Host 195.37.11.78
Germany
Verein zur Foerderung eines Deutschen Forschungsnetzes e.V.
-
CheckMK monitoring endpoint publicly available
An open CheckMK agent is publicly available.
This could leak sensitive information such as :
- Process list ( maybe credentials )
- Network interfaces
- Running services
- Firewall rules
- Internal OS configuration
https://docs.checkmk.com/latest/en/wato_monitoringagents.html
First seen 2024-09-10 14:57
Last seen 2024-12-22 00:57
Open for 102 days-
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836374ebe63aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12584,00:01:36/39-14:35:44,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-14:35:44,2) [kthreadd] (root,0,0,00:00:00/39-14:35:44,3) [rcu_gp] (root,0,0,00:00:00/39-14:35:44,4) [rcu_par_gp] (root,0,0,00:00:00/39-14:35:44,5) [slub_flushwq] (root,0,0,00:00:00/39-14:35:44,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-14:35:44,9) [mm_percpu_wq] (root,0,0,00:00:00/39-14:35:44,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-14:35:44,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-14:35:44,12) [rcu_tasks_trace] (root,0,0,00:01:15/39-14:35:44,13) [ksoftirqd/0] (root,0,0,01:45:18/39-14:35:44,14) [rcu_preempt] (root,0,0,00:00:15/39-14:35:44,15) [migration/0] (root,0,0,00:00:00/39-14:35:44,16) [idle_inject/0] (root,0,0,00:00:00/39-14:35:44,18) [cpuhp/0] (root,0,0,00:00:00/39-14:35:44,19) [cpuhp/1] (root,0,0,00:00:00/39-14:35:44,20) [idle_inject/1] (root,0,0,00:00:15/39-14:35:44,21) [migration/1] (root,0,0,00:01:05/39-14:35:44,22) [ksoftirqd/1] (root,0,0,00:00:00/39-14:35:44,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-14:35:44,25) [cpuhp/2] (root,0,0,00:00:00/39-14:35:44,26) [idle_inject/2] (root,0,0,00:00:12/39-14:35:44,27) [migration/2] (root,0,0,01:14:06/39-14:35:44,28) [ksoftirqd/2] (root,0,0,00:00:00/39-14:35:44,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-14:35:44,31) [cpuhp/3] (root,0,0,00:00:00/39-14:35:44,32) [idle_inject/3] (root,0,0,00:00:14/39-14:35:44,33) [migration/3] (root,0,0,00:03:31/39-14:35:44,34) [ksoftirqd/3] (root,0,0,00:00:00/39-14:35:44,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-14:35:44,39) [kdevtmpfs] (root,0,0,00:00:00/39-14:35:44,40) [netns] (root,0,0,00:00:00/39-14:35:44,41) [inet_frag_wq] (root,0,0,00:00:09/39-14:35:44,42) [kauditd] (root,0,0,00:00:00/39-14:35:44,43) [khungtaskd] (root,0,0,00:00:00/39-14:35:44,44) [oom_reaper] (root,0,0,00:00:00/39-14:35:44,45) [writeback] (root,0,0,00:01:56/39-14:35:44,46) [kcompactd0] (root,0,0,00:00:00/39-14:35:44,47) [ksmd] (root,0,0,00:01:57/39-14:35:44,48) [khugepaged] (root,0,0,00:00:00/39-14:35:44,74) [kintegrityd] (root,0,0,00:00:00/39-14:35:44,75) [kblockd] (root,0,0,00:00:00/39-14:35:44,76) [blkcg_punt_bio] (root,0,0,00:00:00/39-14:35:44,78) [tpm_dev_wq] (root,0,0,00:00:00/39-14:35:44,79) [edac-poller] (root,0,0,00:00:00/39-14:35:44,80) [devfreq_wq] (root,0,0,00:00:00/39-14:35:44,110) [watchdogd] (root,0,0,00:00:08/39-14:35:44,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/39-14:35:44,112) [kswapd0] (root,0,0,00:00:00/39-14:35:43,114) [kthrotld] (root,0,0,00:00:00/39-14:35:43,115) [mld] (root,0,0,00:00:00/39-14:35:43,116) [ipv6_addrconf] (root,0,0,00:00:17/39-14:35:43,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/39-14:35:43,122) [kstrp] (root,0,0,00:00:00/39-14:35:43,123) [zswap-shrink] (root,0,0,00:00:00/39-14:35:43,124) [kworker/u9:0] (root,0,0,00:00:00/39-14:35:43,129) [charger_manager] (root,0,0,00:00:08/39-14:35:42,172) [kworker/3:1H-kblockd] (root,0,0,00:00:09/39-14:35:42,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-14:35:42,205) [kaluad] (root,0,0,00:00:00/39-14:35:42,250) [kmpath_rdacd] (root,0,0,00:00:00/39-14:35:42,293) [kmpathd] (root,0,0,00:00:00/39-14:35:42,294) [kmpath_handlerd] (root,0,0,00:00:00/39-14:35:42,342) [ata_sff] (root,0,0,00:00:00/39-14:35:41,343) [scsi_eh_0] (root,0,0,00:00:00/39-14:35:41,344) [scsi_tmf_0] (root,0,0,00:00:00/39-14:35:41,345) [scsi_eh_1] (root,0,0,00:00:00/39-14:35:41,346) [scsi_tmf_1] (root,0,0,00:01:05/39-14:35:39,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-14:35:39,367) [ext4-rsv-conver] (root,38604,7788,00:00:54/39-14:35:27,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/39-14:35:26,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:59/39-14:35:24,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:19/39-14:34:50,512) /sbin/auditd (messagebus,22936,5548,00:01:45/39-14:34:50,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:01:01/39-14:34:50,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/39-14:34:50,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/39-14:34:49,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/39-14:34:49,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:44/39-14:34:35,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/39-14:34:35,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:45/39-14:34:34,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/39-14:34:34,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/39-14:34:34,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/39-14:34:34,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/39-14:34:34,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:50/39-14:34:34,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:23/39-14:34:34,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/39-14:34:34,1206) bpfilter_umh (root,26204,8212,00:00:16/39-14:34:34,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/39-14:34:34,1215) ntpd: asynchronous dns resolver (spot,299488,183096,2-02:58:36/39-14:34:34,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/39-14:34:33,1228) (sd-pam) (checkmk,48532,3192,00:00:00/39-14:34:33,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/39-14:34:33,1245) (sd-pam) (root,24216,5344,00:00:13/39-14:34:32,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/39-14:34:32,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/39-14:34:31,1354) /usr/sbin/cron -n (root,698484,82656,00:51:44/39-14:34:25,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,66924,00:17:03/39-14:34:11,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/01:58:33,2674) [kworker/0:2-events] (root,0,0,00:00:00/39:14,5528) [kworker/1:2-events] (root,0,0,00:00:00/05:01,7221) [kworker/3:0-events] (root,0,0,00:00:00/01:32:49,9266) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/01:02,10883) [kworker/0:1] (root,0,0,00:00:00/24:02,12385) [kworker/0:0-cgroup_destroy] (postfix,24244,8292,00:00:00/03:03,13685) pickup -l -t fifo -u (root,0,0,00:00:00/02:06:35,15256) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/33-12:25:27,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:51/33-12:25:26,15391) sshd: cm-ssh (root,0,0,00:00:00/02:55,15706) [kworker/1:1-ata_sff] (root,35308,10072,00:00:00/23-13:54:05,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:22/23-13:54:04,16977) sshd: syslogtunnel (root,0,0,00:00:00/13:37,18644) [kworker/3:1-cgroup_destroy] (root,0,0,00:00:00/44:03,19043) [kworker/3:2-cgroup_destroy] (root,6764,3592,00:00:00/00:00,21013) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,21148) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,21193) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,21194) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/11:25,24965) [kworker/2:0-events] (root,0,0,00:00:00/19:56,29419) [kworker/2:2-cgroup_destroy] (postfix,44628,9272,00:00:01/33-19:11:12,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/08:08,31013) [kworker/1:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-22 00:57 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363916fcbb3Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:26/37-14:02:22,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-14:02:22,2) [kthreadd] (root,0,0,00:00:00/37-14:02:22,3) [rcu_gp] (root,0,0,00:00:00/37-14:02:22,4) [rcu_par_gp] (root,0,0,00:00:00/37-14:02:22,5) [slub_flushwq] (root,0,0,00:00:00/37-14:02:22,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-14:02:22,9) [mm_percpu_wq] (root,0,0,00:00:00/37-14:02:22,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-14:02:22,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-14:02:22,12) [rcu_tasks_trace] (root,0,0,00:01:09/37-14:02:22,13) [ksoftirqd/0] (root,0,0,01:39:42/37-14:02:22,14) [rcu_preempt] (root,0,0,00:00:14/37-14:02:22,15) [migration/0] (root,0,0,00:00:00/37-14:02:22,16) [idle_inject/0] (root,0,0,00:00:00/37-14:02:22,18) [cpuhp/0] (root,0,0,00:00:00/37-14:02:22,19) [cpuhp/1] (root,0,0,00:00:00/37-14:02:22,20) [idle_inject/1] (root,0,0,00:00:14/37-14:02:22,21) [migration/1] (root,0,0,00:01:00/37-14:02:22,22) [ksoftirqd/1] (root,0,0,00:00:00/37-14:02:22,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-14:02:22,25) [cpuhp/2] (root,0,0,00:00:00/37-14:02:22,26) [idle_inject/2] (root,0,0,00:00:11/37-14:02:22,27) [migration/2] (root,0,0,01:10:40/37-14:02:22,28) [ksoftirqd/2] (root,0,0,00:00:00/37-14:02:22,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-14:02:22,31) [cpuhp/3] (root,0,0,00:00:00/37-14:02:22,32) [idle_inject/3] (root,0,0,00:00:14/37-14:02:22,33) [migration/3] (root,0,0,00:03:20/37-14:02:22,34) [ksoftirqd/3] (root,0,0,00:00:00/37-14:02:22,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-14:02:22,39) [kdevtmpfs] (root,0,0,00:00:00/37-14:02:22,40) [netns] (root,0,0,00:00:00/37-14:02:22,41) [inet_frag_wq] (root,0,0,00:00:08/37-14:02:22,42) [kauditd] (root,0,0,00:00:00/37-14:02:22,43) [khungtaskd] (root,0,0,00:00:00/37-14:02:22,44) [oom_reaper] (root,0,0,00:00:00/37-14:02:22,45) [writeback] (root,0,0,00:01:50/37-14:02:22,46) [kcompactd0] (root,0,0,00:00:00/37-14:02:22,47) [ksmd] (root,0,0,00:01:50/37-14:02:22,48) [khugepaged] (root,0,0,00:00:00/37-14:02:22,74) [kintegrityd] (root,0,0,00:00:00/37-14:02:22,75) [kblockd] (root,0,0,00:00:00/37-14:02:22,76) [blkcg_punt_bio] (root,0,0,00:00:00/37-14:02:22,78) [tpm_dev_wq] (root,0,0,00:00:00/37-14:02:22,79) [edac-poller] (root,0,0,00:00:00/37-14:02:22,80) [devfreq_wq] (root,0,0,00:00:00/37-14:02:22,110) [watchdogd] (root,0,0,00:00:07/37-14:02:22,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/37-14:02:22,112) [kswapd0] (root,0,0,00:00:00/37-14:02:21,114) [kthrotld] (root,0,0,00:00:00/37-14:02:21,115) [mld] (root,0,0,00:00:00/37-14:02:21,116) [ipv6_addrconf] (root,0,0,00:00:16/37-14:02:21,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/37-14:02:21,122) [kstrp] (root,0,0,00:00:00/37-14:02:21,123) [zswap-shrink] (root,0,0,00:00:00/37-14:02:21,124) [kworker/u9:0] (root,0,0,00:00:00/37-14:02:21,129) [charger_manager] (root,0,0,00:00:08/37-14:02:20,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/37-14:02:20,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-14:02:20,205) [kaluad] (root,0,0,00:00:00/37-14:02:20,250) [kmpath_rdacd] (root,0,0,00:00:00/37-14:02:20,293) [kmpathd] (root,0,0,00:00:00/37-14:02:20,294) [kmpath_handlerd] (root,0,0,00:00:00/37-14:02:20,342) [ata_sff] (root,0,0,00:00:00/37-14:02:19,343) [scsi_eh_0] (root,0,0,00:00:00/37-14:02:19,344) [scsi_tmf_0] (root,0,0,00:00:00/37-14:02:19,345) [scsi_eh_1] (root,0,0,00:00:00/37-14:02:19,346) [scsi_tmf_1] (root,0,0,00:01:01/37-14:02:17,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-14:02:17,367) [ext4-rsv-conver] (root,38604,7788,00:00:48/37-14:02:05,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/37-14:02:04,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:56/37-14:02:02,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:17/37-14:01:28,512) /sbin/auditd (messagebus,22936,5548,00:01:32/37-14:01:28,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:54/37-14:01:28,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/37-14:01:28,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/37-14:01:27,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/37-14:01:27,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:42/37-14:01:13,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/37-14:01:13,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:32/37-14:01:12,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/37-14:01:12,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/37-14:01:12,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/37-14:01:12,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/37-14:01:12,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:46/37-14:01:12,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:06/37-14:01:12,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/37-14:01:12,1206) bpfilter_umh (root,26204,8212,00:00:14/37-14:01:12,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/37-14:01:12,1215) ntpd: asynchronous dns resolver (spot,296304,182120,1-23:13:46/37-14:01:12,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/37-14:01:11,1228) (sd-pam) (checkmk,48532,3192,00:00:00/37-14:01:11,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/37-14:01:11,1245) (sd-pam) (root,24216,5344,00:00:12/37-14:01:10,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/37-14:01:10,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/37-14:01:09,1354) /usr/sbin/cron -n (root,698484,82412,00:49:05/37-14:01:03,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66044,00:16:08/37-14:00:49,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:58,2838) [kworker/3:1-events] (root,0,0,00:00:00/01:23,4583) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/01:01,6208) [kworker/1:2-ata_sff] (root,6656,3480,00:00:00/00:00,9501) /bin/bash /usr/bin/check_mk_agent (root,13744,3520,00:00:00/00:00,9519) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,9520) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:36:12,13355) [kworker/3:0-cgroup_destroy] (root,35308,10012,00:00:00/31-11:52:05,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:44/31-11:52:04,15391) sshd: cm-ssh (root,0,0,00:00:00/09:04,16397) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10072,00:00:00/21-13:20:43,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:14/21-13:20:42,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:44:24,17446) [kworker/0:2-events] (root,0,0,00:00:00/08:05,18386) [kworker/3:2-events] (root,0,0,00:00:00/39:01,19242) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/52:54,21022) [kworker/1:1-events] (postfix,24244,8204,00:00:00/01:31:44,22497) pickup -l -t fifo -u (root,0,0,00:00:00/20:20,23807) [kworker/2:0-events] (root,0,0,00:00:00/06:11,26762) [kworker/1:0-ata_sff] (root,0,0,00:00:00/18:18,26953) [kworker/0:1-cgroup_destroy] (postfix,44628,9272,00:00:01/31-18:37:50,30472) tlsmgr -l -t unix -u (root,0,0,00:00:02/01:48:24,32596) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-20 00:24 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ffedc72eFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:22/35-15:10:41,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/35-15:10:41,2) [kthreadd] (root,0,0,00:00:00/35-15:10:41,3) [rcu_gp] (root,0,0,00:00:00/35-15:10:41,4) [rcu_par_gp] (root,0,0,00:00:00/35-15:10:41,5) [slub_flushwq] (root,0,0,00:00:00/35-15:10:41,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-15:10:41,9) [mm_percpu_wq] (root,0,0,00:00:00/35-15:10:41,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-15:10:41,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-15:10:41,12) [rcu_tasks_trace] (root,0,0,00:01:05/35-15:10:41,13) [ksoftirqd/0] (root,0,0,01:34:29/35-15:10:41,14) [rcu_preempt] (root,0,0,00:00:13/35-15:10:41,15) [migration/0] (root,0,0,00:00:00/35-15:10:41,16) [idle_inject/0] (root,0,0,00:00:00/35-15:10:41,18) [cpuhp/0] (root,0,0,00:00:00/35-15:10:41,19) [cpuhp/1] (root,0,0,00:00:00/35-15:10:41,20) [idle_inject/1] (root,0,0,00:00:14/35-15:10:41,21) [migration/1] (root,0,0,00:00:57/35-15:10:41,22) [ksoftirqd/1] (root,0,0,00:00:00/35-15:10:41,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-15:10:41,25) [cpuhp/2] (root,0,0,00:00:00/35-15:10:41,26) [idle_inject/2] (root,0,0,00:00:11/35-15:10:41,27) [migration/2] (root,0,0,01:07:41/35-15:10:41,28) [ksoftirqd/2] (root,0,0,00:00:00/35-15:10:41,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-15:10:41,31) [cpuhp/3] (root,0,0,00:00:00/35-15:10:41,32) [idle_inject/3] (root,0,0,00:00:13/35-15:10:41,33) [migration/3] (root,0,0,00:03:11/35-15:10:41,34) [ksoftirqd/3] (root,0,0,00:00:00/35-15:10:41,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-15:10:41,39) [kdevtmpfs] (root,0,0,00:00:00/35-15:10:41,40) [netns] (root,0,0,00:00:00/35-15:10:41,41) [inet_frag_wq] (root,0,0,00:00:07/35-15:10:41,42) [kauditd] (root,0,0,00:00:00/35-15:10:41,43) [khungtaskd] (root,0,0,00:00:00/35-15:10:41,44) [oom_reaper] (root,0,0,00:00:00/35-15:10:41,45) [writeback] (root,0,0,00:01:45/35-15:10:41,46) [kcompactd0] (root,0,0,00:00:00/35-15:10:41,47) [ksmd] (root,0,0,00:01:43/35-15:10:41,48) [khugepaged] (root,0,0,00:00:00/35-15:10:41,74) [kintegrityd] (root,0,0,00:00:00/35-15:10:41,75) [kblockd] (root,0,0,00:00:00/35-15:10:41,76) [blkcg_punt_bio] (root,0,0,00:00:00/35-15:10:41,78) [tpm_dev_wq] (root,0,0,00:00:00/35-15:10:41,79) [edac-poller] (root,0,0,00:00:00/35-15:10:41,80) [devfreq_wq] (root,0,0,00:00:00/35-15:10:41,110) [watchdogd] (root,0,0,00:00:07/35-15:10:41,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/35-15:10:41,112) [kswapd0] (root,0,0,00:00:00/35-15:10:40,114) [kthrotld] (root,0,0,00:00:00/35-15:10:40,115) [mld] (root,0,0,00:00:00/35-15:10:40,116) [ipv6_addrconf] (root,0,0,00:00:15/35-15:10:40,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/35-15:10:40,122) [kstrp] (root,0,0,00:00:00/35-15:10:40,123) [zswap-shrink] (root,0,0,00:00:00/35-15:10:40,124) [kworker/u9:0] (root,0,0,00:00:00/35-15:10:40,129) [charger_manager] (root,0,0,00:00:07/35-15:10:39,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/35-15:10:39,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-15:10:39,205) [kaluad] (root,0,0,00:00:00/35-15:10:39,250) [kmpath_rdacd] (root,0,0,00:00:00/35-15:10:39,293) [kmpathd] (root,0,0,00:00:00/35-15:10:39,294) [kmpath_handlerd] (root,0,0,00:00:00/35-15:10:39,342) [ata_sff] (root,0,0,00:00:00/35-15:10:38,343) [scsi_eh_0] (root,0,0,00:00:00/35-15:10:38,344) [scsi_tmf_0] (root,0,0,00:00:00/35-15:10:38,345) [scsi_eh_1] (root,0,0,00:00:00/35-15:10:38,346) [scsi_tmf_1] (root,0,0,00:00:58/35-15:10:36,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-15:10:36,367) [ext4-rsv-conver] (root,38604,7788,00:00:46/35-15:10:24,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/35-15:10:23,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:53/35-15:10:21,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/35-15:09:47,512) /sbin/auditd (messagebus,22936,5548,00:01:28/35-15:09:47,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:51/35-15:09:47,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/35-15:09:47,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/35-15:09:46,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/35-15:09:46,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32960,00:00:40/35-15:09:32,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/35-15:09:32,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:21/35-15:09:31,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/35-15:09:31,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/35-15:09:31,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/35-15:09:31,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/35-15:09:31,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:44/35-15:09:31,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:50/35-15:09:31,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/35-15:09:31,1206) bpfilter_umh (root,26204,8212,00:00:13/35-15:09:31,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/35-15:09:31,1215) ntpd: asynchronous dns resolver (spot,293352,179972,1-20:12:48/35-15:09:31,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/35-15:09:30,1228) (sd-pam) (checkmk,48532,3192,00:00:00/35-15:09:30,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/35-15:09:30,1245) (sd-pam) (root,24216,5344,00:00:11/35-15:09:29,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/35-15:09:29,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/35-15:09:28,1354) /usr/sbin/cron -n (root,698228,81996,00:46:34/35-15:09:22,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,223680,64164,00:15:16/35-15:09:08,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/53:15,7081) [kworker/1:1-events] (root,0,0,00:00:00/01:02:23,10630) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/29-13:00:24,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:37/29-13:00:23,15391) sshd: cm-ssh (root,0,0,00:00:00/04:45:57,15974) [kworker/u8:1-flush-253:0] (postfix,24244,8228,00:00:00/01:21:49,16513) pickup -l -t fifo -u (root,35308,10072,00:00:00/19-14:29:02,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:07/19-14:29:01,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:22,17230) [kworker/1:0-ata_sff] (root,0,0,00:00:00/47:22,19051) [kworker/0:0-events] (root,6656,3488,00:00:00/00:00,23536) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,23554) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,23555) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/16:33,25607) [kworker/2:2] (root,0,0,00:00:00/02:04:14,25943) [kworker/3:1] (root,0,0,00:00:00/06:33,28071) [kworker/1:2-ata_sff] (root,0,0,00:00:00/02:32:43,29889) [kworker/3:0-events] (postfix,44628,9272,00:00:01/29-19:46:09,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:41:12,31877) [kworker/0:1-events] (root,0,0,00:00:00/24:09,32365) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-18 01:32 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836364ee432cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:18/33-12:48:09,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/33-12:48:09,2) [kthreadd] (root,0,0,00:00:00/33-12:48:09,3) [rcu_gp] (root,0,0,00:00:00/33-12:48:09,4) [rcu_par_gp] (root,0,0,00:00:00/33-12:48:09,5) [slub_flushwq] (root,0,0,00:00:00/33-12:48:09,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-12:48:09,9) [mm_percpu_wq] (root,0,0,00:00:00/33-12:48:09,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-12:48:09,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-12:48:09,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-12:48:09,13) [ksoftirqd/0] (root,0,0,01:29:03/33-12:48:09,14) [rcu_preempt] (root,0,0,00:00:12/33-12:48:09,15) [migration/0] (root,0,0,00:00:00/33-12:48:09,16) [idle_inject/0] (root,0,0,00:00:00/33-12:48:09,18) [cpuhp/0] (root,0,0,00:00:00/33-12:48:09,19) [cpuhp/1] (root,0,0,00:00:00/33-12:48:09,20) [idle_inject/1] (root,0,0,00:00:13/33-12:48:09,21) [migration/1] (root,0,0,00:00:53/33-12:48:09,22) [ksoftirqd/1] (root,0,0,00:00:00/33-12:48:09,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-12:48:09,25) [cpuhp/2] (root,0,0,00:00:00/33-12:48:09,26) [idle_inject/2] (root,0,0,00:00:10/33-12:48:09,27) [migration/2] (root,0,0,01:04:47/33-12:48:09,28) [ksoftirqd/2] (root,0,0,00:00:00/33-12:48:09,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-12:48:09,31) [cpuhp/3] (root,0,0,00:00:00/33-12:48:09,32) [idle_inject/3] (root,0,0,00:00:12/33-12:48:09,33) [migration/3] (root,0,0,00:03:01/33-12:48:09,34) [ksoftirqd/3] (root,0,0,00:00:00/33-12:48:09,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-12:48:09,39) [kdevtmpfs] (root,0,0,00:00:00/33-12:48:09,40) [netns] (root,0,0,00:00:00/33-12:48:09,41) [inet_frag_wq] (root,0,0,00:00:07/33-12:48:09,42) [kauditd] (root,0,0,00:00:00/33-12:48:09,43) [khungtaskd] (root,0,0,00:00:00/33-12:48:09,44) [oom_reaper] (root,0,0,00:00:00/33-12:48:09,45) [writeback] (root,0,0,00:01:38/33-12:48:09,46) [kcompactd0] (root,0,0,00:00:00/33-12:48:09,47) [ksmd] (root,0,0,00:01:37/33-12:48:09,48) [khugepaged] (root,0,0,00:00:00/33-12:48:09,74) [kintegrityd] (root,0,0,00:00:00/33-12:48:09,75) [kblockd] (root,0,0,00:00:00/33-12:48:09,76) [blkcg_punt_bio] (root,0,0,00:00:00/33-12:48:09,78) [tpm_dev_wq] (root,0,0,00:00:00/33-12:48:09,79) [edac-poller] (root,0,0,00:00:00/33-12:48:09,80) [devfreq_wq] (root,0,0,00:00:00/33-12:48:09,110) [watchdogd] (root,0,0,00:00:07/33-12:48:09,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/33-12:48:09,112) [kswapd0] (root,0,0,00:00:00/33-12:48:08,114) [kthrotld] (root,0,0,00:00:00/33-12:48:08,115) [mld] (root,0,0,00:00:00/33-12:48:08,116) [ipv6_addrconf] (root,0,0,00:00:14/33-12:48:08,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/33-12:48:08,122) [kstrp] (root,0,0,00:00:00/33-12:48:08,123) [zswap-shrink] (root,0,0,00:00:00/33-12:48:08,124) [kworker/u9:0] (root,0,0,00:00:00/33-12:48:08,129) [charger_manager] (root,0,0,00:00:07/33-12:48:07,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/33-12:48:07,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-12:48:07,205) [kaluad] (root,0,0,00:00:00/33-12:48:07,250) [kmpath_rdacd] (root,0,0,00:00:00/33-12:48:07,293) [kmpathd] (root,0,0,00:00:00/33-12:48:07,294) [kmpath_handlerd] (root,0,0,00:00:00/33-12:48:07,342) [ata_sff] (root,0,0,00:00:00/33-12:48:06,343) [scsi_eh_0] (root,0,0,00:00:00/33-12:48:06,344) [scsi_tmf_0] (root,0,0,00:00:00/33-12:48:06,345) [scsi_eh_1] (root,0,0,00:00:00/33-12:48:06,346) [scsi_tmf_1] (root,0,0,00:00:54/33-12:48:04,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-12:48:04,367) [ext4-rsv-conver] (root,38604,7788,00:00:44/33-12:47:52,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/33-12:47:51,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:50/33-12:47:49,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/33-12:47:15,512) /sbin/auditd (messagebus,22936,5548,00:01:25/33-12:47:15,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:49/33-12:47:15,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/33-12:47:15,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/33-12:47:14,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/33-12:47:14,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:39:48,727) [kworker/u8:2-ext4-rsv-conversion] (root,548360,32524,00:00:38/33-12:47:00,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/33-12:47:00,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:08/33-12:46:59,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/33-12:46:59,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/33-12:46:59,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/33-12:46:59,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/33-12:46:59,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:42/33-12:46:59,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:34/33-12:46:59,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/33-12:46:59,1206) bpfilter_umh (root,26204,8212,00:00:13/33-12:46:59,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/33-12:46:59,1215) ntpd: asynchronous dns resolver (spot,293608,180080,1-17:43:12/33-12:46:59,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/33-12:46:58,1228) (sd-pam) (checkmk,48532,3192,00:00:00/33-12:46:58,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/33-12:46:58,1245) (sd-pam) (root,24216,5344,00:00:11/33-12:46:57,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/33-12:46:57,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/33-12:46:56,1354) /usr/sbin/cron -n (root,697972,81828,00:43:51/33-12:46:50,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,222656,63272,00:14:25/33-12:46:36,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/41:31,3524) [kworker/2:2-events] (root,0,0,00:00:00/21:04,7957) [kworker/1:0-events] (postfix,24244,8272,00:00:00/01:00:12,13877) pickup -l -t fifo -u (root,0,0,00:00:00/05:31,13940) [kworker/1:1-ata_sff] (root,0,0,00:00:00/10:11,14111) [kworker/u8:0-flush-253:0] (root,35308,10012,00:00:00/27-10:37:52,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:31/27-10:37:51,15391) sshd: cm-ssh (root,0,0,00:00:00/00:18,16673) [kworker/1:2-ata_sff] (root,35308,10072,00:00:00/17-12:06:30,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:00/17-12:06:29,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:18:26,18088) [kworker/3:2-cgroup_destroy] (root,6656,3484,00:00:00/00:00,18795) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,18813) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,18814) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/11:50,19428) [kworker/0:2-events] (root,0,0,00:00:03/01:48:06,24863) [kworker/2:1-events] (root,0,0,00:00:01/02:10:24,29457) [kworker/3:0-events] (postfix,44628,9316,00:00:01/27-17:23:37,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/19:17,31017) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-15 23:10 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836369d1f054Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:15/31-12:51:44,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-12:51:44,2) [kthreadd] (root,0,0,00:00:00/31-12:51:44,3) [rcu_gp] (root,0,0,00:00:00/31-12:51:44,4) [rcu_par_gp] (root,0,0,00:00:00/31-12:51:44,5) [slub_flushwq] (root,0,0,00:00:00/31-12:51:44,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-12:51:44,9) [mm_percpu_wq] (root,0,0,00:00:00/31-12:51:44,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-12:51:44,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-12:51:44,12) [rcu_tasks_trace] (root,0,0,00:00:57/31-12:51:44,13) [ksoftirqd/0] (root,0,0,01:23:51/31-12:51:44,14) [rcu_preempt] (root,0,0,00:00:11/31-12:51:44,15) [migration/0] (root,0,0,00:00:00/31-12:51:44,16) [idle_inject/0] (root,0,0,00:00:00/31-12:51:44,18) [cpuhp/0] (root,0,0,00:00:00/31-12:51:44,19) [cpuhp/1] (root,0,0,00:00:00/31-12:51:44,20) [idle_inject/1] (root,0,0,00:00:12/31-12:51:44,21) [migration/1] (root,0,0,00:00:50/31-12:51:44,22) [ksoftirqd/1] (root,0,0,00:00:00/31-12:51:44,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-12:51:44,25) [cpuhp/2] (root,0,0,00:00:00/31-12:51:44,26) [idle_inject/2] (root,0,0,00:00:09/31-12:51:44,27) [migration/2] (root,0,0,01:01:43/31-12:51:44,28) [ksoftirqd/2] (root,0,0,00:00:00/31-12:51:44,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-12:51:44,31) [cpuhp/3] (root,0,0,00:00:00/31-12:51:44,32) [idle_inject/3] (root,0,0,00:00:11/31-12:51:44,33) [migration/3] (root,0,0,00:02:51/31-12:51:44,34) [ksoftirqd/3] (root,0,0,00:00:00/31-12:51:44,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-12:51:44,39) [kdevtmpfs] (root,0,0,00:00:00/31-12:51:44,40) [netns] (root,0,0,00:00:00/31-12:51:44,41) [inet_frag_wq] (root,0,0,00:00:07/31-12:51:44,42) [kauditd] (root,0,0,00:00:00/31-12:51:44,43) [khungtaskd] (root,0,0,00:00:00/31-12:51:44,44) [oom_reaper] (root,0,0,00:00:00/31-12:51:44,45) [writeback] (root,0,0,00:01:32/31-12:51:44,46) [kcompactd0] (root,0,0,00:00:00/31-12:51:44,47) [ksmd] (root,0,0,00:01:31/31-12:51:44,48) [khugepaged] (root,0,0,00:00:00/31-12:51:44,74) [kintegrityd] (root,0,0,00:00:00/31-12:51:44,75) [kblockd] (root,0,0,00:00:00/31-12:51:44,76) [blkcg_punt_bio] (root,0,0,00:00:00/31-12:51:44,78) [tpm_dev_wq] (root,0,0,00:00:00/31-12:51:44,79) [edac-poller] (root,0,0,00:00:00/31-12:51:44,80) [devfreq_wq] (root,0,0,00:00:00/31-12:51:44,110) [watchdogd] (root,0,0,00:00:06/31-12:51:44,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/31-12:51:44,112) [kswapd0] (root,0,0,00:00:00/31-12:51:43,114) [kthrotld] (root,0,0,00:00:00/31-12:51:43,115) [mld] (root,0,0,00:00:00/31-12:51:43,116) [ipv6_addrconf] (root,0,0,00:00:13/31-12:51:43,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/31-12:51:43,122) [kstrp] (root,0,0,00:00:00/31-12:51:43,123) [zswap-shrink] (root,0,0,00:00:00/31-12:51:43,124) [kworker/u9:0] (root,0,0,00:00:00/31-12:51:43,129) [charger_manager] (root,0,0,00:00:07/31-12:51:42,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/31-12:51:42,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-12:51:42,205) [kaluad] (root,0,0,00:00:00/31-12:51:42,250) [kmpath_rdacd] (root,0,0,00:00:00/31-12:51:42,293) [kmpathd] (root,0,0,00:00:00/31-12:51:42,294) [kmpath_handlerd] (root,0,0,00:00:00/31-12:51:42,342) [ata_sff] (root,0,0,00:00:00/31-12:51:41,343) [scsi_eh_0] (root,0,0,00:00:00/31-12:51:41,344) [scsi_tmf_0] (root,0,0,00:00:00/31-12:51:41,345) [scsi_eh_1] (root,0,0,00:00:00/31-12:51:41,346) [scsi_tmf_1] (root,0,0,00:00:51/31-12:51:39,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-12:51:39,367) [ext4-rsv-conver] (root,38604,7788,00:00:42/31-12:51:27,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/31-12:51:26,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:47/31-12:51:24,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:15/31-12:50:50,512) /sbin/auditd (messagebus,22936,5548,00:01:21/31-12:50:50,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:47/31-12:50:50,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/31-12:50:50,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/31-12:50:49,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/31-12:50:49,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:08:24,843) [kworker/u8:2-ext4-rsv-conversion] (root,548360,31484,00:00:35/31-12:50:35,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/31-12:50:35,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:02:55/31-12:50:34,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/31-12:50:34,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/31-12:50:34,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/31-12:50:34,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/31-12:50:34,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:40/31-12:50:34,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:17/31-12:50:34,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/31-12:50:34,1206) bpfilter_umh (root,26204,8212,00:00:12/31-12:50:34,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/31-12:50:34,1215) ntpd: asynchronous dns resolver (spot,286552,173744,1-15:27:13/31-12:50:34,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/31-12:50:33,1228) (sd-pam) (checkmk,48532,3192,00:00:00/31-12:50:33,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/31-12:50:33,1245) (sd-pam) (root,24216,5344,00:00:10/31-12:50:32,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/31-12:50:32,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/31-12:50:31,1354) /usr/sbin/cron -n (root,697972,81512,00:41:15/31-12:50:25,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,221632,61380,00:13:37/31-12:50:11,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:02/04:05:06,5886) [kworker/3:1-cgroup_destroy] (root,0,0,00:00:02/03:42:35,8787) [kworker/0:2-cgroup_destroy] (root,0,0,00:00:02/01:07:30,11542) [kworker/2:0-events] (root,0,0,00:00:00/03:22,12030) [kworker/1:0-ata_sff] (root,35308,10012,00:00:00/25-10:41:27,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:24/25-10:41:26,15391) sshd: cm-ssh (root,0,0,00:00:00/01:18:22,16327) [kworker/u8:0-writeback] (root,35308,10072,00:00:00/15-12:10:05,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:53/15-12:10:04,16977) sshd: syslogtunnel (root,0,0,00:00:00/08:34,21948) [kworker/1:1-ata_sff] (root,0,0,00:00:00/13:46,22377) [kworker/0:1-events] (root,0,0,00:00:00/13:45,23196) [kworker/1:2-events] (root,0,0,00:00:00/07:57,24430) [kworker/3:0-events] (root,0,0,00:00:00/00:22,24816) [kworker/3:2] (postfix,24244,8232,00:00:00/01:25:44,25164) pickup -l -t fifo -u (root,6656,3484,00:00:00/00:00,25667) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,25685) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,25686) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/45:07,29649) [kworker/2:2-events] (postfix,44628,9316,00:00:01/25-17:27:12,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-13 23:13 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e752050eFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:11/29-11:18:01,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-11:18:01,2) [kthreadd] (root,0,0,00:00:00/29-11:18:01,3) [rcu_gp] (root,0,0,00:00:00/29-11:18:01,4) [rcu_par_gp] (root,0,0,00:00:00/29-11:18:01,5) [slub_flushwq] (root,0,0,00:00:00/29-11:18:01,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-11:18:01,9) [mm_percpu_wq] (root,0,0,00:00:00/29-11:18:01,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-11:18:01,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-11:18:01,12) [rcu_tasks_trace] (root,0,0,00:00:52/29-11:18:01,13) [ksoftirqd/0] (root,0,0,01:18:29/29-11:18:01,14) [rcu_preempt] (root,0,0,00:00:11/29-11:18:01,15) [migration/0] (root,0,0,00:00:00/29-11:18:01,16) [idle_inject/0] (root,0,0,00:00:00/29-11:18:01,18) [cpuhp/0] (root,0,0,00:00:00/29-11:18:01,19) [cpuhp/1] (root,0,0,00:00:00/29-11:18:01,20) [idle_inject/1] (root,0,0,00:00:11/29-11:18:01,21) [migration/1] (root,0,0,00:00:45/29-11:18:01,22) [ksoftirqd/1] (root,0,0,00:00:00/29-11:18:01,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-11:18:01,25) [cpuhp/2] (root,0,0,00:00:00/29-11:18:01,26) [idle_inject/2] (root,0,0,00:00:09/29-11:18:01,27) [migration/2] (root,0,0,00:57:51/29-11:18:01,28) [ksoftirqd/2] (root,0,0,00:00:00/29-11:18:01,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-11:18:01,31) [cpuhp/3] (root,0,0,00:00:00/29-11:18:01,32) [idle_inject/3] (root,0,0,00:00:11/29-11:18:01,33) [migration/3] (root,0,0,00:02:39/29-11:18:01,34) [ksoftirqd/3] (root,0,0,00:00:00/29-11:18:01,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-11:18:01,39) [kdevtmpfs] (root,0,0,00:00:00/29-11:18:01,40) [netns] (root,0,0,00:00:00/29-11:18:01,41) [inet_frag_wq] (root,0,0,00:00:06/29-11:18:01,42) [kauditd] (root,0,0,00:00:00/29-11:18:01,43) [khungtaskd] (root,0,0,00:00:00/29-11:18:01,44) [oom_reaper] (root,0,0,00:00:00/29-11:18:01,45) [writeback] (root,0,0,00:01:26/29-11:18:01,46) [kcompactd0] (root,0,0,00:00:00/29-11:18:01,47) [ksmd] (root,0,0,00:01:25/29-11:18:01,48) [khugepaged] (root,0,0,00:00:00/29-11:18:01,74) [kintegrityd] (root,0,0,00:00:00/29-11:18:01,75) [kblockd] (root,0,0,00:00:00/29-11:18:01,76) [blkcg_punt_bio] (root,0,0,00:00:00/29-11:18:01,78) [tpm_dev_wq] (root,0,0,00:00:00/29-11:18:01,79) [edac-poller] (root,0,0,00:00:00/29-11:18:01,80) [devfreq_wq] (root,0,0,00:00:00/29-11:18:01,110) [watchdogd] (root,0,0,00:00:06/29-11:18:01,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/29-11:18:01,112) [kswapd0] (root,0,0,00:00:00/29-11:18:00,114) [kthrotld] (root,0,0,00:00:00/29-11:18:00,115) [mld] (root,0,0,00:00:00/29-11:18:00,116) [ipv6_addrconf] (root,0,0,00:00:12/29-11:18:00,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/29-11:18:00,122) [kstrp] (root,0,0,00:00:00/29-11:18:00,123) [zswap-shrink] (root,0,0,00:00:00/29-11:18:00,124) [kworker/u9:0] (root,0,0,00:00:00/29-11:18:00,129) [charger_manager] (root,0,0,00:00:06/29-11:17:59,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/29-11:17:59,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-11:17:59,205) [kaluad] (root,0,0,00:00:00/29-11:17:59,250) [kmpath_rdacd] (root,0,0,00:00:00/29-11:17:59,293) [kmpathd] (root,0,0,00:00:00/29-11:17:59,294) [kmpath_handlerd] (root,0,0,00:00:00/29-11:17:59,342) [ata_sff] (root,0,0,00:00:00/29-11:17:58,343) [scsi_eh_0] (root,0,0,00:00:00/29-11:17:58,344) [scsi_tmf_0] (root,0,0,00:00:00/29-11:17:58,345) [scsi_eh_1] (root,0,0,00:00:00/29-11:17:58,346) [scsi_tmf_1] (root,0,0,00:00:48/29-11:17:56,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-11:17:56,367) [ext4-rsv-conver] (root,38604,7788,00:00:40/29-11:17:44,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/29-11:17:43,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:44/29-11:17:41,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/29-11:17:07,512) /sbin/auditd (messagebus,22936,5548,00:01:18/29-11:17:07,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:45/29-11:17:07,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/29-11:17:07,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/29-11:17:06,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/29-11:17:06,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:33/29-11:16:52,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/29-11:16:52,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:39/29-11:16:51,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/29-11:16:51,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/29-11:16:51,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/29-11:16:51,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/29-11:16:51,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:38/29-11:16:51,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:01/29-11:16:51,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/29-11:16:51,1206) bpfilter_umh (root,26204,8212,00:00:12/29-11:16:51,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/29-11:16:51,1215) ntpd: asynchronous dns resolver (spot,291660,178828,1-12:51:55/29-11:16:51,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/29-11:16:50,1228) (sd-pam) (checkmk,48532,3192,00:00:00/29-11:16:50,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/29-11:16:50,1245) (sd-pam) (root,24216,5344,00:00:09/29-11:16:49,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/29-11:16:49,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/29-11:16:48,1354) /usr/sbin/cron -n (root,697576,81124,00:38:32/29-11:16:42,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,220608,60492,00:12:51/29-11:16:28,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/08:32:15,6101) [kworker/0:2-events] (root,0,0,00:00:00/25:08,8802) [kworker/u8:0] (root,0,0,00:00:00/02:32,14977) [kworker/1:2-ata_sff] (root,35308,10012,00:00:00/23-09:07:44,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:17/23-09:07:43,15391) sshd: cm-ssh (root,35308,10072,00:00:00/13-10:36:22,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:46/13-10:36:21,16977) sshd: syslogtunnel (root,0,0,00:00:00/04:00:34,20264) [kworker/0:1-events] (root,0,0,00:00:00/03:53:24,20750) [kworker/3:2-events] (root,0,0,00:00:00/20:44,21020) [kworker/3:1] (postfix,24244,8204,00:00:00/13:52,22540) pickup -l -t fifo -u (root,6656,3492,00:00:00/00:01,25399) /bin/bash /usr/bin/check_mk_agent (root,13744,3452,00:00:00/00:00,25417) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,25418) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:45,28266) [kworker/1:1-ata_sff] (root,0,0,00:00:06/13:37:07,29407) [kworker/1:0-events] (postfix,44628,9316,00:00:01/23-15:53:29,30472) tlsmgr -l -t unix -u (root,0,0,00:00:01/01:03:45,31583) [kworker/2:2-events] (root,0,0,00:00:00/56:44,32047) [kworker/2:0-events] (root,0,0,00:00:00/49:43,32428) [kworker/u8:2-flush-253:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-11 21:40 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683637445380bFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:08/27-11:24:31,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-11:24:31,2) [kthreadd] (root,0,0,00:00:00/27-11:24:31,3) [rcu_gp] (root,0,0,00:00:00/27-11:24:31,4) [rcu_par_gp] (root,0,0,00:00:00/27-11:24:31,5) [slub_flushwq] (root,0,0,00:00:00/27-11:24:31,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-11:24:31,9) [mm_percpu_wq] (root,0,0,00:00:00/27-11:24:31,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-11:24:31,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-11:24:31,12) [rcu_tasks_trace] (root,0,0,00:00:50/27-11:24:31,13) [ksoftirqd/0] (root,0,0,01:13:22/27-11:24:31,14) [rcu_preempt] (root,0,0,00:00:10/27-11:24:31,15) [migration/0] (root,0,0,00:00:00/27-11:24:31,16) [idle_inject/0] (root,0,0,00:00:00/27-11:24:31,18) [cpuhp/0] (root,0,0,00:00:00/27-11:24:31,19) [cpuhp/1] (root,0,0,00:00:00/27-11:24:31,20) [idle_inject/1] (root,0,0,00:00:10/27-11:24:31,21) [migration/1] (root,0,0,00:00:43/27-11:24:31,22) [ksoftirqd/1] (root,0,0,00:00:00/27-11:24:31,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-11:24:31,25) [cpuhp/2] (root,0,0,00:00:00/27-11:24:31,26) [idle_inject/2] (root,0,0,00:00:08/27-11:24:31,27) [migration/2] (root,0,0,00:55:12/27-11:24:31,28) [ksoftirqd/2] (root,0,0,00:00:00/27-11:24:31,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-11:24:31,31) [cpuhp/3] (root,0,0,00:00:00/27-11:24:31,32) [idle_inject/3] (root,0,0,00:00:10/27-11:24:31,33) [migration/3] (root,0,0,00:02:31/27-11:24:31,34) [ksoftirqd/3] (root,0,0,00:00:00/27-11:24:31,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-11:24:31,39) [kdevtmpfs] (root,0,0,00:00:00/27-11:24:31,40) [netns] (root,0,0,00:00:00/27-11:24:31,41) [inet_frag_wq] (root,0,0,00:00:06/27-11:24:31,42) [kauditd] (root,0,0,00:00:00/27-11:24:31,43) [khungtaskd] (root,0,0,00:00:00/27-11:24:31,44) [oom_reaper] (root,0,0,00:00:00/27-11:24:31,45) [writeback] (root,0,0,00:01:21/27-11:24:31,46) [kcompactd0] (root,0,0,00:00:00/27-11:24:31,47) [ksmd] (root,0,0,00:01:19/27-11:24:31,48) [khugepaged] (root,0,0,00:00:00/27-11:24:31,74) [kintegrityd] (root,0,0,00:00:00/27-11:24:31,75) [kblockd] (root,0,0,00:00:00/27-11:24:31,76) [blkcg_punt_bio] (root,0,0,00:00:00/27-11:24:31,78) [tpm_dev_wq] (root,0,0,00:00:00/27-11:24:31,79) [edac-poller] (root,0,0,00:00:00/27-11:24:31,80) [devfreq_wq] (root,0,0,00:00:00/27-11:24:31,110) [watchdogd] (root,0,0,00:00:05/27-11:24:31,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/27-11:24:31,112) [kswapd0] (root,0,0,00:00:00/27-11:24:30,114) [kthrotld] (root,0,0,00:00:00/27-11:24:30,115) [mld] (root,0,0,00:00:00/27-11:24:30,116) [ipv6_addrconf] (root,0,0,00:00:11/27-11:24:30,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/27-11:24:30,122) [kstrp] (root,0,0,00:00:00/27-11:24:30,123) [zswap-shrink] (root,0,0,00:00:00/27-11:24:30,124) [kworker/u9:0] (root,0,0,00:00:00/27-11:24:30,129) [charger_manager] (root,0,0,00:00:06/27-11:24:29,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/27-11:24:29,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-11:24:29,205) [kaluad] (root,0,0,00:00:00/27-11:24:29,250) [kmpath_rdacd] (root,0,0,00:00:00/27-11:24:29,293) [kmpathd] (root,0,0,00:00:00/27-11:24:29,294) [kmpath_handlerd] (root,0,0,00:00:00/27-11:24:29,342) [ata_sff] (root,0,0,00:00:00/27-11:24:28,343) [scsi_eh_0] (root,0,0,00:00:00/27-11:24:28,344) [scsi_tmf_0] (root,0,0,00:00:00/27-11:24:28,345) [scsi_eh_1] (root,0,0,00:00:00/27-11:24:28,346) [scsi_tmf_1] (root,0,0,00:00:44/27-11:24:26,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-11:24:26,367) [ext4-rsv-conver] (root,38604,7788,00:00:38/27-11:24:14,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/27-11:24:13,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:41/27-11:24:11,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/27-11:23:37,512) /sbin/auditd (messagebus,22936,5548,00:01:14/27-11:23:37,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8520,00:00:43/27-11:23:37,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/27-11:23:37,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/27-11:23:36,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/27-11:23:36,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:31/27-11:23:22,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/27-11:23:22,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:31/27-11:23:21,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/27-11:23:21,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/27-11:23:21,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/27-11:23:21,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/27-11:23:21,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:36/27-11:23:21,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:03:45/27-11:23:21,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/27-11:23:21,1206) bpfilter_umh (root,26204,8212,00:00:11/27-11:23:21,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/27-11:23:21,1215) ntpd: asynchronous dns resolver (spot,289928,176636,1-10:30:46/27-11:23:21,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/27-11:23:20,1228) (sd-pam) (checkmk,48532,3192,00:00:00/27-11:23:20,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/27-11:23:20,1245) (sd-pam) (root,24216,5344,00:00:09/27-11:23:19,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/27-11:23:19,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/27-11:23:18,1354) /usr/sbin/cron -n (root,697064,80528,00:35:57/27-11:23:12,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,219584,58608,00:11:31/27-11:22:58,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/38:03,1639) [kworker/3:1-events] (root,0,0,00:00:04/09:44:37,4698) [kworker/1:3-events] (root,6656,3484,00:00:00/00:00,11751) /bin/bash /usr/bin/check_mk_agent (root,13744,3388,00:00:00/00:00,11769) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,11770) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/01:26:58,14796) [kworker/2:0-events] (root,35308,10012,00:00:00/21-09:14:14,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:11/21-09:14:13,15391) sshd: cm-ssh (root,35308,10072,00:00:00/11-10:42:52,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:39/11-10:42:51,16977) sshd: syslogtunnel (root,0,0,00:00:00/03:56:04,17140) [kworker/0:1] (root,0,0,00:00:00/01:06:10,17950) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/03:34:38,18730) [kworker/0:0-events] (root,0,0,00:00:00/08:49,18759) [kworker/1:1-ata_sff] (root,0,0,00:00:00/46:38,23500) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/23:54,24438) [kworker/2:2] (postfix,24244,8164,00:00:00/42:20,24489) pickup -l -t fifo -u (root,0,0,00:00:00/03:36,29737) [kworker/1:0-ata_sff] (postfix,44628,9316,00:00:00/21-15:59:59,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/30:58,32261) [kworker/3:0-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-09 21:46 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d895244aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12816,00:01:04/25-11:24:33,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-11:24:33,2) [kthreadd] (root,0,0,00:00:00/25-11:24:33,3) [rcu_gp] (root,0,0,00:00:00/25-11:24:33,4) [rcu_par_gp] (root,0,0,00:00:00/25-11:24:33,5) [slub_flushwq] (root,0,0,00:00:00/25-11:24:33,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-11:24:33,9) [mm_percpu_wq] (root,0,0,00:00:00/25-11:24:33,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-11:24:33,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-11:24:33,12) [rcu_tasks_trace] (root,0,0,00:00:46/25-11:24:33,13) [ksoftirqd/0] (root,0,0,01:08:04/25-11:24:33,14) [rcu_preempt] (root,0,0,00:00:09/25-11:24:33,15) [migration/0] (root,0,0,00:00:00/25-11:24:33,16) [idle_inject/0] (root,0,0,00:00:00/25-11:24:33,18) [cpuhp/0] (root,0,0,00:00:00/25-11:24:33,19) [cpuhp/1] (root,0,0,00:00:00/25-11:24:33,20) [idle_inject/1] (root,0,0,00:00:10/25-11:24:33,21) [migration/1] (root,0,0,00:00:40/25-11:24:33,22) [ksoftirqd/1] (root,0,0,00:00:00/25-11:24:33,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-11:24:33,25) [cpuhp/2] (root,0,0,00:00:00/25-11:24:33,26) [idle_inject/2] (root,0,0,00:00:08/25-11:24:33,27) [migration/2] (root,0,0,00:51:53/25-11:24:33,28) [ksoftirqd/2] (root,0,0,00:00:00/25-11:24:33,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-11:24:33,31) [cpuhp/3] (root,0,0,00:00:00/25-11:24:33,32) [idle_inject/3] (root,0,0,00:00:09/25-11:24:33,33) [migration/3] (root,0,0,00:02:20/25-11:24:33,34) [ksoftirqd/3] (root,0,0,00:00:00/25-11:24:33,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-11:24:33,39) [kdevtmpfs] (root,0,0,00:00:00/25-11:24:33,40) [netns] (root,0,0,00:00:00/25-11:24:33,41) [inet_frag_wq] (root,0,0,00:00:06/25-11:24:33,42) [kauditd] (root,0,0,00:00:00/25-11:24:33,43) [khungtaskd] (root,0,0,00:00:00/25-11:24:33,44) [oom_reaper] (root,0,0,00:00:00/25-11:24:33,45) [writeback] (root,0,0,00:01:14/25-11:24:33,46) [kcompactd0] (root,0,0,00:00:00/25-11:24:33,47) [ksmd] (root,0,0,00:01:13/25-11:24:33,48) [khugepaged] (root,0,0,00:00:00/25-11:24:33,74) [kintegrityd] (root,0,0,00:00:00/25-11:24:33,75) [kblockd] (root,0,0,00:00:00/25-11:24:33,76) [blkcg_punt_bio] (root,0,0,00:00:00/25-11:24:33,78) [tpm_dev_wq] (root,0,0,00:00:00/25-11:24:33,79) [edac-poller] (root,0,0,00:00:00/25-11:24:33,80) [devfreq_wq] (root,0,0,00:00:00/25-11:24:33,110) [watchdogd] (root,0,0,00:00:05/25-11:24:33,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/25-11:24:33,112) [kswapd0] (root,0,0,00:00:00/25-11:24:32,114) [kthrotld] (root,0,0,00:00:00/25-11:24:32,115) [mld] (root,0,0,00:00:00/25-11:24:32,116) [ipv6_addrconf] (root,0,0,00:00:10/25-11:24:32,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/25-11:24:32,122) [kstrp] (root,0,0,00:00:00/25-11:24:32,123) [zswap-shrink] (root,0,0,00:00:00/25-11:24:32,124) [kworker/u9:0] (root,0,0,00:00:00/25-11:24:32,129) [charger_manager] (root,0,0,00:00:05/25-11:24:31,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/25-11:24:31,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-11:24:31,205) [kaluad] (root,0,0,00:00:00/25-11:24:31,250) [kmpath_rdacd] (root,0,0,00:00:00/25-11:24:31,293) [kmpathd] (root,0,0,00:00:00/25-11:24:31,294) [kmpath_handlerd] (root,0,0,00:00:00/25-11:24:31,342) [ata_sff] (root,0,0,00:00:00/25-11:24:30,343) [scsi_eh_0] (root,0,0,00:00:00/25-11:24:30,344) [scsi_tmf_0] (root,0,0,00:00:00/25-11:24:30,345) [scsi_eh_1] (root,0,0,00:00:00/25-11:24:30,346) [scsi_tmf_1] (root,0,0,00:00:40/25-11:24:28,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-11:24:28,367) [ext4-rsv-conver] (root,38604,7876,00:00:36/25-11:24:16,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:03/25-11:24:15,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:38/25-11:24:13,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:13/25-11:23:39,512) /sbin/auditd (messagebus,22936,5640,00:01:10/25-11:23:39,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:40/25-11:23:39,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/25-11:23:39,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/25-11:23:38,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/25-11:23:38,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,30844,00:00:29/25-11:23:24,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/25-11:23:24,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:18/25-11:23:23,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/25-11:23:23,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/25-11:23:23,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/25-11:23:23,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/25-11:23:23,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:34/25-11:23:23,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:28/25-11:23:23,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/25-11:23:23,1206) bpfilter_umh (root,26204,8300,00:00:11/25-11:23:23,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/25-11:23:23,1215) ntpd: asynchronous dns resolver (spot,301760,188344,1-07:57:03/25-11:23:23,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/25-11:23:22,1228) (sd-pam) (checkmk,48532,3192,00:00:00/25-11:23:22,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/25-11:23:22,1245) (sd-pam) (root,24216,5348,00:00:08/25-11:23:21,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/25-11:23:21,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/25-11:23:20,1354) /usr/sbin/cron -n (root,694116,77804,00:33:19/25-11:23:14,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,218560,57720,00:10:06/25-11:23:00,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/36:20,1652) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/01:16:30,6276) [kworker/3:1] (root,0,0,00:00:00/00:24,7406) [kworker/1:2-ata_sff] (postfix,24244,8216,00:00:00/01:03:17,9556) pickup -l -t fifo -u (root,6656,3476,00:00:00/00:00,9600) /bin/bash /usr/bin/check_mk_agent (root,13744,3496,00:00:00/00:00,9618) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,9619) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/15:54,9651) [kworker/2:0-events] (root,0,0,00:00:00/42:48,15018) [kworker/0:2-events] (root,35308,10012,00:00:00/19-09:14:16,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:04/19-09:14:15,15391) sshd: cm-ssh (root,35308,10072,00:00:00/9-10:42:54,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:32/9-10:42:53,16977) sshd: syslogtunnel (root,0,0,00:00:00/07:16:44,17512) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/05:41:34,18263) [kworker/3:2-events] (root,0,0,00:00:00/09:03,19596) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:03/04:27:08,21123) [kworker/2:1-events] (root,0,0,00:00:00/05:37,22594) [kworker/1:0-ata_sff] (postfix,44628,9372,00:00:00/19-16:00:01,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:44:10,31732) [kworker/1:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-07 21:46 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639ab714bcFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12808,00:01:00/23-12:09:44,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-12:09:44,2) [kthreadd] (root,0,0,00:00:00/23-12:09:44,3) [rcu_gp] (root,0,0,00:00:00/23-12:09:44,4) [rcu_par_gp] (root,0,0,00:00:00/23-12:09:44,5) [slub_flushwq] (root,0,0,00:00:00/23-12:09:44,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-12:09:44,9) [mm_percpu_wq] (root,0,0,00:00:00/23-12:09:44,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-12:09:44,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-12:09:44,12) [rcu_tasks_trace] (root,0,0,00:00:42/23-12:09:44,13) [ksoftirqd/0] (root,0,0,01:02:35/23-12:09:44,14) [rcu_preempt] (root,0,0,00:00:08/23-12:09:44,15) [migration/0] (root,0,0,00:00:00/23-12:09:44,16) [idle_inject/0] (root,0,0,00:00:00/23-12:09:44,18) [cpuhp/0] (root,0,0,00:00:00/23-12:09:44,19) [cpuhp/1] (root,0,0,00:00:00/23-12:09:44,20) [idle_inject/1] (root,0,0,00:00:09/23-12:09:44,21) [migration/1] (root,0,0,00:00:37/23-12:09:44,22) [ksoftirqd/1] (root,0,0,00:00:00/23-12:09:44,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-12:09:44,25) [cpuhp/2] (root,0,0,00:00:00/23-12:09:44,26) [idle_inject/2] (root,0,0,00:00:07/23-12:09:44,27) [migration/2] (root,0,0,00:47:20/23-12:09:44,28) [ksoftirqd/2] (root,0,0,00:00:00/23-12:09:44,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-12:09:44,31) [cpuhp/3] (root,0,0,00:00:00/23-12:09:44,32) [idle_inject/3] (root,0,0,00:00:08/23-12:09:44,33) [migration/3] (root,0,0,00:02:09/23-12:09:44,34) [ksoftirqd/3] (root,0,0,00:00:00/23-12:09:44,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-12:09:44,39) [kdevtmpfs] (root,0,0,00:00:00/23-12:09:44,40) [netns] (root,0,0,00:00:00/23-12:09:44,41) [inet_frag_wq] (root,0,0,00:00:05/23-12:09:44,42) [kauditd] (root,0,0,00:00:00/23-12:09:44,43) [khungtaskd] (root,0,0,00:00:00/23-12:09:44,44) [oom_reaper] (root,0,0,00:00:00/23-12:09:44,45) [writeback] (root,0,0,00:01:08/23-12:09:44,46) [kcompactd0] (root,0,0,00:00:00/23-12:09:44,47) [ksmd] (root,0,0,00:01:07/23-12:09:44,48) [khugepaged] (root,0,0,00:00:00/23-12:09:44,74) [kintegrityd] (root,0,0,00:00:00/23-12:09:44,75) [kblockd] (root,0,0,00:00:00/23-12:09:44,76) [blkcg_punt_bio] (root,0,0,00:00:00/23-12:09:44,78) [tpm_dev_wq] (root,0,0,00:00:00/23-12:09:44,79) [edac-poller] (root,0,0,00:00:00/23-12:09:44,80) [devfreq_wq] (root,0,0,00:00:00/23-12:09:44,110) [watchdogd] (root,0,0,00:00:04/23-12:09:44,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/23-12:09:44,112) [kswapd0] (root,0,0,00:00:00/23-12:09:43,114) [kthrotld] (root,0,0,00:00:00/23-12:09:43,115) [mld] (root,0,0,00:00:00/23-12:09:43,116) [ipv6_addrconf] (root,0,0,00:00:10/23-12:09:43,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/23-12:09:43,122) [kstrp] (root,0,0,00:00:00/23-12:09:43,123) [zswap-shrink] (root,0,0,00:00:00/23-12:09:43,124) [kworker/u9:0] (root,0,0,00:00:00/23-12:09:43,129) [charger_manager] (root,0,0,00:00:05/23-12:09:42,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/23-12:09:42,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-12:09:42,205) [kaluad] (root,0,0,00:00:00/23-12:09:42,250) [kmpath_rdacd] (root,0,0,00:00:00/23-12:09:42,293) [kmpathd] (root,0,0,00:00:00/23-12:09:42,294) [kmpath_handlerd] (root,0,0,00:00:00/23-12:09:42,342) [ata_sff] (root,0,0,00:00:00/23-12:09:41,343) [scsi_eh_0] (root,0,0,00:00:00/23-12:09:41,344) [scsi_tmf_0] (root,0,0,00:00:00/23-12:09:41,345) [scsi_eh_1] (root,0,0,00:00:00/23-12:09:41,346) [scsi_tmf_1] (root,0,0,00:00:36/23-12:09:39,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-12:09:39,367) [ext4-rsv-conver] (root,38604,7876,00:00:33/23-12:09:27,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/23-12:09:26,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:35/23-12:09:24,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:12/23-12:08:50,512) /sbin/auditd (messagebus,22936,5640,00:01:06/23-12:08:50,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:38/23-12:08:50,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/23-12:08:50,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/23-12:08:49,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/23-12:08:49,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,30324,00:00:26/23-12:08:35,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/23-12:08:35,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:07/23-12:08:34,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/23-12:08:34,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/23-12:08:34,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/23-12:08:34,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/23-12:08:34,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:32/23-12:08:34,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:11/23-12:08:34,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/23-12:08:34,1206) bpfilter_umh (root,26204,8300,00:00:10/23-12:08:34,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/23-12:08:34,1215) ntpd: asynchronous dns resolver (spot,285452,172720,1-05:33:31/23-12:08:34,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/23-12:08:33,1228) (sd-pam) (checkmk,48532,3192,00:00:00/23-12:08:33,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/23-12:08:33,1245) (sd-pam) (root,24216,5348,00:00:07/23-12:08:32,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/23-12:08:32,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/23-12:08:31,1354) /usr/sbin/cron -n (root,693860,77148,00:30:39/23-12:08:25,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,55844,00:08:40/23-12:08:11,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/06:51,4164) [kworker/1:0-ata_sff] (root,0,0,00:00:00/26:20,6049) [kworker/0:0] (root,0,0,00:00:00/03:37:26,6466) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/01:00:09,7973) [kworker/0:1-events] (root,35308,10012,00:00:00/17-09:59:27,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:58/17-09:59:26,15391) sshd: cm-ssh (root,0,0,00:00:00/39:47,15454) [kworker/3:0] (root,0,0,00:00:00/12:46,16186) [kworker/2:2] (root,0,0,00:00:00/02:53:47,16672) [kworker/3:2-events] (root,35308,10072,00:00:00/7-11:28:05,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:25/7-11:28:04,16977) sshd: syslogtunnel (root,0,0,00:00:00/03:23,17043) [kworker/u8:1-flush-253:0] (root,0,0,00:00:02/02:40:26,21755) [kworker/2:0-events] (root,0,0,00:00:00/01:39,21800) [kworker/1:1-ata_sff] (root,0,0,00:00:00/31:23,22020) [kworker/u8:2-ext4-rsv-conversion] (postfix,24244,8160,00:00:00/30:12,28146) pickup -l -t fifo -u (root,6656,3488,00:00:00/00:00,28166) /bin/bash /usr/bin/check_mk_agent (root,13744,3452,00:00:00/00:00,28184) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,28185) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:14:18,30106) [kworker/1:2-events] (postfix,44628,9372,00:00:00/17-16:45:12,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-05 22:31 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836369114294Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12808,00:00:57/21-13:37:17,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-13:37:17,2) [kthreadd] (root,0,0,00:00:00/21-13:37:17,3) [rcu_gp] (root,0,0,00:00:00/21-13:37:17,4) [rcu_par_gp] (root,0,0,00:00:00/21-13:37:17,5) [slub_flushwq] (root,0,0,00:00:00/21-13:37:17,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-13:37:17,9) [mm_percpu_wq] (root,0,0,00:00:00/21-13:37:17,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-13:37:17,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-13:37:17,12) [rcu_tasks_trace] (root,0,0,00:00:39/21-13:37:17,13) [ksoftirqd/0] (root,0,0,00:57:24/21-13:37:17,14) [rcu_preempt] (root,0,0,00:00:08/21-13:37:17,15) [migration/0] (root,0,0,00:00:00/21-13:37:17,16) [idle_inject/0] (root,0,0,00:00:00/21-13:37:17,18) [cpuhp/0] (root,0,0,00:00:00/21-13:37:17,19) [cpuhp/1] (root,0,0,00:00:00/21-13:37:17,20) [idle_inject/1] (root,0,0,00:00:08/21-13:37:17,21) [migration/1] (root,0,0,00:00:34/21-13:37:17,22) [ksoftirqd/1] (root,0,0,00:00:00/21-13:37:17,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-13:37:17,25) [cpuhp/2] (root,0,0,00:00:00/21-13:37:17,26) [idle_inject/2] (root,0,0,00:00:06/21-13:37:17,27) [migration/2] (root,0,0,00:43:35/21-13:37:17,28) [ksoftirqd/2] (root,0,0,00:00:00/21-13:37:17,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-13:37:17,31) [cpuhp/3] (root,0,0,00:00:00/21-13:37:17,32) [idle_inject/3] (root,0,0,00:00:08/21-13:37:17,33) [migration/3] (root,0,0,00:02:00/21-13:37:17,34) [ksoftirqd/3] (root,0,0,00:00:00/21-13:37:17,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-13:37:17,39) [kdevtmpfs] (root,0,0,00:00:00/21-13:37:17,40) [netns] (root,0,0,00:00:00/21-13:37:17,41) [inet_frag_wq] (root,0,0,00:00:05/21-13:37:17,42) [kauditd] (root,0,0,00:00:00/21-13:37:17,43) [khungtaskd] (root,0,0,00:00:00/21-13:37:17,44) [oom_reaper] (root,0,0,00:00:00/21-13:37:17,45) [writeback] (root,0,0,00:01:03/21-13:37:17,46) [kcompactd0] (root,0,0,00:00:00/21-13:37:17,47) [ksmd] (root,0,0,00:01:02/21-13:37:17,48) [khugepaged] (root,0,0,00:00:00/21-13:37:17,74) [kintegrityd] (root,0,0,00:00:00/21-13:37:17,75) [kblockd] (root,0,0,00:00:00/21-13:37:17,76) [blkcg_punt_bio] (root,0,0,00:00:00/21-13:37:17,78) [tpm_dev_wq] (root,0,0,00:00:00/21-13:37:17,79) [edac-poller] (root,0,0,00:00:00/21-13:37:17,80) [devfreq_wq] (root,0,0,00:00:00/21-13:37:17,110) [watchdogd] (root,0,0,00:00:04/21-13:37:17,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/21-13:37:17,112) [kswapd0] (root,0,0,00:00:00/21-13:37:16,114) [kthrotld] (root,0,0,00:00:00/21-13:37:16,115) [mld] (root,0,0,00:00:00/21-13:37:16,116) [ipv6_addrconf] (root,0,0,00:00:09/21-13:37:16,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/21-13:37:16,122) [kstrp] (root,0,0,00:00:00/21-13:37:16,123) [zswap-shrink] (root,0,0,00:00:00/21-13:37:16,124) [kworker/u9:0] (root,0,0,00:00:00/21-13:37:16,129) [charger_manager] (root,0,0,00:00:04/21-13:37:15,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/21-13:37:15,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-13:37:15,205) [kaluad] (root,0,0,00:00:00/21-13:37:15,250) [kmpath_rdacd] (root,0,0,00:00:00/21-13:37:15,293) [kmpathd] (root,0,0,00:00:00/21-13:37:15,294) [kmpath_handlerd] (root,0,0,00:00:00/21-13:37:15,342) [ata_sff] (root,0,0,00:00:00/21-13:37:14,343) [scsi_eh_0] (root,0,0,00:00:00/21-13:37:14,344) [scsi_tmf_0] (root,0,0,00:00:00/21-13:37:14,345) [scsi_eh_1] (root,0,0,00:00:00/21-13:37:14,346) [scsi_tmf_1] (root,0,0,00:00:33/21-13:37:12,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-13:37:12,367) [ext4-rsv-conver] (root,38604,7876,00:00:31/21-13:37:00,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/21-13:36:59,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:32/21-13:36:57,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:11/21-13:36:23,512) /sbin/auditd (messagebus,22936,5640,00:01:03/21-13:36:23,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:36/21-13:36:23,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/21-13:36:23,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/21-13:36:22,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/21-13:36:22,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29804,00:00:24/21-13:36:08,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/21-13:36:08,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:59/21-13:36:07,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/21-13:36:07,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/21-13:36:07,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/21-13:36:07,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/21-13:36:07,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:30/21-13:36:07,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:02:55/21-13:36:07,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/21-13:36:07,1206) bpfilter_umh (root,26204,8300,00:00:09/21-13:36:07,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/21-13:36:07,1215) ntpd: asynchronous dns resolver (spot,285884,172048,1-03:16:44/21-13:36:07,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/21-13:36:06,1228) (sd-pam) (checkmk,48532,3192,00:00:00/21-13:36:06,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/21-13:36:06,1245) (sd-pam) (root,24216,5348,00:00:07/21-13:36:05,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/21-13:36:05,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/21-13:36:04,1354) /usr/sbin/cron -n (root,693604,76796,00:28:04/21-13:35:58,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,216512,54956,00:07:23/21-13:35:44,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:02/02:18:00,1511) [kworker/2:0-events] (root,0,0,00:00:00/50:43,3242) [kworker/1:2-events] (root,0,0,00:00:00/16:01,3967) [kworker/0:1-events] (postfix,24244,8180,00:00:00/39:35,7480) pickup -l -t fifo -u (root,0,0,00:00:00/22:19,9645) [kworker/2:1] (root,0,0,00:00:00/04:03,11851) [kworker/1:1-ata_sff] (root,35308,10012,00:00:00/15-11:27:00,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:51/15-11:26:59,15391) sshd: cm-ssh (root,0,0,00:00:00/28:39,15943) [kworker/3:2-events] (root,35308,10072,00:00:00/5-12:55:38,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:19/5-12:55:37,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:07:40,20180) [kworker/0:0-events] (root,0,0,00:00:00/01:14:26,27154) [kworker/u8:0-writeback] (root,0,0,00:00:00/04:12:17,28374) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/09:14,28466) [kworker/1:0-ata_sff] (root,6656,3488,00:00:00/00:00,30109) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,30239) /bin/bash /usr/bin/check_mk_agent (root,6656,3476,00:00:00/00:00,30244) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,30282) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,30283) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:02/08:08:34,30433) [kworker/3:1-events] (postfix,44628,9372,00:00:00/15-18:12:45,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-03 23:59 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c7045ce4Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12828,00:00:53/19-12:49:03,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-12:49:03,2) [kthreadd] (root,0,0,00:00:00/19-12:49:03,3) [rcu_gp] (root,0,0,00:00:00/19-12:49:03,4) [rcu_par_gp] (root,0,0,00:00:00/19-12:49:03,5) [slub_flushwq] (root,0,0,00:00:00/19-12:49:03,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-12:49:03,9) [mm_percpu_wq] (root,0,0,00:00:00/19-12:49:03,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-12:49:03,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-12:49:03,12) [rcu_tasks_trace] (root,0,0,00:00:35/19-12:49:03,13) [ksoftirqd/0] (root,0,0,00:52:03/19-12:49:03,14) [rcu_preempt] (root,0,0,00:00:07/19-12:49:03,15) [migration/0] (root,0,0,00:00:00/19-12:49:03,16) [idle_inject/0] (root,0,0,00:00:00/19-12:49:03,18) [cpuhp/0] (root,0,0,00:00:00/19-12:49:03,19) [cpuhp/1] (root,0,0,00:00:00/19-12:49:03,20) [idle_inject/1] (root,0,0,00:00:07/19-12:49:03,21) [migration/1] (root,0,0,00:00:31/19-12:49:03,22) [ksoftirqd/1] (root,0,0,00:00:00/19-12:49:03,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-12:49:03,25) [cpuhp/2] (root,0,0,00:00:00/19-12:49:03,26) [idle_inject/2] (root,0,0,00:00:06/19-12:49:03,27) [migration/2] (root,0,0,00:38:53/19-12:49:03,28) [ksoftirqd/2] (root,0,0,00:00:00/19-12:49:03,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-12:49:03,31) [cpuhp/3] (root,0,0,00:00:00/19-12:49:03,32) [idle_inject/3] (root,0,0,00:00:07/19-12:49:03,33) [migration/3] (root,0,0,00:01:48/19-12:49:03,34) [ksoftirqd/3] (root,0,0,00:00:00/19-12:49:03,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-12:49:03,39) [kdevtmpfs] (root,0,0,00:00:00/19-12:49:03,40) [netns] (root,0,0,00:00:00/19-12:49:03,41) [inet_frag_wq] (root,0,0,00:00:05/19-12:49:03,42) [kauditd] (root,0,0,00:00:00/19-12:49:03,43) [khungtaskd] (root,0,0,00:00:00/19-12:49:03,44) [oom_reaper] (root,0,0,00:00:00/19-12:49:03,45) [writeback] (root,0,0,00:00:56/19-12:49:03,46) [kcompactd0] (root,0,0,00:00:00/19-12:49:03,47) [ksmd] (root,0,0,00:00:57/19-12:49:03,48) [khugepaged] (root,0,0,00:00:00/19-12:49:03,74) [kintegrityd] (root,0,0,00:00:00/19-12:49:03,75) [kblockd] (root,0,0,00:00:00/19-12:49:03,76) [blkcg_punt_bio] (root,0,0,00:00:00/19-12:49:03,78) [tpm_dev_wq] (root,0,0,00:00:00/19-12:49:03,79) [edac-poller] (root,0,0,00:00:00/19-12:49:03,80) [devfreq_wq] (root,0,0,00:00:00/19-12:49:03,110) [watchdogd] (root,0,0,00:00:03/19-12:49:03,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/19-12:49:03,112) [kswapd0] (root,0,0,00:00:00/19-12:49:02,114) [kthrotld] (root,0,0,00:00:00/19-12:49:02,115) [mld] (root,0,0,00:00:00/19-12:49:02,116) [ipv6_addrconf] (root,0,0,00:00:08/19-12:49:02,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/19-12:49:02,122) [kstrp] (root,0,0,00:00:00/19-12:49:02,123) [zswap-shrink] (root,0,0,00:00:00/19-12:49:02,124) [kworker/u9:0] (root,0,0,00:00:00/19-12:49:02,129) [charger_manager] (root,0,0,00:00:04/19-12:49:01,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/19-12:49:01,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-12:49:01,205) [kaluad] (root,0,0,00:00:00/19-12:49:01,250) [kmpath_rdacd] (root,0,0,00:00:00/19-12:49:01,293) [kmpathd] (root,0,0,00:00:00/19-12:49:01,294) [kmpath_handlerd] (root,0,0,00:00:00/19-12:49:01,342) [ata_sff] (root,0,0,00:00:00/19-12:49:00,343) [scsi_eh_0] (root,0,0,00:00:00/19-12:49:00,344) [scsi_tmf_0] (root,0,0,00:00:00/19-12:49:00,345) [scsi_eh_1] (root,0,0,00:00:00/19-12:49:00,346) [scsi_tmf_1] (root,0,0,00:00:29/19-12:48:58,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-12:48:58,367) [ext4-rsv-conver] (root,38604,7876,00:00:29/19-12:48:46,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/19-12:48:45,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:29/19-12:48:43,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:10/19-12:48:09,512) /sbin/auditd (messagebus,22936,5672,00:00:58/19-12:48:09,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:33/19-12:48:09,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/19-12:48:09,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/19-12:48:08,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/19-12:48:08,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29812,00:00:22/19-12:47:54,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/19-12:47:54,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:47/19-12:47:53,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/19-12:47:53,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/19-12:47:53,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/19-12:47:53,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/19-12:47:53,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:28/19-12:47:53,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:39/19-12:47:53,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/19-12:47:53,1206) bpfilter_umh (root,26204,8300,00:00:09/19-12:47:53,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/19-12:47:53,1215) ntpd: asynchronous dns resolver (spot,284844,171788,1-01:00:33/19-12:47:53,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/19-12:47:52,1228) (sd-pam) (checkmk,48532,3192,00:00:00/19-12:47:52,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/19-12:47:52,1245) (sd-pam) (root,24216,5348,00:00:06/19-12:47:51,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/19-12:47:51,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/19-12:47:50,1354) /usr/sbin/cron -n (root,692836,75756,00:25:22/19-12:47:44,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,215488,53048,00:06:33/19-12:47:30,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/02:48,1389) [kworker/1:2-ata_sff] (root,0,0,00:00:00/01:02:50,3881) [kworker/0:0] (root,0,0,00:00:01/04:50:27,3898) [kworker/3:2-events] (root,0,0,00:00:00/01:21:41,5253) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/44:43,5674) [kworker/3:1] (root,0,0,00:00:00/44:20,7240) [kworker/1:1-events] (root,6656,3488,00:00:00/00:00,7868) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,7886) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,7887) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10012,00:00:00/13-10:38:46,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:44/13-10:38:45,15391) sshd: cm-ssh (root,0,0,00:00:00/08:00,16031) [kworker/1:0-ata_sff] (root,35308,10072,00:00:00/3-12:07:24,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:12/3-12:07:23,16977) sshd: syslogtunnel (root,0,0,00:00:00/04:00:42,17740) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:02/02:34:55,19370) [kworker/2:0-events] (root,0,0,00:00:00/07:13,21913) [kworker/2:2-events] (postfix,24244,8204,00:00:00/12:19,22577) pickup -l -t fifo -u (root,0,0,00:00:00/01:15:05,26126) [kworker/0:2-events] (postfix,44628,9416,00:00:00/13-17:24:31,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-01 23:11 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633d976f0eFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:49/17-13:13:57,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-13:13:57,2) [kthreadd] (root,0,0,00:00:00/17-13:13:57,3) [rcu_gp] (root,0,0,00:00:00/17-13:13:57,4) [rcu_par_gp] (root,0,0,00:00:00/17-13:13:57,5) [slub_flushwq] (root,0,0,00:00:00/17-13:13:57,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-13:13:57,9) [mm_percpu_wq] (root,0,0,00:00:00/17-13:13:57,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-13:13:57,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-13:13:57,12) [rcu_tasks_trace] (root,0,0,00:00:32/17-13:13:57,13) [ksoftirqd/0] (root,0,0,00:46:59/17-13:13:57,14) [rcu_preempt] (root,0,0,00:00:06/17-13:13:57,15) [migration/0] (root,0,0,00:00:00/17-13:13:57,16) [idle_inject/0] (root,0,0,00:00:00/17-13:13:57,18) [cpuhp/0] (root,0,0,00:00:00/17-13:13:57,19) [cpuhp/1] (root,0,0,00:00:00/17-13:13:57,20) [idle_inject/1] (root,0,0,00:00:07/17-13:13:57,21) [migration/1] (root,0,0,00:00:28/17-13:13:57,22) [ksoftirqd/1] (root,0,0,00:00:00/17-13:13:57,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-13:13:57,25) [cpuhp/2] (root,0,0,00:00:00/17-13:13:57,26) [idle_inject/2] (root,0,0,00:00:05/17-13:13:57,27) [migration/2] (root,0,0,00:35:46/17-13:13:57,28) [ksoftirqd/2] (root,0,0,00:00:00/17-13:13:57,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-13:13:57,31) [cpuhp/3] (root,0,0,00:00:00/17-13:13:57,32) [idle_inject/3] (root,0,0,00:00:06/17-13:13:57,33) [migration/3] (root,0,0,00:01:39/17-13:13:57,34) [ksoftirqd/3] (root,0,0,00:00:00/17-13:13:57,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-13:13:57,39) [kdevtmpfs] (root,0,0,00:00:00/17-13:13:57,40) [netns] (root,0,0,00:00:00/17-13:13:57,41) [inet_frag_wq] (root,0,0,00:00:04/17-13:13:57,42) [kauditd] (root,0,0,00:00:00/17-13:13:57,43) [khungtaskd] (root,0,0,00:00:00/17-13:13:57,44) [oom_reaper] (root,0,0,00:00:00/17-13:13:57,45) [writeback] (root,0,0,00:00:51/17-13:13:57,46) [kcompactd0] (root,0,0,00:00:00/17-13:13:57,47) [ksmd] (root,0,0,00:00:51/17-13:13:57,48) [khugepaged] (root,0,0,00:00:00/17-13:13:57,74) [kintegrityd] (root,0,0,00:00:00/17-13:13:57,75) [kblockd] (root,0,0,00:00:00/17-13:13:57,76) [blkcg_punt_bio] (root,0,0,00:00:00/17-13:13:57,78) [tpm_dev_wq] (root,0,0,00:00:00/17-13:13:57,79) [edac-poller] (root,0,0,00:00:00/17-13:13:57,80) [devfreq_wq] (root,0,0,00:00:00/17-13:13:57,110) [watchdogd] (root,0,0,00:00:03/17-13:13:57,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/17-13:13:57,112) [kswapd0] (root,0,0,00:00:00/17-13:13:56,114) [kthrotld] (root,0,0,00:00:00/17-13:13:56,115) [mld] (root,0,0,00:00:00/17-13:13:56,116) [ipv6_addrconf] (root,0,0,00:00:07/17-13:13:56,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/17-13:13:56,122) [kstrp] (root,0,0,00:00:00/17-13:13:56,123) [zswap-shrink] (root,0,0,00:00:00/17-13:13:56,124) [kworker/u9:0] (root,0,0,00:00:00/17-13:13:56,129) [charger_manager] (root,0,0,00:00:03/17-13:13:55,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/17-13:13:55,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-13:13:55,205) [kaluad] (root,0,0,00:00:00/17-13:13:55,250) [kmpath_rdacd] (root,0,0,00:00:00/17-13:13:55,293) [kmpathd] (root,0,0,00:00:00/17-13:13:55,294) [kmpath_handlerd] (root,0,0,00:00:00/17-13:13:55,342) [ata_sff] (root,0,0,00:00:00/17-13:13:54,343) [scsi_eh_0] (root,0,0,00:00:00/17-13:13:54,344) [scsi_tmf_0] (root,0,0,00:00:00/17-13:13:54,345) [scsi_eh_1] (root,0,0,00:00:00/17-13:13:54,346) [scsi_tmf_1] (root,0,0,00:00:26/17-13:13:52,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-13:13:52,367) [ext4-rsv-conver] (root,38604,7876,00:00:27/17-13:13:40,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/17-13:13:39,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:26/17-13:13:37,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:10/17-13:13:03,512) /sbin/auditd (messagebus,22936,5672,00:00:54/17-13:13:03,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:31/17-13:13:03,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/17-13:13:03,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/17-13:13:02,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/17-13:13:02,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,29016,00:00:19/17-13:12:48,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/17-13:12:48,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:36/17-13:12:47,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/17-13:12:47,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/17-13:12:47,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/17-13:12:47,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/17-13:12:47,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:26/17-13:12:47,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:22/17-13:12:47,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/17-13:12:47,1206) bpfilter_umh (root,26204,8300,00:00:08/17-13:12:47,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/17-13:12:47,1215) ntpd: asynchronous dns resolver (spot,285292,171900,23:05:00/17-13:12:47,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/17-13:12:46,1228) (sd-pam) (checkmk,48532,3192,00:00:00/17-13:12:46,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/17-13:12:46,1245) (sd-pam) (root,24216,5348,00:00:05/17-13:12:45,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/17-13:12:45,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/17-13:12:44,1354) /usr/sbin/cron -n (root,692236,75412,00:22:48/17-13:12:38,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,214464,51012,00:05:52/17-13:12:24,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:03/02:30:42,3299) [kworker/2:0-events] (root,0,0,00:00:00/40:09,6422) [kworker/0:2-events] (postfix,24244,8240,00:00:00/59:05,9878) pickup -l -t fifo -u (root,0,0,00:00:00/01:48,11512) [kworker/1:0-ata_sff] (root,0,0,00:00:00/06:59,12034) [kworker/1:1-ata_sff] (root,35308,10012,00:00:00/11-11:03:40,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:38/11-11:03:39,15391) sshd: cm-ssh (root,35308,10072,00:00:00/1-12:32:18,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:05/1-12:32:17,16977) sshd: syslogtunnel (root,0,0,00:00:00/27:43,19748) [kworker/2:2-events] (root,0,0,00:00:03/04:57:32,19752) [kworker/1:2-events] (root,0,0,00:00:00/01:31:04,19953) [kworker/u8:0-writeback] (root,0,0,00:00:01/04:15:16,24312) [kworker/0:0-events] (root,6656,3484,00:00:00/00:00,27085) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,27105) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,27107) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,27158) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,27159) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:19:03,28658) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/09:26,29069) [kworker/3:2] (postfix,44628,9416,00:00:00/11-17:49:25,30472) tlsmgr -l -t unix -u (root,0,0,00:00:01/03:01:06,32305) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-29 23:36 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b9f3d7bfFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:45/15-13:26:23,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-13:26:23,2) [kthreadd] (root,0,0,00:00:00/15-13:26:23,3) [rcu_gp] (root,0,0,00:00:00/15-13:26:23,4) [rcu_par_gp] (root,0,0,00:00:00/15-13:26:23,5) [slub_flushwq] (root,0,0,00:00:00/15-13:26:23,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-13:26:23,9) [mm_percpu_wq] (root,0,0,00:00:00/15-13:26:23,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-13:26:23,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-13:26:23,12) [rcu_tasks_trace] (root,0,0,00:00:29/15-13:26:23,13) [ksoftirqd/0] (root,0,0,00:41:45/15-13:26:23,14) [rcu_preempt] (root,0,0,00:00:05/15-13:26:23,15) [migration/0] (root,0,0,00:00:00/15-13:26:23,16) [idle_inject/0] (root,0,0,00:00:00/15-13:26:23,18) [cpuhp/0] (root,0,0,00:00:00/15-13:26:23,19) [cpuhp/1] (root,0,0,00:00:00/15-13:26:23,20) [idle_inject/1] (root,0,0,00:00:06/15-13:26:23,21) [migration/1] (root,0,0,00:00:25/15-13:26:23,22) [ksoftirqd/1] (root,0,0,00:00:00/15-13:26:23,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-13:26:23,25) [cpuhp/2] (root,0,0,00:00:00/15-13:26:23,26) [idle_inject/2] (root,0,0,00:00:05/15-13:26:23,27) [migration/2] (root,0,0,00:32:18/15-13:26:23,28) [ksoftirqd/2] (root,0,0,00:00:00/15-13:26:23,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-13:26:23,31) [cpuhp/3] (root,0,0,00:00:00/15-13:26:23,32) [idle_inject/3] (root,0,0,00:00:05/15-13:26:23,33) [migration/3] (root,0,0,00:01:29/15-13:26:23,34) [ksoftirqd/3] (root,0,0,00:00:00/15-13:26:23,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-13:26:23,39) [kdevtmpfs] (root,0,0,00:00:00/15-13:26:23,40) [netns] (root,0,0,00:00:00/15-13:26:23,41) [inet_frag_wq] (root,0,0,00:00:04/15-13:26:23,42) [kauditd] (root,0,0,00:00:00/15-13:26:23,43) [khungtaskd] (root,0,0,00:00:00/15-13:26:23,44) [oom_reaper] (root,0,0,00:00:00/15-13:26:23,45) [writeback] (root,0,0,00:00:46/15-13:26:23,46) [kcompactd0] (root,0,0,00:00:00/15-13:26:23,47) [ksmd] (root,0,0,00:00:46/15-13:26:23,48) [khugepaged] (root,0,0,00:00:00/15-13:26:23,74) [kintegrityd] (root,0,0,00:00:00/15-13:26:23,75) [kblockd] (root,0,0,00:00:00/15-13:26:23,76) [blkcg_punt_bio] (root,0,0,00:00:00/15-13:26:23,78) [tpm_dev_wq] (root,0,0,00:00:00/15-13:26:23,79) [edac-poller] (root,0,0,00:00:00/15-13:26:23,80) [devfreq_wq] (root,0,0,00:00:00/15-13:26:23,110) [watchdogd] (root,0,0,00:00:03/15-13:26:23,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/15-13:26:23,112) [kswapd0] (root,0,0,00:00:00/15-13:26:22,114) [kthrotld] (root,0,0,00:00:00/15-13:26:22,115) [mld] (root,0,0,00:00:00/15-13:26:22,116) [ipv6_addrconf] (root,0,0,00:00:06/15-13:26:22,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/15-13:26:22,122) [kstrp] (root,0,0,00:00:00/15-13:26:22,123) [zswap-shrink] (root,0,0,00:00:00/15-13:26:22,124) [kworker/u9:0] (root,0,0,00:00:00/15-13:26:22,129) [charger_manager] (root,0,0,00:00:03/15-13:26:21,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/15-13:26:21,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-13:26:21,205) [kaluad] (root,0,0,00:00:00/15-13:26:21,250) [kmpath_rdacd] (root,0,0,00:00:00/15-13:26:21,293) [kmpathd] (root,0,0,00:00:00/15-13:26:21,294) [kmpath_handlerd] (root,0,0,00:00:00/15-13:26:21,342) [ata_sff] (root,0,0,00:00:00/15-13:26:20,343) [scsi_eh_0] (root,0,0,00:00:00/15-13:26:20,344) [scsi_tmf_0] (root,0,0,00:00:00/15-13:26:20,345) [scsi_eh_1] (root,0,0,00:00:00/15-13:26:20,346) [scsi_tmf_1] (root,0,0,00:00:23/15-13:26:18,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-13:26:18,367) [ext4-rsv-conver] (root,38604,7876,00:00:24/15-13:26:06,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/15-13:26:05,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:23/15-13:26:03,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:09/15-13:25:29,512) /sbin/auditd (messagebus,22936,5672,00:00:49/15-13:25:29,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:28/15-13:25:29,531) /usr/lib/systemd/systemd-logind (root,0,0,00:00:00/30:00,539) [kworker/0:2] (root,20556,5140,00:00:00/15-13:25:29,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/15-13:25:28,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/15-13:25:28,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27976,00:00:17/15-13:25:14,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/15-13:25:14,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:24/15-13:25:13,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/15-13:25:13,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/15-13:25:13,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/15-13:25:13,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/15-13:25:13,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:24/15-13:25:13,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:06/15-13:25:13,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/15-13:25:13,1206) bpfilter_umh (root,26204,8300,00:00:07/15-13:25:13,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/15-13:25:13,1215) ntpd: asynchronous dns resolver (spot,285092,171292,20:55:35/15-13:25:13,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/15-13:25:12,1228) (sd-pam) (checkmk,48532,3192,00:00:00/15-13:25:12,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/15-13:25:12,1245) (sd-pam) (root,24216,5348,00:00:05/15-13:25:11,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/15-13:25:11,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/15-13:25:10,1354) /usr/sbin/cron -n (root,691980,74872,00:20:09/15-13:25:04,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,213440,49184,00:05:09/15-13:24:50,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:58,3353) [kworker/1:0-ata_sff] (postfix,24244,8220,00:00:00/01:33:36,7356) pickup -l -t fifo -u (root,0,0,00:00:00/07:11,8244) [kworker/1:2-ata_sff] (root,35308,10012,00:00:00/8-05:21:17,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:29/8-05:21:17,8749) sshd: syslogtunnel (root,0,0,00:00:00/18:41,10498) [kworker/3:0-events] (root,0,0,00:00:00/41:19,10640) [kworker/2:2-events] (root,0,0,00:00:00/13:04,12886) [kworker/2:0] (root,6656,3464,00:00:00/00:00,13066) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,13183) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,13208) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,936,00:00:00/00:00,13209) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10012,00:00:00/9-11:16:06,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:31/9-11:16:05,15391) sshd: cm-ssh (root,0,0,00:00:00/17:34,16028) [kworker/1:1-events] (root,0,0,00:00:00/23:03,26061) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/52:29,26890) [kworker/0:1-events] (postfix,44628,9416,00:00:00/9-18:01:51,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/47:40,30764) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:01/05:15:41,31041) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-27 23:48 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c480bbaeFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:40/13-13:55:12,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-13:55:12,2) [kthreadd] (root,0,0,00:00:00/13-13:55:12,3) [rcu_gp] (root,0,0,00:00:00/13-13:55:12,4) [rcu_par_gp] (root,0,0,00:00:00/13-13:55:12,5) [slub_flushwq] (root,0,0,00:00:00/13-13:55:12,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-13:55:12,9) [mm_percpu_wq] (root,0,0,00:00:00/13-13:55:12,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-13:55:12,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-13:55:12,12) [rcu_tasks_trace] (root,0,0,00:00:25/13-13:55:12,13) [ksoftirqd/0] (root,0,0,00:36:35/13-13:55:12,14) [rcu_preempt] (root,0,0,00:00:05/13-13:55:12,15) [migration/0] (root,0,0,00:00:00/13-13:55:12,16) [idle_inject/0] (root,0,0,00:00:00/13-13:55:12,18) [cpuhp/0] (root,0,0,00:00:00/13-13:55:12,19) [cpuhp/1] (root,0,0,00:00:00/13-13:55:12,20) [idle_inject/1] (root,0,0,00:00:05/13-13:55:12,21) [migration/1] (root,0,0,00:00:22/13-13:55:12,22) [ksoftirqd/1] (root,0,0,00:00:00/13-13:55:12,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-13:55:12,25) [cpuhp/2] (root,0,0,00:00:00/13-13:55:12,26) [idle_inject/2] (root,0,0,00:00:04/13-13:55:12,27) [migration/2] (root,0,0,00:28:51/13-13:55:12,28) [ksoftirqd/2] (root,0,0,00:00:00/13-13:55:12,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-13:55:12,31) [cpuhp/3] (root,0,0,00:00:00/13-13:55:12,32) [idle_inject/3] (root,0,0,00:00:05/13-13:55:12,33) [migration/3] (root,0,0,00:01:19/13-13:55:12,34) [ksoftirqd/3] (root,0,0,00:00:00/13-13:55:12,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-13:55:12,39) [kdevtmpfs] (root,0,0,00:00:00/13-13:55:12,40) [netns] (root,0,0,00:00:00/13-13:55:12,41) [inet_frag_wq] (root,0,0,00:00:04/13-13:55:12,42) [kauditd] (root,0,0,00:00:00/13-13:55:12,43) [khungtaskd] (root,0,0,00:00:00/13-13:55:12,44) [oom_reaper] (root,0,0,00:00:00/13-13:55:12,45) [writeback] (root,0,0,00:00:40/13-13:55:12,46) [kcompactd0] (root,0,0,00:00:00/13-13:55:12,47) [ksmd] (root,0,0,00:00:40/13-13:55:12,48) [khugepaged] (root,0,0,00:00:00/13-13:55:12,74) [kintegrityd] (root,0,0,00:00:00/13-13:55:12,75) [kblockd] (root,0,0,00:00:00/13-13:55:12,76) [blkcg_punt_bio] (root,0,0,00:00:00/13-13:55:12,78) [tpm_dev_wq] (root,0,0,00:00:00/13-13:55:12,79) [edac-poller] (root,0,0,00:00:00/13-13:55:12,80) [devfreq_wq] (root,0,0,00:00:00/13-13:55:12,110) [watchdogd] (root,0,0,00:00:02/13-13:55:12,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/13-13:55:12,112) [kswapd0] (root,0,0,00:00:00/13-13:55:11,114) [kthrotld] (root,0,0,00:00:00/13-13:55:11,115) [mld] (root,0,0,00:00:00/13-13:55:11,116) [ipv6_addrconf] (root,0,0,00:00:05/13-13:55:11,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/13-13:55:11,122) [kstrp] (root,0,0,00:00:00/13-13:55:11,123) [zswap-shrink] (root,0,0,00:00:00/13-13:55:11,124) [kworker/u9:0] (root,0,0,00:00:00/13-13:55:11,129) [charger_manager] (root,0,0,00:00:02/13-13:55:10,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/13-13:55:10,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-13:55:10,205) [kaluad] (root,0,0,00:00:00/13-13:55:10,250) [kmpath_rdacd] (root,0,0,00:00:00/13-13:55:10,293) [kmpathd] (root,0,0,00:00:00/13-13:55:10,294) [kmpath_handlerd] (root,0,0,00:00:00/13-13:55:10,342) [ata_sff] (root,0,0,00:00:00/13-13:55:09,343) [scsi_eh_0] (root,0,0,00:00:00/13-13:55:09,344) [scsi_tmf_0] (root,0,0,00:00:00/13-13:55:09,345) [scsi_eh_1] (root,0,0,00:00:00/13-13:55:09,346) [scsi_tmf_1] (root,0,0,00:00:20/13-13:55:07,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-13:55:07,367) [ext4-rsv-conver] (root,38604,7876,00:00:22/13-13:54:55,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/13-13:54:54,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:20/13-13:54:52,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:08/13-13:54:18,512) /sbin/auditd (messagebus,22936,5672,00:00:45/13-13:54:18,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8536,00:00:25/13-13:54:18,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/13-13:54:18,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/13-13:54:17,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/13-13:54:17,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27716,00:00:15/13-13:54:03,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/13-13:54:03,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:12/13-13:54:02,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/13-13:54:02,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/13-13:54:02,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/13-13:54:02,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/13-13:54:02,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:21/13-13:54:02,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:01:50/13-13:54:02,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/13-13:54:02,1206) bpfilter_umh (root,26204,8300,00:00:07/13-13:54:02,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/13-13:54:02,1215) ntpd: asynchronous dns resolver (spot,286660,171612,18:14:02/13-13:54:02,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/13-13:54:01,1228) (sd-pam) (checkmk,48532,3192,00:00:00/13-13:54:01,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/13-13:54:01,1245) (sd-pam) (root,24216,5348,00:00:04/13-13:54:00,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/13-13:54:00,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/13-13:53:59,1354) /usr/sbin/cron -n (root,691980,74552,00:17:33/13-13:53:53,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,47904,00:04:29/13-13:53:39,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/33:13,2659) [kworker/2:0-events] (root,0,0,00:00:00/14:27,3454) [kworker/1:1-events] (root,0,0,00:00:04/03:51:50,4939) [kworker/2:2-events] (root,35308,10012,00:00:00/6-05:50:06,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:22/6-05:50:06,8749) sshd: syslogtunnel (root,0,0,00:00:00/04:04,10657) [kworker/1:0-ata_sff] (root,0,0,00:00:00/38:13,13988) [kworker/0:0-events] (root,35308,10012,00:00:00/7-11:44:55,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:25/7-11:44:54,15391) sshd: cm-ssh (postfix,24244,8212,00:00:00/44:14,19097) pickup -l -t fifo -u (root,0,0,00:00:00/58:40,23451) [kworker/3:1-events] (root,0,0,00:00:00/09:17,24026) [kworker/1:2-ata_sff] (root,0,0,00:00:00/01:29:00,24348) [kworker/u8:1-ext4-rsv-conversion] (root,6656,3488,00:00:00/00:00,25438) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,25456) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,25457) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,44628,9416,00:00:00/7-18:30:40,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/48:27,31001) [kworker/0:2-events] (root,0,0,00:00:00/16:50,31497) [kworker/u8:2-flush-253:0] (root,0,0,00:00:01/04:22:30,31777) [kworker/3:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-26 00:17 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363440fd649Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:35/11-12:53:45,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-12:53:45,2) [kthreadd] (root,0,0,00:00:00/11-12:53:45,3) [rcu_gp] (root,0,0,00:00:00/11-12:53:45,4) [rcu_par_gp] (root,0,0,00:00:00/11-12:53:45,5) [slub_flushwq] (root,0,0,00:00:00/11-12:53:45,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-12:53:45,9) [mm_percpu_wq] (root,0,0,00:00:00/11-12:53:45,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-12:53:45,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-12:53:45,12) [rcu_tasks_trace] (root,0,0,00:00:20/11-12:53:45,13) [ksoftirqd/0] (root,0,0,00:30:42/11-12:53:45,14) [rcu_preempt] (root,0,0,00:00:04/11-12:53:45,15) [migration/0] (root,0,0,00:00:00/11-12:53:45,16) [idle_inject/0] (root,0,0,00:00:00/11-12:53:45,18) [cpuhp/0] (root,0,0,00:00:00/11-12:53:45,19) [cpuhp/1] (root,0,0,00:00:00/11-12:53:45,20) [idle_inject/1] (root,0,0,00:00:04/11-12:53:45,21) [migration/1] (root,0,0,00:00:17/11-12:53:45,22) [ksoftirqd/1] (root,0,0,00:00:00/11-12:53:45,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-12:53:45,25) [cpuhp/2] (root,0,0,00:00:00/11-12:53:45,26) [idle_inject/2] (root,0,0,00:00:03/11-12:53:45,27) [migration/2] (root,0,0,00:24:10/11-12:53:45,28) [ksoftirqd/2] (root,0,0,00:00:00/11-12:53:45,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-12:53:45,31) [cpuhp/3] (root,0,0,00:00:00/11-12:53:45,32) [idle_inject/3] (root,0,0,00:00:04/11-12:53:45,33) [migration/3] (root,0,0,00:01:05/11-12:53:45,34) [ksoftirqd/3] (root,0,0,00:00:00/11-12:53:45,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-12:53:45,39) [kdevtmpfs] (root,0,0,00:00:00/11-12:53:45,40) [netns] (root,0,0,00:00:00/11-12:53:45,41) [inet_frag_wq] (root,0,0,00:00:03/11-12:53:45,42) [kauditd] (root,0,0,00:00:00/11-12:53:45,43) [khungtaskd] (root,0,0,00:00:00/11-12:53:45,44) [oom_reaper] (root,0,0,00:00:00/11-12:53:45,45) [writeback] (root,0,0,00:00:33/11-12:53:45,46) [kcompactd0] (root,0,0,00:00:00/11-12:53:45,47) [ksmd] (root,0,0,00:00:34/11-12:53:45,48) [khugepaged] (root,0,0,00:00:00/11-12:53:45,74) [kintegrityd] (root,0,0,00:00:00/11-12:53:45,75) [kblockd] (root,0,0,00:00:00/11-12:53:45,76) [blkcg_punt_bio] (root,0,0,00:00:00/11-12:53:45,78) [tpm_dev_wq] (root,0,0,00:00:00/11-12:53:45,79) [edac-poller] (root,0,0,00:00:00/11-12:53:45,80) [devfreq_wq] (root,0,0,00:00:00/11-12:53:45,110) [watchdogd] (root,0,0,00:00:02/11-12:53:45,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-12:53:45,112) [kswapd0] (root,0,0,00:00:00/11-12:53:44,114) [kthrotld] (root,0,0,00:00:00/11-12:53:44,115) [mld] (root,0,0,00:00:00/11-12:53:44,116) [ipv6_addrconf] (root,0,0,00:00:04/11-12:53:44,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/11-12:53:44,122) [kstrp] (root,0,0,00:00:00/11-12:53:44,123) [zswap-shrink] (root,0,0,00:00:00/11-12:53:44,124) [kworker/u9:0] (root,0,0,00:00:00/11-12:53:44,129) [charger_manager] (root,0,0,00:00:02/11-12:53:43,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/11-12:53:43,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-12:53:43,205) [kaluad] (root,0,0,00:00:00/11-12:53:43,250) [kmpath_rdacd] (root,0,0,00:00:00/11-12:53:43,293) [kmpathd] (root,0,0,00:00:00/11-12:53:43,294) [kmpath_handlerd] (root,0,0,00:00:00/11-12:53:43,342) [ata_sff] (root,0,0,00:00:00/11-12:53:42,343) [scsi_eh_0] (root,0,0,00:00:00/11-12:53:42,344) [scsi_tmf_0] (root,0,0,00:00:00/11-12:53:42,345) [scsi_eh_1] (root,0,0,00:00:00/11-12:53:42,346) [scsi_tmf_1] (root,0,0,00:00:17/11-12:53:40,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-12:53:40,367) [ext4-rsv-conver] (root,38604,7900,00:00:19/11-12:53:28,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/11-12:53:27,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:17/11-12:53:25,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:07/11-12:52:51,512) /sbin/auditd (messagebus,22936,5672,00:00:39/11-12:52:51,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8548,00:00:22/11-12:52:51,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/11-12:52:51,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/11-12:52:50,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/11-12:52:50,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27724,00:00:13/11-12:52:36,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/11-12:52:36,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:00/11-12:52:35,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/11-12:52:35,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/11-12:52:35,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/11-12:52:35,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/11-12:52:35,1201) /usr/lib/systemd/systemd --user (root,448968,9084,00:00:18/11-12:52:35,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:32/11-12:52:35,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/11-12:52:35,1206) bpfilter_umh (root,26204,8300,00:00:06/11-12:52:35,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/11-12:52:35,1215) ntpd: asynchronous dns resolver (spot,285252,171256,14:18:21/11-12:52:35,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/11-12:52:34,1228) (sd-pam) (checkmk,48532,3192,00:00:00/11-12:52:34,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/11-12:52:34,1245) (sd-pam) (root,24216,5348,00:00:03/11-12:52:33,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/11-12:52:33,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/11-12:52:32,1354) /usr/sbin/cron -n (root,691724,74148,00:14:51/11-12:52:26,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,211392,46608,00:03:46/11-12:52:12,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/05:11,3737) [kworker/1:2-ata_sff] (root,0,0,00:00:00/10:15:54,4619) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/57:01,6242) [kworker/3:1] (postfix,24244,8200,00:00:00/03:27,7853) pickup -l -t fifo -u (root,35308,10012,00:00:00/4-04:48:39,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:15/4-04:48:39,8749) sshd: syslogtunnel (root,0,0,00:00:00/01:25:40,9247) [kworker/0:1-events] (root,0,0,00:00:00/24:14,11036) [kworker/2:1-events] (root,35308,10012,00:00:00/5-10:43:28,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:18/5-10:43:27,15391) sshd: cm-ssh (root,0,0,00:00:00/02:18:58,16718) [kworker/2:2-events] (root,0,0,00:00:00/00:01,18508) [kworker/1:0] (root,6656,3488,00:00:00/00:00,18595) /bin/bash /usr/bin/check_mk_agent (root,0,0,00:00:00/01:58:04,18633) [kworker/3:2-events] (root,6656,3488,00:00:00/00:00,18657) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,18671) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,18672) /bin/bash /usr/bin/check_mk_agent (root,4480,1164,00:00:00/00:00,18673) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,860,00:00:00/00:00,18674) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,648,00:00:00/00:00,18677) cat /proc/net/tcp /proc/net/tcp6 (root,13744,3376,00:00:00/00:00,18687) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,18688) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/03:01:35,21671) [kworker/1:1-events] (root,0,0,00:00:00/28:22,30297) [kworker/0:2-events] (postfix,44628,9464,00:00:00/5-17:29:13,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:34:51,31970) [kworker/u8:2-writeback] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-23 23:15 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363fc20b1f4Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:30/9-13:36:58,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-13:36:58,2) [kthreadd] (root,0,0,00:00:00/9-13:36:58,3) [rcu_gp] (root,0,0,00:00:00/9-13:36:58,4) [rcu_par_gp] (root,0,0,00:00:00/9-13:36:58,5) [slub_flushwq] (root,0,0,00:00:00/9-13:36:58,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-13:36:58,9) [mm_percpu_wq] (root,0,0,00:00:00/9-13:36:58,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-13:36:58,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-13:36:58,12) [rcu_tasks_trace] (root,0,0,00:00:16/9-13:36:58,13) [ksoftirqd/0] (root,0,0,00:25:19/9-13:36:58,14) [rcu_preempt] (root,0,0,00:00:03/9-13:36:58,15) [migration/0] (root,0,0,00:00:00/9-13:36:58,16) [idle_inject/0] (root,0,0,00:00:00/9-13:36:58,18) [cpuhp/0] (root,0,0,00:00:00/9-13:36:58,19) [cpuhp/1] (root,0,0,00:00:00/9-13:36:58,20) [idle_inject/1] (root,0,0,00:00:03/9-13:36:58,21) [migration/1] (root,0,0,00:00:14/9-13:36:58,22) [ksoftirqd/1] (root,0,0,00:00:00/9-13:36:58,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-13:36:58,25) [cpuhp/2] (root,0,0,00:00:00/9-13:36:58,26) [idle_inject/2] (root,0,0,00:00:03/9-13:36:58,27) [migration/2] (root,0,0,00:20:20/9-13:36:58,28) [ksoftirqd/2] (root,0,0,00:00:00/9-13:36:58,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-13:36:58,31) [cpuhp/3] (root,0,0,00:00:00/9-13:36:58,32) [idle_inject/3] (root,0,0,00:00:03/9-13:36:58,33) [migration/3] (root,0,0,00:00:54/9-13:36:58,34) [ksoftirqd/3] (root,0,0,00:00:00/9-13:36:58,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-13:36:58,39) [kdevtmpfs] (root,0,0,00:00:00/9-13:36:58,40) [netns] (root,0,0,00:00:00/9-13:36:58,41) [inet_frag_wq] (root,0,0,00:00:03/9-13:36:58,42) [kauditd] (root,0,0,00:00:00/9-13:36:58,43) [khungtaskd] (root,0,0,00:00:00/9-13:36:58,44) [oom_reaper] (root,0,0,00:00:00/9-13:36:58,45) [writeback] (root,0,0,00:00:27/9-13:36:58,46) [kcompactd0] (root,0,0,00:00:00/9-13:36:58,47) [ksmd] (root,0,0,00:00:29/9-13:36:58,48) [khugepaged] (root,0,0,00:00:00/9-13:36:58,74) [kintegrityd] (root,0,0,00:00:00/9-13:36:58,75) [kblockd] (root,0,0,00:00:00/9-13:36:58,76) [blkcg_punt_bio] (root,0,0,00:00:00/9-13:36:58,78) [tpm_dev_wq] (root,0,0,00:00:00/9-13:36:58,79) [edac-poller] (root,0,0,00:00:00/9-13:36:58,80) [devfreq_wq] (root,0,0,00:00:00/9-13:36:58,110) [watchdogd] (root,0,0,00:00:01/9-13:36:58,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-13:36:58,112) [kswapd0] (root,0,0,00:00:00/9-13:36:57,114) [kthrotld] (root,0,0,00:00:00/9-13:36:57,115) [mld] (root,0,0,00:00:00/9-13:36:57,116) [ipv6_addrconf] (root,0,0,00:00:04/9-13:36:57,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/9-13:36:57,122) [kstrp] (root,0,0,00:00:00/9-13:36:57,123) [zswap-shrink] (root,0,0,00:00:00/9-13:36:57,124) [kworker/u9:0] (root,0,0,00:00:00/9-13:36:57,129) [charger_manager] (root,0,0,00:00:02/9-13:36:56,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/9-13:36:56,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-13:36:56,205) [kaluad] (root,0,0,00:00:00/9-13:36:56,250) [kmpath_rdacd] (root,0,0,00:00:00/9-13:36:56,293) [kmpathd] (root,0,0,00:00:00/9-13:36:56,294) [kmpath_handlerd] (root,0,0,00:00:00/9-13:36:56,342) [ata_sff] (root,0,0,00:00:00/9-13:36:55,343) [scsi_eh_0] (root,0,0,00:00:00/9-13:36:55,344) [scsi_tmf_0] (root,0,0,00:00:00/9-13:36:55,345) [scsi_eh_1] (root,0,0,00:00:00/9-13:36:55,346) [scsi_tmf_1] (root,0,0,00:00:14/9-13:36:53,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-13:36:53,367) [ext4-rsv-conver] (root,38604,7900,00:00:16/9-13:36:41,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/9-13:36:40,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:14/9-13:36:38,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:06/9-13:36:04,512) /sbin/auditd (messagebus,22936,5672,00:00:33/9-13:36:04,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:19/9-13:36:04,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/9-13:36:04,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/9-13:36:03,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/9-13:36:03,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,26656,00:00:11/9-13:35:49,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/9-13:35:49,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:51/9-13:35:48,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/9-13:35:48,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/9-13:35:48,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/9-13:35:48,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/9-13:35:48,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:16/9-13:35:48,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:16/9-13:35:48,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/9-13:35:48,1206) bpfilter_umh (root,26204,8300,00:00:05/9-13:35:48,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/9-13:35:48,1215) ntpd: asynchronous dns resolver (spot,283268,169320,11:11:50/9-13:35:48,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/9-13:35:47,1228) (sd-pam) (checkmk,48532,3192,00:00:00/9-13:35:47,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/9-13:35:47,1245) (sd-pam) (root,24216,5348,00:00:03/9-13:35:46,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/9-13:35:46,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/9-13:35:45,1354) /usr/sbin/cron -n (root,691336,73820,00:12:18/9-13:35:39,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,210368,45328,00:03:06/9-13:35:25,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:05/05:04:05,2819) [kworker/2:2-events] (root,0,0,00:00:00/03:07,3742) [kworker/1:2-ata_sff] (root,0,0,00:00:00/01:05:23,6061) [kworker/1:0-events] (root,0,0,00:00:00/09:11,8026) [kworker/2:0] (root,35308,10012,00:00:00/2-05:31:52,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:08/2-05:31:52,8749) sshd: syslogtunnel (root,0,0,00:00:00/08:18,11619) [kworker/1:1-ata_sff] (root,0,0,00:00:00/38:25,12858) [kworker/3:2] (root,35308,10012,00:00:00/3-11:26:41,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:11/3-11:26:40,15391) sshd: cm-ssh (root,0,0,00:00:00/58:27,16117) [kworker/u8:0-flush-253:0] (root,6656,3488,00:00:00/00:00,20752) /bin/bash /usr/bin/check_mk_agent (root,13744,3428,00:00:00/00:00,20770) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,20771) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/02:52:03,22141) [kworker/3:0-events] (root,0,0,00:00:00/46:56,22486) [kworker/u8:1] (root,0,0,00:00:00/01:47:59,25498) [kworker/0:1-events] (root,0,0,00:00:00/14:08,26656) [kworker/0:2-events] (postfix,24244,8308,00:00:00/01:08:33,28263) pickup -l -t fifo -u (postfix,44628,9464,00:00:00/3-18:12:26,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-21 23:59 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683638f107035Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:24/7-12:19:19,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-12:19:19,2) [kthreadd] (root,0,0,00:00:00/7-12:19:19,3) [rcu_gp] (root,0,0,00:00:00/7-12:19:19,4) [rcu_par_gp] (root,0,0,00:00:00/7-12:19:19,5) [slub_flushwq] (root,0,0,00:00:00/7-12:19:19,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-12:19:19,9) [mm_percpu_wq] (root,0,0,00:00:00/7-12:19:19,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-12:19:19,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-12:19:19,12) [rcu_tasks_trace] (root,0,0,00:00:13/7-12:19:19,13) [ksoftirqd/0] (root,0,0,00:19:44/7-12:19:19,14) [rcu_preempt] (root,0,0,00:00:02/7-12:19:19,15) [migration/0] (root,0,0,00:00:00/7-12:19:19,16) [idle_inject/0] (root,0,0,00:00:00/7-12:19:19,18) [cpuhp/0] (root,0,0,00:00:00/7-12:19:19,19) [cpuhp/1] (root,0,0,00:00:00/7-12:19:19,20) [idle_inject/1] (root,0,0,00:00:03/7-12:19:19,21) [migration/1] (root,0,0,00:00:11/7-12:19:19,22) [ksoftirqd/1] (root,0,0,00:00:00/7-12:19:19,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-12:19:19,25) [cpuhp/2] (root,0,0,00:00:00/7-12:19:19,26) [idle_inject/2] (root,0,0,00:00:02/7-12:19:19,27) [migration/2] (root,0,0,00:15:52/7-12:19:19,28) [ksoftirqd/2] (root,0,0,00:00:00/7-12:19:19,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-12:19:19,31) [cpuhp/3] (root,0,0,00:00:00/7-12:19:19,32) [idle_inject/3] (root,0,0,00:00:03/7-12:19:19,33) [migration/3] (root,0,0,00:00:42/7-12:19:19,34) [ksoftirqd/3] (root,0,0,00:00:00/7-12:19:19,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-12:19:19,39) [kdevtmpfs] (root,0,0,00:00:00/7-12:19:19,40) [netns] (root,0,0,00:00:00/7-12:19:19,41) [inet_frag_wq] (root,0,0,00:00:02/7-12:19:19,42) [kauditd] (root,0,0,00:00:00/7-12:19:19,43) [khungtaskd] (root,0,0,00:00:00/7-12:19:19,44) [oom_reaper] (root,0,0,00:00:00/7-12:19:19,45) [writeback] (root,0,0,00:00:22/7-12:19:19,46) [kcompactd0] (root,0,0,00:00:00/7-12:19:19,47) [ksmd] (root,0,0,00:00:22/7-12:19:19,48) [khugepaged] (root,0,0,00:00:00/7-12:19:19,74) [kintegrityd] (root,0,0,00:00:00/7-12:19:19,75) [kblockd] (root,0,0,00:00:00/7-12:19:19,76) [blkcg_punt_bio] (root,0,0,00:00:00/7-12:19:19,78) [tpm_dev_wq] (root,0,0,00:00:00/7-12:19:19,79) [edac-poller] (root,0,0,00:00:00/7-12:19:19,80) [devfreq_wq] (root,0,0,00:00:00/7-12:19:19,110) [watchdogd] (root,0,0,00:00:01/7-12:19:19,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-12:19:19,112) [kswapd0] (root,0,0,00:00:00/7-12:19:18,114) [kthrotld] (root,0,0,00:00:00/7-12:19:18,115) [mld] (root,0,0,00:00:00/7-12:19:18,116) [ipv6_addrconf] (root,0,0,00:00:03/7-12:19:18,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/7-12:19:18,122) [kstrp] (root,0,0,00:00:00/7-12:19:18,123) [zswap-shrink] (root,0,0,00:00:00/7-12:19:18,124) [kworker/u9:0] (root,0,0,00:00:00/7-12:19:18,129) [charger_manager] (root,0,0,00:00:01/7-12:19:17,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/7-12:19:17,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-12:19:17,205) [kaluad] (root,0,0,00:00:00/7-12:19:17,250) [kmpath_rdacd] (root,0,0,00:00:00/7-12:19:17,293) [kmpathd] (root,0,0,00:00:00/7-12:19:17,294) [kmpath_handlerd] (root,0,0,00:00:00/7-12:19:17,342) [ata_sff] (root,0,0,00:00:00/7-12:19:16,343) [scsi_eh_0] (root,0,0,00:00:00/7-12:19:16,344) [scsi_tmf_0] (root,0,0,00:00:00/7-12:19:16,345) [scsi_eh_1] (root,0,0,00:00:00/7-12:19:16,346) [scsi_tmf_1] (root,0,0,00:00:11/7-12:19:14,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-12:19:14,367) [ext4-rsv-conver] (root,38604,7900,00:00:13/7-12:19:02,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/7-12:19:01,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:11/7-12:18:59,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:04/7-12:18:25,512) /sbin/auditd (messagebus,22936,5672,00:00:26/7-12:18:25,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:15/7-12:18:25,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/7-12:18:25,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,0,0,00:00:00/03:25,589) [kworker/u8:0-writeback] (root,31876,16220,00:00:03/7-12:18:24,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/7-12:18:24,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25356,00:00:08/7-12:18:10,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/7-12:18:10,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:39/7-12:18:09,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/7-12:18:09,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/7-12:18:09,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/7-12:18:09,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/7-12:18:09,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:13/7-12:18:09,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:00:59/7-12:18:09,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/7-12:18:09,1206) bpfilter_umh (root,26204,8300,00:00:04/7-12:18:09,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/7-12:18:09,1215) ntpd: asynchronous dns resolver (spot,284116,169532,08:30:43/7-12:18:09,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/7-12:18:08,1228) (sd-pam) (checkmk,48532,3192,00:00:00/7-12:18:08,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/7-12:18:08,1245) (sd-pam) (root,24216,5348,00:00:02/7-12:18:07,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/7-12:18:07,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/7-12:18:06,1354) /usr/sbin/cron -n (root,691080,73620,00:09:37/7-12:18:00,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,43780,00:02:24/7-12:17:46,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/28:58,1729) [kworker/0:2-events] (root,0,0,00:00:00/21:45,3298) [kworker/2:1-events] (root,0,0,00:00:00/14:35,6709) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/58:14,7055) [kworker/3:2-events] (root,0,0,00:00:00/36:20,8300) [kworker/3:1-events] (root,35308,10012,00:00:00/04:14:13,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:00/04:14:13,8749) sshd: syslogtunnel (root,0,0,00:00:00/01:41,10530) [kworker/1:1-ata_sff] (root,0,0,00:00:00/07:32,15250) [kworker/0:0-cgroup_destroy] (root,35308,10012,00:00:00/1-10:09:02,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:04/1-10:09:01,15391) sshd: cm-ssh (root,0,0,00:00:00/00:20,17554) [kworker/0:1-events] (root,0,0,00:00:00/06:53,17979) [kworker/1:2-ata_sff] (postfix,24244,8324,00:00:00/12:43,18194) pickup -l -t fifo -u (root,0,0,00:00:00/25:58,18809) [kworker/u8:1-ext4-rsv-conversion] (root,6656,3480,00:00:00/00:00,19571) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,19589) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,19590) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/32:49,21988) [kworker/1:0-events] (root,0,0,00:00:00/11:06,28804) [kworker/2:0-cgroup_destroy] (postfix,44628,9464,00:00:00/1-16:54:47,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/03:55,30892) [kworker/2:2] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-19 22:41 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363780ebd87Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:18/5-11:38:35,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-11:38:35,2) [kthreadd] (root,0,0,00:00:00/5-11:38:35,3) [rcu_gp] (root,0,0,00:00:00/5-11:38:35,4) [rcu_par_gp] (root,0,0,00:00:00/5-11:38:35,5) [slub_flushwq] (root,0,0,00:00:00/5-11:38:35,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-11:38:35,9) [mm_percpu_wq] (root,0,0,00:00:00/5-11:38:35,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-11:38:35,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-11:38:35,12) [rcu_tasks_trace] (root,0,0,00:00:08/5-11:38:35,13) [ksoftirqd/0] (root,0,0,00:14:15/5-11:38:35,14) [rcu_preempt] (root,0,0,00:00:02/5-11:38:35,15) [migration/0] (root,0,0,00:00:00/5-11:38:35,16) [idle_inject/0] (root,0,0,00:00:00/5-11:38:35,18) [cpuhp/0] (root,0,0,00:00:00/5-11:38:35,19) [cpuhp/1] (root,0,0,00:00:00/5-11:38:35,20) [idle_inject/1] (root,0,0,00:00:02/5-11:38:35,21) [migration/1] (root,0,0,00:00:07/5-11:38:35,22) [ksoftirqd/1] (root,0,0,00:00:00/5-11:38:35,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-11:38:35,25) [cpuhp/2] (root,0,0,00:00:00/5-11:38:35,26) [idle_inject/2] (root,0,0,00:00:01/5-11:38:35,27) [migration/2] (root,0,0,00:11:46/5-11:38:35,28) [ksoftirqd/2] (root,0,0,00:00:00/5-11:38:35,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-11:38:35,31) [cpuhp/3] (root,0,0,00:00:00/5-11:38:35,32) [idle_inject/3] (root,0,0,00:00:02/5-11:38:35,33) [migration/3] (root,0,0,00:00:30/5-11:38:35,34) [ksoftirqd/3] (root,0,0,00:00:00/5-11:38:35,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-11:38:35,39) [kdevtmpfs] (root,0,0,00:00:00/5-11:38:35,40) [netns] (root,0,0,00:00:00/5-11:38:35,41) [inet_frag_wq] (root,0,0,00:00:01/5-11:38:35,42) [kauditd] (root,0,0,00:00:00/5-11:38:35,43) [khungtaskd] (root,0,0,00:00:00/5-11:38:35,44) [oom_reaper] (root,0,0,00:00:00/5-11:38:35,45) [writeback] (root,0,0,00:00:14/5-11:38:35,46) [kcompactd0] (root,0,0,00:00:00/5-11:38:35,47) [ksmd] (root,0,0,00:00:15/5-11:38:35,48) [khugepaged] (root,0,0,00:00:00/5-11:38:35,74) [kintegrityd] (root,0,0,00:00:00/5-11:38:35,75) [kblockd] (root,0,0,00:00:00/5-11:38:35,76) [blkcg_punt_bio] (root,0,0,00:00:00/5-11:38:35,78) [tpm_dev_wq] (root,0,0,00:00:00/5-11:38:35,79) [edac-poller] (root,0,0,00:00:00/5-11:38:35,80) [devfreq_wq] (root,0,0,00:00:00/5-11:38:35,110) [watchdogd] (root,0,0,00:00:01/5-11:38:35,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-11:38:35,112) [kswapd0] (root,0,0,00:00:00/5-11:38:34,114) [kthrotld] (root,0,0,00:00:00/5-11:38:34,115) [mld] (root,0,0,00:00:00/5-11:38:34,116) [ipv6_addrconf] (root,0,0,00:00:02/5-11:38:34,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/5-11:38:34,122) [kstrp] (root,0,0,00:00:00/5-11:38:34,123) [zswap-shrink] (root,0,0,00:00:00/5-11:38:34,124) [kworker/u9:0] (root,0,0,00:00:00/5-11:38:34,129) [charger_manager] (root,0,0,00:00:01/5-11:38:33,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/5-11:38:33,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-11:38:33,205) [kaluad] (root,0,0,00:00:00/5-11:38:33,250) [kmpath_rdacd] (root,0,0,00:00:00/5-11:38:33,293) [kmpathd] (root,0,0,00:00:00/5-11:38:33,294) [kmpath_handlerd] (root,0,0,00:00:00/5-11:38:33,342) [ata_sff] (root,0,0,00:00:00/5-11:38:32,343) [scsi_eh_0] (root,0,0,00:00:00/5-11:38:32,344) [scsi_tmf_0] (root,0,0,00:00:00/5-11:38:32,345) [scsi_eh_1] (root,0,0,00:00:00/5-11:38:32,346) [scsi_tmf_1] (root,0,0,00:00:08/5-11:38:30,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-11:38:30,367) [ext4-rsv-conver] (root,38604,7544,00:00:09/5-11:38:18,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/5-11:38:17,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:08/5-11:38:15,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/5-11:37:41,512) /sbin/auditd (messagebus,22936,5824,00:00:19/5-11:37:41,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:11/5-11:37:41,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/5-11:37:41,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/5-11:37:40,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/5-11:37:40,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25572,00:00:06/5-11:37:26,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/5-11:37:26,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:27/5-11:37:25,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/5-11:37:25,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/5-11:37:25,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/5-11:37:25,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/5-11:37:25,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:10/5-11:37:25,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:43/5-11:37:25,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/5-11:37:25,1206) bpfilter_umh (root,26204,8340,00:00:03/5-11:37:25,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/5-11:37:25,1215) ntpd: asynchronous dns resolver (spot,276024,163704,06:00:16/5-11:37:25,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/5-11:37:24,1228) (sd-pam) (checkmk,48532,3192,00:00:00/5-11:37:24,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/5-11:37:24,1245) (sd-pam) (root,24216,5348,00:00:01/5-11:37:23,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/5-11:37:23,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/5-11:37:22,1354) /usr/sbin/cron -n (root,691080,73440,00:06:58/5-11:37:16,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,42484,00:01:44/5-11:37:02,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/29:28,4430) [kworker/0:0-events] (root,35308,10024,00:00:00/3-13:30:11,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:12/3-13:30:11,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/3-13:29:56,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:10/3-13:29:56,4688) sshd: cm-ssh (root,6656,3484,00:00:00/00:00,8864) /bin/bash /usr/bin/check_mk_agent (root,6656,1820,00:00:00/00:00,8942) /bin/bash /usr/bin/check_mk_agent (root,6656,2012,00:00:00/00:00,8943) /bin/bash /usr/bin/check_mk_agent (root,4480,1036,00:00:00/00:00,8944) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,828,00:00:00/00:00,8945) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,736,00:00:00/00:00,8946) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3488,00:00:00/00:00,8947) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,8965) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,8966) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:05/12:08:18,13342) [kworker/1:0-ata_sff] (root,0,0,00:00:00/04:25,20949) [kworker/1:1-ata_sff] (root,0,0,00:00:02/01:59:01,22417) [kworker/2:2-events] (root,0,0,00:00:00/01:58:57,22418) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/03:30:14,26136) [kworker/u8:1-ext4-rsv-conversion] (postfix,24244,8272,00:00:00/01:32:54,27452) pickup -l -t fifo -u (root,0,0,00:00:00/05:10:10,27907) [kworker/3:1-cgroup_destroy] (root,0,0,00:00:00/09:36,28062) [kworker/1:2-events] (root,0,0,00:00:00/01:16:27,28891) [kworker/3:2-events] (root,0,0,00:00:00/01:03:41,29918) [kworker/2:0] (root,0,0,00:00:00/46:34,31879) [kworker/0:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-17 22:00 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683634473dd1fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:13/3-15:06:43,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-15:06:43,2) [kthreadd] (root,0,0,00:00:00/3-15:06:43,3) [rcu_gp] (root,0,0,00:00:00/3-15:06:43,4) [rcu_par_gp] (root,0,0,00:00:00/3-15:06:43,5) [slub_flushwq] (root,0,0,00:00:00/3-15:06:43,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-15:06:43,9) [mm_percpu_wq] (root,0,0,00:00:00/3-15:06:43,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-15:06:43,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-15:06:43,12) [rcu_tasks_trace] (root,0,0,00:00:05/3-15:06:43,13) [ksoftirqd/0] (root,0,0,00:09:29/3-15:06:43,14) [rcu_preempt] (root,0,0,00:00:01/3-15:06:43,15) [migration/0] (root,0,0,00:00:00/3-15:06:43,16) [idle_inject/0] (root,0,0,00:00:00/3-15:06:43,18) [cpuhp/0] (root,0,0,00:00:00/3-15:06:43,19) [cpuhp/1] (root,0,0,00:00:00/3-15:06:43,20) [idle_inject/1] (root,0,0,00:00:01/3-15:06:43,21) [migration/1] (root,0,0,00:00:05/3-15:06:43,22) [ksoftirqd/1] (root,0,0,00:00:00/3-15:06:43,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-15:06:43,25) [cpuhp/2] (root,0,0,00:00:00/3-15:06:43,26) [idle_inject/2] (root,0,0,00:00:01/3-15:06:43,27) [migration/2] (root,0,0,00:08:01/3-15:06:43,28) [ksoftirqd/2] (root,0,0,00:00:00/3-15:06:43,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-15:06:43,31) [cpuhp/3] (root,0,0,00:00:00/3-15:06:43,32) [idle_inject/3] (root,0,0,00:00:01/3-15:06:43,33) [migration/3] (root,0,0,00:00:20/3-15:06:43,34) [ksoftirqd/3] (root,0,0,00:00:00/3-15:06:43,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-15:06:43,39) [kdevtmpfs] (root,0,0,00:00:00/3-15:06:43,40) [netns] (root,0,0,00:00:00/3-15:06:43,41) [inet_frag_wq] (root,0,0,00:00:01/3-15:06:43,42) [kauditd] (root,0,0,00:00:00/3-15:06:43,43) [khungtaskd] (root,0,0,00:00:00/3-15:06:43,44) [oom_reaper] (root,0,0,00:00:00/3-15:06:43,45) [writeback] (root,0,0,00:00:09/3-15:06:43,46) [kcompactd0] (root,0,0,00:00:00/3-15:06:43,47) [ksmd] (root,0,0,00:00:10/3-15:06:43,48) [khugepaged] (root,0,0,00:00:00/3-15:06:43,74) [kintegrityd] (root,0,0,00:00:00/3-15:06:43,75) [kblockd] (root,0,0,00:00:00/3-15:06:43,76) [blkcg_punt_bio] (root,0,0,00:00:00/3-15:06:43,78) [tpm_dev_wq] (root,0,0,00:00:00/3-15:06:43,79) [edac-poller] (root,0,0,00:00:00/3-15:06:43,80) [devfreq_wq] (root,0,0,00:00:00/3-15:06:43,110) [watchdogd] (root,0,0,00:00:00/3-15:06:43,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-15:06:43,112) [kswapd0] (root,0,0,00:00:00/3-15:06:42,114) [kthrotld] (root,0,0,00:00:00/3-15:06:42,115) [mld] (root,0,0,00:00:00/3-15:06:42,116) [ipv6_addrconf] (root,0,0,00:00:01/3-15:06:42,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-15:06:42,122) [kstrp] (root,0,0,00:00:00/3-15:06:42,123) [zswap-shrink] (root,0,0,00:00:00/3-15:06:42,124) [kworker/u9:0] (root,0,0,00:00:00/3-15:06:42,129) [charger_manager] (root,0,0,00:00:00/3-15:06:41,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-15:06:41,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-15:06:41,205) [kaluad] (root,0,0,00:00:00/3-15:06:41,250) [kmpath_rdacd] (root,0,0,00:00:00/3-15:06:41,293) [kmpathd] (root,0,0,00:00:00/3-15:06:41,294) [kmpath_handlerd] (root,0,0,00:00:00/3-15:06:41,342) [ata_sff] (root,0,0,00:00:00/3-15:06:40,343) [scsi_eh_0] (root,0,0,00:00:00/3-15:06:40,344) [scsi_tmf_0] (root,0,0,00:00:00/3-15:06:40,345) [scsi_eh_1] (root,0,0,00:00:00/3-15:06:40,346) [scsi_tmf_1] (root,0,0,00:00:05/3-15:06:38,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-15:06:38,367) [ext4-rsv-conver] (root,38604,7544,00:00:07/3-15:06:26,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/3-15:06:25,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:05/3-15:06:23,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/3-15:05:49,512) /sbin/auditd (messagebus,22936,5824,00:00:14/3-15:05:49,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:08/3-15:05:49,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/3-15:05:49,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/3-15:05:48,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/3-15:05:48,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24748,00:00:04/3-15:05:34,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/3-15:05:34,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:18/3-15:05:33,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/3-15:05:33,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/3-15:05:33,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/3-15:05:33,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/3-15:05:33,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:07/3-15:05:33,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:28/3-15:05:33,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/3-15:05:33,1206) bpfilter_umh (root,26204,8340,00:00:02/3-15:05:33,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/3-15:05:33,1215) ntpd: asynchronous dns resolver (spot,273900,162308,04:12:05/3-15:05:33,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/3-15:05:32,1228) (sd-pam) (checkmk,48532,3192,00:00:00/3-15:05:32,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/3-15:05:32,1245) (sd-pam) (root,0,0,00:00:00/13:28,1284) [kworker/2:1] (root,24216,5348,00:00:01/3-15:05:31,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-15:05:31,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/3-15:05:30,1354) /usr/sbin/cron -n (root,689544,71904,00:04:38/3-15:05:24,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,207296,41156,00:01:10/3-15:05:10,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:02:45,1655) [kworker/0:1-events] (root,0,0,00:00:04/03:38:05,3235) [kworker/2:0-events] (root,35308,10024,00:00:00/1-16:58:19,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:05/1-16:58:19,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/1-16:58:04,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:05/1-16:58:04,4688) sshd: cm-ssh (root,0,0,00:00:00/02:15:53,4707) [kworker/0:2-events] (root,6656,3488,00:00:00/00:00,5069) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,5087) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,5088) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/03:03:44,13813) [kworker/3:2-cgroup_destroy] (postfix,24244,8164,00:00:00/22:53,13818) pickup -l -t fifo -u (root,0,0,00:00:01/01:25:02,19322) [kworker/1:1-events] (root,0,0,00:00:00/07:13,24539) [kworker/1:0-ata_sff] (root,0,0,00:00:00/01:23:22,25346) [kworker/u8:0-writeback] (root,0,0,00:00:00/02:02,25518) [kworker/1:2-ata_sff] (root,0,0,00:00:00/01:41,26463) [kworker/3:0-events] (root,0,0,00:00:00/05:13:20,30146) [kworker/u8:2] (root,0,0,00:00:00/36:55,30663) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-16 01:28 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c3624029Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12672,00:00:07/1-14:26:53,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-14:26:53,2) [kthreadd] (root,0,0,00:00:00/1-14:26:53,3) [rcu_gp] (root,0,0,00:00:00/1-14:26:53,4) [rcu_par_gp] (root,0,0,00:00:00/1-14:26:53,5) [slub_flushwq] (root,0,0,00:00:00/1-14:26:53,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-14:26:53,9) [mm_percpu_wq] (root,0,0,00:00:00/1-14:26:53,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-14:26:53,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-14:26:53,12) [rcu_tasks_trace] (root,0,0,00:00:02/1-14:26:53,13) [ksoftirqd/0] (root,0,0,00:04:09/1-14:26:53,14) [rcu_preempt] (root,0,0,00:00:00/1-14:26:53,15) [migration/0] (root,0,0,00:00:00/1-14:26:53,16) [idle_inject/0] (root,0,0,00:00:00/1-14:26:53,18) [cpuhp/0] (root,0,0,00:00:00/1-14:26:53,19) [cpuhp/1] (root,0,0,00:00:00/1-14:26:53,20) [idle_inject/1] (root,0,0,00:00:00/1-14:26:53,21) [migration/1] (root,0,0,00:00:02/1-14:26:53,22) [ksoftirqd/1] (root,0,0,00:00:00/1-14:26:53,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-14:26:53,25) [cpuhp/2] (root,0,0,00:00:00/1-14:26:53,26) [idle_inject/2] (root,0,0,00:00:00/1-14:26:53,27) [migration/2] (root,0,0,00:03:25/1-14:26:53,28) [ksoftirqd/2] (root,0,0,00:00:00/1-14:26:53,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-14:26:53,31) [cpuhp/3] (root,0,0,00:00:00/1-14:26:53,32) [idle_inject/3] (root,0,0,00:00:00/1-14:26:53,33) [migration/3] (root,0,0,00:00:08/1-14:26:53,34) [ksoftirqd/3] (root,0,0,00:00:00/1-14:26:53,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-14:26:53,39) [kdevtmpfs] (root,0,0,00:00:00/1-14:26:53,40) [netns] (root,0,0,00:00:00/1-14:26:53,41) [inet_frag_wq] (root,0,0,00:00:00/1-14:26:53,42) [kauditd] (root,0,0,00:00:00/1-14:26:53,43) [khungtaskd] (root,0,0,00:00:00/1-14:26:53,44) [oom_reaper] (root,0,0,00:00:00/1-14:26:53,45) [writeback] (root,0,0,00:00:04/1-14:26:53,46) [kcompactd0] (root,0,0,00:00:00/1-14:26:53,47) [ksmd] (root,0,0,00:00:04/1-14:26:53,48) [khugepaged] (root,0,0,00:00:00/1-14:26:53,74) [kintegrityd] (root,0,0,00:00:00/1-14:26:53,75) [kblockd] (root,0,0,00:00:00/1-14:26:53,76) [blkcg_punt_bio] (root,0,0,00:00:00/1-14:26:53,78) [tpm_dev_wq] (root,0,0,00:00:00/1-14:26:53,79) [edac-poller] (root,0,0,00:00:00/1-14:26:53,80) [devfreq_wq] (root,0,0,00:00:00/1-14:26:53,110) [watchdogd] (root,0,0,00:00:00/1-14:26:53,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-14:26:53,112) [kswapd0] (root,0,0,00:00:00/1-14:26:52,114) [kthrotld] (root,0,0,00:00:00/1-14:26:52,115) [mld] (root,0,0,00:00:00/1-14:26:52,116) [ipv6_addrconf] (root,0,0,00:00:00/1-14:26:52,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-14:26:52,122) [kstrp] (root,0,0,00:00:00/1-14:26:52,123) [zswap-shrink] (root,0,0,00:00:00/1-14:26:52,124) [kworker/u9:0] (root,0,0,00:00:00/1-14:26:52,129) [charger_manager] (root,0,0,00:00:00/1-14:26:51,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-14:26:51,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-14:26:51,205) [kaluad] (root,0,0,00:00:00/1-14:26:51,250) [kmpath_rdacd] (root,0,0,00:00:00/1-14:26:51,293) [kmpathd] (root,0,0,00:00:00/1-14:26:51,294) [kmpath_handlerd] (root,0,0,00:00:00/1-14:26:51,342) [ata_sff] (root,0,0,00:00:00/1-14:26:50,343) [scsi_eh_0] (root,0,0,00:00:00/1-14:26:50,344) [scsi_tmf_0] (root,0,0,00:00:00/1-14:26:50,345) [scsi_eh_1] (root,0,0,00:00:00/1-14:26:50,346) [scsi_tmf_1] (root,0,0,00:00:02/1-14:26:48,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-14:26:48,367) [ext4-rsv-conver] (root,38604,7544,00:00:03/1-14:26:36,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/1-14:26:35,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:02/1-14:26:33,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/1-14:25:59,512) /sbin/auditd (messagebus,22936,5824,00:00:07/1-14:25:59,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8508,00:00:03/1-14:25:59,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/1-14:25:59,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/1-14:25:58,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/1-14:25:58,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24220,00:00:02/1-14:25:44,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/1-14:25:44,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:07/1-14:25:43,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/1-14:25:43,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/1-14:25:43,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/1-14:25:43,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/1-14:25:43,1201) /usr/lib/systemd/systemd --user (root,448724,7840,00:00:03/1-14:25:43,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:12/1-14:25:43,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/1-14:25:43,1206) bpfilter_umh (root,26204,8340,00:00:01/1-14:25:43,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/1-14:25:43,1215) ntpd: asynchronous dns resolver (spot,198788,161632,01:47:26/1-14:25:43,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/1-14:25:42,1228) (sd-pam) (checkmk,48532,3192,00:00:00/1-14:25:42,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/1-14:25:42,1245) (sd-pam) (root,24216,5348,00:00:00/1-14:25:41,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/1-14:25:41,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/1-14:25:40,1354) /usr/sbin/cron -n (root,35308,9992,00:00:00/1-14:25:36,1368) sshd: syslogtunnel [priv] (syslogtunnel,35308,5400,00:00:05/1-14:25:36,1371) sshd: syslogtunnel (root,689288,71288,00:02:04/1-14:25:34,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,40784,00:00:32/1-14:25:20,1380) /usr/bin/python3.11 /usr/bin/spot (root,35308,9976,00:00:00/1-14:25:01,1434) sshd: cm-ssh [priv] (cm-ssh,35308,5468,00:00:04/1-14:25:01,1436) sshd: cm-ssh (root,6656,3480,00:00:00/00:00,2456) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,2474) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,2475) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/33:46,4324) [kworker/3:1-events] (root,0,0,00:00:00/01:01:55,9251) [kworker/0:2-events] (root,0,0,00:00:00/08:06,9695) [kworker/1:2-ata_sff] (root,0,0,00:00:00/23:40,10983) [kworker/1:1-events] (root,0,0,00:00:00/23:34,11248) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/06:01,17050) [kworker/3:0-events] (postfix,24244,8184,00:00:00/05:01,18869) pickup -l -t fifo -u (root,0,0,00:00:00/02:56,21402) [kworker/1:0-ata_sff] (root,0,0,00:00:00/13:09,23650) [kworker/2:1] (root,0,0,00:00:00/01:48:55,28896) [kworker/0:0-events] (root,0,0,00:00:00/01:48:35,29594) [kworker/u8:1] (root,0,0,00:00:01/01:05:32,32356) [kworker/2:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-14 00:49 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ca0fc17dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12368,00:03:07/62-14:03:31,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/62-14:03:31,2) [kthreadd] (root,0,0,00:00:00/62-14:03:31,3) [rcu_gp] (root,0,0,00:00:00/62-14:03:31,4) [rcu_par_gp] (root,0,0,00:00:00/62-14:03:31,5) [slub_flushwq] (root,0,0,00:00:00/62-14:03:31,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/62-14:03:31,9) [mm_percpu_wq] (root,0,0,00:00:00/62-14:03:31,10) [rcu_tasks_kthre] (root,0,0,00:00:00/62-14:03:31,11) [rcu_tasks_rude_] (root,0,0,00:00:00/62-14:03:31,12) [rcu_tasks_trace] (root,0,0,00:01:52/62-14:03:31,13) [ksoftirqd/0] (root,0,0,02:54:12/62-14:03:31,14) [rcu_preempt] (root,0,0,00:00:23/62-14:03:31,15) [migration/0] (root,0,0,00:00:00/62-14:03:31,16) [idle_inject/0] (root,0,0,00:00:00/62-14:03:31,18) [cpuhp/0] (root,0,0,00:00:00/62-14:03:31,19) [cpuhp/1] (root,0,0,00:00:00/62-14:03:31,20) [idle_inject/1] (root,0,0,00:00:23/62-14:03:31,21) [migration/1] (root,0,0,00:01:33/62-14:03:31,22) [ksoftirqd/1] (root,0,0,00:00:00/62-14:03:31,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/62-14:03:31,25) [cpuhp/2] (root,0,0,00:00:00/62-14:03:31,26) [idle_inject/2] (root,0,0,00:00:17/62-14:03:31,27) [migration/2] (root,0,0,01:53:33/62-14:03:31,28) [ksoftirqd/2] (root,0,0,00:00:00/62-14:03:31,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/62-14:03:31,31) [cpuhp/3] (root,0,0,00:00:00/62-14:03:31,32) [idle_inject/3] (root,0,0,00:00:22/62-14:03:31,33) [migration/3] (root,0,0,00:05:43/62-14:03:31,34) [ksoftirqd/3] (root,0,0,00:00:00/62-14:03:31,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/62-14:03:31,40) [kdevtmpfs] (root,0,0,00:00:00/62-14:03:31,41) [netns] (root,0,0,00:00:00/62-14:03:31,42) [inet_frag_wq] (root,0,0,00:00:22/62-14:03:31,43) [kauditd] (root,0,0,00:00:00/62-14:03:31,44) [khungtaskd] (root,0,0,00:00:00/62-14:03:31,45) [oom_reaper] (root,0,0,00:00:00/62-14:03:31,46) [writeback] (root,0,0,00:03:11/62-14:03:31,47) [kcompactd0] (root,0,0,00:00:00/62-14:03:31,48) [ksmd] (root,0,0,00:03:27/62-14:03:31,49) [khugepaged] (root,0,0,00:00:00/62-14:03:31,75) [kintegrityd] (root,0,0,00:00:00/62-14:03:31,76) [kblockd] (root,0,0,00:00:00/62-14:03:31,77) [blkcg_punt_bio] (root,0,0,00:00:00/62-14:03:31,79) [tpm_dev_wq] (root,0,0,00:00:00/62-14:03:31,80) [edac-poller] (root,0,0,00:00:00/62-14:03:31,81) [devfreq_wq] (root,0,0,00:00:00/62-14:03:31,110) [watchdogd] (root,0,0,00:00:05/62-14:03:31,111) [kswapd0] (root,0,0,00:00:16/62-14:03:31,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/62-14:03:29,115) [kthrotld] (root,0,0,00:00:00/62-14:03:29,116) [mld] (root,0,0,00:00:00/62-14:03:29,117) [ipv6_addrconf] (root,0,0,00:00:16/62-14:03:29,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/62-14:03:29,123) [kstrp] (root,0,0,00:00:00/62-14:03:29,124) [zswap-shrink] (root,0,0,00:00:00/62-14:03:29,125) [kworker/u9:0] (root,0,0,00:00:00/62-14:03:29,130) [charger_manager] (root,0,0,00:00:18/62-14:03:29,172) [kworker/1:1H-kblockd] (root,0,0,00:00:27/62-14:03:29,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/62-14:03:28,239) [kaluad] (root,0,0,00:00:00/62-14:03:28,258) [kmpath_rdacd] (root,0,0,00:00:00/62-14:03:28,304) [kmpathd] (root,0,0,00:00:00/62-14:03:28,305) [kmpath_handlerd] (root,0,0,00:00:00/62-14:03:27,342) [ata_sff] (root,0,0,00:00:00/62-14:03:27,343) [scsi_eh_0] (root,0,0,00:00:00/62-14:03:27,344) [scsi_tmf_0] (root,0,0,00:00:00/62-14:03:27,345) [scsi_eh_1] (root,0,0,00:00:00/62-14:03:27,346) [scsi_tmf_1] (root,0,0,00:01:59/62-14:03:24,366) [jbd2/vda1-8] (root,0,0,00:00:00/62-14:03:24,367) [ext4-rsv-conver] (root,38604,7852,00:01:47/62-14:03:12,440) /usr/lib/systemd/systemd-journald (root,53296,9324,00:00:07/62-14:03:11,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:36/62-14:03:09,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1584,00:00:39/62-14:02:38,511) /sbin/auditd (messagebus,22932,5400,00:03:34/62-14:02:37,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38880,8288,00:02:01/62-14:02:37,530) /usr/lib/systemd/systemd-logind (root,20556,4152,00:00:00/62-14:02:37,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15472,00:00:03/62-14:02:35,611) /usr/sbin/wickedd --systemd --foreground (root,31900,15904,00:00:00/62-14:02:35,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549384,31628,00:01:13/62-14:02:21,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/62-14:02:21,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:06:04/62-14:02:21,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/62-14:02:21,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/62-14:02:21,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/62-14:02:21,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/62-14:02:21,1343) /usr/lib/systemd/systemd --user (root,449060,7988,00:01:56/62-14:02:21,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:52/62-14:02:21,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/62-14:02:21,1352) bpfilter_umh (root,26204,8096,00:00:33/62-14:02:21,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/62-14:02:21,1359) ntpd: asynchronous dns resolver (spot,362688,213564,3-11:08:38/62-14:02:20,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/62-14:02:20,1371) (sd-pam) (checkmk,48528,3180,00:00:00/62-14:02:20,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/62-14:02:20,1373) (sd-pam) (root,24216,5256,00:00:22/62-14:02:18,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/62-14:02:18,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/62-14:02:18,1485) /usr/sbin/cron -n (root,699464,78300,01:26:27/62-14:02:12,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/01:38:06,1818) [kworker/1:0-events] (spot,236992,82964,00:31:55/62-14:02:00,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9104,00:00:02/56-19:37:35,2557) tlsmgr -l -t unix -u (root,6656,3492,00:00:00/00:01,2687) /bin/bash /usr/bin/check_mk_agent (root,6656,3472,00:00:00/00:00,2705) /bin/bash /usr/bin/check_mk_agent (root,13744,3372,00:00:00/00:00,2706) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,2707) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/13:57,3650) [kworker/u8:1-writeback] (root,0,0,00:00:00/07:05,6230) [kworker/2:0] (root,35304,10040,00:00:00/24-14:30:30,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:32/24-14:30:29,10514) sshd: syslogtunnel (root,0,0,00:00:00/12:02,11889) [kworker/0:0-events] (root,0,0,00:00:00/01:51:33,12427) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/04:52,14279) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:01:16,14894) [kworker/1:1] (root,0,0,00:00:01/03:04:09,19079) [kworker/2:2-events] (postfix,24244,8252,00:00:00/01:13:02,21014) pickup -l -t fifo -u (root,0,0,00:00:00/10:02,24140) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:22:41,25290) [kworker/3:1-events] (root,0,0,00:00:00/01:20:55,30822) [kworker/0:1-events] (root,35308,10028,00:00:00/24-15:16:43,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:22/24-15:16:42,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-12 00:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b18bb433Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:58/60-11:18:48,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/60-11:18:48,2) [kthreadd] (root,0,0,00:00:00/60-11:18:48,3) [rcu_gp] (root,0,0,00:00:00/60-11:18:48,4) [rcu_par_gp] (root,0,0,00:00:00/60-11:18:48,5) [slub_flushwq] (root,0,0,00:00:00/60-11:18:48,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/60-11:18:48,9) [mm_percpu_wq] (root,0,0,00:00:00/60-11:18:48,10) [rcu_tasks_kthre] (root,0,0,00:00:00/60-11:18:48,11) [rcu_tasks_rude_] (root,0,0,00:00:00/60-11:18:48,12) [rcu_tasks_trace] (root,0,0,00:01:48/60-11:18:48,13) [ksoftirqd/0] (root,0,0,02:48:47/60-11:18:48,14) [rcu_preempt] (root,0,0,00:00:23/60-11:18:48,15) [migration/0] (root,0,0,00:00:00/60-11:18:48,16) [idle_inject/0] (root,0,0,00:00:00/60-11:18:48,18) [cpuhp/0] (root,0,0,00:00:00/60-11:18:48,19) [cpuhp/1] (root,0,0,00:00:00/60-11:18:48,20) [idle_inject/1] (root,0,0,00:00:23/60-11:18:48,21) [migration/1] (root,0,0,00:01:29/60-11:18:48,22) [ksoftirqd/1] (root,0,0,00:00:00/60-11:18:48,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/60-11:18:48,25) [cpuhp/2] (root,0,0,00:00:00/60-11:18:48,26) [idle_inject/2] (root,0,0,00:00:17/60-11:18:48,27) [migration/2] (root,0,0,01:49:20/60-11:18:48,28) [ksoftirqd/2] (root,0,0,00:00:00/60-11:18:48,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/60-11:18:48,31) [cpuhp/3] (root,0,0,00:00:00/60-11:18:48,32) [idle_inject/3] (root,0,0,00:00:21/60-11:18:48,33) [migration/3] (root,0,0,00:05:32/60-11:18:48,34) [ksoftirqd/3] (root,0,0,00:00:00/60-11:18:48,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/60-11:18:48,40) [kdevtmpfs] (root,0,0,00:00:00/60-11:18:48,41) [netns] (root,0,0,00:00:00/60-11:18:48,42) [inet_frag_wq] (root,0,0,00:00:21/60-11:18:48,43) [kauditd] (root,0,0,00:00:00/60-11:18:48,44) [khungtaskd] (root,0,0,00:00:00/60-11:18:48,45) [oom_reaper] (root,0,0,00:00:00/60-11:18:48,46) [writeback] (root,0,0,00:03:04/60-11:18:48,47) [kcompactd0] (root,0,0,00:00:00/60-11:18:48,48) [ksmd] (root,0,0,00:03:20/60-11:18:48,49) [khugepaged] (root,0,0,00:00:00/60-11:18:48,75) [kintegrityd] (root,0,0,00:00:00/60-11:18:48,76) [kblockd] (root,0,0,00:00:00/60-11:18:48,77) [blkcg_punt_bio] (root,0,0,00:00:00/60-11:18:48,79) [tpm_dev_wq] (root,0,0,00:00:00/60-11:18:48,80) [edac-poller] (root,0,0,00:00:00/60-11:18:48,81) [devfreq_wq] (root,0,0,00:00:00/60-11:18:48,110) [watchdogd] (root,0,0,00:00:04/60-11:18:48,111) [kswapd0] (root,0,0,00:00:15/60-11:18:48,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/60-11:18:46,115) [kthrotld] (root,0,0,00:00:00/60-11:18:46,116) [mld] (root,0,0,00:00:00/60-11:18:46,117) [ipv6_addrconf] (root,0,0,00:00:16/60-11:18:46,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/60-11:18:46,123) [kstrp] (root,0,0,00:00:00/60-11:18:46,124) [zswap-shrink] (root,0,0,00:00:00/60-11:18:46,125) [kworker/u9:0] (root,0,0,00:00:00/60-11:18:46,130) [charger_manager] (root,0,0,00:00:18/60-11:18:46,172) [kworker/1:1H-kblockd] (root,0,0,00:00:26/60-11:18:46,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/60-11:18:45,239) [kaluad] (root,0,0,00:00:00/60-11:18:45,258) [kmpath_rdacd] (root,0,0,00:00:00/60-11:18:45,304) [kmpathd] (root,0,0,00:00:00/60-11:18:45,305) [kmpath_handlerd] (root,0,0,00:00:00/60-11:18:44,342) [ata_sff] (root,0,0,00:00:00/60-11:18:44,343) [scsi_eh_0] (root,0,0,00:00:00/60-11:18:44,344) [scsi_tmf_0] (root,0,0,00:00:00/60-11:18:44,345) [scsi_eh_1] (root,0,0,00:00:00/60-11:18:44,346) [scsi_tmf_1] (root,0,0,00:01:56/60-11:18:41,366) [jbd2/vda1-8] (root,0,0,00:00:00/60-11:18:41,367) [ext4-rsv-conver] (root,38604,7852,00:01:43/60-11:18:29,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/60-11:18:28,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:33/60-11:18:26,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:37/60-11:17:55,511) /sbin/auditd (messagebus,22932,5400,00:03:23/60-11:17:54,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:54/60-11:17:54,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/60-11:17:54,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/60-11:17:52,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/60-11:17:52,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549384,31636,00:01:11/60-11:17:38,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/60-11:17:38,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:52/60-11:17:38,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/60-11:17:38,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/60-11:17:38,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/60-11:17:38,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/60-11:17:38,1343) /usr/lib/systemd/systemd --user (root,449060,8208,00:01:51/60-11:17:38,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:36/60-11:17:38,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/60-11:17:38,1352) bpfilter_umh (root,26204,8096,00:00:31/60-11:17:38,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/60-11:17:38,1359) ntpd: asynchronous dns resolver (spot,362256,213472,3-08:19:58/60-11:17:37,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/60-11:17:37,1371) (sd-pam) (checkmk,48528,3180,00:00:00/60-11:17:37,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/60-11:17:37,1373) (sd-pam) (root,24216,5260,00:00:21/60-11:17:35,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/60-11:17:35,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/60-11:17:35,1485) /usr/sbin/cron -n (root,699208,80092,01:23:36/60-11:17:29,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,235968,82036,00:31:02/60-11:17:17,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/54-16:52:52,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/04:31,3474) [kworker/2:2-events] (root,0,0,00:00:00/01:43:25,4301) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/11:39,5269) [kworker/1:2-events] (root,0,0,00:00:00/37:38,9858) [kworker/1:0-events] (root,35304,10040,00:00:00/22-11:45:47,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:24/22-11:45:46,10514) sshd: syslogtunnel (root,0,0,00:00:00/01:04:22,16397) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/01:34,18006) [kworker/3:0-ata_sff] (postfix,24244,8276,00:00:00/29:25,18926) pickup -l -t fifo -u (root,0,0,00:00:00/03:33:26,23571) [kworker/u8:2-writeback] (root,6764,3608,00:00:00/00:00,25343) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,25498) /bin/bash /usr/bin/check_mk_agent (root,14100,9528,00:00:00/00:00,25508) python ././remotecheck (root,13744,3512,00:00:00/00:00,25520) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,25521) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:58:27,27555) [kworker/0:1-events] (root,0,0,00:00:00/27:31,28209) [kworker/3:1-events] (root,0,0,00:00:00/06:52,29474) [kworker/0:2-events] (root,0,0,00:00:00/06:45,30014) [kworker/3:2-ata_sff] (root,35308,10028,00:00:00/22-12:32:00,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:15/22-12:31:59,30947) sshd: cm-ssh (root,0,0,00:00:00/32:53,32443) [kworker/2:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-09 22:07 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683630fc325d5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,14416,00:02:49/58-13:55:37,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/58-13:55:37,2) [kthreadd] (root,0,0,00:00:00/58-13:55:37,3) [rcu_gp] (root,0,0,00:00:00/58-13:55:37,4) [rcu_par_gp] (root,0,0,00:00:00/58-13:55:37,5) [slub_flushwq] (root,0,0,00:00:00/58-13:55:37,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/58-13:55:37,9) [mm_percpu_wq] (root,0,0,00:00:00/58-13:55:37,10) [rcu_tasks_kthre] (root,0,0,00:00:00/58-13:55:37,11) [rcu_tasks_rude_] (root,0,0,00:00:00/58-13:55:37,12) [rcu_tasks_trace] (root,0,0,00:01:44/58-13:55:37,13) [ksoftirqd/0] (root,0,0,02:43:53/58-13:55:37,14) [rcu_preempt] (root,0,0,00:00:22/58-13:55:37,15) [migration/0] (root,0,0,00:00:00/58-13:55:37,16) [idle_inject/0] (root,0,0,00:00:00/58-13:55:37,18) [cpuhp/0] (root,0,0,00:00:00/58-13:55:37,19) [cpuhp/1] (root,0,0,00:00:00/58-13:55:37,20) [idle_inject/1] (root,0,0,00:00:22/58-13:55:37,21) [migration/1] (root,0,0,00:01:26/58-13:55:37,22) [ksoftirqd/1] (root,0,0,00:00:00/58-13:55:37,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/58-13:55:37,25) [cpuhp/2] (root,0,0,00:00:00/58-13:55:37,26) [idle_inject/2] (root,0,0,00:00:16/58-13:55:37,27) [migration/2] (root,0,0,01:44:45/58-13:55:37,28) [ksoftirqd/2] (root,0,0,00:00:00/58-13:55:37,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/58-13:55:37,31) [cpuhp/3] (root,0,0,00:00:00/58-13:55:37,32) [idle_inject/3] (root,0,0,00:00:20/58-13:55:37,33) [migration/3] (root,0,0,00:05:20/58-13:55:37,34) [ksoftirqd/3] (root,0,0,00:00:00/58-13:55:37,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/58-13:55:37,40) [kdevtmpfs] (root,0,0,00:00:00/58-13:55:37,41) [netns] (root,0,0,00:00:00/58-13:55:37,42) [inet_frag_wq] (root,0,0,00:00:20/58-13:55:37,43) [kauditd] (root,0,0,00:00:00/58-13:55:37,44) [khungtaskd] (root,0,0,00:00:00/58-13:55:37,45) [oom_reaper] (root,0,0,00:00:00/58-13:55:37,46) [writeback] (root,0,0,00:02:59/58-13:55:37,47) [kcompactd0] (root,0,0,00:00:00/58-13:55:37,48) [ksmd] (root,0,0,00:03:14/58-13:55:37,49) [khugepaged] (root,0,0,00:00:00/58-13:55:37,75) [kintegrityd] (root,0,0,00:00:00/58-13:55:37,76) [kblockd] (root,0,0,00:00:00/58-13:55:37,77) [blkcg_punt_bio] (root,0,0,00:00:00/58-13:55:37,79) [tpm_dev_wq] (root,0,0,00:00:00/58-13:55:37,80) [edac-poller] (root,0,0,00:00:00/58-13:55:37,81) [devfreq_wq] (root,0,0,00:00:00/58-13:55:37,110) [watchdogd] (root,0,0,00:00:04/58-13:55:37,111) [kswapd0] (root,0,0,00:00:15/58-13:55:37,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/58-13:55:35,115) [kthrotld] (root,0,0,00:00:00/58-13:55:35,116) [mld] (root,0,0,00:00:00/58-13:55:35,117) [ipv6_addrconf] (root,0,0,00:00:16/58-13:55:35,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/58-13:55:35,123) [kstrp] (root,0,0,00:00:00/58-13:55:35,124) [zswap-shrink] (root,0,0,00:00:00/58-13:55:35,125) [kworker/u9:0] (root,0,0,00:00:00/58-13:55:35,130) [charger_manager] (root,0,0,00:00:17/58-13:55:35,172) [kworker/1:1H-kblockd] (root,0,0,00:00:25/58-13:55:35,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/58-13:55:34,239) [kaluad] (root,0,0,00:00:00/58-13:55:34,258) [kmpath_rdacd] (root,0,0,00:00:00/58-13:55:34,304) [kmpathd] (root,0,0,00:00:00/58-13:55:34,305) [kmpath_handlerd] (root,0,0,00:00:00/58-13:55:33,342) [ata_sff] (root,0,0,00:00:00/58-13:55:33,343) [scsi_eh_0] (root,0,0,00:00:00/58-13:55:33,344) [scsi_tmf_0] (root,0,0,00:00:00/58-13:55:33,345) [scsi_eh_1] (root,0,0,00:00:00/58-13:55:33,346) [scsi_tmf_1] (root,0,0,00:01:52/58-13:55:30,366) [jbd2/vda1-8] (root,0,0,00:00:00/58-13:55:30,367) [ext4-rsv-conver] (root,38604,7852,00:01:38/58-13:55:18,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/58-13:55:17,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:30/58-13:55:15,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:35/58-13:54:44,511) /sbin/auditd (messagebus,22932,5400,00:03:12/58-13:54:43,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:49/58-13:54:43,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/58-13:54:43,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/58-13:54:41,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/58-13:54:41,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:01/01:36:58,788) [kworker/3:0-events] (root,0,0,00:00:00/03:35,1125) [kworker/3:1-ata_sff] (root,549128,31272,00:01:09/58-13:54:27,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/58-13:54:27,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:44/58-13:54:27,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/58-13:54:27,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/58-13:54:27,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/58-13:54:27,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/58-13:54:27,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:47/58-13:54:27,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:20/58-13:54:27,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/58-13:54:27,1352) bpfilter_umh (root,26204,8096,00:00:30/58-13:54:27,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/58-13:54:27,1359) ntpd: asynchronous dns resolver (spot,363616,214564,3-05:24:29/58-13:54:26,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/58-13:54:26,1371) (sd-pam) (checkmk,48528,3180,00:00:00/58-13:54:26,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/58-13:54:26,1373) (sd-pam) (root,24216,5260,00:00:20/58-13:54:24,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/58-13:54:24,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/58-13:54:24,1485) /usr/sbin/cron -n (root,698952,79684,01:21:02/58-13:54:18,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,234944,80364,00:30:17/58-13:54:06,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/52-19:29:41,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:43:12,6651) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/08:46,9428) [kworker/3:2-ata_sff] (root,35304,10040,00:00:00/20-14:22:36,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:17/20-14:22:35,10514) sshd: syslogtunnel (root,0,0,00:00:00/21:59,10521) [kworker/u8:0-ext4-rsv-conversion] (postfix,24244,8144,00:00:00/07:55,12925) pickup -l -t fifo -u (root,6656,3492,00:00:00/00:00,17247) /bin/bash /usr/bin/check_mk_agent (root,13744,3464,00:00:00/00:00,17265) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,17266) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/13:07,18745) [kworker/0:1-events] (root,0,0,00:00:00/06:14,19023) [kworker/1:0-events] (root,0,0,00:00:00/01:13:02,19788) [kworker/1:1-events] (root,0,0,00:00:00/26:58,21124) [kworker/2:1-events] (root,0,0,00:00:01/02:57:35,26097) [kworker/0:2-events] (root,35308,10028,00:00:00/20-15:08:49,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:09/20-15:08:48,30947) sshd: cm-ssh (root,0,0,00:00:00/10:49,31568) [kworker/2:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-08 00:44 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c818c37aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:39/56-11:59:56,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/56-11:59:56,2) [kthreadd] (root,0,0,00:00:00/56-11:59:56,3) [rcu_gp] (root,0,0,00:00:00/56-11:59:56,4) [rcu_par_gp] (root,0,0,00:00:00/56-11:59:56,5) [slub_flushwq] (root,0,0,00:00:00/56-11:59:56,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/56-11:59:56,9) [mm_percpu_wq] (root,0,0,00:00:00/56-11:59:56,10) [rcu_tasks_kthre] (root,0,0,00:00:00/56-11:59:56,11) [rcu_tasks_rude_] (root,0,0,00:00:00/56-11:59:56,12) [rcu_tasks_trace] (root,0,0,00:01:40/56-11:59:56,13) [ksoftirqd/0] (root,0,0,02:38:20/56-11:59:56,14) [rcu_preempt] (root,0,0,00:00:21/56-11:59:56,15) [migration/0] (root,0,0,00:00:00/56-11:59:56,16) [idle_inject/0] (root,0,0,00:00:00/56-11:59:56,18) [cpuhp/0] (root,0,0,00:00:00/56-11:59:56,19) [cpuhp/1] (root,0,0,00:00:00/56-11:59:56,20) [idle_inject/1] (root,0,0,00:00:21/56-11:59:56,21) [migration/1] (root,0,0,00:01:23/56-11:59:56,22) [ksoftirqd/1] (root,0,0,00:00:00/56-11:59:56,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/56-11:59:56,25) [cpuhp/2] (root,0,0,00:00:00/56-11:59:56,26) [idle_inject/2] (root,0,0,00:00:16/56-11:59:56,27) [migration/2] (root,0,0,01:40:09/56-11:59:56,28) [ksoftirqd/2] (root,0,0,00:00:00/56-11:59:56,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/56-11:59:56,31) [cpuhp/3] (root,0,0,00:00:00/56-11:59:56,32) [idle_inject/3] (root,0,0,00:00:20/56-11:59:56,33) [migration/3] (root,0,0,00:05:08/56-11:59:56,34) [ksoftirqd/3] (root,0,0,00:00:00/56-11:59:56,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/56-11:59:56,40) [kdevtmpfs] (root,0,0,00:00:00/56-11:59:56,41) [netns] (root,0,0,00:00:00/56-11:59:56,42) [inet_frag_wq] (root,0,0,00:00:19/56-11:59:56,43) [kauditd] (root,0,0,00:00:00/56-11:59:56,44) [khungtaskd] (root,0,0,00:00:00/56-11:59:56,45) [oom_reaper] (root,0,0,00:00:00/56-11:59:56,46) [writeback] (root,0,0,00:02:53/56-11:59:56,47) [kcompactd0] (root,0,0,00:00:00/56-11:59:56,48) [ksmd] (root,0,0,00:03:07/56-11:59:56,49) [khugepaged] (root,0,0,00:00:00/56-11:59:56,75) [kintegrityd] (root,0,0,00:00:00/56-11:59:56,76) [kblockd] (root,0,0,00:00:00/56-11:59:56,77) [blkcg_punt_bio] (root,0,0,00:00:00/56-11:59:56,79) [tpm_dev_wq] (root,0,0,00:00:00/56-11:59:56,80) [edac-poller] (root,0,0,00:00:00/56-11:59:56,81) [devfreq_wq] (root,0,0,00:00:00/56-11:59:56,110) [watchdogd] (root,0,0,00:00:04/56-11:59:56,111) [kswapd0] (root,0,0,00:00:14/56-11:59:56,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/56-11:59:54,115) [kthrotld] (root,0,0,00:00:00/56-11:59:54,116) [mld] (root,0,0,00:00:00/56-11:59:54,117) [ipv6_addrconf] (root,0,0,00:00:15/56-11:59:54,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/56-11:59:54,123) [kstrp] (root,0,0,00:00:00/56-11:59:54,124) [zswap-shrink] (root,0,0,00:00:00/56-11:59:54,125) [kworker/u9:0] (root,0,0,00:00:00/56-11:59:54,130) [charger_manager] (root,0,0,00:00:17/56-11:59:54,172) [kworker/1:1H-kblockd] (root,0,0,00:00:25/56-11:59:54,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/56-11:59:53,239) [kaluad] (root,0,0,00:00:00/56-11:59:53,258) [kmpath_rdacd] (root,0,0,00:00:00/56-11:59:53,304) [kmpathd] (root,0,0,00:00:00/56-11:59:53,305) [kmpath_handlerd] (root,0,0,00:00:00/56-11:59:52,342) [ata_sff] (root,0,0,00:00:00/56-11:59:52,343) [scsi_eh_0] (root,0,0,00:00:00/56-11:59:52,344) [scsi_tmf_0] (root,0,0,00:00:00/56-11:59:52,345) [scsi_eh_1] (root,0,0,00:00:00/56-11:59:52,346) [scsi_tmf_1] (root,0,0,00:01:49/56-11:59:49,366) [jbd2/vda1-8] (root,0,0,00:00:00/56-11:59:49,367) [ext4-rsv-conver] (root,38604,7852,00:01:33/56-11:59:37,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/56-11:59:36,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:27/56-11:59:34,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:32/56-11:59:03,511) /sbin/auditd (messagebus,22932,5400,00:03:00/56-11:59:02,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:42/56-11:59:02,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/56-11:59:02,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/56-11:59:00,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/56-11:59:00,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549128,31272,00:01:07/56-11:58:46,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/56-11:58:46,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:33/56-11:58:46,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/56-11:58:46,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/56-11:58:46,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/56-11:58:46,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/56-11:58:46,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:42/56-11:58:46,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:03/56-11:58:46,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/56-11:58:46,1352) bpfilter_umh (root,26204,8096,00:00:28/56-11:58:46,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/56-11:58:46,1359) ntpd: asynchronous dns resolver (spot,364848,215656,3-02:21:32/56-11:58:45,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/56-11:58:45,1371) (sd-pam) (checkmk,48528,3180,00:00:00/56-11:58:45,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/56-11:58:45,1373) (sd-pam) (root,24216,5260,00:00:19/56-11:58:43,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/56-11:58:43,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:07/56-11:58:43,1485) /usr/sbin/cron -n (root,698412,79180,01:18:08/56-11:58:37,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,233920,79172,00:29:28/56-11:58:25,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/50-17:34:00,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/37:03,3306) [kworker/1:0-events] (root,0,0,00:00:00/07:32,4056) [kworker/u8:2-writeback] (root,0,0,00:00:00/26:48,8474) [kworker/0:0-events] (root,0,0,00:00:00/01:03:47,9074) [kworker/0:2-events] (root,0,0,00:00:00/53:21,9537) [kworker/1:2-events] (root,35304,10040,00:00:00/18-12:26:55,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:08/18-12:26:54,10514) sshd: syslogtunnel (root,0,0,00:00:00/10:16,18264) [kworker/3:1-ata_sff] (root,0,0,00:00:00/05:06,20577) [kworker/3:0-ata_sff] (root,6656,3488,00:00:00/00:00,21754) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,21794) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,21796) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,21797) /bin/bash /usr/bin/check_mk_agent (root,4480,1172,00:00:00/00:00,21798) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,872,00:00:00/00:00,21801) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,736,00:00:00/00:00,21802) cat /proc/net/tcp /proc/net/tcp6 (root,13744,3420,00:00:00/00:00,21818) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,992,00:00:00/00:00,21819) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/04:26,25339) [kworker/2:2-events] (root,0,0,00:00:01/03:17:03,26766) [kworker/3:2-events] (root,0,0,00:00:00/14:28,28671) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/49:19,28961) [kworker/2:0-events] (postfix,24244,8200,00:00:00/14:10,30136) pickup -l -t fifo -u (root,0,0,00:00:00/02:46:56,30582) [kworker/u8:1-flush-253:0] (root,35308,10028,00:00:00/18-13:13:08,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:02/18-13:13:07,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-05 22:48 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683636f550e15Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:34/54-13:44:35,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/54-13:44:35,2) [kthreadd] (root,0,0,00:00:00/54-13:44:35,3) [rcu_gp] (root,0,0,00:00:00/54-13:44:35,4) [rcu_par_gp] (root,0,0,00:00:00/54-13:44:35,5) [slub_flushwq] (root,0,0,00:00:00/54-13:44:35,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/54-13:44:35,9) [mm_percpu_wq] (root,0,0,00:00:00/54-13:44:35,10) [rcu_tasks_kthre] (root,0,0,00:00:00/54-13:44:35,11) [rcu_tasks_rude_] (root,0,0,00:00:00/54-13:44:35,12) [rcu_tasks_trace] (root,0,0,00:01:37/54-13:44:35,13) [ksoftirqd/0] (root,0,0,02:33:22/54-13:44:35,14) [rcu_preempt] (root,0,0,00:00:21/54-13:44:35,15) [migration/0] (root,0,0,00:00:00/54-13:44:35,16) [idle_inject/0] (root,0,0,00:00:00/54-13:44:35,18) [cpuhp/0] (root,0,0,00:00:00/54-13:44:35,19) [cpuhp/1] (root,0,0,00:00:00/54-13:44:35,20) [idle_inject/1] (root,0,0,00:00:21/54-13:44:35,21) [migration/1] (root,0,0,00:01:20/54-13:44:35,22) [ksoftirqd/1] (root,0,0,00:00:00/54-13:44:35,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/54-13:44:35,25) [cpuhp/2] (root,0,0,00:00:00/54-13:44:35,26) [idle_inject/2] (root,0,0,00:00:15/54-13:44:35,27) [migration/2] (root,0,0,01:36:40/54-13:44:35,28) [ksoftirqd/2] (root,0,0,00:00:00/54-13:44:35,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/54-13:44:35,31) [cpuhp/3] (root,0,0,00:00:00/54-13:44:35,32) [idle_inject/3] (root,0,0,00:00:19/54-13:44:35,33) [migration/3] (root,0,0,00:04:59/54-13:44:35,34) [ksoftirqd/3] (root,0,0,00:00:00/54-13:44:35,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/54-13:44:35,40) [kdevtmpfs] (root,0,0,00:00:00/54-13:44:35,41) [netns] (root,0,0,00:00:00/54-13:44:35,42) [inet_frag_wq] (root,0,0,00:00:18/54-13:44:35,43) [kauditd] (root,0,0,00:00:00/54-13:44:35,44) [khungtaskd] (root,0,0,00:00:00/54-13:44:35,45) [oom_reaper] (root,0,0,00:00:00/54-13:44:35,46) [writeback] (root,0,0,00:02:47/54-13:44:35,47) [kcompactd0] (root,0,0,00:00:00/54-13:44:35,48) [ksmd] (root,0,0,00:03:02/54-13:44:35,49) [khugepaged] (root,0,0,00:00:00/54-13:44:35,75) [kintegrityd] (root,0,0,00:00:00/54-13:44:35,76) [kblockd] (root,0,0,00:00:00/54-13:44:35,77) [blkcg_punt_bio] (root,0,0,00:00:00/54-13:44:35,79) [tpm_dev_wq] (root,0,0,00:00:00/54-13:44:35,80) [edac-poller] (root,0,0,00:00:00/54-13:44:35,81) [devfreq_wq] (root,0,0,00:00:00/54-13:44:35,110) [watchdogd] (root,0,0,00:00:04/54-13:44:35,111) [kswapd0] (root,0,0,00:00:14/54-13:44:35,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/54-13:44:33,115) [kthrotld] (root,0,0,00:00:00/54-13:44:33,116) [mld] (root,0,0,00:00:00/54-13:44:33,117) [ipv6_addrconf] (root,0,0,00:00:15/54-13:44:33,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/54-13:44:33,123) [kstrp] (root,0,0,00:00:00/54-13:44:33,124) [zswap-shrink] (root,0,0,00:00:00/54-13:44:33,125) [kworker/u9:0] (root,0,0,00:00:00/54-13:44:33,130) [charger_manager] (root,0,0,00:00:16/54-13:44:33,172) [kworker/1:1H-kblockd] (root,0,0,00:00:24/54-13:44:33,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/54-13:44:32,239) [kaluad] (root,0,0,00:00:00/54-13:44:32,258) [kmpath_rdacd] (root,0,0,00:00:00/54-13:44:32,304) [kmpathd] (root,0,0,00:00:00/54-13:44:32,305) [kmpath_handlerd] (root,0,0,00:00:00/54-13:44:31,342) [ata_sff] (root,0,0,00:00:00/54-13:44:31,343) [scsi_eh_0] (root,0,0,00:00:00/54-13:44:31,344) [scsi_tmf_0] (root,0,0,00:00:00/54-13:44:31,345) [scsi_eh_1] (root,0,0,00:00:00/54-13:44:31,346) [scsi_tmf_1] (root,0,0,00:01:46/54-13:44:28,366) [jbd2/vda1-8] (root,0,0,00:00:00/54-13:44:28,367) [ext4-rsv-conver] (root,38604,7852,00:01:30/54-13:44:16,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/54-13:44:15,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:24/54-13:44:13,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:31/54-13:43:42,511) /sbin/auditd (messagebus,22932,5400,00:02:54/54-13:43:41,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:38/54-13:43:41,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/54-13:43:41,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/54-13:43:39,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/54-13:43:39,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549128,31272,00:01:04/54-13:43:25,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/54-13:43:25,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:24/54-13:43:25,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/54-13:43:25,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/54-13:43:25,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/54-13:43:25,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/54-13:43:25,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:39/54-13:43:25,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:07:48/54-13:43:25,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/54-13:43:25,1352) bpfilter_umh (root,26204,8096,00:00:27/54-13:43:25,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/54-13:43:25,1359) ntpd: asynchronous dns resolver (spot,364832,215700,2-23:38:07/54-13:43:24,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/54-13:43:24,1371) (sd-pam) (checkmk,48528,3180,00:00:00/54-13:43:24,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/54-13:43:24,1373) (sd-pam) (root,24216,5260,00:00:19/54-13:43:22,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/54-13:43:22,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:07/54-13:43:22,1485) /usr/sbin/cron -n (root,698412,77068,01:15:31/54-13:43:16,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,232896,77756,00:28:44/54-13:43:04,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9160,00:00:02/48-19:18:39,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/06:49,2611) [kworker/3:1-ata_sff] (root,0,0,00:00:00/02:03:15,7540) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/32:45,8836) [kworker/3:2-events] (root,35304,10040,00:00:00/16-14:11:34,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:02/16-14:11:33,10514) sshd: syslogtunnel (root,0,0,00:00:00/02:13:53,12007) [kworker/2:2] (root,0,0,00:00:01/03:48:17,13020) [kworker/0:1-events] (root,0,0,00:00:00/01:39,15718) [kworker/3:0-ata_sff] (postfix,24244,8220,00:00:00/39:46,18539) pickup -l -t fifo -u (root,6656,3484,00:00:00/00:00,21522) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,21523) /bin/bash /usr/bin/check_mk_agent (root,13744,3360,00:00:00/00:00,21558) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,21559) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/00:00,21560) [ps] (root,11644,956,00:00:00/00:00,21561) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/03:01:03,25166) [kworker/2:1-events] (root,0,0,00:00:00/11:20,25616) [kworker/0:0-events] (root,0,0,00:00:00/01:08:21,27549) [kworker/u8:0-writeback] (root,0,0,00:00:00/01:08:21,27550) [kworker/1:0-events] (root,0,0,00:00:00/02:45:31,29849) [kworker/1:2-events] (root,35308,10028,00:00:00/16-14:57:47,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:56/16-14:57:46,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-04 00:33 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a575fe93Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12464,00:02:18/47-12:25:44,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/47-12:25:44,2) [kthreadd] (root,0,0,00:00:00/47-12:25:44,3) [rcu_gp] (root,0,0,00:00:00/47-12:25:44,4) [rcu_par_gp] (root,0,0,00:00:00/47-12:25:44,5) [slub_flushwq] (root,0,0,00:00:00/47-12:25:44,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/47-12:25:44,9) [mm_percpu_wq] (root,0,0,00:00:00/47-12:25:44,10) [rcu_tasks_kthre] (root,0,0,00:00:00/47-12:25:44,11) [rcu_tasks_rude_] (root,0,0,00:00:00/47-12:25:44,12) [rcu_tasks_trace] (root,0,0,00:01:26/47-12:25:44,13) [ksoftirqd/0] (root,0,0,02:15:43/47-12:25:44,14) [rcu_preempt] (root,0,0,00:00:18/47-12:25:44,15) [migration/0] (root,0,0,00:00:00/47-12:25:44,16) [idle_inject/0] (root,0,0,00:00:00/47-12:25:44,18) [cpuhp/0] (root,0,0,00:00:00/47-12:25:44,19) [cpuhp/1] (root,0,0,00:00:00/47-12:25:44,20) [idle_inject/1] (root,0,0,00:00:18/47-12:25:44,21) [migration/1] (root,0,0,00:01:10/47-12:25:44,22) [ksoftirqd/1] (root,0,0,00:00:00/47-12:25:44,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/47-12:25:44,25) [cpuhp/2] (root,0,0,00:00:00/47-12:25:44,26) [idle_inject/2] (root,0,0,00:00:13/47-12:25:44,27) [migration/2] (root,0,0,01:27:35/47-12:25:44,28) [ksoftirqd/2] (root,0,0,00:00:00/47-12:25:44,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/47-12:25:44,31) [cpuhp/3] (root,0,0,00:00:00/47-12:25:44,32) [idle_inject/3] (root,0,0,00:00:17/47-12:25:44,33) [migration/3] (root,0,0,00:04:30/47-12:25:44,34) [ksoftirqd/3] (root,0,0,00:00:00/47-12:25:44,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/47-12:25:44,40) [kdevtmpfs] (root,0,0,00:00:00/47-12:25:44,41) [netns] (root,0,0,00:00:00/47-12:25:44,42) [inet_frag_wq] (root,0,0,00:00:16/47-12:25:44,43) [kauditd] (root,0,0,00:00:00/47-12:25:44,44) [khungtaskd] (root,0,0,00:00:00/47-12:25:44,45) [oom_reaper] (root,0,0,00:00:00/47-12:25:44,46) [writeback] (root,0,0,00:02:28/47-12:25:44,47) [kcompactd0] (root,0,0,00:00:00/47-12:25:44,48) [ksmd] (root,0,0,00:02:37/47-12:25:44,49) [khugepaged] (root,0,0,00:00:00/47-12:25:44,75) [kintegrityd] (root,0,0,00:00:00/47-12:25:44,76) [kblockd] (root,0,0,00:00:00/47-12:25:44,77) [blkcg_punt_bio] (root,0,0,00:00:00/47-12:25:44,79) [tpm_dev_wq] (root,0,0,00:00:00/47-12:25:44,80) [edac-poller] (root,0,0,00:00:00/47-12:25:44,81) [devfreq_wq] (root,0,0,00:00:00/47-12:25:44,110) [watchdogd] (root,0,0,00:00:03/47-12:25:44,111) [kswapd0] (root,0,0,00:00:12/47-12:25:44,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/47-12:25:42,115) [kthrotld] (root,0,0,00:00:00/47-12:25:42,116) [mld] (root,0,0,00:00:00/47-12:25:42,117) [ipv6_addrconf] (root,0,0,00:00:13/47-12:25:42,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/47-12:25:42,123) [kstrp] (root,0,0,00:00:00/47-12:25:42,124) [zswap-shrink] (root,0,0,00:00:00/47-12:25:42,125) [kworker/u9:0] (root,0,0,00:00:00/47-12:25:42,130) [charger_manager] (root,0,0,00:00:14/47-12:25:42,172) [kworker/1:1H-kblockd] (root,0,0,00:00:21/47-12:25:42,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/47-12:25:41,239) [kaluad] (root,0,0,00:00:00/47-12:25:41,258) [kmpath_rdacd] (root,0,0,00:00:00/47-12:25:41,304) [kmpathd] (root,0,0,00:00:00/47-12:25:41,305) [kmpath_handlerd] (root,0,0,00:00:00/47-12:25:40,342) [ata_sff] (root,0,0,00:00:00/47-12:25:40,343) [scsi_eh_0] (root,0,0,00:00:00/47-12:25:40,344) [scsi_tmf_0] (root,0,0,00:00:00/47-12:25:40,345) [scsi_eh_1] (root,0,0,00:00:00/47-12:25:40,346) [scsi_tmf_1] (root,0,0,00:01:34/47-12:25:37,366) [jbd2/vda1-8] (root,0,0,00:00:00/47-12:25:37,367) [ext4-rsv-conver] (root,38604,7856,00:01:20/47-12:25:25,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/47-12:25:24,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:14/47-12:25:22,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:28/47-12:24:51,511) /sbin/auditd (messagebus,22932,5408,00:02:36/47-12:24:50,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:28/47-12:24:50,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/47-12:24:50,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/47-12:24:48,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/47-12:24:48,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:56/47-12:24:34,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/47-12:24:34,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:43/47-12:24:34,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/47-12:24:34,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/47-12:24:34,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/47-12:24:34,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/47-12:24:34,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:30/47-12:24:34,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:52/47-12:24:34,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/47-12:24:34,1352) bpfilter_umh (root,26204,8096,00:00:24/47-12:24:34,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/47-12:24:34,1359) ntpd: asynchronous dns resolver (spot,361328,212056,2-16:38:35/47-12:24:33,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/47-12:24:33,1371) (sd-pam) (checkmk,48528,3180,00:00:00/47-12:24:33,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/47-12:24:33,1373) (sd-pam) (root,24216,5260,00:00:16/47-12:24:31,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/47-12:24:31,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/47-12:24:31,1485) /usr/sbin/cron -n (root,697508,79208,01:06:04/47-12:24:25,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,229824,73032,00:25:44/47-12:24:13,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/41-17:59:48,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/09:03,2610) [kworker/3:2-ata_sff] (root,6656,3488,00:00:00/00:00,3059) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,3077) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,3078) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35304,10040,00:00:00/9-12:52:43,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:37/9-12:52:42,10514) sshd: syslogtunnel (root,0,0,00:00:01/01:42:26,11812) [kworker/3:0-events] (root,0,0,00:00:00/13:20,14111) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/02:53:35,15451) [kworker/1:1-events] (root,0,0,00:00:00/02:43:44,15985) [kworker/2:1-mm_percpu_wq] (root,0,0,00:00:00/02:19:01,18521) [kworker/1:0] (root,0,0,00:00:00/44:25,18614) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/12:44,21827) [kworker/u8:0-events_unbound] (root,0,0,00:00:00/03:53,22252) [kworker/3:1-ata_sff] (root,0,0,00:00:01/06:36:03,29068) [kworker/0:0-events] (root,35308,10028,00:00:00/9-13:38:56,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:34/9-13:38:55,30947) sshd: cm-ssh (root,0,0,00:00:00/09:50,31645) [kworker/2:0] (postfix,24244,8200,00:00:00/01:26:41,32130) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-27 23:14 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836352ec4dfbFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:13/45-10:26:49,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/45-10:26:49,2) [kthreadd] (root,0,0,00:00:00/45-10:26:49,3) [rcu_gp] (root,0,0,00:00:00/45-10:26:49,4) [rcu_par_gp] (root,0,0,00:00:00/45-10:26:49,5) [slub_flushwq] (root,0,0,00:00:00/45-10:26:49,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/45-10:26:49,9) [mm_percpu_wq] (root,0,0,00:00:00/45-10:26:49,10) [rcu_tasks_kthre] (root,0,0,00:00:00/45-10:26:49,11) [rcu_tasks_rude_] (root,0,0,00:00:00/45-10:26:49,12) [rcu_tasks_trace] (root,0,0,00:01:23/45-10:26:49,13) [ksoftirqd/0] (root,0,0,02:10:18/45-10:26:49,14) [rcu_preempt] (root,0,0,00:00:17/45-10:26:49,15) [migration/0] (root,0,0,00:00:00/45-10:26:49,16) [idle_inject/0] (root,0,0,00:00:00/45-10:26:49,18) [cpuhp/0] (root,0,0,00:00:00/45-10:26:49,19) [cpuhp/1] (root,0,0,00:00:00/45-10:26:49,20) [idle_inject/1] (root,0,0,00:00:17/45-10:26:49,21) [migration/1] (root,0,0,00:01:08/45-10:26:49,22) [ksoftirqd/1] (root,0,0,00:00:00/45-10:26:49,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/45-10:26:49,25) [cpuhp/2] (root,0,0,00:00:00/45-10:26:49,26) [idle_inject/2] (root,0,0,00:00:13/45-10:26:49,27) [migration/2] (root,0,0,01:25:02/45-10:26:49,28) [ksoftirqd/2] (root,0,0,00:00:00/45-10:26:49,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/45-10:26:49,31) [cpuhp/3] (root,0,0,00:00:00/45-10:26:49,32) [idle_inject/3] (root,0,0,00:00:16/45-10:26:49,33) [migration/3] (root,0,0,00:04:21/45-10:26:49,34) [ksoftirqd/3] (root,0,0,00:00:00/45-10:26:49,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/45-10:26:49,40) [kdevtmpfs] (root,0,0,00:00:00/45-10:26:49,41) [netns] (root,0,0,00:00:00/45-10:26:49,42) [inet_frag_wq] (root,0,0,00:00:16/45-10:26:49,43) [kauditd] (root,0,0,00:00:00/45-10:26:49,44) [khungtaskd] (root,0,0,00:00:00/45-10:26:49,45) [oom_reaper] (root,0,0,00:00:00/45-10:26:49,46) [writeback] (root,0,0,00:02:23/45-10:26:49,47) [kcompactd0] (root,0,0,00:00:00/45-10:26:49,48) [ksmd] (root,0,0,00:02:30/45-10:26:49,49) [khugepaged] (root,0,0,00:00:00/45-10:26:49,75) [kintegrityd] (root,0,0,00:00:00/45-10:26:49,76) [kblockd] (root,0,0,00:00:00/45-10:26:49,77) [blkcg_punt_bio] (root,0,0,00:00:00/45-10:26:49,79) [tpm_dev_wq] (root,0,0,00:00:00/45-10:26:49,80) [edac-poller] (root,0,0,00:00:00/45-10:26:49,81) [devfreq_wq] (root,0,0,00:00:00/45-10:26:49,110) [watchdogd] (root,0,0,00:00:03/45-10:26:49,111) [kswapd0] (root,0,0,00:00:12/45-10:26:49,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/45-10:26:47,115) [kthrotld] (root,0,0,00:00:00/45-10:26:47,116) [mld] (root,0,0,00:00:00/45-10:26:47,117) [ipv6_addrconf] (root,0,0,00:00:12/45-10:26:47,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/45-10:26:47,123) [kstrp] (root,0,0,00:00:00/45-10:26:47,124) [zswap-shrink] (root,0,0,00:00:00/45-10:26:47,125) [kworker/u9:0] (root,0,0,00:00:00/45-10:26:47,130) [charger_manager] (root,0,0,00:00:14/45-10:26:47,172) [kworker/1:1H-kblockd] (root,0,0,00:00:20/45-10:26:47,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/45-10:26:46,239) [kaluad] (root,0,0,00:00:00/45-10:26:46,258) [kmpath_rdacd] (root,0,0,00:00:00/45-10:26:46,304) [kmpathd] (root,0,0,00:00:00/45-10:26:46,305) [kmpath_handlerd] (root,0,0,00:00:00/45-10:26:45,342) [ata_sff] (root,0,0,00:00:00/45-10:26:45,343) [scsi_eh_0] (root,0,0,00:00:00/45-10:26:45,344) [scsi_tmf_0] (root,0,0,00:00:00/45-10:26:45,345) [scsi_eh_1] (root,0,0,00:00:00/45-10:26:45,346) [scsi_tmf_1] (root,0,0,00:01:30/45-10:26:42,366) [jbd2/vda1-8] (root,0,0,00:00:00/45-10:26:42,367) [ext4-rsv-conver] (root,38604,7856,00:01:17/45-10:26:30,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/45-10:26:29,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:11/45-10:26:27,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:27/45-10:25:56,511) /sbin/auditd (messagebus,22932,5408,00:02:30/45-10:25:55,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:25/45-10:25:55,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/45-10:25:55,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/45-10:25:53,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/45-10:25:53,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:54/45-10:25:39,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/45-10:25:39,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:31/45-10:25:39,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/45-10:25:39,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/45-10:25:39,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/45-10:25:39,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/45-10:25:39,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:28/45-10:25:39,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:35/45-10:25:39,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/45-10:25:39,1352) bpfilter_umh (root,26204,8096,00:00:23/45-10:25:39,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/45-10:25:39,1359) ntpd: asynchronous dns resolver (spot,362480,206300,2-14:25:14/45-10:25:38,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/45-10:25:38,1371) (sd-pam) (checkmk,48528,3180,00:00:00/45-10:25:38,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/45-10:25:38,1373) (sd-pam) (root,24216,5260,00:00:16/45-10:25:36,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/45-10:25:36,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/45-10:25:36,1485) /usr/sbin/cron -n (root,697508,78828,01:03:13/45-10:25:30,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,228800,71508,00:24:45/45-10:25:18,1995) /usr/bin/python3.11 /usr/bin/spot (root,6656,3484,00:00:00/00:00,2076) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,2094) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,2095) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,44628,9184,00:00:01/39-16:00:53,2557) tlsmgr -l -t unix -u (root,0,0,00:00:02/03:42:47,7922) [kworker/3:0-mm_percpu_wq] (root,0,0,00:00:00/10:03,8555) [kworker/3:1-ata_sff] (root,0,0,00:00:01/03:50:18,9329) [kworker/2:2-events] (root,35304,10040,00:00:00/7-10:53:48,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:30/7-10:53:47,10514) sshd: syslogtunnel (root,0,0,00:00:00/45:38,12120) [kworker/1:2-events] (root,0,0,00:00:00/35:39,13999) [kworker/1:0] (postfix,24244,8140,00:00:00/01:29:45,20864) pickup -l -t fifo -u (root,0,0,00:00:00/04:52,22818) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:16:05,23049) [kworker/0:2-events] (root,0,0,00:00:00/14:58,27540) [kworker/u8:0-writeback] (root,0,0,00:00:00/30:44,27729) [kworker/0:0-events] (root,0,0,00:00:00/50:37,30490) [kworker/2:0] (root,35308,10028,00:00:00/7-11:40:01,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:27/7-11:40:00,30947) sshd: cm-ssh (root,0,0,00:00:00/25:35,32405) [kworker/u8:1-ext4-rsv-conversion] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-25 21:15 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c8698b2dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:08/43-11:03:56,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/43-11:03:56,2) [kthreadd] (root,0,0,00:00:00/43-11:03:56,3) [rcu_gp] (root,0,0,00:00:00/43-11:03:56,4) [rcu_par_gp] (root,0,0,00:00:00/43-11:03:56,5) [slub_flushwq] (root,0,0,00:00:00/43-11:03:56,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/43-11:03:56,9) [mm_percpu_wq] (root,0,0,00:00:00/43-11:03:56,10) [rcu_tasks_kthre] (root,0,0,00:00:00/43-11:03:56,11) [rcu_tasks_rude_] (root,0,0,00:00:00/43-11:03:56,12) [rcu_tasks_trace] (root,0,0,00:01:19/43-11:03:56,13) [ksoftirqd/0] (root,0,0,02:04:53/43-11:03:56,14) [rcu_preempt] (root,0,0,00:00:16/43-11:03:56,15) [migration/0] (root,0,0,00:00:00/43-11:03:56,16) [idle_inject/0] (root,0,0,00:00:00/43-11:03:56,18) [cpuhp/0] (root,0,0,00:00:00/43-11:03:56,19) [cpuhp/1] (root,0,0,00:00:00/43-11:03:56,20) [idle_inject/1] (root,0,0,00:00:16/43-11:03:56,21) [migration/1] (root,0,0,00:01:05/43-11:03:56,22) [ksoftirqd/1] (root,0,0,00:00:00/43-11:03:56,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/43-11:03:56,25) [cpuhp/2] (root,0,0,00:00:00/43-11:03:56,26) [idle_inject/2] (root,0,0,00:00:12/43-11:03:56,27) [migration/2] (root,0,0,01:22:13/43-11:03:56,28) [ksoftirqd/2] (root,0,0,00:00:00/43-11:03:56,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/43-11:03:56,31) [cpuhp/3] (root,0,0,00:00:00/43-11:03:56,32) [idle_inject/3] (root,0,0,00:00:15/43-11:03:56,33) [migration/3] (root,0,0,00:04:11/43-11:03:56,34) [ksoftirqd/3] (root,0,0,00:00:00/43-11:03:56,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/43-11:03:56,40) [kdevtmpfs] (root,0,0,00:00:00/43-11:03:56,41) [netns] (root,0,0,00:00:00/43-11:03:56,42) [inet_frag_wq] (root,0,0,00:00:15/43-11:03:56,43) [kauditd] (root,0,0,00:00:00/43-11:03:56,44) [khungtaskd] (root,0,0,00:00:00/43-11:03:56,45) [oom_reaper] (root,0,0,00:00:00/43-11:03:56,46) [writeback] (root,0,0,00:02:17/43-11:03:56,47) [kcompactd0] (root,0,0,00:00:00/43-11:03:56,48) [ksmd] (root,0,0,00:02:23/43-11:03:56,49) [khugepaged] (root,0,0,00:00:00/43-11:03:56,75) [kintegrityd] (root,0,0,00:00:00/43-11:03:56,76) [kblockd] (root,0,0,00:00:00/43-11:03:56,77) [blkcg_punt_bio] (root,0,0,00:00:00/43-11:03:56,79) [tpm_dev_wq] (root,0,0,00:00:00/43-11:03:56,80) [edac-poller] (root,0,0,00:00:00/43-11:03:56,81) [devfreq_wq] (root,0,0,00:00:00/43-11:03:56,110) [watchdogd] (root,0,0,00:00:03/43-11:03:56,111) [kswapd0] (root,0,0,00:00:11/43-11:03:56,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/43-11:03:54,115) [kthrotld] (root,0,0,00:00:00/43-11:03:54,116) [mld] (root,0,0,00:00:00/43-11:03:54,117) [ipv6_addrconf] (root,0,0,00:00:12/43-11:03:54,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/43-11:03:54,123) [kstrp] (root,0,0,00:00:00/43-11:03:54,124) [zswap-shrink] (root,0,0,00:00:00/43-11:03:54,125) [kworker/u9:0] (root,0,0,00:00:00/43-11:03:54,130) [charger_manager] (root,0,0,00:00:13/43-11:03:54,172) [kworker/1:1H-kblockd] (root,0,0,00:00:19/43-11:03:54,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/43-11:03:53,239) [kaluad] (root,0,0,00:00:00/43-11:03:53,258) [kmpath_rdacd] (root,0,0,00:00:00/43-11:03:53,304) [kmpathd] (root,0,0,00:00:00/43-11:03:53,305) [kmpath_handlerd] (root,0,0,00:00:00/43-11:03:52,342) [ata_sff] (root,0,0,00:00:00/43-11:03:52,343) [scsi_eh_0] (root,0,0,00:00:00/43-11:03:52,344) [scsi_tmf_0] (root,0,0,00:00:00/43-11:03:52,345) [scsi_eh_1] (root,0,0,00:00:00/43-11:03:52,346) [scsi_tmf_1] (root,0,0,00:01:27/43-11:03:49,366) [jbd2/vda1-8] (root,0,0,00:00:00/43-11:03:49,367) [ext4-rsv-conver] (root,38604,7856,00:01:14/43-11:03:37,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/43-11:03:36,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:08/43-11:03:34,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:26/43-11:03:03,511) /sbin/auditd (messagebus,22932,5408,00:02:24/43-11:03:02,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:21/43-11:03:02,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/43-11:03:02,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/43-11:03:00,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/43-11:03:00,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30208,00:00:51/43-11:02:46,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/43-11:02:46,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:19/43-11:02:46,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/43-11:02:46,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/43-11:02:46,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/43-11:02:46,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/43-11:02:46,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:25/43-11:02:46,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:18/43-11:02:46,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/43-11:02:46,1352) bpfilter_umh (root,26204,8096,00:00:22/43-11:02:46,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/43-11:02:46,1359) ntpd: asynchronous dns resolver (spot,361536,206064,2-12:12:12/43-11:02:45,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/43-11:02:45,1371) (sd-pam) (checkmk,48528,3180,00:00:00/43-11:02:45,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/43-11:02:45,1373) (sd-pam) (root,24216,5260,00:00:15/43-11:02:43,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/43-11:02:43,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/43-11:02:43,1485) /usr/sbin/cron -n (root,697508,76760,01:00:27/43-11:02:37,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,227776,70164,00:23:47/43-11:02:25,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/37-16:38:00,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/35:14,8260) [kworker/0:1] (root,0,0,00:00:00/10:55,9062) [kworker/2:0] (root,35304,10040,00:00:00/5-11:30:55,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:22/5-11:30:54,10514) sshd: syslogtunnel (root,0,0,00:00:00/10:20,10732) [kworker/3:1-ata_sff] (root,0,0,00:00:00/54:43,12041) [kworker/1:0-events] (root,0,0,00:00:00/01:58:09,13819) [kworker/0:2-events] (postfix,24244,8304,00:00:00/48:33,13890) pickup -l -t fifo -u (root,0,0,00:00:00/01:33:07,16939) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/01:02:36,17327) [kworker/u8:2-writeback] (root,6656,3488,00:00:00/00:00,19124) /bin/bash /usr/bin/check_mk_agent (root,13744,3412,00:00:00/00:00,19142) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,19143) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/01:54:06,21017) [kworker/3:2-ata_sff] (root,0,0,00:00:00/44:56,21552) [kworker/1:1] (root,0,0,00:00:00/05:10,30519) [kworker/3:0-events] (root,35308,10028,00:00:00/5-12:17:08,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:20/5-12:17:07,30947) sshd: cm-ssh (root,0,0,00:00:00/02:27:27,31069) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-23 21:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b3f8ffd2Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:02/41-10:39:04,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/41-10:39:04,2) [kthreadd] (root,0,0,00:00:00/41-10:39:04,3) [rcu_gp] (root,0,0,00:00:00/41-10:39:04,4) [rcu_par_gp] (root,0,0,00:00:00/41-10:39:04,5) [slub_flushwq] (root,0,0,00:00:00/41-10:39:04,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/41-10:39:04,9) [mm_percpu_wq] (root,0,0,00:00:00/41-10:39:04,10) [rcu_tasks_kthre] (root,0,0,00:00:00/41-10:39:04,11) [rcu_tasks_rude_] (root,0,0,00:00:00/41-10:39:04,12) [rcu_tasks_trace] (root,0,0,00:01:15/41-10:39:04,13) [ksoftirqd/0] (root,0,0,01:58:57/41-10:39:04,14) [rcu_preempt] (root,0,0,00:00:15/41-10:39:04,15) [migration/0] (root,0,0,00:00:00/41-10:39:04,16) [idle_inject/0] (root,0,0,00:00:00/41-10:39:04,18) [cpuhp/0] (root,0,0,00:00:00/41-10:39:04,19) [cpuhp/1] (root,0,0,00:00:00/41-10:39:04,20) [idle_inject/1] (root,0,0,00:00:15/41-10:39:04,21) [migration/1] (root,0,0,00:01:01/41-10:39:04,22) [ksoftirqd/1] (root,0,0,00:00:00/41-10:39:04,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/41-10:39:04,25) [cpuhp/2] (root,0,0,00:00:00/41-10:39:04,26) [idle_inject/2] (root,0,0,00:00:12/41-10:39:04,27) [migration/2] (root,0,0,01:18:13/41-10:39:04,28) [ksoftirqd/2] (root,0,0,00:00:00/41-10:39:04,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/41-10:39:04,31) [cpuhp/3] (root,0,0,00:00:00/41-10:39:04,32) [idle_inject/3] (root,0,0,00:00:15/41-10:39:04,33) [migration/3] (root,0,0,00:03:58/41-10:39:04,34) [ksoftirqd/3] (root,0,0,00:00:00/41-10:39:04,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/41-10:39:04,40) [kdevtmpfs] (root,0,0,00:00:00/41-10:39:04,41) [netns] (root,0,0,00:00:00/41-10:39:04,42) [inet_frag_wq] (root,0,0,00:00:14/41-10:39:04,43) [kauditd] (root,0,0,00:00:00/41-10:39:04,44) [khungtaskd] (root,0,0,00:00:00/41-10:39:04,45) [oom_reaper] (root,0,0,00:00:00/41-10:39:04,46) [writeback] (root,0,0,00:02:11/41-10:39:04,47) [kcompactd0] (root,0,0,00:00:00/41-10:39:04,48) [ksmd] (root,0,0,00:02:16/41-10:39:04,49) [khugepaged] (root,0,0,00:00:00/41-10:39:04,75) [kintegrityd] (root,0,0,00:00:00/41-10:39:04,76) [kblockd] (root,0,0,00:00:00/41-10:39:04,77) [blkcg_punt_bio] (root,0,0,00:00:00/41-10:39:04,79) [tpm_dev_wq] (root,0,0,00:00:00/41-10:39:04,80) [edac-poller] (root,0,0,00:00:00/41-10:39:04,81) [devfreq_wq] (root,0,0,00:00:00/41-10:39:04,110) [watchdogd] (root,0,0,00:00:03/41-10:39:04,111) [kswapd0] (root,0,0,00:00:11/41-10:39:04,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/41-10:39:02,115) [kthrotld] (root,0,0,00:00:00/41-10:39:02,116) [mld] (root,0,0,00:00:00/41-10:39:02,117) [ipv6_addrconf] (root,0,0,00:00:11/41-10:39:02,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/41-10:39:02,123) [kstrp] (root,0,0,00:00:00/41-10:39:02,124) [zswap-shrink] (root,0,0,00:00:00/41-10:39:02,125) [kworker/u9:0] (root,0,0,00:00:00/41-10:39:02,130) [charger_manager] (root,0,0,00:00:12/41-10:39:02,172) [kworker/1:1H-kblockd] (root,0,0,00:00:18/41-10:39:02,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/41-10:39:01,239) [kaluad] (root,0,0,00:00:00/41-10:39:01,258) [kmpath_rdacd] (root,0,0,00:00:00/41-10:39:01,304) [kmpathd] (root,0,0,00:00:00/41-10:39:01,305) [kmpath_handlerd] (root,0,0,00:00:00/41-10:39:00,342) [ata_sff] (root,0,0,00:00:00/41-10:39:00,343) [scsi_eh_0] (root,0,0,00:00:00/41-10:39:00,344) [scsi_tmf_0] (root,0,0,00:00:00/41-10:39:00,345) [scsi_eh_1] (root,0,0,00:00:00/41-10:39:00,346) [scsi_tmf_1] (root,0,0,00:01:22/41-10:38:57,366) [jbd2/vda1-8] (root,0,0,00:00:00/41-10:38:57,367) [ext4-rsv-conver] (root,38604,7856,00:01:11/41-10:38:45,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:04/41-10:38:44,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:05/41-10:38:42,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:25/41-10:38:11,511) /sbin/auditd (messagebus,22932,5408,00:02:18/41-10:38:10,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:18/41-10:38:10,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/41-10:38:10,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/41-10:38:08,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/41-10:38:08,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30208,00:00:49/41-10:37:54,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/41-10:37:54,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:07/41-10:37:54,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/41-10:37:54,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/41-10:37:54,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/41-10:37:54,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/41-10:37:54,1343) /usr/lib/systemd/systemd --user (root,449060,8448,00:01:22/41-10:37:54,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:00/41-10:37:54,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/41-10:37:54,1352) bpfilter_umh (root,26204,8096,00:00:21/41-10:37:54,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/41-10:37:54,1359) ntpd: asynchronous dns resolver (spot,361776,206112,2-09:23:45/41-10:37:53,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/41-10:37:53,1371) (sd-pam) (checkmk,48528,3180,00:00:00/41-10:37:53,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/41-10:37:53,1373) (sd-pam) (root,0,0,00:00:00/01:20:43,1398) [kworker/1:0-events] (root,24216,5260,00:00:14/41-10:37:51,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/41-10:37:51,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/41-10:37:51,1485) /usr/sbin/cron -n (root,697108,76360,00:57:35/41-10:37:45,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,226752,68932,00:22:46/41-10:37:33,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/35-16:13:08,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/05:42,6018) [kworker/3:1-ata_sff] (postfix,24244,8272,00:00:00/45:37,8568) pickup -l -t fifo -u (root,35304,10040,00:00:00/3-11:06:03,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:14/3-11:06:02,10514) sshd: syslogtunnel (root,0,0,00:00:00/52:16,15370) [kworker/u8:1-flush-253:0] (root,0,0,00:00:01/08:03:44,16954) [kworker/2:1-events] (root,0,0,00:00:00/12:18,17760) [kworker/u8:2-writeback] (root,0,0,00:00:00/42:46,18031) [kworker/1:2-events] (root,0,0,00:00:00/00:31,19400) [kworker/3:0-ata_sff] (root,0,0,00:00:00/38:03,20231) [kworker/0:0-events] (root,6656,3488,00:00:00/00:00,20830) /bin/bash /usr/bin/check_mk_agent (root,13744,3520,00:00:00/00:00,20848) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,20849) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:15:51,21301) [kworker/0:2-events] (root,0,0,00:00:02/03:38:26,27369) [kworker/3:2-mm_percpu_wq] (root,0,0,00:00:00/19:00,29732) [kworker/2:0-events] (root,35308,10028,00:00:00/3-11:52:16,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:13/3-11:52:15,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-21 21:27 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683638f04671bFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:57/39-11:25:01,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-11:25:01,2) [kthreadd] (root,0,0,00:00:00/39-11:25:01,3) [rcu_gp] (root,0,0,00:00:00/39-11:25:01,4) [rcu_par_gp] (root,0,0,00:00:00/39-11:25:01,5) [slub_flushwq] (root,0,0,00:00:00/39-11:25:01,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-11:25:01,9) [mm_percpu_wq] (root,0,0,00:00:00/39-11:25:01,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-11:25:01,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-11:25:01,12) [rcu_tasks_trace] (root,0,0,00:01:12/39-11:25:01,13) [ksoftirqd/0] (root,0,0,01:53:15/39-11:25:01,14) [rcu_preempt] (root,0,0,00:00:15/39-11:25:01,15) [migration/0] (root,0,0,00:00:00/39-11:25:01,16) [idle_inject/0] (root,0,0,00:00:00/39-11:25:01,18) [cpuhp/0] (root,0,0,00:00:00/39-11:25:01,19) [cpuhp/1] (root,0,0,00:00:00/39-11:25:01,20) [idle_inject/1] (root,0,0,00:00:15/39-11:25:01,21) [migration/1] (root,0,0,00:00:58/39-11:25:01,22) [ksoftirqd/1] (root,0,0,00:00:00/39-11:25:01,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-11:25:01,25) [cpuhp/2] (root,0,0,00:00:00/39-11:25:01,26) [idle_inject/2] (root,0,0,00:00:11/39-11:25:01,27) [migration/2] (root,0,0,01:13:31/39-11:25:01,28) [ksoftirqd/2] (root,0,0,00:00:00/39-11:25:01,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-11:25:01,31) [cpuhp/3] (root,0,0,00:00:00/39-11:25:01,32) [idle_inject/3] (root,0,0,00:00:14/39-11:25:01,33) [migration/3] (root,0,0,00:03:45/39-11:25:01,34) [ksoftirqd/3] (root,0,0,00:00:00/39-11:25:01,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-11:25:01,40) [kdevtmpfs] (root,0,0,00:00:00/39-11:25:01,41) [netns] (root,0,0,00:00:00/39-11:25:01,42) [inet_frag_wq] (root,0,0,00:00:14/39-11:25:01,43) [kauditd] (root,0,0,00:00:00/39-11:25:01,44) [khungtaskd] (root,0,0,00:00:00/39-11:25:01,45) [oom_reaper] (root,0,0,00:00:00/39-11:25:01,46) [writeback] (root,0,0,00:02:04/39-11:25:01,47) [kcompactd0] (root,0,0,00:00:00/39-11:25:01,48) [ksmd] (root,0,0,00:02:09/39-11:25:01,49) [khugepaged] (root,0,0,00:00:00/39-11:25:01,75) [kintegrityd] (root,0,0,00:00:00/39-11:25:01,76) [kblockd] (root,0,0,00:00:00/39-11:25:01,77) [blkcg_punt_bio] (root,0,0,00:00:00/39-11:25:01,79) [tpm_dev_wq] (root,0,0,00:00:00/39-11:25:01,80) [edac-poller] (root,0,0,00:00:00/39-11:25:01,81) [devfreq_wq] (root,0,0,00:00:00/39-11:25:01,110) [watchdogd] (root,0,0,00:00:02/39-11:25:01,111) [kswapd0] (root,0,0,00:00:10/39-11:25:01,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/39-11:24:59,115) [kthrotld] (root,0,0,00:00:00/39-11:24:59,116) [mld] (root,0,0,00:00:00/39-11:24:59,117) [ipv6_addrconf] (root,0,0,00:00:11/39-11:24:59,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-11:24:59,123) [kstrp] (root,0,0,00:00:00/39-11:24:59,124) [zswap-shrink] (root,0,0,00:00:00/39-11:24:59,125) [kworker/u9:0] (root,0,0,00:00:00/39-11:24:59,130) [charger_manager] (root,0,0,00:00:12/39-11:24:59,172) [kworker/1:1H-kblockd] (root,0,0,00:00:17/39-11:24:59,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/39-11:24:58,239) [kaluad] (root,0,0,00:00:00/39-11:24:58,258) [kmpath_rdacd] (root,0,0,00:00:00/39-11:24:58,304) [kmpathd] (root,0,0,00:00:00/39-11:24:58,305) [kmpath_handlerd] (root,0,0,00:00:00/39-11:24:57,342) [ata_sff] (root,0,0,00:00:00/39-11:24:57,343) [scsi_eh_0] (root,0,0,00:00:00/39-11:24:57,344) [scsi_tmf_0] (root,0,0,00:00:00/39-11:24:57,345) [scsi_eh_1] (root,0,0,00:00:00/39-11:24:57,346) [scsi_tmf_1] (root,0,0,00:01:18/39-11:24:54,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-11:24:54,367) [ext4-rsv-conver] (root,38604,7924,00:01:08/39-11:24:42,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/39-11:24:41,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:01:02/39-11:24:39,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:24/39-11:24:08,511) /sbin/auditd (messagebus,22932,5436,00:02:12/39-11:24:07,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:15/39-11:24:07,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/39-11:24:07,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/39-11:24:05,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/39-11:24:05,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30300,00:00:46/39-11:23:51,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/39-11:23:51,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:55/39-11:23:51,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/39-11:23:51,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/39-11:23:51,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/39-11:23:51,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/39-11:23:51,1343) /usr/lib/systemd/systemd --user (root,449060,8596,00:01:19/39-11:23:51,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:43/39-11:23:51,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/39-11:23:51,1352) bpfilter_umh (root,26204,8116,00:00:20/39-11:23:51,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/39-11:23:51,1359) ntpd: asynchronous dns resolver (spot,361376,198344,2-07:16:48/39-11:23:50,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/39-11:23:50,1371) (sd-pam) (checkmk,48528,3192,00:00:00/39-11:23:50,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/39-11:23:50,1373) (sd-pam) (root,24216,5260,00:00:14/39-11:23:48,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/39-11:23:48,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/39-11:23:48,1485) /usr/sbin/cron -n (root,697108,76496,00:54:45/39-11:23:42,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,67424,00:21:43/39-11:23:30,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/33-16:59:05,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/27:58,3019) [kworker/1:2-events] (root,35304,10040,00:00:00/1-11:52:00,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:07/1-11:51:59,10514) sshd: syslogtunnel (root,0,0,00:00:00/42:40,11867) [kworker/3:2-events] (root,0,0,00:00:00/01:13:14,12444) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/41:57,15181) [kworker/0:1-events] (root,0,0,00:00:00/13:28,15955) [kworker/u8:0-writeback] (root,0,0,00:00:00/13:28,15966) [kworker/1:0-events] (root,0,0,00:00:00/13:28,15998) [kworker/2:1-events] (root,0,0,00:00:01/02:15:19,16553) [kworker/0:0-events] (root,0,0,00:00:00/01:12,18227) [kworker/3:0-ata_sff] (root,0,0,00:00:00/06:22,23200) [kworker/3:1-ata_sff] (root,6656,3484,00:00:00/00:00,25236) /bin/bash /usr/bin/check_mk_agent (root,13744,3532,00:00:00/00:00,25254) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,25255) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10028,00:00:00/1-12:38:13,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:06/1-12:38:12,30947) sshd: cm-ssh (postfix,24244,8232,00:00:00/12:22,31794) pickup -l -t fifo -u (root,0,0,00:00:00/01:37:50,32470) [kworker/2:2-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-19 22:13 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683631ff73f3cFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:51/37-10:46:51,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-10:46:51,2) [kthreadd] (root,0,0,00:00:00/37-10:46:51,3) [rcu_gp] (root,0,0,00:00:00/37-10:46:51,4) [rcu_par_gp] (root,0,0,00:00:00/37-10:46:51,5) [slub_flushwq] (root,0,0,00:00:00/37-10:46:51,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-10:46:51,9) [mm_percpu_wq] (root,0,0,00:00:00/37-10:46:51,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-10:46:51,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-10:46:51,12) [rcu_tasks_trace] (root,0,0,00:01:07/37-10:46:51,13) [ksoftirqd/0] (root,0,0,01:47:08/37-10:46:51,14) [rcu_preempt] (root,0,0,00:00:14/37-10:46:51,15) [migration/0] (root,0,0,00:00:00/37-10:46:51,16) [idle_inject/0] (root,0,0,00:00:00/37-10:46:51,18) [cpuhp/0] (root,0,0,00:00:00/37-10:46:51,19) [cpuhp/1] (root,0,0,00:00:00/37-10:46:51,20) [idle_inject/1] (root,0,0,00:00:14/37-10:46:51,21) [migration/1] (root,0,0,00:00:55/37-10:46:51,22) [ksoftirqd/1] (root,0,0,00:00:00/37-10:46:51,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-10:46:51,25) [cpuhp/2] (root,0,0,00:00:00/37-10:46:51,26) [idle_inject/2] (root,0,0,00:00:10/37-10:46:51,27) [migration/2] (root,0,0,01:07:43/37-10:46:51,28) [ksoftirqd/2] (root,0,0,00:00:00/37-10:46:51,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-10:46:51,31) [cpuhp/3] (root,0,0,00:00:00/37-10:46:51,32) [idle_inject/3] (root,0,0,00:00:13/37-10:46:51,33) [migration/3] (root,0,0,00:03:29/37-10:46:51,34) [ksoftirqd/3] (root,0,0,00:00:00/37-10:46:51,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-10:46:51,40) [kdevtmpfs] (root,0,0,00:00:00/37-10:46:51,41) [netns] (root,0,0,00:00:00/37-10:46:51,42) [inet_frag_wq] (root,0,0,00:00:13/37-10:46:51,43) [kauditd] (root,0,0,00:00:00/37-10:46:51,44) [khungtaskd] (root,0,0,00:00:00/37-10:46:51,45) [oom_reaper] (root,0,0,00:00:00/37-10:46:51,46) [writeback] (root,0,0,00:01:57/37-10:46:51,47) [kcompactd0] (root,0,0,00:00:00/37-10:46:51,48) [ksmd] (root,0,0,00:02:02/37-10:46:51,49) [khugepaged] (root,0,0,00:00:00/37-10:46:51,75) [kintegrityd] (root,0,0,00:00:00/37-10:46:51,76) [kblockd] (root,0,0,00:00:00/37-10:46:51,77) [blkcg_punt_bio] (root,0,0,00:00:00/37-10:46:51,79) [tpm_dev_wq] (root,0,0,00:00:00/37-10:46:51,80) [edac-poller] (root,0,0,00:00:00/37-10:46:51,81) [devfreq_wq] (root,0,0,00:00:00/37-10:46:51,110) [watchdogd] (root,0,0,00:00:02/37-10:46:51,111) [kswapd0] (root,0,0,00:00:10/37-10:46:51,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/37-10:46:49,115) [kthrotld] (root,0,0,00:00:00/37-10:46:49,116) [mld] (root,0,0,00:00:00/37-10:46:49,117) [ipv6_addrconf] (root,0,0,00:00:10/37-10:46:49,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-10:46:49,123) [kstrp] (root,0,0,00:00:00/37-10:46:49,124) [zswap-shrink] (root,0,0,00:00:00/37-10:46:49,125) [kworker/u9:0] (root,0,0,00:00:00/37-10:46:49,130) [charger_manager] (root,0,0,00:00:11/37-10:46:49,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/37-10:46:49,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/37-10:46:48,239) [kaluad] (root,0,0,00:00:00/37-10:46:48,258) [kmpath_rdacd] (root,0,0,00:00:00/37-10:46:48,304) [kmpathd] (root,0,0,00:00:00/37-10:46:48,305) [kmpath_handlerd] (root,0,0,00:00:00/37-10:46:47,342) [ata_sff] (root,0,0,00:00:00/37-10:46:47,343) [scsi_eh_0] (root,0,0,00:00:00/37-10:46:47,344) [scsi_tmf_0] (root,0,0,00:00:00/37-10:46:47,345) [scsi_eh_1] (root,0,0,00:00:00/37-10:46:47,346) [scsi_tmf_1] (root,0,0,00:01:14/37-10:46:44,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-10:46:44,367) [ext4-rsv-conver] (root,38604,7924,00:01:01/37-10:46:32,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/37-10:46:31,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:00:58/37-10:46:29,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:22/37-10:45:58,511) /sbin/auditd (messagebus,22932,5436,00:02:06/37-10:45:57,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:11/37-10:45:57,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/37-10:45:57,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/37-10:45:55,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/37-10:45:55,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/02:23:51,669) [kworker/2:0-events] (root,548616,30292,00:00:44/37-10:45:41,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/37-10:45:41,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:42/37-10:45:41,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/37-10:45:41,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/37-10:45:41,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/37-10:45:41,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/37-10:45:41,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:58/37-10:45:41,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:24/37-10:45:41,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/37-10:45:41,1352) bpfilter_umh (root,26204,8116,00:00:19/37-10:45:41,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/37-10:45:41,1359) ntpd: asynchronous dns resolver (spot,361648,198412,2-04:16:27/37-10:45:40,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/37-10:45:40,1371) (sd-pam) (checkmk,48528,3192,00:00:00/37-10:45:40,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/37-10:45:40,1373) (sd-pam) (root,24216,5260,00:00:13/37-10:45:38,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/37-10:45:38,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/37-10:45:38,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/37-10:45:35,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:19/37-10:45:34,1527) sshd: syslogtunnel (root,0,0,00:00:00/40:01,1530) [kworker/u8:2-ext4-rsv-conversion] (root,696596,77960,00:51:50/37-10:45:32,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66200,00:20:38/37-10:45:20,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/31-16:20:55,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/37-10:44:55,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:02:04/37-10:44:55,3218) sshd: cm-ssh (root,0,0,00:00:00/01:52:10,4224) [kworker/0:0-events] (root,0,0,00:00:00/05:06,7536) [kworker/3:0-ata_sff] (postfix,24244,8176,00:00:00/01:36:08,11352) pickup -l -t fifo -u (root,0,0,00:00:00/01:34:05,11965) [kworker/1:0-events] (root,0,0,00:00:00/10:30,18233) [kworker/u8:0-writeback] (root,0,0,00:00:00/44:13,19177) [kworker/0:2-events] (root,0,0,00:00:00/10:17,19429) [kworker/3:1-ata_sff] (root,6656,3484,00:00:00/00:00,22386) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,22389) /bin/bash /usr/bin/check_mk_agent (root,13744,3372,00:00:00/00:00,22421) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,22422) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/57:50,24929) [kworker/2:1-events] (root,0,0,00:00:00/01:06:54,31156) [kworker/1:2-events] (root,0,0,00:00:01/02:25:11,32737) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-17 21:35 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363279569f5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12620,00:01:46/35-14:02:01,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/35-14:02:01,2) [kthreadd] (root,0,0,00:00:00/35-14:02:01,3) [rcu_gp] (root,0,0,00:00:00/35-14:02:01,4) [rcu_par_gp] (root,0,0,00:00:00/35-14:02:01,5) [slub_flushwq] (root,0,0,00:00:00/35-14:02:01,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-14:02:01,9) [mm_percpu_wq] (root,0,0,00:00:00/35-14:02:01,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-14:02:01,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-14:02:01,12) [rcu_tasks_trace] (root,0,0,00:01:04/35-14:02:01,13) [ksoftirqd/0] (root,0,0,01:42:12/35-14:02:01,14) [rcu_preempt] (root,0,0,00:00:13/35-14:02:01,15) [migration/0] (root,0,0,00:00:00/35-14:02:01,16) [idle_inject/0] (root,0,0,00:00:00/35-14:02:01,18) [cpuhp/0] (root,0,0,00:00:00/35-14:02:01,19) [cpuhp/1] (root,0,0,00:00:00/35-14:02:01,20) [idle_inject/1] (root,0,0,00:00:13/35-14:02:01,21) [migration/1] (root,0,0,00:00:52/35-14:02:01,22) [ksoftirqd/1] (root,0,0,00:00:00/35-14:02:01,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-14:02:01,25) [cpuhp/2] (root,0,0,00:00:00/35-14:02:01,26) [idle_inject/2] (root,0,0,00:00:10/35-14:02:01,27) [migration/2] (root,0,0,01:05:03/35-14:02:01,28) [ksoftirqd/2] (root,0,0,00:00:00/35-14:02:01,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-14:02:01,31) [cpuhp/3] (root,0,0,00:00:00/35-14:02:01,32) [idle_inject/3] (root,0,0,00:00:12/35-14:02:01,33) [migration/3] (root,0,0,00:03:21/35-14:02:01,34) [ksoftirqd/3] (root,0,0,00:00:00/35-14:02:01,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-14:02:01,40) [kdevtmpfs] (root,0,0,00:00:00/35-14:02:01,41) [netns] (root,0,0,00:00:00/35-14:02:01,42) [inet_frag_wq] (root,0,0,00:00:12/35-14:02:01,43) [kauditd] (root,0,0,00:00:00/35-14:02:01,44) [khungtaskd] (root,0,0,00:00:00/35-14:02:01,45) [oom_reaper] (root,0,0,00:00:00/35-14:02:01,46) [writeback] (root,0,0,00:01:52/35-14:02:01,47) [kcompactd0] (root,0,0,00:00:00/35-14:02:01,48) [ksmd] (root,0,0,00:01:56/35-14:02:01,49) [khugepaged] (root,0,0,00:00:00/35-14:02:01,75) [kintegrityd] (root,0,0,00:00:00/35-14:02:01,76) [kblockd] (root,0,0,00:00:00/35-14:02:01,77) [blkcg_punt_bio] (root,0,0,00:00:00/35-14:02:01,79) [tpm_dev_wq] (root,0,0,00:00:00/35-14:02:01,80) [edac-poller] (root,0,0,00:00:00/35-14:02:01,81) [devfreq_wq] (root,0,0,00:00:00/35-14:02:01,110) [watchdogd] (root,0,0,00:00:02/35-14:02:01,111) [kswapd0] (root,0,0,00:00:09/35-14:02:01,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/35-14:01:59,115) [kthrotld] (root,0,0,00:00:00/35-14:01:59,116) [mld] (root,0,0,00:00:00/35-14:01:59,117) [ipv6_addrconf] (root,0,0,00:00:10/35-14:01:59,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-14:01:59,123) [kstrp] (root,0,0,00:00:00/35-14:01:59,124) [zswap-shrink] (root,0,0,00:00:00/35-14:01:59,125) [kworker/u9:0] (root,0,0,00:00:00/35-14:01:59,130) [charger_manager] (root,0,0,00:00:10/35-14:01:59,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/35-14:01:59,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/35-14:01:58,239) [kaluad] (root,0,0,00:00:00/35-14:01:58,258) [kmpath_rdacd] (root,0,0,00:00:00/35-14:01:58,304) [kmpathd] (root,0,0,00:00:00/35-14:01:58,305) [kmpath_handlerd] (root,0,0,00:00:00/35-14:01:57,342) [ata_sff] (root,0,0,00:00:00/35-14:01:57,343) [scsi_eh_0] (root,0,0,00:00:00/35-14:01:57,344) [scsi_tmf_0] (root,0,0,00:00:00/35-14:01:57,345) [scsi_eh_1] (root,0,0,00:00:00/35-14:01:57,346) [scsi_tmf_1] (root,0,0,00:01:11/35-14:01:54,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-14:01:54,367) [ext4-rsv-conver] (root,38604,7924,00:00:58/35-14:01:42,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/35-14:01:41,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:00:56/35-14:01:39,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:21/35-14:01:08,511) /sbin/auditd (messagebus,22932,5436,00:01:59/35-14:01:07,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:07/35-14:01:07,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/35-14:01:07,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/35-14:01:05,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/35-14:01:05,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/35:13,633) [kworker/u8:1-writeback] (root,548616,30252,00:00:42/35-14:00:51,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/35-14:00:51,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:34/35-14:00:51,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/35-14:00:51,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/35-14:00:51,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/35-14:00:51,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/35-14:00:51,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:55/35-14:00:51,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:09/35-14:00:51,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/35-14:00:51,1352) bpfilter_umh (root,26204,8116,00:00:18/35-14:00:51,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/35-14:00:51,1359) ntpd: asynchronous dns resolver (spot,361440,198356,2-02:18:24/35-14:00:50,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/35-14:00:50,1371) (sd-pam) (checkmk,48528,3192,00:00:00/35-14:00:50,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/35-14:00:50,1373) (sd-pam) (root,24216,5260,00:00:12/35-14:00:48,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/35-14:00:48,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/35-14:00:48,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/35-14:00:45,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:12/35-14:00:44,1527) sshd: syslogtunnel (root,696596,77900,00:49:15/35-14:00:42,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:01/02:10:13,1719) [kworker/2:2-mm_percpu_wq] (spot,223680,64860,00:19:42/35-14:00:30,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/29-19:36:05,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/35-14:00:05,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:58/35-14:00:05,3218) sshd: cm-ssh (root,6656,3488,00:00:00/00:00,5892) /bin/bash /usr/bin/check_mk_agent (root,13744,3372,00:00:00/00:00,5910) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,5911) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/08:04,7158) [kworker/3:1-ata_sff] (root,0,0,00:00:00/01:07:24,11281) [kworker/0:1-events] (root,0,0,00:00:00/05:59,16207) [kworker/1:2-events] (postfix,24244,8160,00:00:00/12:57,18195) pickup -l -t fifo -u (root,0,0,00:00:00/03:17:55,19269) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:20:00,20934) [kworker/1:1-mm_percpu_wq] (root,0,0,00:00:00/49:34,21127) [kworker/3:0-events] (root,0,0,00:00:00/19:44,25651) [kworker/2:0] (root,0,0,00:00:00/02:52,27726) [kworker/3:2-ata_sff] (root,0,0,00:00:00/10:28,29321) [kworker/0:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-16 00:50 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639ae9b96bFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:39/33-10:48:31,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/33-10:48:31,2) [kthreadd] (root,0,0,00:00:00/33-10:48:31,3) [rcu_gp] (root,0,0,00:00:00/33-10:48:31,4) [rcu_par_gp] (root,0,0,00:00:00/33-10:48:31,5) [slub_flushwq] (root,0,0,00:00:00/33-10:48:31,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-10:48:31,9) [mm_percpu_wq] (root,0,0,00:00:00/33-10:48:31,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-10:48:31,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-10:48:31,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-10:48:31,13) [ksoftirqd/0] (root,0,0,01:36:30/33-10:48:31,14) [rcu_preempt] (root,0,0,00:00:12/33-10:48:31,15) [migration/0] (root,0,0,00:00:00/33-10:48:31,16) [idle_inject/0] (root,0,0,00:00:00/33-10:48:31,18) [cpuhp/0] (root,0,0,00:00:00/33-10:48:31,19) [cpuhp/1] (root,0,0,00:00:00/33-10:48:31,20) [idle_inject/1] (root,0,0,00:00:12/33-10:48:31,21) [migration/1] (root,0,0,00:00:50/33-10:48:31,22) [ksoftirqd/1] (root,0,0,00:00:00/33-10:48:31,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-10:48:31,25) [cpuhp/2] (root,0,0,00:00:00/33-10:48:31,26) [idle_inject/2] (root,0,0,00:00:09/33-10:48:31,27) [migration/2] (root,0,0,01:01:35/33-10:48:31,28) [ksoftirqd/2] (root,0,0,00:00:00/33-10:48:31,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-10:48:31,31) [cpuhp/3] (root,0,0,00:00:00/33-10:48:31,32) [idle_inject/3] (root,0,0,00:00:12/33-10:48:31,33) [migration/3] (root,0,0,00:03:10/33-10:48:31,34) [ksoftirqd/3] (root,0,0,00:00:00/33-10:48:31,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-10:48:31,40) [kdevtmpfs] (root,0,0,00:00:00/33-10:48:31,41) [netns] (root,0,0,00:00:00/33-10:48:31,42) [inet_frag_wq] (root,0,0,00:00:12/33-10:48:31,43) [kauditd] (root,0,0,00:00:00/33-10:48:31,44) [khungtaskd] (root,0,0,00:00:00/33-10:48:31,45) [oom_reaper] (root,0,0,00:00:00/33-10:48:31,46) [writeback] (root,0,0,00:01:45/33-10:48:31,47) [kcompactd0] (root,0,0,00:00:00/33-10:48:31,48) [ksmd] (root,0,0,00:01:49/33-10:48:31,49) [khugepaged] (root,0,0,00:00:00/33-10:48:31,75) [kintegrityd] (root,0,0,00:00:00/33-10:48:31,76) [kblockd] (root,0,0,00:00:00/33-10:48:31,77) [blkcg_punt_bio] (root,0,0,00:00:00/33-10:48:31,79) [tpm_dev_wq] (root,0,0,00:00:00/33-10:48:31,80) [edac-poller] (root,0,0,00:00:00/33-10:48:31,81) [devfreq_wq] (root,0,0,00:00:00/33-10:48:31,110) [watchdogd] (root,0,0,00:00:02/33-10:48:31,111) [kswapd0] (root,0,0,00:00:09/33-10:48:31,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/33-10:48:29,115) [kthrotld] (root,0,0,00:00:00/33-10:48:29,116) [mld] (root,0,0,00:00:00/33-10:48:29,117) [ipv6_addrconf] (root,0,0,00:00:09/33-10:48:29,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-10:48:29,123) [kstrp] (root,0,0,00:00:00/33-10:48:29,124) [zswap-shrink] (root,0,0,00:00:00/33-10:48:29,125) [kworker/u9:0] (root,0,0,00:00:00/33-10:48:29,130) [charger_manager] (root,0,0,00:00:10/33-10:48:29,172) [kworker/1:1H-kblockd] (root,0,0,00:00:15/33-10:48:29,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/33-10:48:28,239) [kaluad] (root,0,0,00:00:00/33-10:48:28,258) [kmpath_rdacd] (root,0,0,00:00:00/33-10:48:28,304) [kmpathd] (root,0,0,00:00:00/33-10:48:28,305) [kmpath_handlerd] (root,0,0,00:00:00/33-10:48:27,342) [ata_sff] (root,0,0,00:00:00/33-10:48:27,343) [scsi_eh_0] (root,0,0,00:00:00/33-10:48:27,344) [scsi_tmf_0] (root,0,0,00:00:00/33-10:48:27,345) [scsi_eh_1] (root,0,0,00:00:00/33-10:48:27,346) [scsi_tmf_1] (root,0,0,00:01:07/33-10:48:24,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-10:48:24,367) [ext4-rsv-conver] (root,38604,7944,00:00:54/33-10:48:12,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/33-10:48:11,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:52/33-10:48:09,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:20/33-10:47:38,511) /sbin/auditd (messagebus,22932,5632,00:01:51/33-10:47:37,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:01:03/33-10:47:37,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/33-10:47:37,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/33-10:47:35,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/33-10:47:35,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:39/33-10:47:21,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/33-10:47:21,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:21/33-10:47:21,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/33-10:47:21,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/33-10:47:21,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/33-10:47:21,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/33-10:47:21,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:51/33-10:47:21,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:50/33-10:47:21,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/33-10:47:21,1352) bpfilter_umh (root,26204,8128,00:00:17/33-10:47:21,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/33-10:47:21,1359) ntpd: asynchronous dns resolver (spot,361200,200016,2-00:12:28/33-10:47:20,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/33-10:47:20,1371) (sd-pam) (checkmk,48528,3192,00:00:00/33-10:47:20,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/33-10:47:20,1373) (sd-pam) (root,24216,5260,00:00:11/33-10:47:18,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/33-10:47:18,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/33-10:47:18,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/33-10:47:15,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:05/33-10:47:14,1527) sshd: syslogtunnel (root,694036,75228,00:46:18/33-10:47:12,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,222656,63340,00:18:39/33-10:47:00,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/27-16:22:35,2557) tlsmgr -l -t unix -u (postfix,24244,8240,00:00:00/40:31,2889) pickup -l -t fifo -u (root,0,0,00:00:00/04:23,2925) [kworker/3:2-events] (root,35308,10108,00:00:00/33-10:46:35,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:51/33-10:46:35,3218) sshd: cm-ssh (root,0,0,00:00:00/27:23,3437) [kworker/0:2-events] (root,0,0,00:00:00/03:59,4168) [kworker/u8:2] (root,6656,3488,00:00:00/00:00,13888) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,13929) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,13930) /bin/bash /usr/bin/check_mk_agent (root,4480,1068,00:00:00/00:00,13931) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,6656,3492,00:00:00/00:00,13932) /bin/bash /usr/bin/check_mk_agent (root,2728,776,00:00:00/00:00,13933) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,700,00:00:00/00:00,13934) cat /proc/net/tcp /proc/net/tcp6 (root,13744,3416,00:00:00/00:00,13952) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,13953) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:37:14,15338) [kworker/1:0-events] (root,0,0,00:00:00/02:33:54,15620) [kworker/2:2-events] (root,0,0,00:00:00/44:01,19377) [kworker/1:2] (root,0,0,00:00:04/09:55:49,20295) [kworker/3:0-ata_sff] (root,0,0,00:00:00/50:41,26016) [kworker/2:0] (root,0,0,00:00:00/50:40,26130) [kworker/u8:1-events_unbound] (root,0,0,00:00:00/10:40,26155) [kworker/0:0-events] (root,0,0,00:00:00/09:33,27726) [kworker/3:1-ata_sff] (root,0,0,00:00:00/01:26:56,28574) [kworker/u8:0-writeback] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-13 21:37 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683630c764602Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:33/31-11:18:10,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-11:18:10,2) [kthreadd] (root,0,0,00:00:00/31-11:18:10,3) [rcu_gp] (root,0,0,00:00:00/31-11:18:10,4) [rcu_par_gp] (root,0,0,00:00:00/31-11:18:10,5) [slub_flushwq] (root,0,0,00:00:00/31-11:18:10,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-11:18:10,9) [mm_percpu_wq] (root,0,0,00:00:00/31-11:18:10,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-11:18:10,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-11:18:10,12) [rcu_tasks_trace] (root,0,0,00:00:58/31-11:18:10,13) [ksoftirqd/0] (root,0,0,01:31:12/31-11:18:10,14) [rcu_preempt] (root,0,0,00:00:12/31-11:18:10,15) [migration/0] (root,0,0,00:00:00/31-11:18:10,16) [idle_inject/0] (root,0,0,00:00:00/31-11:18:10,18) [cpuhp/0] (root,0,0,00:00:00/31-11:18:10,19) [cpuhp/1] (root,0,0,00:00:00/31-11:18:10,20) [idle_inject/1] (root,0,0,00:00:12/31-11:18:10,21) [migration/1] (root,0,0,00:00:47/31-11:18:10,22) [ksoftirqd/1] (root,0,0,00:00:00/31-11:18:10,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-11:18:10,25) [cpuhp/2] (root,0,0,00:00:00/31-11:18:10,26) [idle_inject/2] (root,0,0,00:00:09/31-11:18:10,27) [migration/2] (root,0,0,00:58:35/31-11:18:10,28) [ksoftirqd/2] (root,0,0,00:00:00/31-11:18:10,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-11:18:10,31) [cpuhp/3] (root,0,0,00:00:00/31-11:18:10,32) [idle_inject/3] (root,0,0,00:00:11/31-11:18:10,33) [migration/3] (root,0,0,00:03:02/31-11:18:10,34) [ksoftirqd/3] (root,0,0,00:00:00/31-11:18:10,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-11:18:10,40) [kdevtmpfs] (root,0,0,00:00:00/31-11:18:10,41) [netns] (root,0,0,00:00:00/31-11:18:10,42) [inet_frag_wq] (root,0,0,00:00:11/31-11:18:10,43) [kauditd] (root,0,0,00:00:00/31-11:18:10,44) [khungtaskd] (root,0,0,00:00:00/31-11:18:10,45) [oom_reaper] (root,0,0,00:00:00/31-11:18:10,46) [writeback] (root,0,0,00:01:40/31-11:18:10,47) [kcompactd0] (root,0,0,00:00:00/31-11:18:10,48) [ksmd] (root,0,0,00:01:43/31-11:18:10,49) [khugepaged] (root,0,0,00:00:00/31-11:18:10,75) [kintegrityd] (root,0,0,00:00:00/31-11:18:10,76) [kblockd] (root,0,0,00:00:00/31-11:18:10,77) [blkcg_punt_bio] (root,0,0,00:00:00/31-11:18:10,79) [tpm_dev_wq] (root,0,0,00:00:00/31-11:18:10,80) [edac-poller] (root,0,0,00:00:00/31-11:18:10,81) [devfreq_wq] (root,0,0,00:00:00/31-11:18:10,110) [watchdogd] (root,0,0,00:00:02/31-11:18:10,111) [kswapd0] (root,0,0,00:00:08/31-11:18:10,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/31-11:18:08,115) [kthrotld] (root,0,0,00:00:00/31-11:18:08,116) [mld] (root,0,0,00:00:00/31-11:18:08,117) [ipv6_addrconf] (root,0,0,00:00:09/31-11:18:08,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-11:18:08,123) [kstrp] (root,0,0,00:00:00/31-11:18:08,124) [zswap-shrink] (root,0,0,00:00:00/31-11:18:08,125) [kworker/u9:0] (root,0,0,00:00:00/31-11:18:08,130) [charger_manager] (root,0,0,00:00:09/31-11:18:08,172) [kworker/1:1H-kblockd] (root,0,0,00:00:14/31-11:18:08,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/31-11:18:07,239) [kaluad] (root,0,0,00:00:00/31-11:18:07,258) [kmpath_rdacd] (root,0,0,00:00:00/31-11:18:07,304) [kmpathd] (root,0,0,00:00:00/31-11:18:07,305) [kmpath_handlerd] (root,0,0,00:00:00/31-11:18:06,342) [ata_sff] (root,0,0,00:00:00/31-11:18:06,343) [scsi_eh_0] (root,0,0,00:00:00/31-11:18:06,344) [scsi_tmf_0] (root,0,0,00:00:00/31-11:18:06,345) [scsi_eh_1] (root,0,0,00:00:00/31-11:18:06,346) [scsi_tmf_1] (root,0,0,00:01:03/31-11:18:03,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-11:18:03,367) [ext4-rsv-conver] (root,38604,7944,00:00:51/31-11:17:51,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/31-11:17:50,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:49/31-11:17:48,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:18/31-11:17:17,511) /sbin/auditd (messagebus,22932,5632,00:01:44/31-11:17:16,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:59/31-11:17:16,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/31-11:17:16,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/31-11:17:14,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/31-11:17:14,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:37/31-11:17:00,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/31-11:17:00,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:10/31-11:17:00,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/31-11:17:00,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/31-11:17:00,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/31-11:17:00,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/31-11:17:00,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:48/31-11:17:00,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:34/31-11:17:00,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/31-11:17:00,1352) bpfilter_umh (root,26204,8128,00:00:16/31-11:17:00,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/31-11:17:00,1359) ntpd: asynchronous dns resolver (spot,361712,200172,1-22:03:39/31-11:16:59,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/31-11:16:59,1371) (sd-pam) (checkmk,48528,3192,00:00:00/31-11:16:59,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/31-11:16:59,1373) (sd-pam) (root,24216,5260,00:00:11/31-11:16:57,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/31-11:16:57,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/31-11:16:57,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/31-11:16:54,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:57/31-11:16:53,1527) sshd: syslogtunnel (root,693780,72896,00:43:36/31-11:16:51,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,221632,61976,00:17:37/31-11:16:39,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/05:59,2437) [kworker/u8:2-flush-253:0] (postfix,44628,9244,00:00:01/25-16:52:14,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/31-11:16:14,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:44/31-11:16:14,3218) sshd: cm-ssh (root,0,0,00:00:00/10:35,5312) [kworker/3:1-events] (root,0,0,00:00:00/01:15:14,5424) [kworker/0:2-cgroup_destroy] (root,0,0,00:00:00/02:55:22,8637) [kworker/1:1-events] (root,0,0,00:00:00/18:05,9665) [kworker/2:0] (root,0,0,00:00:00/16:26:46,11736) [kworker/u8:1-ext4-rsv-conversion] (postfix,24244,8172,00:00:00/01:32:07,12724) pickup -l -t fifo -u (root,0,0,00:00:00/05:24,13044) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:38:42,22602) [kworker/2:1-events] (root,0,0,00:00:00/06:11,23881) [kworker/1:2-events] (root,0,0,00:00:00/00:29,27771) [kworker/0:0] (root,0,0,00:00:00/00:12,28432) [kworker/3:2-ata_sff] (root,0,0,00:00:00/41:19,28641) [kworker/0:1-events] (root,6764,3608,00:00:00/00:00,29000) /bin/bash /usr/bin/check_mk_agent (root,6656,3476,00:00:00/00:00,29148) /bin/bash /usr/bin/check_mk_agent (root,13744,3464,00:00:00/00:00,29194) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,29195) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-11 22:06 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363bfd69676Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:25/29-10:22:54,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-10:22:54,2) [kthreadd] (root,0,0,00:00:00/29-10:22:54,3) [rcu_gp] (root,0,0,00:00:00/29-10:22:54,4) [rcu_par_gp] (root,0,0,00:00:00/29-10:22:54,5) [slub_flushwq] (root,0,0,00:00:00/29-10:22:54,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-10:22:54,9) [mm_percpu_wq] (root,0,0,00:00:00/29-10:22:54,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-10:22:54,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-10:22:54,12) [rcu_tasks_trace] (root,0,0,00:00:54/29-10:22:54,13) [ksoftirqd/0] (root,0,0,01:25:18/29-10:22:54,14) [rcu_preempt] (root,0,0,00:00:11/29-10:22:54,15) [migration/0] (root,0,0,00:00:00/29-10:22:54,16) [idle_inject/0] (root,0,0,00:00:00/29-10:22:54,18) [cpuhp/0] (root,0,0,00:00:00/29-10:22:54,19) [cpuhp/1] (root,0,0,00:00:00/29-10:22:54,20) [idle_inject/1] (root,0,0,00:00:11/29-10:22:54,21) [migration/1] (root,0,0,00:00:44/29-10:22:54,22) [ksoftirqd/1] (root,0,0,00:00:00/29-10:22:54,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-10:22:54,25) [cpuhp/2] (root,0,0,00:00:00/29-10:22:54,26) [idle_inject/2] (root,0,0,00:00:08/29-10:22:54,27) [migration/2] (root,0,0,00:54:20/29-10:22:54,28) [ksoftirqd/2] (root,0,0,00:00:00/29-10:22:54,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-10:22:54,31) [cpuhp/3] (root,0,0,00:00:00/29-10:22:54,32) [idle_inject/3] (root,0,0,00:00:10/29-10:22:54,33) [migration/3] (root,0,0,00:02:49/29-10:22:54,34) [ksoftirqd/3] (root,0,0,00:00:00/29-10:22:54,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-10:22:54,40) [kdevtmpfs] (root,0,0,00:00:00/29-10:22:54,41) [netns] (root,0,0,00:00:00/29-10:22:54,42) [inet_frag_wq] (root,0,0,00:00:10/29-10:22:54,43) [kauditd] (root,0,0,00:00:00/29-10:22:54,44) [khungtaskd] (root,0,0,00:00:00/29-10:22:54,45) [oom_reaper] (root,0,0,00:00:00/29-10:22:54,46) [writeback] (root,0,0,00:01:34/29-10:22:54,47) [kcompactd0] (root,0,0,00:00:00/29-10:22:54,48) [ksmd] (root,0,0,00:01:35/29-10:22:54,49) [khugepaged] (root,0,0,00:00:00/29-10:22:54,75) [kintegrityd] (root,0,0,00:00:00/29-10:22:54,76) [kblockd] (root,0,0,00:00:00/29-10:22:54,77) [blkcg_punt_bio] (root,0,0,00:00:00/29-10:22:54,79) [tpm_dev_wq] (root,0,0,00:00:00/29-10:22:54,80) [edac-poller] (root,0,0,00:00:00/29-10:22:54,81) [devfreq_wq] (root,0,0,00:00:00/29-10:22:54,110) [watchdogd] (root,0,0,00:00:02/29-10:22:54,111) [kswapd0] (root,0,0,00:00:08/29-10:22:54,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/29-10:22:52,115) [kthrotld] (root,0,0,00:00:00/29-10:22:52,116) [mld] (root,0,0,00:00:00/29-10:22:52,117) [ipv6_addrconf] (root,0,0,00:00:08/29-10:22:52,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-10:22:52,123) [kstrp] (root,0,0,00:00:00/29-10:22:52,124) [zswap-shrink] (root,0,0,00:00:00/29-10:22:52,125) [kworker/u9:0] (root,0,0,00:00:00/29-10:22:52,130) [charger_manager] (root,0,0,00:00:09/29-10:22:52,172) [kworker/1:1H-kblockd] (root,0,0,00:00:13/29-10:22:52,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/29-10:22:51,239) [kaluad] (root,0,0,00:00:00/29-10:22:51,258) [kmpath_rdacd] (root,0,0,00:00:00/29-10:22:51,304) [kmpathd] (root,0,0,00:00:00/29-10:22:51,305) [kmpath_handlerd] (root,0,0,00:00:00/29-10:22:50,342) [ata_sff] (root,0,0,00:00:00/29-10:22:50,343) [scsi_eh_0] (root,0,0,00:00:00/29-10:22:50,344) [scsi_tmf_0] (root,0,0,00:00:00/29-10:22:50,345) [scsi_eh_1] (root,0,0,00:00:00/29-10:22:50,346) [scsi_tmf_1] (root,0,0,00:00:59/29-10:22:47,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-10:22:47,367) [ext4-rsv-conver] (root,38604,7944,00:00:47/29-10:22:35,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/29-10:22:34,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:46/29-10:22:32,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:17/29-10:22:01,511) /sbin/auditd (messagebus,22932,5632,00:01:34/29-10:22:00,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:54/29-10:22:00,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/29-10:22:00,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/29-10:21:58,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/29-10:21:58,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:34/29-10:21:44,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/29-10:21:44,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:58/29-10:21:44,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/29-10:21:44,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/29-10:21:44,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/29-10:21:44,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/29-10:21:44,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:45/29-10:21:44,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:16/29-10:21:44,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/29-10:21:44,1352) bpfilter_umh (root,26204,8128,00:00:14/29-10:21:44,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/29-10:21:44,1359) ntpd: asynchronous dns resolver (spot,361472,200096,1-19:40:09/29-10:21:43,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/29-10:21:43,1371) (sd-pam) (checkmk,48528,3192,00:00:00/29-10:21:43,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/29-10:21:43,1373) (sd-pam) (root,24216,5260,00:00:10/29-10:21:41,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/29-10:21:41,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/29-10:21:41,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/29-10:21:38,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:49/29-10:21:37,1527) sshd: syslogtunnel (root,693524,72428,00:40:41/29-10:21:35,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,220608,60740,00:16:33/29-10:21:23,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/23-15:56:58,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/05:02,3096) [kworker/3:1-ata_sff] (root,35308,10108,00:00:00/29-10:20:58,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:37/29-10:20:58,3218) sshd: cm-ssh (root,0,0,00:00:00/01:52:34,5368) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:52:34,5369) [kworker/1:2-events] (postfix,24244,8272,00:00:00/58:51,7332) pickup -l -t fifo -u (root,0,0,00:00:00/22:27,8539) [kworker/1:1] (root,0,0,00:00:00/01:30:07,9463) [kworker/0:2-events] (root,0,0,00:00:00/01:06,9946) [kworker/u8:1-writeback] (root,6656,3492,00:00:00/00:00,13680) /bin/bash /usr/bin/check_mk_agent (root,13744,3472,00:00:00/00:00,13698) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,13699) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/30:10,16583) [kworker/3:2-events] (root,0,0,00:00:00/19:18,19948) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/29:03,20379) [kworker/2:1-events] (root,0,0,00:00:00/12:47,26725) [kworker/2:0-events] (root,0,0,00:00:00/10:14,28173) [kworker/3:0-ata_sff] (root,0,0,00:00:00/02:27:46,31631) [kworker/u8:0-ext4-rsv-conversion] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-09 21:11 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683632cee26b7Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:18/27-12:58:13,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-12:58:13,2) [kthreadd] (root,0,0,00:00:00/27-12:58:13,3) [rcu_gp] (root,0,0,00:00:00/27-12:58:13,4) [rcu_par_gp] (root,0,0,00:00:00/27-12:58:13,5) [slub_flushwq] (root,0,0,00:00:00/27-12:58:13,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-12:58:13,9) [mm_percpu_wq] (root,0,0,00:00:00/27-12:58:13,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-12:58:13,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-12:58:13,12) [rcu_tasks_trace] (root,0,0,00:00:51/27-12:58:13,13) [ksoftirqd/0] (root,0,0,01:20:09/27-12:58:13,14) [rcu_preempt] (root,0,0,00:00:10/27-12:58:13,15) [migration/0] (root,0,0,00:00:00/27-12:58:13,16) [idle_inject/0] (root,0,0,00:00:00/27-12:58:13,18) [cpuhp/0] (root,0,0,00:00:00/27-12:58:13,19) [cpuhp/1] (root,0,0,00:00:00/27-12:58:13,20) [idle_inject/1] (root,0,0,00:00:10/27-12:58:13,21) [migration/1] (root,0,0,00:00:42/27-12:58:13,22) [ksoftirqd/1] (root,0,0,00:00:00/27-12:58:13,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-12:58:13,25) [cpuhp/2] (root,0,0,00:00:00/27-12:58:13,26) [idle_inject/2] (root,0,0,00:00:08/27-12:58:13,27) [migration/2] (root,0,0,00:51:33/27-12:58:13,28) [ksoftirqd/2] (root,0,0,00:00:00/27-12:58:13,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-12:58:13,31) [cpuhp/3] (root,0,0,00:00:00/27-12:58:13,32) [idle_inject/3] (root,0,0,00:00:10/27-12:58:13,33) [migration/3] (root,0,0,00:02:41/27-12:58:13,34) [ksoftirqd/3] (root,0,0,00:00:00/27-12:58:13,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-12:58:13,40) [kdevtmpfs] (root,0,0,00:00:00/27-12:58:13,41) [netns] (root,0,0,00:00:00/27-12:58:13,42) [inet_frag_wq] (root,0,0,00:00:09/27-12:58:13,43) [kauditd] (root,0,0,00:00:00/27-12:58:13,44) [khungtaskd] (root,0,0,00:00:00/27-12:58:13,45) [oom_reaper] (root,0,0,00:00:00/27-12:58:13,46) [writeback] (root,0,0,00:01:28/27-12:58:13,47) [kcompactd0] (root,0,0,00:00:00/27-12:58:13,48) [ksmd] (root,0,0,00:01:29/27-12:58:13,49) [khugepaged] (root,0,0,00:00:00/27-12:58:13,75) [kintegrityd] (root,0,0,00:00:00/27-12:58:13,76) [kblockd] (root,0,0,00:00:00/27-12:58:13,77) [blkcg_punt_bio] (root,0,0,00:00:00/27-12:58:13,79) [tpm_dev_wq] (root,0,0,00:00:00/27-12:58:13,80) [edac-poller] (root,0,0,00:00:00/27-12:58:13,81) [devfreq_wq] (root,0,0,00:00:00/27-12:58:13,110) [watchdogd] (root,0,0,00:00:02/27-12:58:13,111) [kswapd0] (root,0,0,00:00:07/27-12:58:13,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/27-12:58:11,115) [kthrotld] (root,0,0,00:00:00/27-12:58:11,116) [mld] (root,0,0,00:00:00/27-12:58:11,117) [ipv6_addrconf] (root,0,0,00:00:07/27-12:58:11,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-12:58:11,123) [kstrp] (root,0,0,00:00:00/27-12:58:11,124) [zswap-shrink] (root,0,0,00:00:00/27-12:58:11,125) [kworker/u9:0] (root,0,0,00:00:00/27-12:58:11,130) [charger_manager] (root,0,0,00:00:08/27-12:58:11,172) [kworker/1:1H-kblockd] (root,0,0,00:00:12/27-12:58:11,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/27-12:58:10,239) [kaluad] (root,0,0,00:00:00/27-12:58:10,258) [kmpath_rdacd] (root,0,0,00:00:00/27-12:58:10,304) [kmpathd] (root,0,0,00:00:00/27-12:58:10,305) [kmpath_handlerd] (root,0,0,00:00:00/27-12:58:09,342) [ata_sff] (root,0,0,00:00:00/27-12:58:09,343) [scsi_eh_0] (root,0,0,00:00:00/27-12:58:09,344) [scsi_tmf_0] (root,0,0,00:00:00/27-12:58:09,345) [scsi_eh_1] (root,0,0,00:00:00/27-12:58:09,346) [scsi_tmf_1] (root,0,0,00:00:55/27-12:58:06,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-12:58:06,367) [ext4-rsv-conver] (root,38604,7944,00:00:43/27-12:57:54,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/27-12:57:53,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:43/27-12:57:51,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:15/27-12:57:20,511) /sbin/auditd (messagebus,22932,5632,00:01:26/27-12:57:19,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8328,00:00:49/27-12:57:19,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/27-12:57:19,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/27-12:57:17,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/27-12:57:17,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28776,00:00:32/27-12:57:03,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/27-12:57:03,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:48/27-12:57:03,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/27-12:57:03,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/27-12:57:03,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/27-12:57:03,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/27-12:57:03,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:41/27-12:57:03,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:03:59/27-12:57:03,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/27-12:57:03,1352) bpfilter_umh (root,26204,8128,00:00:13/27-12:57:03,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/27-12:57:03,1359) ntpd: asynchronous dns resolver (spot,296160,195056,1-17:12:04/27-12:57:02,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/27-12:57:02,1371) (sd-pam) (checkmk,48528,3192,00:00:00/27-12:57:02,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/27-12:57:02,1373) (sd-pam) (root,24216,5260,00:00:09/27-12:57:00,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:01/27-12:57:00,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/27-12:57:00,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/27-12:56:57,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:42/27-12:56:56,1527) sshd: syslogtunnel (root,693268,72064,00:38:05/27-12:56:54,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,219584,59132,00:15:34/27-12:56:42,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:00/21-18:32:17,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/27-12:56:17,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:31/27-12:56:17,3218) sshd: cm-ssh (root,0,0,00:00:00/01:26:22,4690) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/06:40,4979) [kworker/3:1-ata_sff] (postfix,24244,8176,00:00:00/35:47,10198) pickup -l -t fifo -u (root,0,0,00:00:00/25:02,10553) [kworker/0:2-events] (root,0,0,00:00:00/53:05,13876) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/03:15,14310) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/01:28,18691) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:45:58,21505) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/01:20:49,22103) [kworker/0:1-events] (root,0,0,00:00:00/18:50,23590) [kworker/1:2] (root,0,0,00:00:00/01:02:20,24824) [kworker/2:1-events] (root,0,0,00:00:00/00:07,24846) [kworker/2:0-events] (root,6656,3492,00:00:00/00:00,25289) /bin/bash /usr/bin/check_mk_agent (root,6656,1828,00:00:00/00:00,25330) /bin/bash /usr/bin/check_mk_agent (root,6656,2020,00:00:00/00:00,25331) /bin/bash /usr/bin/check_mk_agent (root,4480,1160,00:00:00/00:00,25332) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,824,00:00:00/00:00,25333) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,676,00:00:00/00:00,25334) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3480,00:00:00/00:00,25335) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,25353) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,940,00:00:00/00:00,25354) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/01:19:18,28201) [kworker/3:0-events] (root,0,0,00:00:00/31:18,28567) [kworker/1:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-07 23:46 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363eb523fddFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:11/25-12:46:23,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-12:46:23,2) [kthreadd] (root,0,0,00:00:00/25-12:46:23,3) [rcu_gp] (root,0,0,00:00:00/25-12:46:23,4) [rcu_par_gp] (root,0,0,00:00:00/25-12:46:23,5) [slub_flushwq] (root,0,0,00:00:00/25-12:46:23,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-12:46:23,9) [mm_percpu_wq] (root,0,0,00:00:00/25-12:46:23,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-12:46:23,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-12:46:23,12) [rcu_tasks_trace] (root,0,0,00:00:48/25-12:46:23,13) [ksoftirqd/0] (root,0,0,01:14:43/25-12:46:23,14) [rcu_preempt] (root,0,0,00:00:09/25-12:46:23,15) [migration/0] (root,0,0,00:00:00/25-12:46:23,16) [idle_inject/0] (root,0,0,00:00:00/25-12:46:23,18) [cpuhp/0] (root,0,0,00:00:00/25-12:46:23,19) [cpuhp/1] (root,0,0,00:00:00/25-12:46:23,20) [idle_inject/1] (root,0,0,00:00:09/25-12:46:23,21) [migration/1] (root,0,0,00:00:39/25-12:46:23,22) [ksoftirqd/1] (root,0,0,00:00:00/25-12:46:23,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-12:46:23,25) [cpuhp/2] (root,0,0,00:00:00/25-12:46:23,26) [idle_inject/2] (root,0,0,00:00:07/25-12:46:23,27) [migration/2] (root,0,0,00:48:49/25-12:46:23,28) [ksoftirqd/2] (root,0,0,00:00:00/25-12:46:23,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-12:46:23,31) [cpuhp/3] (root,0,0,00:00:00/25-12:46:23,32) [idle_inject/3] (root,0,0,00:00:09/25-12:46:23,33) [migration/3] (root,0,0,00:02:31/25-12:46:23,34) [ksoftirqd/3] (root,0,0,00:00:00/25-12:46:23,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-12:46:23,40) [kdevtmpfs] (root,0,0,00:00:00/25-12:46:23,41) [netns] (root,0,0,00:00:00/25-12:46:23,42) [inet_frag_wq] (root,0,0,00:00:08/25-12:46:23,43) [kauditd] (root,0,0,00:00:00/25-12:46:23,44) [khungtaskd] (root,0,0,00:00:00/25-12:46:23,45) [oom_reaper] (root,0,0,00:00:00/25-12:46:23,46) [writeback] (root,0,0,00:01:21/25-12:46:23,47) [kcompactd0] (root,0,0,00:00:00/25-12:46:23,48) [ksmd] (root,0,0,00:01:23/25-12:46:23,49) [khugepaged] (root,0,0,00:00:00/25-12:46:23,75) [kintegrityd] (root,0,0,00:00:00/25-12:46:23,76) [kblockd] (root,0,0,00:00:00/25-12:46:23,77) [blkcg_punt_bio] (root,0,0,00:00:00/25-12:46:23,79) [tpm_dev_wq] (root,0,0,00:00:00/25-12:46:23,80) [edac-poller] (root,0,0,00:00:00/25-12:46:23,81) [devfreq_wq] (root,0,0,00:00:00/25-12:46:23,110) [watchdogd] (root,0,0,00:00:01/25-12:46:23,111) [kswapd0] (root,0,0,00:00:07/25-12:46:23,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/25-12:46:21,115) [kthrotld] (root,0,0,00:00:00/25-12:46:21,116) [mld] (root,0,0,00:00:00/25-12:46:21,117) [ipv6_addrconf] (root,0,0,00:00:07/25-12:46:21,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-12:46:21,123) [kstrp] (root,0,0,00:00:00/25-12:46:21,124) [zswap-shrink] (root,0,0,00:00:00/25-12:46:21,125) [kworker/u9:0] (root,0,0,00:00:00/25-12:46:21,130) [charger_manager] (root,0,0,00:00:07/25-12:46:21,172) [kworker/1:1H-kblockd] (root,0,0,00:00:11/25-12:46:21,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/25-12:46:20,239) [kaluad] (root,0,0,00:00:00/25-12:46:20,258) [kmpath_rdacd] (root,0,0,00:00:00/25-12:46:20,304) [kmpathd] (root,0,0,00:00:00/25-12:46:20,305) [kmpath_handlerd] (root,0,0,00:00:00/25-12:46:19,342) [ata_sff] (root,0,0,00:00:00/25-12:46:19,343) [scsi_eh_0] (root,0,0,00:00:00/25-12:46:19,344) [scsi_tmf_0] (root,0,0,00:00:00/25-12:46:19,345) [scsi_eh_1] (root,0,0,00:00:00/25-12:46:19,346) [scsi_tmf_1] (root,0,0,00:00:51/25-12:46:16,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-12:46:16,367) [ext4-rsv-conver] (root,38604,7992,00:00:39/25-12:46:04,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:03/25-12:46:03,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:40/25-12:46:01,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:14/25-12:45:30,511) /sbin/auditd (messagebus,22932,5912,00:01:17/25-12:45:29,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:44/25-12:45:29,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/25-12:45:29,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/25-12:45:27,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/25-12:45:27,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29508,00:00:30/25-12:45:13,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/25-12:45:13,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:37/25-12:45:13,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/25-12:45:13,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/25-12:45:13,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/25-12:45:13,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/25-12:45:13,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:37/25-12:45:13,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:42/25-12:45:13,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/25-12:45:13,1352) bpfilter_umh (root,26204,8212,00:00:12/25-12:45:13,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/25-12:45:13,1359) ntpd: asynchronous dns resolver (spot,296288,191556,1-14:57:47/25-12:45:12,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/25-12:45:12,1371) (sd-pam) (checkmk,48528,3192,00:00:00/25-12:45:12,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/25-12:45:12,1373) (sd-pam) (root,24216,5268,00:00:09/25-12:45:10,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/25-12:45:10,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/25-12:45:10,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/25-12:45:07,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:35/25-12:45:06,1527) sshd: syslogtunnel (root,693268,75792,00:35:20/25-12:45:04,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,218560,57872,00:14:36/25-12:44:52,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/19-18:20:27,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/25-12:44:27,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:25/25-12:44:27,3218) sshd: cm-ssh (root,0,0,00:00:00/04:26,3732) [kworker/3:1-ata_sff] (root,0,0,00:00:00/09:36,6944) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:07:55,11861) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/01:06,15928) [kworker/1:2] (root,0,0,00:00:00/41:15,16699) [kworker/2:2-events] (root,0,0,00:00:00/32:16,17398) [kworker/2:1-events] (root,6656,3484,00:00:00/00:00,19343) /bin/bash /usr/bin/check_mk_agent (root,6656,1820,00:00:00/00:00,19384) /bin/bash /usr/bin/check_mk_agent (root,6656,2012,00:00:00/00:00,19385) /bin/bash /usr/bin/check_mk_agent (root,4480,1068,00:00:00/00:00,19386) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,812,00:00:00/00:00,19387) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,676,00:00:00/00:00,19388) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3480,00:00:00/00:00,19389) /bin/bash /usr/bin/check_mk_agent (root,13744,3344,00:00:00/00:00,19407) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,19408) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:11,20983) [kworker/0:1-events] (root,0,0,00:00:00/01:45:03,21873) [kworker/1:0-events] (root,0,0,00:00:00/54:36,22713) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/13:04,23862) [kworker/1:1-cgroup_destroy] (root,0,0,00:00:01/01:27:26,27643) [kworker/3:2-events] (root,0,0,00:00:00/53:18,28674) [kworker/0:2-events] (postfix,24244,8204,00:00:00/45:02,32576) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-05 23:35 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363225ea66fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:03/23-12:52:16,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-12:52:16,2) [kthreadd] (root,0,0,00:00:00/23-12:52:16,3) [rcu_gp] (root,0,0,00:00:00/23-12:52:16,4) [rcu_par_gp] (root,0,0,00:00:00/23-12:52:16,5) [slub_flushwq] (root,0,0,00:00:00/23-12:52:16,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-12:52:16,9) [mm_percpu_wq] (root,0,0,00:00:00/23-12:52:16,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-12:52:16,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-12:52:16,12) [rcu_tasks_trace] (root,0,0,00:00:45/23-12:52:16,13) [ksoftirqd/0] (root,0,0,01:09:06/23-12:52:16,14) [rcu_preempt] (root,0,0,00:00:09/23-12:52:16,15) [migration/0] (root,0,0,00:00:00/23-12:52:16,16) [idle_inject/0] (root,0,0,00:00:00/23-12:52:16,18) [cpuhp/0] (root,0,0,00:00:00/23-12:52:16,19) [cpuhp/1] (root,0,0,00:00:00/23-12:52:16,20) [idle_inject/1] (root,0,0,00:00:09/23-12:52:16,21) [migration/1] (root,0,0,00:00:37/23-12:52:16,22) [ksoftirqd/1] (root,0,0,00:00:00/23-12:52:16,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-12:52:16,25) [cpuhp/2] (root,0,0,00:00:00/23-12:52:16,26) [idle_inject/2] (root,0,0,00:00:07/23-12:52:16,27) [migration/2] (root,0,0,00:45:32/23-12:52:16,28) [ksoftirqd/2] (root,0,0,00:00:00/23-12:52:16,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-12:52:16,31) [cpuhp/3] (root,0,0,00:00:00/23-12:52:16,32) [idle_inject/3] (root,0,0,00:00:08/23-12:52:16,33) [migration/3] (root,0,0,00:02:21/23-12:52:16,34) [ksoftirqd/3] (root,0,0,00:00:00/23-12:52:16,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-12:52:16,40) [kdevtmpfs] (root,0,0,00:00:00/23-12:52:16,41) [netns] (root,0,0,00:00:00/23-12:52:16,42) [inet_frag_wq] (root,0,0,00:00:07/23-12:52:16,43) [kauditd] (root,0,0,00:00:00/23-12:52:16,44) [khungtaskd] (root,0,0,00:00:00/23-12:52:16,45) [oom_reaper] (root,0,0,00:00:00/23-12:52:16,46) [writeback] (root,0,0,00:01:15/23-12:52:16,47) [kcompactd0] (root,0,0,00:00:00/23-12:52:16,48) [ksmd] (root,0,0,00:01:17/23-12:52:16,49) [khugepaged] (root,0,0,00:00:00/23-12:52:16,75) [kintegrityd] (root,0,0,00:00:00/23-12:52:16,76) [kblockd] (root,0,0,00:00:00/23-12:52:16,77) [blkcg_punt_bio] (root,0,0,00:00:00/23-12:52:16,79) [tpm_dev_wq] (root,0,0,00:00:00/23-12:52:16,80) [edac-poller] (root,0,0,00:00:00/23-12:52:16,81) [devfreq_wq] (root,0,0,00:00:00/23-12:52:16,110) [watchdogd] (root,0,0,00:00:01/23-12:52:16,111) [kswapd0] (root,0,0,00:00:06/23-12:52:16,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/23-12:52:14,115) [kthrotld] (root,0,0,00:00:00/23-12:52:14,116) [mld] (root,0,0,00:00:00/23-12:52:14,117) [ipv6_addrconf] (root,0,0,00:00:06/23-12:52:14,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-12:52:14,123) [kstrp] (root,0,0,00:00:00/23-12:52:14,124) [zswap-shrink] (root,0,0,00:00:00/23-12:52:14,125) [kworker/u9:0] (root,0,0,00:00:00/23-12:52:14,130) [charger_manager] (root,0,0,00:00:07/23-12:52:14,172) [kworker/1:1H-kblockd] (root,0,0,00:00:10/23-12:52:14,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/23-12:52:13,239) [kaluad] (root,0,0,00:00:00/23-12:52:13,258) [kmpath_rdacd] (root,0,0,00:00:00/23-12:52:13,304) [kmpathd] (root,0,0,00:00:00/23-12:52:13,305) [kmpath_handlerd] (root,0,0,00:00:00/23-12:52:12,342) [ata_sff] (root,0,0,00:00:00/23-12:52:12,343) [scsi_eh_0] (root,0,0,00:00:00/23-12:52:12,344) [scsi_tmf_0] (root,0,0,00:00:00/23-12:52:12,345) [scsi_eh_1] (root,0,0,00:00:00/23-12:52:12,346) [scsi_tmf_1] (root,0,0,00:00:47/23-12:52:09,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-12:52:09,367) [ext4-rsv-conver] (root,38604,7992,00:00:35/23-12:51:57,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/23-12:51:56,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:37/23-12:51:54,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:12/23-12:51:23,511) /sbin/auditd (messagebus,22932,5912,00:01:08/23-12:51:22,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:39/23-12:51:22,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/23-12:51:22,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/23-12:51:20,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/23-12:51:20,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28468,00:00:27/23-12:51:06,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/23-12:51:06,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:27/23-12:51:06,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/23-12:51:06,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/23-12:51:06,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/23-12:51:06,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/23-12:51:06,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:33/23-12:51:06,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:25/23-12:51:06,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/23-12:51:06,1352) bpfilter_umh (root,26204,8212,00:00:10/23-12:51:06,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/23-12:51:06,1359) ntpd: asynchronous dns resolver (spot,292000,178108,1-12:32:15/23-12:51:05,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/23-12:51:05,1371) (sd-pam) (checkmk,48528,3192,00:00:00/23-12:51:05,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/23-12:51:05,1373) (sd-pam) (root,24216,5268,00:00:08/23-12:51:03,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/23-12:51:03,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/23-12:51:03,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/23-12:51:00,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:27/23-12:50:59,1527) sshd: syslogtunnel (root,692644,73248,00:32:34/23-12:50:57,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,56548,00:13:35/23-12:50:45,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/17-18:26:20,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/23-12:50:20,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:18/23-12:50:20,3218) sshd: cm-ssh (root,0,0,00:00:00/01:00:14,3867) [kworker/0:0-events] (root,0,0,00:00:00/25:45,3961) [kworker/1:2-events] (root,0,0,00:00:00/01:08:40,4103) [kworker/u8:1-writeback] (root,0,0,00:00:00/05:33:51,4562) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/16:52,6663) [kworker/0:2-events] (root,0,0,00:00:00/44:51,14029) [kworker/2:1-events] (root,0,0,00:00:00/01:19,16238) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:22:11,18134) [kworker/2:2-events] (root,0,0,00:00:00/42:49,18665) [kworker/3:1-events] (postfix,24244,8168,00:00:00/01:12:45,18770) pickup -l -t fifo -u (root,6656,3480,00:00:00/00:00,20053) /bin/bash /usr/bin/check_mk_agent (root,13744,3372,00:00:00/00:00,20071) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,20072) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/06:30,25097) [kworker/3:2-ata_sff] (root,0,0,00:00:00/19:46,28637) [kworker/1:1] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-03 23:40 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363edf7f8a5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:54/21-12:58:18,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-12:58:18,2) [kthreadd] (root,0,0,00:00:00/21-12:58:18,3) [rcu_gp] (root,0,0,00:00:00/21-12:58:18,4) [rcu_par_gp] (root,0,0,00:00:00/21-12:58:18,5) [slub_flushwq] (root,0,0,00:00:00/21-12:58:18,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-12:58:18,9) [mm_percpu_wq] (root,0,0,00:00:00/21-12:58:18,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-12:58:18,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-12:58:18,12) [rcu_tasks_trace] (root,0,0,00:00:42/21-12:58:18,13) [ksoftirqd/0] (root,0,0,01:03:27/21-12:58:18,14) [rcu_preempt] (root,0,0,00:00:08/21-12:58:18,15) [migration/0] (root,0,0,00:00:00/21-12:58:18,16) [idle_inject/0] (root,0,0,00:00:00/21-12:58:18,18) [cpuhp/0] (root,0,0,00:00:00/21-12:58:18,19) [cpuhp/1] (root,0,0,00:00:00/21-12:58:18,20) [idle_inject/1] (root,0,0,00:00:08/21-12:58:18,21) [migration/1] (root,0,0,00:00:34/21-12:58:18,22) [ksoftirqd/1] (root,0,0,00:00:00/21-12:58:18,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-12:58:18,25) [cpuhp/2] (root,0,0,00:00:00/21-12:58:18,26) [idle_inject/2] (root,0,0,00:00:06/21-12:58:18,27) [migration/2] (root,0,0,00:42:44/21-12:58:18,28) [ksoftirqd/2] (root,0,0,00:00:00/21-12:58:18,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-12:58:18,31) [cpuhp/3] (root,0,0,00:00:00/21-12:58:18,32) [idle_inject/3] (root,0,0,00:00:08/21-12:58:18,33) [migration/3] (root,0,0,00:02:11/21-12:58:18,34) [ksoftirqd/3] (root,0,0,00:00:00/21-12:58:18,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-12:58:18,40) [kdevtmpfs] (root,0,0,00:00:00/21-12:58:18,41) [netns] (root,0,0,00:00:00/21-12:58:18,42) [inet_frag_wq] (root,0,0,00:00:06/21-12:58:18,43) [kauditd] (root,0,0,00:00:00/21-12:58:18,44) [khungtaskd] (root,0,0,00:00:00/21-12:58:18,45) [oom_reaper] (root,0,0,00:00:00/21-12:58:18,46) [writeback] (root,0,0,00:01:09/21-12:58:18,47) [kcompactd0] (root,0,0,00:00:00/21-12:58:18,48) [ksmd] (root,0,0,00:01:10/21-12:58:18,49) [khugepaged] (root,0,0,00:00:00/21-12:58:18,75) [kintegrityd] (root,0,0,00:00:00/21-12:58:18,76) [kblockd] (root,0,0,00:00:00/21-12:58:18,77) [blkcg_punt_bio] (root,0,0,00:00:00/21-12:58:18,79) [tpm_dev_wq] (root,0,0,00:00:00/21-12:58:18,80) [edac-poller] (root,0,0,00:00:00/21-12:58:18,81) [devfreq_wq] (root,0,0,00:00:00/21-12:58:18,110) [watchdogd] (root,0,0,00:00:01/21-12:58:18,111) [kswapd0] (root,0,0,00:00:05/21-12:58:18,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/21-12:58:16,115) [kthrotld] (root,0,0,00:00:00/21-12:58:16,116) [mld] (root,0,0,00:00:00/21-12:58:16,117) [ipv6_addrconf] (root,0,0,00:00:06/21-12:58:16,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-12:58:16,123) [kstrp] (root,0,0,00:00:00/21-12:58:16,124) [zswap-shrink] (root,0,0,00:00:00/21-12:58:16,125) [kworker/u9:0] (root,0,0,00:00:00/21-12:58:16,130) [charger_manager] (root,0,0,00:00:06/21-12:58:16,172) [kworker/1:1H-kblockd] (root,0,0,00:00:09/21-12:58:16,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/21-12:58:15,239) [kaluad] (root,0,0,00:00:00/21-12:58:15,258) [kmpath_rdacd] (root,0,0,00:00:00/21-12:58:15,304) [kmpathd] (root,0,0,00:00:00/21-12:58:15,305) [kmpath_handlerd] (root,0,0,00:00:00/21-12:58:14,342) [ata_sff] (root,0,0,00:00:00/21-12:58:14,343) [scsi_eh_0] (root,0,0,00:00:00/21-12:58:14,344) [scsi_tmf_0] (root,0,0,00:00:00/21-12:58:14,345) [scsi_eh_1] (root,0,0,00:00:00/21-12:58:14,346) [scsi_tmf_1] (root,0,0,00:00:43/21-12:58:11,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-12:58:11,367) [ext4-rsv-conver] (root,38604,7992,00:00:30/21-12:57:59,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/21-12:57:58,454) /usr/lib/systemd/systemd-udevd (root,0,0,00:00:01/02:00:59,461) [kworker/3:0-events] (root,8624,6244,00:00:34/21-12:57:56,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:10/21-12:57:25,511) /sbin/auditd (messagebus,22932,5912,00:00:58/21-12:57:24,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:33/21-12:57:24,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/21-12:57:24,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/21-12:57:22,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/21-12:57:22,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,6656,3484,00:00:00/00:00,691) /bin/bash /usr/bin/check_mk_agent (root,13744,3396,00:00:00/00:00,709) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,710) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,548104,28468,00:00:25/21-12:57:08,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/21-12:57:08,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:16/21-12:57:08,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/21-12:57:08,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/21-12:57:08,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/21-12:57:08,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/21-12:57:08,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:29/21-12:57:08,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:07/21-12:57:08,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/21-12:57:08,1352) bpfilter_umh (root,26204,8212,00:00:09/21-12:57:08,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/21-12:57:08,1359) ntpd: asynchronous dns resolver (spot,314172,199592,1-09:55:32/21-12:57:07,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/21-12:57:07,1371) (sd-pam) (checkmk,48528,3192,00:00:00/21-12:57:07,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/21-12:57:07,1373) (sd-pam) (root,24216,5268,00:00:07/21-12:57:05,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/21-12:57:05,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/21-12:57:05,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/21-12:57:02,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:19/21-12:57:01,1527) sshd: syslogtunnel (root,692388,72908,00:29:47/21-12:56:59,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,216512,55044,00:12:32/21-12:56:47,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/15-18:32:22,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/21-12:56:22,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:12/21-12:56:22,3218) sshd: cm-ssh (root,0,0,00:00:00/30:46,3360) [kworker/2:0-events] (root,0,0,00:00:00/16:32,3491) [kworker/1:2-events] (root,0,0,00:00:00/57:20,6922) [kworker/0:2-events] (root,0,0,00:00:00/06:51,8901) [kworker/3:2-ata_sff] (root,0,0,00:00:00/02:16:55,9313) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:20:08,14476) [kworker/u8:1-writeback] (root,0,0,00:00:00/22:16,18332) [kworker/0:1] (root,0,0,00:00:00/10:52,20656) [kworker/1:0] (root,0,0,00:00:00/02:23,25731) [kworker/2:1-events] (root,0,0,00:00:00/01:40,27423) [kworker/3:1-ata_sff] (root,0,0,00:00:01/04:36:53,29790) [kworker/2:2-cgroup_destroy] (postfix,24244,8256,00:00:00/00:37,30941) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-01 23:47 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683634e18e237Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:44/19-12:57:18,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-12:57:18,2) [kthreadd] (root,0,0,00:00:00/19-12:57:18,3) [rcu_gp] (root,0,0,00:00:00/19-12:57:18,4) [rcu_par_gp] (root,0,0,00:00:00/19-12:57:18,5) [slub_flushwq] (root,0,0,00:00:00/19-12:57:18,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-12:57:18,9) [mm_percpu_wq] (root,0,0,00:00:00/19-12:57:18,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-12:57:18,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-12:57:18,12) [rcu_tasks_trace] (root,0,0,00:00:38/19-12:57:18,13) [ksoftirqd/0] (root,0,0,00:57:22/19-12:57:18,14) [rcu_preempt] (root,0,0,00:00:07/19-12:57:18,15) [migration/0] (root,0,0,00:00:00/19-12:57:18,16) [idle_inject/0] (root,0,0,00:00:00/19-12:57:18,18) [cpuhp/0] (root,0,0,00:00:00/19-12:57:18,19) [cpuhp/1] (root,0,0,00:00:00/19-12:57:18,20) [idle_inject/1] (root,0,0,00:00:07/19-12:57:18,21) [migration/1] (root,0,0,00:00:31/19-12:57:18,22) [ksoftirqd/1] (root,0,0,00:00:00/19-12:57:18,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-12:57:18,25) [cpuhp/2] (root,0,0,00:00:00/19-12:57:18,26) [idle_inject/2] (root,0,0,00:00:05/19-12:57:18,27) [migration/2] (root,0,0,00:39:19/19-12:57:18,28) [ksoftirqd/2] (root,0,0,00:00:00/19-12:57:18,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-12:57:18,31) [cpuhp/3] (root,0,0,00:00:00/19-12:57:18,32) [idle_inject/3] (root,0,0,00:00:07/19-12:57:18,33) [migration/3] (root,0,0,00:01:59/19-12:57:18,34) [ksoftirqd/3] (root,0,0,00:00:00/19-12:57:18,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-12:57:18,40) [kdevtmpfs] (root,0,0,00:00:00/19-12:57:18,41) [netns] (root,0,0,00:00:00/19-12:57:18,42) [inet_frag_wq] (root,0,0,00:00:05/19-12:57:18,43) [kauditd] (root,0,0,00:00:00/19-12:57:18,44) [khungtaskd] (root,0,0,00:00:00/19-12:57:18,45) [oom_reaper] (root,0,0,00:00:00/19-12:57:18,46) [writeback] (root,0,0,00:01:02/19-12:57:18,47) [kcompactd0] (root,0,0,00:00:00/19-12:57:18,48) [ksmd] (root,0,0,00:01:03/19-12:57:18,49) [khugepaged] (root,0,0,00:00:00/19-12:57:18,75) [kintegrityd] (root,0,0,00:00:00/19-12:57:18,76) [kblockd] (root,0,0,00:00:00/19-12:57:18,77) [blkcg_punt_bio] (root,0,0,00:00:00/19-12:57:18,79) [tpm_dev_wq] (root,0,0,00:00:00/19-12:57:18,80) [edac-poller] (root,0,0,00:00:00/19-12:57:18,81) [devfreq_wq] (root,0,0,00:00:00/19-12:57:18,110) [watchdogd] (root,0,0,00:00:01/19-12:57:18,111) [kswapd0] (root,0,0,00:00:05/19-12:57:18,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/19-12:57:16,115) [kthrotld] (root,0,0,00:00:00/19-12:57:16,116) [mld] (root,0,0,00:00:00/19-12:57:16,117) [ipv6_addrconf] (root,0,0,00:00:05/19-12:57:16,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-12:57:16,123) [kstrp] (root,0,0,00:00:00/19-12:57:16,124) [zswap-shrink] (root,0,0,00:00:00/19-12:57:16,125) [kworker/u9:0] (root,0,0,00:00:00/19-12:57:16,130) [charger_manager] (root,0,0,00:00:06/19-12:57:16,172) [kworker/1:1H-kblockd] (root,0,0,00:00:09/19-12:57:16,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/19-12:57:15,239) [kaluad] (root,0,0,00:00:00/19-12:57:15,258) [kmpath_rdacd] (root,0,0,00:00:00/19-12:57:15,304) [kmpathd] (root,0,0,00:00:00/19-12:57:15,305) [kmpath_handlerd] (root,0,0,00:00:00/19-12:57:14,342) [ata_sff] (root,0,0,00:00:00/19-12:57:14,343) [scsi_eh_0] (root,0,0,00:00:00/19-12:57:14,344) [scsi_tmf_0] (root,0,0,00:00:00/19-12:57:14,345) [scsi_eh_1] (root,0,0,00:00:00/19-12:57:14,346) [scsi_tmf_1] (root,0,0,00:00:39/19-12:57:11,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-12:57:11,367) [ext4-rsv-conver] (root,38604,7616,00:00:25/19-12:56:59,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/19-12:56:58,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:31/19-12:56:56,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:08/19-12:56:25,511) /sbin/auditd (messagebus,22932,5912,00:00:45/19-12:56:24,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:26/19-12:56:24,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/19-12:56:24,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/19-12:56:22,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/19-12:56:22,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:23/19-12:56:08,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/19-12:56:08,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:05/19-12:56:08,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/19-12:56:08,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/19-12:56:08,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/19-12:56:08,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/19-12:56:08,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:25/19-12:56:08,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:49/19-12:56:08,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/19-12:56:08,1352) bpfilter_umh (root,26204,8212,00:00:07/19-12:56:08,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/19-12:56:08,1359) ntpd: asynchronous dns resolver (spot,313996,199548,1-07:06:47/19-12:56:07,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/19-12:56:07,1371) (sd-pam) (checkmk,48528,3192,00:00:00/19-12:56:07,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/19-12:56:07,1373) (sd-pam) (root,24216,5268,00:00:06/19-12:56:05,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/19-12:56:05,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/19-12:56:05,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/19-12:56:02,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:10/19-12:56:01,1527) sshd: syslogtunnel (root,618656,71492,00:26:56/19-12:55:59,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,215488,53708,00:11:20/19-12:55:47,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/13-18:31:22,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/19-12:55:22,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:05/19-12:55:22,3218) sshd: cm-ssh (root,0,0,00:00:00/50:00,4244) [kworker/0:0-events] (root,0,0,00:00:00/04:19,5008) [kworker/u8:1] (root,0,0,00:00:00/31:17,7171) [kworker/3:2-events_freezable_power_] (root,0,0,00:00:00/47:36,10508) [kworker/2:2-events] (root,0,0,00:00:01/03:08:02,12961) [kworker/2:0-events] (root,0,0,00:00:00/37:01,15979) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/10:10,16908) [kworker/0:2-events] (root,0,0,00:00:00/10:09,16909) [kworker/u8:0-events_unbound] (root,0,0,00:00:00/01:45:29,17258) [kworker/1:0-events] (postfix,24244,8296,00:00:00/20:30,18563) pickup -l -t fifo -u (root,0,0,00:00:00/00:08,21706) [kworker/3:1-ata_sff] (root,6656,3488,00:00:00/00:00,22578) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,22596) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,22597) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:33,29017) [kworker/1:1] (root,0,0,00:00:00/05:20,32535) [kworker/3:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-29 23:46 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c2ac5419Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:33/17-12:56:58,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-12:56:58,2) [kthreadd] (root,0,0,00:00:00/17-12:56:58,3) [rcu_gp] (root,0,0,00:00:00/17-12:56:58,4) [rcu_par_gp] (root,0,0,00:00:00/17-12:56:58,5) [slub_flushwq] (root,0,0,00:00:00/17-12:56:58,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-12:56:58,9) [mm_percpu_wq] (root,0,0,00:00:00/17-12:56:58,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-12:56:58,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-12:56:58,12) [rcu_tasks_trace] (root,0,0,00:00:33/17-12:56:58,13) [ksoftirqd/0] (root,0,0,00:50:24/17-12:56:58,14) [rcu_preempt] (root,0,0,00:00:06/17-12:56:58,15) [migration/0] (root,0,0,00:00:00/17-12:56:58,16) [idle_inject/0] (root,0,0,00:00:00/17-12:56:58,18) [cpuhp/0] (root,0,0,00:00:00/17-12:56:58,19) [cpuhp/1] (root,0,0,00:00:00/17-12:56:58,20) [idle_inject/1] (root,0,0,00:00:06/17-12:56:58,21) [migration/1] (root,0,0,00:00:27/17-12:56:58,22) [ksoftirqd/1] (root,0,0,00:00:00/17-12:56:58,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-12:56:58,25) [cpuhp/2] (root,0,0,00:00:00/17-12:56:58,26) [idle_inject/2] (root,0,0,00:00:05/17-12:56:58,27) [migration/2] (root,0,0,00:33:47/17-12:56:58,28) [ksoftirqd/2] (root,0,0,00:00:00/17-12:56:58,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-12:56:58,31) [cpuhp/3] (root,0,0,00:00:00/17-12:56:58,32) [idle_inject/3] (root,0,0,00:00:06/17-12:56:58,33) [migration/3] (root,0,0,00:01:41/17-12:56:58,34) [ksoftirqd/3] (root,0,0,00:00:00/17-12:56:58,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-12:56:58,40) [kdevtmpfs] (root,0,0,00:00:00/17-12:56:58,41) [netns] (root,0,0,00:00:00/17-12:56:58,42) [inet_frag_wq] (root,0,0,00:00:03/17-12:56:58,43) [kauditd] (root,0,0,00:00:00/17-12:56:58,44) [khungtaskd] (root,0,0,00:00:00/17-12:56:58,45) [oom_reaper] (root,0,0,00:00:00/17-12:56:58,46) [writeback] (root,0,0,00:00:55/17-12:56:58,47) [kcompactd0] (root,0,0,00:00:00/17-12:56:58,48) [ksmd] (root,0,0,00:00:56/17-12:56:58,49) [khugepaged] (root,0,0,00:00:00/17-12:56:58,75) [kintegrityd] (root,0,0,00:00:00/17-12:56:58,76) [kblockd] (root,0,0,00:00:00/17-12:56:58,77) [blkcg_punt_bio] (root,0,0,00:00:00/17-12:56:58,79) [tpm_dev_wq] (root,0,0,00:00:00/17-12:56:58,80) [edac-poller] (root,0,0,00:00:00/17-12:56:58,81) [devfreq_wq] (root,0,0,00:00:00/17-12:56:58,110) [watchdogd] (root,0,0,00:00:01/17-12:56:58,111) [kswapd0] (root,0,0,00:00:04/17-12:56:58,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/17-12:56:56,115) [kthrotld] (root,0,0,00:00:00/17-12:56:56,116) [mld] (root,0,0,00:00:00/17-12:56:56,117) [ipv6_addrconf] (root,0,0,00:00:04/17-12:56:56,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-12:56:56,123) [kstrp] (root,0,0,00:00:00/17-12:56:56,124) [zswap-shrink] (root,0,0,00:00:00/17-12:56:56,125) [kworker/u9:0] (root,0,0,00:00:00/17-12:56:56,130) [charger_manager] (root,0,0,00:00:05/17-12:56:56,172) [kworker/1:1H-kblockd] (root,0,0,00:00:08/17-12:56:56,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/17-12:56:55,239) [kaluad] (root,0,0,00:00:00/17-12:56:55,258) [kmpath_rdacd] (root,0,0,00:00:00/17-12:56:55,304) [kmpathd] (root,0,0,00:00:00/17-12:56:55,305) [kmpath_handlerd] (root,0,0,00:00:00/17-12:56:54,342) [ata_sff] (root,0,0,00:00:00/17-12:56:54,343) [scsi_eh_0] (root,0,0,00:00:00/17-12:56:54,344) [scsi_tmf_0] (root,0,0,00:00:00/17-12:56:54,345) [scsi_eh_1] (root,0,0,00:00:00/17-12:56:54,346) [scsi_tmf_1] (root,0,0,00:00:34/17-12:56:51,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-12:56:51,367) [ext4-rsv-conver] (root,38604,7616,00:00:19/17-12:56:39,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/17-12:56:38,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:27/17-12:56:36,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:06/17-12:56:05,511) /sbin/auditd (messagebus,22932,5912,00:00:31/17-12:56:04,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:18/17-12:56:04,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/17-12:56:04,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/17-12:56:02,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/17-12:56:02,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:20/17-12:55:48,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/17-12:55:48,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:51/17-12:55:48,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/17-12:55:48,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/17-12:55:48,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/17-12:55:48,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/17-12:55:48,1343) /usr/lib/systemd/systemd --user (root,448964,9120,00:00:19/17-12:55:48,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:30/17-12:55:48,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/17-12:55:48,1352) bpfilter_umh (root,26204,8212,00:00:04/17-12:55:48,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/17-12:55:48,1359) ntpd: asynchronous dns resolver (spot,315404,199900,1-03:05:12/17-12:55:47,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/17-12:55:47,1371) (sd-pam) (checkmk,48528,3192,00:00:00/17-12:55:47,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/17-12:55:47,1373) (sd-pam) (root,24216,5268,00:00:06/17-12:55:45,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/17-12:55:45,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/17-12:55:45,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/17-12:55:42,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:01/17-12:55:41,1527) sshd: syslogtunnel (root,618256,73120,00:23:58/17-12:55:39,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/16:14,1721) [kworker/3:1-events] (spot,214464,51672,00:10:02/17-12:55:27,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/11-18:31:02,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/08:04,2711) [kworker/2:1-cgroup_destroy] (root,35308,10108,00:00:00/17-12:55:02,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:57/17-12:55:02,3218) sshd: cm-ssh (root,0,0,00:00:00/15:37,3936) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/24:58,6092) [kworker/0:2-events] (root,0,0,00:00:00/14:24,9322) [kworker/0:1] (root,0,0,00:00:00/05:51,13680) [kworker/3:0-ata_sff] (root,0,0,00:00:00/33:27,15869) [kworker/1:1] (root,0,0,00:00:00/55:20,17782) [kworker/1:2-events] (root,0,0,00:00:01/03:17:32,19474) [kworker/2:0-events] (root,0,0,00:00:00/01:03:42,21562) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/01:29,26111) [kworker/2:2-events] (root,0,0,00:00:00/00:40,27757) [kworker/3:2-ata_sff] (root,0,0,00:00:00/00:37,27758) [kworker/u8:1-ext4-rsv-conversion] (postfix,24244,8224,00:00:00/42:07,29850) pickup -l -t fifo -u (root,6656,3484,00:00:00/00:00,30984) /bin/bash /usr/bin/check_mk_agent (root,6656,1820,00:00:00/00:00,31025) /bin/bash /usr/bin/check_mk_agent (root,6656,2012,00:00:00/00:00,31026) /bin/bash /usr/bin/check_mk_agent (root,4480,1060,00:00:00/00:00,31027) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,804,00:00:00/00:00,31028) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2676,1204,00:00:00/00:00,31029) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3488,00:00:00/00:00,31030) /bin/bash /usr/bin/check_mk_agent (root,6656,3472,00:00:00/00:00,31031) /bin/bash /usr/bin/check_mk_agent (root,13744,3452,00:00:00/00:00,31062) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,31063) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,6656,476,00:00:00/00:00,31066) /bin/bash /usr/bin/check_mk_agent Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-27 23:45 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f69617faFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:23/15-13:01:17,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-13:01:17,2) [kthreadd] (root,0,0,00:00:00/15-13:01:17,3) [rcu_gp] (root,0,0,00:00:00/15-13:01:17,4) [rcu_par_gp] (root,0,0,00:00:00/15-13:01:17,5) [slub_flushwq] (root,0,0,00:00:00/15-13:01:17,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-13:01:17,9) [mm_percpu_wq] (root,0,0,00:00:00/15-13:01:17,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-13:01:17,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-13:01:17,12) [rcu_tasks_trace] (root,0,0,00:00:28/15-13:01:17,13) [ksoftirqd/0] (root,0,0,00:43:35/15-13:01:17,14) [rcu_preempt] (root,0,0,00:00:05/15-13:01:17,15) [migration/0] (root,0,0,00:00:00/15-13:01:17,16) [idle_inject/0] (root,0,0,00:00:00/15-13:01:17,18) [cpuhp/0] (root,0,0,00:00:00/15-13:01:17,19) [cpuhp/1] (root,0,0,00:00:00/15-13:01:17,20) [idle_inject/1] (root,0,0,00:00:06/15-13:01:17,21) [migration/1] (root,0,0,00:00:23/15-13:01:17,22) [ksoftirqd/1] (root,0,0,00:00:00/15-13:01:17,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-13:01:17,25) [cpuhp/2] (root,0,0,00:00:00/15-13:01:17,26) [idle_inject/2] (root,0,0,00:00:04/15-13:01:17,27) [migration/2] (root,0,0,00:28:31/15-13:01:17,28) [ksoftirqd/2] (root,0,0,00:00:00/15-13:01:17,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-13:01:17,31) [cpuhp/3] (root,0,0,00:00:00/15-13:01:17,32) [idle_inject/3] (root,0,0,00:00:05/15-13:01:17,33) [migration/3] (root,0,0,00:01:24/15-13:01:17,34) [ksoftirqd/3] (root,0,0,00:00:00/15-13:01:17,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-13:01:17,40) [kdevtmpfs] (root,0,0,00:00:00/15-13:01:17,41) [netns] (root,0,0,00:00:00/15-13:01:17,42) [inet_frag_wq] (root,0,0,00:00:01/15-13:01:17,43) [kauditd] (root,0,0,00:00:00/15-13:01:17,44) [khungtaskd] (root,0,0,00:00:00/15-13:01:17,45) [oom_reaper] (root,0,0,00:00:00/15-13:01:17,46) [writeback] (root,0,0,00:00:48/15-13:01:17,47) [kcompactd0] (root,0,0,00:00:00/15-13:01:17,48) [ksmd] (root,0,0,00:00:50/15-13:01:17,49) [khugepaged] (root,0,0,00:00:00/15-13:01:17,75) [kintegrityd] (root,0,0,00:00:00/15-13:01:17,76) [kblockd] (root,0,0,00:00:00/15-13:01:17,77) [blkcg_punt_bio] (root,0,0,00:00:00/15-13:01:17,79) [tpm_dev_wq] (root,0,0,00:00:00/15-13:01:17,80) [edac-poller] (root,0,0,00:00:00/15-13:01:17,81) [devfreq_wq] (root,0,0,00:00:00/15-13:01:17,110) [watchdogd] (root,0,0,00:00:01/15-13:01:17,111) [kswapd0] (root,0,0,00:00:04/15-13:01:17,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/15-13:01:15,115) [kthrotld] (root,0,0,00:00:00/15-13:01:15,116) [mld] (root,0,0,00:00:00/15-13:01:15,117) [ipv6_addrconf] (root,0,0,00:00:04/15-13:01:15,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-13:01:15,123) [kstrp] (root,0,0,00:00:00/15-13:01:15,124) [zswap-shrink] (root,0,0,00:00:00/15-13:01:15,125) [kworker/u9:0] (root,0,0,00:00:00/15-13:01:15,130) [charger_manager] (root,0,0,00:00:04/15-13:01:15,172) [kworker/1:1H-kblockd] (root,0,0,00:00:06/15-13:01:15,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/15-13:01:14,239) [kaluad] (root,0,0,00:00:00/15-13:01:14,258) [kmpath_rdacd] (root,0,0,00:00:00/15-13:01:14,304) [kmpathd] (root,0,0,00:00:00/15-13:01:14,305) [kmpath_handlerd] (root,0,0,00:00:00/15-13:01:13,342) [ata_sff] (root,0,0,00:00:00/15-13:01:13,343) [scsi_eh_0] (root,0,0,00:00:00/15-13:01:13,344) [scsi_tmf_0] (root,0,0,00:00:00/15-13:01:13,345) [scsi_eh_1] (root,0,0,00:00:00/15-13:01:13,346) [scsi_tmf_1] (root,0,0,00:00:29/15-13:01:10,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-13:01:10,367) [ext4-rsv-conver] (root,38604,7616,00:00:14/15-13:00:58,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/15-13:00:57,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:24/15-13:00:55,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:04/15-13:00:24,511) /sbin/auditd (messagebus,22932,5912,00:00:19/15-13:00:23,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:12/15-13:00:23,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/15-13:00:23,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/15-13:00:21,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/15-13:00:21,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26432,00:00:18/15-13:00:07,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/15-13:00:07,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:38/15-13:00:07,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/15-13:00:07,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/15-13:00:07,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/15-13:00:07,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/15-13:00:07,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:14/15-13:00:07,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:12/15-13:00:07,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/15-13:00:07,1352) bpfilter_umh (root,26204,8212,00:00:03/15-13:00:07,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/15-13:00:07,1359) ntpd: asynchronous dns resolver (spot,314284,199620,22:23:38/15-13:00:06,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/15-13:00:06,1371) (sd-pam) (checkmk,48528,3192,00:00:00/15-13:00:06,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/15-13:00:06,1373) (sd-pam) (root,24216,5268,00:00:05/15-13:00:04,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/15-13:00:04,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/15-13:00:04,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/15-13:00:01,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:53/15-13:00:00,1527) sshd: syslogtunnel (root,617868,72916,00:21:04/15-12:59:58,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,213440,49872,00:08:45/15-12:59:46,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/02:18:02,2076) [kworker/2:0-events] (postfix,44628,9336,00:00:00/9-18:35:21,2557) tlsmgr -l -t unix -u (root,0,0,00:00:02/05:24:54,2845) [kworker/0:2-events] (root,35308,10108,00:00:00/15-12:59:21,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:50/15-12:59:21,3218) sshd: cm-ssh (root,0,0,00:00:00/29:21,3630) [kworker/2:1-events] (root,0,0,00:00:00/10:44,5722) [kworker/3:0-ata_sff] (root,0,0,00:00:00/00:23,8737) [kworker/3:2-ata_sff] (root,0,0,00:00:00/02:04:31,9961) [kworker/u8:2-ext4-rsv-conversion] (root,6656,3484,00:00:00/00:01,11052) /bin/bash /usr/bin/check_mk_agent (root,13744,3440,00:00:00/00:00,11070) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,11071) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:48:53,11304) [kworker/1:1-events] (root,0,0,00:00:00/52:08,15580) [kworker/1:0] (root,0,0,00:00:00/09:08:24,21313) [kworker/0:0-events] (root,0,0,00:00:00/05:33,22803) [kworker/3:1-events] (root,0,0,00:00:00/01:18:53,26431) [kworker/u8:1-writeback] (postfix,24244,8212,00:00:00/01:08:16,28252) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-25 23:50 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363530fe872Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:20/13-13:04:04,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-13:04:04,2) [kthreadd] (root,0,0,00:00:00/13-13:04:04,3) [rcu_gp] (root,0,0,00:00:00/13-13:04:04,4) [rcu_par_gp] (root,0,0,00:00:00/13-13:04:04,5) [slub_flushwq] (root,0,0,00:00:00/13-13:04:04,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-13:04:04,9) [mm_percpu_wq] (root,0,0,00:00:00/13-13:04:04,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-13:04:04,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-13:04:04,12) [rcu_tasks_trace] (root,0,0,00:00:24/13-13:04:04,13) [ksoftirqd/0] (root,0,0,00:37:18/13-13:04:04,14) [rcu_preempt] (root,0,0,00:00:05/13-13:04:04,15) [migration/0] (root,0,0,00:00:00/13-13:04:04,16) [idle_inject/0] (root,0,0,00:00:00/13-13:04:04,18) [cpuhp/0] (root,0,0,00:00:00/13-13:04:04,19) [cpuhp/1] (root,0,0,00:00:00/13-13:04:04,20) [idle_inject/1] (root,0,0,00:00:05/13-13:04:04,21) [migration/1] (root,0,0,00:00:20/13-13:04:04,22) [ksoftirqd/1] (root,0,0,00:00:00/13-13:04:04,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-13:04:04,25) [cpuhp/2] (root,0,0,00:00:00/13-13:04:04,26) [idle_inject/2] (root,0,0,00:00:03/13-13:04:04,27) [migration/2] (root,0,0,00:24:39/13-13:04:04,28) [ksoftirqd/2] (root,0,0,00:00:00/13-13:04:04,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-13:04:04,31) [cpuhp/3] (root,0,0,00:00:00/13-13:04:04,32) [idle_inject/3] (root,0,0,00:00:05/13-13:04:04,33) [migration/3] (root,0,0,00:01:11/13-13:04:04,34) [ksoftirqd/3] (root,0,0,00:00:00/13-13:04:04,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-13:04:04,40) [kdevtmpfs] (root,0,0,00:00:00/13-13:04:04,41) [netns] (root,0,0,00:00:00/13-13:04:04,42) [inet_frag_wq] (root,0,0,00:00:01/13-13:04:04,43) [kauditd] (root,0,0,00:00:00/13-13:04:04,44) [khungtaskd] (root,0,0,00:00:00/13-13:04:04,45) [oom_reaper] (root,0,0,00:00:00/13-13:04:04,46) [writeback] (root,0,0,00:00:41/13-13:04:04,47) [kcompactd0] (root,0,0,00:00:00/13-13:04:04,48) [ksmd] (root,0,0,00:00:44/13-13:04:04,49) [khugepaged] (root,0,0,00:00:00/13-13:04:04,75) [kintegrityd] (root,0,0,00:00:00/13-13:04:04,76) [kblockd] (root,0,0,00:00:00/13-13:04:04,77) [blkcg_punt_bio] (root,0,0,00:00:00/13-13:04:04,79) [tpm_dev_wq] (root,0,0,00:00:00/13-13:04:04,80) [edac-poller] (root,0,0,00:00:00/13-13:04:04,81) [devfreq_wq] (root,0,0,00:00:00/13-13:04:04,110) [watchdogd] (root,0,0,00:00:01/13-13:04:04,111) [kswapd0] (root,0,0,00:00:03/13-13:04:04,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/13-13:04:02,115) [kthrotld] (root,0,0,00:00:00/13-13:04:02,116) [mld] (root,0,0,00:00:00/13-13:04:02,117) [ipv6_addrconf] (root,0,0,00:00:03/13-13:04:02,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-13:04:02,123) [kstrp] (root,0,0,00:00:00/13-13:04:02,124) [zswap-shrink] (root,0,0,00:00:00/13-13:04:02,125) [kworker/u9:0] (root,0,0,00:00:00/13-13:04:02,130) [charger_manager] (root,0,0,00:00:04/13-13:04:02,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/13-13:04:02,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/13-13:04:01,239) [kaluad] (root,0,0,00:00:00/13-13:04:01,258) [kmpath_rdacd] (root,0,0,00:00:00/13-13:04:01,304) [kmpathd] (root,0,0,00:00:00/13-13:04:01,305) [kmpath_handlerd] (root,0,0,00:00:00/13-13:04:00,342) [ata_sff] (root,0,0,00:00:00/13-13:04:00,343) [scsi_eh_0] (root,0,0,00:00:00/13-13:04:00,344) [scsi_tmf_0] (root,0,0,00:00:00/13-13:04:00,345) [scsi_eh_1] (root,0,0,00:00:00/13-13:04:00,346) [scsi_tmf_1] (root,0,0,00:00:25/13-13:03:57,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-13:03:57,367) [ext4-rsv-conver] (root,38604,7616,00:00:12/13-13:03:45,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/13-13:03:44,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:21/13-13:03:42,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/13-13:03:11,511) /sbin/auditd (messagebus,22932,5912,00:00:16/13-13:03:10,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:10/13-13:03:10,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/13-13:03:10,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/13-13:03:08,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/13-13:03:08,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26172,00:00:15/13-13:02:54,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/13-13:02:54,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:25/13-13:02:54,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/13-13:02:54,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/13-13:02:54,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/13-13:02:54,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/13-13:02:54,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:13/13-13:02:54,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:54/13-13:02:54,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/13-13:02:54,1352) bpfilter_umh (root,26204,8212,00:00:02/13-13:02:54,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/13-13:02:54,1359) ntpd: asynchronous dns resolver (spot,305068,189636,18:43:46/13-13:02:53,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/13-13:02:53,1371) (sd-pam) (checkmk,48528,3192,00:00:00/13-13:02:53,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/13-13:02:53,1373) (sd-pam) (root,24216,5268,00:00:04/13-13:02:51,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/13-13:02:51,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/13-13:02:51,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/13-13:02:48,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:46/13-13:02:47,1527) sshd: syslogtunnel (root,617868,72668,00:18:15/13-13:02:45,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,48320,00:07:30/13-13:02:33,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/7-18:38:08,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/07:49,2894) [kworker/3:1-ata_sff] (root,35308,10108,00:00:00/13-13:02:08,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:43/13-13:02:08,3218) sshd: cm-ssh (root,0,0,00:00:00/01:45:46,5639) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/19:28,14597) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:01/02:10:19,14919) [kworker/1:0-events] (root,0,0,00:00:00/33:46,15998) [kworker/3:2-events] (root,0,0,00:00:00/02:58:57,16390) [kworker/u8:1-writeback] (root,0,0,00:00:00/01:58:10,21914) [kworker/1:1-cgroup_destroy] (root,0,0,00:00:00/42:16,22455) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/02:39,22599) [kworker/3:0-ata_sff] (postfix,24244,8228,00:00:00/01:33:00,24772) pickup -l -t fifo -u (root,0,0,00:00:01/02:47:18,25621) [kworker/2:0-events] (root,0,0,00:00:00/01:21:30,29874) [kworker/0:2-events] (root,6656,3488,00:00:00/00:00,32543) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,32584) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,32585) /bin/bash /usr/bin/check_mk_agent (root,4480,1044,00:00:00/00:00,32586) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,824,00:00:00/00:00,32587) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,700,00:00:00/00:00,32588) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3484,00:00:00/00:00,32589) /bin/bash /usr/bin/check_mk_agent (root,13744,3532,00:00:00/00:00,32607) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,32608) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-23 23:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836385af00dfFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:18/11-12:48:17,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-12:48:17,2) [kthreadd] (root,0,0,00:00:00/11-12:48:17,3) [rcu_gp] (root,0,0,00:00:00/11-12:48:17,4) [rcu_par_gp] (root,0,0,00:00:00/11-12:48:17,5) [slub_flushwq] (root,0,0,00:00:00/11-12:48:17,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-12:48:17,9) [mm_percpu_wq] (root,0,0,00:00:00/11-12:48:17,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-12:48:17,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-12:48:17,12) [rcu_tasks_trace] (root,0,0,00:00:20/11-12:48:17,13) [ksoftirqd/0] (root,0,0,00:31:42/11-12:48:17,14) [rcu_preempt] (root,0,0,00:00:04/11-12:48:17,15) [migration/0] (root,0,0,00:00:00/11-12:48:17,16) [idle_inject/0] (root,0,0,00:00:00/11-12:48:17,18) [cpuhp/0] (root,0,0,00:00:00/11-12:48:17,19) [cpuhp/1] (root,0,0,00:00:00/11-12:48:17,20) [idle_inject/1] (root,0,0,00:00:04/11-12:48:17,21) [migration/1] (root,0,0,00:00:17/11-12:48:17,22) [ksoftirqd/1] (root,0,0,00:00:00/11-12:48:17,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-12:48:17,25) [cpuhp/2] (root,0,0,00:00:00/11-12:48:17,26) [idle_inject/2] (root,0,0,00:00:03/11-12:48:17,27) [migration/2] (root,0,0,00:21:09/11-12:48:17,28) [ksoftirqd/2] (root,0,0,00:00:00/11-12:48:17,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-12:48:17,31) [cpuhp/3] (root,0,0,00:00:00/11-12:48:17,32) [idle_inject/3] (root,0,0,00:00:04/11-12:48:17,33) [migration/3] (root,0,0,00:01:00/11-12:48:17,34) [ksoftirqd/3] (root,0,0,00:00:00/11-12:48:17,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-12:48:17,40) [kdevtmpfs] (root,0,0,00:00:00/11-12:48:17,41) [netns] (root,0,0,00:00:00/11-12:48:17,42) [inet_frag_wq] (root,0,0,00:00:01/11-12:48:17,43) [kauditd] (root,0,0,00:00:00/11-12:48:17,44) [khungtaskd] (root,0,0,00:00:00/11-12:48:17,45) [oom_reaper] (root,0,0,00:00:00/11-12:48:17,46) [writeback] (root,0,0,00:00:34/11-12:48:17,47) [kcompactd0] (root,0,0,00:00:00/11-12:48:17,48) [ksmd] (root,0,0,00:00:37/11-12:48:17,49) [khugepaged] (root,0,0,00:00:00/11-12:48:17,75) [kintegrityd] (root,0,0,00:00:00/11-12:48:17,76) [kblockd] (root,0,0,00:00:00/11-12:48:17,77) [blkcg_punt_bio] (root,0,0,00:00:00/11-12:48:17,79) [tpm_dev_wq] (root,0,0,00:00:00/11-12:48:17,80) [edac-poller] (root,0,0,00:00:00/11-12:48:17,81) [devfreq_wq] (root,0,0,00:00:00/11-12:48:17,110) [watchdogd] (root,0,0,00:00:00/11-12:48:17,111) [kswapd0] (root,0,0,00:00:02/11-12:48:17,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-12:48:15,115) [kthrotld] (root,0,0,00:00:00/11-12:48:15,116) [mld] (root,0,0,00:00:00/11-12:48:15,117) [ipv6_addrconf] (root,0,0,00:00:03/11-12:48:15,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-12:48:15,123) [kstrp] (root,0,0,00:00:00/11-12:48:15,124) [zswap-shrink] (root,0,0,00:00:00/11-12:48:15,125) [kworker/u9:0] (root,0,0,00:00:00/11-12:48:15,130) [charger_manager] (root,0,0,00:00:03/11-12:48:15,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/11-12:48:15,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/11-12:48:14,239) [kaluad] (root,0,0,00:00:00/11-12:48:14,258) [kmpath_rdacd] (root,0,0,00:00:00/11-12:48:14,304) [kmpathd] (root,0,0,00:00:00/11-12:48:14,305) [kmpath_handlerd] (root,0,0,00:00:00/11-12:48:13,342) [ata_sff] (root,0,0,00:00:00/11-12:48:13,343) [scsi_eh_0] (root,0,0,00:00:00/11-12:48:13,344) [scsi_tmf_0] (root,0,0,00:00:00/11-12:48:13,345) [scsi_eh_1] (root,0,0,00:00:00/11-12:48:13,346) [scsi_tmf_1] (root,0,0,00:00:21/11-12:48:10,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-12:48:10,367) [ext4-rsv-conver] (root,38604,7616,00:00:10/11-12:47:58,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/11-12:47:57,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:17/11-12:47:55,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/11-12:47:24,511) /sbin/auditd (messagebus,22932,5912,00:00:14/11-12:47:23,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8380,00:00:08/11-12:47:23,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/11-12:47:23,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/11-12:47:21,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/11-12:47:21,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25104,00:00:13/11-12:47:07,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/11-12:47:07,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:12/11-12:47:07,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/11-12:47:07,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/11-12:47:07,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/11-12:47:07,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/11-12:47:07,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:11/11-12:47:07,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:38/11-12:47:07,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/11-12:47:07,1352) bpfilter_umh (root,26204,8212,00:00:02/11-12:47:07,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/11-12:47:07,1359) ntpd: asynchronous dns resolver (spot,292364,178952,15:31:31/11-12:47:06,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/11-12:47:06,1371) (sd-pam) (checkmk,48528,3192,00:00:00/11-12:47:06,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/11-12:47:06,1373) (sd-pam) (root,24216,5268,00:00:03/11-12:47:04,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/11-12:47:04,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/11-12:47:04,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/11-12:47:01,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:39/11-12:47:00,1527) sshd: syslogtunnel (root,617612,70248,00:15:31/11-12:46:58,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,211392,47288,00:06:18/11-12:46:46,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/5-18:22:21,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/11-12:46:21,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:36/11-12:46:21,3218) sshd: cm-ssh (root,6656,3484,00:00:00/00:00,4708) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,4726) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,4727) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/41:29,5235) [kworker/2:2-events] (root,0,0,00:00:00/07:39,6963) [kworker/3:2-ata_sff] (root,0,0,00:00:03/22:56:50,7785) [kworker/2:1-events] (postfix,24244,8224,00:00:00/01:38:08,13066) pickup -l -t fifo -u (root,0,0,00:00:00/20:56,14236) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/05:45:24,19628) [kworker/0:1-events] (root,0,0,00:00:00/05:20:57,20763) [kworker/1:0-events] (root,0,0,00:00:00/02:27,23666) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:06:28,24598) [kworker/u8:1-writeback] (root,0,0,00:00:01/04:20:40,28099) [kworker/1:2-events] (root,0,0,00:00:00/54:20,28318) [kworker/3:1-events] (root,0,0,00:00:01/03:56:31,29792) [kworker/0:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-21 23:37 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e2a8bcb5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:15/9-09:53:06,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-09:53:06,2) [kthreadd] (root,0,0,00:00:00/9-09:53:06,3) [rcu_gp] (root,0,0,00:00:00/9-09:53:06,4) [rcu_par_gp] (root,0,0,00:00:00/9-09:53:06,5) [slub_flushwq] (root,0,0,00:00:00/9-09:53:06,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-09:53:06,9) [mm_percpu_wq] (root,0,0,00:00:00/9-09:53:06,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-09:53:06,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-09:53:06,12) [rcu_tasks_trace] (root,0,0,00:00:16/9-09:53:06,13) [ksoftirqd/0] (root,0,0,00:25:32/9-09:53:06,14) [rcu_preempt] (root,0,0,00:00:03/9-09:53:06,15) [migration/0] (root,0,0,00:00:00/9-09:53:06,16) [idle_inject/0] (root,0,0,00:00:00/9-09:53:06,18) [cpuhp/0] (root,0,0,00:00:00/9-09:53:06,19) [cpuhp/1] (root,0,0,00:00:00/9-09:53:06,20) [idle_inject/1] (root,0,0,00:00:03/9-09:53:06,21) [migration/1] (root,0,0,00:00:13/9-09:53:06,22) [ksoftirqd/1] (root,0,0,00:00:00/9-09:53:06,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-09:53:06,25) [cpuhp/2] (root,0,0,00:00:00/9-09:53:06,26) [idle_inject/2] (root,0,0,00:00:02/9-09:53:06,27) [migration/2] (root,0,0,00:17:07/9-09:53:06,28) [ksoftirqd/2] (root,0,0,00:00:00/9-09:53:06,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-09:53:06,31) [cpuhp/3] (root,0,0,00:00:00/9-09:53:06,32) [idle_inject/3] (root,0,0,00:00:03/9-09:53:06,33) [migration/3] (root,0,0,00:00:48/9-09:53:06,34) [ksoftirqd/3] (root,0,0,00:00:00/9-09:53:06,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-09:53:06,40) [kdevtmpfs] (root,0,0,00:00:00/9-09:53:06,41) [netns] (root,0,0,00:00:00/9-09:53:06,42) [inet_frag_wq] (root,0,0,00:00:01/9-09:53:06,43) [kauditd] (root,0,0,00:00:00/9-09:53:06,44) [khungtaskd] (root,0,0,00:00:00/9-09:53:06,45) [oom_reaper] (root,0,0,00:00:00/9-09:53:06,46) [writeback] (root,0,0,00:00:28/9-09:53:06,47) [kcompactd0] (root,0,0,00:00:00/9-09:53:06,48) [ksmd] (root,0,0,00:00:31/9-09:53:06,49) [khugepaged] (root,0,0,00:00:00/9-09:53:06,75) [kintegrityd] (root,0,0,00:00:00/9-09:53:06,76) [kblockd] (root,0,0,00:00:00/9-09:53:06,77) [blkcg_punt_bio] (root,0,0,00:00:00/9-09:53:06,79) [tpm_dev_wq] (root,0,0,00:00:00/9-09:53:06,80) [edac-poller] (root,0,0,00:00:00/9-09:53:06,81) [devfreq_wq] (root,0,0,00:00:00/9-09:53:06,110) [watchdogd] (root,0,0,00:00:00/9-09:53:06,111) [kswapd0] (root,0,0,00:00:02/9-09:53:06,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-09:53:04,115) [kthrotld] (root,0,0,00:00:00/9-09:53:04,116) [mld] (root,0,0,00:00:00/9-09:53:04,117) [ipv6_addrconf] (root,0,0,00:00:02/9-09:53:04,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-09:53:04,123) [kstrp] (root,0,0,00:00:00/9-09:53:04,124) [zswap-shrink] (root,0,0,00:00:00/9-09:53:04,125) [kworker/u9:0] (root,0,0,00:00:00/9-09:53:04,130) [charger_manager] (root,0,0,00:00:02/9-09:53:04,172) [kworker/1:1H-kblockd] (root,0,0,00:00:04/9-09:53:04,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/9-09:53:03,239) [kaluad] (root,0,0,00:00:00/9-09:53:03,258) [kmpath_rdacd] (root,0,0,00:00:00/9-09:53:03,304) [kmpathd] (root,0,0,00:00:00/9-09:53:03,305) [kmpath_handlerd] (root,0,0,00:00:00/9-09:53:02,342) [ata_sff] (root,0,0,00:00:00/9-09:53:02,343) [scsi_eh_0] (root,0,0,00:00:00/9-09:53:02,344) [scsi_tmf_0] (root,0,0,00:00:00/9-09:53:02,345) [scsi_eh_1] (root,0,0,00:00:00/9-09:53:02,346) [scsi_tmf_1] (root,0,0,00:00:17/9-09:52:59,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-09:52:59,367) [ext4-rsv-conver] (root,38604,7616,00:00:08/9-09:52:47,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/9-09:52:46,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:14/9-09:52:44,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/9-09:52:13,511) /sbin/auditd (messagebus,22932,5912,00:00:11/9-09:52:12,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8368,00:00:07/9-09:52:12,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/9-09:52:12,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/9-09:52:10,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/9-09:52:10,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,24840,00:00:10/9-09:51:56,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/9-09:51:56,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:00/9-09:51:56,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/9-09:51:56,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/9-09:51:56,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/9-09:51:56,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/9-09:51:56,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:09/9-09:51:56,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:19/9-09:51:56,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/9-09:51:56,1352) bpfilter_umh (root,26204,8212,00:00:01/9-09:51:56,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/9-09:51:56,1359) ntpd: asynchronous dns resolver (spot,293440,180060,12:10:55/9-09:51:55,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/9-09:51:55,1371) (sd-pam) (checkmk,48528,3192,00:00:00/9-09:51:55,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/9-09:51:55,1373) (sd-pam) (root,24216,5268,00:00:03/9-09:51:53,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/9-09:51:53,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/9-09:51:53,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/9-09:51:50,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:31/9-09:51:49,1527) sshd: syslogtunnel (root,617356,69948,00:12:36/9-09:51:47,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,45712,00:05:04/9-09:51:35,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/3-15:27:10,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/9-09:51:10,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:30/9-09:51:10,3218) sshd: cm-ssh (root,0,0,00:00:00/04:46:56,8172) [kworker/2:2-events] (root,0,0,00:00:00/23:54,10860) [kworker/3:1-events] (root,0,0,00:00:00/45:40,11212) [kworker/2:0-events] (root,0,0,00:00:00/03:11:19,14431) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/02:11:16,14915) [kworker/u8:2-writeback] (root,0,0,00:00:00/21:22,15432) [kworker/0:2-events] (root,0,0,00:00:00/01:57:43,15893) [kworker/0:0-events] (root,0,0,00:00:00/03:10,17032) [kworker/3:0-ata_sff] (postfix,24244,8200,00:00:00/44:48,19776) pickup -l -t fifo -u (root,0,0,00:00:00/57:37,22079) [kworker/1:1] (root,6656,3480,00:00:00/00:00,26183) /bin/bash /usr/bin/check_mk_agent (root,13744,3364,00:00:00/00:00,26201) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,26202) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/05:11:10,26887) [kworker/1:2-events] (root,0,0,00:00:00/08:20,27010) [kworker/3:2-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-19 20:41 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836361708701Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:12/7-10:58:07,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-10:58:07,2) [kthreadd] (root,0,0,00:00:00/7-10:58:07,3) [rcu_gp] (root,0,0,00:00:00/7-10:58:07,4) [rcu_par_gp] (root,0,0,00:00:00/7-10:58:07,5) [slub_flushwq] (root,0,0,00:00:00/7-10:58:07,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-10:58:07,9) [mm_percpu_wq] (root,0,0,00:00:00/7-10:58:07,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-10:58:07,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-10:58:07,12) [rcu_tasks_trace] (root,0,0,00:00:12/7-10:58:07,13) [ksoftirqd/0] (root,0,0,00:19:48/7-10:58:07,14) [rcu_preempt] (root,0,0,00:00:02/7-10:58:07,15) [migration/0] (root,0,0,00:00:00/7-10:58:07,16) [idle_inject/0] (root,0,0,00:00:00/7-10:58:07,18) [cpuhp/0] (root,0,0,00:00:00/7-10:58:07,19) [cpuhp/1] (root,0,0,00:00:00/7-10:58:07,20) [idle_inject/1] (root,0,0,00:00:03/7-10:58:07,21) [migration/1] (root,0,0,00:00:10/7-10:58:07,22) [ksoftirqd/1] (root,0,0,00:00:00/7-10:58:07,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-10:58:07,25) [cpuhp/2] (root,0,0,00:00:00/7-10:58:07,26) [idle_inject/2] (root,0,0,00:00:02/7-10:58:07,27) [migration/2] (root,0,0,00:12:59/7-10:58:07,28) [ksoftirqd/2] (root,0,0,00:00:00/7-10:58:07,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-10:58:07,31) [cpuhp/3] (root,0,0,00:00:00/7-10:58:07,32) [idle_inject/3] (root,0,0,00:00:02/7-10:58:07,33) [migration/3] (root,0,0,00:00:36/7-10:58:07,34) [ksoftirqd/3] (root,0,0,00:00:00/7-10:58:07,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-10:58:07,40) [kdevtmpfs] (root,0,0,00:00:00/7-10:58:07,41) [netns] (root,0,0,00:00:00/7-10:58:07,42) [inet_frag_wq] (root,0,0,00:00:00/7-10:58:07,43) [kauditd] (root,0,0,00:00:00/7-10:58:07,44) [khungtaskd] (root,0,0,00:00:00/7-10:58:07,45) [oom_reaper] (root,0,0,00:00:00/7-10:58:07,46) [writeback] (root,0,0,00:00:21/7-10:58:07,47) [kcompactd0] (root,0,0,00:00:00/7-10:58:07,48) [ksmd] (root,0,0,00:00:24/7-10:58:07,49) [khugepaged] (root,0,0,00:00:00/7-10:58:07,75) [kintegrityd] (root,0,0,00:00:00/7-10:58:07,76) [kblockd] (root,0,0,00:00:00/7-10:58:07,77) [blkcg_punt_bio] (root,0,0,00:00:00/7-10:58:07,79) [tpm_dev_wq] (root,0,0,00:00:00/7-10:58:07,80) [edac-poller] (root,0,0,00:00:00/7-10:58:07,81) [devfreq_wq] (root,0,0,00:00:00/7-10:58:07,110) [watchdogd] (root,0,0,00:00:00/7-10:58:07,111) [kswapd0] (root,0,0,00:00:01/7-10:58:07,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-10:58:05,115) [kthrotld] (root,0,0,00:00:00/7-10:58:05,116) [mld] (root,0,0,00:00:00/7-10:58:05,117) [ipv6_addrconf] (root,0,0,00:00:01/7-10:58:05,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-10:58:05,123) [kstrp] (root,0,0,00:00:00/7-10:58:05,124) [zswap-shrink] (root,0,0,00:00:00/7-10:58:05,125) [kworker/u9:0] (root,0,0,00:00:00/7-10:58:05,130) [charger_manager] (root,0,0,00:00:02/7-10:58:05,172) [kworker/1:1H-kblockd] (root,0,0,00:00:03/7-10:58:05,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/7-10:58:04,239) [kaluad] (root,0,0,00:00:00/7-10:58:04,258) [kmpath_rdacd] (root,0,0,00:00:00/7-10:58:04,304) [kmpathd] (root,0,0,00:00:00/7-10:58:04,305) [kmpath_handlerd] (root,0,0,00:00:00/7-10:58:03,342) [ata_sff] (root,0,0,00:00:00/7-10:58:03,343) [scsi_eh_0] (root,0,0,00:00:00/7-10:58:03,344) [scsi_tmf_0] (root,0,0,00:00:00/7-10:58:03,345) [scsi_eh_1] (root,0,0,00:00:00/7-10:58:03,346) [scsi_tmf_1] (root,0,0,00:00:13/7-10:58:00,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-10:58:00,367) [ext4-rsv-conver] (root,38604,7616,00:00:07/7-10:57:48,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/7-10:57:47,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:11/7-10:57:45,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/7-10:57:14,511) /sbin/auditd (messagebus,22932,5912,00:00:09/7-10:57:13,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:05/7-10:57:13,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/7-10:57:13,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/7-10:57:11,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/7-10:57:11,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/05:25,1011) [kworker/3:0-ata_sff] (root,547592,23800,00:00:08/7-10:56:57,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/7-10:56:57,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:45/7-10:56:57,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/7-10:56:57,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/7-10:56:57,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/7-10:56:57,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/7-10:56:57,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:07/7-10:56:57,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:01/7-10:56:57,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/7-10:56:57,1352) bpfilter_umh (root,26204,8212,00:00:01/7-10:56:57,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/7-10:56:57,1359) ntpd: asynchronous dns resolver (spot,290444,176800,09:06:45/7-10:56:56,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/7-10:56:56,1371) (sd-pam) (checkmk,48528,3192,00:00:00/7-10:56:56,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/7-10:56:56,1373) (sd-pam) (root,24216,5268,00:00:02/7-10:56:54,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/7-10:56:54,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/7-10:56:54,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/7-10:56:51,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:25/7-10:56:50,1527) sshd: syslogtunnel (root,617356,69808,00:09:53/7-10:56:48,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,44424,00:03:52/7-10:56:36,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/1-16:32:11,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/7-10:56:11,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:23/7-10:56:11,3218) sshd: cm-ssh (root,0,0,00:00:01/07:43:20,6969) [kworker/0:2-events] (root,0,0,00:00:00/02:46:16,8452) [kworker/1:2-events] (root,0,0,00:00:00/27:55,12808) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/06:03:58,14219) [kworker/0:1] (root,0,0,00:00:00/46:54,14666) [kworker/3:1-events] (root,0,0,00:00:00/34:59,17990) [kworker/2:0-events] (root,0,0,00:00:01/05:08:18,18376) [kworker/2:2-events] (root,0,0,00:00:00/00:13,22475) [kworker/3:2-ata_sff] (root,6656,3476,00:00:00/00:00,24427) /bin/bash /usr/bin/check_mk_agent (root,13744,3364,00:00:00/00:00,24445) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,24446) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/16:17,25953) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/01:40:34,26083) [kworker/1:1] (postfix,24244,8296,00:00:00/31:49,29149) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-17 21:46 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363831d7685Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:09/5-12:42:05,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-12:42:05,2) [kthreadd] (root,0,0,00:00:00/5-12:42:05,3) [rcu_gp] (root,0,0,00:00:00/5-12:42:05,4) [rcu_par_gp] (root,0,0,00:00:00/5-12:42:05,5) [slub_flushwq] (root,0,0,00:00:00/5-12:42:05,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-12:42:05,9) [mm_percpu_wq] (root,0,0,00:00:00/5-12:42:05,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-12:42:05,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-12:42:05,12) [rcu_tasks_trace] (root,0,0,00:00:09/5-12:42:05,13) [ksoftirqd/0] (root,0,0,00:14:16/5-12:42:05,14) [rcu_preempt] (root,0,0,00:00:02/5-12:42:05,15) [migration/0] (root,0,0,00:00:00/5-12:42:05,16) [idle_inject/0] (root,0,0,00:00:00/5-12:42:05,18) [cpuhp/0] (root,0,0,00:00:00/5-12:42:05,19) [cpuhp/1] (root,0,0,00:00:00/5-12:42:05,20) [idle_inject/1] (root,0,0,00:00:02/5-12:42:05,21) [migration/1] (root,0,0,00:00:07/5-12:42:05,22) [ksoftirqd/1] (root,0,0,00:00:00/5-12:42:05,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-12:42:05,25) [cpuhp/2] (root,0,0,00:00:00/5-12:42:05,26) [idle_inject/2] (root,0,0,00:00:01/5-12:42:05,27) [migration/2] (root,0,0,00:09:21/5-12:42:05,28) [ksoftirqd/2] (root,0,0,00:00:00/5-12:42:05,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-12:42:05,31) [cpuhp/3] (root,0,0,00:00:00/5-12:42:05,32) [idle_inject/3] (root,0,0,00:00:02/5-12:42:05,33) [migration/3] (root,0,0,00:00:26/5-12:42:05,34) [ksoftirqd/3] (root,0,0,00:00:00/5-12:42:05,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-12:42:05,40) [kdevtmpfs] (root,0,0,00:00:00/5-12:42:05,41) [netns] (root,0,0,00:00:00/5-12:42:05,42) [inet_frag_wq] (root,0,0,00:00:00/5-12:42:05,43) [kauditd] (root,0,0,00:00:00/5-12:42:05,44) [khungtaskd] (root,0,0,00:00:00/5-12:42:05,45) [oom_reaper] (root,0,0,00:00:00/5-12:42:05,46) [writeback] (root,0,0,00:00:15/5-12:42:05,47) [kcompactd0] (root,0,0,00:00:00/5-12:42:05,48) [ksmd] (root,0,0,00:00:16/5-12:42:05,49) [khugepaged] (root,0,0,00:00:00/5-12:42:05,75) [kintegrityd] (root,0,0,00:00:00/5-12:42:05,76) [kblockd] (root,0,0,00:00:00/5-12:42:05,77) [blkcg_punt_bio] (root,0,0,00:00:00/5-12:42:05,79) [tpm_dev_wq] (root,0,0,00:00:00/5-12:42:05,80) [edac-poller] (root,0,0,00:00:00/5-12:42:05,81) [devfreq_wq] (root,0,0,00:00:00/5-12:42:05,110) [watchdogd] (root,0,0,00:00:00/5-12:42:05,111) [kswapd0] (root,0,0,00:00:01/5-12:42:05,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-12:42:03,115) [kthrotld] (root,0,0,00:00:00/5-12:42:03,116) [mld] (root,0,0,00:00:00/5-12:42:03,117) [ipv6_addrconf] (root,0,0,00:00:01/5-12:42:03,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-12:42:03,123) [kstrp] (root,0,0,00:00:00/5-12:42:03,124) [zswap-shrink] (root,0,0,00:00:00/5-12:42:03,125) [kworker/u9:0] (root,0,0,00:00:00/5-12:42:03,130) [charger_manager] (root,0,0,00:00:01/5-12:42:03,172) [kworker/1:1H-kblockd] (root,0,0,00:00:02/5-12:42:03,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/5-12:42:02,239) [kaluad] (root,0,0,00:00:00/5-12:42:02,258) [kmpath_rdacd] (root,0,0,00:00:00/5-12:42:02,304) [kmpathd] (root,0,0,00:00:00/5-12:42:02,305) [kmpath_handlerd] (root,0,0,00:00:00/5-12:42:01,342) [ata_sff] (root,0,0,00:00:00/5-12:42:01,343) [scsi_eh_0] (root,0,0,00:00:00/5-12:42:01,344) [scsi_tmf_0] (root,0,0,00:00:00/5-12:42:01,345) [scsi_eh_1] (root,0,0,00:00:00/5-12:42:01,346) [scsi_tmf_1] (root,0,0,00:00:09/5-12:41:58,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-12:41:58,367) [ext4-rsv-conver] (root,38604,7616,00:00:05/5-12:41:46,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/5-12:41:45,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:08/5-12:41:43,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/5-12:41:12,511) /sbin/auditd (messagebus,22932,5912,00:00:07/5-12:41:11,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:04/5-12:41:11,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/5-12:41:11,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/5-12:41:09,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/5-12:41:09,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,23628,00:00:06/5-12:40:55,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/5-12:40:55,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:34/5-12:40:55,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/5-12:40:55,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/5-12:40:55,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/5-12:40:55,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/5-12:40:55,1343) /usr/lib/systemd/systemd --user (root,448964,8616,00:00:06/5-12:40:55,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:44/5-12:40:55,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/5-12:40:55,1352) bpfilter_umh (root,26204,8212,00:00:01/5-12:40:55,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/5-12:40:55,1359) ntpd: asynchronous dns resolver (spot,212348,174672,06:18:16/5-12:40:54,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/5-12:40:54,1371) (sd-pam) (checkmk,48528,3192,00:00:00/5-12:40:54,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/5-12:40:54,1373) (sd-pam) (root,24216,5268,00:00:01/5-12:40:52,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/5-12:40:52,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/5-12:40:52,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/5-12:40:49,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:18/5-12:40:48,1527) sshd: syslogtunnel (root,617100,71512,00:07:12/5-12:40:46,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,43152,00:02:46/5-12:40:34,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/5-12:40:09,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:17/5-12:40:09,3218) sshd: cm-ssh (root,0,0,00:00:00/04:48,4053) [kworker/3:2-ata_sff] (root,0,0,00:00:00/13:50,4408) [kworker/2:0-events] (root,0,0,00:00:00/02:49,12469) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/46:48,12853) [kworker/1:0-events] (postfix,24244,8228,00:00:00/56:38,15243) pickup -l -t fifo -u (root,0,0,00:00:00/10:01,16813) [kworker/3:1-ata_sff] (root,0,0,00:00:00/02:15:32,18842) [kworker/0:0-events] (root,0,0,00:00:00/01:17:27,19687) [kworker/3:0-events] (root,0,0,00:00:01/05:00:41,20908) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/35:45,24590) [kworker/0:2-events] (root,6656,3476,00:00:00/00:00,24754) /bin/bash /usr/bin/check_mk_agent (root,0,0,00:00:00/08:04,24763) [kworker/u8:1-flush-253:0] (root,13744,3420,00:00:00/00:00,24773) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,24774) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/03:43:30,25521) [kworker/1:2-events] (root,0,0,00:00:00/09:35:18,28908) [kworker/u8:2-events_unbound] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-15 23:30 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683637efb7345Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:07/3-11:48:11,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-11:48:11,2) [kthreadd] (root,0,0,00:00:00/3-11:48:11,3) [rcu_gp] (root,0,0,00:00:00/3-11:48:11,4) [rcu_par_gp] (root,0,0,00:00:00/3-11:48:11,5) [slub_flushwq] (root,0,0,00:00:00/3-11:48:11,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-11:48:11,9) [mm_percpu_wq] (root,0,0,00:00:00/3-11:48:11,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-11:48:11,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-11:48:11,12) [rcu_tasks_trace] (root,0,0,00:00:05/3-11:48:11,13) [ksoftirqd/0] (root,0,0,00:08:56/3-11:48:11,14) [rcu_preempt] (root,0,0,00:00:01/3-11:48:11,15) [migration/0] (root,0,0,00:00:00/3-11:48:11,16) [idle_inject/0] (root,0,0,00:00:00/3-11:48:11,18) [cpuhp/0] (root,0,0,00:00:00/3-11:48:11,19) [cpuhp/1] (root,0,0,00:00:00/3-11:48:11,20) [idle_inject/1] (root,0,0,00:00:01/3-11:48:11,21) [migration/1] (root,0,0,00:00:05/3-11:48:11,22) [ksoftirqd/1] (root,0,0,00:00:00/3-11:48:11,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-11:48:11,25) [cpuhp/2] (root,0,0,00:00:00/3-11:48:11,26) [idle_inject/2] (root,0,0,00:00:01/3-11:48:11,27) [migration/2] (root,0,0,00:06:01/3-11:48:11,28) [ksoftirqd/2] (root,0,0,00:00:00/3-11:48:11,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-11:48:11,31) [cpuhp/3] (root,0,0,00:00:00/3-11:48:11,32) [idle_inject/3] (root,0,0,00:00:01/3-11:48:11,33) [migration/3] (root,0,0,00:00:16/3-11:48:11,34) [ksoftirqd/3] (root,0,0,00:00:00/3-11:48:11,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-11:48:11,40) [kdevtmpfs] (root,0,0,00:00:00/3-11:48:11,41) [netns] (root,0,0,00:00:00/3-11:48:11,42) [inet_frag_wq] (root,0,0,00:00:00/3-11:48:11,43) [kauditd] (root,0,0,00:00:00/3-11:48:11,44) [khungtaskd] (root,0,0,00:00:00/3-11:48:11,45) [oom_reaper] (root,0,0,00:00:00/3-11:48:11,46) [writeback] (root,0,0,00:00:09/3-11:48:11,47) [kcompactd0] (root,0,0,00:00:00/3-11:48:11,48) [ksmd] (root,0,0,00:00:10/3-11:48:11,49) [khugepaged] (root,0,0,00:00:00/3-11:48:11,75) [kintegrityd] (root,0,0,00:00:00/3-11:48:11,76) [kblockd] (root,0,0,00:00:00/3-11:48:11,77) [blkcg_punt_bio] (root,0,0,00:00:00/3-11:48:11,79) [tpm_dev_wq] (root,0,0,00:00:00/3-11:48:11,80) [edac-poller] (root,0,0,00:00:00/3-11:48:11,81) [devfreq_wq] (root,0,0,00:00:00/3-11:48:11,110) [watchdogd] (root,0,0,00:00:00/3-11:48:11,111) [kswapd0] (root,0,0,00:00:00/3-11:48:11,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-11:48:09,115) [kthrotld] (root,0,0,00:00:00/3-11:48:09,116) [mld] (root,0,0,00:00:00/3-11:48:09,117) [ipv6_addrconf] (root,0,0,00:00:00/3-11:48:09,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-11:48:09,123) [kstrp] (root,0,0,00:00:00/3-11:48:09,124) [zswap-shrink] (root,0,0,00:00:00/3-11:48:09,125) [kworker/u9:0] (root,0,0,00:00:00/3-11:48:09,130) [charger_manager] (root,0,0,00:00:00/3-11:48:09,172) [kworker/1:1H-kblockd] (root,0,0,00:00:01/3-11:48:09,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-11:48:08,239) [kaluad] (root,0,0,00:00:00/3-11:48:08,258) [kmpath_rdacd] (root,0,0,00:00:00/3-11:48:08,304) [kmpathd] (root,0,0,00:00:00/3-11:48:08,305) [kmpath_handlerd] (root,0,0,00:00:00/3-11:48:07,342) [ata_sff] (root,0,0,00:00:00/3-11:48:07,343) [scsi_eh_0] (root,0,0,00:00:00/3-11:48:07,344) [scsi_tmf_0] (root,0,0,00:00:00/3-11:48:07,345) [scsi_eh_1] (root,0,0,00:00:00/3-11:48:07,346) [scsi_tmf_1] (root,0,0,00:00:05/3-11:48:04,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-11:48:04,367) [ext4-rsv-conver] (root,38604,7616,00:00:03/3-11:47:52,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/3-11:47:51,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:05/3-11:47:49,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/3-11:47:18,511) /sbin/auditd (messagebus,22932,5912,00:00:04/3-11:47:17,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8356,00:00:02/3-11:47:17,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/3-11:47:17,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/3-11:47:15,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/3-11:47:15,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22784,00:00:04/3-11:47:01,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/3-11:47:01,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/35:47,1333) [kworker/0:1-events] (root,21172,4536,00:00:21/3-11:47:01,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/3-11:47:01,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/3-11:47:01,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/3-11:47:01,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/3-11:47:01,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:04/3-11:47:01,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:27/3-11:47:01,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/3-11:47:01,1352) bpfilter_umh (root,26204,8212,00:00:00/3-11:47:01,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/3-11:47:01,1359) ntpd: asynchronous dns resolver (spot,206108,169228,04:01:36/3-11:47:00,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/3-11:47:00,1371) (sd-pam) (checkmk,48528,3192,00:00:00/3-11:47:00,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/3-11:47:00,1373) (sd-pam) (root,24216,5268,00:00:01/3-11:46:58,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/3-11:46:58,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/3-11:46:58,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/3-11:46:55,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:11/3-11:46:54,1527) sshd: syslogtunnel (root,615564,67936,00:04:34/3-11:46:52,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41868,00:01:48/3-11:46:40,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/10:13,2262) [kworker/3:1-ata_sff] (root,0,0,00:00:01/07:14:52,2276) [kworker/1:2-events] (root,0,0,00:00:00/25:47,2497) [kworker/3:2-events] (root,35308,10108,00:00:00/3-11:46:15,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:10/3-11:46:15,3218) sshd: cm-ssh (root,0,0,00:00:00/55:07,4067) [kworker/1:1] (root,0,0,00:00:01/06:58:49,5266) [kworker/2:1-events] (postfix,24244,8260,00:00:00/24:40,6052) pickup -l -t fifo -u (root,0,0,00:00:00/21:46,13330) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/03:07:30,13615) [kworker/2:2] (root,6656,3476,00:00:00/00:00,16311) /bin/bash /usr/bin/check_mk_agent (root,13744,3524,00:00:00/00:00,16329) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,16330) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/05:01,25985) [kworker/3:0-ata_sff] (root,0,0,00:00:00/11:14,27113) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/11:03,28172) [kworker/0:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-13 22:36 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b982c0f8Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:04/1-12:18:39,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-12:18:39,2) [kthreadd] (root,0,0,00:00:00/1-12:18:39,3) [rcu_gp] (root,0,0,00:00:00/1-12:18:39,4) [rcu_par_gp] (root,0,0,00:00:00/1-12:18:39,5) [slub_flushwq] (root,0,0,00:00:00/1-12:18:39,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-12:18:39,9) [mm_percpu_wq] (root,0,0,00:00:00/1-12:18:39,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-12:18:39,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-12:18:39,12) [rcu_tasks_trace] (root,0,0,00:00:02/1-12:18:39,13) [ksoftirqd/0] (root,0,0,00:04:00/1-12:18:39,14) [rcu_preempt] (root,0,0,00:00:00/1-12:18:39,15) [migration/0] (root,0,0,00:00:00/1-12:18:39,16) [idle_inject/0] (root,0,0,00:00:00/1-12:18:39,18) [cpuhp/0] (root,0,0,00:00:00/1-12:18:39,19) [cpuhp/1] (root,0,0,00:00:00/1-12:18:39,20) [idle_inject/1] (root,0,0,00:00:00/1-12:18:39,21) [migration/1] (root,0,0,00:00:02/1-12:18:39,22) [ksoftirqd/1] (root,0,0,00:00:00/1-12:18:39,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-12:18:39,25) [cpuhp/2] (root,0,0,00:00:00/1-12:18:39,26) [idle_inject/2] (root,0,0,00:00:00/1-12:18:39,27) [migration/2] (root,0,0,00:02:34/1-12:18:39,28) [ksoftirqd/2] (root,0,0,00:00:00/1-12:18:39,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-12:18:39,31) [cpuhp/3] (root,0,0,00:00:00/1-12:18:39,32) [idle_inject/3] (root,0,0,00:00:00/1-12:18:39,33) [migration/3] (root,0,0,00:00:08/1-12:18:39,34) [ksoftirqd/3] (root,0,0,00:00:00/1-12:18:39,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-12:18:39,40) [kdevtmpfs] (root,0,0,00:00:00/1-12:18:39,41) [netns] (root,0,0,00:00:00/1-12:18:39,42) [inet_frag_wq] (root,0,0,00:00:00/1-12:18:39,43) [kauditd] (root,0,0,00:00:00/1-12:18:39,44) [khungtaskd] (root,0,0,00:00:00/1-12:18:39,45) [oom_reaper] (root,0,0,00:00:00/1-12:18:39,46) [writeback] (root,0,0,00:00:04/1-12:18:39,47) [kcompactd0] (root,0,0,00:00:00/1-12:18:39,48) [ksmd] (root,0,0,00:00:04/1-12:18:39,49) [khugepaged] (root,0,0,00:00:00/1-12:18:39,75) [kintegrityd] (root,0,0,00:00:00/1-12:18:39,76) [kblockd] (root,0,0,00:00:00/1-12:18:39,77) [blkcg_punt_bio] (root,0,0,00:00:00/1-12:18:39,79) [tpm_dev_wq] (root,0,0,00:00:00/1-12:18:39,80) [edac-poller] (root,0,0,00:00:00/1-12:18:39,81) [devfreq_wq] (root,0,0,00:00:00/1-12:18:39,110) [watchdogd] (root,0,0,00:00:00/1-12:18:39,111) [kswapd0] (root,0,0,00:00:00/1-12:18:39,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-12:18:37,115) [kthrotld] (root,0,0,00:00:00/1-12:18:37,116) [mld] (root,0,0,00:00:00/1-12:18:37,117) [ipv6_addrconf] (root,0,0,00:00:00/1-12:18:37,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-12:18:37,123) [kstrp] (root,0,0,00:00:00/1-12:18:37,124) [zswap-shrink] (root,0,0,00:00:00/1-12:18:37,125) [kworker/u9:0] (root,0,0,00:00:00/1-12:18:37,130) [charger_manager] (root,0,0,00:00:00/1-12:18:37,172) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-12:18:37,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-12:18:36,239) [kaluad] (root,0,0,00:00:00/1-12:18:36,258) [kmpath_rdacd] (root,0,0,00:00:00/1-12:18:36,304) [kmpathd] (root,0,0,00:00:00/1-12:18:36,305) [kmpath_handlerd] (root,0,0,00:00:00/1-12:18:35,342) [ata_sff] (root,0,0,00:00:00/1-12:18:35,343) [scsi_eh_0] (root,0,0,00:00:00/1-12:18:35,344) [scsi_tmf_0] (root,0,0,00:00:00/1-12:18:35,345) [scsi_eh_1] (root,0,0,00:00:00/1-12:18:35,346) [scsi_tmf_1] (root,0,0,00:00:02/1-12:18:32,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-12:18:32,367) [ext4-rsv-conver] (root,38604,7616,00:00:01/1-12:18:20,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/1-12:18:19,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:02/1-12:18:17,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/1-12:17:46,511) /sbin/auditd (messagebus,22932,5912,00:00:02/1-12:17:45,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:01/1-12:17:45,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/1-12:17:45,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/1-12:17:43,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/1-12:17:43,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22256,00:00:01/1-12:17:29,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/1-12:17:29,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:09/1-12:17:29,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/1-12:17:29,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/1-12:17:29,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/1-12:17:29,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/1-12:17:29,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:02/1-12:17:29,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:12/1-12:17:29,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/1-12:17:29,1352) bpfilter_umh (root,26204,8212,00:00:00/1-12:17:29,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/1-12:17:29,1359) ntpd: asynchronous dns resolver (spot,204716,167860,01:59:58/1-12:17:28,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/1-12:17:28,1371) (sd-pam) (checkmk,48528,3192,00:00:00/1-12:17:28,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/1-12:17:28,1373) (sd-pam) (root,24216,5268,00:00:00/1-12:17:26,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/1-12:17:26,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/1-12:17:26,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/1-12:17:23,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:05/1-12:17:22,1527) sshd: syslogtunnel (root,615564,69636,00:02:03/1-12:17:20,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/11:49,1585) [kworker/u8:0-writeback] (spot,206272,41348,00:00:50/1-12:17:08,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/1-12:16:43,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:04/1-12:16:43,3218) sshd: cm-ssh (root,0,0,00:00:00/09:03,8331) [kworker/3:1-ata_sff] (root,0,0,00:00:00/29:47,10989) [kworker/3:2-events] (postfix,24244,8224,00:00:00/01:17:04,12603) pickup -l -t fifo -u (root,0,0,00:00:00/28:01,17596) [kworker/0:0-events] (root,0,0,00:00:00/03:51,21640) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:27:18,22963) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/01:45:09,24470) [kworker/2:1-events] (root,0,0,00:00:06/06:18:01,25188) [kworker/1:2-events] (root,0,0,00:00:00/04:28:50,25538) [kworker/1:1] (root,0,0,00:00:00/02:17:59,25963) [kworker/2:0-events] (root,6656,3480,00:00:00/00:00,27267) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,27285) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,27286) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/03:34:30,31079) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-11 23:07 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a5961992Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,41988,12392,00:00:02/04:08:47,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/04:08:47,2) [kthreadd] (root,0,0,00:00:00/04:08:47,3) [rcu_gp] (root,0,0,00:00:00/04:08:47,4) [rcu_par_gp] (root,0,0,00:00:00/04:08:47,5) [slub_flushwq] (root,0,0,00:00:00/04:08:47,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/04:08:47,9) [mm_percpu_wq] (root,0,0,00:00:00/04:08:47,10) [rcu_tasks_kthre] (root,0,0,00:00:00/04:08:47,11) [rcu_tasks_rude_] (root,0,0,00:00:00/04:08:47,12) [rcu_tasks_trace] (root,0,0,00:00:00/04:08:47,13) [ksoftirqd/0] (root,0,0,00:00:31/04:08:47,14) [rcu_preempt] (root,0,0,00:00:00/04:08:47,15) [migration/0] (root,0,0,00:00:00/04:08:47,16) [idle_inject/0] (root,0,0,00:00:00/04:08:47,18) [cpuhp/0] (root,0,0,00:00:00/04:08:47,19) [cpuhp/1] (root,0,0,00:00:00/04:08:47,20) [idle_inject/1] (root,0,0,00:00:00/04:08:47,21) [migration/1] (root,0,0,00:00:00/04:08:47,22) [ksoftirqd/1] (root,0,0,00:00:00/04:08:47,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/04:08:47,25) [cpuhp/2] (root,0,0,00:00:00/04:08:47,26) [idle_inject/2] (root,0,0,00:00:00/04:08:47,27) [migration/2] (root,0,0,00:00:15/04:08:47,28) [ksoftirqd/2] (root,0,0,00:00:00/04:08:47,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/04:08:47,31) [cpuhp/3] (root,0,0,00:00:00/04:08:47,32) [idle_inject/3] (root,0,0,00:00:00/04:08:47,33) [migration/3] (root,0,0,00:00:01/04:08:47,34) [ksoftirqd/3] (root,0,0,00:00:00/04:08:47,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/04:08:47,40) [kdevtmpfs] (root,0,0,00:00:00/04:08:47,41) [netns] (root,0,0,00:00:00/04:08:47,42) [inet_frag_wq] (root,0,0,00:00:00/04:08:47,43) [kauditd] (root,0,0,00:00:00/04:08:47,44) [khungtaskd] (root,0,0,00:00:00/04:08:47,45) [oom_reaper] (root,0,0,00:00:00/04:08:47,46) [writeback] (root,0,0,00:00:00/04:08:47,47) [kcompactd0] (root,0,0,00:00:00/04:08:47,48) [ksmd] (root,0,0,00:00:00/04:08:47,49) [khugepaged] (root,0,0,00:00:00/04:08:47,75) [kintegrityd] (root,0,0,00:00:00/04:08:47,76) [kblockd] (root,0,0,00:00:00/04:08:47,77) [blkcg_punt_bio] (root,0,0,00:00:00/04:08:47,79) [tpm_dev_wq] (root,0,0,00:00:00/04:08:47,80) [edac-poller] (root,0,0,00:00:00/04:08:47,81) [devfreq_wq] (root,0,0,00:00:00/04:08:47,110) [watchdogd] (root,0,0,00:00:00/04:08:47,111) [kswapd0] (root,0,0,00:00:00/04:08:47,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/04:08:45,115) [kthrotld] (root,0,0,00:00:00/04:08:45,116) [mld] (root,0,0,00:00:00/04:08:45,117) [ipv6_addrconf] (root,0,0,00:00:00/04:08:45,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/04:08:45,123) [kstrp] (root,0,0,00:00:00/04:08:45,124) [zswap-shrink] (root,0,0,00:00:00/04:08:45,125) [kworker/u9:0] (root,0,0,00:00:00/04:08:45,130) [charger_manager] (root,0,0,00:00:00/04:08:45,172) [kworker/1:1H-kblockd] (root,0,0,00:00:00/04:08:45,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/04:08:44,239) [kaluad] (root,0,0,00:00:00/04:08:44,258) [kmpath_rdacd] (root,0,0,00:00:00/04:08:44,304) [kmpathd] (root,0,0,00:00:00/04:08:44,305) [kmpath_handlerd] (root,0,0,00:00:00/04:08:43,342) [ata_sff] (root,0,0,00:00:00/04:08:43,343) [scsi_eh_0] (root,0,0,00:00:00/04:08:43,344) [scsi_tmf_0] (root,0,0,00:00:00/04:08:43,345) [scsi_eh_1] (root,0,0,00:00:00/04:08:43,346) [scsi_tmf_1] (root,0,0,00:00:00/04:08:40,366) [jbd2/vda1-8] (root,0,0,00:00:00/04:08:40,367) [ext4-rsv-conver] (root,38604,7616,00:00:00/04:08:28,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/04:08:27,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:00/04:08:25,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/04:07:54,511) /sbin/auditd (messagebus,22932,5904,00:00:00/04:07:53,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8288,00:00:00/04:07:53,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/04:07:53,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/04:07:51,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/04:07:51,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,21736,00:00:00/04:07:37,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/04:07:37,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:00/04:07:37,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/04:07:37,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/04:07:37,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/04:07:37,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/04:07:37,1343) /usr/lib/systemd/systemd --user (root,448724,7512,00:00:00/04:07:37,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:01/04:07:37,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/04:07:37,1352) bpfilter_umh (root,26204,8212,00:00:00/04:07:37,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/04:07:37,1359) ntpd: asynchronous dns resolver (spot,184348,144664,00:29:47/04:07:36,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/04:07:36,1371) (sd-pam) (checkmk,48528,3192,00:00:00/04:07:36,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/04:07:36,1373) (sd-pam) (root,24216,5204,00:00:00/04:07:34,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/04:07:34,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/04:07:34,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/04:07:31,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:00/04:07:30,1527) sshd: syslogtunnel (root,549772,69320,00:00:17/04:07:28,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41040,00:00:14/04:07:16,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/04:06:51,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:00/04:06:51,3218) sshd: cm-ssh (root,0,0,00:00:00/01:47:12,3984) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/01:34:47,7023) [kworker/2:2-events] (root,0,0,00:00:00/01:24:13,9477) [kworker/0:2-events] (root,0,0,00:00:00/01:17:28,11162) [kworker/u8:0-writeback] (root,0,0,00:00:01/01:13:57,11941) [kworker/1:2-events] (root,0,0,00:00:00/01:03:13,13467) [kworker/0:0-cgroup_destroy] (postfix,24244,8192,00:00:00/48:27,15869) pickup -l -t fifo -u (root,0,0,00:00:00/42:22,17250) [kworker/2:1-events] (root,0,0,00:00:00/19:35,23887) [kworker/3:2-events] (root,0,0,00:00:00/02:53:14,24481) [kworker/1:0] (root,0,0,00:00:00/09:12,26909) [kworker/3:0-ata_sff] (root,0,0,00:00:00/04:02,28868) [kworker/3:1-ata_sff] (root,0,0,00:00:00/00:28,30613) [kworker/0:1-events] (root,6656,3484,00:00:00/00:00,30893) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,30911) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,30912) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-10 14:57
Domain summary
No record