33:42,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/9-11:33:42,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,24840,00:00:10/9-11:33:28,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/9-11:33:28,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:01/9-11:33:28,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/9-11:33:28,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/9-11:33:28,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/9-11:33:28,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/9-11:33:28,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:09/9-11:33:28,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:20/9-11:33:28,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/9-11:33:28,1352) bpfilter_umh (root,26204,8212,00:00:01/9-11:33:28,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/9-11:33:28,1359) ntpd: asynchronous dns resolver (spot,294384,180320,12:18:20/9-11:33:27,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/9-11:33:27,1371) (sd-pam) (checkmk,48528,3192,00:00:00/9-11:33:27,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/9-11:33:27,1373) (sd-pam) (root,24216,5268,00:00:03/9-11:33:25,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/9-11:33:25,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/9-11:33:25,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/9-11:33:22,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:32/9-11:33:21,1527) sshd: syslogtunnel (root,617356,71960,00:12:42/9-11:33:19,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,45732,00:05:07/9-11:33:07,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/3-17:08:42,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/9-11:32:42,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:30/9-11:32:42,3218) sshd: cm-ssh (root,0,0,00:00:00/23:51,4425) [kworker/2:2-events] (root,0,0,00:00:00/06:08,7454) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:25:57,9613) [kworker/1:0-events] (root,0,0,00:00:00/02:27:12,11212) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/32:03,12819) [kworker/3:1-events] (root,0,0,00:00:00/04:52:51,14431) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/03:52:48,14915) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:01/03:39:15,15893) [kworker/0:0-events] (postfix,24244,8268,00:00:00/46:17,17707) pickup -l -t fifo -u (root,0,0,00:00:00/01:13:46,20227) [kworker/0:1] (root,0,0,00:00:01/06:52:42,26887) [kworker/1:2-events] (root,0,0,00:00:00/00:56,29147) [kworker/3:2-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-19 22:23 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363aa05f7d1Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:12/7-11:43:03,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-11:43:03,2) [kthreadd] (root,0,0,00:00:00/7-11:43:03,3) [rcu_gp] (root,0,0,00:00:00/7-11:43:03,4) [rcu_par_gp] (root,0,0,00:00:00/7-11:43:03,5) [slub_flushwq] (root,0,0,00:00:00/7-11:43:03,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-11:43:03,9) [mm_percpu_wq] (root,0,0,00:00:00/7-11:43:03,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-11:43:03,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-11:43:03,12) [rcu_tasks_trace] (root,0,0,00:00:12/7-11:43:03,13) [ksoftirqd/0] (root,0,0,00:19:54/7-11:43:03,14) [rcu_preempt] (root,0,0,00:00:02/7-11:43:03,15) [migration/0] (root,0,0,00:00:00/7-11:43:03,16) [idle_inject/0] (root,0,0,00:00:00/7-11:43:03,18) [cpuhp/0] (root,0,0,00:00:00/7-11:43:03,19) [cpuhp/1] (root,0,0,00:00:00/7-11:43:03,20) [idle_inject/1] (root,0,0,00:00:03/7-11:43:03,21) [migration/1] (root,0,0,00:00:10/7-11:43:03,22) [ksoftirqd/1] (root,0,0,00:00:00/7-11:43:03,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-11:43:03,25) [cpuhp/2] (root,0,0,00:00:00/7-11:43:03,26) [idle_inject/2] (root,0,0,00:00:02/7-11:43:03,27) [migration/2] (root,0,0,00:13:08/7-11:43:03,28) [ksoftirqd/2] (root,0,0,00:00:00/7-11:43:03,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-11:43:03,31) [cpuhp/3] (root,0,0,00:00:00/7-11:43:03,32) [idle_inject/3] (root,0,0,00:00:02/7-11:43:03,33) [migration/3] (root,0,0,00:00:36/7-11:43:03,34) [ksoftirqd/3] (root,0,0,00:00:00/7-11:43:03,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-11:43:03,40) [kdevtmpfs] (root,0,0,00:00:00/7-11:43:03,41) [netns] (root,0,0,00:00:00/7-11:43:03,42) [inet_frag_wq] (root,0,0,00:00:00/7-11:43:03,43) [kauditd] (root,0,0,00:00:00/7-11:43:03,44) [khungtaskd] (root,0,0,00:00:00/7-11:43:03,45) [oom_reaper] (root,0,0,00:00:00/7-11:43:03,46) [writeback] (root,0,0,00:00:22/7-11:43:03,47) [kcompactd0] (root,0,0,00:00:00/7-11:43:03,48) [ksmd] (root,0,0,00:00:24/7-11:43:03,49) [khugepaged] (root,0,0,00:00:00/7-11:43:03,75) [kintegrityd] (root,0,0,00:00:00/7-11:43:03,76) [kblockd] (root,0,0,00:00:00/7-11:43:03,77) [blkcg_punt_bio] (root,0,0,00:00:00/7-11:43:03,79) [tpm_dev_wq] (root,0,0,00:00:00/7-11:43:03,80) [edac-poller] (root,0,0,00:00:00/7-11:43:03,81) [devfreq_wq] (root,0,0,00:00:00/7-11:43:03,110) [watchdogd] (root,0,0,00:00:00/7-11:43:03,111) [kswapd0] (root,0,0,00:00:01/7-11:43:03,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-11:43:01,115) [kthrotld] (root,0,0,00:00:00/7-11:43:01,116) [mld] (root,0,0,00:00:00/7-11:43:01,117) [ipv6_addrconf] (root,0,0,00:00:01/7-11:43:01,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-11:43:01,123) [kstrp] (root,0,0,00:00:00/7-11:43:01,124) [zswap-shrink] (root,0,0,00:00:00/7-11:43:01,125) [kworker/u9:0] (root,0,0,00:00:00/7-11:43:01,130) [charger_manager] (root,0,0,00:00:02/7-11:43:01,172) [kworker/1:1H-kblockd] (root,0,0,00:00:03/7-11:43:01,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/7-11:43:00,239) [kaluad] (root,0,0,00:00:00/7-11:43:00,258) [kmpath_rdacd] (root,0,0,00:00:00/7-11:43:00,304) [kmpathd] (root,0,0,00:00:00/7-11:43:00,305) [kmpath_handlerd] (root,0,0,00:00:00/7-11:42:59,342) [ata_sff] (root,0,0,00:00:00/7-11:42:59,343) [scsi_eh_0] (root,0,0,00:00:00/7-11:42:59,344) [scsi_tmf_0] (root,0,0,00:00:00/7-11:42:59,345) [scsi_eh_1] (root,0,0,00:00:00/7-11:42:59,346) [scsi_tmf_1] (root,0,0,00:00:13/7-11:42:56,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-11:42:56,367) [ext4-rsv-conver] (root,38604,7616,00:00:07/7-11:42:44,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/7-11:42:43,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:11/7-11:42:41,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/7-11:42:10,511) /sbin/auditd (messagebus,22932,5912,00:00:09/7-11:42:09,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:05/7-11:42:09,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/7-11:42:09,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/7-11:42:07,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/7-11:42:07,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,23800,00:00:08/7-11:41:53,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/7-11:41:53,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:46/7-11:41:53,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/7-11:41:53,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/7-11:41:53,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/7-11:41:53,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/7-11:41:53,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:07/7-11:41:53,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:02/7-11:41:53,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/7-11:41:53,1352) bpfilter_umh (root,26204,8212,00:00:01/7-11:41:53,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/7-11:41:53,1359) ntpd: asynchronous dns resolver (spot,290892,176924,09:10:10/7-11:41:52,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/7-11:41:52,1371) (sd-pam) (checkmk,48528,3192,00:00:00/7-11:41:52,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/7-11:41:52,1373) (sd-pam) (root,24216,5268,00:00:02/7-11:41:50,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/7-11:41:50,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/7-11:41:50,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/7-11:41:47,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:25/7-11:41:46,1527) sshd: syslogtunnel (root,617356,69808,00:09:56/7-11:41:44,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,44432,00:03:53/7-11:41:32,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/1-17:17:07,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/7-11:41:07,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:23/7-11:41:07,3218) sshd: cm-ssh (root,6656,3488,00:00:00/00:00,3897) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,3915) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,3916) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/08:49,6713) [kworker/3:0-ata_sff] (root,0,0,00:00:01/08:28:16,6969) [kworker/0:2-events] (root,0,0,00:00:00/01:12:51,12808) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/06:48:54,14219) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/01:19:55,17990) [kworker/2:0-events] (root,0,0,00:00:01/05:53:14,18376) [kworker/2:2-events] (root,0,0,00:00:00/31:13,20009) [kworker/u8:2-writeback] (root,0,0,00:00:00/45:09,22475) [kworker/3:2-events] (root,0,0,00:00:00/03:39,22494) [kworker/3:1-ata_sff] (root,0,0,00:00:00/02:29,26012) [kworker/0:0-events] (root,0,0,00:00:00/14:00,27655) [kworker/1:0] (root,0,0,00:00:00/25:10,27803) [kworker/1:1-events] (postfix,24244,8296,00:00:00/01:16:45,29149) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-17 22:31 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363cfca239fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:09/5-12:01:47,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-12:01:47,2) [kthreadd] (root,0,0,00:00:00/5-12:01:47,3) [rcu_gp] (root,0,0,00:00:00/5-12:01:47,4) [rcu_par_gp] (root,0,0,00:00:00/5-12:01:47,5) [slub_flushwq] (root,0,0,00:00:00/5-12:01:47,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-12:01:47,9) [mm_percpu_wq] (root,0,0,00:00:00/5-12:01:47,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-12:01:47,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-12:01:47,12) [rcu_tasks_trace] (root,0,0,00:00:09/5-12:01:47,13) [ksoftirqd/0] (root,0,0,00:14:11/5-12:01:47,14) [rcu_preempt] (root,0,0,00:00:02/5-12:01:47,15) [migration/0] (root,0,0,00:00:00/5-12:01:47,16) [idle_inject/0] (root,0,0,00:00:00/5-12:01:47,18) [cpuhp/0] (root,0,0,00:00:00/5-12:01:47,19) [cpuhp/1] (root,0,0,00:00:00/5-12:01:47,20) [idle_inject/1] (root,0,0,00:00:02/5-12:01:47,21) [migration/1] (root,0,0,00:00:07/5-12:01:47,22) [ksoftirqd/1] (root,0,0,00:00:00/5-12:01:47,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-12:01:47,25) [cpuhp/2] (root,0,0,00:00:00/5-12:01:47,26) [idle_inject/2] (root,0,0,00:00:01/5-12:01:47,27) [migration/2] (root,0,0,00:09:16/5-12:01:47,28) [ksoftirqd/2] (root,0,0,00:00:00/5-12:01:47,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-12:01:47,31) [cpuhp/3] (root,0,0,00:00:00/5-12:01:47,32) [idle_inject/3] (root,0,0,00:00:02/5-12:01:47,33) [migration/3] (root,0,0,00:00:25/5-12:01:47,34) [ksoftirqd/3] (root,0,0,00:00:00/5-12:01:47,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-12:01:47,40) [kdevtmpfs] (root,0,0,00:00:00/5-12:01:47,41) [netns] (root,0,0,00:00:00/5-12:01:47,42) [inet_frag_wq] (root,0,0,00:00:00/5-12:01:47,43) [kauditd] (root,0,0,00:00:00/5-12:01:47,44) [khungtaskd] (root,0,0,00:00:00/5-12:01:47,45) [oom_reaper] (root,0,0,00:00:00/5-12:01:47,46) [writeback] (root,0,0,00:00:15/5-12:01:47,47) [kcompactd0] (root,0,0,00:00:00/5-12:01:47,48) [ksmd] (root,0,0,00:00:16/5-12:01:47,49) [khugepaged] (root,0,0,00:00:00/5-12:01:47,75) [kintegrityd] (root,0,0,00:00:00/5-12:01:47,76) [kblockd] (root,0,0,00:00:00/5-12:01:47,77) [blkcg_punt_bio] (root,0,0,00:00:00/5-12:01:47,79) [tpm_dev_wq] (root,0,0,00:00:00/5-12:01:47,80) [edac-poller] (root,0,0,00:00:00/5-12:01:47,81) [devfreq_wq] (root,0,0,00:00:00/5-12:01:47,110) [watchdogd] (root,0,0,00:00:00/5-12:01:47,111) [kswapd0] (root,0,0,00:00:01/5-12:01:47,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-12:01:45,115) [kthrotld] (root,0,0,00:00:00/5-12:01:45,116) [mld] (root,0,0,00:00:00/5-12:01:45,117) [ipv6_addrconf] (root,0,0,00:00:01/5-12:01:45,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-12:01:45,123) [kstrp] (root,0,0,00:00:00/5-12:01:45,124) [zswap-shrink] (root,0,0,00:00:00/5-12:01:45,125) [kworker/u9:0] (root,0,0,00:00:00/5-12:01:45,130) [charger_manager] (root,0,0,00:00:01/5-12:01:45,172) [kworker/1:1H-kblockd] (root,0,0,00:00:02/5-12:01:45,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/5-12:01:44,239) [kaluad] (root,0,0,00:00:00/5-12:01:44,258) [kmpath_rdacd] (root,0,0,00:00:00/5-12:01:44,304) [kmpathd] (root,0,0,00:00:00/5-12:01:44,305) [kmpath_handlerd] (root,0,0,00:00:00/5-12:01:43,342) [ata_sff] (root,0,0,00:00:00/5-12:01:43,343) [scsi_eh_0] (root,0,0,00:00:00/5-12:01:43,344) [scsi_tmf_0] (root,0,0,00:00:00/5-12:01:43,345) [scsi_eh_1] (root,0,0,00:00:00/5-12:01:43,346) [scsi_tmf_1] (root,0,0,00:00:09/5-12:01:40,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-12:01:40,367) [ext4-rsv-conver] (root,38604,7616,00:00:05/5-12:01:28,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/5-12:01:27,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:08/5-12:01:25,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/5-12:00:54,511) /sbin/auditd (messagebus,22932,5912,00:00:07/5-12:00:53,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:04/5-12:00:53,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/5-12:00:53,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/5-12:00:51,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/5-12:00:51,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/00:50,1266) [kworker/3:1-ata_sff] (root,547592,23628,00:00:06/5-12:00:37,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/5-12:00:37,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:33/5-12:00:37,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/5-12:00:37,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/5-12:00:37,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/5-12:00:37,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/5-12:00:37,1343) /usr/lib/systemd/systemd --user (root,448964,8616,00:00:06/5-12:00:37,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:44/5-12:00:37,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/5-12:00:37,1352) bpfilter_umh (root,26204,8212,00:00:01/5-12:00:37,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/5-12:00:37,1359) ntpd: asynchronous dns resolver (spot,212492,174708,06:16:27/5-12:00:36,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/5-12:00:36,1371) (sd-pam) (checkmk,48528,3192,00:00:00/5-12:00:36,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/5-12:00:36,1373) (sd-pam) (root,24216,5268,00:00:01/5-12:00:34,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/5-12:00:34,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/5-12:00:34,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/5-12:00:31,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:18/5-12:00:30,1527) sshd: syslogtunnel (root,617100,71464,00:07:09/5-12:00:28,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,43148,00:02:45/5-12:00:16,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/5-11:59:51,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:17/5-11:59:51,3218) sshd: cm-ssh (root,6656,3492,00:00:00/00:00,5317) /bin/bash /usr/bin/check_mk_agent (root,6656,1828,00:00:00/00:00,5358) /bin/bash /usr/bin/check_mk_agent (root,6656,2020,00:00:00/00:00,5359) /bin/bash /usr/bin/check_mk_agent (root,4480,1160,00:00:00/00:00,5360) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,872,00:00:00/00:00,5361) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,656,00:00:00/00:00,5362) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3484,00:00:00/00:00,5363) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,5381) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,5382) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/30:28,8519) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/06:30,12853) [kworker/1:0-events] (root,0,0,00:00:00/06:02,14779) [kworker/3:2-ata_sff] (postfix,24244,8228,00:00:00/16:20,15243) pickup -l -t fifo -u (root,0,0,00:00:00/01:35:14,18842) [kworker/0:0-events] (root,0,0,00:00:00/04:42:18,19129) [kworker/0:1-events] (root,0,0,00:00:00/37:09,19687) [kworker/3:0-events] (root,0,0,00:00:01/04:20:23,20908) [kworker/2:1-events] (root,0,0,00:00:00/03:03:12,25521) [kworker/1:2-events] (root,0,0,00:00:00/08:55:00,28908) [kworker/u8:2-writeback] (root,0,0,00:00:00/01:02:22,31575) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-15 22:50 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363da2e4a6fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:07/3-09:35:37,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-09:35:37,2) [kthreadd] (root,0,0,00:00:00/3-09:35:37,3) [rcu_gp] (root,0,0,00:00:00/3-09:35:37,4) [rcu_par_gp] (root,0,0,00:00:00/3-09:35:37,5) [slub_flushwq] (root,0,0,00:00:00/3-09:35:37,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-09:35:37,9) [mm_percpu_wq] (root,0,0,00:00:00/3-09:35:37,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-09:35:37,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-09:35:37,12) [rcu_tasks_trace] (root,0,0,00:00:05/3-09:35:37,13) [ksoftirqd/0] (root,0,0,00:08:41/3-09:35:37,14) [rcu_preempt] (root,0,0,00:00:01/3-09:35:37,15) [migration/0] (root,0,0,00:00:00/3-09:35:37,16) [idle_inject/0] (root,0,0,00:00:00/3-09:35:37,18) [cpuhp/0] (root,0,0,00:00:00/3-09:35:37,19) [cpuhp/1] (root,0,0,00:00:00/3-09:35:37,20) [idle_inject/1] (root,0,0,00:00:01/3-09:35:37,21) [migration/1] (root,0,0,00:00:04/3-09:35:37,22) [ksoftirqd/1] (root,0,0,00:00:00/3-09:35:37,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-09:35:37,25) [cpuhp/2] (root,0,0,00:00:00/3-09:35:37,26) [idle_inject/2] (root,0,0,00:00:01/3-09:35:37,27) [migration/2] (root,0,0,00:05:53/3-09:35:37,28) [ksoftirqd/2] (root,0,0,00:00:00/3-09:35:37,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-09:35:37,31) [cpuhp/3] (root,0,0,00:00:00/3-09:35:37,32) [idle_inject/3] (root,0,0,00:00:01/3-09:35:37,33) [migration/3] (root,0,0,00:00:16/3-09:35:37,34) [ksoftirqd/3] (root,0,0,00:00:00/3-09:35:37,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-09:35:37,40) [kdevtmpfs] (root,0,0,00:00:00/3-09:35:37,41) [netns] (root,0,0,00:00:00/3-09:35:37,42) [inet_frag_wq] (root,0,0,00:00:00/3-09:35:37,43) [kauditd] (root,0,0,00:00:00/3-09:35:37,44) [khungtaskd] (root,0,0,00:00:00/3-09:35:37,45) [oom_reaper] (root,0,0,00:00:00/3-09:35:37,46) [writeback] (root,0,0,00:00:09/3-09:35:37,47) [kcompactd0] (root,0,0,00:00:00/3-09:35:37,48) [ksmd] (root,0,0,00:00:10/3-09:35:37,49) [khugepaged] (root,0,0,00:00:00/3-09:35:37,75) [kintegrityd] (root,0,0,00:00:00/3-09:35:37,76) [kblockd] (root,0,0,00:00:00/3-09:35:37,77) [blkcg_punt_bio] (root,0,0,00:00:00/3-09:35:37,79) [tpm_dev_wq] (root,0,0,00:00:00/3-09:35:37,80) [edac-poller] (root,0,0,00:00:00/3-09:35:37,81) [devfreq_wq] (root,0,0,00:00:00/3-09:35:37,110) [watchdogd] (root,0,0,00:00:00/3-09:35:37,111) [kswapd0] (root,0,0,00:00:00/3-09:35:37,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-09:35:35,115) [kthrotld] (root,0,0,00:00:00/3-09:35:35,116) [mld] (root,0,0,00:00:00/3-09:35:35,117) [ipv6_addrconf] (root,0,0,00:00:00/3-09:35:35,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-09:35:35,123) [kstrp] (root,0,0,00:00:00/3-09:35:35,124) [zswap-shrink] (root,0,0,00:00:00/3-09:35:35,125) [kworker/u9:0] (root,0,0,00:00:00/3-09:35:35,130) [charger_manager] (root,0,0,00:00:00/3-09:35:35,172) [kworker/1:1H-kblockd] (root,0,0,00:00:01/3-09:35:35,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-09:35:34,239) [kaluad] (root,0,0,00:00:00/3-09:35:34,258) [kmpath_rdacd] (root,0,0,00:00:00/3-09:35:34,304) [kmpathd] (root,0,0,00:00:00/3-09:35:34,305) [kmpath_handlerd] (root,0,0,00:00:00/3-09:35:33,342) [ata_sff] (root,0,0,00:00:00/3-09:35:33,343) [scsi_eh_0] (root,0,0,00:00:00/3-09:35:33,344) [scsi_tmf_0] (root,0,0,00:00:00/3-09:35:33,345) [scsi_eh_1] (root,0,0,00:00:00/3-09:35:33,346) [scsi_tmf_1] (root,0,0,00:00:05/3-09:35:30,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-09:35:30,367) [ext4-rsv-conver] (root,38604,7616,00:00:03/3-09:35:18,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/3-09:35:17,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:05/3-09:35:15,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/3-09:34:44,511) /sbin/auditd (messagebus,22932,5912,00:00:04/3-09:34:43,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8356,00:00:02/3-09:34:43,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/3-09:34:43,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/3-09:34:41,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/3-09:34:41,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22784,00:00:04/3-09:34:27,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/3-09:34:27,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:20/3-09:34:27,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/3-09:34:27,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/3-09:34:27,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/3-09:34:27,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/3-09:34:27,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:04/3-09:34:27,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:27/3-09:34:27,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/3-09:34:27,1352) bpfilter_umh (root,26204,8212,00:00:00/3-09:34:27,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/3-09:34:27,1359) ntpd: asynchronous dns resolver (spot,206800,169404,03:57:46/3-09:34:26,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/3-09:34:26,1371) (sd-pam) (checkmk,48528,3192,00:00:00/3-09:34:26,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/3-09:34:26,1373) (sd-pam) (root,24216,5268,00:00:00/3-09:34:24,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/3-09:34:24,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/3-09:34:24,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/3-09:34:21,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:11/3-09:34:20,1527) sshd: syslogtunnel (root,615564,69912,00:04:27/3-09:34:18,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41868,00:01:46/3-09:34:06,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/05:02:18,2276) [kworker/1:2-events] (root,0,0,00:00:00/02:11,2587) [kworker/3:1-ata_sff] (root,35308,10108,00:00:00/3-09:33:41,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:10/3-09:33:41,3218) sshd: cm-ssh (root,0,0,00:00:00/04:46:15,5266) [kworker/2:1-events] (root,0,0,00:00:00/59:14,10634) [kworker/3:0-events_freezable_power_] (root,6656,3492,00:00:00/00:00,11074) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,11092) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,11093) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/54:56,13615) [kworker/2:2] (postfix,24244,8192,00:00:00/01:32:15,20045) pickup -l -t fifo -u (root,0,0,00:00:00/10:36,20803) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/01:16:56,20860) [kworker/0:1-events] (root,0,0,00:00:00/32:38,26869) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/07:21,28381) [kworker/3:2-events] (root,0,0,00:00:01/14:39:31,28478) [kworker/0:0-events] (root,0,0,00:00:00/01:28:06,29026) [kworker/1:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-13 20:24 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ecd11ac4Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12528,00:00:04/1-09:42:33,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-09:42:33,2) [kthreadd] (root,0,0,00:00:00/1-09:42:33,3) [rcu_gp] (root,0,0,00:00:00/1-09:42:33,4) [rcu_par_gp] (root,0,0,00:00:00/1-09:42:33,5) [slub_flushwq] (root,0,0,00:00:00/1-09:42:33,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-09:42:33,9) [mm_percpu_wq] (root,0,0,00:00:00/1-09:42:33,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-09:42:33,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-09:42:33,12) [rcu_tasks_trace] (root,0,0,00:00:02/1-09:42:33,13) [ksoftirqd/0] (root,0,0,00:03:44/1-09:42:33,14) [rcu_preempt] (root,0,0,00:00:00/1-09:42:33,15) [migration/0] (root,0,0,00:00:00/1-09:42:33,16) [idle_inject/0] (root,0,0,00:00:00/1-09:42:33,18) [cpuhp/0] (root,0,0,00:00:00/1-09:42:33,19) [cpuhp/1] (root,0,0,00:00:00/1-09:42:33,20) [idle_inject/1] (root,0,0,00:00:00/1-09:42:33,21) [migration/1] (root,0,0,00:00:02/1-09:42:33,22) [ksoftirqd/1] (root,0,0,00:00:00/1-09:42:33,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-09:42:33,25) [cpuhp/2] (root,0,0,00:00:00/1-09:42:33,26) [idle_inject/2] (root,0,0,00:00:00/1-09:42:33,27) [migration/2] (root,0,0,00:02:24/1-09:42:33,28) [ksoftirqd/2] (root,0,0,00:00:00/1-09:42:33,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-09:42:33,31) [cpuhp/3] (root,0,0,00:00:00/1-09:42:33,32) [idle_inject/3] (root,0,0,00:00:00/1-09:42:33,33) [migration/3] (root,0,0,00:00:07/1-09:42:33,34) [ksoftirqd/3] (root,0,0,00:00:00/1-09:42:33,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-09:42:33,40) [kdevtmpfs] (root,0,0,00:00:00/1-09:42:33,41) [netns] (root,0,0,00:00:00/1-09:42:33,42) [inet_frag_wq] (root,0,0,00:00:00/1-09:42:33,43) [kauditd] (root,0,0,00:00:00/1-09:42:33,44) [khungtaskd] (root,0,0,00:00:00/1-09:42:33,45) [oom_reaper] (root,0,0,00:00:00/1-09:42:33,46) [writeback] (root,0,0,00:00:04/1-09:42:33,47) [kcompactd0] (root,0,0,00:00:00/1-09:42:33,48) [ksmd] (root,0,0,00:00:04/1-09:42:33,49) [khugepaged] (root,0,0,00:00:00/1-09:42:33,75) [kintegrityd] (root,0,0,00:00:00/1-09:42:33,76) [kblockd] (root,0,0,00:00:00/1-09:42:33,77) [blkcg_punt_bio] (root,0,0,00:00:00/1-09:42:33,79) [tpm_dev_wq] (root,0,0,00:00:00/1-09:42:33,80) [edac-poller] (root,0,0,00:00:00/1-09:42:33,81) [devfreq_wq] (root,0,0,00:00:00/1-09:42:33,110) [watchdogd] (root,0,0,00:00:00/1-09:42:33,111) [kswapd0] (root,0,0,00:00:00/1-09:42:33,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-09:42:31,115) [kthrotld] (root,0,0,00:00:00/1-09:42:31,116) [mld] (root,0,0,00:00:00/1-09:42:31,117) [ipv6_addrconf] (root,0,0,00:00:00/1-09:42:31,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-09:42:31,123) [kstrp] (root,0,0,00:00:00/1-09:42:31,124) [zswap-shrink] (root,0,0,00:00:00/1-09:42:31,125) [kworker/u9:0] (root,0,0,00:00:00/1-09:42:31,130) [charger_manager] (root,0,0,00:00:00/1-09:42:31,172) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-09:42:31,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-09:42:30,239) [kaluad] (root,0,0,00:00:00/1-09:42:30,258) [kmpath_rdacd] (root,0,0,00:00:00/1-09:42:30,304) [kmpathd] (root,0,0,00:00:00/1-09:42:30,305) [kmpath_handlerd] (root,0,0,00:00:00/1-09:42:29,342) [ata_sff] (root,0,0,00:00:00/1-09:42:29,343) [scsi_eh_0] (root,0,0,00:00:00/1-09:42:29,344) [scsi_tmf_0] (root,0,0,00:00:00/1-09:42:29,345) [scsi_eh_1] (root,0,0,00:00:00/1-09:42:29,346) [scsi_tmf_1] (root,0,0,00:00:02/1-09:42:26,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-09:42:26,367) [ext4-rsv-conver] (root,38604,7616,00:00:01/1-09:42:14,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/1-09:42:13,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:02/1-09:42:11,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/1-09:41:40,511) /sbin/auditd (messagebus,22932,5912,00:00:02/1-09:41:39,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8328,00:00:01/1-09:41:39,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/1-09:41:39,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/1-09:41:37,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/1-09:41:37,616) /usr/sbin/wickedd-nanny --systemd --foreground (postfix,24244,8192,00:00:00/21:02,777) pickup -l -t fifo -u (root,547336,22256,00:00:01/1-09:41:23,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/1-09:41:23,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:07/1-09:41:23,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/1-09:41:23,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/1-09:41:23,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/1-09:41:23,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/1-09:41:23,1343) /usr/lib/systemd/systemd --user (root,448724,7512,00:00:01/1-09:41:23,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:11/1-09:41:23,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/1-09:41:23,1352) bpfilter_umh (root,26204,8212,00:00:00/1-09:41:23,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/1-09:41:23,1359) ntpd: asynchronous dns resolver (spot,204844,167892,01:55:44/1-09:41:22,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/1-09:41:22,1371) (sd-pam) (checkmk,48528,3192,00:00:00/1-09:41:22,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/1-09:41:22,1373) (sd-pam) (root,24216,5268,00:00:00/1-09:41:20,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/1-09:41:20,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/1-09:41:20,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/1-09:41:17,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:04/1-09:41:16,1527) sshd: syslogtunnel (root,615564,67628,00:01:55/1-09:41:14,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41328,00:00:48/1-09:41:02,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/1-09:40:37,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:04/1-09:40:37,3218) sshd: cm-ssh (root,0,0,00:00:00/03:08:20,9637) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/47:27,10343) [kworker/2:2-events] (root,0,0,00:00:00/08:35,11136) [kworker/3:2-ata_sff] (root,0,0,00:00:00/04:03:30,14644) [kworker/2:1-events] (root,0,0,00:00:02/09:52:46,16015) [kworker/0:0-events] (root,0,0,00:00:00/03:25,18453) [kworker/3:1-ata_sff] (root,0,0,00:00:00/31:12,21256) [kworker/u8:1] (root,0,0,00:00:00/39:42,22690) [kworker/3:0-events] (root,0,0,00:00:03/03:41:55,25188) [kworker/1:2-events] (root,0,0,00:00:00/01:52:44,25538) [kworker/1:1] (root,0,0,00:00:00/58:24,31079) [kworker/0:1-events] (root,6656,3484,00:00:00/00:00,31254) /bin/bash /usr/bin/check_mk_agent (root,13744,3512,00:00:00/00:00,31272) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,31273) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-11 20:31 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683632e2cf437Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12476,00:00:07/3-15:11:17,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-15:11:17,2) [kthreadd] (root,0,0,00:00:00/3-15:11:17,3) [rcu_gp] (root,0,0,00:00:00/3-15:11:17,4) [rcu_par_gp] (root,0,0,00:00:00/3-15:11:17,5) [slub_flushwq] (root,0,0,00:00:00/3-15:11:17,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-15:11:17,9) [mm_percpu_wq] (root,0,0,00:00:00/3-15:11:17,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-15:11:17,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-15:11:17,12) [rcu_tasks_trace] (root,0,0,00:00:09/3-15:11:17,13) [ksoftirqd/0] (root,0,0,00:13:00/3-15:11:17,14) [rcu_preempt] (root,0,0,00:00:01/3-15:11:17,15) [migration/0] (root,0,0,00:00:00/3-15:11:17,16) [idle_inject/0] (root,0,0,00:00:00/3-15:11:17,18) [cpuhp/0] (root,0,0,00:00:00/3-15:11:17,19) [cpuhp/1] (root,0,0,00:00:00/3-15:11:17,20) [idle_inject/1] (root,0,0,00:00:01/3-15:11:17,21) [migration/1] (root,0,0,00:00:07/3-15:11:17,22) [ksoftirqd/1] (root,0,0,00:00:00/3-15:11:17,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-15:11:17,25) [cpuhp/2] (root,0,0,00:00:00/3-15:11:17,26) [idle_inject/2] (root,0,0,00:00:01/3-15:11:17,27) [migration/2] (root,0,0,00:12:58/3-15:11:17,28) [ksoftirqd/2] (root,0,0,00:00:00/3-15:11:17,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-15:11:17,31) [cpuhp/3] (root,0,0,00:00:00/3-15:11:17,32) [idle_inject/3] (root,0,0,00:00:01/3-15:11:17,33) [migration/3] (root,0,0,00:00:35/3-15:11:17,34) [ksoftirqd/3] (root,0,0,00:00:00/3-15:11:17,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-15:11:17,41) [kdevtmpfs] (root,0,0,00:00:00/3-15:11:17,42) [netns] (root,0,0,00:00:00/3-15:11:17,43) [inet_frag_wq] (root,0,0,00:00:00/3-15:11:17,44) [kauditd] (root,0,0,00:00:00/3-15:11:17,46) [khungtaskd] (root,0,0,00:00:00/3-15:11:17,47) [oom_reaper] (root,0,0,00:00:00/3-15:11:17,48) [writeback] (root,0,0,00:00:15/3-15:11:17,49) [kcompactd0] (root,0,0,00:00:00/3-15:11:17,50) [ksmd] (root,0,0,00:00:11/3-15:11:17,51) [khugepaged] (root,0,0,00:00:00/3-15:11:17,76) [kintegrityd] (root,0,0,00:00:00/3-15:11:17,77) [kblockd] (root,0,0,00:00:00/3-15:11:17,78) [blkcg_punt_bio] (root,0,0,00:00:00/3-15:11:17,80) [tpm_dev_wq] (root,0,0,00:00:00/3-15:11:17,81) [edac-poller] (root,0,0,00:00:00/3-15:11:17,82) [devfreq_wq] (root,0,0,00:00:00/3-15:11:17,111) [watchdogd] (root,0,0,00:00:01/3-15:11:17,113) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-15:11:17,114) [kswapd0] (root,0,0,00:00:00/3-15:11:16,116) [kthrotld] (root,0,0,00:00:00/3-15:11:16,117) [mld] (root,0,0,00:00:00/3-15:11:16,118) [ipv6_addrconf] (root,0,0,00:00:01/3-15:11:16,119) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-15:11:16,124) [kstrp] (root,0,0,00:00:00/3-15:11:16,125) [zswap-shrink] (root,0,0,00:00:00/3-15:11:16,126) [kworker/u9:0] (root,0,0,00:00:00/3-15:11:16,131) [charger_manager] (root,0,0,00:00:01/3-15:11:16,173) [kworker/0:1H-kblockd] (root,0,0,00:00:01/3-15:11:16,177) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-15:11:16,190) [kaluad] (root,0,0,00:00:00/3-15:11:16,197) [kmpath_rdacd] (root,0,0,00:00:00/3-15:11:16,210) [kmpathd] (root,0,0,00:00:00/3-15:11:16,212) [kmpath_handlerd] (root,0,0,00:00:00/3-15:11:16,335) [ata_sff] (root,0,0,00:00:00/3-15:11:16,336) [scsi_eh_0] (root,0,0,00:00:00/3-15:11:16,337) [scsi_tmf_0] (root,0,0,00:00:00/3-15:11:16,338) [scsi_eh_1] (root,0,0,00:00:00/3-15:11:16,341) [scsi_tmf_1] (root,0,0,00:00:08/3-15:11:15,365) [jbd2/vda1-8] (root,0,0,00:00:00/3-15:11:15,366) [ext4-rsv-conver] (root,38604,7720,00:00:04/3-15:11:13,435) /usr/lib/systemd/systemd-journald (root,52912,9276,00:00:00/3-15:11:13,452) /usr/lib/systemd/systemd-udevd (root,8624,6920,00:00:07/3-15:11:13,490) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1648,00:00:01/3-15:11:12,509) /sbin/auditd (messagebus,22940,5852,00:00:05/3-15:11:12,515) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38756,8376,00:00:03/3-15:11:12,522) /usr/lib/systemd/systemd-logind (root,20556,6136,00:00:00/3-15:11:12,525) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17424,00:00:03/3-15:11:12,612) /usr/sbin/wickedd --systemd --foreground (root,31904,17884,00:00:00/3-15:11:12,613) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24716,00:00:04/3-15:11:01,2070) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26892,00:00:00/3-15:11:01,2082) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4524,00:00:19/3-15:11:01,2094) /usr/sbin/xinetd -stayalive -dontfork (root,448724,10192,00:00:05/3-15:11:01,2096) /usr/sbin/rsyslogd -n -iNONE (root,2984,1756,00:00:00/3-15:11:01,2097) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10592,00:00:00/3-15:11:01,2098) /usr/lib/systemd/systemd --user (cm-ssh,40560,10476,00:00:00/3-15:11:01,2099) /usr/lib/systemd/systemd --user (checkmk,40564,10532,00:00:00/3-15:11:01,2100) /usr/lib/systemd/systemd --user (ntp,20660,6368,00:00:36/3-15:11:01,2104) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,644,00:00:00/3-15:11:01,2106) bpfilter_umh (root,26204,8300,00:00:00/3-15:11:01,2109) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4396,00:00:00/3-15:11:01,2113) ntpd: asynchronous dns resolver (spot,226484,187428,08:27:52/3-15:11:01,2118) /usr/bin/python3.11 /usr/bin/spot (checkmk,48544,3180,00:00:00/3-15:11:01,2121) (sd-pam) (cm-ssh,48544,3180,00:00:00/3-15:11:01,2122) (sd-pam) (syslogtunnel,48544,3180,00:00:00/3-15:11:01,2123) (sd-pam) (root,24216,5416,00:00:01/3-15:11:00,2222) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-15:11:00,2224) qmgr -l -t fifo -u (root,8956,2652,00:00:00/3-15:11:00,2246) /usr/sbin/cron -n (root,616308,69032,00:05:50/3-15:11:00,2261) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,207296,41464,00:02:31/3-15:10:58,2272) /usr/bin/python3.11 /usr/bin/spot (root,35308,9940,00:00:00/3-15:10:55,2320) sshd: cm-ssh [priv] (cm-ssh,35308,5384,00:00:13/3-15:10:55,2322) sshd: cm-ssh (root,35308,9992,00:00:00/3-15:10:51,2329) sshd: syslogtunnel [priv] (syslogtunnel,35308,5312,00:00:15/3-15:10:51,2331) sshd: syslogtunnel (root,0,0,00:00:00/02:18:02,3663) [kworker/0:0] (root,0,0,00:00:00/59:48,4011) [kworker/0:2-events] (root,0,0,00:00:00/55:40,10069) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/05:15,12407) [kworker/3:0-ata_sff] (postfix,24244,8240,00:00:00/29:39,13051) pickup -l -t fifo -u (root,0,0,00:00:00/03:44:36,13520) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/26:44,14875) [kworker/1:0-events] (root,0,0,00:00:00/03:55:24,16689) [kworker/1:1-events] (postfix,44628,9388,00:00:00/19:31:56,18145) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:55:38,20649) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:01/01:54:11,21904) [kworker/3:1-events_power_efficient] (root,0,0,00:00:00/00:02,27337) [kworker/3:2-ata_sff] (root,6656,3500,00:00:00/00:00,27606) /bin/bash /usr/bin/check_mk_agent (root,13744,3524,00:00:00/00:00,27624) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,27625) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:28:53,28204) [kworker/2:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-10 00:16 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683636d72b04fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12472,00:00:06/3-04:23:16,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-04:23:16,2) [kthreadd] (root,0,0,00:00:00/3-04:23:16,3) [rcu_gp] (root,0,0,00:00:00/3-04:23:16,4) [rcu_par_gp] (root,0,0,00:00:00/3-04:23:16,5) [slub_flushwq] (root,0,0,00:00:00/3-04:23:16,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-04:23:16,9) [mm_percpu_wq] (root,0,0,00:00:00/3-04:23:16,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-04:23:16,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-04:23:16,12) [rcu_tasks_trace] (root,0,0,00:00:08/3-04:23:16,13) [ksoftirqd/0] (root,0,0,00:11:38/3-04:23:16,14) [rcu_preempt] (root,0,0,00:00:01/3-04:23:16,15) [migration/0] (root,0,0,00:00:00/3-04:23:16,16) [idle_inject/0] (root,0,0,00:00:00/3-04:23:16,18) [cpuhp/0] (root,0,0,00:00:00/3-04:23:16,19) [cpuhp/1] (root,0,0,00:00:00/3-04:23:16,20) [idle_inject/1] (root,0,0,00:00:01/3-04:23:16,21) [migration/1] (root,0,0,00:00:06/3-04:23:16,22) [ksoftirqd/1] (root,0,0,00:00:00/3-04:23:16,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-04:23:16,25) [cpuhp/2] (root,0,0,00:00:00/3-04:23:16,26) [idle_inject/2] (root,0,0,00:00:01/3-04:23:16,27) [migration/2] (root,0,0,00:12:03/3-04:23:16,28) [ksoftirqd/2] (root,0,0,00:00:00/3-04:23:16,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-04:23:16,31) [cpuhp/3] (root,0,0,00:00:00/3-04:23:16,32) [idle_inject/3] (root,0,0,00:00:01/3-04:23:16,33) [migration/3] (root,0,0,00:00:32/3-04:23:16,34) [ksoftirqd/3] (root,0,0,00:00:00/3-04:23:16,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-04:23:16,41) [kdevtmpfs] (root,0,0,00:00:00/3-04:23:16,42) [netns] (root,0,0,00:00:00/3-04:23:16,43) [inet_frag_wq] (root,0,0,00:00:00/3-04:23:16,44) [kauditd] (root,0,0,00:00:00/3-04:23:16,46) [khungtaskd] (root,0,0,00:00:00/3-04:23:16,47) [oom_reaper] (root,0,0,00:00:00/3-04:23:16,48) [writeback] (root,0,0,00:00:13/3-04:23:16,49) [kcompactd0] (root,0,0,00:00:00/3-04:23:16,50) [ksmd] (root,0,0,00:00:10/3-04:23:16,51) [khugepaged] (root,0,0,00:00:00/3-04:23:16,76) [kintegrityd] (root,0,0,00:00:00/3-04:23:16,77) [kblockd] (root,0,0,00:00:00/3-04:23:16,78) [blkcg_punt_bio] (root,0,0,00:00:00/3-04:23:16,80) [tpm_dev_wq] (root,0,0,00:00:00/3-04:23:16,81) [edac-poller] (root,0,0,00:00:00/3-04:23:16,82) [devfreq_wq] (root,0,0,00:00:00/3-04:23:16,111) [watchdogd] (root,0,0,00:00:01/3-04:23:16,113) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-04:23:16,114) [kswapd0] (root,0,0,00:00:00/3-04:23:15,116) [kthrotld] (root,0,0,00:00:00/3-04:23:15,117) [mld] (root,0,0,00:00:00/3-04:23:15,118) [ipv6_addrconf] (root,0,0,00:00:01/3-04:23:15,119) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-04:23:15,124) [kstrp] (root,0,0,00:00:00/3-04:23:15,125) [zswap-shrink] (root,0,0,00:00:00/3-04:23:15,126) [kworker/u9:0] (root,0,0,00:00:00/3-04:23:15,131) [charger_manager] (root,0,0,00:00:01/3-04:23:15,173) [kworker/0:1H-kblockd] (root,0,0,00:00:01/3-04:23:15,177) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-04:23:15,190) [kaluad] (root,0,0,00:00:00/3-04:23:15,197) [kmpath_rdacd] (root,0,0,00:00:00/3-04:23:15,210) [kmpathd] (root,0,0,00:00:00/3-04:23:15,212) [kmpath_handlerd] (root,0,0,00:00:00/3-04:23:15,335) [ata_sff] (root,0,0,00:00:00/3-04:23:15,336) [scsi_eh_0] (root,0,0,00:00:00/3-04:23:15,337) [scsi_tmf_0] (root,0,0,00:00:00/3-04:23:15,338) [scsi_eh_1] (root,0,0,00:00:00/3-04:23:15,341) [scsi_tmf_1] (root,0,0,00:00:07/3-04:23:14,365) [jbd2/vda1-8] (root,0,0,00:00:00/3-04:23:14,366) [ext4-rsv-conver] (root,0,0,00:00:01/02:20:40,429) [kworker/3:2-events] (root,38604,7720,00:00:03/3-04:23:12,435) /usr/lib/systemd/systemd-journald (root,52912,9276,00:00:00/3-04:23:12,452) /usr/lib/systemd/systemd-udevd (root,8624,6920,00:00:06/3-04:23:12,490) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1648,00:00:01/3-04:23:11,509) /sbin/auditd (messagebus,22940,5852,00:00:04/3-04:23:11,515) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38756,8376,00:00:03/3-04:23:11,522) /usr/lib/systemd/systemd-logind (root,20556,6136,00:00:00/3-04:23:11,525) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17424,00:00:03/3-04:23:11,612) /usr/sbin/wickedd --systemd --foreground (root,31904,17884,00:00:00/3-04:23:11,613) /usr/sbin/wickedd-nanny --systemd --foreground (postfix,24244,8208,00:00:00/01:22:07,1268) pickup -l -t fifo -u (root,0,0,00:00:00/04:15:32,1697) [kworker/0:2-events] (root,547336,24208,00:00:04/3-04:23:00,2070) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26892,00:00:00/3-04:23:00,2082) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4524,00:00:17/3-04:23:00,2094) /usr/sbin/xinetd -stayalive -dontfork (root,448724,10192,00:00:04/3-04:23:00,2096) /usr/sbin/rsyslogd -n -iNONE (root,2984,1756,00:00:00/3-04:23:00,2097) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10592,00:00:00/3-04:23:00,2098) /usr/lib/systemd/systemd --user (cm-ssh,40560,10476,00:00:00/3-04:23:00,2099) /usr/lib/systemd/systemd --user (checkmk,40564,10532,00:00:00/3-04:23:00,2100) /usr/lib/systemd/systemd --user (ntp,20660,6368,00:00:32/3-04:23:00,2104) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,644,00:00:00/3-04:23:00,2106) bpfilter_umh (root,26204,8300,00:00:00/3-04:23:00,2109) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4396,00:00:00/3-04:23:00,2113) ntpd: asynchronous dns resolver (spot,228452,187920,07:33:48/3-04:23:00,2118) /usr/bin/python3.11 /usr/bin/spot (checkmk,48544,3180,00:00:00/3-04:23:00,2121) (sd-pam) (cm-ssh,48544,3180,00:00:00/3-04:23:00,2122) (sd-pam) (syslogtunnel,48544,3180,00:00:00/3-04:23:00,2123) (sd-pam) (root,24216,5416,00:00:01/3-04:22:59,2222) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-04:22:59,2224) qmgr -l -t fifo -u (root,8956,2652,00:00:00/3-04:22:59,2246) /usr/sbin/cron -n (root,616308,68952,00:05:10/3-04:22:59,2261) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41264,00:02:17/3-04:22:57,2272) /usr/bin/python3.11 /usr/bin/spot (root,35308,9940,00:00:00/3-04:22:54,2320) sshd: cm-ssh [priv] (cm-ssh,35308,5384,00:00:12/3-04:22:54,2322) sshd: cm-ssh (root,35308,9992,00:00:00/3-04:22:50,2329) sshd: syslogtunnel [priv] (syslogtunnel,35308,5312,00:00:13/3-04:22:50,2331) sshd: syslogtunnel (root,0,0,00:00:00/01:12:48,3295) [kworker/2:1] (root,0,0,00:00:00/01:01:52,5630) [kworker/u8:2] (root,0,0,00:00:00/40:07,11333) [kworker/1:0-events] (root,0,0,00:00:00/28:11,13486) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/15:15,16333) [kworker/0:0] (postfix,44628,9388,00:00:00/08:43:55,18145) tlsmgr -l -t unix -u (root,0,0,00:00:00/05:45,18601) [kworker/3:0-ata_sff] (root,0,0,00:00:00/03:47,18779) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/03:41,18781) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/00:34,19774) [kworker/3:1-ata_sff] (root,6656,3484,00:00:00/00:00,19858) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,19876) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,19877) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:45:52,27078) [kworker/2:2-events] (root,0,0,00:00:00/01:34:50,30858) [kworker/1:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-09 13:28
Domain summary
No record